Users Guide

ManualsBrandsDell ManualsAccess PlatformsPowerSwitch S4112F-ON/S4112T-ON

1301

Table Of Contents

Dell EMC SmartFabric OS10 User Guide Release 10.5.2
Contents
About this guide
- Conventions
- Related Documents
- Documentation Feedback
Change history
Getting Started with Dell EMC SmartFabric OS10
- Switch with factory-installed OS10
- Baremetal switch with only ONIE installed
- Downgrade to Release 10.5.0.0 or earlier releases
  - Roll back from 10.5.2.0 or later release to 10.5.0.x or earlier release
- Downgrade to Release 10.5.1.0 or later releases
  - Rollback from 10.5.2.0 or later release to 10.5.1.0 or later release
- Switch deployment options
- Remote access
CLI Basics
- CONFIGURATION mode
- Check device status
  - Related Videos
- Command help
- Candidate configuration
- Copy running configuration
- Restore startup configuration
- Reload system image
- Filter show commands
- Common OS10 commands
Advanced CLI tasks
- Command alias
- Batch mode
  - batch
- Linux shell commands
- Using OS9 commands
  - feature config-os9-style
Dell EMC SmartFabric OS10 zero-touch deployment
- ZTD DHCP server configuration
- ZTD provisioning script
- ZTD CLI batch file
- Post-ZTD script
- ZTD commands
Dell EMC SmartFabric OS10 provisioning
- Using Ansible
- Example: Configure an OS10 switch using Ansible
SmartFabric Director
- Enable SmartFabric Director mode on a switch
- Support for SmartFabric Director
- gRPC Network Management Interface agent
- Lifecycle Management using SmartFabric Director
- SmartFabric Director commands
System management
- System banners
- User session management
  - User session management commands
- Telnet server
  - Telnet commands
    - ip telnet server enable
    - ip telnet server vrf
- Simple Network Management Protocol
- System clock
  - Time zones and UTC offset reference
  - System Clock commands
- Network Time Protocol
- Precision Time Protocol
- Synchronous Ethernet (SyncE)
- Dynamic Host Configuration Protocol
- Containers
- Low Latency Modes
  - Low Latency Modes CLI commands
    - show switching-mode
    - switching-mode cut-through
Interfaces
- Ethernet interfaces
- Unified port groups
- Z9264F-ON port-group profiles
- Port-groups on S5200F-ON switches
- L2 mode configuration
- L3 mode configuration
- Fibre Channel interfaces
  - Configuring wavelength
- Management interface
  - Management interface
- VLAN interfaces
- User-configured default VLAN
- VLAN scale profile
- Loopback interfaces
- Port-channel interfaces
  - Create port-channel
  - Add port member
  - Minimum links
  - Assign Port Channel IP Address
  - Remove or disable port-channel
  - Load balance traffic
  - Change hash algorithm
- Configure interface ranges
- Switch-port profiles
  - S4148-ON Series port profiles
  - S4148U-ON port profiles
- Configure negotiation modes on interfaces
- Configure breakout mode
- Breakout auto-configuration
- Reset default configuration
- Forward error correction
- Energy-efficient Ethernet
  - Enable energy-efficient Ethernet
  - Clear EEE counters
  - View EEE status/statistics
  - EEE commands
- View interface configuration
- High-power optical modules
  - High-power optical module commands
    - allow high-wattage-optics
    - show inventory media wattage
- Digital optical monitoring
  - Enable DOM and DOM traps
- Default MTU Configuration
- Configure polling interval for Ethernet interface counters
- Interface commands
  - channel-group
  - default interface
  - default vlan-id
  - description (Interface)
  - duplex
  - enable dom
  - enable dom traps
  - feature auto-breakout
  - fec
  - interface breakout
  - interface ethernet
  - interface loopback
  - interface mgmt
  - interface null
  - interface port-channel
  - interface range
  - interface vlan
  - link-bundle-utilization
  - mode
  - mode l3
  - mtu
  - negotiation
  - port mode Eth
  - port-group
  - profile
  - scale-profile vlan
  - show discovered-expanders
  - show interface
  - show interface description
  - show interface phy-eth
  - show interface switchport
  - show inventory media
  - show link-bundle-utilization
  - show port-channel summary
  - show port-group
  - show switch-port-profile
  - show system
  - show unit-provision
  - show vlan
  - shutdown
  - speed (Fibre Channel)
  - speed (Management)
  - stats-monitor
  - switch-port-profile
  - switchport access vlan
  - switchport mode
  - switchport trunk allowed vlan
  - unit-provision
  - wavelength
  - default mtu
  - show default mtu
PowerEdge MX Ethernet I/O modules
- MX-IOM Hardware Replacement
- Unified port groups
Fibre Channel
- Fibre Channel over Ethernet
  - Configure FIP snooping
- Terminology
- Virtual fabric
- Fibre Channel zoning
- F_Port on Ethernet
- Pinning FCoE traffic to a specific port of a port-channel
  - Sample FSB configuration on VLT network
  - Sample FC Switch configuration on VLT network
  - Sample FSB configuration on non-VLT network
  - Sample FC Switch configuration on non-VLT network
- Multiswitch fabric (E Port)
  - Configure multiswitch fabric (E Port)
  - Verify multiswitch fabric (E Port) configuration
  - Multiswitch fabric (E Port) CLI commands
- Multi-hop FIP-snooping bridge
  - Configuration notes
  - Configure multi-hop FSB
  - Verify multi-hop FSB configuration
  - Sample Multi-hop FSB configuration
- Configuration guidelines
- NPIV Proxy Gateway cascading
- Support for untagged VLAN in FCoE
- Rebalance FC sessions (NPG)
- Load balancing after system reboot
  - NPG rebalance topology
  - NPG switch configurations
  - Example: Manual rebalance trigger
  - Equivalent RESTCONF request for the rebalancing CLIs
- Single FCF per vFabric
  - Usecase 1 - NPG fabric is connected to an FCF switch through multiple links
  - Use case 2 - NPG fabric is connected to multiple upstream switches belonging to the same SAN fabric
  - Use case 3 - Multiple NPG Fabrics connected to upstream switches belonging to different SAN fabrics
- F_Port commands
  - fc alias
  - fc zone
  - fc zoneset
  - feature fc
  - member (alias)
  - member (zone)
  - member (zoneset)
  - show fc alias
  - show fc interface-area-id mapping
  - show fc ns switch
  - show fc zone
  - show fc zoneset
  - zone default-zone permit
  - zoneset activate
- NPG commands
  - fc port-mode F
  - feature fc npg
  - show npg devices
  - show npg uplink-interface
- F_Port and NPG commands
  - clear fc statistics
  - fcoe
  - fcoe delay fcf-adv
  - name
  - Re-balance the FC sessions
  - show npg uplink-interface
  - show npg node-interface
  - show fc statistics
  - show fc switch
  - show running-config vfabric
  - show vfabric
  - vfabric
  - vfabric (interface)
  - vlan
- FIP-snooping commands
  - feature fip-snooping with-cvl
  - fip-snooping enable
  - fip-snooping fc-map
  - fip-snooping port-mode
- FCoE commands
  - clear fcoe database
  - clear fcoe statistics
  - fcoe delay fcf-adv
  - fcoe-pinned-port
  - fcoe max-sessions-per-enodemac
  - fcoe priority-bits
  - lldp tlv-select dcbxp-appln fcoe
  - re-balance fc npg sessions vfabric
  - show fcoe enode
  - show fcoe fcf
  - show fcoe pinned-port
  - show fcoe sessions
  - show fcoe statistics
  - show fcoe system
  - show fcoe vlan
  - show npg node-interface
  - show npg uplink-interface
- Debug FC commands
  - debug fc
  - show debug fc
Layer 2
- 802.1X
- Far-end failure detection
- Link Aggregation Control Protocol
- Link Layer Discovery Protocol
- Media Access Control
- Spanning-tree protocol
- Virtual LANs
- Private VLANs
- Port monitoring
Layer 3
- Virtual routing and forwarding
- Bidirectional Forwarding Detection
- Border Gateway Protocol
- Equal cost multi-path
- IPv4 routing
- IPv6 routing
- Open shortest path first
- Object tracking manager
- Policy-based routing
- Virtual Router Redundancy Protocol
Multicast
- Important notes
- Configure multicast routing
- Unknown multicast flood control
  - Enable multicast flood control
- Multicast Commands
  - multicast snooping flood-restrict
- Internet Group Management Protocol
- Multicast Listener Discovery Protocol
  - MLD snooping
  - MLD snooping commands
- Multicast snooping on VLANs
- Layer 3 multicast: Protocol Independent Multicast
- Anycast RP using PIM
- Sample configuration: Multicast VRF using PIM-SM
- VLT multicast routing
VXLAN
- VXLAN concepts
- VXLAN as NVO solution
- Configure VXLAN
- L3 VXLAN route scaling
- DHCP relay on VTEPs
- View VXLAN configuration
- VXLAN MAC addresses
- VXLAN commands
- VXLAN MAC commands
- Example: VXLAN with static VTEP
- BGP EVPN for VXLAN
- Controller-provisioned VXLAN
UFT modes
- Configure UFT modes
  - IPv6 extended prefix routes
- UFT commands
Security
- Switch security
- Network security
OpenFlow
- OpenFlow logical switch instance
- OpenFlow controller
- OpenFlow version 1.3
- OpenFlow use cases
- Configure OpenFlow
  - Establish TLS connection
- OpenFlow commands
- OpenFlow-only mode commands
Access Control Lists
- IP ACLs
- MAC ACLs
- Control-plane ACLs
  - Control-plane ACL qualifiers
- IP fragment handling
- L3 ACL rules
- Assign sequence number to filter
- Delete ACL rule
- L2 and L3 ACLs
- Assign and apply ACL filters
- Ingress ACL filters
- Egress ACL filters
- VTY ACLs
- SNMP ACLs
- Clear access-list counters
- IP prefix-lists
- Route-maps
- Match routes
- Set conditions
- Continue clause
- ACL flow-based monitoring
- Enable flow-based monitoring
- View ACL table utilization report
  - Known behavior
- ACL logging
  - Important notes
  - IP ACL logging
  - Control-plane management ACL logging
- ACL commands
  - clear ip access-list counters
  - clear ipv6 access-list counters
  - clear mac access-list counters
  - deny
  - deny (IPv6)
  - deny (MAC)
  - deny icmp
  - deny icmp (IPv6)
  - deny ip
  - deny ipv6
  - deny tcp
  - deny tcp (IPv6)
  - deny udp
  - deny udp (IPv6)
  - description
  - ip access-group
  - ip access-list
  - ip as-path access-list
  - ip community-list standard deny
  - ip community–list standard permit
  - ip extcommunity-list standard deny
  - ip extcommunity-list standard permit
  - ip prefix-list description
  - ip prefix-list deny
  - ip prefix-list permit
  - ip prefix-list seq deny
  - ip prefix-list seq permit
  - ipv6 access-group
  - ipv6 access-list
  - ipv6 prefix-list deny
  - ipv6 prefix-list description
  - ipv6 prefix-list permit
  - ipv6 prefix-list seq deny
  - ipv6 prefix-list seq permit
  - logging access-list mgmt burst
  - logging access-list mgmt rate
  - mac access-group
  - mac access-list
  - permit
  - permit (IPv6)
  - permit (MAC)
  - permit icmp
  - permit icmp (IPv6)
  - permit ip
  - permit ipv6
  - permit tcp
  - permit tcp (IPv6)
  - permit udp
  - permit udp (IPv6)
  - remark
  - seq deny
  - seq deny (IPv6)
  - seq deny (MAC)
  - seq deny icmp
  - seq deny icmp (IPv6)
  - seq deny ip
  - seq deny ipv6
  - seq deny tcp
  - seq deny tcp (IPv6)
  - seq deny udp
  - seq deny udp (IPv6)
  - seq permit
  - seq permit (IPv6)
  - seq permit (MAC)
  - seq permit icmp
  - seq permit icmp (IPv6)
  - seq permit ip
  - seq permit ipv6
  - seq permit tcp
  - seq permit tcp (IPv6)
  - seq permit udp
  - seq permit udp (IPv6)
  - show access-group
  - show access-lists
  - show acl-table-usage detail
  - show control-plane logging
  - show ip as-path-access-list
  - show ip prefix-list
  - show logging access-list
- Route-map commands
  - continue
  - match as-path
  - match community
  - match extcommunity
  - match inactive-path-additive
  - match interface
  - match ip address
  - match ip next-hop
  - match ipv6 address
  - match ipv6 next-hop
  - match metric
  - match origin
  - match route-type
  - match tag
  - route-map
  - set comm-list add
  - set comm-list delete
  - set community
  - set extcomm-list add
  - set extcomm-list delete
  - set extcommunity
  - set local-preference
  - set metric
  - set metric-type
  - set next-hop
  - set origin
  - set tag
  - set weight
  - show route-map
Quality of service
- Classification
  - Data traffic classification
  - Control-plane policing
- Marking Traffic
- Queuing
- Policing traffic
- Coloring traffic
- Modifying packet fields
- Shaping traffic
- Bandwidth allocation
- Strict priority queuing
- Rate adjustment
- Configure quality of service
- Example 1: Traffic classification and bandwidth allocation in VXLAN topology using CoS value
- Example 2: Traffic classification and bandwidth allocation in VXLAN topology using CoS value on access ports and DSCP value on network ports
- Buffer management
- Congestion avoidance
- Storm control
- RoCE for faster access and lossless connectivity
- Port to port-pipe and MMU mapping
- QoS commands
Virtual Link Trunking
- Terminology
- VLT domain
- VLT interconnect
- Graceful LACP with VLT
- Configure VLT
- Configure VRRP Active-Active mode
- Migrate VMs across data centers with eVLT
- View VLT information
- Delay-restore for orphan ports
  - Configuring delay-restore port - non-VLT
  - Configuring delay-restore orphan port - VLT
- VLT commands
Uplink Failure Detection
- Configure uplink failure detection
- Uplink failure detection on VLT
  - Sample configurations of UFD on VLT
- UFD commands
Converged data center services
- Priority flow control
- Enhanced transmission selection
- Data center bridging eXchange
- Internet small computer system interface
- Converged network DCB example
sFlow
- Enable sFlow
- Max-header size configuration
- Collector configuration
- Polling-interval configuration
- Sample-rate configuration
- Source interface configuration
- View sFlow information
- sFlow commands
Telemetry
- Telemetry terminology
- YANG-modeled telemetry data
- Configure telemetry
- View telemetry configuration
- Telemetry commands
- Example: Configure streaming telemetry
RESTCONF API
- Configure RESTCONF API
- RESTCONF request of CLI command
  - Obtain RESTCONF API documentation from OS10
  - Translated RESTCONF requests example
- REST Token-Based Authentication
- CLI commands for RESTCONF API
- RESTCONF API tasks
  - View XML structure of CLI commands
  - RESTCONF API Examples
    - System
    - Interface
Troubleshoot Dell EMC SmartFabric OS10
- Diagnostic tools
- Recover Linux password
- Recover OS10 user name password
- Restore factory defaults
- SupportAssist
- Support bundle
- System monitoring
- Monitor CPU Utilization
  - CPU Utilization commands
- Monitor Memory Utilization
  - Memory Utilization commands
- Log into OS10 device
- Frequently asked questions
Support resources

○ configure — Accesses class-map, DHCP, logging, monitor, openflow, policy-map, QOS, support-assist, telemetry,

CoS, Tmap, UFD, VLT, VN, VRF, WRED, and alias modes.

○ interface — Accesses Ethernet, fibre-channel, loopback, management, null, port-group, lag, breakout, range,

port-channel, and VLAN modes.

○ route-map — Accesses route-map mode.

○ router — Accesses router-bgp and router-ospf modes.

○ line — Accesses line-vty mode.

● priv-lvl privilege-level — Enter the number of a privilege level, from 2 to 14.

● command-string — Enter the command supported at the privilege level.

For sysadmin, netadmin, and secadmin roles, you cannot configure a privilege level less than 2 .

2. Configure an enable password for each privilege level in CONFIGURATION mode.

enable password encryption-type password-string priv-lvl privilege-level

● encryption-type — Enter an encryption type for the password entry:

○ 0 — Use plain text with no password encryption.

○ sha-256 — Encrypt the password using the SHA-256 algorithm.

○ sha-512 — Encrypt the password using the SHA-512 algorithm.

● priv-lvl privilege-level — Enter a privilege level, from 1 to 15.

OS10(config)# privilege exec priv-lvl 3 "show version"

OS10(config)# enable password 0 P@$$w0Rd priv-lvl 3

OS10(config)# privilege exec priv-lvl 12 "configure terminal"

OS10(config)# privilege configure priv-lvl 12 route-map

OS10(config)# privilege route-map priv-lvl 12 "set local-preference"

OS10(config)# enable password sha-256 $5$2uThib1o$84p.tykjmz/w7j26ymoKBjrb7uepkUB priv-

lvl 12

Passwords for user accounts

OS10 allows you to configure password check and strength for the user accounts.

Configuration notes

All Dell EMC PowerSwitches except MX-Series, S4200-Series, S5200 Series, and Z9332F-ON:

When you enter a password in an OS10 command, either at a password prompt or in the command syntax, you can enter only

alphanumeric and certain special characters - $ - _ . + ! * ' () - unencoded. You cannot enter any other special characters in the

password. Use URL encoding instead.

For example, in the image download command, the password a@b is not accepted: image download

ftp://username:a@b@10.11.63.122/filename. You must enter the password as image download ftp://

username:a%40b@10.11.63.122/filename. The URL encoding for @ is %40. For information about other characters

that require URL encoding, go to URL Encoding.

Enable user lockout

By default, a maximum of three consecutive failed password attempts is supported on the switch. You can set a limit to the

maximum number of allowed password retries with a specified lockout period for the user ID. Audit logs include authentication

failures on the console as well.

This feature is available only for the sysadmin and secadmin roles.

NOTE:

If you are downgrading OS10 to a release earlier than 10.5.2.1, check the password-attributes command and

ensure that only the supported parameters are configured.

● Configure user lockout settings in CONFIGURATION mode.

password-attributes {[max-retry number ] [lockout-period minutes] [console-exempt]}

○ max-retry number — Sets the maximum number of consecutive failed login attempts for a user before the user is

locked out, from 0 to 16; default 3.

Security

1305