OS10 Enterprise Edition User Guide Release 10.4.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2018 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Getting Started............................................................................................................................................ 20 Download OS10 image and license................................................................................................................................. 21 Installation......................................................................................................................................................................
delete...........................................................................................................................................................................50 description (alias).......................................................................................................................................................50 dir............................................................................................................................................................
Add port member....................................................................................................................................................... 78 Minimum links............................................................................................................................................................. 79 Assign Port Channel IP Address...............................................................................................................................
show interface.......................................................................................................................................................... 108 show inventory media.............................................................................................................................................. 109 show link-bundle-utilization......................................................................................................................................
show fc switch..........................................................................................................................................................135 show fc zone.............................................................................................................................................................135 show fc zoneset.......................................................................................................................................................
Packet timer values.................................................................................................................................................. 173 Disable and re-enable LLDP ................................................................................................................................... 174 Disable and re-enable LLDP on management ports.............................................................................................175 Advertise TLVs......................
Create or remove VLANs........................................................................................................................................239 Access mode............................................................................................................................................................ 240 Trunk mode................................................................................................................................................................
Route reflector clusters...........................................................................................................................................278 Aggregate routes......................................................................................................................................................279 Confederations.........................................................................................................................................................
OTM commands...................................................................................................................................................... 402 Policy-based routing......................................................................................................................................................405 Policy-based route-maps........................................................................................................................................
Source IP address.................................................................................................................................................... 446 Authentication.......................................................................................................................................................... 447 NTP commands.......................................................................................................................................................
Clear access-list counters............................................................................................................................................ 494 IP prefix-lists...................................................................................................................................................................494 Route-maps.....................................................................................................................................................
mac access-list......................................................................................................................................................... 517 permit......................................................................................................................................................................... 517 permit (IPv6)..................................................................................................................................................
match extcommunity...............................................................................................................................................547 match interface........................................................................................................................................................548 match ip address......................................................................................................................................................
class........................................................................................................................................................................... 576 class-map..................................................................................................................................................................576 clear interface priority-flow-control.......................................................................................................................
show qos control-plane...........................................................................................................................................596 show qos egress bufffers interface....................................................................................................................... 597 show egress buffer-stats interface........................................................................................................................
vlt-port-channel....................................................................................................................................................... 626 vlt-mac...................................................................................................................................................................... 627 vrrp mode active-active..........................................................................................................................................
Test network connectivity...................................................................................................................................... 673 View diagnostics...................................................................................................................................................... 675 Diagnostic commands.............................................................................................................................................
1 Getting Started Dell EMC Networking OS10 Enterprise Edition is a network operating system supporting multiple architectures and environments. The networking world is moving from a monolithic stack to a pick-your-own-world. The OS10 solution is designed to allow disaggregation of the network functionality.
Download OS10 image and license OS10 Enterprise Edition may come factory-loaded and is available for download from the Dell Digital Locker (DDL). A factory-loaded OS10 image has a perpetual license installed. An OS10 image that you download has a 120-day trial license and requires a perpetual license to run beyond the trial period. See the Quick Start Guide shipped with your device and My Account FAQs for more information.
After you download the OS10 Enterprise Edition image, unzip the .tar file by following these guidelines: • Extract the OIS10 binary file from the .tar file using any file archiver/compressor software. For example, to unzip a .tar file on a Linux server or from the ONIE prompt, enter: tar -xf tar_filename • On a Windows server, some Windows unzip applications insert extra carriage returns (CR) or line feeds (LF) when they extract the contents of a .tar file.
• Rescue — Boots to the ONIE prompt and allows for manual installation of an OS10 image or updating ONIE. • Uninstall OS — Deletes the contents of all disk partitions, including the OS10 configuration, except ONIE and diagnostics. • Update ONIE — Installs a new ONIE version. • Embed ONIE — Formats an empty disk and installs ONIE. • Diag ONIE — Runs the system diagnostics.
You can manually install the OS10 software image using USB media. Verify that the USB storage device supports a FAT or EXT2 file system. For instructions on how to format a USB device in FAT or EXT2 format, see the accompanying Windows documentation for FAT formatting or Linux documentation for FAT or EXT2 formatting. 1 Plug the USB storage device into the USB storage port on the device. 2 Power up the system to automatically boot with the ONIE: Rescue option.
After you install OS10 and log in, install the license to run the OS10 Enterprise Edition beyond the trial license period. See Download OS10 image and license for complete information. The OS10 license is installed in the /mnt/license directory. 1 Download the License.zip file from DDL as described in Download OS10 image and license. 2 Open the zip file and locate the license file in the Dell folder. Copy the license file to a local or remote workstation.
Remote access You can remotely access the OS10 command-line interface (CLI) and the Linux shell. When you install OS10 the first time, connect to the switch using the serial port. Configure remote access • Configure the Management port IP address • Configure a default route to the Management port • Configure a user name and password Remote access OS10 CLI 1 Open an SSH session using the IP address of the device. You can also use PuTTY or a similar tool to access the device remotely.
management route 192.168.200.0/24 managementethernet ip route 192.168.200.0/24 interface ethernet 1/1/1 Before configuring the static IPv4 address for management interface port, remove the dynamic DHCP setting using the no ip address dhcp command. Configure a management route to the network from which you access the system in CONFIGURATION mode. Repeat the command to configure multiple routes for the Management interface.
Create user name and enter password in clear text OS10(config)# username user05 password alpha404! role sysadmin Upgrade OS10 To upgrade OS10, download a new OS10 Enterprise Edition image from the DDL. 1 Sign into DDL using your account credentials. 2 Locate the entry for your entitlement ID and order number, then select the product name. 3 Select the Available Downloads tab on the Product page. 4 Select the OS10 Enterprise Edition image to download, then click Download.
CLI command modes The OS10 CLI has two top-level modes: • EXEC mode — Used to monitor, troubleshoot, check status, and network connectivity. • CONFIGURATION mode — Used to configure network devices. When you enter CONFIGURATION mode, you are changing the current operating configuration, called the running configuration. By default, all configuration changes are automatically saved to the running configuration. You can change this default behavior by switching to the transaction-based configuration mode.
CONFIGURATION Mode When you initially log in to OS10, you are automatically placed in EXEC mode by default. To access CONFIGURATION mode, enter the configure terminal command. Use CONFIGURATION mode to manage interfaces, protocols, and features. Interface mode is a sub-mode of CONFIGURATION mode.
lock move no ping ping6 reload show start support-assist-activity system terminal traceroute unlock validate write Lock candidate configuration Perform a file move/rename operation on local filesystem No commands under exec mode ping -h shows help ping6 -h shows help Reboot Dell EMC Networking Operating System Show running system information Activate transaction based configuration Support Assist related activity System command Set terminal settings traceroute --help shows help Unlock candidate configurati
username vlt-domain vrrp wred Create or modify users VLT domain configurations Configure VRRP global attributes Configure WRED profile Check device status Use show commands to check the status of a device and monitor activities. • Enter show ? from EXEC mode to view a list of commands to monitor a device.
• • • • track Show object tracking information uptime Show the system uptime users Show the current list of users logged into the system , and show the session id version Show the software version on the system vlan Vlan status and configuration vlt Show VLT domain info vrrp VRRP group status Enter show command-history from EXEC mode to view trace messages for each executed command.
3 up NORMAL 1 2 13085 13063 up up Candidate configuration When you enter OS10 configuration commands in the transaction-based configuration mode, changes do not take effect immediately and are stored in the candidate configuration. The configuration changes become active on the network device only after you commit the changes with the commit command. Changes in the candidate configuration are validated and applied to the running configuration.
interface breakout 1/1/12 map 40g-1x interface breakout 1/1/13 map 40g-1x interface breakout 1/1/14 map 40g-1x interface breakout 1/1/15 map 40g-1x interface breakout 1/1/16 map 40g-1x interface breakout 1/1/17 map 40g-1x interface breakout 1/1/18 map 40g-1x interface breakout 1/1/19 map 40g-1x interface breakout 1/1/20 map 40g-1x interface breakout 1/1/21 map 40g-1x interface breakout 1/1/22 map 40g-1x interface breakout 1/1/23 map 40g-1x interface breakout 1/1/24 map 40g-1x interface breakout 1/1/25 map 4
interface breakout 1/1/18 map 40g-1x interface breakout 1/1/19 map 40g-1x interface breakout 1/1/20 map 40g-1x interface breakout 1/1/21 map 40g-1x interface breakout 1/1/22 map 40g-1x interface breakout 1/1/23 map 40g-1x interface breakout 1/1/24 map 40g-1x interface breakout 1/1/25 map 40g-1x interface breakout 1/1/26 map 40g-1x interface breakout 1/1/27 map 40g-1x interface breakout 1/1/28 map 40g-1x interface breakout 1/1/29 map 40g-1x interface breakout 1/1/30 map 40g-1x interface breakout 1/1/31 map 4
Change to transaction-based configuration To change to transaction-based configuration mode for a session, enter the start transaction command 1 Change to transaction-based configuration in EXEC mode. start transaction 2 Enable, for example, an interface from INTERFACE mode. interface ethernet 1/1/1/ no shutdown 3 Save the configuration. do commit NOTE: After you enter the do commit command, the current session switches back to the default behavior of committing all configuration changes automatically.
Restore startup configuration The startup configuration file is named startup.xml and is stored in the config system folder. To create a backup version, copy the startup configuration to a remote server or the local config: or home: directories. To restore a backup configuration, copy a local or remote file to the startup configuration and reload the switch. After downloading a backup configuration, you must reload the system, otherwise the switch remains unresponsive until you reboot.
Filter show commands You can filter show command output to view specific information, or start the command output at the first instance of a regular expression or phrase. display-xml Displays in XML format.
Eth 1/1/1 up 40G A 1 Eth 1/1/2 up 40G A 1 Eth 1/1/3 up 40G A 1 Eth 1/1/4 up 40G A 1 Eth 1/1/5 up 40G A 1 Eth 1/1/6 up 40G A 1 Eth 1/1/7 up 40G A 1 Eth 1/1/8 up 40G A 1 Eth 1/1/9 up 40G A 1 Eth 1/1/10 up 40G A 1 Eth 1/1/11 up 40G A 1 Eth 1/1/12 up 40G A 1 Eth 1/1/13 up 40G A 1 Eth 1/1/14 up 40G A 1 Eth 1/1/15 up 40G A 1 Eth 1/1/16 up 40G A 1 Eth 1/1/17 up 40G A 1 Eth 1/1/18 up 40G A 1 Eth 1/1/19 up 40G A 1 Eth 1/1/20 up 40G A 1 Eth 1/1/21 up 40G A 1 Eth 1/1/22 up 40G A 1 Eth 1/1/23 up 40G A 1 Eth 1/1/24 up 4
View alias information in detail (displays the entire alias value) OS10# show alias detail Name Type ------govlt Config goint Config shconfig Local showint Local shver Local Value ----"vlt-domain $1" "interface ethernet $1" "show running-configuration" "show interface $*" "show version" Number of config aliases : 2 Number of local aliases : 3 Delete alias OS10# no alias showint OS10(config)# no alias goint Multi-line alias You can create multi-line alias where you can save a series of multiple commands i
View alias output for mTest with different values OS10(config)# mTest ethernet 1/1/10 OS10(config)# interface ethernet 1/1/10 OS10(conf-if-eth1/1/10)# no shutdown OS10(conf-if-eth1/1/10)# show configuration ! interface ethernet1/1/10 no shutdown switchport access vlan 1 Modify existing multi-line alias OS10(config)# alias mTest OS10(config-alias-mTest)# line 4 "exit" View the commands saved in the multi-line alias OS10(config-alias-mTest)# show configuration ! alias mTest description InterfaceDetails defaul
Delete alias OS10(config)# no alias mTest Batch mode commands You can create a batch file to simplify routine or repetitive tasks. A batch file is an unformatted text file that contains two or more commands and has a .cmd file name extension. You can use vi or any other editor to create the .cmd file, then use the batch command to execute the file. To execute a series of commands in a file in batch mode (non-interactive processing), use the batch command.
Up Time: 1 week 4 days 08:07:44 • User admin logged out at session 10 admin@OS10:/opt/dell/os10/bin$ Use the -B option along with a batch file to execute a series of commands. configure terminal router bgp 100 neighbor 100.1.1.1 remote-as 104 no shutdown Execute the batch file. admin@OS10:/opt/dell/os10/bin$ clish -B ~/batch_cfg.txt New user admin logged in at session 15 Verify the BGP configuration executed by the batch file.
– no untagged • Port-channel Interface mode: – channel-member – no channel-member • • Enable the feature to configure commands in an OS9 environment in CONFIGURATION mode. OS10(config)# feature config-os9-style OS10(config)# exit OS10# show running-configuration compressed interface breakout 1/1/28 map 10g-4x feature config-os9-style Once this feature is enabled, you cannot use the OS10 format of commands in the new session.
Eth 1/1/8 up 40G A 1 Eth 1/1/9 up 40G A 1 Eth 1/1/10 up 40G A 1 Eth 1/1/11 up 40G A 1 Eth 1/1/12 up 40G A 1 Eth 1/1/13 up 40G A 1 Eth 1/1/14 up 40G A 1 Eth 1/1/15 up 40G A 1 Eth 1/1/16 up 40G A 1 Eth 1/1/17 up 40G A 1 Eth 1/1/18 up 40G A 1 Eth 1/1/19 up 40G A 1 Eth 1/1/20 up 40G A 1 Eth 1/1/21 up 40G A 1 Eth 1/1/22 up 40G A 1 Eth 1/1/23 up 40G A 1 Eth 1/1/24 up 40G A 1 Eth 1/1/25 up 40G A 1 Eth 1/1/26 up 40G A 1 Eth 1/1/27 up 40G A 1 Eth 1/1/28 up 40G A 1 Eth 1/1/29 up 40G A 1 Eth 1/1/30 up 40G A 1 Eth 1/1/
batch Executes a series of commands in a file in batch (non-interactive) processing. Syntax batch filename Parameters filename — Enter the name of a batch command file. Default Not configured Command Mode EXEC Usage Information Use this command to create a batch command file on a remote machine. Copy the command file to your switch (for example, to your home directory). Enter the batch command to execute commands in the file in batch mode.
Default Not configured Command Mode EXEC Usage Information Use this command to save changes to the running configuration. Use the do commit command to save changes in CONFIGURATION mode. Example OS10# commit Example (configuration) OS10(config)# do commit Supported Releases 10.2.0E or later configure Enters CONFIGURATION mode from EXEC mode. Syntax configure {terminal} Parameters terminal — Enters CONFIGURATION mode from EXEC mode.
Command Mode EXEC Usage Information Use this command to save running configuration to the startup configuration, transfer coredump files to a remote location, back up the startup configuration, retrieve a previously backed-up configuration, replace the startup configuration file, or transfer support bundles. Example OS10# dir coredump Directory contents for Date (modified) --------------------2017-02-15T19:05:41Z 2017-02-15_19-05-09.
Usage Information To use special characters in the input parameter value, enclose the string in double quotes. The no version of this command removes the default value. Example OS10(config)# alias mTest OS10(config-alias-mTest)# default 1 "ethernet 1/1/1" Supported Releases 10.4.0E(R1) or later delete Removes or deletes the startup configuration file.
• The no version of this command removes the description. Example OS10(config)# alias mTest OS10(config-alias-mTest)# description "This alias configures interfaces" Supported Releases 10.4.0E(R1) or later dir Displays files stored in available directories. Syntax Parameters dir [config | coredump | home | image | supportbundle | usb] • config — (Optional) Folder containing configuration files. • coredump — (Optional) Folder containing coredump files.
Example OS10# discard Supported Releases 10.2.0E or later do Executes most commands from all CONFIGURATION modes without returning to EXEC mode. Syntax do command Parameters command — Enter an EXEC-level command. Default Not configured Command Mode INTERFACE Usage Information None Example OS10(config)# interface ethernet 1/1/7 OS10(conf-if-eth1/1/7)# no shutdown OS10(conf-if-eth1/1/7)# do show running-configuration ... ! interface ethernet1/1/7 no shutdown ! ... Supported Releases 10.2.
exit Returns to the next higher command mode. Syntax exit Parameters None Default Not configured Command Mode All Usage Information None Example OS10(conf-if-eth1/1/1)# exit OS10(config)# Supported Releases 10.2.0E or later license Installs a license file from a local or remote location. Syntax Parameters license install [ftp: | http: | localfs: | scp: | sftp: | tftp: | usb:] filepath • ftp: — (Optional) Install from remote file system (ftp://userid:passwd@hostip/filepath).
line (alias) Configures the commands to be executed in a multi-line alias. Syntax line nn command Parameters • nn — Enter the line number (1 to 99). The commands are executed in the order of the line numbers. • command — Enter the command to be executed enclosed in double quotes. Default Not configured Command Mode ALIAS Usage Information The no version of this command removes the line number and the corresponding command from the multi-line alias.
• forwarding-router-address — Enter the next-hop IPv4/IPv6 address of a forwarding router (gateway) for network traffic from the management port. • managementethernet — Configure the Management port as the interface for the route; forces the route to be associated with the management interface. Default Not configured Command Mode CONFIGURATION Usage Information Management routes are separate from IP routes and are only used to manage the system through the management port.
Parameters • alias — Remove an alias definition. • debug — Disable debugging. • support-assist-activity — SupportAssist-related activity. • terminal — Reset terminal settings. Default Not configured Command Mode EXEC Usage Information Use this command in EXEC mode to disable or remove configuration. Use the no ? in CONFIGURATION mode to view available commands. Example OS10# no notifications Supported Releases 10.2.
mTest Config shconfig Local showint Local shver Local Number of config aliases : 3 Number of local aliases : 3 Example (brief — displays the first 10 characters of the alias value)) OS10# show alias brief Name Type ------govlt Config goint Config mTest Config shconfig showint shver Local Local Local Value ----"vlt-domain..." "interface ..." line 1 "interface ..." line 2 "no shutdow..." line 3 "show confi..." default 1 "ethernet" default 2 "1/1/1" "show runni..." "show inter..." "show versi...
-------------------------------------------------------------------Node-id 1 Flash Boot [A] 10.2.9999E [B] 10.2.9999E [A] active OS10# show boot detail Current system image information detail: ========================================== Type: Node-id 1 Boot Type: Flash Boot Active Partition: A Active SW Version: 10.2.9999E Active SW Build Version: 10.2.9999E(3633) Active Kernel Version: Linux 3.16.36 Active Build Date/Time: 2017-01-25T06:36:22Z Standby Partition: B Standby SW Version: 10.2.
• route-map — (Optional) Current candidate route-map configuration. • sflow — (Optional) Current candidate sFlow configuration. • snmp — (Optional) Current candidate SNMP configuration. • spanning-tree — (Optional) Current candidate spanning-tree configuration. • support-assist — (Optional) Current candidate support-assist configuration. • system-qos — (Optional) Current candidate system-qos configuration. • trust-map — (Optional) Current candidate trust-map configuration.
interface vlan 1 no shutdown ! interface mgmt1/1/1 ip address 10.11.58.145/8 no shutdown ipv6 enable ipv6 address autoconfig ! support-assist ! policy-map type application policy-iscsi ! class-map type application class-iscsi ! class-map type qos class-trust Supported Releases 10.2.0E or later show environment Displays information about environmental system components, such as temperature, fan, and voltage.
Default Not configured Command Mode EXEC Usage Information None Example OS10# show inventory Product : S4048ON Description : S4048-ON 48x10GbE, 6x40GbE QSFP+ Interface Module Software version : 10.3.
• summary — (Optional) Display the number of active and non-active management routes and their remote destinations. • static — (Optional) Display non-active management routes. Default Not configured Command Mode EXEC Usage Information Use this command to view the IPv6 static routes configured for the management port. Use the management route command to configure an IPv4 or IPv6 management route.
show running-configuration Displays the configuration currently running on the device.
Example OS10# show running-configuration ! Version 10.2.9999E ! Last configuration change at Apr 11 01:25:02 2017 ! username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/ VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH. aaa authentication local snmp-server contact http://www.dell.com/support snmp-server location "United States" logging monitor disable ip route 0.0.0.0/0 10.11.58.
Supported Releases 10.2.0E or later show startup-configuration Displays the contents of the startup configuration file. Syntax show startup-configuration [compressed] Parameters compressed — (Optional) View a compressed version of the startup configuration file. Default Not configured Command Mode EXEC Usage Information None Example OS10# show startup-configuration username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/ VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH.
ipv6 address autoconfig ! support-assist ! policy-map type application policy-iscsi ! class-map type application class-iscsi ! class-map type qos class-trust Supported Releases 10.2.0E or later show system Displays system information. Syntax show system [brief | node-id] Parameters • brief — View abbreviated list of system information. • node-id — Node ID number.
Example (node-id) 2 up REVERSE 1 2 13020 12977 up up 3 up NORMAL 1 2 13085 13063 up up OS10# show system node-id 1 fanout-configured Interface Breakout capable Breakout state ----------------------------------------------------Eth 1/1/1 Yes BREAKOUT_1x1 Eth 1/1/2 Yes BREAKOUT_1x1 Eth 1/1/3 Yes BREAKOUT_1x1 Eth 1/1/4 Yes BREAKOUT_1x1 Eth 1/1/5 Yes BREAKOUT_1x1 Eth 1/1/6 Yes BREAKOUT_1x1 Eth 1/1/7 Yes BREAKOUT_1x1 Eth 1/1/8 Yes BREAKOUT_1x1 Eth 1/1/9 Yes BREAKOUT_1x1 Eth 1/1/10 Yes BREAKOUT_1x1 E
Supported Releases 2 up REVERSE 1 2 12956 12977 up up 3 up NORMAL 1 2 12956 13063 up up 10.2.0E or later show version Displays software version information. Syntax show version Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show version Dell EMC Networking OS10 Enterprise Copyright (c) 1999-2018 by Dell Inc. All Rights Reserved. OS Version: 10.4.0E(R3) Build Version: 10.4.0E(R3.
Parameters command — Enter the Linux command to execute. Default Not configured Command Mode EXEC Usage Information None Example OS10# system bash admin@OS10:~$ pwd /config/home/admin admin@OS10:~$ exit OS10# Supported Releases 10.2.0E or later system identifier Sets a non-default unit ID in a non-stacking configuration.
traceroute Displays the routes that packets take to travel to an IP address. Syntax traceroute [vrf management] host [-46dFITnreAUDV] [-f first_ttl] [-g gate,...] [-i device] [-m max_ttl] [-N squeries] [-p port] [-t tos] [-l flow_label] [-w waittime] [-q nqueries] [-s src_addr] [-z sendwait] [--fwmark=num] host [packetlen] Parameters • vrf management— (Optional) Traces the route to an IP address in the management VRF instance. • host — Enter the host to trace packets from.
4 Host65.hbms.com (63.80.56.65) 3.583 ms 3.776 ms 3.757 ms 5 host33.30.198.65 (65.198.30.33) 3.758 ms 4.286 ms 4.221 ms 6 3.GigabitEthernet3-3.GW3.SCL2.ALTER.NET (152.179.99.173) 4.428 ms 2.593 ms 3.243 ms 7 0.xe-7-0-1.XL3.SJC7.ALTER.NET (152.63.48.254) 3.915 ms 3.603 ms 3.790 ms 8 TenGigE0-4-0-5.GW6.SJC7.ALTER.NET (152.63.49.254) 11.781 ms 10.600 ms 9.402 ms 9 23.73.112.54 (23.73.112.54) 3.606 ms 3.542 ms 3.
2 Interfaces You can configure and monitor physical interfaces (Ethernet), port-channels, and VLANs in L2 or L3 modes. Table 1.
By default, a trunk interface carries only untagged traffic on the access VLAN — you must manually configure other VLANs for tagged traffic. 1 2 Select one of the two available options: • Configure L2 trunking in INTERFACE mode and the tagged VLAN traffic that the port can transmit. By default, a trunk port is not added to any tagged VLAN. You must create a VLAN before you can assign the interface to it.
Figure 1. S4148U-ON unified port groups To enable a Fibre Channel interface: 1 Configure a unified port group in CONFIGURATION mode. Enter 1/1 for node/slot. The port-group range depends on the switch. port-group node/slot/port-group 2 Activate the unified port group for FC operation in PORT-GROUP mode. The available FC modes depend on the switch. mode fc {32g-2x | 32g-1x | 16g-4x | 16g-2x |8g-4x} • 8g-4x — Split a unified port group into four 8 GFC interfaces.
Pluggable media present, QSFP-PLUS type is QSFPPLUS_4X16_16GBASE_FC_SW Wavelength is 850 Receive power reading is 0.
Configure VLAN OS10(config)# interface vlan 10 OS10(conf-if-vl-10)# ip address 1.1.1.2/24 You cannot simultaneously use egress rate shaping and ingress rate policing on the same VLAN. User-configured default VLAN By default, VLAN 1 serves as the default VLAN for switching untagged L2 traffic on OS10 ports in trunk or access mode. The default VLAN is used for untagged protocol traffic sent and received between switches, such as spanning-tree protocols.
Loopback interfaces A loopback interface is a virtual interface in which the software emulates an interface. Because a loopback interface is not associated to physical hardware entities, the loopback interface status is not affected by hardware status changes. Packets routed to a loopback interface are processed locally to the OS10 device. Because this interface is not a physical interface, you can configure routing protocols on this interface to provide protocol stability.
Create port-channel You can create up to 128 port-channels, with up to 16 port members per group. Configure a port-channel similarly to a physical interface — you can enable or configure protocols, or assign access control lists (ACLs) to a port channel. After you enable the port-channel, you can place it in L2 or L3 mode. To place the port-channel in L2 mode or configure an IP address to place the port-channel in L3 mode, use the switchport command. 1 Create a port-channel in CONFIGURATION mode.
LACP enables ports to be dynamically bundled as members of a port-channel. To configure a port for LACP operation, use the channelgroup mode command. Active and passive modes allow LACP to negotiate between ports to determine if they can form a port -channel based on their configuration settings.
Load balance traffic You can use hashing to load balance traffic across the member interfaces of a port-channel. Load balancing uses source and destination packet information to distribute traffic over multiple interfaces when transferring data to a destination. For packets without an L3 header, OS10 automatically uses the load-balancing mac—selection destination-mac command for hash algorithms by default.
You can use interface ranges for: • Ethernet physical interfaces • Port channels • VLAN interfaces Bulk configuration excludes any non-existing interfaces in an interface range from the configuration. You can configure a default VLAN only if the interface range being configured consists of only VLAN ports. The interface range command allows you to create an interface range allowing other commands to be applied to that range of interfaces.
3 Reload the switch in EXEC mode. reload The switch reboots with the new port configuration and resets the system defaults, except for the switch-port profile and these configured settings: • Management interface 1/1/1 configuration • Management IPv4/IPv6 static routes • System hostname • Unified Forwarding Table (UFT) mode • ECMP maximum paths You must manually reconfigure other settings on a switch after you apply a new port profile and reload the switch.
1GE mode: 1GE is supported only on SFP+ ports; 1GE is not supported on QSFP+ and QSFP28 ports 25-26. Breakout interfaces: Use the interface breakout command in Configuration mode to configure 4x10G, 4x25G, and 2x50G breakout interfaces. S4148U-ON port profiles S4148U-ON port profiles determine the available front-panel unified and Ethernet ports and supported breakout interfaces. In the port profile illustration, blue boxes indicate the supported Ethernet port modes and breakout interfaces.
*profile-1 and profile-2 activate the same port mode capability on unified and Ethernet ports. The difference is that in profile-1, by default SFP+ unified ports 1-24 come up in Fibre Channel mode with 2x16GFC breakouts per port group. In profile-2, by default SFP+ unified ports 1-24 come up in Ethernet 10GE mode. profile-1 allows you to connect FC devices for plug-and-play; profile-2 is designed for a standard Ethernet-based data network.
Figure 2. S4148U-ON unified port groups To enable Ethernet interfaces in a unified port group: 1 Configure a unified port group in CONFIGURATION mode. Enter 1/1 for node/slot. The port-group range depends on the switch. port-group node/slot/port-group 2 Activate the unified port group for Ethernet operation in PORT-GROUP mode. To activate a unified port group in Fibre Channel mode, see Fibre Channel interfaces. The available options depend on the switch.
• 25g-4x — Split a QSFP28 port into four 25G interfaces. • 40g-1x — Set a QSFP28 port for use with a QSFP+ 40G transceiver. • 50g-2x — Split a QSFP28 port into two 50G interfaces. • 100g-1x — Reset a QSFP28 port to 100G speed. To configure an Ethernet breakout interface, enter the interface ethernet node/slot/port:subport command in CONFIGURATION mode. Each breakout interface operates at the configured speed.
After you enter enable auto-breakout and plug a breakout cable in Ethernet port 1/1/25: OS10# show interface status -----------------------------------------------------------------Port Description Status Speed Duplex Mode Vlan Tagged-Vlans -----------------------------------------------------------------Eth 1/1/1 down 0 auto Eth 1/1/2 down 0 auto A 1 Eth 1/1/25:1 down 0 auto A 1 Eth 1/1/25:2 down 0 auto A 1 Eth 1/1/25:3 down 0 auto A 1 Eth 1/1/25:4 down 0 auto A 1 Eth 1/1/29 down 0 auto A 1 - Reset defaul
ip access-group test in lldp med network-policy add 10 ip ospf priority 10 flowcontrol transmit on OS10(conf-if-eth1/1/2)# exit S10(config)# default interface ethernet 1/1/2 Proceed to cleanup the interface config? [confirm yes/no]:y Sep 9 01:06:28 OS10 dn_l3_core_services[968]: Node.1-Unit.1:PRI:notice [os10:trap], %Dell EMC (OS10) %IP_ADDRESS_DEL: IP Address delete is successful. IP 2.2.2.2/24 deleted successfully Sep 9 01:06:28 OS10 dn_l3_core_services[968]: Node.1-Unit.
Interface index is 17306108 Internet address is not set Mode of IPv4 Address Assignment: not set Interface IPv6 oper status: Disabled MTU 1532 bytes, IP MTU 1500 bytes LineSpeed 100G, Auto-Negotiation on FEC is cl91-rs, Current FEC is cl91-rs Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 60 Last clearing of "show interface" counters: 00:00:17 Queuing strategy: fifo Input statistics: 7 packets, 818 octets 2 64-byte pkts, 0 over 64-byte pkts, 5 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte
2 Enable EEE in INTERFACE mode. eee Enable EEE OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# eee Disable EEE OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# no eee Clear interface counters You can clear EEE counters for physical Ethernet interfaces globally or per interface.
RxEventCount : 0 RxDuration(us) : 0 View EEE statistics on all interfaces OS10# show interface eee statistics Port EEE TxEventCount TxDuration(us) RxEventCount RxDuration(us) -----------------------------------------------------------------------------Eth 1/1/1 off 0 0 0 0 ... Eth 1/1/47 on 0 0 0 0 Eth 1/1/48 on 0 0 0 0 Eth 1/1/49 n/a ... Eth 1/1/52 n/a EEE commands clear counters interface eee Clears all EEE counters.
eee Enables or disables energy-efficient Ethernet (EEE) on physical ports. Syntax eee Parameters None Default Enabled on Base-T devices and disabled on S3048-ON and S4048T-ON. Command Mode Interface Usage Information To disable EEE, use the no version of this command. Example (Enable EEE) OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# eee Example (Disable EEE) OS10(config)# interface ethernet 1/1/2 OS10(conf-if-eth1/1/2)# no eee Supported Releases 10.3.
Command Mode EXEC Example OS10# show interface eee statistics Port EEE TxEventCount TxDuration(us) RxEventCount RxDuration(us) -----------------------------------------------------------------------------Eth 1/1/1 off 0 0 0 0 ... Eth 1/1/47 on 0 0 0 0 Eth 1/1/48 on 0 0 0 0 Eth 1/1/49 n/a ... Eth 1/1/52 n/a Supported Releases 10.3.0E or later show interface ethernet eee Displays the EEE status for a specified interface.
View interface configuration To view basic interface information, use the show interface, show running-configuration, and show interface status commands. You can stop scrolling output from a show command by entering CTRL+C. Display information about a physical or virtual interface in EXEC mode (including up/down status, MAC and IP addresses, and input/output traffic counters). show interface [type] • phy-eth node/slot/port[:subport] — Display information about physical media connected to the interface.
View candidate configuration OS10(conf-if-eth1/1/1)# show configuration candidate ! interface ethernet1/1/1 ip address 1.1.1.1/24 no switchport no shutdown View running configuration OS10# show running-configuration Current Configuration ... ! interface Ethernet 2/6 no ip address shutdown ! interface Ethernet 2/7 no ip address shutdown ! interface Ethernet 2/8 no ip address shutdown ! interface Ethernet 2/9 no ip address shutdown ...
• mode — Sets the LACP actor mode. • active — Sets channeling mode to active. • on — Sets channeling mode to static. • passive — Sets channeling mode to passive. Default Not configured Command Mode INTERFACE Usage Information The no version of this command resets the value to the default, and unassigns the interface from the port-channel group. Example OS10(config)# interface ethernet 1/1/2:1 OS10(conf-if-eth1/1/2:1)# channel-group 20 mode active Supported Releases 10.3.
ip ospf 65535 area 0.0.0.0 ip ospf authentication-key de!!f10 ip ospf cost 10 OS10# configure terminal OS10(config)# default interface ethernet 1/1/15 Proceed to cleanup the interface config? [confirm yes/no]:yes Mar 5 22:00:48 OS10 dn_l3_core_services[590]: Node.1-Unit.1:PRI:notice [os10:trap], %Dell EMC (OS10) %log-notice:IP_ADDRESS_DEL: IP Address delete is successful. IP 101.1.2.2/30 deleted successfully Mar 5 22:00:48 OS10 dn_l3_core_services[590]: Node.1-Unit.
successful. IP 192.21.43.1/31 deleted successfully Mar 5 22:21:12 OS10 dn_l3_core_services[590]: Node.1-Unit.1:PRI:notice [os10:trap], %Dell EMC (OS10) %log-notice:IP_ADDRESS_DEL: IP Address delete is successful. IP 2000:21:43::21:43:1/127 deleted successfully Mar 5 22:21:12 OS10 dn_l3_core_services[590]: Node.1-Unit.1:PRI:notice [os10:trap], %Dell EMC (OS10) %log-notice:IP_ADDRESS_DEL: IP Address delete is successful. IP 192.28.43.
! interface vlan10 no shutdown ! interface ethernet1/1/1 no shutdown switchport access vlan 10 ! interface ethernet1/1/2 no shutdown switchport access vlan 10 ! interface ethernet1/1/3 no shutdown switchport access vlan 10 ! interface ethernet1/1/4 no shutdown switchport access vlan 10 Supported Releases 10.4.0E(R1) or later description (Interface) Configures a textual description of an interface.
• half — Specify to set the physical interface to transmit in only one direction. • auto — Specify to set the physical interface to transmit automatically. Defaults Not configured Command Mode CONFIGURATION Usage Information This command can only be used on the Management port. The no version of this command resets the value to the default. Example OS10(conf-if-ma-1/1/1)# duplex auto Supported Releases 10.3.
Usage Information The no version of this command resets the value to the default. Example OS10(config)# interface ethernet 1/1/41 OS10(conf-if-eth1/1/41)# fec CL91-RS Supported Releases 10.3.0E or later interface breakout Splits a front-panel Ethernet port into multiple breakout interfaces. Syntax Parameters interface breakout node/slot/port map {100g-1x | 50g-2x |40g-1x | 25g-4x | 10g-4x10g-4x | 25g-4x} • node/slot/port — Enter the physical port information.
Supported Releases 10.2.0E or later interface loopback Configures a loopback interface. Syntax interface loopback id Parameters id — Enter the loopback interface ID number (0 to 16383). Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes the loopback interface. Example OS10(config)# interface loopback 100 OS10(conf-if-lo-100)# Supported Releases 10.2.0E or later interface mgmt Configures the Management port.
Example OS10(config)# interface null 0 OS10(conf-if-nu-0)# Supported Releases 10.3.0E or later interface port-channel Creates a port-channel interface. Syntax interface port-channel channel-id Parameters channel-id — Enter the port-channel ID number (1 to 128). Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes the interface. Example OS10(config)# interface port-channel 10 OS10(conf-if-po-10)# Supported Releases 10.2.
Example OS10(config)# interface range ethernet 1/1/7-1/1/24 OS10(conf-range-eth1/1/7-1/1/24)# Supported Releases 10.2.0E or later interface vlan Creates a VLAN interface. Syntax interface vlan vlan-id Parameters vlan-id — Enter the VLAN ID number (1 to 4093). Default VLAN 1 Command Mode CONFIGURATION Usage Information FTP, TFTP, MAC ACLs, and SNMP operations are not supported — IP ACLs are supported on VLANs only. The no version of this command deletes the interface.
Example OS10(config)# interface vlan 11 OS10(conf-if-vl-11)# mgmt Supported Releases 10.3.0E or later mode Configures a front-panel unified port group to operate in Fibre Channel or Ethernet mode, or a QSFP28-DD port to operate in Ethernet mode, with the specified speed on activated interfaces.
Example: Reset mode OS10(conf-pg-1/1/2)# mode FC 16g-2x OS10(conf-pg-1/1/2)# no mode OS10(conf-pg-1/1/2)# mode Eth 10g-4x Supported Releases 10.3.1E or later mode l3 After you configure the VLAN scale profile, enables L3 routing on a VLAN. Syntax mode l3 Parameters None Defaults Not configured Command Mode INTERFACE VLAN Usage Information To configure the VLAN scale profile, use the scale-profile vlan command.
Example OS10(conf-if-eth1/1/7)# mtu 3000 Supported Releases 10.2.0E or later port-group Configures a group of front-panel unified ports or a double-density QSFP28 (QSFP28-DD) port. Syntax Parameters port-group node/slot/port-group • node/slot — Enter 1/1 for node/slot when you configure a port group. • port-group — Enter the port-group number (1–14). The available port-group range depends on the switch.
Syntax show discovered-expanders show interface Displays interface information. Syntax show interface [type] Parameters interface type — Enter the interface type: • phy-eth node/slot/port[:subport] — Display information about physical ports connected to the interface. • status — Display interface status. • ethernet node/slot/port[:subport] — Display Ethernet interface information. • loopback id — Display loopback IDs (0 to 16383).
Output 0 Mbits/sec, 0 packets/sec, 0% of line rate Time since last interface status change: 3 weeks 1 day 20:30:38 --more-Example (port channel) OS10# show interface port-channel 1 Port-channel 1 is up, line protocol is down Address is 90:b1:1c:f4:a5:8c, Current address is 90:b1:1c:f4:a5:8c Interface index is 85886081 Internet address is not set Mode of IPv4 Address Assignment: not set MTU 1532 bytes LineSpeed 0 Minimum number of links to bring Port-channel up is 1 Maximum active members that are allowed i
1/1/18 ... Supported Releases SFP-PLUS SFPPLUS 10GBASE SR AQM146U true 10.2.0E or later show link-bundle-utilization Displays information about the link-bundle utilization. Syntax show link-bundle-utilization Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show link-bundle-utilization Link-bundle trigger threshold - 60 Supported Releases 10.2.0E or later show port-channel summary Displays port-channel summary information.
U - Up (port-channel) Group Port-Channel Type Protocol Member Ports 22 port-channel22 (U) Eth STATIC 1/1/10(P) 1/1/11(P) 1/1/14(P) 1/1/16(P) 1/1/19(P) 23 port-channel23 (D) Eth STATIC Supported Releases 10.2.0E or later show port-group Displays the current port-group configuration on a switch. Syntax show port-group Parameters None Default None Command Mode EXEC Usage Information To view the ports that belong to each port group, use the show port-group command.
show switch-port-profile Displays the current and default port profile on a switch. Syntax show switch-port-profile node/slot Parameters • node/slot — Enter the switch information. For a standalone switch, enter 1/1. Default profile-1 Command Mode EXEC Usage Information A switch-port profile determines the available front-panel ports and breakout modes on Ethernet and unified ports. To display the current port profile, enter the show switch-port-profile command.
NUM Status Description Q Ports 1 down Supported Releases 10.2.0E or later shutdown Disables an interface. Syntax shutdown Parameters None Default Disabled Command Mode INTERFACE Usage Information This command marks a physical interface as unavailable for traffic. Disabling a VLAN or a port-channel causes different behavior. When you disable a VLAN, the L3 functions within that VLAN are disabled, and L2 traffic continues to flow.
Example OS10(conf-if-fc-1/1/2)# speed 16 Supported Releases 10.3.1E or later speed (Management) Configures the transmission speed of the Management interface. Syntax speed {10 | 100 | 1000 | auto} Parameters Set the management port speed to: • 10 — 10M • 100 — 100M • 1000 — 1000M • auto — Set the port to auto-negotiate speed with a connected device. Defaults Auto Command Mode INTERFACE Usage Information The speed command is supported only on the Management and Fibre Channel interfaces.
– profile-3 — SFP+ 10G ports (5-24 and 31-50), QSFP+ 40G ports (27-28), and QSFP28 ports with 40G and 100G capability (25-26 and 29-30) are enabled. QSFP+ ports support 40GE and 4x10G breakouts. QSFP28 ports support 100GE and 4x25G breakouts with QSFP28 transceivers, and 40GE and 4x10G breakouts with QSFP+ transceivers. – profile-4 — SFP+ 10G ports (5-24 and 31-50), QSFP+ 40G ports (27-28), and QSFP28 ports with 40G and 100G capability (25-26 and 29-30) are enabled.
Usage Information ◦ QSFP28 unified ports operate in Ethernet 100GE mode by default, and support 2x50G, 4x25G, and 4x10G breakouts. QSFP28 ports support 4x16GFC breakouts in FC mode. ◦ SFP+ Ethernet ports operate at 10GE. • Setting a port group in 2x16GFC mode activates odd-numbered interfaces 1 and 3. A port group in 1x32GFC mode activates only interface 1. • To display the current port profile on a switch, enter the show switch-port-profile command.
switchport mode Places an interface in L2 access or trunk mode. Syntax Parameters switchport mode {access | trunk} • access — Enables L2 switching of untagged frames on a single VLAN. • trunk — Enables L2 switching of untagged frames on the access VLAN, and of tagged frames on the VLANs specified with the switchport trunk allowed vlan command.
unit-provision This command will be supported in future releases.
3 Fibre channel F_Port Fibre channel fabric port (F_Port) is the switch port that connects the Fibre Channel (FC) fabric to a node. S4148U-ON switches support F_Port. Enable Fibre channel F_Port mode globally using the feature fc domain-ID domain-ID command in CONFIGURATION mode.
Configure FIP snooping 1 Enable the FIP snooping feature globally using the feature fip-snooping command in CONFIGURATION mode. 2 Before applying FIP snooping to a VLAN, ensure that the VLAN already contains Ethernet or LAG members that are enabled with FCF port mode. You can enable FCF mode on an Ethernet or port-channel using the fip-snooping port-mode fcf command in INTERFACE mode. 3 Enable FIP snooping on the VLAN using the fip-snooping enable command in VLAN INTERFACE mode.
Number of VN Port Session Timeouts :0 Number of Session failures due to Hardware Config :0 OS10# show fcoe vlan * = Default VLAN VLAN FC-MAP FCFs Enodes ---- ------ ---- -----*1 100 0X0EFC00 1 2 Sessions -------17 OS10# show fcoe system Mode: FIP Snooping Bridge FCOE VLAN List (Operational) FCFs Enodes Sessions : : : : 1, 100 1 2 17 OS10# show fcoe sessions Enode MAC Enode Interface FCF MAC FCF interface ID PORT WWPN PORT WWNN ----------------- ---------------- ----------------- -------------------- --
The F_Port and NPG modes are mutually exclusive. If you have already configured a vfabric in F_Port mode, while configuring vfabrics in NPG mode, disable the F_Port mode. The existing vfabric is removed when you disable F_Port mode and you need to configure new vfabrics in NPG mode. If you are moving from NPG mode to F_Port mode, then disable the NPG mode and create new vfabric in F_Port mode. Zoning allows you to increase network security by partitioning the devices connected to the vfabric into subsets.
Switch Zoning Parameters ========================================== Default Zone Mode: Allow Active ZoneSet: set ========================================== Members fibrechannel1/1/1 fibrechannel1/1/2 fibrechannel1/1/3 fibrechannel1/1/4 fibrechannel1/1/5 fibrechannel1/1/6 fibrechannel1/1/7 fibrechannel1/1/8 fibrechannel1/1/9 fibrechannel1/1/10 fibrechannel1/1/11 fibrechannel1/1/12 fibrechannel1/1/15 fibrechannel1/1/17 fibrechannel1/1/18 fibrechannel1/1/19 fibrechannel1/1/20 fibrechannel1/1/21 fibrechannel1/1
fcoe fka-adv-period 8 fcoe vlan-priority 3 OS10# show vfabric Fabric Name 10 Fabric Type NPG Fabric Id 10 Vlan Id 100 FC-MAP 0xEFC01 Vlan priority 3 FCF Priority 128 FKA-Adv-Period Enabled,8 Config-State ACTIVE Oper-State DOWN ========================================== Members ========================================== OS10# show running-configuration vfabric ! vfabric 10 name 10 vlan 100 fcoe fcmap 0xEFC01 fcoe fcf-priority 128 fcoe fka-adv-period 8 fcoe vlan-priority 3 Fibre Channel zoning Fibre channel
OS10(config)# fc zoneset set OS10(conf-fc-zoneset-set)# member hba1 OS10(conf-fc-zoneset-set)# exit OS10(config)# vfabric 100 OS10(conf-vfabric-100)# zoneset activate set OS10(conf-vfabric-100)# zone default-zone permit View FC zone configuration OS10(config-fc-zone-hba1)# show configuration ! fc zone hba1 member wwn 21:00:00:24:ff:7b:f5:c8 member wwn 10:00:00:90:fa:b8:22:19 OS10# show fc zone Zone Name Zone Member ================================================= hba1 21:00:00:24:ff:7b:f5:c8 10:00:00:90:fa
F_Port on Ethernet OS10 supports configuring F_Port mode on an Ethernet port that is connected to converged network adapters (CNA). After enabling F_Port mode, configure a vfabric and apply the vfabric to Ethernet ports connected to CNA. You can configure only one vfabric in F_Port mode. You can apply the configured vfabric to multiple Ethernet interfaces. You can also add the Ethernet interfaces to a port-channel and apply the vfabric to the port-channel.
Parameters interface-type — (Optional) Enter the interface type. The interface may be ethernet, VLAN, or port-channel. Default Not configured Command Mode EXEC Usage Information If you do not specify the interface interface-type information, then the command clears the statistics for all the interfaces and VLANs. Example OS10# clear fcoe statistics interface ethernet 1/1/1 OS10# clear fcoe statistics interface port-channel 5 Supported Releases 10.4.0E(R1) or later fc alias Creates an FC alias.
fc zoneset Creates an FC zoneset and adds the existing FC zones to the zoneset. Syntax fc zoneset zoneset-name Parameters zoneset-name — Enter a name for the FC zoneset. The name must start with a letter and may contain characters: A-Z, a-z, 0-9, $, _, -, ^ Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the FC zoneset. Example OS10(config)# fc zoneset set OS10(conf-fc-zoneset-set)# member hba1 Supported Releases 10.3.
Supported Releases 10.3.1E or later fcoe max-sessions-per-enodemac Configures the maximum number of sessions allowed for an ENode. Syntax fcoe max-sessions-per-enodemac max-session-number Parameters max-session-number — Enter the maximum number of sessions to be allowed, ranging from 1 to 64. Defaults 32 Command Mode CONFIGURATION Usage Information The no version of this command resets the number of sessions to the default value.
Example OS10(config)# feature fc npg Supported Releases 10.4.0E(R1) or later feature fip-snooping Enables the FIP snooping feature globally. Syntax feature fip-snooping Parameters None Defaults Disabled Command Mode CONFIGURATION Usage Information The no version of this command disables FIP snooping. Example OS10(config)# feature fip-snooping Supported Releases 10.4.0E(R1) or later fip-snooping enable Enables FIP snooping on specified VLAN.
Command Mode VLAN INTERFACE Usage Information The no version of this command disables the FC map configuration. Example OS10(config)# interface vlan 3 OS10(conf-if-vl-3)# fip-snooping fc-map 0xEFC64 Supported Releases 10.4.0E(R1) or later fip-snooping port-mode fcf Sets the FIP snooping port mode to FCF for interfaces. Syntax fip-snooping port-mode fcf Parameters None Defaults ENode port mode Command Mode INTERFACE Usage Information By default, the port mode of an interface is set to ENode.
member (zone) Adds members to existing zones. Identify a member by an FC alias, a World Wide Name (WWN), or an FC ID. Syntax member {alias-name alias-name | wwn wwn-ID | fc-id fc-id} Parameters • alias-name — Enter the FC alias name. • wwn-ID — Enter the WWN name. • fc-id — Enter the FC ID name. Defaults Not configured Command Mode Zone CONFIGURATION Usage Information The no version of this command removes the member from the zone.
Usage Information The no version of this command removes the vfabric name.. Example OS10(config)# vfabric 100 OS10(conf-vfabric-100)# name test_vfab Supported Releases 10.3.1E or later show fc alias Displays the details of a FC alias and its members. Syntax show fc alias [alias-name] Parameters alias-name — (Optional) Enter the FC alias name.
Example (brief) Supported Releases Registered with NameServer Registered for SCN Yes Yes Switch Name Domain Id Switch Port FC-Id Port Name Node Name Class of Service Symbolic Port Name Symbolic Node Name Port Type Registered with NameServer Registered for SCN 10:00:14:18:77:20:8d:cf 100 fibrechannel1/1/29 64:74:00 21:00:00:24:ff:7b:f5:c8 20:00:00:24:ff:7b:f5:c8 8 QLogic Port0 WWPN 21:00:00:24:ff:7b:f5:c8 QLE2742 FW:v8.03.05 DVR:v9.2.3.
Number of FDISC Rejects Number of FLOGO Accepts Number of FLOGO Rejects Supported Releases : 0 : 0 : 0 10.3.1E or later show fc switch Displays the FC switch parameters. Syntax show fc switch Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show fc switch Switch Mode : FPORT Switch WWN : 10:00:14:18:77:20:8d:cf Supported Releases 10.3.1E or later show fc zone Displays the FC zones and the zone members.
21:00:00:24:ff:7f:ce:ee 21:00:00:24:ff:7f:ce:ef Supported Releases 10.3.1E or later show fc zoneset Displays the FC zonesets, the zones in the zoneset, and the zone members. Syntax show fc zoneset [active | zoneset-name] Parameters zoneset-name — Enter the FC zoneset name.
21:00:00:24:ff:7f:ce:ee 21:00:00:24:ff:7f:ce:ef Example (with zoneset name) OS10# show fc zoneset set ZoneSetName ZoneName ZoneMember ================================================================== set hba1 21:00:00:24:ff:7b:f5:c8 10:00:00:90:fa:b8:22:19 21:00:00:24:ff:7f:ce:ee 21:00:00:24:ff:7f:ce:ef hba2 Supported Releases 20:01:00:0e:1e:e8:e4:99 50:00:d3:10:00:ec:f9:1b 50:00:d3:10:00:ec:f9:05 50:00:d3:10:00:ec:f9:1f 20:35:78:2b:cb:6f:65:57 10.3.
Supported Releases 10.4.0E(R1) or later show fcoe sessions Displays the details of established FCoE sessions. Syntax show fcoe sessions [interface vlanvlan-id] Parameters vlan-id — (Optional) Enter the VLAN ID. This option displays the sessions established on the specified VLAN.
Number Number Number Number Supported Releases of of of of CVL :0 FCF Discovery Timeouts :0 VN Port Session Timeouts :0 Session failures due to Hardware Config :0 10.4.0E(R1) or later show fcoe system Displays the system information related to FCoE.
Parameters None Default Not configured Command Mode EXEC Usage Information Use the brief option to display minimum details.
show vfabric Displays vfabric details.
vfabric Configures a virtual fabric (vfabric). Enable the F_Port before configuring a vfabric. You can configure only one vfabric in F_Port mode. The vfabric becomes active only when you configure the vfabric with a valid VLAN and FC map. Do not use spanned VLAN as vfabric VLAN. Syntax vfabric fabric-ID Parameters fabric-ID — Enter the fabric ID, from 1 to 255. Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the vfabric.
Example OS10(config)# interface vlan 1023 10OS10(conf-if-vl-1023)# exit OS10(config)# vfabric 100 OS10(conf-vfabric-100)# vlan 1023 Supported Releases 10.3.1E or later zone default-zone permit Enables access between all logged-in FC nodes of vfabric in the absence of an active zoneset configuration. A default zone advertises a maximum of 527 members in the registered state change notification (RSCN) message.
4 Layer 2 802.1X Verifies device credentials prior to sending or receiving packets using the extensible authentication protocol (see 802.1X Commands). Link Aggregation Control Protocol (LACP) Exchanges information between two systems and automatically establishes a LAG between the systems (see LACP Commands). Link Layer Discovery Enables a LAN device to advertise its configuration and receive configuration information from adjacent LLDPProtocol (LLDP) enabled infrastructure devices (see LLDP Commands).
NOTE: OS10 supports only RADIUS as the back-end authentication server. The authentication process involves three devices: • Supplicant — The device attempting to access the network performs the role of supplicant. Regular traffic from this device does not reach the network until the port associated to the device is authorized. Prior to that, only the supplicant can exchange 802.1x messages (EAPOL frames) with the authenticator.
6 If the identity information the supplicant provides is valid, the authentication server sends an Access Accept frame in which network privileges are specified. The authenticator changes the port state to authorize and forwards an EAP Success frame. If the identity information is invalid, the server sends an Access Reject frame. If the port state remains unauthorized, the authenticator forwards an EAP Failure frame. EAP over RADIUS 802.
Enable 802.1X 1 Enable 802.1X globally in CONFIGURATION mode. dot1x system-auth-control 2 Enter an interface or a range of interfaces in INTERFACE mode. interface range 3 Enable 802.1X on the supplicant interface only in INTERFACE mode. dot1x port-control auto Configure and verify 802.
Identity retransmissions If the authenticator sends a Request Identity frame but the supplicant does not respond, the authenticator waits 30 seconds and then retransmits the frame. There are several reasons why the supplicant might fail to respond — the supplicant may have been booting when the request arrived, there may be a physical layer problem, and so on.
Failure quiet period If the supplicant fails the authentication process, the authenticator sends another Request Identity frame after 30 seconds by default. The quiet period is a transmit interval time after a failed authentication. The Request Identity Re-transmit interval is for an unresponsive supplicant. You can configure the interval for a maximum of 10 times for an unresponsive supplicant.
force-authorized (default) This is an authorized state. A device connected to this port does not use the authentication process but can communicate on the network. Placing the port in this state is same as disabling 802.1X on the port. forceauthorized is the default mode. force-unauthorized This is an unauthorized state. A device connected to a port does not use the authentication process but is not allowed to communicate on the network.
Configure and verify reauthentication time period OS10(config)# interface range ethernet 1/1/7-1/1/8 OS10(conf-range-eth1/1/7-1/1/8)# dot1x re-authentication OS10(conf-range-eth1/1/7-1/1/8)# dot1x timeout re-authperiod 3600 OS10(conf-range-eth1/1/7-1/1/8)# show dot1x interface ethernet 1/1/7 802.
Port Auth Status: Re-Authentication: Tx Period: Quiet Period: Supplicant Timeout: Server Timeout: Re-Auth Interval: Max-EAP-Req: Host Mode: Auth PAE State: Backend State: UNAUTHORIZED Enable 120 seconds 120 seconds 45 seconds 60 seconds 3600 seconds 5 MULTI_HOST Initialize Initialize View interface running configuration OS10(conf-range-eth1/1/7-1/1/8)# do show running-configuration interface ...
Supported Releases 10.2.0E or later dot1x max-req Changes the maximum number of requests that the device sends to a supplicant before restarting 802.1X authentication. Syntax dot1x max-req retry-count Parameters max-req retry-count — Enter the retry count for the request sent to the supplicant before restarting 802.1X reauthentication (1 to 10). Default 2 Command Mode INTERFACE Usage Information The no version of this command resets the value to the default.
Example OS10(conf-range-eth1/1/7-1/1/8)# dot1x re-authentication Supported Releases 10.2.0E or later dot1x timeout quiet-period Sets the number of seconds that the device remains in quiet state following a failed authentication exchange with a supplicant. Syntax dot1x timeout quiet-period seconds Parameters quiet period seconds — Enter the number of seconds for the 802.1X quiet period timeout (1 to 65535).
dot1x timeout supp-timeout Sets the number of seconds that the device waits for the supplicant to respond to an EAP request frame before the device retransmits the frame. Syntax dot1x timeout supp-timeout seconds Parameters supp-timeout seconds — Enter the number of seconds for the 802.1X supplicant timeout (1 to 65535). Default 30 seconds Command Mode INTERFACE Usage Information The no version of this command resets the value to the default.
show dot1x interface Displays 802.1X configuration information. Syntax show dot1x interface ethernet node/slot/port[:subport] Parameters ethernet node/slot/port[:subport] — Enter the Ethernet interface information. Command Mode EXEC Usage Information Use this command to view the dot1x interface configuration for a specific interface. Example OS10# show dot1x interface 802.1x information on ethernet1/1/1 ------------------------------------Dot1x Status: Enable 802.
Link aggregation control protocol Group Ethernet interfaces to form a single link layer interface called a LAG or port-channel. Aggregating multiple links between physical interfaces creates a single logical LAG, which balances traffic across the member links within an aggregated Ethernet bundle and increases the uplink bandwidth. If one member link fails, the LAG continues to carry traffic over the remaining links.
Configure LACP OS10(config)# lacp system-priority 65535 OS10(config)# interface range ethernet 1/1/7-1/1/8 OS10(conf-range-eth1/1/7-1/1/8)# lacp port-priority 4096 OS10(conf-range-eth1/1/7-1/1/8)# lacp rate fast Verify LACP configuration OS10(conf-range-eth1/1/7-1/1/8)# do show running-configuration ... ! interface ethernet1/1/7 lacp port-priority 4096 lacp rate fast no shutdown ! interface ethernet1/1/8 lacp port-priority 4096 lacp rate fast no shutdown ! ...
Configure LACP timeout OS10(conf-if-eth1/1/29)# lacp rate fast View port status OS10# show lacp port-channel Port-channel 20 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address f8:b1:56:00:02:33 Partner System ID: Priority 4096, Address 10:11:22:22:33:33 Actor Admin Key 20, Oper Key 20, Partner Oper Key 10 LACP LAG ID 20 is an aggregatable link A - Active LACP, B - Passive LACP, C - Short Timeout, D - Long Timeout E - Aggregatable Link, F - Individual Link, G - IN_SYNC, H - OUT_OF_SYNC, I
Bravo LAG configuration summary OS10(config)# interface port-channel 1 OS10(conf-if-po-1)# exit OS10(config)# interface ethernet 1/1/49 OS10(conf-if-eth1/1/49)# no switchport OS10(conf-if-eth1/1/49)# channel-group 1 mode active OS10(conf-if-eth1/1/49)# interface ethernet 1/1/50 OS10(conf-if-eth1/1/50)# no switchport OS10(conf-if-eth1/1/50)# channel-group 1 mode active OS10(conf-if-eth1/1/50)# interface ethernet 1/1/51 OS10(conf-if-eth1/1/51)# no switchport OS10(conf-if-eth1/1/51)# channel-group 1 mode activ
0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 465 discarded Output statistics: 7840 packets, 938965 octets 0 64-byte pkts,1396 over 64-byte pkts, 6444 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 7840 Multicasts, 0 Broadcasts,0 Unicasts 0 throttles, 0 discarded, 0 Collisions, 0 wreddrops Rate Info(interval 299 seconds): Input 0 Mbits/sec, 0 packets/sec, 0% of line rate Output 0 Mbits/sec, 1 packets/sec, 0% of line rate Time since last interface status change : 01:2
Actor Admin: State Key 1 Priority 32768 Oper: State Key 1 Priority 32768 Partner Admin: State Key 0 Priority 0 Oper: State Key 1 Priority 32768 Port ethernet1/1/31 is Enabled, LACP is enabled and mode is lacp Actor Admin: State Key 1 Priority 32768 Oper: State Key 1 Priority 32768 Partner Admin: State Key 0 Priority 0 Oper: State Key 1 Priority 32768 Verify LAG membership OS10# show lacp interface ethernet 1/1/29 Interface ethernet1/1/29 is up Channel group is 1 port channel is po1 PDUS sent: 17 PDUS rcvd:
• active — Enter to enable the LACP interface. The interface is in the Active Negotiating state when the port starts negotiations with other ports by sending LACP packets. • on — Enter so that the interface is not part of a dynamic LAG but acts as a static LAG member. • passive — Enter to only enable LACP if it detects a device. The interface is in the Passive Negotiation state when the port responds to the LACP packets that it receives but does not initiate negotiation until it detects a device.
Default 32 Command Mode INTERFACE Usage Information The no version of this command resets the maximum bundle size to the default value. Example OS10(conf-if-po-10)# lacp max-bundle 10 Supported Releases 10.2.0E or later lacp port-priority Sets the priority for the physical interfaces for LACP. Syntax lacp port-priority priority Parameters priority — Enter the priority for the physical interfaces (0 to 65535).
lacp system-priority Sets the system priority of the device for LACP. Parameters priority — Enter the priority value for physical interfaces (0 to 65535). Default 32768 Command Mode CONFIGURATION Usage Information Each device that runs LACP has an LACP system priority value. LACP uses the system priority with the MAC address to form the system ID and also during negotiation with other systems. The system ID is unique for each device.
show lacp interface Displays information about specific LACP interfaces. Syntax show lacp interface ethernet node/slot/port Parameters node/slot/port — Enter the interface information. Default Not configured Command Mode EXEC Usage Information The LACP_activity field displays if you configure the link in Active or Passive port-channel mode. The Port Identifier field displays the port priority as part of the information including the port number.
Parameters • interface port-channel — (Optional) Enter the interface port-channel. • channel-number — (Optional) Enter the port-channel number for the LACP neighbor (1 to 128). Default Not configured Command Mode EXEC Usage Information All channel groups display if you do not enter the channel-number parameter.
show lacp system-identifier Displays the LACP system identifier for a device. Syntax show lacp system-identifier Parameters None Default Not configured Command Mode EXEC Usage Information The LACP system ID is a combination of the configurable LACP system priority value and the MAC address. Each system that runs LACP has an LACP system priority value. The default value is 32768 or configure a value between 1 and 65535.
LAN devices transmit LLDPDUs, which encapsulate TLVs, to neighboring LAN devices. LLDP is a one-way protocol and LAN devices (LLDP agents) transmit and/or receive advertisements but they cannot solicit and do not respond to advertisements. There are three mandatory TLVs followed by zero or more optional TLVs and the end of the LLDPDU TLV.
Organizationally-specific TLVs There are eight TLV types defined by the 802.1 and 802.3 working groups as a basic part of LLDP. Configure OS10 to advertise any or all of these TLVs. Optional TLVs 4 — Port description User-defined alphanumeric string that describes the port. 5 — System name User-defined alphanumeric string that identifies the system. 6 — System description Detailed description of all components of the system. 7 — System capabilities Determines the capabilities of the system.
Media endpoint discovery LLDP media endpoint discovery (LLDP-MED) provides additional organizationally-specific TLVs to allow endpoint devices and network connectivity devices to advertise their characteristics and configuration information. LLDP-MED endpoint devices are located at the IEEE 802 LAN network edge and participate in IP communication service using the LLDPMED framework, such as IP phones and conference bridges.
LLDP-MED capabilities Bit 0 LLDP-MED capabilities Bit 1 Network policy Bit 2 Location ID Bit 3 Extended power via MDI-PSE Bit 4 Extended power via MDI-PD Bit 5 Inventory Bits 6-15 Reserved LLDP-MED device types 0 Type not defined 1 Endpoint class 1 2 Endpoint class 2 3 Endpoint class 3 4 Network connectivity 5-255 Reserved Network policies TLVs A network policy in the context of LLDP-MED is a device’s VLAN configuration and associated Layer 2 and Layer 3 configurations.
0 — Reserved — 1 — Voice Used for dedicated IP telephony handsets and other appliances supporting interactive voice services. 2 — Voice signaling Used only if voice control packets use a separate network policy than voice data. 3 — Guest voice Used only for a separate limited voice service for guest users with their own IP telephony handsets and other appliances supporting interactive voice services.
2 Enter the multiplier value for the hold time in CONFIGURATION mode. lldp holdtime-multiplier 3 Enter the delay (in seconds) for LLDP initialization on any interface in CONFIGURATION mode.
Enable LLDP OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# lldp transmit OS10(conf-if-eth1/1/1)# lldp receive Disable LLDP globally OS10(config)# no lldp enable Disable and re-enable LLDP on management ports By default, LLDP is enabled on management ports. You can disable or enable the following LLDP configurations on management ports. 1 Disable the LLDPDU transmit or receive. no lldp transmit no lldp receive 2 Disable LLDP TLVs.
Configure advertise TLVs OS10(conf-if-eth1/1/3)# lldp tlv-select basic-tlv system-name OS10(conf-if-eth1/1/1)# lldp tlv-select dot3tlv macphy-config max-framesize OS10(conf-if-eth1/1/3)# lldp tlv-select dot1tlv link-aggregation Network policy advertisement LLDP-MED is enabled on all interfaces by default. Configure OS10 to advertise LLDP-MED TLVs out of configured interfaces. Define LLDPMED network policies before applying the policies to an interface. Attach only one network policy per interface.
• Enable fast start repeat count which is the number of packets sent during activation in CONFIGURATION mode (1 to 10, default 3). lldp-med fast-start-repeat-count number Configure fast start repeat count OS10(config)# lldp med fast-start-repeat-count 5 View LLDP configuration • View the LLDP configuration in EXEC mode. show running-configuration • View LLDP error messages in EXEC mode. show lldp errors • View LLDP timers in EXEC mode. show lldp timers • View the LLDP traffic in EXEC mode.
Total Total Total Total Total Total Med Med Med Med Med Med Frames In : Frames Discarded : TLVS Discarded : Capability TLVS Discarded: Policy TLVS Discarded : Inventory TLVS Discarded : 0 0 0 0 0 0 Adjacent agent advertisements • • • View brief information about adjacent devices in EXEC mode. show lldp neighbors View all information that neighbors are advertising in EXEC mode. show lldp neighbors detail View all interface-specific information that neighbors are advertising in EXEC mode.
Extended Power via MDI - PD, Inventory Management Device Class: Endpoint Class 3 Network Policy: Application: voice, Tag: Tagged, Vlan: 50, L2 Priority: 6, DSCP Value: 46 Inventory Management: H/W Revision : 12.1.1 F/W Revision : 10.1.9750B S/W Revision : 10.1.9750B Serial Number : B11G152 Manufacturer : Dell Model : S6010-ON Asset ID : E1001 Power-via-MDI: Power Type: PD Device Power Source: Local and PSE Power Priority: Low Power required: 6.
clear lldp counters Clears LLDP and LLDP-MED transmit, receive, and discard statistics from all the physical interfaces. Syntax clear lldp counters Parameters None Default Not configured Command Mode EXEC Usage Information The counter default value resets to zero for all physical interfaces. Example OS10# clear lldp counters Supported Releases 10.2.0E or later clear lldp table Clears LLDP neighbor information for all interfaces.
lldp holdtime-multiplier Configures the multiplier value for the hold time (in seconds). Syntax lldp holdtime-multiplier integer Parameters integer — Enter the holdtime-multiplier value in seconds (2 to 10). Default 4 seconds Command Mode CONFIGURATION Usage Information Hold time is the amount of time (in seconds) that a receiving system waits to hold the information before discarding it. Formula: Hold Time = (Updated Frequency Interval) X (Hold Time Multiplier).
Supported Releases 10.2.0E or later lldp med network-policy Manually defines an LLDP-MED network policy. Syntax lldp-med network-policy number app {voice | voice-signaling | guest-voice | guestvoice-signaling | softphone-voice | streaming-video | video-conferencing | video-signaling} {vlan vlan-id vlan-type {tag | untag} priority priority dscp dscp value} Parameters • number — Enter a network policy index number (1 to 32).
Command Mode INTERFACE Usage Information Attach only one network policy for per interface. Example OS10(conf-if-eth1/1/5)# lldp med network-policy add 1 Supported Release 10.2.0E or later lldp med tlv-select Configures the LLDP-MED TLV type to transmit or receive. Syntax Parameters lldp med tlv-select {network—policy | inventory} • network-policy — Enable or disable the port description TLV. • inventory — Enable or disable the system TLV.
Usage Information The no version of this command resets the value to the default. Example OS10(config)# lldp reinit 5 Supported Releases 10.2.0E or later lldp timer Configures the rate (in seconds) at which LLDP packets send to the peers. Syntax lldp timer seconds Parameters seconds — Enter the LLDP timer rate in seconds (5 to 254). Default 30 seconds Command Mode CONFIGURATION Usage Information The no version of this command sets the LLDP timer back to its default value.
• link-aggregation — Enable the link aggregation TLV. Default Enabled Command Mode INTERFACE Usage Information The lldp tlv-select dot1tlv link-aggregation command advertises link aggregation as a dot1 TLV in the LLDPDUs. The no version of this command disables TLV transmissions. Example (Port) OS10(conf-if-eth1/1/3)# lldp tlv-select dot1tlv port-vlan-id Example (Link Aggregation) OS10(conf-if-eth1/1/3)# lldp tlv-select dot1tlv link-aggregation Supported Releases 10.2.
show lldp interface Displays the LLDP information advertised from a specific interface. Syntax show lldp interface ethernet node/slot/port[:subport] [med | local—device] Parameters • ethernet node/slot/port[:subport] — Enter the Ethernet interface information. • med — Enter the interface to view the MED information. • local-device — Enter the interface to view the local-device information.
Example OS10# Total Total Total Supported Release 10.2.0E or later show lldp errors Memory Allocation Failures: 0 Input Queue Overflows: 0 Table Overflows: 0 show lldp med Displays the LLDP MED information for all the interfaces. Syntax show lldp med Parameters None Default Not configured Command Mode EXEC Usage Information Use the show lldp interface command to view MED information for a specific interface.
show lldp neighbors Displays the status of the LLDP neighbor system information. Syntax show lldp neighbors [detail | interface ethernet node/slot/port[:subport]] Parameters • detail — View LLDP neighbor detailed information. • interface ethernet node/slot/port[:subport] — Enter the Ethernet interface information. Command Mode EXEC Usage Information This command status information includes local port ID, remote host name, remote port ID, and remote node ID.
Inventory Management: H/W Revision : 12.1.1 F/W Revision : 10.1.9750B S/W Revision : 10.1.9750B Serial Number : B11G152 Manufacturer : Dell Model : S6010-ON Asset ID : E1001 Power-via-MDI: Power Type: PD Device Power Source: Local and PSE Power Priority: Low Power required: 6.
Usage Information None Example OS10# show lldp tlv-select interface ethernet 1/1/4 port-description system-name system-description system-cababilities management-address port-vlan mac-phy-config link-aggregation max-frame-size Supported Releases 10.2.0E or later show lldp traffic Displays LLDP traffic information including counters, packets transmitted and received, discarded packets, and unrecognized TLVs.
show nework-policy profile Displays the network policy profiles. Syntax show network-policy profile [profile number] Parameters profile number — (Optional) Enter the network policy profile number (1 to 32). Default Not configured Command Mode EXEC Usage Information If you do not enter the network profile ID, all configured network policy profiles display.
Set Static MAC Address OS10(config)# mac address-table static 34:17:eb:f2:ab:c6 vlan 10 interface ethernet 1/1/5 MAC Address Table OS10 maintains a list of MAC address table entries. • View the contents of the MAC address table in EXEC mode.
Clear MAC Address Table OS10# clear mac address-table dynamic vlan 20 interface ethernet 1/2/20 MAC Commands clear mac address-table dynamic Clears L2 dynamic address entries from the MAC address table. Syntax Parameters clear mac address-table dynamic {all | address mac_addr | vlan vlan-id | interface {ethernet node/slot/port[:subport] | port-channel number}} • all — (Optional) Delete all MAC address table entries.
mac address-table static Configures a static entry for the L2 MAC address table. Syntax mac address-table static mac-address vlan vlan-id interface {ethernet node/ slot/port[:subport] | port-channel number} Parameters • mac-address — Enter the MAC address to add to the table in nn:nn:nn:nn:nn:nn format. • vlan vlan-id — Enter the VLAN to apply the static MAC address to (1 to 4093). • interface — Enter the interface type: – ethernet node/slot/port[:subport] — Enter the Ethernet information.
Usage Information The network device maintains static MAC address entries saved in the startup configuration file, and reboots and flushes dynamic entries.
3 Ensure the same region name is configured in all the bridges running MST. 4 (Optional) Configure the revision number. Configure MST protocol When you enable MST globally, all L2 physical, port-channel, and VLAN interfaces are automatically assigned to MST instance (MSTI) zero (0). Within an MSTI, only one path from any one bridge to another is enabled for forwarding. • Enable MST in CONFIGURATION mode.
View VLAN instance mapping OS10# show spanning-tree mst configuration Region Name: force10 Revision: 100 MSTI VID 0 1,31-4093 1 2-10 2 11-20 3 21-30 View port forwarding/discarding state OS10# show spanning-tree msti 0 brief Spanning tree enabled protocol msti with force-version mst MSTI 0 VLANs mapped 1,31-4093 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 3417.4455.
ethernet1/1/9 ethernet1/1/10 Disb Disb 128.292 128.296 128 128 200000000 BLK 200000000 BLK 0 AUTO No Root selection MSTP determines the root bridge according to the lowest bridge ID. Assign a lower bridge priority to increase its likelihood of becoming the root bridge. • Assign a bridge priority number to a specific instance in CONFIGURATION mode (0 to 61440 in increments of 4096, default 32768). Use a lower priority number to increase the likelihood of the bridge to become a root bridge.
• Change the region revision number in MULTIPLE-SPANNING-TREE mode (0 to 65535, default 0). revision number Configure and verify region name OS10(conf-mstp)# name my-mstp-region OS10(conf-mstp)# do show spanning-tree mst config MST region name: my-mstp-region Revision: 0 MSTI VID 1 100 2 200-300 Modify parameters The root bridge sets the values for forward-delay, hello-time, max-age, and max-hops and overwrites the values set on other MST bridges.
ethernet1/1/6 128.280 128 500 BLK 0 32768 3417.4455.667f Interface Name Role PortID Prio Cost Sts Cost Link-type Edge -----------------------------------------------------------------ethernet1/1/5 Root 128.276 128 500 FWD 0 AUTO No ethernet1/1/6 Altr 128.280 128 500 BLK 0 AUTO No 128.150 Interface parameters Adjust two interface parameters to increase or decrease the likelihood that a port becomes a forwarding port. Port cost Value that is based on the interface type.
Configure EdgePort OS10(conf-if-eth1/1/4)# spanning-tree port type edge View interface status OS10# show spanning-tree interface ethernet 1/1/4 ethernet1/1/4 of MSTI 0 is designated Forwarding Edge port:yes port guard :none (default) Link type is point-to-point (auto) Boundary: YES bpdu filter :disable bpdu guard :disable bpduguard shutdown-onviolation :disable RootGuard: disable LoopGuard disable Bpdus (MRecords) sent 610, received 5 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ----
To clear Error Disabled state: 2 • Use the shutdown command on the interface. • Use the spanning-tree bpdufilter disable command to disable the BPDU guard on the interface. • Use the spanning-tree disable command to disable STP on the interface. Enable STP BPDU guard in INTERFACE mode. spanning-tree bpduguard enable • To shut down the port channel interface, all member ports are disabled in the hardware.
Boundary: NO bpdu filter : bpdu guard : bpduguard shutdown-onviolation :disable RootGuard: disable LoopGuard enable Bpdus (MRecords) sent 7, received 20 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ------------------------------------------------------------------------ethernet1/1/4 128.272 128 500 FWD 0 32769 90b1.1cf4.9d3b 128.
debug spanning-tree Enables STP debug and displays protocol information. Syntax debug spanning-tree {all | bpdu [tx | rx] | events} Parameters • all — Debugs all spanning tree operations. • bpdu — Enter transmit (tx) or receive (rx) to enable the debug direction. • events — Debugs PVST events. Default Not configured Command Mode EXEC Usage Information None Example OS10# debug spanning-tree bpdu rx Supported Releases 10.2.
Usage Information By default, MST protocol assigns system MAC as the region name. Two MST devices within the same region must share the same region name, including matching case. Example OS10(conf-mst)# name my-mst-region Supported Releases 10.2.0E or later revision Configures a revision number for the MSTP configuration. Syntax revision number Parameters number — Enter a revision number for the MSTP configuration (0 to 65535).
Default Disabled Command Mode INTERFACE Usage Information BPDU guard prevents a port from receiving BPDUs. If the port receives a BPDU, it is placed in the Error-Disabled state as a protective measure. Example OS10(conf-if-eth1/1/4)# spanning-tree bpduguard enable Supported Releases 10.2.0E or later spanning-tree disable Disables the spanning-tree mode configured with the spanning-tree mode command globally on the switch or on specified interfaces.
spanning-tree mode Enables an STP type (RSTP, Rapid-PVST+, or MST). Syntax Parameters spanning-tree mode {rstp | mst | rapid-pvst} • rstp — Sets the STP mode to RSTP. • mst — Sets the STP mode to MST. • rapid-pvst — Sets the STP mode to RPVST+. Default RPVST+ Command Mode CONFIGURATION Usage Information All STP instances are stopped in the previous STP mode, and are restarted in the new mode. You can also change to RSTP/MST mode.
spanning-tree msti Configures the MSTI, cost, and priority values for an interface. Syntax spanning-tree msti instance {cost cost | priority value} Parameters • msti instance — Enter the MST instance number (0 to 63). • cost cost — (Optional) Enter a port cost value (1 to 200000000).
spanning-tree mst disable Disables spanning tree on the specified MST instance. Syntax spanning-tree mst instance-number disable Parameters instance-number—Enter the instance number, ranging from 0 to 63. Default Enabled Command Mode CONFIGURATION Usage Information The no version of this command enables spanning tree on the specified MST instance. Example OS10(config)# spanning-tree mst 10 disable Supported Releases 10.4.
spanning-tree mst hello-time Sets the time interval between generation and transmission of MSTP BPDUs. Syntax spanning-tree mst hello-time seconds Parameters seconds — Enter a hello-time interval value in seconds (1 to 10). Default 2 seconds Command Mode CONFIGURATION Usage Information Dell EMC recommends increasing the hello-time for large configurations — especially configurations with multiple ports. The no version of this command resets the value to the default.
spanning-tree mst max-hops Configures the maximum hop count for a BPDU to travel before it is discarded. Syntax spanning-tree mst max-hops number Parameters number — Enter a maximum hop value (6 to 40). Default 20 Command Mode CONFIGURATION Usage Information A device receiving BPDUs waits until the max-hops value expires before discarding it. When a device receives the BPDUs, it decrements the received value of the remaining hops and uses the resulting value as remaining-hops in the BPDUs.
0 1 2 3 4 5 Supported Releases 1,7-4093 2 3 4 5 6 10.2.0E or later show spanning-tree msti Displays MST instance information. Syntax show spanning-tree msti [instance-number [brief | guard | interface interface]] Parameters • instance-number — (Optional) Displays MST instance information (0 to 63). • brief — (Optional) Displays MST instance summary information. • guard — (Optional) Displays which guard is enabled and current port state.
Example (Interface) OS10# show spanning-tree msti 1 interface ethernet 1/1/1 ethernet1/1/1 of vlan1 is root Forwarding Edge port:no (default) port guard :none (default) Link type is point-to-point (auto) Boundary :internal bpdu filter : bpdu guard : bpduguard shutdown-onviolation :disable RootGuard: disable LoopGuard disable Bpdus (MRecords) sent 3779, received 7 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID -----------------------------------------------------------ethernet1/1/1 128
By default, each VLAN instance is assigned default bridge priority 32768. For example, all three instances have the same forwarding topology. Traffic load balancing is not achievable with this kind of priority assignment. You must assign each instance a different priority to achieve load balancing, as shown in Load Balancing with RPVST+. Load balance and root selection All VLANs use the same forwarding topology — R2 is elected as the root and all 10G Ethernet ports have the same cost.
-----------------------------------------------------------------------ethernet1/1/5 128.276 128 500 FWD 0 32768 3417.4455.667f 128.146 ethernet1/1/6 128.280 128 500 BLK 0 32768 3417.4455.667f 128.150 Interface Name Role PortID Prio Cost Sts Cost Link-type Edge -------------------------------------------------------------ethernet1/1/5 Root 128.276 128 500 FWD 0 AUTO No ethernet1/1/6 Altr 128.280 128 500 BLK 0 AUTO No Select root bridge RPVST+ determines the root bridge.
ethernet1/1/5 128.276 128 500 FWD 0 4097 90b1.1cf4.a523 ethernet1/1/6 128.280 128 500 FWD 0 4097 90b1.1cf4.a523 ethernet1/1/7 128.284 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/8 128.288 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/9 128.292 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/10 128.296 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/11 128.300 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/12 128.304 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/13 128.
Executing IEEE compatible Spanning Tree Protocol Root ID Priority 24577, Address 90b1.1cf4.a523 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 24577, Address 90b1.1cf4.a523 We are the root of VLAN 1 Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ---------------------------------------------------------------------ethernet1/1/5 128.276 128 500 FWD 0 24577 90b1.1cf4.a523 128.276 ethernet1/1/6 128.
• Modify the hello-time (in seconds) in CONFIGURATION mode (1 to 10, default 2). With large configurations (involving more number of ports), Dell EMC recommends increasing the hello-time. spanning-tree vlan vlan-id hello-time seconds • Modify the max-age (in seconds) in CONFIGURATION mode (6 to 40, default 20).
Default Not configured Command Mode EXEC Usage Information Use this command to force the RPVST+ port to re-negotiate with neighbors. If you use this command without parameters, the command applies to each device port. Example OS10# clear spanning-tree detected-protocol interface ethernet 1/1/1 Supported Release 10.2.0E or later debug spanning-tree Enables STP debug and displays protocol information.
ethernet1/1/4 ethernet1/1/5 ethernet1/1/6 ethernet1/1/7 ethernet1/1/8 ethernet1/1/9 ethernet1/1/10 ethernet1/1/11 ethernet1/1/12 Supported Releases 128.272 128.276 128.280 128.284 128.288 128.292 128.296 128.300 128.304 128 128 128 128 128 128 128 128 128 200000000 200000000 200000000 200000000 200000000 200000000 200000000 200000000 200000000 FWD FWD FWD FWD FWD FWD FWD FWD FWD 0 0 0 0 0 0 0 0 0 32769 32769 32769 32769 32769 32769 32769 32769 32769 0000.0000.0000 0000.0000.0000 0000.0000.0000 0000.
spanning-tree disable Disables the spanning-tree mode configured with the spanning-tree mode command globally on the switch or on specified interfaces. Syntax spanning-tree disable Parameters None Default Not configured. Usage Information The no version of this command re-enables STP and applies the currently configured spanning-tree settings.
Command Mode CONFIGURATION Usage Information All STP instances are stopped in the previous STP mode, and are restarted in the new mode. You can also change to RSTP/MST mode. Example (RSTP) OS10(config)# spanning-tree mode rstp Example (MST) OS10(config)# spanning-tree mode mst Supported Releases 10.2.0E or later spanning-tree port Sets the port type as the EdgePort.
spanning-tree vlan disable Disables spanning tree on specified VLAN. Syntax spanning-tree vlan vlan-id disable Parameters vlan-id — Enter the VLAN ID number, ranging from 1 to 4094. Default Enabled Command Mode CONFIGURATION Usage Information The no version of this command enables spanning tree on the specified VLAN. Example OS10(config)# spanning-tree vlan 100 disable Supported Releases 10.4.
spanning-tree vlan hello-time Sets the time interval between generation and transmission of RPVST BPDUs. Syntax spanning-tree vlan vlan-id hello-time seconds Parameters • vlan-id — Enter the VLAN ID number (1 to 4093). • seconds — Enter a hello-time interval value in seconds (1 to 10). Default 2 seconds Command Mode CONFIGURATION Usage Information Dell EMC recommends increasing the hello-time for large configurations — especially configurations with multiple ports.
Supported Releases 10.2.0E or later spanning-tree vlan priority Sets the priority value for RPVST+. Syntax spanning-tree vlan vlan-id priority priority value Parameters priority priority value — Enter a bridge-priority value in increments of 4096 (0 to 61440). Valid priority values are: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440. All other values are rejected.
Usage Information None Example OS10(config)# spanning-tree vlan 1 root primary Supported Releases 10.2.0E or later Rapid spanning-tree protocol RSTP is similar to STP but provides faster convergence and interoperability with devices configured with STP and MSTP. RSTP is disabled by default. All enabled interfaces in L2 mode are automatically added to the RSTP topology. Configuring RSTP is a two-step process: 1 Ensure that the interfaces are in L2 mode. 2 Globally enable RSTP.
View all port participating in RSTP OS10# show spanning-tree Spanning tree enabled protocol rstp with force-version rstp Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 3417.4455.667f Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 90b1.1cf4.
Forward-time 15 seconds — Amount of time an interface waits in the Listening state and the Learning state before it transitions to the Forwarding state. Hello-time 2 seconds — Time interval in which the bridge sends RSTP BPDUs. Max-age 20 seconds — Length of time the bridge maintains configuration information before it refreshes that information by recomputing the RSTP topology.
Port cost Value that is based on the interface type. The previous table lists the default values. The greater the port cost, the less likely the port is selected to be a forwarding port. Port priority Influences the likelihood that a port is selected to be a forwarding port in case that several ports have the same port cost. • Change the port cost of an interface in INTERFACE mode (1 to 200000000).
ethernet1/1/6:3 ethernet1/1/6:4 Root Altr 128.282 128 128.283 128 2000 FWD 0 2000 BLK 0 AUTO AUTO No No EdgePort forward traffic EdgePort allows the interface to forward traffic approximately 30 seconds sooner as it skips the Blocking and Learning states. The spanning-tree bpduguard enable command causes the interface hardware to shut down when it receives a BPDU. CAUTION: Configure EdgePort only on links connecting to an end station.
BPDUs using the spanning-tree guard loop command. After BPDUs are received, the port moves out of the Loop-Inconsistent (or blocking) state and transitions to an appropriate state determined by STP. Enabling loop guard on a per port basis enables it on all VLANs configured on the port. If you disable loop guard on a port, it is moved to the Listening state. If you enable BPDU filter and BPDU guard on the same port, the BPDU filter configuration takes precedence.
Boundary: NO bpdu filter : bpdu guard : bpduguard shutdown-onviolation :disable RootGuard: disable LoopGuard enable Bpdus (MRecords) sent 7, received 20 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ------------------------------------------------------------------------ethernet1/1/4 128.272 128 500 FWD 0 32769 90b1.1cf4.9d3b 128.
Command Mode EXEC Usage Information None Example OS10# show spanning-tree active Spanning tree enabled protocol rstp with force-version rstp Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 90b1.1cf4.9b8a Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 90b1.1cf4.
spanning-tree bpdufilter Enables or disables BPDU filtering on an interface. Syntax spanning-tree bpdufilter {enable | disable} Parameters • enable — Enables the BPDU filtering on an interface. • disable — Disables the BPDU filtering on an interface. Default Disabled Command Mode INTERFACE Usage Information Use the enable parameter to enable BPDU filtering. Example OS10(conf-if-eth1/1/4)# spanning-tree bpdufilter enable Supported Releases 10.2.
Example OS10(config)# interface ethernet 1/1/4 OS10(config-if-eth1/1/4)# spanning-tree disable Supported Releases 10.3.0E or later spanning-tree guard Enables or disables loop guard or root guard on an interface. Syntax Parameters spanning-tree guard {loop | root | none} • loop — Enables loop guard on an interface. • root — Enables root guard on an interface. • none — Sets the guard mode to none.
spanning-tree port Sets the port type as the EdgePort. Syntax spanning-tree port type edge Parameters None Default Not configured Command Mode INTERFACE Usage Information When you configure an EdgePort on a device running STP, the port immediately transitions to Forwarding state. Only configured ports connected to end hosts act as EdgePorts. Example OS10(config)# spanning-tree port type edge Supported Releases 10.2.
spanning-tree rstp hello-time Sets the time interval between generation and transmission of RSTP BPDUs. Syntax spanning-tree rstp hello-time seconds Parameters seconds — Enter a hello-time interval value in seconds (1 to 10). Default 2 seconds Command Mode CONFIGURATION Usage Information Dell EMC recommends increasing the hello-time for large configurations (especially configurations with multiple ports). Example OS10(config)# spanning-tree rstp hello-time 5 Supported Releases 10.2.
spanning-tree rstp Sets the priority value for RSTP. Syntax spanning-tree rspt priority priority value Parameters priority priority value — Enter a bridge-priority value in increments of 4096 (0 to 61440). Valid priority values are: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440. All other values are rejected.
Default VLAN configuration OS10# show vlan Codes: * - Default VLAN, G-GVRP VLANs, R-Remote Port Mirroring VLANs, P-Primary, C-Community, IIsolated Q: A-Access (Untagged), T-Tagged x-Dot1x untagged, X-Dot1x tagged G-GVRP tagged, M-Vlan-stack, H-VSN tagged i-Internal untagged, I-Internal tagged, v-VLT untagged, V-VLT tagged NUM Status Description Q Ports * 1 up A Eth1/1/1-1/1/54 Create or remove VLANs You can create VLANs and add physical interfaces or port-channel (LAG) interfaces to the VLAN as tagged or u
View configured VLANs OS10(config)# do show interface vlan Vlan 1 is up, line protocol is up Address is , Current address is Interface index is 69208865 Internet address is not set MTU 1532 bytes LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 240 Last clearing of "show interface" counters Queueing strategy: fifo Time since last interface status change: Vlan 200 is up, line protocol is up Address is , Current address is Interface index is 69209064 Internet address is not set MTU 1532 b
Show running configuration OS10# show running-configuration ... ! interface ethernet1/1/5 ... switchport access vlan 604 no shutdown ! interface vlan1 no shutdown ... Trunk mode A trunk port can be a member of multiple VLANs set up on an interface. A trunk port can transmit traffic for all VLANs. To transmit traffic on a trunk port with multiple VLANs, OS10 uses tagging or the 802.1q encapsulation method. 1 Configure a port in INTERFACE mode.
1 Create a VLAN in CONFIGURATION mode (1 to 4093). interface vlan vlan-id 2 Assign an IP address and mask to the VLAN in INTERFACE-VLAN mode. ip address ip-address/prefix-length [secondary] • ip-address/prefix—length — Enter the IP address in dotted-decimal format (A.B.C.D/x). • secondary — Enter the interface backup IP address (up to eight secondary IP addresses). Assign IP address to VLAN OS10(config)# interface vlan 200 OS10(conf-if-vl-200)# ip address 10.1.15.
View VLAN configuration OS10# show vlan Codes: * - Default VLAN, G-GVRP VLANs, R-Remote Port Mirroring VLANs, P-Primary, C-Community, IIsolated Q: A-Access (Untagged), T-Tagged x-Dot1x untagged, X-Dot1x tagged G-GVRP tagged, M-Vlan-stack, H-VSN tagged i-Internal untagged, I-Internal tagged, v-VLT untagged, V-VLT tagged NUM Status Description Q Ports * 1 up A Eth1/1/1-1/1/32 A Po40 200 up T Eth1/1/3:2 T Po40 A Eth1/1/31 320 up T Eth1/1/25:4 1/1/32 T Po40 A Eth1/1/3:1 View interface VLAN configuration OS10# s
VLAN commands description (VLAN) Adds a description to the selected VLAN. Syntax description description Parameters description — Enter a text string to identify the VLAN (up to 80 characters). Default Not configured Command Mode INTERFACE-VLAN Usage Information None Example OS10(conf-if-vlan)# description vlan3 Supported Releases 10.2.0E or later interface vlan Creates a VLAN interface. Syntax interface vlan vlan-id Parameters vlan-id — Enter the VLAN ID number (1 to 4093).
Primary, C-Community, I-Isolated Q: A-Access (Untagged), T-Tagged x-Dot1x untagged, X-Dot1x tagged G-GVRP tagged, M-Vlan-stack, H-VSN tagged i-Internal untagged, I-Internal tagged, v-VLT untagged, V-VLT tagged NUM Status Description Q Ports * 1 up A Eth1/1/2-1/1/32 A Po40 200 up T Eth1/1/3:2 T Po40 A Eth1/1/31 320 up T Eth1/1/25:4 1/1/32 T Po40 A Eth1/1/3:1 Supported Releases 10.2.
Configure source and destination port, and traffic direction OS10(conf-mon-local-1)# source interface ethernet 1/1/7-1/1/8 rx OS10(conf-mon-local-1)# destination interface ethernet1/1/1 OS10(conf-mon-local-1)# no shut View configured monitoring sessions In the State field, true indicates that the port is enabled. In the Reason field, Is UP indicates that hardware resources are allocated. OS10# show monitor session all S.
• • • • The member port of the reserved VLAN must have the MTU and IPMTU value as MAX+4 (to hold the VLAN tag parameter). To associate with source session, the reserved VLAN can have a maximum of four member ports. To associate with destination session, the reserved VLAN can have multiple member ports. The reserved VLAN cannot have untagged ports. Reserved L2 VLAN • • • MAC address learning in the reserved VLAN is automatically disabled.
View monitoring session OS10(conf-mon-rspan-source-10)# do show monitor session all S.Id Source Destination Dir SrcIP DstIP DSCP TTL State Reason --------------------------------------------------------------1 vlan10 vlan 100 rx N/A N/A N/A N/A true Is UP Encapsulated remote port monitoring The monitored traffic can also be transmitted over an L3 network to a remote analyzer.
OS10(conf-mon-erpm-source-10)# ip dscp 63 OS10(conf-mon-erpm-source-10)# no shut View configured ERPM session OS10(conf-mon-erpm-source-6)# do show monitor session all S.Id Source Destination Dir Mode Source IP Dest IP DSCP TTL GreProtocol State Reason ---------------------------------------------------------------------------------------------------------------------------6 ethernet1/1/2 remote-ip both port 1.1.1.1 3.3.3.
Remote port monitoring on VLT In a network, devices configured with peer VLT nodes are considered as a single device. You can apply remote port monitoring (RPM) on the VLT devices in a network. In a failover case, the monitored traffic reaches the packet analyzer connected to the TOR through the VLT interconnect link. NOTE: • In VLT devices configured with RPM, when the VLT link is down, the monitored packets might drop for some time.
Scenario Recommendation 1 Create an L2 ACL for the local session and attach it to the VLTi LAG interface. ! mac access-list span seq 10 permit any any capture session 10 ! interface ethernet 1/1/1 no shutdown switchport access vlan 1 mac access-group span in ! 2 Mirror a VLAN with VLTi LAG as member to VLT LAG on the same VLT device. The packet analyzer is connected to the TOR switch. Create a flow based local session on the VLT device to monitor VLTi LAG interface member (ethernet 1/1/1) as source.
description (Port Monitoring) Configures a description for the port monitoring session. The monitoring session can be one of the following: local, RPM, or ERPM. Syntax description string Parameters string — Enter a description of the monitoring session (up to 255 characters). Default Not configured Command Mode MONITOR-SESSION Usage Information The no version of this command removes the description text.
Usage Information The no version of this command disables the flow-based monitoring. Example OS10(conf-mon-local-1)# flow-based enable OS10(conf-mon-rspan-source-2)# flow-based enable OS10(conf-mon-erpm-source-3)# flow-based enable Supported Releases 10.2.0E or later ip Configures the IP time to live (TTL) value and the differentiated services code point (DSCP) value for the ERPM traffic.
Example (ERPM) OS10(config)# monitor session 10 type erpm-source OS10(conf-mon-erpm-source-10)# Supported Releases 10.2.0E or later show monitor session Displays information about a monitoring session. Syntax show monitor session {session-id | all} Parameters • session-id — Enter the session ID number (1 to 18). • all — View all monitoring sessions. Default All Command Mode EXEC Usage Information In the State field, true indicates that the port is enabled.
Example OS10(config)# monitor session 1 OS10(conf-mon-local-1)# no shut OS10(config)# monitor session 5 type rspan-source OS10(conf-mon-rspan-source-5)# no shut OS10(config)# monitor session 10 type erpm-source OS10(conf-mon-erpm-source-10)# no shut Supported Releases 10.2.0E or later source (Port Monitoring) Configures a source for port monitoring. The monitoring session can be one of the following: local, RPM, or ERPM.
Default Not configured Command Mode MONITOR-SESSION Usage Information None Example OS10(config)# monitor session 10 OS10(conf-mon-erpm-source-10)# source-ip 10.16.132.181 destination-ip 172.16.10.11 gre-protocol 35006 Supported Releases 10.4.
5 Layer 3 Border Gateway Protocol (BGP) Provides an external gateway protocol that transmits inter-domain routing information within and between autonomous systems (see BGP Commands). Equal Cost MultiPath (ECMP) Provides next-hop packet forwarding to a single destination over multiple best paths (see ECMP Commands). IPv4 Routing Provides forwarding of packets to a destination IP address, based on a routing table.
path to reach a router external to the AS. EBGP routers exchange information with other EBGP routers and IBGP routers to maintain connectivity and accessibility. Classless interdomain routing BGPv4 supports classless interdomain routing (CIDR) with aggregate routes and AS paths. CIDR defines a network using a prefix consisting of an IP address and mask, resulting in efficient use of the IPv4 address space. Using aggregate routes reduces the size of routing tables.
Established Keepalive messages exchange, and after a successful receipt, the router is in the Established state. Keepalive messages continue to send at regular periods. The keepalive timer establishes the state to verify connections. After the connection is established, the router sends and receives keepalive, update, and notification messages to and from its peer. Peer templates Peer templates allow BGP neighbors to inherit the same outbound policies.
Multiprotocol BGP Multiprotocol BGP (MBGP) is an extension to BGP that supports multiple address families—IPv4 and IPv6. MBGP carries multiple sets of unicast and multicast routes depending on the address family. You can enable the MBGP feature on a per router, per template, and/or a per peer basis. The default is the IPv4 unicast routes.
• A path with no AS_PATH configured has a path length of 0 • AS_CONFED_SET is not included in the AS_PATH length • AS_CONFED_SEQUENCE has a path length of 1 no matter how many ASs are in the AS_CONFED_SEQUENCE 4 Prefer the path with the lowest ORIGIN type—IGP is lower than EGP and EGP is lower than INCOMPLETE. 5 Prefer the path with the lowest multiexit discriminator (MED) attribute: • This comparison is only done if the first neighboring AS is the same in the two paths.
Multiexit discriminators If two autonomous systems connect in more than one place, use a multiexit discriminator (MED) to assign a preference to a preferred path. MED is one of the criteria used to determine best path—other criteria may also impact selection. One AS assigns the MED a value. Other AS uses that value to decide the preferred path. Assume that the MED is the only attribute applied and there are two connections between AS 100 and AS 200. Each connection is a BGP session.
The question mark (?) indicates an origin code of INCOMPLETE, and the lower case letter (i) indicates an origin code of IGP. Origin configuration OS10# show ip bgp BGP local RIB : Routes to be Added , Replaced , Withdrawn BGP local router ID is 30.1.1.
If you configure the bgp bestpath as-path ignore command and the bestpath as-path multipath-relax command at the same time, an error message displays—only enable one command at a time. More path support More path (Add-Path) reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing paths with new ones. By default, a BGP speaker advertises only the best path to its peers for a given address prefix.
4-Byte AS numbers OS10 supports 4-byte AS number configurations by default. The 4-byte support is advertised as a new BGP capability - 4-BYTE-AS, in the OPEN message. A BGP speaker that advertises 4-Byte-AS capability to a peer, and receives the same from that peer must encode AS numbers as 4-octet entities in all messages. If the AS number of the peer is different, the 4-byte speaker brings up the neighbor session using a reserved 2-byte ASN,23456 called AS_TRANS.
The Local-AS does not prepend the updates with the AS number received from the EBGP peer if you use the no prepend command. If you do not select no prepend, the default, the Local-AS adds to the first AS segment in the AS-PATH. If you use an inbound route-map to prepend the AS-PATH to the update from the peer, the Local-AS adds first. If Router B has an inbound route-map applied on Router C to prepend 65001 65002 to the AS-PATH, these events take place on Router B: • • • Receive and validate the update.
connected to the router. The BGP process first determines if all internal BGP peers are reachable, then it determines which peers outside the AS are reachable. 1 Assign an AS number, and enter ROUTER-BGP mode from CONFIGURATION mode (1 to 65535 for 2-byte, 1 to 4294967295 for 4byte). Only one AS number is supported per system. If you enter a 4-byte AS number, 4-byte AS support is enabled automatically. router bgp as-number 2 Enter a neighbor in ROUTER-BGP mode.
Prefixes accepted 3, Prefixes advertised 0 Connections established 3; dropped 2 Closed by neighbor sent 00:03:26 ago Local host: 5.1.1.2, Local port: 43115 Foreign host: 5.1.1.1, Foreign port: 179 View BGP running configuration OS10# show running-configuration router bgp 65123 router-id 192.168.10.2 ! address-family ipv4 unicast ! neighbor 10.10.21.1 remote-as 65123 no shutdown ! neighbor 10.10.32.3 remote-as 65123 no shutdown ! neighbor 100.10.92.9 remote-as 65192 no shutdown ! neighbor 192.168.10.
peer template and assign a name to it before adding members to the peer template. Create a peer template before configuring any route policies for the template. NOTE: An outbound filter policy, distribute list or route map, is not supported on a peer group member. 1 Enable BGP, and assign the AS number to the local BGP speaker in CONFIGURATION mode, from 1 to 65535 for 2 byte, 1 to 4294967295 | 0.1 to 65535.65535 for 4 byte, or 0.1 to 65535.65535 in dotted format.
Minimum time between advertisement runs is 30 seconds For address family: Unicast BGP neighbor is ebgppg, peer-group external Update packing has 4_OCTET_AS support enabled Number of peers in this group 1 Peer-group members: View running configuration OS10(config-router-neighbor)# do show running-configuration bgp ! router bgp 300 ! neighbor 3.1.1.
Received 23 messages 1 opens, 0 notifications, 1 updates 21 keepalives, 0 route refresh requests Sent 21 messages 1 opens, 0 notifications, 0 updates 20 keepalives, 0 route refresh requests Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Capabilities received from neighbor for IPv4 Unicast: MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) 4_OCTET_AS(65) Capabilities advertised to neighbor for IPv4 Unicast: MULTIPROTO_EXT(1) ROUTE_REFRESH
Fast external fallover is enabled by default. To disable or re-enable it, use the [no] fast-external-fallover command. For the fast-external-fallover command to take effect on an established BGP session, you must reset the session using the clear ip bgp {* | peer-ipv4-address | peer-ipv6-address} command. View fast external fallover configuration OS10(config)# do show running-configuration bgp ! router bgp 300 ! neighbor 3.1.1.
BGP router identifier 11.11.11.11 local AS number 300 Neighbor AS MsgRcvd MsgSent Up/Down State/Pfx ----------------------------------------------------------------3.1.1.1 100 7 4 00:00:29 3 3::1 100 9 5 00:00:29 4 OS10(conf-if-eth1/1/1)# OS10(config-router-bgp-neighbor-af)# Apr 27 01:39:03 OS10 dn_sm[2065]: Node.1-Unit.1:PRI:alert [os10:event], %Dell EMC (OS10) %BGP_NBR_BKWD_STATE_CHG: Backward state change occurred Hold Time expired for Nbr:3.1.1.3 VRF:default Apr 27 01:39:03 OS10 dn_sm[2065]: Node.
2 Enter a local-as number for the peer, and the AS values not prepended to announcements from the neighbors in ROUTERNEIGHBOR mode (1 to 4294967295). local-as as number [no prepend] 3 Return to ROUTER-BGP mode. exit 4 Enter a template name to assign to the peer-groups in ROUTER-BGP mode (up to 16 characters). template template-name 5 Enter a local-as number for the peer in ROUTER-TEMPLATE mode.
neighbor 17.1.1.
1 Assign an AS number in CONFIGURATION mode. router bgp as-number 2 Enter a neighbor and IP address (A.B.C.D) in ROUTER-BGP mode. neighbor ip-address 3 Enter Address Family mode in ROUTER-NEIGHBOR mode. address-family {[ipv4 | ipv6] [unicast]) 4 Allow the specified neighbor to send or receive multiple path advertisements in ROUTER-BGP mode. The count parameter controls the number of paths that are advertised — not the number of paths received.
4 Enter the neighbor to apply the route map configuration in ROUTER-BGP mode. neighbor {ip-address} 5 Apply the route map to the neighbor’s incoming or outgoing routes in ROUTER-BGP-NEIGHBOR-AF mode. route-map map-name {in | out) 6 Enter the peer group to apply the route map configuration in ROUTER-BGP mode. template template-name 7 Apply the route map to the peer group’s incoming or outgoing routes in CONFIG-ROUTER-TEMPLATE-AF mode.
OS10(config-router-bgp-10)# template zanzibar OS10(config-router-template)# weight 200 Enable multipath You can have one path to a destination by default, and enable multipath to allow up to 64 parallel paths to a destination. The show ip bgp network command includes multipath information for that network. • Enable multiple parallel paths in ROUTER-BGP mode.
Configure clusters of routers where one router is a concentration router and the others are clients who receive their updates from the concentration router. 1 Assign an ID to a router reflector cluster in ROUTER-BGP mode. You can have multiple clusters in an AS. cluster-id cluster-id 2 Assign a neighbor to the router reflector cluster in ROUTER-BGP mode. neighbor {ip-address} 3 Configure the neighbor as a route-reflector client in ROUTER-NEIGHBOR mode, then return to ROUTER-BGP mode.
! neighbor 32.1.1.2 remote-as 104 no shutdown ! address-family ipv4 unicast Confederations Another way to organize routers within an AS and reduce the mesh for IBGP peers is to configure BGP confederations. As with route reflectors, Dell EMC recommends BGP confederations only for IBGP peering involving many IBGP peering sessions per router. When you configure BGP confederations, you break the AS into smaller sub-ASs. To devices outside your network, the confederations appear as one AS.
Route dampening When EBGP routes become unavailable, they “flap” and the router issues both WITHDRAWN and UPDATE notices. A flap occurs when a route is withdrawn, readvertised after being withdrawn, or has an attribute change. The constant router reaction to the WITHDRAWN and UPDATE notices causes instability in the BGP process. To minimize this instability, configure penalties (a numeric value) for routes that flap.
View dampened paths OS10# show ip bgp dampened-paths BGP local router ID is 80.1.1.1 Status codes: s suppressed, S stale, d dampened, h history, * valid, > best Origin codes: i - IGP, e - EGP, ? - incomplete Network From Reuse Path d* 3.1.2.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.3.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.4.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.5.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.6.0/24 80.1.1.
1 Enable soft-reconfiguration for the BGP neighbor and BGP template in ROUTER-BGP mode. BGP stores all the updates that the neighbor receives but does not reset the peer-session. Entering this command starts the storage of updates, which is required to do inbound soft reconfiguration. neighbor {ip-address} soft-reconfiguration inbound 2 Enter Address Family mode in ROUTER-NEIGHBOR mode. address-family {[ipv4 | ipv6] [unicast]} 3 Configure soft-configuration for the neighbors belonging to the template.
• receive — Receive multiple paths from the peer. • send path count — Enter the number of multiple paths to send multiple to the peer, from 2 to 64. Default Not configured Command Mode ROUTER-BGP-NEIGHBOR-AF Usage Information Advertising multiple paths to peers for the same address prefix without replacing the existing path with a new one reduces convergence times. The no version of this command disables the multiple path advertisements for the same destination.
Usage Information The time interval applies to all peer group members of the template in ROUTER-TEMPLATE mode. The no version of this command resets the advertisement-interval value to the default. Example OS10(conf-router-neighbor)# advertisement-interval 50 Supported Releases 10.3.0E or later advertisement-start Delays initiating the OPEN message for the specified time.
allowas-in Sets the number of times a local AS number appears in the AS path. Syntax allowas-in as-number Parameters as-number—Enter the number of occurrences for a local AS number, from 1 to 10. Default Disabled Command Mode ROUTER-BPG-TEMPLATE-AF Usage Information Use this command to enable the BGP speaker to allow the AS number to be present for the specified number of times in updates received from the peer. You cannot set this configuration for a peer associated with a peer group.
Command Mode ROUTER-BGP Usage Information To enable load-balancing across different EBGP peers, configure the mutlipath-relax option. If you configure both ignore or multipath-relax options at the same time, a system-generated error message appears. The no version of this command disables configuration. Example OS10(conf-router-bgp-10)# bestpath as-path multipath-relax Supported Releases 10.3.0E or later bestpath med Changes the best path MED attributes during MED comparison for path selection.
Parameters • IPv4–address — Enter an IPv4 address to clear a BGP neighbor configuration. • IPv6–address — Enter an IPv6 address to clear a BGP neighbor configuration. • * — Clears all BGP sessions. Default Not configured Command Mode EXEC Usage Information To reset BGP IPv4 or IPv6 neighbor sessions, use this command. Example OS10# clear ip bgp 1.1.15.4 Supported Releases 10.3.0E or later clear ip bgp * Resets BGP sessions.
Usage Information Configure your system to accept 4-byte formats before entering a 4-byte AS number. All routers in the Confederation must be 4-byte or 2-byte identified routers. You cannot have a mix of 2-byte and 4-byte identified routers. The autonomous system number you configure in this command is visible to the EBGP neighbors. Each autonomous system is fully meshed and contains a few connections to other autonomous systems.
cluster-id Assigns a cluster ID to a BGP cluster with multiple route reflectors. Syntax cluster-id {number | ip-address} Parameters • number—Enter a route reflector cluster ID as a 32-bit number, from 1 to 4294967295. • ip-address—Enter an IP address as the route-reflector cluster ID. Default Router ID Command Mode ROUTER-BGP Usage Information If a cluster contains only one route reflector, the cluster ID is the route reflector’s router ID.
Supported Releases 10.3.0E or later default-metric Assigns a default-metric of redistributed routes to locally originated routes. Syntax default-metric number Parameters number — Enter a number as the metric to assign to routes from other protocols, from 1 to 4294967295. Default Disabled Command Mode ROUTER-BGP Usage Information Assigns a metric for locally-originated routes such as redistributed routes.
Command Mode ROUTER-NEIGHBOR Usage Information This command avoids installation of default multihop peer routes to prevent loops and creates neighbor relationships between peers. Networks indirectly connected are not valid for best path selection. The no version of this command removes multihop session. Example OS10(conf-router-neighbor)# ebgp-multihop 2 Supported Releases 10.3.
fast-external-fallover Resets BGP sessions immediately when a link to a directly connected external peer fails. Syntax fast-external-fallover Parameters None Default Not configured Command Mode ROUTER-BGP Usage Information Fast external fall-over terminates the EBGP session immediately after the IP unreachability or link failure is detected. This only applies after you manually reset all existing BGP sessions. For the configuration to take effect, use the clear ip bgp command.
Supported Releases 10.2.0E or later local-as Configures a local AS number for a peer. Syntax local-as as-number [no-prepend] Parameters • as-number—Enter the local AS number, from 1 to 4294967295. • no-prepend—(Optional) Enter so that local AS values are not prepended to announcements from the neighbor. Default Disabled Command Mode ROUTER-NEIGHBOR or ROUTER-TEMPLATE Usage Information Facilitates the BGP network migration operation and allows you to maintain existing AS numbers.
• number—Enter the number of parallel paths, from 1 to 64. Default 64 paths Command Mode ROUTER-BGP Usage Information Dell EMC recommends not using multipath and add path simultaneously in a route reflector. To recompute the best path, use the clear ip bgp * command. The no version of this command resets the value to the default. Example (EBGP) OS10(conf-router-bgp-2)# maximum-paths ebgp 2 maxpaths Example (IBGP) OS10(conf-router-bgp-2)# maximum-paths ibgp 4 maxpaths Supported Releases 10.3.
Example OS10(conf-router-bgp-2)# neighbor 32.1.0.0 OS10(conf-router-neighbor)# Supported Releases 10.3.0E or later next-hop-self Disables the next-hop calculation for a neighbor. Syntax next-hop-self Parameters None Default Enabled Command Mode ROUTER-NEIGHBOR-AF Usage Information Influences next-hop processing of EBGP routes to IBGP peers. The no version of this command disables the nexthop calculation. Example OS10(conf-router-neighbor-af)# next-hop-self Supported Releases 10.3.
Usage Information Enable or disable outbound optimization dynamically to reset all neighbor sessions. When you enable outbound optimization, all peers receive the same update packets. The next-hop address chosen as one of the addresses of neighbor’s reachable interfaces is also the same for the peers. The no version of this command disables outbound optimization. Example OS10(conf-router-bgp-10)# outbound-optimization Supported Releases 10.3.
Example (Static — IPv6) OS10(conf-router-bgp-102)# address-family ipv6 unicast OS10(conf-router-bgpv6-af)# redistribute static Example (OSPF — IPv4) OS10(conf-router-bgp-102)# address-family ipv4 unicast OS10(conf-router-bgpv4-af)# redistribute ospf 1 Example (OSPF — IPv6) OS10(conf-router-bgp-102)# address-family ipv6 unicast OS10(conf-router-bgpv6-af)# redistribute ospf 1 Supported Releases 10.2.0E or later route-reflector-client Configures a neighbor as a member of a route-reflector cluster.
router-id Assigns a user-given ID to a BGP router. Syntax router-id ip-address Parameters ip-address — Enter an IP address in dotted decimal format. Default First configured IP address or random number Command Mode ROUTER-BGP Usage Information Change the router ID of a BGP router to reset peer-sessions. The no version of this command resets the value to the default. Example OS10(conf-router-bgp-10)# router-id 10.10.10.40 Supported Releases 10.3.
Example (IPv4) OS10(conf-router-bgp-102)# neighbor 3.3.3.1 OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-bgp-neighbor-af)# sender-side-loop-detection Example (IPv6) OS10(conf-router-bgp-102)# neighbor 32::1 OS10(conf-router-neighbor)# address-family ipv6 unicast OS10(conf-router-bgp-neighbor-af)# no sender-side-loop-detection Supported Releases 10.3.0E or later show ip bgp Displays information that BGP neighbors exchange.
Status codes: s suppressed, S stale, d dampened, h history, * valid, > best Origin codes: i - IGP, e - EGP, ? - incomplete Network From Reuse Path d* 3.1.2.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.3.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.4.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.5.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.6.0/24 80.1.1.2 00:00:12 800 9 8 i Total number of prefixes: 5 Supported Releases 10.3.0E or later show ip bgp flap-statistics Displays BGP flap statistics on BGP routes.
Command Mode EXEC Usage Information This command provides output which displays locally advertised BGPv4 routes configured using the network command. These routes show as r for redistributed/network-learned routes. Example OS10# show ip bgp ipv4 unicast summary BGP router identifier 80.1.1.1 local AS number 102 Neighbor AS MsgRcvd MsgSent Up/Down State/Pfx 80.1.1.2 800 8 4 00:01:10 5 Supported Releases 10.3.0E or later show ip bgp ipv6 unicast Displays route information for BGP IPv6 routes.
Command Mode Usage Information EXEC • BGP neighbor — Displays the BGP neighbor address and its AS number. The last phrase in the line indicates whether the link between the BGP router and its neighbor is an external or internal one. If they are located in the same AS, the link is internal; otherwise the link is external. • BGP version — Displays the BGP version (always version 4) and the remote router ID.
Example advertised- OS10# show ip bgp ipv6 unicast neighbors 192:168:1::2 advertised-routes BGP local router ID is 100.1.1.
Total number of prefixes: 10 OS10# Supported Releases 10.3.0E or later show ip bgp peer-group Displays information on BGP peers in a peer-group. Syntax show ip bgp peer-group peer-group-name Parameters peer-group-name — (Optional) Enter the peer group name to view information about that peer-group only. Default Not configured Command Mode EXEC Usage Information Example • Peer-group — Displays the peer group name. Minimum time displays the time interval between BGP advertisements.
• AS—Displays the AS number of the neighbor • MsgRcvd—Displays the number of BGP messages that the neighbor received. • MsgSent—Displays the number of BGP messages that the neighbor sent. • Up/Down—Displays the amount of time that the neighbor is in the Established stage. If the neighbor has never moved into the Established stage, the word never displays.
Command Mode CONFIG-ROUTER-BGP Usage Information Members of a peer-group template inherit the configuration properties of the template and share the same update policy. The no version of this command removes a peer-template configuration. Example OS10(conf-router-bgp-10)# template solar OS10(conf-router-bgp-template)# Supported Releases 10.3.0E or later timers Adjusts BGP keepalive and holdtime timers.
Equal cost multi-path ECMP is a routing technique where next-hop packet forwarding to a single destination occurs over multiple best paths. OS10 uses a hashing algorithm to determine the next-hop when you enable ECMP. The hashing algorithm makes hashing decisions based on values in various packet fields as well as some internal values. • Configure the hash algorithm in CONFIGURATION mode.
hash-algorithm Changes the hash algorithm that distributes traffic flows across ECMP paths and the LAG. Syntax Parameters hash-algorithm {ecmp | lag} {crc | xor | random} • ecmp — Enables ECMP hash configuration. • lag — Enables LAG hash configuration for L2 only. • crc — Enables CRC polynomial for hash computation. • xor — Enables upper 8 bits of CRC and lower 8 bits of XOR value for computation. • random — Enables a hash algorithm random value for ECMP or LAG hash computation.
source-ip | protocol | vlan-id | l4–destination-port | l4–source-port] | [macselection destination-mac | source-mac | ethertype | vlan-id]} Parameters Default Command Mode Usage Information • ingress-port enable — Enables load-balancing on ingress ports. • tcp-udp-selection — Enables the TCP UDP port for load-balancing configuration. • ip-selection — Enables IPv4 key parameters to use in the hash computation. • ipv6-selection — Enables IPV6 key parameters to use in hash computation.
Default Not configured Command Mode EXEC Usage Information None Example OS10# show hash-algorithm EcmpAlgo - crc LabAlgo - crc Supported Releases 10.3.0E or later IPv4 routing OS10 supports IPv4 addressing including variable-length subnetting mask (VLSM), address resolution protocol (ARP), static routing, and routing protocols. With VLSM, you can configure one network with different masks. You can also use supernetting, which increases the number of subnets.
Wavelength is 64 SFP receive power reading is 0.
ethernet 1/1/5 has IP address on subnet 100.0.0.0/8, and if 10.1.1.0/24 recursively resolves to 100.1.1.1, the system installs the static route: • When the interface goes down, OS10 withdraws the route. • When the interface comes up, OS10 reinstalls the route. • When the recursive resolution is broken, OS10 withdraws the route. • When the recursive resolution is satisfied, OS10 reinstalls the route.
• A.B.C.D/mask —Specify the IP route to be removed from the IP routing table. This option refreshes all the routes in the routing table, but the traffic flow is affected only for the specified route in the switch. Default Not configured Command Mode EXEC Usage Information This command does not remove the static routes from the routing table. Example OS10# clear ipv6 Supported Releases 10.3.0E or later route 10.1.1.0/24 ip address Configures IP address to an interface.
Default Not configured Command Mode INTERFACE Usage Information Do not use Class D (multicast) or Class E (reserved) IP addresses. Zero MAC addresses (00:00:00:00:00:00) are also invalid. The no version of this command disables IP ARP configuration. Example OS10(conf-if-eth1/1/6)# ip arp 10.1.1.5 08:00:20:b7:bd:32 Supported Releases 10.2.0E or later ip route Assigns a static route on the network device.
• summary — (Optional) Enter the keyword to display a summary of all ARP entries. Default Not configured Command Mode EXEC Usage Information This command shows both static and dynamic ARP entries. Example (IP Address) OS10# show ip arp ip 192.168.2.2 Example (Static) OS10# show ip arp summary Total Entries Static Entries Dynamic Entries -----------------------------------------------------------3994 0 3994 OS10# show ip arp 100.1.2.
• ip-prefix/mask — (Optional) Displays routes for the destination prefix-list. • summary — (Optional) Displays an IP route summary.
Hardware is Dell EMC Eth, address is ec:f4:bb:fb:fa:30 Current address is ec:f4:bb:fb:fa:30 Pluggable media present, QSFP-PLUS type is QSFP_40GBASE_SR4 Wavelength is 850 Receive power reading is 0.0 Interface index is 17305562 Internet address is 20.20.20.1/24 Mode of IPv4 Address Assignment: MANUAL Interface IPv6 oper status: Enabled Link local IPv6 address: fe80::eef4:bbff:fefb:fa30/64 Global IPv6 address: 2020::1/64 ...
Link-local addresses When an OS10 switch boots up, an IPv6 unicast link-local address is automatically assigned to an interface using stateless configuration. A link-local address allows IPv6 devices on a local link to communicate without requiring a globally unique address. IPv6 reserves the address block FE80::/10 for link-local unicast addressing. Global addresses To enable stateless autoconfiguration of an IPv6 global address and set the interface to Host mode, use the ipv6 address autoconfig command.
Stateless autoconfiguration of IPv6 addresses is performed using: Prefix advertisement Routers use router advertisement messages to advertise the network prefix. Hosts append their interface-identifier MAC address to generate a valid IPv6 address. Duplicate address detection An IPv6 host node checks whether that address is used anywhere on the network using this mechanism before configuring its IPv6 address.
3 • ipv6 nd ra-lifetime seconds — (Optional) Sets the lifetime of a default router in RA messages (0 to 9000 milliseconds; default 3 times the max-ra-interval setting). 0 indicates that this router is not used as a default router. • ipv6 nd reachable-time milliseconds — (Optional) Sets the advertised time for which the router sees that a neighbor is up after it receives neighbor reachability confirmation (0 to 3600000 milliseconds; default 0). 0 indicates that no reachable time is sent in RA messages.
To disable IPv6 on an interface when a duplicate link-local address is detected, use the ipv6 nd dad disable-ipv6-on-failure command. To re-enable IPv6 after you resolve a duplicate link-local address, enter no ipv6 enable, followed by ipv6 enable. • Disable or re-enable IPv6 duplicate address discovery in Interface mode. ipv6 nd dad {disable | enable} • Disable IPv6 on an interface if a duplicate link-local address is discovered in Interface mode.
Enable IPv6 unreachable destination messaging OS10(config)# interface ethernet 1/1/8 OS10(conf-if-eth1/1/8)# ipv6 unreachables IPv6 hop-by-hop options A hop-by-hop header extension in an IPv6 packet contains options that are processed by all IPv6 routers in the packet's path. By default, hop-by-hop header options in an IPv6 packet are not processed locally. To enable local processing of IPv6 hop-by-hop options on an interface, use the ipv6 hop-by-hop command.
clear ipv6 route Clears routes from the IPv6 routing table. Syntax clear ipv6 route {* | A::B/mask} Parameters • *— Clears all routes and refreshes the IPv6 routing table. Traffic flow for all the routes in the switch is affected. • A::B/mask — Removes the IPv6 route and refreshes the IPv6 routing table. Traffic flow in the switch is affected only for the specified route.
Command Mode Usage Information INTERFACE • This command sets an interface in Host mode to perform IPv6 stateless auto-configuration by discovering prefixes on local links, and adding an EUI-64 based interface identifier to generate each IPv6 address. The command disables IPv6 forwarding. Addresses are configured depending on the prefixes received in router advertisement messages.
ipv6 address eui-64 Configures a global IPv6 address on an interface by entering only the network prefix and length. Syntax ipv6 address ipv6-prefix/prefix-length eui-64 Parameters ipv6-prefix — Enter an IPv6 prefix in x:x::y/mask format. Defaults None Command Mode INTERFACE Usage Information Use this command to manually configure an IPv6 address in addition to the link-local address generated with stateless autoconfiguration. Specify only the network prefix and length.
Command Mode Usage Information INTERFACE • Use this command to enable local processing of IPv6 packets with hop-by-hop options in conformance with RFC 8200, IPv6 Specification. • The no version of this command disables IPv6 processing of hop-by-hop header options. Example: Disable hop-by-hop option processing OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# no ipv6 hop-by-hop Supported Releases 10.4.
Command Mode INTERFACE Usage Information The configured hop limit is advertised in RA messages and included in IPv6 data packets sent by the router. 0 indicates that no hop limit is specified by the router. Example OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# ipv6 nd hop-limit 100 Supported Releases 10.4.0E(R1) or later ipv6 nd managed-config-flag Sends RA messages that tell hosts to use stateful address autoconfiguration, such as DHCPv6, to obtain IPv6 addresses.
Defaults 1500 bytes Command Mode INTERFACE Usage Information The no version of this command restores the default MTU value advertised in RA messages. Example OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# ipv6 nd mtu 2500 Supported Releases 10.4.0E(R1) or later ipv6 nd other-config-flag Sends RA messages that tell hosts to use stateful autoconfiguration to obtain nonaddress-related information.
seconds (4 hours). The infinite setting allows addresses that are autoconfigured using the prefix to be preferred with no time limit. Defaults All prefixes in IPv6 subnets configured on an interface are advertised. Command Mode INTERFACE Usage Information Examples • By default, all prefixes configured in IPv6 addresses on an interface are advertised. To advertise all default parameters in the subnet prefixes on an interface, enter the default keyword.
Parameters • reachable-time milliseconds — Enter the reachable time in milliseconds (0 to 3600000). Defaults 0 Command Mode INTERFACE Usage Information The no version of this command restores the default reachable time. 0 indicates that no reachable time is sent in RA messages. Example OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# ipv6 nd reachable-time 1000 Supported Releases 10.4.
ipv6 route Configures a static IPv6 static route. Syntax ipv6 route ipv6–prefix mask {next-hop | interface interface-type [routepreference]} Parameters • ipv6-prefix — Enter the IPv6 address in x:x:x:x::x format • mask — Enter the mask in slash prefix-length format (/x) • next-hop — Enter the next-hop IPv6 address in x:x:x:x::x format. • interface interface-type — Enter the interface type then the slot/port or number information.
show ipv6 route Displays IPv6 routes. Syntax Parameters show ipv6 route [all | bgp | connected | static | A::B/mask | summary] • all—(Optional) Displays all routes including nonactive routes. • bgp—(Optional) Displays BGP route information. • connected—(Optional) Displays only the directly connected routes. • static—(Optional) Displays all static routes. • A::B/mask—(Optional) Enter the IPv6 destination address and mask. • summary—(Optional) Displays the IPv6 route summary.
show ipv6 interface brief Displays IPv6 interface information. Syntax show ipv6 interface brief [interface interface] Parameters • brief — Displays a brief summary of IPv6 interface information.
• (Optional) You can disable IGMP snooping on specific VLAN interfaces using the no ip igmp snooping enable command in the VLAN INTERFACE mode. • IGMP snooping functions in a network with a multicast router that generates IGMP queries. The tables created are associated with the IGMP querier. Enable IGMP and MLD querier on a VLAN interface with the ip igmp snooping querier command in the VLAN INTERFACE mode.
IGMP snooping last member query response interval is 1000 ms IGMP snooping fast-leave is disabled on this interface IGMP snooping querier is enabled on this interface --more-<
IGMP snooping commands ip igmp snooping enable Enables IGMP and MLD snooping globally. Syntax ip igmp snooping enable Parameters None Default Disabled Command Mode CONFIGURATION Usage Information The no version of this command disables the IGMP and MLD snooping. Example OS10(config)# ip igmp snooping enable Supported Releases 10.4.0E(R1) or later ip igmp snooping enable (VLAN) Enables IGMP and MLD snooping on the specified VLAN interface.
Example OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# ip igmp snooping mrouter interface ethernet 1/1/1 Supported Releases 10.4.0E(R1) or later ip igmp snooping querier Enables IGMP and MLD querier processing for the specified VLAN interface. Syntax ip igmp snooping querier Parameters None Default Not configured Command Mode VLAN INTERFACE Usage Information The no version of this command disables the IGMP and MLD querier processing on the VLAN.
Member Ports: ethernet1/1/6:1 225.1.0.9 Member Ports: ethernet1/1/6:1 --more-- vlan3031 IGMPv2-Compat <
IGMP snooping querier is enabled on this interface Vlan3032 is up, line protocol is up IGMP snooping is enabled on interface IGMP snooping query interval is 125 seconds IGMP snooping querier timeout is 255 seconds IGMP snooping last member query response interval is 1000 ms IGMP snooping fast-leave is disabled on this interface IGMP snooping querier is enabled on this interface Vlan3033 is up, line protocol is up IGMP snooping is enabled on interface IGMP snooping query interval is 125 seconds IGMP snooping
vlan3049 vlan3050 vlan3051 vlan3052 --more-- port-channel31 port-channel31 port-channel31 port-channel31 <
Member Ports: port-channel31 ff02::1:ff00:b Member Ports: port-channel31 ff02::1:ff00:c Member Ports: port-channel31 ff02::1:ff00:f Member Ports: ethernet1/1/6:1 ff02::1:ff00:11 Member Ports: port-channel31 ff02::1:ff0c:86c9 Member Ports: port-channel31 ff02::1:ff31:0 Member Ports: port-channel31, ff02::1:ffaa:9bcc Member Ports: port-channel31 ff0e:225:1:: Member Ports: port-channel31, ff0e:225:1::1 Member Ports: port-channel31, ff0e:225:1::2 Member Ports: port-channel31, ff0e:225:1::3 Member Ports: port-ch
Areas allow you to further organize routers within the AS with one or more areas within the AS. Areas are valuable in that they allow subnetworks to hide within the AS—minimizing the size of the routing tables on all routers. An area within the AS may not see the details of another area’s topology. An area number or the router’s IP address identifies AS areas. Areas, networks, and neighbors The backbone of the network is Area 0, also called Area 0.0.0.0, the core of any AS.
Router types Router types are attributes of the OSPF process—multiple OSPF processes may run on the same router. A router connected to more than one area, receiving routing from a BGP process connected to another AS, acts as both an area border router and an autonomous system border router. Each router has a unique ID, written in decimal format—A.B.C.D. You do not have to associate the router ID with a valid IP address.
Designated and backup designated routers OSPF elects a designated router (DR) and a backup designated router (BDR). The DR is responsible for generating LSAs for the entire multiaccess network. Designated routers allow a reduction in network traffic and in the size of the topological database. Designated router Maintains a complete topology table of the network and sends updates to the other routers via multicast. All routers in an area form a slave/master relationship with the DR.
(OSPFv2), IntraArea Prefix LSA (OSPFv3) Type 11—Grace LSA Link-local opaque LSA for OSPFv3 only is sent during a graceful restart by an OSPFv3 router. (OSPFv3) The LSA header is common to LSA types. Its size is 20 bytes. One of the fields of the LSA header is the link-state ID. Each router link is defined as one of four types—type 1, 2, 3, or 4. The LSA includes a link ID field that identifies the object this link connects to, by the network number and mask.
Shortest path first throttling Use shortest path first (SPF) throttling to delay SPF calculations during periods of network instability. In an OSPF network, a topology change event triggers an SPF calculation that is performed after a start time. When the start timer finishes, a hold time can delay the next SPF calculation for an additional time.
SPF schedule delay 1345 msecs, Hold time between two SPFs 2324 msecs Min LSA origination 5000 msec, Min LSA arrival 1000 msec Min LSA hold time 0 msec, Max LSA wait time 0 msec Number of area in this router is 1, normal 1 stub 0 nssa Area (0.0.0.1) Number of interface in this area is 1 SPF algorithm executed 2 times OSPFv2 OSPFv2 supports IPv4 address families. OSPFv2 routers initially exchange hello messages to set up adjacencies with neighbor routers.
router ospf 100 ... Assign router identifier For managing and troubleshooting purposes, you can assign a router ID for the OSPFv2 process. Use the router’s IP address as the router ID. • Assign the router ID for the OSPFv2 process in ROUTER-OSPF mode router-id ip-address Assign router ID OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# router-id 10.10.1.5 View OSPFv2 status OS10# show ip ospf 10 Routing Process ospf 10 with ID 10.10.1.
SPF algorithm executed 1 times Area ranges are OS10# show running-configuration ospf ! router ospf 10 area 10.10.5.1 stub Passive interfaces A passive interface does not send or receive routing information. Configuring an interface as a passive interface suppresses both receiving and sending routing updates. Although the passive interface does not send or receive routing updates, the network on that interface is included in OSPF updates sent through other interfaces.
Configure fast convergence OS10(config)# router ospf 65535 OS10(conf-router-ospf-65535)# fast-converge 1 View fast convergence OS10(conf-router-ospf-65535)# do show ip ospf Routing Process ospf 65535 with ID 99.99.99.
7 Change the wait period between link state update packets sent out the interface in INTERFACE mode, from 1 to 3600. The default wait period is 1. The transmit delay must be the same on all routers in the OSPF network.
View default route configuration OS10(config-router-ospf-10)# show configuration ! router ospf 10 default-information originate always Summary address You can configure a summary address for an ASBR to advertise one external route as an aggregate, for all redistributed routes that are covered by specified address range. • Configure the summary address in ROUTER-OSPF mode.
View text authentication OS10(conf-if-eth1/1/1)# show configuration ! interface ethernet1/1/1 ip address 10.10.10.2/24 no switchport no shutdown ip ospf 100 area 0.0.0.0 ip ospf authentication-key sample Configure MD5 authentication OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ip ospf message-digest-key 2 md5 sample12345 View MD5 authentication OS10(conf-if-eth1/1/1)# show configuration ! interface ethernet1/1/1 ip address 10.10.10.2/24 no switchport no shutdown ip ospf 100 area 0.0.0.
router ospf 100 log-adjacency-changes OSPFv2 commands area default-cost Sets the metric for the summary default route generated by the ABR and sends it to the stub area. Use the area default-cost command on the border routers at the edge of a stub area. Syntax Parameters area area-id default-cost cost • area-id — Enter the OSPF area in dotted decimal format (A.B.C.D.) or enter a number (0 to 65535). • cost — Enter a cost for the stub area’s advertised external route metric (0 to 65535).
• ip-address — (Optional) Enter an IP address/mask in dotted decimal format. • no-advertise — (Optional) Set the status to Do Not Advertise. The Type 3 summary-LSA is suppressed and the component networks remain hidden from other areas. Default Not configured Command Mode ROUTER-OSPF Usage Information The no version of this command disables the route summarizations. Example OS10(conf-router-ospf-10)# area 0 range 10.1.1.4/8 no-advertise Supported Releases 10.2.
clear ip ospf process Clears all OSPF routing tables. Syntax clear ip ospf {instance-number} process Parameters instance-number — Enter an OSPF instance number (1 to 65535). Default Not configured Command Mode EXEC Usage Information This command clears all entries in the OSPF routing table. Example OS10# clear ip ospf 3 process Supported Releases 10.2.0E or later clear ip ospf statistics Clears OSPF traffic statistics.
Parameters number — Enter a default-metric value (1 to 16777214). Default Not configured Command Mode ROUTER-OSPF Usage Information The no version of this command disables the default-metric configuration. Example OS10(conf-router-ospf-10)# default-metric 2000 Supported Releases 10.2.0E or later fast-converge Sets the minimum LSA origination and arrival times to zero (0) allowing more rapid route computation so that convergence takes less time.
• area area-id — Enter the OSPF area ID in dotted decimal format (A.B.C.D.) or enter an area ID number (1 to 65535). Default Not configured Command Mode INTERFACE Usage Information The no version of this command removes an interface from an OSPF area. Example OS10(conf-if-vl-10)# ip ospf 10 area 5 Supported Releases 10.2.0E or later ip ospf authentication-key Configures a text authentication key to enable OSPF traffic on an interface.
Parameters seconds — Enter the dead interval value in seconds (1 to 65535). Default 40 seconds Command Mode INTERFACE Usage Information The dead interval is four times the default hello-interval by default. The no version of this command resets the value to the default. Example OS10(conf-if-vl-10)# ip ospf dead-interval 10 Supported Releases 10.2.0E or later ip ospf hello-interval Sets the time interval between the hello packets sent on the interface.
Default Not configured Command Mode INTERFACE Usage Information When neighbors exchange DBD packets, the OSPF process checks if the neighbors are using the same MTU on a common interface. If the receiving MTU in the DBD packet is higher than the IP MTU configured on the incoming interface, OSPF adjacency does not establish. The no version of this command disables the IP OSPF mtu-ignore configuration. Example OS10(conf-if-vl-10)# ip ospf mtu-ignore Supported Releases 10.2.
Command Mode INTERFACE Usage Information When two routers attached to a network attempt to become the designated router, the one with the higher router priority takes precedence. The no version of this command resets the value to the default. Example OS10(conf-if-eth1/1/6)# ip ospf priority 4 Supported Releases 10.2.0E or later ip ospf retransmit-interval Sets the retransmission time between lost LSAs for adjacencies belonging to the interface.
Example OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# log-adjacency-changes Supported Releases 10.2.0E or later max-metric router-lsa Configures OSPF to advertise a maximum metric on a router so that it is not desired as an intermediate hop from other routers.
Usage Information When an OSPF redistributes, the process is not completely removed from the BGP configuration. The no version of this command disables the redistribute configuration. Example OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# redistribute bgp 4 route-map dell1 Example (Connected) OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# redistribute connected route-map dell2 Supported Releases 10.2.0E or later router-id Configures a fixed router ID for the OSPF process.
Command Mode EXEC Usage Information None Example OS10# show ip ospf 10 Routing Process ospf 10 with ID 111.2.1.1 Supports only single TOS (TOS0) routes It is an Autonomous System Boundary Router It is Flooding according to RFC 2328 Convergence Level 0 Min LSA origination 0 msec, Min LSA arrival 1000 msec Min LSA hold time 5000 msec, Max LSA wait time 5000 msec Number of area in this router is 1, normal 1 stub 0 nssa 0 Area (0.0.0.
Example • Seq# — Identifies the link state sequence number (identifies old or duplicate LSAs). • Checksum — Displays the Fletcher checksum of an LSA’s complete contents. • Link count — Displays the number of interfaces for that router. OS10# show ip ospf 10 database OSPF Router with ID (111.2.1.1) (Process ID 10) Router (Area 0.0.0.0) Link ID 111.2.1.1 111.111.111.1 111.111.111.2 112.2.1.1 112.112.112.1 112.112.112.2 ADV Router 111.2.1.1 111.111.111.1 111.111.111.2 112.2.1.1 112.112.112.1 112.112.
Summary Asbr (Area 0.0.0.1) LS age: 32 Options: (No TOS-Capability, No DC) LS type: Summary Asbr Link State ID: 8.1.1.1 Advertising Router: 2.2.2.2 LS Seq Number: 0x80000001 Checksum: 0xB595 Length: 28 Network Mask: /0 TOS: 0 Metric: 0 Supported Releases 10.2.0E or later show ip ospf database external Displays information about the AS external (Type 5) LSAs.
Forward Address: 110.1.1.1 External Route Tag: 0 Supported Releases 10.2.0E or later show ip ospf database network Displays information about network (Type 2) LSA information. Syntax show ip ospf [process-id] database network Parameters process-id — (Optional) Displays network (Type2) LSA information for a specified OSPF Process ID. If you do not enter a Process ID, this command applies only to the first OSPF process.
Parameters process-id — (Optional) Displays NSSA-External (Type7) LSA information for a specified OSPF Process ID. If you do not enter a Process ID, this command applies only to the first OSPF process. Default Not configured Command Mode EXEC Usage Information Example • LS Age — Displays the LS age. • Options — Displays the optional capabilities available on the router. • LS Type — Displays the Link State type. • Link State ID — Identifies the router ID.
Length: 36 Network Mask: /24 Metric Type: 2 TOS: 0 Metric: 20 Forward Address: 0.0.0.0 External Route Tag: 0 LS age: 65 Options: (No TOS-Capability, No DC, No Type 7/5 translation) LS type: NSSA External Link State ID: 13.1.1.0 Advertising Router: 2.2.2.2 LS Seq Number: 0x80000001 Checksum: 0xB0F6 Length: 36 Network Mask: /24 Metric Type: 2 TOS: 0 Metric: 20 Forward Address: 0.0.0.
• Example Opaque ID — Identifies the Opaque type-specific ID (the remaining 24 bits of the LS ID). OS10# show ip ospf database opague-area OSPF Router with ID (1.1.1.1) (Process ID 100) Type-10 Area Local Opaque (Area 0.0.0.1) LS age: 3600 Options: (No TOS-Capability, No DC) LS type: Type-10 Area Local Opaque Link State ID: 8.1.1.2 Advertising Router: 2.2.2.2 LS Seq Number: 0x80000008 Checksum: 0x83B8 Length: 28 Opaque Type: 8 Opaque ID: 65794 !! ! Supported Releases 10.2.
Opaque Type: 8 Opaque ID: 65795 Supported Releases 10.2.0E or later show ip ospf database opaque-link Displays information about the opaque-link (Type 9) LSA. Syntax show ip ospf [process-id] database opaque-link Parameters process-id — (Optional) Displays the opaque-link (Type 9) LSA information for an OSPF Process ID. If you do not enter a Process ID, this command applies only to the first OSPF process.
Command Mode EXEC Usage Information Output: Example • LS age—Displays the LS age. • Options—Displays optional capabilities. • LS Type—Displays the Link State type. • Link State ID—Identifies the router ID. • Advertising Router—Identifies the advertising router’s ID. • LS Seq Number—Identifies the LS sequence number (identifies old or duplicate LSAs). • Checksum—Displays the Fletcher checksum of an LSA’s complete contents. • Length—Displays the LSA length in bytes.
Default Not configured Command Mode EXEC Usage Information Example • LS Age—Displays the LS age. • Options—Displays the optional capabilities available on the router. • LS Type—Displays the Link State type. • Link State ID—Identifies the router ID. • Advertising Router—Identifies the advertising router’s ID. • LS Seq Number—Identifies the LS sequence number (identifies old or duplicate LSAs). • Checksum—Displays the Fletcher checksum of an LSA’s complete contents.
Process ID 200, Router ID 10.0.0.2, Network Type broadcast, Cost: 1 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.0.0.2, Interface address 10.0.0.2 (local) Backup Designated router (ID) , Interface address 0.0.0.0 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Simple password authentication enabled Neighbor Count is 0, Adjacent neighbor count is 0 Supported Releases 10.2.
Receive Statistics rx-invalid rx-hello rx-db-des rx-ls-req rx-ls-upd rx-ls-ack Transmit Statistics tx-failed tx-hello tx-db-des tx-ls-req tx-ls-upd tx-ls-ack Error packets (Receive bad-src mtu-mismatch resource-err lsa-bad-len netmask-mismatch options-mismatch self-orig version-mismatch Supported Releases 0 0 0 0 0 0 rx-invalid-bytes rx-hello-bytes rx-db-des-bytes rx-ls-req-bytes rx-ls-upd-bytes rx-ls-ack-bytes 0 tx-failed-bytes 0 tx-hello-bytes 0 tx-db-des-bytes 0 tx-ls-req-bytes 0 tx-ls-upd-bytes 0 tx-
• tag-value—(Optional) Enter a value to match the routes redistributed through a route map (1 to 65535). Default) Not configured Command Mode ROUTER-OSPF Usage Information The no version of this command disables the summary address. Example OS10(config)# router ospf 100 OS10(config-router-ospf-100)# summary-address 10.0.0.0/8 not-advertise Supported Releases 10.3.0E or later timers lsa arrival Configures the LSA acceptance intervals.
• Each time a topology change occurs, the SPF calculation is delayed for double the configured hold time up to maximum wait time. • If no topology change occurs, an SPF calculation is performed and the hold timer is reset to its configured value. If you do not specify a start-time, hold-time or max-wait value, the default values are used. The no version of this command removes the configured SPF timers and disables SPF throttling in an OSPF instance.
OSPFv3 OSPFv3 is an IPv6 link-state routing protocol that supports IPv6 unicast address families (AFs). OSPFv3 is disabled by default. You must configure at least one interface, either physical or loopback. The OSPF process automatically starts when OSPFv3 is enabled for one or more interfaces. Any area besides area 0 can have any number ID assigned to it. Enable OSPFv3 1 Enable OSPFv3 globally and configure an OSPFv3 instance in CONFIGURATION mode.
SPF algorithm executed 42 times Area (0.0.0.1) Number of interface in this area is 1 SPF algorithm executed 42 times Configure Stub Areas The Type 5 LSAs are not flooded into stub areas. The ABR advertises a default route into the stub area to which it is attached. Stub area routers use the default route to reach external destinations. 1 Enable OSPFv3 routing and enter ROUTER-OSPFv3 mode (1 to 65535). router ospfv3 instance number 2 Configure an area as a stub area in ROUTER-OSPFv3 mode.
199.205.134.103 42 202.254.156.15 54 0x80000001 0x80000001 12 12 ethernet1/1/3 ethernet1/1/3 Enable Passive Interfaces A passive interface is one that does not send or receive routing information. Configuring an interface as a passive interface suppresses routing updates (both receiving and sending). Although the passive interface does not send or receive routing updates, the network on that interface is still included in OSPF updates sent through other interfaces.
Change OSPFv3 Interface Parameters OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# ethernet 1/1/1 ipv6 ospf hello-interval 5 ipv6 ospf dead-interval 20 ipv6 ospf priority 4 View OSPFv3 Interface Parameters OS10# show ipv6 ospf interface fortyGigE 0/0 is up, line protocol is up Link Local Address fe80::92b1:1cff:fef4:a39d, Interface ID 1048581 Area 0, Process ID 10, Instance ID 0, Router ID 60.60.60.
• There is no maximum AH or ESP header length because the headers have fields with variable lengths. Configure IPsec authentication on interfaces Prerequisite: Before you enable IPsec authentication on an OSPFv3 interface, first enable IPv6 unicast routing globally, then enable OSPFv3 on the interface, and assign it to an area. The SPI value must be unique to one IPsec security policy (authentication or encryption) on the router.
– authentication-type key — Enter the encryption authentication algorithm to use (MD5 or SHA1). – key — Enter the text string used in the authentication algorithm. All neighboring OSPFv3 routers must share the key to exchange information. Only a non-encrypted key is supported. For MD5 authentication, the non-encrypted key must be 32 plain hex digits. For SHA-1 authentication, the non-encrypted key must be 40 hex digits. An encrypted key is not supported.
– key — Enter the text string used in the encryption algorithm. All neighboring OSPFv3 routers must share the key to decrypt information. Only a non-encrypted key is supported. Required lengths of the non-encrypted key are: 3DES — 48 hex digits; DES — 16 hex digits; AES-CBC — 32 hex digits for AES-128 and 48 hex digits for AES-192. – authentication-type — Enter the encryption authentication algorithm to use (MD5 or SHA1). – key — Enter the text string used in the authentication algorithm.
area authentication Configures authentication for an OSPFv3 area. Syntax area area-id authentication ipsec spi number {MD5 | SHA1} key Parameters • area area-id — Enter an area ID as a number or IPv6 prefix. • ipsec spi number — Enter a unique security policy index (SPI) value (256 to 4294967295). • md5 — Enable MD5 authentication. • sha1 — Enable SHA-1 authentication. • key — Enter the text string used in the authentication type. Default OSPFv3 area authentication is not configured.
• All OSPFv3 routers in the area must share the same authentication key to exchange information. Only a nonencrypted key is supported. For MD5 authentication, the non-encrypted key must be 32 plain hex digits. For SHA-1 authentication, the non-encrypted key must be 40 hex digits. An encrypted key is not supported. Example OS10(config-router-ospfv3-100)# area 1 encryption ipsec spi 401 esp des 1234567812345678 md5 12345678123456781234567812345678 Supported Releases 10.4.
Default Not configured Command Mode EXEC Usage Information None Example OS10# clear ipv6 ospf 3 process Supported Releases 10.3.0E or later clear ipv6 ospf statistics Clears OSPFv3 traffic statistics. Syntax clear ipv6 ospf [instance-number] statistics Parameters instance-number — (Optional) Enter an OSPFv3 instance number (1 to 65535).
Usage Information The no version of this command removes an interface from an OSPFv3 area. Example OS10(config)# interface vlan 10 OS10(conf-if-vl-10)# ipv6 ospf 10 area 1 Supported Releases 10.3.0E or later ipv6 ospf authentication Configures OSPFv3 authentication on an IPv6 interface. Syntax Parameters ipv6 ospf authentication {null | ipsec spi number {MD5 | SHA1} key} • null — Prevents area authentication from being inherited on the interface.
Example OS10(config)# interface vlan 10 OS10(conf-if-vl-10)# ipv6 ospf cost 10 Supported Releases 10.3.0E or later ipv6 ospf dead-interval Sets the time interval since the last hello-packet was received from a router. After the interval elapses, the neighboring routers declare the router dead. Syntax ipv6 ospf dead-interval seconds Parameters seconds — Enter the dead interval value in seconds (1 to 65535).
Example OS10(config)# interface ethernet 1/1/6 OS10(conf-if-eth1/1/6)# ipv6 ospf encryption ipsec spi 500 esp des 1234567812345678 md5 12345678123456781234567812345678 OS10(config)# interface ethernet 1/1/5 OS10(conf-if-eth1/1/5)# ipv6 ospf encryption null Supported Releases 10.4.0E(R1) or later ipv6 ospf hello-interval Sets the time interval between hello packets sent on an interface. Syntax ipv6 ospf hello-interval seconds Parameters seconds — Enter the hello-interval value in seconds (1 to 65535).
Usage Information You must configure the interface before setting the interface to passive mode. The no version of the this command disables the Passive interface configuration. Example OS10(config)# interface ethernet 1/1/6 OS10(conf-if-eth1/1/6)# ipv6 ospf passive Supported Releases 10.3.0E or later ipv6 ospf priority Sets the priority of the interface to determine the designated router for the OSPFv3 network.
Example OS10(config)# router ospfv3 OS10(config-router-ospfv3-100)# maximum-paths 1 Supported Releases 10.3.0E or later redistribute Redistributes information from another routing protocol or routing instance to the OSPFv3 process. Syntax Parameters redistribute {bgp as-number | connected | static} [route-map route-map name] • as-number — Enter an autonomous number to redistribute BGP routing information throughout the OSPFv3 instance (1 to 4294967295).
router ospfv3 Enters Router OSPFv3 mode and configures an OSPFv3 instance. Syntax router ospfv3 instance-number Parameters instance-number—Enter a router OSPFv3 instance number, from 1 to 65535. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes an OSPFv3 instance. Example OS10(config)# router ospfv3 10 Supported Releases 10.3.0E or later show ipv6 ospf Displays OSPFv3 instance configuration information.
Default Not configured Command Mode EXEC Usage Information • Link ID—Identifies the router ID. • ADV Router—Identifies the advertising router’s ID. • Age—Displays the link state age. • Seq#—Identifies the link state sequence number (identifies old or duplicate LSAs). • Checksum—Displays the Fletcher checksum of an LSA’s complete contents. • Link count—Displays the number of interfaces for that router. • Rtr Count—Displays the router count. • Dest RtrID—Displays the destination router ID.
Command Mode EXEC Example OS10# show ipv6 ospf interface ethernet1/1/1 is up, line protocol is up Link Local Address fe80::20c:29ff:fe0a:d59/64, Interface ID 5 Area 0.0.0.0, Process ID 200, Instance ID 0, Router ID 10.0.0.2 Network Type broadcast, Cost: 1 Transmit Delay is 1 sec, State BDR, Priority 1 Designated Router on this network is 2.2.2.2 Backup Designated router on this network is 10.0.0.
Command Mode EXEC Usage Information This command displays OSPFv3 traffic statistics for a specified instance or interface, or for all OSPFv3 instances and interfaces.
• If no topology change occurs, an SPF calculation is performed and the hold timer is reset to its configured value. If you do not specify a start-time, hold-time or max-wait value, the default values are used. The no version of this command removes the configured SPF timers and disables SPF throttling in an OSPF instance.
Figure 3. Object tracking Interface tracking You can create an object that tracks the line-protocol state of a Layer 2 interface, and monitors its operational status (Up or Down). You can configure up to 500 objects. Each object is assigned a unique ID. The no version of this command deletes the tracked object from an interface. When the link-level status goes down, the tracked resource status is also considered Down. If the link-level status goes up, the tracked resource status is also considered Up.
• Loopback — Loopback interface identifier • mgmt — Management interface 1 Configure object tracking in CONFIGURATION mode from 1 to 500. track object-id 2 (Optional) Enter the interface object tracking on the line-protocol state of a Layer 2 interface in OBJECT TRACKING mode. interface interface line-protocol 3 (Optional) Configure the time delay used before communicating a change to the status of a tracked interface in OBJECT TRACKING mode from 0 to 80 seconds; default 0.
Reachability is DOWN 1 changes, Last change 2017-04-26T06:45:31Z OS10 (conf-track-2)# Configure IPv6 host tracking OS10 (conf-track-2)# track 3 OS10 (conf-track-3)# ipv6 20::20 reachability OS10 (conf-track-3)# delay up 20 OS10 (conf-track-3)# do show track 3 IP Host 20::20 reachability Reachability is DOWN 1 changes, Last change 2017-04-26T06:47:04Z OS10 (conf-track-3)# Set tracking delays You can configure an optional Up and/or Down timer for each tracked object.
View interface object tracking information OS10# show track interface TrackID Resource Parameter Status LastChange --------------------------------------------------------------------------------1 line-protocol ethernet1/1/1 DOWN 2017-02-03T08:41:25Z1 OS10# show track ip TrackID Resource Parameter Status LastChange --------------------------------------------------------------------------------2 ipv4-reachablity 1.1.1.
• mgmt — Enter the Management interface. Defaults Not configured Command Mode CONFIGURATION Usage Information None Example OS10(conf-track-100)# interface ethernet line-protocol Supported Releases 10.3.0E or later ip reachability Configures an object to track a specific next-hop host's reachability. Syntax ip host-ip-address reachability Parameters host-ip-address — Enter the IPv4 host address.
Command Mode CONFIGURATION Usage Information Set the interval to 0 to disable the refresh. Example OS10(conf-track-100)# reachability-refresh 600 Supported Releases 10.3.0E or later show track Displays tracked object information. Syntax show track [brief] [object-id] [interface] [ip | ipv6] Parameters • brief — (Optional) Displays brief tracked object information. • object-id — (Optional) Displays the tracked object information for a specific object ID.
Policy-based routing Policy-based routing (PBR) provides a mechanism to redirect IPv4 and IPv6 data packets based on the policies defined to override the switch’s forwarding decisions based on the routing table. Policy-based route-maps A route-map is an ordered set of rules that control the redistribution of IP routes into a protocol domain. When you enable PBR on an interface, all IPv4 or IPv6 data packets received are processed based on the policies that you define in the route-maps.
Apply match parameters to IPv4 route-map OS10(conf-route-map)# route-map map1 OS10(conf-route-map)# match ip address acl5 Apply match and set parameters to IPv6 route-map OS10(conf-route-map)# route-map map1 OS10(conf-route-map)# match ipv6 address acl8 OS10(conf-route-map)# set ipv6 next-hop 20::20 Assign route-map to interface You can assign a route-map to an interface for IPv4 or IPv6 policy-based routing to an interface.
PBR commands clear route-map pbr-statistics Clears all PBR counters. Syntax clear route-map [map-name] pbr-statistics Parameters map-name—Enter the name of a configured route-map (up to 140 characters). Defaults None Command Mode EXEC Usage Information Use the clear route-map pbr-statistics command to clear all PBR counters. Example OS10# clear route-map map1 pbr-statistics Supported Releases 10.3.0E or later match address Matches the access-list to the route-map.
route-map pbr-statistics Enables counters for PBR statistics. Syntax route-map [map-name] pbr-statistics Parameters map-name—Enter the name of a configured route-map (up to 140 characters). Defaults Not configured Command Mode CONFIGURATION Usage Information None Example OS10(config)# route-map map1 pbr-statistics Supported Releases 10.3.0E or later set next-hop Sets an IPv4 or IPv6 next-hop address for policy-based routing.
show policy Displays policy information. Syntax show {ip | ipv6} policy [map-name] Parameters map-name — (Optional) Enter the name of a configured route map (up to 140 characters). Defaults None Command Mode EXEC Usage Information None Example OS10# show ip policy map-name Supported Releases 10.3.0E or later show route-map pbr-statistics Displays the current PBR statistics.
Configure management VRF OS10(config)# ip vrf management OS10(conf-vrf)# interface management You can enable various services in the either of the management or default VRF instances. Refer to the following table for the services supported in the management VRF instance and the default VRF instance. Table 3.
VRF commands interface management Adds management interface to the management VRF instance. Syntax interface management Parameters None Default Not configured Command Mode VRF CONFIGURATION Usage Information The no version of this command removes the management interface from the management VRF instance. Example OS10(config)# ip vrf management OS10(conf-vrf)# interface management Supported Releases 10.4.
ip ftp vrf Configures an FTP client for the management VRF instance. Syntax ip ftp vrf management Parameters None Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the management VRF instance configuration from the FTP client. Example OS10(config)# ip ftp vrf management Supported Releases 10.4.0E(R1) or later ip host vrf Configures a host name for the management VRF instance and maps the host name to an IP/IPv6 address.
ip name-server vrf Configures a name server for the management VRF instance. Syntax ip name-server vrf management Parameters None Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes management VRF instance configuration from the name sever. Example OS10(config)# ip name-server vrf management Supported Releases 10.4.0E(R1) or later ip scp vrf Configures a SCP connection for the management VRF instance.
ip tftp vrf Configures a TFTP client for the management VRF instance. Syntax ip tftp vrf management Parameters None Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the management VRF instance configuration from the TFTP client. Example OS10(config)# ip tftp vrf management Supported Releases 10.4.0E(R1) or later ip vrf management Configures the management VRF instance.
----------------------------------------------------------------------------------google.com 172.217.160.142 yahoo.com 98.139.180.180 Supported Releases 10.4.0E(R1) or later show ip vrf Displays the VRF instance information.
Configuration VRRP specifies a master (active) router that owns the next hop IP and MAC address for end stations on a LAN. The master router is chosen from the virtual routers by an election process and forwards packets sent to the next hop IP address. If the master router fails, VRRP begins the election process to choose a new master router which continues routing traffic. VRRP packets are transmitted with the virtual router MAC address as the source MAC address.
Create virtual router VRRP uses the VRID to identify each virtual router configured. Before using VRRP, you must configure the interface with the primary IP address and enable it. • Create a virtual router for the interface with the VRRP identifier in INTERFACE mode (1 to 255). vrrp-group vrrp-id • Delete a VRRP group in INTERFACE mode.
Set backup switches to VRRPv3 OS10_backup_switch1(config)# vrrp version 3 OS10_backup_switch2(config)# vrrp version 3 Virtual IP addresses Virtual routers contain virtual IP addresses configured for that VRRP group (VRID). A VRRP group does not transmit VRRP packets until you assign the virtual IP address to the VRRP group. To activate a VRRP group on an interface, configure at least one virtual IP address for a VRRP group.
interface ethernet1/1/2 switchport access vlan 1 no shutdown ! interface ethernet1/1/3 switchport access vlan 1 no shutdown ! interface ethernet1/1/4 switchport access vlan 1 --more-View VRRP information When the VRRP process completes initialization, the State field contains either master or backup. OS10# show vrrp brief Interface Group Priority Preemption State Master-addr Virtual addr(s) ---------------------------------------------------------------------------ethernet1/1/1 IPv4 10 100 true master 10.1.
Virtual IP address : 10.1.1.1 master-transitions : 1 advertise-rcvd : 0 advertise-interval-errors : 0 ip-ttl-errors : 0 priority-zero-pkts-rcvd : 0 priority-zero-pkts-sent : 0 invalid-type-pkts-rcvd : 0 address-list-errors : 0 pkt-length-errors : 0 Authentication Simple authentication of VRRP packets ensures that only trusted routers participate in VRRP processes. When you enable authentication, OS10 includes the password in its VRRP transmission.
! Last configuration change at Sep 24 07:17:45 2016 ! debug radius false snmp-server contact http://www.dell.com/support/softwarecontacts snmp-server location "United States" username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/VKx8SloIhp4NoGZs0I/ UNwh8WVuxwfd9q4pWIgNs5BKH. aaa authentication system:local ! interface ethernet1/1/5 ip address 1.1.1.1/16 no switchport no shutdown ! vrrp-group 254 priority 125 virtual-address 1.1.1.
advertisment-interval centisecs 200 priority 200 virtual-address 10.1.1.1 ! interface ethernet1/1/2 switchport access vlan 1 no shutdown Interface/object tracking You can monitor the state of any interface according to the virtual group. OS10 supports a maximum of 10 track groups and each track group can track a maximum of five interfaces. If the tracked interface goes down, the VRRP group’s priority decreases by a default value of 10 — also known as cost.
ip address 10.1.1.1/16 no switchport no shutdown ! vrrp-group 1 priority 200 virtual-address 10.1.1.1 ! interface ethernet1/1/2 switchport access vlan 1 no shutdown ! interface ethernet1/1/3 switchport access vlan 1 no shutdown ! interface ethernet1/1/4 switchport access vlan 1 no shutdown ! interface ethernet1/1/5 switchport access vlan 1 no shutdown ! interface ethernet1/1/6 switchport access vlan 1 no shutdown ! ..... .....
Example OS10(conf-eth1/1/6-vrid-250)# advertise-interval 120 centisecs 100 Supported Releases 10.2.0E or later authentication-type Enables authentication of VRRP data exchanges. Syntax authentication-type simple-text password [auth-text] Parameters • simple-text password — Enter a simple text password. • auth-text — (Optional) Enter a character string up to eight characters long as a password.
Usage Information To guarantee that a VRRP group becomes master, configure the VRRP group’s virtual address with same IP address as the interface’s primary IP address, and change the priority of the VRRP group to 255. If you set this command to 255 and the virtual-address is not equal to the interface’s primary IP address, the system displays an error message. The no version of this command resets the value to the default (100). Example OS10(conf-eth1/1/5-vrid-254)# priority 200 Supported Releases 10.
• priority cost value — (Optional) Enter a cost value to subtract from the priority value (1 to 254) Default 10 Command Mode INTERFACE-VRRP Usage Information If the interface is disabled, the cost value subtracts from the priority value and forces a new Master election. This election process is applicable when the priority value is lower than the priority value in the Backup virtual router. The no version of this command resets the value to the default.
enter or delete the virtual-address command. To guarantee that a VRRP group becomes Master, configure the VRRP group’s virtual address with the same IP address as the interface’s primary IP address and change the priority of the VRRP group to 255. You can ping the virtual addresses configured in all VRRP groups. The no version of this command deletes one or more virtual-addresses configured in the system. Example OS10(conf-eth1/1/5-vrid-254)# virtual address 10.1.1.15 Supported Releases 10.2.
Default Not configured Command Mode INTERFACE-VRRP Usage Information The VRRP group only becomes active and sends VRRP packets when you configure a virtual IP address. When you delete the virtual address, the VRRP group stops sending VRRP packets. The no version of this command removes the vrrp-ipv6–group configuration. Example OS10(conf-if-eth1/1/7)# vrrp-ipv6-group 250 Supported Releases 10.2.0E or later vrrp version Sets the VRRP protocol version for the IPv4 group.
6 UFT modes Unified Forwarding Table (UFT) gives the flexibility to configure the sizes of internal L2/L3 forwarding tables of a switch to match the needs of particular network environment. A switch in a Layer 2 network may require a larger MAC address table size, while a switch in a Layer 3 network may require a larger routing table size. OS10 supports several UFT modes for the forwarding tables. By default, OS10 selects a UFT mode which provides a reasonable size for all tables.
Configure UFT modes Available UFT modes include L2 MAC table, L3 host table, or L3 route table sizes. • Select a mode to initialize the maximum table size in CONFIGURATION mode. hardware forwarding-table mode [scaled-l2 | scaled-l3-routes | scaled-l3-hosts] • Disable UFT mode in CONFIGURATION mode.
show hardware forwarding-table mode Displays the current hardware forwarding table mode, and the mode after the next boot. Syntax show hardware forwarding-table mode Parameters None Defaults None Command Mode EXEC Usage Information Use this command to view the current hardware forwarding table mode and the mode after the next boot.
7 System management Dynamic host configuration protocol Provides information to dynamically assign IP addresses and other configuration parameters to network hosts based on policies (see DHCP commands). Network time protocol Provides information about how to synchronize timekeeping between time servers and clients (see NTP commands). Security Provides information about role-based access control, RADIUS server, user roles, and user names (see Security eommands).
The table shows common options using DHCP packet formats.
DHCP automates network-parameter assignment to network devices. Even in small networks, DHCP is useful because it makes it easier to add new devices to the network. The DHCP access service minimizes the overhead required to add clients to the network by providing a centralized, server-based setup. This setup means you do not have to manually create and maintain IP address assignments for clients.
Address lease time Use the lease {days [hours] [minutes] | infinite} command to configure an address lease time (default 24 hours). OS10(config)# ip dhcp server OS10(conf-dhcp)# pool Dell OS10(conf-dhcp-Dell)# lease 36 Default gateway Ensure the IP address of the default router is on the same subnet as the client. 1 Enable DHCP server-assigned dynamic addresses on an interface in CONFIGURATION mode. ip dhcp server 2 Create an IP address pool and provide a name in DHCP mode.
NetBIOS WINS address resolution DHCP clients can be one of four types of NetBIOS nodes — broadcast, peer-to-peer, mixed, or hybrid. Dell EMC recommends using hybrid as the NetBIOS node type. 1 Enable DHCP server-assigned dynamic addresses on an interface in DHCP mode. ip dhcp server 2 Create an IP address pool and enter the pool name in DHCP mode. pool name 3 Enter the NetBIOS WINS name servers in order of preference that are available to DHCP clients in DHCP mode.
View DHCP Information Use the show ip dhcp binding command to view the DHCP binding table entries. View DHCP Binding Table OS10# show ip dhcp binding IP Address Hardware address Lease expiration Hostname +-------------------------------------------------------------------------11.1.1.
DHCP commands default-router address Assigns a default gateway to clients based on the IP address pool. Syntax default-router address [address2...address8] Parameters • address — Enter an IPv4 or IPv6 address to use as the default gateway for clients on the subnet in A.B.C.D or A::B format. • address2...address8 — (Optional) Enter up to eight IP addresses, in order of preference.
Command Mode DHCP-POOL Usage Information None Example OS10(conf-dhcp-Dell)# dns-server 192.168.1.1 Supported Releases 10.2.0E or later domain-name Configures the name of the domain where the device is located. Syntax domain-name domain-name Parameters domain-name — Enter the name of the domain (up to 32 characters). Default Not configured Command Mode DHCP-POOL Usage Information This is the default domain name that appends to hostnames that are not fully qualified.
Example OS10(conf-dhcp-Dell)# host 20.1.1.100 Supported Releases 10.2.0E or later ip dhcp server Enters DHCP mode. Syntax ip dhcp server Parameters None Default Not configured Command Mode CONFIGURATION Usage Information This command is used to enter DHCP mode. Example OS10(config)# ip dhcp server OS10(conf-dhcp)# Supported Releases 10.2.0E or later ip helper-address Forwards UDP broadcasts received on an interface to the DHCP server.
Default 24 hours Command Mode DHCP-POOL Usage Information The no version of this command removes the lease configuration. Example OS10(conf-dhcp-Dell)# lease 2 5 10 Example (Infinite) OS10(conf-dhcp-Dell)# lease infinite Supported Releases 10.2.0E or later netbios-name-server address Configures a NetBIOS WINS server which is available to DHCP clients. Syntax netbios-name-server ip-address [address2...address8] Parameters ip-address — Enter the address of the NetBIOS WINS server. address2...
network Configures a range of IPv4 or IPv6 addresses in the address pool. Syntax network address/mask Parameters address/mask — Enter a range of IP addresses and subnet mask in A.B.C.D/x or A::B/x format. Default Not configured Command Mode DHCP-POOL Usage Information Use this command to configure a range of IPv4 or IPv6 addresses. Example OS10(config-dhcp-Dell)# network 20.1.1.1/24 Supported Releases 10.2.0E or later pool Creates an IP address pool name.
DNS commands OS10 supports the configuration of a DNS host and domain parameters. ip domain-list Adds a domain name to the DNS list. This domain name appends to incomplete hostnames in DNS requests. Syntax Parameters ip domain-list [server-name] name • server-name — (Optional) Enter the server name to add a domain name to the DNS list. • name — Enter the name of the domain to append to the DNS list.
Default Not configured Command Mode CONFIGURATION Usage Information The name-to-IP address table uses this mapping information to resolve host names. The no version of this command disables the mapping. Example OS10(config)# ip host dell 1.1.1.1 Supported Releases 10.2.0E or later ip name-server Configures up to a three IPv4 or IPv6 addresses used for network name servers.
--------------------------------------------dell-pc1 20.1.1.1 Supported Releases 10.2.0E or later Network time protocol NTP synchronizes timekeeping among a set of distributed time servers and clients. The protocol coordinates time distribution in a large, diverse network. NTP clients synchronize with NTP servers that provide accurate time measurement. NTP clients choose from several NTP servers to determine which offers the best available source of time and the most reliable transmission of information.
View system clock state OS10(config)# do show system peer: system peer mode: leap indicator: stratum: precision: root distance: root dispersion: reference ID: reference time: system flags: jitter: stability: broadcastdelay: authdelay: ntp status 0.0.0.0 unspec 11 16 -22 0.00000 s 1.28647 s [73.78.73.84] 00000000.00000000 Mon, Jan monitor ntp kernel stats 0.000000 s 0.000 ppm 0.000000 s 0.000000 s 1 1900 0:00:00.
– vlan — Enter the keyword and VLAN number (1 to 4093). – loopback — Enter the keyword and number (0 to 16383). – mgmt — Enter the keyword and node/slot/port information (default 1/1/1). Configure source IP address OS10(config)# ntp source ethernet 1/1/10 View source IP configuration OS10(config)# do show running-configuration | grep source ntp source ethernet1/1/1 Authentication NTP authentication and the corresponding trusted key provide a reliable exchange of NTP packets with trusted time sources.
NTP commands ntp authenticate Enables authentication of NTP traffic between the device and the NTP time serving hosts. Syntax ntp authenticate Parameters None Default Not configured Command Mode CONFIGURATION Usage Information You must also configure an authentication key for NTP traffic using the ntp authentication-key command. The no version of this command disables NTP authentication. Example OS10(config)# ntp authenticate Supported Releases 10.2.
Default Not configured Command Mode INTERFACE Usage Information The no version of this command disables broadcast. Example OS10(conf-if-eth1/1/1)# ntp broadcast client Supported Releases 10.2.0E or later ntp disable By default, NTP is enabled on all interfaces. Prevents an interface from receiving NTP packets.
Usage Information The no version of this command resets the value to the default. Example OS10(config)# ntp master 6 Supported Releases 10.2.0E or later ntp server Configures an NTP time-serving host. Syntax ntp server {hostname | ipv4-address | ipv6-address} [key keyid] [prefer] Parameters • hostname — Enter the host name of the server. • ipv4–address | ipv6–address — Enter the IPv4 address (A.B.C.D) or IPv6 address (A::B) of the NTP server.
ntp trusted-key Sets a key to authenticate the system to which NTP synchronizes with. Syntax ntp trusted-key number Parameters number — Enter the trusted key ID (1 to 4294967295). Default Not configured Command Mode CONFIGURATION Usage Information The number parameter must be the same number as the number parameter in the ntp authenticationkey command. If you change the ntp authentication-key command, you must also change this command. The no version of this command removes the key.
*172.16.1.33 127.127.1.0 11 6 16 172.31.1.33 0.0.0.0 16 - 256 192.200.0.2 0.0.0.0 16 - 256 377 -0.08 -1499.9 104.16 0 0.00 0.000 16000.0 0 0.00 0.000 16000.0 OS10# show ntp associations vrf management remote local st poll reach delay offset disp ======================================================================= *1.1.1.2 1.1.1.1 3 64 1 0.00027 0.000056 0.43309 Supported Releases 10.2.0E or later show ntp status Displays NTP configuration information.
System clock OS10 uses NTP to synchronize the system clock with a time-serving host. If you do not use NTP, set the system time in EXEC mode. The hardware-based real-clock time (RTC) is reset to the new system time. You can set the current time and date after you disable NTP. When NTP is enabled, it overwrites the system time. • Enter the time and date in EXEC mode.
show clock Displays the current system clock settings. Syntax show clock Parameters None Default Not configured Command Mode EXEC Usage Information The universal time coordinated (UTC) value is the number of hours that your time zone is later than or earlier than UTC/Greenwich mean time. Example OS10# show clock 2017-01-25T11:00:31.68-08:00 Supported Releases 10.2.
Parameters timeout-value — Enter the timeout value in seconds (0 to 3600). Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command disables the timeout. Example OS10(config)# exec-timeout 300 OS10(config)# Supported Releases 10.3.1E or later kill-session Terminate a user session. Syntax kill-session session-ID Parameters session-ID — Enter the user session ID.
Telnet server To allow Telnet TCP/IP connections to an OS10 switch, enable the Telnet server. The OS10 Telnet server uses the Debian telnetd package. By default, the Telnet server is disabled. When the Telnet server is enabled, connect to the switch using the IP address configured on the management or any front-panel port. The Telnet server configuration is persistent and is maintained after you reload the switch. To verify the Telnet server configuration, enter the show running-configuration command.
Parameters • management — Configures the management VRF to be used to reach the Telnet server. Default The Telnet server is reachable on the default VRF. Command Mode CONFIGURATION Usage Information By default, the Telnet server is disabled. To enable the Telnet server, enter the telnet enable command. To configure the Telnet server to be reachable on the management VRF instance, use the ip telnet server vrf management command.
You can enable this feature so that user re-authentication is required when any of these actions are performed. In these cases, logged-in users are logged out of the switch and all OS10 sessions are terminated. By default, user re-authentication is disabled. Enable user re-authentication • Enable user re-authentication in CONFIGURATION mode. aaa re-authenticate enable Enter the no form of the command to disable user re-authentication.
Assign user role To limit OS10 system access, assign a role when you configure each user. • Enter a user name, password, and role in CONFIGURATION mode. username username password password role role – username username — Enter a text string (up to 32 alphanumeric characters; 1 character minimum). – password password — Enter a text string (up to 32 alphanumeric characters; 9 characters minimum).
• Configure the timeout period used to wait for an authentication response from a RADIUS server in CONFIGURATION mode (0 to 1000 seconds; default 5). radius-server timeout seconds Configure RADIUS server OS10(config)# radius-server host 1.2.4.5 OS10(config)# radius-server retransmit 10 OS10(config)# radius-server timeout 10 View RADIUS server configuration OS10# show running-configuration ... radius-server host 1.2.4.5 key mysecret radius-server retransmit 10 radius-server timeout 10 ...
SSH Server The secure shell (SSH) server allows an SSH client to access an OS10 switch through a secure, encrypted connection. Configure SSH server • The SSH server is enabled by default. You can disable the SSH server using no ip ssh server enable. • Challenge response authentication is disabled by default. To enable, use the ip ssh server challenge-responseauthentication command. • Host-based authentication is disabled by default. To enable, use the ip ssh server hostbased-authentication command.
OS10(config-line-vty)# ip access-class permit10 OS10(config-line-vty)# View VTY ACL configuration OS10(config-line-vty)# show configuration ! line vty ip access-class permit10 ipv6 access-class deny10 OS10(config-line-vty)# Enable login statistics To monitor system security, allow users to view their own login statistics when they sign in to the system. A large number of login failures or an unusual login location may indicate a system hacker.
Usage Information There is no no version of this command. To reset the authentication method to local, enter the aaa authentication local command. Example OS10(config)# aaa authentication radius Supported Releases 10.2.0E or later aaa re-authenticate enable Requires user re-authentication after a change in the authentication method or server.
Default Not configured Command Mode LINE VTY CONFIGURATION Usage Information The no version of this command removes the filter. Example OS10(config)# line vty OS10(config-line-vty)# ipv6 access-class permit10 Supported Releases 10.4.0E(R1) or later ip ssh server challenge-response-authentication Enable challenge response authentication in an SSH server.
• aes128-gcm@openssh.com • aes256-gcm@openssh.com • chacha20-poly1305@opens Command Mode CONFIGURATION Usage Information The no version of this command removes the configuration. Example OS10(config)# ip ssh server cipher 3des-cbc aes128-cbc Supported Releases 10.3.0E or later ip ssh server enable Enable the SSH server. Syntax ip ssh server enable Parameters None Default Enabled Command Mode CONFIGURATION Usage Information The no version of this command disables the SSH server.
Default • diffie-hellman-group1-sha1 • diffie-hellman-group14-sha1 • diffie-hellman-group-exchange-sha1 • diffie-hellman-group-exchange-sha256 • ecdh-sha2-nistp256 • ecdh-sha2-nistp384 • ecdh-sha2-nistp521 • curve25519-sha256 • diffie-hellman-group14-sha1 • diffie-hellman-group-exchange-sha256 • ecdh-sha2-nistp256 • ecdh-sha2-nistp384 • ecdh-sha2-nistp521 Command Mode CONFIGURATION Usage Information The no version of this command removes the configuration.
Default • umac-128-etm@openssh.com • hmac-sha1 • hmac-sha2-256 • hmac-sha2-512 • umac-64@openssh.com • umac-128@openssh.com • hmac-sha1-etm@openssh.com • hmac-sha2-256-etm@openssh.com • hmac-sha2-512-etm@openssh.com • umac-64-etm@openssh.com • umac-128-etm@openssh.com Command Mode CONFIGURATION Usage Information The no version of this command removes the configuration. Example OS10(config)# ip ssh server mac hmac-md5 hmac-md5-96 hmac-ripemd160 Supported Releases 10.3.
ip ssh server pubkey-authentication Enable public key authentication in an SSH server. Syntax ip ssh server pubkey-authentication Parameters None Default Enabled Command Mode CONFIGURATION Usage Information The no version of this command disables the public key authentication. Example OS10(config)# ip ssh server pubkey-authentication Supported Releases 10.3.0E or later ip ssh server vrf Configures the SSH server for the management VRF instance.
login-statistics enable Enables the display of login statistics to users. Syntax login-statistics enable Parameters None Default Disabled Command Mode CONFIGURATION Usage Information Only the sysadmin and secadmin roles have access to this command. When enabled, user login information, including the number of successful and failed logins, role changes, and the last time a user logged in, is displayed after a successful login.
Example OS10(config)# password-attributes min-length 6 character-restriction upper 2 lower 2 numeric 2 Supported Releases 10.4.0E(R1) or later radius-server host Configures a RADIUS authentication server. Syntax radius-server host {hostname | ip-address} [auth-port port-number | key authentication-key] Parameters • hostname — Enter the host name of the RADIUS server. • ip-address — Enter the IPv4 (A.B.C.D) or IPv6 (x:x:x:x::x) address of the RADIUS server.
radius-server timeout Configures the timeout used to resend RADIUS authentication requests. Syntax radius-server timeout seconds Parameters seconds — Enter the time in seconds for retransmission (0 to 1000). Default An OS10 switch stops sending RADIUS authentication requests after five seconds. Command Mode CONFIGURATION Usage Information Use this command to globally configure the timeout value used on RADIUS servers. The no version of this command resets the value to the default.
etm@openssh.com, SSH Server KEX algorithms: hellman-group14-sha1 Password Authentication: Host-Based Authentication: RSA Authentication: Challenge Response Auth: Supported Releases hmac-sha1-etm@openssh.com,umac-64@openssh.com, umac-128@openssh.com,hmac-sha2-256, hmac-sha2-512,hmac-sha1 curve25519-sha256@libssh.org,ecdh-sha2-nistp256, ecdh-sha2-nistp384,ecdh-sha2-nistp521, diffie-hellman-group-exchange-sha256,diffieEnabled Disabled Enabled Disabled 10.3.
show users Displays information for all users logged into OS10. Syntax show users Parameters None Default Not configured Command Mode EXEC Usage Information Use this command to view current OS10 users. Example OS10# show users Index Line User Role Application Idle Location Login-Time Lock ------------------------------------------------------------------1 ttyS0 admin sysadmin login/clish . 2016-04-29 01:02:00 Supported Releases 10.2.
Parameters seconds — Enter the timeout period used to wait for an authentication response from a TACACS+ server (1 to 1000 seconds). Default 5 seconds Command Mode CONFIGURATION Usage Information The no version of this command resets the TACACS+ server timeout to the default. Example OS10(config)# tacacs-server timeout 360 Supported Releases 10.4.0E(R2) or later username password role Creates an authentication entry based on a user name and password, and assigns a role to the user.
Simple network management protocol Network management stations use SNMP to retrieve or alter management data from network elements. Standard and private SNMP management information bases (MIBs) are supported, including all get requests. A managed object is a datum of management information. A MIB is a database that stores managed objects found in network elements. MIBs are hierarchically structured and use object identifiers to address managed objects. Managed objects are also known as object descriptors.
snmp-server host vrf Configures a host to receive SNMP traps for the management VRF instance. Syntax snmp-server host {hostname | ipv4–address | ipv6–address} vrf management Parameters hostname | ipv4–address | ipv6–address — Enter either the name or IPv4/IPv6 address of the host. Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command disables the host from receiving the SNMP traps. Example OS10(config)# snmp-server host 1.1.1.
Configure uplink failure detection Consider the following before configuring an uplink-state group: • • • • • • • You can assign a physical port or a port channel to an uplink-state group. You can assign an interface to only one uplink-state group at a time. You can designate the uplink-state group as either an upstream or a downstream interface, but not both. You cannot assign both a port channel and its members to an uplink-state group, which would make the group inactive.
2 Configure the upstream and downstream interfaces in UPLINK-STATE-GROUP mode. upstream {interface-type | interface-range} downstream {interface-type | interface-range} 3 (Optional) Disable uplink-state group tracking in UPLINK-STATE-GROUP mode. no enable 4 (Optional) Provide a descriptive name for the uplink-state group in UPLINK-STATE-GROUP mode. name string 5 (Optional) Clear the UFD error disabled state of downstream interfaces in EXEC mode.
Usage Information This command manually brings up a disabled downstream interface that is in UFD-disabled error state. After the downstream interface is up, it is not disabled until there are changes in the upstream interfaces. This command does not have effect on downstream interfaces that are already up or interfaces that are not part of the UFD group. Example OS10# clear ufd-disable interface ethernet 1/1/2 OS10# clear ufd-disable uplink-state-group 1 Supported Releases 10.4.
Parameters string — Enter a description for the uplink-state group. A maximum of 32 characters. Default Not configured Command Mode UPLINK-STATE-GROUP Usage Information The no version of this command removes the descriptive name. Example OS10(config)# uplink-state-group 1 OS10(conf-uplink-state-group-1)# name test_ufd_group Supported Releases 10.4.0E(R3) or later show running-configuration uplink-state-group Displays the running configuration specific to uplink-state groups.
Uplink State Group: 9, Status: Enabled,down OS10# Example (detail) OS10# show uplink-state-group detail Uplink State Group: 9, Name: UFD9, Status: Enabled,down Upstream Interfaces:ethernet1/1/36(down) Downstream Interfaces:ethernet1/1/37(down) OS10# show uplink-state-group 9 detail Uplink State Group: 9, Name: UFD9, Status: Enabled,down Upstream Interfaces:ethernet1/1/36(down) Downstream Interfaces:ethernet1/1/37(down) Supported Releases 10.4.
OS10 image upgrade The image download command simply downloads the software image — it does not install the software on your device. The image install command installs the downloaded image to the standby partition. NOTE: If the active partition contains any modified text files or custom packages installed, they would not be available in the standby partition. Backup the modified files and re-install the packages after downloading the image.
2 Configure the boot system in EXEC mode. boot system [active | standby] • active — Resets the running partition as the subsequent boot partition. • standby — Sets the standby partition as the subsequent boot partition. View boot detail OS10# show boot detail Current system image information detail: ========================================== Type: Node-id 1 Boot Type: Flash Boot Active Partition: B Active SW Version: 10.2.EE.1965 Active Kernel Version: Linux 3.16.
image cancel Cancels an active image download. Syntax image cancel Parameters None Default Not configured Command Mode EXEC Usage Information This command attempts to cancel an active file download in progress. Example OS10# image cancel Supported Releases 10.2.0E or later image copy Copies the entire image in the active partition to the standby partition (mirror image).
Command Mode EXEC Usage Information Use the show image status command to view the progress. Example OS10# image download ftp://admin@10.206.28.174:/PKGS_OS10-Enterprise-10.4.0E. 55-installer-x86_64.bin Supported Releases 10.2.0E or later image install Installs a new image, either from a previously downloaded file or from a remote location.
--------------------------------------------------------Node-id 1 Flash Boot [B] 10.2.0E [A] 10.2.0E [B] active Example (Detail) OS10# show boot detail Current system image information detail: ========================================== Type: Node-id 1 Boot Type: Flash Boot Active Partition: B Active SW Version: 10.2.0E Active Kernel Version: Linux 3.16.7-ckt25 Active Build Date/Time: 2016-10-03T23:11:14Z Standby Partition: A Standby SW Version: 10.2.
Default Not configured Command Mode EXEC Usage Information None Example OS10# show version Dell EMC Networking OS10 Enterprise Copyright (c) 1999-2018 by Dell Inc. All Rights Reserved. OS Version: 10.4.0E(R3) Build Version: 10.4.0E(R3.221) Build Time: 2018-03-25T22:20:52-0700 System Type: Z9100-ON Architecture: x86_64 Up Time: 02:22:09 Supported Releases 10.2.
8 Access Control Lists OS10 uses two types of access policies — hardware-based ACLs and software-based route-maps. Use an ACL to filter traffic and drop or forward matching packets. To redistribute routes that match configured criteria, use a route-map. ACLs ACLs are a filter containing criterion to match; for example, examine IP, TCP, or UDP packets, and an action to take such as forwarding or dropping packets at the NPU. ACLs permit or deny traffic based on MAC and/or IP addresses.
Ingress and egress hot-lock ACLs allow you to append or delete new rules into an existing ACL without disrupting traffic flow. Existing entries in the CAM shuffle to accommodate the new entries. Hot-lock ACLs are enabled by default and support ACLs on all platforms. NOTE: Hot-lock ACLs support ingress ACLs only. MAC ACLs MAC ACLs filter traffic on the Layer 2 (L2) header of a packet.
Permit all packets on interface OS10(config)# ip access-list ABC OS10(conf-ipv4-acl)# permit ip any 10.1.1.1/32 OS10(conf-ipv4-acl)# deny ip any 10.1.1.1/32 fragments L3 ACL rules Use ACL commands for L3 packet filtering. TCP packets from host 10.1.1.1 with the TCP destination port equal to 24 are permitted, and all others are denied. TCP packets that are first fragments or non-fragmented from host 10.1.1.
Assign sequence number to filter IP ACLs filter on source and destination IP addresses, IP host addresses, TCP addresses, TCP host addresses, UDP addresses, and UDP host addresses. Traffic passes through the filter by filter sequence. Configure the IP ACL by first entering IP ACCESS-LIST mode and then assigning a sequence number to the filter. User-provided sequence number • Enter IP ACCESS LIST mode by creating an IP ACL in CONFIGURATION mode.
• Egress L2 ACL NOTE: In ingress ACLs, L2 has higher priority than L3 and in egress ACLs, L3 has higher priority than L2. Table 7. L2 and L3 targeted traffic L2 ACL / L3 ACL Targeted traffic Deny / Deny L3 ACL denies Deny / Permit L3 ACL permits Permit / Deny L3 ACL denies Permit / Permit L3 ACL permits Assign and apply ACL filters To filter an Ethernet interface, a port-channel interface, or a VLAN, assign an IP ACL filter to a physical interface.
To view the number of packets matching the ACL, use the count option when creating ACL entries. • • Create an ACL that uses rules with the count option, see Assign sequence number to filter. Apply the ACL as an inbound or outbound ACL on an interface in CONFIGURATION mode, and view the number of packets matching the ACL. show ip access-list {in | out} Ingress ACL filters To create an ingress ACL filter, use the ip access-group command in EXEC mode. To configure ingress, use the in keyword.
Active on interfaces : ethernet1/1/29 seq 10 deny ip any any fragment count (100 packets) Clear access-list counters Clear IPv4, IPv6, or MAC access-list counters for a specific access-list or all lists. The counter counts the number of packets that match each permit or deny statement in an access-list. To get a more recent count of packets matching an access-list, clear the counters to start at zero. If you do not configure an access-list name, all IP access-list counters clear.
Route-maps Route-maps a series of commands that contain a matching criterion and action. They change the packets meeting the matching criterion. ACLs and prefix-lists can only drop or forward the packet or traffic while route-maps process routes for route redistribution. For example, use a route-map to filter only specific routes and to add a metric. • Route-maps also have an implicit deny.
View route-map configuration OS10(conf-router-bgp-neighbor-af)# do show route-map route-map test1, deny, sequence 10 Match clauses: ip address prefix-list p1 Set clauses: route-map test2, permit, sequence 10 Match clauses: ip address prefix-list p1 Set clauses: route-map test3, deny, sequence 10 Match clauses: ip address prefix-list p2 Set clauses: route-map test4, permit, sequence 10 Match clauses: ip address prefix-list p2 Set clauses: Match routes Configure match criterion for a route-map.
• Enter an ORIGIN attribute in ROUTE-MAP mode. set origin {egp | igp | incomplete} • Enter a tag value for the redistributed routes in ROUTE-MAP mode, from 0 to 4294967295. set tag tag-value • Enter a value as the route’s weight in ROUTE-MAP mode, from 0 to 65535. set weight value Check set conditions OS10(config)# route-map ip permit 1 OS10(conf-route-map)# match metric 2567 continue Clause Only BGP route-maps support the continue clause.
If you configure the flow-based enable command and do not apply an ACL on the source port or the monitored port, both flow-based monitoring and port mirroring do not function. Flow-based monitoring is supported only for ingress traffic. The show monitor session session-id command displays output which indicates if a particular session is enabled for flowmonitoring. View flow-based monitoring OS10# show monitor session 1 S.
View monitor sessions OS10(conf-if-eth1/1/1)# show monitor session all S.Id Source Destination Dir SrcIP DstIP DSCP TTL State Reason ---------------------------------------------------------------------------1 ethernet1/1/1 ethernet1/1/4 both N/A N/A N/A N/A true Is UP ACL commands clear ip access-list counters Clears ACL counters for a specific access-list.
clear mac access-list counters Clears counters for a specific or all MAC access lists. Syntax clear mac access-list counters [access-list-name] Parameters access-list-name — (Optional) Enter the name of the MAC access list to clear counters. A maximum of 140 characters. Default Not configured Command Mode EXEC Usage Information If you do not enter an access-list name, all MAC access-list counters clear.
Example OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# deny udp any any Supported Releases 10.2.0E or later deny (IPv6) Configures a filter to drop packets with a specific IPv6 address. Syntax Parameters deny [protocol-number | icmp | ipv6 | tcp | udp] [A::B | A::B/x | any | host ipv6-address] [A::B | A::B/x | any | host ipv6-address] [capture | count [byte] | dscp value | fragment] • protocol-number — (Optional) Enter the protocol number identified in the IP header, from 0 to 255.
• any — (Optional) Set routes which are subject to the filter. – protocol-number — (Optional) MAC protocol number identified in the header, from 600 to ffff. – capture — (Optional) Capture packets the filter processes. – cos — (Optional) CoS value, from 0 to 7. – count — (Optional) Count packets the filter processes. – vlan — (Optional) VLAN number, from 1 to 4093.
deny icmp (IPv6) Configures a filter to drop all or specific ICMP messages. Syntax Parameters deny icmp [A::B | A::B/x | any | host ipv6-address] [A::B | A::B/x | any | host ipv6-address] [capture | count [byte] | dscp value | fragment] • A::B — Enter the IPv6 address in hexadecimal format separated by colons. • A::B/x — Enter the number of bits to match to the IPv6 address. • any — (Optional) Set all routes which are subject to the filter: – capture — (Optional) Capture packets the filter processes.
Usage Information OS10 cannot count both packets and bytes; when you use the count byte options, only bytes increment. The no version of this command removes the filter. Example OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# deny ip any any capture session 1 count Supported Releases 10.2.0E or later deny ipv6 Configures a filter to drop all or specific packets from an IPv6 address.
– byte — (Optional) Count bytes the filter processes. – dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63. – fragment — (Optional) Use ACLs to control packet fragments. – ack — (Optional) Set the bit as acknowledgement. – fin — (Optional) Set the bit as finish—no more data from sender. – psh — (Optional) Set the bit as push. – rst — (Optional) Set the bit as reset. – syn — (Optional) Set the bit as synchronize. – urg — (Optional) Set the bit set as urgent.
– lt — Lesser than – neq — Not equal to – range — Range of ports, including the specified port numbers. • host ipv6-address — (Optional) Enter the IPv6 address to use a host address only. Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you use the count byte options, only bytes increment. The no version of this command removes the filter.
Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes; when you use the count byte options, only bytes increment. The no version of this command removes the filter. Example OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# deny udp any any capture session 1 Supported Releases 10.2.0E or later deny udp (IPv6) Configures a filter to drop UDP IPv6 packets that match filter criteria.
Supported Releases 10.2.0E or later description Configures an ACL description. Syntax description text Parameters text — Enter the description text string. A maximum of 80 characters. Default Disabled Command Modes IPV4-ACL, IPV6-ACL, MAC-ACL Usage Information The no version of this command deletes the ACL description. Example OS10(conf-ipv4-acl)# description ipacltest Supported Releases 10.2.0E or later ip access-group Assigns an IP access group to an interface.
Supported Releases 10.2.0E or later ip as-path access-list Create an AS-path ACL filter for BGP routes using a regular expression. Syntax Parameters ip as-path access-list name {deny | permit} regexp-string • name — Enter an access list name. • deny | permit — Reject or accept a matching route. • regexp-string — Enter a regular expression string to match an AS-path route attribute.
ip community-list standard deny Creates a standard community list for BGP to deny access. Syntax ip community-list standard name deny {aa:nn | no-advertise | local-AS | noexport | internet} Parameters • name — Enter the name of the standard community list used to identify one more deny groups of communities. • aa:nn — Enter the community number in the format aa:nn, where aa is the number that identifies the autonomous system and nn is a number the identifies the community within the autonomous system.
ip extcommunity-list standard deny Creates an extended community list for BGP to deny access. Syntax Parameters ip extcommunity-list standard name deny {4byteas-generic | rt | soo} • name — Enter the name of the community list used to identify one or more deny groups of extended communities. • 4byteas-generic—Enter the generic extended community then the keyword transitive or nontransitive. • rt — Enter the route target. • soo — Enter the route origin or site-of-origin.
Parameters • name — Enter the name of the prefix list. • description — Enter the description for the named prefix list. Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the specified prefix list. Example OS10(config)# ip prefix-list TEST description TEST_LIST Supported Release 10.3.0E or later ip prefix-list deny Creates a prefix list to deny route filtering from a specified network address. Syntax ip prefix-list name deny [A.B.C.
Example OS10(config)# ip prefix-list allowprefix permit 10.10.10.1/16 ge 10 Supported Release 10.3.0E or later ip prefix-list seq deny Configures a filter to deny route filtering from a specified prefix list. Syntax Parameters ip prefix-list name seq num deny {A.B.C.D/x [ge | le] prefix-len} • name — Enter the name of the prefix list. • num — Enter the sequence list number. • A.B.C.D/x — Enter the source network address and mask in /prefix format (/x).
ipv6 access-group Assigns an IPv6 access list to an interface. Syntax ipv6 access-group access-list-name {in | out} Parameters • access-list-name — Enter the name of an IPv6 ACL. A maximum of 140 characters. • in — Apply the ACL to incoming traffic. • out — Apply the ACL to outgoing traffic. Default Not configured Command Mode INTERFACE Usage Information The no version of this command deletes an IPv6 ACL configuration.
Command Mode CONFIGURATION Usage Information The no version of this command removes the specified prefix list. Example OS10(config)# ipv6 prefix-list TEST deny AB10::1/128 ge 10 le 30 Supported Release 10.3.0E or later ipv6 prefix-list description Configures a description of an IPv6 prefix-list. Syntax Parameters ipv6 prefix-list name description • name — Enter the name of the IPv6 prefix-list. • description — Enter the description for the named prefix-list.
ipv6 prefix-list seq deny Configures a filter to deny route filtering from a specified prefix-list. Syntax ipv6 prefix-list [name] seq num deny {A::B/x [ge | le] prefix-len} Parameters • name — (Optional) Enter the name of the IPv6 prefix-list. • num — Enter the sequence number of the specified IPv6 prefix-list. • A::B/x — Enter the IPv6 address and mask in /prefix format (/x). • ge — Enter to indicate the network address is greater than or equal to the range specified.
mac access-group Assigns a MAC access list to an interface. Syntax Parameters mac access-group access-list-name {in | out} • access-list-name — Enter the name of a MAC access list. A maximum of 140 characters. • in — Apply the ACL to incoming traffic. • out — Apply the ACL to outgoing traffic. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command resets the value to the default.
• A.B.C.D — Enter the IP address in dotted decimal format. • A.B.C.D/x — Enter the number of bits that must match the dotted decimal address. • any — (Optional) Set all routes which are subject to the filter: – capture — (Optional) Capture packets the filter processes. – count — (Optional) Count packets the filter processes. – byte — (Optional) Count bytes the filter processes. – dscp value — (Optional) Permit a packet based on the DSCP values, from 0 to 63.
Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter. Example OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# permit udp any any capture session 1 Supported Releases 10.2.0E or later permit (MAC) Configures a filter to allow packets with a specific MAC address.
– count — (Optional) Count packets the filter processes. – byte — (Optional) Count bytes the filter processes. – dscp value — (Optional) Permit a packet based on the DSCP values, from 0 to 63. – fragment — (Optional) Use ACLs to control packet fragments. • host ip-address — (Optional) Enter the IP address to use a host address only. Default Not configured Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment.
permit ip Configures a filter to permit all or specific packets from an IP address. Syntax Parameters permit ip [A.B.C.D | A.B.C.D/x | any | host ip-address] [[A.B.C.D | A.B.C.D/x | any | host ip-address] [capture |count bytes | dscp | fragments] • A.B.C.D — Enter the IP address in dotted decimal format. • A.B.C.D/x — Enter the number of bits to match to the dotted decimal address.
Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter. Example OS10(conf-ipv6-acl)# permit ipv6 any any count capture session 1 Supported Releases 10.2.0E or later permit tcp Configures a filter to permit TCP packets meeting the filter criteria. Syntax permit tcp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.
permit tcp (IPv6) Configures a filter to permit TCP packets meeting the filter criteria. Syntax Parameters permit tcp [A::B | A::B/x | any | host ipv6-address [eq | lt | gt | neq | range]] [A::B | A:B/x | any | host ipv6-address [eq | lt | gt | neq | range]] [ack | fin | psh | rst | syn | urg] [capture | count [byte] | dscp value | fragment] • A::B — Enter the IPv6 address in hexadecimal format separated by colons. • A::B/x — Enter the number of bits that must match the IPv6 address.
– lt — (Optional) Permit packets which are less than. – gt — (Optional) Permit packets which are greater than. – neq — (Optional) Permit packets which are not equal to. – range — (Optional) Permit packets with a specific source and destination address. – ack — (Optional) Set the bit as acknowledgement. – fin — (Optional) Set the bit as finish—no more data from sender. – psh — (Optional) Set the bit as push. – rst — (Optional) Set the bit as reset. – syn — (Optional) Set the bit as synchronize.
– gt — Greater than – lt — Lesser than – neq — Not equal to – range — Range of ports, including the specified port numbers. • host ipv6-address — (Optional) Enter the keyword and the IPv6 address to use a host address only. Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter.
• udp — (Optional) Enter the UDP address to deny. • A.B.C.D — Enter the IP address in dotted decimal format. • A.B.C.D/x — Enter the number of bits that must match the dotted decimal address. • any — (Optional) Set all routes which are subject to the filter: – capture — (Optional) Capture packets the filter processes. – count — (Optional) Count packets the filter processes. – byte — (Optional) Count bytes the filter processes.
Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. Example OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# seq 5 deny ipv6 any any capture session 1 count Supported Releases 10.2.
seq deny icmp Assigns a filter to deny internet control message protocol (ICMP) messages while creating the filter. Syntax seq sequence-number deny icmp [A.B.C.D | A.B.C.D/x | any | host ip-address] [A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | count [byte] | dscp value| fragment] Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A.B.C.D — Enter the IP address in dotted decimal format. • A.B.C.
– dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63. – fragment — (Optional) Use ACLs to control packet fragments. • host ipv6-address — (Optional) Enter the IPv6 address to use a host address only. Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment.
seq deny ipv6 Assigns a filter to deny IPv6 addresses while creating the filter. Syntax seq sequence-number deny ip [A::B | A::B/x | any | host ipv6-address] [A::B | A:B/x | any | host ipv6-address] [capture | count [byte] | dscp value | fragment] Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A::B — Enter the IPv6 address in hexadecimal format separated by colons.
– dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63. – fragment — (Optional) Use ACLs to control packet fragments. – ack — (Optional) Set the bit as acknowledgement. – fin — (Optional) Set the bit as finish—no more data from sender. – psh — (Optional) Set the bit as push. – rst — (Optional) Set the bit as reset. – syn — (Optional) Set the bit as synchronize. – urg — (Optional) Set the bit set as urgent.
– psh — (Optional) Set the bit as push. – rst — (Optional) Set the bit as reset. – syn — (Optional) Set the bit as synchronize. – urg — (Optional) Set the bit set as urgent. • operator — (Optional) Enter a logical operator to match the packets on the specified port number. The following options are available: – eq — Equal to – gt — Greater than – lt — Lesser than – neq — Not equal to – range — Range of ports, including the specified port numbers.
– urg — (Optional) Set the bit set as urgent. • operator — (Optional) Enter a logical operator to match the packets on the specified port number. The following options are available: – eq — Equal to – gt — Greater than – lt — Lesser than – neq — Not equal to – range — Range of ports, including the specified port numbers. • host ip-address — (Optional) Enter the IP address to use a host address only.
– gt — Greater than – lt — Lesser than – neq — Not equal to – range — Range of ports, including the specified port numbers. • host ipv6-address — (Optional) Enter the IPv6 address to use a host address only. Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment.
seq permit (IPv6) Assigns a sequence number to permit IPv6 packets, while creating a filter. Syntax Parameters seq sequence-number permit protocol-number [A::B | A::B/x | any | host ipv6address] [A::B | A:B/x | any | host ipv6-address] [capture | count [byte] | dscp value | fragment] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • protocol-number — (Optional) Enter the protocol number, from 0 to 255.
– capture — (Optional) Enter the capture packets the filter processes. – cos — (Optional) Enter the CoS value, from 0 to 7. – count — (Optional) Enter the count packets the filter processes. – byte — (Optional) Enter the count bytes the filter processes. – vlan — (Optional) Enter the VLAN number, from 1 to 4093. Default Not configured Command Mode MAC-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment.
seq permit icmp (IPv6) Assigns a sequence number to allow ICMP messages while creating the filter. Syntax Parameters seq sequence-number permit icmp [A::B | A::B/x | any | host ipv6-address] [A::B | A:B/x | any | host ipv6-address] [capture | count [byte] | dscp value | fragment] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A::B — Enter the IPv6 address in hexadecimal format separated by colons.
– dscp value — (Optional) Permit a packet based on the DSCP values, from 0 to 63. – fragment — (Optional) Use ACLs to control packet fragments. • host ip-address — (Optional) Enter the IP address to use a host address only. Default Not configured Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment.
seq permit tcp Assigns a sequence number to allow TCP packets while creating the filter. Syntax Parameters seq sequence-number permit tcp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [operator] ] [ack | fin | psh | rst | syn | urg] [capture | count [byte] | dscp value | fragment] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A.B.C.
seq permit tcp (IPv6) Assigns a sequence number to allow TCP IPv6 packets while creating the filter. Syntax seq sequence-number permit tcp [A::B | A::B/x | any | host ipv6-address [operator]] [A::B | A:B/x | any | host ipv6-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | count [byte] | dscp value| fragment] Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214.
seq permit udp Assigns a sequence number to allow UDP packets while creating the filter. Syntax Parameters seq sequence-number permit udp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [operator] ] [ack | fin | psh | rst | syn | urg] [capture | count [byte] | dscp value | fragment] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A.B.C.
seq permit udp (IPv6) Assigns a sequence number to allow UDP IPv6 packets while creating a filter. Syntax seq sequence-number permit udp [A::B | A::B/x | any | host ipv6-address [operator]] [A::B | A:B/x | any | host ipv6-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | count [byte] | dscp value | fragment] Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214.
show access-group Displays IP, MAC, or IPv6 access-group information. Syntax Parameters show {ip | mac | ipv6} access-group name • ip — View IP access list information. • mac — View MAC access group information. • ipv6 — View IPv6 access group information. • access-group name — Enter the name of the access group.
Active on interfaces : ethernet 3/0 ethernet 3/1 seq 10 permit any any seq 20 permit 11:11:11:11:11:11 22:22:22:22:22:22 any monitor count bytes (0 bytes) Example (MAC Out) OS10# show mac access-lists out Egress MAC access list aaa Active on interfaces : ethernet 3/0 ethernet 3/1 seq 10 permit any any seq 20 permit 11:11:11:11:11:11 22:22:22:22:22:22 any monitor count bytes (0 bytes) Example (IP In) OS10# show ip access-lists in Ingress IP access list aaaa Active on interfaces : ethernet 3/0 ethernet 3/1 s
show ip as-path-access-list Displays the configured AS path access lists. Syntax show ip as-path-access-list [name] Parameters name — (Optional) Specify the name of the AS path access list. Defaults None Command Mode EXEC Usage Information None Example OS10# show ip as-path-access-list ip as-path access-list hello permit 123 deny 35 Supported Releases 10.3.0E or later show ip community-list Displays the configured IP community lists in alphabetic order.
permit RT:1:1 deny SOO:1:4 Supported Releases 10.3.0E or later show ip prefix-list Displays configured IPv4 or IPv6 prefix list information. Syntax show {ip | ipv6} prefix-list [prefix-name] Parameters • ip | ipv6—(Optional) Displays information related to IPv4 or IPv6. • prefix-name — Enter a text string for the prefix list name. A maximum of 140 characters. Defaults None Command Mode EXEC Usage Information None Example OS10# show ip prefix-list ip prefix-list hello: seq 10 deny 1.2.3.
match as-path Configures a filter to match routes that have a certain AS path in their BGP paths. Syntax match as-path as-path-name Parameters as-path-name — Enter the name of an established AS-PATH ACL. A maximum of 140 characters. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes a match AS path filter. Example OS10(config)# route-map bgp OS10(conf-route-map)# match as-path pathtest1 Supported Releases 10.3.
Example OS10(config)# route-map bgp OS10(conf-route-map)# match extcommunity extcommlist1 exact-match Supported Releases 10.3.0E or later match interface Configures a filter to match routes whose next-hop is the configured interface. Syntax match interface interface Parameters interface — Interface type: • ethernet node/slot/port[:subport] — Enter the Ethernet interface information as the next-hop interface.
match ip next-hop Configures a filter to match based on the next-hop IP addresses specified in IP prefix lists. Syntax match ip next-hop prefix-list prefix-list Parameters prefix-list — Enter the name of the configured prefix list. A maximum of 140 characters. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes the match. Example OS10(config)# route-map bgp OS10(conf-route-map)# match ip next-hop Supported Releases prefix-list test100 10.3.
Supported Releases 10.3.0E or later match metric Configures a filter to match on a specific value. Syntax match metric metric-value Parameters metric-value — Enter a value to match the route metric against, from 0 to 4294967295. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes the match. Example OS10(conf-route-map)# match metric 429132 Supported Releases 10.2.
• local — Match only on routes generated locally. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes the match. Example OS10(config)# route-map bgp OS10(conf-route-map)# match route-type external type-1 Supported Releases 10.3.0E or later match tag Configures a filter to redistribute only routes that match a specific tag value.
set comm-list add Add communities in the specified list to the COMMUNITY attribute in a matching inbound or outbound BGP route. Syntax set comm-list {community-list-name} add Parameters community-list-name — Enter the name of an established community list (up to 140 characters).
• community-number — Enter the community number in aa:nn format, where aa is the AS number (2 bytes) and nn is a value specific to that AS. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes a BGP COMMUNITY attribute assignment. Example OS10(config)# route-map bgp OS10(conf-route-map)# set community none Supported Releases 10.3.
set extcommunity Sets the extended community attributes in a route map for BGP updates. Syntax set extcommunity rt {asn2:nn | asn4:nnnn | ip-addr:nn} Parameters • asn2:nn — Enter an AS number in 2-byte format; for example, 1–65535:1–4294967295. • asn4:nnnn — Enter an AS number in 4-byte format; for example, 1–4294967295:1–65535 or 1–65535.1– 65535:1–65535. • ip-addr:nn — Enter an AS number in dotted format, from 1 to 65535.
Default Not configured Command Mode ROUTE-MAP Usage Information To establish an absolute metric, do not enter a plus or minus sign before the metric value. To establish a relative metric, enter a plus or minus sign immediately preceding the metric value. The value is added to or subtracted from the metric of any routes matching the route map. You cannot use both an absolute metric and a relative metric within the same route map sequence. Setting either metric overrides any previously configured value.
set next-hop Sets an IPv4 or IPv6 address as the next-hop. Syntax set {ip | ipv6} next-hop ip-address Parameters ip-address — Enter the IPv4 or IPv6 address for the next-hop. Default Not configured Command Mode ROUTE-MAP Usage Information If you apply a route-map with the set next-hop command in ROUTER-BGP mode, it takes precedence over the next-hop-self command entered in ROUTER-NEIGHBOR mode.
Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes the set clause from a route map. Example OS10(conf-route-map)# set tag 23 Supported Releases 10.2.0E or later set weight Set the BGP weight for the routing table. Syntax set weight weight Parameters weight — Enter a number as the weight the route uses to meet the route map specification, from 0 to 65535. Default Default router-originated is 32768 — all other routes are 0.
9 Quality of service Quality of service (QoS) reserves network resources for highly critical application traffic with precedence over less critical application traffic. QoS enables to prioritize different types of traffic and ensures the required level of quality of service. You can control the following parameters of selected traffic flows: Delay, Bandwidth, Jitter, and Drop.
Configuring QoS is a three-step process: 1 2 Create class-maps to classify the traffic flows. The following are the different types of class-maps: • qos (default)—Classifies the ingress data traffic. • queuing —Classifies the egress queues. • control-plane—Classifies the control-plane traffic. • network-qos—Classifies the set of traffic-class IDs for ingress buffer configurations. • application —Classifies the application type traffic.
• Queuing policies must be applied in the output direction on physical interfaces or on system-qos mode. • Application type policy-map must be applied on system-qos mode. When a policy is applied on system, the policy is effective on all the ports in the system. However, interface level policy gets precedence over system level policy. Ingress traffic classification Ingress traffic can be either data traffic or control traffic.
2 Define the set of dot1p values mapped to traffic-class (qos-group) ID. OS10(config-tmap-dot1p-map)# qos-group 3 dot1p 0-4 OS10(config-tmap-dot1p-map)# qos-group 5 dot1p 5-7 3 Verify the map entries. OS10# show qos maps type trust-map-dot1p dot1p-trust-map DOT1P Priority to Traffic-Class Map : dot1p-trust-map Traffic-Class DOT1P Priority ------------------------------- 4 3 0-4 5 5-7 Apply the map on a specific interface or on system-qos (global) level.
DSCP values TC id Color 52-55 6 Y 56-59 7 G 60-62 7 Y 63 7 R User–defined DCSP trust map You can override the default mapping by creating a user defined DSCP trust map. All the unspecified DSCP entries are mapped to the default traffic class ID 0. Configure user–defined DSCP trust map 1 Create a DSCP trust map.
3 Define trust type to be enabled. OS10(config-pmap-c-qos)# trust dot1p 4 Attach the policy-map to interface or system-qos level to make the trusting effective. • Interface level OS10(conf-if-eth1/1/1)# service-policy input type qos trust • System-qos level OS10(config-sys-qos)# service-policy input type qos trust ACL based classification Classify the ingress traffic by matching the packet fields using ACL entries.
• Pre-defined IP access-list OS10(config-cmap-qos)# match ip access-group name ip-acl-1 • Pre-defined IPv6 access-list OS10(config-cmap-qos)#match ipv6 access-group name ACLv6 • Pre-defined MAC access-list OS10(config-cmap-qos)# match mac access-group name mac-acl-1 3 Create a qos type policy-map to refer the classes. OS10(config)# policy-map cos-policy 4 Refer the class-maps in the policy-map and define the required action for the flows.
CoPP applies policy actions on all control-plane traffic. The control-plane class map does not use any match criteria. To enforce rate-limiting or rate policing on control-plane traffic, create policy maps. You can use the control-plane command to attach the CoPP service policies directly to the control-plane. The default rate limits apply to 12 CPU queues and the protocols mapped to each CPU queue. The control packet type to CPU ports control queue assignment is fixed.
3 Create an input policy-map to assign the QoS policy to the desired service queues in CONFIGURATION mode. policy-map type control-plane policy-map-name 4 Associate a policy-map with a class-map in POLICY-MAP mode. class class-name 5 Configure marking for a specific queue number in POLICY-MAP-CLASS-MAP mode (0 to 11). set qos-group queue-number 6 Configure rate policing on incoming traffic in POLICY-MAP-CLASS-MAP mode.
View CMAP1 configuration OS10# show class-map type control-plane cmap1 Class-map (control-plane): cmap1 (match-any) View CoPP service-policy OS10# show policy-map type control-plane Service-policy(control-plane) input: pmap1 Class-map (control-plane): cmap1 set qos-group 6 police cir 200 bc 100 pir 200 be 100 View CoPP information OS10# show control-plane info Queue Rate Limit(in pps) Protocols 0 600 1 1000 2 300 3 1300 4 2000 VLT NDS 5 400 ARP_REQ IPV6_ICMP_REQ 6 400 ARP_RESP IPV6_ICMP IPV6_ICMP_RESP IPV4_
Traffic class ID Queue ID 2 2 3 3 4 4 5 5 6 6 7 7 User–defined QoS map You can override the default mapping by creating QoS map. Configure user–defined QoS map 1 Create a QoS map OS10(config)# qos-map traffic-class tc-q-map 2 Define the set of traffic class values mapped to a queue OS10(config-qos-map)# queue 3 qos-group 0-3 3 Verify the map entries.
Peak rate is the maximum rate for traffic arriving or leaving an interface under normal traffic conditions. Peak burst size indicates the maximum size of unused peak bandwidth that is aggregated. This aggregated bandwidth enables brief durations of burst traffic that exceeds the peak rate.
OS10(config-pmap-c-qos)# set qos-group 3 OS10(config-pmap-c-qos)# set color yellow Modify packet fields You can modify the value of CoS or DSCP fields. 1 Create a QoS type class-map to match a traffic flow OS10(config)# class-map cmap-dscp-3 OS10(config-cmap-qos)# match ip dscp 3 2 Modify the policy-map to update the DSCP field.
5 Configure a queuing class in POLICY-MAP mode. class class-name 6 Assign a bandwidth percent (1 to 100) to nonpriority queues in POLICY-MAP-CLASS-MAP mode.
2 Enter the output service-policy in SYSTEM-QOS mode or INTERFACE mode.
The buffer usage accounting happens for ingress packets on ingress pools and egress packets on egress pool. You can configure ingress packets buffer accounting per priority-group and egress packet buffer accounting per queue level. Configure ingress buffer Default settings In the default settings for ingress buffers, all traffic classes are mapped to the default priority group and the buffers are reserved per default priority group ID 7.
You can override the default priority group settings when LLFC or PFC is enabled. 1 Create network-qos type class-map to match the traffic classes. For LLFC match all the traffic classes(0-7) and for PFC, match the required traffic class. OS10(config)# class-map type network-qos tc OS10 (config-cmap-nqos)# match qos-group 0-7 2 Create network-qos type policy-map to define the actions for traffic classes, like buffer configuration and thresholds.
3 Configure the exponential weight value for the WRED profile in the WRED CONFIGURATION mode. OS10(config-wred)# random-detect weight 4 4 Enable ECN. OS10(config-wred)# random-detect ecn 5 Enable WRED/ECN on a queue. OS10(config)# class-map type queuing c1 OS10(config-cmap-queuing)# match queue 2 OS10(config-cmap-queuing)# exit OS10(config)# policy-map type queuing p1 OS10(config-pmap-queuing)# class c1 OS10(config-pmap-c-que)# random-detect wred_prof_1 6 Enable WRED/ECN on a port.
class Creates a QoS class for a type of policy-map. Syntax class class—name Parameters class-name — Enter a name for the class-map (up to 32 characters). Default Not configured Command Mode POLICY-MAP-QUEUEING POLICY-MAP-QOS POLICY-MAP-NQOS POLICY-MAP-CP POLICY-MAP-APPLICATION Usage Information If you define a class-map under a policy-map, the type (qos, queuing, or control-plane) is the same as the policy-map. You must create this map in advance.
Example OS10(config)# class-map type qos match-all c1 OS10(conf-cmap-qos)# Command History 10.2.0E or later clear interface priority-flow-control Clears the priority flow control statistics per-port or for all ports. Syntax Parameters clear interface [interface node/slot/port[:subport]] priority-flow-control • interface — (Optional) Enter the interface type. • node/slot/port[:subport] — (Optional) Enter the port information.
• interface ethernet node-id/slot/port-id [:subport] — Clears QoS statistics for an Ethernet interface configured for qos, queuing, or control-plane. Default Not configured Command Mode EXEC Usage Information None Example OS10# clear qos statistics type qos interface ethernet 1/1/5 Example (controlplane) OS10# clear qos statistics type control-plane interface ethernet 1/1/7 Example (queuing) OS10# clear qos statistics type queuing interface ethernet 1/1/2 Supported Releases 10.2.
Default Disabled (off) Command Mode INTERFACE Usage Information The no version of this command returns the value to the default. Example OS10(conf-if-eth1/1/2)# flowcontrol transmit on Supported Releases 10.3.0E or later match Configures match criteria for the QoS policy.
Parameters • cos-value — Enter a CoS value (0 to 7). • not — Enter not to cancel the match criteria. Default Not configured Command Modes CLASS-MAP Usage Information You cannot have two match statements with the same filter-type. If you enter two match statements with the same filter-type, the second statement overwrites the first statement. Example OS10(conf-cmap-qos)# match cos 3 Supported Releases 10.2.0E or later match dscp Configures a DSCP value as a match criteria for a class-map.
• precedence precendence-list — Enter a precedence-list value (0 to 7). Default Not configured Command Mode CLASS-MAP Usage Information You cannot enter two match statements with the same filter-type. If you enter two match statements with the same filter-type, the second statement overwrites the first statement. Example OS10(conf-cmap-qos)# match not ipv6 precedence 3 Supported Releases 10.2.0E or later match queue Configures a match criteria for a queue.
mtu Calculates the buffer size allocation for matched flows. Syntax mtu size Parameters size — Enter the size of the buffer (1500 to 9216). Default 9216 Command Mode POLICY-MAP-CLASS-MAP Usage Information The no version of this command returns the value to the default. Example OS10(conf-pmap-nqos-c)# mtu 2500 Supported Releases 10.3.0E or later pause Enables a pause based on buffer limits for the port to start or stop communication to the peer.
pfc-cos Configures priority flow-control for cost of service (CoS). Syntax pfc-cos cos-value Parameters cos-value — Enter a single, comma-delimited, or hyphenated range of CoS values for priority flow-control to enable (0 to 7). Default Not configured Command Mode POLICY-MAP-CLASS-MAP Usage Information To configure link-level flow-control, do not configure pfc-cos for the matched class for this policy.
pfc-shared-buffer-size Changes the shared buffers size limit for priority flow-control enabled flows. Syntax pfc-shared-buffer-size buffer-size Parameters buffer-size — Enter the size of the priority flow-control buffer in KB (0 to 8911). Default 832 KB Command Mode SYSTEM-QOS Usage Information The no version of this command returns the value to the default. Example OS10(conf-sys-qos)# pfc-shared-buffer-size 2000 Supported Releases 10.3.
Defaults • be peak-burst-size — (Optional) Enter a peak burst size in kilo bytes (16 to 200000). • bc committed-burst-size value is 200 KB for control plane and 100 KB for all other class-map types • be peak-burst-size value is 200 KB for control plane and 100 KB for all other class-map types Command Mode POLICY-MAP-CLASS-MAP Usage Information If you do not provide the peak-rate pir values, the committed-rate cir values are taken as the pir values.
Command Mode POLICY-MAP-CLASS-MAP Usage Information If you use this command, bandwidth is not allowed. Only the egress QoS policy type supports this command. Example OS10(conf-pmap-que)# priority Supported Releases 10.2.0E or later priority-flow-control mode Enables or disables priority flow-control mode on an interface. Syntax priority-flow-control mode [on] Parameters • on — (Optional) Enables priority flow-control mode.
qos-group dscp Configures a dscp trust map to the traffic class. Syntax Parameters qos-group tc-list [dscp values] • qos-group tc-list — Enter the traffic single value class ID (0 to 7). • dscp values — (Optional) Enter either single, comma-delimited, or a hyphenated range of dscp values (0 to 63). Default 0 Command Mode TRUST-MAP Usage Information If the trust map does not define dscp values to any traffic class, those flows are mapped to the default traffic class (0).
• static thresh-value — (Optional) Enter the static shared buffer threshold value in Bytes.(1 to 65535). Default Not configured Command Mode POLICY-MAP-CLASS-MAP Usage Information Use the queue-len value parameter to set the minimum guaranteed queue length for a queue. The no version of this command returns the value to the default.
Usage Information If the trust map does not define traffic class values to a queue, those flows are mapped to the default queue (0). If some of the traffic class values are already mapped to an existing queue, you will receive an error. The no version of this command returns the value to the default. Example OS10(conf-tmap-tc-queue-qos)# queue 2 qos-group 5 Supported Releases 10.3.0E or later random-detect (interface) Assigns a WRED profile to the specified interface.
• minimum-value — Enter the minimum threshold value for the specified color (1 to 12480). • maximum-value — Enter the maximum threshold value for the specified color (1 to 12480). • drop-rate — Enter the rate of drop precedence in percentage (0 to 100). Default Not configured Command Mode WRED CONFIGURATION Usage Information The no version of this command removes the WRED profile.
random-detect weight Configures the exponential weight value used to calculate the average queue depth for the WRED profile. Syntax random-detect weight weight-value Parameters weight-value — Enter a value for the weight (1 to 15). Default Not configured Command Mode WRED CONFIGURATION Usage Information The no version of this command removes the weight factor from the WRED profile. Example OS10(config)# wred test_wred OS10(config-wred)# random-detect weight 10 Supported Releases 10.4.
Parameters cos-value — Enter a CoS value (0 to 7). Default Not configured Command Mode POLICY-MAP-CLASS-MAP Usage Information You cannot enter two set statements with the same action-type. If you enter two set statements with the same action-type, the second statement overwrites the first. When class-map type is qos, the qos-group corresponds to data queues 0 to 7. Example OS10(conf-pmap-c-qos)# set cos 6 Supported Releases 10.2.
Supported Releases 10.2.0E or later shape Shapes the outgoing traffic rate. Syntax Parameters shape {min {kbps | mbps | pps} min-value [burst-size]} {max {kbps | mbps | pps} max-value [max-burst-size]} • min — Enter the minimum committed rate in unit (kbps, mbps, or pps). • kbps — Enter the committed rate unit in kilobits per second (0 to 40000000). • mbps — Enter the committed rate unit in megabits per second (0 to 40000).
Example OS10# show class-map type qos c1 Class-map (qos): c1 (match-all) Match(not): ip-any dscp 10 Supported Releases 10.2.0E or later show control-plane info Displays control-plane queue mapping and rate limits. Syntax show control-plane info Parameters None Default Not configured Command Mode EXEC Usage Information Monitors statistics for the control-plane and to troubleshoot CoPP.
8 9 10 11 Supported Releases 14140 0 0 0 2569184 0 0 0 0 0 0 0 0 0 0 0 10.2.0E or later show interface priority-flow-control Displays the priority flow-control, operational status, CoS bitmap, and statistics per port. Syntax show interface ethernet 1/1/1 priority-flow-control [details] Parameters details — (Optional) Displays all priority flow control information for an interface.
flow-control-tx: Disabled Service-policy (Input)(qos): p1 Supported Releases 10.2.0E or later show policy-map Displays information on all existing policy-maps. Syntax show policy-map type {control-plane | qos | queuing | network-qos}] [policymap-name] Parameters • type — Enter the policy-map type (qos, queuing, or control-plane). • qos — Displays all policy-maps of qos type. • queuing — Displays all policy-maps configured of queuing type.
show qos egress bufffers interface Displays egress buffer configurations. Syntax Parameters show qos egress buffers interface [interface node/slot/port[:subport]] • interface — (Optional) Enter the interface type. • node/slot/port[:subport] — (Optional) Enter the port information.
6 7 OS10# Supported Releases 0 0 0 0 0 0 0 0 10.3.0E or later show qos ingress buffers interface Displays interface buffer configurations. Syntax show qos ingress buffers interface [interface node/slot/port[:subport]] Parameters • interface — (Optional) Enter the interface type. • node/slot/port[:subport] — (Optional) Enter the port information.
• node/slot/port[:subport] — (Optional) Enter the port information. Default Not configured Command Mode EXEC Usage Information None Example OS10(config)# show qos ingress buffer-stats interface ethernet 1/1/15 Interface : ethernet1/1/15 Speed : 10G Priority Used reserved Used shared Used HDRM Group buffers buffers buffers -----------------------------------------------0 9360 681824 35984 1 0 0 0 2 0 0 0 3 0 0 0 4 0 0 0 5 0 0 0 6 0 0 0 7 0 0 0 Supported Releases 10.3.
show qos system Displays the QoS configuration applied to the system. Syntax show qos system Parameters None Default Not configured Command Mode EXEC Usage Information View and verify system-level service-policy configuration information. Example OS10# show qos system Service-policy (Input) (qos) : policy1 Service-policy (Output)(queuing) : policy2 Supported Releases 10.2.0E or later show qos system buffers Displays the system buffer configurations and utilization.
show qos maps Displays the active system trust map. Syntax Parameters show qos maps type {tc-queue | trust-map-dot1p | trust-map dscp} trust-map-name • dot1p — Enter to view the dot1p trust map. • dscp — Enter to view the dscp trust map. • tc-queue—Enter to view the traffic class to queue map. • trust-map — Enter the name of the trust map.
DSCP Priority to Traffic-Class Map : dscp-trustmap1 Traffic-Class DSCP Priority ------------------------------0 8-15 2 16-23 1 0-7 Default Dot1p Priority to Traffic-Class Map Traffic-Class DOT1P Priority ------------------------------0 1 1 0 2 2 3 3 4 4 5 5 6 6 7 7 Default Dscp Priority to Traffic-Class Map Traffic-Class DSCP Priority ------------------------------0 0-7 1 8-15 2 16-23 3 24-31 4 32-39 5 40-47 6 48-55 7 56-63 Default Traffic-Class to Queue Map Traffic-Class Queue number ----------------------
Parameters wred-profile-name — (Optional) Enter the Ethernet interface information. Default Not configured Command Mode EXEC Usage Information None Example OS10# show qos wred-profile Profile Name | Green | Yellow MIN MAX DROP-RATE| MIN MAX DROP-RATE| MIN MAX D KB KB %| KB KB %| KB KB --------------------------------|-------------------------------|----------------------- Supported Releases system qos Enters SYSTEM-QOS mode to configure system-level service policies.
trust dot1p-map Creates user-defined trust map for dot1p flows. Syntax trust dot1p-map map-name Parameters map-name — Enter the name of the dot1p trust map (up to 32 characters). Default Not configured Command Mode CONFIGURATION Usage Information If trust is enabled, traffic obeys the dot1p map. default-dot1p-trust is a reserved trust-map name. The no version of this command returns the value to the default.
OS10(config-qos-map)# queue 3 qos-group 7 OS10(config-qos-map)# Supported Releases 10.3.0E or later trust-map Applies a dot1p or dscp traffic class to a queue trust map. Syntax Parameters trust {dot1p | dscp} trust-map-name • dot1p— Applies a dot1p trust map. • dscp—Applies a dscp trust map. Default Disabled Command Mode SYSTEM-QOS INTERFACE Usage Information Use the show qos maps type [tc-queue | trust-map-dot1p | trust-map-dscp] [string] command to view the current trust mapping.
10 Virtual link trunking Virtual link trunking (VLT) is a Layer 2 (L2) aggregate protocol between end devices (servers) connected to different network devices. VLT reduces the role of spanning tree protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distribution or core switches and supporting a loop-free topology.
VLT physical ports 802.1p, 802.1q, LLDP, flow control, port monitoring, and jumbo frames are supported on VLT physical ports. System management protocols All system management protocols are supported on VLT ports — SNMP, RMON, AAA, ACL, DNS, FTP, SSH, syslog, NTP, RADIUS, SCP, and LLDP. L3 VLAN connectivity Enable L3 VLAN connectivity (VLANs assigned with an IP address) on VLT peers by configuring a VLAN interface for the same VLAN on both devices.
• In a VLT domain, the peer network devices must run the same OS10 software version. • Configure the same VLT domain ID on peer devices. If a VLT domain ID mismatch occurs on VLT peers, the VLTi does not activate. • In a VLT domain, VLT peers support connections to network devices that connect to only one peer. VLT interconnect A VLTi is the link that synchronizes states between VLT peers. OS10 automatically adds VLTi ports to VLANs spanned across VLT peers.
RSTP configuration RSTP mode is supported on VLT ports. Before you configure VLT on peer switches, configure RSTP in the network. RSTP prevents loops during the VLT startup phase. • Enable RSTP on each peer node in CONFIGURATION mode.
RPVST+ configuration RPVST+ mode is supported on VLT ports. Before you configure VLT on peer switches, configure RPVST+ in the network. You can use RPVST+ for initial loop prevention during the VLT startup phase. Configure RPVST+ on both the VLT peers. This creates an RPVST+ instance for every VLAN configured in the system. The RPVST+ instances in the primary VLT peer control the VLT LAGs on both the primary and secondary peers. • Enable RPVST+ on each peer node in CONFIGURATION mode.
1 Configure a VLT domain and enter VLT-DOMAIN mode. Configure the same VLT domain ID on each peer, from 1 to 255. vlt-domain domain-id 2 Repeat the steps on the VLT peer to create the VLT domain. Peer 1 OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# Peer 2 OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# VLTi configuration Before you configure VLTi on peer interfaces, remove each interface from L2 mode with the no switchport command, see VLT interconnect.
Configure VLT LAG — peer 1 OS10(config)# interface port-channel 10 OS10(conf-if-po-10)# vlt-port-channel 1 Configure VLT LAG — peer 2 OS10(config)# interface port-channel 20 OS10(conf-if-po-20)# vlt-port-channel 1 VLT unicast routing VLT unicast routing enables optimized routing where packets destined for the L3 endpoint of the VLT peer are locally routed. VLT unicast routing is supported for IPv4 and IPv6. To enable VLT unicast routing, both VLT peers must be in L3 mode.
Configure VRRP active-active mode — peer 1 OS10(conf-if-vl-10)# vrrp mode active-active Configure VRRP active-active mode — peer 2 OS10(conf-if-vl-10)# vrrp mode active-active View VRRP configuration OS10# show running-configuration interface vlan 10 ! interface vlan10 no shutdown no vrrp mode active-active OS10# Migrate VMs across data centers OS10 does not support proxy gateway. Instead of proxy gateway, you can use VRRP in VLANs to migrate virtual machines across data centers.
• Server racks, Rack 1 and Rack 2, are part of data centers DC1 and DC2, respectively. • Rack 1 is connected to devices A1 and B1 in a Layer 2 network segment. • Rack 2 is connected to devices A2 and B2 in a Layer 2 network segment. • A VLT link aggregation group (LAG) is present between A1 and B1 as well as A2 and B2. • A1 and B1 are connected to core routers, C1 and D1 with VLT routing enabled. • A2 and B2 are connected to core routers, C2 and D2, with VLT routing enabled.
C1(conf-vlt-10)# peer-routing C1(conf-vlt-10)# exit • Configure VRRP on L2 links between core routers: C1(config)# interface vlan 100 C1(conf-if-vl-100)# ip address 10.10.100.
D1(conf-if-eth1/1/4)# channel-group 10 D1(conf-if-eth1/1/4)# exit • Configure OSPF on L3 side of core router: D1(config)# router ospf 100 D1(conf-router-ospf-100)# exit D1(config)# interface vlan 200 D1(conf-if-vl-200)# ip ospf 100 area 0.0.0.
C2(conf-if-eth1/1/6)# channel-group 20 C2(conf-if-eth1/1/6)# exit Sample configuration of D2: • Configure peer routing: D2(config)# vlt-domain 20 D2(conf-vlt-20)# discovery-interface ethernet1/1/1 D2(conf-vlt-20)# discovery-interface ethernet1/1/2 D2(conf-vlt-20)# peer-routing D2(conf-vlt-20)# exit • Configure VRRP on L2 links between core routers: D2(config)# interface vlan 100 D2(conf-if-vl-100)# ip address 10.10.100.
• View the current configuration of all VLT domains in EXEC mode. show running-configuration vlt View peer-routing information OS10# show vlt 1 Domain ID Unit ID Role Version Local System MAC address VLT MAC address IP address Delay-Restore timer Peer-Routing Peer-Routing-Timeout timer VLTi Link Status port-channel1000 : : : : : : : : : : 1 1 primary 1.
VLT VLAN mismatch: VLT ID : 1 VLT Unit ID Mismatch VLAN List -------------------------------* 1 1 2 2 VLT ID : 2 VLT Unit ID Mismatch VLAN List ---------------------------------* 1 1 2 2 View VLT port details * indicates the local peer OS10# show vlt 1 vlt-port-detail VLT port channel ID : 1 VLT Unit ID Port-Channel Status Configured ports Active ports ---------------------------------------------------------------------* 1 port-channel1 down 2 0 2 port-channel1 down 2 0 VLT port channel ID : 2 VLT Unit ID
• vrf management — (Optional) Configures the management VRF instance for the backup IPv4 or IPv6 address. Default Not configured Command Mode VLT-DOMAIN Usage Information The no version of this command removes the IP address from the backup link. Example OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.151.110 vrf management OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination ipv6 1::1 vrf management Supported Releases 10.3.
Example (range) OS10(config)# vlt-domain 2 OS10(conf-vlt-2)# discovery-interface ethernet 1/1/1-1/1/12 Supported Releases 10.2.0E or later peer-routing Enables or disables L3 routing to peers. Syntax peer-routing Parameters None Default Disabled Command Mode VLT-DOMAIN Usage Information The no version of this command disables L3 routing. Example OS10(conf-vlt-1)# peer-routing Supported Releases 10.2.
Usage Information None Example OS10# show spanning-tree virtual-interface VFP(VirtualFabricPort) of RSTP 1 is Designated Forwarding Edge port: No (default) Link type: point-to-point (auto) Boundary: No, Bpdu-filter: Disable, Bpdu-Guard: Disable, Shutdown-on-Bpdu-Guard-violation: No Root-Guard: Disable, Loop-Guard: Disable Bpdus (MRecords) Sent: 11, Received: 7 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID -----------------------------------------------------------------------------
Command Mode EXEC Usage Information None Example OS10# show vlt 1 Domain ID Unit ID Role Version Local System MAC address VLT MAC address IP address Delay-Restore timer Peer-Routing Peer-Routing-Timeout timer VLTi Link Status port-channel1000 : : : : : : : : : : 1 1 primary 1.
Example OS10# show vlt-mac-inconsistency Checking Vlan 228 .. Found 7 inconsistencies ..
No mismatch VLT VLAN mismatch: VLT ID : 1 VLT Unit ID Mismatch VLAN List ---------------------------------* 1 1 2 2 VLT ID : 2 VLT Unit ID Mismatch VLAN List ----------------------------------* 1 1 2 2 Example (mismatch peer routing) OS10# show vlt 1 mismatch peer-routing Peer-routing mismatch: VLT Unit ID Peer-routing ----------------------------------* 1 Enabled 2 Disabled Example (mismatch VLAN) OS10# show vlt 1 mismatch vlan VLT Unit ID Mismatch VLAN List ----------------------------------* 1 2 4 Ex
Supported Releases 10.2.0E or later show vlt vlt-port-detail Displays detailed status information about VLT ports. Syntax show vlt id vlt-port-detail Parameters id — Enter a VLT domain ID, from 1 to 255. Default Not configured Command Mode EXEC Usage Information The * in the mismatch output indicates a local node entry.
Parameters vlt-lag-id — Enter a VLT port-channel ID, from 1 to 1024. Default Not configured Command Mode PORT-CHANNEL INTERFACE Usage Information Assign the same VLT port-channel ID to interfaces on VLT peers to create a VLT port-channel. The no version of this command removes the VLT port-channel ID configuration. Example (peer 1) OS10(conf-if-po-10)# vlt-port-channel 1 Example (peer 2) OS10(conf-if-po-20)# vlt-port-channel 1 Supported Releases 10.2.
11 Converged data center services OS10 supports converged data center services, including IEEE 802.1 data center bridging (DCB) extensions to classic Ethernet. DCB provides I/O consolidation in a data center network. Each network device carries multiple traffic classes while ensuring lossless delivery of storage traffic with best-effort for LAN traffic and latency-sensitive scheduling of service traffic. • 802.1Qbb — Priority flow control • 802.1Qaz — Enhanced transmission selection • 802.
PFC configuration notes • PFC is supported for 802.1p priority traffic (dot1p 0 to 7). FCoE traffic traditionally uses dot1p priority 3 — iSCSI storage traffic uses dot1p priority 4. • Configure PFC for ingress traffic by using network-qos class and policy maps (see Quality of Service). The queues used for PFCenabled traffic are treated as lossless queues. Configure the same network-qos policy map on all PFC-enabled ports.
trust dot1p exit 2 Apply the qos trust policy to ingress traffic in SYSTEM-QOS or INTERFACE mode. service-policy input type qos trust-policy—map-name Configure a non-default dot1p-priority-to-traffic class mapping 1 Configure a trust map of dot1p traffic classes in CONFIGURATION mode. A trust map does not modify ingress dot1p values in output flows. Assign a qos-group to trusted dot1p values in TRUST mode using 1-to-1 mappings. Dot1p priorities are 0-7.
Configure PFC Priority flow control (PFC) provides a pause mechanism based on the 802.1p priorities in ingress traffic. PFC prevents frame loss due to network congestion. Configure PFC lossless buffers, and enable pause frames for dot1p traffic on a per-interface basis. Repeat the PFC configuration on each PFC-enabled interface. PFC is disabled by default. Decide if you want to use the default dot1p-priority-to-traffic class mapping and the default traffic-class-to-queue mapping.
1 Apply the PFC service policy on an ingress interface or interface range in INTERFACE mode. interface ethernet node/slot/port:[subport] service-policy input type network-qos policy—map-name interface range ethernet node/slot/port:[subport]-node/slot/port[:subport] service-policy input type network-qos policy—map-name 2 Enable PFC (without DCBX) for FCoE and iSCSI traffic in INTERFACE mode. priority-flow-control mode on Configure PFC PFC is enabled on traffic classes with dot1p 3 and 4 traffic.
View PFC ingress buffer configuration OS10(config)# show qos ingress buffer interface Interface ethernet 1/1/1 Speed 40G -----------------------------------------------------------------------------PG# PRIORITIES qos ALLOTED (Kb) group Reserved Shared buffer XOFF XON shared buffer id buffers MODE threshold threshold threshold -----------------------------------------------------------------------------0 4 4 35 DYNAMIC 9 9 8 1 3 3 35 DYNAMIC 9 9 8 2 0 STATIC 0 0 0 3 0 STATIC 0 0 0 4 0 STATIC 0 0 0 5 0 STATIC
pause Configures the ingress buffer and pause frame settings used for PFC traffic classes. Syntax pause [buffer-size kilobytes pause-threshold kilobytes resume-threshold kilobytes] Parameters Defaults • buffer-size kilobytes — Enter the reserved (guaranteed) ingress-buffer size in kilobytes for PFC dot1p traffic (0 to 7787). • pause-threshold kilobytes — Enter the threshold used to send pause frames in kilobytes to a transmitting device (0 to 7787).
Default Not configured Command Mode POLICY-CLASS NETWORK-QOS Usage Information When you enter PFC-enabled dot1p priorities with pfc-cos, the dot1p values must be the same as the match qos-group (traffic class) numbers in the network-qos class map used to define the PFC traffic class (see Configure PFC Example). A qos-group number is used only internally to classify ingress traffic classes.
and link-layer flow control (LLFC) at the same time on an interface. The no version of this command disables PFC on an interface. When you disable PFC, remove the PFC network-qos policy-class map applied to the interface. Example OS10(conf-if-eth1/1/1)# priority-flow-control mode on Supported Releases 10.3.0E or later queue-limit Sets the static and dynamic thresholds used to limit the shared-buffer size of PFC traffic-class queues.
Cos Rx Tx ----------------------0 0 0 1 0 0 2 0 0 3 0 587236 4 0 0 5 0 0 6 0 0 7 0 0 Supported Releases 10.3.0E or later Enhanced transmission selection Enhanced transmission selection (ETS) provides customized bandwidth allocation to 802.1p classes of traffic. Assign different amounts of bandwidth to traffic classes (Ethernet, FCoE, or iSCSI) that require different bandwidth, latency, and best-effort treatment during network congestion. ETS divides traffic into different priority groups using their 802.
• • • An ETS-enabled interface operates with dynamic weighted round robin (DWRR) or strict priority scheduling. OS10 control traffic is sent to control queues, which have a strict priority that is higher than data traffic queues. ETS-allocated bandwidth is not supported on a strict priority queue. A strict priority queue receives bandwidth only from DCBX TLVs. The CEE/IEEE2.5 versions of ETS TLVs are supported. ETS configurations are received in a TLV from a peer.
trust-map dscp dscp-map-name qos-map traffic-class queue-map-name Or interface {ethernet node/slot/port[:subport] | range ethernet node/slot/port[:subport]-node/ slot/port[:subport]} trust-map dot1p dot1p-map-name trust-map dscp dscp-map-name qos-map traffic-class queue-map-name 7 Apply the qos trust policy to ingress traffic in SYSTEM-QOS or INTERFACE mode. service-policy input type qos trust-policy—map-name 8 Apply the queuing policy to egress traffic in SYSTEM-QOS or INTERFACE mode.
unknown-unicast-storm-control : Disabled multicast-storm-control : Disabled broadcast-storm-control : Disabled flow-control-rx : Disabled flow-control-tx : Disabled ets mode : Disabled Dot1p-tc-mapping : dot1p_map1 Dscp-tc-mapping : dscp_map1 tc-queue-mapping : tc-q-map1 View QoS maps: traffic-class to queue mapping OS10# show qos maps Traffic-Class to Queue Map: tc-q-map1 queue 0 qos-group 0 queue 1 qos-group 1 Traffic-Class to Queue Map: dot1p_map1 qos-group 0 dot1p 0-3 qos-group 1 dot1p 4-7 DSCP Priority
DCBX configuration notes • • • • • • • • • To exchange link-level configurations in a converged network, DCBX is a prerequisite for using DCB features, such as PFC and ETS. DCBX is also deployed in topologies that support lossless operation for FCoE or iSCSI traffic. In these scenarios, all network devices must be DCBX-enabled so that DCBX is enabled end-to-end. DCBX uses LLDP to advertise and automatically negotiate the administrative state and PFC/ETS configuration with directly connected DCB peers.
2 • auto — Automatically selects the DCBX version based on the peer response (default). • cee — Sets the DCBX version to CEE. • ieee — Sets the DCBX version to IEEE 802.1Qaz. (Optional) A DCBX-enabled port advertises all TLVs by default. If PFC or ETS TLVs are disabled, enter the command in INTERFACE mode to re-enable PFC or ETS TLV advertisements. dcbx tlv-select {ets-conf | ets-reco | pfc} • ets-conf — Enables ETS configuration TLVs. • ets-reco — Enables ETS recommendation TLVs.
View DCBX PFC TLV status OS10# show lldp dcbx interface ethernet 1/1/15 pfc detail Interface ethernet1/1/15 Admin mode is on Admin is enabled, Priority list is 4,5,6,7 Remote is enabled, Priority list is 4,5,6,7 Remote Willing Status is disabled Local is enabled, Priority list is 4,5,6,7 Oper status is init PFC DCBX Oper status is Up State Machine Type is Feature PFC TLV Tx Status is enabled Application Priority TLV Parameters : -------------------------------------ISCSI TLV Tx Status is enabled Local ISCSI
PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3 70% ETS 1 4,5,6,7 30% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP 15 0% SP Oper status is init ETS DCBX Oper status is Up State Machine Type is Feature Conf TLV Tx Status is enabled Reco TLV Tx Status is disabled 220 Input Conf TLV Pkts, 396 Output Conf TLV Pkts, 0 Error Conf TLV Pkts DCBX commands dcbx enable Enables DCBX globally on all port interfaces.
Default DCBX advertises PFC, ETS Recommendation, and ETS Configuration TLVs. Command Mode INTERFACE Usage Information A DCBX-enabled port advertises all TLVs to DCBX peers by default. If PFC or ETS TLVs are disabled, enter the command to re-enable PFC or ETS TLV advertisements. You can enable multiple TLV options (ets-conf, ets-reco, and pfc) with the same command. Example OS10(conf-if-eth1/1/2)# dcbx tlv-select ets-conf pfc Supported Releases 10.3.
show lldp dcbx interface Displays DCBX configuration and PFC or ETS TLV status on an interface. Syntax show lldp dcbx interface ethernet node/slot/port[:subport] [ets detail | pfc detail] Parameters • interface ethernet node/slot/port[:subport] — Enter interface information. • ets detail — Display ETS TLV status and operation with DCBX peers. • pfc detail — Display PFC TLV status and operation with DCBX peers.
2 3 4 5 6 7 0% 0% 0% 0% 0% 0% SP SP SP SP SP SP Remote Parameters : ------------------Remote is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3 70% ETS 1 4,5,6,7 30% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP Remote Willing Status is disabled Local Parameters : ------------------Local is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3 70% ETS 1 4,5,6,7 30% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7
Supported Releases 10.3.0E or later Internet small computer system interface iSCSI is a TCP/IP-based protocol for establishing and managing connections between servers and storage devices in a data center network. After you enable iSCSI, iSCSI optimization automatically detects Dell EqualLogic storage arrays directly attached to switch ports. To support storage arrays where auto-detection is not supported, manually configure iSCSI optimization using the iscsi profilestorage name command.
In an iSCSI session, a switch connects CNA servers (iSCSI initiators) to a storage array (iSCSI targets) in a storage area network (SAN) or TCP/IP network. iSCSI optimization running on the switch uses dot1p priority-queue assignments to ensure that iSCSI traffic receives priority treatment. iSCSI configuration notes • • • • When you enable iSCSI optimization, the switch auto-detects and auto-configures for Dell EqualLogic storage arrays directly connected to an interface.
If you do not configure an iscsi priority-bits dot1p value and you configure a set cos value in Step 6, the set cos value is sent in iSCSI application TLVs. If you configure neither the iscsi priority-bits nor the set cos value, the default dot1p 4 is advertised. iscsi priority-bits dot1p-bitmap 10 Enable iSCSI auto-detection and auto-configuration on the switch in CONFIGURATION mode.
---------------------------------------------------------10.10.10.210 54835 10.10.10.40 3260 1 OS10# show iscsi storage-devices Interface Name Storage Device Name Auto Detected Status ----------------------------------------------------------ethernet1/1/23 EQL-MEM true iSCSI synchronization on VLT An iSCSI session is considered to be learnt on VLT LAG during the following scenarios: • If the iSCSI session receives control packets, as login-request or login-response, on the VLT LAG.
Default Enabled on S4048T-ON/S4048-ON; disabled on others Command Mode CONFIGURATION Usage Information iSCSI optimization automatically detects storage arrays and auto-configures switch ports with the iSCSI parameters received from a connected device. The no version of this command disables iSCSI auto-detection. Example OS10(config)# iscsi enable Supported Releases 10.3.0E or later iscsi priority-bits Resets the priority bitmap advertised in iSCSI application TLVs.
iscsi session-monitoring enable Enables iSCSI session monitoring. Syntax iscsi session-monitoring enable Parameter None Default Disabled Command Mode CONFIGURATION Usage Information Use the iscsi aging time command to configure the aging timeout in iSCSI monitoring sessions, and use the iscsi target port command to configure the TCP ports that listen for connected storage devices in iSCSI monitoring sessions. The no version of this command disables iSCSI session monitoring.
priority-bits command to DCBX peers. If you do not configure an iSCSI dot1p-bitmap value, iSCSI application TLVs advertise dot1p 4 by default only if you configure dot1p 4 as a PFC priority with the pfc-cos command. The no version of this command disables iSCSI TLV transmission. Example OS10(conf-if-eth1/1/1)# lldp tlv-select dcbxp-appln iscsi Supported Releases 10.3.0E or later show iscsi Displays currently configured iSCSI settings.
Session 2 -----------------------------------------------Target:iqn.2001-05.com.equallogic:0-8a0906-01251a00c-8ab26939fbd510a1-518 Initiator:iqn.1991-05.com.microsoft:win-rlkpjo4jun2 Up Time:00:00:16:02(DD:HH:MM:SS) Time for aging out:29:23:59:35(DD:HH:MM:SS) ISID:400001370000 Initiator Initiator Target Target Connection IP Address TCP Port IP Address TCP Port ID ---------------------------------------------------------10.10.10.210 54835 10.10.10.40 3260 1 Supported Releases 10.3.
• The default class-trust class map honors dot1p priorities in ingress flows and applies a 1-to-1 dot1p-to-qos-group and a 1-to-1 qosgroup-to-queue mapping. In OS10, qos-group represents a traffic class used only for internal processing. 1. DCBX configuration (global) Configure DCBX globally on a switch to enable the exchange of DCBX TLV messages with PFC, ETS, and iSCSI configurations. OS10# configure terminal OS10(config)# dcbx enable 2.
A trust dot1p-map assigns dot1p 0, 1, 2, and 3 traffic to qos-group 0, and dot1p 4, 5, 6, and 7 traffic to qos-group 1. A qos-map traffic-class map assigns the traffic class in qos-group 0 to queue 0, and qos-group 1 traffic to queue 1. A queuing policy map assigns 30% of interface bandwidth to queue 0, and 70% of bandwidth to queue 1. The pclass policy map applies trust to all dot1p ingress traffic. Trust does not modify ingress dot1p values in output flows.
ets mode on qos-map traffic-class tmap2 trust-map dot1p tmap1 priority-flow-control mode on 7.
PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3, 30% ETS 1 4,5,6,7 70% ETS 2 0% ETS 3 0% ETS 4 0% ETS 5 0% ETS 6 0% ETS 7 0% ETS Remote Parameters : ------------------Remote is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3, 30% ETS 1 4,5,6,7 70% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP Remote Willing Status is disabled Local Parameters : ------------------Local is enabled PG-grp Priority# Bandwidth TSA -----
OS10(config)# system qos OS10(config-sys-qos)# service-policy type application policy-iscsi OS10(config-sys-qos)# exit OS10(config)# iscsi session-monitoring enable OS10(config)# iscsi priority-bits 0x40 OS10(config)# iscsi enable 11. Verify iSCSI optimization (global) After you enable iSCSI optimization, the iSCSI application priority TLV parameters are added in the show command output to verify a PFC configuration.
Local DCBX Configured mode is CEE Peer Operating version is CEE Local DCBX TLVs Transmitted: ErPfi Local DCBX Status ----------------DCBX Operational Version is 0 DCBX Max Version Supported is 0 Sequence Number: 2 Acknowledgment Number: 1 Protocol State: In-Sync Peer DCBX Status ----------------DCBX Operational Version is 0 DCBX Max Version Supported is 0 Sequence Number: 1 Acknowledgment Number: 2 3 Input PFC TLV pkts, 3 Output PFC TLV pkts, 0 Error PFC pkts 3 Input PG TLV Pkts, 3 Output PG TLV Pkts, 0 Err
12 sFlow sFlow is a standard-based sampling technology embedded within switches and routers that monitors network traffic. It provides traffic monitoring for high-speed networks with many switches and routers.
Enable or disable sFlow on a specific interface • Enable sFlow in CONFIGURATION mode. sflow enable • Disable sFlow in CONFIGURATION mode.
sflow enable ! Collector configuration Configure the IPv4 or IPv6 address for the sFlow collector. You can configure a maximum of two sFlow collectors. If you specify two collectors, the samples are sent to both. The agent IP address must be the same for both the collectors. • Enter an IPv4 or IPv6 address for the sFlow collector, IPv4 or IPv6 address for the agent, UDP collector port number (default 6343), maximum datagram size (up to 1400), and the VRF instance number in CONFIGURATION mode.
interface ethernet1/1/1 sflow enable ! Sample-rate configuration Sampling rate is the number of packets skipped before the sample is taken. If the sampling rate is 4096, one sample generates for every 4096 packets observed. • Set the sampling rate in CONFIGURATION mode, from 4096 to 65535. The default is 32768. sflow sample-rate sampling-size • Disable packet sampling in CONFIGURATION mode. no sflow sample-rate • View the sampling rate in EXEC mode.
0 UDP packets dropped 34026 sFlow samples collected • View sFlow configuration details on a specific interface in EXEC mode. OS10# show sflow interface port-channel 1 port-channel1 sFlow is enabled on port-channel1 Samples rcvd from h/w: 0 • View the sFlow running configuration in EXEC mode. OS10# show running-configuration sflow sflow enable sflow max-header-size 80 sflow polling-interval 30 sflow sample-rate 4096 sflow collector 10.16.150.1 agent-addr 10.16.132.
sflow enable Enables sFlow on a specific interface or globally on all interfaces. Syntax sflow enable [all-interfaces] Parameters all-interfaces — (Optional) Enter to enable sFlow globally. Default Disabled Command Mode CONFIGURATION Usage Information The no version of this command to disables sFlow.
Defaults 30 Command Mode CONFIGURATION Usage Information The polling interval for an interface is the number of seconds between successive samples of counters sent to the collector. You can configure the duration for polled interface statistics. The no version of the command resets the interval time to the default value. Example OS10(conf)# sflow polling-interval 200 Supported Releases 10.3.0E or later sflow sample-rate Configures the sampling rate.
0 UDP packets dropped 34026 sFlow samples collected Example (portchannel) OS10# show sflow interface port-channel 1 port-channel1 sFlow is enabled on port-channel1 Samples rcvd from h/w: 0 Supported Releases 10.3.
13 Troubleshoot OS10 Critical workloads and applications require constant availability. Dell EMC Networking offers tools to help you monitor and troubleshoot problems before they happen.
* 1 1 1 1 1 1 S4048T-ON S4048T-ON-PWR-1-UNKNOW S4048T-ON-FANTRAY-1 S4048T-ON-FANTRAY-2 S4048T-ON-FANTRAY-3 S4048T-ON-FANTRAY-4 0YVCK0 X01 061DJT 061DJT 061DJT 061DJT X01 X01 X01 X01 TW-0YVCK0-28298-615-0023 ---TW-061DJT-28298-615-0089 TW-061DJT-28298-615-0090 TW-061DJT-28298-615-0091 TW-061DJT-28298-615-0092 Boot partition and image Display system boot partition–related and image-related information. • View all boot information in EXEC mode. show boot • View boot details in EXEC mode.
1 root 2 root 3 root 5 root 7 root 8 root 10 root 11 root 12 root 13 root 14 root 15 root 16 root 17 root 19 root 20 root 21 root 22 root 23 root 24 root 25 root --more-- 20 20 20 0 20 20 20 20 20 rt rt rt rt 20 0 0 20 0 20 0 25 0 0 0 -20 0 0 0 0 0 0 0 0 0 0 -20 -20 0 -20 0 -20 5 112100 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 5840 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3032 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 S S S S R S S S S S S S S S S S S S S S S 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.
Capture packets from Ethernet interface $ tcpdump -i e101-003-0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on e101-003-0, link-type EN10MB (Ethernet), capture size 262144 bytes 01:39:22.457185 IP 3.3.3.1 > 3.3.3.4: ICMP echo request, id 5320, seq 26, length 64 01:39:22.457281 IP 3.3.3.1 > 3.3.3.
When you execute traceroute, the output shows the path a packet takes from your device to the destination IP address. It also lists all intermediate hops (routers) that the packet traverses to reach its destination, including the total number of hops traversed. Check IPv4 connectivity OS10# ping 172.31.1.255 Type Ctrl-C to abort. Sending 5, 100-byte ICMP Echos to 172.31.1.255, timeout is 2 seconds: Reply to request 1 from 172.31.1.208 0 ms Reply to request 1 from 172.31.1.
1 3ffe:501:ffff:100:201:e8ff:fe00:4c8b 000.000 ms 000.000 ms 000.000 ms View diagnostics View system diagnostic information using show commands. The show hash-algorithm command is used to view the current hash algorithms configured for LAG and ECMP.
Software Version Physical Ports BIOS System CPLD Master CPLD Slave CPLD : : : : : : 10.3.9999E(X) 48x10GbE, 6x40GbE 3.21.0.
Default Not configured Command Mode EXEC Usage Information Use the location-led system command to change the location LED for the specified system ID. Example OS10# location-led system 1 on OS10# location-led system 1 off Supported Releases 10.3.0E or later ping Tests network connectivity to an IPv4 device.
• -p pattern — (Optional) Enter up to 16 pad bytes to fill out the packet you send to diagnose data-related problems in the network (for example, -p ff fills the sent packet with all 1’s. • -Q tos — (Optional) Enter the number of datagrams (up to 1500 bytes in decimal or hex) to set quality of service (QoS)-related bits. • -s packetsize — (Optional) Enter the number of data bytes to send (1 to 65468, default 56). • -S sndbuf — (Optional) Set the sndbuf socket.
• -a — (Optional) Audible ping. • -A — (Optional) Adaptive ping. An inter-packet interval adapts to the round-trip time so that not more than one (or more, if preload option is set) unanswered probe is present in the network. The minimum interval is 200 msec for a non-super-user, which corresponds to flood mode on a network with a low round-trip time. • -b — (Optional) Pings a broadcast address. • -B — (Optional) Does not allow ping to change the source address of probes.
Default Not configured Command Mode EXEC Usage Information This command uses an ICMP ECHO_REQUEST datagram to receive an ICMP ECHO_RESPONSE from a network host or gateway. Each ping packet has an IPv6 and ICMP header, followed by a time value and a number of ''pad'' bytes used to fill out the packet. A pingv6 operation sends a packet to a specified IPv6 address and then measures the time it takes to get a response from the address or device.
show diag Displays diagnostic information for port adapters and modules. Syntax show diag Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show diag 00:00.0 Host bridge: Intel Corporation Atom processor C2000 SoC Transaction Router (rev 02) 00:01.0 PCI bridge: Intel Corporation Atom processor C2000 PCIe Root Port 1 (rev 02) 00:02.0 PCI bridge: Intel Corporation Atom processor C2000 PCIe Root Port 2 (rev 02) 00:03.
------------------------------------1 up 43 Thermal sensors Unit Sensor-Id Sensor-name Temperature -----------------------------------------------------------------------------1 1 CPU On-Board temp sensor 32 1 2 Switch board temp sensor 28 1 3 System Inlet Ambient-1 temp sensor 27 1 4 System Inlet Ambient-2 temp sensor 25 1 5 System Inlet Ambient-3 temp sensor 26 1 6 Switch board 2 temp sensor 31 1 7 Switch board 3 temp sensor 41 1 8 NPU temp sensor 43 Supported Releases 10.2.
Supported Releases 10.2.0E or later show processes View process CPU utilization information. Syntax Parameters show processes node-id node-id-number [pid process-id] • node-id-number — Enter the Node ID number <1–1>. • process-id — (Optional) Enter the process ID number <1-2147483647>. Default Not configured Command Mode EXEC Usage Information None Example OS10# show processes node-id 1 top - 09:19:32 up 5 days, 6 min, 2 users, load average: 0.45, 0.39, 0.
show system Displays system information. Syntax show system [brief | node-id] Parameters • brief — View abbreviated list of system information. • node-id — Node ID number.
Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Example (brief) 1/1/2 1/1/3 1/1/4 1/1/5 1/1/6 1/1/7 1/1/8 1/1/9 1/1/10 1/1/11 1/1/12 1/1/13 1/1/14 1/1/15 1/1/16 1/1/17 1/1/18 1/1/19 1/1/20 1/1/21 1/1/22 1/1/23 1/1/24 1/1/25 1/1/26 1/1/27 1/1/28 1/1/29 1/1/30 1/1/31 1/1/32 Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No No BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAK
traceroute Displays the routes that packets take to travel to an IP address. Syntax traceroute [vrf management] host [-46dFITnreAUDV] [-f first_ttl] [-g gate,...] [-i device] [-m max_ttl] [-N squeries] [-p port] [-t tos] [-l flow_label] [-w waittime] [-q nqueries] [-s src_addr] [-z sendwait] [--fwmark=num] host [packetlen] Parameters • vrf management— (Optional) Traces the route to an IP address in the management VRF instance. • host — Enter the host to trace packets from.
4 Host65.hbms.com (63.80.56.65) 3.583 ms 3.776 ms 3.757 ms 5 host33.30.198.65 (65.198.30.33) 3.758 ms 4.286 ms 4.221 ms 6 3.GigabitEthernet3-3.GW3.SCL2.ALTER.NET (152.179.99.173) 4.428 ms 2.593 ms 3.243 ms 7 0.xe-7-0-1.XL3.SJC7.ALTER.NET (152.63.48.254) 3.915 ms 3.603 ms 3.790 ms 8 TenGigE0-4-0-5.GW6.SJC7.ALTER.NET (152.63.49.254) 11.781 ms 10.600 ms 9.402 ms 9 23.73.112.54 (23.73.112.54) 3.606 ms 3.542 ms 3.
Restore factory defaults Reboots the system to ONIE Rescue mode to restore the ONIE-enabled device to factory defaults. CAUTION: Restoring factory defaults erases any installed operating system and requires a long time to erase storage. ONIE Rescue bypasses the installed operating system and boots the system into ONIE until you reboot the system. After ONIE Rescue completes, the system resets and boots to the ONIE console. 1 Use the up and down arrows to select the ONIE: Rescue, then press Enter.
Configure SupportAssist SupportAssist is started by default. If you do not accept end user license agreement (EULA), SupportAssist is disabled. 1 Enter SupportAssist mode from CONFIGURATION mode. support-assist 2 (Optional) Configure the SupportAssist server URL or IP address in SUPPORT-ASSIST mode. server url server-url 3 (Optional) Configure the interface used to connect to the SupportAssist server in SUPPORT-ASSIST mode.
(END) Set company name You can optionally configure name, address and territory information. Although this information is optional, it is used by Dell Technical Support to identify which company owns the device. 1 (Optional) Configure contact information in SUPPORT-ASSIST mode. contact-company name name 2 (Optional) Configure address information in SUPPORT-ASSIST mode. Use the no address command to remove the configuration.
Schedule activity Configure the schedule for a full transfer of data. The default schedule is a full data transfer weekly — every Sunday at midnight (hour 0 minute 0). • Configure full-transfer or log-transfer activities in EXEC mode. support-assist-activity {full—transfer} schedule {hourly | daily | weekly | monthly | yearly} – hourly min number — Enter the time to schedule an hourly task (0 to 59). – daily hour number min number — Enter the time to schedule a daily task (0 to 23 and 0 to 59).
Proxy username : Activity Enable State : Activity State -------------------------------coredump-transfer enabled event-notification enabled full-transfer enabled Scheduled Activity List : Activity Schedule Schedule created on -----------------------------------------------------------full-transfer weekly: on sun at 00:00 Sep 12,2016 18:57:40 Activity Status : Activity Status last start last success ------------------------------------------------------------------------coredump-transfer success Sep 12,2016
• full-transfer — Enables transfer of logs and technical support information. Default Enabled Command Mode SUPPORT-ASSIST Usage Information Use the no version of this command to remove the configuration. Example (Event) OS10(conf-support-assist)# activity event-notification enable Example (Full) OS10(conf-support-assist)# activity full-transfer enable Example (Turn Off) OS10(conf-support-assist)# no activity coredump-transfer enable Supported Releases 10.2.
email-address Configures the email address for the contact name. Syntax email—address address Parameters address — Enter the email address for the contact name. Default Not configured Command Mode SUPPORT-ASSIST Usage Information The no version of this command removes the configuration. Example OS10(conf-support-assist-Eureka-JohnJamesSmith)# email-address jjsmith@eureka.com Supported Releases 10.2.0E or later eula-consent Accepts or rejects the SupportAssist end-user license agreement (EULA).
• no-contact — Enter to select no-contact as the preferred contact method. Default No-contact Command Mode SUPPORT-ASSIST Usage Information The no version of this command removes the configuration. Example OS10(conf-support-assist-Eureka-JohnJamesSmith)# preferred-method email Supported Releases 10.2.0E or later proxy-server Configures a proxy IP address for reaching the SupportAssist server.
show support-assist eula Displays the EULA for SupportAssist. Syntax show support-assist eula Parameters None Default None Command Mode EXEC Usage Information Use the eula-consent support-assist accept command to accept the license agreement. Example OS10# show support-assist eula I accept the terms of the license agreement. You can reject the license agreement by configuring this command 'eula-consent support-assist reject.' By installing SupportAssist, you allow Dell, Inc.
Example OS10# show support-assist status EULA : Accepted Service : Enabled Contact-Company : DellCMLCAEOS10 Street Address : 7625 Smetana Lane Dr Bldg 7615 Cube F577 City : Minneapolis State : Minnesota Country : USA Zipcode : 55418 Territory : USA Contact-person : Michael Dale Email : abc@dell.com Primary phone : 555-123-4567 Alternate phone : Contact method : email Server(configured) : https://web.dell.
Example OS10(conf-support-assist)# source-interface ethernet 1/1/4 Supported Releases 10.4.0E(R1) or later street-address Configures the street address information for the company. Syntax street-address {address} Parameters address — Enter one or more addresses in double quotes (up to 140 characters). Default Not configured Command Mode SUPPORT-ASSIST Usage Information Add spaces to the company street address by enclosing the address in quotes.
Usage Information The no version of this command removes the schedule activity. Example OS10# support-assist-activity full-transfer schedule daily hour 22 min 50 Supported Releases 10.2.0E or later territory Configures the territory for the company. Syntax territory territory Parameters territory — Enter the territory for the company. Default Not configured Command Mode CONFIG-SUPPORT-ASSIST Usage Information The no version of this command removes the company territory configuration.
sosreport generation start event May 11 22:9:43: collection task May 11 22:9:43: collection task %Node.1-Unit.1:PRI:OS10 %log-notice:SOSREPORT_GEN_STARTED: CLI completed; sosreport execution task started:All Plugin options %Node.1-Unit.1:PRI:OS10 %log-notice:SOSREPORT_GEN_STARTED: CLI completed; sosreport execution task started:All Plugin options output disabled output enabled Support bundle generation successful event Apr 19 bundle Apr 19 bundle 17:0:9: %Node.1-Unit.
Triggered alarms are in one of these states: • • Active — Alarms that are current and not cleared. Cleared — Alarms that are resolved and the device has returned to normal operation. System logging You can change system logging default settings using the severity level to control the type of system messages that are logged. Range of logging severities: • log-emerg — System is unstable. • log-alert — Immediate action needed. • log-crit — Critical conditions. • log-err — Error conditions.
Use the show trace command to view the current syslog file. All event and alarm information is sent to the syslog server, if one is configured. The show logging command accepts the following parameters: • log-file — Provides a detailed log including both software and hardware saved to a file. • process-names — Provides a list of all processes currently running which can be filtered based on the process-name. View logging log-file OS10# show logging log-file Jun 1 05:01:46 %Node.1-Unit.
View environment OS10# show environment Unit State Temperature Voltage -------------------------------------------1 up 42 -------------------------------------------Thermal sensors Unit Sensor-Id Sensor-name Temperature --------------------------------------------------------1 1 T2 temp sensor 28 1 2 system-NIC temp sensor 25 1 3 Ambient temp sensor 24 1 4 NPU temp sensor 40 --------------------------------------------------------- Link-bundle monitoring Monitoring link aggregation group (LAG) bundles allo
Usage Information Use the show alarm index command to view a list of alarm IDs. Example OS10# alarm clear 200 Supported Releases 10.2.0E or later show alarms Displays all current active system alarms. Syntax show alarms Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show alarms Index ----0 1 Supported Releases Severity -------major major Name ------------------------EQM_MORE_PSU_FAULT EQM_FAN_AIRFLOW_MISMATCH 10.2.
Severity: Type: Source: Name: Description: Raise-time: Clear-time: New: State: Supported Releases warning 1081364 Node.1-Unit.1 EQM_THERMAL_WARN_CROSSED Sep 20 0:16:52 true raised 10.2.0E or later show alarms history Displays the history of cleared alarms. Syntax show alarms history [summary] Parameters summary — Enter to view a summary of the alarm history.
Active-alarm details - 1 ------------------------------------------Index: 1 Sequence Number: 5 Severity: warning Type: 1081364 Source: Node.1-Unit.1 Name: EQM_THERMAL_WARN_CROSSED Description: Raise-time: Sep 20 0:16:52 Clear-time: New: true State: raised Supported Releases 10.2.0E or later show alarms severity Displays all active alarms using the severity level. Syntax show alarms severity severity Parameters severity — Set the alarm severity: • critical — Critical alarm severity.
Clear-time: New: State: Supported Releases true raised 10.2.0E or later show alarms summary Displays the summary of alarm information. Syntax show alarms summary Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show alarms summary Active-alarm Summary ----------------------Total-count: 6 Critical-count: 0 Major-count: 2 Minor-count: 2 Warning-count: 2 ----------------------- Supported Releases 10.2.
logging console Disables, enables, or configures the minimum severity level for logging to the console. Syntax logging console {disable | enable | severity} To set the severity to the default level, use the no logging console severity command. The default severity level is log-notice. Parameters severity — Set the minimum logging severity level: • log-emerg — Set to unusable. • log-alert — Set to immediate action is needed. • log-crit — Set to critical conditions.
logging log-file Disables, enables, or sets the minimum severity level for logging to the logfile. Syntax logging log-file {disable | enable | severity} To reset the log-file severity to the default level, use the no logging log-file severity command. The default severity level is log-notice. Parameters severity — Set the minimum logging severity level: • log-emerg — Set the system as unusable. • log-alert — Set to immediate action is needed. • log-crit — Set to critical conditions.
• log-info — Set to informational messages. • log-debug — Set to debug messages. Default Log-notice Command Mode CONFIGURATION Usage Information None Example OS10(config)# logging monitor severity log-info Supported Releases 10.2.0E or later logging server Configures the remote syslog server.
Parameters • process-name — (Optional) Enter the process-name to use as a filter in syslog messages. • line-numbers — (Optional) Enter the number of lines to include in the logging messages (1 to 65535). Default None Command Mode EXEC Usage Information The output from this command is the /var/log/eventlog file.
erted to SAI types (func:2359304) May 23 17:10:04 OS10 base_nas: [NDI:NDI-SAI], converted May 23 17:10:04 OS10 base_nas: [NDI:NDI-SAI], conv erted to SAI types (func:2359305) May 23 17:10:04 OS10 base_nas: [NDI:NDI-SAI], conv erted to SAI types (func:2359311) May 23 17:10:04 OS10 base_nas: [NDI:NDI-SAI], converted May 23 17:10:04 OS10 base_nas: [NDI:NDI-SAI], conv erted to SAI types (func:2359312) May 23 17:10:04 OS10 base_nas: [NDI:NDI-SAI], (23 59344) May 23 17:10:04 OS10 base_nas: [NDI:NDI-SAI], (23 5934
This product is protected by U.S. and international copyright and intellectual property laws. Dell EMC and the Dell EMC logo are trademarks of Dell Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. linuxadmin@OS10:~$ To log in to OS10 and access the command-line interface, enter su — admin at the Linux shell prompt, then admin as the password.
• Set flow control to none How do I view the hardware inventory? Use the show inventory command to view complete system inventory. How do I view the process-related information? Use the show processes node-id node-id-number [pid process-id] command to view the process CPU utilization information. Configuration How do I enter CONFIGURATION mode? Use the configure terminal command to change from EXEC mode to CONFIGURATION mode.
How do I view summary information for all IP routes? Use the show running-configuration command. How do I view summary information for the OSPF database? Use the show ip ospf database command. How do I view configuration of OSPF neighbors connected to the local router? Use the show ip ospf neighbor command. System management How can I view the current interface configuration? Use the show running-configuration command to view all currently configured interfaces.
• % Warning: Make sure all qos-groups are matched in a single class in attached policy-map Priority flow control mode error message: % Error: LLFC flowcontrol is on, disable LLFC to enable PFC PFC shared-buffer size error message: % Error: Hardware update failed. Pause error message: % Error: Buffer-size should be greater than Pause threshold and Pause threshold should be greater than equal to Resume threshold.
14 Support resources The Dell EMC Support site provides a range of documents and tools to assist you with effectively using Dell EMC devices. Through the support site you can obtain technical information regarding Dell EMC products, access software upgrades and patches, download available management software, and manage your open cases. The Dell EMC support site provides integrated, secure access to these services. To access the Dell EMC Support site, go to www.dell.com/support/.