OS10 Enterprise Edition User Guide Release 10.4.1.0 08 2018 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2018 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents Chapter 1: Getting Started.......................................................................................................... 20 Supported Hardware........................................................................................................................................................ 20 Download OS10 image and license................................................................................................................................20 Installation using ONIE........
description (alias)........................................................................................................................................................55 dir.................................................................................................................................................................................... 56 discard................................................................................................................................................
Load balance traffic.................................................................................................................................................... 85 Change hash algorithm.............................................................................................................................................. 85 Configure interface ranges.............................................................................................................................................
switchport access vlan..............................................................................................................................................114 switchport mode.........................................................................................................................................................115 switchport trunk allowed vlan.................................................................................................................................
lldp tlv-select dcbxp-appln fcoe.............................................................................................................................139 show fcoe enode........................................................................................................................................................139 show fcoe fcf..............................................................................................................................................................
MAC Commands........................................................................................................................................................ 193 Multiple Spanning-Tree Protocol................................................................................................................................. 196 Configure MSTP........................................................................................................................................................
VRF commands..........................................................................................................................................................263 Bidirectional Forwarding Detection............................................................................................................................ 268 BFD session states...................................................................................................................................................
IPv4 routing...................................................................................................................................................................... 339 Assign interface IP address.................................................................................................................................... 339 Configure static routing..........................................................................................................................................
Configure virtual IP address................................................................................................................................... 448 Set group priority...................................................................................................................................................... 449 Authentication............................................................................................................................................................
User re-authentication.............................................................................................................................................492 Password strength....................................................................................................................................................492 Role-based access control......................................................................................................................................
show openflow flows............................................................................................................................................... 555 show openflow ports............................................................................................................................................... 556 show openflow switch.............................................................................................................................................
ip prefix-list description...........................................................................................................................................585 ip prefix-list deny...................................................................................................................................................... 585 ip prefix-list permit...................................................................................................................................................
show ip as-path-access-list ................................................................................................................................... 613 show ip community-list.............................................................................................................................................613 show ip extcommunity-list.......................................................................................................................................
Congestion avoidance....................................................................................................................................................643 Storm control...................................................................................................................................................................645 RoCE for faster access and lossless connectivity..................................................................................................
show qos interface................................................................................................................................................... 666 show policy-map....................................................................................................................................................... 666 show qos control-plane...........................................................................................................................................
show vlt vlt-port-detail............................................................................................................................................ 702 vlt-domain................................................................................................................................................................... 703 vlt-port-channel.....................................................................................................................................................
rest https session timeout...................................................................................................................................... 750 RESTCONF API tasks.................................................................................................................................................... 750 View XML structure of CLI commands................................................................................................................
1 Getting Started Dell EMC Networking OS10 Enterprise Edition is a network operating system supporting multiple architectures and environments. The networking world is moving from a monolithic stack to a pick-your-own-world. The OS10 solution is designed to allow disaggregation of the network functionality.
perpetual license to run beyond the trial period. See the Quick Start Guide shipped with your device and My Account FAQs for more information. Download an OS10 image and license to: ● Re-install the license on a Dell EMC ONIE switch with factory-installed OS10 image and license.
A replacement switch comes without an operation system or license installed. If you receive a replacement switch, you must assign the STAG of the replacement switch to the SW entitlement in DDL and install the OS10 software and license. Follow the steps for an ONIE switch without an OS installed to download OS10 Enterprise Edition and the license. See Installation and Install OS10 license for complete installation and license information.
If a USB drive is inserted, auto-discovery searches the USB storage supporting FAT or EXT2 file systems. It also searches SCP, FTP, or TFTP servers with the default DNS name of the ONIE server. DHCP options are not used to provide the server IP, and the auto discovery method repeats until a successful software image installation occurs and reboots the switch. Example for automatic installation 1. Use the mv image_name onie-installer command to rename the image as onie-installer. mv PKGS_OS10-Base-10.3.1B.
4. Configure the IP addresses on the Management port, where x.x.x.x represents your internal IP address. After you configure the Management port, the response should be up. $ ifconfig eth0 x.x.x.x netmask 255.255.0.0 up 5. Install the software on the device. The installation command accesses the OS10 software from the specified SCP, TFTP, or FTP URL, creates partitions, verifies installation, and reboots itself. $ onie-nos-install image_filename location For example, enter ONIE:/ # onie-nos-install ftp://a.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Dell EMC Network Operating System (OS10) *-* *-* Copyright (c) 1999-2017 by Dell Inc. All Rights Reserved. *-* *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*This product is protected by U.S. and international copyright and intellectual property laws. Dell EMC and the Dell EMC logo are trademarks of Dell Inc.
License Type : PERPETUAL License Duration: Unlimited License Status : Active License location: /mnt/license/BJD7VS1.lic --------------------------------------------------------Troubleshoot license installation failure An error message displays if the installation fails. License installation failed 1. Verify the installation path to the local or remote location you tried to download the license from. 2. Check the log on the remote server to see why the FTP or TFTP file transfer failed. 3.
NOTE: The ZTD process performs a single switch reboot. The switch reboot occurs only if either a new OS10 image is installed or if the PRE-CONFIG section of the CLI batch file has configuration commands that are executed. ZTD prerequisites ● Store the ZTD provisioning script on a server that supports HTTP connections. ● Store the OS10 image, CLI batch file, and post-ZTD script on a file server that supports either HTTP, FTP, SFTP, or TFTP connections.
ZTD also generates failure messages. [os10:notify], %Dell EMC (OS10) %ZTD-FAILED: Zero Touch Deployment failed to download the image. Troubleshoot configuration locked When ZTD is enabled, the CLI configuration is locked. If you enter a CLI command, the error message configuration is locked displays. To configure the switch, disable ZTD by entering the ztd cancel command. OS10# configure terminal % Error: ZTD is in progress(configuration is locked).
Example #!/bin/bash #################################################################### # # # Example OS10 ZTD Provisioning Script # # #################################################################### ########## UPDATE THE BELOW CONFIG VARIABLES ACCORDINGLY ########### ########## ATLEAST ONE OF THEM SHOULD BE FILLED #################### IMG_FILE=”http://50.0.0.1/OS10.bin” CLI_CONFIG_FILE="http://50.0.0.1/cli_config" POST_SCRIPT_FILE="http://50.0.0.1/no_post_script.
For example, during the ZTD phase, you can configure only a management VLAN and IP address, then allow an Ansible orchestration server to perform complete switch configuration. Here is a sample curl script that is included in the post-ZTD script to contact an Ansible server: /usr/bin/curl -H "Content-Type:application/json" -k -X POST --data '{"host_config_key":"'7d07e79ebdc8f7c292e495daac0fe16b'"}' -u admin:admin https://10.16.134.
● ZTD Status — Current operational status: enabled or disabled. ● ZTD State — Current ZTD state: initialized, in-progress, successfully completed, failed, or canceled while in progress. ● Protocol State — Current state of ZTD protocol: initialized, idle while waiting to enable or complete ZTD process, waiting for DHCP post-hook callback, downloading files, installing image, executing pre-config or post-config CLI commands, or executing post-ZTD script file.
Configure Management IP address To remotely access OS10, assign an IP address to the management port. The management interface is used for OOB management purposes. 1. Configure the management interface from CONFIGURATION mode. interface mgmt 1/1/1 2. By default, DHCP client is enabled on the Management interface. Disable the DHCP client operations in INTERFACE mode. no ip address dhcp 3. Configure an IPv4 or IPv6 address on the Management interface in INTERFACE mode. ip address A.B.C.
Configure management route OS10(config)# management route 10.10.20.0/24 10.1.1.1 OS10(config)# management route 172.16.0.0/16 managementethernet Configure user name and password To set up remote access to OS10, create a new user name and password after you configure the management port and default route. The user role is a mandatory entry. Enter the password in clear text. It is converted to SHA-512 format in the running configuration.
operating system kernel. By leveraging industry-standard tools and utilities, the CLI provides a powerful set of commands that you can use to monitor and configure devices running OS10. User accounts OS10 defines two categories of user accounts — use admin for both the username and password to log into the CLI, or use linuxadmin to log into the Linux shell.
CLI command hierarchy CLI commands are organized in a hierarchy. Commands that perform a similar function are grouped together under the same level of hierarchy. For example, all commands that display information about the system and the system software are grouped under the show system command, and all commands that display information about the routing table are grouped under the show ip route command.
clear clock commit configure copy debug delete dir discard exit generate help image kill-session license location-led lock move no ping ping6 reload show start support-assist-activity system terminal traceroute unlock validate write Clear command Configure the system clock Commit candidate configuration Enter configuration mode Perform a file copy operation Debug command Perform a file delete operation on local file system Show the list of files for the specified system folder Discard candidate configurati
policy-map qos-map radius-server parameters route-map router sflow snmp-server spanning-tree support-assist system telnet track trust unit-provision username vlt-domain vrrp wred Configure policy map Configure QoS map Specify radius server host and configure communication Creates route-map Enable a routing process Configure sflow parameters Configure SNMP server Spanning Tree Subsystem Support Assist feature configuration System configuration Configure telnet server settings Configure object tracking Confi
queuing route-map running-configuration sessions sflow spanning-tree startup-configuration storm-control support-assist system tech-support terminal trace track uptime users and show the session id version vlan vlt vrrp Show egress QoS counters Show route map information Current operating configuration Show active management sessions Show sflow Show spanning tree information Contents of startup configuration Show storm control configuration Shows information about the support assist module Show system stat
-- Power Supplies -PSU-ID Status Type AirFlow Fan Speed(rpm) Status ---------------------------------------------------------------1 up AC NORMAL 1 11872 up 2 fail -- Fan Status -FanTray Status AirFlow Fan Speed(rpm) Status ---------------------------------------------------------------1 up NORMAL 1 10570 up 2 10598 up 2 up NORMAL 1 2 10541 10656 up up 3 up NORMAL 1 2 10598 10802 up up 4 up NORMAL 1 2 10485 10714 up up Candidate configuration When you enter OS10 configuration commands in
users vlt Current candidate users configuration Current candidate vlt domain configuration Compressed configuration OS10 offers the show candidate-configuration compressed and show running-configuration compressed commands that display interface-related configuration in a compressed manner. These commands group similar looking configuration. The compression is done only for interface-related configuration (VLAN and physical interfaces).
View compressed running configuration OS10# show running-configuration compressed interface breakout 1/1/1 map 40g-1x interface breakout 1/1/2 map 40g-1x interface breakout 1/1/3 map 40g-1x interface breakout 1/1/4 map 40g-1x interface breakout 1/1/5 map 40g-1x interface breakout 1/1/6 map 40g-1x interface breakout 1/1/7 map 40g-1x interface breakout 1/1/8 map 40g-1x interface breakout 1/1/9 map 40g-1x interface breakout 1/1/10 map 40g-1x interface breakout 1/1/11 map 40g-1x interface breakout 1/1/12 map 40
Prevent configuration changes You can prevent configuration changes on sessions other than the current CLI session using the lock command. Use the lock and unlock commands in EXEC mode to respectively prevent and allow configuration changes on other sessions. When you enter the lock command on a CLI session, users cannot make configuration changes across any other active CLI sessions.
To apply a set of commands to the current running configuration and execute them immediately, copy a text file from a remote server or local directory. The copied commands do not replace the existing commands. If the execution of a copied command fails, the successful execution of copied commands before the failure is maintained.
● Enter standby to load the secondary OS10 image stored in the B partition. Set next boot image OS10# boot system standby OS10# show boot Current system image information: =================================== Type Boot Type Active Standby Next-Boot ------------------------------------------------------------------Node-id 1 Flash Boot [A] 10.2.9999E [B] 10.2.
Create alias OS10# alias showint "show interface $*" OS10(config)# alias goint "interface ethernet $1" View alias output for showint OS10# showint status --------------------------------------------------------------------------------Port Description Status Speed Duplex Mode Vlan Tagged-Vlans --------------------------------------------------------------------------------Eth 1/1/1 up 40G A 1 Eth 1/1/2 up 40G A 1 Eth 1/1/3 up 40G A 1 Eth 1/1/4 up 40G A 1 Eth 1/1/5 up 40G A 1 Eth 1/1/6 up 40G A 1 Eth 1/1/7 up
shconfig showint shver Local Local Local "show runni..." "show inter..." "show versi...
View alias output for mTest with default values OS10(config)# mTest OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# ! interface ethernet1/1/1 no shutdown switchport access vlan ethernet 1/1/1 no shutdown show configuration 1 View alias output for mTest with different values OS10(config)# mTest ethernet 1/1/10 OS10(config)# interface ethernet 1/1/10 OS10(conf-if-eth1/1/10)# no shutdown OS10(conf-if-eth1/1/10)# show configuration ! interface ethernet1/1/10 no shutdown switchport acc
mTest Config line 1 "interface $1 $2" line 2 "no shutdown" line 3 "show configuration" default 1 "ethernet" default 2 "1/1/1" Number of config aliases : 1 Number of local aliases : 0 Delete alias OS10(config)# no alias mTest Batch mode Create and run a batch file to execute a sequence of multiple commands. A batch file is an unformatted text file that contains two or more commands. Store the batch file in the home directory.
● Use the -c option to run a single command. admin@OS10:/opt/dell/os10/bin$ clish -c "show version" New user admin logged in at session 10 OS10# show version Dell EMC Networking OS10-Enterprise Copyright (c) 1999-2018 by Dell Inc. All Rights Reserved. OS Version: 10.4.1.0X Build Version: 10.4.1.0.X.
OS9 environment commands You can configure commands in an OS9 environment by using the feature config-os9-style command. The current release supports VLAN tagging and port-channel grouping commands. ● VLAN Interface mode ○ tagged ○ no tagged ○ untagged ○ no untagged ● Port-channel Interface mode: ○ channel-member ○ no channel-member ● Enable the feature to configure commands in an OS9 environment in CONFIGURATION mode.
Example In the following example, when you enter showint status, note that the text on the CLI changes to show interface status. The alias changes to the actual command that you have specified in the alias definition.
The no version of this command deletes an alias. Example Supported Releases OS10(config)# alias mTest OS10(config-alias-mTest)# line 1 "interface $1 $2" OS10(config-alias-mTest)# line 2 "no shutdown" OS10(config-alias-mTest)# line 3 "show configuration" 10.4.0E(R1) or later batch Executes a series of commands in a file in batch (non-interactive) processing. Syntax batch /home/username/filename Parameters ● username — Enter the user name that was used to copy the command file.
commit Commits changes in the candidate configuration to the running configuration. Syntax commit Parameters None Default Not configured Command Mode EXEC Usage Information Use this command to save changes to the running configuration. Use the do commit command to save changes in CONFIGURATION mode. Example Example (configuration) Supported Releases OS10# commit OS10(config)# do commit 10.2.0E or later configure Enters CONFIGURATION mode from EXEC mode.
● supportbundle://filepath — (Optional) Copy from the support-bundle directory. ● tftp://hostip/filepath — (Optional) Copy from a remote TFTP server. ● usb:filepath — (Optional) Copy from an USB file system.
● value — Enter the value for the input parameter. Default Not configured Command Mode ALIAS Usage Information To use special characters in the input parameter value, enclose the string in double quotes. The no version of this command removes the default value. Example Supported Releases OS10(config)# alias mTest OS10(config-alias-mTest)# default 1 "ethernet 1/1/1" 10.4.0E(R1) or later delete Removes or deletes the startup configuration file.
Example Supported Releases OS10(config)# alias mTest OS10(config-alias-mTest)# description "This alias configures interfaces" 10.4.0E(R1) or later dir Displays files stored in available directories. Syntax dir {config | coredump | home | image | supportbundle | usb} Parameters ● ● ● ● ● ● Default Not configured Command Mode EXEC Usage Information Use the dir config command to display configuration files. This command requires at least one parameter.
do Executes most commands from all CONFIGURATION modes without returning to EXEC mode. Syntax do command Parameters command — Enter an EXEC-level command. Default Not configured Command Mode INTERFACE Usage Information None Example Supported Releases OS10(config)# interface ethernet 1/1/7 OS10(conf-if-eth1/1/7)# no shutdown OS10(conf-if-eth1/1/7)# do show running-configuration ... ! interface ethernet1/1/7 no shutdown ! ... 10.2.
Command Mode All Usage Information None Example Supported Releases OS10(conf-if-eth1/1/1)# exit OS10(config)# 10.2.0E or later license Installs a license file from a local or remote location. Syntax license install [ftp: | http: | localfs: | scp: | sftp: | tftp: | usb:] filepath Parameters ● ftp: — (Optional) Install from remote file system (ftp://userid:passwd@hostip/ filepath). ● http[s]: — (Optional) Install from remote file system (http://hostip/filepath).
Example Supported Releases OS10(config)# alias mTest OS10(config-alias-mTest)# line 1 "interface $1 $2" OS10(config-alias-mTest)# line 2 "no shutdown" OS10(config-alias-mTest)# line 3 "show configuration" 10.4.0E(R1) or later lock Locks the candidate configuration and prevents any configuration changes on any other CLI sessions, either in transaction or non-transaction-based configuration mode.
move Moves or renames a file on the config or home system directories. Syntax move [config: | home: | usb:] Parameters ● config: — Move from configuration directory (config://filepath). ● home: — Move from home directory (home://filepath). ● usb: — Move from USB file system (usb://filepath). Default Not configured Command Mode EXEC Usage Information Use the dir config command to view the directory contents. Example OS10# move config://startup.xml config://startup-backup.
Usage Information Example Use caution while using this command, as it reloads the OS10 image and reboots the device. OS10# reload Proceed to reboot the system? [confirm yes/no]:y Supported Releases 10.2.0E or later show alias Displays configured alias commands available in both persistent and non-persistent modes. Syntax show alias [brief | detail] Parameters ● brief — Displays brief information of aliases. ● detail — Displays detailed information of aliases.
shconfig showint shver Local Local Local "show running-configuration" "show interface $*" "show version" Number of config aliases : 3 Number of local aliases : 3 Supported Releases 10.3.0E or later show boot Displays detailed information about the boot image. Syntax show boot [detail] Parameters None Default Not configured Command Mode EXEC Usage Information The Next-Boot field displays the partition that the next reload uses.
● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● as-path — (Optional) Current candidate as-path configuration. bgp — (Optional) Current candidate BGP configuration. class-map — (Optional) Current candidate class-map configuration. community-list — (Optional) Current candidate community-list configuration. compressed — (Optional) Current candidate configuration in compressed format. control-plane — (Optional) Current candidate control-plane configuration.
switchport access vlan 1 no shutdown ! interface ethernet1/1/5 switchport access vlan 1 no shutdown ! --more-Example (compressed) OS10# show candidate-configuration compressed username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/ VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH. aaa authentication local snmp-server contact http://www.dell.com/support snmp-server location "United States" logging monitor disable ip route 0.0.0.0/0 10.11.58.
1 1 1 1 1 1 1 Supported Releases 2 3 4 5 6 7 8 Switch board temp sensor System Inlet Ambient-1 temp sensor System Inlet Ambient-2 temp sensor System Inlet Ambient-3 temp sensor Switch board 2 temp sensor Switch board 3 temp sensor NPU temp sensor 28 27 25 26 31 41 43 10.2.0E or later show inventory Displays system inventory information.
----------------------------------------------------------------192.168.10.0/24 managementethernet Connected Connected Supported Releases 10.2.2E or later show ipv6 management-route Displays the IPv6 routes used to access the management port. Syntax show ipv6 management-route [all | connected | summary] Parameters ● all — (Optional) Display the IPv6 routes that the management interface uses. ● connected — (Optional) Display only routes directly connected to the management interface.
License Duration: Unlimited License Status : Active License location: /mnt/license/BJD7VS1.lic --------------------------------------------------------- Supported Releases 10.3.0E or later show running-configuration Displays the configuration currently running on the device.
Example Example (compressed) OS10# show running-configuration ! Version 10.2.9999E ! Last configuration change at Apr 11 01:25:02 2017 ! username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/ VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH. aaa authentication local snmp-server contact http://www.dell.com/support snmp-server location "United States" logging monitor disable ip route 0.0.0.0/0 10.11.58.
show startup-configuration Displays the contents of the startup configuration file. Syntax show startup-configuration [compressed] Parameters compressed — (Optional) View a compressed version of the startup configuration file. Default Not configured Command Mode EXEC Usage Information None Example Example (compressed) OS10# show startup-configuration username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/ VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH.
! policy-map type application policy-iscsi ! class-map type application class-iscsi Supported Releases 10.2.0E or later show system Displays system information. Syntax show system [brief | node-id] Parameters ● brief — View abbreviated list of system information. ● node-id — Node ID number.
Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Example (brief) 1/1/2 1/1/3 1/1/4 1/1/5 1/1/6 1/1/7 1/1/8 1/1/9 1/1/10 1/1/11 1/1/12 1/1/13 1/1/14 1/1/15 1/1/16 1/1/17 1/1/18 1/1/19 1/1/20 1/1/21 1/1/22 1/1/23 1/1/24 1/1/25 1/1/26 1/1/27 1/1/28 1/1/29 1/1/30 1/1/31 1/1/32 Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No No BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAK
show version Displays software version information. Syntax show version Parameters None Default Not configured Command Mode EXEC Usage Information None Example Supported Releases OS10# show version Dell EMC Networking OS10-Enterprise Copyright (c) 1999-2018 by Dell Inc. All Rights Reserved. OS Version: 10.4.1.0X Build Version: 10.4.1.0.X.9 Build Time: 2018-06-12T22:18:40-0700 System Type: S4148F-ON Architecture: x86_64 Up Time: 2 days 03:37:25 10.2.
Example Supported Releases OS10# system bash admin@OS10:~$ pwd /config/home/admin admin@OS10:~$ exit OS10# 10.2.0E or later system identifier Sets a non-default unit ID in a non-stacking configuration. Syntax system identifier system-identifier-ID Parameters system-identifier-ID — Enter the system identifier ID (1–9) Default Not configured Command Mode CONFIGURATION Usage Information The system ID is displayed in the stack LED on the front panel.
● host — Enter the host to trace packets from. ● -i interface — (Optional) Enter the IP address of the interface through which traceroute sends packets. By default, the interface is selected according to the routing table. ● -m max_ttl — (Optional) Enter the maximum number of hops (maximum time-to-live value) that traceroute probes (default 30).
unlock Unlocks a previously locked candidate configuration file. Syntax unlock Parameters None Default Not configured Command Mode EXEC Usage Information None Example Supported Releases OS10# unlock 10.2.0E or later write Copies the current running configuration to the startup configuration file. Syntax write {memory} Parameters memory — Copy the current running configuration to the startup configuration.
2 Interfaces You can configure and monitor physical interfaces (Ethernet), port-channels, and VLANs in L2 or L3 modes. Table 1.
Figure 1. S4148U-ON unified port groups To enable Ethernet interfaces in a unified port group: 1. Configure a unified port group in CONFIGURATION mode. Enter 1/1 for node/slot. The port-group range depends on the switch. port-group node/slot/port-group 2. Activate the unified port group for Ethernet operation in PORT-GROUP mode. To activate a unified port group in Fibre Channel mode, see Fibre Channel interfaces. The available options depend on the switch.
You can enable L2 switching on a port interface in access or trunk mode. By default, an interface is configured in access mode. Access mode allows L2 switching of untagged traffic on a single VLAN (VLAN 1 is the default). Trunk mode enables L2 switching of untagged traffic on the access VLAN, and tagged traffic on multiple (one or more) VLANs. By default, native VLAN of a port is the default VLAN ID of the switch. You can change the native VLAN using the switchport access vlan vlan-id command.
Fibre Channel interfaces OS10 unified port groups support Fibre Channel (FC) interfaces. A unified port group operates in Fibre Channel or Ethernet mode. To activate FC interfaces, configure a port group to operate in Fibre Channel mode and specify the port speed. By default, FC interfaces are disabled. To enable an FC interface for data transmission, enter the no shutdown command. On a S4148U-ON, FC interfaces are available in all port groups.
View FC interface OS10(config)# interface fibrechannel 1/1/43:1 OS10(conf-if-fc-1/1/43:1)# show configuration ! interface fibrechannel1/1/43:1 no shutdown speed 32 vfabric 100 OS10# show interface fibrechannel 1/1/43:1 Fibrechannel 1/1/43:1 is up, FC link is up Address is 14:18:77:20:8d:fc, Current address is 14:18:77:20:8d:fc Pluggable media present, QSFP-PLUS type is QSFPPLUS_4X16_16GBASE_FC_SW Wavelength is 850 Receive power reading is 0.
VLAN interfaces VLANs are logical interfaces and are, by default, in L2 mode. Physical interfaces and port-channels can be members of VLANs. OS10 supports inter-VLAN routing. You can add IP addresses to VLANs and use them in routing protocols in the same manner that physical interfaces are used. When using VLANs in a routing protocol, you must configure the no shutdown command to enable the VLAN for routing traffic.
VLAN scale profile When you scale the number of VLANs on a switch, use the VLAN scale profile so that less memory is consumed. Enable the scale profile before you configure VLANs on the switch. The scale profile globally applies L2 mode on all VLANs you create and disables L3 transmission. To enable L3 routing traffic on a VLAN, use the mode L3 command. 1. Configure the L2 VLAN scale profile in CONFIGURATION mode. scale-profile vlan 2. (Optional) Enable L3 routing on a VLAN in INTERFACE VLAN mode.
Port-channel interfaces Port-channels are not configured by default. Link aggregation is a method of grouping multiple physical interfaces into a single logical interface — a link aggregation group (LAG) or port -channel. A port-channel aggregates the bandwidth of member links, provides redundancy, and load balances traffic. If a member port fails, the OS10 device redirects traffic to the remaining ports.
If you globally disable spanning-tree operation, L2 interfaces that are LACP-enabled port-channel members may flap due to packet loops. Add port member — static LAG A static port-channel (LAG) contains member interfaces that you manually assign using the channel-group mode on command. OS10(config)# interface port-channel 10 Aug 24 4:5:38: %Node.1-Unit.1:PRI:OS10 %dn_ifm %log-notice:IFM_ASTATE_UP: Interface admin state up.:port-channel10 Aug 24 4:5:38: %Node.1-Unit.
Remove or disable port-channel You can delete or disable a port-channel. 1. Delete a port-channel in CONFIGURATION mode. no interface port-channel channel-number 2. Disable a port-channel to place all interfaces within the port-channel operationally down in CONFIGURATION mode. shutdown Delete port-channel OS10(config)# interface port-channel 10 OS10(conf-if-po-10)# no interface port-channel 10 Load balance traffic You can use hashing to load balance traffic across the member interfaces of a port-channel.
● Change the default (0) to another algorithm and apply it to LAG hashing in CONFIGURATION mode. hash-algorithm lag crc Change hash algorithm OS10(config)# hash-algorithm lag crc Configure interface ranges Bulk interface configuration allows you apply the same configuration to multiple interfaces - either physical or logical, or to display their current configuration. You can also create multiple logical interfaces in bulk. An interface range is a set of interfaces to which you can apply the same command.
Switch-port profiles A port profile determines the enabled front-panel ports and supported breakout modes on Ethernet and unified ports. Change the port profile on a switch to customize uplink and unified port operation, and the availability of front-panel data ports. To change the port profile at the next reboot, enter the switch-port-profile command with the desired profile, save it to the startup configuration, and reload the switch. 1. Configure a platform-specific port profile in CONFIGURATION mode.
● 100GE mode is a QSFP28 port. NOTE: For S4148U-ON port profiles with both unified and Ethernet ports, see S4148U-ON port profiles. An S4148U-ON unified port supports Fibre Channel and Ethernet modes. For example, profile-1 enables 10G speed on forty-eight ports (1-24 and 31-54), and 4x10G breakouts on QSFP28 ports 25-26 and 29-30; QSFP+ ports 27 and 28 are deactivated. profile-3 enables 10G speed on forty ports, and 4x10G breakouts on all QSFP28 and QSFP+ ports.
*profile-1 and profile-2 activate the same port mode capability on unified and Ethernet ports. The difference is that in profile-1, by default SFP+ unified ports 1-24 come up in Fibre Channel mode with 2x16GFC breakouts per port group. In profile-2, by default SFP+ unified ports 1-24 come up in Ethernet 10GE mode. profile-1 allows you to connect FC devices for plug-and-play; profile-2 is designed for a standard Ethernet-based data network.
Configure interface breakout OS10(config)# interface breakout 1/1/7 map 10g-4x Display interface breakout OS10# show interface status -----------------------------------------------------------------Port Description Status Speed Duplex Mode Vlan Tagged-Vlans -----------------------------------------------------------------Eth 1/1/1 down 0 auto Eth 1/1/2 down 0 auto A 1 Eth 1/1/7:1 down 0 auto A 1 Eth 1/1/7:2 down 0 auto A 1 Eth 1/1/7:3 down 0 auto A 1 Eth 1/1/7:4 down 0 auto A 1 Eth 1/1/25 down 0 auto A 1 -
FEC modes supported in OS10: ● ● ● ● CL74-FC — Supports 25G CL91-RS — Supports 100G CL108-RS — Supports 25G off — Disables FEC NOTE: OS10 does not support FEC on 10G and 40G.
Auto-negotiation performs at power-up, on command from the LAN controller, on detection of a PHY error, or following Ethernet cable re-connection. During the link establishment process, both link partners indicate their EEE capabilities. If EEE is supported by both link partners for the negotiated PHY type, the EEE function is used independently in either direction. Changing the EEE configuration resets the interface because the device restarts Layer 1 auto-negotiation.
Eth ...
Parameters node/slot/port[:subport]—Enter the interface information. Default Not configured Command Mode EXEC Usage Information Use this command to clear EEE counters on a specified Ethernet interface. Example Supported Releases OS10# clear counters interface 1/1/48 eee Clear eee counters on ethernet1/1/48 [confirm yes/no]:yes 10.3.0E or later eee Enables or disables energy-efficient Ethernet (EEE) on physical ports.
Supported Releases 10.3.0E or later show interface eee statistics Displays EEE statistics for all interfaces. Syntax show interface eee statistics Parameters None Default Not configured Command Mode EXEC Example OS10# show interface eee statistics Port EEE TxEventCount TxDuration(us) RxEventCount RxDuration(us) -----------------------------------------------------------------------------Eth 1/1/1 off 0 0 0 0 ... Eth 1/1/47 on 0 0 0 0 Eth 1/1/48 on 0 0 0 0 Eth 1/1/49 n/a ...
Example Supported Releases OS10# show interface ethernet 1/1/48 eee statistics Eth 1/1/48 EEE : on TxIdleTime(us) : 2560 TxWakeTime(us) : 5 Last Clearing : 18:45:53 TxEventCount : 0 TxDuration(us) : 0 RxEventCount : 0 RxDuration(us) : 0 10.3.0E or later View interface configuration To view basic interface information, use the show interface, show running-configuration, and show interface status commands. You can stop scrolling output from a show command by entering CTRL+C.
Time since last interface status change: 3 weeks 1 day 20:30:38 --more-View specific interface information OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# show configuration ! interface ethernet1/1/1 ip address 1.1.1.1/24 no switchport no shutdown View candidate configuration OS10(conf-if-eth1/1/1)# show configuration candidate ! interface ethernet1/1/1 ip address 1.1.1.1/24 no switchport no shutdown View running configuration OS10# show running-configuration Current Configuration ...
Interface commands channel-group Assigns an interface to a port-channel group. Syntax channel-group channel-number mode {active | on | passive} Parameters ● ● ● ● ● Default Not configured Command Mode INTERFACE Usage Information The no version of this command resets the value to the default, and unassigns the interface from the port-channel group. Example Supported Releases channel-number — Enter a port-channel number (1 to 128). mode — Sets the LACP actor mode.
no shutdown switchport access vlan 10 ! interface ethernet1/1/4 no shutdown switchport access vlan 10 Supported Releases 10.4.0E(R1) or later description (Interface) Configures a textual description of an interface. Syntax description string Parameters string — Enter a text string for the interface description (up to 240 characters). Default Not configured Command Mode INTERFACE Usage Information ● To use special characters as a part of the description string, enclose the string in double quotes.
feature auto-breakout Enables front-panel Ethernet ports to automatically detect SFP pluggable media and autoconfigure breakout interfaces. Syntax feature auto-breakout Parameters None Default Not configured Command mode CONFIGURATION Usage information After you enter the feature auto-breakout command and plug a supported breakout cable in a QSFP+ or QSFP28 port, the port autoconfigures breakout interfaces for media type and speed. The no version of this command disables the auto-breakout feature.
Command Mode CONFIGURATION Usage Information ● Each breakout interface operates at the configured speed; for example, 10G or 25G. ● The no interface breakout node/slot/port command resets a port to its default speed — 40G or 100G. ● To configure breakout interfaces on a unified port, use the mode {Eth | FC} command in the Port-Group configuration mode. Example Supported Releases OS10(config)# interface breakout 1/1/41 map 10g-4x 10.2.
Default Enabled Command Mode CONFIGURATION Usage Information You cannot delete a Management port. To assign an IP address to the Management port, use the ip address command. Example Supported Releases OS10(config)# interface mgmt 1/1/1 OS10(conf-if-ma-1/1/1)# 10.2.0E or later interface null Configures a null interface on the switch. Syntax interface null number Parameters number — Enter the interface number to set as null (0).
Parameters ● node/slot/port[:subport]-node/slot/port[:subport] — Enter a range of Ethernet interfaces. ● IDnumber-IDnumber — Enter a range of port-channel numbers (1 to 128). ● vlanID-vlanID — Enter a range VLAN ID numbers (1 to 4093). Default Not configured Command Mode CONFIGURATION Usage Information Enter up to six comma-separated interface ranges without spaces between commas. When creating an interface range, interfaces are not sorted and appear in the order entered.
Usage Information Example Supported Releases None OS10(config)# link-bundle-utilization trigger-threshold 10 10.2.0E or later mode Configures a front-panel unified port group to operate in Fibre Channel or Ethernet mode, or a QSFP28-DD port to operate in Ethernet mode, with the specified speed on activated interfaces.
mode l3 After you configure the VLAN scale profile, enables L3 routing on a VLAN. Syntax mode l3 Parameters None Defaults Not configured Command Mode INTERFACE VLAN Usage Information To configure the VLAN scale profile, use the scale-profile vlan command. The scale profile globally applies L2 mode on all VLANs you create and disables L3 transmission. To enable L3 routing traffic on a VLAN, use the mode L3 command.
Parameters ● node/slot — Enter 1/1 for node/slot when you configure a port group. ● port-group — Enter the port-group number (1–14). The available port-group range depends on the switch. Default Not configured Command mode CONFIGURATION Usage information Enter PORT-GROUP mode to: ● Configure unified ports in Fibre Channel or Ethernet mode and break out interfaces with a specified speed. ● Break out a QSFP28-DD port into multiple interfaces with a specified speed.
● ● ● ● mgmt node/slot/port — Display Management interface information. null — Display null interface information. port-channel id-number — Display port channel interface IDs (1 to 128). vlan vlan-id — Display the VLAN interface number (1 to 4093). Default Not configured Command Mode EXEC Usage Information Use the do show interface command to view interface information from other command modes.
Eth 23 L2 up 20:34:32 Eth Eth Eth Supported Releases 1/1/12 1/1/20 1/1/21 1/1/22 (Inact) (Up) (Up) (Up) 10.2.0E or later show inventory media Displays installed media in switch ports. Syntax show inventory media Parameters None Command Mode EXEC Usage Information Use the show inventory media command to verify the media type inserted in a port.
Example OS10# show link-bundle-utilization Link-bundle trigger threshold - 60 Supported Releases 10.2.0E or later show port-channel summary Displays port-channel summary information.
Default None Command Mode EXEC Usage Information To view the ports that belong to each port group, use the show port-group command. To configure a port group, enter the port-group command.
Supported Profiles: profile-1 profile-2 profile-3 profile-4 profile-5 profile-6 Supported Releases 10.3.1E or later show unit-provision NOTE: This command will be supported in future releases. Syntax show unit-provision show vlan Displays the current VLAN configuration. Syntax show vlan [vlan-id] Parameters vlan-id — (Optional) Enter a VLAN ID (1 to 4093).
Example Supported Releases OS10(config)# interface ethernet 1/1/7 OS10(conf-if-eth1/1/7)# no shutdown 10.2.0E or later speed (Fibre Channel) Configures the transmission speed of a Fibre Channel interface. Syntax speed {8 | 16 | 32 | auto} Parameters Set the speed of a Fibre Channel interface to: ● 8 — 8GFC ● 16 — 16GFC ● 32 — 32GFC ● auto — Set the port speed to the speed of the installed media.
Supported Releases 10.3.0E or later switch-port-profile Configures a port profile on the switch. The port profile determines the available front-panel ports and breakout modes. Syntax switch-port-profile node/unit profile Parameters ● node/unit — Enter switch information. For a standalone switch, enter 1/1. ● profile — Enter the name of a platform-specific profile.
○ profile-2 — SFP+ unified ports (1-24), QSFP28 unified ports (25-26 and 29-30), QSFP+ Ethernet ports (27-28), and SFP+ Ethernet ports (31-54) are enabled. ■ SFP+ unified ports operate in Ethernet 10GE mode by default. SFP+ unified port groups support 4x8GFC and 2x16GFC breakouts (ports 1 and 3) in FC mode. ■ QSFP28 unified ports 25 and 29 operate in Ethernet 100GE mode by default, and support 40GE with QSFP+ transceivers and 4x10G breakouts.
Default VLAN 1 Command Mode INTERFACE Usage Information This command enables L2 switching for untagged traffic and assigns a port interface to default VLAN 1. Use this command to change the assignment of the access VLAN that carries untagged traffic. You must create the VLAN before you can assign an access interface to it. The no version of this command resets access VLAN membership on a L2 access or trunk port to VLAN 1.
Example OS10(conf-if-eth1/1/2)# switchport trunk allowed vlan 1000 OS10(conf-if-eth1/1/2)# no switchport trunk allowed vlan 1000 Supported Releases 10.2.0E or later unit-provision This command will be supported in future releases.
3 Fibre Channel OS10 switches with Fibre Channel (FC) ports operate in one of the following modes: Direct attach (F_Port), NPIV Proxy Gateway (NPG), or FIP Snooping Bridge (FSB). In the FSB mode, you cannot use the FC ports. OS10 switches with Ethernet ports operate in FIP Snooping Bridge (FSB). F_Port Fibre Channel fabric port (F_Port) is the switch port that connects the FC fabric to a node. S4148U-ON switches support F_Port.
NOTE: OS10 supports multiple ENodes in F_Port mode. Using the discovered information, the switch installs ACL entries that provide security and point-to-point link emulation. Terminology ENode End Node or FCoE node FC Fibre Channel FC ID A 3-byte address used by FC to identify the end points FC Map A 3-byte prefix configured per VLAN, used to frame FCoE MAC address FCF Fibre Channel Forwarder FCoE Fibre Channel over Ethernet FCoE MAC Unique MAC address used to identify an FCoE session.
5. Allow access to all logged-in members in the absence of active zoneset configuration using the zone default-zone permit command. The logged-in members are the FC nodes that are successfully logged into the FC fabric, identified by the vfabric. 6. (Optional) Add a name to the vfabric using the name vfabric-name command. 7. Apply the vfabric to FC interfaces using the vfabric fabric-ID command in FC INTERFACE mode.
fibrechannel1/1/30:1 fibrechannel1/1/30:3 ========================================== Configure vfabric in NPG mode 1. Configure a vfabric using the vfabric fabric-ID command in CONFIGURATION mode. The switch enters vfabric CONFIGURATION mode. Enter the following commands. 2. Associate a VLAN ID to the vfabric with the vlan vlan-ID command. 3. Add FCoE parameters with the fcoe {fcmap fc-map | fcf-priority fcf-priority-value | fka-advperiod adv-period | vlan-priority vlan-priority-value | keep-alive} command.
Fibre Channel zoning Fibre Channel (FC) zoning partitions a FC fabric into subsets to restrict unnecessary interactions, improve security, and manage the fabric more effectively. Create zones and add members to the zone. Identify a member by an FC alias, World Wide Name (WWN), or FC ID. A zone can have a maximum of 255 unique members. Create zonesets and add the zones to a zoneset. A switch can have multiple zonesets, but you can activate only one zoneset at a time in a fabric. 1.
View FC zoneset configuration OS10(conf-fc-zoneset-set)# show configuration ! fc zoneset set member hba1 member hba2 OS10# show fc zoneset active vFabric id: 100 Active Zoneset: set ZoneName ZoneMember ================================================ hba2 *20:01:00:0e:1e:e8:e4:99 20:35:78:2b:cb:6f:65:57 50:00:d3:10:00:ec:f9:05 50:00:d3:10:00:ec:f9:1b 50:00:d3:10:00:ec:f9:1f hba1 *10:00:00:90:fa:b8:22:19 *21:00:00:24:ff:7b:f5:c8 OS10# show fc zoneset set ZoneSetName ZoneName ZoneMember ====================
fc alias Creates an FC alias. After creating the alias, you can add members to the FC alias. An FC alias can have a maximum of 255 unique members. Syntax fc alias alias-name Parameters alias-name — Enter a name for the FC alias. Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes the FC alias. To delete an FC alias, first remove it from the FC zone.
Supported Releases 10.3.1E or later feature fc Enables the F_Port globally. Syntax feature fc domain-id domain-id Parameters domain-id — Enter the domain ID of the F_Port, from 1 to 239. Defaults Disabled Command Mode CONFIGURATION Usage Information The no version of this command disables the F_Port. You can disable the F_Port only when vfabric and zoning configurations are not available. Before disabling the F_Port, remove the vfabric and zoning configurations.
Example Supported Releases OS10(config)# fc zone hba1 OS10(config-fc-zone-hba1)# member wwn 10:00:00:90:fa:b8:22:19 OS10(config-fc-zone-hba1)# member wwn 21:00:00:24:ff:7b:f5:c8 10.3.1E or later member (zoneset) Adds zones to an existing zoneset. Syntax member zone-name Parameters zone-name — Enter an existing zone name. Defaults Not configured Command Mode Zoneset CONFIGURATION Usage Information The no version of this command removes the zone from the zoneset.
Default Not configured Command Mode EXEC Usage Information None Example Supported Releases OS10# show fc interface-area-id mapping Intf Name FC-ID Status ================================================== ethernet1/1/40 0a:02:00 Active 10.4.1.0 or later show fc ns switch Displays the details of FC NS switch parameters.
20:00:00:90:fa:b8:22:19 fibrechannel1/1/29 100 20:00:00:24:ff:7b:f5:c8 Supported Releases 64:74:00 21:00:00:24:ff:7b:f5:c8 10.3.1E or later show fc zone Displays the FC zones and the zone members. Syntax show fc zone [zone-name] Parameters zone-name — Enter the FC zone name.
Example OS10# show fc zoneset ZoneSetName ZoneName ZoneMember ========================================================= set hba1 21:00:00:24:ff:7b:f5:c8 10:00:00:90:fa:b8:22:19 21:00:00:24:ff:7f:ce:ee 21:00:00:24:ff:7f:ce:ef hba2 20:01:00:0e:1e:e8:e4:99 50:00:d3:10:00:ec:f9:1b 50:00:d3:10:00:ec:f9:05 50:00:d3:10:00:ec:f9:1f 20:35:78:2b:cb:6f:65:57 vFabric id: 100 Active Zoneset: set ZoneName ZoneMember ============================================== hba2 20:01:00:0e:1e:e8:e4:99 20:35:78:2b:cb:6f:65:57 50:
zone default-zone permit Enables access between all logged-in FC nodes of vfabric in the absence of an active zoneset configuration. A default zone advertises a maximum of 255 members in the registered state change notification (RSCN) message. Syntax zone default-zone permit Parameters None Defaults Not configured Command Mode Vfabric CONFIGURATION Usage Information The no version of this command disables access between FC nodes in the absence of an active zoneset.
Example Supported Releases OS10(config)# interface fibrechannel 1/1/1 OS10(conf-if-fc1/1/1)# fc port-mode F 10.4.1.0 or later feature fc npg Enables the NPG mode globally. Syntax feature fc npg Parameters None Defaults Disabled Command Mode CONFIGURATION Usage Information The no version of this command disables the NPG mode. You can enable only any one of the following at a time: F_Port, FIP snooping bridge, or NPG. Example Supported Releases OS10(config)# feature fc npg 10.4.
Vfabric Id :10 ENode WWPN :20:01:d4:ae:52:1a:ee:54 ENode WWNN :20:00:d4:ae:52:1a:ee:54 FCoE MAC :0e:fc:00:01:04:02 FC-ID :01:04:02 Login Method :FLOGI Time since discovered(in Secs) :6253 Status :LOGGED_IN FC Node[1]: Node Interface Fabric Interface Vlan Vfabric Id WWPN WWNN FC-ID Login Method Time since discovered(in Secs) Status Example (brief) :Fc 1/1/6 :Fc 1/1/5 :100 :10 :20:07:00:11:0d:a8:d4:00 :20:07:00:11:0d:a8:d4:00 :02:34:01 :FLOGI :23 :LOGGED_IN OS10# show npg devices brief Total NPG Devices = 3
Example Supported Releases OS10# clear fc statistics vfabric 100 OS10# clear fc statistics interface fibrechannel1/1/25 10.4.1.0 or later fcoe Adds FCoE parameters to vfabric. Syntax fcoe {fcmap fc-map | fcf-priority fcf-priority-value | fka-adv-period advperiod | vlan-priority vlan-priority-value | keep-alive} Parameters ● ● ● ● fc-map — Enter the FC map ID, ranging from 0xefc00-0xefcff. fcf-priority-value — Enter the FCF priority value, ranging from 1 to 255.
show fc statistics Displays the FC statistics. Syntax show fc statistics {vfabric vfabric-ID | interface fibrechannel} Parameters ● vfabric-ID — Enter the vfabric ID. ● fibrechannel — Enter the fibre channel interface name.
show running-config vfabric Displays the running configuration for vfabric. Syntax show running-config vfabric Parameters None Defaults Not configured Command Mode EXEC Usage Information None Example Supported Releases OS10# show running-configuration vfabric ! vfabric 10 vlan 100 fcoe fcmap 0xEFC00 fcoe fcf-priority 140 fcoe fka-adv-period 13 10.4.0E(R1) or later show vfabric Displays vfabric details.
fibrechannel1/1/9 fibrechannel1/1/10 fibrechannel1/1/11 fibrechannel1/1/12 fibrechannel1/1/15 fibrechannel1/1/17 fibrechannel1/1/18 fibrechannel1/1/19 fibrechannel1/1/20 fibrechannel1/1/21 fibrechannel1/1/22 fibrechannel1/1/23 fibrechannel1/1/24 fibrechannel1/1/25:1 fibrechannel1/1/29:1 fibrechannel1/1/30:1 fibrechannel1/1/30:3 ==================================== Supported Releases 10.3.1E or later vfabric Configures a virtual fabric (vfabric). Enable the F_Port before configuring a vfabric.
Supported Releases 10.3.1E or later vlan Associate an existing VLAN ID to the vfabric to carry traffic. Create the VLAN ID before associating it to the vfabric. Do not use spanned VLAN as vfabric VLAN. Syntax vlan vlan-ID Parameters vlan-ID — Enter an existing VLAN ID. Defaults Not configured Command Mode Vfabric CONFIGURATION Usage Information The no version of this command removes the VLAN ID from the vfabric.
Usage Information Example Supported Releases The no version of this command disables FIP snooping on the VLAN. You can enable FIP snooping on a VLAN only after enabling the FIP snooping feature globally using the feature fip-snooping command. OS10 supports FIP snooping on a maximum of 12 VLANs. OS10(config)# interface vlan 3 OS10(conf-if-vl-3)# fip-snooping enable 10.4.0E(R1) or later fip-snooping fc-map Configure the FC map value for specific VLAN.
clear fcoe database Clears the FCoE database for the specified VLAN. Syntax clear fcoe database vlan vlan-id {enode enode-mac-address | fcf fcf-macaddress | session fcoe-mac-address} Parameters ● ● ● ● Default Not configured Command Mode EXEC Usage Information None Example Supported Releases vlan-id — Enter the VLAN ID. enode-mac-address — Enter the MAC address of ENode. fcf-mac-address — Enter the MAC address of FCF. fcoe-mac-address — Enter the MAC address of FCoE session.
Supported Releases 10.4.0E(R1) or later fcoe priority-bits Configures the priority bits for FCoE application TLVs. Syntax fcoe priority-bits priority-value Parameter priority-value — Enter PFC priority value advertised in FCoE application TLV. You can enter one of the following values: 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, or 0x80. Default 0x08 Command Mode CONFIGURATION Usage Information You can configure only one PFC priority at a time.
Usage Information Example Supported Releases None OS10# show fcoe enode Enode MAC Enode Interface VLAN FCFs Sessions ----------------- ---------------- ---- ---- -------d4:ae:52:1b:e3:cd ethernet1/1/54 100 1 5 10.4.0E(R1) or later show fcoe fcf Displays the details of FCFs connected to the switch. Syntax show fcoe [fcf-mac-address] Parameters fcf-mac-address — (Optional) Enter the MAC address of FCF. This option displays details of specified FCF.
Supported Releases 10.4.0E(R1) or later show fcoe statistics Displays the statistical details of FCoE control plane. Syntax show fcoe statistics [interface interface-type] Parameters interface-type — (Optional) Enter the type of interface. This option displays statistics of the specified interface.
Enodes Sessions Supported Releases : 2 : 17 10.4.0E(R1) or later show fcoe vlan Displays the details of FIP snooping operational VLANs and the attributes. Syntax show fcoe vlan Parameters None Default Not configured Command Mode EXEC Usage Information None Example Supported Releases 142 OS10# show fcoe vlan * = Default VLAN VLAN FC-MAP FCFs Enodes ---- ------ ---- -----*1 100 0X0EFC00 1 2 10.4.
4 Layer 2 802.1X Verifies device credentials prior to sending or receiving packets using the Extensible Authentication Protocol (EAP) (see 802.1X Commands). Link Aggregation Control Protocol (LACP) Exchanges information between two systems and automatically establishes a LAG between the systems (see LACP Commands).
The authentication process involves three devices: ● Supplicant — The device attempting to access the network performs the role of supplicant. Regular traffic from this device does not reach the network until the port associated to the device is authorized. Prior to that, the supplicant can only exchange 802.1x messages (EAPOL frames) with the authenticator.
EAP over RADIUS 802.1X uses RADIUS to transfer EAP packets between the authenticator and the authentication server. EAP messages are encapsulated in RADIUS packets as an attribute of type, length, value (TLV) format — the type value for EAP messages is 79. Configure 802.1X You can configure and enable 802.1X on a port in a single process. OS10 supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP and all platforms support RADIUS as the authentication server.
Enable 802.1X 1. Enable 802.1X globally in CONFIGURATION mode. dot1x system-auth-control 2. Enter an interface or a range of interfaces in INTERFACE mode. interface range 3. Enable 802.1X on the supplicant interface only in INTERFACE mode. dot1x port-control auto Configure and verify 802.
Identity retransmissions If the authenticator sends a Request Identity frame but the supplicant does not respond, the authenticator waits 30 seconds and then re-transmits the frame. There are several reasons why the supplicant might fail to respond — the supplicant may have been booting when the request arrived, there may be a physical layer problem, and so on. 1.
The Request Identity Re-transmit interval is for an unresponsive supplicant. You can configure the interval for a maximum of 10 times for an unresponsive supplicant. 1. Configure the amount of time that the authenticator waits to re-transmit a Request Identity frame after a failed authentication in INTERFACE mode (1 to 65535, default 60 seconds).
● Place a port in the Auto, Force-authorized (default), or Force-unauthorized state in INTERFACE mode. dot1x port-control {auto | force-authorized | force-unauthorized} Configure and verify force-authorized state OS10(conf-range-eth1/1/7-1/1/8)# dot1x port-control force-authorized OS10(conf-range-eth1/1/7-1/1/8)# do show dot1x interface ethernet 1/1/7 802.
Tx Period: Quiet Period: Supplicant Timeout: Server Timeout: Re-Auth Interval: Max-EAP-Req: Host Mode: Auth PAE State: Backend State: 120 seconds 120 seconds 30 seconds 30 seconds 3600 seconds 5 MULTI_HOST Initialize Initialize View interface running configuration OS10(conf-range-eth1/1/7-1/1/8)# do show running-configuration interface ...
View interface running configuration OS10(conf-range-eth1/1/7-1/1/8)# do show running-configuration interface ...
Usage Information Example Supported Releases The no version of this command resets the value to the default. OS10(conf-range-eth1/1/7-1/1/8)# dot1x max-req 4 10.2.0E or later dot1x port-control Controls the 802.1X authentication performed on the interface. Syntax dot1x port-control {force-authorized | force-unauthorized | auto} Parameters ● force-authorized — Disables 802.1X authentication on the interface and allows all traffic on the interface without authentication.
Command Mode INTERFACE Usage Information The no version of this command resets the value to the default. Example Supported Releases OS10(conf-range-eth1/1/7-1/1/8)# dot1x timeout quiet-period 120 10.2.0E or later dot1x timeout re-authperiod Sets the number of seconds between re-authentication attempts. Syntax dot1x timeout re-authperiod seconds Parameters re-authperiod seconds — Enter the number of seconds for the 802.1X re-authentication timeout (1 to 65535).
Command Mode INTERFACE Usage Information The no version of this command resets the value to the default. Example Supported Releases OS10(conf-range-eth1/1/7-1/1/8)# dot1x timeout supp-timeout 45 10.2.0E or later dot1x timeout tx-period Sets the number of seconds that the device waits for a response to an EAP-request/identity frame from the supplicant before retransmitting the request. Syntax dot1x timeout tx-period seconds Parameters tx-period seconds — Enter the number of seconds for the 802.
Command Mode EXEC Usage Information Use this command to view the dot1x interface configuration for a specific interface. Example Example (when dot1x is not enabled globally) Example (Ethernet) Supported Releases OS10# show dot1x interface 802.1x information on ethernet1/1/1 ------------------------------------Dot1x Status: Enable 802.1x information on ethernet1/1/2 ------------------------------------Dot1x Status: Enable 802.
● Reach an agreement on the identity of the LAG to which the link belongs. ● Move the link to that LAG. ● Enable the transmission and reception functions. LACP functions by constantly exchanging custom MAC PDUs across LAN Ethernet links. The protocol only exchanges packets between ports you configure as LACP-capable. Modes A LAG includes three configuration modes — on, active, and passive. On Sets the Channeling mode to Static. The interface acts as a member of the static LAG.
lacp port-priority 4096 lacp rate fast no shutdown ! interface ethernet1/1/8 lacp port-priority 4096 lacp rate fast no shutdown ! ... Interfaces Create a LAG and then add LAG member interfaces. By default, all interfaces are in no shutdown and switchport modes. 1. Create a LAG in CONFIGURATION mode. interface port-channel port-channel number 2. Enter INTERFACE mode. interface ethernet node/slot/port[:subport] 3. Set the channel group mode to Active in INTERFACE mode.
I - Collection enabled, J - Collection disabled, K - Distribution enabled, L - Distribution disabled, M - Partner Defaulted, N - Partner Non-defaulted, O - Receiver is in expired state, P - Receiver is not in expired state Port ethernet1/1/14 is Enabled, LACP is enabled and mode is lacp Actor Admin: State BCFHJKNO Key 20 Priority 32768 Oper: State BDEGIKNO Key 20 Priority 32768 Partner Admin: State BCEGIKNP Key 0 Priority 0 Oper: State BDEGIKNO Key 10 Priority 32768 Port ethernet1/1/16 is Enabled, LACP is e
A - Active LACP, B - Passive LACP, C - Short Timeout, D - Long Timeout E - Aggregatable Link, F - Individual Link, G - IN_SYNC, H - OUT_OF_SYNC, I - Collection enabled, J - Collection disabled, K - Distribution enabled, L - Distribution disabled, M - Partner Defaulted, N - Partner Non-defaulted, O - Receiver is in expired state, P - Receiver is not in expired state Port ethernet1/1/49 is Enabled, LACP is enabled and mode is lacp Actor Admin: State BCFHJKNO Key 1 Priority 32768 Oper: State BDEGIKNO Key 1 Pri
ARP type: ARPA Arp timeout: 240 Last clearing of "show interface" counters : Queuing strategy :fifo Input statistics: 1388 packets, 135026 octets 666 64-byte pkts,1 over 64-byte pkts, 721 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 1388 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 1387 discarded Output statistics: 2121444503 packets, 135773749275 octets 2121421152 64-byte pkts,4182 over 64-byte pkts, 19169 over 127-byte pkts 0 over 255-by
LACP_Timeout=Long Timeout(30s) Synchronization=IN_SYNC Collecting=true Distributing=true Partner information refresh timeout=Long Timeout(90s) Actor Admin State=BCFHJKNO Actor Oper State=BDEGIKNO Neighbor: 276 MAC Address=00:00:00:00:00:00 System Identifier=,00:00:00:00:00:00 Port Identifier=0,14:18:77:7a:2d:00 Operational key=1 LACP_Activity=passive LACP_Timeout=Long Timeout(30s) Synchronization=IN_SYNC Collecting=true Distributing=true Partner Admin State=BCEGIKNP Partner Oper State=BDEGIKNO LACP fallbac
View LACP fallback configuration OS10# show port-channel summary Flags: D - Down I - member up but inactive P - member up and active U - Up (port-channel) F - Fallback enabled -------------------------------------------------------------------------------Group Port-Channel Type Protocol Member Ports -------------------------------------------------------------------------------1 port-channel1 (UF) Eth DYNAMIC 1/1/10(P) 1/1/11(I) LACP fallback in non-VLT network In a non-VLT network, LACP fallback e
In the above scenario, LACP fallback works as follows: 1. The ToR/server boots up. 2. One of the VLT peers takes care of controlling the LACP fallback mode. All events are sent to the controlling VLT peer for deciding the port that should be brought up and then the decision is passed on to peer devices. 3. The controlling VLT peer can decide to bring up one of the ports in either the local port-channel or in the peer VLT port-channel. 4.
Usage Information Example Supported Releases When you delete the last physical interface from a port-channel, the port-channel remains. Configure these attributes on an individual member port. If you configure a member port with an incompatible attribute, OS10 suspends that port in the port-channel. The member ports in a port-channel must have the same setting for link speed capability and duplex capability. The no version of this command removes the interface from the port-channel.
lacp fallback preemption Enables or disables LACP fallback port preemption. Syntax lacp fallback preemption {enable | disable} Parameters ● enable—Enables preemption on the port-channel. ● disable—Disables preemption on the port-channel. Default Enabled Command Mode Port-channel INTERFACE Usage Information When you enable preemption, the fallback port election preempts the already elected fallback port and elects a new fallback port.
Parameters max-bundle-number — Enter the maximum bundle size (1 to 32). Default 32 Command Mode INTERFACE Usage Information The no version of this command resets the maximum bundle size to the default value. Example Supported Releases OS10(conf-if-po-10)# lacp max-bundle 10 10.2.0E or later lacp port-priority Sets the priority for the physical interfaces for LACP. Syntax lacp port-priority priority Parameters priority — Enter the priority for the physical interfaces (0 to 65535).
Default 32768 Command Mode CONFIGURATION Usage Information Each device that runs LACP has an LACP system priority value. LACP uses the system priority with the MAC address to form the system ID and also during negotiation with other systems. The system ID is unique for each device. The no version of this command resets the system priority to the default value. Example Supported Releases OS10(config)# lacp system-priority 32768 10.2.
example, Port Identifier=0x8000,0x101, where the port priority value is 0x8000 and the port number value is 0x101. Example OS10# show lacp interface ethernet 1/1/129 Invalid Port id, Max.
Partner System ID: 00:01:e8:8a:fd:9e Partner Port: 178 Partner Port Priority: 32768 Partner Oper Key: 1 Partner Oper State:aggregation synchronization collecting distributing defaulted expired Supported Releases 10.2.0E or later show lacp port-channel Displays information about LACP port-channels. Syntax show lacp port-channel [interface port-channel channel-number] Parameters ● interface port-channel — (Optional) Enter the interface port-channel.
Example OS10# show lacp system-identifier Actor System ID: Priority 32768, Address 90:b1:1c:f4:9b:8a Supported Releases 10.2.0E or later Link Layer Discovery Protocol LLDP enables a LAN device to advertise its system and receive system information from adjacent LAN devices. ● LLDP is enabled by default on OS10 interfaces. ● An LLDP-enabled interface can support up to eight neighbors. An OS10 switch supports a maximum of 250 total neighbors per system.
3 — Time-to-live Number of seconds that the recipient LLDP agent considers the information associated with this MAP identifier to be valid. — Optional Includes sub-types of TLVs that advertise specific configuration information. These sub-types are management TLVs, IEEE 802.1, IEEE 802.3, and TIA-1057 organization-specific TLVs. Optional TLVs OS10 supports basic TLVs, IEEE 802.1, and 802.3 organizationally-specific TLVs, and TIA-1057 organizationally-specific TLVs.
127 — Port-VLAN Untagged VLAN to which a port belongs. ID 127 — Protocol identity Not supported. 802.3 Organizationally-specific TLVs 127 — MAC/PHY configuration/ status Indicates duplex and bit rate capability and the current duplex and bit rate settings of the sending device. Also indicates whether the current settings are due to auto-negotiation or due to manual configuration. 127 — Power via MDI Not supported. 127 — Maximum frame size Maximum frame size capability of the MAC and PHY.
LLDP-MED capabilities TLV The LLDP-MED capabilities TLV communicates the types of TLVs that the endpoint device and the network connectivity device support. The value of the LLDP-MED capabilities field in the TLV is a 2–octet bitmap. Each bit represents an LLDP-MED capability. LLDP-MED is enabled by default on an interface. If you disable LLDP-MED, use the lldp med enable command to re-enable it on an interface. The device transmits MED PDUs only when it receives a TLV from a peer.
NOTE: Signaling is a series of control packets that are exchanged between an endpoint device and a network connectivity device to establish and maintain a connection. These signal packets might require a different network policy than the media packets for which a connection is made. In this case, configure the signaling application. 0 — Reserved — 1 — Voice Used for dedicated IP telephony handsets and other appliances supporting interactive voice services.
1. Configure the LLDP packet timer value in CONFIGURATION mode. lldp timer 2. Enter the multiplier value for the hold time in CONFIGURATION mode. lldp holdtime-multiplier 3. Enter the delay (in seconds) for LLDP initialization on any interface in CONFIGURATION mode.
Disable LLDP interface OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# ethernet 1/1/4 no lldp med no lldp tlv-select no lldp transmit no lldp receive Enable LLDP OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# lldp transmit OS10(conf-if-eth1/1/1)# lldp receive Disable LLDP globally OS10(config)# no lldp enable Disable and re-enable LLDP on management ports By default, LLDP is enabled on management ports.
1. Enable basic TLVs attributes to transmit and receive LLDP packets in INTERFACE mode. lldp tlv-select basic-tlv {port-description | system-name | system-description | system-capabilities | management-address} 2. Enable dot3 TLVs to transmit and receive LLDP packets in INTERFACE mode. lldp tlv-select dot3tlv {macphy-config | max-framesize} 3. Enable dot1 TLVs to transmit and receive LLDP packets in INTERFACE mode.
When an LLDP-MED endpoint is newly detected or connected to the network, the lldp-med fast-start-repeat-count command enables the network to quickly detect the endpoint. The LLDP-MED fast start repeat count specifies the number of LLDP packets that are sent during the LLDP-MED fast start period. By default, the device sends three packets per interval. Change the number of packets a device sends per second — up to 10.
View LLDP interface traffic OS10# show lldp traffic interface ethernet 1/1/1 LLDP Traffic Statistics: Total Frames Out : 0 Total Entries Aged : 0 Total Frames In : 0 Total Frames Received In Error : 0 Total Frames Discarded : 0 Total TLVS Unrecognized : 0 Total TLVs Discarded : 0 LLDP MED Traffic Statistics: Total Med Frames Out : Total Med Frames In : Total Med Frames Discarded : Total Med TLVS Discarded : Total Med Capability TLVS Discarded: Total Med Policy TLVS Discarded : Total Med Inventory TLVS Disca
10BASE-T full duplex mode, 100BASE-TX half duplex mode, 100BASE-TX full duplex mode MED Capabilities: Supported: LLDP-MED Capabilities, Network Policy, Location Identification, Extended Power via MDI - PSE, Extended Power via MDI - PD, Inventory Management Current: LLDP-MED Capabilities, Network Policy, Location Identification, Extended Power via MDI - PD, Inventory Management Device Class: Endpoint Class 3 Network Policy: Application: voice, Tag: Tagged, Vlan: 50, L2 Priority: 6, DSCP Value: 46 Inventory M
Return multiplier value OS10(config)# no lldp holdtime-multiplier LLDP commands clear lldp counters Clears LLDP and LLDP-MED transmit, receive, and discard statistics from all the physical interfaces. Syntax clear lldp counters Parameters None Default Not configured Command Mode EXEC Usage Information The counter default value resets to zero for all physical interfaces. Example Supported Releases OS10# clear lldp counters 10.2.
Example Supported Releases OS10(config)# lldp enable 10.3.1E or later lldp holdtime-multiplier Configures the multiplier value for the hold time (in seconds). Syntax lldp holdtime-multiplier integer Parameters integer — Enter the holdtime-multiplier value in seconds (2 to 10). Default 4 seconds Command Mode CONFIGURATION Usage Information Hold time is the amount of time (in seconds) that a receiving system waits to hold the information before discarding it.
Example Supported Releases OS10(conf-if-eth1/1/1)# lldp med disable 10.2.0E or later lldp med network-policy Manually defines an LLDP-MED network policy. Syntax lldp-med network-policy number app {voice | voice-signaling | guestvoice | guestvoice-signaling | softphone-voice | streaming-video | videoconferencing | video-signaling} {vlan vlan-id vlan-type {tag | untag} priority priority dscp dscp value} Parameters ● number — Enter a network policy index number (1 to 32).
Example Supported Release OS10(conf-if-eth1/1/5)# lldp med network-policy add 1 10.2.0E or later lldp med tlv-select Configures the LLDP-MED TLV type to transmit or receive. Syntax lldp med tlv-select {network—policy | inventory} Parameters ● network-policy — Enable or disable the port description TLV. ● inventory — Enable or disable the system TLV.
Supported Releases 10.2.0E or later lldp timer Configures the rate (in seconds) at which LLDP packets send to the peers. Syntax lldp timer seconds Parameters seconds — Enter the LLDP timer rate in seconds (5 to 254). Default 30 seconds Command Mode CONFIGURATION Usage Information The no version of this command sets the LLDP timer back to its default value. Example Supported Releases OS10(config)# lldp timer 25 10.2.
Example (Port) Example (Link Aggregation) Supported Releases OS10(conf-if-eth1/1/3)# lldp tlv-select dot1tlv port-vlan-id OS10(conf-if-eth1/1/3)# lldp tlv-select dot1tlv link-aggregation 10.2.0E or later lldp tlv-select dot3tlv Enables or disables the dot3 TLVs to transmit in LLDP packets. Syntax lldp tlv-select dot3tlv {macphy-config | max-framesize} Parameters ● macphy-config — Enable the port VLAN ID TLV. ● max-framesize — Enable maximum frame size TLV.
Usage Information Example Example (Local Device) Example (MED) Supported Releases Use the med parameter to view MED information for a specific interface, and use the local-device parameter to view inventory details.
Default Not configured Command Mode EXEC Usage Information Use the show lldp interface command to view MED information for a specific interface.
Example (Detail) OS10# show lldp neighbors interface ethernet 1/1/1 detail Remote Chassis ID Subtype: Mac address (4) Remote Chassis ID: 00:13:21:57:ca:40 Remote Port Subtype: Interface name (5) Remote Port ID: ethernet1/1/10 Remote Port Description: Ethernet port 1 Local Port ID: ethernet1/1/1 Locally assigned remote Neighbor Index: 3 Remote TTL: 120 Information valid for next 105 seconds Time since last information change of this neighbor: 00:00:15 Remote System Name: LLDP-pkt-gen Remote Management Addre
----------------------------------------------------------------------ethernet1/1/1 OS10 ethernet1/1/2 4:17:eb:f7:06:c4 Supported Releases 10.2.0E or later show lldp timers Displays the LLDP hold time, delay time, and update frequency interval configuration information.
show lldp traffic Displays LLDP traffic information including counters, packets transmitted and received, discarded packets, and unrecognized TLVs. Syntax show lldp traffic [interface ethernet node/slot/port[:subport]] Parameters interface ethernet node/slot/port[:subport] — (Optional) Enter the Ethernet interface information to view the LLDP traffic.
Interface: none Network Policy Profile 30 voice vlan 30 cos 5 Interface: none Network Policy Profile 36 voice vlan 4 cos 3 Interface: ethernet 1/1/1,ethernet 1/1/3-5 Supported Releases 10.2.0E or later Media Access Control All Ethernet switching ports maintain media access control (MAC) address tables. Each physical device in your network contains a MAC address. OS10 devices automatically enter learned MAC addresses as dynamic entries in the MAC address table.
○ address mac-address — (Optional) Displays MAC address information. ○ interface ethernet node/slot/port[:subport] — (Optional) Displays a list of dynamic and static MAC address entries. ○ interface port-channel number — (Optional) Displays port channel information (1 to 128). ○ count — (Optional) Displays the number of dynamic and static MAC address entries. ○ vlan vlan-id — (Optional) Displays information for a specified VLAN only (1 to 4093).
○ ethernet node/slot/port[:subport] — Delete the Ethernet interface configuration from the address table. ○ port-channel channel-number — Delete the port-channel interface configuration from the address table (1 to 128). Default Not configured Command Mode EXEC Usage Information Use the all parameter to remove all dynamic entries from the address table. Example Example (VLAN) Supported Releases OS10# clear mac address-table dynamic all OS10# clear mac address-table dynamic vlan 20 10.2.
Example (PortChannel) Supported Releases OS10(config)# mac address-table static 34:17:eb:02:8c:33 vlan 10 interface port-channel 1 10.2.0E or later show mac address-table Displays information about the MAC address table.
Multiple Spanning-Tree Protocol Multiple Spanning-Tree Protocol (MSTP) is an RSTP-based spanning-tree variation that improves on per-VLAN RPVST+. You can configure Multiple Spanning-Tree Instances (MSTIs) and map multiple VLANs to one spanning-tree instance to reduce the total number of required instances. RPVST+ allows a spanning-tree instance for each VLAN. This 1:1 approach is not suitable if you have multiple VLANs — each spanning-tree instance costs bandwidth and processing resources.
● Disable spanning-tree on an interface in INTERFACE mode. spanning-tree disable ● Enable MST on an interface in INTERFACE mode. no spanning-tree disable Create instances You can create multiple MSTP instances and map VLANs. A single MSTI provides no more benefit than RSTP. To take full advantage of the MSTP, create multiple MSTIs and map VLANs to them. 1. Enter an instance number in CONFIGURATION mode. spanning tree mst configuration 2.
ethernet1/1/9 128.292 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.292 ethernet1/1/10 128.296 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.296 ethernet1/1/11 128.300 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.300 ethernet1/1/12 128.304 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.304 ethernet1/1/13 128.308 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.308 ethernet1/1/14 128.312 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.312 ethernet1/1/15 128.316 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.
Interface Name Role PortID Prio Cost Sts Cost Link-type Edge -------------------------------------------------------------ethernet1/1/5 Root 128.276 128 500 FWD 0 AUTO No ethernet1/1/6 Altr 128.280 128 500 BLK 0 AUTO No Non-Dell hardware OS10 supports only one MST region. For a bridge to be in the same MST region as another, the three unique attributes (name, revision, and VLAN-to-instance-mapping) must match. The default values for name and revision number match on all Dell hardware.
2. Change the hello-time parameter in CONFIGURATION mode (1 to 10, default 2). Dell EMC recommends increasing the hello-time for large configurations (especially configurations with more ports). spanning-tree mst hello-time seconds 3. Change the max-age parameter in CONFIGURATION mode (6 to 40, default 20). spanning-tree mst max-age seconds 4. Change the max-hops parameter in CONFIGURATION mode (1 to 40, default 20).
2. Change the port priority of an interface in INTERFACE mode (0 to 240 in increments of 16, default 128).
BPDU guard Blocks the L2 bridged ports and LAG ports connected to end hosts and servers from receiving any BPDUs. When you enable BPDU guard, it places a port (bridge or LAG) in the Error_Disable or Blocking state if the port receives any BPDU frames. In a LAG, all member ports (including new members) are placed in the Blocking state. The network traffic drops but the port continues to forward BPDUs to the CPU that are later dropped.
BPDU filter OS10(conf-if-eth1/1/4)# spanning-tree bpdufilter enable OS10(conf-if-eth1/1/4)# do show spanning-tree interface ethernet 1/1/4 ethernet1/1/4 of vlan1 is designated Blocking Edge port:no (default) port guard :none (default) Link type is point-to-point (auto) Boundary: NO bpdu filter : Enable bpdu guard : bpduguard shutdown-onviolation :disable RootGuard: enable LoopGuard disable Bpdus (MRecords) sent 134, received 138 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ----------
MST commands instance Configures MST instances and one or multiple VLANs mapped to the MST instance. Syntax instance instance-number {vlan vlan-range} Parameters ● instance — Enter an MST instance value (0 to 63). ● vlan range — Enter a VLAN range value (1 to 4093). Default Not configured Command Mode MULTIPLE-SPANNING-TREE Usage Information By default, all VLANs map to MST instance zero (0) unless you are using the vlan range command to map the VLANs to a non-zero instance.
Supported Releases 10.2.0E or later spanning-tree bpdufilter Enables or disables BPDU filtering on an interface. Syntax spanning-tree bpdufilter {enable | disable} Parameters ● enable — Enables the BPDU filtering on an interface. ● disable — Disables the BPDU filtering on an interface. Default Disabled Command Mode INTERFACE Usage Information Use the enable parameter to enable BPDU filtering. Example Supported Releases OS10(conf-if-eth1/1/4)# spanning-tree bpdufilter enable 10.2.
Example Supported Releases OS10(config)# interface ethernet 1/1/4 OS10(config-if-eth1/1/4)# spanning-tree disable 10.3.0E or later spanning-tree guard Enables or disables loop guard or root guard on an interface. Syntax spanning-tree guard {loop | root | none} Parameters ● loop — Enables loop guard on an interface. ● root — Enables root guard on an interface. ● none — Sets the guard mode to none.
● priority priority value — Set a bridge priority value in increments of 4096 (0 to 61440). Valid priority values are: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440. All other values are rejected. ● root — Enter a primary or secondary root. ● primary — Enter a device as a primary root. ● secondary — Enter a device as a secondary root.
Default Disabled Command Mode CONFIGURATION Usage Information Use this command to enter STP MST configuration mode. Example Supported Releases OS10(config)# spanning-tree mst configuration OS10(conf-mst)# 10.2.0E or later spanning-tree mst disable Disables spanning tree on the specified MST instance. Syntax spanning-tree mst instance-number disable Parameters instance-number—Enter the instance number, ranging from 0 to 63.
Default 15 seconds Command Mode CONFIGURATION Usage Information The no version of this command resets the value to the default. Example Supported Releases OS10(config)# spanning-tree mst forward-time 16 10.2.0E or later spanning-tree mst hello-time Sets the time interval between generation and transmission of MSTP BPDUs. Syntax spanning-tree mst hello-time seconds Parameters seconds — Enter a hello-time interval value in seconds (1 to 10).
Command Mode CONFIGURATION Usage Information The no version of this command resets the value to the default. Example Supported Releases OS10(config)# spanning-tree mst max-age 10 10.2.0E or later spanning-tree mst max-hops Configures the maximum hop count for a BPDU to travel before it is discarded. Syntax spanning-tree mst max-hops number Parameters number — Enter a maximum hop value (6 to 40).
Usage Information Enable MSTl prior to using this command. Example Supported Releases OS10# show spanning-tree mst configuration Region Name: asia Revision: 0 MSTI VID 0 1,7-4093 1 2 2 3 3 4 4 5 5 6 10.2.0E or later show spanning-tree msti Displays MST instance information.
ethernet1/1/7 ethernet1/1/8 ethernet1/1/9 Example (Interface) Example (Guard) Command History Disb 128.156 Disb 128.160 Disb 128.
By default, each VLAN instance is assigned default bridge priority 32768. For example, all three instances have the same forwarding topology. Traffic load balancing is not achievable with this kind of priority assignment. You must assign each instance a different priority to achieve load balancing, as shown in Load Balancing with RPVST+. Load balance and root selection All VLANs use the same forwarding topology — R2 is elected as the root and all 10G Ethernet ports have the same cost.
-------------------------------------------------------------ethernet1/1/5 Root 128.276 128 500 FWD 0 AUTO No ethernet1/1/6 Altr 128.280 128 500 BLK 0 AUTO No Select root bridge RPVST+ determines the root bridge. Assign one bridge a lower priority to increase the likelihood that it becomes the root bridge. The show spanning-tree brief command displays information about all ports regardless of the operational status.
ethernet1/1/10 128.296 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/11 128.300 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/12 128.304 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/13 128.308 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/14 128.312 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/15 128.316 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/16 128.320 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/17 128.324 128 200000000 FWD 0 32769 0000.0000.
---------------------------------------------------------------------ethernet1/1/5 128.276 128 500 FWD 0 24577 90b1.1cf4.a523 128.276 ethernet1/1/6 128.280 128 500 LRN 0 24577 90b1.1cf4.a523 128.280 Interface Name Role PortID Prio Cost Sts Cost Link-type Edge ------------------------------------------------------------ethernet1/1/5 Desg 128.276 128 500 FWD 0 AUTO No ethernet1/1/6 Desg 128.280 128 500 LRN 0 AUTO No Loop guard This information explains how to configure loop guard on an interface.
View RPVST+ global parameters OS10# show spanning-tree active Spanning tree enabled protocol rapid-pvst with force-version rstp VLAN 1 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32769, Address 90b1.1cf4.a523 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32769, Address 90b1.1cf4.a523 We are the root of VLAN 1 Configured hello time 2, max age 20, forward delay 15 RPVST+ commands clear spanning-tree counters Clears the counters for STP.
show spanning-tree vlan Displays RPVST+ status and configuration information by VLAN ID. Syntax show spanning-tree vlan vlan-id Parameters vlan vlan-id — Enter the VLAN ID number (1 to 4093) Default Not configured Command Mode EXEC Usage Information None Example Supported Releases OS10# show spanning-tree Spanning tree enabled protocol rapid-pvst VLAN 1 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32769, Address 74e6.e2f5.
spanning-tree bpduguard Enables or disables BPDU guard on an interface. Syntax spanning-tree bpduguard {enable | disable} Parameters ● enable — Enables the BPDU guard filter on an interface. ● disable — Disables the BPDU guard filter on an interface. Default Disabled Command Mode INTERFACE Usage Information BPDU guard prevents a port from receiving BPDUs. If the port receives a BPDU, it is placed in the Error-Disabled state as a protective measure.
Supported Releases 10.2.0E or later spanning-tree mode Enables an STP type (RSTP, Rapid-PVST+, or MST). Syntax spanning-tree mode {rstp | mst | rapid-pvst} Parameters ● rstp — Sets the STP mode to RSTP. ● mst — Sets the STP mode to MST. ● rapid-pvst — Sets the STP mode to RPVST+. Default RPVST+ Command Mode CONFIGURATION Usage Information All STP instances are stopped in the previous STP mode, and are restarted in the new mode. You can also change to RSTP/MST mode.
● ● ● ● Port-channel Port-channel Port-channel Port-channel interface with one 10 Gigabit Ethernet = 2000 with two 1 Gigabit Ethernet = 18000 with two 10 Gigabit Ethernet = 1800 with two 100 Mbps Ethernet = 180000 Command Mode INTERFACE Usage Information The media speed of a LAN interface determines the STP port path cost default value. Example Supported Releases OS10(conf-if-eth1/1/4)# spanning-tree vlan 10 cost 1000 10.2.
● rstp — Forces the version for the BPDUs transmitted by RPVST+ to RSTP Default Not configured Command Mode CONFIGURATION Usage Information Forces a bridge that supports RPVST+ to operate in a STP-compatible mode. Example Supported Releases OS10(config)# spanning-tree mst force-version 10.2.0E or later spanning-tree vlan hello-time Sets the time interval between generation and transmission of RPVST BPDUs.
Parameters max-age seconds — Enter a maximum age value in seconds (6 to 40). Default 20 seconds Command Mode CONFIGURATION Usage Information None Example Supported Releases OS10(config)# spanning-tree vlan 10 max-age 10 10.2.0E or later spanning-tree vlan priority Sets the priority value for RPVST+. Syntax spanning-tree vlan vlan-id priority priority value Parameters priority priority value — Enter a bridge-priority value in increments of 4096 (0 to 61440).
● root — Designate the bridge as primary or secondary root. ● primary — Designate the bridge as primary or root bridge. ● secondary — Designate the bridge as secondary or secondary root bridge. Default Not configured Command Mode CONFIGURATION Usage Information None Example Supported Releases OS10(config)# spanning-tree vlan 1 root primary 10.2.
View all port participating in RSTP OS10# show spanning-tree Spanning tree enabled protocol rstp with force-version rstp Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 3417.4455.667f Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 90b1.1cf4.
Interface Name Role PortID Prio Cost Sts Cost Link-type Edge ------------------------------------------------------------------------ethernet1/1/1 Disb 128.260 128 200000000 BLK 0 AUTO No ethernet1/1/2 Disb 128.264 128 200000000 BLK 0 AUTO No ethernet1/1/3 Disb 128.268 128 200000000 BLK 0 AUTO No ethernet1/1/4 Disb 128.272 128 200000000 BLK 0 AUTO No ethernet1/1/5:1 Disb 128.
---------------------------------------------------------ethernet3/1/1 Altr 128.244 128 500 BLK 0 AUTO No ethernet3/1/2 Altr 128.248 128 500 BLK 0 AUTO No ethernet3/1/3 Root 128.252 128 500 FWD 0 AUTO No ethernet3/1/4 Altr 128.256 128 500 BLK 0 AUTO No Interface parameters Set the port cost and port priority values on interfaces in L2 mode. Port cost Value that is based on the interface type. The previous table lists the default values.
Root ID Priority 32768, Address 3417.4455.667f Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 36864, Address 90b1.1cf4.a523 Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ---------------------------------------------------------------------ethernet1/1/6:3 128.282 128 2000 FWD 0 32768 3417.4455.667f 128.152 ethernet1/1/6:4 128.283 128 2000 BLK 0 32768 3417.4455.667f 128.
Root guard Avoids bridging loops and preserves the root bridge position during network transitions. STP selects the root bridge with the lowest priority value. During network transitions, another bridge with a lower priority may attempt to become the root bridge and cause unpredictable network behavior. Configure the spanning-tree guard root command to avoid such an attempt and preserves the position of the root bridge. Root guard is enabled on ports that are designated ports.
Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID -----------------------------------------------------------------ethernet1/1/4 128.272 128 500 BLK 500 32769 90b1.1cf4.a911 128.
show spanning-tree active Displays the RSTP configuration and information for RSTP-active interfaces. Syntax show spanning-tree active Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show spanning-tree active Spanning tree enabled protocol rstp with force-version rstp Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 90b1.1cf4.
Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state 1 Link type is point-to-point by default, auto PVST Simulation is enabled by default BPDU sent 3, received 7 Supported Releases 10.2.0E or later spanning-tree bpdufilter Enables or disables BPDU filtering on an interface. Syntax spanning-tree bpdufilter {enable | disable} Parameters ● enable — Enables the BPDU filtering on an interface. ● disable — Disables the BPDU filtering on an interface.
Command Mode CONFIGURATION INTERFACE Example Supported Releases OS10(config)# interface ethernet 1/1/4 OS10(config-if-eth1/1/4)# spanning-tree disable 10.3.0E or later spanning-tree guard Enables or disables loop guard or root guard on an interface. Syntax spanning-tree guard {loop | root | none} Parameters ● loop — Enables loop guard on an interface. ● root — Enables root guard on an interface. ● none — Sets the guard mode to none.
spanning-tree port Sets the port type as the EdgePort. Syntax spanning-tree port type edge Parameters None Default Not configured Command Mode INTERFACE Usage Information When you configure an EdgePort on a device running STP, the port immediately transitions to Forwarding state. Only configured ports connected to end hosts act as EdgePorts. Example Supported Releases OS10(config)# spanning-tree port type edge 10.2.
spanning-tree rstp hello-time Sets the time interval between generation and transmission of RSTP BPDUs. Syntax spanning-tree rstp hello-time seconds Parameters seconds — Enter a hello-time interval value in seconds (1 to 10). Default 2 seconds Command Mode CONFIGURATION Usage Information Dell EMC recommends increasing the hello-time for large configurations (especially configurations with multiple ports). Example Supported Releases OS10(config)# spanning-tree rstp hello-time 5 10.2.
spanning-tree rstp Sets the priority value for RSTP. Syntax spanning-tree rspt priority priority value Parameters priority priority value — Enter a bridge-priority value in increments of 4096 (0 to 61440). Valid priority values are: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440. All other values are rejected.
* i-Internal untagged, I-Internal tagged, v-VLT untagged, V-VLT tagged NUM Status Description Q Ports 1 up A Eth1/1/1-1/1/54 Create or remove VLANs You can create VLANs and add physical interfaces or port-channel (LAG) interfaces to the VLAN as tagged or untagged members. You can add an Ethernet interface as a trunk port or as an access port, but it cannot be added as both at the same time.
Interface index is 69208865 Internet address is not set MTU 1532 bytes LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 240 Last clearing of "show interface" counters Queueing strategy: fifo Time since last interface status change: Vlan 200 is up, line protocol is up Address is , Current address is Interface index is 69209064 Internet address is not set MTU 1532 bytes LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 240 Last clearing of "show interface" counters Que
! interface vlan1 no shutdown ... Trunk mode A trunk port can be a member of multiple VLANs set up on an interface. A trunk port can transmit traffic for all VLANs. To transmit traffic on a trunk port with multiple VLANs, OS10 uses tagging or the 802.1q encapsulation method. 1. Configure a port in INTERFACE mode. interface ethernet node/slot/port[:subport] 2. Change the Switchport mode to Trunk mode in INTERFACE mode. switchport mode trunk 3. Enter the allowed VLANs on the trunk port in INTERFACE mode.
Assign IP address to VLAN OS10(config)# interface vlan 200 OS10(conf-if-vl-200)# ip address 10.1.15.
* i-Internal untagged, I-Internal tagged, v-VLT untagged, V-VLT tagged NUM Status Description Q Ports 1 up A Eth1/1/1-1/1/32 A Po40 200 up T Eth1/1/3:2 T Po40 A Eth1/1/31 320 up T Eth1/1/25:4 1/1/32 T Po40 A Eth1/1/3:1 View interface VLAN configuration OS10# show interface vlan Vlan 1 is up, line protocol is up Address is , Current address is Interface index is 69208865 Internet address is not set MTU 1532 bytes LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 240 Last clearing of "sh
Parameters description — Enter a text string to identify the VLAN (up to 80 characters). Default Not configured Command Mode INTERFACE-VLAN Usage Information None Example Supported Releases OS10(conf-if-vlan)# description vlan3 10.2.0E or later interface vlan Creates a VLAN interface. Syntax interface vlan vlan-id Parameters vlan-id — Enter the VLAN ID number (1 to 4093).
Port monitoring Port monitoring enables monitoring of ingress or egress traffic of one port to another for analysis. A monitoring port (MG) or destination port, is the port where the monitored traffic is sent for analysis. A monitored port (MD) is the source interface which is monitored for traffic analysis, also called source port. Depending on the location of the destination interface, port monitoring is performed as follows: ● Local port monitoring — The port monitoring is performed in the same switch.
Remote port monitoring Remote port monitoring allows you to monitor ingress and/or egress traffic on multiple source ports of multiple devices and forward the monitored traffic to multiple destination ports on different remote devices. Remote port monitoring helps network administrators monitor and analyze traffic to troubleshoot network problems in a time-saving and efficient way.
Source session ● Configure physical ports and port-channels as sources in remote port monitoring and use them in the same source session. You can use both L2 (configured with the switchport command) and L3 ports as source ports. Optionally configure one or more source VLANs to configure the VLAN traffic to be monitored on source ports. ● Use the default VLAN and native VLANs as a source VLAN. ● You cannot configure the dedicated VLAN used to transport mirrored traffic as a source VLAN.
Encapsulated remote port monitoring The monitored traffic can also be transmitted over an L3 network to a remote analyzer. The encapsulated remote port monitoring (ERPM) session mirrors traffic from the source ports/lags or source VLANs and forwards the traffic using routable GRE-encapsulated packets to the destination IP address specified in the session. Consider the following points while configuring an ERPM session: ● OS10 supports only the ERPM source session.
source-ip 1.1.1.1 destination-ip 3.3.3.3 source interface ethernet1/1/2 no shut Flow-based monitoring Flow-based monitoring conserves bandwidth by inspecting only specified traffic instead of all interface traffic. Using flow-based monitoring, you can monitor only traffic received by the source port that matches criteria in ingress access-lists. 1. Enable flow-based monitoring for a monitoring session in MONITOR-SESSION mode. flow-based enable 2. Return to CONFIGURATION mode. exit 3.
● ERPM does not work on VLT devices. RPM on VLT scenarios Consider a simple VLT setup where two VLT devices are connected using VLTi and a top-of-rack (TOR) switch is connected to both the VLT peers using VLT LAGs in a ring topology. In this setup, the following table describes the possible scenarios when RPM is used to mirror traffic. NOTE: The ports that are connected to the VLT domain, but not part of the VLT-LAG, are called orphan ports. Table 2.
Table 2. RPM on VLT scenarios (continued) Scenario Recommendation 2. Create a flow based local session on the VLT device to monitor VLTi LAG interface member (ethernet 1/1/1) as source. ! monitor session 10 type destination interface ethernet 1/1/10 flow-based enable source interface ethernet1/1/1 no shut ! Mirror a VLAN with VLTi LAG as member to VLT LAG on the same VLT device. The packet analyzer is connected to the TOR switch.
Usage Information Example The no version of this command removes the description text. OS10(conf-mon-local-1)# description remote OS10(conf-mon-rpm-source-5)# description "RPM Sesssion" OS10(conf-mon-erpm-source-10)# description "ERPM Session" Supported Releases 10.2.0E or later destination (Port Monitoring) Sets the destination where monitored traffic is sent to. The monitoring session can be local or RPM.
Supported Releases 10.2.0E or later ip Configures the IP time to live (TTL) value and the differentiated services code point (DSCP) value for the ERPM traffic. Syntax ip {ttl ttl-number | dscp dscp-number} Parameters ● ttl-number — Enter the TTL value (1 to 255) ● dscp-number — Enter the DSCP value (0 to 63). Default ● TTL: 255 ● DSCP: 0 Command Mode MONITOR-SESSION (ERPM) Usage Information The no version of this command removes the TTL and the DSCP values configured.
show monitor session Displays information about a monitoring session. Syntax show monitor session {session-id | all} Parameters ● session-id — Enter the session ID number (1 to 18). ● all — View all monitoring sessions. Default All Command Mode EXEC Usage Information In the State field, true indicates that the port is enabled. In the Reason field, Is UP indicates that hardware resour Example (specific session) Example (all sessions) Supported Releases OS10# show monitor session 1 S.
source (Port Monitoring) Configures a source for port monitoring. The monitoring session can be one of the following: local, RPM, or ERPM. Syntax source interface interface-type {both | rx | tx} Parameters ● interface-type — Enter the interface type: ○ ethernet node/slot/port[:subport] — Enter the Ethernet interface information as the monitored source. ○ port-channel id-number — Enter the port-channel interface number as the monitored source (1 to 128). This option is not supported in S5148F–ON .
5 Layer 3 Bidirectional forwarding detection (BFD) Provides rapid failure detection in links with adjacent routers (see BFD commands). Border Gateway Protocol (BGP) Provides an external gateway protocol that transmits inter-domain routing information within and between autonomous systems (see BGP Commands). Equal Cost Multi- Provides next-hop packet forwarding to a single destination over multiple best paths (see ECMP Path (ECMP) Commands).
You can enable various services in the either of the management or default VRF instances. Refer to the following table for the services supported in the management VRF instance and the default VRF instance. Table 3.
management route ip-address mask managementethernet or management route ipv6-address prefix-length managementethernet You can also configure the management route to direct traffic to a physical interface in case of the management VRF instance. For example: management route 10.1.1.5/24 ethernet 1/1/4 or management route 2::/64 ethernet 1/1/1. ● Configure a static entry in the IPv6 neighbor discovery.
You can also auto configure an IPv6 address using the ipv6 address autoconfig command. NOTE: Before configuring any routing protocol in a VRF instance, you need to first assign an IP address to at least one of the interfaces assigned to the VRF instance on which you want to configure routing protocols. Assigning a loopback interface to a non-default VRF instance After creating a non-default VRF instance you can associate a loopback interface to the VRF instance that you created.
no interface management Deleting a non-default VRF instance Before deleting a non-default VRF instance, ensure all the dependencies and associations corresponding to that VRF instance are first removed or disabled. Following table shows the dependencies that you have to remove before deleting a non-default VRF instance: Table 4. Configurations to be removed CONFIGURATION MODE COMMAND IP address — In interface configuration mode, undo the IP address configuration.
Figure 3. Setup VRF Interfaces The following example relates to the configuration shown in the above illustrations. Router 1 ip vrf blue ! ip vrf orange ! ip vrf green ! interface ethernet 1/1/1 no ip address no switchport no shutdown ! interface ethernet1/1/2 no shutdown no switchport ip vrf forwarding blue ip address 20.0.0.1/24 ! interface ethernet1/1/3 no shutdown no switchport ip vrf forwarding orange ip address 30.0.0.
ip vrf forwarding green ip address 40.0.0.1/24 ! interface vlan128 mode L3 no shutdown ip vrf forwarding blue ip address 1.0.0.1/24 ! interface vlan192 mode L3 no shutdown ip vrf forwarding orange ip address 2.0.0.1/24 ! ! interface vlan256 mode L3 no shutdown ip vrf forwarding green ip address 3.0.0.1/24 ! ip route vrf green 30.0.0.0/24 3.0.0.
! ip route vrf green 31.0.0.0/24 3.0.0.1 The following shows the output of the show commands on Router 1.
Router 2 OS10# show ip vrf VRF-Name blue Interfaces Eth1/1/5 Vlan128 default Mgmt1/1/1 Vlan1,24-25,200 green Eth1/1/7 Vlan256 orange Eth1/1/6 Vlan192 OS10# show ip route vrf blue Codes: C - connected S - static B - BGP, IN - internal BGP, EX - external BGP O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, * - candidate default, + - summary route, > - non-active route Gateway of last resort is not set
● Display the interfaces assigned to a VRF instance. EXEC show ip vrf [vrf-name] VRF commands interface management Adds management interface to the management VRF instance. Syntax interface management Parameters None Default Not configured Command Mode VRF CONFIGURATION Usage Information The no version of this command removes the management interface from the management VRF instance. Example Supported Releases OS10(config)# ip vrf management OS10(conf-vrf)# interface management 10.4.
● vrf-name—Enter the name of the non-default VRF instance to configure a domain name for that VRF instance. ● domain-name—Enter the domain name. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the host name from the management or non-default VRF instance. Example Supported Releases OS10(config)# ip domain-name vrf management dell.com or OS10(config)# ip domain-name vrf blue dell.com 10.4.
ip host vrf Configures a host name for the management VRF instance or a non-default VRF instance and maps the host name to an IP/IPv6 address. Syntax ip host vrf {management | vrf-name} hostname {IP-address | Ipv6–address} Parameters ● management—Enter the keyword management to configure a host name for the management VRF instance. ● vrf-name—Enter the name of the non-default VRF instance to configure a host name for that VRF instance. ● hostname—Enter the host name.
Example Supported Releases OS10(config)# ip name-server vrf management or OS10(config)# ip name-server vrf blue 10.4.0E(R1) or later ip scp vrf Configures a SCP connection for the management VRF instance. Syntax ip scp vrf management Parameters None Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes management VRF instance configuration from the SCP client. Example Supported Releases OS10(config)# ip scp vrf management 10.4.
Supported Releases 10.4.0E(R1) or later ip vrf management Configures the management VRF instance. Syntax ip vrf management Parameters None Default Not configured Command Mode CONFIGURATION Usage Information Enter the ip vrf management command only in non-transaction-based configuration mode. Do not use transaction-based mode. The no version of this command removes the management VRF instance configuration. Example Supported Releases OS10(config)# ip vrf management OS10(conf-vrf)# 10.4.
Parameters ● management—Enter the keyword management to display information corresponding to the management VRF instance. ● vrf-name—Enter the name of the non-default VRF instance to display information corresponding to that VRF instance. Default Not configured Command Mode EXEC Usage Information None Example OS10# show ip vrf VRF-Name default Interfaces Mgmt1/1/1 Eth1/1/1-1/1/2 Vlan1 management OS10# show ip vrf management VRF-Name Interfaces management Supported Releases 10.4.
● In Demand mode, if one router requests Demand mode, the other router stops sending periodic control packets; it only sends a response to status inquiries from the Demand mode initiator. Either peer router, but not both, can request Demand mode at any time. A BFD session can have four states: Administratively Down, Down, Init, and Up. The default BFD session state is Down. ● Administratively Down — The local BFD router does not participate in the session.
4. The passive system receives the control packet and changes its state to Up. Both systems agree that a session is established. However, because both members must send a control packet, which requires a response, whenever there is a state change or change in a session parameter, the passive system sends a final response indicating the state change. After this, periodic control packets are exchanged.
● multiplier number — Enter the number of consecutive packets that must not be received from a BFD peer before the session state changes to Down, from 3 to 50; default 3. ● role {active | passive} — Enter active if the router initiates BFD sessions. Both BFD peers can be active at the same time. Enter passive if the router does not initiate BFD sessions, and only responds to a request from an active BFD to initialize a session. The default is active. 2. Enable BFD globally in CONFIGURATION mode.
Router 1 OS10(conf)# bfd enable OS10(conf)# router bgp 1 OS10(config-router-bgp-1)# neighbor 2.2.4.3 OS10(config-router-neighbor)# bfd OS10(config-router-neighbor)# no shutdown OR OS10(conf)# bfd enable OS10(conf)# router bgp 1 OS10(config-router-bgp-1)# bfd all-neighbors interval 200 min_rx 200 multiplier 6 role active Router 2 OS10(conf)# bfd enable OS10(conf)# router bgp 2 OS10(config-router-bgp-2)# neighbor 2.2.4.
Configure BFD sessions with all neighbors discovered by the BGP in ROUTER-BGP mode. The BFD session parameters you configure override the global session parameters configured in Step 1. bfd all-neighbors [interval milliseconds min_rx milliseconds multiplier number role {active | passive}] ● interval milliseconds — Enter the time interval for sending control packets to BFD peers, from 100 to 1000; default 200. Dell EMC recommends using more than 100 milliseconds.
---------------------------------------------------------------------------* 150.150.1.2 150.150.1.1 vlan10 up 1000 1000 5 default bgp OS10# show bfd neighbors detail Session Discriminator: 1 Neighbor Discriminator: 2 Local Addr: 150.150.1.2 Local MAC Addr: 90:b1:1c:f4:ab:fd Remote Addr: 150.150.1.
Martian address 0, Our own AS in AS-PATH 0 Invalid Nexthop 0, Invalid AS-PATH length 0 Wellknown community 0, Locally originated 0 Local host: 20.1.1.2, Local port: 179 Foreign host: 20.1.1.1, Foreign port: 58248 BFD commands bfd Enables BFD sessions with specified neighbors.
● role {active | passive} — Enter active if the router initiates BFD sessions. Both BFD peers can be active at the same time. Enter passive if the router does not initiate BFD sessions, and only responds to a request from an active BFD to initialize a session. Default The time interval for sending control packets to BFD peers is 200 milliseconds. The maximum waiting time for receiving control packets from BFD peers is 200 milliseconds.
Supported releases 10.4.1.0 or later bfd interval Configures parameters for all BFD sessions on the switch. Syntax bfd interval milliseconds min_rx milliseconds multiplier number role {active | passive} Parameters ● interval milliseconds — Enter the time interval for sending control packets to BFD peers, from 100 to 1000. Dell EMC recommends using more than 100 milliseconds. ● min_rx milliseconds — Enter the maximum waiting time for receiving control packets from BFD peers, from 100 to 1000.
Neighbor Discriminator: 2 Local Addr: 150.150.1.2 Local MAC Addr: 90:b1:1c:f4:ab:fd Remote Addr: 150.150.1.
Classless interdomain routing BGPv4 supports classless interdomain routing (CIDR) with aggregate routes and AS paths. CIDR defines a network using a prefix consisting of an IP address and mask, resulting in efficient use of the IPv4 address space. Using aggregate routes reduces the size of routing tables. Path-vector routing BGP uses a path-vector protocol which maintains dynamically updated path information. Path information updates which return to the originating node are detected and discarded.
Peer templates also aid in convergence speed. When a BGP process sends the same information to many peers, a long output queue may be set up to distribute the information. For peers that are members of a peer template, the information is sent to one place then passed on to the peers within the template. Route reflectors Route reflectors (RRs) reorganize the IBGP core into a hierarchy and allow route advertisement rules. Route reflection divides IBGP peers into two groups — client peers and nonclient peers.
Attributes Routes learned using BGP have associated properties that are used to determine the best route to a destination when multiple paths exist to a particular destination. These properties are called BGP attributes which influence route selection for designing robust networks. There are no hard-coded limits on the number of supported BGP attributes.
In Non-Deterministic mode, the bgp non-deterministic-med command applies. Paths compare in the order they arrive. This method leads to system selection of different best paths from a set of paths. Depending on the order they were received from the neighbors, MED may or may not get compared between the adjacent paths. In Deterministic mode, the system compares MED. MED is compared between the adjacent paths within an AS group because all paths in the AS group are from the same AS.
Origin The origin indicates how the prefix came into BGP. There are three origin codes—IGP, EGP, and INCOMPLETE. IGP Prefix originated from information learned through an IGP. EGP Prefix originated from information learned from an EGP, which Next Generation Protocol (NGP) replaced. INCOMPLETE Prefix originated from an unknown source. An IGP indicator means that the route was derived inside the originating AS. EGP means that a route was learned from an external gateway protocol.
By default, the bestpath as-path multipath-relax command is disabled. This prevents BGP from load-balancing a learned route across two or more EBGP peers. To enable load-balancing across different EBGP peers, enter the bestpath as-path multipath-relax command. If you configure the bgp bestpath as-path ignore command and the bestpath as-path multipath-relax command at the same time, an error message displays—only enable one command at a time.
If the AS number of the peer is different, the 4-byte speaker brings up the neighbor session using a reserved 2-byte ASN,23456 called AS_TRANS. The AS_TRANS is used to interop between a 2-byte and 4-byte AS number. Where the 2-byte format is 1 to 65535, the 4-byte format is 1 to 4294967295. You can enter AS numbers using the traditional format. AS number migration You can transparently change the AS number of an entire BGP network.
BGP neighbor adjacency changes All BGP neighbor changes are logged Fast external fallover Enabled Graceful restart Disabled Local preference 100 4-byte AS Enabled MED 0 Route flap dampening parameters ● ● ● ● Timers ● keepalive = 60 seconds ● holdtime = 180 seconds Add-path Disabled half-life = 15 minutes max-suppress-time = 60 minutes reuse = 750 suppress = 2000 Enable BGP Before enabling BGP, assign a BGP router ID to the switch using the following command: ● In the ROUTER BGP mode, ent
Configure BGP OS10# configure terminal OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 5.1.1.1 OS10(config-router-neighbor)# remote-as 1 OS10(config-router-neighbor)# description n1_abcd OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# template t1 OS10(config-router-template)# description peer_template_1_abcd View BGP summary with 2-byte AS number OS10# show ip bgp summary BGP router identifier 202.236.164.
View BGP running configuration OS10# show running-configuration bgp ! router bgp 100 ! neighbor 5.1.1.1 description n1_abcd Configuring BGP in a non-default VRF instance To configure BGP in a non-default VRF instance. 1. Assign an AS number, and enter ROUTER-BGP mode from CONFIGURATION mode (1 to 65535 for 2-byte, 1 to 4294967295 for 4-byte). Only one AS number is supported per system. If you enter a 4-byte AS number, 4-byte AS support is enabled automatically. router bgp as-number 2.
2. Enable IPv6 unicast support on a BGP neighbor/template in CONFIG-ROUTER-BGP-AF mode. activate Peer templates To configure multiple BGP neighbors at one time, you can create and populate a BGP peer template. An advantage of configuring peer templates is that members of a peer template inherit the configuration properties of the template and share update policy. Always create a peer template and assign a name to it before adding members to the peer template.
Configure peer templates OS10(config)# router bgp 300 OS10(config-router-bgp-300)# template ebgppg OS10(config-router-template)# remote-as 100 OS10(config-router-template)# description peer_template_1_abcd OS10(config-router-template)# exit OS10(config-router-bgp-300)# neighbor 3.1.1.
● To add an IBGP neighbor, configure the as-number parameter with the same BGP as-number configured in the router bgp as-number command. 6. (Optional) Add a text description for the template in ROUTER-TEMPLATE mode. description text 7. Assign a peer-template with a peer-group name from which to inherit to the neighbor in ROUTER-NEIGHBOR mode. inherit template template-name 8. Enable the neighbor in ROUTER-BGP mode. neighbor ip-address 9. Enable the peer-group in ROUTER-NEIGHBOR mode.
3. Enter the neighbor IP address in ROUTER-BGP mode. neighbor ip-address 4. Enable BGP fast fall-Over in ROUTER-NEIGHBOR mode. fall-over Configure neighbor fall-over OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 3.1.1.1 OS10(config-router-neighbor)# remote-as 100 OS10(config-router-neighbor)# fall-over OS10(config-router-neighbor)# no shutdown Verify neighbor fall-over on neighbor OS10(config-router-neighbor)# do show ip bgp neighbors 3.1.1.1 BGP neighbor is 3.1.1.
! neighbor 40.1.1.2 inherit template bgppg no shutdown ! neighbor 60.1.1.2 inherit template bgppg no shutdown ! neighbor 32.1.1.2 remote-as 100 no shutdown ! template bgppg fall-over remote-as 102 Configure password You can enable message digest 5 (MD5) authentication with a password on the TCP connection between two BGP neighbors. Configure the same password on both BGP peers.
remote-as 10 no shutdown OS10(config-router-neighbor)# do show running-configuration bgp ! router bgp 10 ! template pass password 9 f785498c228f365898c0efdc2f476b4b27c47d972c3cd8cd9b91f518c14ee42d ! neighbor 11.1.1.
Fast external fallover is enabled by default. To disable or re-enable it, use the [no] fast-external-fallover command. For the fast-external-fallover command to take effect on an established BGP session, you must reset the session using the clear ip bgp {* | peer-ipv4-address | peer-ipv6-address} command. View fast external fallover configuration OS10(config)# do show running-configuration bgp ! router bgp 300 ! neighbor 3.1.1.
3::1 100 9 5 00:00:29 4 OS10(conf-if-eth1/1/1)# OS10(config-router-bgp-neighbor-af)# Apr 27 01:39:03 OS10 dn_sm[2065]: Node.1Unit.1:PRI:alert [os10:event], %Dell EMC (OS10) %BGP_NBR_BKWD_STATE_CHG: Backward state change occurred Hold Time expired for Nbr:3.1.1.3 VRF:default Apr 27 01:39:03 OS10 dn_sm[2065]: Node.1-Unit.
3. Return to ROUTER-BGP mode. exit 4. Enter a template name to assign to the peer-groups in ROUTER-BGP mode (up to 16 characters). template template-name 5. Enter a local-as number for the peer in ROUTER-TEMPLATE mode. local-as as number [no prepend] 6. Add a remote AS in ROUTER-TEMPLATE mode (1 to 65535 for 2 bytes, 1 to 4294967295 for 4 bytes). remote-as as-number Allow external routes from neighbor OS10(config)# router bgp 10 OS10(conf-router-bgp-10)# neighbor 32.1.1.
dampening ! neighbor 17.1.1.
Additional paths The add-path command is disabled by default. 1. Assign an AS number in CONFIGURATION mode. router bgp as-number 2. Enter a neighbor and IP address (A.B.C.D) in ROUTER-BGP mode. neighbor ip-address 3. Enter Address Family mode in ROUTER-NEIGHBOR mode. address-family {[ipv4 | ipv6] [unicast]) 4. Allow the specified neighbor to send or receive multiple path advertisements in ROUTER-BGP mode.
2. Change the LOCAL_PREF value for routes meeting the criteria of this route map in ROUTE-MAP mode, then return to CONFIGURATION mode. set local-preference value exit 3. Enter ROUTER-BGP mode. router bgp as-number 4. Enter the neighbor to apply the route map configuration in ROUTER-BGP mode. neighbor {ip-address} 5. Apply the route map to the neighbor’s incoming or outgoing routes in ROUTER-BGP-NEIGHBOR-AF mode. route-map map-name {in | out) 6.
3. Return to ROUTER-BGP mode. exit 4. Assign a weight value to the peer-group in ROUTER-BGP mode. template template name 5. Set a weight value for the route in ROUTER-TEMPLATE mode. weight weight Modify weight attribute OS10(config)# router bgp 10 OS10(config-router-bgp-10)# neighbor OS10(config-router-neighbor)# weight OS10(config-router-neighbor)# exit OS10(config-router-bgp-10)# template OS10(config-router-template)# weight 10.1.1.
6. Create a route-map, and assign a filtering criteria in ROUTER-BGP-TEMPLATE-AF mode. route-map map-name {in | out} Filter BGP route OS10(config)# router bgp 102 OS10(conf-router-bgp-102)# neighbor 40.1.1.
1. Assign an AS number in CONFIGURATION mode. router bgp as-number 2. Enter Address Family mode in ROUTER-BGP mode. address-family {[ipv4 | ipv6] [unicast]} 3. to aggregate in ROUTER-BGPv4-AF mode. aggregate-address ip-address mask Configure aggregate routes OS10(config)# router bgp 105 OS10(conf-router-bgp-105)# address-family ipv4 unicast OS10(conf-router-bgpv4-af)# aggregate-address 3.3.0.
OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-65501)# neighbor 3.1.1.2 OS10(conf-router-neighbor)# remote-as 65504 OS10(conf-router-neighbor)# no shutdown OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-65501)# end OS10# show running-configuration bgp ! router bgp 65501 confederation identifier 100 confederation peers 65502 65503 65504 ! neighbor 1.1.1.2 remote-as 65502 no shutdown ! neighbor 2.1.1.2 remote-as 65503 no shutdown ! neighbor 3.1.1.
Configure values to reuse or restart route OS10(config)# router bgp 102 OS10(conf-router-bgp-102)# address-family ipv4 unicast OS10(conf-router-bgpv4-af)# dampening 2 2000 3000 10 View dampened (nonactive) routes OS10# show ip bgp flap-statistics BGP local router ID is 13.176.123.
resetting the TCP connection. After configuring soft-reconfiguration, use clear ip bgp to make the neighbor use soft reconfiguration. When you enable soft-reconfiguration for a neighbor and you execute the clear ip bgp soft in command, the update database stored in the router replays and updates are re-evaluated. With this command, the replay and update process triggers only if a route-refresh request is not negotiated with the peer.
Supported Releases 10.2.0E or later add-path Allows the system to advertise multiple paths for the same destination without replacing previous paths with new ones. Syntax add-path {both path count | receive | send path count} Parameters ● both path count — Enter the number of paths to advertise to the peer, from 2 to 64. ● receive — Receive multiple paths from the peer. ● send path count — Enter the number of multiple paths to send multiple to the peer, from 2 to 64.
advertisement-interval Sets the minimum time interval for advertisement between the BGP neighbors or within a BGP peer group. Syntax advertisement-interval seconds Parameters seconds—Enter the time interval value (in seconds) between BGP advertisements, from 1 to 600. Default EBGP 30 seconds, IBGP 5 seconds Command Mode ROUTER-NEIGHBOR Usage Information The time interval applies to all peer group members of the template in ROUTER-TEMPLATE mode.
not add the as-set parameter to the aggregate because the aggregate flaps to track changes in the AS_PATH. The no version of this command disables the aggregate-address configuration. Example Supported Releases OS10(conf-router-bgpv4-af)# aggregate-address 6.1.0.0/16 summary-only 10.3.0E or later allowas-in Sets the number of times a local AS number appears in the AS path. Syntax allowas-in as-number Parameters as-number—Enter the number of occurrences for a local AS number, from 1 to 10.
as-notation Changes the AS number notation format (requires four-octet-assupport). Syntax as-format {asdot | asdot+ | asplain} Parameters ● asdot — Specify the AS number notation in asdot format. ● asdot+ — Specify the AS number notation in asdot+ format. ● asplain — Specify the AS number notation in asplain format.
Parameters ● confed — Compare MED among BGP confederation paths. ● missing-as-worst — Treat missing MED as the least preferred path. Default Disabled Command Mode ROUTER-BGP Usage Information Before you apply this command, use the always-compare-med command. The no version of this command resets the MED comparison influence. NOTE: To configure these settings for a non default VRF instance, you must first enter the ROUTER-CONFIG-VRF sub mode using the following commands: 1.
Command Mode EXEC Usage Information To reset BGP IPv4 or IPv6 neighbor sessions, use this command. Example Supported Releases OS10# clear ip bgp 1.1.15.4 10.3.0E or later clear ip bgp * Resets BGP sessions. The soft parameter (BGP soft reconfiguration) clears policies without resetting the TCP connection. Syntax clear ip bgp * [vrf vrf-name] [ipv4 unicast | ipv6 unicast | soft [in | out]] Parameters ● * — Enter to clear all BGP sessions.
clear ip bgp flap-statistics Clears all or specific IPv4 or IPv6 flap counts of prefixes. Syntax clear ip bgp [vrf vrf-name] [ipv4–address | ipv6–address] flap-statistics [ipv4–prefix | ipv6–prefix] Parameters ● vrf vrf-name — (OPTIONAL) Enter the keyword vrf followed by the name of the VRF to clear flap statistics information corresponding to that VRF. ● ipv4–address — (Optional) Enter an IPv4 address to clear the flap counts of the prefixes learned from the given peer.
Parameters ● identifier as-num —Enter an AS number, from 0 to 65535 for 2 bytes, 1 to 4294967295 for 4 bytes, or 0.1 to 65535.65535 for dotted format. ● peers as-number—Enter an AS number for peers in the BGP confederation, from 1 to 4294967295. Default Not configured Command Mode ROUTER-BGP Usage Information Configure your system to accept 4-byte formats before entering a 4-byte AS number. All routers in the Confederation must be 4-byte or 2-byte identified routers.
cluster-id Assigns a cluster ID to a BGP cluster with multiple route reflectors. Syntax cluster-id {number | ip-address} Parameters ● number—Enter a route reflector cluster ID as a 32-bit number, from 1 to 4294967295. ● ip-address—Enter an IP address as the route-reflector cluster ID. Default Router ID Command Mode ROUTER-BGP Usage Information If a cluster contains only one route reflector, the cluster ID is the route reflector’s router ID.
description Configures a description for the BGP neighbor or for peer template. Syntax description text Parameters text — Enter a description for the BGP neighbor or peer template. Default None Command Mode ROUTER-BGP-NEIGHBOR ROUTER-BGP-TEMPLATE Usage Information Example Supported Releases The no version of this command removes the description. OS10# configure terminal OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 8.8.8.
Default Enabled Command Mode ROUTER-BGP-NEIGHBOR-AF ROUTER-TEMPLATE-AF Usage Information Example Supported Releases The no version of this command removes the default route. OS10(conf-router-bgp-10)# template lunar OS10(conf-router-bgp-template)# address-family ipv6 unicast OS10(conf-router-template-af)# default-originate route-map rmap-bgp 10.4.1.0 or later distribute-list Distributes BGP information through an established prefix list.
Supported Releases 10.3.0E or later ebgp-multihop Allows EBGP neighbors on indirectly connected networks. Syntax ebgp-multihop hop count Parameters hop count — Enter a value for the number of hops, from 1 to 255. Default 1 Command Mode ROUTER-NEIGHBOR Usage Information This command avoids installation of default multihop peer routes to prevent loops and creates neighbor relationships between peers. Networks indirectly connected are not valid for best path selection.
Command Mode ROUTER-NEIGHBOR Usage Information Configure the BGP fast fall-over on a per-neighbor or peer-group basis. When you enable this command on a template, it simultaneously enables on all peers that inherit the peer group template. When you enable fall-over, BGP tracks IP reachability to the peer remote address and the peer local address.
listen Enables peer listening and sets the prefix range for dynamic peers. Syntax listen ip-address [limit count] Parameters ● ip-address—Enter the BGP neighbor IP address. ● limit count—(Optional) Enter a maximum dynamic peer count, from 1 to 4294967295. Default Not configured Command Mode ROUTER-TEMPLATE Usage Information Enables a passive peering session for listening. The no version of this command disables a passive peering session.
1. Enter the ROUTER BGP mode using the router bgp as-number command. 2. From the ROUTER BGP mode, enter the ROUTER BGP VRF mode using the vrf vrf-name command. Example Supported Releases OS10(conf-router-bgp-10)# log-neighbor-changes 10.3.0E or later maximum-paths Configures the maximum number of equal-cost paths for load sharing. Syntax maximum-paths [ebgp number | ibgp number] maxpaths Parameters ● ebgp—Enable multipath support for external BGP routes.
Example Supported Releases OS10(conf-router-bgp-neighbor-af)# maximum-prefix 20 100 warning-only 10.3.0E or later neighbor Creates a remote peer for the BGP neighbor and enters BGP Neighbor mode. Syntax neighbor ip address Parameters ip address — Enter the IP address of the neighbor in dotted decimal format. Default Not configured Command Mode CONFIG-ROUTER-BGP Usage Information Create a remote peer with the BGP neighbor. Always enter the IP address of a BGP peer with this command.
Command Mode ROUTER-BGP Usage Information Paths compare in the order they arrive. OS10 uses this method to choose different best paths from a set of paths, depending on the order they are received from the neighbors. MED may or may not be compared between adjacent paths. When you change the path selection from deterministic to nondeterministic, the path selection for the existing paths remains deterministic until you use the clear ip bgp command to clear the existing paths.
Usage Information You can enter the password either as plain text or in encrypted format. The password provided in ROUTER-NEIGHBOR mode gets more preference than the password in ROUTER-TEMPLATE mode. The no version of this command disables authentication. Example OS10(conf-router-neighbor)# password abcdell OS10(conf-router-neighbor)# password 9 f785498c228f365898c0efdc2f476b4b27c47d972c3cd8cd9b91f518c14ee42d Supported Releases 10.3.
Defaults None Command Modes CONFIG-ROUTER-NEIGHBOR CONFIG-ROUTER-TEMPLATE Usage Information Example Supported Releases The no version of this command deletes the remote AS. OS10(config)# router bgp 300 OS10(config-router-bgp-300)# template ebgppg OS10(config-router-template)# remote-as 100 10.4.1.0 or later remove-private-as Removes private AS numbers from receiving outgoing updates.
Supported Releases 10.4.1.0 or later route-reflector-client Configures a neighbor as a member of a route-reflector cluster. Syntax route-reflector-client Parameters None Default Not configured Command Mode ROUTER-TEMPLATE Usage Information The device configures as a route reflector, and the BGP neighbors configure as clients in the routereflector cluster. The no version of this command removes all clients of a route reflector—the router no longer functions as a route reflector.
1. Enter the ROUTER BGP mode using the router bgp as-number command. 2. From the ROUTER BGP mode, enter the ROUTER BGP VRF mode using the vrf vrf-name command. Example Supported Releases OS10(conf-router-bgp-10)# router-id 10.10.10.40 10.3.0E or later send-community Sends a community attribute to a BGP neighbor or peer group. Syntax send-community {extended | standard} Parameters ● extended — Enter an extended community attribute. ● standard — Enter a started community attribute.
show ip bgp Displays information that BGP neighbors exchange. Syntax show ip bgp [vrf vrf-name] ip-address/mask Parameters ● vrf vrf-name — (OPTIONAL) Enter the keyword vrf and then the name of the VRF to view route information corresponding to that VRF. ● ip-address/mask — Enter the IP address and mask in A.B.C.D/x format. Default Not configured Command Mode EXEC Usage Information This command displays BGP neighbor information. Example OS10# show ip bgp 1.1.1.0/24 BGP routing table entry for 1.
Supported Releases 10.3.0E or later show ip bgp flap-statistics Displays BGP flap statistics on BGP routes. Syntax show ip bgp [vrf vrf-name] flap-statistics Parameters None Default Not configured Command Mode EXEC Usage Information ● vrf vrf-name — (OPTIONAL) Enter the keywords vrf and then the name of the VRF to view flap statistics on BGP routes corresponding to that VRF. ● Network — Displays the network ID to which the route is flapping.
Neighbor 80.1.1.2 Supported Releases AS 800 MsgRcvd 8 MsgSent Up/Down 4 00:01:10 State/Pfx 5 10.3.0E or later show ip bgp ipv6 unicast Displays route information for BGP IPv6 routes. Syntax show ip bgp [vrf vrf-name] ipv6 unicast [neighbors] {ip-address/mask | summary} | multicast {ip-address/mask | neighbors} [denied-routes] Parameters ● vrf vrf-name — (OPTIONAL) Enter the keyword vrf followed by the name of the VRF to view IPv6 unicast information corresponding to that VRF.
● BGP state — Displays the neighbor’s BGP state and the amount of time in hours:minutes: seconds it has been in that state. ● Last read — Displays the information included in the last read: ○ Last read is the time (hours:minutes: seconds) the router read a message from its neighbor. ○ Hold time is the number of seconds configured between messages from its neighbor. ○ Keepalive interval is the number of seconds between keepalive messages to help ensure that the TCP session is still alive.
*>55:0:0:1::/64 192:168:1::1 0 0 0 100i *>55:0:0:2::/64 192:168:1::1 0 0 0 100i *>55:0:0:3::/64 192:168:1::1 0 0 0 100i *>55:0:0:4::/64 192:168:1::1 0 0 0 100i *>55:0:0:5::/64 192:168:1::1 0 0 0 100i *>55:0:0:6::/64 192:168:1::1 0 0 0 100i *>55:0:0:7::/64 192:168:1::1 0 0 0 100i *>55:0:0:8::/64 192:168:1::1 0 0 0 100i *>55:0:0:9::/64 192:168:1::1 0 0 0 100i *>172:16:1::/64 192:168:1::1 0 0 0 100? Total number of prefixes: 11 OS10# Example received-
*>55:0:0:3::/64 172:16:1::2 44 55 0 i *>55:0:0:4::/64 172:16:1::2 44 55 0 i *>55:0:0:5::/64 172:16:1::2 44 55 0 i *>55:0:0:6::/64 172:16:1::2 44 55 0 i *>55:0:0:7::/64 172:16:1::2 44 55 0 i *>55:0:0:8::/64 172:16:1::2 44 55 0 i *>55:0:0:9::/64 172:16:1::2 44 55 0 i Total number of prefixes: 10 OS10# Supported Releases 10.3.0E or later show ip bgp peer-group Displays information on BGP peers in a peer-group.
show ip bgp summary Displays the status of all BGP connections. Syntax show ip bgp [vrf vrf-name] summary Parameters vrf vrf-name — (OPTIONAL) Enter the keyword vrf and then the name of the VRF to view the status of all BGP connections corresponding to that VRF. Default Not configured Command Mode EXEC Usage Information ● ● ● ● ● Neighbor—Displays the BGP neighbor address. AS—Displays the AS number of the neighbor MsgRcvd—Displays the number of BGP messages that the neighbor received.
Supported Releases 10.3.0E or later template Creates a peer-group template to assign it to BGP neighbors. Syntax template template-name Parameters template-name — Enter a peer-group template name (up to 16 characters). Default Not configured Command Mode CONFIG-ROUTER-BGP Usage Information Members of a peer-group template inherit the configuration properties of the template and share the same update policy. The no version of this command removes a peer-template configuration.
Command Mode ROUTER-BGP Usage Information This mode enables you to apply BGP configurations to non default VRFs. Example OS10(config)#router bgp 100 OS10(config-router-bgp-100)# OS10(config-router-bgp-100)#vrf vrf_test1 OS10(config-router-bgp-100-vrf)# Supported Releases 10.3.0E or later weight Assigns a default weight for routes from the neighbor interfaces. Syntax weight number Parameters number—Enter a number as the weight for routes, from 1 to 4294967295.
---------------------------------------------IPV4 Load Balancing : Enabled IPV6 Load Balancing : Enabled MAC Load Balancing : Enabled TCP-UDP Load Balancing : Enabled Ingress Port Load Balancing : Disabled IPV4 FIELDS : source-ip destination-ip protocol vlan-id l4-destination-port l4source-port IPV6 FIELDS : source-ip destination-ip protocol vlan-id l4-destination-port l4source-port MAC FIELDS : source-mac destination-mac ethertype vlan-id TCP-UDP FIELDS: l4-destination-port l4-source-port ● The second part
load-balancing Distributes or load balances incoming traffic using the default parameters in the hash algorithm.
Command Mode EXEC Usage Information None Example Supported Releases OS10# show hash-algorithm EcmpAlgo - crc LabAlgo - crc 10.3.0E or later IPv4 routing OS10 supports IPv4 addressing including variable-length subnetting mask (VLSM), Address Resolution Protocol (ARP), static routing, and routing protocols. With VLSM, you can configure one network with different masks. You can also use supernetting, which increases the number of subnets.
Hardware is Dell EMC Eth, address is 00:0c:29:98:1b:79 Current address is 00:0c:29:98:1b:79 Pluggable media present, QSFP+ type is QSFP+ 40GBASE CR 1.0M Wavelength is 64 SFP receive power reading is 0.
example, if interface ethernet 1/1/5 has IP address on subnet 100.0.0.0/8, and if 10.1.1.0/24 recursively resolves to 100.1.1.1, the system installs the static route: ● ● ● ● When When When When the the the the interface goes down, OS10 withdraws the route. interface comes up, OS10 reinstalls the route. recursive resolution is broken, OS10 withdraws the route. recursive resolution is satisfied, OS10 reinstalls the route.
● no-refresh — (Optional) Specify to delete the ARP entry from CAM. You can also use this option with interface or ip ip-address to specify which dynamic ARP entries you want to delete. Default Not configured Command Mode EXEC Usage Information Transit traffic may not be forwarded during the period when deleted ARP entries are resolved again and re-installed in CAM. Use this option with extreme caution. Example Supported Releases OS10# clear ip arp interface ethernet 1/1/5 10.2.
ip address dhcp Enables DHCP client operations on the interface. Syntax ip address dhcp Parameters None Defaults None Command Mode INTERFACE Usage Information The no version of this command disables the DHCP operations on the interface. Example Supported Releases OS10(config)# interface mgmt 1/1/1 OS10(conf-if-ma-1/1/1)# ip address dhcp 10.3.0E or later ip arp Configures static ARP and maps the IP address of the neighbor to a MAC address.
Example OS10(config)# ip route 200.200.200.0/24 10.1.1.2 OS10(config)# ip route 200.200.200.0/24 interface null 0 Supported Releases 10.2.0E or later show ip arp Displays the ARP table entries for specific a IP address or MAC address, static, dynamic, and a summary of all ARP entries.
Example (Dynamic) OS10# show ip arp dynamic Protocol Address Age(min) Hardware Address Interface VLAN CPU -----------------------------------------------------------Internet 10.16.127.143 163 00:01:e8:75:c1:bb Ma 1/0 - CP Internet 10.16.127.254 63 00:01:e8:75:c1:bb Ma 1/0 - CP Internet 10.16.131.4 62 00:01:e8:8b:3b:e3 Ma 1/0 - CP Internet 10.16.131.254 19 00:01:e8:75:c1:bb Ma 1/0 - CP Internet 192.168.1.1 - 00:01:e8:8b:39:43 - Vl 100 CP Internet 192.168.1.
Enable or disable IPv6 By default: ● IPv6 forwarding is enabled on physical Ethernet interfaces, VLANs, and port groups. IPv6 forwarding is disabled only when you enable IPv6 address autoconfiguration on an interface and set it in host mode (ipv6 address autoconfig). ● IPv6 forwarding is permanently disabled on the management Ethernet interface so that it remains in Host mode and does not operate as a router regardless of the ipv6 address autoconfig setting.
● ● ● ● ● ● 2001:0db8:0000:0000:0000:0000:1428:57ab 2001:0db8:0000:0000:0000::1428:57ab 2001:0db8:0:0:0:0:1428:57ab 2001:0db8:0:0::1428:57ab 2001:0db8::1428:57ab 2001:db8::1428:57ab IPv6 networks are written using CIDR notation. An IPv6 network (or subnet) is a contiguous group of IPv6 addresses the size of which must be a power of two. The initial bits of addresses, which are identical for all hosts in the network, are the network's prefix.
Configure link-local address OS10(config)# interface ethernet 1/1/8 OS10(conf-if-eth1/1/8)# ipv6 address FE80::1/64 link-local Stateless autoconfiguration When an interface comes up, OS10 uses stateless autoconfiguration to generate a unique link-local IPv6 address with a FE80::/64 prefix and an interface ID generated from the MAC address. To use stateless autoconfiguration to assign a globally unique address using a prefix received in router advertisements, enter the ipv6 address autoconfig command.
● ipv6 nd hop-limit hops — (Optional) Sets the hop limit advertised in RA messages and included in IPv6 data packets sent by the router (0 to 255; default 64). 0 indicates that no hop limit is specified by the router. ● ipv6 nd managed-config-flag — (Optional) Sent in RA messages to tell hosts to use stateful address autoconfiguration, such as DHCPv6, to obtain IPv6 addresses.
Duplicate address discovery To determine if an IPv6 unicast address is unique before assigning it to an interface, an OS10 switch sends a neighbor solicitation message. If the process of duplicate address discovery (DAD) detects a duplicate address in the network, the address is not configured on the interface. DAD is enabled by default. By default, IPv6 is not disabled when a duplicate address is detected. Only the duplicate address is not applied. Other IPv6 addresses are still active on the interface.
IPv6 destination unreachable By default, when no matching entry for an IPv6 route is found in the IPv6 routing table, a packet is dropped and no error message is sent. You can enable the capability to send an IPv6 destination unreachable error message to the source without dropping the packet.
IPv6 commands clear ipv6 neighbors Delete all entries in the IPv6 neighbor discovery cache or neighbors of a specific interface. Static entries are not removed using this command. Syntax clear ipv6 neighbors [vrf vrf-name] [ipv6-address | interface] Parameters ● vrf vrf-name — (Optional) Enter the keyword vrf followed by the name of the VRF to clear the neighbor corresponding to that VRF. If you do not specify this option, the neighbors in the default VRF are cleared.
ipv6 address Configures a global unicast IPv6 address on an interface. Syntax ipv6 address ipv6–address/prefix-length Parameters ipv6-address/prefix-length — Enter a full 128-bit IPv6 address with the network prefix length, including the 64-bit interface identifier. Defaults None Command Mode INTERFACE Usage Information ● An interface can have multiple IPv6 addresses.
Example Supported Releases OS10(config)# interface mgmt 1/1/1 OS10(conf-if-ma-1/1/1)# ipv6 address dhcp 10.3.0E or later ipv6 enable Enables and disables IPv6 forwarding on an interface configured with an IPv6 address. Syntax ipv6 enable Parameters None Defaults None Command Mode INTERFACE Usage Information ● The no version of this command disables IPv6 forwarding.
Command Mode INTERFACE Usage Information ● An interface can have only one link-local address. By default, an IPv6 link-local address is automatically generated with a MAC-based EUI-64 interface ID when a router boots up and IPv6 is enabled. Use this command to manually configure a link-local address to replace the autoconfigured address. For example, to configure a more user-friendly link-local address, replace fe80::eef4:bbff:fefb:fa30/64 with fe80::1/64.
Example: Enable DAD on link-local address Supported Releases OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ipv6 nd dad disable-ipv6-on-dad-failure 10.4.0E(R1) or later ipv6 nd hop-limit Sets the hop limit advertised in RA messages and included in IPv6 data packets sent by the router. Syntax ipv6 nd hop-limit hops Parameters ● hop-limit hops — Enter the maximum number of hops allowed for RA messages (0 to 255).
Example Supported Releases OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# ipv6 nd max-ra-interval 300 10.4.0E(R1) or later ipv6 nd mtu Sets the maximum transmission unit (MTU) used on a local link in RA messages. Syntax ipv6 nd mtu number Parameters ● mtu number — Enter the MTU size in bytes (1280 to 65535). Defaults 1500 bytes Command Mode INTERFACE Usage Information The no version of this command restores the default MTU value advertised in RA messages.
● no-autoconfig — (Optional) Sets AdvAutonomous to Off for the specified prefix in the radvd.conf file. This setting tells hosts to not use this prefix for address autoconfiguration. By default, AdvAutonomous is On. ● no-rtr-address — (Optional) Sets AdvRouterAddr to Off for the prefix in the radvd.conf file. The Off setting tells hosts to not use the advertising router's address for on-link determination. By default, AdvRouterAddr is On.
Example Supported Releases OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# ipv6 nd max-ra-interval 300 10.4.0E(R1) or later ipv6 nd reachable-time Sets the advertised time for which the router sees a neighbor to be up after it receives a reachability confirmation. Syntax ipv6 nd reachable-time milliseconds Parameters ● reachable-time milliseconds — Enter the reachable time in milliseconds (0 to 3600000).
RA messages, the switch must be in Router mode with IPv6 forwarding enabled and stateless autoconfiguration disabled (no ipv6 address autoconfig command). ● The no ipvd nd send-ra command disables RA messages. Example Supported Releases OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# ipv6 nd send-ra 10.4.0E(R1) or later ipv6 route Configures a static IPv6 static route.
Example Supported Releases OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# ipv6 unreachables 10.4.0E(R1) or later show ipv6 neighbors Display IPv6 discovery information. Entering the command without options shows all IPv6 neighbor addresses stored on the control processor (CP).
● A::B/mask—(Optional) Enter the IPv6 destination address and mask. ● summary—(Optional) Displays the IPv6 route summary.
Example (Brief) OS10# show ipv6 interface brief Interface admin/ IPV6 Address/ IPv6 Oper Name protocol Link-Local Address Status ============================================================ Management 1/1/1 up/up fe80::20c:29ff:fe54:c852/64 Enabled Vlan 1 up/up fe80::20c:29ff:fe54:c8bc/64 Enabled Ethernet 1/1/2 up/up fe80::20c:29ff:fe54:c853/64 100::1/64 1001:1:1:1:20c:29ff:fe54:c853/64 Enabled Ethernet 1/1/3 up/up fe80::4/64 3000::1/64 4000::1/64 Disabled Ethernet 1/1/4 up/up fe80::4/64 4::1/64 5::1/64 En
IGMP snooping configuration OS10(config)# ip igmp snooping enable OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# ip igmp snooping mrouter interface ethernet 1/1/32 OS10(conf-if-vl-100)# ip igmp snooping querier OS10(conf-if-vl-100)# ip igmp version 3 OS10(conf-if-vl-100)# ip igmp snooping fast-leave OS10(conf-if-vl-100)# ip igmp snooping query-interval 60 OS10(conf-if-vl-100)# ip igmp snooping query-max-resp-time 10 OS10(conf-if-vl-100)# ip igmp snooping last-member-query-interval 1000 View IGMP sno
Parameters None Default Depends on the global configuration. Command Mode VLAN INTERFACE Usage Information When you enable IGMP snooping globally, the configuration is applied to all the VLAN interfaces. You can disable the IGMP snooping on specified VLAN interfaces. The no version of this command disables the IGMP snooping on the specified VLAN interface. Example Supported Releases OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# no ip igmp snooping 10.4.
Parameters query-interval-time—Enter the query time interval in milliseconds, ranging from 100 to 65535. Default 1000 milliseconds Command Mode VLAN INTERFACE Usage Information The no version of this command resets the last member query interval time to the default value. Example Supported Releases OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# ip igmp snooping last-member-query-interval 2500 10.4.1.0 or later ip igmp snooping mrouter Enables IGMP querier on the specified VLAN interface.
Default 60 seconds Command Mode VLAN INTERFACE Usage Information The no version of this command resets the query interval to the default value. Example Supported Releases OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# ip igmp snooping query-interval 120 10.4.1.0 or later ip igmp query-max-resp-time Configures the maximum time for responding to a query advertised in IGMP queries.
Default Not configured Command Mode EXEC Usage Information None Example Example (with VLAN) 368 Layer 3 OS10# show ip igmp snooping groups Total Number of Groups: 480 IGMP Connected Group Membership Group Address Interface Mode Expires 225.1.0.0 vlan3031 IGMPv2-Compat 00:01:26 Member-ports :port-channel51,ethernet1/1/51:1,ethernet1/1/52:1 225.1.0.1 vlan3031 IGMPv2-Compat 00:01:26 Member-ports :port-channel51,ethernet1/1/51:1,ethernet1/1/52:1 225.1.0.
225.1.0.6 00:01:30 Member-ports 225.1.0.7 00:01:30 Member-ports 225.1.0.8 00:01:30 Member-ports 225.1.0.9 00:01:30 Member-ports 225.1.0.
Member Port Mode port-channel51 Include --more-- <
IGMP Snooping max response time is 10 seconds IGMP snooping fast-leave is disabled on this interface IGMP snooping querier is enabled on this interface Vlan3032 is up, line protocol is up IGMP version is 3 IGMP snooping is enabled on interface IGMP snooping query interval is 60 seconds IGMP snooping querier timeout is 130 seconds IGMP snooping last member query response interval is 1000 ms IGMP Snooping max response time is 10 seconds IGMP snooping fast-leave is disabled on this interface IGMP snooping quer
vlan3049 vlan3050 vlan3051 vlan3052 --more-- port-channel31 port-channel31 port-channel31 port-channel31 <
OS10(conf-if-vl-11)# OS10(conf-if-vl-11)# OS10(conf-if-vl-11)# OS10(conf-if-vl-11)# ipv6 ipv6 ipv6 ipv6 mld mld mld mld snooping snooping snooping snooping fast-leave query-interval 60 query-max-resp-time 10 last-member-query-interval 1000 View MLD snooping information OS10# show ipv6 mld snooping groups Total Number of Groups: 280 MLD Connected Group Membership Group Address Interface Mode Expires ff02::2 vlan3531 Exclude 00:01:38 ff0e:225:1:: vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel4
MLD snooping commands ipv6 mld snooping Enables MLD snooping on the specified VLAN interface. Syntax ipv6 mld snooping Parameters None Default Depends on the global configuration. Command Mode VLAN INTERFACE Usage Information When you enable MLD snooping globally, the configuration is applied to all the VLAN interfaces. You can disable the MLD snooping on specified VLAN interfaces. The no version of this command disables the MLD snooping on the specified VLAN interface.
Supported Releases 10.4.1.0 or later ipv6 mld snooping last-member-query-interval Configures the time interval between group-specific MLD query messages. Syntax ipv6 mld snooping last-member-query-interval query-interval-time Parameters query-interval-time—Enter the query time interval in milliseconds, ranging from 100 to 65535. Default 1000 milliseconds Command Mode VLAN INTERFACE Usage Information The no version of this command resets the last member query interval time to the default value.
Supported Releases 10.4.1.0 or later ipv6 mld snooping query-interval Configures the time interval for sending MLD general queries. Syntax ipv6 mld snooping query-interval query-interval-time Parameters query-interval-time—Enter the interval time in seconds, ranging from 2 to 18000. Default 60 seconds Command Mode VLAN INTERFACE Usage Information The no version of this command resets the query interval to the default value.
Supported Releases 10.4.1.0 or later show ipv6 mld snooping groups Displays the details of MLD snooping group membership. Syntax show ipv6 mld snooping groups [vlan vlan-id] [ipv6-address] Parameters ● vlan-id—(Optional) Enter the VLAN ID, ranging from 1 to 4093. ● ipv6-address—(Optional) Enter the IPv6 address of the multicast group.
00:02:12 Member-ports ff0e:225:1::2 00:02:12 Member-ports ff0e:225:1::3 00:02:12 Member-ports ff0e:225:1::4 00:02:12 Member-ports ff0e:225:1::5 00:02:12 Member-ports Example (with VLAN and multicast IP address) Supported Releases :port-channel41,ethernet1/1/51,ethernet1/1/52 vlan3531 MLDv1-Compat :port-channel41,ethernet1/1/51,ethernet1/1/52 vlan3531 MLDv1-Compat :port-channel41,ethernet1/1/51,ethernet1/1/52 vlan3531 MLDv1-Compat :port-channel41,ethernet1/1/51,ethernet1/1/52 vlan3531 MLDv1-Compat :port-ch
ethernet1/1/52:1 --more-Example (with VLAN) Include 2d:11:50:36 00:01:38 OS10# show ipv6 mld snooping groups vlan 3041 detail Interface vlan3041 Group ff02::2 Source List -Member Port Mode Uptime port-channel31 Exclude 2d:11:57:08 Expires 00:01:44 Interface vlan3041 Group ff3e:232:b:: Source List 2001:101:29::1b Member Port Mode port-channel31 Include ethernet1/1/51:1 Include ethernet1/1/52:1 Include Uptime 2d:11:50:17 2d:11:50:36 2d:11:50:36 Expires 00:01:42 00:01:38 00:01:25 Uptime 2d:11:50:17 2d
MLD snooping fast-leave is disabled on this interface MLD snooping querier is disabled on this interface Supported Releases 10.4.1.0 or later show ipv6 mld snooping mrouter Displays the details of multicast router ports. Syntax show ipv6 mld snooping mrouter [vlan vlan-id] Parameters vlan-id—(Optional) Enter the VLAN ID, ranging from 1 to 4093.
Areas, networks, and neighbors The backbone of the network is Area 0, also called Area 0.0.0.0, the core of any AS. All other areas must connect to Area 0. An OSPF backbone is responsible for distributing routing information between areas. It consists of all area border routers, networks not wholly contained in any area and their attached routers. The backbone is the only area with a default area number. You configure all other areas Area ID.
Backbone router A backbone router (BR) is part of the OSPF Backbone, Area 0, and includes all ABRs. The BR includes routers connected only to the backbone and another ABR, but are only part of Area 0—shown as Router I in the example. Area border router Within an AS, an area border router (ABR) connects one or more areas to the backbone. The ABR keeps a copy of the link-state database for every area it connects to. It may keep multiple copies of the link state database.
The DRs and BDRs are configurable. If you do not define DR or BDR, OS10 assigns them per the protocol. To determine which routers are the DR and BDR, the OSPF looks at the priority of the routers on the segment —default router priority is 1. The router with the highest priority is elected the DR. If there is a tie, the router with the higher router ID takes precedence. After the DR is elected, the BDR is elected the same way. A router with a router priority set to zero cannot become the DR or BDR.
If not assigned, the system selects the router with the highest priority as the DR. The second highest priority is the BDR. Priority rates from 0 to 255, with 255 as the highest number with the highest priority. OSPF route limit OS10 supports up to 16,000 OSPF routes. Within this range, the only restriction is on intra-area routes that scale only up to 1000 routes. Other OSPF routes can scale up to 16 K.
Enable SPF throttling (OSPFv3) OS10(config)# router ospfv3 10 OS10(config-router-ospf-10)# timers spf 2000 3000 4000 View OSPFv2 SPF throttling OS10(config-router-ospf-100)# do show ip ospf Routing Process ospf 100 with ID 12.1.1.
5. Assign an IP address to the interface in INTERFACE mode. ip address ip-address/mask 6. Enable OSPFv2 on an interface in INTERFACE mode. ip ospf process-id area area-id ● process-id—Enter the OSPFv2 process ID for a specific OSPF process from 1 to 65535. ● area-id—Enter the OSPFv2 area ID as an IP address (A.B.C.D) or number from 1 to 65535.
1. Enable OSPF routing and enter ROUTER-OSPF mode, from 1 to 65535. router ospf instance number 2. Configure an area as a stub area in ROUTER-OSPF mode. area area-id stub [no-summary] ● area-id—Enter the OSPF area ID as an IP address (A.B.C.D) or number, from 1 to 65535. ● no-summary—(Optional) Enter to prevent an ABR from sending summary LSA to the stub area. Configure stub area OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# area 10.10.5.
ip ospf 100 area 0.0.0.0 ip ospf passive !! ! You can disable a passive interface using the no ip ospf passive command. Fast convergence Fast convergence sets the minimum origination and arrival LSA parameters to zero (0), allowing rapid route calculation. A higher convergence level can result in occasional loss of OSPF adjacency. Convergence level 1 meets most convergence requirements. The higher the number, the faster the convergence, and the more frequent the route calculations and updates.
Interface parameters To avoid routing errors, interface parameter values must be consistent across all interfaces. For example, set the same time interval for the hello packets on all routers in the OSPF network to prevent misconfiguration of OSPF neighbors. 1. To change the OSPFv2 parameters in CONFIGURATION mode, enter the interface. interface interface-name 2. Change the cost associated with OSPF traffic on the interface in INTERFACE mode, from 1 to 65535. The default depends on the interface speed.
● Enter which routes redistribute into the OSPFv2 process in ROUTER-OSPF mode. redistribute {bgp as-number| connected | static} [route-map map-name] ○ bgp | connected | static—Enter a keyword to redistribute those routes. ○ route-map map-name—Enter the name of a configured route map.
Graceful restart When a networking device restarts, the adjacent neighbors and peers detect the condition. During a graceful restart, the restarting device and the neighbors continue to forward the packets without interrupting the network performance. The neighbors that help in the restart process are called as helper routers. When graceful restart is enabled, the restarting device retains the routes learned by OSPF in the forwarding table.
● ● ● ● ● ● ● Is OSPF enabled on the interface? Are adjacencies established correctly? Are the interfaces configured for L3 correctly? Is the router in the correct area type? Are the OSPF routes included in the OSPF database? Are the OSPF routes included in the routing table in addition to the OSPF database? Are you able to ping the IPv4 address of adjacent router interface? Troubleshooting OSPF with show commands ● View a summary of all OSPF process IDs enabled in EXEC mode.
area nssa Defines an area as a NSSA. Syntax area area-id nssa [default-information-originate | no-redistribution | nosummary] Parameters ● area-id — Enter the OSPF area ID as an IP address (A.B.C.D) or number (1 to 65535). ● no-redistribution — (Optional) Prevents the redistribute command from distributing routes into the NSSA. Use no-redistribution command only in an NSSA ABR. ● no-summary — (Optional) Ensures that no summary LSAs are sent into the NSSA.
Example Supported Releases OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# area 10.10.1.5 stub 10.2.0E or later auto-cost reference-bandwidth Calculates default metrics for the interface based on the configured auto-cost reference bandwidth value. Syntax auto-cost reference-bandwidth value Parameters value — Enter the reference bandwidth value to calculate the OSPF interface cost in megabits per second (1 to 4294967).
Example Supported Releases OS10# clear ip ospf 10 statistics 10.4.0E(R1) or later default-information originate Generates and distributes a default external route information to the OSPF routing domain. Syntax default-information originate [always] Parameters always — (Optional) Always advertise the default route. Defaults Disabled Command Mode ROUTER-OSPF Usage Information The no version of this command disables the distribution of default route.
Example Supported Releases OS10(conf-router-ospf-10)# fast-converge 3 10.2.0E or later graceful-restart Enables the helper mode during a graceful or hitless restart. Syntax graceful-restart role helper-only Parameters None Defaults Disabled Command Mode ROUTER-OSPF Usage Information The no version of this command disables the helper mode. Example Supported Releases OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# graceful-restart role helper-only 10.3.
Example Supported Releases OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ip ospf authentication-key sample 10.3.0E or later ip ospf cost Changes the cost associated with the OSPF traffic on an interface. Syntax ip ospf cost cost Parameters cost — Enter a value as the OSPF cost for the interface (1 to 65335). Default Based on bandwidth reference Command Mode INTERFACE Usage Information Interface cost is based on the auto-cost command if not configured.
Example Supported Releases OS10(conf-if-vl-10)# ip ospf hello-interval 30 10.2.0E or later ip ospf message-digest-key Enables OSPF MD5 authentication and sends an OSPF message digest key on the interface. Syntax ip ospf message-digest-key keyid md5 key Parameters ● keyid — Enter an MD5 key ID for the interface (1 to 255). ● key — Enter a character string as the password (up to 16 characters).
Example Supported Releases OS10(conf-if-eth1/1/1)# ip ospf network broadcast 10.2.0E or later ip ospf passive Configures an interface as a passive interface and suppresses routing updates (both receiving and sending) to the passive interface. Syntax ip ospf passive Parameters None Default Not configured Command Mode INTERFACE Usage Information You must configure the interface before setting the interface to Passive mode.
Supported Releases 10.2.0E or later ip ospf transmit-delay Sets the estimated time required to send a link state update packet on the interface. Syntax ip ospf transmit-delay seconds Parameters seconds — Set the time (in seconds) required to send a link-state update (1 to 3600). Default 1 second Command Mode INTERFACE Usage Information Set the estimated time required to send a link-state update packet.
maximum-paths Enables forwarding of packets over multiple paths. Syntax maximum—paths number Parameters number —Enter the number of paths for OSPF (1 to 128). Default 64 Command Mode ROUTER-OSPF Usage Information The no version of this command resets the value to the default. Example Supported Releases OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# maximum-paths 1 10.2.
Example Supported Releases OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# router-id 10.10.1.5 10.2.0E or later router ospf Enters Router OSPF mode and configures an OSPF instance. Syntax router ospf instance-number Parameters instance-number—Enter a router OSPF instance number, from 1 to 65535. Default Not configured Command Mode CONFIGURATION Usage Information Assign an IP address to an interface before using this command. The no version of this command deletes an OSPF instance.
Parameters process-id—(Optional) Displays information based on the process ID. Default Not configured Command Mode EXEC Usage Information You can isolate problems with external routes. External OSPF routes are calculated by adding the LSA cost to the cost of reaching the ASBR router. If an external route does not have the correct cost, this command determines if the path to the originating router is correct. ASBRs that are not in directly connected areas display.
Supported Releases 10.2.0E or later show ip ospf database asbr-summary Displays information about AS boundary LSAs. Syntax show ip ospf [process-id] database asbr-summary Parameters process-id—(Optional) Displays the AS boundary LSA information for a specified OSPF process ID. If you do not enter a process ID, this applies only to the first OSPF process. Default Not configured Command Mode EXEC Usage Information ● ● ● ● ● ● ● ● ● ● ● Example LS Age—Displays the LS age.
● ● ● ● ● ● ● ● Example Link State ID — Identifies the router ID. Advertising Router — Identifies the advertising router’s ID. LS Seq Number — Identifies the LS sequence number (identifies old or duplicate LSAs). Checksum — Displays the Fletcher checksum of an LSA’s complete contents. Length — Displays the LSA length in bytes. Network Mask — Identifies the network mask implemented on the area. TOS — Displays the ToS options. The only option available is zero.. Metric — Displays the LSA metric.
LS age: 1356 Options: (No TOS-capability, No DC, E) LS type: Network Link State ID: 110.1.1.2 Advertising Router: 112.2.1.1 LS Seq Number: 0x80000008 Checksum: 0xd2b1 Length: 32 Network Mask: /24 Attached Router: 111.2.1.1 Attached Router: 112.2.1.1 Supported Releases 10.2.0E or later show ip ospf database nssa external Displays information about the NSSA-External (Type 7) LSA.
Advertising Router: 2.2.2.2 LS Seq Number: 0x80000001 Checksum: 0x2526 Length: 36 Network Mask: /0 Metric Type: 1 TOS: 0 Metric: 0 Forward Address: 0.0.0.0 External Route Tag: 0 LS age: 65 Options: (No TOS-Capability, No DC, No Type 7/5 translation) LS type: NSSA External Link State ID: 12.1.1.0 Advertising Router: 2.2.2.2 LS Seq Number: 0x80000001 Checksum: 0xBDEA Length: 36 Network Mask: /24 Metric Type: 2 TOS: 0 Metric: 20 Forward Address: 0.0.0.
Command Mode EXEC Usage Information ● ● ● ● ● ● ● ● ● ● Example LS Age — Displays the LS age. Options — Displays the optional capabilities available on the router. LS Type — Displays the Link State type. Link State ID — Identifies the router ID. Advertising Router — Identifies the advertising router’s ID. LS Seq Number — Identifies the LS sequence number (identifies old or duplicate LSAs). Checksum — Displays the Fletcher checksum of an LSA’s complete contents.
Type-11 AS Opaque LS age: 3600 Options: (No TOS-Capability, No DC) LS type: Type-11 AS Opaque Link State ID: 8.1.1.3 Advertising Router: 2.2.2.2 LS Seq Number: 0x8000000D Checksum: 0x61D3 Length: 36 Opaque Type: 8 Opaque ID: 65795 Supported Releases 10.2.0E or later show ip ospf database opaque-link Displays information about the opaque-link (Type 9) LSA.
Parameters process-id — (Optional) Displays the router (Type 1) LSA for an OSPF Process ID. If you do not enter a Process ID, this command applies only to the first OSPF process. Default Not configured Command Mode EXEC Usage Information Output: ● LS age—Displays the LS age. ● Options—Displays optional capabilities. ● LS Type—Displays the Link State type. ● Link State ID—Identifies the router ID. ● Advertising Router—Identifies the advertising router’s ID.
Default Not configured Command Mode EXEC Usage Information ● ● ● ● ● ● ● ● ● ● ● Example LS Age—Displays the LS age. Options—Displays the optional capabilities available on the router. LS Type—Displays the Link State type. Link State ID—Identifies the router ID. Advertising Router—Identifies the advertising router’s ID. LS Seq Number—Identifies the LS sequence number (identifies old or duplicate LSAs). Checksum—Displays the Fletcher checksum of an LSA’s complete contents.
Simple password authentication enabled Neighbor Count is 0, Adjacent neighbor count is 0 Supported Releases 10.2.0E or later show ip ospf routes Displays OSPF routes received from neighbors along with parameters like cost, next-hop, area, interface, and type of route. Syntax show ip ospf [process-id] routes [prefix IP-prefix] Parameters ● process-id — (Optional) Enter OSPFv2 Process ID to view information specific to the ID.
tx-failed tx-hello tx-db-des tx-ls-req tx-ls-upd tx-ls-ack Error packets (Receive bad-src 0 mtu-mismatch 0 resource-err 0 lsa-bad-len 0 netmask-mismatch 0 options-mismatch 0 self-orig 0 version-mismatch Supported Releases 0 tx-failed-bytes 0 tx-hello-bytes 0 tx-db-des-bytes 0 tx-ls-req-bytes 0 tx-ls-upd-bytes 0 tx-ls-ack-bytes statistics) 0 dupe-id 0 0 0 0 0 0 0 hello-err 0 nbr-ignored 0 wrong-proto 0 bad-lsa-len 0 lsa-bad-type 0 lsa-bad-cksum 0 auth-fail 0 hello-tmr-mismatch 0 dead-ivl-m
Default) Not configured Command Mode ROUTER-OSPF Usage Information The no version of this command disables the summary address. Example Supported Releases OS10(config)# router ospf 100 OS10(config-router-ospf-100)# summary-address 10.0.0.0/8 not-advertise 10.3.0E or later timers lsa arrival Configures the LSA acceptance intervals. Syntax timers lsa arrival arrival-time Parameters arrival-time — Set the interval between receiving the LSA in milliseconds (0 to 600,000).
Example OS10(config)# router ospf 100 OS10(config-router-ospf-100)# timers spf 1200 2300 3400 OS10(config-router-ospf-100)# do show ip ospf Routing Process ospf 100 with ID 12.1.1.
2. Enter the interface information to configure the interface for OSPFv3 in INTERFACE mode. interface ethernet node/slot/port[:subport] 3. Enable (or bring up) the interface in INTERFACE mode. no shutdown 4. Disable the default switchport configuration and remove it from an interface or a LAG port in INTERFACE mode. no switchport 5. Enable the OSPFv3 on an interface in INTERFACE mode. ipv6 ospfv3 process-id area area-id ● process-id — Enter the OSPFv3 process ID for a specific OSPFv3 process (1 to 65535).
1. Enable OSPFv3 routing and enter ROUTER-OSPFv3 mode (1 to 65535). router ospfv3 instance number 2. Configure an area as a stub area in ROUTER-OSPFv3 mode. area area-id stub [no-summary] ● area-id — Enter the OSPFv3 area ID as an IP address (A.B.C.D) or number (1 to 65535). ● no-summary — (Optional) Enter to prevent an ABR from sending summary LSAs into the stub area. Configure Stub Area OS10(config)# router ospfv3 10 OS10(conf-router-ospf-10)# area 10.10.5.
Although the passive interface does not send or receive routing updates, the network on that interface is still included in OSPF updates sent through other interfaces. You can remove an interface from passive interfaces using the no ipv6 ospf passive command. 1. Enter an interface type in INTERFACE mode. interface ethernet node/slot/port[:subport] 2. Configure the interface as a passive interface in INTERFACE mode.
OS10(conf-if-eth1/1/1)# ipv6 ospf dead-interval 20 OS10(conf-if-eth1/1/1)# ipv6 ospf priority 4 View OSPFv3 Interface Parameters OS10# show ipv6 ospf interface fortyGigE 0/0 is up, line protocol is up Link Local Address fe80::92b1:1cff:fef4:a39d, Interface ID 1048581 Area 0, Process ID 10, Instance ID 0, Router ID 60.60.60.1 NetworkType BROADCAST, Cost: 1, Passive: No Transmit Delay is 0 sec, State BDR, Priority 4 Designated router on this network is 70.70.70.
The SPI value must be unique to one IPsec security policy (authentication or encryption) on the router. You cannot configure the same SPI value on another interface even if it uses the same authentication or encryption algorithm. You cannot use an IPsec authentication type (MD5 or SHA-1) and the null setting at same time on an interface. These settings are mutually exclusive. ● Enable IPsec authentication for OSPFv3 packets in Interface mode.
Configure IPsec encryption on interface OS10(conf-if-eth1/1/1)# ipv6 ospf encryption ipsec spi 500 esp des 1234567812345678 md5 12345678123456781234567812345678 OS10(conf-if-eth1/1/1)# show configuration ! interface ethernet1/1/1 ipv6 ospf encryption ipsec spi 500 esp des 1234567812345678 md5 12345678123456781234567812345678 no switchport no shutdown ipv6 address 1::1/64 Configure IPsec authentication for OSPFv3 area Prerequisite: Before you enable IPsec authentication for an OSPFv3 area, enable OSPFv3 glo
be 32 plain hex digits. For SHA-1 authentication, the non-encrypted key must be 40 hex digits. An encrypted key is not supported. To delete an IPsec encryption policy, use the no area area-id encryption ipsec spi number command. Configure IPsec encryption for OSPFv3 area OS10(config-router-ospfv3-100)# area 1 encryption ipsec spi 401 esp des 1234567812345678 md5 12345678123456781234567812345678 OS10(config-router-ospfv3-100)# show configuration ! router ospfv3 100 area 0.0.0.
Parameters ● ● ● ● ● Default OSPFv3 area authentication is not configured. Command Mode ROUTER-OSPFv3 Usage Information ● Before you enable IPsec authentication for an OSPFv3 area, you must enable OSPFv3 globally on each router. ● All OSPFv3 routers in the area must share the same authentication key to exchange information. Only a non-encrypted key is supported. For MD5 authentication, the non-encrypted key must be 32 plain hex digits.
area stub Defines an area as the OSPF stub area. Syntax area area-id stub [no-summary] Parameters ● area-id—Set the OSPFv3 area ID as an IP address (A.B.C.D) or number (1 to 65535). ● no-summary—(Optional) Prevents an area border router from sending summary link advertisements into the stub area. Default Not configured Command Mode ROUTER-OSPFv3 Usage Information The no version of this command deletes a stub area.
clear ipv6 ospf statistics Clears OSPFv3 traffic statistics. Syntax clear ipv6 ospf [instance-number] statistics Parameters instance-number — (Optional) Enter an OSPFv3 instance number (1 to 65535). Default Not configured Command Mode EXEC Usage Information This command clears the OSPFv3 traffic statistics in a specified instance or in all the configured OSPFv3 instances, and resets them to zero. Example Supported Releases OS10# clear ipv6 ospf 100 statistics 10.4.
ipv6 ospf authentication Configures OSPFv3 authentication on an IPv6 interface. Syntax ipv6 ospf authentication {null | ipsec spi number {MD5 | SHA1} key} Parameters ● ● ● ● ● Default IPv6 OSPF authentication is not configured on an interface. Command Mode INTERFACE Usage Information ● Before you enable IPsec authentication on an OSPFv3 interface, you must enable IPv6 unicast routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign it to an area.
Parameters seconds — Enter the dead interval value in seconds (1 to 65535). Default 40 seconds Command Mode INTERFACE Usage Information The dead interval is four times the default hello-interval by default. The no version of this command removes the IPv6 OSPF dead-interval configuration. Example Supported Releases OS10(config)# interface vlan 10 OS10(conf-if-vl-10)# ipv6 ospf dead-interval 10 10.3.0E or later ipv6 ospf encryption Configures OSPFv3 encryption on an IPv6 interface.
ipv6 ospf hello-interval Sets the time interval between hello packets sent on an interface. Syntax ipv6 ospf hello-interval seconds Parameters seconds — Enter the hello-interval value in seconds (1 to 65535). Default 10 seconds Command Mode INTERFACE Usage Information All routers in a network must have the same hello time interval between the hello packets. The no version of the this command resets the value to the default.
ipv6 ospf priority Sets the priority of the interface to determine the designated router for the OSPFv3 network. Syntax ipv6 ospf priority number Parameters number — Enter a router priority number (0 to 255). Default 1 Command Mode INTERFACE Usage Information When two routers attached to a network attempt to become the designated router, the one with the higher router priority takes precedence. The no version of this command resets the value to the default.
redistribute Redistributes information from another routing protocol or routing instance to the OSPFv3 process. Syntax redistribute {bgp as-number | connected | static} [route-map route-map name] Parameters ● as-number — Enter an autonomous number to redistribute BGP routing information throughout the OSPFv3 instance (1 to 4294967295). ● route-map name — Enter the name of a configured route-map. ● connected — Enter the information from connected (active) routes on interfaces to redistribute.
Example Supported Releases OS10(config)# router ospfv3 10 10.3.0E or later show ipv6 ospf Displays OSPFv3 instance configuration information. Syntax show ipv6 ospf [instance-number] Parameters instance-number — (Optional) View OSPFv3 information for a specified instance number (1 to 65535) Default None Command Mode EXEC Usage Information None Example Supported Releases OS10# show ipv6 ospf Routing Process ospfv3 200 with ID 1.1.1.
● Dest RtrID—Displays the destination router ID. ● Interface—Displays the interface type. ● Prefix—Displays the prefix details. Example Supported Releases OS10# show ipv6 ospf database OSPF Router with ID (10.0.0.2) (Process ID 200) Router Link States (Area 0.0.0.0) ADV Router Age Seq# Fragment ID Link count Bits ------------------------------------------------------------------1.1.1.1 1610 0x80000144 0 1 B 2.2.2.2 1040 0x8000013A 0 1 10.0.0.2 1039 0x80000002 0 1 Net Link States (Area 0.0.0.
show ipv6 ospf neighbor Displays a list of OSPFv3 neighbors connected to the local router. Syntax show ipv6 ospf neighbor Parameters None Default Not configured Command Mode EXEC Usage Information ● ● ● ● ● ● Example Supported Releases Neighbor ID—Displays the neighbor router ID. Pri—Displays the priority assigned neighbor. State—Displays the OSPF state of the neighbor. Dead Time—Displays the expected time until the system declares the neighbor dead.
lsa-bad-len 0 lsa-bad-cksum 0 hello-tmr-mismatch 0 dead-ivl-mismatch 0 options-mismatch 0 nbr-admin-down 0 own-hello-drop 0 self-orig 0 wrong-length 0 version-mismatch 0 area-mismatch 0 Supported Releases 10.4.0E(R1) or later timers spf (OSPFv3) Enables shortest path first (SPF) throttling to delay an SPF calculation when a topology change occurs. Syntax timers spf [start-time [hold-time [max-wait]]] Parameters ● start-time — Sets the initial SPF delay in milliseconds (1 to 600000; default 1000).
Object tracking monitors the status of tracked objects and communicates any changes made to interested client applications. OTM client applications are VRRP and PBR. Each tracked object has a unique identifying number that clients use to configure the action to take when a tracked object changes state. You can also optionally specify a time delay before changes in a tracked object's state are reported to a client application.
● VLAN — VLAN identifer ● Loopback — Loopback interface identifier ● mgmt — Management interface 1. Configure object tracking in CONFIGURATION mode from 1 to 500. track object-id 2. (Optional) Enter the interface object tracking on the line-protocol state of a Layer 2 interface in OBJECT TRACKING mode. interface interface line-protocol 3. (Optional) Configure the time delay used before communicating a change to the status of a tracked interface in OBJECT TRACKING mode from 0 to 80 seconds; default 0.
5. View the tracking configuration and the tracked object status in EXEC mode. show track object-id Configure IPv4 host tracking OS10 (conf-track-1)# track 2 OS10 (conf-track-2)# ip 1.1.1.1 reachability OS10 (conf-track-2)# do show track 2 IP Host 1.1.1.
2017-02-03T08:41:43Z1 3 ipv6-reachablity 10::10 DOWN 2017-02-03T08:41:55Z1 View all object tracking information OS10# show track View interface object tracking information OS10# show track interface TrackID Resource Parameter Status LastChange --------------------------------------------------------------------------------1 line-protocol ethernet1/1/1 DOWN 2017-02-03T08:41:25Z1 OS10# show track ip TrackID Resource Parameter Status LastChange --------------------------------------------------------------
interface line-protocol Configures an object to track a specific interface's line-protocol status. Syntax interface interface line-protocol Parameters interface — Enter the interface information: ● ethernet — Physical interface. ● port-channel — Enter the port-channel identifier. ● vlan — Enter the VLAN identifier. ● loopback — Enter the Loopback interface identifier. ● mgmt — Enter the Management interface.
Supported Releases 10.3.0E or later reachability-refresh Configures a polling interval for reachability tracking. Syntax reachability-refresh interval Parameters interval — Enter the polling interval value (up to 3600 seconds). Defaults 0 seconds Command Mode CONFIGURATION Usage Information Set the interval to 0 to disable the refresh. Example Supported Releases OS10(conf-track-100)# reachability-refresh 600 10.3.0E or later show track Displays tracked object information.
Command Mode CONFIGURATION Usage Information The no version of this command deletes the tracked object from an interface. Example Supported Releases OS10# track 100 10.3.0E or later Policy-based routing Policy-based routing (PBR) provides a mechanism to redirect IPv4 and IPv6 data packets based on the policies defined to override the switch’s forwarding decisions based on the routing table.
1. Enter the IPv4 or IPv6 address to match and specify the access-list name in Route-Map mode. match {ip | ipv6} address access-list-name 2. Set the next-hop IP address in Route-Map mode.
Verify IPv6 PBR configuration OS10# show ipv6 policy abc Interface Route-map ------------------------ethernet1/1/1 abc ethernet1/1/3 abc vlan100 abc show route-map pbr-sample pbr-statistics route-map pbr-sample, permit, sequence 10 Policy routing matches: 84 packets PBR commands clear route-map pbr-statistics Clears all PBR counters. Syntax clear route-map [map-name] pbr-statistics Parameters map-name—Enter the name of a configured route-map (up to 140 characters).
Defaults Not configured Command Mode INTERFACE Usage Information None Example Supported Releases OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ip policy route-map map1 10.3.0E or later route-map pbr-statistics Enables counters for PBR statistics. Syntax route-map [map-name] pbr-statistics Parameters map-name—Enter the name of a configured route-map (up to 140 characters).
Command Mode ROUTE-MAP Usage Information None Example Supported Releases OS10(conf-route-map)# set ip next-hop 10.10.10.10 track-id 12 10.3.0E or later show policy Displays policy information. Syntax show {ip | ipv6} policy [map-name] Parameters map-name — (Optional) Enter the name of a configured route map (up to 140 characters). Defaults None Command Mode EXEC Usage Information None Example Supported Releases OS10# show ip policy map-name 10.3.
● Avoids issues with dynamic routing and discovery protocols ● Takes over a failed default router: ○ Within a few seconds ○ With a minimum of VRRP traffic ○ Without any interaction from hosts Configuration VRRP specifies a master (active) router that owns the next hop IP and MAC address for end stations on a LAN. The master router is chosen from the virtual routers by an election process and forwards packets sent to the next hop IP address.
● Create a virtual router for the interface with the VRRP identifier in INTERFACE mode (1 to 255). vrrp-group vrrp-id ● Delete a VRRP group in INTERFACE mode. no vrrp-group vrrp-id Configure VRRP OS10(config)# interface ethernet 1/1/5 OS10(conf-if-eth1/1/5)# vrrp-group 254 Verify VRRP OS10(conf-eth1/1/5-vrid-254)# do show running-configuration ... ! interface ethernet 1/1/5 ip address 10.10.10.1/24 ! vrrp-group 254 no shutdown ... Group version Configure a VRRP version for the system.
These rules apply to virtual IP addresses: ● The virtual IP addresses must be in the same subnet as the primary or secondary IP addresses configured on the interface. Though a single VRRP group can contain virtual IP addresses belonging to multiple IP subnets configured on the interface, Dell EMC recommends configuring virtual IP addresses belonging to the same IP subnet for any one VRRP group. An interface on which you enable VRRP contains a primary IP address of 50.1.1.
---------------------------------------------------------------------------ethernet1/1/1 IPv4 10 100 true master 10.1.1.8 10.1.1.8 View VRRP group 1 OS10# show vrrp 1 Interface : ethernet1/1/1 IPv4 VRID : 1 Primary IP Address : 10.1.1.1 State : master-state Virtual MAC Address : 00:00:5e:00:01:01 Version : version-3 Priority : 100 Preempt : Hold-time : Authentication : no-authentication Virtual IP address : 10.1.1.
1. Create a virtual router for the interface with the VRRP identifier in INTERFACE mode (1 to 255). vrrp-group vrrp-id 2. Configure a simple text password in INTERFACE-VRRP mode. authentication-type simple—text text [auth-text] ● simple—text text — Enter the keyword and a simple text password. ● auth-text — (Optional) Enter a character string up to eight characters long as a password.
! no preempt Advertisement interval By default, the Master router transmits a VRRP advertisement to all members of the VRRP group every one second, indicating it is operational and is the Master router. If the VRRP group misses three consecutive advertisements, the election process begins and the Backup virtual router with the highest priority transitions to Master.
The lowered priority of the VRRP group may trigger an election. As the Master/Backup VRRP routers are selected based on the VRRP group’s priority, tracking features ensure that the best VRRP router is the Master for that group. The priority cost of tracking group must be less than the configured priority on the VRRP group. If the VRRP group is configured as Owner router (priority 255), tracking for that group is disabled, regardless of the state of the tracked interfaces.
interface ethernet1/1/5 switchport access vlan 1 no shutdown ! interface ethernet1/1/6 switchport access vlan 1 no shutdown ! ..... ..... interface vlan1 no shutdown ! interface mgmt1/1/1 no shutdown ! support-assist ! track 10 track-interface ethernet1/1/1 VRRP commands advertise-interval Sets the time interval between VRRP advertisements. Syntax advertise-interval [seconds | centisecs centisecs] Parameters ● seconds — Set the advertise interval in seconds (1 to 255).
Supported Releases 10.2.0E or later preempt Permits (preempts) a backup router with a higher priority value to become the master router. Syntax preempt Parameters None Default Enabled Command Mode INTERFACE-VRRP Usage Information VRRP uses preempt to determine what happens after a VRRP backup router becomes the Master. With preempt enabled by default, VRRP switches to a backup if that backup router comes online with a priority higher than the new Master router.
Usage Information Example (Brief) Example (IPv6) Supported Releases Displays all active VRRP groups. If no VRRP groups are active, the system displays “No Active VRRP group.”. OS10 # show vrrp brief Interface Group Priority Preemption State Master-addr Virtual addr(s) --------------------------------------------------------------------ethernet1/1/1 1 200 true master-state 10.1.1.1 10.1.1.
Command Mode EXEC Usage Information Assign an object tracking unique ID number before tracking the interface. Use the line-protocol parameter to track for interface operational status information. The no version of this command resets the value to the default. Example Supported Releases OS10(config)# track 10 OS10(conf-track-10)# interface ethernet 1/1/5 10.2.0E or later virtual-address Configures up to 10 virtual router IP addresses in the VRRP group.
vrrp-group Assigns a VRRP group identification number to an IPv4 interface or VLAN Syntax vrrp-group vrrp-id Parameters vrrp-id — Enter a VRRP group identification number (1 to 255). Default Not configured Command Mode INTERFACE-VRRP Usage Information The VRRP group only becomes active and sends VRRP packets when you configure a virtual IP address. When you delete the virtual address, the VRRP group stops sending VRRP packets. The no version of this command removes the vrrp-group configuration.
6 UFT modes Unified Forwarding Table (UFT) gives the flexibility to configure the sizes of internal L2/L3 forwarding tables of a switch to match the needs of particular network environment. A switch in a Layer 2 network may require a larger MAC address table size, while a switch in a Layer 3 network may require a larger routing table size. OS10 supports several UFT modes for the forwarding tables. By default, OS10 selects a UFT mode which provides a reasonable size for all tables.
Configure UFT mode OS10(config)# hardware forwarding-table mode scaled-l3-hosts View UFT mode information OS10# show hardware forwarding-table mode Current Settings Mode default-mode L2 MAC Entries : 163840 L3 Host Entries : 147456 L3 Route Entries : 16384 Next-boot Settings scaled-l3-hosts 98304 212992 98304 View UFT information for all modes OS10# show hardware forwarding-table mode all Mode default scaled-l2 scaled-l3-routes L2 MAC Entries 163840 294912 32768 L3 Host Entries 147456 16384 16384 L3 Route
UFT commands hardware forwarding-table mode Select a mode to initialize the maximum scalability size. The available options are: scaled L2 MAC address table, scaled L3 routes table, or scaled L3 hosts table. Syntax hardware forwarding-table mode {scaled-l2 | scaled-l3-routes | scaled-l3hosts} Use the no hardware forwarding-table mode command to set the UFT mode to default. Parameters ● scaled-l2 —Maximize the MAC address table size. ● scaled-l3-routes — Maximize the L3 routes table size.
Command Mode EXEC Usage Information Use this command to view the current hardware forwarding table mode and the mode after the next boot. Example Supported Releases OS10# show hardware forwarding-table mode Current Settings Mode default-mode L2 MAC Entries : 163840 L3 Host Entries : 147456 L3 Route Entries : 16384 Next-boot Settings scaled-l3-hosts 98304 212992 98304 10.3.0E or later show hardware forwarding-table mode all Displays table sizes for the available hardware forwarding table modes.
7 System management Dynamic Host Configuration Protocol Provides information to dynamically assign IP addresses and other configuration parameters to network hosts based on policies, see DHCP commands. Network Time Protocol Provides information to synchronize timekeeping between time servers and clients, see NTP commands.
Figure 6. DHCP Packet Format The table shows common options using DHCP packet formats.
When you use DHCP to manage a pool or IP addresses among hosts, you reduce the number of IP addresses you need. DHCP manages the IP address pool by leasing an IP address to a host for a limited period, allowing the DHCP server to share a limited number of IP addresses. DHCP also provides a central database of devices that connects to the network and eliminates duplicate resource assignments.
Default gateway Ensure the IP address of the default router is on the same subnet as the client. 1. Enable DHCP server-assigned dynamic addresses on an interface in CONFIGURATION mode. ip dhcp server 2. Create an IP address pool and provide a name in DHCP mode. pool name 3. Enter the default gateway(s) for the clients on the subnet in order of preference in DHCP mode.
1. Enable DHCP server-assigned dynamic addresses on an interface in DHCP mode. ip dhcp server 2. Create an IP address pool and enter the pool name in DHCP mode. pool name 3. Enter the NetBIOS WINS name servers in order of preference that are available to DHCP clients in DHCP mode. netbios-name-server ip-address 4. Enter the keyword Hybrid as the NetBIOS node type in DHCP mode.
Consider the following example: OS10# show running-configuration interface ethernet 1/1/2 ! interface ethernet1/1/2 no shutdown no switchport ip address 100.1.1.1/24 flowcontrol receive off OS10# show running-configuration ip dhcp ! ip dhcp server no disable ! pool host1 host 100.1.1.34 hardware-address 00:0c:29:ee:4c:f4 ! pool hostnetwork lease infinite network 100.1.1.0/24 ! pool host2 host 20.1.1.
View DHCP Information Use the show ip dhcp binding command to view the DHCP binding table entries. View DHCP Binding Table OS10# show ip dhcp binding IP Address Hardware address Lease expiration Hostname +-------------------------------------------------------------------------11.1.1.
DHCP commands default-router address Assigns a default gateway to clients based on the IP address pool. Syntax default-router address [address2...address8] Parameters ● address — Enter an IPv4 or IPv6 address to use as the default gateway for clients on the subnet in A.B.C.D or A::B format. ● address2...address8 — (Optional) Enter up to eight IP addresses, in order of preference.
Supported Releases 10.2.0E or later domain-name Configures the name of the domain where the device is located. Syntax domain-name domain-name Parameters domain-name — Enter the name of the domain (up to 32 characters). Default Not configured Command Mode DHCP-POOL Usage Information This is the default domain name that appends to hostnames that are not fully qualified. The no version of this command removes the configuration. Example Supported Releases OS10(conf-dhcp-Dell)# domain-name dell.
ip dhcp server Enters DHCP mode. Syntax ip dhcp server Parameters None Default Not configured Command Mode CONFIGURATION Usage Information This command is used to enter DHCP mode. Example Supported Releases OS10(config)# ip dhcp server OS10(conf-dhcp)# 10.2.0E or later ip helper-address Configure the DHCP server address. Forwards UDP broadcasts received on an interface to the DHCP server.
Example Supported Releases OS10(config)# interface ethernet 1/1/22 OS10(conf-if-eth1/1/22)# ipv6 helper-address 2001:db8:0:1:1:1:1:1 vrf blue 10.4.1.0 or later lease Configures a lease time for the IP addresses in a pool. Syntax lease {infinite | days [hours] [minutes]} Parameters ● ● ● ● Default 24 hours Command Mode DHCP-POOL Usage Information The no version of this command removes the lease configuration.
● ● ● ● Broadcast — Enter b-node. Hybrid — Enter h-node. Mixed — Enter m-node. Peer-to-peer — Enter p-node. Default Hybrid Command Mode DHCP-POOL Usage Information The no version of this command resets the value to the default. Example Supported Releases OS10(conf-dhcp-Dell)# netbios-node-type h-node 10.2.0E or later network Configures a range of IPv4 or IPv6 addresses in the address pool. Syntax network address/mask Parameters address/mask — Enter a range of IP addresses and subnet mask in A.
Parameters ● ip-address1—First IP address of the IP address range. ● ip-address2—Last IP address of the IP address range. Default Not configured Command Mode DHCP-POOL Usage Information This command is used to configure a range of IP addresses that the OS10 switch, acting as the DHCP server, can assign to DHCP clients. The no version of this command requires only the first IP address to remove the range configuration.
Usage Information Example Supported Releases There is a maximum of six domain names to the DNS list. Use this domain name to complete unqualified host names. The no version of this command removes a domain name from the DNS list. OS10(config)# ip domain-list jay dell.com 10.2.0E or later ip domain-name Configures the default domain and appends to incomplete DNS requests.
● ip–address2 ip-address3 — (Optional) Enter up two additional IPv4 or IPv6 name servers, separated with a space. Default Not configured Command Mode CONFIGURATION Usage Information OS10 does not support sending DNS queries over a VLAN. DNS queries are sent out on all other interfaces, including the Management port. You can separately configure both IPv4 and IPv6 domain name servers.
This issue occurs because the relay agent listens only on the best path uplink interfaces where the DHCP server is reachable. Network Time Protocol Network Time Protocol (NTP) synchronizes timekeeping among a set of distributed time servers and clients. The protocol coordinates time distribution in a large, diverse network. NTP clients synchronize with NTP servers that provide accurate time measurement.
Enable NTP NTP is disabled by default. To enable NTP, configure an NTP server to which the system synchronizes. To configure multiple servers, enter the command multiple times. Multiple servers may impact CPU resources. ● Enter the IP address of the NTP server to which the system synchronizes in CONFIGURATION mode.
Source IP address Configure one interface IP address to include in all NTP packets. The source address of NTP packets is the interface IP address the system uses to reach the network by default. ● Configure a source IP address for NTP packets in CONFIGURATION mode. ntp source interface ○ ○ ○ ○ ○ ethernet — Enter the keyword and node/slot/port information. port-channel — Enter the keyword and number. vlan — Enter the keyword and VLAN number (1 to 4093). loopback — Enter the keyword and number (0 to 16383).
Configure NTP OS10(config)# OS10(config)# OS10(config)# OS10(config)# OS10(config)# ntp ntp ntp ntp ntp authenticate trusted-key 345 authentication-key 345 mdf 0 5A60910FED211F02 server 1.1.1.1 key 345 master 7 View NTP configuration OS10(config)# do show running-configuration ! ntp authenticate ntp authentication-key 345 mdf 0 5A60910FED211F02 ntp server 1.1.1.1 key 345 ntp trusted-key 345 ntp master 7 ...
Supported Releases 10.2.0E or later ntp broadcast client Configures the interface to receive NTP broadcasts from an NTP server. Syntax ntp broadcast client Parameters None Default Not configured Command Mode INTERFACE Usage Information The no version of this command disables broadcast. Example Supported Releases OS10(conf-if-eth1/1/1)# ntp broadcast client 10.2.0E or later ntp disable By default, NTP is enabled on all interfaces. Prevents an interface from receiving NTP packets.
ntp master Configures an NTP master server. Syntax ntp master stratum Parameters stratum — Enter the stratum number to identify the NTP server hierarchy (2 to 10). Default 8 Command Mode CONFIGURATION Usage Information The no version of this command resets the value to the default. Example Supported Releases OS10(config)# ntp master 6 10.2.0E or later ntp server Configures an NTP time-serving host.
Usage Information Example Supported Releases The no version of this command removes the configuration. OS10(config)# ntp source ethernet 1/1/24 10.2.0E or later ntp trusted-key Sets a key to authenticate the system to which NTP synchronizes with. Syntax ntp trusted-key number Parameters number — Enter the trusted key ID (1 to 4294967295).
============================================================= 10.10.120.5 0.0.0.0 16 - 256 0 0.00 0.000 16000.0 *172.16.1.33 127.127.1.0 11 6 16 377 -0.08 -1499.9 104.16 172.31.1.33 0.0.0.0 16 - 256 0 0.00 0.000 16000.0 192.200.0.2 0.0.0.0 16 - 256 0 0.00 0.000 16000.0 OS10# show ntp associations vrf management remote local st poll reach delay offset disp ======================================================================= *1.1.1.2 1.1.1.1 3 64 1 0.00027 0.000056 0.43309 Supported Releases 10.2.
System clock OS10 uses NTP to synchronize the system clock with a time-serving host. If you do not use NTP, set the system time in EXEC mode. The hardware-based real-clock time (RTC) is reset to the new system time. You can set the current time and date after you disable NTP. When NTP is enabled, it overwrites the system time. ● Enter the time and date in EXEC mode.
● Enter Minutes offset from UTC, ranging from 0 to 59. Default Not configured Command Mode CONFIGURATION Usage Information Universal time coordinated (UTC) is the time standard based on Greenwich Mean time. To set the time zone for the system clock, enter the difference of hours between UTC and your time zone. Example Supported Releases OS10(config)# clock timezone IST 5 30 10.3.0E or later show clock Displays the current system clock settings.
Enter your username and password % To delete a login banner and reset it to the Dell EMC default banner, enter the no banner login command. To disable banner display before login, enter the banner login disable command. MOTD banner Configure a message of the day banner that displays after you log in. Enter up to 4096 characters. To start and end the MOTD banner, enter a single delimiter character or the key combination ^C. You can enter any character as the delimiter.
banner motd Configures a multi-line message of the day banner that displays after you log in. Syntax banner motd delimiter banner-text banner-text ... delimiter Parameters ● delimiter — Enter a single delimiter character or the key combination ^C to specify the start and end of the text banner. ● banner-text — Enter a maximum of 4096 characters. There is no limit on the number of lines. Default The Dell EMC default MOTD banner is displayed after you log in.
6 *7 OS10# admin admin 17 10 0 0 0 0 4 0 2017-07-12T03:55:18Z 2017-07-12T04:42:55Z User session management commands exec-timeout Configure timeout in seconds for all the user sessions. Syntax exec-timeout timeout-value Parameters timeout-value — Enter the timeout value in seconds (0 to 3600). Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command disables the timeout. Example Supported Releases OS10(config)# exec-timeout 300 OS10(config)# 10.3.
Example OS10# show sessions Current session's operation mode: Non-transaction Session-ID User In-rpcs In-bad-rpcs Out-rpc-err Out-notify Login-time Lock ----------------------------------------------------------------------------------------3 snmp_user 114 0 0 0 2017-07-10T23:58:39Z 4 snmp_user 57 0 0 0 2017-07-10T23:58:40Z 6 admin 17 0 0 4 2017-07-12T03:55:18Z *7 admin 10 0 0 0 2017-07-12T04:42:55Z OS10# Supported Releases 10.3.
Supported Releases 10.4.0E(R1) or later ip telnet server vrf Configures the Telnet server for the management VRF instance. Syntax ip telnet server vrf management Parameters ● management — Configures the management VRF to be used to reach the Telnet server. Default The Telnet server is reachable on the default VRF. Command Mode CONFIGURATION Usage Information By default, the Telnet server is disabled. To enable the Telnet server, enter the telnet enable command.
Configure AAA authentication OS10(config)# aaa authentication login default group radius local OS10(config)# do show running-configuration aaa aaa authentication login default group radius local aaa authentication login console local Remove AAA authentication methods OS10(config)# no aaa authentication login default OS10(config)# do show running-configuration aaa aaa authentication login default local aaa authentication login console local User re-authentication To prevent users from accessing resources an
Role-based access control RBAC provides control for access and authorization. Users are granted permissions based on defined roles — not on their individual system user ID. Create user roles based on job functions to help users perform their associated job function. You can assign each user only a single role, and many users can have the same role. A user role authenticates and authorizes a user at login, and places you in EXEC mode (see CLI basics).
Re-enter the radius-server host command multiple times to configure more than one RADIUS server. If you configure multiple RADIUS servers, OS10 attempts to connect in the order you configured them. An OS10 switch connects with the configured RADIUS servers one at a time, until a RADIUS server responds with an accept or reject response. The switch tries to connect with a server for the configured number of retransmit retries and timeout period.
Configure TACACS+ server OS10(config)# tacacs-server host 1.2.4.5 key mysecret View TACACS+ server configuration OS10# show running-configuration ... tacacs-server host 1.2.4.5 key 9 3a95c26b2a5b96a6b80036839f296babe03560f4b0b7220d6454b3e71bdfc59b ... Delete TACACS+ server OS10# no tacacs server host 1.2.4.
● ● ● ● ● Configure Key Exchange algorithms using ip ssh server kex key-exchange-algorithm. Configure hash message authentication code (HMAC) algorithms using ip ssh server mac hmac-algorithm. Configure the SSH server listening port using ip ssh server port port-number. Configure the SSH server to be reachable on the management VRF using ip ssh server vrf. Configure the SSH login timeout using the ip ssh server login-grace-time seconds command (0 to 300; default 60).
OS10(config-ipv4-acl)# exit OS10(config)# line vty OS10(config-line-vty)# ip access-class permit10 OS10(config-line-vty)# View VTY ACL configuration OS10(config-line-vty)# show configuration ! line vty ip access-class permit10 ipv6 access-class deny10 OS10(config-line-vty)# Enable AAA accounting To record information about all user-entered commands, use the AAA accounting feature — not supported for RADIUS accounting.
Limit concurrent login sessions To avoid an unlimited number of active sessions on a switch for the same user ID, you can limit the number of console and remote connections. Log in from a console connection by cabling a terminal emulator to the console serial port on the switch. Log in to the switch remotely through a virtual terminal line (VTY), such as Telnet and SSH. ● Configure the maximum number of concurrent login sessions in CONFIGURATION mode.
Security commands aaa accounting Enables AAA accounting. Syntax aaa accounting commands all {console | default} {start-stop | stop-only | none} [logging] [group tacacs+] Parameters ● commands all — Record all user-entered commands. This option is not supported for RADIUS accounting. ● console — Record all user authentication and logins or all user-entered commands in OS10 sessions on console connections.
aaa authentication login default group radius local aaa authentication login console local OS10(config)# no aaa authentication login default OS10(config)# do show running-configuration aaa aaa authentication login default local aaa authentication login console local Supported Releases 10.4.1.0 or later aaa re-authenticate enable Requires user re-authentication after a change in the authentication method or server.
Generated 4096-bit RSA key OS10# Supported Releases 10.4.1.0 or later ip access-class Filters connections based on an IPv4 access list in virtual terminal line. Syntax ip access-class access-list-name Parameters access-list-name—Enter the access list name. Default Not configured Command Mode LINE VTY CONFIGURATION Usage Information The no version of this command removes the filter. Example Supported Releases OS10(config)# line vty OS10(config-line-vty)# ip access-class deny10 10.4.
Example Supported Releases OS10(config)# ip ssh server challenge-response-authentication 10.3.0E or later ip ssh server cipher Configure the list of cipher algorithms in the SSH server. Syntax ip ssh server cipher cipher-list Parameters cipher-list — Enter the list of cipher algorithms separated by space. The following is the list of cipher algorithms supported by the SSH server: ● 3des-cbc ● aes128-cbc ● aes192-cbc ● aes256-cbc ● aes128-ctr ● aes192-ctr ● aes256-ctr ● aes128-gcm@openssh.
Supported Releases 10.3.0E or later ip ssh server hostbased-authentication Enable host-based authentication in an SSH server. Syntax ip ssh server hostbased-authentication Parameters None Default Disabled Command Mode CONFIGURATION Usage Information The no version of this command disables the host-based authentication. Example Supported Releases OS10(config)# ip ssh server hostbased-authentication 10.3.
ip ssh server mac Configure the list of hash message authentication code (HMAC) algorithms in the SSH server. Syntax ip ssh server mac hmac-algorithm Parameters hmac-algorithm — Enter the list of HMAC algorithms separated by space. The following is the list of HMAC algorithms supported by the SSH server: ● hmac-md5 ● hmac-md5-96 ● hmac-ripemd160 ● hmac-sha1 ● hmac-sha1-96 ● hmac-sha2-256 ● hmac-sha2-512 ● umac-64@openssh.com ● umac-128@openssh.com ● hmac-md5-etm@openssh.com ● hmac-md5-96-etm@openssh.
Example Supported Releases OS10(config)# ip ssh server password-authentication 10.3.0E or later ip ssh server port Configure the SSH server listening port. Syntax ip ssh server port port-number Parameters port-number — Enter the listening port number (1 to 65535). Default 22 Command Mode CONFIGURATION Usage Information The no version of this command removes the configuration. Example Supported Releases OS10(config)# ip ssh server port 255 10.3.
Supported Releases 10.4.0E(R1) or later line vty Enters the virtual terminal line mode to access the virtual terminal (VTY). Syntax line vty Parameters None Default Not configured Command Mode CONFIGURATION Usage Information None Example Supported Releases OS10(config)# line vty OS10(config-line-vty)# 10.4.0E(R1) or later login concurrent-session limit Configures the maximum number of concurrent login sessions allowed for a user ID.
Example Supported Releases OS10(config)# login-statistics enable 10.4.0E(R1) or later password-attributes Configures rules for password entries. Syntax password-attributes {[min-length number] [character-restriction {[upper number] [lower number] [numeric number] [special-char number]}} Parameters ● min-length number — (Optional) Sets the minimum number of required alphanumeric characters (6 to 32; default 9).
Usage Information ● To remove the configured max-retry or lockout-period settings, enter the no passwordattributes {max-retry | lockout-period} command. ● When a user is locked out due to exceeding the maximum number of failed login attempts, other users can still access the switch. Example Supported Releases OS10(config)# password-attributes max-retry 5 lockout-period 30 10.4.1.0 or later radius-server host Configures a RADIUS server and the key used to authenticate the switch on the server.
radius-server timeout Configures the timeout used to resend RADIUS authentication requests. Syntax radius-server timeout seconds Parameters seconds — Enter the time in seconds for retransmission (0 to 1000). Default An OS10 switch stops sending RADIUS authentication requests after five seconds. Command Mode CONFIGURATION Usage Information Use this command to globally configure the timeout value used on RADIUS servers. The no version of this command resets the value to the default.
Supported Releases 10.4.1.0 or later show ip ssh Displays the SSH server information. Syntax show ip ssh Parameters None Default Not configured Command Mode EXEC Usage Information Use this command to view information about the established SSH sessions. Example OS10# show ip ssh SSH Server: Enabled -------------------------------------------------SSH Server Ciphers: chacha20-poly1305@openssh.com,aes128-ctr, aes192-ctr,aes256-ctr, aes128-gcm@openssh.com,aes256gcm@openssh.
Time-frame in days: 25 #Fail since last Login ----0 0 0 Role User Change -------- ----admin False netadmin False mltest False During Timeframe #Fail #Success -------------1 13 0 5 0 1 Last Login Date/Time -----------------2017-11-02T16:02:44Z 2017-11-02T15:59:04Z 2017-11-01T15:42:07Z Location ---------in (00:00) 1001:10:16:210::4001 OS10# show login-statistics user mltest User : mltest Role changed since last login : False Failures since last login : 0 Time-frame in days : 25 Failures in time period :
● key 9 authentication-key — Enter an authentication key in encrypted format (up to 128 characters). ● authentication-key — Enter an authentication in plain text (up to 42 characters). It is not necessary to enter 0 before the key. ● key authentication-key — Enter a text string for the encryption key used to authenticate the switch on the TACACS+ server (up to 42 characters).
○ netadmin — Full access to configuration commands that manage traffic flowing through the switch, such as routes, interfaces, and ACLs. A network administrator cannot access configuration commands for security features or view security information. ○ netoperator — Access to EXEC mode to view the current configuration. A network operator cannot modify any configuration setting on a switch. Default ● User name and password entries are in clear text. ● There is no default user role.
username sshkey filename Enables SSH password-less login for remote clients using multiple public keys. A remote client is not prompted to enter a password. Syntax username user_name sshkey filename file_path Parameters ● user_name — Enter an OS10 user name who logs in on a remote client.
Example Supported Releases OS10(config)# userrole default inherit sysadmin 10.4.0E(R3P3) or later Simple Network Management Protocol Network management stations use Simple Network Management Protocol (SNMP) to retrieve or alter management data from network elements. Standard and private SNMP management information bases (MIBs) are supported, including all get requests. A managed object is a datum of management information. A MIB is a database that stores managed objects found in network elements.
Usage Information Example Supported Releases The no version of this command deletes the SNMP server contact information. OS10(config)# snmp-server contact administrator 10.2.0E or later snmp-server enable traps Enables SNMP traps on a switch. Syntax snmp-server enable traps [notification-type] [notification-option] Parameters ● notification-type notification-option — Enter an SNMP notification type, and optionally, a notification option for the type. Table 8.
snmp-server host Configures a host to receive SNMP traps. Syntax snmp-server host {hostname | ipv4–address | ipv6–address} {traps | version version-number| snmp-string} [ udp-port port-number] Parameters ● hostname | ipv4–address | ipv6–address — Enter either the name or IPv4/IPv6 address of the host. ● version-number — Enter the SNMP version number to be used for notification messages. OS10 supports SNMPv1 and SNMPv2c.
Supported Releases 10.4.1.0 or later Uplink Failure Detection Uplink failure detection (UFD) indicates the loss of upstream connectivity to servers connected to the switch. A switch provides upstream connectivity for devices, such as servers. If the switch loses upstream connectivity, the downstream devices also lose connectivity. However, the downstream devices do not generally receive an indication that the upstream connectivity was lost because connectivity to the switch is still operational.
Configure uplink failure detection Consider the following before configuring an uplink-state group: ● ● ● ● ● ● ● ● ● ● You can assign a physical port or a port channel to an uplink-state group. You can assign an interface to only one uplink-state group at a time. You can designate the uplink-state group as either an upstream or a downstream interface, but not both. You can configure multiple uplink-state groups and operate them concurrently.
When you create uplink-state group in a switch operating in VLT mode, ensure that all the nodes in the VLT setup have same configuration for uplink state groups with VLT port-channel as member. This makes all the nodes independently operational and to operate in sync. When you configure VLT port-channel as upstream member in the uplink state group, the system tracks the fabric Status of VLT.
Eth 1/1/5(Dwn) Eth 1/1/9:2(Dwn) Eth 1/1/9:3(Dwn) OS10(conf-uplink-state-group-1)# show configuration ! uplink-state-group 1 downstream ethernet1/1/1-1/1/5 downstream ethernet1/1/9:2-1/1/9:3 upstream ethernet1/1/7:1 UFD commands clear ufd-disable Overrides the uplink-state group configuration and brings up the downstream interfaces. Syntax clear ufd-disable {interface interface-type | uplink-state-group group-id} Parameters ● interface-type — Enter the interface type.
downstream Adds an interface or a range of interfaces as a downstream interface to the uplink-state group. Syntax downstream {interface-type | interface-range} Parameters ● interface-type — Enter the interface type as Ethernet or port-channel. ● interface-range — Enter the range of interfaces. Default None Command Mode UPLINK-STATE-GROUP Usage Information You cannot assign an interface that is already a member of an uplink-state group to another group.
enable Enables tracking of an uplink-state group. Syntax enable Parameters None Default Disabled Command Mode UPLINK-STATE-GROUP Usage Information The no version of this command disables tracking of an uplink-state group. Example Supported Releases OS10(config)# uplink-state-group 1 OS10(conf-uplink-state-group-1)# enable 10.4.0E(R3) or later name Configures a descriptive name for the uplink-state group. Syntax name string Parameters string — Enter a description for the uplink-state group.
show uplink-state-group Displays configured uplink-state status. Syntax show uplink-state-group [group-id] [detail] Parameters ● group-id — Enter the uplink group ID. The status of the specified group ID displays. ● detail — Displays detailed information on the status of the uplink-state groups.
Usage Information Example Supported Releases The no version of this command removes the uplink-state group. OS10(config)# uplink-state-group 1 10.4.0E(R3) or later upstream Adds an interface or a range of interfaces as an upstream interface to the uplink-state group. Syntax upstream {interface-type | interface-range} Parameters ● interface-type — Enter the interface type as Ethernet or port-channel. ● interface-range — Enter the range of interfaces.
7. Change the next boot partition to the standby partition in EXEC mode. Use the active parameter to set the next boot partition from standby to active. boot system standby 8. (Optional) Check whether the next boot partition has changed to standby in EXEC mode. show boot detail 9. Reload the new software image in EXEC mode. reload Image download OS10# image download ftp://userid:passwd@hostip:/filepath Image install OS10# image install image://filename.
View boot summary OS10# show boot Current system image information: =================================== Type Boot Type Active Standby Next-Boot ----------------------------------------------------------------------------------Node-id 1 Flash Boot [A] 10.4.1.0X [B] 10.4.1.0X [A] active Upgrade commands boot system Sets the boot partition to use during the next reboot. Syntax boot system {active | standby} Parameters ● active — Reset the running partition as the next boot partition.
Command Mode EXEC Usage Information Duplicate the active, running software image to the standby image location. Example Supported Releases OS10# image copy active-to-standby 10.2.0E or later image download Downloads a new software image to the local file system. Syntax image download file-url Parameters file-url — Set the path to the image file: ● ftp://userid:passwd@hostip:/filepath — Enter the path to copy from the remote FTP server.
○ image://filename — Enter the path to install from a local file system. ○ usb://filepath — Enter the path to install from the USB file system. Default All Command Mode EXEC Usage Information Use the show image status command to view the installation progress. Example OS10# image install ftp://10.206.28.174:/PKGS_OS10-Enterprise-10.3.2E.55installer-x86_64.bin OS10# image install ftp://10.206.28.174:/PKGS_OS10-Enterprise-10.4.0E.55installer-x86_64.bin Supported Releases 10.2.
Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show image status Image Upgrade State: idle ============================================== File Transfer State: idle ---------------------------------------------State Detail: No download information available Task Start: 0000-00-00T00:00:00Z Task End: 0000-00-00T00:00:00Z Transfer Progress: 0 % Transfer Bytes: 0 bytes File Size: 0 bytes Transfer Rate: 0 kbps Installation State: idle ----------------------
8 OpenFlow Switches implement the control plane and data plane in the same hardware. Software-defined network (SDN) decouples the software (control plane) from the hardware (data plane). A centralized SDN controller handles the control plane traffic and hardware configuration for data plane flows. The SDN controller is the "brain" of an SDN.
OpenFlow logical switch instance In OpenFlow-only mode, you can configure only one logical switch instance. After you enable OpenFlow mode, create a logical switch instance. The logical switch instance is disabled by default. When the logical switch instance is enabled, the OpenFlow application starts the connection with the configured controller. When you create an OpenFlow logical switch instance, all the physical interfaces are automatically added to it.
Table 10. Supported fields Fields Support match_fields Supported priority Supported counters Supported instructions Supported timeouts Supported cookie Not supported Group table Not supported Meter table Not supported Instructions Each flow entry contains a set of instructions that execute when a packet matches the entry. Table 11.
Table 12. Supported action sets (continued) Action set Support qos Not supported group Not supported output Supported Action types An action type associates with each packet. Table 13.
Table 14.
OpenFlow protocol The OpenFlow protocol supports three message types, each with multiple subtypes: ● Controller-to-switch ● Asynchronous ● Symmetric Controller-to-switch Table 15. Supported controller-to-switch types Feature request Supported Configuration get Supported Configuration set Supported Modify-state Supported Read-state Supported Packet-out Supported Barrier Supported Role-request Supported Asynchronous Table 16.
● RYU ● ONOS Flow table modification messages Table 19. Supported messages OFPFC_ADD=0 Supported OFPFC_MODIFY=1 Supported OFPFC_MODIFY_STRICT=2 Supported OFPFC_DELETE=3 Supported OFCPC_DELETE_STRICT=4 Supported Message types Table 20.
Table 20. Supported message types (continued) Message Type Message Support Controller role change request messages OFPT_ROLE_REQUEST=24 Asynchronous message configuration Meters and rate limiters configuration messages OFPT_ROLE_REPLY=25 Not supported OFPT_GET_ASYNC_REQUEST=26 Not supported OFPT_GET_ASYNC_REPLY=27 Not supported OFPT_SET_ASYNC=28 Not supported OFPT_METER_MOD=29 Not supported Flow match fields Table 21.
Table 21.
Table 22. Supported action structures (continued) OFPAT_PUSH_MPLS = 19 Not supported OFPAT_POP_MPLS = 20 Not supported OFPAT_SET_QUEUE = 21 Not supported OFPAT_GROUP = 22 Not supported OFPAT_SET_NW_TTL = 23 Not supported OFPAT_DEC_NW_TTL = 24 Not supported OFPAT_SET_FIELD = 25 Supported OFPAT_PUSH_PBB = 26 Not supported OFPAT_POP_PBB = 27 Not supported Capabilities supported by the data path Table 23.
Table 24.
Switch description The OFPMP_DESC multipart request type includes information about the switch manufacturer, hardware revision, software revision, serial number, and description. Table 25. Supported descriptions char mfr_desc[DESC_STR_LEN] Supported char hw_desc[DESC_STR_LEN] Supported char sw_desc[DESC_STR_LEN] Supported char serial_num[SERIAL_NUM_LEN] Supported char dp_desc[DESC_STR_LEN] Supported Property type Table 26.
Controller roles Table 28. Supported controller roles OFPCR_ROLE_NOCHANGE = 0 Not supported OFPCR_ROLE_EQUAL = 1 Supported OFPCR_ROLE_MASTER = 2 Supported OFPCR_ROLE_SLAVE = 3 Not supported Packet-in reasons Table 29. Supported reasons OFPR_NO_MATCH = 0 Supported OFPR_ACTION = 1 Supported OFPR_INVALID_TTL = 2 Not supported Flow-removed reasons Table 30.
Table 31.
Table 31.
Table 31.
Table 31.
OpenFlow use cases OS10 OpenFlow protocol support allows the flexibility of using vendor-neutral applications and to use applications that you create. For example, the OS10 OpenFlow implementation supports L2 applications similar to the ones found in the following websites: ● https://github.com/osrg/ryu/tree/master/ryu/app (only L2 applications are supported) ● https://github.com/osrg/ryu/tree/master/ryu/app NOTE: OS10 supports applications based on OpenFlow versions 1.0 and 1.3.
ii. Configure the logical switch instance, of-switch-1. OS10# configure terminal OS10 (config)# openflow OS10 (config-openflow)# switch of-switch-1 b. Option 2; for in-band management: i. Configure one of the front-panel ports as the management port. OS10# configure terminal OS10 (config)# openflow OS10 (config-openflow)# in-band-mgmt interface ethernet 1/1/1 OS10 (config-openflow)# ii. Configure an IPv4 address on the front-panel management port.
cert.pem config://../openflow/sc-cert.pem OS10# copy scp://username:password@server-ip/full-path-to-the-certificates/switchprivkey.pem config://../openflow/sc-privkey.pem where server-ip refers to the server where you have stored the certificates, and username and password refers to the credentials you need to access the server with the certificates. 3. Perform the steps described in the Configure OpenFlow protocol on the switch topic to configure OpenFlow.
dpid-mac-address Specifies the MAC address bits of the datapath ID (DPID) of the logical switch instance. Syntax dpid-mac-address MAC-address Parameters MAC-address—48-bit MAC address in hexadecimal notation, nn:nn:nn:nn:nn:nn Default MAC address Command Mode OPENFLOW SWITCH CONFIGURATION Usage Information The controller uses the DPID to identify the logical switch instance. The DPID is a 64-bit number that is sent to the controller in the features_reply message.
max-backoff To configure the time interval in seconds that the logical switch instance waits after requesting a connection with the OpenFlow controller. Syntax max-backoff interval Parameters interval—Enter the amount of time in seconds that the logical switch instance waits after it attempts to establish a connection with the OpenFlow controller. The range is from 1 to 65,535. Default The default value is 8 seconds.
Command Mode CONFIGURATION Usage Information All OpenFlow configurations are performed from this configuration mode. Running the no form of this command from the OpenFlow mode prompts for a switch reload. If you enter yes, the system deletes all OpenFlow configurations and the switch returns to the normal mode after the reload. Example OS10# configure terminal OS10(config)# openflow OS10 (config-openflow)# Supported Releases 10.4.
● When you specify the option, 1.0, the switch establishes a connection with the controller that supports version 1.0 only. ● When you specify the option, 1.3, the switch establishes a connection with the controller that supports version 1.3 only. Example The following example shows a logical switch instance, of-switch-1, configured to interact with controllers that support the OpenFlow protocol version 1.3.
show openflow To display general information related to OpenFlow that is applicable to the switch and the logical switch instance. Syntax show openflow Parameters None Default None Command Mode EXEC Usage Information None Example OS10# show openflow Manufacturer : DELL Hardware Description : Z9100-ON Software Description : Dell Networking OS10-Premium, Dell Networking Application Software Version: 10.4.1.
Flow ID: 0 Priority: 32768, Cookie: 0 Hard Timeout: 0, Idle Timeout: 0 Packets: 0, Bytes: 0 Match Parameters: In Port: ethernet1/1/1 EType: 0x800 SMAC: 00:0b:c4:a8:22:b0/ff:ff:ff:ff:ff:ff DMAC: 00:0b:c4:a8:22:b1/ff:ff:ff:ff:ff:ff VLAN id: 2/4095 VLAN PCP: 1 IP DSCP: 4 IP ECN: 1 IP Proto: 1 Src Ip: 10.0.0.1/255.255.255.255 Dst Ip: 20.0.0.1/255.255.255.
FD NO ethernet1/1/7 FD NO ethernet1/1/8 FD YES ethernet1/1/9 FD NO ethernet1/1/10 FD NO ethernet1/1/11 FD YES ethernet1/1/12 FD YES ethernet1/1/13 FD NO ethernet1/1/14 FD NO ethernet1/1/15 FD NO ethernet1/1/16 FD NO ethernet1/1/17 FD NO ethernet1/1/18 FD NO ethernet1/1/19 FD NO ethernet1/1/20 FD NO ethernet1/1/21 FD NO ethernet1/1/22 FD NO ethernet1/1/23 FD NO ethernet1/1/24 FD NO ethernet1/1/25 FD NO ethernet1/1/26 FD NO ethernet1/1/27 FD NO ethernet1/1/28 FD NO ethernet1/1/29 FD NO ethernet1/1/30 FD NO et
Usage Information None Example OS10# show openflow switch Logical switch name: of-switch-1 Internal switch instance ID: 0 Config state: true Signal Version: negotiate Data plane: secure Max backoff (sec): 8 Probe Interval (sec): 5 DPID: 90:b1:1c:f4:a5:23 Switch Name : of-switch-1 Number of buffers: 0 Number of tables: 1 Table ID: 0 Table name: Ingress ACL TCAM table Max entries: 1000 Active entries: 0 Lookup count: 0 Matched count: 0 Controllers: 10.16.208.
switch To create a logical switch instance, or modify an existing logical switch instance. Syntax switch logical-switch-name Parameters logical-switch-name—Enter the name of the logical switch instance that has to be created, or modified. OS10 supports only one instance of the logical switch. The logical switch name can include a maximum of 15 characters. Default None Command Mode OPENFLOW CONFIGURATION Usage Information You must configure a controller for the logical switch instance.
Table 32.
Table 32. Modes and CLI commands (continued) Mode Available CLI commands INTERFACE CONFIGURATION description end exit ip mtu negotiation ntp show shutdown VLAN INTERFACE CONFIGURATION VLAN is not supported.
9 Access Control Lists OS10 uses two types of access policies — hardware-based ACLs and software-based route-maps. Use an ACL to filter traffic and drop or forward matching packets. To redistribute routes that match configured criteria, use a route-map. ACLs ACLs are a filter containing criterion to match; for example, examine IP, TCP, or UDP packets, and an action to take such as forwarding or dropping packets at the NPU. ACLs permit or deny traffic based on MAC and/or IP addresses.
MAC ACLs MAC ACLs filter traffic on the Layer 2 (L2) header of a packet. This traffic filtering is based on: Source MAC packet address MAC address range—address mask in 3x4 dotted hexadecimal notation, and any to denote that the rule matches all source addresses. Destination MAC packet address MAC address range—address-mask in 3x4 dotted hexadecimal notation, and any to denote that the rule matches all destination addresses.
NOTE: The destination port number qualifier supports only the eq option. Port range is not supported. ● IPv6 qualifiers: ○ DST_IPv6—Destination address ○ SRC_IPv6—Source address ○ IP_TYPE—IP Type; for example, IPv4 or IPv6 ○ IP_PROTOCOL—TCP, UDP, and so on ○ L4_DST_PORT—Destination port NOTE: The destination port number qualifier supports only the eq option. Port range is not supported.
L3 ACL rules Use ACL commands for L3 packet filtering. TCP packets from host 10.1.1.1 with the TCP destination port equal to 24 are permitted, and all others are denied. TCP packets that are first fragments or non-fragmented from host 10.1.1.1 with the TCP destination port equal to 24 are permitted, and all TCP non-first fragments from host 10.1.1.1 are permitted. All other IP packets that are non-first fragments are denied.
● Configure a drop or forward filter in IPV4-ACL mode. seq sequence-number {deny | permit | remark} {ip-protocol-number | icmp | ip | protocol | tcp | udp} {source prefix | source mask | any | host} {destination mask | any | host ip-address} [count [byte]] [fragments] Auto-generated sequence number If you are creating an ACL with only one or two filters, you can let the system assign a sequence number based on the order in which you configure the filters.
Assign and apply ACL filters To filter an Ethernet interface, a port-channel interface, or a VLAN, assign an IP ACL filter to a physical interface. The IP ACL applies to all traffic entering a physical or port-channel interface. The traffic either forwards or drops depending on the criteria and actions you configure in the ACL filter. To change the ACL filter functionality, apply the same ACL filters to different interfaces.
1. Apply an access-list on the interface with ingress direction in INTERFACE mode. ip access-group access-group-name in 2. Return to CONFIGURATION mode. exit 3. Create the access-list in CONFIGURATION mode. ip access-list access-list-name 4. Create the rules for the access-list in ACCESS-LIST mode.
Clear access-list counters Clear IPv4, IPv6, or MAC access-list counters for a specific access-list or all lists. The counter counts the number of packets that match each permit or deny statement in an access-list. To get a more recent count of packets matching an access-list, clear the counters to start at zero. If you do not configure an access-list name, all IP access-list counters clear. To view access-list information, use the show access-lists command. ● Clear IPv4 access-list counters in EXEC mode.
● Route-maps use commands to decide what to do with traffic. To remove the match criteria in a route-map, use the no match command. ● In a BGP route-map, if you repeat the same match statements; for example, a match metric, with different values in the same sequence number, only the last match and set values are taken into account.
ip address prefix-list p2 Set clauses: Match routes Configure match criterion for a route-map. There is no limit to the number of match commands per route map, but keep the number of match filters in a route-map low. The set commands do not require a corresponding match command. ● Match routes with a specific metric value in ROUTE-MAP mode, 0 to 4294967295. match metric metric-value ● Match routes with a specific tag in ROUTE-MAP mode, 0 to 4294967295.
● Enter a value as the route’s weight in ROUTE-MAP mode, from 0 to 65535. set weight value Check set conditions OS10(config)# route-map ip permit 1 OS10(conf-route-map)# match metric 2567 continue Clause Only BGP route-maps support the continue clause. When a match is found, set clauses run and the packet is forwarded — no route-map processing occurs. If you configure the continue clause without configuring a module, the next sequential module processes.
View flow-based monitoring OS10# show monitor session 1 S.Id Source Destination Dir SrcIP DstIP DSCP TTL State Reason ---------------------------------------------------------------------------1 ethernet1/1/1 ethernet1/1/4 both N/A N/A N/A N/A true Is UP Traffic matching ACL rule OS10# show ip access-lists in Ingress IP access-list testflow Active on interfaces : ethernet1/1/1 seq 5 permit icmp any any capture session 1 seq 10 permit ip 102.1.1.
View monitor sessions OS10(conf-if-eth1/1/1)# show monitor session all S.Id Source Destination Dir SrcIP DstIP DSCP TTL State Reason ---------------------------------------------------------------------------1 ethernet1/1/1 ethernet1/1/4 both N/A N/A N/A N/A true Is UP ACL commands clear ip access-list counters Clears ACL counters for a specific access-list.
Parameters access-list-name — (Optional) Enter the name of the MAC access list to clear counters. A maximum of 140 characters. Default Not configured Command Mode EXEC Usage Information If you do not enter an access-list name, all MAC access-list counters clear. The counter counts the number of packets that match each permit or deny statement in an access list. To get a more recent count of packets matching an access list, clear the counters to start at zero.
Parameters ● protocol-number — (Optional) Enter the protocol number identified in the IP header, from 0 to 255. ● icmp — (Optional) Enter the ICMP address to deny. ● ipv6 — (Optional) Enter the IPv6 address to deny. ● tcp — (Optional) Enter the TCP address to deny. ● udp — (Optional) Enter the UDP address to deny. ● A::B — Enter the IPv6 address in dotted decimal format. ● A::B/x — Enter the number of bits to match to the IPv6 address.
deny icmp Configures a filter to drop all or specific Internet Control Message Protocol (ICMP) messages. Syntax deny icmp [A.B.C.D | A.B.C.D/x | any | host ip-address] [[A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | dscp value | fragment] Parameters ● A.B.C.D — Enter the IP address in hexadecimal format separated by colons. ● A.B.C.D/x — Enter the number of bits to match to the IP address. ● any — (Optional) Set all routes subject to the filter.
deny ip Configures a filter to drop all or specific packets from an IPv4 address. Syntax deny ip [A.B.C.D | A.B.C.D/x | any | host ip-address] [[A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | dscp value | fragment] Parameters ● A.B.C.D — Enter the IP address in dotted decimal format. ● A.B.C.D/x — Enter the number of bits to match to the dotted decimal address. ● any — (Optional) Set all routes which are subject to the filter: ○ capture — (Optional) Capture packets the filter processes.
deny tcp Configures a filter that drops Transmission Control Protocol (TCP) packets meeting the filter criteria. Syntax deny tcp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | dscp value | fragment] Parameters ● A.B.C.D — Enter the IP address in A.B.C.D format. ● A.B.C.D/x — Enter the number of bits to match in A.B.C.D/x format.
○ eq — Equal to ○ gt — Greater than ○ lt — Lesser than ○ neq — Not equal to ○ range — Range of ports, including the specified port numbers. ● host ipv6-address — (Optional) Enter the IPv6 address to use a host address only. Default Not configured Command Mode IPV6-ACL Usage Information The no version of this command removes the filter. Example Supported Releases OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# deny tcp any any capture session 1 10.2.
Supported Releases 10.2.0E or later deny udp (IPv6) Configures a filter to drop UDP IPv6 packets that match filter criteria. Syntax deny udp [A::B | A::B/x | any | host ipv6-address [operator]] [A::B | A:B/x | any | host ipv6-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | dscp value | fragment] Parameters ● A::B — Enter the IPv6 address in hexadecimal format separated by colons. ● A::B/x — Enter the number of bits to match to the IPv6 address.
Example Supported Releases OS10(conf-ipv4-acl)# description ipacltest 10.2.0E or later ip access-group Configures an IP access group. Syntax ip access-group access-list-name {in | out} Parameters ● access-list-name — Enter the name of an IPv4 access list. A maximum of 140 characters. ● in — Apply the ACL to incoming traffic. ● out — Apply the ACL to outgoing traffic.
Parameters ● name — Enter an access list name. ● deny | permit — Reject or accept a matching route. ● regexp-string — Enter a regular expression string to match an AS-path route attribute. Defaults Not configured Command Mode CONFIGURATION Usage Information You can specify an access-list filter on inbound and outbound BGP routes. The ACL filter consists of regular expressions. If a regular expression matches an AS path attribute in a BGP route, the route is rejected or accepted.
Parameters ● name — Enter the name of the standard community list used to identify one more deny groups of communities. ● aa:nn — Enter the community number in the format aa:nn, where aa is the number that identifies the autonomous system and nn is a number the identifies the community within the autonomous system. ● no-advertise — Enter the keyword for BGP to not advertise this route to any internal or external peer. ● local-as — Enter the keyword for BGP to not advertise this route to external peers.
Command Mode CONFIGURATION Usage Information The no version of this command removes the extended community list. Example Supported Release OS10(config)# ip extcommunity-list standard STD_LIST permit 4byteasgeneric transitive 1.65412:60 10.3.0E or later ip prefix-list description Configures a description of an IP prefix list. Syntax ip prefix-list name description Parameters ● name — Enter the name of the prefix list. ● description — Enter the description for the named prefix list.
Parameters ● ● ● ● ● Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the specified prefix-list. Example Supported Release name — Enter the name of the prefix list. A.B.C.D/x — (Optional) Enter the source network address and mask in /prefix format (/x). ge — Enter to indicate the network address is greater than or equal to the range specified. le — Enter to indicate the network address is less than or equal to the range specified.
Example Supported Release OS10(config)# ip prefix-list seqprefix seq 65535 permit 10.10.10.1/16 le 30 10.3.0E or later ipv6 access-group Configures an IPv6 access group. Syntax ipv6 access-group access-list-name {in | out} Parameters ● access-list-name — Enter the name of an IPv6 ACL. A maximum of 140 characters. ● in — Apply the ACL to incoming traffic. ● out — Apply the ACL to outgoing traffic.
Parameters ● ● ● ● ● Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the specified prefix list. Example Supported Release prefix-list-name — Enter the IPv6 prefix list name. A::B/x — Enter the IPv6 address to deny. ge — Enter to indicate the network address is greater than or equal to the range specified. le — Enter to indicate the network address is less than or equal to the range specified. prefix-len — Enter the prefix length.
ipv6 prefix-list seq deny Configures a filter to deny route filtering from a specified prefix-list. Syntax ipv6 prefix-list [name] seq num deny {A::B/x [ge | le] prefix-len} Parameters ● ● ● ● ● ● Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the specified prefix-list. Example Supported Release name — (Optional) Enter the name of the IPv6 prefix-list. num — Enter the sequence number of the specified IPv6 prefix-list.
Command Mode CONFIGURATION CONTROL-PLANE Usage Information Example Example (Control-plane ACL) Supported Releases Use this command in the CONTROL-PLANE mode to apply a control-plane ACL. Control-plane ACLs are only applied on the ingress traffic. By default, the control-plane ACL is applied to the front-panel ports. The no version of this command resets the value to the default.
Default Not configured Command Mode IPV4-ACL Usage Information The no version of this command removes the filter. Example Supported Releases OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# permit udp any any capture session 1 10.2.0E or later permit (IPv6) Configures a filter to allow packets with a specific IPv6 address.
○ protocol-number — Enter the MAC protocol number identified in the MAC header, from 600 to ffff. ○ capture — (Optional) Enter the capture packets the filter processes. ○ cos — (Optional) Enter the CoS value, from 0 to 7. ○ vlan — (Optional) Enter the VLAN number, from 1 to 4093. Default Not configured Command Mode MAC-ACL Usage Information The no version of this command removes the filter.
○ fragment — (Optional) Use ACLs to control packet fragments. ● host ipv6-address — (Optional) Enter the IPv6 address to use a host address only. Default Not configured Command Mode IPV6-ACL Usage Information The no version of this command removes the filter. Example Supported Releases OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# permit icmp any any capture session 1 10.2.0E or later permit ip Configures a filter to permit all or specific packets from an IP address.
Command Mode IPV6-ACL Usage Information The no version of this command removes the filter. Example Supported Releases OS10(conf-ipv6-acl)# permit ipv6 any any count capture session 1 10.2.0E or later permit tcp Configures a filter to permit TCP packets meeting the filter criteria. Syntax permit tcp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [operator] ] [ack | fin | psh | rst | syn | urg] [capture | dscp value | fragment] Parameters ● A.B.
permit tcp (IPv6) Configures a filter to permit TCP packets meeting the filter criteria. Syntax permit tcp [A::B | A::B/x | any | host ipv6-address [eq | lt | gt | neq | range]] [A::B | A:B/x | any | host ipv6-address [eq | lt | gt | neq | range]] [ack | fin | psh | rst | syn | urg] [capture | dscp value | fragment] Parameters ● A::B — Enter the IPv6 address in hexadecimal format separated by colons. ● A::B/x — Enter the number of bits that must match the IPv6 address.
● host ip-address — (Optional) Enter the IP address to use a host address only. Default Not configured Command Mode IPV4-ACL Usage Information The no version of this command removes the filter. Example Supported Releases OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# permit udp any any capture session 1 10.2.0E or later permit udp (IPv6) Configures a filter to permit UDP packets meeting the filter criteria.
remark Specifies an ACL entry description. Syntax remark [remark-number] [description] Parameters ● remark-number — (Optional) Enter a remark number, from 1 to 16777214 for IPv4, IPv6, and MAC. ● description — (Optional) Enter a description. A maximum of 80 characters. Default Not configured Command Mode IPV4-ACL Usage Information Use different sequence numbers for the remark and the ACL rule. Configure up to 16777214 remarks for a given IPv4, IPv6, or MAC.
seq deny (IPv6) Assigns a sequence number to deny IPv6 addresses while creating the filter. Syntax seq sequence-number deny [protocol-number icmp | ip | tcp | udp] [A::B | A::B/x | any | host ipv6-address] [A::B | A::B/x | any | host ipv6-address] [capture | dscp value | fragment] Parameters ● sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. ● protocol-number — (Optional) Enter the protocol number, from 0 to 255.
Example Supported Releases OS10(config)# mac access-list macacl OS10(conf-mac-acl)# seq 10 deny 00:00:00:00:11:11 00:00:11:11:11:11 any cos 7 OS10(conf-mac-acl)# seq 20 deny 00:00:00:00:11:11 00:00:11:11:11:11 any vlan 2 10.2.0E or later seq deny icmp Assigns a filter to deny Internet Control Message Protocol (ICMP) messages while creating the filter. Syntax seq sequence-number deny icmp [A.B.C.D | A.B.C.D/x | any | host ip-address] [A.B.C.D | A.B.C.
Usage Information Example Supported Releases The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# seq 10 deny icmp any any capture session 1 10.2.0E or later seq deny ip Assigns a sequence number to deny IP addresses while creating the filter. Syntax seq sequence-number deny ip [A.B.C.D | A.B.C.D/x | any | host ip-address] [A.B.C.D | A.B.C.
Usage Information Example Supported Releases The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# seq 10 deny ipv6 any any capture session 1 10.2.0E or later seq deny tcp Assigns a filter to deny TCP packets while creating the filter. Syntax seq sequence-number deny tcp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.
seq deny tcp (IPv6) Assigns a filter to deny TCP packets while creating the filter. Syntax seq sequence-number deny tcp [A::B | A::B/x | any | host ipv6-address [operator]] [A::B | A:B/x | any | host ipv6-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | dscp value | fragment] Parameters ● sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. ● A::B — Enter the IPv6 address in hexadecimal format separated by colons.
○ fragment — (Optional) Use ACLs to control packet fragments. ○ ack — (Optional) Set the bit as acknowledgment. ○ fin — (Optional) Set the bit as finish—no more data from sender. ○ psh — (Optional) Set the bit as push. ○ rst — (Optional) Set the bit as reset. ○ syn — (Optional) Set the bit as synchronize. ○ urg — (Optional) Set the bit set as urgent. ● operator — (Optional) Enter a logical operator to match the packets on the specified port number.
○ range — Range of ports, including the specified port numbers. ● host ipv6-address — (Optional) Enter the IPv6 address to use a host address only. Default Not configured Command Mode IPV6-ACL Usage Information The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. Example Supported Releases OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# seq 10 deny udp any any capture session 1 10.2.
● any — (Optional) Set all routes which are subject to the filter: ○ capture — (Optional) Enter to capture packets the filter processes. ○ dscp value — (Optional) Enter the DSCP value to permit a packet, from 0 to 63. ○ fragment — (Optional) Enter to use ACLs to control packet fragments. ● host ipv6-address — (Optional) Enter the IPv6 address to be used as the host address.
seq permit icmp Assigns a sequence number to allow ICMP messages while creating the filter Syntax seq sequence-number permit icmp [A.B.C.D | A.B.C.D/x | any | host ipaddress] [A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | dscp value| fragment] Parameters ● sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. ● A.B.C.D — Enter the IP address in dotted decimal format. ● A.B.C.
seq permit ip Assigns a sequence number to allow packets while creating the filter. Syntax seq sequence-number permit ip [A.B.C.D | A.B.C.D/x | any | host ip-address] [A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | dscp value| fragment] Parameters ● sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. ● A.B.C.D — Enter the IP address in dotted decimal format. ● A.B.C.
seq permit tcp Assigns a sequence number to allow TCP packets while creating the filter. Syntax seq sequence-number permit tcp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [operator] ] [ack | fin | psh | rst | syn | urg] [capture | dscp value | fragment] Parameters ● sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. ● A.B.C.D — Enter the IP address in dotted decimal format.
○ fragment — (Optional) Use ACLs to control packet fragments. ○ ack — (Optional) Set the bit as acknowledgment. ○ fin — (Optional) Set the bit as finish—no more data from sender. ○ psh — (Optional) Set the bit as push. ○ rst — (Optional) Set the bit as reset. ○ syn — (Optional) Set the bit as synchronize. ○ urg — (Optional) Set the bit set as urgent. ● operator — (Optional) Enter a logical operator to match the packets on the specified port number.
○ range — Range of ports, including the specified port numbers. ● host ip-address — (Optional) Enter the IP address to use a host address only. Default Not configured Command Mode IPV4-ACL Usage Information The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. Example Supported Releases OS10(config)# ip access-list egress OS10(conf-ipv4-acl)# seq 5 permit udp any any capture session 1 10.2.
show access-group Displays IP, MAC, or IPv6 access-group information. Syntax show {ip | mac | ipv6} access-group name Parameters ● ● ● ● Default Not configured Command Mode EXEC Usage Information None Example (IP) ip — View IP access list information. mac — View MAC access group information. ipv6 — View IPv6 access group information. access-group name — Enter the name of the access group.
Usage Information Example (MAC In) Example (MAC Out) Example (IP In) Example (IP Out) Example (IPv6 In) Example (IPv6 Out) Example (IP In - Control-plane ACL) 612 None OS10# show mac access-lists in Ingress MAC access list aaa Active on interfaces : ethernet 3/0 ethernet 3/1 seq 10 permit any any seq 20 permit 11:11:11:11:11:11 22:22:22:22:22:22 any monitor OS10# show mac access-lists out Egress MAC access list aaa Active on interfaces : ethernet 3/0 ethernet 3/1 seq 10 permit any any seq 20 permit
seq 10 permit ip any any control-plane mgmt seq 10 permit ip any any Example (IPv6 In - Control-plane ACL) Example (MAC In - Control-plane ACL) Supported Releases OS10# show ipv6 access-lists in Ingress IPV6 access-list aaa-cp-acl Active on interfaces : control-plane data seq 10 permit ipv6 any any control-plane mgmt seq 10 permit ipv6 any any OS10# show mac access-lists in Ingress MAC access-list mac-cp1 Active on interfaces : control-plane data seq 10 deny any any count (159 packets) 10.2.
permit no-export deny 1:1 Supported Releases 10.3.0E or later show ip extcommunity-list Displays the configured IP external community lists in alphabetic order. Syntax show ip extcommunity-list [name] Parameters name — (Optional) Enter the name of the extended IP external community list. A maximum of 140 characters.
Route-map commands continue Configures the next sequence of the route map. Syntax continue seq-number Parameters seq-number — Enter the next sequence number, from 1 to 65535. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes a match. Example Supported Releases OS10(config)# route-map bgp OS10(conf-route-map)# continue 65535 10.3.0E or later match as-path Configures a filter to match routes that have a certain AS path in their BGP paths.
Supported Releases 10.3.0E or later match extcommunity Configures a filter to match routes that have a certain EXTCOMMUNITY attribute in their BGP path. Syntax match extcommunity extcommunity-list-name [exact-match] Parameters ● extcommunity-list-name — Enter the name of a configured extcommunity list. ● exact-match — (Optional) Select only those routes with the specified extcommunity list name.
Command Mode ROUTE-MAP Usage Information The no version of this command deletes a match. Example Supported Releases OS10(config)# route-map bgp OS10(conf-route-map)# match ip address prefix-list test10 10.3.0E or later match ip next-hop Configures a filter to match based on the next-hop IP addresses specified in IP prefix lists. Syntax match ip next-hop prefix-list prefix-list Parameters prefix-list — Enter the name of the configured prefix list. A maximum of 140 characters.
Command Mode ROUTE-MAP Usage Information The no version of this command deletes the match. Example Supported Releases OS10(config)# route-map bgp OS10(conf-route-map)# match ipv6 next-hop prefix-list test100 10.3.0E or later match metric Configures a filter to match on a specific value. Syntax match metric metric-value Parameters metric-value — Enter a value to match the route metric against, from 0 to 4294967295.
○ type–1 — Match only on OSPF Type 1 routes. ○ type–2 — Match only on OSPF Type 2 routes. ● ● internal — Match only on routes generated within OSPF areas. ● local — Match only on routes generated locally. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes the match. Example Supported Releases OS10(config)# route-map bgp OS10(conf-route-map)# match route-type external type-1 10.3.
set comm-list add Add communities in the specified list to the COMMUNITY attribute in a matching inbound or outbound BGP route. Syntax set comm-list {community-list-name} add Parameters community-list-name — Enter the name of an established community list (up to 140 characters).
Usage Information Example Supported Releases The no version of this command deletes a BGP COMMUNITY attribute assignment. OS10(config)# route-map bgp OS10(conf-route-map)# set community none 10.3.0E or later set extcomm-list add Add communities in the specified list to the EXT COMMUNITY attribute in a matching inbound or outbound BGP route. Syntax set extcomm-list extcommunity-list-name add Parameter extcommunity-list-name — Enter the name of an established extcommunity list (up to 140 characters).
● asn4:nnnn — Enter an AS number in 4-byte format; for example, 1–4294967295:1–65535 or 1– 65535.1–65535:1–65535. ● ip-addr:nn — Enter an AS number in dotted format, from 1 to 65535. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes the set clause from a route map. Example Supported Releases OS10(config)# route-map bgp OS10(conf-route-map)# set extcommunity rt 10.10.10.2:325 10.3.
Supported Releases 10.2.0E or later set metric-type Set the metric type for the a redistributed routel. Syntax set metric-type {type-1 | type-2 | external} Parameters ● type-1 — Adds a route to an existing community. ● type-2 — Sends a route in the local AS. ● external — Disables advertisement to peers. Default Not configured Command Mode ROUTE-MAP Usage Information ● BGP Affects BGP behavior only in outbound route maps and has no effect on other types of route maps.
Example (IPv6) Supported Releases OS10(conf-route-map)# set ipv6 next-hop 11AA:22CC::9 10.2.0E or later set origin Set the origin of the advertised route. Syntax set origin {egp | igp | incomplete} Parameters ● egp — Enter to add to existing community. ● igp — Enter to send inside the local-AS. ● incomplete — Enter to not advertise to peers. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes the set clause from a route map.
Example Supported Releases OS10(conf-route-map)# set weight 200 10.2.0E or later show route-map Displays the current route map configurations. Syntax show route-map [map-name] Parameters map-name — (Optional) Specify the name of a configured route map. A maximum of 140 characters.
10 Quality of service Quality of service (QoS) reserves network resources for highly critical application traffic with precedence over less critical application traffic. QoS enables to prioritize different types of traffic and ensures the required level of quality of service. You can control the following parameters of selected traffic flows: Delay, Bandwidth, Jitter, and Drop.
Configuring QoS is a three-step process: 1. Create class-maps to classify the traffic flows. The following are the different types of class-maps: ● qos (default)—Classifies the ingress data traffic. ● queuing —Classifies the egress queues. ● control-plane—Classifies the control-plane traffic. ● network-qos—Classifies the set of traffic-class IDs for ingress buffer configurations. ● application —Classifies the application type traffic.
Ingress traffic classification Ingress traffic can be either data traffic or control traffic. By default, OS10 does not classify data traffic and assigns the default traffic class ID 0 to all data traffic. OS10 implicitly classifies all control traffic like STP, OSPF, ICMP, and so on, and forwards the traffic to control plane applications. Data traffic classification You can classify the data traffic based on ACL or trust. ACL based classification consumes significant amount of network processor resources.
3 0-4 5 5-7 4. Apply the map on a specific interface or on system-qos (global) level. ● Interface level OS10(conf-if-eth1/1/1)# trust-map dot1p dot1p-trust-map NOTE: In the interface level, the no version of the command returns the configuration to system-qos level. If there is no configuration available at the system-qos level, then the configuration returns to default mapping. ● System-qos level OS10(config-sys-qos)# trust-map dot1p dot1p-trust-map Configure default CoS trust map 1.
Table 35. Default DSCP trust map (continued) DSCP values TC id Color 44-47 5 Y 48-51 6 G 52-55 6 Y 56-59 7 G 60-62 7 Y 63 7 R User–defined DCSP trust map You can override the default mapping by creating a user defined DSCP trust map. All the unspecified DSCP entries are mapped to the default traffic class ID 0. Configure user–defined DSCP trust map 1. Create a DSCP trust map. OS10(config)# trust dscp-map dscp-trust-map OS10(config-tmap-dscp-map)# 2.
● System-qos level OS10(config-sys-qos)# trust-map dscp default ACL based classification Classify the ingress traffic by matching the packet fields using ACL entries. You can classify the traffic flows based on QoS specific fields or generic fields, using IP or MAC ACLs. Create class-map template to match the fields. OS10 allows matching any of the fields or all the fields based on the match type configured in the class-map. Use access-group match filter to match MAC or IP ACLs.
● Pre-defined IP access-list OS10(config-cmap-qos)# match ip access-group name ip-acl-1 ● Pre-defined IPv6 access-list OS10(config-cmap-qos)#match ipv6 access-group name ACLv6 ● Pre-defined MAC access-list OS10(config-cmap-qos)# match mac access-group name mac-acl-1 3. Create a qos type policy-map to refer the classes. OS10(config)# policy-map cos-policy 4. Refer the class-maps in the policy-map and define the required action for the flows.
OS10(conf-if-eth1/1/1)# service-policy input type qos p1 or OS10(config)# system qos OS10(config-sys-qos)# service-policy input type qos p1 Control-plane policing Control-plane policing (CoPP) increases security on the system by protecting the route processor from unnecessary traffic and giving priority to important control plane and management traffic. CoPP uses a dedicated control plane configuration through the QoS CLIs to set rate-limiting capabilities for control plane packets.
● Assign the QoS service policy to control plane queues. By default, the peak information rate (pir) and committed information rate (cir) values are in packets per second (pps) for control plane. CoPP for CPU queues converts the input rate from kilobits per second (kbps) to packets per second (pps), assuming 64 bytes is the average packet size, and applies that rate to the corresponding queue – 1 kbps is roughly equivalent to 2 pps. 1.
Assign control-plane service-policy OS10(config)# control-plane OS10(conf-control-plane)# service-policy input copp1 View control-plane service-policy OS10(conf-control-plane)# do show qos control-plane Service-policy (input): copp1 View configuration Use the show commands to display the protocol traffic assigned to each control-plane queue and the current rate-limit applied to each queue. You can also use the show command output to verify the CoPP configuration.
Egress traffic classification Egress traffic is classified into different queues based on the traffic-class ID marked on the traffic flow. You can set the traffic class ID for a flow by enabling trust or by classifying ingress traffic and mark it with a traffic class ID using a policy map. By default, the value of traffic class ID for all the traffic is 0. The order of precedence for qos-map is: 1. Interface level map 2. System-qos level map 3. Default map Table 37.
1. Create a class-map of type queuing to match queue 5 OS10(config)# class-map type queuing q5 2. Define the queue to match OS10(config-cmap-queuing)# match queue 5 Policing traffic Use policing to limit the rate of ingress traffic flow. The flow can be all the ingress traffic on a port or a particular flow assigned with a traffic class ID. In addition, you can use policing to color the traffic. ● When traffic arrives at a rate less than the committed rate, the color is green.
2. Create a QoS type policy-map to mark with a traffic class ID and assign it for the CoS flow. OS10(config)# policy-map cos3-TC3 OS10(config-pmap-qos)# class cmap-cos3 OS10(config-pmap-c-qos)# set qos-group 3 Color traffic You can select a traffic flow and mark it with a color. You can color the traffic flow based on: ● Metering. See Policing traffic on page 637. ● Default trust. See Trust based classification on page 628. ● DSCP , ECN capable traffic (ECT), or non-ECT.
3. (Optional) If you need rate shaping on a specific queue, match the corresponding qos-group in the class-map. If you do not configure the match qos-group command, rate shaping applies to all queues. match qos-group queue-number 4. Enter a minimum and maximum shape rate value in POLICY-MAP-QUEUEING-CLASS mode.
Class-map (queuing): lunar bandwidth percent 80 Strict priority queuing OS10 uses queues for egress QoS policy-types. You can enable priorities to dequeue all packets from the assigned queue before servicing any other queues. When more than one queue is assigned strict priority, the highest number queue receives the highest priority. You can configure strict priority to any number of queues. By default, all queues schedule traffic per WDRR.
OS10(config)# policy-map type queuing solar OS10(conf-pmap-queuing)# class magnum OS10(conf-pmap-c-que)# priority OS10(conf-pmap-c-que)# exit OS10(conf-pmap-queuing)# exit OS10(config)# system qos OS10(conf-sys-qos)# service-policy output solar View QoS system OS10(conf-sys-qos)# do show qos system Service-policy (output)(queuing): solar Enable strict priority on interface OS10(config)# interface ethernet 1/1/5 OS10(conf-if-eth1/1/5)# service-policy output type queuing solar View policy-map OS10(conf-if-eth
The following table lists the maximum buffer size for different platforms. Table 38. Maximum buffer size Platforms Max buffer size S4000 12 MB S6010–ON, S4048–ON 16 MB S41xx 12 MB Z9100–ON 16 MB Default settings for Link-level flow control (LLFC) The following table lists the LLFC buffer settings for the default priority group 7. Table 39.
All port queues are allocated with reserved buffers and when the reserved buffers are consumed, each queue starts using the shared buffer from the default pool. The reserved buffer per queue is 1664 bytes for the speed of 10G, 25G, 40G, 50G, and 100G. The default dynamic shared buffer threshold value is 8. Configure queue buffer settings 1. Create queuing type class-map to match the queue. OS10(config)# class-map type queuing q1 OS10(config-cmap-queuing)# match queue 1 2.
6. Enable WRED/ECN on a port. OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# random-detect wred_prof_1 7. Enable WRED/ECN on a service-pool. OS10(config)# system qos OS10(config-sys-qos)# random-detect pool 0 wred_prof_1 Configure congestion avoidance for the S4200 NOTE: For the S4200 platform, ECN can be enabled globally only. Also, ECN configurations can be applied only at the queue level. You cannot configure ECN at interface and service pool levels.
Storm control Traffic storms created by packet flooding or other reasons may degrade the performance of the network. The storm control feature allows you to control unknown unicast, multicast, and broadcast traffic on Layer 2 and Layer 3 physical interfaces. In the storm control unknown unicast configuration, both the unknown unicast and unknown multicast traffic are rate-limited.
5. Create queuing-type class-maps for enhanced transmission selection (ETS). OS10 OS10 OS10 OS10 (config)# (config)# (config)# (config)# class-map type queuing Q0 match queue 0 class-map type queuing Q3 match queue 3 6. Create a QoS map for ETS. OS10 (config)# qos-map traffic-class 2Q OS10 (config)# queue 0 qos-group 0-2, 4-7 OS10 (config)# queue 3 qos-group 3 7. Create a policy-map for PFC. OS10 (config)# policy-map type network-qos pfcdot1p3 OS10 (config)# class pfcdoc1p3 OS10 (config)# pause 8.
QoS commands bandwidth Assigns a percentage of weight to the queue. Syntax bandwidth percent value Parameters percent value — Enter the percentage assignment of bandwidth to the queue (1 to 100). Default Not configured Command Mode POLICY-MAP QUEUE Usage Information If you configure this command, you cannot use the priority command for the class. Example Supported Releases OS10(conf-pmap-que)# bandwidth percent 70 10.2.0E or later class Creates a QoS class for a type of policy-map.
● match-all — Determines how packets are evaluated when multiple match criteria exist. Enter the keyword to determine that all packets must meet the match criteria to be assigned to a class. ● match-any — Determines how packets are evaluated when multiple match criteria exist. Enter the keyword to determine that packets must meet at least one of the match criteria to be assigned to a class. ● class-map-name — Enter a class-map name (up to 32 characters).
clear qos statistics type Clears all queue counters for the control-plane, qos, and queueing. Syntax clear qos statistics type {{qos | queuing | control-plane} [interface ethernet node/slot/port[:subport]]} Parameters ● ● ● ● Default Not configured Command Mode EXEC Usage Information None Example qos — Clears qos type statistics. queuing — Clears queueing type statistics. control-plane — Clears control-plane type statistics.
NOTE: In S5148F-ON, when receive is turned on, it enables decoding of both LLFC and PFC frames on that port. ● transmit — (Optional) Indicates the local port can send flow control packets to a remote device. ● on — (Optional) When used with receive, allows the local port to receive flow control traffic. When used with transmit, allows the local port to send flow control traffic to the remote device.
match cos Matches a cost of service (CoS) value to L2 dot1p packets. Syntax match [not] cos cos-value Parameters ● cos-value — Enter a CoS value (0 to 7). ● not — Enter not to cancel the match criteria. Default Not configured Command Modes CLASS-MAP Usage Information You cannot have two match statements with the same filter-type. If you enter two match statements with the same filter-type, the second statement overwrites the first statement.
Command Mode CLASS-MAP Usage Information You cannot enter two match statements with the same filter-type. If you enter two match statements with the same filter-type, the second statement overwrites the first statement. Example Supported Releases OS10(conf-cmap-qos)# match not ipv6 precedence 3 10.2.0E or later match queue Configures a match criteria for a queue. Syntax match queue queue-number Parameters queue-number — Enter a queue number (0 to 7).
Usage Information Example Supported Releases The no version of this command returns the value to the default. OS10(conf-pmap-nqos-c)# mtu 2500 10.3.0E or later pause Enables a pause based on buffer limits for the port to start or stop communication to the peer. Syntax pause [buffer-size size pause-threshold xoff-size resume-threshold xonsize] Parameters ● buffer-size size — (Optional) Enter the ingress buffer size which is used as a guaranteed buffer in KB.
pfc-cos Configures priority flow-control for cost of service (CoS). Syntax pfc-cos cos-value Parameters cos-value — Enter a single, comma-delimited, or hyphenated range of CoS values for priority flowcontrol to enable (0 to 7). Default Not configured Command Mode POLICY-MAP-CLASS-MAP Usage Information To configure link-level flow-control, do not configure pfc-cos for the matched class for this policy.
Command Mode SYSTEM-QOS Usage Information The no version of this command returns the value to the default. Example Supported Releases OS10(conf-sys-qos)# pfc-shared-buffer-size 2000 10.3.0E or later pfc-shared-headroom-buffer-size Configures the shared headroom size for absorbing the packets after pause frames are generated. NOTE: This command is available only on Z9100-ON and HE-IOM.
Supported Releases 10.2.0E or later policy-map Enters QoS POLICY-MAP mode and creates or modifies a QoS policy-map. Syntax policy-map policy-map-name [type {qos | queuing | control-plane | application | network-qos }] Parameters ● policy-map-name — Enter a class name for the policy-map (up to 32 characters). ● type — Enter the policy-map type. ○ qos — Create a qos policy-map type. ○ queuing — Create a queueing policy-map type. ○ control-plane — Create a control-plane policy-map type.
Command Mode INTERFACE Usage Information Before enabling priority flow-control on a interface, verify a matching network-qos type policy is configured with the pfc-cos value for an interface. Use this command to disable priority flow-control if you are not using a network-qos type policy for an interface. The no version of this command returns the value to the default. Example Supported Releases OS10(conf-if-eth1/1/2)# priority-flow-control mode on 10.3.
queue-limit Configures static or dynamic shared buffer thresholds. Syntax queue-limit {queue-len value | thresh-mode [dynamic threshold-alpha-value | static threshold-value]} Parameters ● queue-len value — Enter the guaranteed size for queue (0 to 8911).
Command Mode POLICY-MAP-CLASS-MAP Usage Information The no version of this command removes the bandwidth from the queue. Example Supported Releases 10.4.0E(R1) or later queue qos-group Configures a dot1p traffic class to a queue. Syntax queue number [qos-group dot1p-values] Parameters ● queue number — Enter the traffic single value queue ID (0 to 7). ● qos-group dot1p-values — (Optional) Enter either single, comma-delimited, or a hyphenated range of dot1p values (0 to 7).
Command Mode PMAP-C-QUE Usage Information The no version of this command removes the WRED profile from the queue. Example Supported Releases OS10(config)# policy-map type queuing p1 OS10(config-pmap-queuing)# class c1 OS10(config-pmap-c-que)# random-detect test_wred 10.4.0E(R1) or later random-detect color Configures the threshold of WRED profile for available colors.
random-detect ecn Enables Explicit Congestion Notification (ECN) for the system globally. Syntax random-detect ecn Default Not configured Command Mode SYSTEM QOS Usage Information The no version of this command disables ECN globally. NOTE: The function of this command to enable ECN globally is supported only on the S4200 platform. In the SYSTEM QOS mode, this command is not available on other platforms.
Supported Releases 10.4.0E(R1) or later service-policy Configures the input and output service policies. Syntax service-policy {input | output} [type {qos | queuing | network-qos}] policy-map-name Parameters ● ● ● ● ● ● Default Not configured Command Mode INTERFACE Usage Information Attach only one policy-map to the interface input and output for each qos and queuing policy-map type.
Command Mode POLICY-MAP-CLASS-MAP Usage Information When class-map type is qos, the qos-group corresponds to data queues 0 to 7. Example Supported Releases OS10(conf-pmap-c-qos)# set dscp 10 10.2.0E or later set qos-group Configures marking for the QoS-group queues. Syntax set qos-group queue-number Parameters queue-number — Enter a queue number (0 to 7).
show class-map Displays configuration details of all existing class-maps. Syntax show class-map [type {control-plane | qos | queuing | network-qos} classmap-name] Parameters ● ● ● ● ● ● Default Not configured Command Mode EXEC Usage Information This command displays all class-maps of qos, queuing, network-qos, or control-plane type. The class-map-name parameter displays all details of a configured class-map name.
show control-plane statistics Displays counters of all the CPU queue statistics. Syntax show control-plane info Parameters None Default Not configured Command Mode EXEC Usage Information None Example Supported Releases OS10# Queue 0 1 2 3 4 5 6 7 8 9 10 11 show control-plane statistics Packets Bytes Dropped Packets Dropped Bytes 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 172 0 0 0 0 0 0 32048 2180484 0 0 14140 2569184 0 0 0 0 0 0 0 0 0 0 0 0 0 0 10.2.
Supported Releases 10.3.0E or later show qos interface Displays the QoS configuration applied to a specific interface. Syntax show qos interface ethernet node/slot/port[:subport] Parameters node/slot/port[:subport] — Enter the Ethernet interface information.
show qos control-plane Displays the QoS configuration applied to the control-plane. Syntax show qos control-plane Parameters None Default Not configured Command Mode EXEC Usage Information Monitors statistics for the control-plane and troubleshoots CoPP. Example Supported Releases OS10# show qos control-plane Service-policy (Input): p1 10.2.0E or later show qos egress bufffers interface Displays egress buffer configurations.
Command Mode EXEC Usage Information None Example Supported Releases OS10# show qos egress buffer-stats interface ethernet 1/1/1 Interface : ethernet1/1/1 Speed : 0 Queue TX TX Used Total Used shared pckts bytes buffers buffers ---------------------------------------------------------------------------0 0 0 0 0 1 0 0 0 0 2 0 0 0 0 3 0 0 0 0 4 0 0 0 0 5 0 0 0 0 6 0 0 0 0 7 0 0 0 0 10.3.0E or later show qos ingress buffers interface Displays interface buffer configurations.
Default Not configured Command Mode EXEC Usage Information None Example Supported Releases OS10# show qos ingress buffer-stats interface ethernet 1/1/1 Interface : ethernet1/1/1 Speed : 0 Priority Used Total Used HDRM Group buffers buffers -----------------------------------------------0 0 0 1 0 0 2 0 0 3 0 0 4 0 0 5 0 0 6 0 0 7 0 0 10.3.0E or later show queuing statistics Displays QoS queuing statistics information.
show qos system Displays the QoS configuration applied to the system. Syntax show qos system Parameters None Default Not configured Command Mode EXEC Usage Information View and verify system-level service-policy configuration information. Example OS10# show qos system ETS Mode : off ECN Mode : off shows whether the ECN is enabled globally or not Service-policy (Input) (qos) : policy1 Service-policy (Output)(queuing) : policy2 Supported Releases 10.4.1.
show qos maps Displays the active system trust map. Syntax show qos maps type {tc-queue | trust-map-dot1p | trust-map dscp} trust-mapname Parameters ● ● ● ● Default Not configured Command Mode EXEC Usage Information None Example (dot1p) dot1p — Enter to view the dot1p trust map. dscp — Enter to view the dscp trust map. tc-queue—Enter to view the traffic class to queue map. trust-map — Enter the name of the trust map.
Default Dot1p Priority to Traffic-Class Map Traffic-Class DOT1P Priority ------------------------------0 1 1 0 2 2 3 3 4 4 5 5 6 6 7 7 Default Dscp Priority to Traffic-Class Map Traffic-Class DSCP Priority ------------------------------0 0-7 1 8-15 2 16-23 3 24-31 4 32-39 5 40-47 6 48-55 7 56-63 Default Traffic-Class to Queue Map Traffic-Class Queue number ------------------------------0 0 1 1 2 2 3 3 4 4 5 5 6 6 7 7 OS10# Example (dscp) OS10# show qos trust-map dscp new-dscp-map new-dscp-map qos-group Dsc
Example Example (S4200) — When ECN is enabled globally.
trust-map Configures trust map on an interface or on system QoS. Syntax trust—map {dot1p | dscp} {default | trust-map-name} Parameters ● ● ● ● Default Disabled Command Mode INTERFACE dot1p — Apply dot1p trust map. dscp — Apply dscp trust map. default — Apply default dot1p or dscp trust map. trust-map-name — Enter the name of trust map. SYSTEM-QoS Usage Information Example Use this command to apply the trust map on interface or System QoS.
Default Not configured Command Mode CONFIGURATION Usage Information default-dscp-trust is a reserved trust-map name. If trust is enabled, traffic obeys this trust map. The no version of this command returns the value to the default. Example Supported Releases OS10(config)# trust dscp-map dscp-trust1 10.3.0E or later qos-map traffic-class Creates user-defined trust map for queue mapping. In S5148F-ON, apply the traffic class only on the egress traffic.
wred Configures a weighted random early detection (WRED) profile. Syntax wred wred-profile-name Parameters wred-profile-name — Enter a name for the WRED profile. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the WRED profile. Example Supported Releases 676 OS10(config)# wred test_wred OS10(config-wred)# 10.4.
11 Virtual Link Trunking Virtual Link Trunking (VLT) is a Layer 2 (L2) aggregate protocol between end devices (servers) connected to different network devices. VLT reduces the role of Spanning Tree Protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distribution or core switches and supporting a loop-free topology.
L3 VLAN connectivity Enable L3 VLAN connectivity (VLANs assigned with an IP address) on VLT peers by configuring a VLAN interface for the same VLAN on both devices. Optimized forwarding with VRRP To enable optimized L3 forwarding over VLT, use VRRP Active-Active mode. VRRP Active-Active mode enables each peer to locally forward L3, resulting in reduced traffic flow between peers over the VLTi. Spanning-Tree Protocol RSTP and RPVST+ are supported on VLT ports. NOTE: 802.
● Configure the same VLT domain ID on peer devices. If a VLT domain ID mismatch occurs on VLT peers, the VLTi does not activate. ● In a VLT domain, VLT peers support connections to network devices that connect to only one peer. VLT interconnect A VLTi is the link that synchronizes states between VLT peers. OS10 automatically adds VLTi ports to VLANs spanned across VLT peers. VLTi ports are not supported as members of VLANs configured on only one peer.
RSTP configuration RSTP mode is supported on VLT ports. Before you configure VLT on peer switches, configure RSTP in the network. RSTP prevents loops during the VLT startup phase. ● Enable RSTP on each peer node in CONFIGURATION mode.
RPVST+ configuration RPVST+ mode is supported on VLT ports. Before you configure VLT on peer switches, configure RPVST+ in the network. You can use RPVST+ for initial loop prevention during the VLT startup phase. Configure RPVST+ on both the VLT peers. This creates an RPVST+ instance for every VLAN configured in the system. The RPVST+ instances in the primary VLT peer control the VLT LAGs on both the primary and secondary peers. ● Enable RPVST+ on each peer node in CONFIGURATION mode.
1. Configure a VLT domain and enter VLT-DOMAIN mode. Configure the same VLT domain ID on each peer, from 1 to 255. vlt-domain domain-id 2. Repeat the steps on the VLT peer to create the VLT domain. Peer 1 OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# Peer 2 OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# VLTi configuration Before you configure VLTi on peer interfaces, remove each interface from L2 mode with the no switchport command, see VLT interconnect. 1.
Example configuration: OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# vlt-mac 00:00:00:00:00:02 NOTE: Dell EMC Networking recommends configuring the VLT MAC address manually on both the VLT peer switches. Use the same MAC address on both peers. Configure the delay restore timer When the secondary VLT node boots, it waits for a pre-configured amount of time (delay restore) to restore the VLT port status. This delay enables VLT peers to complete the control data information exchange.
Support for new streams during VLTi failure If the VLTi fails, MAC addresses that are learned after the failure are not synchronized with VLT peers. Thus, instead of unicast, the VLTi failure causes a continuous traffic flood. If the VLTi links fail, MAC and ARP synchronization does not happen, and it causes the system to flood L2 packets and drop L3 packets.
VLT Peer 2 is not synchronized with the MAC address of Host 2 because the VLTi link is down. When traffic from Host 1 is sent to VLT Peer 2, VLT Peer 2 floods the traffic. When the VLT backup link is enabled, the secondary VLT Peer 2 identifies the node liveliness through the backup link. If the primary is up, the secondary peer brings down VLT port channels. The traffic from Host 1 reaches VLT Peer 1 and then reaches the destination, Host 2.
Role of VLT backup link in the prevention of loops during VLTi failure When the VLTi is down, STP may fail to detect any loops in the system. This failure creates a data loop in an L2 network. As shown, STP is running in all three switches: In the steady state, VLT Peer 1 is elected as the root bridge. When the VLTi is down, both the VLT nodes become primary. In this state, VLT Peer 2 sends STP BPDU to TOR assuming that TOR sends BPDU to VLT Peer 1.
When the VLT backup link is enabled, the secondary VLT peer identifies the node liveliness of primary through the backup link. If the primary VLT peer is up, the secondary VLT peer brings down the VLT port channels. In this scenario, the STP opens up the orphan port and there is no loop in the system, as shown: Configure VLT port-channel A VLT port-channel links an attached device and VLT peer switches, also known as a virtual link trunk. 1.
Configure VLT LAG — peer 1 OS10(config)# interface port-channel 10 OS10(conf-if-po-10)# vlt-port-channel 1 Configure VLT LAG — peer 2 OS10(config)# interface port-channel 20 OS10(conf-if-po-20)# vlt-port-channel 1 VLT unicast routing VLT unicast routing enables optimized routing where packets destined for the L3 endpoint of the VLT peer are locally routed. VLT unicast routing is supported for IPv4 and IPv6. To enable VLT unicast routing, both VLT peers must be in L3 mode.
2. Configure VRRP on the L3 VLAN that spans both peers. 3. Repeat the steps on the VLT peer. Configure VRRP active-active mode — peer 1 OS10(conf-if-vl-10)# vrrp mode active-active Configure VRRP active-active mode — peer 2 OS10(conf-if-vl-10)# vrrp mode active-active View VRRP configuration OS10# show running-configuration interface vlan 10 ! interface vlan10 no shutdown no vrrp mode active-active OS10# Migrate VMs across data centers OS10 does not support proxy gateway.
● ● ● ● ● ● ● Server racks, Rack 1 and Rack 2, are part of data centers DC1 and DC2, respectively. Rack 1 is connected to devices A1 and B1 in a Layer 2 network segment. Rack 2 is connected to devices A2 and B2 in a Layer 2 network segment. A VLT link aggregation group (LAG) is present between A1 and B1 as well as A2 and B2. A1 and B1 are connected to core routers, C1 and D1 with VLT routing enabled. A2 and B2 are connected to core routers, C2 and D2, with VLT routing enabled.
● Configure VLT port channel for VLAN 100: C1(config)# interface port-channel 10 C1(conf-if-po-10)# vlt-port-channel 10 C1(conf-if-po-10)# switchport mode trunk C1(conf-if-po-10)# switchport trunk allowed vlan 100 C1(conf-if-po-10)# exit ● Add members to port channel 10: C1(config)# interface C1(conf-if-eth1/1/3)# C1(conf-if-eth1/1/3)# C1(config)# interface C1(conf-if-eth1/1/4)# C1(conf-if-eth1/1/4)# ethernet 1/1/3 channel-group 10 exit ethernet 1/1/4 channel-group 10 exit ● Configure OSPF on L3 side of c
D1(config)# interface vlan 200 D1(conf-if-vl-200)# ip ospf 100 area 0.0.0.
● Configure VRRP on L2 links between core routers: D2(config)# interface vlan 100 D2(conf-if-vl-100)# ip address 10.10.100.4/24 D2(conf-if-vl-100)# vrrp-group 10 D2(conf-vlan100-vrid-10)# virtual-address 10.10.100.
● View detailed information about VLT ports in EXEC mode. show vlt domain-id vlt-port-detail ● View the current configuration of all VLT domains in EXEC mode. show running-configuration vlt View peer-routing information OS10# show vlt 255 Domain ID Unit ID Role Version Local System MAC address Role priority VLT MAC address IP address Delay-Restore timer Peer-Routing Peer-Routing-Timeout timer VLTi Link Status port-channel1000 : : : : : : : : : : : 255 1 primary 2.
---------------------------------* 1 2 4 VLT VLAN mismatch: VLT ID : 1 VLT Unit ID Mismatch VLAN List -------------------------------* 1 1 2 2 VLT ID : 2 VLT Unit ID Mismatch VLAN List ---------------------------------* 1 1 2 2 View VLT port details * indicates the local peer OS10# show vlt 1 vlt-port-detail VLT port channel ID : 1 VLT Unit ID Port-Channel Status Configured ports Active ports ---------------------------------------------------------------------* 1 port-channel1 down 2 0 2 port-channel1 down
● interval interval-time — (Optional) Enter the time in seconds to configure the heartbeat interval. Default Not configured Command Mode VLT-DOMAIN Usage Information The no version of this command removes the IP address from the backup link. Example OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.151.110 vrf management interval 30 OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination ipv6 1::1 vrf management interval 30 Supported Releases 10.3.
Example (range) Supported Releases OS10(config)# vlt-domain 2 OS10(conf-vlt-2)# discovery-interface ethernet 1/1/1-1/1/12 10.2.0E or later peer-routing Enables or disables L3 routing to peers. Syntax peer-routing Parameters None Default Disabled Command Mode VLT-DOMAIN Usage Information The no version of this command disables L3 routing. Example Supported Releases OS10(conf-vlt-1)# peer-routing 10.2.
Usage Information Example Supported Releases ● After you configure a VLT domain on each peer switch and connect (cable) the two VLT peers on each side of the VLT interconnect, the system elects a primary and secondary VLT peer device. To configure the primary and secondary roles before the election process, use the primary-priority command. Enter a lower value on the primary peer and a higher value on the secondary peer.
Designated port ID: 0.1, designated path cost: 0 Number of transitions to forwarding state: 1 Edge port: No (default) Link Type: Point-to-Point BPDU Sent: 15, Received: 5 OS10# show spanning-tree virtual-interface detail Port 1 (VFP(VirtualFabricPort)) of vlan1 is designated Forwarding Port path cost 1, Port priority 0, Port Identifier 0.1 Designated root priority: 4097, address: 90:b1:1c:f4:a6:02 Designated bridge priority: 4097, address: 90:b1:1c:f4:a6:02 Designated port ID: 0.
show vlt backup-link Displays the details of heartbeat status. Syntax show vlt domain-id backup-link Parameters domain-id — Enter the VLT domain ID. Default Not configured Command Mode EXEC Usage Information None Example Supported Releases OS10# show vlt 255 backup-link VLT Backup Link -----------------------Destination Peer Heartbeat status Heartbeat interval Heartbeat timeout : : : : 10.16.208.164 Up 1 3 10.3.
show vlt mismatch Displays mismatches in a VLT domain configuration. Syntax show vlt id mismatch [peer-routing | vlan | vlt-vlan vlt-port-id] Parameters ● ● ● ● Default Not configured Command Mode EXEC Usage Information The * in the mismatch output indicates a local node entry. Example (no mismatch) id — Enter the VLT domain ID, from 1 to 255. peer-routing — Display mismatches in peer-routing configuration. vlan — Display mismatches in VLAN configuration in the VLT domain.
Example (mismatch VLT VLAN) Supported Releases OS10# show vlt 1 mismatch vlt-vlan VLT ID : 1 VLT Unit ID Mismatch VLAN List ------------------------------------* 1 1 2 2 VLT ID : 2 VLT Unit ID Mismatch VLAN List -----------------------------------* 1 1 2 2 10.2.0E or later show vlt role Displays the VLT role of the local peer. Syntax show vlt id role Parameters id — Enter the VLT domain ID, from 1 to 255.
VLT ID : 3 VLT Unit ID Port-Channel Status Configured ports Active ports --------------------------------------------------------------------2 port-channel3 down 1 0 Supported Releases 10.2.0E or later vlt-domain Creates a VLT domain. Syntax vlt-domain domain-id Parameter domain-id — Enter a VLT domain ID on each peer, from 1 to 255. Default None Command Mode CONFIGURATION Usage Information Configure the same VLT domain ID on each peer.
Usage Information Example Supported Releases Use this command to minimize the time required to synchronize the default MAC address of the VLT domain on both peer devices when one peer switch reboots. If you do not configure a VLT MAC address, the MAC address of the primary peer is used as the VLT MAC address across all peers. This configuration must be symmetrical in all the peer switches to avoid any unpredictable behavior. For example, unit down or VLTi reset.
12 Converged data center services OS10 supports converged data center services, including IEEE 802.1 data center bridging (DCB) extensions to classic Ethernet. DCB provides I/O consolidation in a data center network. Each network device carries multiple traffic classes while ensuring lossless delivery of storage traffic with best-effort for LAN traffic and latency-sensitive scheduling of service traffic. ● ● ● ● 802.1Qbb — Priority flow control 802.1Qaz — Enhanced transmission selection 802.
PFC configuration notes ● PFC is supported for 802.1p priority traffic (dot1p 0 to 7). FCoE traffic traditionally uses dot1p priority 3 — iSCSI storage traffic uses dot1p priority 4. ● Configure PFC for ingress traffic by using network-qos class and policy maps (see Quality of Service). The queues used for PFC-enabled traffic are treated as lossless queues. Configure the same network-qos policy map on all PFC-enabled ports.
2. Apply the trust dot1p-map policy to ingress traffic in SYSTEM-QOS or INTERFACE mode. trust-map dot1p trust-policy—map-name Configure traffic-class-queue mapping Decide if you want to use the default traffic-class-queue mapping or configure a non-default traffic-class-to-queue mapping. Traffic Class : 0 Queue : 0 1 1 2 2 3 3 4 4 5 5 6 6 7 7 If you are using the default traffic-class-to-queue map, no further configuration steps are necessary. 1.
to traffic class 1). Enter a single value, a hyphen-separated range, or multiple qos-group values separated by commas in CLASS-MAP mode. class—map type network-qos class—map-name match qos-group {1-7} exit 2. (Optional) Repeat Step 1 to configure additional PFC traffic-class class-maps. NOTE: In the S5148F-ON, PFC is not supported on priority 0. Configure pause and ingress buffers for PFC traffic See PFC configuration notes for the default ingress queue settings and the default dot1p priority-queue mapping.
OS10(config)# system qos OS10(config-sys-qos)# service-policy input type qos pclass1 OS10(config-sys-qos)# exit OS10(config)# class-map type network-qos cc1 OS10(config-cmap-nqos)# match qos-group 3 OS10(config-cmap-nqos)# exit OS10(config)# class-map type network-qos cc2 OS10(config-cmap-nqos)# match qos-group 4 OS10(config-cmap-nqos)# exit OS10(config)# policy-map type network-qos pp1 OS10(config-pmap-network-qos)# class cc1 OS10(config-pmap-c-nqos)# pause buffer-size 30 pause-threshold 20 resume-threshol
Total buffers Total PFC buffers Total shared PFC buffers Total used shared PFC buffers Total lossy buffers Total shared lossy buffers Total used shared lossy buffers - 12187 877 832 665 11309 10816 1534 OS10(config)# show qos system egress buffer All values are in kb Total buffers - 12187 Total PFC buffers - 877 Total shared PFC buffers - 877 Total used shared PFC buffers - 0 Total lossy buffers - 11309 Total shared lossy buffers - 8983 Total used shared lossy buffers - 2237 View PFC ingress buffer stati
Command Mode POLICY-CLASS NETWORK-QOS Usage Information Use the pause command without optional parameters to apply the default ingress-buffer size, and pause (XON) and resume (XOFF) thresholds. Default values for the buffer-size, pause-threshold, and resume-threshold parameters vary across interface types and port speeds. The default values are based on the default MTU size of 9216 bytes.
Example Supported Releases OS10(config)# system qos OS10(conf-sys-qos)# pause-shared-buffer-size 1024 10.3.0E or later priority-flow-control Enables PFC on ingress interfaces. Syntax priority-flow-control {mode on} Parameter mode on — Enable PFC for FCoE and iSCSI traffic on an interface without enabling DCBX. Default Disabled Command Mode INTERFACE Usage Information Before you enable PFC, apply a network-qos policy-class map with the specific PFC dot1p priority values to the interface.
show interface priority-flow-control Displays PFC operational status, configuration, and statistics on an interface.
ETS configuration notes ● ETS is supported on L2 802.1p priority (dot1p 0 to 7) and L3 DSCP (0 to 63) traffic. FCoE traffic uses dot1p priority 3 — iSCSI storage traffic uses dot1p priority 4. ● Apply these maps and policies on interfaces: ○ Trust maps — OS10 interfaces do not honor the L2 and L3 priority fields in ingress traffic by default. Create a trust map to honor dot1p and DSCP classes of lossless traffic. A trust map does not change ingress dot1p and DSCP values in egress flows.
2. Configure a QoS map with trusted traffic-class (qos-group) to lossless-queue mapping in CONFIGURATION mode. Assign one or more qos-groups (0-7) to a specified queue in QOS-MAP mode. Enter multiple qos-group values in a hyphenated range or separated by commas. Enter multiple queue qos-group entries, if necessary. qos-map traffic-class queue-map-name queue {0-7} qos-group {0-7} exit 3. Apply the default trust map specifying that dot1p and dscp values are trusted in SYSTEM-QOS or INTERFACE mode.
Configure ETS OS10(config)# trust dot1p-map dot1p_map1 OS10(config-trust-dot1pmap)# qos-group 0 dot1p 0-3 OS10(config-trust-dot1pmap)# qos-group 1 dot1p 4-7 OS10(config-trust-dot1pmap)# exit OS10(config)# trust dscp-map dscp_map1 OS10(config-trust-dscpmap)# qos-group 0 dscp 0-31 OS10(config-trust-dscpmap)# qos-group 1 dscp 32-63 OS10(config-trust-dscpmap)# exit OS10(config)# qos-map traffic-class tc-q-map1 OS10(config-qos-tcmap)# queue 0 qos-group 0 OS10(config-qos-tcmap)# queue 1 qos-group 1 OS10(config-qo
ETS commands ets mode on Enables ETS on an interface. Syntax ets mode on Parameter None Default Disabled Command Mode INTERFACE Usage Information Enable ETS on all switch interfaces in SYSTEM-QOS mode or on an interface or interface range in INTERFACE mode. The no version of this command disables ETS. Example Supported Releases OS10(config-sys-qos)# ets mode on 10.3.
DCBX configuration notes ● To exchange link-level configurations in a converged network, DCBX is a prerequisite for using DCB features, such as PFC and ETS. DCBX is also deployed in topologies that support lossless operation for FCoE or iSCSI traffic. In these scenarios, all network devices must be DCBX-enabled so that DCBX is enabled end-to-end. ● DCBX uses LLDP to advertise and automatically negotiate the administrative state and PFC/ETS configuration with directly connected DCB peers.
Configure DCBX View DCBX configuration OS10# show lldp dcbx interface ethernet 1/1/15 E-ETS Configuration TLV enabled e-ETS Configuration TLV disabled R-ETS Recommendation TLV enabled r-ETS Recommendation TLV disabled P-PFC Configuration TLV enabled p-PFC Configuration TLV disabled F-Application priority for FCOE enabled f-Application Priority for FCOE disabled I-Application priority for iSCSI enabled i-Application Priority for iSCSI disabled -----------------------------------------------------------------
View DCBX ETS TLV status OS10# show lldp dcbx interface ethernet 1/1/15 ets detail Interface ethernet1/1/15 Max Supported PG is 8 Number of Traffic Classes is 8 Admin mode is on Admin Parameters : -----------------Admin is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3 70% ETS 1 4,5,6,7 30% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP 15 0% SP Remote Parameters : ------------------Remote is enabled PG-grp Priority# Bandwidth TSA -----------------------
DCBX commands dcbx enable Enables DCBX globally on all port interfaces. Syntax dcbx enable Parameters None Default Disabled Command Mode CONFIGURATION Usage Information DCBX is disabled at a global level and enabled at an interface level by default. For DCBX to be operational, DCBX must be enabled at both the global and interface levels. Enable DCBX globally with the dcbx enable command to activate the exchange of DCBX TLV messages with PFC, ETS, and iSCSI configurations.
Usage Information Example Supported Releases In auto mode, a DCBX-enabled port detects an incompatible DCBX version on a peer device port and automatically reconfigures a compatible version on the local port. The no version of this command disables the DCBX version. OS10(conf-if-eth1/1/2)# dcbx version cee 10.3.0E or later lldp tlv-select dcbxp Enables and disables DCBX on a port interface.
Pkts Pkts DCBX Operational Status is Enabled Is Configuration Source? FALSE Local DCBX Compatibility mode is IEEEv2.5 Local DCBX Configured mode is IEEEv2.5 Peer Operating version is IEEEv2.
Oper status is init ETS DCBX Oper status is Up State Machine Type is Asymmetric Conf TLV Tx Status is enabled Reco TLV Tx Status is enabled 5 Input Conf TLV Pkts, 2 Output Conf TLV Pkts, 0 Error Conf TLV Pkts 5 Input Reco TLV Pkts, 2 Output Reco TLV Pkts, 0 Error Reco TLV Pkts Example (PFC detail) OS10# show lldp dcbx interface ethernet 1/1/15 pfc detail Interface ethernet1/1/15 Admin mode is on Admin is enabled, Priority list is 4,5,6,7 Remote is enabled, Priority list is 4,5,6,7 Remote Willing Status is
In an iSCSI session, a switch connects CNA servers (iSCSI initiators) to a storage array (iSCSI targets) in a storage area network (SAN) or TCP/IP network. iSCSI optimization running on the switch uses dot1p priority-queue assignments to ensure that iSCSI traffic receives priority treatment. iSCSI configuration notes ● When you enable iSCSI optimization, the switch auto-detects and auto-configures for Dell EqualLogic storage arrays directly connected to an interface.
1. Configure an interface or interface range to detect a connected storage device. interface ethernet node/slot/port:[subport] interface range ethernet node/slot/port:[subport]-node/slot/port[:subport] 2. Enable the interface to support a storage device that is directly connected to the port and not automatically detected by iSCSI. Use this command for storage devices that do not support LLDP.
OS10(config)# iscsi target port 3261 ip-address 10.1.1.
The information learnt about iSCSI sessions on VLT LAGs are synchronized with the VLT peers. The synchronization of the iSCSI sessions happens based on various scenarios: ● If the iSCSI login request is received on an interface that belongs to a VLT LAG, the information is synchronized with the VLT peer and the connection is associated with the interface. ● Any additional updates to connections, including aging updates, that are learnt on VLT LAG members are synchronized with the VLT peer.
Parameter priority-bitmap — Enter a bitmap value for the dot1p priority advertised for iSCSI traffic in iSCSI application TLVs (0x1 to 0xff). Default 0x10 (dot1p 4) Command Mode CONFIGURATION Usage Information iSCSI traffic uses dot1p priority 4 in frame headers by default. Use this command to reconfigure the dot1p-priority bits advertised in iSCSI application TLVs. Enter only one dot1p-bitmap value — setting more than one bitmap value with this command is not supported.
iscsi target port Configures the TCP ports used to monitor iSCSI sessions with target storage devices. Syntax iscsi target port tcp-port1 [tcp-port2, ..., tcp-port16] [ip-address ipaddress] Parameters ● tcp-port — Enter one or more TCP port numbers (0 to 65535). Separate TCP port numbers with a comma. ● ip-address ip-address — (Optional) Enter the IP address in A.B.C.D format of a storage array whose iSCSI traffic is monitored on the TCP port.
iSCSI session monitoring is Enabled iSCSI COS qos-group 4 remark dot1p 4 Session aging time 15 Maximum number of connections is 100 Port IP Address -----------------------3260 860 3261 10.1.1.1 Supported Releases 10.3.0E or later show iscsi session Displays information about active iSCSI sessions. Syntax show iscsi session [detailed] Parameter detailed — Displays a detailed version of the active iSCSI sessions.
Usage Information Example Supported Releases The command output displays the storage device connected to each switch port and whether iSCSI automatically detects it. OS10# show iscsi storage-devices Interface Name Storage Device Name Auto Detected Status ----------------------------------------------------------ethernet1/1/23 EQL-MEM true 10.3.
OS10(config-pmap-network-qos)# class OS10(config-pmap-c-nqos)# pause OS10(config-pmap-c-nqos)# pfc-cos 4 OS10(config-pmap-c-nqos)# exit OS10(config-pmap-network-qos)# class OS10(config-pmap-c-nqos)# pause OS10(config-pmap-c-nqos)# pfc-cos 5 OS10(config-pmap-c-nqos)# exit OS10(config-pmap-network-qos)# class OS10(config-pmap-c-nqos)# pause OS10(config-pmap-c-nqos)# pfc-cos 6 OS10(config-pmap-c-nqos)# exit OS10(config-pmap-network-qos)# class OS10(config-pmap-c-nqos)# pause OS10(config-pmap-c-nqos)# pfc-cos 7
Apply the service policies with dot1p trust and ETS configurations to an interface or on all switch interfaces. Only one qos-map traffic-class map is supported on a switch.
Oper status is init PFC DCBX Oper status is Up State Machine Type is Symmetric PFC TLV Tx Status is enabled Application Priority TLV Parameters : -------------------------------------ISCSI TLV Tx Status is enabled Local ISCSI PriorityMap is 0x10 Remote ISCSI PriorityMap is 0x10 4 Input TLV pkts, 3 Output TLV pkts, 0 Error pkts 4 Input Appln Priority TLV pkts, 3 Output Appln Priority TLV pkts, 0 Error Appln Priority TLV Pkts 9.
2 Input Conf TLV Pkts, 27 Output Conf TLV Pkts, 0 Error Conf TLV Pkts 2 Input Reco TLV Pkts, 27 Output Reco TLV Pkts, 0 Error Reco TLV Pkts 10. iSCSI optimization configuration (global) This example accepts the default settings for aging time and TCP ports used in monitored iSCSi sessions. A Compellant storage array is connected to the port. The policy-iscsi policy map sets the CoS dot1p priority used for iSCSI traffic to 6 globally on the switch. By default, iSCSI traffic uses priority 4.
ets mode on qos-map traffic-class tmap2 trust-map dot1p tmap1 priority-flow-control mode on OS10(conf-if-eth1/1/53)# do show lldp dcbx interface ethernet 1/1/53 E-ETS Configuration TLV enabled e-ETS Configuration TLV disabled R-ETS Recommendation TLV enabled r-ETS Recommendation TLV disabled P-PFC Configuration TLV enabled p-PFC Configuration TLV disabled F-Application priority for FCOE enabled f-Application Priority for FCOE disabled I-Application priority for iSCSI enabled i-Application Priority for iSCSI
DCBX Operational Status is Enabled Is Configuration Source? FALSE Local DCBX Compatibility mode is IEEEv2.5 Local DCBX Configured mode is IEEEv2.5 Peer Operating version is IEEEv2.
13 sFlow sFlow is a standard-based sampling technology embedded within switches and routers that monitors network traffic. It provides traffic monitoring for high-speed networks with many switches and routers.
● Disable sFlow in CONFIGURATION mode.
sflow enable ! Collector configuration Configure the IPv4 or IPv6 address for the sFlow collector. You can configure a maximum of two sFlow collectors. If you specify two collectors, the samples are sent to both. The agent IP address must be the same for both the collectors. ● Enter an IPv4 or IPv6 address for the sFlow collector, IPv4 or IPv6 address for the agent, UDP collector port number (default 6343), maximum datagram size (up to 1400), and the VRF instance number in CONFIGURATION mode.
sflow collector 10.16.150.1 agent-addr 10.16.132.67 6767 max-datagram-size 800 sflow collector 10.16.153.176 agent-addr 3.3.3.3 6666 ! interface ethernet1/1/1 sflow enable ! Sample-rate configuration Sampling rate is the number of packets skipped before the sample is taken. If the sampling rate is 4096, one sample generates for every 4096 packets observed. ● Set the sampling rate in CONFIGURATION mode, from 4096 to 65535. The default is 32768.
● Configure the source interface in CONFIGURATION mode. sflow source-interface {ethernet node/slot/port[:subport] | loopback loopback-ID| port-channel port-channel-ID| vlan vlan-ID} ● View the interface details.
Global default sampling rate: 32768 Global default counter polling interval: 30 Global default extended maximum header size: 128 bytes Global extended information enabled: none 1 collector(s) configured Collector IP addr:10.16.151.245 Agent IP addr:10.16.132.181 UDP port:6343 VRF:Default 31722 UDP packets exported 0 UDP packets dropped 34026 sFlow samples collected ● View sFlow configuration details on a specific interface in EXEC mode.
sflow enable Enables sFlow on a specific interface or globally on all interfaces. Syntax sflow enable [all-interfaces] Parameters all-interfaces — (Optional) Enter to enable sFlow globally. Default Disabled Command Mode CONFIGURATION Usage Information The no version of this command to disables sFlow.
Usage Information Example Supported Releases The polling interval for an interface is the number of seconds between successive samples of counters sent to the collector. You can configure the duration for polled interface statistics. The no version of the command resets the interval time to the default value. OS10(conf)# sflow polling-interval 200 10.3.0E or later sflow sample-rate Configures the sampling rate.
Example (VLAN) Supported Releases OS10(config)# sflow source-interface vlan 10 10.4.1.0 or later show sflow Displays the current sFlow configuration for all interfaces or by a specific interface type. Syntax show sflow [interface type] Parameter interface type — (Optional) Enter either ethernet or port-channel for the interface type. Command Mode EXEC Usage Information OS10 does not support statistics for UDP packets dropped and samples received from the hardware.
14 RESTCONF API RESTCONF is a REST-like protocol that uses HTTPS connections. Use the OS10 RESTCONF API to set up the configuration parameters on OS10 switches using JavaScript Object Notation (JSON)-structured messages. Use any programming language to create and send JSON messages. The examples in this chapter use curl. The OS10 RESTCONF implementation complies with RFC 8040. You can use the RESTCONF API to configure and monitor an OS10 switch.
● ecdhe-rsa-with-aes-256-gcm-SHA384 rest https cipher-suite 4. Enable the RESTCONF API in CONFIGURATION mode. rest api restconf RESTCONF API configuration OS10(config)# rest https server-certificate name OS10.dell.
Example Supported Releases OS10(config)# rest https cipher-suite dhe-rsa-with-aes-128-gcm-SHA256 dhe-rsa-with-aes-256-gcm-SHA384 ecdhe-rsa-with-aes-256-gcm-SHA384 10.4.1.0 or later rest https server-certificate Creates the SSL self-signed server certificate used in a RESTCONF HTTPS connection. Syntax rest https server-certificate name hostname Parameters name hostname — Enter the IP address or domain name of the OS10 switch. Default hostname is the domain name of the OS10 switch.
● -k specifies a text file to read curl arguments from. The command line arguments found in the text file will be used as if they were provided on the command line. Use the IP address or URL of the OS10 switch when you access the OS10 RESTCONF API from a remote orchestration system. ● -H specifies an extra header to include in the request when sending HTTPS to a server. You can enter multiple extra headers. ● -d sends the specified data in an HTTPS request.
Reply: OS10(config)# do no debug cli netconf RESTCONF API layer 2 configuration Some common RESTCONF API L2 operations include provisioning and displaying VLAN, port channel, VLT, LLDP, and LACP configuration. The examples in this section use curl commands to send the HTTPS request.
"https://10.11.86.113/restconf/data/interfaces/interface/ ethernet1%2F1%2F1" -d '{"interface":[{"name":"ethernet1/1/1", "lacp-config":{"actorport-priority":4096}}]}' Configure LACP rate priority RESTCONF endpoint JSON content /restconf/data/interfaces/interface/ethernet1/1/1 { } Parameters Example "interface": [{ "name": "ethernet1/1/1", "lacp-config": { "rate": "fast" } }] ● ethernet-interface — Enter the physical Ethernet interface in the format ethernetnode/ slot/port.
● app-type string — Enter the application type defined by the policy: voice for a voice application or guest-voice for a guest-voice application. ● vlan-id int — Enter the VLAN ID number, from 1 to 4093. ● tagged bool — Enter true for a tagged VLAN; enter false for an untagged VLAN. ● priority int — Enter the Layer 2 class-of-service (CoS) priority value for the configured VLAN, from 0 to 7; default 0. ● dscp int — Enter the DSCP value for the configured VLAN (0 to 63; default 0).
} Parameters Example }] ● ethernet-interface — Enter the physical Ethernet interface in the format ethernetnode/ slot/port. ● name string — Enter ethernetnode/slot/port to configure the interface that sends LLDPDUs with the specified TLVs. ● sys-name-enable bool — Enter true to enable system TLV advertisement on the interface; enter false to disable system TLV advertisement. curl -X PATCH -u admin:admin -k "https://10.11.86.
RESTCONF endpoint JSON content /restconf/data/interfaces/interface/ethernet1/1/1 { } Parameters Example "interface": [{ "name": "ethernet1/1/1", "lldp-med-cfg": [{ "policy-id": 1 }] }] ● ethernet-interface — Enter the physical Ethernet interface in the format ethernetnode/ slot/port. ● name string — Enter ethernetnode/slot/port to configure the interface that sends LLDPMED policy TLVs. ● policy-id int — Enter the LLDP-MED network policy number, from 1 to 32.
-d '{"interface":[{"name":"ethernet1/1/1", "lldp":[{"basic-tlvs": [{"sys-name-enable":"false"}], "dot3-tlvs":[{"mac-phy-config-enable": "false","max-frame-size-enable":"false", "linkagg-enable":"false"}]}]}]}' Disable LLDP-MED network policy advertisement RESTCONF endpoint /restconf/data/dell-lldp-med:sys-config/media-policy/10 JSON content None Parameters ● ethernet-interface — Enter the physical Ethernet interface in the format ethernetnode/ slot/port.
Example curl -X POST -k -u admin:admin -H "accept: application/json" -H "Content-Type: application/json" “https://10.11.86.
RESTCONF endpoint JSON content /restconf/data/interfaces/interface/port-channel20 { } Parameters Example "interface": [{ "name": "port-channel20", "lag-mode": "DYNAMIC", "member-ports": [{ "name": "ethernet1/1/5", "lacp-mode": "ACTIVE" }] }] ● port-channelid-number — Enter port-channelid-number, where id-number is from 1 to 128. ● name string — Enter port-channelid-number. ● lag-mode bool — Enter DYNAMIC for a dynamically configured port channel; enter STATIC for a statically configured port channel.
} Parameters Example }] } } ● port-channelid-number — Enter port-channelid-number, where id-number is from 1 to 128. ● name string — Enter port-channelid-number. ● primary-addr A.B.C.D/prefix-length — Enter the port-channel IP address and mask. curl -X PATCH -k -u admin:admin -H "accept: application/json" -H "Content-Type: application/json" "https://10.11.86.113/restconf/data/interfaces/interface/port-channel10" -d '{"interface": [{"name":"port-channel10", "dell-ip:ipv4": {"address":{"primary-addr":"1.
Example curl -X GET -k -u admin:admin -H "accept:application/json" "https://10.11.86.113/restconf/data/interfaces/interface/port-channel10" Delete a port-channel configuration RESTCONF endpoint /restconf/data/interfaces/interface/port-channel10 JSON content None Parameters ● port-channel id-number — Enter port-channelid-number, where id-number is from 1 to 128. Example curl -X DELETE -k -u admin:admin -H "accept: application/json" -H "Content-Type: application/json" "https://10.11.86.
RESTCONF endpoint /restconf/data/interfaces/interface/vlan20 JSON content { } Parameters Example "interface": [{ "type": "iana-if-type:l2vlan", "enabled": true, "description": "vlan20", "name": "vlan20", "dell-ip:ipv4": { "address": { "primary-addr": "192.42.10.254/24" } } }] ● ● ● ● interface vlan-id — Enter the VLAN ID, from 1 to 4093. type string — Enter iana-if-type:l2vlan for a VLAN interface. enabled bool — Enter true to enable the interface; enter false to disable the interface.
JSON content { } Parameters Example "interface": [{ "name": "vlan20", "type": "iana-if-type:l2vlan", "enabled": true, "description": "vlan20", "dell-interface:untagged-ports": ["ethernet1/1/3"], "dell-ip:ipv4": { "address": { "primary-addr": "192.42.10.254/24" } } }] ● type string — Enter iana-if-type:l2vlan for a VLAN interface. ● enabled bool — Enter true to enable the VLAN; enter false to disable the VLAN.
RESTCONF endpoint JSON content /restconf/data { } Parameters Example "node-topology": [{ "topology-id": 1, "topology-type": "VLT", "dell-vlt:vlt-domain": {} }] ● topology-id int — Configure the same VLT domain ID on each peer, from 1 to 255. ● topology-type value — Enter VLT for a VLT domain. curl -X POST -k -u admin:admin -H "accept: application/json" -H "Content-Type: application/json" "https://10.11.86.
● discovery-interface string — Enter ethernetnode/slot/port for the VLTi discovery interface on each peer. ● topology-type value — Enter VLT for a VLT domain. Example curl -X PATCH -k -u admin:admin "https://10.11.86.
RESTCONF endpoint /restconf/data/node-topology/1 JSON content None Parameters ● topology-id int — Specify the same VLT domain ID on each peer, from 1 to 255. Example 766 curl -X DELETE -k -u admin:admin -H "accept: application/json" -H "Content-Type: application/json" "https://10.11.86.
15 Troubleshoot OS10 Critical workloads and applications require constant availability. Dell EMC Networking offers tools to help you monitor and troubleshoot problems before they happen.
1 S4048T-ON-FANTRAY-4 061DJT X01 TW-061DJT-28298-615-0092 Boot partition and image Display system boot partition–related and image-related information. ● View all boot information in EXEC mode. show boot ● View boot details in EXEC mode. show boot detail View boot information OS10# show boot Current system image information: =================================== Type Boot Type Active Standby Next-Boot -----------------------------------------------------------------------Node-id 1 Flash Boot [A] 10.1.
11 root 12 root 13 root 14 root 15 root 16 root 17 root 19 root 20 root 21 root 22 root 23 root 24 root 25 root --more-- 20 20 rt rt rt rt 20 0 0 20 0 20 0 25 0 0 0 0 0 0 0 -20 -20 0 -20 0 -20 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 S S S S S S S S S S S S S S 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0:00.00 0:00.00 0:07.30 0:02.18 0:02.12 0:04.98 0:03.92 0:00.00 0:00.00 0:00.
Capture two packets from interface $ tcpdump -c 2 -i e101-003-0 listening on e101-003-0, link-type EN10MB (Ethernet), capture size 96 bytes 01:39:22.457185 IP 3.3.3.1 > 3.3.3.4: ICMP echo request, id 5320, seq 26, length 64 01:39:22.457281 IP 3.3.3.1 > 3.3.3.4: ICMP echo reply, id 5320, seq 26, length 64 2 packets captured 13 packets received by filter 0 packets dropped by kernel Capture packets and write to file $ tcpdump -w 06102016.
Sending 5, 100-byte ICMP Echos to 172.31.1.255, timeout is 2 seconds: Reply to request 1 from 172.31.1.208 0 ms Reply to request 1 from 172.31.1.216 0 ms Reply to request 1 from 172.31.1.205 16 ms :: Reply to request 5 from 172.31.1.209 0 ms Reply to request 5 from 172.31.1.66 0 ms Reply to request 5 from 172.31.1.87 0 ms Check IPv6 connectivity OS10# ping 100::1 Type Ctrl-C to abort. Sending 5, 100-byte ICMP Echos to 100::1, timeout is 2 seconds: !!!!! Success rate is 100.
View environment OS10# show environment Unit State Temperature ------------------------------------1 up 43 Thermal sensors Unit Sensor-Id Sensor-name Temperature -----------------------------------------------------------------------------1 1 CPU On-Board temp sensor 32 1 2 Switch board temp sensor 28 1 3 System Inlet Ambient-1 temp sensor 27 1 4 System Inlet Ambient-2 temp sensor 25 1 5 System Inlet Ambient-3 temp sensor 26 1 6 Switch board 2 temp sensor 31 1 7 Switch board 3 temp sensor 41 1 8 NPU temp se
---------------------------------------------------------------1 fail 2 up AC REVERSE 1 14720 up -- Fan Status -FanTray Status AirFlow Fan Speed(rpm) Status ---------------------------------------------------------------1 up REVERSE 1 13063 up 2 13063 up 2 up REVERSE 1 2 13020 12977 up up 3 up NORMAL 1 2 13085 13063 up up Diagnostic commands location-led interface Changes the location LED of the interface.
ping Tests network connectivity to an IPv4 device. Syntax ping [vrf {management | vrf-name}] [-aAbBdDfhLnOqrRUvV] [-c count] [i interval] [-I interface] [-m mark] [-M pmtudisc_option] [-l preload] [-p pattern] [-Q tos] [-s packetsize] [-S sndbuf] [-t ttl] [-T timestamp_option] [-w deadline] [-W timeout] [hop1 ...] destination Parameters ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● 774 vrf management — (Optional) Pings an IP address in the management VRF instance.
● -w deadline — (Optional) Enter the time-out value, in seconds, before the ping exits regardless of how many packets are sent or received. ● -W timeout — (Optional) Enter the time to wait for a response, in seconds. This setting affects the time-out only if there is no response, otherwise ping waits for two round-trip times (RTTs). ● hop1 ... (Optional) Enter the IP addresses of the pre-specified hops for the ping packet to take. ● target — Enter the IP address where you are testing connectivity.
● -i interval — (Optional) Enter the interval, in seconds, to wait between sending each packet (default 1 second). ● -I interface-address — (Optional) Enter the source interface address (with no spaces): ○ For a physical Ethernet interface, enter ethernetnode/slot/port; for example, ethernet1/1/1. ○ For a VLAN interface, enter vlanvlan-id; for example, vlan10. ○ For a loopback interface, enter loopbackid; for example, loopback1.
show boot Displays boot partition-related information. Syntax show boot [detail] Parameters detail — (Optional) Enter to display detailed information. Default Not configured Command Mode EXEC Usage Information Use the boot system command to set the boot partition for the next reboot.
00:13.0 System peripheral: Intel Corporation Atom processor C2000 SMBus 2.0 (rev 02) 00:14.0 Ethernet controller: Intel Corporation Ethernet Connection I354 (rev 03) 00:14.1 Ethernet controller: Intel Corporation Ethernet Connection I354 (rev 03) 00:16.0 USB controller: Intel Corporation Atom processor C2000 USB Enhanced Host Controller (rev 02) 00:17.0 SATA controller: Intel Corporation Atom processor C2000 AHCI SATA2 Controller (rev 02) 00:18.
Usage Information Example Supported Releases None OS10# show hash-algorithm LagAlgo - CRC EcmpAlgo - CRC 10.2.0E or later show inventory Displays system inventory information. Syntax show inventory Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show inventory Product : S4048ON Description : S4048-ON 48x10GbE, 6x40GbE QSFP+ Interface Module Software version : 10.4.1.0.X.
PID USER COMMAND 9 root rcuos/1 819 snmp 30452 admin 1 root systemd 2 root kthreadd 3 root ksoftirqd/0 5 root kworker/0:+ 7 root rcu_sched 8 root rcuos/0 10 root rcu_bh 11 root rcuob/0 12 root rcuob/1 13 root migration/0 14 root watchdog/0 15 root watchdog/1 16 root migration/1 17 root ksoftirqd/1 19 root kworker/1:+ 20 root khelper 21 root kdevtmpfs 22 root 23 root khungtaskd 24 root writeback 25 root --more-- PR NI VIRT RES SHR S %CPU %MEM TIME+ 20 0 0 0 0 S 6.1 0.0 5:22.
show system Displays system information. Syntax show system [brief | node-id] Parameters ● brief — View abbreviated list of system information. ● node-id — Node ID number.
Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Example (brief) 1/1/13 1/1/14 1/1/15 1/1/16 1/1/17 1/1/18 1/1/19 1/1/20 1/1/21 1/1/22 1/1/23 1/1/24 1/1/25 1/1/26 1/1/27 1/1/28 1/1/29 1/1/30 1/1/31 1/1/32 No No No No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No No BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKO
● -i interface — (Optional) Enter the IP address of the interface through which traceroute sends packets. By default, the interface is selected according to the routing table. ● -m max_ttl — (Optional) Enter the maximum number of hops (maximum time-to-live value) that traceroute probes (default 30). ● -p port — (Optional) Enter a destination port: ○ For UDP tracing, enter the destination port base that traceroute uses (the destination port number is incremented by each probe).
Password recovery You may need to recover a lost password. 1. Connect to the serial console port. The serial settings are 115200 baud, 8 data bits, and no parity. 2. Reboot or power up the system. 3. Press ESC at the Grub prompt to view the boot menu. The OS10-A partition is selected by default. +-------------------------------------------+ |*OS10-A | | OS10-B | | ONIE | +-------------------------------------------+ 4. Press e to open the OS10 GRUB editor. 5.
SMF Version: MSS 1.2.2, FPGA 0.1 Last POR=0x11, Reset Cause=0x55 Restore factory defaults Reboots the system to ONIE Rescue mode to restore the ONIE-enabled device to factory defaults. CAUTION: Restoring factory defaults erases any installed operating system and requires a long time to erase storage. ONIE Rescue bypasses the installed operating system and boots the system into ONIE until you reboot the system. After ONIE Rescue completes, the system resets and boots to the ONIE console. 1.
Configure SupportAssist SupportAssist is started by default. If you do not accept end user license agreement (EULA), SupportAssist is disabled. 1. Enter SupportAssist mode from CONFIGURATION mode. support-assist 2. (Optional) Configure the SupportAssist server URL or IP address in SUPPORT-ASSIST mode. server url server-url 3. (Optional) Configure the interface used to connect to the SupportAssist server in SUPPORT-ASSIST mode. source-interface interface 4.
Show EULA license OS10# show support-assist eula I accept the terms of the license agreement. You can reject the license agreement by configuring this command 'eula-consent support-assist reject.' By installing SupportAssist, you allow Dell to save your contact information (e.g. name, phone number and/or email address) which would be used to provide technical support for your Dell products and services. Dell may use the information for providing recommendations to improve your IT infrastructure.
Set contact information Configure contact details in SupportAssist Company mode. You can set the name, email addresses, phone, method, and time zone. SupportAssist contact-person configurations are optional for the SupportAssist service. 1. (Optional) Enter the contact name in SUPPORT-ASSIST mode. contact-person first firstname last lastname 2. Enter the email addresses in SUPPORT-ASSIST mode. email-address email-address 3. Enter the preferred contact method in SUPPORT-ASSIST mode.
1. Display the SupportAssist activity in EXEC mode. show support-assist status 2. Display the EULA license agreement in EXEC mode. show support-assist eula View SupportAssist status OS10# show support-assist status EULA : Accepted Service : Enabled Contact-Company : DellCMLCAEOS10 Street Address : 7625 Smetana Lane Dr Bldg 7615 Cube F577 City : Minneapolis State : Minnesota Country : USA Zipcode : 55418 Territory : USA Contact-person : Michael Dale Email : abc@dell.
You agree that the provision of SupportAssist may involve international transfers of data from you to Dell and/or to Dell's affiliates, subcontractors or business partners. When making such transfers, Dell shall ensure appropriate protection is in place to safeguard the Collected Data being transferred in connection with SupportAssist.
contact-person Configures the contact name for an individual. Syntax contact-person [first firstname last lastname] Parameters ● first firstname — Enter the keyword and the first name for the contact person. Use double quotes for more than one first name. ● last lastname — Enter the keyword and the last name for the contact person. Default Not configured Command Mode SUPPORT-ASSIST Usage Information The no version of this command removes the configuration.
Example (Reject) OS10(config)# eula-consent support-assist reject This action will disable Support Assist and erase all configured data.Do you want to proceed ? [Y/N]:Y Supported Releases 10.2.0E or later preferred-method Configures a preferred method to contact an individual. Syntax preferred-method {email | phone | no-contact} Parameters ● email — Enter to select email as the preferred contact method. ● phone — Enter to select phone as the preferred contact method.
Usage Information Example Supported Releases Only configure one SupportAssist server. If you do not configure the SupportAssist server, the system uses the non-configurable default server. Use the show support-assist status command to view the server configuration. The no version of this command removes the remote server. OS10(conf-support-assist)# server url https://eureka.com:444 10.2.0E or later show support-assist eula Displays the EULA for SupportAssist.
show support-assist status Displays SupportAssist status information including activities and events. Syntax show support-assist status Parameters None Default Not configured Command Mode EXEC Example OS10# show support-assist status EULA : Accepted Service : Enabled Contact-Company : DellCMLCAEOS10 Street Address : 7625 Smetana Lane Dr Bldg 7615 Cube F577 City : Minneapolis State : Minnesota Country : USA Zipcode : 55418 Territory : USA Contact-person : Michael Dale Email : abc@dell.
● management 1/1/1 — Enter the management interface. ● port-channel channel-id — Enter a port-channel ID (1 to 28). ● vlan vlan-id — Enter a VLAN ID (1 to 4093). Default A source interface is not configured. Command Mode SUPPORT-ASSIST Usage Information The no version of this command removes the configured source interface. Example Supported Releases OS10(conf-support-assist)# source-interface ethernet 1/1/4 10.4.
● yearly — Schedule the yearly task: ○ month number — Enter the keyword and number of the month to schedule the yearly task (1 to 12). ○ day number — Enter the keyword and the number of the day to schedule the monthly task (1 to 31). Default Weekly on Sunday at midnight (hour 0 minute 0) Command Mode EXEC Usage Information The no version of this command removes the schedule activity. Example Supported Releases OS10# support-assist-activity full-transfer schedule daily hour 22 min 50 10.2.
Event notifications Event notifications for the generate support-bundle command are processed at the start and end of the bundle they support, and reports either success or failure. Support bundle generation start event Apr 19 16:57:55: %Node.1-Unit.1:PRI:OS10 %log-notice:SUPPORT_BUNDLE_STARTED: generate support-bundle execution has started successfully:All Plugin options disabled Apr 19 16:57:55: %Node.1-Unit.
System alarms Alarms alert you to conditions that might prevent normal device operation: ● Critical — A critical condition exists and requires immediate action. A critical alarm may trigger if one or more hardware components have failed, or one or more hardware components exceeds temperature thresholds. ● Major — A major error occurred and requires escalation or notification. For example, a major alarm may trigger if an interface failure occurs, such as a port-channel being down.
● Disable server logging and reset the minimum logging severity to the default in CONFIGURATION mode. no logging server severity ● Re-enable any logging command in CONFIGURATION mode. no logging enable Enable server logging for log notice OS10(config)# logging server dell.com severity log-notice View system logs The system log-file contains system event and alarm logs. Use the show trace command to view the current syslog file.
dn_l2_services_ dn_l2_services_ dn_l3_core_serv dn_l3_service dn_lacp dn_lldp dn_mgmt_entity_ --More-- Environmental monitoring Monitors the hardware environment to detect temperature, CPU, and memory utilization.
Alarm commands alarm clear Clears the alarm based on the alarm index for a user-clearable alarm (a transient alarm). Syntax alarm clear alarm-index Parameters clear alarm-index — Enter the alarm ID to clear the alarm. Default Not configured Command Mode EXEC Usage Information Use the show alarm index command to view a list of alarm IDs. Example Supported Releases OS10# alarm clear 200 10.2.0E or later show alarms Displays all current active system alarms.
Active-alarm details - 0 ------------------------------------------Index: 0 Sequence Number: 1 Severity: critical Type: 1081367 Source: Node.1-Unit.1 Name: EQM_THERMAL_CRIT_CROSSED Description: Raise-time: Sep 20 0:1:5 Clear-time: New: true State: raised ------------------------------------------Active-alarm details - 1 ------------------------------------------Index: 1 Sequence Number: 5 Severity: warning Type: 1081364 Source: Node.1-Unit.
show alarms index Displays information about a specific alarm using the alarm ID. Syntax show alarms index alarm-id Parameters index alarm-id — Enter the keyword and the alarm ID to view specific information. Default Not configured Command Mode EXEC Usage Information Use the alarm-id to clear and view alarm details. Example OS10# show alarms index 1 Active-alarm details - 1 ------------------------------------------Index: 1 Sequence Number: 5 Severity: warning Type: 1081364 Source: Node.1-Unit.
New: State: Example (Critical) true raised OS10# show alarms severity critical Active-alarm details - 0 ------------------------------------------Index: 0 Sequence Number: 1 Severity: critical Type: 1081367 Source: Node.1-Unit.1 Name: EQM_THERMAL_CRIT_CROSSED Description: Raise-time: Sep 20 0:1:5 Clear-time: New: true State: raised Supported Releases 10.2.0E or later show alarms summary Displays the summary of alarm information.
Usage Information Example None OS10# clear logging log-file Proceed to clear the log file [confirm yes/no(default)]: Supported Releases 10.2.0E or later logging console Disables, enables, or configures the minimum severity level for logging to the console. Syntax logging console {disable | enable | severity} To set the severity to the default level, use the no logging console severity command. The default severity level is log-notice.
Example Supported Releases OS10(config)# logging enable 10.2.0E or later logging log-file Disables, enables, or sets the minimum severity level for logging to the logfile. Syntax logging log-file {disable | enable | severity} To reset the log-file severity to the default level, use the no logging log-file severity command. The default severity level is log-notice. Parameters severity — Set the minimum logging severity level: ● log-emerg — Set the system as unusable.
● log-debug — Set to debug messages. Default Log-notice Command Mode CONFIGURATION Usage Information None Example Supported Releases OS10(config)# logging monitor severity log-info 10.2.0E or later logging server Configures the remote syslog server.
show logging Displays system logging messages by log-file, process-names, or summary. Syntax show logging {log-file [process-name | line-numbers] | process-names} Parameters ● process-name — (Optional) Enter the process-name to use as a filter in syslog messages. ● line-numbers — (Optional) Enter the number of lines to include in the logging messages (1 to 65535). Default None Command Mode EXEC Usage Information The output from this command is the /var/log/eventlog file.
if-idx:4 May 23 17:10:03 OS10 base_nas: [NETLINK:NHEVENT]:ds_api_linux_neigh.c:nl_to_nei gh_info:120, NextHop IP:192.168.10.
-* Copyright (c) 1999-2017 by Dell Inc. All Rights Reserved. *-* *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*This product is protected by U.S. and international copyright and intellectual property laws. Dell EMC and the Dell EMC logo are trademarks of Dell Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
● Set flow control to none How do I view the hardware inventory? Use the show inventory command to view complete system inventory. How do I view the process-related information? Use the show processes node-id node-id-number [pid process-id] command to view the process CPU utilization information. Configuration How do I enter CONFIGURATION mode? Use the configure terminal command to change from EXEC mode to CONFIGURATION mode. I made changes to the running configuration file but the updates are not showing.
System management How can I view the current interface configuration? Use the show running-configuration command to view all currently configured interfaces. How can I view a list of all system devices? Use the show inventory command to view a complete list. How can I view the software version? Use the show version command to view the currently running software version.
Use the show support-assist status command to view current configuration information. How can I view a list of alarms? Use the show alarms details to view a list of all system alarms. How do I enable or disable system logging? Use the logging enable command or the logging disable command. How do I view system logging messages? Use the show logging command to view messages by log-file or process name.
16 Support resources The Dell EMC Support site provides a range of documents and tools to assist you with effectively using Dell EMC devices. Through the support site you can obtain technical information regarding Dell EMC products, access software upgrades and patches, download available management software, and manage your open cases. The Dell EMC support site provides integrated, secure access to these services. To access the Dell EMC Support site, go to www.dell.com/support/.