OS10 Enterprise Edition User Guide Release 10.4.1.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2018 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Getting Started............................................................................................................................................ 22 Supported Hardware....................................................................................................................................................... 22 Download OS10 image and license................................................................................................................................
alias (multi-line).......................................................................................................................................................... 55 batch........................................................................................................................................................................... 55 boot........................................................................................................................................................
Fibre Channel interfaces................................................................................................................................................. 83 Management interface ...................................................................................................................................................85 VLAN interfaces.........................................................................................................................................................
mtu.............................................................................................................................................................................. 112 port-group.................................................................................................................................................................. 113 scale-profile vlan.......................................................................................................................................
F_Port and NPG commands.........................................................................................................................................140 clear fc statistics.......................................................................................................................................................140 fcoe .........................................................................................................................................................................
Sample configuration................................................................................................................................................167 LACP fallback............................................................................................................................................................170 LACP commands......................................................................................................................................................
RPVST+ commands................................................................................................................................................ 229 Rapid Spanning-Tree Protocol...................................................................................................................................... 236 Enable globally..........................................................................................................................................................
Multiexit discriminators........................................................................................................................................... 298 Origin......................................................................................................................................................................... 298 AS path and next-hop.............................................................................................................................................
Duplicate address discovery................................................................................................................................... 369 Static IPv6 routing................................................................................................................................................... 370 IPv6 destination unreachable.................................................................................................................................
Advertisement interval.............................................................................................................................................474 Interface/object tracking........................................................................................................................................ 475 Configure tracking...................................................................................................................................................
Password strength................................................................................................................................................... 519 Role-based access control...................................................................................................................................... 519 Assign user role........................................................................................................................................................
protocol-version....................................................................................................................................................... 583 rate-limit packet_in..................................................................................................................................................584 show openflow.........................................................................................................................................................
deny icmp (IPv6)..................................................................................................................................................... 608 deny ip.......................................................................................................................................................................608 deny ipv6...........................................................................................................................................................
seq deny icmp (IPv6).............................................................................................................................................. 632 seq deny ip................................................................................................................................................................632 seq deny ipv6...........................................................................................................................................................
set local-preference.................................................................................................................................................657 set metric..................................................................................................................................................................658 set metric-type........................................................................................................................................................
pause.........................................................................................................................................................................689 pfc-cos......................................................................................................................................................................690 pfc-max-buffer-size..........................................................................................................................................
trust dscp-map......................................................................................................................................................... 712 qos-map traffic-class............................................................................................................................................... 712 trust-map..................................................................................................................................................................
Enhanced transmission selection.................................................................................................................................750 ETS configuration notes......................................................................................................................................... 750 Configure ETS...........................................................................................................................................................
Monitor processes...................................................................................................................................................806 LED settings............................................................................................................................................................. 807 Packet analysis.........................................................................................................................................................
1 Getting Started Dell EMC Networking OS10 Enterprise Edition is a network operating system supporting multiple architectures and environments. The networking world is moving from a monolithic stack to a pick-your-own-world. The OS10 solution is designed to allow disaggregation of the network functionality.
• Z9100–ON • Z9264F-ON Download OS10 image and license OS10 Enterprise Edition may come factory-loaded and is available for download from the Dell Digital Locker (DDL). A factory-loaded OS10 image has a perpetual license installed. An OS10 image that you download has a 120-day trial license and requires a perpetual license to run beyond the trial period. See the Quick Start Guide shipped with your device and My Account FAQs for more information.
9 Read the Dell End User License Agreement. Scroll to the end of the agreement, then click Yes, I agree. 10 Select how you want to download the software files, then click Download Now. After you download the OS10 Enterprise Edition image, unzip the .tar file by following these guidelines: • Extract the OIS10 binary file from the .tar file using any file archiver/compressor software. For example, to unzip a .
| ONIE: Diag ONIE | +--------------------------------------------------------+ • Install OS — Boots to the ONIE prompt and installs an OS10 image using the automatic discovery process. When ONIE installs a new operating system (OS) image, the previously installed image and OS10 configuration are deleted. • Rescue — Boots to the ONIE prompt and allows for manual installation of an OS10 image or updating ONIE.
Press or to enter setup. Welcome to GRUB! GNU GRUB version 2.02~beta2+e4a1fe391 OS10-B EDA-DIAG ONIE Booting `OS10-A' Loading OS10 ... [ 3.883826] kvm: already loaded the other module [ 3.967628] dummy-irq: no IRQ given. Use irq=N [ 3.973212] mic_init not running on X100 ret -19 [ 3.980168] esas2r: driver will not be loaded because no ATTO esas2r devices were found [ 4.021676] mtdoops: mtd device (mtddev=name/number) must be supplied [ 5.092316] i8042: No controller found [ 5.
3 (Optional) Stop the ONIE discovery process if the device boots to ONIE: Install. $ onie-discovery-stop 4 Create a USB mount location on the system. $ mkdir /mnt/media 5 Identify the path to the USB drive. $ fdisk -l 6 Mount the USB media plugged in the USB port on the device. $ mount -t vfat usb-drive-path /mnt/media 7 Install the software from the USB, where /mnt/media specifies the path where the USB partition is mounted.
3 Install the license file from the workstation in EXEC mode. license install {ftp: | http: | localfs: | scp: | sftp: | tftp: | usb:} filepath/filename • ftp://userid:passwd@hostip/filepath — Copy from a remote FTP server • http://hostip/filepath — Copy from a remote HTTP server • http://hostip — Send request to a remote HTTP server. • localfs://filepath — Install from a local file directory. • scp://userid:passwd@hostip/filepath — Copy from a remote SCP server.
• • • Upgrade an existing OS10 image. Execute a CLI batch file to configure the switch. Execute a post-ZTD script to perform additional functions. ZTD is enabled by default when you boot up a switch with a factory-installed OS10 for the first time or when you perform an ONIE: OS Install from the ONIE boot menu. When a switch boots up in ZTD mode, it starts the DHCP client on all interfaces — management and front-panel ports. ZTD configures all interfaces for untagged VLAN traffic.
To exit ZTD mode and manually configure a switch by entering CLI commands, stop the ZTD process by entering the ztd cancel command. You can enter ztd cancel only when ZTD is in a waiting state; that is, before it receives an answer from the DHCP server. Otherwise, the command returns an error message; for example: OS10# ztd cancel % Error: ZTD cancel failed. ZTD process already started and cannot be cancelled at this stage. Disable ZTD To disable ZTD, enter the reload command.
subnet 50.0.0.0 netmask 255.255.0.0 { range 50.0.0.10 50.0.0.254; option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org; } host ztd-leaf1 { hardware ethernet 90:b1:1c:f4:a9:b1; fixed-address 50.0.0.8; option ztd-provision-url "http://50.0.0.1/ztd.sh"; } ZTD provisioning script Create a ZTD script file that you store on an HTTP server. Configure the URL of the script using DHCP option 240 (ztd-provisionurl) on the DHCP server.
######################## **END** ############################### ZTD CLI batch file Create a CLI batch file that ZTD downloads and executes to configure a switch. The ZTD CLI batch file consists of two sections: PRECONFIG and POST-CONFIG. ZTD executes the PRE-CONFIG commands first using the currently running OS10 image, not the OS10 image specified in the provisioning script. ZTD saves the PRE-CONFIG settings to the startup configuration.
reload ztd Reboots the switch and enables ZTD after the reload. Syntax reload ztd Parameters None Default ZTD is enabled. Command Mode EXEC Usage Information Use the reload ztd command to automatically upgrade OS10 and/or activate new configuration settings. When you reload ZTD, you are prompted to confirm the deletion of the startup configuration. Example OS10# reload ztd Supported Releases 10.4.1.0 or later show ztd-status Displays the current ZTD status: enabled, disabled, or canceled.
ztd cancel Stops ZTD while in progress. After you cancel ZTD, you can enter CLI commands to configure the switch. Syntax ztd cancel Parameters None Default ZTD is enabled. Command Mode EXEC Usage Information When ZTD is enabled, the command-line interface is locked. You cannot enter OS10 configuration commands. Use the ztd cancel command to cancel the ZTD process and return to CLI configuration mode.
3 Configure an IPv4 or IPv6 address on the Management interface in INTERFACE mode. ip address A.B.C.D/mask ipv6 address A:B/prefix-length 4 Enable the Management interface in INTERFACE mode. no shutdown Configure Management interface OS10(config)# interface OS10(conf-if-ma-1/1/1)# OS10(conf-if-ma-1/1/1)# OS10(conf-if-ma-1/1/1)# mgmt 1/1/1 no ip address dhcp ip address 10.1.1.
For backward compatibility with OS10 releases 10.3.1E and earlier, passwords entered in MD-5, SHA-256, and SHA-512 format are supported. To increase the required password strength, use the password-attributes command. • Create a user name and password in CONFIGURATION mode. username username password password role role – username username — Enter a text string (up to 32 alphanumeric characters; 1 character minimum).
Key CLI features Consistent command names Commands that provide the same type of function have the same name, regardless of the portion of the system on which they are operating. For example, all show commands display software information and statistics, and all clear commands erase various types of system information. Available commands Information about available commands is provided at each level of the CLI command hierarchy.
CLI command hierarchy CLI commands are organized in a hierarchy. Commands that perform a similar function are grouped together under the same level of hierarchy. For example, all commands that display information about the system and the system software are grouped under the show system command, and all commands that display information about the routing table are grouped under the show ip route command.
1 Enter ? to view the commands available in EXEC mode.
load-balancing logging login-statistics mac management monitor no ntp policy-map qos-map radius-server route-map router sflow snmp-server spanning-tree support-assist system telnet track trust unit-provision username vlt-domain vrrp wred Load balancing configurations Logging commands Configure login statistics MAC Address Table Configuration Subcommands management interface commands Create a session for monitoring traffic To delete / disable commands in config mode Configure NTP Configure policy map Config
• • • • mac MAC forwarding table monitor Show port monitoring sessions network-policy Show network policy ntp NTP associations parser-tree Show parser tree policy-map Show policy-map information port-channel LAG status and configuration processes Show processes statistics qos Show ingress or egress QoS configuration queuing Show egress QoS counters route-map Show route map information running-configuration Current operating configuration sessions Show active management sessions sflow Show sflow spanning-t
Physical Ports BIOS SMF-FPGA SMF-MSS CPLD1 CPLD2 CPLD3 CPLD4 : : : : : : : : 48x25GbE, 6x100GbE 3.36.0.1-2 0.1 1.2.2 1.0 1.0 1.0 1.
prefix-list qos-map radius-server route-map sflow snmp spanning-tree support-assist system-qos trust-map users vlt Current Current Current Current Current Current Current Current Current Current Current Current candidate candidate candidate candidate candidate candidate candidate candidate candidate candidate candidate candidate prefix-list configuration qos-map configuration radius-server configuration route-map configuration sFlow configuration snmp configuration spanning-tree configuration support-ass
ip address dhcp no shutdown ipv6 enable ipv6 address autoconfig ! support-assist ! policy-map type application policy-iscsi ! class-map type application class-iscsi View compressed running configuration OS10# show running-configuration compressed interface breakout 1/1/1 map 40g-1x interface breakout 1/1/2 map 40g-1x interface breakout 1/1/3 map 40g-1x interface breakout 1/1/4 map 40g-1x interface breakout 1/1/5 map 40g-1x interface breakout 1/1/6 map 40g-1x interface breakout 1/1/7 map 40g-1x interface bre
! class-map type application class-iscsi Show difference between candidate and running configurations OS10# show diff candidate-configuration running-configuration OS10# NOTE: If the show command does not return output, the candidate-configuration and running-configuration files match. Prevent configuration changes You can prevent configuration changes on sessions other than the current CLI session using the lock command.
Copy running configuration to local directory or remote server OS10# copy running-configuration {config://filepath | home://filepath | ftp://userid:passwd@hostip/filepath | scp://userid:passwd@hostip/filepath | sftp://userid:passwd@hostip/filepath | tftp://hostip/filepath} OS10# copy running-configuration scp://root:calvin@10.11.63.120/tmp/qaz.
Saving system configuration Proceed to reboot the system? [confirm yes/no]:yes To configure the OS10 image loaded at the next system boot, enter the boot system command in EXEC mode. boot system {active | standby} • Enter active to load the primary OS10 image stored in the A partition. • Enter standby to load the secondary OS10 image stored in the B partition.
numbers ranging from 1 to 9 or with an asterisk (*) and enter the parameters while executing the commands using the alias. Use asterisk (*) to represent any number of parameters. The maximum number of input parameters is 9. alias alias-name alias-value • Execute the commands using the alias in the respective modes. • View the current aliases. show alias [brief | detail] • Use the no form of the command to delete an alias.
showint shver Local Local Number of config aliases : 2 Number of local aliases : 3 View alias information brief (displays the first 10 characters of the alias value) OS10# show alias brief Name Type ------govlt Config goint Config shconfig Local showint Local shver Local Value ----"vlt-domain..." "interface ..." "show runni..." "show inter..." "show versi...
Create multi-line alias OS10(config)# alias mTest OS10(config-alias-mTest)# OS10(config-alias-mTest)# OS10(config-alias-mTest)# OS10(config-alias-mTest)# OS10(config-alias-mTest)# OS10(config-alias-mTest)# line 1 "interface $1 $2" line 2 "no shutdown" line 3 "show configuration" default 1 "ethernet" default 2 "1/1/1" description InterfaceDetails View alias output for mTest with default values OS10(config)# mTest OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# ! interface ethernet1/
default 1 "ethernet" default 2 "1/1/1" Number of config aliases : 1 Number of local aliases : 0 View alias detail (displays the entire alias value) OS10# show alias detail Name Type ------mTest Config Value ----line 1 "interface $1 $2" line 2 "no shutdown" line 3 "show configuration" default 1 "ethernet" default 2 "1/1/1" Number of config aliases : 1 Number of local aliases : 0 Delete alias OS10(config)# no alias mTest Batch mode Create and run a batch file to execute a sequence of multiple commands.
no switchport ip address 172.17.4.1/24 Linux shell commands You can execute a single command, or a series of commands using a batch file from the Linux shell. • Use the -c option to run a single command. admin@OS10:/opt/dell/os10/bin$ clish -c "show version" New user admin logged in at session 10 OS10# show version Dell EMC Networking OS10-Enterprise Copyright (c) 1999-2018 by Dell Inc. All Rights Reserved. OS Version: 10.4.1.0X Build Version: 10.4.1.0.X.
Dell EMC Networking OS10-Enterprise Copyright (c) 1999-2018 by Dell Inc. All Rights Reserved. OS Version: 10.4.1.0X Build Version: 10.4.1.0.X.9 Build Time: 2018-06-12T22:18:40-0700 System Type: S4148F-ON Architecture: x86_64 Up Time: 2 days 03:37:25 OS9 environment commands You can configure commands in an OS9 environment by using the feature config-os9-style command. The current release supports VLAN tagging and port-channel grouping commands.
Default Not configured Command Mode EXEC CONFIGURATION Usage Information Use this command to create a shortcut to long commands along with arguments. Use the numbers 1 to 9 along with the $ to provide input parameters. The no version of this command deletes an alias. Example In the following example, when you enter showint status, note that the text on the CLI changes to show interface status. The alias changes to the actual command that you have specified in the alias definition.
alias (multi-line) Creates a mulit-line command alias. Syntax alias alias-name Parameters alias-name — Enter the name of the alias (up to 20 characters). Default Not configured Command Mode CONFIGURATION Usage Information Use this command to save a series of multiple commands in an alias. The switch enters the ALIAS mode when you create an alias. You can enter the series of commands to be executed using the line command. The no version of this command deletes an alias.
boot Configures which OS10 image to use the next time the system boots up. Syntax boot system [active | standby] Parameters • active — Reset the running partition as the next boot partition. • standby — Set the standby partition as the next boot partition. Default Not configured Command Mode EXEC Usage Information Use this command to configure the location of the OS10 image used to reload the software at boot time. Use the show boot command to view the configured next boot image.
Example OS10# configure terminal OS10(config)# Supported Releases 10.2.0E or later copy Copies the current running configuration to the startup configuration and transfers files between an OS10 switch and a remote device.
Example (retrieve backed-up configuration) OS10# copy scp://os10user:os10passwd@10.11.222.1:/home/os10/backup.xml home:// config.xml OS10(conf-if-eth1/1/5)# dir home Directory contents for Date (modified) --------------------… 2017-02-15T21:19:54Z config.xml … folder: home Size (bytes) ------------ Name ------------------------------------------ 54525 Example (replace startup configuration) OS10# home://config.xml config://startup.xml Supported Releases 10.2.
• usb://filepath — (Optional) Delete from USB file system. Default Not configured Command Mode EXEC Usage Information Use this command to remove a regular file, software image, or startup configuration. Removing the startup configuration restores the system to factory default. You need to reboot the switch — reload for the operation to take effect. Use caution when removing the startup configuration. Example OS10# delete startup-configuration Supported Releases 10.2.
Command Mode EXEC Usage Information Use the dir config command to display configuration files. This command requires at least one parameter.
Supported Releases 10.2.0E or later feature config-os9-style Configure commands in OS9 environment. Syntax feature config-os9-style Parameters None Default Not configured Command Mode CONFIGURATION Usage Information Once you enable the feature to configure the commands in OS9 format, log out of the session. In the next session, you can configure the commands in OS9 format. The current release supports VLAN tagging and Port channel grouping commands.
Parameters • ftp: — (Optional) Install from remote file system (ftp://userid:passwd@hostip/filepath). • http[s]: — (Optional) Install from remote file system (http://hostip/filepath). • http[s]: — (Optional) Request from remote server (http://hostip). • localfs: — (Optional) Install from local file system (localfs://filepath). • scp: — (Optional) Request from remote file system (scp://userid:passwd@hostip/filepath).
Parameters None Default Not configured Command Mode EXEC Usage Information The lock command fails if there are uncommitted changes in the candidate configuration. Example OS10# lock Supported Releases 10.2.0E or later management route Configures an IPv4/IPv6 static route used by the Management port. Repeat the command to configure multiple management routes.
Default Not configured Command Mode EXEC Usage Information Use the dir config command to view the directory contents. Example OS10# move config://startup.xml config://startup-backup.xml Example (dir) OS10# dir config Directory contents for Date (modified) --------------------2017-04-26T15:23:46Z Supported Releases folder: config Size (bytes) Name ------------ ----------26704 startup.xml 10.2.0E or later no Disables or deletes commands in EXEC mode.
Supported Releases 10.2.0E or later show alias Displays configured alias commands available in both persistent and non-persistent modes. Syntax Parameters show alias [brief | detail] • brief — Displays brief information of aliases. • detail — Displays detailed information of aliases.
Number of config aliases : 3 Number of local aliases : 3 Supported Releases 10.3.0E or later show boot Displays detailed information about the boot image. Syntax show boot [detail] Parameters None Default Not configured Command Mode EXEC Usage Information The Next-Boot field displays the partition that the next reload uses.
• class-map — (Optional) Current candidate class-map configuration. • community-list — (Optional) Current candidate community-list configuration. • compressed — (Optional) Current candidate configuration in compressed format. • control-plane — (Optional) Current candidate control-plane configuration. • dot1x — (Optional) Current candidate dot1x configuration. • extcommunity-list — (Optional) Current candidate extcommunity-list configuration.
no shutdown ! interface ethernet1/1/4 switchport access vlan 1 no shutdown ! interface ethernet1/1/5 switchport access vlan 1 no shutdown ! --more-Example (compressed) OS10# show candidate-configuration compressed username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/ VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH. aaa authentication local snmp-server contact http://www.dell.com/support snmp-server location "United States" logging monitor disable ip route 0.0.0.0/0 10.11.58.
-----------------------------------------------------------------------------1 1 CPU On-Board temp sensor 32 1 2 Switch board temp sensor 28 1 3 System Inlet Ambient-1 temp sensor 27 1 4 System Inlet Ambient-2 temp sensor 25 1 5 System Inlet Ambient-3 temp sensor 26 1 6 Switch board 2 temp sensor 31 1 7 Switch board 3 temp sensor 41 1 8 NPU temp sensor 43 Supported Releases 10.2.0E or later show inventory Displays system inventory information.
Usage Information Use this command to view the IPv4 static and connected routes configured for the management port. Use the management route command to configure an IPv4 or IPv6 management route. Example OS10# show ip management-route Destination Gateway State Source ----------------------------------------------------------------192.168.10.0/24 managementethernet Connected Connected Supported Releases 10.2.
Vendor Name : Product Name : S4000ON Hardware Version: X01 Platform Name : PPID : TW0J09D32829849Q0164 Service Tag : BJD7VS1 License Details ---------------Software : OS10-Enterprise Version : 10.4.1.0X License Type : PERPETUAL License Duration: Unlimited License Status : Active License location: /mnt/license/BJD7VS1.lic --------------------------------------------------------- Supported Releases 10.3.0E or later show running-configuration Displays the configuration currently running on the device.
• sflow — (Optional) Current operating sFlow configuration. • snmp — (Optional) Current operating SNMP configuration. • spanning-tree — (Optional) Current operating spanning-tree configuration. • support-assist — (Optional) Current operating support-assist configuration. • system-qos — (Optional) Current operating system-qos configuration. • trust-map — (Optional) Current operating trust-map configuration. • users — (Optional) Current operating users configuration.
! interface vlan 1 no shutdown ! interface mgmt1/1/1 ip address 10.11.58.145/8 no shutdown ipv6 enable ipv6 address autoconfig ! support-assist ! policy-map type application policy-iscsi ! class-map type application class-iscsi Supported Releases 10.2.0E or later show startup-configuration Displays the contents of the startup configuration file. Syntax show startup-configuration [compressed] Parameters compressed — (Optional) View a compressed version of the startup configuration file.
Example (compressed) OS10# show startup-configuration compressed username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/ VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH. aaa authentication local snmp-server contact http://www.dell.com/support snmp-server location "United States" ip route 0.0.0.0/0 10.11.58.1 ! interface range ethernet 1/1/1-1/1/32 switchport access vlan 1 no shutdown ! interface vlan 1 no shutdown ! interface mgmt1/1/1 ip address 10.11.58.
PSU-ID Status Type AirFlow Fan Speed(rpm) Status ---------------------------------------------------------------1 up DC REVERSE 1 7200 up 2 up DC REVERSE 1 7200 up -- Fan Status -FanTray Status AirFlow Fan Speed(rpm) Status ---------------------------------------------------------------1 up REVERSE 1 7000 up 2 7000 up Example (node-id) 2 up REVERSE 1 2 7000 7000 up up 3 up REVERSE 1 2 7000 7000 up up OS10# show system node-id 1 fanout-configured Interface Breakout capable Breakout state
PSU-ID Status Type AirFlow Fan Speed(rpm) Status ---------------------------------------------------------------1 fail 2 up AC REVERSE 1 14688 up -- Fan Status -FanTray Status AirFlow Fan Speed(rpm) Status ---------------------------------------------------------------1 up REVERSE 1 13063 up 2 13020 up Supported Releases 2 up REVERSE 1 2 12956 12977 up up 3 up NORMAL 1 2 12956 13063 up up 10.2.0E or later show version Displays software version information.
NOTE: Before you start a transaction, you must lock the session using the lock command in EXEC mode. Otherwise, the configuration changes from other sessions get committed. Example OS10# start transaction Supported Releases 10.3.1E or later system Executes a Linux command from within OS10. Syntax system command Parameters command — Enter the Linux command to execute.
Default 24 terminal lines Command Mode EXEC Usage Information Enter zero (0) for the terminal to display without pausing. Example OS10# terminal monitor Supported Releases 10.2.0E or later traceroute Displays the routes that packets take to travel to an IP address. Syntax traceroute [vrf {management | vrf-name}] host [-46dFITnreAUDV] [-f first_ttl] [-g gate,...
– packet_len — (Optional) Enter the total size of the probing packet (default 60 bytes for IPv4 and 80 for IPv6). Default Not configured Command Mode EXEC Usage Information None Example OS10# traceroute www.dell.com traceroute to www.dell.com (23.73.112.54), 30 hops max, 60 byte packets 1 10.11.97.254 (10.11.97.254) 4.298 ms 4.417 ms 4.398 ms 2 10.11.3.254 (10.11.3.254) 2.121 ms 2.326 ms 2.550 ms 3 10.11.27.254 (10.11.27.254) 2.233 ms 2.207 ms 2.391 ms 4 Host65.hbms.com (63.80.56.65) 3.583 ms 3.
Usage Information This command has the same effect as the copy running-configuration startup-configuration command. The running configuration is not saved to a local configuration file other than the startup configuration. Use the copy command to save running configuration changes to a local file. Example OS10# write memory Supported Releases 10.2.
2 Interfaces You can configure and monitor physical interfaces (Ethernet), port-channels, and VLANs in L2 or L3 modes. Table 1.
Figure 1. S4148U-ON unified port groups To enable Ethernet interfaces in a unified port group: 1 Configure a unified port group in CONFIGURATION mode. Enter 1/1 for node/slot. The port-group range depends on the switch. port-group node/slot/port-group 2 Activate the unified port group for Ethernet operation in PORT-GROUP mode. To activate a unified port group in Fibre Channel mode, see Fibre Channel interfaces. The available options depend on the switch.
By default, native VLAN of a port is the default VLAN ID of the switch. You can change the native VLAN using the switchport access vlan vlan-id command. A trunk interface carries VLAN traffic that is tagged using 802.1q encapsulation. If an access interface receives a packet with an 802.1q tag in the header that is different from the access VLAN ID, it drops the packet.
S4148U-ON On a S4148U-ON, FC interfaces are available in all port groups. The activated FC interfaces depend on the currently configured port profile. For more information, see S4148U-ON port profiles. Figure 2. S4148U-ON unified port groups To enable a Fibre Channel interface: 1 Configure a unified port group in CONFIGURATION mode. Enter 1/1 for node/slot. The port-group range depends on the switch. port-group node/slot/port-group 2 Activate the unified port group for FC operation in PORT-GROUP mode.
speed 32 vfabric 100 OS10# show interface fibrechannel 1/1/43:1 Fibrechannel 1/1/43:1 is up, FC link is up Address is 14:18:77:20:8d:fc, Current address is 14:18:77:20:8d:fc Pluggable media present, QSFP+ type is QSFP+ 4x(16GBASE FC SW) Wavelength is 850 Receive power reading is 0.
When using VLANs in a routing protocol, you must configure the no shutdown command to enable the VLAN for routing traffic. In VLANs, the shutdown command prevents L3 traffic from passing through the interface — L2 traffic is unaffected by this command. • Configure an IP address in A.B.C.D/x format on the interface in INTERFACE mode. The secondary IP address is the interface’s backup IP address.
After you upgrade OS10 from an earlier version with configured VLANs, if you configure the VLAN scale profile and enable L3 routing on VLANs, save the configuration and reload the switch to apply the scale profile settings. Apply VLAN scale profile OS10(config)# scale-profile vlan OS10(config)# interface vlan 10 OS10(conf-if-vl-10)# mode L3 Loopback interfaces A loopback interface is a virtual interface in which the software emulates an interface.
Static Port-channels are statically configured. Dynamic Port-channels are dynamically configured using Link Aggregation Control Protocol (LACP). Member ports of a LAG are added and programmed into the hardware in a predictable order based on the port ID, instead of in the order in which the ports come up. Load balancing yields predictable results across resets and reloads. Create port-channel You can create up to 128 port-channels, with up to 32 port members per group.
LACP enables ports to be dynamically bundled as members of a port-channel. To configure a port for LACP operation, use the channelgroup mode {active|passive} command. Active and passive modes allow LACP to negotiate between ports to determine if they can form a port -channel based on their configuration settings.
Load balance traffic You can use hashing to load balance traffic across the member interfaces of a port-channel. Load balancing uses source and destination packet information to distribute traffic over multiple interfaces when transferring data to a destination. For packets without an L3 header, OS10 automatically uses the load-balancing mac—selection destination-mac command for hash algorithms by default.
You can use interface ranges for: • • • Ethernet physical interfaces Port channels VLAN interfaces Bulk configuration includes any non-existing interfaces in an interface range from the configuration. You can configure a default VLAN only if the interface range being configured consists of only VLAN ports. When a configuration in one of the VLAN ports fails, all the VLAN ports in the interface range are affected.
3 Reload the switch in EXEC mode. reload The switch reboots with the new port configuration and resets the system defaults, except for the switch-port profile and these configured settings: • Management interface 1/1/1 configuration • Management IPv4/IPv6 static routes • System hostname • Unified Forwarding Table (UFT) mode • ECMP maximum paths You must manually reconfigure other settings on a switch after you apply a new port profile and reload the switch.
1GE mode: 1GE is supported only on SFP+ ports; 1GE is not supported on QSFP+ and QSFP28 ports 25-26. Breakout interfaces: Use the interface breakout command in Configuration mode to configure 4x10G, 4x25G, and 2x50G breakout interfaces. To view the ports that belong to each port group, use the show port-group command. S4148U-ON port profiles S4148U-ON port profiles determine the available front-panel unified and Ethernet ports and supported breakout interfaces.
*profile-1 and profile-2 activate the same port mode capability on unified and Ethernet ports. The difference is that in profile-1, by default SFP+ unified ports 1-24 come up in Fibre Channel mode with 2x16GFC breakouts per port group. In profile-2, by default SFP+ unified ports 1-24 come up in Ethernet 10GE mode. profile-1 allows you to connect FC devices for plug-and-play; profile-2 is designed for a standard Ethernet-based data network.
• 100g-1x — Reset a QSFP28 port to 100G speed. To configure an Ethernet breakout interface, enter the interface ethernet node/slot/port:subport command in CONFIGURATION mode. Each breakout interface operates at the configured speed. Enter the no version of the interface breakout command to reset a port to its default speed — 40G or 100G. To configure breakout interfaces on a unified port, enter the mode {Eth | FC} command in Port-Group Configuration mode.
Eth Eth Eth Eth Eth Eth 1/1/2 1/1/25:1 1/1/25:2 1/1/25:3 1/1/25:4 1/1/29 down down down down down down 0 0 0 0 0 0 auto auto auto auto auto auto A A A A A A 1 1 1 1 1 1 - Forward error correction Forward error correction (FEC) is used to enhance data reliability. FEC modes supported in OS10: • CL74-FC — Supports 25G • CL91-RS — Supports 100G • CL108-RS — Supports 25G • off — Disables FEC NOTE: OS10 does not support FEC on 10G and 40G.
Energy-efficient Ethernet Energy-efficient Ethernet (EEE) reduces power the consumption of physical layer devices (PHYs) during idle periods. EEE allows Dell Networking devices to conform to green computing standards. An Ethernet link consumes power when a link is idle. EEE allows for Ethernet links to use the regular power mode only during data transmission. EEE is enabled on devices that support LOW POWER IDLE (LPI) mode.
View EEE status/statistics You can view the EEE status or statistics for a specified interface, or all interfaces, using show commands. View EEE status for a specified interface OS10# show interface ethernet 1/1/48 eee Port EEE Status Speed Duplex --------------------------------------------Eth 1/1/48 on up 1000M View EEE status on all interfaces OS10# show interface eee Port EEE Status Speed Duplex --------------------------------------------Eth 1/1/1 off up 1000M ...
clear counters interface eee Clears all EEE counters. Syntax clear counters interface eee Parameters None Default Not configured Command Mode EXEC Usage Information Use this command to clear all EEE counters. Example OS10# clear counters interface eee Clear all eee counters [confirm yes/no]:yes Supported Releases 10.3.0E or later clear counters interface ethernet eee Clears EEE counters on a specified interface.
show interface eee Displays the EEE status for all interfaces. Syntax show interface eee Parameters None Default Not configured Command Mode EXEC Example OS10# show interface eee Port EEE Status Speed Duplex --------------------------------------------Eth 1/1/1 off up 1000M ... Eth 1/1/47 on up 1000M Eth 1/1/48 on up 1000M Eth 1/1/49 n/a Eth 1/1/50 n/a Eth 1/1/51 n/a Eth 1/1/52 n/a Supported Releases 10.3.0E or later show interface eee statistics Displays EEE statistics for all interfaces.
Default Not configured Command Mode EXEC Example OS10# show interface ethernet 1/1/48 eee Port EEE Status Speed Duplex --------------------------------------------Eth 1/1/48 on up 1000M Supported Releases 10.3.0E or later show interface ethernet eee statistics Displays EEE statistics for a specified interface. Syntax show interface ethernet node/slot/port[:subport] eee statistics Parameters node/slot/port[:subport]—Enter the interface information.
Pluggable media present, QSFP+ type is QSFP+ 40GBASE CR4 Wavelength is 64 Receive power reading is 0.
Time since last interface status change: 02:46:35 --more-View specific interface information OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# show configuration ! interface ethernet1/1/1 ip address 1.1.1.1/24 no switchport no shutdown View candidate configuration OS10(conf-if-eth1/1/1)# show configuration candidate ! interface ethernet1/1/1 ip address 1.1.1.1/24 no switchport no shutdown View running configuration OS10# show running-configuration Current Configuration ...
Ethernet 1/1/21 Ethernet 1/1/22 Ethernet 1/1/23 Ethernet 1/1/24 Ethernet 1/1/25 Ethernet 1/1/26 Ethernet 1/1/27 Ethernet 1/1/28 Ethernet 1/1/29 Ethernet 1/1/30 Ethernet 1/1/31 Ethernet 1/1/32 Management 1/1/1 Vlan 1 Vlan 10 Vlan 20 Vlan 30 unassigned unassigned unassigned unassigned unassigned unassigned unassigned unassigned unassigned unassigned unassigned unassigned 10.16.153.
Example OS10(config)# interface ethernet 1/1/2:1 OS10(conf-if-eth1/1/2:1)# channel-group 20 mode active Supported Releases 10.3.0E or later default vlan-id Reconfigures the VLAN ID of the default VLAN. Syntax default vlan-id vlan-id Parameters vlan-id — Enter the default VLAN ID number (1 to 4093). Default VLAN 1 Command Mode CONFIGURATION Usage Information By default, VLAN 1 serves as the default VLAN for switching untagged L2 traffic on OS10 ports in trunk or access mode.
Command Mode Usage Information INTERFACE • To use special characters as a part of the description string, enclose the string in double quotes. • Spaces between characters are not preserved after entering this command unless you enclose the entire description in quotation marks (“text description”). • Enter a text string after the description command to overwrite any previous text string that you previously configured as the description.
The no version of this command disables the auto-breakout feature. The media type plugged into a port is no longer automatically learned. Use the interface breakout command to manually configure breakout interfaces. Example OS10(config)# feature auto-breakout Supported releases 10.4.0E(R1) or later fec Configures Forward Error Correction on 25G and 100G interfaces.
Usage Information • Each breakout interface operates at the configured speed; for example, 10G or 25G. • The no interface breakout node/slot/port command resets a port to its default speed — 40G or 100G. • To configure breakout interfaces on a unified port, use the mode {Eth | FC} command in the Port-Group configuration mode. Example OS10(config)# interface breakout 1/1/41 map 10g-4x Supported Releases 10.2.2E or later interface ethernet Configures a physical Ethernet interface.
Parameters node/slot/port — Enter the physical port interface information for the Management interface. Default Enabled Command Mode CONFIGURATION Usage Information You cannot delete a Management port. To assign an IP address to the Management port, use the ip address command. Example OS10(config)# interface mgmt 1/1/1 OS10(conf-if-ma-1/1/1)# Supported Releases 10.2.0E or later interface null Configures a null interface on the switch.
interface range Configures a range of Ethernet, port-channel, or VLAN interfaces for bulk configuration. Syntax interface range {ethernet node/slot/port[:subport]-node/slot/port[:subport], [...]} | {port-channel IDnumber-IDnumber,[ ...]} | vlan vlanID-vlanID,[...]} Parameters • node/slot/port[:subport]-node/slot/port[:subport] — Enter a range of Ethernet interfaces. • IDnumber-IDnumber — Enter a range of port-channel numbers (1 to 128). • vlanID-vlanID — Enter a range VLAN ID numbers (1 to 4093).
link-bundle-utilization Configures link-bundle utilization. Syntax link-bundle-utilization trigger-threshold value Parameters value — Enter the percentage of port-channel bandwidth that triggers traffic monitoring on port-channel members (0 to 100). Default Disabled Command Mode CONFIGURATION Usage Information None Example OS10(config)# link-bundle-utilization trigger-threshold 10 Supported Releases 10.2.
Example • The no version of the command resets port-group interfaces to the default Ethernet port mode/speed. Use the no mode command before you reset the mode on an interface. • To configure oversubscription on a FC interface, use the speed command. • To configure breakout interfaces on an Ethernet port, use the interface breakout command. • To view the currently active ports and subports, use the show interfaces status command.
– The port channel link MTU and IP MTU must be less than or equal to the link MTU and IP MTU values configured on the channel members. For example, if the members have a link MTU of 2100 and an IP MTU 2000, the port channel’s MTU values cannot be higher than 2100 for link MTU or 2000 bytes for IP MTU. • VLANS – All members of a VLAN must have same IP MTU value. – Members can have different link MTU values.
create and disables L3 transmission. The no version of the command disables L2 VLAN scaling. To enable L3 routing traffic on a VLAN, use the mode L3 command. Example OS10(config)# scale-profile vlan Supported Releases 10.4.0E(X2) or later show discovered-expanders NOTE: This command will be supported in future releases. Syntax show discovered-expanders show interface Displays interface information.
Queuing strategy: fifo Input statistics: 0 packets, 0 octets 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts, 0 Unicasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output statistics: 0 packets, 0 octets 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts, 0 Unicasts 0 throttles, 0 discarded,
1/1/2 1/1/3 1/1/4 1/1/5 1/1/6 1/1/7 1/1/8 1/1/9 1/1/10 1/1/11 1/1/12 1/1/13 1/1/14 1/1/15 1/1/16 1/1/17 1/1/18 ...
22 port-channel22 (U) Eth STATIC 1/1/2(D) 1/1/3(P) 23 port-channel23 (D) Eth DYNAMIC 1/1/4(I) Example (Interface) OS10(conf-range-eth1/1/10-1/1/11,1/1/13,1/1/14)# do show port-channel summary Flags: D - Down U - member up but inactive P - member up and active U - Up (port-channel) Group Port-Channel Type Protocol Member Ports 22 port-channel22 (U) Eth STATIC 1/1/10(P) 1/1/11(P) 1/1/12(P) 1/1/13(P) 1/1/14(P) 1/1/15(P) 1/1/16(P) 1/1/17(P) 1/1/18(P) 1/1/19(P) 23 port-channel23 (D) Eth STATIC OS10(config)# int
show switch-operating-mode Displays the current operating mode of a supported switch. Syntax show switch-operating-mode Parameters None Command Mode EXEC Usage Information Some OS10 switches operate in Full Switch and SmartFabric modes. The default is Full Switch mode. Example OS10# show switch-operating-mode Switch-Operating-Mode : Smart Fabric Mode Supported Releases 10.4.0E(R3) or later show switch-port-profile Displays the current and default port profile on a switch.
show vlan Displays the current VLAN configuration. Syntax show vlan [vlan-id] Parameters vlan-id — (Optional) Enter a VLAN ID (1 to 4093). Default Not configured Command Mode EXEC Usage Information None Example OS10# show vlan Codes: * - Default VLAN, M - Management VLAN, R - Remote Port Mirroring VLANs Q: A - Access (Untagged), T - Tagged NUM Status Description Q Ports 1 down Supported Releases 10.2.0E or later shutdown Disables an interface.
• 16 — 16GFC • 32 — 32GFC • auto — Set the port speed to the speed of the installed media. Defaults Auto Command Mode INTERFACE Usage Information The speed command is supported only on the Management and Fibre Channel interfaces. This command is not supported on Ethernet interfaces. • To configure oversubscription for bursty storage traffic on a FC interface, use the speed command. Oversubscription allows a port to operate faster, but may result in traffic loss.
switch-port-profile Configures a port profile on the switch. The port profile determines the available front-panel ports and breakout modes. Syntax Parameters switch-port-profile node/unit profile • node/unit — Enter switch information. For a standalone switch, enter 1/1. • profile — Enter the name of a platform-specific profile.
– profile-2 — SFP+ unified ports (1-24), QSFP28 unified ports (25-26 and 29-30), QSFP+ Ethernet ports (27-28), and SFP+ Ethernet ports (31-54) are enabled. ◦ SFP+ unified ports operate in Ethernet 10GE mode by default. SFP+ unified port groups support 4x8GFC and 2x16GFC breakouts (ports 1 and 3) in FC mode. ◦ QSFP28 unified ports 25 and 29 operate in Ethernet 100GE mode by default, and support 40GE with QSFP+ transceivers and 4x10G breakouts.
switchport access vlan Assigns access VLAN membership to a port in L2 access or trunk mode. Syntax switchport access vlan vlan-id Parameters vlan vlan-id — Enter the VLAN ID number (1 to 4093). Default VLAN 1 Command Mode INTERFACE Usage Information This command enables L2 switching for untagged traffic and assigns a port interface to default VLAN 1. Use this command to change the assignment of the access VLAN that carries untagged traffic.
switchport trunk allowed vlan Configures the tagged VLAN traffic that a L2 trunk interface can carry. An L2 trunk port has no tagged VLAN membership and does not transmit tagged traffic. Syntax switchport trunk allowed vlan vlan-id-list Parameters vlan-id-list — Enter the VLAN numbers of the tagged traffic that the L2 trunk port can carry. Commaseparated and hyphenated VLAN number ranges are supported.
3 Fibre Channel OS10 switches with Fibre Channel (FC) ports operate in one of the following modes: Direct attach (F_Port), NPIV Proxy Gateway (NPG), or FIP Snooping Bridge (FSB). In the FSB mode, you cannot use the FC ports. OS10 switches with Ethernet ports operate in FIP Snooping Bridge (FSB). F_Port Fibre Channel fabric port (F_Port) is the switch port that connects the FC fabric to a node. S4148U-ON switches support F_Port.
An Ethernet switch configured to operate in FSB mode snoops FIP packets on FCoE enabled VLANs and discovers the following information: • End nodes (ENodes) • Fibre Channel Forwarder (FCF) • Connections between ENodes and FCFs • Sessions between ENodes and FCFs NOTE: OS10 supports multiple ENodes in F_Port mode. Using the discovered information, the switch installs ACL entries that provide security and point-to-point link emulation.
Zoning allows you to increase network security by partitioning the devices connected to the vfabric into subsets. Partitioning restricts unnecessary interactions between the members of vfabric. See also Fibre Channel zoning. After configuring a vfabric ID, you can create a name, associate a VLAN to carry traffic to the vfabric, configure FCoE parameters, configure the default zone, and activate the zoneset. NOTE: Do not associate a VLAN that is already in use, as a vfabric VLAN.
fibrechannel1/1/3 fibrechannel1/1/4 fibrechannel1/1/5 fibrechannel1/1/6 fibrechannel1/1/7 fibrechannel1/1/8 fibrechannel1/1/9 fibrechannel1/1/10 fibrechannel1/1/11 fibrechannel1/1/12 fibrechannel1/1/15 fibrechannel1/1/17 fibrechannel1/1/18 fibrechannel1/1/19 fibrechannel1/1/20 fibrechannel1/1/21 fibrechannel1/1/22 fibrechannel1/1/23 fibrechannel1/1/24 fibrechannel1/1/25:1 fibrechannel1/1/29:1 fibrechannel1/1/30:1 fibrechannel1/1/30:3 ========================================== Configure vfabric in NPG mode 1
FCF Priority 128 FKA-Adv-Period Enabled,8 Config-State ACTIVE Oper-State DOWN ========================================== Members ========================================== OS10# show running-configuration vfabric ! vfabric 10 name 10 vlan 100 fcoe fcmap 0xEFC01 fcoe fcf-priority 128 fcoe fka-adv-period 8 fcoe vlan-priority 3 Fibre Channel zoning Fibre Channel (FC) zoning partitions a FC fabric into subsets to restrict unnecessary interactions, improve security, and manage the fabric more effectively.
OS10(conf-vfabric-100)# zoneset activate set OS10(conf-vfabric-100)# zone default-zone permit View FC zone configuration OS10(config-fc-zone-hba1)# show configuration ! fc zone hba1 member wwn 21:00:00:24:ff:7b:f5:c8 member wwn 10:00:00:90:fa:b8:22:19 OS10# show fc zone Zone Name Zone Member ================================================= hba1 21:00:00:24:ff:7b:f5:c8 10:00:00:90:fa:b8:22:19 hba2 20:01:00:0e:1e:e8:e4:99 50:00:d3:10:00:ec:f9:1b 50:00:d3:10:00:ec:f9:05 50:00:d3:10:00:ec:f9:1f 20:35:78:2b:cb
You can configure only one vfabric in F_Port mode. You can apply the configured vfabric to multiple Ethernet interfaces. You can also add the Ethernet interfaces to a port-channel and apply the vfabric to the port-channel.
Example OS10(config)# fc zone hba1 OS10(config-fc-zone-hba1)# member wwn 10:00:00:90:fa:b8:22:19 OS10(config-fc-zone-hba1)# member wwn 21:00:00:24:ff:7b:f5:c8 Supported Releases 10.3.1E or later fc zoneset Creates an FC zoneset and adds the existing FC zones to the zoneset. Syntax fc zoneset zoneset-name Parameters zoneset-name — Enter a name for the FC zoneset.
• fc-id — Enter the FC ID name. Defaults Not configured Command Mode Alias CONFIGURATION Usage Information The no version of this command removes the member from the FC alias. Example OS10(config)# fc alias test OS10(config-fc-alias-test)# member wwn 21:00:00:24:ff:7b:f5:c9 OS10(config-fc-alias-test)# member wwn 20:25:78:2b:cb:6f:65:57 Supported Releases 10.3.1E or later member (zone) Adds members to existing zones. Identify a member by an FC alias, a World Wide Name (WWN), or an FC ID.
show fc alias Displays the details of a FC alias and its members. Syntax show fc alias [alias-name] Parameters alias-name — (Optional) Enter the FC alias name. Default Not configured Command Mode EXEC Usage Information None Example OS10# show fc alias Alias Name Alias Member ============================================== test 21:00:00:24:ff:7b:f5:c9 20:25:78:2b:cb:6f:65:57 OS10# Supported Releases 10.3.
Usage Information None Example OS10# show fc ns switch Total number of devices = 2 Example (brief) Supported Releases Switch Name Domain Id Switch Port FC-Id Port Name Node Name Class of Service Symbolic Port Name Symbolic Node Name Port Type Registered with NameServer Registered for SCN 10:00:14:18:77:20:8d:cf 100 fibrechannel1/1/25:1 64:64:00 10:00:00:90:fa:b8:22:19 20:00:00:90:fa:b8:22:19 12 Switch Name Domain Id Switch Port FC-Id Port Name Node Name Class of Service Symbolic Port Name Symbolic N
10:00:00:90:fa:b8:22:19 21:00:00:24:ff:7f:ce:ee 21:00:00:24:ff:7f:ce:ef 20:01:00:0e:1e:e8:e4:99 50:00:d3:10:00:ec:f9:1b 50:00:d3:10:00:ec:f9:05 50:00:d3:10:00:ec:f9:1f 20:35:78:2b:cb:6f:65:57 hba2 Example (with zone name) OS10# show fc zone hba1 Supported Releases 10.3.
Example (active zoneset) OS10# show fc zoneset active vFabric id: 100 Active Zoneset: set ZoneName ZoneMember =========================================================== hba2 20:01:00:0e:1e:e8:e4:99 20:35:78:2b:cb:6f:65:57 50:00:d3:10:00:ec:f9:05 50:00:d3:10:00:ec:f9:1b 50:00:d3:10:00:ec:f9:1f hba1 Example (with zoneset name) *10:00:00:90:fa:b8:22:19 *21:00:00:24:ff:7b:f5:c8 21:00:00:24:ff:7f:ce:ee 21:00:00:24:ff:7f:ce:ef OS10# show fc zoneset set ZoneSetName ZoneName ZoneMember ========================
Parameters zoneset-name — Enter an existing zoneset name. Defaults Not configured Command Mode Vfabric CONFIGURATION Usage Information The no version of this command deactivates the zoneset. After you disable an active zoneset, the zone default-zone permit command configuration takes effect. Based on this configuration, the default zone allows or denies access between all the logged-in FC nodes of the vfabric.
Supported Releases 10.4.0E(R1) or later show npg devices Displays the NPG devices connected to the switch. Syntax show npg devices [brief] Parameters None Default Not configured Command Mode EXEC Usage Information Use the brief option to display minimum details.
Eth 1/1/31 20:01:d4:ae:52:1a:ee:54 100 Fc 1/1/20 10 FLOGI LOGGED_IN Eth 1/1/31 20:01:d4:ae:52:1a:ee:5f 100 Fc 1/1/20 10 FLOGI LOGGED_IN Eth 1/1/31 20:01:d4:ae:52:1a:f8:9c 100 Fc 1/1/20 10 FLOGI LOGGED_IN OS10# show npg devices brief Total NPG Devices = 4 ENode-Interface ENode-WWPN FCoE-Vlan Fabric-Intf Vfabric-Id LoginMethod Status -----------------------------------------------------------------------------Eth 1/1/31 20:01:d4:ae:52:1a:ee:54 100 Fc 1/1/20 10 FLOGI LOGGED_IN Eth 1/1/31 20:01:d4:ae:52:1a:ee:5
Defaults • fcmap—0x0EFC00 • fcf-priority—128 • fka-adv-period—8 • vlan-priority—3 • keep-alive—True Command Mode Vfabric CONFIGURATION Usage Information The no version of this command disables the FCoE parameters. Example OS10(config)# vfabric 10 OS10(conf-vfabric-10)# name OS10(conf-vfabric-10)# fcoe OS10(conf-vfabric-10)# fcoe OS10(conf-vfabric-10)# fcoe OS10(conf-vfabric-10)# fcoe Supported Releases 10 fcmap 0x0efc01 fcf-priority 128 fka-adv-period 8 vlan-priority 3 10.3.
Example (vfabric) OS10# show fc statistics vfabric 100 Number of FLOGI Number of FDISC Number of FLOGO Number of FLOGI Accepts Number of FLOGI Rejects Number of FDISC Accepts Number of FDISC Rejects Number of FLOGO Accepts Number of FLOGO Rejects : : : : : : : : : 43 6 0 43 0 6 0 0 0 Example (interface) OS10# show fc statistics interface fibrechannel1/1/25:1 Number of FLOGI : 1 Number of FDISC : 0 Number of FLOGO : 0 Number of FLOGI Accepts : 1 Number of FLOGI Rejects : 0 Number of FDISC Accepts : 0 Nu
vlan fcoe fcoe fcoe Supported Releases 100 fcmap 0xEFC00 fcf-priority 140 fka-adv-period 13 10.4.0E(R1) or later show vfabric Displays vfabric details.
fibrechannel1/1/30:3 ==================================== Supported Releases 10.3.1E or later vfabric Configures a virtual fabric (vfabric). Enable the F_Port before configuring a vfabric. You can configure only one vfabric in F_Port mode. The vfabric becomes active only when you configure the vfabric with a valid VLAN and FC map. Do not use spanned VLAN as vfabric VLAN. Syntax vfabric fabric-ID Parameters fabric-ID — Enter the fabric ID, from 1 to 255.
Defaults Not configured Command Mode Vfabric CONFIGURATION Usage Information The no version of this command removes the VLAN ID from the vfabric. Example OS10(config)# interface vlan 1023 10OS10(conf-if-vl-1023)# exit OS10(config)# vfabric 100 OS10(conf-vfabric-100)# vlan 1023 Supported Releases 10.3.1E or later FIP-snooping commands The following commands are supported on FIP-snooping mode: feature fip-snooping Enables the FIP snooping feature globally.
Supported Releases 10.4.0E(R1) or later fip-snooping fc-map Configure the FC map value for specific VLAN. Syntax fip-snooping fc-map fc-map Parameters fc-map — Enter the FC map ID, ranging from 0xefc00 to 0xefcff. Defaults Not configured Command Mode VLAN INTERFACE Usage Information The no version of this command disables the FC map configuration. Example OS10(config)# interface vlan 3 OS10(conf-if-vl-3)# fip-snooping fc-map 0xEFC64 Supported Releases 10.4.
Parameters • vlan-id — Enter the VLAN ID. • enode-mac-address — Enter the MAC address of ENode. • fcf-mac-address — Enter the MAC address of FCF. • fcoe-mac-address — Enter the MAC address of FCoE session. Default Not configured Command Mode EXEC Usage Information None Example OS10# clear fcoe database vlan 100 enode aa:bb:cc:00:00:00 Supported Releases 10.4.0E(R1) or later clear fcoe statistics Clears FCoE statistics for specified interface.
fcoe priority-bits Configures the priority bits for FCoE application TLVs. Syntax fcoe priority-bits priority-value Parameter priority-value — Enter PFC priority value advertised in FCoE application TLV. You can enter one of the following values: 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, or 0x80. Default 0x08 Command Mode CONFIGURATION Usage Information You can configure only one PFC priority at a time. The no version of this command returns the configuration to default value.
Default Not configured Command Mode EXEC Usage Information None Example OS10# show fcoe enode Enode MAC Enode Interface VLAN FCFs Sessions ----------------- ---------------- ---- ---- -------d4:ae:52:1b:e3:cd ethernet1/1/54 100 1 5 Supported Releases 10.4.0E(R1) or later show fcoe fcf Displays the details of FCFs connected to the switch. Syntax show fcoe [fcf-mac-address] Parameters fcf-mac-address — (Optional) Enter the MAC address of FCF. This option displays details of specified FCF.
show fcoe statistics Displays the statistical details of FCoE control plane. Syntax show fcoe statistics [interface interface-type] Parameters interface-type — (Optional) Enter the type of interface. This option displays statistics of the specified interface.
Supported Releases 10.4.0E(R1) or later show fcoe vlan Displays the details of FIP snooping operational VLANs and the attributes. Syntax show fcoe vlan Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show fcoe vlan * = Default VLAN VLAN FC-MAP FCFs Enodes ---- ------ ---- -----*1 100 0X0EFC00 1 2 Supported Releases Sessions -------17 10.4.
4 Layer 2 802.1X Verifies device credentials prior to sending or receiving packets using the Extensible Authentication Protocol (EAP) (see 802.1X Commands). Link Aggregation Control Protocol (LACP) Exchanges information between two systems and automatically establishes a LAG between the systems (see LACP Commands).
NOTE: OS10 supports only RADIUS as the back-end authentication server. The authentication process involves three devices: • Supplicant — The device attempting to access the network performs the role of supplicant. Regular traffic from this device does not reach the network until the port associated to the device is authorized. Prior to that, the supplicant can only exchange 802.1x messages (EAPOL frames) with the authenticator.
6 If the identity information the supplicant provides is valid, the authentication server sends an Access Accept frame in which network privileges are specified. The authenticator changes the port state to authorize and forwards an EAP Success frame. If the identity information is invalid, the server sends an Access Reject frame. If the port state remains unauthorized, the authenticator forwards an EAP Failure frame. EAP over RADIUS 802.
Enable 802.1X 1 Enable 802.1X globally in CONFIGURATION mode. dot1x system-auth-control 2 Enter an interface or a range of interfaces in INTERFACE mode. interface range 3 Enable 802.1X on the supplicant interface only in INTERFACE mode. dot1x port-control auto Configure and verify 802.
Identity retransmissions If the authenticator sends a Request Identity frame but the supplicant does not respond, the authenticator waits 30 seconds and then retransmits the frame. There are several reasons why the supplicant might fail to respond — the supplicant may have been booting when the request arrived, there may be a physical layer problem, and so on.
Failure quiet period If the supplicant fails the authentication process, the authenticator sends another Request Identity frame after 30 seconds by default. The quiet period is a transmit interval time after a failed authentication. The Request Identity Re-transmit interval is for an unresponsive supplicant. You can configure the interval for a maximum of 10 times for an unresponsive supplicant.
force-authorized (default) This is an authorized state. A device connected to this port does not use the authentication process but can communicate on the network. Placing the port in this state is same as disabling 802.1X on the port. forceauthorized is the default mode. force-unauthorized This is an unauthorized state. A device connected to a port does not use the authentication process but is not allowed to communicate on the network.
Configure and verify reauthentication time period OS10(config)# interface range ethernet 1/1/7-1/1/8 OS10(conf-range-eth1/1/7-1/1/8)# dot1x re-authentication OS10(conf-range-eth1/1/7-1/1/8)# dot1x timeout re-authperiod 3600 OS10(conf-range-eth1/1/7-1/1/8)# show dot1x interface ethernet 1/1/7 802.
Port Auth Status: Re-Authentication: Tx Period: Quiet Period: Supplicant Timeout: Server Timeout: Re-Auth Interval: Max-EAP-Req: Host Mode: Auth PAE State: Backend State: UNAUTHORIZED Enable 120 seconds 120 seconds 45 seconds 60 seconds 3600 seconds 5 MULTI_HOST Initialize Initialize View interface running configuration OS10(conf-range-eth1/1/7-1/1/8)# do show running-configuration interface ...
Supported Releases 10.2.0E or later dot1x max-req Changes the maximum number of requests that the device sends to a supplicant before restarting 802.1X authentication. Syntax dot1x max-req retry-count Parameters max-req retry-count — Enter the retry count for the request sent to the supplicant before restarting 802.1X reauthentication (1 to 10). Default 2 Command Mode INTERFACE Usage Information The no version of this command resets the value to the default.
Example OS10(conf-range-eth1/1/7-1/1/8)# dot1x re-authentication Supported Releases 10.2.0E or later dot1x timeout quiet-period Sets the number of seconds that the device remains in quiet state following a failed authentication exchange with a supplicant. Syntax dot1x timeout quiet-period seconds Parameters quiet period seconds — Enter the number of seconds for the 802.1X quiet period timeout (1 to 65535).
dot1x timeout supp-timeout Sets the number of seconds that the device waits for the supplicant to respond to an EAP request frame before the device retransmits the frame. Syntax dot1x timeout supp-timeout seconds Parameters supp-timeout seconds — Enter the number of seconds for the 802.1X supplicant timeout (1 to 65535). Default 30 seconds Command Mode INTERFACE Usage Information The no version of this command resets the value to the default.
show dot1x interface Displays 802.1X configuration information. Syntax show dot1x interface ethernet node/slot/port[:subport] Parameters ethernet node/slot/port[:subport] — Enter the Ethernet interface information. Command Mode EXEC Usage Information Use this command to view the dot1x interface configuration for a specific interface. Example OS10# show dot1x interface 802.1x information on ethernet1/1/1 ------------------------------------Dot1x Status: Enable 802.
Link Aggregation Control Protocol Group Ethernet interfaces to form a single link layer interface called a LAG or port-channel. Aggregating multiple links between physical interfaces creates a single logical LAG, which balances traffic across the member links within an aggregated Ethernet bundle and increases the uplink bandwidth. If one member link fails, the LAG continues to carry traffic over the remaining links.
Configure LACP OS10(config)# lacp system-priority 65535 OS10(config)# interface range ethernet 1/1/7-1/1/8 OS10(conf-range-eth1/1/7-1/1/8)# lacp port-priority 4096 OS10(conf-range-eth1/1/7-1/1/8)# lacp rate fast Verify LACP configuration OS10(conf-range-eth1/1/7-1/1/8)# do show running-configuration ... ! interface ethernet1/1/7 lacp port-priority 4096 lacp rate fast no shutdown ! interface ethernet1/1/8 lacp port-priority 4096 lacp rate fast no shutdown ! ...
Configure LACP timeout OS10(conf-if-eth1/1/29)# lacp rate fast View port status OS10# show lacp port-channel Port-channel 20 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address f8:b1:56:00:02:33 Partner System ID: Priority 4096, Address 10:11:22:22:33:33 Actor Admin Key 20, Oper Key 20, Partner Oper Key 10 LACP LAG ID 20 is an aggregatable link A - Active LACP, B - Passive LACP, C - Short Timeout, D - Long Timeout E - Aggregatable Link, F - Individual Link, G - IN_SYNC, H - OUT_OF_SYNC, I
Bravo LAG configuration summary OS10(config)# interface port-channel 1 OS10(conf-if-po-1)# exit OS10(config)# interface ethernet 1/1/49 OS10(conf-if-eth1/1/49)# no switchport OS10(conf-if-eth1/1/49)# channel-group 1 mode active OS10(conf-if-eth1/1/49)# interface ethernet 1/1/50 OS10(conf-if-eth1/1/50)# no switchport OS10(conf-if-eth1/1/50)# channel-group 1 mode active OS10(conf-if-eth1/1/50)# interface ethernet 1/1/51 OS10(conf-if-eth1/1/51)# no switchport OS10(conf-if-eth1/1/51)# channel-group 1 mode activ
0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 465 discarded Output statistics: 7840 packets, 938965 octets 0 64-byte pkts,1396 over 64-byte pkts, 6444 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 7840 Multicasts, 0 Broadcasts,0 Unicasts 0 throttles, 0 discarded, 0 Collisions, 0 wreddrops Rate Info(interval 299 seconds): Input 0 Mbits/sec, 0 packets/sec, 0% of line rate Output 0 Mbits/sec, 1 packets/sec, 0% of line rate Time since last interface status change : 01:2
Actor Admin: State Key 1 Priority 32768 Oper: State Key 1 Priority 32768 Partner Admin: State Key 0 Priority 0 Oper: State Key 1 Priority 32768 Port ethernet1/1/31 is Enabled, LACP is enabled and mode is lacp Actor Admin: State Key 1 Priority 32768 Oper: State Key 1 Priority 32768 Partner Admin: State Key 0 Priority 0 Oper: State Key 1 Priority 32768 Verify LAG membership OS10# show lacp interface ethernet 1/1/29 Interface ethernet1/1/29 is up Channel group is 1 port channel is po1 PDUS sent: 17 PDUS rcvd:
When the switch starts receiving LACP PDU, OS10 ungroups the statically added member port from LACP port-channel and resumes with normal LACP functionality.. When you enable LACP fallback, the port that comes up is selected based on the following: • LACP port priority configuration allows deterministic port allocation. The port with the least priority is placed in the active state when a port-channel is in LACP fallback mode.
In the above scenario, LACP fallback works as follows: 1 The ToR/server boots up. 2 The switch detects the link that is up and checks fallback enabled status. If fallback is enabled, the device waits for the time-out period for any LACP BPDUs. If there are no LACP BPDUs received within the time period, then the LAG enters into fallback mode and adds the first operationally UP port to the port-channel instead of placing it in an inactive state. 3 Now the ToR/server has one port up and active.
In the above scenario, LACP fallback works as follows: 1 The ToR/server boots up. 2 One of the VLT peers takes care of controlling the LACP fallback mode. All events are sent to the controlling VLT peer for deciding the port that should be brought up and then the decision is passed on to peer devices. 3 The controlling VLT peer can decide to bring up one of the ports in either the local port-channel or in the peer VLT port-channel.
• on — Enter so that the interface is not part of a dynamic LAG but acts as a static LAG member. • passive — Enter to only enable LACP if it detects a device. The interface is in the Passive Negotiation state when the port responds to the LACP packets that it receives but does not initiate negotiation until it detects a device. Default Not configured Command Mode INTERFACE Usage Information When you delete the last physical interface from a port-channel, the port-channel remains.
Usage Information The no version of this command disables LACP fallback mode. Example OS10# configure terminal OS10(config)# interface port-channel 1 OS10(conf-if-po-1)# lacp fallback enable Supported Releases 10.3.2E(R3) or later lacp fallback preemption Enables or disables LACP fallback port preemption. Syntax Parameters lacp fallback preemption {enable | disable} • enable—Enables preemption on the port-channel. • disable—Disables preemption on the port-channel.
Example OS10# configure terminal OS10(config)# interface port-channel 1 OS10(conf-if-po-1)# lacp fallback timeout 20 Supported Releases 10.3.2E(R3) or later lacp max-bundle Configures the maximum number of active members allowed in a port-channel. Syntax lacp max-bundle max-bundle-number Parameters max-bundle-number — Enter the maximum bundle size (1 to 32). Default 32 Command Mode INTERFACE Usage Information The no version of this command resets the maximum bundle size to the default value.
Command Mode INTERFACE Usage Information Change the LACP timer rate to modify the duration of the LACP timeout. The no version of this command resets the rate to the default value. Example OS10(conf-range-eth1/1/7-1/1/8)# lacp rate fast Supported Releases 10.2.0E or later lacp system-priority Sets the system priority of the device for LACP. Parameters priority — Enter the priority value for physical interfaces (0 to 65535).
Ethernet1/13 --more-Supported Releases 492 485 0 0 0 0 0 10.2.0E or later show lacp interface Displays information about specific LACP interfaces. Syntax show lacp interface ethernet node/slot/port Parameters node/slot/port — Enter the interface information. Default Not configured Command Mode EXEC Usage Information The LACP_activity field displays if you configure the link in Active or Passive port-channel mode.
show lacp neighbor Displays information about LACP neighbors. Syntax Parameters show lacp neighbor [interface port-channel channel-number] • interface port-channel — (Optional) Enter the interface port-channel. • channel-number — (Optional) Enter the port-channel number for the LACP neighbor (1 to 128). Default Not configured Command Mode EXEC Usage Information All channel groups display if you do not enter the channel-number parameter.
Actor Admin: State BCFHJKNO Key 1 Priority 32768 Oper: State BDEGIKNO Key 1 Priority 32768 Partner Admin: State BCEGIKNP Key 0 Priority 0 Oper: State BDEGIKMO Key 1 Priority 32768 Supported Releases 10.2.0E or later show lacp system-identifier Displays the LACP system identifier for a device.
LAN devices transmit LLDPDUs, which encapsulate TLVs, to neighboring LAN devices. LLDP is a one-way protocol and LAN devices (LLDP agents) transmit and/or receive advertisements but they cannot solicit and do not respond to advertisements. There are three mandatory TLVs followed by zero or more optional TLVs and the end of the LLDPDU TLV.
Organizationally-specific TLVs There are eight TLV types defined by the 802.1 and 802.3 working groups as a basic part of LLDP. Configure OS10 to advertise any or all of these TLVs. Optional TLVs 4 — Port description User-defined alphanumeric string that describes the port. 5 — System name User-defined alphanumeric string that identifies the system. 6 — System description Detailed description of all components of the system. 7 — System capabilities Determines the capabilities of the system.
Media endpoint discovery LLDP media endpoint discovery (LLDP-MED) provides additional organizationally-specific TLVs to allow endpoint devices and network connectivity devices to advertise their characteristics and configuration information. LLDP-MED endpoint devices are located at the IEEE 802 LAN network edge and participate in IP communication service using the LLDPMED framework, such as IP phones and conference bridges.
LLDP-MED capabilities Bit 0 LLDP-MED capabilities Bit 1 Network policy Bit 2 Location ID Bit 3 Extended power via MDI-PSE Bit 4 Extended power via MDI-PD Bit 5 Inventory Bits 6-15 Reserved LLDP-MED device types 0 Type not defined 1 Endpoint class 1 2 Endpoint class 2 3 Endpoint class 3 4 Network connectivity 5-255 Reserved Network policies TLVs A network policy in the context of LLDP-MED is a device’s VLAN configuration and associated Layer 2 and Layer 3 configurations.
0 — Reserved — 1 — Voice Used for dedicated IP telephony handsets and other appliances supporting interactive voice services. 2 — Voice signaling Used only if voice control packets use a separate network policy than voice data. 3 — Guest voice Used only for a separate limited voice service for guest users with their own IP telephony handsets and other appliances supporting interactive voice services.
2 Enter the multiplier value for the hold time in CONFIGURATION mode. lldp holdtime-multiplier 3 Enter the delay (in seconds) for LLDP initialization on any interface in CONFIGURATION mode.
Enable LLDP OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# lldp transmit OS10(conf-if-eth1/1/1)# lldp receive Disable LLDP globally OS10(config)# no lldp enable Disable and re-enable LLDP on management ports By default, LLDP is enabled on management ports. You can disable or enable the following LLDP configurations on management ports. 1 Disable the LLDPDU transmit or receive. no lldp transmit no lldp receive 2 Disable LLDP TLVs.
Configure advertise TLVs OS10(conf-if-eth1/1/3)# lldp tlv-select basic-tlv system-name OS10(conf-if-eth1/1/1)# lldp tlv-select dot3tlv macphy-config max-framesize OS10(conf-if-eth1/1/3)# lldp tlv-select dot1tlv link-aggregation Network policy advertisement LLDP-MED is enabled on all interfaces by default. Configure OS10 to advertise LLDP-MED TLVs out of configured interfaces. Define LLDPMED network policies before applying the policies to an interface. Attach only one network policy per interface.
• Enable fast start repeat count which is the number of packets sent during activation in CONFIGURATION mode (1 to 10, default 3). lldp-med fast-start-repeat-count number Configure fast start repeat count OS10(config)# lldp med fast-start-repeat-count 5 View LLDP configuration • View the LLDP configuration in EXEC mode. show running-configuration • View LLDP error messages in EXEC mode. show lldp errors • View LLDP timers in EXEC mode. show lldp timers • View the LLDP traffic in EXEC mode.
Total Total Total Total Total Total Med Med Med Med Med Med Frames In : Frames Discarded : TLVS Discarded : Capability TLVS Discarded: Policy TLVS Discarded : Inventory TLVS Discarded : 0 0 0 0 0 0 Adjacent agent advertisements • • • View brief information about adjacent devices in EXEC mode. show lldp neighbors View all information that neighbors are advertising in EXEC mode. show lldp neighbors detail View all interface-specific information that neighbors are advertising in EXEC mode.
Extended Power via MDI - PD, Inventory Management Device Class: Endpoint Class 3 Network Policy: Application: voice, Tag: Tagged, Vlan: 50, L2 Priority: 6, DSCP Value: 46 Inventory Management: H/W Revision : 12.1.1 F/W Revision : 10.1.9750B S/W Revision : 10.1.9750B Serial Number : B11G152 Manufacturer : Dell Model : S6010-ON Asset ID : E1001 Power-via-MDI: Power Type: PD Device Power Source: Local and PSE Power Priority: Low Power required: 6.
clear lldp counters Clears LLDP and LLDP-MED transmit, receive, and discard statistics from all the physical interfaces. Syntax clear lldp counters Parameters None Default Not configured Command Mode EXEC Usage Information The counter default value resets to zero for all physical interfaces. Example OS10# clear lldp counters Supported Releases 10.2.0E or later clear lldp table Clears LLDP neighbor information for all interfaces.
lldp holdtime-multiplier Configures the multiplier value for the hold time (in seconds). Syntax lldp holdtime-multiplier integer Parameters integer — Enter the holdtime-multiplier value in seconds (2 to 10). Default 4 seconds Command Mode CONFIGURATION Usage Information Hold time is the amount of time (in seconds) that a receiving system waits to hold the information before discarding it. Formula: Hold Time = (Updated Frequency Interval) X (Hold Time Multiplier).
Supported Releases 10.2.0E or later lldp med network-policy Manually defines an LLDP-MED network policy. Syntax lldp-med network-policy number app {voice | voice-signaling | guest-voice | guestvoice-signaling | softphone-voice | streaming-video | video-conferencing | video-signaling} {vlan vlan-id vlan-type {tag | untag} priority priority dscp dscp value} Parameters • number — Enter a network policy index number (1 to 32).
Command Mode INTERFACE Usage Information Attach only one network policy for per interface. Example OS10(conf-if-eth1/1/5)# lldp med network-policy add 1 Supported Release 10.2.0E or later lldp med tlv-select Configures the LLDP-MED TLV type to transmit or receive. Syntax Parameters lldp med tlv-select {network—policy | inventory} • network-policy — Enable or disable the port description TLV. • inventory — Enable or disable the system TLV.
Usage Information The no version of this command resets the value to the default. Example OS10(config)# lldp reinit 5 Supported Releases 10.2.0E or later lldp timer Configures the rate (in seconds) at which LLDP packets send to the peers. Syntax lldp timer seconds Parameters seconds — Enter the LLDP timer rate in seconds (5 to 254). Default 30 seconds Command Mode CONFIGURATION Usage Information The no version of this command sets the LLDP timer back to its default value.
• link-aggregation — Enable the link aggregation TLV. Default Enabled Command Mode INTERFACE Usage Information The lldp tlv-select dot1tlv link-aggregation command advertises link aggregation as a dot1 TLV in the LLDPDUs. The no version of this command disables TLV transmissions. Example (Port) OS10(conf-if-eth1/1/3)# lldp tlv-select dot1tlv port-vlan-id Example (Link Aggregation) OS10(conf-if-eth1/1/3)# lldp tlv-select dot1tlv link-aggregation Supported Releases 10.2.
show lldp interface Displays the LLDP information advertised from a specific interface. Syntax show lldp interface ethernet node/slot/port[:subport] [med | local—device] Parameters • ethernet node/slot/port[:subport] — Enter the Ethernet interface information. • med — Enter the interface to view the MED information. • local-device — Enter the interface to view the local-device information.
Example OS10# Total Total Total Supported Release 10.2.0E or later show lldp errors Memory Allocation Failures: 0 Input Queue Overflows: 0 Table Overflows: 0 show lldp med Displays the LLDP MED information for all the interfaces. Syntax show lldp med Parameters None Default Not configured Command Mode EXEC Usage Information Use the show lldp interface command to view MED information for a specific interface.
show lldp neighbors Displays the status of the LLDP neighbor system information. Syntax show lldp neighbors [detail | interface ethernet node/slot/port[:subport]] Parameters • detail — View LLDP neighbor detailed information. • interface ethernet node/slot/port[:subport] — Enter the Ethernet interface information. Command Mode EXEC Usage Information This command status information includes local port ID, remote host name, remote port ID, and remote node ID.
Inventory Management: H/W Revision : 12.1.1 F/W Revision : 10.1.9750B S/W Revision : 10.1.9750B Serial Number : B11G152 Manufacturer : Dell Model : S6010-ON Asset ID : E1001 Power-via-MDI: Power Type: PD Device Power Source: Local and PSE Power Priority: Low Power required: 6.
Usage Information None Example OS10# show lldp tlv-select interface ethernet 1/1/4 port-description system-name system-description system-cababilities management-address port-vlan mac-phy-config link-aggregation max-frame-size Supported Releases 10.2.0E or later show lldp traffic Displays LLDP traffic information including counters, packets transmitted and received, discarded packets, and unrecognized TLVs.
show nework-policy profile Displays the network policy profiles. Syntax show network-policy profile [profile number] Parameters profile number — (Optional) Enter the network policy profile number (1 to 32). Default Not configured Command Mode EXEC Usage Information If you do not enter the network profile ID, all configured network policy profiles display.
Set Static MAC Address OS10(config)# mac address-table static 34:17:eb:f2:ab:c6 vlan 10 interface ethernet 1/1/5 MAC Address Table OS10 maintains a list of MAC address table entries. • View the contents of the MAC address table in EXEC mode.
Clear MAC Address Table OS10# clear mac address-table dynamic vlan 20 interface ethernet 1/2/20 MAC Commands clear mac address-table dynamic Clears L2 dynamic address entries from the MAC address table. Syntax Parameters clear mac address-table dynamic {all | address mac_addr | vlan vlan-id | interface {ethernet node/slot/port[:subport] | port-channel number}} • all — (Optional) Delete all MAC address table entries.
mac address-table static Configures a static entry for the L2 MAC address table. Syntax mac address-table static mac-address vlan vlan-id interface {ethernet node/ slot/port[:subport] | port-channel number} Parameters • mac-address — Enter the MAC address to add to the table in nn:nn:nn:nn:nn:nn format. • vlan vlan-id — Enter the VLAN to apply the static MAC address to (1 to 4093). • interface — Enter the interface type: – ethernet node/slot/port[:subport] — Enter the Ethernet information.
Usage Information The network device maintains static MAC address entries saved in the startup configuration file, and reboots and flushes dynamic entries.
3 Ensure the same region name is configured in all the bridges running MST. 4 (Optional) Configure the revision number. Configure MSTP When you enable MST globally, all L2 physical, port-channel, and VLAN interfaces are automatically assigned to MSTI zero (0). Within an MSTI, only one path from any one bridge to another is enabled for forwarding. • Enable MST in CONFIGURATION mode.
View VLAN instance mapping OS10# show spanning-tree mst configuration Region Name: force10 Revision: 100 MSTI VID 0 1,31-4093 1 2-10 2 11-20 3 21-30 View port forwarding/discarding state OS10# show spanning-tree msti 0 brief Spanning tree enabled protocol msti with force-version mst MSTI 0 VLANs mapped 1,31-4093 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 3417.4455.
ethernet1/1/9 ethernet1/1/10 Disb Disb 128.292 128.296 128 128 200000000 BLK 200000000 BLK 0 AUTO No Root selection MSTP determines the root bridge according to the lowest bridge ID. Assign a lower bridge priority to increase its likelihood of becoming the root bridge. • Assign a bridge priority number to a specific instance in CONFIGURATION mode (0 to 61440 in increments of 4096, default 32768). Use a lower priority number to increase the likelihood of the bridge to become a root bridge.
• Change the region revision number in MULTIPLE-SPANNING-TREE mode (0 to 65535, default 0). revision number Configure and verify region name OS10(conf-mstp)# name my-mstp-region OS10(conf-mstp)# do show spanning-tree mst config MST region name: my-mstp-region Revision: 0 MSTI VID 1 100 2 200-300 Modify parameters The root bridge sets the values for forward-delay, hello-time, max-age, and max-hops and overwrites the values set on other MST bridges.
ethernet1/1/6 128.280 128 500 BLK 0 32768 3417.4455.667f Interface Name Role PortID Prio Cost Sts Cost Link-type Edge -----------------------------------------------------------------ethernet1/1/5 Root 128.276 128 500 FWD 0 AUTO No ethernet1/1/6 Altr 128.280 128 500 BLK 0 AUTO No 128.150 Interface parameters Adjust two interface parameters to increase or decrease the likelihood that a port becomes a forwarding port. Port cost Value that is based on the interface type.
Configure EdgePort OS10(conf-if-eth1/1/4)# spanning-tree port type edge View interface status OS10# show spanning-tree interface ethernet 1/1/4 ethernet1/1/4 of MSTI 0 is designated Forwarding Edge port:yes port guard :none (default) Link type is point-to-point (auto) Boundary: YES bpdu filter :disable bpdu guard :disable bpduguard shutdown-onviolation :disable RootGuard: disable LoopGuard disable Bpdus (MRecords) sent 610, received 5 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ----
To clear Error Disabled state: 2 • Use the shutdown command on the interface. • Use the spanning-tree bpdufilter disable command to disable the BPDU guard on the interface. • Use the spanning-tree disable command to disable STP on the interface. Enable STP BPDU guard in INTERFACE mode. spanning-tree bpduguard enable • To shut down the port channel interface, all member ports are disabled in the hardware.
Boundary: NO bpdu filter : bpdu guard : bpduguard shutdown-onviolation :disable RootGuard: disable LoopGuard enable Bpdus (MRecords) sent 7, received 20 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ------------------------------------------------------------------------ethernet1/1/4 128.272 128 500 FWD 0 32769 90b1.1cf4.9d3b 128.
Usage Information By default, MSTP assigns system MAC as the region name. Two MST devices within the same region must share the same region name, including matching case. Example OS10(conf-mst)# name my-mst-region Supported Releases 10.2.0E or later revision Configures a revision number for the MSTP configuration. Syntax revision number Parameters number — Enter a revision number for the MSTP configuration (0 to 65535).
Default Disabled Command Mode INTERFACE Usage Information BPDU guard prevents a port from receiving BPDUs. If the port receives a BPDU, it is placed in the Error-Disabled state as a protective measure. Example OS10(conf-if-eth1/1/4)# spanning-tree bpduguard enable Supported Releases 10.2.0E or later spanning-tree disable Disables the spanning-tree mode configured with the spanning-tree mode command globally on the switch or on specified interfaces.
spanning-tree mode Enables an STP type (RSTP, Rapid-PVST+, or MST). Syntax spanning-tree mode {rstp | mst | rapid-pvst} Parameters • rstp — Sets the STP mode to RSTP. • mst — Sets the STP mode to MST. • rapid-pvst — Sets the STP mode to RPVST+. Default RPVST+ Command Mode CONFIGURATION Usage Information All STP instances are stopped in the previous STP mode, and are restarted in the new mode. You can also change to RSTP/MST mode.
spanning-tree msti Configures the MSTI, cost, and priority values for an interface. Syntax Parameters spanning-tree msti instance {cost cost | priority value} • msti instance — Enter the MST instance number (0 to 63). • cost cost — (Optional) Enter a port cost value (1 to 200000000).
spanning-tree mst disable Disables spanning tree on the specified MST instance. Syntax spanning-tree mst instance-number disable Parameters instance-number—Enter the instance number, ranging from 0 to 63. Default Enabled Command Mode CONFIGURATION Usage Information The no version of this command enables spanning tree on the specified MST instance. Example OS10(config)# spanning-tree mst 10 disable Supported Releases 10.4.
spanning-tree mst hello-time Sets the time interval between generation and transmission of MSTP BPDUs. Syntax spanning-tree mst hello-time seconds Parameters seconds — Enter a hello-time interval value in seconds (1 to 10). Default 2 seconds Command Mode CONFIGURATION Usage Information Dell EMC recommends increasing the hello-time for large configurations — especially configurations with multiple ports. The no version of this command resets the value to the default.
spanning-tree mst max-hops Configures the maximum hop count for a BPDU to travel before it is discarded. Syntax spanning-tree mst max-hops number Parameters number — Enter a maximum hop value (6 to 40). Default 20 Command Mode CONFIGURATION Usage Information A device receiving BPDUs waits until the max-hops value expires before discarding it. When a device receives the BPDUs, it decrements the received value of the remaining hops and uses the resulting value as remaining-hops in the BPDUs.
0 1 2 3 4 5 Supported Releases 1,7-4093 2 3 4 5 6 10.2.0E or later show spanning-tree msti Displays MST instance information. Syntax Parameters show spanning-tree msti [instance-number [brief | guard | interface interface]] • instance-number — (Optional) Displays MST instance information (0 to 63). • brief — (Optional) Displays MST instance summary information. • guard — (Optional) Displays which guard is enabled and current port state.
Example (Interface) OS10# show spanning-tree msti 1 interface ethernet 1/1/1 ethernet1/1/1 of vlan1 is root Forwarding Edge port:no (default) port guard :none (default) Link type is point-to-point (auto) Boundary :internal bpdu filter : bpdu guard : bpduguard shutdown-onviolation :disable RootGuard: disable LoopGuard disable Bpdus (MRecords) sent 3779, received 7 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID -----------------------------------------------------------ethernet1/1/1 128
By default, each VLAN instance is assigned default bridge priority 32768. For example, all three instances have the same forwarding topology. Traffic load balancing is not achievable with this kind of priority assignment. You must assign each instance a different priority to achieve load balancing, as shown in Load Balancing with RPVST+. Load balance and root selection All VLANs use the same forwarding topology — R2 is elected as the root and all 10G Ethernet ports have the same cost.
-----------------------------------------------------------------------ethernet1/1/5 128.276 128 500 FWD 0 32768 3417.4455.667f 128.146 ethernet1/1/6 128.280 128 500 BLK 0 32768 3417.4455.667f 128.150 Interface Name Role PortID Prio Cost Sts Cost Link-type Edge -------------------------------------------------------------ethernet1/1/5 Root 128.276 128 500 FWD 0 AUTO No ethernet1/1/6 Altr 128.280 128 500 BLK 0 AUTO No Select root bridge RPVST+ determines the root bridge.
ethernet1/1/5 128.276 128 500 FWD 0 4097 90b1.1cf4.a523 ethernet1/1/6 128.280 128 500 FWD 0 4097 90b1.1cf4.a523 ethernet1/1/7 128.284 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/8 128.288 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/9 128.292 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/10 128.296 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/11 128.300 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/12 128.304 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/13 128.
Executing IEEE compatible Spanning Tree Protocol Root ID Priority 24577, Address 90b1.1cf4.a523 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 24577, Address 90b1.1cf4.a523 We are the root of VLAN 1 Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ---------------------------------------------------------------------ethernet1/1/5 128.276 128 500 FWD 0 24577 90b1.1cf4.a523 128.276 ethernet1/1/6 128.
• Modify the hello-time (in seconds) in CONFIGURATION mode (1 to 10, default 2). With large configurations (involving more number of ports), Dell EMC recommends increasing the hello-time. spanning-tree vlan vlan-id hello-time seconds • Modify the max-age (in seconds) in CONFIGURATION mode (6 to 40, default 20).
Default Not configured Command Mode EXEC Usage Information Use this command to force the RPVST+ port to re-negotiate with neighbors. If you use this command without parameters, the command applies to each device port. Example OS10# clear spanning-tree detected-protocol interface ethernet 1/1/1 Supported Release 10.2.0E or later show spanning-tree vlan Displays RPVST+ status and configuration information by VLAN ID.
Default Disabled Command Mode INTERFACE Usage Information Use the enable parameter to enable BPDU filtering. Example OS10(conf-if-eth1/1/4)# spanning-tree bpdufilter enable Supported Releases 10.2.0E or later spanning-tree bpduguard Enables or disables BPDU guard on an interface. Syntax Parameters spanning-tree bpduguard {enable | disable} • enable — Enables the BPDU guard filter on an interface. • disable — Disables the BPDU guard filter on an interface.
spanning-tree guard Enables or disables loop guard or root guard on an interface. Syntax spanning-tree guard {loop | root | none} Parameters • loop — Enables loop guard on an interface. • root — Enables root guard on an interface. • none — Sets the guard mode to none. Default Not configured Usage Information Root guard and loop guard configurations are mutually exclusive. Configuring one overwrites the other from the active configuration.
Command Mode INTERFACE Usage Information When you configure an EdgePort on a device running STP, the port immediately transitions to Forwarding state. Only configured ports connected to end hosts act as EdgePorts. Example OS10(config)# spanning-tree port type edge Supported Releases 10.2.0E or later spanning-tree vlan cost Sets the path cost of the interface per VLAN for PVST calculations.
spanning-tree vlan forward-time Configures a time interval for the interface to wait in Blocking state or Learning state before moving to Forwarding state. Syntax spanning-tree vlan vlan-id forward-time seconds Parameters • vlan-id— Enter a VLAN ID number (1 to 4093). • seconds — Enter the forward-delay time in seconds (4 to 30). Default 15 seconds Command Mode CONFIGURATION Usage Information None Example OS10(config)# spanning-tree vlan 10 forward-time 16 Supported Releases 10.2.
Example OS10(config)# spanning-tree vlan 10 hello-time 5 Supported Releases 10.2.0E or later spanning-tree vlan mac-flush-threshold Sets the threshold value to flush MAC addresses on specified VLAN. Syntax Parameters spanning-tree vlan vlan-id mac-flush-threshold threshold-value • vlan-id — Enter the VLAN ID number, ranging from 1 to 4093. • threshold-value—Enter the threshold value for the number of flushes, ranging from 0 to 65535. The default value is 0.
Usage Information The RPVST+ protocol determines the root bridge but you can assign one bridge a lower priority to increase the probability it being the root bridge. A lower priority value increases the probability of the bridge becoming a root bridge. Example OS10(config)# spanning-tree vlan 10 priority 0 Supported Releases 10.2.0E or later spanning-tree vlan priority (Interface) Sets an interface priority when two bridges compete for position as the root bridge.
2 Globally enable RSTP. Enable globally RSTP enables STP on all physical and port-channel interfaces which are in L2 mode to automatically include the interfaces as part of the RSTP topology. Only one path from any bridge to any other bridge is enabled. Bridges block a redundant path by disabling one of the link ports. • • • • • Configure spanning-tree mode to RSTP in CONFIGURATION mode. spanning-tree mode rstp Disable RSTP globally for all L2 interfaces in CONFIGURATION mode.
ethernet1/1/6:1 128.280 128 2000 FWD 0 32768 3417.4455.667f ethernet1/1/6:2 128.281 128 2000 FWD 0 32768 3417.4455.667f ethernet1/1/6:3 128.282 128 2000 FWD 0 32768 3417.4455.667f ethernet1/1/6:4 128.283 128 2000 BLK 0 32768 3417.4455.667f ethernet1/1/7 128.284 128 200000000 BLK 0 0 0000.0000.0000 ethernet1/1/8 128.288 128 200000000 BLK 0 0 0000.0000.0000 ethernet1/1/9 128.292 128 200000000 BLK 0 0 0000.0000.0000 ethernet1/1/10 128.296 128 200000000 BLK 0 0 0000.0000.0000 ethernet1/1/11 128.
• Port-channel with 1x40Gigabit Ethernet interface — 500 • Port-channel with 2x40Gigabit Ethernet interfaces — 250 • Change the forward-time in CONFIGURATION mode (4 to 30, default 15). spanning-tree rstp forward-time seconds • Change the hello-time in CONFIGURATION mode (1 to 10, default 2). With large configurations (especially those configurations with more ports) Dell EMC recommends increasing the hello-time.
We are the root Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ------------------------------------------------------------------ethernet1/1/1 244.128 128 500 BLK 0 32768 90b1.1cf4.9b8a 128.244 ethernet1/1/2 248.128 128 500 BLK 0 32768 90b1.1cf4.9b8a 128.248 ethernet1/1/3 252.128 128 500 FWD 0 32768 90b1.1cf4.9b8a 128.252 ethernet1/1/4 256.128 128 500 BLK 0 32768 90b1.1cf4.9b8a 128.
View interface status OS10# show spanning-tree interface ethernet 1/1/5 ethernet1/1/5 of RSTP 1 is designated Forwarding Edge port:yes port guard :none (default) Link type is point-to-point (auto) Boundary: YES bpdu filter :disable bpdu guard :disable bpduguard shutdown-onviolation :disable RootGuard: disable LoopGuard disable Bpdus (MRecords) sent 610, received 5 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ----------------------------------------------------------------------ethern
– loop — Set the guard type to loop. – none — Set the guard type to none. – root — Set the guard type to root.
RSTP commands clear spanning-tree counters Clears the counters for STP. Syntax Parameters clear spanning-tree counters [interface {ethernet node/slot/port[:subport] | port—channel number}}] • interface — Enter the interface type: – ethernet node/slot/port[:subport] — Deletes the spanning-tree counters from a physical port. – port-channel number — Deletes the spanning-tree counters for a port-channel interface (1 to 128).
ethernet1/1/1 ethernet1/1/2 ethernet1/1/3 ethernet1/1/4 Supported Releases Altr Altr Root Altr 128.244 128.248 128.252 128.256 128 128 128 128 500 500 500 500 BLK BLK FWD BLK 0 0 0 0 AUTO AUTO AUTO AUTO No No No No 10.2.0E or later show spanning-tree interface Displays spanning-tree interface information for Ethernet and port-channels.
spanning-tree bpduguard Enables or disables BPDU guard on an interface. Syntax Parameters spanning-tree bpduguard {enable | disable} • enable — Enables the BPDU guard filter on an interface. • disable — Disables the BPDU guard filter on an interface. Default Disabled Command Mode INTERFACE Usage Information BPDU guard prevents a port from receiving BPDUs. If the port receives a BPDU, it is placed in the Error-Disabled state as a protective measure.
Usage Information Root guard and loop guard configurations are mutually exclusive. Configuring one overwrites the other from the active configuration. Command Mode INTERFACE Example OS10(conf-if-eth1/1/4)# spanning-tree guard root Supported Releases 10.2.0E or later spanning-tree mode Enables an STP type (RSTP, Rapid-PVST+, or MST). Syntax spanning-tree mode {rstp | mst | rapid-pvst} Parameters • rstp — Sets the STP mode to RSTP. • mst — Sets the STP mode to MST.
spanning-tree rstp force-version Configures a forced version of spanning tree to transmit BPDUs. Syntax spanning-tree rstp force-version stp Parameters stp — Force the version for the BPDUs transmitted by RSTP. Default Not configured Command Mode CONFIGURATION Usage Information Forces a bridge that supports RSTP or MST to operate in a STP-compatible manner to avoid frame misordering and duplication in known LAN protocols that are sensitive.
spanning-tree rstp mac-flush-threshold Sets the threshold value to flush MAC addresses on RSTP instance. Syntax spanning-tree rstp mac-flush-threshold threshold-value Parameters threshold-value—Enter the threshold value for the number of flushes, ranging from 0 to 65535. The default value is 0. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the threshold value.
Virtual LANs VLANs segment a single flat L2 broadcast domain into multiple logical L2 networks. Each VLAN is uniquely identified by a VLAN ID or tag consisting of 12 bits in the Ethernet frame. VLAN IDs range from 1 to 4093 and can provide a total of 4093 logical networks. You can assign ports on a single physical device to one or more VLANs creating multiple logical instances on a single physical device.
Q: A-Access (Untagged), T-Tagged x-Dot1x untagged, X-Dot1x tagged G-GVRP tagged, M-Vlan-stack, H-VSN tagged i-Internal untagged, I-Internal tagged, v-VLT untagged, V-VLT tagged NUM Status Description Q Ports * 1 up A Eth1/1/2 1/1/3:2 1/1/3:3 1/1/3:4 1/1/4 1/1/5 1/1/6 1/1/7 1/1/8 1/1/9 1/1/10 1/1/11 1/1/12 1/1/13 1/1/14 1/1/15 1/1/16 1/1/17 1/1/18 1/1/19 1/1/20 1/1/21 1/1/22 1/1/23 1/1/24 1/1/25:1 1/1/25:2 1/1/25:3 1/1/25:4 1/1/26 1/1/27 1/1/28 1/1/30 1/1/32 A Po40 200 up T Eth1/1/3:2 T Po40 A Eth1/1/31 320
Vlan 320 is up, line protocol is up Address is , Current address is Interface index is 69209184 Internet address is not set MTU 1532 bytes LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 240 Last clearing of "show interface" counters Queueing strategy: fifo Time since last interface status change: Access mode An access port is an untagged member of only one VLAN. Configure a port in Access mode and configure which VLAN carries the traffic for that interface.
3 Enter the allowed VLANs on the trunk port in INTERFACE mode. switchport trunk allowed vlan vlan-id Configure port in trunk mode OS10(config)# interface ethernet 1/1/6 OS10(conf-if-eth1/1/6)# switchport mode trunk OS10(conf-if-eth1/1/6)# switchport trunk allowed vlan 108 View running configuration OS10# show running-configuration ... ! interface ethernet1/1/8 switchport mode trunk switchport trunk allowed vlan 108 no shutdown ! interface vlan1 no shutdown ! ...
Vlan 200 is up, line protocol is up Address is , Current address is Interface index is 69209064 Internet address is not set MTU 1532 bytes LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 240 Last clearing of "show interface" counters Queueing strategy: fifo Time since last interface status change: Vlan 320 is up, line protocol is up Address is , Current address is Interface index is 69209184 Internet address is 20.2.11.
ARP type: ARPA, ARP Timeout: 240 Last clearing of "show interface" counters Queueing strategy: fifo Time since last interface status change: Vlan 200 is up, line protocol is up Address is , Current address is Interface index is 69209064 Internet address is not set MTU 1532 bytes LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 240 Last clearing of "show interface" counters Queueing strategy: fifo Time since last interface status change: Vlan 320 is up, line protocol is up Address is , C
interface vlan Creates a VLAN interface. Syntax interface vlan vlan-id Parameters vlan-id — Enter the VLAN ID number (1 to 4093). Default VLAN 1 Command Mode CONFIGURATION Usage Information FTP, TFTP, MAC ACLs, and SNMP operations are not supported — IP ACLs are supported on VLANs only. The no version of this command deletes the interface. Example OS10(config)# interface vlan 10 OS10(conf-if-vl-10)# Supported Releases 10.2.0E or later show vlan Displays VLAN configurations.
• Encapsulated remote port monitoring (ERPM) — The port monitoring is performed on an L3 network. The traffic from the source port is encapsulated and forwarded to the destination port in another switch. Local port monitoring The local port monitoring monitors traffic from one or more ports from the switch to one or more ports on the same switch. For local port monitoring, the monitored source and monitoring destination ports are on the same device.
Session and VLAN requirements Remote port monitoring requires a source session (monitored ports on different source devices), a reserved tagged VLAN for transporting monitored traffic (configured on source, intermediate, and destination devices), and a destination session (destination ports connected to analyzers on destination devices).
Restrictions • When you use a source VLAN, enable flow-based monitoring (flow-based enable). • In a source VLAN, only received (rx) traffic is monitored. • In S5148F-ON, only received (rx) traffic is monitored. • You cannot configure a source port-channel or source VLAN in a source session if the port-channel or VLAN has a member port configured as a destination port in a remote port monitoring session.
• • • • • • • • • • • OS10 does not support ERPM destination session and decapsulation of ERPM packets at the destination switch. You can configure a maximum of 4 ERPM sessions with a maximum of 128 source ports in each session. You can configure these 4 ERPM sessions in one of the following methods: – Single directional with either 4 ingress or 4 egress sessions. – Bidirectional with 2 ingress and 2 egress sessions. You can monitor a source VLAN only through flow-based monitoring.
2 Return to CONFIGURATION mode. exit 3 Create an access list in CONFIGURATION mode. ip access-list access-list-name 4 Define access-list rules using seq, permit, and deny statements in CONFIG-ACL mode. The ACL rules describe the traffic you want to monitor. Flow monitoring is supported for IPv4 ACLs, IPv6 ACLs, and MAC ACLs.
Table 2. RPM on VLT scenarios Scenario Recommendation Mirror an orphan port or VLT LAG or VLTi member port to VLT LAG. The packet analyzer is connected to the TOR switch. The following is an example of recommended configuration on the peer VLT device: 1 Create RPM VLAN ! interface vlan 100 no shutdown remote-span ! 2 Create an L2 ACL for the RPM VLAN - RPM session and attach it to VLTi LAG interface.
Scenario Recommendation Mirror VLT LAG of TOR, or any port in the TOR to any orphan port — in the VLT device. Configure VLT nodes as intermediate device. The packet analyzer is connected to the TOR switch. Mirror VLT LAG to any orphan port on the same VLT device. The packet analyzer is connected to the local VLT device through the orphan port. If the packet analyzer is directly connected to the VLT peer in which the source session is configured, use local port monitoring instead of RPM.
Parameters interface-type — Enter the interface type for a local monitoring session. • ethernet node/slot/port[:subport] — Enter the Ethernet interface information as the destination. • port-channel id-number — Enter a port-channel number as the destination (1 to 128). • vlan vlan-id —Enter a VLAN ID as the destination (1 to 4093). remote-vlan vlan-id—Enter a remote VLAN ID as the destination for RPM monitoring session (1 to 4093).
Example OS10(conf-mon-erpm-source-10)# OS10(conf-mon-erpm-source-10)# Supported Releases 10.4.0E(R1) or later ip ttl 16 ip DSCP 63 monitor session Creates a session for monitoring traffic with port monitoring. Syntax monitor session session-id type [local | rpm-source | erpm-source] Parameters • session-id — Enter a monitor session ID (1 to 18). • local — (Optional) Enter a local monitoring session. • rpm-source — (Optional) Enter a remote monitoring session.
Example (all sessions) OS10# show monitor session all S.Id Source Destination Dir Mode Source IP Dest IP DSCP T ---------------------------------------------------------------------------------------1 ethernet1/1/1 remote-ip both port 11.11.11.1 11.11.11.11 0 2 9 ethernet1/1/9 both port N/A N/A N/A N 7 ethernet1/1/9 vlan40 both port N/A N/A N/A N 4 ethernet1/1/1 both port N/A N/A 0 2 Destination is not resolved 6 ethernet1/1/2 remote-ip both port 11.11.11.1 2.2.2.
Command Mode MONITOR-SESSION Usage Information None Example OS10(config)# monitor session 1 OS10(conf-mon-local-1)# source interface ethernet 1/1/7 rx OS10(config)# monitor session 5 type rpm-source OS10(conf-mon-rpm-source-5)# source interface ethernet 1/1/10 rx OS10(config)# monitor session 10 type erpm-source OS10(conf-mon-erpm-source-10)# source interface ethernet 1/1/5 rx Supported Releases 10.2.
5 Layer 3 Bidirectional Provides rapid failure detection in links with adjacent routers (see BFD commands). forwarding detection (BFD) Border Gateway Protocol (BGP) Provides an external gateway protocol that transmits inter-domain routing information within and between autonomous systems (see BGP Commands). Equal Cost MultiPath (ECMP) Provides next-hop packet forwarding to a single destination over multiple best paths (see ECMP Commands).
Configure management VRF OS10(config)# ip vrf management OS10(conf-vrf)# interface management You can enable various services in the either of the management or default VRF instances. Refer to the following table for the services supported in the management VRF instance and the default VRF instance. Table 3.
Application Management VRF Default VRF Non default VRF VRRP Yes Yes No Configuring a static route for a management VRF instance • Configure a static route that directs traffic to the management interface. CONFIGURATION management route ip-address mask managementethernet or management route ipv6-address prefixlength managementethernet You can also configure the management route to direct traffic to a physical interface in case of the management VRF instance. For example: management route 10.1.1.
3 Assign the interface to a non-default VRF. INTERFACE CONFIGURATION ip vrf forwarding vrf-test Before assigning a n interface to a VRF instance, ensure that no IP address is configured on the interface. NOTE: In the default configuration, the interface is in L3 mode and it does not have an IP address. You can associate an interface in L3 mode and with default configuration to a VRF. You can associate an interface only with one VRF instance.
ipv6 address 1::1/64 You can also auto configure an IPv6 address using the ipv6 address autoconfig command. Assigning an interface back to the default VRF instance To assign an interface back to the default VRF, perform the following steps: 1 Enter the interface that you want to assign back to the default VRF instance. CONFIGURATION interface ethernet 1/1/1 2 Remove the interfacet from L2 switching. INTERFACE no switchport 3 Assign the interface back to the default VRF instance.
CONFIGURATION no ip vrf vrf-name NOTE: You cannot delete the default VRF instance. Configuring a static route for a non-default VRF instance • Configure a static route in a non-default VRF instance. Static routes contain IP addresses of the next-hop neighbors that are reachable through the non-default VRF. These IP addresses could also belong to the interfaces that are part of the non-default VRF instance.
Figure 3. Setup VRF Interfaces The following example relates to the configuration shown in the above illustrations. Router 1 ip vrf blue ! ip vrf orange ! ip vrf green ! interface ethernet 1/1/1 no ip address no switchport no shutdown ! interface ethernet1/1/2 no shutdown no switchport ip vrf forwarding blue ip address 20.0.0.
ip address 30.0.0.1/24 ! interface ethernet1/1/4 no shutdown no switchport ip vrf forwarding green ip address 40.0.0.1/24 ! interface vlan128 mode L3 no shutdown ip vrf forwarding blue ip address 1.0.0.1/24 ! interface vlan192 mode L3 no shutdown ip vrf forwarding orange ip address 2.0.0.1/24 ! ! interface vlan256 mode L3 no shutdown ip vrf forwarding green ip address 3.0.0.1/24 ! ip route vrf green 30.0.0.0/24 3.0.0.
ip vrf forwarding orange ip address 2.0.0.1/24 ! interface vlan256 mode L3 no shutdown ip vrf forwarding green ip address 3.0.0.1/24 ! ip route vrf green 31.0.0.0/24 3.0.0.1 The following shows the output of the show commands on Router 1.
The following shows the output of the show commands on Router 2.
EXEC show ip vrf [vrf-name] VRF commands interface management Adds management interface to the management VRF instance. Syntax interface management Parameters None Default Not configured Command Mode VRF CONFIGURATION Usage Information The no version of this command removes the management interface from the management VRF instance. Example OS10(config)# ip vrf management OS10(conf-vrf)# interface management Supported Releases 10.4.
ip domain-name vrf Configures a domain name for the management VRF instance or any non-default VRF instance that you create. Syntax ip domain—name vrf {management | vrf-name} domain-name Parameters • management—Enter the keyword management to configure a domain name for the management VRF instance. • vrf-name—Enter the name of the non-default VRF instance to configure a domain name for that VRF instance. • domain-name—Enter the domain name.
Command Mode CONFIGURATION Usage Information The no version of this command removes the management VRF instance configuration from the FTP client. Example OS10(config)# ip ftp vrf management Supported Releases 10.4.0E(R1) or later ip host vrf Configures a host name for the management VRF instance or a non-default VRF instance and maps the host name to an IP/IPv6 address.
Parameters • management—Enter the keyword management to configure a DNS name server for the management VRF instance. • vrf-name—Enter the name of the non-default VRF instance to configure a DNS name server for that VRF instance. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the management or non-default VRF instance configuration from the name sever.
ip tftp vrf Configures a TFTP client for the management VRF instance. Syntax ip tftp vrf management Parameters None Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the management VRF instance configuration from the TFTP client. Example OS10(config)# ip tftp vrf management Supported Releases 10.4.0E(R1) or later ip vrf management Configures the management VRF instance.
Static Host to IP mapping Table =================================================================================== Host IP-Address ----------------------------------------------------------------------------------google.com 172.217.160.142 yahoo.com 98.139.180.180 Supported Releases 10.4.0E(R1) or later show ip vrf Displays the VRF instance information.
In addition, BFD sends a control packet when there is a state change or change in a session parameter. These control packets are sent without regard to transmit and receive intervals in a routing protocol. BFD is an independent and generic protocol, which all media, topologies, and routing protocols can support using any encapsulation. OS10 implements BFD at Layer 3 (L3) and with User Datagram Protocol (UDP) encapsulation.
BFD three-way handshake A BFD session requires a three-way handshake between neighboring routers. In the following example, the handshake assumes: • One router is active, and the other router is passive. • This is the first session established on this link. • The default session state on both ports is Down. 1 The active system sends a steady stream of control packets to indicate that its session state is Down, until the passive system responds.
BFD configuration Before you configure BFD for a routing protocol, first enable BFD globally on both routers in the link. BFD is disabled by default. • OS10 supports: – 64 BFD sessions at 100 minimum transmit and receive intervals with a multiplier of 4 – 100 BFD sessions at 200 minimum transmit and receive intervals with a multiplier of 3 • OS10 does not support Demand mode, authentication, and the Echo function. • OS10 does not support BFD on multi-hop and virtual links.
2 • multiplier number — Enter the number of consecutive packets that must not be received from a BFD peer before the session state changes to Down, from 3 to 50; default 3. • role {active | passive} — Enter active if the router initiates BFD sessions. Both BFD peers can be active at the same time. Enter passive if the router does not initiate BFD sessions, and only responds to a request from an active BFD to initialize a session. The default is active. Enable BFD globally in CONFIGURATION mode.
• Establish BFD sessions with all neighbors discovered by BGP using the bfd all-neighbors command. For example: Router 1 OS10(conf)# bfd enable OS10(conf)# router bgp 1 OS10(config-router-bgp-1)# neighbor 2.2.4.
OR Configure BFD sessions with all neighbors discovered by the BGP in ROUTER-BGP mode. The BFD session parameters you configure override the global session parameters configured in Step 1. bfd all-neighbors [interval milliseconds min_rx milliseconds multiplier number role {active | passive}] • interval milliseconds — Enter the time interval for sending control packets to BFD peers, from 100 to 1000; default 200. Dell EMC recommends using more than 100 milliseconds.
---------------------------------------------------------------------------* 150.150.1.2 150.150.1.1 vlan10 up 1000 1000 5 default bgp OS10# show bfd neighbors detail Session Discriminator: 1 Neighbor Discriminator: 2 Local Addr: 150.150.1.2 Local MAC Addr: 90:b1:1c:f4:ab:fd Remote Addr: 150.150.1.
Allow local AS number 0 times in AS-PATH attribute Prefixes ignored due to: Martian address 0, Our own AS in AS-PATH 0 Invalid Nexthop 0, Invalid AS-PATH length 0 Wellknown community 0, Locally originated 0 Local host: 20.1.1.2, Local port: 179 Foreign host: 20.1.1.1, Foreign port: 58248 BFD commands bfd Enables BFD sessions with specified neighbors.
Parameters Default • interval milliseconds — Enter the time interval for sending control packets to BFD peers, from 100 to 1000. Dell EMC recommends using more than 100 milliseconds. • min_rx milliseconds — Enter the maximum waiting time for receiving control packets from BFD peers, from 100 to 1000. Dell EMC recommends using more than 100 milliseconds.
bfd enable Enables BFD on all interfaces on the switch. Syntax bfd enable Parameters None Default BFD is disabled. Command Mode CONFIGURATION Usage Information Before you configure BFD for static routing or a routing protocol, enable BFD globally on each router in a BFD session. To globally disable BFD on all interfaces, enter the no bfd enable command. Example OS10(config)# bfd enable Supported releases 10.4.1.0 or later bfd interval Configures parameters for all BFD sessions on the switch.
show bfd neighbors Displays information about BFD neighbors from all interfaces using the default VRF. Syntax show bfd neighbors [detail] Parameters detail — (Optional) View detailed information about BFD neighbors. Default Not configured Command Mode EXEC Usage Information Use the show bfd neighbors command to verify that a BFD session between neighbors is up using the default VRF instance. Enter the details parameter to view the BFD session parameters.
The Internet Assigned Numbers Authority (IANA) identifies each network with a unique AS number (ASN). The AS numbers 64512 through 65534 are reserved for private purposes. The AS numbers 0 and 65535 cannot be used in a live environment. IANA assigns valid AS numbers in the range of 1 to 64511. Multihomed AS Maintains connections to more than one other AS. This group allows the AS to remain connected to the Internet if a complete failure occurs to one of their connections.
In operations with other BGP peers, a BGP process uses a simple finite state machine consisting of six states—Idle, Connect, Active, OpenSent, OpenConfirm, and Established. For each peer-to-peer session, a BGP implementation tracks the state of the session. The BGP defines the messages that each peer exchanges to change the session from one state to another. Idle BGP initializes all resources, refuses all inbound BGP connection attempts, and starts a TCP connection to the peer.
Routers B, C, D, E, and G are members of the same AS—AS100. These routers are also in the same route reflection cluster, where Router D is the route reflector. Routers E and G are client peers of Router D, and Routers B and C and nonclient peers of Router D. 1 Router B receives an advertisement from Router A through EBGP. Because the route is learned through EBGP, Router B advertises it to all its IBGP peers — Routers C and D.
Selection criteria Best path selection criteria for BGP attributes: 1 Prefer the path with the largest WEIGHT attribute, and prefer the path with the largest LOCAL_PREF attribute. 2 Prefer the path that is locally originated using the network command, redistribute command, or aggregate-address command. Routes originated using a network or redistribute command are preferred over routes that originate with the aggregate-address command.
LOCAL_PREF is one of the criteria that determines the best path — other criteria may impact selection, see Best path selection. Assume that LOCAL_PREF is the only attribute applied and AS 100 has two possible paths to AS 200. Although the path through Router A is shorter, the LOCAL_PREF settings have the preferred path going through Router B and AS 300. This advertises to all routers within AS 100, causing all BGP speakers to prefer the path through Router B.
INCOMPLETE Prefix originated from an unknown source. An IGP indicator means that the route was derived inside the originating AS. EGP means that a route was learned from an external gateway protocol. An INCOMPLETE origin code results from aggregation, redistribution, or other indirect ways of installing routes into BGP. The question mark (?) indicates an origin code of INCOMPLETE, and the lower case letter (i) indicates an origin code of IGP.
When you configure the non-deterministic-med command, paths are compared in the order they arrive. OS10 follows this method to select different best paths from a set of paths, depending on the order they were received from the neighbors—MED may or may not get compared between the adjacent paths. By default, the bestpath as-path multipath-relax command is disabled. This prevents BGP from load-balancing a learned route across two or more EBGP peers.
• • • Deterministic MED, default A path with a missing MED is treated as worst path and assigned an 0xffffffff MED value Delayed configuration at system boot — OS10 reads the entire configuration file BEFORE sending messages to start BGP peer sessions 4-Byte AS numbers OS10 supports 4-byte AS number configurations by default. The 4-byte support is advertised as a new BGP capability - 4-BYTE-AS, in the OPEN message.
The Local-AS does not prepend the updates with the AS number received from the EBGP peer if you use the no prepend command. If you do not select no prepend, the default, the Local-AS adds to the first AS segment in the AS-PATH. If you use an inbound route-map to prepend the AS-PATH to the update from the peer, the Local-AS adds first. If Router B has an inbound route-map applied on Router C to prepend 65001 65002 to the AS-PATH, these events take place on Router B: • Receive and validate the update.
neighbors or peers. After a connection establishes, the neighbors exchange full BGP routing tables with incremental updates afterward. Neighbors also exchange the KEEPALIVE messages to maintain the connection. You can classify BGP neighbor routers or peers as internal or external. Connect EBGP peers directly, unless you enable EBGP multihop — IBGP peers do not need direct connection. The IP address of an EBGP neighbor is usually the IP address of the interface directly connected to the router.
View BGP neighbors OS10# show ip bgp neighbors BGP neighbor is 5.1.1.1, remote AS 1, internal link BGP version 4, remote router ID 6.1.1.
Configure BGP OS10# configure terminal OS10(config)# router bgp 100 OS10(config-router-bgp-100)# vrf blue OS10(config-router-vrf)# neighbor 5.1.1.1 OS10(config-router-neighbor)# remote-as 1 OS10(config-router-neighbor)# description n1_abcd OS10(config-router-neighbor)# exit OS10(config-router-vrf)# template t1 OS10(config-router-template)# description peer_template_1_abcd Configure Dual Stack OS10 supports dual stack for BGPv4 and BGPv6.
• To add an IBGP neighbor, configure the as-number parameter with the same BGP as-number configured in the router bgp as-number command. 8 Assign a peer-template with a peer-group name from which to inherit to the neighbor in ROUTER-NEIGHBOR mode. inherit template template-name 9 Enable the neighbor in ROUTER-BGP mode. no shutdown When you add a peer to a peer group, it inherits all the peer group configured parameters.
Neighbor 100.5.1.1 100.6.1.1 AS 64802 64802 MsgRcvd 376 376 MsgSent 325 327 Up/Down 04:28:25 04:26:17 State/Pfx 1251 1251 View running configuration OS10# show running-configuration bgp ! router bgp 64601 bestpath as-path multipath-relax bestpath med missing-as-worst non-deterministic-med router-id 100.0.0.8 ! template leaf_v4 description peer_template_1_abcd ! address-family ipv4 unicast distribute-list leaf_v4_in in distribute-list leaf_v4_out out route-map set_aspath_prepend in ! neighbor 100.5.1.
8 Enable the neighbor in ROUTER-BGP mode. neighbor ip-address 9 Enable the peer-group in ROUTER-NEIGHBOR mode. no shutdown When you add a peer to a peer group, it inherits all the peer group configured parameters. When you disable a peer group, all the peers within the peer template that are in the Established state move to the Idle state.
OS10(config-router-neighbor)# remote-as 100 OS10(config-router-neighbor)# fall-over OS10(config-router-neighbor)# no shutdown Verify neighbor fall-over on neighbor OS10(config-router-neighbor)# do show ip bgp neighbors 3.1.1.1 BGP neighbor is 3.1.1.1, remote AS 100, local AS 100 internal link BGP version 4, remote router ID 3.3.3.
no shutdown ! template bgppg fall-over remote-as 102 ! Configure password You can enable message digest 5 (MD5) authentication with a password on the TCP connection between two BGP neighbors. Configure the same password on both BGP peers. When you configure MD5 authentication between two BGP peers, each segment of the TCP connection between them is verified and the MD5 digest is checked on every segment sent on the TCP connection. Configuring a password for a neighbor establishes a new connection.
password 9 f785498c228f365898c0efdc2f476b4b27c47d972c3cd8cd9b91f518c14ee42d ! neighbor 11.1.1.2 inherit template pass password 9 01320afb39f49134882b0a9814fe6e8e228f616f60a35958844775314c00f0e5 remote-as 10 no shutdown Example configuration in Peer 2 ROUTER-NEIGHBOR mode OS10# configure terminal OS10(config)# interface ethernet 1/1/5 OS10(conf-if-eth1/1/5)# no switchport ip OS10(conf-if-eth1/1/5)# ip address 11.1.1.2/24 OS10(conf-if-eth1/1/5)# router bgp 20 OS10(config-router-bgp-20)# neighbor 11.1.1.
router bgp 300 ! neighbor 3.1.1.1 remote-as 100 no shutdown ! neighbor 3::1 remote-as 100 no shutdown ! address-family ipv6 unicast activate OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# show configuration ! interface ethernet1/1/1 ip address 3.1.1.3/24 no switchport no shutdown ipv6 address 3::3/64 OS10(conf-if-eth1/1/1)# shutdown OS10(conf-if-eth1/1/1)# do show ip bgp summary BGP router identifier 11.11.11.11 local AS number 300 Neighbor AS Down State/Pfx 3.1.1.
Nbr:3.1.1.3 VRF:default Apr 27 01:39:03 OS10 dn_sm[2065]: Node.1-Unit.1:PRI:alert [os10:event], %Dell EMC (OS10) %BGP_NBR_BKWD_STATE_CHG: Backward state change occurred Hold Time expired for Nbr:3::3 VRF:default Passive peering When you enable a peer-template, the system sends an OPEN message to initiate a TCP connection. If you enable passive peering for the peer template, the system does not send an OPEN message but responds to an OPEN message.
5 Enter a local-as number for the peer in ROUTER-TEMPLATE mode. local-as as number [no prepend] 6 Add a remote AS in ROUTER-TEMPLATE mode (1 to 65535 for 2 bytes, 1 to 4294967295 for 4 bytes). remote-as as-number Allow external routes from neighbor OS10(config)# router bgp 10 OS10(conf-router-bgp-10)# neighbor 32.1.1.
Show IP BGP OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 172:16:1::2 OS10(config-router-neighbor)# remote-as 100 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# address-family ipv6 unicast OS10(config-router-bgp-neighbor-af)# activate OS10(config-router-bgp-neighbor-af)# allowas-in 1 OS10(config-router-bgp-neighbor-af)# end OS10# show running-configuration bgp ! router bgp 100 ! neighbor 172:16:1::2 remote-as 100 no shutdown ! address-family ipv6 unicast activat
3 Enter Address Family mode in ROUTER-NEIGHBOR mode. address-family {[ipv4 | ipv6] [unicast]) 4 Allow the specified neighbor to send or receive multiple path advertisements in ROUTER-BGP mode. The count parameter controls the number of paths that are advertised — not the number of paths received. add-path [both | received | send] count Enable additional paths OS10(config)# router bgp 102 OS10(conf-router-bgp-102)# neighbor 32.1.1.
6 Enter the peer group to apply the route map configuration in ROUTER-BGP mode. template template-name 7 Apply the route map to the peer group’s incoming or outgoing routes in CONFIG-ROUTER-TEMPLATE-AF mode. route-map map-name {in | out} Configure and view local preference attribute OS10(config)# route-map bgproutemap 1 OS10(conf-route-map)# set local-preference 500 OS10(conf-route-map)# exit OS10(config)# router bgp 10 OS10(conf-router-bgp-10)# neighbor 10.1.1.
Enable multipath You can have one path to a destination by default, and enable multipath to allow up to 64 parallel paths to a destination. The show ip bgp network command includes multipath information for that network. • Enable multiple parallel paths in ROUTER-BGP mode. maximum-paths {ebgp | ibgp} number Enable multipath OS10(config)# router bgp 10 OS10(conf-router-bgp-10)# maximum-paths ebgp 10 Route-map filters Filtering routes allows you to implement BGP policies.
Configure clusters of routers where one router is a concentration router and the others are clients who receive their updates from the concentration router. 1 Assign an ID to a router reflector cluster in ROUTER-BGP mode. You can have multiple clusters in an AS. cluster-id cluster-id 2 Assign a neighbor to the router reflector cluster in ROUTER-BGP mode. neighbor {ip-address} 3 Configure the neighbor as a route-reflector client in ROUTER-NEIGHBOR mode, then return to ROUTER-BGP mode.
! neighbor 32.1.1.2 remote-as 104 no shutdown ! address-family ipv4 unicast Confederations Another way to organize routers within an AS and reduce the mesh for IBGP peers is to configure BGP confederations. As with route reflectors, Dell EMC recommends BGP confederations only for IBGP peering involving many IBGP peering sessions per router. When you configure BGP confederations, you break the AS into smaller sub-ASs. To devices outside your network, the confederations appear as one AS.
Route dampening When EBGP routes become unavailable, they “flap” and the router issues both WITHDRAWN and UPDATE notices. A flap occurs when a route is withdrawn, readvertised after being withdrawn, or has an attribute change. The constant router reaction to the WITHDRAWN and UPDATE notices causes instability in the BGP process. To minimize this instability, configure penalties (a numeric value) for routes that flap.
View dampened paths OS10# show ip bgp dampened-paths BGP local router ID is 80.1.1.1 Status codes: s suppressed, S stale, d dampened, h history, * valid, > best Origin codes: i - IGP, e - EGP, ? - incomplete Network From Reuse Path d* 3.1.2.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.3.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.4.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.5.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.6.0/24 80.1.1.
1 Enable soft-reconfiguration for the BGP neighbor and BGP template in ROUTER-BGP mode. BGP stores all the updates that the neighbor receives but does not reset the peer-session. Entering this command starts the storage of updates, which is required to do inbound soft reconfiguration. neighbor {ip-address} soft-reconfiguration inbound 2 Enter Address Family mode in ROUTER-NEIGHBOR mode. address-family {[ipv4 | ipv6] [unicast]} 3 Configure soft-configuration for the neighbors belonging to the template.
• receive — Receive multiple paths from the peer. • send path count — Enter the number of multiple paths to send multiple to the peer, from 2 to 64. Default Not configured Command Mode ROUTER-BGP-NEIGHBOR-AF Usage Information Advertising multiple paths to peers for the same address prefix without replacing the existing path with a new one reduces convergence times. The no version of this command disables the multiple path advertisements for the same destination.
Usage Information The time interval applies to all peer group members of the template in ROUTER-TEMPLATE mode. The no version of this command resets the advertisement-interval value to the default. Example OS10(conf-router-neighbor)# advertisement-interval 50 Supported Releases 10.3.0E or later advertisement-start Delays initiating the OPEN message for the specified time.
allowas-in Sets the number of times a local AS number appears in the AS path. Syntax allowas-in as-number Parameters as-number—Enter the number of occurrences for a local AS number, from 1 to 10. Default Disabled Command Mode ROUTER-BPG-TEMPLATE-AF Usage Information Use this command to enable the BGP speaker to allow the AS number to be present for the specified number of times in updates received from the peer. You cannot set this configuration for a peer associated with a peer group.
Parameters • asdot — Specify the AS number notation in asdot format. • asdot+ — Specify the AS number notation in asdot+ format. • asplain — Specify the AS number notation in asplain format. Defaults asplain Command Modes ROUTER-BGP Usage Information NOTE: To configure these settings for a non default VRF instance, you must first enter the ROUTERCONFIG-VRF sub mode using the following commands: 1 Enter the ROUTER BGP mode using the router bgp as-number command.
bestpath med Changes the best path MED attributes during MED comparison for path selection. Syntax bestpath med {confed | missing-as-worst} Parameters • confed — Compare MED among BGP confederation paths. • missing-as-worst — Treat missing MED as the least preferred path. Default Disabled Command Mode ROUTER-BGP Usage Information Before you apply this command, use the always-compare-med command. The no version of this command resets the MED comparison influence.
clear ip bgp Resets BGP IPv4 or IPv6 neighbor sessions. Syntax Parameters clear ip bgp [vrf vrf-name] {ipv4–address | ipv6–address | * } • vrf vrf-name — (OPTIONAL) Enter the keyword vrf followed by the name of the VRF to clear IPv4 or IPv6 BGP neighbor sessions corresponding to that VRF. • IPv4–address — Enter an IPv4 address to clear a BGP neighbor configuration. • IPv6–address — Enter an IPv6 address to clear a BGP neighbor configuration. • * — Clears all BGP sessions.
clear ip bgp dampening Clears the dampened paths information of the given prefix and undampened prefixes. Syntax clear ip bgp dampening [vrf vrf-name] [ipv4–prefix | ipv6–prefix] Parameters • vrf vrf-name — (OPTIONAL) Enter the keyword vrf followed by the name of the VRF to clear dampened paths information corresponding to that VRF. • ipv4–prefix — (Optional) Enter an IPv4 prefix of the dampened path. • ipv6–prefix — (Optional) Enter an IPv6 prefix of the dampened path.
connection-retry-timer Configures the timer to retry the connection to BGP neighbor or peer group. Syntax connection-retry-timer retry-timer-value Parameters retry-timer-value — Enter the time interval in seconds, ranging from 10 to 65535. Defaults 60 seconds Command Modes CONFIG-ROUTER-NEIGHBOR CONFIG-ROUTER-TEMPLATE Usage Information The no version of this command resets the timer to default value..
Supported Releases 10.3.0E or later client-to-client Enables route reflection between clients in a cluster. Syntax client-to-client {reflection} Parameters reflection — Enter to enable reflection of routes allowed in a cluster. Default Enabled Command Mode ROUTER-BGP Usage Information Configure the route reflector to enable route reflection between all clients. You must fully mesh all clients before you disable route reflection.
Supported Releases 10.3.0E or later bgp dampening Enables BGP route-flap dampening and configures the dampening parameters. Syntax Parameters bgp dampening [half-life | reuse-limit | suppress-limit | max-suppress-time | route-map-name] • half-life — (Optional) Enter the half-life time (in minutes) after which the penalty decreases. After the router assigns a penalty of 1024 to a route, the penalty decreases by half after the half-life period expires, from 1 to 45.
OS10(config-router-bgp-100)# template t1 OS10(config-router-template)# description peer_template_1_abcd Supported Releases 10.4.1.0 or later default-metric Assigns a default-metric of redistributed routes to locally originated routes. Syntax default-metric number Parameters number — Enter a number as the metric to assign to routes from other protocols, from 1 to 4294967295.
distribute-list Distributes BGP information through an established prefix list. Syntax Parameters distribute-list prefix-list-name {in | out} • prefix-list-name—Enter the name of established prefix list. • in—Enter to distribute inbound traffic. • out—Enter to distribute outbound traffic. Defaults None Command Modes ROUTER-BGP-NEIGHBOR-AF ROUTER-TEMPLATE-AF Usage Information The no version of this command removes the route-map.
Default 1 Command Mode ROUTER-NEIGHBOR Usage Information This command avoids installation of default multihop peer routes to prevent loops and creates neighbor relationships between peers. Networks indirectly connected are not valid for best path selection. The no version of this command removes multihop session. Example OS10(conf-router-neighbor)# ebgp-multihop 2 Supported Releases 10.3.
Example OS10(conf-router-neighbor)# fall-over Supported Releases 10.3.0E or later fast-external-fallover Resets BGP sessions immediately when a link to a directly connected external peer fails. Syntax fast-external-fallover Parameters None Default Not configured Command Mode ROUTER-BGP Usage Information Fast external fall-over terminates the EBGP session immediately after the IP unreachability or link failure is detected. This only applies after you manually reset all existing BGP sessions.
Parameters • ip-address—Enter the BGP neighbor IP address. • limit count—(Optional) Enter a maximum dynamic peer count, from 1 to 4294967295. Default Not configured Command Mode ROUTER-TEMPLATE Usage Information Enables a passive peering session for listening. The no version of this command disables a passive peering session. Example OS10(conf-router-template)# listen 1.1.0.0/16 limit 4 Supported Releases 10.2.0E or later local-as Configures a local AS number for a peer.
NOTE: To configure these settings for a non default VRF instance, you must first enter the ROUTERCONFIG-VRF sub mode using the following commands: 1 Enter the ROUTER BGP mode using the router bgp as-number command. 2 From the ROUTER BGP mode, enter the ROUTER BGP VRF mode using the vrf vrf-name command. Example OS10(conf-router-bgp-10)# log-neighbor-changes Supported Releases 10.3.0E or later maximum-paths Configures the maximum number of equal-cost paths for load sharing.
Default 75% threshold Command Mode ROUTER-BGP-NEIGHBOR-AF Usage Information If you configure this command and the neighbor receives more prefixes than the configuration allows, the neighbor goes down. To view the prefix information, use the show ip bgp summary command output. The neighbor remains down until you use the clear ip bgp command for the neighbor or the peer group to which the neighbor belongs. The no version of this command resets the value to the default.
non-deterministic-med Compares paths in the order they arrive. Syntax non-deterministic-med Parameters None Default Disabled Command Mode ROUTER-BGP Usage Information Paths compare in the order they arrive. OS10 uses this method to choose different best paths from a set of paths, depending on the order they are received from the neighbors. MED may or may not be compared between adjacent paths.
password Configures a password for message digest 5 (MD5) authentication on the TCP connection between two neighbors. Syntax password {9 encrypted password-string| password-string} Parameters • 9 encrypted password-string—Enter 9 followed by encrypted password. • password-string—Enter a password for authentication, up to 128 characters. Default Disabled Command Mode ROUTER-NEIGHBOR ROUTER-TEMPLATE Usage Information You can enter the password either as plain text or in encrypted format.
Example (Static — IPv6) OS10(conf-router-bgp-102)# address-family ipv6 unicast OS10(conf-router-bgpv6-af)# redistribute static Example (OSPF — IPv4) OS10(conf-router-bgp-102)# address-family ipv4 unicast OS10(conf-router-bgpv4-af)# redistribute ospf 1 Example (OSPF — IPv6) OS10(conf-router-bgp-102)# address-family ipv6 unicast OS10(conf-router-bgpv6-af)# redistribute ospf 1 Supported Releases 10.2.0E or later remote-as Adds a remote AS to the specified BGP neighbor or peer group.
route-map Applies an established route-map to either incoming or outbound routes of a BGP neighbor or peer group. Syntax route-map route-map-name {in | out} Parameters • route-map-name — Enter the name of the configured route-map. • in — attaches the route-map as the inbound policy • out— attaches the route-map as the outbound policy Defaults None Command Modes ROUTER-BGP-TEMPLATE-AF Usage Information The no version of this command removes the route-map.
Default None Command Mode CONFIGURATION Usage Information The AS number can be a 16-bit integer. The no version of this command resets the value to the default. Example OS10(config)# router bgp 3 OS10(conf-router-bgp-3)# Supported Releases 10.3.0E or later router-id Assigns a user-given ID to a BGP router. Syntax router-id ip-address Parameters ip-address — Enter an IP address in dotted decimal format.
sender-side-loop-detection Enables the sender-side loop detection process for a BGP neighbor. Syntax sender-side-loop-detection Parameters None Default Enabled Command Mode ROUTER-BGP-NEIGHBOR-AF Usage Information This command helps detect routing loops, based on the AS path before it starts advertising routes. To configure a neighbor to accept routes use the neighbor allowas-in command. The no version of this command disables sender-side loop detection for that neighbor.
show ip bgp dampened-paths Displays BGP routes that are dampened (non-active). Syntax show ip bgp [vrf vrf-name] dampened-paths Parameters None Default Not configured Command Mode EXEC Usage Information Example • vrf vrf-name — (OPTIONAL) Enter the keywords vrf and then the name of the VRF to view routes that are affected by a specific community list corresponding to that VRF. • Network — Displays the network ID to which the route is dampened.
Example OS10# show ip bgp flap-statistics BGP local router ID is 80.1.1.1 Status codes: s suppressed, S stale, d dampened, h history, * valid, > best Origin codes: i - IGP, e - EGP, ? - incomplete Network From Flaps Duration Reuse Path *> 3.1.2.0/24 80.1.1.2 1 00:00:11 00:00:00 800 9 8 i *> 3.1.3.0/24 80.1.1.2 1 00:00:11 00:00:00 800 9 8 i *> 3.1.4.0/24 80.1.1.2 1 00:00:11 00:00:00 800 9 8 i *> 3.1.5.0/24 80.1.1.2 1 00:00:11 00:00:00 800 9 8 i *> 3.1.6.0/24 80.1.1.
• denied-routes — (Optional) Displays the configured IPv6 denied routes. Default Not configured Command Mode EXEC Usage Information This command displays IPv6 BGP routing information. Example OS10# show BGP router Neighbor 80.1.1.2 Supported Releases 10.3.0E or later ip bgp ipv6 unicast summary identifier 80.1.1.1 local AS number 102 AS MsgRcvd MsgSent Up/Down State/Pfx 800 8 4 00:01:10 5 show ip bgp neighbors Displays information that BGP neighbors exchange.
• Foreign host — Displays the peering address of the neighbor and the TCP port number. Although the status codes for routes received from a BGP neighbor may not display in show ip bgp neighbors ip-address received-routes output, they display correctly in show ip bgp output. Example OS10# show ip bgp neighbors BGP neighbor is 80.1.1.2, remote AS 800, local AS 102 external link BGP version 4, remote router ID 12.12.0.
D 55::/64 172:16:1::2 55:0:0:1::/64 172:16:1::2 55:0:0:2::/64 172:16:1::2 D 55:0:0:3::/64 172:16:1::2 D 55:0:0:4::/64 172:16:1::2 D 55:0:0:5::/64 172:16:1::2 D 55:0:0:6::/64 172:16:1::2 55:0:0:7::/64 172:16:1::2 D 55:0:0:8::/64 172:16:1::2 D 55:0:0:9::/64 172:16:1::2 Total number of prefixes: 10 OS10# 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 i i i i i i i i i i Example deniedroutes OS10# show ip bgp ipv6 unicast neighbors 172:16:1::2 denied-routes BGP local router ID is 100.1.1.
Usage Information Example • Peer-group — Displays the peer group name. Minimum time displays the time interval between BGP advertisements. • Administratively shut — Displays the peer group’s status if you do not enable the peer group. If you enable the peer group, this line does not display. • BGP version — Displays the BGP version supported. • Description — Displays the descriptive name configured for the BGP peer template. This field is displayed only when the description is configured.
displays. When the peer is transitioning between states and clearing the routes received, the phrase Purging may appear in this column. If the neighbor is disabled, the phrase Admin shut appears in this column. The suppressed status of aggregate routes may not display in the command output. Example OS10# show BGP router Neighbor 80.1.1.2 Supported Releases 10.2.0E or later ip bgp summary identifier 80.1.1.
NOTE: To configure these settings for a non default VRF instance, you must first enter the ROUTERCONFIG-VRF sub mode using the following commands: 1 Enter the ROUTER BGP mode using the router bgp as-number command. 2 From the ROUTER BGP mode, enter the ROUTER BGP VRF mode using the vrf vrf-name command. Example OS10(conf-router-bgp-10)# template solar OS10(conf-router-bgp-template)# Supported Releases 10.3.0E or later timers Adjusts BGP keepalive and holdtime timers.
weight Assigns a default weight for routes from the neighbor interfaces. Syntax weight number Parameters number—Enter a number as the weight for routes, from 1 to 4294967295. Default 0 Command Mode ROUTER-BGP-NEIGHBOR Usage Information The path with the highest weight value is preferred in the best-path selection process. The no version of this command resets the value to the default. Example OS10(conf-router-bgp-neighbor)# weight 4096 Supported Releases 10.3.
ECMP commands hash-algorithm Changes the hash algorithm that distributes traffic flows across ECMP paths and the LAG. Syntax hash-algorithm {ecmp | lag} crc Parameters • ecmp — Enables ECMP hash configuration. • lag — Enables LAG hash configuration for L2 only. • crc — Enables CRC polynomial for hash computation. Default crc Command Mode CONFIGURATION Usage Information The hash value calculated with this command is unique to the entire system.
load-balancing Distributes or load balances incoming traffic using the default parameters in the hash algorithm.
Supported Releases 10.2.0E or later show hash-algorithm Displays the hash-algorithm information. Syntax show hash-algorithm Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show hash-algorithm EcmpAlgo - crc LabAlgo - crc Supported Releases 10.3.0E or later IPv4 routing OS10 supports IPv4 addressing including variable-length subnetting mask (VLSM), Address Resolution Protocol (ARP), static routing, and routing protocols.
Assign interface IP address to interface OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# ethernet 1/1/1 no shutdown no switchport ip address 10.10.1.4/8 View interface configuration OS10# show interface ethernet 1/1/1 Ethernet 1/1/1 is up, line protocol is up Hardware is Dell EMC Eth, address is 00:0c:29:98:1b:79 Current address is 00:0c:29:98:1b:79 Pluggable media present, QSFP+ type is QSFP+ 40GBASE CR 1.0M Wavelength is 64 SFP receive power reading is 0.
S - static B - BGP, IN - internal BGP, EX - external BGP O - OSPF,IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, > - non-active route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change -----------------------------------------------------------------S 200.200.200.0/24 via 10.1.1.2 ethernet1/1/1 0/0 00:00:03 OS10 installs a static route if the next hop is on a directly connected subnet.
clear ip arp Clears the dynamic ARP entries from a specific interface or optionally delete (no-refresh) ARP entries from the content addressable memory (CAM). Syntax Parameters clear ip arp [vrf vrf-name] [interface interface | ip ip-address] [no-refresh] • vrf vrf-name — Enter the keyword vrf followed by the name of the VRF to clear ARP entries corresponding to that VRF. • interface interface— (Optional) Specify an interface type: – ethernet — Physical interface.
ip address Configures IP address to an interface. Syntax ip address ip–address/mask Parameters ip–address/mask — Enter the IP address. Defaults None Command Mode INTERFACE Usage Information The no version of this command removes the IP address set for the interface. Example OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ip address 10.1.1.0/24 Supported Releases 10.3.0E or later ip address dhcp Enables DHCP client operations on the interface.
ip route Assigns a static route on the network device. Syntax Parameters ip route [dst-vrf vrf-name] ip-prefix mask {next-hop | interface interface-type [route-preference]} • dst-vrf vrf-name — (Optoinal) Enter the keyword vrf and then the name of the VRF to configure a static route corresponding to that VRF. Use this VRF option after the ip route keyword to configure a static route on that specific VRF. • ip-prefix — Enter the IP prefix in dotted decimal format (A.B.C.D).
Usage Information This command shows both static and dynamic ARP entries. Example (IP Address) OS10# show ip arp ip 192.168.2.2 Example (Static) OS10# show ip arp summary Total Entries Static Entries Dynamic Entries -----------------------------------------------------------3994 0 3994 OS10# show ip arp 100.1.2.1 Protocol Address Hardware Interface Interface VLA ---------------------------------------------------------------------------------------Internet 100.1.2.
Defaults Not configured Command Mode EXEC Usage Information None Example OS10# show ip route Codes: C - connected S - static B - BGP, IN - internal BGP, EX - external BGP O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, > - non-active route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change -----------------------------------------------------------------C 10.1.1.
Wavelength is 850 Receive power reading is 0.0 Interface index is 17305562 Internet address is 20.20.20.1/24 Mode of IPv4 Address Assignment: MANUAL Interface IPv6 oper status: Enabled Link local IPv6 address: fe80::eef4:bbff:fefb:fa30/64 Global IPv6 address: 2020::1/64 ...
When an OS10 switch boots up, an IPv6 unicast link-local address is automatically assigned to an interface using stateless configuration. A link-local address allows IPv6 devices on a local link to communicate without requiring a globally unique address. IPv6 reserves the address block FE80::/10 for link-local unicast addressing. Global addresses To enable stateless autoconfiguration of an IPv6 global address and set the interface to Host mode, use the ipv6 address autoconfig command.
Prefix advertisement Routers use router advertisement messages to advertise the network prefix. Hosts append their interface-identifier MAC address to generate a valid IPv6 address. Duplicate address detection An IPv6 host node checks whether that address is used anywhere on the network using this mechanism before configuring its IPv6 address. Prefix renumbering Transparent renumbering of hosts in the network when an organization changes its service provider.
3 • ipv6 nd reachable-time milliseconds — (Optional) Sets the advertised time for which the router sees that a neighbor is up after it receives neighbor reachability confirmation (0 to 3600000 milliseconds; default 0). 0 indicates that no reachable time is sent in RA messages. • ipv6 nd retrans-timer seconds — (Optional) Sets the time between retransmitting neighbor solicitation messages (100 to 4292967295 milliseconds). By default, no retransmit timer is configured.
To disable IPv6 on an interface when a duplicate link-local address is detected, use the ipv6 nd dad disable-ipv6-on-failure command. To re-enable IPv6 after you resolve a duplicate link-local address, enter no ipv6 enable, followed by ipv6 enable. • Disable or re-enable IPv6 duplicate address discovery in Interface mode. ipv6 nd dad {disable | enable} • Disable IPv6 on an interface if a duplicate link-local address is discovered in Interface mode.
Enable IPv6 unreachable destination messaging OS10(config)# interface ethernet 1/1/8 OS10(conf-if-eth1/1/8)# ipv6 unreachables IPv6 hop-by-hop options A hop-by-hop header extension in an IPv6 packet contains options that are processed by all IPv6 routers in the packet's path. By default, hop-by-hop header options in an IPv6 packet are not processed locally. To enable local processing of IPv6 hop-by-hop options on an interface, use the ipv6 hop-by-hop command.
clear ipv6 neighbors Delete all entries in the IPv6 neighbor discovery cache or neighbors of a specific interface. Static entries are not removed using this command. Syntax clear ipv6 neighbors [vrf vrf-name] [ipv6-address | interface] Parameters • vrf vrf-name — (Optional) Enter the keyword vrf followed by the name of the VRF to clear the neighbor corresponding to that VRF. If you do not specify this option, the neighbors in the default VRF are cleared.
ipv6 address Configures a global unicast IPv6 address on an interface. Syntax ipv6 address ipv6–address/prefix-length Parameters ipv6-address/prefix-length — Enter a full 128-bit IPv6 address with the network prefix length, including the 64-bit interface identifier. Defaults None Command Mode INTERFACE Usage Information • An interface can have multiple IPv6 addresses.
Parameters None Defaults None Command Mode INTERFACE Usage Information The no version of this command disables the DHCP operations on the interface. Example OS10(config)# interface mgmt 1/1/1 OS10(conf-if-ma-1/1/1)# ipv6 address dhcp Supported Releases 10.3.0E or later ipv6 enable Enables and disables IPv6 forwarding on an interface configured with an IPv6 address.
ipv6 address link-local Configures a link-local IPv6 address on the interface to use instead of the link-local address that is automatically configured with stateless autoconfiguration. Syntax ipv6 address ipv6-prefix link-local Parameters ipv6-prefix — Enter an IPv6 prefix in x:x::y/mask format. Defaults None Command Mode INTERFACE Usage Information • An interface can have only one link-local address.
• enable — Re-enable IPv6 duplicate address discovery if you have disabled it. • disable-ipv6-on-dad-failure — Enable duplicate address discovery on the existing autoconfigured link-local address. Defaults Duplicate address discovery is enabled on an interface. Command Mode INTERFACE Usage Information • An OS10 switch sends a neighbor solicitation message to determine if an autoconfigured IPv6 unicast link-local address is unique before assigning it to an interface.
Usage Information The no version of this command disables the managed-config-flag option in RA messages. Example OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# ipv6 nd managed-config-flag Supported Releases 10.4.0E(R1) or later ipv6 nd max-ra-interval Sets the maximum time interval between sending RA messages. Syntax Parameters ipv6 nd max-ra-interval seconds • max-ra-interval seconds — Enter a time interval in seconds (4 to 1800).
Usage Information The no version of this command disables the other-config-flag option in RA messages. Example OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# ipv6 nd other-config-flag Supported Releases 10.4.0E(R1) or later ipv6 nd prefix Configures the IPv6 prefixes that are included in Router Advertisement (RA) messages to neighboring IPv6 routers.
Disable advertising an interface subnet prefix OS10(conf-if-eth1/1/1)# ipv6 nd prefix 2001:0db8:2000::/64 no-advertise Advertise prefix for which there is no interface address OS10(conf-if-eth1/1/1)# ipv6 nd prefix 2001:0db8:3000::/64 no-autoconfig Supported Releases 10.4.0E(R1) or later ipv6 nd ra-lifetime Sets the lifetime of the default router in RA messages. Syntax Parameters ipv6 nd ra-lifetime seconds • ra-lifetime seconds — Enter a lifetime value in milliseconds (0 to 9000 milliseconds).
Parameters • retrans-timer seconds — Enter the retransmission time interval in milliseconds (100 to 4292967295). Defaults Not configured Command Mode INTERFACE Usage Information The no version of this command disables the configured retransmission timer. Example OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# ipv6 nd retrans-timer 1000 Supported Releases 10.4.0E(R1) or later ipv6 nd send-ra Enables the sending of ICMPv6 Router Advertisement messages.
Command Mode Usage Information Example CONFIGURATION • When the interface fails, the system withdraws the route. The route reinstalls when the interface comes back up. When a recursive resolution is broken, the system withdraws the route. The route reinstalls when the recursive resolution is satisfied. After you create an IPv6 static route interface, if you do not assign an IP address to a peer interface, you must manually ping the peer to resolve the neighbor information.
– For a VLAN interface, enter the keyword vlan then a number from 1 to 4093. Defaults None. Command Mode EXEC Usage Information The no version of this command resets the value to the default. Example OS10# show ipv6 neighbors IPv6 Address Expires(min) Hardware Address State Interface VLAN CPU -------------------------------------------------------------------100::1 0.03 00:00:00:00:00:22 DELAY Te 1/12 - CP fe80::200:ff:fe00:22 232 00:00:00:00:00:22 STALE Te 1/12 - CP 500::1 0.
B - BGP, IN - internal BGP, EX - external BGP O - OSPF,IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, > - non-active route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change -----------------------------------------------------------------C 2001:db86::/32 via 2001:db86:fff::1 ethernet1/1/1 0/0 00:03:24 Example (Summary) OS10# show ipv6 route summary Route Source Active Routes Ospf 0 Bgp 0
Internet Group Management Protocol Internet Group Management Protocol (IGMP) is a communications protocol that hosts use on IPv4 networks to establish multicast group memberships. OS10 supports IGMPv1, IGMPv2, and IGMPv3 to manage the multicast group memberships on IPv4 networks. NOTE: OS10 does not support IGMP snooping in VLT environments. IGMP snooping IGMP snooping enables switches to use the information in IGMP packets and generate a forwarding table that associates ports with multicast groups.
225.1.0.1 Member-ports 225.1.0.2 Member-ports 225.1.0.3 Member-ports 225.1.0.4 Member-ports 225.1.0.5 Member-ports 225.1.0.6 Member-ports 225.1.0.7 Member-ports 225.1.0.8 Member-ports 225.1.0.
ip igmp snooping enable Enables IGMP snooping globally. Syntax ip igmp snooping enable Parameters None Default Disabled Command Mode CONFIGURATION Usage Information The no version of this command disables the IGMP snooping. Example OS10(config)# ip igmp snooping enable Supported Releases 10.4.0E(R1) or later ip igmp snooping fast-leave Enables fast leave in IGMP snooping for specified VLAN.
ip igmp snooping mrouter Enables IGMP querier on the specified VLAN interface. Syntax ip igmp snooping mrouter interface interface—type Parameters interface—type—Enter the interface type details. The interface should be a member of the VLAN. Default Not configured Command Mode VLAN INTERFACE Usage Information The no version of this command removes the multicast router configuration from the VLAN member port.
ip igmp query-max-resp-time Configures the maximum time for responding to a query advertised in IGMP queries. Syntax ip igmp snooping query-max-resp-time query-response-time Parameters query-response-time—Enter the query response time in seconds, ranging from 1 to 25. Default 10 seconds Command Mode VLAN INTERFACE Usage Information The no version of this command resets the query response time to default value.
Member-ports :port-channel51,ethernet1/1/51:1,ethernet1/1/52:1 225.1.0.1 vlan3031 IGMPv2-Compat Member-ports :port-channel51,ethernet1/1/51:1,ethernet1/1/52:1 225.1.0.2 vlan3031 IGMPv2-Compat Member-ports :port-channel51,ethernet1/1/51:1,ethernet1/1/52:1 225.1.0.3 vlan3031 IGMPv2-Compat Member-ports :port-channel51,ethernet1/1/51:1,ethernet1/1/52:1 225.1.0.4 vlan3031 IGMPv2-Compat Member-ports :port-channel51,ethernet1/1/51:1,ethernet1/1/52:1 225.1.0.
Parameters • vlan-id—(Optional) Enter the VLAN ID, ranging from 1 to 4093. • ip-address—(Optional) Enter the IP address of the multicast group. Default Not configured Command Mode EXEC Usage Information None Example OS10# show ip igmp snooping groups detail Interface vlan3041 Group 232.11.0.0 Source List 101.41.0.
Example (with VLAN OS10# show ip igmp snooping groups vlan 3041 232.11.0.0 detail Interface vlan3041 and multicast IP Group 232.11.0.0 address) Source List 101.41.0.21 Member Port Mode Uptime Expires port-channel51 Include 1d:20:27:36 00:01:09 ethernet1/1/51:1 Include 1d:20:27:34 00:01:07 ethernet1/1/52:1 Include 1d:20:27:37 00:01:07 Supported Releases 10.4.1.0 or later show ip igmp snooping interface Displays the details of IGMP snooping interfaces.
show ip igmp snooping mrouter Displays the details of multicast router ports. Syntax show ip igmp snooping mrouter [vlan vlan-id] Parameters vlan-id—(Optional) Enter the VLAN ID, ranging from 1 to 4093.
MLD snooping MLD snooping enables switches to use the information in MLD packets and generate a forwarding table that associates ports with multicast groups. When switches receive multicast frames, they forward them to their intended receivers. OS10 supports MLD snooping on VLAN interfaces. Configure MLD snooping • Enable MLD snooping globally with the ipv6 mld snooping enable command in the CONFIGURATION mode. This command enables both MLDv2 and MLDv1 snooping on all VLAN interfaces.
ff0e:225:1::3 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::4 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::5 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff02::2 vlan3532 Exclude 00:01:47 ff0e:225:2:: vlan3532 MLDv1-Compat 00:01:56 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:2::1 vlan3532 MLDv1-Compat 00:01:56 Member-ports :port
ipv6 mld snooping enable Enables MLD snooping globally. Syntax ipv6 mld snooping enable Parameters None Default Disabled Command Mode CONFIGURATION Usage Information The no version of this command disables the MLD snooping. Example OS10(config)# ipv6 mld snooping enable Supported Releases 10.4.1.0 or later ipv6 mld snooping fast-leave Enables fast leave in MLD snooping for specified VLAN.
ipv6 mld snooping mrouter Configures the specified VLAN member port as a multicast router interface. Syntax ipv6 mld snooping mrouter interface interface—type Parameters interface—type—Enter the interface type details. The interface should be a member of the VLAN. Default Not configured Command Mode VLAN INTERFACE Usage Information The no version of this command removes the multicast router configuration from the VLAN member port.
ipv6 mld query-max-resp-time Configures the maximum time for responding to a query advertised in MLD queries. Syntax ipv6 mld snooping query-max-resp-time query-response-time Parameters query-response-time—Enter the query response time in seconds, ranging from 1 to 25. Default 10 seconds Command Mode VLAN INTERFACE Usage Information The no version of this command resets the query response time to default value.
ff02::2 Exclude ff0e:225:1:: Compat Member-ports ff0e:225:1::1 Compat Member-ports ff0e:225:1::2 Compat Member-ports ff0e:225:1::3 Compat Member-ports ff0e:225:1::4 Compat Member-ports ff0e:225:1::5 Compat Member-ports ff02::2 Exclude ff0e:225:2:: Compat Member-ports ff0e:225:2::1 Compat Member-ports ff0e:225:2::2 Compat Member-ports --more-Example (with VLAN) vlan3531 00:01:38 vlan3531 MLDv100:01:52 :port-channel41,ethernet1/1/51,ethernet1/1/52 vlan3531 MLDv100:01:52 :port-channel41,ethernet1/1/51,etherne
Parameters • vlan-id—(Optional) Enter the VLAN ID, ranging from 1 to 4093. • ipv6-address—(Optional) Enter the IPv6 address of the multicast group.
Example (with VLAN OS10# show ipv6 mld snooping groups vlan 3041 ff3e:232:b:: detail Interface vlan3041 and multicast IP Group ff3e:232:b:: address) Source List 2001:101:29::1b Member Port Mode Uptime Expires port-channel31 Include 2d:11:50:53 00:02:01 ethernet1/1/51:1 Include 2d:11:51:11 00:02:01 ethernet1/1/52:1 Include 2d:11:51:12 00:01:52 Supported Releases 10.4.1.0 or later show ipv6 mld snooping interface Displays the details of MLD snooping interfaces.
Open shortest path first OSPF routing is a link-state routing protocol that allows sending of link-state advertisements (LSAs) to all other routers within the same autonomous system (AS) area. Information about attached interfaces, metrics used, and other attributes are included in OSPF LSAs. OSPF routers accumulate link-state information, and use the shortest path first (SPF) algorithm to calculate the shortest path to each node. Autonomous system areas OSPF operates in a type of hierarchy.
The backbone is the only area with a default area number. You configure all other areas Area ID. If you configure two nonbackbone areas, you must enable the B bit in OSPF. Routers, A, B, C, G, H, and I are the backbone, see Autonomous system areas. • • • A stub area (SA) does not receive external route information, except for the default route. These areas do receive information from interarea (IA) routes.
Backbone router A backbone router (BR) is part of the OSPF Backbone, Area 0, and includes all ABRs. The BR includes routers connected only to the backbone and another ABR, but are only part of Area 0—shown as Router I in the example. Area border router Within an AS, an area border router (ABR) connects one or more areas to the backbone. The ABR keeps a copy of the link-state database for every area it connects to. It may keep multiple copies of the link state database.
Inter-Area-Router LSA (OSPFv3) Type 5—ASExternal LSA LSAs contain information imported into OSPF from other routing processes. Type 5 LSAs flood to all areas except stub areas. The link-state ID of the Type 5 LSA is the external network number. Type 7—NSSAExternal LSA (OSPFv2), LSA (OSPFv3) Routers in an NSSA do not receive external LSAs from ABRs but send external routing information for redistribution.
OSPF route limit OS10 supports up to 16,000 OSPF routes. Within this range, the only restriction is on intra-area routes that scale only up to 1000 routes. Other OSPF routes can scale up to 16 K. Shortest path first throttling Use shortest path first (SPF) throttling to delay SPF calculations during periods of network instability. In an OSPF network, a topology change event triggers an SPF calculation that is performed after a start time.
Enable SPF throttling (OSPFv3) OS10(config)# router ospfv3 10 OS10(config-router-ospf-10)# timers spf 2000 3000 4000 View OSPFv2 SPF throttling OS10(config-router-ospf-100)# do show ip ospf Routing Process ospf 100 with ID 12.1.1.
5 Assign an IP address to the interface in INTERFACE mode. ip address ip-address/mask 6 Enable OSPFv2 on an interface in INTERFACE mode. ip ospf process-id area area-id • process-id—Enter the OSPFv2 process ID for a specific OSPF process from 1 to 65535. • area-id—Enter the OSPFv2 area ID as an IP address (A.B.C.D) or number from 1 to 65535.
1 Enable OSPF routing and enter ROUTER-OSPF mode, from 1 to 65535. router ospf instance number 2 Configure an area as a stub area in ROUTER-OSPF mode. area area-id stub [no-summary] • area-id—Enter the OSPF area ID as an IP address (A.B.C.D) or number, from 1 to 65535. • no-summary—(Optional) Enter to prevent an ABR from sending summary LSA to the stub area. Configure stub area OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# area 10.10.5.
!! ! You can disable a passive interface using the no ip ospf passive command. Fast convergence Fast convergence sets the minimum origination and arrival LSA parameters to zero (0), allowing rapid route calculation. A higher convergence level can result in occasional loss of OSPF adjacency. Convergence level 1 meets most convergence requirements. The higher the number, the faster the convergence, and the more frequent the route calculations and updates.
Interface parameters To avoid routing errors, interface parameter values must be consistent across all interfaces. For example, set the same time interval for the hello packets on all routers in the OSPF network to prevent misconfiguration of OSPF neighbors. 1 To change the OSPFv2 parameters in CONFIGURATION mode, enter the interface. interface interface-name 2 Change the cost associated with OSPF traffic on the interface in INTERFACE mode, from 1 to 65535. The default depends on the interface speed.
– route-map map-name—Enter the name of a configured route map.
When graceful restart is enabled, the restarting device retains the routes learned by OSPF in the forwarding table. To re establish OSPF adjacencies with neighbors, the restarting OSPF process sends a grace LSA to all neighbors. In response, the helper router enters helper mode and sends an acknowledgement back to the restarting device. OS10 supports graceful restart helper mode. Use the graceful-restart role helper-only command to enable the helper mode in the ROUTER OSPF mode.
• Is the router in the correct area type? • Are the OSPF routes included in the OSPF database? • Are the OSPF routes included in the routing table in addition to the OSPF database? • Are you able to ping the IPv4 address of adjacent router interface? Troubleshooting OSPF with show commands • View a summary of all OSPF process IDs enabled in EXEC mode. show running-configuration ospf • View summary information of IP routes in EXEC mode.
area nssa Defines an area as a NSSA. Syntax area area-id nssa [default-information-originate | no-redistribution | nosummary] Parameters • area-id — Enter the OSPF area ID as an IP address (A.B.C.D) or number (1 to 65535). • no-redistribution — (Optional) Prevents the redistribute command from distributing routes into the NSSA. Use no-redistribution command only in an NSSA ABR. • no-summary — (Optional) Ensures that no summary LSAs are sent into the NSSA.
Command Mode ROUTER-OSPF Usage Information The no version of this command deletes a stub area. Example OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# area 10.10.1.5 stub Supported Releases 10.2.0E or later auto-cost reference-bandwidth Calculates default metrics for the interface based on the configured auto-cost reference bandwidth value.
Example OS10# clear ip ospf 10 statistics Supported Releases 10.4.0E(R1) or later default-information originate Generates and distributes a default external route information to the OSPF routing domain. Syntax default-information originate [always] Parameters always — (Optional) Always advertise the default route. Defaults Disabled Command Mode ROUTER-OSPF Usage Information The no version of this command disables the distribution of default route.
graceful-restart Enables the helper mode during a graceful or hitless restart. Syntax graceful-restart role helper-only Parameters None Defaults Disabled Command Mode ROUTER-OSPF Usage Information The no version of this command disables the helper mode. Example OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# graceful-restart role helper-only Supported Releases 10.3.0E or later ip ospf area Attaches an interface to an OSPF area.
ip ospf cost Changes the cost associated with the OSPF traffic on an interface. Syntax ip ospf cost cost Parameters cost — Enter a value as the OSPF cost for the interface (1 to 65335). Default Based on bandwidth reference Command Mode INTERFACE Usage Information Interface cost is based on the auto-cost command if not configured. This command configures OSPF over multiple vendors to ensure that all routers use the same cost.
ip ospf message-digest-key Enables OSPF MD5 authentication and sends an OSPF message digest key on the interface. Syntax Parameters ip ospf message-digest-key keyid md5 key • keyid — Enter an MD5 key ID for the interface (1 to 255). • key — Enter a character string as the password (up to 16 characters). Defaults Not configured Command Mode INTERFACE Usage Information All neighboring routers in the same network must use the same key value to exchange OSPF information.
Example OS10(conf-if-eth1/1/1)# ip ospf network broadcast Supported Releases 10.2.0E or later ip ospf passive Configures an interface as a passive interface and suppresses routing updates (both receiving and sending) to the passive interface. Syntax ip ospf passive Parameters None Default Not configured Command Mode INTERFACE Usage Information You must configure the interface before setting the interface to Passive mode.
ip ospf transmit-delay Sets the estimated time required to send a link state update packet on the interface. Syntax ip ospf transmit-delay seconds Parameters seconds — Set the time (in seconds) required to send a link-state update (1 to 3600). Default 1 second Command Mode INTERFACE Usage Information Set the estimated time required to send a link-state update packet. When you set the ip ospf transmitdelay value, take into account the transmission and propagation delays for the interface.
maximum-paths Enables forwarding of packets over multiple paths. Syntax maximum—paths number Parameters number —Enter the number of paths for OSPF (1 to 128). Default 64 Command Mode ROUTER-OSPF Usage Information The no version of this command resets the value to the default. Example OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# maximum-paths 1 Supported Releases 10.2.
Usage Information Configure an arbitrary value in the IP address format for each router. Each router ID must be unique. Use the fixed router ID for the active OSPF router process. Changing the router ID brings down the existing OSPF adjacency. The new router ID becomes effective immediately. The no version of this command disables the router ID configuration. Example OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# router-id 10.10.1.5 Supported Releases 10.2.
show ip ospf asbr Displays all the ASBR visible to OSPF. Syntax show ip ospf [process-id] asbr Parameters process-id—(Optional) Displays information based on the process ID. Default Not configured Command Mode EXEC Usage Information You can isolate problems with external routes. External OSPF routes are calculated by adding the LSA cost to the cost of reaching the ASBR router.
Link ID 110.1.1.2 111.1.1.1 111.2.1.1 112.1.1.1 112.2.1.1 ADV Router 112.2.1.1 111.2.1.1 111.2.1.1 112.2.1.1 112.2.1.1 Age 1287 1458 1458 1372 1372 Seq# 0x80000008 0x80000008 0x80000008 0x80000008 0x80000008 Checksum 0xd2b1 0x1b8f 0x198f 0x287c 0x267c Summary Network (Area 0.0.0.0) Supported Releases 10.2.0E or later show ip ospf database asbr-summary Displays information about AS boundary LSAs.
show ip ospf database external Displays information about the AS external (Type 5) LSAs. Syntax show ip ospf [process-id] database external Parameters process-id—(Optional) Displays AS external (Type 5) LSA information for a specified OSPF Process ID. If you do not enter a Process ID, this command applies only to the first OSPF process. Default Not configured Command Mode EXEC Usage Information Example • LS Age — Displays the LS age.
Command Mode Usage Information Example EXEC • LS Age—Displays the LS age. • Options—Displays optional capabilities. • LS Type—Displays the Link State type. • Link State ID—Identifies the router ID. • Advertising Router—Identifies the advertising router’s ID. • LS Seq Number—Identifies the LS sequence number (identifies old or duplicate LSAs). • Checksum—Displays the Fletcher checksum of an LSA’s complete contents. • Length—Displays the LSA length in bytes.
Example • Network Mask—Identifies the network mask implemented on the area. • TOS—Displays the ToS options. The only option available is zero. • Metric—Displays the LSA metric. OS10# show ip ospf database nssa external OSPF Router with ID (2.2.2.2) (Process ID 100) NSSA External (Area 0.0.0.1) LS age: 98 Options: (No TOS-Capability, No DC, No Type 7/5 translation) LS type: NSSA External Link State ID: 0.0.0.0 Advertising Router: 1.1.1.
Forward Address: 0.0.0.0 External Route Tag: 0 LS age: 65 Options: (No TOS-Capability, No DC, No Type 7/5 translation) LS type: NSSA External Link State ID: 14.1.1.0 Advertising Router: 2.2.2.2 LS Seq Number: 0x80000001 Checksum: 0xA303 Length: 36 Network Mask: /24 Metric Type: 2 TOS: 0 Metric: 20 Forward Address: 0.0.0.0 External Route Tag: 0 Supported Releases 10.2.0E or later show ip ospf database opaque-area Displays information about the opaque-area (Type 10) LSA.
!! ! Supported Releases 10.2.0E or later show ip ospf database opaque-as Displays information about the opaque-as (Type 11) LSAs. Syntax show ip ospf [process-id] opaque—as Parameters process-id — (Optional) Displays opaque-as (Type 11) LSA information for a specified OSPF Process ID. If you do not enter a Process ID, this command applies only to the first OSPF process. Default Not configured Command Mode EXEC Usage Information Example • LS Age — Displays the LS age.
Command Mode Usage Information Example EXEC • LS Age — Displays the LS age. • Options — Displays the optional capabilities available on the router. • LS Type — Displays the Link State type. • Link State ID — Identifies the router ID. • Advertising Router — Identifies the advertising router’s ID. • LS Seq Number — Identifies the LS sequence number (identifies old or duplicate LSAs). • Checksum — Displays the Fletcher checksum of an LSA’s complete contents.
• Example Metric—Displays the LSA metric. OS10# show ip ospf 10 database router OSPF Router with ID (111.2.1.1) (Process ID 10) Router (Area 0.0.0.0) LS age: 1419 Options: (No TOS-capability, No DC, E) LS type: Router Link State ID: 111.2.1.1 Advertising Router: 111.2.1.1 LS Seq Number: 0x8000000d Checksum: 0x9bf2 Length: 60 AS Boundary Router Number of Links: 3 Link connected to: a Transit Network (Link ID) Designated Router address: 110.1.1.2 (Link Data) Router Interface address: 110.1.1.
Example • TOS—Displays the ToS options. The only option available is zero.. • Metric—Displays the LSA metric. OS10# show ip ospf 10 database summary OSPF Router with ID (111.2.1.1) (Process ID 10) Summary Network (Area 0.0.0.0) LS age: 623 Options: (No TOS-capability, No DC) C: Summary Network Link State ID: 115.1.1.0 Advertising Router: 111.111.111.1 LS Seq Number: 0x800001e8 Checksum: 0x4a67 Length: 28 Network Mask: /24 TOS: 0 Metric: 0 Supported Releases 10.2.
Parameters • process-id — (Optional) Enter OSPFv2 Process ID to view information specific to the ID. • IP-prefix — (Optional) Specify an IP address to view information specific to the IP address. Default None Command Mode EXEC Usage Information Displays the cost metric for each neighbor and interfaces. Example OS10# show ip ospf 10 routes Prefix Cost Nexthop 110.1.1.0 1 0.0.0.0 intra-area 111.1.1.0 1 0.0.0.0 intra-area 111.2.1.0 1 0.0.0.
resource-err lsa-bad-len netmask-mismatch options-mismatch self-orig version-mismatch Supported Releases 0 0 0 0 bad-lsa-len lsa-bad-cksum hello-tmr-mismatch nbr-admin-down 0 wrong-length 0 area-mismatch 0 0 0 0 0 0 lsa-bad-type auth-fail dead-ivl-mismatch own-hello-drop checksum-error 0 0 0 0 0 10.2.0E or later show ip ospf topology Displays routers which are directly connected to OSPF areas.
timers lsa arrival Configures the LSA acceptance intervals. Syntax timers lsa arrival arrival-time Parameters arrival-time — Set the interval between receiving the LSA in milliseconds (0 to 600,000). Default 1000 milliseconds Command Mode ROUTER-OSPF Usage Information Setting the LSA arrival time between receiving the LSA repeatedly ensures that the system gets enough time to accept the LSA. The no version of this command resets the value to the default.
Supports only single TOS (TOS0) routes It is Flooding according to RFC 2328 SPF schedule delay 1200 msecs, Hold time between two SPFs 2300 msecs Convergence Level 0 Min LSA origination 0 msec, Min LSA arrival 1000 msec Min LSA hold time 5000 msec, Max LSA wait time 5000 msec Number of area in this router is 1, normal 1 stub 0 nssa 0 Area (0.0.0.1) Number of interface in this area is 1 SPF algorithm executed 1 times Supported Releases 10.4.
3 Enable (or bring up) the interface in INTERFACE mode. no shutdown 4 Disable the default switchport configuration and remove it from an interface or a LAG port in INTERFACE mode. no switchport 5 Enable the OSPFv3 on an interface in INTERFACE mode. ipv6 ospfv3 process-id area area-id • process-id — Enter the OSPFv3 process ID for a specific OSPFv3 process (1 to 65535). • area-id — Enter the OSPF area ID as an IP address (A.B.C.D) or number (1 to 65535).
• no-summary — (Optional) Enter to prevent an ABR from sending summary LSAs into the stub area. Configure Stub Area OS10(config)# router ospfv3 10 OS10(conf-router-ospf-10)# area 10.10.5.1 stub no-summary View Stub Area Configuration OS10# show running-configuration ospfv3 ! interface ethernet1/1/3 ipv6 ospf 65 area 0.0.0.2 ! router ospfv3 65 area 0.0.0.2 stub no-summary OS10# show ipv6 ospf database OSPF Router with ID (199.205.134.103) (Process ID 65) Router Link States (Area 0.0.0.
Configure Passive Interfaces OS10(config)# interface ethernet 1/1/6 OS10(conf-if-eth1/1/6)# ipv6 ospf passive View Passive Interfaces OS10# show running-configuraiton !!! !! interface ethernet1/1/1 ip address 10.10.10.1/24 no switchport no shutdown ipv6 ospf 100 area 0 ipv6 ospf passive !! ! Interface OSPFv3 Parameters Interface parameter values must be consistent across all interfaces to avoid routing errors.
Default route You can generate an external default route and distribute the default information to the OSPFv3 routing domain. • To generate the default route, use the default-information originate [always] command in ROUTER-OSPFv3 mode.
– null — Prevent an authentication policy configured for the area to be inherited on the interface. This parameter is only used if you configure IPsec area authentication. – ipsec spi number — Enter a unique security policy index (SPI) value (256 to 4294967295). – md5 — Enable message digest 5 (MD5) authentication. – sha1 — Enable secure hash algorithm 1 (SHA-1) authentication. – key — Enter the text string used in the authentication type.
no shutdown ipv6 address 1::1/64 Configure IPsec authentication for OSPFv3 area Prerequisite: Before you enable IPsec authentication for an OSPFv3 area, enable OSPFv3 globally on the router. • Enable IPsec authentication for OSPFv3 packets in an area in Router-OSPFv3 mode. area area-id authentication ipsec spi number {MD5 | SHA1} key – area area-id — Enter an area ID as a number or IPv6 prefix. – ipsec spi number — Enter a unique security policy index (SPI) value (256 to 4294967295).
OS10(config-router-ospfv3-100)# show configuration ! router ospfv3 100 area 0.0.0.1 encryption ipsec spi 401 esp des 1234567812345678 md5 12345678123456781234567812345678 Troubleshoot OSPFv3 You can troubleshoot OSPFv3 operations, as well as check questions for any typical issues that interrupt a process.
• key — Enter the text string used in the authentication type. Default OSPFv3 area authentication is not configured. Command Mode ROUTER-OSPFv3 Usage Information • Before you enable IPsec authentication for an OSPFv3 area, you must enable OSPFv3 globally on each router. • All OSPFv3 routers in the area must share the same authentication key to exchange information. Only a nonencrypted key is supported. For MD5 authentication, the non-encrypted key must be 32 plain hex digits.
area stub Defines an area as the OSPF stub area. Syntax area area-id stub [no-summary] Parameters • area-id—Set the OSPFv3 area ID as an IP address (A.B.C.D) or number (1 to 65535). • no-summary—(Optional) Prevents an area border router from sending summary link advertisements into the stub area. Default Not configured Command Mode ROUTER-OSPFv3 Usage Information The no version of this command deletes a stub area. Example OS10(config)# router ospfv3 10 OS10(conf-router-ospfv3-10)# area 10.10.
clear ipv6 ospf statistics Clears OSPFv3 traffic statistics. Syntax clear ipv6 ospf [instance-number] statistics Parameters instance-number — (Optional) Enter an OSPFv3 instance number (1 to 65535). Default Not configured Command Mode EXEC Usage Information This command clears the OSPFv3 traffic statistics in a specified instance or in all the configured OSPFv3 instances, and resets them to zero. Example OS10# clear ipv6 ospf 100 statistics Supported Releases 10.4.
ipv6 ospf authentication Configures OSPFv3 authentication on an IPv6 interface. Syntax ipv6 ospf authentication {null | ipsec spi number {MD5 | SHA1} key} Parameters • null — Prevents area authentication from being inherited on the interface. • ipsec spi number — Enter a unique security policy index number (256 to 4294967295). • md5 — Enable MD5 authentication. • sha1 — Enable SHA-1 authentication. • key — Enter the text string used by the authentication type.
ipv6 ospf dead-interval Sets the time interval since the last hello-packet was received from a router. After the interval elapses, the neighboring routers declare the router dead. Syntax ipv6 ospf dead-interval seconds Parameters seconds — Enter the dead interval value in seconds (1 to 65535). Default 40 seconds Command Mode INTERFACE Usage Information The dead interval is four times the default hello-interval by default. The no version of this command resets the value to the default.
Example OS10(config)# interface ethernet 1/1/6 OS10(conf-if-eth1/1/6)# ipv6 ospf encryption ipsec spi 500 esp des 1234567812345678 md5 12345678123456781234567812345678 OS10(config)# interface ethernet 1/1/5 OS10(conf-if-eth1/1/5)# ipv6 ospf encryption null Supported Releases 10.4.0E(R1) or later ipv6 ospf hello-interval Sets the time interval between hello packets sent on an interface. Syntax ipv6 ospf hello-interval seconds Parameters seconds — Enter the hello-interval value in seconds (1 to 65535).
Usage Information You must configure the interface before setting the interface to passive mode. The no version of the this command disables the Passive interface configuration. Example OS10(config)# interface ethernet 1/1/6 OS10(conf-if-eth1/1/6)# ipv6 ospf passive Supported Releases 10.3.0E or later ipv6 ospf priority Sets the priority of the interface to determine the designated router for the OSPFv3 network.
Example OS10(config)# router ospfv3 OS10(config-router-ospfv3-100)# maximum-paths 1 Supported Releases 10.3.0E or later redistribute Redistributes information from another routing protocol or routing instance to the OSPFv3 process. Syntax redistribute {bgp as-number | connected | static} [route-map route-map name] Parameters • as-number — Enter an autonomous number to redistribute BGP routing information throughout the OSPFv3 instance (1 to 4294967295).
router ospfv3 Enters Router OSPFv3 mode and configures an OSPFv3 instance. Syntax router ospfv3 instance-number Parameters instance-number—Enter a router OSPFv3 instance number, from 1 to 65535. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes an OSPFv3 instance. Example OS10(config)# router ospfv3 10 Supported Releases 10.3.0E or later show ipv6 ospf Displays OSPFv3 instance configuration information.
Default Not configured Command Mode EXEC Usage Information • Link ID—Identifies the router ID. • ADV Router—Identifies the advertising router’s ID. • Age—Displays the link state age. • Seq#—Identifies the link state sequence number (identifies old or duplicate LSAs). • Checksum—Displays the Fletcher checksum of an LSA’s complete contents. • Link count—Displays the number of interfaces for that router. • Rtr Count—Displays the router count. • Dest RtrID—Displays the destination router ID.
Command Mode EXEC Example OS10# show ipv6 ospf interface ethernet1/1/1 is up, line protocol is up Link Local Address fe80::20c:29ff:fe0a:d59/64, Interface ID 5 Area 0.0.0.0, Process ID 200, Instance ID 0, Router ID 10.0.0.2 Network Type broadcast, Cost: 1 Transmit Delay is 1 sec, State BDR, Priority 1 Designated Router on this network is 2.2.2.2 Backup Designated router on this network is 10.0.0.
Command Mode EXEC Usage Information This command displays OSPFv3 traffic statistics for a specified instance or interface, or for all OSPFv3 instances and interfaces.
• If no topology change occurs, an SPF calculation is performed and the hold timer is reset to its configured value. If you do not specify a start-time, hold-time or max-wait value, the default values are used. The no version of this command removes the configured SPF timers and disables SPF throttling in an OSPF instance.
Figure 4. Object tracking Interface tracking You can create an object that tracks the line-protocol state of a Layer 2 interface, and monitors its operational status (Up or Down). You can configure up to 500 objects. Each object is assigned a unique ID. The no version of this command deletes the tracked object from an interface. When the link-level status goes down, the tracked resource status is also considered Down. If the link-level status goes up, the tracked resource status is also considered Up.
• Loopback — Loopback interface identifier • mgmt — Management interface 1 Configure object tracking in CONFIGURATION mode from 1 to 500. track object-id 2 (Optional) Enter the interface object tracking on the line-protocol state of a Layer 2 interface in OBJECT TRACKING mode. interface interface line-protocol 3 (Optional) Configure the time delay used before communicating a change to the status of a tracked interface in OBJECT TRACKING mode from 0 to 80 seconds; default 0.
Reachability is DOWN 1 changes, Last change 2017-04-26T06:45:31Z OS10 (conf-track-2)# Configure IPv6 host tracking OS10 (conf-track-2)# track 3 OS10 (conf-track-3)# ipv6 20::20 reachability OS10 (conf-track-3)# delay up 20 OS10 (conf-track-3)# do show track 3 IP Host 20::20 reachability Reachability is DOWN 1 changes, Last change 2017-04-26T06:47:04Z OS10 (conf-track-3)# Set tracking delays You can configure an optional Up and/or Down timer for each tracked object.
View interface object tracking information OS10# show track interface TrackID Resource Parameter Status LastChange --------------------------------------------------------------------------------1 line-protocol ethernet1/1/1 DOWN 2017-02-03T08:41:25Z1 OS10# show track ip TrackID Resource Parameter Status LastChange --------------------------------------------------------------------------------2 ipv4-reachablity 1.1.1.
• mgmt — Enter the Management interface. Defaults Not configured Command Mode CONFIGURATION Usage Information None Example OS10(conf-track-100)# interface ethernet line-protocol Supported Releases 10.3.0E or later ip reachability Configures an object to track a specific next-hop host's reachability. Syntax ip host-ip-address reachability Parameters host-ip-address — Enter the IPv4 host address.
Command Mode CONFIGURATION Usage Information Set the interval to 0 to disable the refresh. Example OS10(conf-track-100)# reachability-refresh 600 Supported Releases 10.3.0E or later show track Displays tracked object information. Syntax Parameters show track [brief] [object-id] [interface] [ip | ipv6] • brief — (Optional) Displays brief tracked object information. • object-id — (Optional) Displays the tracked object information for a specific object ID.
Policy-based routing Policy-based routing (PBR) provides a mechanism to redirect IPv4 and IPv6 data packets based on the policies defined to override the switch’s forwarding decisions based on the routing table. Policy-based route-maps A route-map is an ordered set of rules that control the redistribution of IP routes into a protocol domain. When you enable PBR on an interface, all IPv4 or IPv6 data packets received are processed based on the policies that you define in the route-maps.
Apply match parameters to IPv4 route-map OS10(conf-route-map)# route-map map1 OS10(conf-route-map)# match ip address acl5 Apply match and set parameters to IPv6 route-map OS10(conf-route-map)# route-map map1 OS10(conf-route-map)# match ipv6 address acl8 OS10(conf-route-map)# set ipv6 next-hop 20::20 Assign route-map to interface You can assign a route-map to an interface for IPv4 or IPv6 policy-based routing to an interface.
PBR commands clear route-map pbr-statistics Clears all PBR counters. Syntax clear route-map [map-name] pbr-statistics Parameters map-name—Enter the name of a configured route-map (up to 140 characters). Defaults None Command Mode EXEC Usage Information Use the clear route-map pbr-statistics command to clear all PBR counters. Example OS10# clear route-map map1 pbr-statistics Supported Releases 10.3.0E or later match address Matches the access-list to the route-map.
route-map pbr-statistics Enables counters for PBR statistics. Syntax route-map [map-name] pbr-statistics Parameters map-name—Enter the name of a configured route-map (up to 140 characters). Defaults Not configured Command Mode CONFIGURATION Usage Information None Example OS10(config)# route-map map1 pbr-statistics Supported Releases 10.3.0E or later set next-hop Sets an IPv4 or IPv6 next-hop address for policy-based routing.
show policy Displays policy information. Syntax show {ip | ipv6} policy [map-name] Parameters map-name — (Optional) Enter the name of a configured route map (up to 140 characters). Defaults None Command Mode EXEC Usage Information None Example OS10# show ip policy map-name Supported Releases 10.3.0E or later show route-map pbr-statistics Displays the current PBR statistics.
Configuration VRRP specifies a master (active) router that owns the next hop IP and MAC address for end stations on a LAN. The master router is chosen from the virtual routers by an election process and forwards packets sent to the next hop IP address. If the master router fails, VRRP begins the election process to choose a new master router which continues routing traffic. VRRP packets are transmitted with the virtual router MAC address as the source MAC address.
Create virtual router VRRP uses the VRID to identify each virtual router configured. Before using VRRP, you must configure the interface with the primary IP address and enable it. • Create a virtual router for the interface with the VRRP identifier in INTERFACE mode (1 to 255). vrrp-group vrrp-id • Delete a VRRP group in INTERFACE mode.
Virtual IP addresses Virtual routers contain virtual IP addresses configured for that VRRP group (VRID). A VRRP group does not transmit VRRP packets until you assign the virtual IP address to the VRRP group. To activate a VRRP group on an interface, configure at least one virtual IP address for a VRRP group. The virtual IP address is the IP address of the virtual router and does not require an IP address mask. You can configure up to 10 virtual IP addresses on a single VRRP group (VRID).
interface ethernet1/1/3 switchport access vlan 1 no shutdown ! interface ethernet1/1/4 switchport access vlan 1 --more-View VRRP information When the VRRP process completes initialization, the State field contains either master or backup. OS10# show vrrp brief Interface Group Priority Preemption State Master-addr Virtual addr(s) ---------------------------------------------------------------------------ethernet1/1/1 IPv4 10 100 true master 10.1.1.8 10.1.1.
priority-zero-pkts-rcvd : 0 invalid-type-pkts-rcvd : 0 pkt-length-errors : 0 priority-zero-pkts-sent : 0 address-list-errors : 0 Authentication Simple authentication of VRRP packets ensures that only trusted routers participate in VRRP processes. When you enable authentication, OS10 includes the password in its VRRP transmission. The receiving router uses that password to verify the transmission. You must configure all virtual routers in the VRRP group with the same password.
debug radius false snmp-server contact http://www.dell.com/support/softwarecontacts snmp-server location "United States" username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/VKx8SloIhp4NoGZs0I/ UNwh8WVuxwfd9q4pWIgNs5BKH. aaa authentication system:local ! interface ethernet1/1/5 ip address 1.1.1.1/16 no switchport no shutdown ! vrrp-group 254 priority 125 virtual-address 1.1.1.
! interface ethernet1/1/2 switchport access vlan 1 no shutdown Interface/object tracking You can monitor the state of any interface according to the virtual group. OS10 supports a maximum of 10 track groups and each track group can track a maximum of five interfaces. If the tracked interface goes down, the VRRP group’s priority decreases by a default value of 10 — also known as cost. If the tracked interface’s state goes up, the VRRP group’s priority increases by priority-cost.
! vrrp-group 1 priority 200 virtual-address 10.1.1.1 ! interface ethernet1/1/2 switchport access vlan 1 no shutdown ! interface ethernet1/1/3 switchport access vlan 1 no shutdown ! interface ethernet1/1/4 switchport access vlan 1 no shutdown ! interface ethernet1/1/5 switchport access vlan 1 no shutdown ! interface ethernet1/1/6 switchport access vlan 1 no shutdown ! ..... .....
authentication-type Enables authentication of VRRP data exchanges. Syntax Parameters authentication-type simple-text password [auth-text] • simple-text password — Enter a simple text password. • auth-text — (Optional) Enter a character string up to eight characters long as a password. Default Disabled Command Mode INTERFACE-VRRP Usage Information With authentication enabled, OS10 ensures that only trusted routers participate in routing in an autonomous network.
command to 255 and the virtual-address is not equal to the interface’s primary IP address, the system displays an error message. The no version of this command resets the value to the default (100). Example OS10(conf-eth1/1/5-vrid-254)# priority 200 Supported Releases 10.2.0E or later show vrrp Displays VRRP group information. Syntax show vrrp {brief | vrrp-id | ipv6 group-id} Parameters • brief — Displays the configuration information for all VRRP instances in the system.
Default 10 Command Mode INTERFACE-VRRP Usage Information If the interface is disabled, the cost value subtracts from the priority value and forces a new Master election. This election process is applicable when the priority value is lower than the priority value in the Backup virtual router. The no version of this command resets the value to the default.
the VRRP group’s virtual address with the same IP address as the interface’s primary IP address and change the priority of the VRRP group to 255. You can ping the virtual addresses configured in all VRRP groups. The no version of this command deletes one or more virtual-addresses configured in the system. Example OS10(conf-eth1/1/5-vrid-254)# virtual address 10.1.1.15 Supported Releases 10.2.0E or later vrrp delay reload Sets the delay time for VRRP initialization after a system reboot.
Default Not configured Command Mode INTERFACE-VRRP Usage Information The VRRP group only becomes active and sends VRRP packets when you configure a virtual IP address. When you delete the virtual address, the VRRP group stops sending VRRP packets. The no version of this command removes the vrrp-ipv6–group configuration. Example OS10(conf-if-eth1/1/7)# vrrp-ipv6-group 250 Supported Releases 10.2.0E or later vrrp version Sets the VRRP version for the IPv4 group.
6 UFT modes Unified Forwarding Table (UFT) gives the flexibility to configure the sizes of internal L2/L3 forwarding tables of a switch to match the needs of particular network environment. A switch in a Layer 2 network may require a larger MAC address table size, while a switch in a Layer 3 network may require a larger routing table size. OS10 supports several UFT modes for the forwarding tables. By default, OS10 selects a UFT mode which provides a reasonable size for all tables.
• Disable UFT mode in CONFIGURATION mode.
UFT commands hardware forwarding-table mode Select a mode to initialize the maximum scalability size. The available options are: scaled L2 MAC address table, scaled L3 routes table, or scaled L3 hosts table. Syntax hardware forwarding-table mode {scaled-l2 | scaled-l3-routes | scaled-l3-hosts} Use the no hardware forwarding-table mode command to set the UFT mode to default. Parameters • scaled-l2 —Maximize the MAC address table size. • scaled-l3-routes — Maximize the L3 routes table size.
show hardware forwarding-table mode Displays the current hardware forwarding table mode, and the mode after the next boot. Syntax show hardware forwarding-table mode Parameters None Defaults None Command Mode EXEC Usage Information Use this command to view the current hardware forwarding table mode and the mode after the next boot.
Example OS10# show hardware l3 Current Settings IPv6 Extended Prefix Entries: 2048 Supported Releases 486 UFT modes 10.4.1.
7 System management Dynamic Host Configuration Protocol Provides information to dynamically assign IP addresses and other configuration parameters to network hosts based on policies, see DHCP commands. Network Time Protocol Provides information to synchronize timekeeping between time servers and clients, see NTP commands.
Configuration parameters are options in the DHCP packet in type, length, value (TLV) format. To limit the number of parameters that servers must provide, hosts enter the parameters that they require and the server sends only those parameters. DHCP uses the User Datagram Protocol (UDP) as its transport protocol. Figure 6. DHCP Packet Format The table shows common options using DHCP packet formats.
DHCP server The Dynamic Host Configuration Protocol (DHCP) server provides network configuration parameters to DHCP clients on request. A DHCP server dynamically allocates four required IP parameters to each computer on the virtual local area network (VLAN) — the IP address, network mask, default gateway, and name server address. DHCP IP address allocation works on a client/server model where the server assigns the client reusable IP information from an address pool.
Address lease time Use the lease {days [hours] [minutes] | infinite} command to configure an address lease time (default 24 hours). OS10(config)# ip dhcp server OS10(conf-dhcp)# pool Dell OS10(conf-dhcp-Dell)# lease 36 Default gateway Ensure the IP address of the default router is on the same subnet as the client. 1 Enable DHCP server-assigned dynamic addresses on an interface in CONFIGURATION mode. ip dhcp server 2 Create an IP address pool and provide a name in DHCP mode.
NetBIOS WINS address resolution DHCP clients can be one of four types of NetBIOS nodes — broadcast, peer-to-peer, mixed, or hybrid. Dell EMC recommends using hybrid as the NetBIOS node type. 1 Enable DHCP server-assigned dynamic addresses on an interface in DHCP mode. ip dhcp server 2 Create an IP address pool and enter the pool name in DHCP mode. pool name 3 Enter the NetBIOS WINS name servers in order of preference that are available to DHCP clients in DHCP mode.
With a fixed host configuration, also known as manual binding, you must configure a network pool with a matching subnet. The static hostto-MAC address mapping pool inherits the network mask from the network pool with subnet configuration, which includes the host’s address range. Consider the following example: OS10# show running-configuration interface ethernet 1/1/2 ! interface ethernet1/1/2 no shutdown no switchport ip address 100.1.1.
This option secures all DHCP traffic that goes through a DHCP relay agent, and ensures that communication between the DHCP relay agent and the DHCP server is not compromised. The DHCP relay agent inserts Option 82 before forwarding DHCP packets to the DHCP server. The DHCP server includes Option 82 back in its response to the relay agent. The relay agent uses this information to forward a reply out the interface on which the request was received rather than flooding it on the entire VLAN.
aaa authentication system:local ip domain-name dell.com ip domain-list f10.com ip name-server 1.1.1.1 2::2 ip host dell-f10.com 10.10.10.10 snmp-server community public read-only snmp-server contact http://www.dell.com/support/ snmp-server location United States debug radius false DHCP commands default-router address Assigns a default gateway to clients based on the IP address pool. Syntax default-router address [address2...
dns-server address Assigns a DNS server to clients based on the address pool. Syntax Parameters dns-server address [address2...address8] • address — Enter the DNS server IP address that services clients on the subnet in A.B.C.D or A::B format. • address2...address8 — (Optional) Enter up to eight DNS server addresses, in order of preference. Default Not configured Command Mode DHCP-POOL Usage Information None Example OS10(conf-dhcp-Dell)# dns-server 192.168.1.1 Supported Releases 10.2.
host Assigns a host to a single IPv4 or IPv6 address pool for manual configurations. Syntax host A.B.C.D/A::B Parameters A.B.C.D/A::B — Enter the host IP address in A.B.C.D or A::B format. Default Not configured Command Mode DHCP-POOL Usage Information The host address is the IP address used by the client machine for DHCP. Example OS10(conf-dhcp-Dell)# host 20.1.1.100 Supported Releases 10.2.0E or later ip dhcp server Enters DHCP mode.
Supported Releases 10.2.0E or later ipv6 helper-address Configure the DHCPv6 server address. Forwards UDP broadcasts received from IPv6 clients to the DHCPv6 server. You can configure multiple helper addresses per interface by repeating the same command for each DHCPv6 server address. Syntax Parameters ipv6 helper-address ipv6-address [vrf vrf-name] • vrf vrf-name — (Optional) Enter the keyword vrf and then the name of the VRF through which the host address can be reached.
netbios-name-server address Configures a NetBIOS WINS server which is available to DHCP clients. Syntax netbios-name-server ip-address [address2...address8] Parameters ip-address — Enter the address of the NetBIOS WINS server. address2...address8 — (Optional) Enter additional server addresses. Default Not configured Command Mode DHCP-POOL Usage Information Configure up to eight NetBIOS WINS servers available to a Microsoft DHCP client, in order of preference.
Usage Information Use this command to configure a range of IPv4 or IPv6 addresses. Example OS10(config-dhcp-Dell)# network 20.1.1.1/24 Supported Releases 10.2.0E or later pool Creates an IP address pool name. Syntax pool pool-name Parameters pool-name — Enter the DHCP server pool name. Default Not configured Command Mode CONFIGURATION Usage Information Use this command to create an IP address pool name. Example OS10(conf-dhcp)# pool Dell OS10(conf-dhcp-Dell)# Supported Releases 10.2.
Default Not configured Command Mode EXEC Usage Information Use this command to view the DHCP binding table. Example OS10# show ip dhcp binding IP Address Hardware address Lease expiration Hostname +----------------------------------------------------11.1.1.254 00:00:12:12:12:12 Jan 27 2016 06:23:45 Total Number of Entries in the Table = 1 Supported Releases 10.2.0E or later DNS commands OS10 supports the configuration of a DNS host and domain parameters.
Usage Information This domain appends to incomplete DNS requests. The no version of this command returns the value to the default. Example OS10(config)# ip domain-name jay dell.com Supported Releases 10.2.0E or later ip host Configures mapping between the host name server and the IP address. Syntax Parameters ip host [vrf vrf-name] [host-name] address • vrf vrf-name — (Optional) Enter the key word vrf and then the name of the VRF to configure the name server to IP address mapping for that VRF.
show hosts Displays the host table and DNS configuration. Syntax show hosts [vrf vrf-name] Parameters vrf vrf-name — Enter the keyword vrf followed by the name of the VRF to display DNS host information corresponding to that VRF. Default Not configured Command Mode EXEC Usage Information This command displays domain and host information. Example OS10# show hosts Default Domain Name : dell.com Domain List : abc.com Name Servers : 1.1.1.
Network Time Protocol Network Time Protocol (NTP) synchronizes timekeeping among a set of distributed time servers and clients. The protocol coordinates time distribution in a large, diverse network. NTP clients synchronize with NTP servers that provide accurate time measurement. NTP clients choose from several NTP servers to determine which offers the best available source of time and the most reliable transmission of information. To get the correct time, OS10 synchronizes with a time-serving host.
Enable NTP NTP is disabled by default. To enable NTP, configure an NTP server to which the system synchronizes. To configure multiple servers, enter the command multiple times. Multiple servers may impact CPU resources. • Enter the IP address of the NTP server to which the system synchronizes in CONFIGURATION mode.
Source IP address Configure one interface IP address to include in all NTP packets. The source address of NTP packets is the interface IP address the system uses to reach the network by default. • Configure a source IP address for NTP packets in CONFIGURATION mode. ntp source interface – ethernet — Enter the keyword and node/slot/port information. – port-channel — Enter the keyword and number. – vlan — Enter the keyword and VLAN number (1 to 4093). – loopback — Enter the keyword and number (0 to 16383).
OS10(config)# ntp authentication-key 345 mdf 0 5A60910FED211F02 OS10(config)# ntp server 1.1.1.1 key 345 OS10(config)# ntp master 7 View NTP configuration OS10(config)# do show running-configuration ! ntp authenticate ntp authentication-key 345 mdf 0 5A60910FED211F02 ntp server 1.1.1.1 key 345 ntp trusted-key 345 ntp master 7 ... NTP commands ntp authenticate Enables authentication of NTP traffic between the device and the NTP time serving hosts.
Example OS10(config)# ntp authentication-key 1200 md5 0 dell Supported Releases 10.2.0E or later ntp broadcast client Configures the interface to receive NTP broadcasts from an NTP server. Syntax ntp broadcast client Parameters None Default Not configured Command Mode INTERFACE Usage Information The no version of this command disables broadcast. Example OS10(conf-if-eth1/1/1)# ntp broadcast client Supported Releases 10.2.0E or later ntp disable By default, NTP is enabled on all interfaces.
ntp master Configures an NTP master server. Syntax ntp master stratum Parameters stratum — Enter the stratum number to identify the NTP server hierarchy (2 to 10). Default 8 Command Mode CONFIGURATION Usage Information The no version of this command resets the value to the default. Example OS10(config)# ntp master 6 Supported Releases 10.2.0E or later ntp server Configures an NTP time-serving host.
• loopback loopback-id — Enter the Loopback interface number (0 to 16383). • mgmt node/slot/port — Enter the Management port interface information. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the configuration. Example OS10(config)# ntp source ethernet 1/1/24 Supported Releases 10.2.0E or later ntp trusted-key Sets a key to authenticate the system to which NTP synchronizes with.
Example • poll — Polling interval (in seconds). • reach — Reachability to the peer (in octal bitstream). • delay — Time interval or delay for a packet to complete a round-trip to the NTP time source (in milliseconds). • offset — Relative time of the NTP peer’s clock to the network device clock (in milliseconds). • disp — Dispersion. OS10# show ntp associations remote ref clock st when poll reach delay offset disp ============================================================= 10.10.120.5 0.0.0.
stability: broadcastdelay: authdelay: OS10# Supported Releases 0.000 ppm 0.000000 s 0.000000 s 10.2.0E or later System clock OS10 uses NTP to synchronize the system clock with a time-serving host. If you do not use NTP, set the system time and the timezone. The hardware-based real-clock time (RTC) is reset to the new system time. You can set the current time and date after you disable NTP. When NTP is enabled, it overwrites the system time. • Enter the time and date in EXEC mode.
Parameters time Enter time in the format hour:minute:second, where hour is 1 to 24; minute is 1 to 60; second is 1 to 60. For example, enter 5:15 PM as 17:15:00. year-month-day Enter year-month-day in the format YYYY-MM-DD, where YYYY is a four-digit year, such as 2016; MM is a month from 1 to 12; DD is a day from 1 to 31. Default Not configured Command Mode EXEC Usage Information Use this command to reset the system time if the system clock is out of synch with the NTP time.
Supported Releases 10.2.1E or later System banners You can configure a system login and message of the day (MOTD) text banners. The system login banner displays before you log in. The MOTD banner displays immediately after a successful login. You can reset the banner text to the Dell EMC default banner or disable the banner display. Login banner Configure a system login banner that displays before you log in using interactive mode. Starting and ending double-quotes are not necessary.
System banner commands banner login Configures a login banner that displays before you log in to the system. Syntax banner login delimiter banner-text banner-text ... delimiter Parameters • delimiter — Enter a single delimiter character or the key combination ^C to specify the start and end of the text banner. • banner-text — Enter a maximum of 4096 characters. There is no limit to the number of lines.
Usage Information • To enter a MOTD banner text, use the interactive mode. Enter the command with the delimiter character and press Enter. Then enter each line and press Enter. Complete the banner configuration by entering a line that contains only the delimiter character. Starting and ending double-quotes are not necessary. • To delete a login banner and reset it to the Dell EMC default banner, enter the no banner motd command.
Usage Information The no version of this command disables the timeout. Example OS10(config)# exec-timeout 300 OS10(config)# Supported Releases 10.3.1E or later kill-session Terminate a user session. Syntax kill-session session-ID Parameters session-ID — Enter the user session ID. Default Not configured Command Mode EXEC Usage Information None Example OS10# kill-session 3 Supported Releases 10.3.1E or later show sessions Displays the active management sessions.
When the Telnet server is enabled, connect to the switch using the IP address configured on the management or any front-panel port. The Telnet server configuration is persistent and is maintained after you reload the switch. To verify the Telnet server configuration, enter the show running-configuration command. Enable Telnet server OS10(config)# ip telnet server enable Disable Telnet server OS10(config)# no ip telnet server enable By default, the Telnet server is disabled on the default VRF.
Usage Information By default, the Telnet server is disabled. To enable the Telnet server, enter the telnet enable command. To configure the Telnet server to be reachable on the management VRF instance, use the ip telnet server vrf management command. Example OS10(config)# ip telnet server vrf management Supported Releases 10.4.0E(R1) or later Security Authentication, authorization, and accounting (AAA) services secure networks against unauthorized access.
aaa authentication login default local aaa authentication login console local User re-authentication To prevent users from accessing resources and performing tasks for which they are not authorized, OS10 allows you to require users to reauthenticate by logging in again when an authentication method or server changes, such as: • Adding or removing a RADIUS server (radius-server host command) • Adding or removing an authentication method (aaa authentication login {console | default} {local | group radius
role, and many users can have the same role. A user role authenticates and authorizes a user at login, and places you in EXEC mode (see CLI basics). OS10 supports four pre-defined roles: sysadmin, secadmin, netadmin, and netoperator. Each user role assigns permissions that determine the commands a user can enter, and the actions a user can perform. RBAC provides an easy and efficient way to administer user rights.
servers one at a time, until a RADIUS server responds with an accept or reject response. The switch tries to connect with a server for the configured number of retransmit retries and timeout period. Configure global settings for the timeout and retransmit attempts allowed on RADIUS servers by using the radius-server retransmit and radius-server timeout commands. By default, OS10 supports three RADIUS authentication attempts and times out after five seconds.
Configure TACACS+ server OS10(config)# tacacs-server host 1.2.4.5 key mysecret View TACACS+ server configuration OS10# show running-configuration ... tacacs-server host 1.2.4.5 key 9 3a95c26b2a5b96a6b80036839f296babe03560f4b0b7220d6454b3e71bdfc59b ... Delete TACACS+ server OS10# no tacacs server host 1.2.4.
• Configure Key Exchange algorithms using ip ssh server kex key-exchange-algorithm. • Configure hash message authentication code (HMAC) algorithms using ip ssh server mac hmac-algorithm. • Configure the SSH server listening port using ip ssh server port port-number. • Configure the SSH server to be reachable on the management VRF using ip ssh server vrf. • Configure the SSH login timeout using the ip ssh server login-grace-time seconds command (0 to 300; default 60).
Example OS10(config)# ip access-list permit10 OS10(config-ipv4-acl)# permit ip 172.16.0.0 255.255.0.
Configure user lockout OS10(config)# password-attributes max-retry 4 lockout period 360 Limit concurrent login sessions To avoid an unlimited number of active sessions on a switch for the same user ID, you can limit the number of console and remote connections. Log in from a console connection by cabling a terminal emulator to the console serial port on the switch. Log in to the switch remotely through a virtual terminal line (VTY), such as Telnet and SSH.
Enable login statistics OS10(config)# login-statistics enable To disable login statistics, enter the no login-statistics enable command. Security commands aaa accounting Enables AAA accounting. Syntax aaa accounting commands all {console | default} {start-stop | stop-only | none} [logging] [group tacacs+] Parameters • commands all — Record all user-entered commands. This option is not supported for RADIUS accounting.
• group tacacs+ — Use the TACACS+ servers configured with the tacacs-server host command. Default Local authentication Command Mode CONFIGURATION Usage Information The no version of this command removes all configured authentication methods and defaults to using local authentication.
• RSA key: 2048 bits • ECDSA key : 256 bits • Ed25519 key: 256 bits Command Mode EXEC Usage Information If necessary, you can regenerate the public keys used by the SSH server with a customized bit size. You cannot change the default size of the Ed25519 key. The crypto ssh-key generate command is available only to the sysadmin and secadmin roles. Example OS10# crypto ssh-key generate rsa 4096 Host key already exists.
ip ssh server challenge-response-authentication Enable challenge response authentication in an SSH server. Syntax ip ssh server challenge-response-authentication Parameters None Default Disabled Command Mode CONFIGURATION Usage Information The no version of this command disables the challenge response authentication. Example OS10(config)# ip ssh server challenge-response-authentication Supported Releases 10.3.
Supported Releases 10.3.0E or later ip ssh server enable Enable the SSH server. Syntax ip ssh server enable Parameters None Default Enabled Command Mode CONFIGURATION Usage Information The no version of this command disables the SSH server. Example OS10(config)# ip ssh server enable Supported Releases 10.3.0E or later ip ssh server hostbased-authentication Enable host-based authentication in an SSH server.
Default • curve25519-sha256 • diffie-hellman-group14-sha1 • diffie-hellman-group-exchange-sha256 • ecdh-sha2-nistp256 • ecdh-sha2-nistp384 • ecdh-sha2-nistp521 Command Mode CONFIGURATION Usage Information The no version of this command removes the configuration. Example OS10(config)# ip ssh server kex curve25519-sha256 diffie-hellman-group1-sha1 Supported Releases 10.3.
• hmac-sha2-256-etm@openssh.com • hmac-sha2-512-etm@openssh.com • umac-64-etm@openssh.com • umac-128-etm@openssh.com Command Mode CONFIGURATION Usage Information The no version of this command removes the configuration. Example OS10(config)# ip ssh server mac hmac-md5 hmac-md5-96 hmac-ripemd160 Supported Releases 10.3.0E or later ip ssh server password-authentication Enable password authentication in an SSH server.
Command Mode CONFIGURATION Usage Information The no version of this command disables the public key authentication. Example OS10(config)# ip ssh server pubkey-authentication Supported Releases 10.3.0E or later ip ssh server vrf Configures the SSH server for the management VRF instance. Syntax Parameters ip ssh server vrf management • management — Configures the management VRF instance to be used to reach the SSH server.
Usage Information The total number of concurrent login sessions for the same user ID includes all console and remote connections, where: • Each remote VTY connection counts as one login session. • All login sessions from a terminal emulator on an attached console count as one session. To disable the configured number of allowed login sessions, enter the no version of the command. Example OS10(config)# login concurrent-session limit 7 Supported Releases 10.4.1.
Command Mode Usage Information • Lowercase characters: 0 • Numeric characters: 0 • Special characters: 0 EXEC • By default, the password you configure with the username password command must be at least nine alphanumeric characters. • Use the password-attributes command to increase password strength. When you enter the command, at least one parameter is required. When you enter the character-restriction parameter, at least one option is required.
Parameters • hostname — Enter the host name of the RADIUS server. • ip-address — Enter the IPv4 (A.B.C.D) or IPv6 (x:x:x:x::x) address of the RADIUS server. • key 0 authentication-key — Enter an authentication key in plain text (up to 42 characters). • key 9 authentication-key — Enter an authentication key in encrypted format (up to 128 characters). • authentication-key — Enter an authentication in plain text (up to 42 characters). It is not necessary to enter 0 before the key.
Example OS10(config)# radius-server timeout 360 Supported Releases 10.2.0E or later radius-server vrf Configures RADIUS server for the management VRF instance. Syntax radius-server vrf management Parameters None Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the RADIUS server from the management VRF instance. Example OS10(config)# radius-server vrf management Supported Releases 10.4.
show ip ssh Displays the SSH server information. Syntax show ip ssh Parameters None Default Not configured Command Mode EXEC Usage Information Use this command to view information about the established SSH sessions. Example OS10# show ip ssh SSH Server: Enabled -------------------------------------------------SSH Server Ciphers: chacha20-poly1305@openssh.com,aes128-ctr, aes192-ctr,aes256-ctr, aes128-gcm@openssh.com,aes256-gcm@openssh.com SSH Server MACs: umac-64-etm@openssh.
Role User Change -------- ----admin False netadmin False mltest False #Fail since last Login ----0 0 0 During Timeframe #Fail #Success -------------1 13 0 5 0 1 Last Login Date/Time -----------------2017-11-02T16:02:44Z 2017-11-02T15:59:04Z 2017-11-01T15:42:07Z Location ---------in (00:00) 1001:10:16:210::4001 OS10# show login-statistics user mltest User : mltest Role changed since last login : False Failures since last login : 0 Time-frame in days : 25 Failures in time period : 0 Successes in time per
• authentication-key — Enter an authentication in plain text (up to 42 characters). It is not necessary to enter 0 before the key. • key authentication-key — Enter a text string for the encryption key used to authenticate the switch on the TACACS+ server (up to 42 characters). Default Not configured Command Mode CONFIGURATION Usage Information The authentication key must match the key configured on the TACACS+ server. You cannot enter spaces in the key.
– netoperator — Access to EXEC mode to view the current configuration. A network operator cannot modify any configuration setting on a switch. Default Command Mode Usage Information • User name and password entries are in clear text. • There is no default user role. CONFIGURATION • By default, the password must be at least nine alphanumeric characters. You can enter special characters, such as: ! # % & ' ( ) ; < = > [ ] * + - . / : ^ _ Enter the password in clear text.
role sysadmin username user10 sshkey abcd Supported Releases 10.4.1.0 or later username sshkey filename Enables SSH password-less login for remote clients using multiple public keys. A remote client is not prompted to enter a password. Syntax username user_name sshkey filename file_path Parameters • user_name — Enter an OS10 user name who logs in on a remote client. This value is the user name configured with the username password role command.
– secadmin — Full access to configuration commands that set security policy and system access, such as password strength, AAA authorization, and cryptographic keys. A security administrator can display security information, such as cryptographic keys, login statistics, and log information. – netadmin — Full access to configuration commands that manage traffic flowing through the switch, such as routes, interfaces, and ACLs.
Default Not configured Command Mode CONFIGURATION Usage Information The community-name parameter indexes this command. If you do not configure this command, you cannot query SNMP data. The no version of this command removes access to a community. Example OS10(config)# snmp-server community public ro OS10(config)# snmp-server community public ro acl aclrule1 Supported Releases 10.2.0E or later snmp-server contact Configures contact information for troubleshooting this SNMP node.
Notification type Notification option – warmstart — Enable warmstart traps when the switch reloads and the SNMP agent reinitializes. Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of an snmp-server enable traps command disables SNMP traps on the switch. If you do not enter a notification-type and notification-option parameter with the command, all traps are enabled.
snmp-server location Configures the location of the SNMP server. Syntax snmp-server location text Parameters text — Enter an alphanumeric string (up to 55 characters). Default United States Command Mode CONFIGURATION Usage Information The no version of this command removes the SNMP location. Example OS10(config)# snmp-server location datacenter10 Supported Releases 10.2.0E or later snmp-server vrf Configures an SNMP agent to receive SNMP traps for the management VRF instance.
By default, if all the upstream interfaces in an uplink-state group go down, all the downstream interfaces in the same uplink-state group are set into a link-down state. In addition, in an uplink-state group, you can configure automatic recovery of downstream ports when there is a change in the link status of uplink interfaces. You can also bring up downstream interfaces that are in an UFD-disabled error state manually.
• You cannot assign both a port channel and its members to an uplink-state group, which would make the group inactive. The port channels and individual ports that are not part of any port channel can coexist as members of an uplink-state group. • If one of the upstream interfaces in an uplink-state group goes down, you can configure to set the downstream ports in an operationally down state with an UFD Disabled error status.
(Up): Interface up (Dwn): Interface down Uplink State Group : Defer Time : Upstream Interfaces : Downstream Interfaces: (Dis): Interface disabled 1 Status : Enabled,up Name : UFDGROUP1 10 second(s) Eth 1/1/7:1(Up) Eth 1/1/1(Dwn) Eth 1/1/2(Dwn) Eth 1/1/3(Dwn) Eth 1/1/4(Dwn) Eth 1/1/5(Dwn) Eth 1/1/9:2(Dwn) Eth 1/1/9:3(Dwn) OS10(conf-uplink-state-group-1)# show configuration ! uplink-state-group 1 downstream ethernet1/1/1-1/1/5 downstream ethernet1/1/9:2-1/1/9:3 upstream ethernet1/1/7:1 UFD commands clea
Example OS10(config)# uplink-state-group 1 OS10(conf-uplink-state-group-1)# defer-time 120 Supported Releases 10.4.1.0 or later downstream Adds an interface or a range of interfaces as a downstream interface to the uplink-state group. Syntax downstream {interface-type | interface-range} Parameters • interface-type — Enter the interface type as Ethernet or port-channel. • interface-range — Enter the range of interfaces.
Command Mode UPLINK-STATE-GROUP Usage Information The no version of this command reverts the settings to the default state. Example OS10(config)# uplink-state-group 1 OS10(conf-uplink-state-group-1)# downstream disable links 2 Supported Releases 10.4.1.0 or later enable Enables tracking of an uplink-state group. Syntax enable Parameters None Default Disabled Command Mode UPLINK-STATE-GROUP Usage Information The no version of this command disables tracking of an uplink-state group.
Example OS10# show running-configuration uplink-state-group ! uplink-state-group 1 downstream ethernet1/1/8:1-1/1/8:4 upstream ethernet1/1/9:1-1/1/9:4 upstream port-channel1-3 Supported Releases 10.4.0E(R3) or later show uplink-state-group Displays configured uplink-state status. Syntax show uplink-state-group [group-id] [detail] Parameters • group-id — Enter the uplink group ID. The status of the specified group ID displays.
uplink-state-group Creates an uplink-state group and enables upstream link tracking. Syntax uplink-state-group group-id Parameters group-id — Enter a unique ID for the uplink-state group, from 1 to 32. Default None Command Mode CONFIGURATION Usage Information The no version of this command removes the uplink-state group. Example OS10(config)# uplink-state-group 1 Supported Releases 10.4.
5 Install the software image in EXEC mode. image install image-url 6 (Optional) View the status of the current software install in EXEC mode. In S5148F-ON, open a new SSH or Telnet session to check the status of the current software. show image status 7 Change the next boot partition to the standby partition in EXEC mode. Use the active parameter to set the next boot partition from standby to active.
Standby Build Date/Time: Next-Boot: 2018-07-19T13:37:20Z active[A] View boot summary OS10# show boot Current system image information: =================================== Type Boot Type Active Standby Next-Boot ----------------------------------------------------------------------------------Node-id 1 Flash Boot [A] 10.4.1.0X [B] 10.4.1.0X [A] active Upgrade commands boot system Sets the boot partition to use during the next reboot.
image copy Copies the entire image in the active partition to the standby partition (mirror image). Syntax image copy active-to-standby Parameters active-to-standby — Enter to copy the entire image in the active partition to the standby partition (mirror image). Default Not configured Command Mode EXEC Usage Information Duplicate the active, running software image to the standby image location. Example OS10# image copy active-to-standby Supported Releases 10.2.
Parameters • file-url — Location of the image file: – ftp://userid:passwd@hostip:/filepath — Enter the path to install from a remote FTP server. – http[s]://hostip:/filepath — Enter the path to install from the remote HTTP or HTTPS server. – scp://userid:passwd@hostip:/filepath — Enter the path to install from a remote SCP file system. – sftp://userid:passwd@hostip:/filepath — Enter the path to install from a remote SFTP file system.
Supported Releases 10.2.0E or later show image status Displays image transfer and installation information.
8 OpenFlow Switches implement the control plane and data plane in the same hardware. Software-defined network (SDN) decouples the software (control plane) from the hardware (data plane). A centralized SDN controller handles the control plane traffic and hardware configuration for data plane flows. The SDN controller is the "brain" of an SDN.
NOTE: Do not use the no openflow or no mode openflow-only command. OS10# delete startup-configuration OS10# reload OpenFlow logical switch instance In OpenFlow-only mode, you can configure only one logical switch instance. After you enable OpenFlow mode, create a logical switch instance. The logical switch instance is disabled by default. When the logical switch instance is enabled, the OpenFlow application starts the connection with the configured controller.
Port types Support (Required) ANY Supported (Optional) LOCAL Not supported (Optional) NORMAL Not supported (Optional) FLOOD Not supported Flow table An OpenFlow flow table consists of flow entries. Each flow table entry contains the following fields: Table 10.
Action set An action set associates with each packet. Table 12. Supported action sets Action set Support copy TTL inwards Not supported pop Not supported push-MPLS Not supported push-VLAN Not supported copy TTL outwards Not supported decrement TTL Not supported set Supported (selective fields) qos Not supported group Not supported output Supported Action types An action type associates with each packet. Table 13.
Counters Counters are used for statistical purposes. Table 14.
Required/Optional Counter Bits Support Optional Packet count 64 Not supported Optional Byte count 64 Not supported Required Duration (seconds) 32 Not supported Optional Duration (nanoseconds) 32 Not supported Optional Packet count 64 Not supported Optional Byte count 64 Not supported Optional Flow count 32 Not supported Optional Input packet count 64 Not supported Optional Input byte count 64 Not supported Required Duration (seconds) 32 Not supported Optional Dur
Table 16. Supported asynchronous types Asynchronous types Supported/Not supported Packet-in Supported Flow-removed Supported Port-status Supported Error Supported Symmetric Table 17. Supported symmetric types Symmetric types Supported/Not supported Hello Supported Echo Supported Experimenter Not supported Connection setup TCP Table 18.
Flow table modification messages Supported/Not supported OFPFC_MODIFY_STRICT=2 Supported OFPFC_DELETE=3 Supported OFCPC_DELETE_STRICT=4 Supported Message types Table 20.
Message Type Meters and rate limiters configuration messages Message Support OFPT_SET_ASYNC=28 Not supported OFPT_METER_MOD=29 Not supported Flow match fields Table 21.
Flow match fields Supported/Not supported OFPXMT_OFB_ARP_OP = 21 Not supported OFPXMT_OFB_ARP_SPA = 22 Not supported OFPXMT_OFB_ARP_TPA = 23 Not supported OFPXMT_OFB_ARP_SHA = 24 Not supported OFPXMT_OFB_ARP_THA = 25 Not supported OFPXMT_OFB_IPV6_SRC = 26 Not supported OFPXMT_OFB_IPV6_DST = 27 Not supported OFPXMT_OFB_IPV6_FLABEL = 28 Not supported OFPXMT_OFB_ICMPV6_TYPE = 29 Not supported OFPXMT_OFB_ICMPV6_CODE = 30 Not supported OFPXMT_OFB_IPV6_ND_TARGET = 31 Not supported OFPXMT_O
Action structures Supported/Not supported OFPAT_PUSH_VLAN = 17 Not supported OFPAT_POP_VLAN = 18 Not supported OFPAT_PUSH_MPLS = 19 Not supported OFPAT_POP_MPLS = 20 Not supported OFPAT_SET_QUEUE = 21 Not supported OFPAT_GROUP = 22 Not supported OFPAT_SET_NW_TTL = 23 Not supported OFPAT_DEC_NW_TTL = 24 Not supported OFPAT_SET_FIELD = 25 Supported OFPAT_PUSH_PBB = 26 Not supported OFPAT_POP_PBB = 27 Not supported Capabilities supported by the data path Table 23.
Message type description Individual flow statistics Request/Reply Body • The reply body is struct ofp_desc • The request body is struct ofp_flow_stats_request The reply body is an array of struct ofp_flow_stats • Aggregate flow statistics • • Flow table statistics Port statistics • • The request body is empty The reply body is an array of struct ofp_table_stats • The request body is struct ofp_port_stats_request The reply body is an array of struct ofp_port_stats • Queue statistics for a port
Message type description Request/Reply Body • Table features • • Port description • • Message Support The reply body is struct ofp_meter_features OFPMP_TABLE_FEATURES = The request body is empty or 12 contains an array of struct ofp_table_features that includes the controller's desired view of the switch.
Property type Supported/Not supported OFPTFPT_APPLY_ACTIONS_MISS = 7 Not supported OFPTFPT_MATCH = 8 Supported OFPTFPT_WILDCARDS = 10 Supported OFPTFPT_WRITE_SETFIELD = 12 Supported OFPTFPT_WRITE_SETFIELD_MISS = 13 Not supported OFPTFPT_APPLY_SETFIELD = 14 Supported OFPTFPT_APPLY_SETFIELD_MISS = 15 Not supported Group configuration Table 27.
Flow-removed reasons Table 30. Supported reasons Flow-removed reasons Supported/Not supported OFPRR_IDLE_TIMEOUT = 0 Supported OFPRR_HARD_TIMEOUT = 1 Supported OFPRR_DELETE = 2 Supported OFPRR_GROUP_DELETE = 3 Not supported Error types from switch to controller Table 31.
Error types Supported/Not supported OFPBRC_BAD_TYPE = 1 Supported OFPBRC_BAD_MULTIPART = 2 Not supported OFPBRC_BAD_EXPERIMENTER = 3 Not supported OFPBRC_BAD_EXP_TYPE = 4 Not supported OFPBRC_EPERM = 5 Not supported OFPBRC_BAD_LEN = 6 Supported OFPBRC_BUFFER_EMPTY = 7 Not supported OFPBRC_BUFFER_UNKNOWN = 8 Not supported OFPBRC_BAD_TABLE_ID = 9 Supported OFPBRC_IS_SLAVE = 10 Not supported OFPBRC_BAD_PORT = 11 Supported OFPBRC_BAD_PACKET = 12 Not supported OFPBRC_MULTIPART_BUFFER_OV
Error types Supported/Not supported OFPBAC_BAD_SET_TYPE = 13 Not supported OFPBAC_BAD_SET_LEN = 14 Not supported OFPBAC_BAD_SET_ARGUMENT = 15 Supported Bad instruction code OFPBIC_UNKNOWN_INST = 0 Not supported OFPBIC_UNSUP_INST = 1 Not supported OFPBIC_BAD_TABLE_ID = 2 Not supported OFPBIC_UNSUP_METADATA = 3 Not supported OFPBIC_UNSUP_METADATA_MASK = 4 Not supported OFPBIC_BAD_EXPERIMENTER = 5 Not supported OFPBIC_BAD_EXP_TYPE = 6 Not supported OFPBIC_BAD_LEN = 7 Not supported OFPBI
Error types Supported/Not supported OFPFMFC_UNKNOWN = 0 Supported OFPFMFC_TABLE_FULL = 1 Supported OFPFMFC_BAD_TABLE_ID = 2 Supported OFPFMFC_OVERLAP = 3 Supported OFPFMFC_EPERM = 4 Not supported OFPFMFC_BAD_TIMEOUT = 5 Not supported OFPFMFC_BAD_COMMAND = 6 Supported OFPFMFC_BAD_FLAGS = 7 Not supported Group modification failed code OFPGMFC_GROUP_EXISTS = 0 Not supported OFPGMFC_INVALID_GROUP = 1 Not supported OFPGMFC_WEIGHT_UNSUPPORTED = 2 Not supported OFPGMFC_OUT_OF_GROUPS = 3 No
Error types Supported/Not supported OFPPMFC_BAD_CONFIG = 2 Not supported OFPPMFC_BAD_ADVERTISE = 3 Not supported OFPPMFC_EPERM = 4 Not supported Table modification failed code OFPTMFC_BAD_TABLE = 0 Supported OFPTMFC_BAD_CONFIG = 1 Not supported OFPTMFC_EPERM = 2 Not supported Queue operation failed code OFPQOFC_BAD_PORT = 0 Supported OFPQOFC_BAD_QUEUE = 1 Not supported OFPQOFC_EPERM = 2 Not supported Switch configuration failed code OFPSCFC_BAD_FLAGS = 0 Not supported OFPSCFC_BAD_LEN =
OpenFlow use cases OS10 OpenFlow protocol support allows the flexibility of using vendor-neutral applications and to use applications that you create. For example, the OS10 OpenFlow implementation supports L2 applications similar to the ones found in the following websites: • https://github.com/osrg/ryu/tree/master/ryu/app (only L2 applications are supported) • https://github.com/osrg/ryu/tree/master/ryu/app NOTE: OS10 supports applications based on OpenFlow versions 1.0 and 1.3.
2 b 4 Configure the logical switch instance, of-switch-1. OS10# configure terminal OS10 (config)# openflow OS10 (config-openflow)# switch of-switch-1 Option 2; for in-band management: 1 Configure one of the front-panel ports as the management port. OS10# configure terminal OS10 (config)# openflow OS10 (config-openflow)# in-band-mgmt interface ethernet 1/1/1 OS10 (config-openflow)# 2 Configure an IPv4 address on the front-panel management port.
where server-ip refers to the server where you have stored the certificates, and username and password refers to the credentials you need to access the server with the certificates. 3 Perform the steps described in the Configure OpenFlow protocol on the switch topic to configure OpenFlow. OpenFlow commands controller Configures an OpenFlow controller that the logical switch instance connects to.
dpid-mac-address Specifies the MAC address bits of the datapath ID (DPID) of the logical switch instance. Syntax dpid-mac-address MAC-address Parameters MAC-address—48-bit MAC address in hexadecimal notation, nn:nn:nn:nn:nn:nn Default MAC address Command Mode OPENFLOW SWITCH CONFIGURATION Usage Information The controller uses the DPID to identify the logical switch instance. The DPID is a 64-bit number that is sent to the controller in the features_reply message.
OS10 (config-openflow)# in-band-mgmt interface ethernet 1/1/1 OS10 (config-openflow)# no shutdown Supported Releases 10.4.1 or later max-backoff Configures the time interval, in seconds, that the logical switch instance waits after requesting a connection with the OpenFlow controller. Syntax max-backoff interval Parameters interval—Enter the amount of time, in seconds, that the logical switch instance waits after it attempts to establish a connection with the OpenFlow controller, from 1 to 65,535.
openflow Enters OPENFLOW configuration mode. Syntax openflow Parameters None Default None Command Mode CONFIGURATION Usage Information All OpenFlow configurations are performed in this mode. The no form of this command prompts a switch reload. If you enter yes, the system deletes all OpenFlow configurations and the switch returns to the normal mode after the reload. Example OS10# configure terminal OS10(config)# openflow OS10 (config-openflow)# Supported Releases 10.4.
• negotiate—Enter the keyword to negotiate versions 1.0 or 1.3 with the controller. The highest of the supported versions is selected. • 1.0—Specify the logical switch instance OpenFlow protocol version as 1.0. • 1.3—Specify the logical switch instance OpenFlow protocol version as 1.3. Default negotiate Command Mode OPENFLOW SWITCH CONFIGURATION Usage Information Example NOTE: Only use this command should be run when the logical switch instance is disabled.
The no form of this command disables rate limiting on the controller connection. NOTE: This command is a software rate limiting command and applies only to the OpenFlow channel connection between the controller and the logical switch instance. This command is not related to the switch's data-plane rate limits. Example The following example configures a logical switch instance, of-switch-1, with an OpenFlow controller at a rate of 1000 PPS and packet bursts of 300 packets.
show openflow flows Displays OpenFlow flows for a specific logical switch instance. Syntax show openflow switch logical-switch-name flows Parameters logical-switch-name—Enter the logical switch instance name to view flow information.
Interface Name of-port ID TYPE ethernet1/1/1 1 COPPER ethernet1/1/2 5 COPPER ethernet1/1/3:1 9 FIBER ethernet1/1/3:2 10 FIBER ethernet1/1/3:3 11 FIBER ethernet1/1/3:4 12 FIBER ethernet1/1/4 13 COPPER ethernet1/1/5:1 17 FIBER ethernet1/1/5:2 18 FIBER ethernet1/1/5:3 19 FIBER ethernet1/1/5:4 20 FIBER ethernet1/1/6 21 NONE ethernet1/1/7 25 NONE ethernet1/1/8 29 COPPER ethernet1/1/9 33 NONE ethernet1/1/10 37 NONE ethernet1/1/11 41 COPPER ethernet1/1/12 45 COPPER ethernet1/1/13 49 NONE ethernet1/1/14 53 NONE eth
NONE ethernet1/1/29 NONE ethernet1/1/30 NONE ethernet1/1/31 NONE ethernet1/1/32 NONE Supported Releases 113 PORT_UP(CLI) LINK_DOWN 0MB FD NO 117 PORT_UP(CLI) LINK_DOWN 0MB FD NO 121 PORT_UP(CLI) LINK_DOWN 0MB FD NO 125 PORT_UP(CLI) LINK_DOWN 0MB FD NO 10.4.1 or later show openflow switch Displays OpenFlow parameters for the switch instance.
Command Mode EXEC Usage Information None Example OS10# show openflow switch of-switch-1 controllers Logical switch name: of-switch-1 Total Controllers: 1 Controller: 1 Target: 10.16.208.150:6633 Protocol: TCP Connected: NO Role: Equal Last_error: Network is unreachable State: BACKOFF sec_since_disconnect: 0 Supported Releases 10.4.1 or later switch Creates a logical switch instance or modifies an existing logical switch instance.
NOTE: • The ntp subcommand under the interface command is not applicable when the switch is in OpenFlow mode. • The ip and ipv6 subcommands under the interface command are applicable only when you configure the interface as the management port using the in-band-mgmt command. • The ip and ipv6 commands must be used only in In-Band mode (using the in-band-mgmt command). Table 32.
Mode Available CLI commands radius-server rest scale-profile support-assist system tacacs-server trust username userrole EXEC All commands The following debug commands are not available: • debug iscsi • debug radius • debug tacacs+ LAG INTERFACE CONFIGURATION LAG is not supported. LOOPBACK INTERFACE CONFIGURATION Loopback interface is not supported. INTERFACE CONFIGURATION description end exit ip mtu negotiation ntp show shutdown VLAN INTERFACE CONFIGURATION VLAN is not supported.
9 Access Control Lists OS10 uses two types of access policies — hardware-based ACLs and software-based route-maps. Use an ACL to filter traffic and drop or forward matching packets. To redistribute routes that match configured criteria, use a route-map. ACLs ACLs are a filter containing criterion to match; for example, examine IP, TCP, or UDP packets, and an action to take such as forwarding or dropping packets at the NPU. ACLs permit or deny traffic based on MAC and/or IP addresses.
• Source and destination UDP port number For ACL, TCP, and UDP filters, match criteria on specific TCP or UDP ports. For ACL TCP filters, you can also match criteria on established TCP sessions. When creating an ACL, the sequence of the filters is important. You can assign sequence numbers to the filters as you enter them or OS10 can assign numbers in the order you create the filters. The sequence numbers display in the show running-configuration and show ip access-lists [in | out] command output.
To configure control-plane ACLs, use the existing ACL template and create the appropriate rules to permit or deny traffic as needed, similar to creating an access list for VTY ACLs. However, when you apply this control-plane ACL, you must apply it in CONTROL-PLANE mode instead of VTY mode. For example: OS10# configure terminal OS10(config)# control-plane OS10(config-control-plane)# ip access-group acl_name in where acl_name is the name of the control-plane ACL, a maximum of 140 characters.
IP fragments ACL When a packet exceeds the maximum packet size, the packet is fragmented into a number of smaller packets that contain portions of the contents of the original packet. This packet flow begins with an initial packet that contains all of the Layer 3 (L3) and Layer 4 (L4) header information contained in the original packet, and is followed by a number of packets that contain only the L3 header information.
Permit all packets from host OS10(config)# ip access-list ABC OS10(conf-ipv4-acl)# permit tcp host 10.1.1.1 any eq 24 OS10(conf-ipv4-acl)# deny ip any any fragment Permit only first fragments and non-fragmented packets from host OS10(config)# ip access-list ABC OS10(conf-ipv4-acl)# permit tcp host 10.1.1.1 any eq 24 OS10(conf-ipv4-acl)# permit tcp host 10.1.1.
Assign sequence number to filter OS10(config)# ip access-list acl1 OS10(conf-ipv4-acl)# seq 5 deny tcp any any capture session 1 count View ACLs and packets processed through ACL OS10# show ip access-lists in Ingress IP access-list acl1 Active on interfaces : ethernet1/1/5 seq 5 permit ip any any count (10000 packets) L2 and L3 ACLs Configure both L2 and L3 ACLs on an interface in L2 mode. Rules apply if you use both L2 and L3 ACLs on an interface.
Configure IP ACL OS10(config)# interface ethernet 1/1/28 OS10(conf-if-eth1/1/28)# ip address 10.1.2.0/24 OS10(conf-if-eth1/1/28)# ip access-group abcd in View ACL filters applied to interface OS10# show ip access-lists in Ingress IP access-list acl1 Active on interfaces : ethernet1/1/28 seq 10 permit ip host 10.1.1.1 host 100.1.1.1 count (0 packets) seq 20 deny ip host 20.1.1.1 host 200.1.1.1 count (0 packets) seq 30 permit ip 10.1.2.0/24 100.1.2.0/24 count (0 packets) seq 40 deny ip 20.1.2.0/24 200.1.2.
You can use an egress ACL filter to restrict egress traffic. For example, when a denial of service (DOS) attack traffic is isolated to a specific interface, apply an egress ACL filter to block the flow from exiting the network and thus protect downstream devices. 1 Apply an access-list on the interface with egress direction in INTERFACE mode. ip access-group access-group-name out 2 Return to CONFIGURATION mode. exit 3 Create the access-list in CONFIGURATION mode.
For example, in 112.24.0.0/16, the first 16 bits of the address 112.24.0.0 match all addresses between 112.24.0.0 to 112.24.255.255. Use permit or deny filters for specific routes with the le (less or equal) and ge (greater or equal) parameters, where x.x.x.x/x represents a route prefix: • To deny only /8 prefixes, enter deny x.x.x.x/x ge 8 le 8 • To permit routes with the mask greater than /8 but less than /12, enter permit x.x.x.x/x ge 8 le 12 • To deny routes with a mask less than /24, enter deny x.
To filter the routes for redistribution, combine route-maps and IP prefix lists. If the route or packet matches the configured criteria, the OS10 processes the route based on the permit or deny configuration of the prefix list.
Check match routes OS10(config)# route-map test permit 1 0S10(conf-route-map)# match tag 250000 OS10(conf-route-map)# set weight 100 Set conditions There is no limit to the number of set commands per route map, but keep the number of set filters in a route-map low. The set commands do not require a corresponding match command. • Enter the IP address in A.B.C.D format of the next-hop for a BGP route update in ROUTE-MAP mode.
When a packet arrives at a monitored port, the packet validates against the configured ACL rules. If the packet matches an ACL rule, the system examines the corresponding flow processor and performs the action specified for that port. If the mirroring action is set in the flow processor entry, the port details are sent to the destination port. Flow-based mirroring Flow-based mirroring is a mirroring session in which traffic matches specified policies that are mirrored to a destination port.
3 Define ACL rules that include the keywords capture session session-id in CONFIGURATION mode. The system only considers port monitoring traffic that matches rules with the keywords capture session. ip access-list 4 Apply the ACL to the monitored port in INTERFACE mode.
Supported Releases 10.2.0E or later clear ipv6 access-list counters Clears IPv6 access-list counters for a specific access-list. Syntax clear ipv6 access-list counters [access-list-name] Parameters access-list-name — (Optional) Enter the name of the IPv6 access-list to clear counters. A maximum of 140 characters. Default Not configured Command Mode EXEC Usage Information If you do not enter an access-list name, all IP access-list counters clear.
Parameters • protocol-number — (Optional) Enter the protocol number identified in the IP header, from 0 to 255. • icmp — (Optional) Enter the ICMP address to deny. • ip — (Optional) Enter the IP address to deny. • tcp — (Optional) Enter the TCP address to deny. • udp — (Optional) Enter the UDP address to deny. • A.B.C.D — Enter the IP address in dotted decimal format. • A.B.C.D/x — Enter the number of bits to match to the dotted decimal address.
Usage Information The no version of this command removes the filter. Example OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# deny ipv6 any any capture session 1 Supported Releases 10.2.0E or later deny (MAC) Configures a filter to drop packets with a specific MAC address.
Command Mode IPV4-ACL Usage Information The no version of this command removes the filter. Example OS10(config)# ip access-list egress OS10(conf-ipv4-acl)# deny icmp any any capture session 1 Supported Releases 10.2.0E or later deny icmp (IPv6) Configures a filter to drop all or specific ICMP messages.
Command Mode IPV4-ACL Usage Information The no version of this command removes the filter. Example OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# deny ip any any capture session 1 count Supported Releases 10.2.0E or later deny ipv6 Configures a filter to drop all or specific packets from an IPv6 address.
– fin — (Optional) Set the bit as finish—no more data from sender. – psh — (Optional) Set the bit as push. – rst — (Optional) Set the bit as reset. – syn — (Optional) Set the bit as synchronize. – urg — (Optional) Set the bit set as urgent. • operator — (Optional) Enter a logical operator to match the packets on the specified port number.
Command Mode IPV6-ACL Usage Information The no version of this command removes the filter. Example OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# deny tcp any any capture session 1 Supported Releases 10.2.0E or later deny udp Configures a filter to drop User Datagram Protocol (UDP) packets meeting the filter criteria. Syntax Parameters deny udp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [A.B.C.D | A.B.C.
deny udp (IPv6) Configures a filter to drop UDP IPv6 packets that match filter criteria. Syntax deny udp [A::B | A::B/x | any | host ipv6-address [operator]] [A::B | A:B/x | any | host ipv6-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | dscp value | fragment] Parameters • A::B — Enter the IPv6 address in hexadecimal format separated by colons. • A::B/x — Enter the number of bits to match to the IPv6 address.
Command Modes IPV4-ACL, IPV6-ACL, MAC-ACL Usage Information The no version of this command deletes the ACL description. Example OS10(conf-ipv4-acl)# description ipacltest Supported Releases 10.2.0E or later ip access-group Configures an IP access group. Syntax Parameters ip access-group access-list-name {in | out} • access-list-name — Enter the name of an IPv4 access list. A maximum of 140 characters. • in — Apply the ACL to incoming traffic. • out — Apply the ACL to outgoing traffic.
ip as-path access-list Create an AS-path ACL filter for BGP routes using a regular expression. Syntax ip as-path access-list name {deny | permit} regexp-string Parameters • name — Enter an access list name. • deny | permit — Reject or accept a matching route. • regexp-string — Enter a regular expression string to match an AS-path route attribute. Defaults Not configured Command Mode CONFIGURATION Usage Information You can specify an access-list filter on inbound and outbound BGP routes.
Supported Release 10.3.0E or later ip community–list standard permit Creates a standard community list for BGP to permit access. Syntax Parameters ip community-list standard name permit {aa:nn | no-advertise | local-as | noexport | internet} • name — Enter the name of the standard community list used to identify one more deny groups of communities.
ip extcommunity-list standard permit Creates an extended community list for BGP to permit access. Syntax ip extcommunity-list standard name permit {4byteas-generic | rt | soo} Parameters • name — Enter the name of the community list used to identify one or more permit groups of extended communities. • rt — Enter the route target. • soo — Enter the route origin or site-of-origin.
• le — Enter to indicate the network address is less than or equal to the range specified. • prefix-len — Enter the prefix length. Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the specified prefix-list. Example OS10(config)# ip prefix-list denyprefix deny 10.10.10.2/16 le 30 Supported Release 10.3.0E or later ip prefix-list permit Creates a prefix-list to permit route filtering from a specified network address.
Usage Information The no version of this command removes the specified prefix list. Example OS10(config)# ip prefix-list seqprefix seq 65535 deny 10.10.10.1/16 ge 10 Supported Release 10.3.0E or later ip prefix-list seq permit Configures a filter to permit route filtering from a specified prefix list. Syntax ipv6 prefix-list [name] seq num permit A::B/x [ge | le} prefix-len Parameters • name — Enter the name of the prefix list. • num — Enter the sequence list number. • A.B.C.
Example (Controlplane ACL) OS10# configure terminal OS10(config)# control-plane OS10(config-control-plane)# ipv6 access-group aaa-cp-acl in Supported Releases 10.2.0E or later; 10.4.1 or later (control-plane ACL) ipv6 access-list Creates an IP access list to filter based on an IPv6 address. Syntax ipv6 access-list access-list-name Parameters access-list-name — Enter the name of an IPv6 access list. A maximum of 140 characters.
• description — Enter the description for the named prefix-list. Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the specified prefix list. Example OS10(config)# ipv6 prefix-list TEST description TEST_LIST Supported Release 10.3.0E or later ipv6 prefix-list permit Creates a prefix-list to permit route filtering from a specified IPv6 network address.
Example OS10(config)# ipv6 prefix-list TEST seq 65535 deny AB20::1/128 ge 10 Supported Release 10.3.0E or later ipv6 prefix-list seq permit Configures a filter to permit route filtering from a specified prefix-list. Syntax Parameters ipv6 prefix-list [name] seq num permit A::B/x [ge | le} prefix-len • name — (Optional) Enter the name of the IPv6 prefix-list. • num — Enter the sequence number of the specified IPv6 prefix list. • A::B/x — Enter the IPv6 address and mask in /prefix format (/x).
Example (Controlplane ACL) OS10# configure terminal OS10(config)# control-plane OS10(config-control-plane)# mac access-group maclist in Supported Releases 10.2.0E or later; 10.4.1 or later (control-plane ACL) mac access-list Creates a MAC access list to filter based on an MAC address. Syntax mac access-list access-list-name Parameters access-list-name — Enter the name of a MAC access list. A maximum of 140 characters.
Example OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# permit udp any any capture session 1 Supported Releases 10.2.0E or later permit (IPv6) Configures a filter to allow packets with a specific IPv6 address.
– cos — (Optional) Enter the CoS value, from 0 to 7. – vlan — (Optional) Enter the VLAN number, from 1 to 4093. Default Not configured Command Mode MAC-ACL Usage Information The no version of this command removes the filter. Example OS10(config)# mac access-list macacl OS10(conf-mac-acl)# permit 00:00:00:00:11:11 00:00:11:11:11:11 any cos 7 OS10(conf-mac-acl)# permit 00:00:00:00:11:11 00:00:11:11:11:11 any vlan 2 Supported Releases 10.2.
– dscp value — (Optional) Permit a packet based on the DSCP values, from 0 to 63. – fragment — (Optional) Use ACLs to control packet fragments. • host ipv6-address — (Optional) Enter the IPv6 address to use a host address only. Default Not configured Command Mode IPV6-ACL Usage Information The no version of this command removes the filter. Example OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# permit icmp any any capture session 1 Supported Releases 10.2.
– dscp value — (Optional) Enter to deny a packet based on the DSCP values, from 0 to 63. – fragment — (Optional) Enter to use ACLs to control packet fragments. • host ipv6–address — Enter the IPv6 address to use a host address only. Default Not configured Command Mode IPV6-ACL Usage Information The no version of this command removes the filter. Example OS10(conf-ipv6-acl)# permit ipv6 any any count capture session 1 Supported Releases 10.2.
Usage Information The no version of this command removes the filter. Example OS10(conf-ipv4-acl)# permit tcp any any capture session 1 Supported Releases 10.2.0E or later permit tcp (IPv6) Configures a filter to permit TCP packets meeting the filter criteria.
– lt — (Optional) Permit packets which are less than. – gt — (Optional) Permit packets which are greater than. – neq — (Optional) Permit packets which are not equal to. – range — (Optional) Permit packets with a specific source and destination address. – ack — (Optional) Set the bit as acknowledgement. – fin — (Optional) Set the bit as finish—no more data from sender. – psh — (Optional) Set the bit as push. – rst — (Optional) Set the bit as reset. – syn — (Optional) Set the bit as synchronize.
– gt — Greater than – lt — Lesser than – neq — Not equal to – range — Range of ports, including the specified port numbers. • host ipv6-address — (Optional) Enter the keyword and the IPv6 address to use a host address only. Default Not configured Command Mode IPV6-ACL Usage Information The no version of this command removes the filter. Example OS10(conf-ipv6-acl)# permit udp any any capture session 1 count Supported Releases 10.2.0E or later remark Specifies an ACL entry description.
• A.B.C.D — Enter the IP address in dotted decimal format. • A.B.C.D/x — Enter the number of bits that must match the dotted decimal address. • any — (Optional) Set all routes which are subject to the filter: – capture — (Optional) Capture packets the filter processes. – dscp value — (Optional) Permit a packet based on the DSCP values, from 0 to 63. – fragment — (Optional) Use ACLs to control packet fragments. • host ip-address — (Optional) Enter the IP address to use a host address only.
Example OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# seq 5 deny ipv6 any any capture session 1 count Supported Releases 10.2.0E or later seq deny (MAC) Assigns a sequence number to a deny filter in a MAC access list while creating the filter.
– fragment — (Optional) Use ACLs to control packet fragments. • host ip-address — (Optional) Enter the IP address to use a host IP address only. Default Not configured Command Mode IPV4-ACL Usage Information The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. Example OS10(config)# ip access-list egress OS10(conf-ipv4-acl)# seq 5 deny icmp any any capture session 1 Supported Releases 10.2.
• A.B.C.D — Enter the IP address in dotted decimal format. • A.B.C.D/x — Enter the number of bits that must match the dotted decimal address. • any — (Optional) Set all routes which are subject to the filter: – capture — (Optional) Capture packets the filter processes. – dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63. – fragment — (Optional) Use ACLs to control packet fragments. • host ip-address — (Optional) Enter the IP address to use a host address only.
seq deny tcp Assigns a filter to deny TCP packets while creating the filter. Syntax seq sequence-number deny tcp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [operator] ] [ack | fin | psh | rst | syn | urg] [capture | dscp value | fragment] Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A.B.C.D — Enter the IP address in dotted decimal format. • A.B.C.
seq deny tcp (IPv6) Assigns a filter to deny TCP packets while creating the filter. Syntax Parameters seq sequence-number deny tcp [A::B | A::B/x | any | host ipv6-address [operator]] [A::B | A:B/x | any | host ipv6-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | dscp value | fragment] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A::B — Enter the IPv6 address in hexadecimal format separated by colons.
seq deny udp Assigns a filter to deny UDP packets while creating the filter. Syntax seq sequence-number deny udp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [operator] ] [ack | fin | psh | rst | syn | urg] [capture | dscp value | fragment] Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A.B.C.D — Enter the IP address in dotted decimal format. • A.B.C.
seq deny udp (IPv6) Assigns a filter to deny UDP packets while creating the filter. Syntax Parameters seq sequence-number deny udp [A::B | A::B/x | any | host ipv6-address [operator]] [A::B | A:B/x | any | host ipv6-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | dscp value | fragment] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A::B — Enter the IPv6 address in hexadecimal format separated by colons.
seq permit Assigns a sequence number to permit packets while creating the filter. Syntax seq sequence-number permit [protocol-number A.B.C.D | A.B.C.D/x | any | host ip-address] [A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | dscp value| fragment]] Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • protocol-number — (Optional) Enter the protocol number, from 0 to 255. • A.B.C.
Default Not configured Command Mode IPV6-ACL Usage Information The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. Example OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# seq 10 permit ipv6 any any capture session 1 Supported Releases 10.2.0E or later seq permit (MAC) Assigns a sequence number to permit MAC addresses while creating a filter.
Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A.B.C.D — Enter the IP address in dotted decimal format. • A.B.C.D/x — Enter the number of bits that must match the dotted decimal address. • any — (Optional) Set all routes are which subject to the filter: – capture — (Optional) Capture packets the filter processes. – dscp value — (Optional) Permit a packet based on the DSCP values, from 0 to 63.
seq permit ip Assigns a sequence number to allow packets while creating the filter. Syntax Parameters seq sequence-number permit ip [A.B.C.D | A.B.C.D/x | any | host ip-address] [A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | dscp value| fragment] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A.B.C.D — Enter the IP address in dotted decimal format. • A.B.C.
Usage Information The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. Example OS10(config)# ipv6 access-list egress OS10(conf-ipv6-acl)# seq 5 permit ipv6 any any capture session 1 Supported Releases 10.2.0E or later seq permit tcp Assigns a sequence number to allow TCP packets while creating the filter. Syntax seq sequence-number permit tcp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.
seq permit tcp (IPv6) Assigns a sequence number to allow TCP IPv6 packets while creating the filter. Syntax Parameters seq sequence-number permit tcp [A::B | A::B/x | any | host ipv6-address [operator]] [A::B | A:B/x | any | host ipv6-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | dscp value| fragment] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214.
seq permit udp Assigns a sequence number to allow UDP packets while creating the filter. Syntax seq sequence-number permit udp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [operator] ] [ack | fin | psh | rst | syn | urg] [capture | dscp value | fragment] Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A.B.C.
seq permit udp (IPv6) Assigns a sequence number to allow UDP IPv6 packets while creating a filter. Syntax Parameters seq sequence-number permit udp [A::B | A::B/x | any | host ipv6-address [operator]] [A::B | A:B/x | any | host ipv6-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | dscp value | fragment] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214.
Parameters • ip — View IP access list information. • mac — View MAC access group information. • ipv6 — View IPv6 access group information. • access-group name — Enter the name of the access group.
Example (MAC In) OS10# show mac access-lists in Ingress MAC access list aaa Active on interfaces : ethernet1/1/1 ethernet1/1/2 seq 10 permit any any seq 20 permit 11:11:11:11:11:11 22:22:22:22:22:22 any monitor Example (MAC Out) OS10# show mac access-lists out Egress MAC access list aaa Active on interfaces : ethernet1/1/1 ethernet1/1/2 seq 10 permit any any seq 20 permit 11:11:11:11:11:11 22:22:22:22:22:22 any monitor Example (IP In) OS10# show ip access-lists in Ingress IP access list aaaa Active on in
Example (IPv6 In Control-plane ACL) OS10# show ipv6 access-lists in Ingress IPV6 access-list aaa-cp-acl Active on interfaces : control-plane data seq 10 permit ipv6 any any control-plane mgmt seq 10 permit ipv6 any any Example (MAC In Control-plane ACL) OS10# show mac access-lists in Ingress MAC access-list mac-cp1 Active on interfaces : control-plane data seq 10 deny any any count (159 packets) Supported Releases 10.2.0E or later; 10.4.
show ip extcommunity-list Displays the configured IP external community lists in alphabetic order. Syntax show ip extcommunity-list [name] Parameters name — (Optional) Enter the name of the extended IP external community list. A maximum of 140 characters. Defaults None Command Mode EXEC Usage Information None Example OS10# show ip extcommunity-list Standard Extended Community List hello permit RT:1:1 deny SOO:1:4 Supported Releases 10.3.
continue Configures the next sequence of the route map. Syntax continue seq-number Parameters seq-number — Enter the next sequence number, from 1 to 65535. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes a match. Example OS10(config)# route-map bgp OS10(conf-route-map)# continue 65535 Supported Releases 10.3.0E or later match as-path Configures a filter to match routes that have a certain AS path in their BGP paths.
Supported Releases 10.3.0E or later match extcommunity Configures a filter to match routes that have a certain EXTCOMMUNITY attribute in their BGP path. Syntax Parameters match extcommunity extcommunity-list-name [exact-match] • extcommunity-list-name — Enter the name of a configured extcommunity list. • exact-match — (Optional) Select only those routes with the specified extcommunity list name.
• access-list-name — Enter the name of the configured access list. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes a match. Example OS10(config)# route-map bgp OS10(conf-route-map)# match ip address Supported Releases prefix-list test10 10.3.0E or later match ip next-hop Configures a filter to match based on the next-hop IP addresses specified in IP prefix lists.
match ipv6 next-hop Configures a filter to match based on the next-hop IPv6 addresses specified in IP prefix lists. Syntax match ipv6 next-hop prefix-list prefix-list Parameters prefix-list — Enter the name of the configured prefix list. A maximum of 140 characters. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes the match.
Supported Releases 10.3.0E or later match route-type Configures a filter to match routes based on how the route is defined. Syntax match route-type {{external {type-1 | type-2} | internal | local } Parameters • external — Match only on external OSPF routes. Enter the keyword then one of the following: – type–1 — Match only on OSPF Type 1 routes. – type–2 — Match only on OSPF Type 2 routes. • • internal — Match only on routes generated within OSPF areas.
• sequence-number — (Optional) Enter the number to identify the route-map for editing and sequencing number from 1 to 65535. The default is 10. • permit — (Optional) Set the route-map default as permit. • deny — (Optional) Set the route default as deny. Default Not configured Command Mode CONFIGURATION Usage Information Use caution when you delete route-maps — if you do not enter a sequence number, all route-maps with the same map-name are deleted.
Example OS10(config)# route-map bgp OS10(conf-route-map)# set comm-list comlist1 delete Supported Releases 10.3.0E or later set community Sets the community attribute in BGP updates. Syntax set community {none | community-number} Parameters • none — Enter to remove the community attribute from routes meeting the route map criteria. • community-number — Enter the community number in aa:nn format, where aa is the AS number (2 bytes) and nn is a value specific to that AS.
Parameter extcommunity-list-name — Enter the name of an established extcommunity list. A maximum of 140 characters. Defaults None Command Mode ROUTE-MAP Usage Information To add communities in an extcommunity list to the EXT COMMUNITY attribute in a BGP route, use the set extcomm-list add command. Example OS10(config)# route-map bgp OS10(conf-route-map)# set extcomm-list TestList delete Supported Releases 10.3.
set metric Set a metric value for a routing protocol. Syntax set metric [+ | -] metric-value Parameters • + — (Optional) Add a metric value to the redistributed routes. • - — (Optional) Subtract a metric value from the redistributed routes. • metric-value — Enter a new metric value, from 0 to 4294967295. Default Not configured Command Mode ROUTE-MAP Usage Information To establish an absolute metric, do not enter a plus or minus sign before the metric value.
– external — Sets the cost of the external routes so that it is equal to the sum of all internal costs and the external cost. – internal — Sets the cost of the external routes so that it is equal to the external cost alone, the default. The no version of this command removes the set clause from a route map. Example OS10(conf-route-map)# set metric-type internal Supported Releases 10.2.0E or later set next-hop Sets an IPv4 or IPv6 address as the next-hop.
set tag Sets a tag for redistributed routes. Syntax set tag tag-value Parameters tag-value — Enter a tag number for the route to redistribute, from 0 to 4294967295. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes the set clause from a route map. Example OS10(conf-route-map)# set tag 23 Supported Releases 10.2.0E or later set weight Set the BGP weight for the routing table.
route-type external type-1 tag 10 Set clauses: metric-type type-1 origin igp tag 100 Supported Releases 10.3.
10 Quality of service Quality of service (QoS) reserves network resources for highly critical application traffic with precedence over less critical application traffic. QoS enables to prioritize different types of traffic and ensures the required level of quality of service. You can control the following parameters of selected traffic flows: Delay, Bandwidth, Jitter, and Drop.
Configuring QoS is a three-step process: 1 2 Create class-maps to classify the traffic flows. The following are the different types of class-maps: • qos (default)—Classifies the ingress data traffic. • queuing —Classifies the egress queues. • control-plane—Classifies the control-plane traffic. • network-qos—Classifies the set of traffic-class IDs for ingress buffer configurations. • application —Classifies the application type traffic.
• Queuing policies must be applied in the output direction on physical interfaces or on system-qos mode. • Application type policy-map must be applied on system-qos mode. When a policy is applied on system, the policy is effective on all the ports in the system. However, interface level policy gets precedence over system level policy. Ingress traffic classification Ingress traffic can be either data traffic or control traffic.
2 Define the set of dot1p values mapped to traffic-class (qos-group) ID. OS10(config-tmap-dot1p-map)# qos-group 3 dot1p 0-4 OS10(config-tmap-dot1p-map)# qos-group 5 dot1p 5-7 3 Verify the map entries. OS10# show qos maps type trust-map-dot1p dot1p-trust-map DOT1P Priority to Traffic-Class Map : dot1p-trust-map Traffic-Class DOT1P Priority ------------------------------- 4 3 0-4 5 5-7 Apply the map on a specific interface or on system-qos (global) level.
DSCP values TC id Color 24-27 3 G 28-31 3 Y 32-35 4 G 36-39 4 Y 40-43 5 G 44-47 5 Y 48-51 6 G 52-55 6 Y 56-59 7 G 60-62 7 Y 63 7 R User–defined DCSP trust map You can override the default mapping by creating a user defined DSCP trust map. All the unspecified DSCP entries are mapped to the default traffic class ID 0. Configure user–defined DSCP trust map 1 Create a DSCP trust map.
1 Create a default DSCP trust map. OS10(config)# trust dscp-map default OS10(config-tmap-dscp-map)# 2 Apply the map on a specific interface or on system-qos (global) level. • Interface level OS10(conf-if-eth1/1/1)# trust-map dscp default • System-qos level OS10(config-sys-qos)# trust-map dscp default ACL based classification Classify the ingress traffic by matching the packet fields using ACL entries.
• Pre-defined IP access-list OS10(config-cmap-qos)# match ip access-group name ip-acl-1 • Pre-defined IPv6 access-list OS10(config-cmap-qos)#match ipv6 access-group name ACLv6 • Pre-defined MAC access-list OS10(config-cmap-qos)# match mac access-group name mac-acl-1 3 Create a qos type policy-map to refer the classes. OS10(config)# policy-map cos-policy 4 Refer the class-maps in the policy-map and define the required action for the flows.
Control-plane policing Control-plane policing (CoPP) increases security on the system by protecting the route processor from unnecessary traffic and giving priority to important control plane and management traffic. CoPP uses a dedicated control plane configuration through the QoS CLIs to set rate-limiting capabilities for control plane packets.
Configure control-plane policing Rate-limiting the protocol CPU queues requires configuring control-plane type QoS policies. • Create QoS policies (class maps and policy maps) for the desired CPU-bound queue. • Associate the QoS policy with a particular rate-limit. • Assign the QoS service policy to control plane queues. By default, the peak information rate (pir) and committed information rate (cir) values are in packets per second (pps) for control plane.
Assign control-plane service-policy OS10(config)# control-plane OS10(conf-control-plane)# service-policy input copp1 View control-plane service-policy OS10(conf-control-plane)# do show qos control-plane Service-policy (input): copp1 View configuration Use the show commands to display the protocol traffic assigned to each control-plane queue and the current rate-limit applied to each queue. You can also use the show command output to verify the CoPP configuration.
Egress traffic classification Egress traffic is classified into different queues based on the traffic-class ID marked on the traffic flow. You can set the traffic class ID for a flow by enabling trust or by classifying ingress traffic and mark it with a traffic class ID using a policy map. By default, the value of traffic class ID for all the traffic is 0. The order of precedence for qos-map is: 1 Interface level map 2 System-qos level map 3 Default map Table 37.
1 Create a class-map of type queuing to match queue 5 OS10(config)# class-map type queuing q5 2 Define the queue to match OS10(config-cmap-queuing)# match queue 5 Policing traffic Use policing to limit the rate of ingress traffic flow. The flow can be all the ingress traffic on a port or a particular flow assigned with a traffic class ID. In addition, you can use policing to color the traffic. • When traffic arrives at a rate less than the committed rate, the color is green.
Color traffic You can select a traffic flow and mark it with a color. You can color the traffic flow based on: • Metering. See Policing traffic. • Default trust. See Trust based classification. • DSCP , ECN capable traffic (ECT), or non-ECT. Color traffic based on DSCP, ECT, or non-ECT 1 Create a QoS type class-map to match the traffic flow. OS10(config)# class-map cmap-dscp-3-ect OS10(config-cmap-qos)# match ip dscp 3 ecn 1 2 Create a QoS type policy-map to color the traffic flow.
Bandwidth allocation You can allocate relative bandwidth to limit large flows and prioritize smaller flows. Allocate the relative amount of bandwidth to nonpriority queues when priorities queues are consuming maximum link bandwidth. Each egress queue of an interface can be scheduled as per Weighted Deficit Round Robin (WDRR) or by strict-priority (SP), which are mutually exclusive.
• In a port, one H2 node and three H1 nodes are supported. The H1 node holds 8 unicast queues for data traffic, 8 unicast queues for control traffic, and 8 multicast queues for data traffic. • The H1 nodes mapped to data traffic are scheduled with DWRR and weight of 50 each. The H1 node mapped to control traffic is scheduled with strict priority. • The weights corresponding to each traffic class are applied at queue levels for both unicast and multicast queues.
View policy-map OS10(conf-if-eth1/1/5)# do show policy-map Service-policy(queuing) output: solar Class-map (queuing): magnum priority Buffer management OS10 devices distribute the total available buffer resources into two buffer pools at ingress direction and three buffer pools at egress direction of all the physical ports. All ports in a system are allocated a certain amount of buffers from corresponding pools, based on the configuration state of each prioritygroup or queue.
Table 38. Maximum buffer size Platforms Max buffer size S4000 12 MB S6010–ON, S4048–ON 16 MB S41xx 12 MB Z9100–ON 16 MB Default settings for Link-level flow control (LLFC) The following table lists the LLFC buffer settings for the default priority group 7. Table 39.
Configure egress buffer Default settings All port queues are allocated with reserved buffers and when the reserved buffers are consumed, each queue starts using the shared buffer from the default pool. The reserved buffer per queue is 1664 bytes for the speed of 10G, 25G, 40G, 50G, and 100G. The default dynamic shared buffer threshold value is 8. Configure queue buffer settings 1 Create queuing type class-map to match the queue.
6 Enable WRED/ECN on a port. OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# random-detect wred_prof_1 7 Enable WRED/ECN on a service-pool. OS10(config)# system qos OS10(config-sys-qos)# random-detect pool 0 wred_prof_1 Configure congestion avoidance for the S4200 NOTE: For the S4200 platform, ECN can be enabled globally only. Also, ECN configurations can be applied only at the queue level. You cannot configure ECN at interface and service pool levels.
OS10 device monitors the current level of traffic rate at fixed intervals, compares the traffic rate with configured levels, and drops excess traffic. By default, storm control is disabled on all interfaces. You can enable storm control using the storm-control { broadcast | multicast | unknown-unicast } rate-in-pps command in the INTERFACE mode. NOTE: In S5148F-ON, there is a 2% of deviation in the storm control configuration.
7 Create a policy-map for PFC. OS10 (config)# policy-map type network-qos pfcdot1p3 OS10 (config)# class pfcdoc1p3 OS10 (config)# pause 8 Create an egress policy-map. OS10 (config)# policy-map type queuing 2Q OS10 (config)# class Q0 bandwidth percent 30 OS10 (config)# class Q3 bandwidth percent 70 9 Apply the dot1p trust globally or at the interface level. In this example, the dot1p trust is applied globally.
class Creates a QoS class for a type of policy-map. Syntax class class—name Parameters class-name — Enter a name for the class-map (up to 32 characters). Default Not configured Command Mode POLICY-MAP-QUEUEING POLICY-MAP-QOS POLICY-MAP-NQOS POLICY-MAP-CP POLICY-MAP-APPLICATION Usage Information If you define a class-map under a policy-map, the type (qos, queuing, or control-plane) is the same as the policy-map. You must create this map in advance.
Example OS10(config)# class-map type qos match-all c1 OS10(conf-cmap-qos)# Command History 10.2.0E or later clear interface Clears the statistics per-port or for all ports. Syntax clear interface [interface node/slot/port[:subport]] Parameters • interface — (Optional) Enter the interface type. • node/slot/port[:subport] — (Optional) Enter the port information.
• interface ethernet node-id/slot/port-id [:subport] — Clears QoS statistics for an Ethernet interface configured for qos, queuing, or control-plane. Default Not configured Command Mode EXEC Usage Information None Example OS10# clear qos statistics type qos interface ethernet 1/1/5 Example (controlplane) OS10# clear qos statistics type control-plane interface ethernet 1/1/7 Example (queuing) OS10# clear qos statistics type queuing interface ethernet 1/1/2 Supported Releases 10.2.
• off — (Optional) When used with receive, disables the remote device from sending flow control traffic to the local port. When used with transmit, disables the local port from sending flow control traffic to the remote device. Default Disabled (off) Command Mode INTERFACE Usage Information The no version of this command returns the value to the default. Example OS10(conf-if-eth1/1/2)# flowcontrol transmit on Supported Releases 10.3.0E or later match Configures match criteria for the QoS policy.
match cos Matches a cost of service (CoS) value to L2 dot1p packets. Syntax Parameters match [not] cos cos-value • cos-value — Enter a CoS value (0 to 7). • not — Enter not to cancel the match criteria. Default Not configured Command Modes CLASS-MAP Usage Information You cannot have two match statements with the same filter-type. If you enter two match statements with the same filter-type, the second statement overwrites the first statement.
Parameters • not — Enter to cancel a previously applied match precedence rule. • ip — Enter to use IPv4 as the match precedence rule. • ipv6 — Enter to use IPv6 as the match precedence rule. • ip-any — Enter to use both IPv4 and IPv6 as the match precedence rule. • precedence precendence-list — Enter a precedence-list value (0 to 7). Default Not configured Command Mode CLASS-MAP Usage Information You cannot enter two match statements with the same filter-type.
mtu Calculates the buffer size allocation for matched flows. Syntax mtu size Parameters size — Enter the size of the buffer (1500 to 9216). Default 9216 Command Mode POLICY-MAP-CLASS-MAP Usage Information The no version of this command returns the value to the default. Example OS10(conf-pmap-nqos-c)# mtu 2500 Supported Releases 10.3.0E or later pause Enables a pause based on buffer limits for the port to start or stop communication to the peer.
OS10(conf-cmap-nqos-c)# pause buffer-size 45 pause-threshold 30 resumethreshold 30 OS10(config)# policy-map type network-qos nqGlobalpolicy1 OS10(conf-cmap-nqos)# class type network-qos nqclass1 OS10(conf-cmap-nqos-c)# pause buffer-size 45 pause-threshold 30 resumethreshold 10 Supported Releases 10.3.0E or later pfc-cos Configures priority flow-control for cost of service (CoS).
Supported Releases 10.4.0E(R1) or later pfc-shared-buffer-size Changes the shared buffers size limit for priority flow-control enabled flows. Syntax pfc-shared-buffer-size buffer-size Parameters buffer-size — Enter the size of the priority flow-control buffer in KB (0 to 8911). Default 832 KB Command Mode SYSTEM-QOS Usage Information The no version of this command returns the value to the default. Example OS10(conf-sys-qos)# pfc-shared-buffer-size 2000 Supported Releases 10.3.
Defaults • pir peak-rate — Enter a peak-rate value in kilo bits per second (0 to 40000000). • be peak-burst-size — (Optional) Enter a peak burst size in kilo bytes (16 to 200000).
Command Mode POLICY-MAP-CLASS-MAP Usage Information If you use this command, bandwidth is not allowed. Only the egress QoS policy type supports this command. Example OS10(conf-pmap-que)# priority Supported Releases 10.2.0E or later priority-flow-control mode Enables or disables priority flow-control mode on an interface. Syntax Parameters priority-flow-control mode [on] • on — (Optional) Enables priority flow-control mode.
qos-group dscp Configures a dscp trust map to the traffic class. Syntax qos-group tc-list [dscp values] Parameters • qos-group tc-list — Enter the traffic single value class ID (0 to 7). • dscp values — (Optional) Enter either single, comma-delimited, or a hyphenated range of dscp values (0 to 63). Default 0 Command Mode TRUST-MAP Usage Information If the trust map does not define dscp values to any traffic class, those flows are mapped to the default traffic class (0).
• static thresh-value — (Optional) Enter the static shared buffer threshold value in Bytes.(1 to 65535). Default Not configured Command Mode POLICY-MAP-CLASS-MAP Usage Information Use the queue-len value parameter to set the minimum guaranteed queue length for a queue. The no version of this command returns the value to the default.
Usage Information If the trust map does not define traffic class values to a queue, those flows are mapped to the default queue (0). If some of the traffic class values are already mapped to an existing queue, you will receive an error. The no version of this command returns the value to the default. Example OS10(conf-tmap-tc-queue-qos)# queue 2 qos-group 5 Supported Releases 10.3.0E or later random-detect (interface) Assigns a WRED profile to the specified interface.
• minimum-value — Enter the minimum threshold value for the specified color (1 to 12480). • maximum-value — Enter the maximum threshold value for the specified color (1 to 12480). • drop-rate — Enter the rate of drop precedence in percentage (0 to 100). Default Not configured Command Mode WRED CONFIGURATION Usage Information The no version of this command removes the WRED profile.
random-detect pool Assigns a WRED profile to the specified global buffer pool. Syntax random-detect pool pool-value wred-profile-name Parameters • pool-value — Enter the pool value (0 to 1). • wred-profile-name — Enter the name of an existing WRED profile. Default Not configured Command Mode SYSTEM-QOS Usage Information The no version of this command removes the WRED profile from the interface.
• policy-map-name — Enter the policy-map name (up to 32 characters). Default Not configured Command Mode INTERFACE Usage Information Attach only one policy-map to the interface input and output for each qos and queuing policy-map type. You can attach four service-policies to the system QoS — one each for qos, queueing, and network-qos type policymaps. When you configure service policies at the interface-level and system-level, the interface-level policy takes precedence over the system-level policy.
set qos-group Configures marking for the QoS-group queues. Syntax set qos-group queue-number Parameters queue-number — Enter a queue number (0 to 7). Default Not configured Command Mode POLICY-MAP-CLASS-MAP Usage Information The qos or control-plane ingress QoS policy type only supports this command. When class-map type is control-plane, the qos-group corresponds to CPU queues 0 to 11, and when the class-map type is qos, the qos-group corresponds to data queues 0 to 7.
Parameters • type — Enter the policy-map type (qos, queuing, or control-plane). • qos — Displays all policy-maps of qos type. • queuing — Displays all policy-maps of queuing type. • network-qos — Displays all policy-maps of network-qos type. • control-plane — Displays all policy-maps of control-plane type. • class-map-name — Displays the QoS class-map name.
show control-plane statistics Displays counters of all the CPU queue statistics. Syntax show control-plane info Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# Queue 0 1 2 3 4 5 6 7 8 9 10 11 Supported Releases 10.2.
6 7 Supported Releases 0 0 0 0 10.3.0E or later show qos interface Displays the QoS configuration applied to a specific interface. Syntax show qos interface ethernet node/slot/port[:subport] Parameters node/slot/port[:subport] — Enter the Ethernet interface information.
Class-map (qos): c2 set qos-group 2 Supported Releases 10.2.0E or later show qos control-plane Displays the QoS configuration applied to the control-plane. Syntax show qos control-plane Parameters None Default Not configured Command Mode EXEC Usage Information Monitors statistics for the control-plane and troubleshoots CoPP. Example OS10# show qos control-plane Service-policy (Input): p1 Supported Releases 10.2.
show egress buffer-stats interface Displays the buffers statistics for the egress interface. Syntax Parameters show egress buffer-stats interface [interface node/slot/port[:subport]] • interface — (Optional) Enter the interface type. • node/slot/port[:subport] — (Optional) Enter the port information.
5 6 7 Supported Releases - - - - 10.3.0E or later show ingress buffer-stats interface Displays the buffers statistics for the ingress interface. Syntax show ingress buffer-stats interface [interface node/slot/port[:subport]] Parameters • interface — (Optional) Enter the interface type. • node/slot/port[:subport] — (Optional) Enter the port information.
Output Dropped Green Drop Yellow Drop Red drop 0 0 0 0 0 0 0 0 0 0 Example (Queue) OS10# show queuing statistics interface ethernet 1/1/1 queue 3 Interface ethernet1/1/1 Queue 3 Description Packets Bytes Output 0 0 Dropped 0 0 Supported Releases 10.2.0E or later show qos system Displays the QoS configuration applied to the system.
Total buffers Total PFC buffers Total shared PFC buffers Total used PFC buffers Total lossy buffers Total shared lossy buffers Total used lossy buffers Supported Releases - 16384 6833 6833 0 9550 7651 0 10.3.0E or later show qos maps Displays the active system trust map. Syntax show qos maps type {tc-queue | trust-map-dot1p | trust-map dscp} trust-map-name Parameters • dot1p — Enter to view the dot1p trust map. • dscp — Enter to view the dscp trust map.
DOT1P Priority to Traffic-Class Map : dot1p-trustmap1 Traffic-Class DOT1P Priority ------------------------------0 2 1 3 2 4 3 5 4 6 5 7 6 1 DSCP Priority to Traffic-Class Map : dscp-trustmap1 Traffic-Class DSCP Priority ------------------------------0 8-15 2 16-23 1 0-7 Default Dot1p Priority to Traffic-Class Map Traffic-Class DOT1P Priority ------------------------------0 1 1 0 2 2 3 3 4 4 5 5 6 6 7 7 Default Dscp Priority to Traffic-Class Map Traffic-Class DSCP Priority ------------------------------0 0-
show qos wred-profile Displays the details of WRED profile configuration. Syntax show qos wred—profile [wred-profile-name] Parameters wred-profile-name — (Optional) Enter the Ethernet interface information.
system qos Enters SYSTEM-QOS mode to configure system-level service policies. Syntax system qos Parameters None Default Not configured Command Mode CONFIGURATION Usage Information None Example OS10(config)# system qos OS10(config-sys-qos)# Supported Releases 10.2.0E or later trust-map Configures trust map on an interface or on system QoS. Syntax Parameters trust—map {dot1p | dscp} {default | trust-map-name} • dot1p — Apply dot1p trust map. • dscp — Apply dscp trust map.
trust dot1p-map Creates user-defined trust map for dot1p flows. Syntax trust dot1p-map map-name Parameters map-name — Enter the name of the dot1p trust map (up to 32 characters). Default Not configured Command Mode CONFIGURATION Usage Information If trust is enabled, traffic obeys the dot1p map. default-dot1p-trust is a reserved trust-map name. The no version of this command returns the value to the default.
OS10(config-qos-map)# queue 3 qos-group 7 OS10(config-qos-map)# Supported Releases 10.3.0E or later trust-map Applies a dot1p or dscp traffic class to a queue trust map. Syntax Parameters trust {dot1p | dscp} {default | trust-map-name} • dot1p— Applies a dot1p trust map. • dscp—Applies a dscp trust map. • default— Applies a default trust map.
11 Virtual Link Trunking Virtual Link Trunking (VLT) is a Layer 2 (L2) aggregate protocol between end devices (servers) connected to different network devices. VLT reduces the role of Spanning Tree Protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distribution or core switches and supporting a loop-free topology.
VLT physical ports 802.1p, 802.1q, LLDP, flow control, port monitoring, and jumbo frames are supported on VLT physical ports. System management protocols All system management protocols are supported on VLT ports — SNMP, RMON, AAA, ACL, DNS, FTP, SSH, syslog, NTP, RADIUS, SCP, and LLDP. L3 VLAN connectivity Enable L3 VLAN connectivity (VLANs assigned with an IP address) on VLT peers by configuring a VLAN interface for the same VLAN on both devices.
with the lowest system MAC address. You can override the default primary election mechanism by assigning priorities to each node using the primary-priority command. • If the primary peer fails, the secondary peer (with the higher priority) takes the primary role. If the primary peer (with the lower priority) later comes back online, it is assigned the secondary role (there is no preemption). • In a VLT domain, the peer network devices must run the same OS10 software version.
RSTP configuration RSTP mode is supported on VLT ports. Before you configure VLT on peer switches, configure RSTP in the network. RSTP prevents loops during the VLT startup phase. • Enable RSTP on each peer node in CONFIGURATION mode.
RPVST+ configuration RPVST+ mode is supported on VLT ports. Before you configure VLT on peer switches, configure RPVST+ in the network. You can use RPVST+ for initial loop prevention during the VLT startup phase. Configure RPVST+ on both the VLT peers. This creates an RPVST+ instance for every VLAN configured in the system. The RPVST+ instances in the primary VLT peer control the VLT LAGs on both the primary and secondary peers. • Enable RPVST+ on each peer node in CONFIGURATION mode.
Create VLT domain A VLT domain requires an ID number. Configure the same VLT domain ID on both peers, see VLT domain. The no vlt-domain command disables VLT. 1 Configure a VLT domain and enter VLT-DOMAIN mode. Configure the same VLT domain ID on each peer, from 1 to 255. vlt-domain domain-id 2 Repeat the steps on the VLT peer to create the VLT domain.
Configure VLT MAC address You can manually reconfigure the default VLT MAC address. Configure the VLT MAC address symmetrical in both the VLT peer switches to avoid any unpredictable behavior when any unit is down or when VLTi is reset. If you do not configure a VLT MAC address, the MAC address of the primary peer is used as the VLT MAC address across all peers.
OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination ipv6 1::1 vrf management interval 30 The following examples describe different cases where VLT backup link can be used: MAC and ARP not synchronized When VLTi fails, MAC address learnt after the failure is not synchronized with VLT peers. This leads to continuous flooding of traffic instead of unicast. Due to wrong hashing, ARP learning might fail leading to traffic being dropped.
STP failure: When VLTi is down, STP may fail to detect any loops in the system, which creates data loop in an L2 network. In the following illustration, STP is running in all the three switches. In the steady state, VLT peer 1 is elected as the root bridge. When VLTi is down, both the VLT nodes become primary. In this state, VLT peer 2 sends STP BPDU to TOR assuming that TOR sends BPDU to VLT peer 1. Due to this, VLT peer 2 does not receive BPDU on the VLT port, but receives TOR BPDU from orphan port.
When VLT backup link is enabled, the secondary VLT peer identifies the node liveliness of primary through the backup link. If the primary VLT peer is alive, the secondary VLT peer brings down the VLT LAG ports. In this scenario, the STP opens up the orphan port and there is no loop in the system as shown in the following illustration. Configure VLT port-channel A VLT port-channel links an attached device and VLT peer switches, also known as a virtual link trunk.
Configure VLT LAG — peer 1 OS10(config)# interface port-channel 10 OS10(conf-if-po-10)# vlt-port-channel 1 Configure VLT LAG — peer 2 OS10(config)# interface port-channel 20 OS10(conf-if-po-20)# vlt-port-channel 1 VLT unicast routing VLT unicast routing enables optimized routing where packets destined for the L3 endpoint of the VLT peer are locally routed. VLT unicast routing is supported for IPv4 and IPv6. To enable VLT unicast routing, both VLT peers must be in L3 mode.
Configure VRRP active-active mode — peer 1 OS10(conf-if-vl-10)# vrrp mode active-active Configure VRRP active-active mode — peer 2 OS10(conf-if-vl-10)# vrrp mode active-active View VRRP configuration OS10# show running-configuration interface vlan 10 ! interface vlan10 no shutdown no vrrp mode active-active OS10# Migrate VMs across data centers OS10 does not support proxy gateway. Instead of proxy gateway, you can use VRRP in VLANs to migrate virtual machines across data centers.
• Server racks, Rack 1 and Rack 2, are part of data centers DC1 and DC2, respectively. • Rack 1 is connected to devices A1 and B1 in a Layer 2 network segment. • Rack 2 is connected to devices A2 and B2 in a Layer 2 network segment. • A VLT link aggregation group (LAG) is present between A1 and B1 as well as A2 and B2. • A1 and B1 are connected to core routers, C1 and D1 with VLT routing enabled. • A2 and B2 are connected to core routers, C2 and D2, with VLT routing enabled.
C1(conf-vlan100-vrid-10)# priority 250 C1(conf-vlan100-vrid-10)# virtual-address 10.10.100.
D1(conf-if-po-20)# switchport mode trunk D1(conf-if-po-20)# switchport trunk allowed vlan 200 D1(conf-if-po-20)# exit • Add members to port channel 20: D1(config)# interface ethernet 1/1/5 D1(conf-if-eth1/1/5)# channel-group 20 D1(conf-if-eth1/1/5)# exit D1(config)# interface ethernet 1/1/6 D1(conf-if-eth1/1/6)# channel-group 20 D1(conf-if-eth1/1/6)# exit Sample configuration of C2: • Configure VRRP on L2 links between core routers: C2(config)# interface vlan 100 C2(conf-if-vl-100)# ip address 10.10.100.
• Add members to port channel 10: D2(config)# interface ethernet 1/1/3 D2(conf-if-eth1/1/3)# channel-group 10 D2(conf-if-eth1/1/3)# exit D2(config)# interface ethernet 1/1/4 D2(conf-if-eth1/1/4)# channel-group 10 D2(conf-if-eth1/1/4)# exit • Configure OSPF on L3 side of core router: D2(config)# router ospf 100 D2(conf-router-ospf-100)# exit D2(config)# interface vlan 200 D2(conf-if-vl-200)# ip ospf 100 area 0.0.0.
2 OS10# 34:17:eb:3a:c2:80 up fda5:74c8:b79e:1::2 View VLT role * indicates the local peer OS10# show vlt 1 role VLT Unit ID Role -----------------------* 1 primary 2 secondary View VLT mismatch — no mismatch OS10# show vlt 1 mismatch Peer-routing mismatch: No mismatch VLAN mismatch: No mismatch VLT VLAN mismatch: No mismatch View VLT mismatch — mismatch in VLT configuration OS10# show vlt 1 mismatch peer-routing Peer-routing mismatch: VLT Unit ID Peer-routing ----------------------------* 1 Enabled 2 Di
* 1 port-channel1 down 2 0 2 port-channel1 down 2 0 VLT port channel ID : 2 VLT Unit ID Port-Channel Status Configured ports Active ports ---------------------------------------------------------------------* 1 port-channel2 down 1 0 2 port-channel2 down 1 0 VLT port channel ID : 3 VLT Unit ID Port-Channel Status Configured ports Active ports ---------------------------------------------------------------------2 port-channel3 down 1 0 View VLT running configuration OS10# show running-configuration vlt ! vlt
delay-restore Configures a time interval to delay the bringing up of VLT ports after reload or peer-link restoration between the VLT peer switches. Syntax delay-restore seconds Parameters seconds — Enter a delay time, in seconds, to delay bringing up VLT ports after the VLTi device is reloaded, from 1 to 1200. Default 90 seconds Command Mode VLT-DOMAIN Usage Information Use this command to delay the system from bringing up the VLT port for a brief period to allow L3 routing protocols to converge.
Usage Information The no version of this command disables L3 routing. Example OS10(conf-vlt-1)# peer-routing Supported Releases 10.2.0E or later peer-routing-timeout Configures the delay after which peer routing is disabled when the peer is not available. This command is applicable for both IPv6 and IPv4. Syntax peer-routing-timeout value Parameters value — Enter the timeout value in seconds, from 0 to 65535.
Example OS10(conf-vlt-1)#primary-priority 2 Supported Releases 10.4.1.0 or later show spanning-tree virtual-interface Displays details of STP and RPVST+ information specific to VLT. Syntax show spanning-tree virtual-interface [detail] Parameters detail — (Optional) Displays detailed output.
Edge port: No (default) Link Type: Point-to-Point BPDU Sent: 101, Received: 21 Supported Releases 10.3.0E or later show vlt Displays information on a VLT domain. Syntax show vlt id Parameter id — Enter a VLT domain ID, from 1 to 255.
Heartbeat interval Heartbeat timeout Supported Releases : 1 : 3 10.3.1E or later show vlt mac-inconsistency Displays inconsistencies in dynamic MAC addresses learnt between VLT peers across spanned-vlans. Syntax show vlt mac-inconsistency Parameters None Default Not configured Command Mode EXEC Usage Information Use this command to check mismatch of MAC address table entries between VLT peers.
Command Mode EXEC Usage Information The * in the mismatch output indicates a local node entry.
show vlt role Displays the VLT role of the local peer. Syntax show vlt id role Parameters id — Enter the VLT domain ID, from 1 to 255. Default Not configured Command Mode EXEC Usage Information The * in the mismatch output indicates a local node entry. Example OS10# show vlt 1 role VLT Unit ID Role -----------------------* 1 primary 2 secondary Supported Releases 10.2.0E or later show vlt vlt-port-detail Displays detailed status information about VLT ports.
vlt-domain Creates a VLT domain. Syntax vlt-domain domain-id Parameter domain-id — Enter a VLT domain ID on each peer, from 1 to 255. Default None Command Mode CONFIGURATION Usage Information Configure the same VLT domain ID on each peer. If a VLT domain ID mismatch occurs on VLT peers, the VLTi link between peers does not activate. The no version of this command disables VLT. Example OS10(config)# vlt-domain 1 Supported Releases 10.2.
peer switches to avoid any unpredictable behavior. For example, unit down or VLTi reset. The no version of this command disables the VLT MAC address configuration. NOTE: Configure the VLT MAC address as symmetrical in all the VLT peer switches to avoid any unpredictable behavior when any unit is down or when VLTi is reset. Example OS10(conf-vlt-1)# vlt-mac 00:00:00:00:00:02 Supported Releases 10.2.
12 Converged data center services OS10 supports converged data center services, including IEEE 802.1 data center bridging (DCB) extensions to classic Ethernet. DCB provides I/O consolidation in a data center network. Each network device carries multiple traffic classes while ensuring lossless delivery of storage traffic with best-effort for LAN traffic and latency-sensitive scheduling of service traffic. • 802.1Qbb — Priority flow control • 802.1Qaz — Enhanced transmission selection • 802.
PFC configuration notes • PFC is supported for 802.1p priority traffic (dot1p 0 to 7). FCoE traffic traditionally uses dot1p priority 3 — iSCSI storage traffic uses dot1p priority 4. • Configure PFC for ingress traffic by using network-qos class and policy maps (see Quality of Service). The queues used for PFCenabled traffic are treated as lossless queues. Configure the same network-qos policy map on all PFC-enabled ports.
Decide if you want to use the default 802.1p priority-to-traffic class (qos-group) mapping or configure a new map. By default, the qos class-trust class map is applied to ingress traffic. The class-trust class instructs OS10 interfaces to honor dot1p or DSCP traffic. Dot1p Priority : 0 Traffic Class : 1 • 1 0 2 2 3 3 4 4 5 5 6 6 7 7 Apply the default trust map specifying that dot1p values are trusted in SYSTEM-QOS or INTERFACE mode.
Configure PFC Priority flow control (PFC) provides a pause mechanism based on the 802.1p priorities in ingress traffic. PFC prevents frame loss due to network congestion. Configure PFC lossless buffers, and enable pause frames for dot1p traffic on a per-interface basis. Repeat the PFC configuration on each PFC-enabled interface. PFC is disabled by default. Decide if you want to use the default dot1p-priority-to-traffic class mapping and the default traffic-class-to-queue mapping.
1 Apply the PFC service policy on an ingress interface or interface range in INTERFACE mode. interface ethernet node/slot/port:[subport] service-policy input type network-qos policy—map-name interface range ethernet node/slot/port:[subport]-node/slot/port[:subport] service-policy input type network-qos policy—map-name 2 Enable PFC (without DCBX) for FCoE and iSCSI traffic in INTERFACE mode. priority-flow-control mode on Configure PFC PFC is enabled on traffic classes with dot1p 3 and 4 traffic.
View PFC ingress buffer configuration OS10(config)# show qos ingress buffer interface Interface ethernet 1/1/1 Speed 40G -----------------------------------------------------------------------------PG# PRIORITIES qos ALLOTED (Kb) group Reserved Shared buffer XOFF XON shared buffer id buffers MODE threshold threshold threshold -----------------------------------------------------------------------------0 4 4 35 DYNAMIC 9 9 8 1 3 3 35 DYNAMIC 9 9 8 2 0 STATIC 0 0 0 3 0 STATIC 0 0 0 4 0 STATIC 0 0 0 5 0 STATIC
pause Configures the ingress buffer and pause frame settings used for PFC traffic classes. Syntax Parameters Defaults pause [buffer-size kilobytes pause-threshold kilobytes resume-threshold kilobytes] • buffer-size kilobytes — Enter the reserved (guaranteed) ingress-buffer size in kilobytes for PFC dot1p traffic (0 to 7787). • pause-threshold kilobytes — Enter the threshold used to send pause frames in kilobytes to a transmitting device (0 to 7787).
Usage Information When you enter PFC-enabled dot1p priorities with pfc-cos, the dot1p values must be the same as the match qos-group (traffic class) numbers in the network-qos class map used to define the PFC traffic class (see Configure PFC Example). A qos-group number is used only internally to classify ingress traffic classes. See PFC configuration notes for the default dot1p-priority-to-traffic-class mapping and how to configure a non-default mapping.
Example OS10(conf-if-eth1/1/1)# priority-flow-control mode on Supported Releases 10.3.0E or later queue-limit Sets the static and dynamic thresholds used to limit the shared-buffer size of PFC traffic-class queues. Syntax Parameters queue-limit {thresh-mode [static kilobytes | dynamic weight]} • thresh-mode — Buffer threshold mode.
1 2 3 4 5 6 7 Supported Releases 0 0 0 0 0 0 0 0 0 587236 0 0 0 0 10.3.0E or later Enhanced transmission selection Enhanced transmission selection (ETS) provides customized bandwidth allocation to 802.1p classes of traffic. Assign different amounts of bandwidth to traffic classes (Ethernet, FCoE, or iSCSI) that require different bandwidth, latency, and best-effort treatment during network congestion. ETS divides traffic into different priority groups using their 802.1p priority value.
• The CEE/IEEE2.5 versions of ETS TLVs are supported. ETS configurations are received in a TLV from a peer. Configure ETS ETS provides traffic prioritization for lossless storage, latency-sensitive, and best-effort data traffic on the same link. • • Configure classes of dot1p and DSCP traffic and assign them to lossless queues. Use the class-trust class map to honor ingress dot1p and DSCP traffic. Allocate guaranteed bandwidth to each lossless queue.
trust-map dot1p dot1p-map-name trust-map dscp dscp-map-name qos-map traffic-class queue-map-name 7 Apply the qos trust policy to ingress traffic in SYSTEM-QOS or INTERFACE mode. service-policy input type qos trust-policy—map-name 8 Apply the queuing policy to egress traffic in SYSTEM-QOS or INTERFACE mode. service-policy output type queuing policy—map-name 9 Enable ETS globally in SYSTEM-QOS mode or on an interface/interface range in INTERFACE mode.
Dscp-tc-mapping : dscp_map1 tc-queue-mapping : tc-q-map1 View QoS maps: traffic-class to queue mapping OS10# show qos maps Traffic-Class to Queue Map: tc-q-map1 queue 0 qos-group 0 queue 1 qos-group 1 Traffic-Class to Queue Map: dot1p_map1 qos-group 0 dot1p 0-3 qos-group 1 dot1p 4-7 DSCP Priority to Traffic-Class Map : dscp_map1 qos-group 0 dscp 0-31 qos-group 1 dscp 32-63 ETS commands ets mode on Enables ETS on an interface.
DCBX configuration notes • • • • • • • • • To exchange link-level configurations in a converged network, DCBX is a prerequisite for using DCB features, such as PFC and ETS. DCBX is also deployed in topologies that support lossless operation for FCoE or iSCSI traffic. In these scenarios, all network devices must be DCBX-enabled so that DCBX is enabled end-to-end. DCBX uses LLDP to advertise and automatically negotiate the administrative state and PFC/ETS configuration with directly connected DCB peers.
2 • auto — Automatically selects the DCBX version based on the peer response (default). • cee — Sets the DCBX version to CEE. • ieee — Sets the DCBX version to IEEE 802.1Qaz. (Optional) A DCBX-enabled port advertises all TLVs by default. If PFC or ETS TLVs are disabled, enter the command in INTERFACE mode to re-enable PFC or ETS TLV advertisements. dcbx tlv-select {ets-conf | ets-reco | pfc} • ets-conf — Enables ETS configuration TLVs. • ets-reco — Enables ETS recommendation TLVs.
View DCBX PFC TLV status OS10# show lldp dcbx interface ethernet 1/1/15 pfc detail Interface ethernet1/1/15 Admin mode is on Admin is enabled, Priority list is 4,5,6,7 Remote is enabled, Priority list is 4,5,6,7 Remote Willing Status is disabled Local is enabled, Priority list is 4,5,6,7 Oper status is init PFC DCBX Oper status is Up State Machine Type is Feature PFC TLV Tx Status is enabled Application Priority TLV Parameters : -------------------------------------ISCSI TLV Tx Status is enabled Local ISCSI
PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3 70% ETS 1 4,5,6,7 30% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP 15 0% SP Oper status is init ETS DCBX Oper status is Up State Machine Type is Feature Conf TLV Tx Status is enabled Reco TLV Tx Status is disabled 220 Input Conf TLV Pkts, 396 Output Conf TLV Pkts, 0 Error Conf TLV Pkts DCBX commands dcbx enable Enables DCBX globally on all port interfaces.
Default DCBX advertises PFC, ETS Recommendation, and ETS Configuration TLVs. Command Mode INTERFACE Usage Information A DCBX-enabled port advertises all TLVs to DCBX peers by default. If PFC or ETS TLVs are disabled, enter the command to re-enable PFC or ETS TLV advertisements. You can enable multiple TLV options (ets-conf, ets-reco, and pfc) with the same command. Example OS10(conf-if-eth1/1/2)# dcbx tlv-select ets-conf pfc Supported Releases 10.3.
show lldp dcbx interface Displays DCBX configuration and PFC or ETS TLV status on an interface. Syntax Parameters show lldp dcbx interface ethernet node/slot/port[:subport] [ets detail | pfc detail] • interface ethernet node/slot/port[:subport] — Enter interface information. • ets detail — Display ETS TLV status and operation with DCBX peers. • pfc detail — Display PFC TLV status and operation with DCBX peers.
PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3 70% ETS 1 4,5,6,7 30% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP Remote Parameters : ------------------Remote is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3 70% ETS 1 4,5,6,7 30% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP Remote Willing Status is disabled Local Parameters : ------------------Local is enabled PG-grp Priority# Bandwidth TSA -------------
5 Input TLV pkts, 2 Output TLV pkts, 0 Error pkts 5 Input Appln Priority TLV pkts, 2 Output Appln Priority TLV pkts, 0 Error Appln Priority TLV Pkts Supported Releases 10.3.0E or later Internet small computer system interface iSCSI is a TCP/IP-based protocol for establishing and managing connections between servers and storage devices in a data center network. After you enable iSCSI, iSCSI optimization automatically detects Dell EqualLogic storage arrays directly attached to switch ports.
In an iSCSI session, a switch connects CNA servers (iSCSI initiators) to a storage array (iSCSI targets) in a storage area network (SAN) or TCP/IP network. iSCSI optimization running on the switch uses dot1p priority-queue assignments to ensure that iSCSI traffic receives priority treatment. iSCSI configuration notes • • • • When you enable iSCSI optimization, the switch auto-detects and auto-configures for Dell EqualLogic storage arrays directly connected to an interface.
1 Configure an interface or interface range to detect a connected storage device. interface ethernet node/slot/port:[subport] 2 Enable the interface to support a storage device that is directly connected to the port and not automatically detected by iSCSI. Use this command for storage devices that do not support LLDP. The switch auto-detects and auto-configures Dell EqualLogic storage arrays directly connected to an interface when you enable iSCSI optimization.
OS10(config-sys-qos)# exit OS10(config)# OS10(config)# OS10(config)# OS10(config)# iscsi iscsi iscsi iscsi session-monitoring enable aging time 15 priority-bits 0x20 enable View iSCSI optimization OS10# show iscsi iSCSI Auto configuration is Enabled iSCSI session monitoring is Enabled iSCSI COS qos-group 4 remark dot1p 4 Session aging time 15 Maximum number of connections is 100 Port IP Address -----------------------3260 860 3261 10.1.1.
• Any additional updates to connections, including aging updates, that are learnt on VLT LAG members are synchronized with the VLT peer. • If the iSCSI login request is received on a non-VLT interface, followed by a response from a VLT interface, then the connection is associated with the VLT LAG interface and the information about the session is synchronized with the VLT peer. • When VLT interconnect comes up, information about iSCSI sessions learnt on VLT LAG is exchanged between the VLT-peers.
Command Mode CONFIGURATION Usage Information iSCSI traffic uses dot1p priority 4 in frame headers by default. Use this command to reconfigure the dot1p-priority bits advertised in iSCSI application TLVs. Enter only one dot1p-bitmap value — setting more than one bitmap value with this command is not supported. The default dot1p 4 value is advertised only if you enabled PFC pause frames for dot1p 4 traffic (pfc-cos dot1p-priority command). The no version of this command resets to the default value.
iscsi target port Configures the TCP ports used to monitor iSCSI sessions with target storage devices. Syntax Parameters iscsi target port tcp-port1 [tcp-port2, ..., tcp-port16] [ip-address ipaddress] • tcp-port — Enter one or more TCP port numbers (0 to 65535). Separate TCP port numbers with a comma. • ip-address ip-address — (Optional) Enter the IP address in A.B.C.D format of a storage array whose iSCSI traffic is monitored on the TCP port.
Usage Information This command output displays global iSCSI configuration settings. Use the show iscsi session command to view target and initiator information. Example OS10# show iscsi iSCSI Auto configuration is Enabled iSCSI session monitoring is Enabled iSCSI COS qos-group 4 remark dot1p 4 Session aging time 15 Maximum number of connections is 100 Port IP Address -----------------------3260 860 3261 10.1.1.1 Supported Releases 10.3.
show iscsi storage-devices Displays information about the storage arrays directly attached to OS10 ports. Syntax show iscsi storage-devices Parameters None Command Mode EXEC Usage Information The command output displays the storage device connected to each switch port and whether iSCSI automatically detects it.
PFC is enabled on traffic classes with dot1p 4, 5, 6, and 7 traffic. The traffic classes all use the default PFC pause settings for shared buffer size and pause frames in ingress queue processing in the network-qos policy map. The pclass policy map honors (trusts) all dot1p ingress traffic. The reserved class-trust class map is configured by default. Trust does not modify ingress values in output flows.
OS10(config-qos-map)# exit OS10(config)# class-map type queuing cmap1 OS10(config-cmap-queuing)# match queue 0 OS10(config-cmap-queuing)# exit OS10(config)# class-map type queuing cmap2 OS10(config-cmap-queuing)# match queue 1 OS10(config-cmap-queuing)# exit OS10(config)# policy-map type queuing pmap1 OS10(config-pmap-queuing)# class cmap1 OS10(config-pmap-c-que)# bandwidth percent 30 OS10(config-pmap-c-que)# exit OS10(config-pmap-queuing)# class cmap2 OS10(config-pmap-c-que)# bandwidth percent 70 OS10(conf
Local DCBX Compatibility mode is IEEEv2.5 Local DCBX Configured mode is AUTO Peer Operating version is IEEEv2.5 Local DCBX TLVs Transmitted: ERPfI 4 Input PFC TLV pkts, 3 Output PFC TLV pkts, 0 Error PFC pkts 2 Input ETS Conf TLV Pkts, 27 Output ETS Conf TLV Pkts, 0 Error ETS Conf TLV Pkts 2 Input ETS Reco TLV pkts, 27 Output ETS Reco TLV pkts, 0 Error ETS Reco TLV Pkts Total Total Total Total DCBX DCBX DCBX DCBX Frames transmitted 0 Frames received 0 Frame errors 0 Frames unrecognized 0 8.
3 4 5 6 7 0% 0% 0% 0% 0% SP SP SP SP SP Remote Willing Status is disabled Local Parameters : ------------------Local is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3, 30% ETS 1 4,5,6,7 70% ETS 2 0% ETS 3 0% ETS 4 0% ETS 5 0% ETS 6 0% ETS 7 0% ETS Oper status is init ETS DCBX Oper status is Up State Machine Type is Asymmetric Conf TLV Tx Status is enabled Reco TLV Tx Status is enabled 2 Input Conf TLV Pkts, 27 Output Conf TLV Pkts, 0 Error Conf TLV Pkts 2
Admin is enabled, Priority list is 4,5,6,7 Remote is enabled, Priority list is 4,5,6,7 Remote Willing Status is disabled Local is enabled, Priority list is 4,5,6,7 Oper status is init PFC DCBX Oper status is Up State Machine Type is Symmetric PFC TLV Tx Status is enabled Application Priority TLV Parameters : -------------------------------------ISCSI TLV Tx Status is enabled Local ISCSI PriorityMap is 0x40 Remote ISCSI PriorityMap is 0x10 4 Input TLV pkts, 3 Output TLV pkts, 0 Error pkts 4 Input Appln Prior
3 Input PG TLV Pkts, 3 Output PG TLV Pkts, 0 Error PG TLV Pkts 3 Input Appln Priority TLV pkts, 3 Output Appln Priority TLV pkts, 0 Error Appln Priority TLV Pkts Total Total Total Total 0 DCBX DCBX DCBX DCBX Frames transmitted 3 Frames received 3 Frame errors 0 Frames unrecognized OS10(conf-if-eth1/1/53)# dcbx version cee OS10(conf-if-eth1/1/53)# show configuration ! interface ethernet1/1/53 switchport access vlan 1 no shutdown dcbx version ieee service-policy input type network-qos test service-policy i
13 sFlow sFlow is a standard-based sampling technology embedded within switches and routers that monitors network traffic. It provides traffic monitoring for high-speed networks with many switches and routers.
• Disable sFlow in CONFIGURATION mode.
Collector configuration Configure the IPv4 or IPv6 address for the sFlow collector. You can configure a maximum of two sFlow collectors. If you specify two collectors, the samples are sent to both. The agent IP address must be the same for both the collectors. • Enter an IPv4 or IPv6 address for the sFlow collector, IPv4 or IPv6 address for the agent, UDP collector port number (default 6343), maximum datagram size (up to 1400), and the VRF instance number in CONFIGURATION mode.
Sample-rate configuration Sampling rate is the number of packets skipped before the sample is taken. If the sampling rate is 4096, one sample generates for every 4096 packets observed. • Set the sampling rate in CONFIGURATION mode, from 4096 to 65535. The default is 32768. sflow sample-rate sampling-size • Disable packet sampling in CONFIGURATION mode. no sflow sample-rate • View the sampling rate in EXEC mode.
OS10(config)# sflow source-interface port-channel 1 OS10(config)# sflow source-interface loopback 1 OS10(config)# sflow source-interface vlan 10 View sFlow running configuration OS10# sflow sflow sflow sflow show running-configuration sflow enable all-interfaces source-interface vlan10 collector 5.1.1.1 agent-addr 4.1.1.1 6343 collector 6.1.1.1 agent-addr 4.1.1.1 6343 OS10(config)#show running-configuration interface vlan ! interface vlan1 no shutdown ! interface vlan10 no shutdown ip address 10.1.1.
• View the sFlow running configuration in EXEC mode. OS10# show running-configuration sflow sflow enable sflow max-header-size 80 sflow polling-interval 30 sflow sample-rate 4096 sflow collector 10.16.150.1 agent-addr 10.16.132.67 6767 sflow collector 10.16.153.176 agent-addr 3.3.3.3 6666 ! interface ethernet1/1/1 sflow enable ! sFlow commands sflow collector Configures an sFlow collector IP address to which sFlow datagrams are forwarded to. You can configure a maximum of two collectors.
Usage Information The no version of this command to disables sFlow. Example (interface) OS10(config)# sflow enable OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# sflow enable Example (interface range) OS10(config)# sflow enable OS10(config)# interface range ethernet 1/1/1-1/1/10 OS10(conf-range-eth1/1/1-1/1/10)# sflow enable Example (portchannel) OS10(config)# sflow enable OS10(config)# interface range port-channel 1-10 OS10(conf-range-po-1-10)# sflow enable Supported Releases 10.3.
sflow sample-rate Configures the sampling rate. Syntax sflow sample-rate value Parameter value — Enter the packet sample rate, from 4096 to 65535. The default is 32768. Default 32768 Command Mode CONFIGURATION Usage Information Sampling rate is the number of packets skipped before the sample is taken. For example, if the sampling rate is 4096, one sample generates for every 4096 packets observed. The no version of the command resets the sampling rate to the default value.
show sflow Displays the current sFlow configuration for all interfaces or by a specific interface type. Syntax show sflow [interface type] Parameter interface type — (Optional) Enter either ethernet or port-channel for the interface type. Command Mode EXEC Usage Information OS10 does not support statistics for UDP packets dropped and samples received from the hardware.
14 RESTCONF API RESTCONF is a REST-like protocol that uses HTTPS connections. Use the OS10 RESTCONF API to set up the configuration parameters on OS10 switches using JavaScript Object Notation (JSON)-structured messages. Use any programming language to create and send JSON messages. The examples in this chapter use curl. The OS10 RESTCONF implementation complies with RFC 8040. You can use the RESTCONF API to configure and monitor an OS10 switch.
3 (Optional) Limit the ciphers that the switch uses in a RESTCONF HTTPS session to encrypt and decrypt data in CONFIGURATION mode. By default, all cipher suites installed on OS10 are supported. Separate multiple entries with a blank space. Valid cipher-suite values are: • dhe-rsa-with-aes-128-gcm-SHA256 • dhe-rsa-with-aes-256-gcm-SHA384 • ecdhe-rsa-with-aes-128-gcm-SHA256 • ecdhe-rsa-with-aes-256-gcm-SHA384 rest https cipher-suite 4 Enable the RESTCONF API in CONFIGURATION mode.
• ecdhe-rsa-with-aes-256-gcm-SHA384 Default All cipher suites installed in OS10 are supported. Command Mode CONFIGURATION Usage Information • Use the rest https cipher-suite command to restrict the ciphers that a RESTCONF HTTPS session uses. • The no version of the command removes the configured cipher list and restores the default value.
RESTCONF API tasks Using the RESTCONF API, you can provision OS10 switches using HTTPS requests. The examples in this section show how to access the OS10 RESTCONF API using curl commands. curl is a Linux shell command that generates HTTPS requests and is executed on an external server. curl Commands curl command options include: • -X specifies the HTTPS request type; for example, POST , PATCH, or GET. • -u specifies the user name and password to use for server authentication.
To display the values for the type and name parameters in the curl command, display the XML structure of the interface vlan 20 configuration command: OS10(config)# do debug cli netconf OS10(config)# interface vlan 10 Request: PAGE 790"https://10.11.86.113/restconf/data/sys-config/system-priority" -d '{"system-priority":65535}' Configure port priority RESTCONF endpoint /restconf/data/interfaces/interface/ethernet1/1/1 JSON content { } Parameters Example "interface": [{ "name": "ethernet1/1/1", "lacp-config": { "actor-port-priority": 4096 } }] • ethernet-interface — Enter the physical Ethernet interface in the format ethernetnode/slot/ port. • name string — Enter ethernetnode/slot/port to configure the port interface for LACP.
Display LACP configuration RESTCONF endpoint /restconf/data/sys-config JSON content None Example curl -X GET -k -u admin:admin -H "accept:application/json" "https://10.11.86.
Example curl -X POST -k -u admin:admin -H "accept:application/json" -H "Content-Type:application/json" "https://10.11.86.113/restconf/data/global-params" -d '{"tx-interval":60}' Configure LLDPDU hold time RESTCONF endpoint /restconf/data/global-params JSON content { } Parameters Example • "txhold-multiplier": 2 txhold-multiplier int — Enter the time that an LLDP peer device holds LLDP packets before discarding them, from 2 to 10 seconds; default 4.
} Parameters Example }] "name": "ethernet1/1/1", "lldp": [{ "dot3-tlvs": [{ "mac-phy-config-enable": "true", "max-frame-size-enable": "true" }] }] • ethernet-interface — Enter the physical Ethernet interface in the format ethernetnode/slot/ port. • name string — Enter ethernetnode/slot/port to identify the interface that sends LLDPDUs with the specified TLVs.
-d '{"interface":[{"name":"ethernet1/1/1", "lldp-med-cfg": [{"policy-id":1}]}]}' Disable TLV advertisement RESTCONF endpoint /restconf/data/interfaces/interface/ethernet1/1/1 JSON content { "interface": [{ "name": "ethernet1/1/1", "lldp": [{ "basic-tlvs": [{ "sys-name-enable": "false" }], "dot3-tlvs": [{ "mac-phy-config-enable": "false", "max-frame-size-enable": "false", "linkagg-enable": "false" }] }] }] } Parameters Example • ethernet-interface — Enter the physical Ethernet interface in the format
Example curl -X DELETE -k -u admin:admin -H "accept: application/json" -H "Content-Type: application/json" https://10.11.86.113/restconf/data/dell-lldp-med:sys-config/media-policy/10 Remove configured LLDP packet timer — Reset to default RESTCONF endpoint /restconf/data/global-params/tx-interval JSON content None Example curl -X DELETE -k -u admin:admin -H "accept:application/json" -H "Content-Type:application/json" "https://10.11.86.
} Parameters Example }] "type": "iana-if-type:ieee8023adLag", "name": "port-channel10", "enabled": "true" • port-channelid-number — Enter port-channelid-number, where port-channel id-number is from 1 to 128. • type string — Enter iana-if-type:ieee8023adLag for a port-channel interface. • name string — Enter port-channelid-number. • enabled bool — Enter true (no shutdown) to enable the port channel; enter false (shutdown) to disable the port channel.
} Parameters Example }] "member-ports": [{ "name": "ethernet1/1/5", "lacp-mode": "ACTIVE" }] • port-channelid-number — Enter port-channelid-number, where id-number is from 1 to 128. • name string — Enter port-channelid-number. • lag-mode bool — Enter DYNAMIC for a dynamically configured port channel; enter STATIC for a statically configured port channel. • ethernet-interface — Enter the physical Ethernet interface in the format ethernetnode/slot/ port.
}] } Parameters Example • port-channelid-number — Enter port-channelid-number, where id-number is from 1 to 128. • name string — Enter port-channelid-number. • primary-addr A.B.C.D/prefix-length — Enter the port-channel IP address and mask. curl -X PATCH -k -u admin:admin -H "accept: application/json" -H "Content-Type: application/json" "https://10.11.86.113/restconf/data/interfaces/interface/port-channel10" -d '{"interface": [{"name":"port-channel10", "dell-ip:ipv4": {"address":{"primary-addr":"1.
Parameters Example • port-channelid-number — Enter port-channelid-number, where id-number is from 1 to 128. curl -X GET -k -u admin:admin -H "accept:application/json" "https://10.11.86.113/restconf/data/interfaces/interface/port-channel10" Delete a port-channel configuration RESTCONF endpoint /restconf/data/interfaces/interface/port-channel10 JSON content None Parameters Example • port-channel id-number — Enter port-channelid-number, where id-number is from 1 to 128.
• Example name string — Enter vlan vlan-id, where vlan-id is from 1 to 4093. curl -X POST –u admin:admin –k "https://10.11.86.
Example • enabled bool — Enter true to enable the VLAN; enter false to disable the VLAN. • mode string — Enter a text value for the port mode. For Access mode, enter MODE_L2; for Trunk mode, enter MODE_L2HYBRID; for L3 mode, enter MODE_L2DISABLED. curl -X PATCH -u admin:admin -k "https://10.11.86.
Example curl -X GET -u admin:admin -k "https://10.11.86.113/restconf/data/interfaces/interface/vlan20" -H "accept: application/json" Delete a VLAN configuration RESTCONF endpoint /restconf/data/interfaces/interface/vlan10 JSON content None Parameters Example • interface vlan-id — Enter the VLAN ID, from 1 to 4093. curl -X DELETE -u admin:admin -k "https://10.11.86.
Parameters Example • ethernet-interface — Enter the physical Ethernet interface in the format ethernetnode/slot/ port. • name string — Enter ethernetnode/slot/port to identify the VLTi port on each peer. • enabled bool — Enter true (no shutdown) to enable the VLTi port; enter false (shutdown) to disable the VLTi port. • dell-interface:mode string — Enter MODE_L2DISABLED to disable L2 switching (switchport mode) on the VLTi port.
Example curl -X POST -k -u admin:admin -H "accept: application/json" -H "Content-Type: application/json" “https://10.11.86.
15 Troubleshoot OS10 Critical workloads and applications require constant availability. Dell EMC Networking offers tools to help you monitor and troubleshoot problems before they happen.
1 1 1 1 S4048T-ON-FANTRAY-1 S4048T-ON-FANTRAY-2 S4048T-ON-FANTRAY-3 S4048T-ON-FANTRAY-4 061DJT 061DJT 061DJT 061DJT X01 X01 X01 X01 TW-061DJT-28298-615-0089 TW-061DJT-28298-615-0090 TW-061DJT-28298-615-0091 TW-061DJT-28298-615-0092 Boot partition and image Display system boot partition–related and image-related information. • View all boot information in EXEC mode. show boot • View boot details in EXEC mode.
3 root 5 root 7 root 8 root 10 root 11 root 12 root 13 root 14 root 15 root 16 root 17 root 19 root 20 root 21 root 22 root 23 root 24 root 25 root --more-- 20 0 20 20 20 20 20 rt rt rt rt 20 0 0 20 0 20 0 25 0 -20 0 0 0 0 0 0 0 0 0 0 -20 -20 0 -20 0 -20 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 S S R S S S S S S S S S S S S S S S S 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.
Capture packets from Ethernet interface $ tcpdump -i e101-003-0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on e101-003-0, link-type EN10MB (Ethernet), capture size 262144 bytes 01:39:22.457185 IP 3.3.3.1 > 3.3.3.4: ICMP echo request, id 5320, seq 26, length 64 01:39:22.457281 IP 3.3.3.1 > 3.3.3.
When you execute traceroute, the output shows the path a packet takes from your device to the destination IP address. It also lists all intermediate hops (routers) that the packet traverses to reach its destination, including the total number of hops traversed. Check IPv4 connectivity OS10# ping 172.31.1.255 Type Ctrl-C to abort. Sending 5, 100-byte ICMP Echos to 172.31.1.255, timeout is 2 seconds: Reply to request 1 from 172.31.1.208 0 ms Reply to request 1 from 172.31.1.
1 3ffe:501:ffff:100:201:e8ff:fe00:4c8b 000.000 ms 000.000 ms 000.000 ms View diagnostics View system diagnostic information using show commands. The show hash-algorithm command is used to view the current hash algorithms configured for LAG and ECMP.
Software Version Physical Ports BIOS System CPLD Master CPLD Slave CPLD : : : : : : 10.3.9999E(X) 48x10GbE, 6x40GbE 3.21.0.
Default Not configured Command Mode EXEC Usage Information Use the location-led system command to change the location LED for the specified system ID. Example OS10# location-led system 1 on OS10# location-led system 1 off Supported Releases 10.3.0E or later ping Tests network connectivity to an IPv4 device.
• -p pattern — (Optional) Enter up to 16 pad bytes to fill out the packet you send to diagnose data-related problems in the network (for example, -p ff fills the sent packet with all 1’s. • -Q tos — (Optional) Enter the number of datagrams (up to 1500 bytes in decimal or hex) to set quality of service (QoS)-related bits. • -s packetsize — (Optional) Enter the number of data bytes to send (1 to 65468, default 56). • -S sndbuf — (Optional) Set the sndbuf socket.
• vrf vrf-name — (Optional) Pings an IPv6 address in the specified VRF instance. • -a — (Optional) Audible ping. • -A — (Optional) Adaptive ping. An inter-packet interval adapts to the round-trip time so that not more than one (or more, if preload option is set) unanswered probe is present in the network. The minimum interval is 200 msec for a non-super-user, which corresponds to flood mode on a network with a low round-trip time. • -b — (Optional) Pings a broadcast address.
• target — Enter the IPv6 destination address in A:B::C:D format, where you are testing connectivity. Default Not configured Command Mode EXEC Usage Information This command uses an ICMP ECHO_REQUEST datagram to receive an ICMP ECHO_RESPONSE from a network host or gateway. Each ping packet has an IPv6 and ICMP header, followed by a time value and a number of ''pad'' bytes used to fill out the packet.
show diag Displays diagnostic information for port adapters and modules. Syntax show diag Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show diag 00:00.0 Host bridge: Intel Corporation Atom processor C2000 SoC Transaction Router (rev 02) 00:01.0 PCI bridge: Intel Corporation Atom processor C2000 PCIe Root Port 1 (rev 02) 00:02.0 PCI bridge: Intel Corporation Atom processor C2000 PCIe Root Port 2 (rev 02) 00:03.
------------------------------------1 up 43 Thermal sensors Unit Sensor-Id Sensor-name Temperature -----------------------------------------------------------------------------1 1 CPU On-Board temp sensor 32 1 2 Switch board temp sensor 28 1 3 System Inlet Ambient-1 temp sensor 27 1 4 System Inlet Ambient-2 temp sensor 25 1 5 System Inlet Ambient-3 temp sensor 26 1 6 Switch board 2 temp sensor 31 1 7 Switch board 3 temp sensor 41 1 8 NPU temp sensor 43 Supported Releases 10.2.
Supported Releases 10.2.0E or later show processes View process CPU utilization information. Syntax show processes node-id node-id-number [pid process-id] Parameters • node-id-number — Enter the Node ID number <1–1>. • process-id — (Optional) Enter the process ID number <1-2147483647>. Default Not configured Command Mode EXEC Usage Information None Example OS10# show processes node-id 1 top - 09:19:32 up 5 days, 6 min, 2 users, load average: 0.45, 0.39, 0.
show system Displays system information. Syntax Parameters show system [brief | node-id] • brief — View abbreviated list of system information. • node-id — Node ID number.
Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Example (brief) 1/1/7 1/1/8 1/1/9 1/1/10 1/1/11 1/1/12 1/1/13 1/1/14 1/1/15 1/1/16 1/1/17 1/1/18 1/1/19 1/1/20 1/1/21 1/1/22 1/1/23 1/1/24 1/1/25 1/1/26 1/1/27 1/1/28 1/1/29 1/1/30 1/1/31 1/1/32 Yes Yes Yes Yes Yes Yes No No No No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No No BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1
flow_label] [-w waittime] [-q nqueries] [-s src_addr] [-z sendwait] [-fwmark=num] host [packetlen] Parameters • vrf management— (Optional) Traces the route to an IP address in the management VRF instance. • vrf vrf-name — (Optional) Traces the route to an IP address in the specified VRF instance. • host — Enter the host to trace packets from. • -i interface — (Optional) Enter the IP address of the interface through which traceroute sends packets.
9.402 ms 9 23.73.112.54 (23.73.112.54) 3.606 ms 3.542 ms 3.773 ms Example (IPv6) OS10# traceroute 20::1 traceroute to 20::1 (20::1), 30 hops max, 80 byte packets 1 20::1 (20::1) 2.622 ms 2.649 ms 2.964 ms Supported Releases 10.2.0E or later Password recovery You may need to recover a lost password. 1 Connect to the serial console port. The serial settings are 115200 baud, 8 data bits, and no parity. 2 Reboot or power up the system. 3 Press ESC at the Grub prompt to view the boot menu.
Restore factory defaults Reboots the system to ONIE Rescue mode to restore the ONIE-enabled device to factory defaults. CAUTION: Restoring factory defaults erases any installed operating system and requires a long time to erase storage. ONIE Rescue bypasses the installed operating system and boots the system into ONIE until you reboot the system. After ONIE Rescue completes, the system resets and boots to the ONIE console. 1 Use the up and down arrows to select the ONIE: Rescue, then press Enter.
Configure SupportAssist SupportAssist is started by default. If you do not accept end user license agreement (EULA), SupportAssist is disabled. 1 Enter SupportAssist mode from CONFIGURATION mode. support-assist 2 (Optional) Configure the SupportAssist server URL or IP address in SUPPORT-ASSIST mode. server url server-url 3 (Optional) Configure the interface used to connect to the SupportAssist server in SUPPORT-ASSIST mode.
(END) Set company name You can optionally configure name, address and territory information. Although this information is optional, it is used by Dell Technical Support to identify which company owns the device. 1 (Optional) Configure contact information in SUPPORT-ASSIST mode. contact-company name name 2 (Optional) Configure address information in SUPPORT-ASSIST mode. Use the no address command to remove the configuration.
Schedule activity Configure the schedule for a full transfer of data. The default schedule is a full data transfer weekly — every Sunday at midnight (hour 0 minute 0). • Configure full-transfer or log-transfer activities in EXEC mode. support-assist-activity {full—transfer} schedule {hourly | daily | weekly | monthly | yearly} – hourly min number — Enter the time to schedule an hourly task (0 to 59). – daily hour number min number — Enter the time to schedule a daily task (0 to 23 and 0 to 59).
Proxy username : Activity Enable State : Activity State -------------------------------coredump-transfer enabled event-notification enabled full-transfer enabled Scheduled Activity List : Activity Schedule Schedule created on -----------------------------------------------------------full-transfer weekly: on sun at 00:00 Sep 12,2016 18:57:40 Activity Status : Activity Status last start last success ------------------------------------------------------------------------coredump-transfer success Sep 12,2016
• full-transfer — Enables transfer of logs and technical support information. Default Enabled Command Mode SUPPORT-ASSIST Usage Information Use the no version of this command to remove the configuration. Example (Event) OS10(conf-support-assist)# activity event-notification enable Example (Full) OS10(conf-support-assist)# activity full-transfer enable Example (Turn Off) OS10(conf-support-assist)# no activity coredump-transfer enable Supported Releases 10.2.
email-address Configures the email address for the contact name. Syntax email—address address Parameters address — Enter the email address for the contact name. Default Not configured Command Mode SUPPORT-ASSIST Usage Information The no version of this command removes the configuration. Example OS10(conf-support-assist-Eureka-JohnJamesSmith)# email-address jjsmith@eureka.com Supported Releases 10.2.0E or later eula-consent Accepts or rejects the SupportAssist end-user license agreement (EULA).
• no-contact — Enter to select no-contact as the preferred contact method. Default No-contact Command Mode SUPPORT-ASSIST Usage Information The no version of this command removes the configuration. Example OS10(conf-support-assist-Eureka-JohnJamesSmith)# preferred-method email Supported Releases 10.2.0E or later proxy-server Configures a proxy IP address for reaching the SupportAssist server.
show support-assist eula Displays the EULA for SupportAssist. Syntax show support-assist eula Parameters None Default None Command Mode EXEC Usage Information Use the eula-consent support-assist accept command to accept the license agreement. Example OS10# show support-assist eula I accept the terms of the license agreement. You can reject the license agreement by configuring this command 'eula-consent support-assist reject.' By installing SupportAssist, you allow Dell, Inc.
Example OS10# show support-assist status EULA : Accepted Service : Enabled Contact-Company : DellCMLCAEOS10 Street Address : 7625 Smetana Lane Dr Bldg 7615 Cube F577 City : Minneapolis State : Minnesota Country : USA Zipcode : 55418 Territory : USA Contact-person : Michael Dale Email : abc@dell.com Primary phone : 555-123-4567 Alternate phone : Contact method : email Server(configured) : https://web.dell.
Example OS10(conf-support-assist)# source-interface ethernet 1/1/4 Supported Releases 10.4.0E(R1) or later street-address Configures the street address information for the company. Syntax street-address {address} Parameters address — Enter one or more addresses in double quotes (up to 140 characters). Default Not configured Command Mode SUPPORT-ASSIST Usage Information Add spaces to the company street address by enclosing the address in quotes.
Usage Information The no version of this command removes the schedule activity. Example OS10# support-assist-activity full-transfer schedule daily hour 22 min 50 Supported Releases 10.2.0E or later territory Configures the territory for the company. Syntax territory territory Parameters territory — Enter the territory for the company. Default Not configured Command Mode CONFIG-SUPPORT-ASSIST Usage Information The no version of this command removes the company territory configuration.
sosreport generation start event May 11 22:9:43: collection task May 11 22:9:43: collection task %Node.1-Unit.1:PRI:OS10 %log-notice:SOSREPORT_GEN_STARTED: CLI completed; sosreport execution task started:All Plugin options %Node.1-Unit.1:PRI:OS10 %log-notice:SOSREPORT_GEN_STARTED: CLI completed; sosreport execution task started:All Plugin options output disabled output enabled Support bundle generation successful event Apr 19 bundle Apr 19 bundle 17:0:9: %Node.1-Unit.
Triggered alarms are in one of these states: • • Active — Alarms that are current and not cleared. Cleared — Alarms that are resolved and the device has returned to normal operation. System logging You can change system logging default settings using the severity level to control the type of system messages that are logged. Range of logging severities: • log-emerg — System is unstable. • log-alert — Immediate action needed. • log-crit — Critical conditions. • log-err — Error conditions.
Use the show trace command to view the current syslog file. All event and alarm information is sent to the syslog server, if one is configured. The show logging command accepts the following parameters: • log-file — Provides a detailed log including both software and hardware saved to a file. • process-names — Provides a list of all processes currently running which can be filtered based on the process-name. View logging log-file OS10# show logging log-file Jun 1 05:01:46 %Node.1-Unit.
View environment OS10# show environment Unit State Temperature Voltage -------------------------------------------1 up 42 -------------------------------------------Thermal sensors Unit Sensor-Id Sensor-name Temperature --------------------------------------------------------1 1 T2 temp sensor 28 1 2 system-NIC temp sensor 25 1 3 Ambient temp sensor 24 1 4 NPU temp sensor 40 --------------------------------------------------------- Link-bundle monitoring Monitoring link aggregation group (LAG) bundles allo
Usage Information Use the show alarm index command to view a list of alarm IDs. Example OS10# alarm clear 200 Supported Releases 10.2.0E or later show alarms Displays all current active system alarms.
Severity: Type: Source: Name: Description: Raise-time: Clear-time: New: State: Supported Releases warning 1081364 Node.1-Unit.1 EQM_THERMAL_WARN_CROSSED Sep 20 0:16:52 true raised 10.2.0E or later show alarms history Displays the history of cleared alarms. Syntax show alarms history [summary] Parameters summary — Enter to view a summary of the alarm history.
Active-alarm details - 1 ------------------------------------------Index: 1 Sequence Number: 5 Severity: warning Type: 1081364 Source: Node.1-Unit.1 Name: EQM_THERMAL_WARN_CROSSED Description: Raise-time: Sep 20 0:16:52 Clear-time: New: true State: raised Supported Releases 10.2.0E or later show alarms severity Displays all active alarms using the severity level. Syntax show alarms severity severity Parameters severity — Set the alarm severity: • critical — Critical alarm severity.
Clear-time: New: State: Supported Releases true raised 10.2.0E or later show alarms summary Displays the summary of alarm information. Syntax show alarms summary Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show alarms summary Active-alarm Summary ----------------------Total-count: 6 Critical-count: 0 Major-count: 2 Minor-count: 2 Warning-count: 2 ----------------------- Supported Releases 10.2.
logging console Disables, enables, or configures the minimum severity level for logging to the console. Syntax logging console {disable | enable | severity} To set the severity to the default level, use the no logging console severity command. The default severity level is log-notice. Parameters severity — Set the minimum logging severity level: • log-emerg — Set to unusable. • log-alert — Set to immediate action is needed. • log-crit — Set to critical conditions.
logging log-file Disables, enables, or sets the minimum severity level for logging to the logfile. Syntax logging log-file {disable | enable | severity} To reset the log-file severity to the default level, use the no logging log-file severity command. The default severity level is log-notice. Parameters severity — Set the minimum logging severity level: • log-emerg — Set the system as unusable. • log-alert — Set to immediate action is needed. • log-crit — Set to critical conditions.
• log-info — Set to informational messages. • log-debug — Set to debug messages. Default Log-notice Command Mode CONFIGURATION Usage Information None Example OS10(config)# logging monitor severity log-info Supported Releases 10.2.0E or later logging server Configures the remote syslog server.
show logging Displays system logging messages by log-file, process-names, or summary. Syntax show logging {log-file [process-name | line-numbers] | process-names} Parameters • process-name — (Optional) Enter the process-name to use as a filter in syslog messages. • line-numbers — (Optional) Enter the number of lines to include in the logging messages (1 to 65535). Default None Command Mode EXEC Usage Information The output from this command is the /var/log/eventlog file.
Example OS10# show trace May 23 17:10:03 OS10 base_nas: [NETLINK:NHEVENT]:ds_api_linux_neigh.c:nl_to_nei gh_info:109, Operation:Add-NH family:IPv4(2) flags:0x0 state:Failed(32) if-idx: 4 May 23 17:10:03 OS10 base_nas: [NETLINK:NHEVENT]:ds_api_linux_neigh.c:nl_to_nei gh_info:120, NextHop IP:192.168.10.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Dell EMC Network Operating System (OS10) *-* *-* Copyright (c) 1999-2017 by Dell Inc. All Rights Reserved. *-* *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*This product is protected by U.S. and international copyright and intellectual property laws. Dell EMC and the Dell EMC logo are trademarks of Dell Inc.
See the Getting Started Guide shipped with your device or the platform-specific Installation Guide on the Dell Support page (see dell.com/ support). Hardware What are the default console settings for ON-Series devices? • Set the data rate to 115200 baud • Set the data format to 8 bits, stop bits to 1, and no parity • Set flow control to none How do I view the hardware inventory? Use the show inventory command to view complete system inventory.
Layer 2 How do I view the VLAN running configuration? Use the show vlan command to view all configured VLANs. Layer 3 How do I view IPv6 interface information? Use the show ipv6 route summary command. How do I view summary information for all IP routes? Use the show running-configuration command. How do I view summary information for the OSPF database? Use the show ip ospf database command. How do I view configuration of OSPF neighbors connected to the local router? Use the show ip ospf neighbor command.
How do I setup filters to automatically assign sequencer numbers for specific addresses? Use the seq deny or seq permit commands for specific packet filtering. How do I view access-list and access-group information? Use the show {ip | mac | ipv6} access-group and show {ip | mac | ipv6} access-list commands.
Use the show logging command to view messages by log-file or process name.
16 Support resources The Dell EMC Support site provides a range of documents and tools to assist you with effectively using Dell EMC devices. Through the support site you can obtain technical information regarding Dell EMC products, access software upgrades and patches, download available management software, and manage your open cases. The Dell EMC support site provides integrated, secure access to these services. To access the Dell EMC Support site, go to www.dell.com/support/.