Dell Configuration Guide for the S4820T System 9.4(0.
Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2014 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents 1 About this Guide......................................................................................................35 Audience..............................................................................................................................................35 Conventions........................................................................................................................................ 35 Related Documents...........................................................
Enabling Software Features on Devices Using a Command Option.................................................57 View Command History......................................................................................................................58 Upgrading Dell Networking OS.......................................................................................................... 58 4 Management............................................................................................................
802.1ag...................................................................................................................... 79 Ethernet CFM.......................................................................................................................................79 Maintenance Domains........................................................................................................................80 Maintenance Points.......................................................................
7 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM)..........................................................................................................109 Optimizing CAM Utilization During the Attachment of ACLs to VLANs......................................... 109 Guidelines for Configuring ACL VLAN groups................................................................................. 110 Configuring ACL VLAN Groups and Configuring FP Blocks for VLAN Parameters..............
Configure a Route Map for Route Tagging................................................................................ 145 Continue Clause..........................................................................................................................146 Logging of ACL Processes................................................................................................................ 146 Guidelines for Configuring ACL Logging....................................................................
Additional Path (Add-Path) Support........................................................................................... 194 Advertise IGP Cost as MED for Redistributed Routes................................................................ 194 Ignore Router-ID for Some Best-Path Calculations.................................................................. 195 Four-Byte AS Numbers...............................................................................................................
Enabling MBGP Configurations........................................................................................................ 237 BGP Regular Expression Optimization.............................................................................................238 Debugging BGP................................................................................................................................ 238 Storing Last and Bad PDUs........................................................................
Applying an ETS Output Policy for a Priority Group to an Interface........................................ 284 ETS Operation with DCBx...........................................................................................................285 Configuring Bandwidth Allocation for DCBx CIN..................................................................... 286 Applying DCB Policies in a Switch Stack.........................................................................................
Using NetBIOS WINS for Address Resolution............................................................................ 327 Creating Manual Binding Entries................................................................................................ 328 Debugging the DHCP Server......................................................................................................328 Using DHCP Clear Commands..................................................................................................
Configure a Port for a Bridge-to-FCF Link................................................................................ 353 Impact on Other Software Features...........................................................................................353 FIP Snooping Restrictions...........................................................................................................354 Configuring FIP Snooping..................................................................................................
RPM Redundancy..............................................................................................................................383 20 High Availability (HA)........................................................................................ 385 Component Redundancy................................................................................................................. 385 RPM Redundancy.................................................................................................
Specifying a Port as Connected to a Multicast Router............................................................. 408 Configuring the Switch as Querier............................................................................................ 408 Fast Convergence after MSTP Topology Changes......................................................................... 409 Egress Interface Selection (EIS) for HTTP and IGMP Applications................................................. 409 Protocol Separation......
10/100/1000 Mbps Interfaces in Port Channels........................................................................ 431 Configuration Tasks for Port Channel Interfaces.......................................................................431 Creating a Port Channel............................................................................................................. 432 Adding a Physical Interface to a Port Channel..........................................................................
24 IPv4 Routing........................................................................................................463 IP Addresses...................................................................................................................................... 463 Implementation Information...................................................................................................... 463 Configuration Tasks for IP Addresses.....................................................................
Protocol Overview............................................................................................................................483 Extended Address Space............................................................................................................ 483 Stateless Autoconfiguration....................................................................................................... 483 IPv6 Headers.....................................................................................
Multi-Topology IS-IS.........................................................................................................................512 Transition Mode...........................................................................................................................513 Interface Support.........................................................................................................................513 Adjacencies........................................................................
Setting the Aging Time for Dynamic Entries.............................................................................. 555 Configuring a Static MAC Address............................................................................................. 556 Displaying the MAC Address Table.............................................................................................556 MAC Learning Limit..............................................................................................................
Relevant Management Objects........................................................................................................ 587 31 Microsoft Network Load Balancing............................................................... 595 NLB Unicast Mode Scenario.............................................................................................................595 NLB Multicast Mode Scenario..........................................................................................................
Implementation Information...................................................................................................... 626 Configure Multiple Spanning Tree Protocol....................................................................................626 Related Configuration Tasks...................................................................................................... 626 Enable Multiple Spanning Tree Globally..............................................................................
Configuration Information............................................................................................................... 662 Configuration Task List for OSPFv2 (OSPF for IPv4)..................................................................662 Sample Configurations for OSPFv2.................................................................................................. 677 Basic OSPFv2 Router Topology........................................................................................
Creating Multicast Boundaries and Domains................................................................................... 711 38 PIM Source-Specific Mode (PIM-SSM).......................................................... 713 Implementation Information.............................................................................................................713 Important Points to Remember..................................................................................................
Enabling PVST+.................................................................................................................................745 Disabling PVST+................................................................................................................................ 745 Influencing PVST+ Root Selection................................................................................................... 745 Modifying Global PVST+ Parameters................................................
RIP Configuration Example.........................................................................................................787 44 Remote Monitoring (RMON)........................................................................... 793 Implementation Information............................................................................................................ 793 Fault Recovery.....................................................................................................................
TACACS+ Remote Authentication............................................................................................. 826 Command Authorization............................................................................................................828 Protection from TCP Tiny and Overlapping Fragment Attacks...................................................... 828 Enabling SCP and SSH....................................................................................................................
Enabling and Disabling sFlow on an Interface.................................................................................857 sFlow Show Commands................................................................................................................... 857 Displaying Show sFlow Global....................................................................................................857 Displaying Show sFlow on an Interface...........................................................................
Enabling and Disabling a Port using SNMP..................................................................................... 883 Fetch Dynamic MAC Entries using SNMP........................................................................................884 Deriving Interface Indices.................................................................................................................885 Monitor Port-Channels..........................................................................................
Configuring Storm Control from CONFIGURATION Mode...................................................... 915 53 Spanning Tree Protocol (STP)......................................................................... 917 Protocol Overview.............................................................................................................................917 Configure Spanning Tree..................................................................................................................
55 Tunneling ............................................................................................................ 945 Configuring a Tunnel........................................................................................................................945 Configuring Tunnel keepalive.......................................................................................................... 946 Configuring the ip and ipv6 unnumbered.................................................................
RSTP and VLT.............................................................................................................................. 979 VLT Bandwidth Monitoring......................................................................................................... 979 VLT and Stacking........................................................................................................................ 980 VLT and IGMP Snooping.........................................................................
61 Virtual Routing and Forwarding (VRF)........................................................ 1025 VRF Overview.................................................................................................................................. 1025 VRF Configuration Notes................................................................................................................1026 DHCP.......................................................................................................................
Using a Pre-Defined Buffer Profile........................................................................................... 1076 Sample Buffer Profile Configuration.........................................................................................1077 Troubleshooting Packet Loss......................................................................................................... 1077 Displaying Drop Counters..........................................................................................
About this Guide 1 This guide describes the protocols and features the Dell Networking Operating System (OS) supports and provides configuration instructions and examples for implementing them. This guide supports the S4820T platform. The S4820T platform is available with Dell Networking OS version 8.3.7.0 and beyond. S4820T stacking is supported with Dell Networking OS version 8.3.7.1 and beyond. Though this guide contains information on protocols, it is not intended to be a complete reference.
Configuration Fundamentals 2 The Dell Networking Operating System (OS) command line interface (CLI) is a text-based interface you can use to configure interfaces and protocols. The CLI is largely the same for the Z9000, S6000, S4810, and S4820T except for some commands and command outputs. The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and you can limit user access to modes using privilege levels.
• EXEC mode is the default mode and has a privilege level of 1, which is the most restricted level. Only a limited selection of commands is available, notably the show commands, which allow you to view system information. • EXEC Privilege mode has commands to view configurations, clear counters, manage configuration files, run diagnostics, and enable or disable debug operations. The privilege level is 15, which is unrestricted.
CLI Command Mode Prompt Access Command AS-PATH ACL Dell(config-as-path)# ip as-path access-list Gigabit Ethernet Interface Dell(conf-if-gi-0/0)# interface (INTERFACE modes) 10 Gigabit Ethernet Interface Dell(conf-if-te-0/1–2)# interface (INTERFACE modes) Interface Group Dell(conf-if-group)# interface(INTERFACE modes) Interface Range Dell(conf-if-range)# interface (INTERFACE modes) Loopback Interface Dell(conf-if-lo-0)# interface (INTERFACE modes) Management Ethernet Interface Dell(conf
CLI Command Mode Prompt Access Command RAPID SPANNING TREE Dell(config-rstp)# protocol spanning-tree rstp REDIRECT Dell(conf-redirect-list)# ip redirect-list ROUTE-MAP Dell(config-route-map)# route-map ROUTER BGP Dell(conf-router_bgp)# router bgp BGP ADDRESS-FAMILY Dell(conf-router_bgp_af)# address-family {ipv4 multicast | ipv6 unicast} (for IPv4) (ROUTER BGP Mode) Dell(confrouterZ_bgpv6_af)# (for IPv6) ROUTER ISIS Dell(conf-router_isis)# router isis ISIS ADDRESS-FAMILY Dell(conf-router
CLI Command Mode Prompt Access Command LLDP MANAGEMENT INTERFACE Dell(conf-lldp-mgmtIf)# management-interface (LLDP Mode) LINE Dell(config-line-console) or Dell(config-line-vty) line console orline vty MONITOR SESSION Dell(conf-mon-sesssessionID)# monitor session OPENFLOW INSTANCE Dell(conf-of-instance-ofid)# openflow of-instance PORT-CHANNEL FAILOVERGROUP Dell(conf-po-failovergrp)# port-channel failovergroup PRIORITY GROUP Dell(conf-pg)# priority-group PROTOCOL GVRP Dell(config-gvrp)#
2 3 4 5 6 7 online not present not present online not present not present online E48TB E48TB 1-1-463 48 online E48VB E48VB 1-1-463 48 Undoing Commands When you enter a command, the command line is added to the running configuration file (runningconfig). To disable a command and remove it from the running-config, enter the no command, then the original command. For example, to delete an IP address configured on an interface, use the no ip address ip-address command.
clock Dell(conf)#cl • Enter [space]? after a keyword lists all of the keywords that can follow the specified keyword. Dell(conf)#clock ? summer-time Configure summer (daylight savings) time timezone Configure time zone Dell(conf)#clock Entering and Editing Commands Notes for entering commands. • The CLI is not case-sensitive. • You can enter partial CLI keywords. – Enter the minimum number of letters to uniquely identify a command.
Short-Cut Key Combination Action Esc B Moves the cursor back one word. Esc F Moves the cursor forward one word. Esc D Deletes all characters from the cursor to the end of the word. Command History Dell Networking OS maintains a history of previously-entered commands for each mode. For example: • When you are in EXEC mode, the UP and DOWN arrow keys display the previously-entered EXEC mode commands.
----------------------------------------------------2 not present 3 not present 4 not present 5 not present 6 not present The find keyword displays the output of the show command beginning from the first occurrence of specified text. The following example shows this command used in combination with the show linecard all command.
Getting Started 3 This chapter describes how you start configuring your system. When you power up the chassis, the system performs a power-on self test (POST) during which the route processor module (RPM), switch fabric module (SFM), and line card status light emitting diodes (LEDs) blink green. The system then loads the Dell Networking Operating System (OS). Boot messages scroll up the terminal window during this process. No user interaction is required if the boot process proceeds without interruption.
Accessing the Console Port To access the console port, follow these steps: For the console port pinout, refer to Accessing the RJ-45 Console Port with a DB-9 Adapter. 1. Install an RJ-45 copper cable into the console port.Use a rollover (crossover) cable to connect the S4810 console port to a terminal server. 2. Connect the other end of the cable to the DTE terminal server. 3.
Entering CLI commands Using an SSH Connection You can run CLI commands by entering any one of the following syntax to connect to a switch using the preconfigured user credentials using SSH: ssh username@hostname or echo | ssh admin@hostname The SSH server transmits the terminal commands to the CLI shell and the results are displayed on the screen non-interactively.
Default Configuration A version of Dell Networking OS is pre-loaded onto the chassis; however, the system is not configured when you power up for the first time (except for the default hostname, which is Dell). You must configure the system using the CLI. Configuring a Host Name The host name appears in the prompt. The default host name is Dell. • Host names must start with a letter and end with a letter or digit. • Characters within the string can be letters, digits, and hyphens.
Configure the Management Port IP Address To access the system remotely, assign IP addresses to the management ports. NOTE: Assign different IP addresses to each RPM’s management port. 1. Enter INTERFACE mode for the Management port. CONFIGURATION mode interface ManagementEthernet slot/port 2. • slot: the range is from 0 to 1. • port: the range is 0. Assign an IP address to the interface. INTERFACE mode ip address ip-address/mask 3. • ip-address: an address in dotted-decimal format (A.B.C.D).
* 0 is for inputting the password in clear text. * 7 is for inputting a password that is already encrypted using a Type 7 hash. Obtaining the encrypted password from the configuration of another Dell Networking system. Configuring the Enable Password Access EXEC Privilege mode using the enable command. EXEC Privilege mode is unrestricted by default. Configure a password as a basic security measure.
Table 3.
Save the Running-Configuration The running-configuration contains the current system configuration. Dell Networking recommends coping your running-configuration to the startup-configuration. The system uses the startup-configuration during boot-up to configure the system. The startupconfiguration is stored in the internal flash on the primary RPM by default, but it can be saved onto an external flash (on an RPM) or a remote server.
situation, overwrite the new startup-configuration with the original one using the copy startupconfig.bak startup-config command. Configure the Overload Bit for a Startup Scenario For information about setting the router overload bit for a specific period of time after a switch reload is implemented, refer to the Intermediate System to Intermediate System (IS-IS) section in the Dell Networking OS Command Line Reference Guide.
11 drw8192 12 -rw7276 13 -rw7341 14 -rw- 27674906 15 -rw- 27674906 --More-- Jan Jul Jul Jul Jul 01 20 20 06 06 1980 2007 2007 2007 2007 00:18:28 01:52:40 15:34:46 19:52:22 02:23:22 diag startup-config.
To change the default directory, use the following command. • Change the default directory. EXEC Privilege mode cd directory In the following example, the default storage location is changed to the external Flash of the primary RPM. File management commands then apply to the external Flash rather than the internal Flash. The bold lines show that no file system is specified and that the file is saved to an external flash.
Based on whether VRF feature is identified as supported in the Feature Configuration file, configuration command feature vrf becomes available for usage. This command will be stored in running-configuration and will precede all other VRF-related configurations. NOTE: The MXL and Z9000 platforms currently do not support VRF. These platforms support only the management and default VRFs, which are available by default. As a result, the feature vrf command is not available for these platforms.
Management 4 Management is supported on the S4820T platform. This chapter describes the different protocols or services used to manage the Dell Networking system. Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line. There are 16 privilege levels, of which three are pre-defined. The default privilege level is 1. Level Description Level 0 Access to the system begins at EXEC mode, and EXEC mode commands are limited to enable, disable, and exit.
Allowing Access to CONFIGURATION Mode Commands To allow access to CONFIGURATION mode, use the privilege exec level level configure command from CONFIGURATION mode. A user that enters CONFIGURATION mode remains at his privilege level and has access to only two commands, end and exit. You must individually specify each CONFIGURATION mode command you want to allow access to using the privilege configure level level command.
• Allow access to a CONFIGURATION, INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode command. CONFIGURATION mode privilege {configure |interface | line | route-map | router} level level {command ||...
aux Auxiliary line console Primary terminal line vty Virtual terminal Dell(conf)#line vty 0 Dell(config-line-vty)#? exit Exit from line configuration mode Dell(config-line-vty)# Dell(conf)#interface group ? fortyGigE FortyGigabit Ethernet interface gigabitethernet GigabitEthernet interface IEEE 802.
• Disable logging to terminal lines. CONFIGURATION mode • no logging monitor Disable console logging. CONFIGURATION mode no logging console Log Messages in the Internal Buffer All error messages, except those beginning with %BOOTUP (Message), are log in the internal buffer.
CONFIGURATION mode logging {ip-address | hostname} In the release 9.4.(0.0), exporting of Syslogs to external servers that are connected through different VRFs is supported. Configuring a UNIX System as a Syslog Server To configure a UNIX System as a syslog server, use the following command. • Configure a UNIX system as a syslog server by adding the following lines to /etc/syslog.conf on the UNIX system and assigning write permissions to the file. – Add line on a 4.1 BSD UNIX system. local7.
• NOTE: When you decrease the buffer size, Dell Networking OS deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer. Specify the number of messages that Dell Networking OS saves to its logging history table. CONFIGURATION mode logging history size size To view the logging buffer and configuration, use the show logging command in EXEC privilege mode, as shown in the example for Display the Logging Buffer and the Logging Configuration.
To view any changes made, use the show running-config logging command in EXEC privilege mode, as shown in the example for Configure a UNIX Logging Facility Level. Configuring a UNIX Logging Facility Level You can save system log messages with a UNIX system logging facility. To configure a UNIX logging facility level, use the following command. • Specify one of the following parameters.
logging logging logging logging Dell# trap debugging facility user source-interface Loopback 0 10.10.10.4 Synchronizing Log Messages You can configure Dell Networking OS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system. 1. Enter LINE mode.
– uptime: To view time since last boot. If you do not specify a parameter, Dell Networking OS configures uptime. To view the configuration, use the show running-config logging command in EXEC privilege mode. To disable time stamping on syslog messages, use the no service timestamps [log | debug] command. File Transfer Services With Dell Networking OS, you can configure the system to transfer files over the network using the file transfer protocol (FTP).
ftp-server username nairobi password 0 zanzibar Dell# Configuring FTP Server Parameters After you enable the FTP server on the system, you can configure different parameters. To specify the system logging settings, use the following commands. • Specify the directory for users using FTP to reach the system. CONFIGURATION mode ftp-server topdir dir • The default is the internal flash directory. Specify a user name for all FTP users and configure either a plain text or encrypted password.
• ip ftp password password Enter a username to use on the FTP client. CONFIGURATION mode ip ftp username name To view the FTP configuration, use the show running-config ftp command in EXEC privilege mode, as shown in the example for Enable FTP Server. Terminal Lines You can access the system remotely and restrict access to the system by creating user profiles. Terminal lines on the system provide different means of accessing the system.
Configuring Login Authentication for Terminal Lines You can use any combination of up to six authentication methods to authenticate a user on a terminal line. A combination of authentication methods is called a method list. If the user fails the first authentication method, Dell Networking OS prompts the next method until all methods are exhausted, at which point the connection is terminated. The available authentication methods are: enable Prompt for the enable password.
login authentication myvtymethodlist Dell(config-line-vty)# Setting Time Out of EXEC Privilege Mode EXEC time-out is a basic security feature that returns Dell Networking OS to EXEC mode after a period of inactivity on the terminal lines. To set time out, use the following commands. • Set the number of minutes and seconds. The default is 10 minutes on the console and 30 minutes on VTY. Disable EXEC time out by setting the time-out period to 0.
Enter an IPv6 address in the format 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported. Example of the telnet Command for Device Access Dell# telnet 10.11.80.203 Trying 10.11.80.203... Connected to 10.11.80.203. Exit character is '^]'. Login: Login: admin Password: Dell>exit Dell#telnet 2200:2200:2200:2200:2200::2201 Trying 2200:2200:2200:2200:2200::2201... Connected to 2200:2200:2200:2200:2200::2201. Exit character is '^]'. FreeBSD/i386 (freebsd2.force10networks.
If another user attempts to enter CONFIGURATION mode while a lock is in place, the following appears on their terminal (message 1): % Error: User "" on line console0 is in exclusive configuration mode. If any user is already in CONFIGURATION mode when while a lock is in place, the following appears on their terminal (message 2): % Error: Can't lock configuration mode exclusively since the following users are currently configuring the system: User "admin" on line vty1 ( 10.1.1.1 ).
8. Remove all authentication statements you might have for the console. LINE mode no authentication login no password 9. Save the running-config. EXEC Privilege mode copy running-config startup-config 10. Set the system parameters to use the startup configuration file when the system reloads. uBoot mode setenv stconfigignore false 11. Save the running-config.
Recovering from a Failed Start on the S4820T System A system that does not start correctly might be attempting to boot from a corrupted Dell Networking OS image or from a mis-specified location. In this case, you can restart the system and interrupt the boot process to point the system to another boot location. Use the setenv command, as described in the following steps.
• When you restore a single unit in a stack, only that unit is placed in standalone mode. No other units in the stack are affected. • When you restore the units in standalone mode, the units remain in standalone mode after the restoration. • After the restore is complete, the units power cycle immediately. The following example illustrates the restore factory-defaults command to restore the factory default settings.
802.1ag 5 802.1ag is available only on the S4820T platforms. Ethernet operations, administration, and maintenance (OAM) are a set of tools used to install, monitor, troubleshoot, and manage Ethernet infrastructure deployments. Ethernet OAM consists of three main areas: • Service layer OAM — IEEE 802.1ag connectivity fault management (CFM) • Link layer OAM — IEEE 802.
In addition to providing end-to-end OAM in native Layer 2 Ethernet Service Provider/Metro networks, you can also use CFM to manage and troubleshoot any Layer 2 network including enterprise, datacenter, and cluster networks. Maintenance Domains Connectivity fault management (CFM) divides a network into hierarchical maintenance domains, as shown in the following illustration. A CFM maintenance domain is a management space on a network that a single management entity owns and operates.
Figure 3. Maintenance Points Maintenance End Points A maintenance end point (MEP) is a logical entity that marks the end point of a domain. There are two types of MEPs defined in 802.1ag for an 802.1 bridge: • Up-MEP — monitors the forwarding path internal to a bridge on the customer or provider edge. On Dell Networking systems, the internal forwarding path is effectively the switch fabric and forwarding engine. • Down-MEP — monitors the forwarding path external another bridge.
Implementation Information Because the S-Series has a single MAC address for all physical/LAG interfaces, only one MEP is allowed per MA (per VLAN or per MD level). Configuring the CFM To configure the CFM, follow these steps: 1. Configure the ecfmacl CAM region using the cam-acl command. 2. Enable Ethernet CFM. 3. Create a Maintenance Domain. 4. Create a Maintenance Association. 5. Create Maintenance Points. 6. Use CFM tools: a. Continuity Check Messages. b. Loopback Message and Response.
Creating a Maintenance Domain Connectivity fault management (CFM) divides a network into hierarchical maintenance domains, as shown in Maintenance Domains. 1. Create maintenance domain. ETHERNET CFM mode domain name md-level number The range is from 0 to 7. 2. Display maintenance domain information.
These roles define the relationships between all devices so that each device can monitor the layers under its responsibility. Creating a Maintenance End Point A maintenance endpoint (MEP) is a logical entity that marks the endpoint of a domain. There are two types of MEPs defined in 802.1ag for an 802.1 bridge: • Up-MEP — monitors the forwarding path internal to a bridge on the customer or provider edge.
Example of Viewing Configured MIPs Dell#show ethernet cfm maintenance-points local mip -------------------------------------------------------------------MPID Domain Name Level Type Port CCM-Status MA Name VLAN Dir MAC --------------------------------------------------------------------0 service1 4 MIP Gi 0/5 Disabled My_MA 3333 DOWN 00:01:e8:0b:c6:36 0 service1 4 MIP Gi 0/5 Disabled Your_MA 3333 UP 00:01:e8:0b:c6:36 Displaying the MP Databases CFM maintains two MP databases: • MEP Database (MEP-DB): Ever
The default is 100 minutes. The range is from 100 to 65535 minutes. Continuity Check Messages Continuity check messages (CCM) are periodic hellos. Continuity check messages: • discover MEPs and MIPs within a maintenance domain • detect loss of connectivity between MEPs • detect misconfiguration, such as VLAN ID mismatch between MEPs • to detect unauthorized MEPs in a maintenance domain CCMs are multicast Ethernet frames sent at regular intervals from each MEP.
Enabling CCM To enable CCM, use the following commands. 1. Enable CCM. ECFM DOMAIN mode no ccm disable The default is Disabled. 2. Configure the transmit interval (mandatory). The interval specified applies to all MEPs in the domain. ECFM DOMAIN mode ccm transmit-interval seconds The default is 10 seconds. Enabling Cross-Checking To enable cross-checking, use the following commands. 1. Enable cross-checking. ETHERNET CFM mode mep cross-check enable The default is Disabled. 2.
Sending Linktrace Messages and Responses Linktrace message and response (LTM, LTR), also called Layer 2 Traceroute, is an administratively sent multicast frames transmitted by MEPs to track, hop-by-hop, the path to another MEP or MIP within the maintenance domain. All MEPs and MIPs in the same domain respond to an LTM with a unicast LTR. Intermediate MIPs forward the LTM toward the target MEP. Figure 5.
• Set the amount of time a trace result is cached. ETHERNET CFM mode traceroute cache hold-time minutes The default is 100 minutes. • The range is from 10 to 65535 minutes. Set the size of the Link Trace Cache. ETHERNET CFM mode traceroute cache size entries The default is 100. • The range is from 1 to 4095 entries. Display the Link Trace Cache. EXEC Privilege mode • show ethernet cfm traceroute-cache Delete all Link Trace Cache entries.
Priority Defects Trap Message MAC Status defect %ECFM-5-ECFM_MAC_STATUS_ALARM: MAC Status Defect detected by MEP 1 in Domain provider at Level 4 VLAN 3000 Remote CCM defect %ECFM-5-ECFM_REMOTE_ALARM: Remote CCM Defect detected by MEP 3 in Domain customer1 at Level 7 VLAN 1000 RDI defect %ECFM-5-ECFM_RDI_ALARM: RDI Defect detected by MEP 3 in Domain customer1 at Level 7 VLAN 1000 Three values are given within the trap messages: MD Index, MA Index, and MPID.
Displaying Ethernet CFM Statistics To display Ethernet CFM statistics, use the following commands. • Display MEP CCM statistics. EXEC Privilege mode • show ethernet cfm statistics [domain {name | level} vlan-id vlan-id mpid mpid Display CFM statistics by port.
802.1X 6 802.1X is supported on the S4820T platform. 802.1X is a method of port security. A device connected to a port that is enabled with 802.1X is disallowed from sending or receiving packets on the network until its identity can be verified (through a username and password, for example). This feature is named for its IEEE specification. 802.
Figure 7. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the network is the supplicant. The supplicant is not allowed to communicate on the network until the authenticator authorizes the port. It can only communicate with the authenticator in response to 802.1X requests. • The device with which the supplicant communicates is the authenticator. The authenticator is the gate keeper of the network.
3. The authenticator decapsulates the EAP response from the EAPOL frame, encapsulates it in a RADIUS Access-Request frame and forwards the frame to the authentication server. 4. The authentication server replies with an Access-Challenge frame. The Access-Challenge frame requests that the supplicant prove that it is who it claims to be, using a specified method (an EAPMethod). The challenge is translated and forwarded to the supplicant by the authenticator. 5.
EAP over RADIUS 802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as defined in RFC 3579. EAP messages are encapsulated in RADIUS packets as a type of attribute in Type, Length, Value (TLV) format. The Type value for EAP messages is 79. Figure 9. EAP Over RADIUS RADIUS Attributes for 802.1 Support Dell Networking systems include the following RADIUS attributes in all 802.
Important Points to Remember • Dell Networking OS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. • All platforms support only RADIUS as the authentication server. • If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured. • 802.1X is not supported on port-channels or port-channel members. 802.
Enabling 802.1X Enable 802.1X globally. Figure 10. 802.1X Enabled 1. Enable 802.1X globally. CONFIGURATION mode dot1x authentication 2. Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [range] 3. Enable 802.1X on the supplicant interface only. INTERFACE mode dot1x authentication 98 802.
Example of Verifying that 802.1X is Enabled Globally Example of Verifying 802.1X is Enabled on an Interface Verify that 802.1X is enabled globally and at the interface level using the show running-config | find dot1x command from EXEC Privilege mode. The bold lines show that 802.1X is enabled. Dell#show running-config | find dot1x dot1x authentication ! [output omitted] ! interface TenGigabitEthernet 2/1 no ip address dot1x authentication no shutdown ! Dell# View 802.
NOTE: There are several reasons why the supplicant might fail to respond; for example, the supplicant might have been booting when the request arrived or there might be a physical layer problem. To configure re-transmissions, use the following commands. • Configure the amount of time that the authenticator waits before re-transmitting an EAP Request Identity frame. INTERFACE mode dot1x tx-period number The range is from 1 to 65535 (1 year) • The default is 30.
• re-transmits an EAP Request Identity frame The bold lines show the new re-transmit interval, new quiet period, and new maximum re-transmissions. FTOS(conf-if-range-Te-0/0)#dot1x tx-period 90 FTOS(conf-if-range-Te-0/0)#dot1x max-eap-req 10 FTOS(conf-if-range-Te-0/0)#dot1x quiet-period 120 FTOS#show dot1x interface TenGigabitEthernet 2/1 802.
802.
----------------------------Dot1x Status: Enable Port Control: FORCE_AUTHORIZED Port Auth Status: UNAUTHORIZED Re-Authentication: Enable Untagged VLAN id: None Tx Period: 90 seconds Quiet Period: 120 seconds ReAuth Max: 10 Supplicant Timeout: 30 seconds Server Timeout: 30 seconds Re-Auth Interval: 7200 seconds Max-EAP-Req: 10 Auth Type: SINGLE_HOST Auth PAE State: Initialize Backend State: Initialize Auth PAE State: Initialize Backend State: Initialize Configuring Timeouts If the supplicant or the authenti
Re-Authentication: Disable Untagged VLAN id: None Guest VLAN: Disable Guest VLAN id: NONE Auth-Fail VLAN: Disable Auth-Fail VLAN id: NONE Auth-Fail Max-Attempts: NONE Tx Period: 90 seconds Quiet Period: 120 seconds ReAuth Max: 10 Supplicant Timeout: 15 seconds Server Timeout: 15 seconds Re-Auth Interval: 7200 seconds Max-EAP-Req: 10 Auth Type: Auth PAE State: Backend State: SINGLE_HOST Initialize Initialize Enter the tasks the user should do after finishing this task (optional).
Figure 11. Dynamic VLAN Assignment 1. Configure 8021.x globally (refer to Enabling 802.1X) along with relevant RADIUS server configurations (refer to the illustration inDynamic VLAN Assignment with Port Authentication). 2. Make the interface a switchport so that it can be assigned to a VLAN. 3. Create the VLAN to which the interface will be assigned. 4. Connect the supplicant to the port configured for 802.1X. 5.
If the supplicant fails authentication, the authenticator typically does not enable the port. In some cases this behavior is not appropriate. External users of an enterprise network, for example, might not be able to be authenticated, but still need access to the network. Also, some dumb-terminals, such as network printers, do not have 802.1X capability and therefore cannot authenticate themselves.
Example of Configuring Maximum Authentication Attempts Example of Viewing Configured Authentication Dell(conf-if-Te-2/1)#dot1x guest-vlan 200 Dell(conf-if-Te 2/1)#show config ! interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 no shutdown Dell(conf-if-Te-2/1)# Dell(conf-if-Te-2/1)#dot1x auth-fail-vlan 100 max-attempts 5 Dell(conf-if-Te-2/1)#show config ! interface TenGigabitEthernet 2/1 switchport dot1x authentication dot1x guest-vlan 200 dot1x auth-fail-vlan 100 max-atte
7 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM) This chapter describes the access control list (ACL) VLAN group and content addressable memory (CAM) enhancements. Optimizing CAM Utilization During the Attachment of ACLs to VLANs This functionality is supported on the S4820T platform.
for the ACL VLAN groups present on the system, an appropriate error message is displayed.
• • Port ACL optimization is applicable only for ACLs that are applied without the VLAN range. • You cannot view the statistical details of ACL rules per VLAN and per interface if you enable the ACL VLAN group capability. You can view the counters per ACL only using the show ip accounting access list command. • Within a port, you can apply Layer 2 ACLs on a VLAN or a set of VLANs. In this case, CAM optimization is not applied.
5. Display all the ACL VLAN groups or display a specific ACL VLAN group, identified by name.
4. View the number of flow processor (FP) blocks that is allocated for the different VLAN services.
The following sample output displays the CAM space utilization when Layer 2 and Layer 3 ACLs are configured: Dell#show cam-usage acl Linecard|Portpipe| CAM Partition | Total CAM | Used CAM |Available CAM ========|========|=================|=============|=============|============ 11 | 0 | IN-L2 ACL | 1008 | 0 | 1008 | | IN-L3 ACL | 12288 | 2 | 12286 | | OUT-L2 ACL | 1024 | 2 | 1022 | | OUT-L3 ACL | 1024 | 0 | 1024 The following sample output displays the CAM space utilization for Layer 2 ACLs: Dell#show cam
You can configure only two of these features at a time. • To allocate the number of FP blocks for VLAN open flow operations, use the cam-acl-vlan vlanopenflow <0-2> command. • To allocate the number of FP blocks for VLAN iSCSI counters, use the cam-acl-vlan vlaniscsi <0-2> command. • To allocate the number of FP blocks for ACL VLAN optimization feature, use the cam-acl-vlan vlanaclopt <0-2> command. To reset the number of FP blocks to the default, use the no version of these commands.
Access Control Lists (ACLs) 8 This chapter describes access control lists (ACLs), prefix lists, and route-maps. • Access control lists (ACLs), Ingress IP and MAC ACLs , and Egress IP and MAC ACLs are supported on the S4820T platform. At their simplest, access control lists (ACLs), prefix lists, and route-maps permit or deny traffic based on MAC and/or IP addresses. This chapter describes implementing IP ACLs, IP prefix lists and route-maps. For MAC ACLS, refer to Layer 2.
• Port/VLAN based IMPLICIT DENY Rules • VRF based PERMIT/DENY Rules • VRF based IMPLICIT DENY Rules NOTE: In order for the VRF ACLs to take effect, ACLs configured in the Layer 3 CAM region must have an implicit-permit option. You can use the ip access-group command to configure VRF-aware ACLs on interfaces. Using the ip access-group command, in addition to a range of VLANs, you can also specify a range of VRFs as input for configuring ACLs on interfaces. The VRF range is from 1 to 63.
• CAM Optimization User Configurable CAM Allocation User configurable CAM allocations are supported on the S4820T platform. Allocate space for IPV6 ACLs by using the cam-acl command in CONFIGURATION mode. The CAM space is allotted in filter processor (FP) blocks. The total space allocated must equal 13 FP blocks. (There are 16 FP blocks, but System Flow requires three blocks that cannot be reallocated.) Enter the ipv6acl allocation as a factor of 2 (2, 4, 6, 8, 10).
Implementing ACLs on Dell Networking OS You can assign one IP ACL per interface with Dell Networking OS. If you do not assign an IP ACL to an interface, it is not used by the software in any other capacity. The number of entries allowed per ACL is hardware-dependent. For detailed specification on entries allowed per ACL, refer to your line card documentation.
closer to 0) before rules with higher-order numbers so that packets are matched as you intended. By default, all ACL rules have an order of 255. Example of the order Keyword to Determine ACL Sequence Dell(conf)#ip access-list standard acl1 Dell(config-std-nacl)#permit 20.0.0.0/8 Dell(config-std-nacl)#exit Dell(conf)#ip access-list standard acl2 Dell(config-std-nacl)#permit 20.1.1.
Example of Permitting All Packets on an Interface Example of Denying Second and Subsequent Fragments The following configuration permits all packets (both fragmented and non-fragmented) with destination IP 10.1.1.1. The second rule does not get hit at all. Dell(conf)#ip access-list extended ABC Dell(conf-ext-nacl)#permit ip any 10.1.1.1/32FTOS(conf-ext-nacl)#deny ip any 10.1.1.1./32 fragments Dell(conf-ext-nacl) To deny the second/subsequent fragments, use the same rules in a different order.
Dell(conf-ext-nacl)#permit tcp host 10.1.1.1 any fragment Dell(conf-ext-nacl)#deny ip any any fragment Dell(conf-ext-nacl) To log all the packets denied and to override the implicit deny rule and the implicit permit rule for TCP/ UDP fragments, use a configuration similar to the following.
seq 50 deny 10.10.0.0 /16 Dell# The following example shows how the seq command orders the filters according to the sequence number assigned. In the example, filter 25 was configured before filter 15, but the show config command displays the filters in the correct order. Dell(config-std-nacl)#seq 25 deny ip host 10.5.0.0 any log Dell(config-std-nacl)#seq 15 permit tcp 10.3.0.0 /16 any Dell(config-std-nacl)#show config ! ip access-list standard dilling seq 15 permit tcp 10.3.0.
seq 5 permit 10.1.0.0/16 Dell(config-std-nacl)# seq 10 deny tcp any any eq 111 To view all configured IP ACLs, use the show ip accounting access-list command in EXEC Privilege mode. Dell#show ip accounting access example interface gig 4/12 Extended IP access list example seq 15 deny udp any any eq 111 seq 20 deny udp any any eq 2049 seq 25 deny udp any any eq 31337 seq 30 deny tcp any any range 12345 12346 seq 35 permit udp host 10.21.126.225 10.4.5.0 /28 seq 40 permit udp host 10.21.126.226 10.4.5.
Configure Filters, TCP Packets To create a filter for TCP packets with a specified sequence number, use the following commands. 1. Create an extended IP ACL and assign it a unique name. CONFIGURATION mode ip access-list extended access-list-name 2. Configure an extended IP ACL filter for TCP packets.
Configuring Filters Without a Sequence Number If you are creating an extended ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. Dell Networking OS assigns filters in multiples of five. To configure a filter for an extended IP ACL without a specified sequence number, use any or all of the following commands: • Configure a deny or permit filter to examine IP packets.
• When Dell Networking OS routes the packets, only the L3 ACL governs them because they are not filtered against an L2 ACL. • When Dell Networking OS switches the packets, first the L3 ACL filters them, then the L2 ACL filters them. • When Dell Networking OS switches the packets, the egress L3 ACL does not filter the packet.
Applying an IP ACL To apply an IP ACL (standard or extended) to a physical or port channel interface, use the following commands. 1. Enter the interface number. CONFIGURATION mode interface interface slot/port 2. Configure an IP address for the interface, placing it in Layer-3 mode. INTERFACE mode ip address ip-address 3. Apply an IP ACL to traffic entering or exiting an interface.
3. show ip accounting access-list EXEC Privilege mode View the number of packets matching the ACL. Configure Ingress ACLs Ingress ACLs are applied to interfaces and to traffic entering the system. These system-wide ACLs eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target traffic, it is a simpler implementation. To create an ingress ACL, use the ip access-group command in EXEC Privilege mode.
To create an egress ACL, use the ip access-group command in EXEC Privilege mode. The example shows viewing the configuration, applying rules to the newly created access group, and viewing the access list. NOTE: VRF based ACL configurations are not supported on the egress traffic. Example of Applying ACL Rules to Egress Traffic and Viewing ACL Configuration To specify ingress, use the out keyword. Begin applying rules to the ACL with the ip access-list extended abcd command.
NOTE: The ip control-plane [egress filter] and the ipv6 control-plane [egress filter] commands are not supported on the S4820T system. 1. Apply Egress ACLs to IPv4 system traffic. CONFIGURATION mode ip control-plane [egress filter] 2. Apply Egress ACLs to IPv6 system traffic. CONFIGURATION mode ipv6 control-plane [egress filter] 3. Create a Layer 3 ACL using permit rules with the count option to describe the desired CPU traffic.
• After a route matches a filter, the filter’s action is applied. No additional filters are applied to the route. Implementation Information In Dell Networking OS, prefix lists are used in processing routes for routing protocols (for example, router information protocol [RIP], open shortest path first [OSPF], and border gateway protocol [BGP]). NOTE: It is important to know which protocol your system supports prior to implementing prefixlists.
Dell(conf-nprefixl)#seq 20 permit 0.0.0.0/0 le 32 Dell(conf-nprefixl)#seq 12 deny 134.23.0.0 /16 Dell(conf-nprefixl)#seq 15 deny 120.23.14.0 /8 le 16 Dell(conf-nprefixl)#show config ! ip prefix-list juba seq 12 deny 134.23.0.0/16 seq 15 deny 120.0.0.0/8 le 16 seq 20 permit 0.0.0.0/0 le 32 Dell(conf-nprefixl)# NOTE: The last line in the prefix list Juba contains a “permit all” statement.
Viewing Prefix Lists To view all configured prefix lists, use the following commands. • Show detailed information about configured prefix lists. EXEC Privilege mode • show ip prefix-list detail [prefix-name] Show a table of summarized information about configured Prefix lists.
• distribute-list prefix-list-name in [interface] Apply a configured prefix list to outgoing routes. You can specify an interface or type of route. If you enter the name of a non-existent prefix list, all routes are forwarded.
ACL Resequencing ACL resequencing allows you to re-number the rules and remarks in an access or prefix list. The placement of rules within the list is critical because packets are matched against rules in sequential order. To order new rules using the current numbering scheme, use resequencing whenever there is no opportunity. For example, the following table contains some rules that are numbered in increments of 1.
Example of Resequencing ACLs When Remarks and Rules Have the Same Number Example of Resequencing ACLs When Remarks and Rules Have Different Numbers The example shows the resequencing of an IPv4 access-list beginning with the number 2 and incrementing by 2. Remarks and rules that originally have the same sequence number have the same sequence number after you apply the resequence command.
seq 8 permit ip any host 1.1.1.2 seq 10 permit ip any host 1.1.1.3 seq 12 permit ip any host 1.1.1.4 Route Maps Route maps are supported on S4820T platform. Similar to ACLs and prefix lists, route maps are composed of a series of commands that contain a matching criterion and an action; however, route maps can change the packets meeting the criterion. ACLs and prefix lists can only drop or forward the packet or traffic. Route maps process routes for route redistribution.
Creating a Route Map Route maps, ACLs, and prefix lists are similar in composition because all three contain filters, but route map filters do not contain the permit and deny actions found in ACLs and prefix lists. Route map filters match certain routes and set or specify values. To create a route map, use the following command. • Create a route map and assign it a unique name. The optional permit and deny keywords are the action of the route map.
Dell(conf)#no route-map zakho 10 Dell(conf)#end Dell#show route-map route-map zakho, permit, sequence 20 Match clauses: interface GigabitEthernet 0/1 Set clauses: tag 35 level stub-area Dell# The following example shows a route map with multiple instances. The show config command displays only the configuration of the current route map instance. To view all instances of a specific route map, use the show route-map command.
Also, if there are different instances of the same route-map, then it’s sufficient if a permit match happens in any instance of that route-map. Dell(conf)#route-map force permit 10 Dell(config-route-map)#match tag 1000 Dell(config-route-map)#match metric 2000 In the following example, instance 10 permits the route having a tag value of 1000 and instances 20 and 30 deny the route having a tag value of 1000.
• – For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. Match destination routes specified in a prefix list (IPv4). CONFIG-ROUTE-MAP mode • match ip address prefix-list-name Match destination routes specified in a prefix list (IPv6). CONFIG-ROUTE-MAP mode • match ipv6 address prefix-list-name Match next-hop routes specified in a prefix list (IPv4).
• Add an AS-PATH number to the beginning of the AS-PATH. CONFIG-ROUTE-MAP mode • set as-path prepend as-number [... as-number] Generate a tag to be added to redistributed routes. CONFIG-ROUTE-MAP mode • set automatic-tag Specify an OSPF area or ISIS level for redistributed routes. CONFIG-ROUTE-MAP mode • set level {backbone | level-1 | level-1-2 | level-2 | stub-area} Specify a value for the BGP route’s LOCAL_PREF attribute.
Configure a Route Map for Route Redistribution Route maps on their own cannot affect traffic and must be included in different commands to affect routing traffic. Route redistribution occurs when Dell Networking OS learns the advertising routes from static or directly connected routes or another routing protocol. Different protocols assign different values to redistributed routes to identify either the routes and their origins.
! set tag 34 Continue Clause Normally, when a match is found, set clauses are executed, and the packet is then forwarded; no more route-map modules are processed. If you configure the continue command at the end of a module, the next module (or a specified module) is processed even after a match is found. The following example shows a continue clause at the end of a route-map module. In this example, if a match is found in the route-map “test” module 10, module 30 is processed.
database. When the configured maximum threshold has exceeded, log generation stops. When the interval at which ACL logs are configured to be recorded expires, a fresh interval timer starts and the packet count for that new interval commences from zero. If ACL logging was stopped previously because the configured threshold has exceeded, it is reenabled for this new interval.
• When you delete an ACL entry, the logging settings associated with it are also removed. • ACL logging is supported for standard and extended IPv4 ACLs, IPv6 ACLs, and standard and extended MAC ACLs. • For ACL entries applied on port-channel interfaces, one match index for every member interface of the port-channel interface is assigned. Therefore, the total available match indices of 251 are split (125 match indices for permit action and 126 match indices for the deny action).
The port mirroring application maintains and performs all the monitoring operations on the chassis. ACL information is sent to the ACL manager, which in turn notifies the ACL agent to add entries in the CAM area. Duplicate entries in the ACL are not saved. When a packet arrives at a port that is being monitored, the packet is validated against the configured ACL rules. If the packet matches an ACL rule, the system examines the corresponding flow processor to perform the action specified for that port.
configuration to the ACL agent whenever the ACL agent is registered with the port mirroring application or when flow-based monitoring is enabled. The show monitor session session-id command has been enhanced to display the Type field in the output, which indicates whether a particular session is enabled for flow-monitoring.
Enabling Flow-Based Monitoring Flow-based monitoring is supported on the S4820T platform. Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead of all traffic on the interface. This feature is particularly useful when looking for malicious traffic. It is available for Layer 2 and Layer 3 ingress and egress traffic. You can specify traffic using standard or extended access-lists. 1. Enable flow-based monitoring for a monitoring session.
-----0 A 152 -----Te 0/0 ----------Te 0/2 --rx ---- --------Flow N/A -------N/ Access Control Lists (ACLs)
9 Bidirectional Forwarding Detection (BFD) Bidirectional forwarding detection (BFD) is supported only on the S4820T platform. BFD is a protocol that is used to rapidly detect communication failures between two adjacent systems. It is a simple and lightweight replacement for existing routing protocol link state detection mechanisms. It also provides a failure detection solution for links on which no routing protocol is used. BFD is a simple hello mechanism.
NOTE: A session state change from Up to Down is the only state change that triggers a link state change in the routing protocol client. BFD Packet Format Control packets are encapsulated in user datagram protocol (UDP) packets. The following illustration shows the complete encapsulation of a BFD control packet inside an IPv4 packet. Figure 12. BFD in IPv4 Packet Format Field Description Diagnostic Code The reason that the last session failed. State The current local session state.
Field Description system clears the poll bit and sets the final bit in its response. The poll and final bits are used during the handshake and in Demand mode (refer to BFD Sessions). NOTE: Dell Networking OS does not currently support multi-point sessions, Demand mode, authentication, or control plane independence; these bits are always clear. Detection Multiplier The number of packets that must be missed in order to declare a session down. Length The entire length of the BFD packet.
BFD Sessions BFD must be enabled on both sides of a link in order to establish a session. The two participating systems can assume either of two roles: Active The active system initiates the BFD session. Both systems can be active for the same session. Passive The passive system does not initiate a session. It only responds to a request for session initialization from the active system.
handshake. Now the discriminator values have been exchanged and the transmit intervals have been negotiated. 4. The passive system receives the control packet and changes its state to Up. Both systems agree that a session has been established. However, because both members must send a control packet — that requires a response — anytime there is a state change or change in a session parameter, the passive system sends a final response indicating the state change.
receives a Down status notification from the remote system, the session state on the local system changes to Init. Figure 14. Session State Changes Important Points to Remember • On the S4820T platform, Dell Networking OS supports 128 sessions per stack unit at 200 minimum transmit and receive intervals with a multiplier of 3, and 64 sessions at 100 minimum transmit and receive intervals with a multiplier of 4. • Enable BFD on both ends of a link.
• Configure BFD for OSPFv3 • Configure BFD for IS-IS • Configure BFD for BGP • Configure BFD for VRRP • Configuring Protocol Liveness • Troubleshooting BFD Configure BFD for Physical Ports Configuring BFD for physical ports is supported on the C-Series and E-Series platforms only. BFD on physical ports is useful when you do not enable the routing protocol.
Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the following illustration. The configuration parameters do not need to match. Figure 15. Establishing a BFD Session on Physical Ports 1. Enter interface mode. CONFIGURATION mode interface 2. Assign an IP address to the interface if one is not already assigned. INTERFACE mode ip address ip-address 3.
Session Discriminator: 1 Neighbor Discriminator: 1 Local Addr: 2.2.2.1 Local MAC Addr: 00:01:e8:09:c3:e5 Remote Addr: 2.2.2.
Statistics: Number of Number of Number of Number of Number of packets received from neighbor: 4092 packets sent to neighbor: 4093 state changes: 1 messages from IFA about port state change: 0 messages communicated b/w Manager and Agent: 7 Disabling and Re-Enabling BFD BFD is enabled on all interfaces by default, though sessions are not created unless explicitly configured.
Establishing Sessions for Static Routes Sessions are established for all neighbors that are the next hop of a static route. Figure 16. Establishing Sessions for Static Routes To establish a BFD session, use the following command. • Establish BFD sessions for all neighbors that are the next hop of a static route. CONFIGURATION mode ip route bfd Example of the show bfd neighbors Command to Verify Static Routes To verify that sessions have been created for static routes, use the show bfd neighbors command.
• Change parameters for all static route sessions. CONFIGURATION mode ip route bfd interval milliseconds min_rx milliseconds multiplier value role [active | passive] To view session parameters, use the show bfd neighbors detail command, as shown in the examples in Displaying BFD for BGP Information. Disabling BFD for Static Routes If you disable BFD, all static route BFD sessions are torn down.
Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state. Figure 17. Establishing Sessions with OSPF Neighbors To establish BFD with all OSPF neighbors or with OSPF neighbors on a single interface, use the following commands. • Establish sessions with all OSPF neighbors.
INTERFACE mode ip ospf bfd all-neighbors Example of Verifying Sessions with OSPF Neighbors To view the established sessions, use the show bfd neighbors command. The bold line shows the OSPF BFD sessions. R2(conf-router_ospf)#bfd all-neighbors R2(conf-router_ospf)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2.2.2 2.2.2.1 Gi 2/1 Up 100 100 3 O * 2.2.3.1 2.2.3.
• Disable BFD sessions with all OSPF neighbors. ROUTER-OSPF mode • no bfd all-neighbors Disable BFD sessions with all OSPF neighbors on an interface. INTERFACE mode ip ospf bfd all-neighbors disable Configure BFD for OSPFv3 BFD for OSPFv3 is only supported on the S4820T platform. BFD for OSPFv3 provides support for IPV6. Configuring BFD for OSPFv3 is a two-step process: 1. Enable BFD globally. 2. Establish sessions with OSPFv3 neighbors.
To view session parameters, use the show bfd neighbors detail command, as shown in the example in Displaying BFD for BGP Information. • Change parameters for all OSPFv3 sessions. ROUTER-OSPFv3 mode • bfd all-neighbors interval milliseconds min_rx milliseconds multiplier value role [active | passive] Change parameters for OSPFv3 sessions on a single interface.
Establishing Sessions with IS-IS Neighbors BFD sessions can be established for all IS-IS neighbors at once or sessions can be established for all neighbors out of a specific interface. Figure 18. Establishing Sessions with IS-IS Neighbors To establish BFD with all IS-IS neighbors or with IS-IS neighbors on a single interface, use the following commands. • Establish sessions with all IS-IS neighbors. ROUTER-ISIS mode • bfd all-neighbors Establish sessions with IS-IS neighbors on a single interface.
The bold line shows that IS-IS BFD sessions are enabled. R2(conf-router_isis)#bfd all-neighbors R2(conf-router_isis)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr * 2.2.2.2 RemoteAddr Interface State Rx-int Tx-int Mult Clients 2.2.2.1 Gi 2/1 Up 100 100 3 I Changing IS-IS Session Parameters BFD sessions are configured with default intervals and a default role.
INTERFACE mose isis bfd all-neighbors disable Configure BFD for BGP Bidirectional forwarding detection (BFD) for BGP is supported on the S4820T platform. In a BGP core network, BFD provides rapid detection of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence. BFD for BGP is supported on 1GE, 10GE, 40GE, port-channel, and VLAN interfaces. BFD for BGP does not support IPv6 and the BGP multihop feature.
Figure 19. Establishing Sessions with BGP Neighbors The sample configuration shows alternative ways to establish a BFD session with a BGP neighbor: • By establishing BFD sessions with all neighbors discovered by BGP (the bfd all-neighbors command). • By establishing a BFD session with a specified BGP neighbor (the neighbor {ip-address | peergroup-name} bfd command) BFD packets originating from a router are assigned to the highest priority egress queue to minimize transmission delays.
typical response is to terminate the peering session for the routing protocol and reconverge by bypassing the failed neighboring router. A log message is generated whenever BFD detects a failure condition. 1. Enable BFD globally. CONFIGURATION mode bfd enable 2. Specify the AS number and enter ROUTER BGP configuration mode. CONFIGURATION mode router bgp as-number 3. Add a BGP neighbor or peer group in a remote AS. CONFIG-ROUTERBGP mode neighbor {ip-address | peer-group name} remote-as as-number 4.
ROUTER BGP mode • neighbor {ip-address | peer-group-name} bfd disable Remove the disabled state of a BFD for BGP session with a specified neighbor. ROUTER BGP mode no neighbor {ip-address | peer-group-name} bfd disable Use BFD in a BGP Peer Group You can establish a BFD session for the members of a peer group (the neighbor peer-group-name bfd command in ROUTER BGP configuration mode).
Example of Verifying BGP Configuration Example of Viewing All BFD Neighbors Example of Viewing BFD Neighbor Detail Example of Viewing Configured BFD Counters Example of Viewing BFD Summary Information Example of Viewing BFD Information for a Specified Neighbor R2# show running-config bgp ! router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 no shutdown neighbor 3.3.3.2 remote-as 1 neighbor 3.3.3.
Statistics: Number of packets received from neighbor: 4762 Number of packets sent to neighbor: 4490 Number of state changes: 2 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 5 Session Discriminator: 10 Neighbor Discriminator: 11 Local Addr: 2.2.2.3 Local MAC Addr: 00:01:e8:66:da:34 Remote Addr: 2.2.2.
Up Down Admin Down : 1 : 0 : 2 The bold line shows the message displayed when you enable BFD for BGP connections. R2# show ip bgp summary BGP router identifier 10.0.0.1, local AS number 2 BGP table version is 0, main routing table version 0 BFD is enabled, Interval 100 Min_rx 100 Multiplier 3 Role Active 3 neighbor(s) using 24168 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pfx 1.1.1.2 2.2.2.2 3.3.3.
Connections established 1; dropped 0 Last reset never Local host: 2.2.2.3, Local port: 63805 Foreign host: 2.2.2.2, Foreign port: 179 E1200i_ExaScale# R2# show ip bgp neighbors 2.2.2.3 BGP neighbor is 2.2.2.3, remote AS 1, external link Member of peer-group pg1 for session parameters BGP version 4, remote router ID 12.0.0.4 BGP state ESTABLISHED, in this state for 00:05:33 ... Neighbor is using BGP neighbor mode BFD configuration Peer active in peer-group outbound optimization ...
Establishing Sessions with All VRRP Neighbors BFD sessions can be established for all VRRP neighbors at once, or a session can be established with a particular neighbor. Figure 20. Establishing Sessions with All VRRP Neighbors To establish sessions with all VRRP neighbors, use the following command. • Establish sessions with all VRRP neighbors.
The bold line shows that VRRP BFD sessions are enabled. R1(conf-if-gi-4/25)#vrrp bfd all-neighbors R1(conf-if-gi-4/25)#do show bfd neighbor * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) V - VRRP LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients * 2.2.5.1 2.2.5.2 Gi 4/25 Down 1000 1000 3 V To view session state information, use the show vrrp command. The bold line shows the VRRP BFD session.
Disabling BFD for VRRP If you disable any or all VRRP sessions, the sessions are torn down. A final Admin Down control packet is sent to all neighbors and sessions on the remote system change to the Down state. To disable all VRRP sessions on an interface, sessions for a particular VRRP group, or for a particular VRRP session on an interface, use the following commands. • Disable all VRRP sessions on an interface. INTERFACE mode • no vrrp bfd all-neighbors Disable all VRRP sessions in a VRRP group.
R1(conf-if-gi-4/24)#00:54:38: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Down for neighbor 2.2.2.2 on interface Gi 4/24 (diag: 0) 00:54:38 : Sent packet for session with neighbor 2.2.2.2 on Gi 4/24 TX packet dump: Version:1, Diag code:0, State:Down, Poll bit:0, Final bit:0, Demand bit:0 myDiscrim:4, yourDiscrim:0, minTx:1000000, minRx:1000000, multiplier:3, minEchoRx:0 00:54:38 : Received packet for session with neighbor 2.2.2.
10 Border Gateway Protocol IPv4 (BGPv4) Border gateway protocol IPv4 (BGPv4) version 4 (BGPv4) is supported on the S4820T platform. This chapter provides a general description of BGPv4 as it is supported in the Dell Networking Operating System (OS). BGP protocol standards are listed in the Standards Compliance chapter. BGP is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS).
Figure 21. Internal BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol — a computer network in which BGP maintains the path that updated information takes as it diffuses through the network. Updates traveling through the network and returning to the same node are easily detected and discarded.
Figure 22. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers. A Peer is also called a Neighbor.
Establish a Session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies. In order to make decisions in its operations with other BGP peers, a BGP process uses a simple finite state machine that consists of six states: Idle, Connect, Active, OpenSent, OpenConfirm, and Established. For each peer-to-peer session, a BGP implementation tracks which of these six states the session is in.
Route reflection divides iBGP peers into two groups: client peers and nonclient peers. A route reflector and its client peers form a route reflection cluster. Because BGP speakers announce only the best route for a given prefix, route reflector rules are applied after the router makes its best path decision. • If a route was received from a nonclient peer, reflect the route to all client peers. • If the route was received from a client peer, reflect the route to all nonclient and all client peers.
• Next Hop NOTE: There are no hard coded limits on the number of attributes that are supported in the BGP. Taking into account other constraints such as the Packet Size, maximum number of attributes are supported in BGP. Communities BGP communities are sets of routes with one or more common attributes. Communities are a way to assign common attributes to multiple routes at the same time. NOTE: Duplicate communities are not rejected.
Figure 24. BGP Best Path Selection Best Path Selection Details 1. Prefer the path with the largest WEIGHT attribute. 2. Prefer the path with the largest LOCAL_PREF attribute. 3. Prefer the path that was locally Originated via a network command, redistribute command or aggregate-address command. a. 4. Routes originated with the Originated via a network or redistribute commands are preferred over routes originated with the aggregate-address command.
c. Paths with no MED are treated as “worst” and assigned a MED of 4294967295. 7. Prefer external (EBGP) to internal (IBGP) paths or confederation EBGP paths. 8. Prefer the path with the lowest IGP metric to the BGP if next-hop is selected when synchronization is disabled and only an internal path remains. 9. Dell Networking OS deems the paths as equal and does not perform steps 9 through 11, if the following criteria is met: a.
and AS300. This is advertised to all routers within AS100, causing all BGP speakers to prefer the path through Router B. Figure 25. BGP Local Preference Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discriminator (MED) can be used to assign a preference to a preferred path. MED is one of the criteria used to determine the best path, so keep in mind that other criteria may impact selection, as shown in the illustration in Best Path Selection Criteria.
Figure 26. Multi-Exit Discriminators NOTE: Configuring the set metric-type internal command in a route-map advertises the IGP cost as MED to outbound EBGP peers when redistributing routes. The configured set metric value overwrites the default IGP cost. If the outbound route-map uses MED, it overwrites IGP MED. Origin The origin indicates the origin of the prefix, or how the prefix came into BGP. There are three origin codes: IGP, EGP, INCOMPLETE.
*> 7.0.0.0/30 *> 9.2.0.0/16 10.114.8.33 10.114.8.33 0 10 0 0 18508 18508 ? 701 i AS Path The AS path is the list of all ASs that all the prefixes listed in the update have passed through. The local AS number is added by the BGP speaker when advertising to a eBGP neighbor. NOTE: Any update that contains the AS path number 0 is valid. The AS path is shown in the following example. The origin attribute is shown following the AS path information (shown in bold).
Multiprotocol BGP Multiprotocol extensions for BGP (MBGP) is defined in IETF RFC 2858. MBGP allows different types of address families to be distributed in parallel. MBGP for IPv4 multicast is supported on the S4820T platform. MBGP allows information about the topology of the IP multicast-capable routers to be exchanged separately from the topology of normal IPv4 and IPv6 unicast routers. It allows a multicast routing topology different from the unicast routing topology.
• internal configured, BGP advertises the metric configured in the redistribute command as MED. If BGP peer outbound route-map has metric configured, all other metrics are overwritten by this configuration. NOTE: When redistributing static, connected, or OSPF routes, there is no metric option. Simply assign the appropriate route-map to the redistributed route. The following table lists some examples of these rules. Table 8.
Configure 4-byte AS numbers with the four-octet-support command. AS4 Number Representation Dell Networking OS supports multiple representations of 4-byte AS numbers: asplain, asdot+, and asdot. NOTE: The ASDOT and ASDOT+ representations are supported only with the 4-Byte AS numbers feature. If 4-Byte AS numbers are not implemented, only ASPLAIN representation is supported. ASPLAIN is the method Dell Networking OS has used for all previous Dell Networking OS versions.
Dell(conf-router_bgp)#bgp asnotation asdot+ Dell(conf-router_bgp)#show conf ! router bgp 100 bgp asnotation asdot+ bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057
appear as if it still belongs to Router B’s old network (AS 200) as far as communicating with Router C is concerned. Figure 27. Before and After AS Number Migration with Local-AS Enabled When you complete your migration, and you have reconfigured your network with the new information, disable this feature. If you use the “no prepend” option, the Local-AS does not prepend to the updates received from the eBGP peer.
3. Prepend "65001 65002" to as-path. Local-AS is prepended before the route-map to give an impression that update passed through a router in AS 200 before it reached Router B. BGP4 Management Information Base (MIB) The FORCE10-BGP4-V2-MIB enhances Dell Networking OS BGP management information base (MIB) support with many new simple network management protocol (SNMP) objects and notifications (traps) defined in draft-ietf-idr-bgp4-mibv2-05.
• The f10BgpM2[Cfg]PeerReflectorClient field is populated based on the assumption that routereflector clients are not in a full mesh if you enable BGP client-2-client reflection and that the BGP speaker acting as reflector advertises routes learned from one client to another client. If disabled, it is assumed that clients are in a full mesh and there is no need to advertise prefixes to the other clients. • High CPU utilization may be observed during an SNMP walk of a large BGP Loc-RIB.
By default, Dell Networking OS compares the MED attribute on different paths from within the same AS (the bgp always-compare-med command is not enabled). NOTE: In Dell Networking OS, all newly configured neighbors and peer groups are disabled. To enable a neighbor or peer group, enter the neighbor {ip-address | peer-group-name} no shutdown command. The following table displays the default values for BGP on Dell Networking OS. Table 9.
NOTE: Sample Configurations for enabling BGP routers are found at the end of this chapter. 1. Assign an AS number and enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number • as-number: from 0 to 65535 (2 Byte) or from 1 to 4294967295 (4 Byte) or 0.1 to 65535.65535 (Dotted format). Only one AS is supported per system. NOTE: If you enter a 4-Byte AS number, 4-Byte AS support is enabled automatically. a. Enable 4-Byte support for the BGP process. NOTE: This command is OPTIONAL.
3. Enable the BGP neighbor. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} no shutdown Example of the show ip bgp summary Command (2-Byte AS number displayed) Example of the show ip bgp summary Command (4-Byte AS number displayed) Example of the show ip bgp neighbors Command Example of Verifying BGP Configuration NOTE: When you change the configuration of a BGP neighbor, always reset it by entering the clear ip bgp * command in EXEC Privilege mode.
For the router’s identifier, Dell Networking OS uses the highest IP address of the Loopback interfaces configured. Because Loopback interfaces are virtual, they cannot go down, thus preventing changes in the router ID. If you do not configure Loopback interfaces, the highest IP address of any interface is used as the router ID. To view the status of BGP neighbors, use the show ip bgp neighbors command in EXEC Privilege mode as shown in the first example.
Last reset never No active TCP connection Dell# R2#show running-config bgp ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list ISP1in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.9 no shutdown neighbor 192.168.10.
• NOTE: ASPLAIN is the default method Dell Networking OS uses and does not appear in the configuration display. Enable ASDOT AS Number representation. CONFIG-ROUTER-BGP mode • bgp asnotation asdot Enable ASDOT+ AS Number representation.
Configuring Peer Groups To configure multiple BGP neighbors at one time, create and populate a BGP peer group. An advantage of peer groups is that members of a peer group inherit the configuration properties of the group and share same update policy. A maximum of 256 peer groups are allowed on the system. Create a peer group by assigning it a name, then adding members to the peer group. After you create a peer group, you can configure route policies for it.
6. Add a neighbor as a remote AS. CONFIG-ROUTERBGP mode neighbor {ip-address | peer-group name} remote-as as-number Formats: IP Address A.B.C.D • Peer-Group Name: 16 characters. • as-number: the range is from 0 to 65535 (2-Byte) or 1 to 4294967295 | 0.1 to 65535.65535 (4Byte) or 0.1 to 65535.65535 (Dotted format) To add an external BGP (EBGP) neighbor, configure the as-number parameter with a number different from the BGP as-number configured in the router bgp as-number command.
neighbor zanzibar shutdown neighbor 10.1.1.1 remote-as 65535 neighbor 10.1.1.1 shutdown neighbor 10.14.8.60 remote-as 18505 neighbor 10.14.8.60 no shutdown Dell(conf-router_bgp)# To enable a peer group, use the neighbor peer-group-name no shutdown command in CONFIGURATION ROUTER BGP mode (shown in bold).
10.68.178.1 10.68.179.1 10.68.180.1 10.68.181.1 10.68.182.1 10.68.183.1 10.68.184.1 10.68.185.1 Dell> Configuring BGP Fast Fall-Over By default, a BGP session is governed by the hold time. BGP routers typically carry large routing tables, so frequent session resets are not desirable. The BGP fast fall-over feature reduces the convergence time while maintaining stability. The connection to a BGP peer is immediately reset if a link to a directly connected external peer fails.
CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) fall-over enabled Update source set to Loopback 0 Peer active in peer-group outbound optimization For address family: IPv4 Unicast BGP table version 52, neighbor version 52 4 accepted prefixes consume 16 bytes Prefix advertised 0, denied 0, withdrawn 0 Connections established 6; dropped 5 Last reset 00:19:37, due to Reset by peer Notification History 'Connection Reset'
Configuring Passive Peering When you enable a peer-group, the software sends an OPEN message to initiate a TCP connection. If you enable passive peering for the peer group, the software does not send an OPEN message, but it responds to an OPEN message. When a BGP neighbor connection with authentication configured is rejected by a passive peer-group, Dell Networking OS does not allow another passive peer-group on the same subnet to connect with the BGP neighbor.
– Peer Group Name: 16 characters. – AS-number: 0 to 65535 (2-Byte) or 1 to 4294967295 (4-Byte) or 0.1 to 65535.65535 (Dotted format). – No Prepend: specifies that local AS values are not prepended to announcements from the neighbor. Format: IP Address: A.B.C.D. You must Configure Peer Groups before assigning it to an AS. This feature is not supported on passive peer groups. Example of the Verifying that Local AS Numbering is Disabled The first line in bold shows the actual AS number.
– Number: 1 through 10. Format: IP Address: A.B.C.D. You must Configure Peer Groups before assigning it to an AS. Example of Viewing AS Numbers in AS Paths The lines shown in bold are the number of times ASN 65123 can appear in the AS path (allows–in 9). To disable this feature, use the no neighbor allow-as in number command in CONFIGURATION ROUTER BGP mode. R2(conf-router_bgp)#show conf ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.
If you configure your system to do so, Dell Networking OS can perform the following actions during a hot failover: • Save all forwarding information base (FIB) and content addressable memory (CAM) entries on the line card and continue forwarding traffic while the secondary route processor module (RPM) is coming online. • Advertise to all BGP neighbors and peer-groups that the forwarding state of all routes has been saved.
• Set the maximum restart time for the neighbor or peer-group. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} graceful-restart [restart-time timein-seconds] • The default is 120 seconds. Local router supports graceful restart for this neighbor or peer-group as a receiver only. CONFIG-ROUTER-BGP mode • neighbor {ip-address | peer-group-name} graceful-restart [role receiver-only] Set the maximum time to retain the restarting neighbor’s or peer-group’s stale paths.
4. Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5. Use a configured AS-PATH ACL for route filtering and manipulation. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} filter-list as-path-name {in | out} If you assign an non-existent or empty AS-PATH ACL, the software allows all routes. Example of the show ip bgp paths Command To view all BGP path attributes in the BGP database, use the show ip bgp paths command in EXEC Privilege mode.
Regular Expression Definition ^ (caret) Matches the beginning of the input string. Alternatively, when used as the first character within brackets [^ ], this matches any number except the ones specified within the brackets. $ (dollar) Matches the end of the input string. . (period) Matches any single character, including white space. * (asterisk) Matches 0 or more sequences of the immediately previous character or pattern.
Dell(conf-router_bgp)#show conf ! router bgp 99 neighbor AAA peer-group neighbor AAA filter-list Eaglein neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.155.15.2 filter-list 1 in neighbor 10.155.15.2 shutdown Dell(conf-router_bgp)#ex Dell(conf)#ex Dell#show ip as-path-access-lists ip as-path access-list Eagle deny 32$ Dell# Redistributing Routes In addition to filtering routes, you can add routes from other routing instances or protocols to the BGP process.
– map-name: name of a configured route map. Enabling Additional Paths The add-path feature is disabled by default. NOTE: Dell Networking OS recommends not using multipath and add path simultaneously in a route reflector. To allow multiple paths sent to peers, use the following commands. 1. Allow the advertisement of multiple paths for the same address prefix without the new paths replacing any previous ones.
To configure an IP community list, use these commands. 1. Create a community list and enter COMMUNITY-LIST mode. CONFIGURATION mode ip community-list community-list-name 2. Configure a community list by denying or permitting specific community numbers or types of community.
Configuring an IP Extended Community List To configure an IP extended community list, use these commands. 1. Create a extended community list and enter the EXTCOMMUNITY-LIST mode. CONFIGURATION mode ip extcommunity-list extcommunity-list-name 2. Two types of extended communities are supported.
Filtering Routes with Community Lists To use an IP community list or IP extended community list to filter routes, you must apply a match community filter to a route map and then apply that route map to a BGP neighbor or peer group. 1. Enter the ROUTE-MAP mode and assign a name to a route map. CONFIGURATION mode route-map map-name [permit | deny] [sequence-number] 2. Configure a match filter for all routes meeting the criteria in the IP community or IP extended community list.
To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode. If you want to remove or add a specific COMMUNITY number from a BGP path, you must create a route map with one or both of the following statements in the route map. Then apply that route map to a BGP neighbor or peer group. 1. Enter ROUTE-MAP mode and assign a name to a route map. CONFIGURATION mode route-map map-name [permit | deny] [sequence-number] 2.
Dell>show ip bgp community BGP table version is 3762622, local router ID is 10.114.8.48 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network * i 3.0.0.0/8 *>i 4.2.49.12/30 * i 4.21.132.0/23 *>i 4.24.118.16/30 *>i 4.24.145.0/30 *>i 4.24.187.12/30 *>i 4.24.202.0/30 *>i 4.25.88.0/30 *>i 6.1.0.0/16 *>i 6.2.0.0/22 *>i 6.3.0.0/18 *>i 6.4.0.0/16 *>i 6.5.0.0/19 *>i 6.8.0.0/20 *>i 6.9.0.0/20 *>i 6.10.0.0/15 *>i 6.14.0.0/15 *>i 6.133.0.
CONFIG-ROUTER-BGP mode bgp default local-preference value – value: the range is from 0 to 4294967295. The default is 100. To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode or the show running-config bgp command in EXEC Privilege mode. A more flexible method for manipulating the LOCAL_PREF attribute value is to use a route map. 1. Enter the ROUTE-MAP mode and assign a name to a route map. CONFIGURATION mode route-map map-name [permit | deny] [sequence-number] 2.
set next-hop ip-address Changing the WEIGHT Attribute To change how the WEIGHT attribute is used, enter the first command. You can also use route maps to change this and other BGP attributes. For example, you can include the second command in a route map to specify the next hop address. • Assign a weight to the neighbor connection. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} weight weight – weight: the range is from 0 to 65535. • The default is 0. Sets weight for the route.
For inbound and outbound updates the order of preference is: • prefix lists (using the neighbor distribute-list command) • AS-PATH ACLs (using the neighbor filter-list command) • route maps (using the neighbor route-map command) Prior to filtering BGP routes, create the prefix list, AS-PATH ACL, or route map. For configuration information about prefix lists, AS-PATH ACLs, and route maps, refer to Access Control Lists (ACLs).
• If the prefix list contains no filters, all routes are permitted. • If none of the routes match any of the filters in the prefix list, the route is denied. This action is called an implicit deny. (If you want to forward all routes that do not match the prefix list criteria, you must configure a prefix list filter to permit all routes. For example, you could have the following filter as the last filter in your prefix list permit 0.0.0.0/0 le 32).
Filtering BGP Routes Using AS-PATH Information To filter routes based on AS-PATH information, use these commands. 1. Create a AS-PATH ACL and assign it a name. CONFIGURATION mode ip as-path access-list as-path-name 2. Create a AS-PATH ACL filter with a deny or permit action. AS-PATH ACL mode {deny | permit} as-regular-expression 3. Return to CONFIGURATION mode. AS-PATH ACL exit 4. Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5.
• Assign an ID to a router reflector cluster. CONFIG-ROUTER-BGP mode bgp cluster-id cluster-id • You can have multiple clusters in an AS. Configure the local router as a route reflector and the neighbor or peer group identified is the route reflector client. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-reflector-client When you enable a route reflector, Dell Networking OS automatically enables route reflection to all clients.
Configuring BGP Confederations Another way to organize routers within an AS and reduce the mesh for IBGP peers is to configure BGP confederations. As with route reflectors, BGP confederations are recommended only for IBGP peering involving many IBGP peering sessions per router. Basically, when you configure BGP confederations, you break the AS into smaller sub-AS, and to those outside your network, the confederations appear as one AS.
• history entry — an entry that stores information on a downed route • dampened path — a path that is no longer advertised • penalized path — a path that is assigned a penalty To configure route flap dampening parameters, set dampening parameters using a route map, clear information on route dampening and return suppressed routes to active state, view statistics on route flapping, or change the path selection from the default mode (deterministic) to non-deterministic, use the following commands.
show ip bgp flap-statistics [ip-address [mask]] [filter-list as-path-name] [regexp regular-expression] – ip-address [mask]: enter the IP address and mask. – filter-list as-path-name: enter the name of an AS-PATH ACL. – regexp regular-expression: enter a regular express to match on. • By default, the path selection in Dell Networking OS is deterministic, that is, paths are compared irrespective of the order of their arrival.
BGP table version is 855562, main routing table version 780266 122836 network entrie(s) and 221664 paths using 29697640 bytes of memory 34298 BGP path attribute entrie(s) using 1920688 bytes of memory 29577 BGP AS-PATH entrie(s) using 1384403 bytes of memory 184 BGP community entrie(s) using 7616 bytes of memory Dampening enabled. 0 history paths, 0 dampened paths, 0 penalized paths Neighbor AS MsgRcvd MsgSent TblVer 10.114.8.34 18508 82883 79977 780266 10.114.8.
without clearing the BGP Session. Soft-reconfig can be done on a per-neighbor basis and can either be inbound or outbound. BGP soft-reconfiguration clears the policies without resetting the TCP connection. To reset a BGP connection using BGP soft reconfiguration, use the clear ip bgp command in EXEC Privilege mode at the system prompt.
Dell>router bgp 100 neighbor 10.108.1.1 remote-as 200 neighbor 10.108.1.1 soft-reconfiguration inbound Route Map Continue The BGP route map continue feature, continue [sequence-number], (in ROUTE-MAP mode) allows movement from one route-map entry to a specific route-map entry (the sequence number). If you do not specify a sequence number, the continue feature moves to the next sequence number (also known as an “implied continue”).
• Send a capacity advertisement to the peer in the BGP Open message specifying IPv4 multicast as a supported AFI/SAFI (Subsequent Address Family Identifier). • If the corresponding capability is received in the peer’s Open message, BGP marks the peer as supporting the AFI/SAFI. • When exchanging updates with the peer, BGP sends and receives IPv4 multicast routes if the peer is marked as supporting that AFI/SAFI.
EXEC Privilege mode • debug ip bgp [ip-address | peer-group peer-group-name] keepalive [in | out] View information about BGP notifications received from or sent to neighbors. EXEC Privilege mode • debug ip bgp [ip-address | peer-group peer-group-name] notifications [in | out] View information about BGP updates and filter by prefix name. EXEC Privilege mode • debug ip bgp [ip-address | peer-group peer-group-name] updates [in | out] [prefix-list name] Enable soft-reconfiguration debug.
Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) For address family: IPv4 Unicast BGP table version 1395, neighbor version 1394 Prefixes accepted 1 (consume 4 bytes), 0 withdrawn by peer Prefixes advertised 0, rejected 0, 0 withdrawn from peer Connections established 3; dropped 2 Last reset 00:00:12, due to Missing well known att
Dell#show capture bgp-pdu neighbor 20.20.20.2 Incoming packet capture enabled for BGP neighbor 20.20.20.
Sample Configurations The following example configurations show how to enable BGP and set up some peer groups. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations. To support your own IP addresses, interfaces, names, and so on, you can copy and paste from these examples to your CLI. Be sure that you make the necessary changes. The following illustration shows the configurations described on the following examples.
Example of Enabling BGP (Router 1) Example of Enabling BGP (Router 2) Example of Enabling BGP (Router 3) Example of Enabling Peer Groups (Router 1) Example of Enabling Peer Groups (Router 2) Example of Enabling Peer Groups (Router 3) R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int te 1/21 R1(conf-if-te-1/21)#ip address 10.0.1.
R2(conf-if-lo-0)#int te 2/11 R2(conf-if-te-2/11)#ip address 10.0.1.22/24 R2(conf-if-te-2/11)#no shutdown R2(conf-if-te-2/11)#show config ! interface TengigabitEthernet 2/11 ip address 10.0.1.22/24 no shutdown R2(conf-if-te-2/11)#int te 2/31 R2(conf-if-te-2/31)#ip address 10.0.2.2/24 R2(conf-if-te-2/31)#no shutdown R2(conf-if-te-2/31)#show config ! interface TengigabitEthernet 2/31 ip address 10.0.2.2/24 no shutdown R2(conf-if-te-2/31)# R2(conf-if-te-2/31)#router bgp 99 R2(conf-router_bgp)#network 192.168.
R3(conf-router_bgp)#neighbor 192.168.128.1 R3(conf-router_bgp)#neighbor 192.168.128.1 R3(conf-router_bgp)#neighbor 192.168.128.1 R3(conf-router_bgp)#neighbor 192.168.128.2 R3(conf-router_bgp)#neighbor 192.168.128.2 R3(conf-router_bgp)#neighbor 192.168.128.2 R3(conf-router_bgp)#show config remote 99 no shut update-source loop 0 remote 99 no shut update loop 0 conf R1(conf)#router bgp 99 R1(conf-router_bgp)# network 192.168.128.
'Connection Reset' Sent : 1 Recv: 0 Last notification (len 21) sent 00:00:57 ago ffffffff ffffffff ffffffff ffffffff 00150306 00000000 Local host: 192.168.128.1, Local port: 179 Foreign host: 192.168.128.2, Foreign port: 65464 BGP neighbor is 192.168.128.3, remote AS 100, external link Member of peer-group BBB for session parameters BGP version 4, remote router ID 192.168.128.
R3#conf R3(conf)#router bgp 100 R3(conf-router_bgp)# neighbor AAA peer-group R3(conf-router_bgp)# neighbor AAA no shutdown R3(conf-router_bgp)# neighbor CCC peer-group R3(conf-router_bgp)# neighbor CCC no shutdown R3(conf-router_bgp)# neighbor 192.168.128.2 peer-group BBB R3(conf-router_bgp)# neighbor 192.168.128.2 no shutdown R3(conf-router_bgp)# neighbor 192.168.128.1 peer-group BBB R3(conf-router_bgp)# neighbor 192.168.128.
BGP version 4, remote router ID 192.168.128.
Content Addressable Memory (CAM) 11 Content addressable memory (CAM) is supported on the S4820T platform. CAM is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 and Layer 3 forwarding information, access-lists (ACLs), flows, and routing policies. CAM Allocation The user configurable CAM allocations feature is available on the S4820T platform.
CAM Allocation Setting Openflow 0 fedgovacl 0 The following additional CAM allocation settings are supported on the S6000, S4810 or S4820T platforms only. Table 11. Additional Default CAM Allocation Settings Additional CAM Allocation Setting FCoE ACL (fcoeacl) 0 ISCSI Opt ACL (iscsioptacl) 0 The ipv6acl and vman-dual-qos allocations must be entered as a factor of 2 (2, 4, 6, 8, 10). All other profile allocations can use either even or odd numbered ranges.
Dell(conf)# 1. Select a cam-acl action. CONFIGURATION mode cam-acl [default | l2acl] NOTE: Selecting default resets the CAM entries to the default settings. Select l2acl to allocate the desired space for all other regions. 2. Enter the number of FP blocks for each region.
View CAM Profiles To view the current CAM profile for the chassis and each component, use the show cam-profile command. This command also shows the profile that is loaded after the next chassis or component reload.
L2Acl Ipv4Acl Ipv6Acl Ipv4Qos L2Qos L2PT IpMacAcl VmanQos VmanDualQos EcfmAcl FcoeAcl iscsiOptAcl ipv4pbr vrfv4Acl Openflow fedgovacl : : : : : : : : : : : : : : : : 6 4 0 2 1 0 0 0 0 0 0 0 0 0 0 0 4 2 0 2 1 0 0 0 0 0 0 0 2 2 0 0 -- Stack unit 0 -Current Settings(in block sizes) Next Boot(in block sizes) 1 block = 128 entries L2Acl : 6 4 Ipv4Acl : 4 2 Ipv6Acl : 0 0 Ipv4Qos : 2 2 L2Qos : 1 1 L2PT : 0 0 IpMacAcl : 0 0 VmanQos : 0 0 VmanDualQos : 0 0 EcfmAcl : 0 0 FcoeAcl : 0 0 iscsiOptAcl : 0 0 ipv4pbr :
ipv4pbr vrfv4Acl Openflow fedgovacl : : : : 0 0 0 0 -- Stack unit 0 -Current Settings(in block sizes) 1 block = 128 entries L2Acl : 6 Ipv4Acl : 4 Ipv6Acl : 0 Ipv4Qos : 2 L2Qos : 1 L2PT : 0 IpMacAcl : 0 VmanQos : 0 VmanDualQos : 0 EcfmAcl : 0 FcoeAcl : 0 iscsiOptAcl : 0 ipv4pbr : 0 vrfv4Acl : 0 Openflow : 0 fedgovacl : 0 -- Stack unit 7 -Current Settings(in block sizes) 1 block = 128 entries L2Acl : 6 Ipv4Acl : 4 Ipv6Acl : 0 Ipv4Qos : 2 L2Qos : 1 L2PT : 0 IpMacAcl : 0 VmanQos : 0 VmanDualQos : 0 EcfmAcl :
| | | 0 | | | | | | | | | | | Codes: * - cam usage Dell# 7 OUT-L2 ACL IN-L3 ACL IN-V6 ACL IN-L2 ACL OUT-L3 ACL OUT-V6 ACL OUT-L2 ACL is above 90%. | | | | | | | 206 512 0 768 158 158 206 | | | | | | | 7 1 0 0 5 0 7 | | | | | | | 199 511 0 768 153 158 199 CAM Optimization CAM optimization is supported on the S4820T platform.
If you exceed the QoS CAM space, follow these steps. 1. Verify that you have configured a CAM profile that allocates 24 K entries to the IPv4 system flow region. 2. Allocate more entries in the IPv4Flow region to QoS. Dell Networking OS supports the ability to view the actual CAM usage before applying a service-policy. The test cam-usage service-policy command provides this test framework. For more information, refer to Pre-Calculating Available QoS CAM Space.
Control Plane Policing (CoPP) 12 Control plane policing (CoPP) is supported on the S4820T platform. Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system’s control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, rate-limits, traffic to an acceptable level.
Figure 30. CoPP Implemented Versus CoPP Not Implemented Configure Control Plane Policing The S4820T can process a maximum of 4200 packets per second (PPS). Protocols that share a single queue may experience flaps if one of the protocols receives a high rate of control traffic even though per protocol CoPP is applied. This happens because queue-based rate limiting is applied first.
CoPP policies are assigned on a per-protocol or a per-queue basis, and are assigned in CONTROLPLANE mode to each port-pipe. CoPP policies are configured by creating extended ACL rules and specifying rate-limits through QoS policies. The ACLs and QoS policies are assigned as service-policies. Configuring CoPP for Protocols This section lists the commands necessary to create and enable the service-policies for CoPP.
8. Assign the protocol based the service policy on the control plane. Enabling this command on a portpipe automatically enables the ACL and QoS rules creates with the cpu-qos keyword.
Dell(conf)#policy-map-input egressFP_rate_policy cpu-qos Dell(conf-policy-map-in-cpuqos)#class-map class_ospf qos-policy rate_limit_500k Dell(conf-policy-map-in-cpuqos)#class-map class_bgp qos-policy rate_limit_400k Dell(conf-policy-map-in-cpuqos)#class-map class_lacp qos-policy rate_limit_200k Dell(conf-policy-map-in-cpuqos)#class-map class-ipv6 qos-policy rate_limit_200k Dell(conf-policy-map-in-cpuqos)#exit Dell(conf)#control-plane-cpuqos Dell(conf-control-cpuqos)#service-policy rate-limit-protocols egres
Dell(conf)#policy-map-input cpuq_rate_policy cpu-qos Dell(conf-qos-policy-in)#service-queue 5 qos-policy cpuq_1 Dell(conf-qos-policy-in)#service-queue 6 qos-policy cpuq_2 Dell(conf-qos-policy-in)#service-queue 7 qos-policy cpuq_1 Dell#conf Dell(conf)#control-plane Dell(conf-control-plane)#service-policy rate-limit-cpu-queues cpuq_rate_policy CoPP for OSPFv3 Packets This functionality is supported on the S6000, S4810, S4820T, Z9000, and MXL platforms.
queuing points, and the queue (0 – 3) taken by the CPU bound data streams are uniform. In back-plane ports, queue 0 – 3 will carry both the front-end bound data streams as well as the CPU bound data streams which is acceptable but the well-known protocol streams must not be mixed with the data streams on queues 0 – 3 in back-plane ports.
NDP Packets Neighbor discovery protocol has 4 types of packets NS, NA, RA, RS. These packets need to be taken to CPU for neighbor discovery. • Unicast NDP packets: – Packets hitting the L3 host/route table and discovered as local terminated packets/CPU bound traffic. For CPU bound traffic route entry have CPU action. Below are packets are CPU bound traffic. • * Packets destined to chassis.
CPU Queue Weights Rate (pps) Protocol 4 127 2000 IPC/IRC, VLT Control frames 5 16 300 ARP Request, NS, RS, iSCSI OPT Snooping 6 16 400 ICMP, ARP Reply, NTP, Local terminated L3, NA, RA,ICMPv6 (other Than NDP and MLD) 7 64 400 xSTP, FRRP, LACP, 802.
To configure control-plane policing, perform the following: 1. Create an IPv6 ACL for control-plane traffic policing for ospfv3. CONFIGURATION mode Dell(conf)#ipv6 access-list ospfv3 cpu-qos Dell(conf-ipv6-acl-cpuqos)#permit ospf 2. Create a QoS input policy for the router and assign the policing. CONFIGURATION mode Dell(conf)#qos-policy-input ospfv3_rate cpu-qos Dell(conf-in-qos-policy-cpuqos)#rate-police 1500 16 peak 1500 16 3.
Q3 Q4 Q5 Q6 Q7 Dell# 300 2000 400 400 1100 To view the queue mapping for each configured protocol, use the show ip protocol-queuemapping command.
Data Center Bridging (DCB) 13 Data center bridging (DCB) is supported on the S4820T platform. NOTE: DCB is not supported when you use 10GBaseT ports for stacking. Ethernet Enhancements in Data Center Bridging The following section describes DCB. The S4820T system supports loading two DCB_Config files: FCoE_DCB_Config and iSCSI_DCB_Config. These files are located in the root directory flash:/CONFIG_TEMPLATE. After copying the configuration files to the startup config and reloading the system.
streaming video, are more sensitive to latency. Ethernet functions as a best-effort network that may drop packets in case of network congestion. IP networks rely on transport protocols (for example, TCP) for reliable data transmission with the associated cost of greater processing overhead and performance impact. Storage traffic Storage traffic based on Fibre Channel media uses the Small Computer System Interface (SCSI) protocol for data transfer.
The system supports loading two DCB_Config files: • FCoE converged traffic with priority 3. • iSCSI storage traffic with priority 4. In the Dell Networking OS, PFC is implemented as follows: • PFC supports buffering to receive data that continues to arrive on an interface while the remote system reacts to the PFC operation. • PFC uses DCB MIB IEEE 802.1azd2.5 and PFC MIB IEEE 802.1bb-d2.2. • PFC is supported on specified 802.1p priority traffic (dot1p 0 to 7) and is configured per interface.
low-latency storage or server cluster traffic in a traffic class to receive more bandwidth and restrict besteffort LAN traffic assigned to a different traffic class. Although you can configure strict-priority queue scheduling for a priority group, ETS introduces flexibility that allows the bandwidth allocated to each priority group to be dynamically managed according to the amount of LAN, storage, and server traffic in a flow. Unused bandwidth is dynamically allocated to prioritized priority groups.
– No bandwidth limit or no ETS processing • Bandwidth allocated by the ETS algorithm is made available after strict-priority groups are serviced. Bandwidth is distributed in the following ways: – If bandwidth is not assigned to the priority groups, all available bandwidth is equally distributed among the priority groups.
Data Center Bridging in a Traffic Flow The following figure shows how DCB handles a traffic flow on an interface. Figure 32. DCB PFC and ETS Traffic Handling Enabling Data Center Bridging DCB is automatically configured when you configure FCoE or iSCSI optimization. Data center bridging supports converged enhanced Ethernet (CEE) in a data center network. DCB is disabled by default. It must be enabled to support CEE.
To enable DCB with PFC buffers on a switch, enter the following commands, save the configuration, and reboot the system to allow the changes to take effect. 1. Enable DCB. CONFIGURATION mode dcb enable 2. Set PFC buffering on the DCB stack unit. CONFIGURATION mode dcb stack-unit all pfc-buffering pfc-ports 64 pfc-queues 2 NOTE: To save the pfc buffering configuration changes, save the configuration and reboot the system.
dot1p Value in the Incoming Frame Egress Queue Assignment 5 5 6 6 7 7 Configuring Priority-Based Flow Control PFC provides a flow control mechanism based on the 802.1p priorities in converged Ethernet traffic received on an interface and is enabled by default when you enable DCB. As an enhancement to the existing Ethernet pause mechanism, PFC stops traffic transmission for specified priorities (Class of Service (CoS) values) without impacting other priority classes.
3. Configure the CoS traffic to be stopped for the specified delay. DCB INPUT POLICY mode pfc priority priority-range Enter the 802.1p values of the frames to be paused. The range is from 0 to 7. The default is none. Maximum number of loss less queues supported on the switch: 2. Separate priority values with a comma. Specify a priority range with a dash, for example: pfc priority 1,3,5-7. 4.
To remove a DCB input policy, including the PFC configuration it contains, use the no dcb-input policy-name command in INTERFACE Configuration mode. To disable PFC operation on an interface, use the no pfc mode on command in DCB Input Policy Configuration mode. PFC is enabled and disabled as the global DCB operation is enabled (dcb enable) or disabled (no dcb enable). You can enable any number of 802.1p priorities for PFC. Queues to which PFC priority traffic is mapped are lossless by default.
Lossless traffic egresses out the no-drop queues. Ingress dot1p traffic from PFC-enabled interfaces is automatically mapped to the no-drop egress queues. 1. Enter INTERFACE Configuration mode. CONFIGURATION mode interface type slot/port 2. Configure the port queues that will still function as no-drop queues for lossless traffic. INTERFACE mode pfc no-drop queues queue-range For the dot1p-queue assignments, refer to the dot1p Priority-Queue Assignment table.
Valid stack-unit IDs are 0 to 5. The only valid port-set ID (port-pipe number) is 0. Dell Networking OS Behavior: If you configure PFC on a 40GbE port, count the 40GbE port as four PFCenabled ports in the pfc-port number you enter in the command syntax. To achieve lossless PFC operation, the PFC port count and queue number used for the reserved buffer size that is created must be greater than or equal to the buffer size required for PFC-enabled ports and lossless queues on the switch.
• You can only use a QoS DCB output policy in association with a priority group in a DCB output policy and cannot be applied to an interface as a normal QoS output policy (refer to Applying an ETS Output Policy for a Priority Group to an Interface and Creating an Output QoS Policy in the Quality of Service (QoS) chapter.). NOTE: The IEEE 802.1Qaz, CEE, and CIN versions of ETS are supported.
ETS-assigned bandwidth allocation and scheduling apply only to data queues, not to control queues. Dell Networking OS supports hierarchical scheduling on an interface. Dell Networking OS control traffic is redirected to control queues as higher priority traffic with strict-priority scheduling. After control queues drain out, the remaining data traffic is scheduled to queues according to the bandwidth and scheduler configuration in the DCB output policy.
Creating an ETS Priority Group An ETS priority group specifies the range of 802.1p priority traffic to which a QoS output policy with ETS settings is applied on an egress interface. You can associate a priority group to more than one ETS output policy on different interfaces. 1. Create an ETS priority group to use with an ETS output policy. CONFIGURATION mode priority-group group-name The maximum is 32 characters. 2. Configure the priority-group identifier.
The maximum number of priority groups supported in ETS output policies on an interface is equal to the number of data queues (4) on the port. The 802.1p priorities in a priority group can map to multiple queues. If you configure more than one priority queue as strict priority or more than one priority group as strict priority, the higher numbered priority queue is given preference when scheduling data traffic.
Dell Networking OS Behavior: Create a DCB output policy to associate a priority group with an ETS output policy with scheduling and bandwidth configuration. You can apply a DCB output policy on multiple egress ports. The ETS configuration associated with 802.1p priority traffic in a DCB output policy is used in DCBx negotiation with ETS peers.
Configuring Bandwidth Allocation for DCBx CIN After you apply an ETS output policy to an interface, if the DCBx version used in your data center network is CIN, you may need to configure a QoS output policy to overwrite the default CIN bandwidth allocation. This default setting divides the bandwidth allocated to each port queue equally between the dot1p priority traffic assigned to the queue.
CONFIGURATION mode dcb-policy input stack-unit {all | stack-unit-id} stack-ports all dcb-inputpolicy-name Entering this command removes all DCB input policies applied to stacked ports. A dcb-policy input stack-unit all command overwrites any previous dcb-policy input stack-unit stack-unit-id configurations. Similarly, a dcb-policy input stack-unit stackunit-id command overwrites any previous dcb-policy input stack-unit all configuration.
Prerequisite: For DCBx, enable LLDP on all DCB devices. DCBx Operation DCBx performs the following operations: • Discovers DCB configuration (such as PFC and ETS) in a peer device. • Detects DCB mis-configuration in a peer device; that is, when DCB features are not compatibly configured on a peer device and the local switch. Mis-configuration detection is feature-specific because some DCB features support asymmetric configuration.
When an auto-downstream port receives and overwrites its configuration with internally propagated information, one of the following actions is taken: • If the peer configuration received is compatible with the internally propagated port configuration, the link with the DCBx peer is enabled.
NOTE: On a DCBx port, application priority TLV advertisements are handled as follows: • The application priority TLV is transmitted only if the priorities in the advertisement match the configured PFC priorities on the port. • On auto-upstream and auto-downstream ports: – If a configuration source is elected, the ports send an application priority TLV based on the application priority TLV received on the configuration-source port.
A newly elected configuration source propagates configuration changes received from a peer to the other auto-configuration ports. Ports receiving auto-configuration information from the configuration source ignore their current settings and use the configuration source information. Propagation of DCB Information When an auto-upstream or auto-downstream port receives a DCB configuration from a peer, the port acts as a DCBx client and checks if a DCBx configuration source exists on the switch.
DCBx Example The following figure shows how to use DCBx. The external 40GbE ports on the base module (ports 33 and 37) of two switches are used for uplinks configured as DCBx auto-upstream ports. The S4820T is connected to third-party, top-of-rack (ToR) switches through 40GbE uplinks. The ToR switches are part of a Fibre Channel storage network. The internal ports (ports 1-32) connected to the 10GbE backplane are configured as auto-downstream ports.
1. Configure ToR- and FCF-facing interfaces as auto-upstream ports. 2. Configure server-facing interfaces as auto-downstream ports. 3. Configure a port to operate in a configuration-source role. 4. Configure ports to operate in a manual role. 1. Enter INTERFACE Configuration mode. CONFIGURATION mode interface type slot/port 2. Enter LLDP Configuration mode to enable DCBx operation. INTERFACE mode [no] protocol lldp 3.
5. On manual ports only: Configure the PFC and ETS TLVs advertised to DCBx peers. PROTOCOL LLDP mode [no] advertise DCBx-tlv {ets-conf | ets-reco | pfc} [ets-conf | ets-reco | pfc] [ets-conf | ets-reco | pfc] • ets-conf: enables the advertisement of ETS Configuration TLVs. • ets-reco: enables the advertisement of ETS Recommend TLVs. • pfc enables: the advertisement of PFC TLVs. The default is All PFC and ETS TLVs are advertised.
3. Configure the DCBx version used on all interfaces not already configured to exchange DCB information. PROTOCL LLDP mode [no] DCBx version {auto | cee | cin | ieee-v2.5} • auto: configures all ports to operate using the DCBx version received from a peer. • cee: configures a port to use CEE (Intel 1.01). cin configures a port to use Cisco-Intel-Nuova (DCBx 1.0). • ieee-v2.5: configures a port to use IEEE 802.1Qaz (Draft 2.5). The default is Auto.
6. Configure the FCoE priority advertised for the FCoE protocol in Application Priority TLVs. PROTOCOL LLDP mode [no] fcoe priority-bits priority-bitmap The priority-bitmap range is from 1 to FF. The default is 0x8. 7. Configure the iSCSI priority advertised for the iSCSI protocol in Application Priority TLVs. PROTOCOL LLDP mode [no] iscsi priority-bits priority-bitmap The priority-bitmap range is from 1 to FF. The default is 0x10.
– fail: enables traces for DCBx failures. – mgmt: enables traces for DCBx management frames. – resource: enables traces for DCBx system resource frames. – sem: enables traces for the DCBx state machine. – tlv: enables traces for DCBx TLVs. Verifying the DCB Configuration To display DCB configurations, use the following show commands. Table 13. Displaying DCB Configurations Command Output show dot1p-queue mapping Displays the current 802.1p priority-queue mapping.
Command Output show stack-unit {0-11 | all} stack ports all ets details Displays the ETS configuration applied to ingress traffic on stack-links, including priorities and link delay.
Dell# show interfaces tengigabitethernet 0/49 pfc summary Interface TenGigabitEthernet 0/49 Admin mode is on Admin is enabled Remote is enabled, Priority list is 4 Remote Willing Status is enabled Local is enabled Oper status is Recommended PFC DCBx Oper status is Up State Machine Type is Feature TLV Tx Status is enabled PFC Link Delay 45556 pause quantams Application Priority TLV Parameters : -------------------------------------FCOE TLV Tx Status is disabled ISCSI TLV Tx Status is disabled Local FCOE Prio
Fields Description Remote is enabled; Priority list Remote Willing Status is enabled Operational status (enabled or disabled) of peer device for DCBx exchange of PFC configuration with a list of the configured PFC priorities. Willing status of peer device for DCBx exchange (Willing bit received in PFC TLV): enabled or disabled.
Fields Description Application Priority TLV: Remote FCOE Priority Map Status of FCoE advertisements in application priority TLVs from remote peer port: enabled or disabled. Application Priority TLV: Remote ISCSI Priority Map Status of iSCSI advertisements in application priority TLVs from remote peer port: enabled or disabled. PFC TLV Statistics: Input TLV pkts Number of PFC TLVs received. PFC TLV Statistics: Output TLV pkts Number of PFC TLVs transmitted.
Local is enabled TC-grp Priority# Bandwidth TSA -----------------------------------------------0 1 0,1,2 100% ETS 2 3 0 % SP 3 4,5,6,7 0 % SP 4 5 6 7 Oper status is init ETS DCBx Oper status is Down State Machine Type is Asymmetric Conf TLV Tx Status is enabled Reco TLV Tx Status is enabled 0 Input Conf TLV Pkts, 1955 Output Conf TLV Pkts, 0 Error Conf TLV Pkts 0 Input Reco TLV Pkts, 1955 Output Reco TLV Pkts, 0 Error Reco TLV Pkts Dell(conf)# show interfaces tengigabitethernet 0/0 ets detail Interface TenG
1 13% ETS 2 13% ETS 3 13% ETS 4 12% ETS 5 12% ETS 6 12% ETS 7 12% ETS Oper status is init Conf TLV Tx Status is disabled Traffic Class TLV Tx Status is disabled 0 Input Conf TLV Pkts, 0 Output Conf TLV Pkts, 0 Error Conf TLV Pkts 0T LIVnput Traffic Class TLV Pkts, 0 Output Traffic Class TLV Pkts, 0 Error Traffic Class Pkts Dell(conf)# show interfaces tengigabitethernet 0/0 ets detail Interface TenGigabitEthernet 0/0 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameter
3 13% 4 12% 5 12% 6 12% 7 12% Oper status is init Conf TLV Tx Status is disabled Traffic Class TLV Tx Status is disabled 0 Input Conf TLV Pkts, 0 Output Conf TLV 0 Input Traffic Class TLV Pkts, 0 Output Traffic Class TLV Pkts ETS ETS ETS ETS ETS Pkts, 0 Error Conf TLV Pkts Traffic Class TLV Pkts, 0 Error The following table describes the show interface ets detail command fields. Table 15.
Field Description ETS DCBx Oper status Operational status of ETS configuration on local port: match or mismatch. State Machine Type Type of state machine used for DCBx exchanges of ETS parameters: • • Feature: for legacy DCBx versions Asymmetric: for an IEEE version Conf TLV Tx Status Status of ETS Configuration TLV advertisements: enabled or disabled. ETS TLV Statistic: Input Conf TLV pkts Number of ETS Configuration TLVs received.
Admin Parameters: -------------------Admin is enabled TC-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3,4,5,6,7 100% ETS 1 2 3 4 5 6 7 8 Dell(conf-if-te-0/17-lldp)#do sho int te 2/12 dc d E-ETS Configuration TLV enabled e-ETS Configuration TLV disabled R-ETS Recommendation TLV enabled r-ETS Recommendation TLV disabled P-PFC Configuration TLV enabled p-PFC Configuration TLV disabled F-Application priority for FCOE enabled f-Application Priority for FCOE disabled I-Applic
Local DCBx TLVs Transmitted: ErPFi Local DCBx Status ----------------DCBx Operational Version is 0 DCBx Max Version Supported is 0 Sequence Number: 1 Acknowledgment Number: 1 Protocol State: In-Sync Peer DCBx Status: ---------------DCBx Operational Version is 0 DCBx Max Version Supported is 0 Sequence Number: 1 Acknowledgment Number: 1 Total DCBx Frames transmitted 994 Total DCBx Frames received 646 Total DCBx Frame errors 0 Total DCBx Frames unrecognized 0 The following table describes the show interface D
Field Description Local DCBx Status: DCBx Max Version Supported Highest DCBx version supported in Control TLVs. Local DCBx Status: Sequence Number Sequence number transmitted in Control TLVs. Local DCBx Status: Acknowledgment Number Acknowledgement number transmitted in Control TLVs. Local DCBx Status: Protocol State Current operational state of DCBx protocol: ACK or IN-SYNC. Peer DCBx Status: DCBx Operational Version DCBx version advertised in Control TLVs received from peer device.
Figure 34. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For more information, refer to QoS dot1p Traffic Classification and Queue Assignment.
dot1p Value in the Incoming Frame Priority Group Assignment 3 SAN 4 IPC 5 LAN 6 LAN 7 LAN The following describes the priority group-bandwidth assignment. Priority Group Bandwidth Assignment IPC 5% SAN 50% LAN 45% PFC and ETS Configuration Command Examples The following examples show PFC and ETS configuration commands to manage your data center traffic.
Dell(conf)# priority-group ipc Dell(conf-pg)# priority-list 4 Dell(conf-pg)# set-pgid 2 Dell(conf-pg)# exit Dell(conf)# priority-group lan Dell(conf-pg)# priority-list 0-2,5-7 Dell(conf-pg)# set-pgid 3 Dell(conf-pg)# exit Dell(conf)# qos-policy-output san ets Dell(conf-qos-policy-out)# bandwidth-percentage 50 Dell(conf-qos-policy-out)# exit Dell(conf)# qos-policy-output lan ets Dell(conf-qos-policy-out)# bandwidth-percentage 45 Dell(conf-qos-policy-out)# exit Dell(conf)# qos-policy-output ipc ets Dell(conf-
Priority group 1 Assigns traffic to one priority queue with 20% of the link bandwidth and strictpriority scheduling. Priority group 2 Assigns traffic to one priority queue with 30% of the link bandwidth. Priority group 3 Assigns traffic to two priority queues with 50% of the link bandwidth and strictpriority scheduling.
Step Task Command Command Mode priority-pgid dot1p0_group_num dot1p1_group_num dot1p2_group_num dot1p3_group_num dot1p4_group_num dot1p5_group_num dot1p6_group_num dot1p7_group_num DCB MAP priority scheduling. You can enable PFC on a maximum of two priority queues on an interface. Enabling PFC for dot1p priorities makes the corresponding port queue lossless. The sum of all allocated bandwidth percentages in all groups in the DCB map must be 100%. Strict-priority traffic is serviced first.
Applying a DCB Map on a Port When you apply a DCB map with PFC enabled on an S6000 interface, a memory buffer for PFC-enabled priority traffic is automatically allocated. The buffer size is allocated according to the number of PFCenabled priorities in the assigned map. To apply a DCB map to an Ethernet port, follow these steps: Step Task Command Command Mode 1 Enter interface configuration mode on an Ethernet port.
Step Task Command Command Mode Separate priority values with a comma. Specify a priority range with a dash, for example: pfc priority 3,5-7 1. You cannot configure PFC using the pfc priority command on an interface on which a DCB map has been applied or which is already configured for lossless queues (pfc no-drop queues command).
Step Task Command Command Mode The maximum number of lossless queues globally supported on a port is 2. You cannot configure PFC no-drop queues on an interface on which a DCB map with PFC enabled has been applied, or which is already configured for PFC using the pfc priority command. Range: 0-3. Separate queue values with a comma; specify a priority range with a dash; for example: pfc no-drop queues 1,3 or pfc no-drop queues 2-3 Default: No lossless queues are configured.
Buffer Sizes for Lossless or PFC Packets You can configure up to a maximum of 4 lossless (PFC) queues. By configuring 4 lossless queues, you can configure 4 different priorities and assign a particular priority to each application that your network is used to process. For example, you can assign a higher priority for time-sensitive applications and a lower priority for other services, such as file transfers.
Example: When the dcb-input or dcb-output policy is configured on interfaces or stack ports with the dcb-buffer threshold policy, the following error message is displayed: %Error: Deprecated command is not supported on interfaces with dcb-bufferthreshold configured You must not modify the service-class dot1p mappings when any buffer-threshold-policy is configured on the system. S4810-1(conf)#service-class dot1p-mapping dot1p0 3 % Error: PFC buffer-threshold policies conflict with dot1p mappings.
3. Configure the number of PFC queues. CONFIGURATION mode Dell(conf)#dcb enable pfc-queues 4 The number of ports supported based on lossless queues configured will depend on the buffer. The default number of PFC queues in the system is 2 for S4810 and 1 for S6000 platforms. For each priority, you can specify the shared buffer threshold limit, the ingress buffer size, buffer limit for pausing the acceptance of packets, and the buffer offset limit for resuming the acceptance of received packets. 4.
Dynamic Host Configuration Protocol (DHCP) 14 Dynamic host configuration protocol (DHCP) is available on the S4820T platform. DHCP is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators.
Option Number and Description Subnet Mask Option 1 Specifies the client’s subnet mask. Router Option 3 Specifies the router IP addresses that may serve as the client’s default gateway. Domain Name Server Option 6 Domain Name Option 15 Specifies the domain name servers (DNSs) that are available to the client. Specifies the domain name that clients should use when resolving hostnames via DNS.
Option Number and Description Identifiers a user-defined string used by the Relay Agent to forward DHCP client packets to a specific server. L2 DHCP Snooping Option 82 User Port Stacking Option 230 Specifies IP addresses for DHCP messages received from the client that are to be monitored to build a DHCP snooping database. Set the stacking option variable to provide DHCP server stack-port detail when the DHCP offer is set. End Option 255 Signals the last option in the DHCP packet.
Figure 36. Client and Server Messaging Implementation Information The following describes DHCP implementation. • Dell Networking implements DHCP based on RFC 2131 and RFC 3046. • IP source address validation is a sub-feature of DHCP Snooping; the Dell Networking OS uses access control lists (ACLs) internally to implement this feature and as such, you cannot apply ACLs to an interface which has IP source address validation.
Configure the System to be a DHCP Server Configuring the system to be a DHCP server is supported only on the S4820T platform. A DHCP server is a network device that has been programmed to provide network configuration parameters to clients upon request. Servers typically serve many clients, making host management much more organized and efficient. The following table lists the key responsibilities of DHCP servers. Table 17.
3. Specify the range of IP addresses from which the DHCP server may assign addresses. DHCP mode network network/prefix-length • network: the subnet address. • prefix-length: specifies the number of bits used for the network portion of the address you specify. The prefix-length range is from 17 to 31. 4. Display the current pool configuration. DHCP mode show config After an IP address is leased to a client, only that client may release the address.
lease {days [hours] [minutes] | infinite} The default is 24 hours. Specifying a Default Gateway The IP address of the default router should be on the same subnet as the client. To specify a default gateway, follow this step. • Specify default gateway(s) for the clients on the subnet, in order of preference.
Creating Manual Binding Entries An address binding is a mapping between the IP address and the media access control (MAC) address of a client. The DHCP server assigns the client an available IP address automatically, and then creates an entry in the binding table. However, the administrator can manually create an entry for a client; manual bindings are useful when you want to guarantee that a particular network device receives a particular IP address.
Configure the System to be a Relay Agent This feature is available on the S4820T platform. DHCP clients and servers request and offer configuration information via broadcast DHCP messages. Routers do not forward broadcasts, so if there are no DHCP servers on the subnet, the client does not receive a response to its request and therefore cannot access the network.
Figure 37. Configuring a Relay Agent To view the ip helper-address configuration for an interface, use the show ip interface command from EXEC privilege mode. Example of the show ip interface Command R1_E600#show ip int gig 1/3 GigabitEthernet 1/3 is up, line protocol is down Internet address is 10.11.0.1/24 Broadcast address is 10.11.0.255 Address determined by user input IP MTU is 1500 bytes Helper address is 192.168.0.1 192.168.0.
ICMP redirects are not sent ICMP unreachables are not sent Configure the System to be a DHCP Client A DHCP client is a network device that requests an IP address and configuration parameters from a DHCP server. Implement the DHCP client functionality as follows: • The switch can obtain a dynamically assigned IP address from a DHCP server. A start-up configuration is not received. Use bare metal provisioning (BMP) to receive configuration parameters (Dell Networking OS version and a configuration file).
VLAN and Port Channels DHCP client configuration and behavior are the same on Virtual LAN (VLAN) and port-channel (LAG) interfaces as on a physical interface.
• Management routes added by the DHCP client have higher precedence over the same statically configured management route. Static routes are not removed from the running configuration if a dynamically acquired management route added by the DHCP client overwrites a static management route. • Management routes added by the DHCP client are not added to the running configuration.
• • associate client MAC addresses with a relay agent to prevent offering an IP address to a client spoofing the same MAC address on a different relay agent. assign IP addresses according to the relay agent. This prevents generating DHCP offers in response to requests from an unauthorized relay agent.
is exhausted, DHCP packets are dropped on snooped VLANs, while these packets are forwarded across non-snooped VLANs. Because DHCP packets are dropped, no new IP address assignments are made. However, DHCPRELEASE and DHCPDECLINE packets are allowed so that the DHCP snooping table can decrease in size. After the table usage falls below the maximum limit of 4000 entries, new IP address assignments are allowed.
Example of the show ip dhcp snooping Command View the DHCP snooping statistics with the show ip dhcp snooping command. Dell#show ip dhcp snooping IP IP IP IP DHCP DHCP DHCP DHCP Snooping Snooping Mac Verification Relay Information-option Relay Trust Downstream : : : : Enabled. Disabled. Disabled. Disabled.
receives an ARP message for which a relevant entry already exists in its ARP cache, it overwrites the existing entry with the new information. The lack of authentication in ARP makes it vulnerable to spoofing. ARP spoofing is a technique attackers use to inject false IP-to-MAC mappings into the ARP cache of a network device. It is used to launch manin-the-middle (MITM), and denial-of-service (DoS) attacks, among others.
Configuring Dynamic ARP Inspection To enable dynamic ARP inspection, use the following commands. 1. Enable DHCP snooping. 2. Validate ARP frames against the DHCP snooping binding table. INTERFACE VLAN mode arp inspection Example of Viewing the ARP Database Example of Viewing ARP Packets To view entries in the ARP database, use the show arp inspection database command.
Source Address Validation Using the DHCP binding table, Dell Networking OS can perform three types of source address validation (SAV). Table 18. Three Types of Source Address Validation Source Address Validation Description IP Source Address Validation Prevents IP spoofing by forwarding only IP packets that have been validated against the DHCP binding table.
CONFIGURATION mode ip dhcp snooping verify mac-address Enabling IP+MAC Source Address Validation The following feature is available on the S4820T platform. IP source address validation (SAV) validates the IP source address of an incoming packet against the DHCP snooping binding table. IP+MAC SAV ensures that the IP source address and MAC source address are a legitimate pair, rather than validating each attribute individually. You cannot configure IP+MAC SAV with IP SAV. 1.
Equal Cost Multi-Path (ECMP) 15 Equal cost multi-path (ECMP) is supported on theS4820T platform. ECMP for Flow-Based Affinity ECMP for flow-based affinity is available on theS4820T platform. Flow-based affinity includes the following: • Link Bundle Monitoring Configuring the Hash Algorithm TeraScale has one algorithm that is used for link aggregation groups (LAGs), ECMP, and NH-ECMP, and ExaScale can use three different algorithms for each of these features.
CONFIGURATION mode. ipv6 ecmp-deterministic Configuring the Hash Algorithm Seed Deterministic ECMP sorts ECMPs in order even though RTM provides them in a random order. However, the hash algorithm uses as a seed the lower 12 bits of the chassis MAC, which yields a different hash result for every chassis. This behavior means that for a given flow, even though the prefixes are sorted, two unrelated chassis can select different hops.
NOTE: An ecmp-group index is generated automatically for each unique ecmp-group when the user configures multipath routes to the same network. The system can generate a maximum of 512 unique ecmp-groups. The ecmp-group indexes are generated in even numbers (0, 2, 4, 6... 1022) and are for information only. For link bundle monitoring with ECMP, the ecmp-group command is used to enable the link bundle monitoring feature. The ecmp-group with id 2, enabled for link bundle monitoring is user configured.
Creating an ECMP Group Bundle Within each ECMP group, you can specify an interface. If you enable monitoring for the ECMP group, the utilization calculation is performed when the average utilization of the link-bundle (as opposed to a single link within the bundle) exceeds 60%. 1. Create a user-defined ECMP group bundle. CONFIGURATION mode ecmp-group ecmp-group-id The range is from 1 to 64. 2. Add interfaces to the ECMP group bundle.
Dell(conf-ecmp-group-5)#show config ! ecmp-group 5 interface tengigabitethernet 0/2 interface tengigabitethernet 0/3 link-bundle-monitor enable Dell(conf-ecmp-group-5)# Equal Cost Multi-Path (ECMP) 345
FCoE Transit 16 The Fibre Channel over Ethernet (FCoE) Transit feature is supported on the S4820T switch on Ethernet interfaces. When you enable the switch for FCoE transit, the switch functions as a FIP snooping bridge. NOTE: FIP snooping is not supported on Fibre Channel interfaces or in a S4820T switch stack.
FIP provides functionality for discovering and logging into an FCF. After discovering and logging in, FIP allows FCoE traffic to be sent and received between FCoE end-devices (ENodes) and the FCF. FIP uses its own EtherType and frame format. The following illustration shows the communication that occurs between an ENode server and an FCoE switch (FCF). The following table lists the FIP functions. Table 19.
Figure 38. FIP Discovery and Login Between an ENode and an FCF FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF. An Ethernet bridge that provides these functions is called a FIP snooping bridge (FSB).
FCoEgenerated ACLs These take precedence over user-configured ACLs. A user-configured ACL entry cannot deny FCoE and FIP snooping frames. The following illustration shows a switch used as a FIP snooping bridge in a converged Ethernet network. The top-of-rack (ToR) switch operates as an FCF for FCoE traffic. Converged LAN and SAN traffic is transmitted between the ToR switch and an S4820T switch.
The following sections describe how to configure the FIP snooping feature on a switch that functions as a FIP snooping bridge so that it can perform the following functions: • Allocate CAM resources for FCoE. • Perform FIP snooping (allowing and parsing FIP frames) globally on all VLANs or on a per-VLAN basis. • To assign a MAC address to an FCoE end-device (server ENode or storage device) after a server successfully logs in, set the FCoE MAC address prefix (FC-MAP) value an FCF uses.
For VLAN membership, you must: • create the VLANs on the switch which handles FCoE traffic (use the interface vlan command). • configure each FIP snooping port to operate in Hybrid mode so that it accepts both tagged and untagged VLAN frames (use the portmode hybrid command). • configure tagged VLAN membership on each FIP snooping port that sends and receives FCoE traffic and has links with an FCF, ENode server, or another FIP snooping bridge (use the tagged port-type slot/port command).
Enable FIP Snooping on VLANs You can enable FIP snooping globally on a switch on all VLANs or on a specified VLAN. When you enable FIP snooping on VLANs: • FIP frames are allowed to pass through the switch on the enabled VLANs and are processed to generate FIP snooping ACLs. • FCoE traffic is allowed on VLANs only after a successful virtual-link initialization (fabric login FLOGI) between an ENode and an FCF. All other FCoE traffic is dropped.
Table 20. Impact of Enabling FIP Snooping Impact Description MAC address learning MAC address learning is not performed on FIP and FCoE frames, which are denied by ACLs dynamically created by FIP snooping on serverfacing ports in ENode mode. MTU auto-configuration MTU size is set to mini-jumbo (2500 bytes) when a port is in Switchport mode, the FIP snooping feature is enabled on the switch, and FIP snooping is enabled on all or individual VLANs.
3. Reload the switch to enable the configuration. EXEC Privilege mode. reload After the switch is reloaded, DCB/DCBx is enabled. 4. Enable the FCoE transit feature on a switch. CONFIGURATION mode. feature fip-snooping 5. Enable FIP snooping on all VLANs or on a specified VLAN. CONFIGURATION mode or VLAN INTERFACE mode. fip-snooping enable 6. Configure the port for bridge-to-FCF links.
Command Output show fip-snooping statistics [interface Displays statistics on the FIP packets snooped on vlan vlan-id| interface port-type port/ all interfaces, including VLANs, physical ports, and slot | interface port-channel portport channels. channel-number] clear fip-snooping statistics [interface vlan vlan-id | interface port-type port/slot | interface portchannel port-channel-number] Clears the statistics on the FIP packets snooped on all VLANs, a specified VLAN, or a specified port interface.
Field Description FCF MAC MAC address of the FCF. FCF Interface Slot/ port number of the interface to which the FCF is connected. VLAN VLAN ID number used by the session. FCoE MAC MAC address of the FCoE session assigned by the FCF. FC-ID Fibre Channel ID assigned by the FCF. Port WWPN Worldwide port name of the CNA port. Port WWNN Worldwide node name of the CNA port.
Table 24. show fip-snooping fcf Command Description Field Description FCF MAC MAC address of the FCF. FCF Interface Slot/port number of the interface to which the FCF is connected. VLAN VLAN ID number used by the session. FC-MAP FC-Map value advertised by the FCF. ENode Interface Slot/number of the interface connected to the ENode. FKA_ADV_PERIOD Period of time (in milliseconds) during which FIP keep-alive advertisements are transmitted. No of ENodes Number of ENodes connected to the FCF.
Number Number Number Number Number Number of of of of of of FLOGO Accepts FLOGO Rejects CVL FCF Discovery Timeouts VN Port Session Timeouts Session failures due to Hardware Config :0 :0 :0 :0 :0 :0 Dell# show fip-snooping statistics interface port-channel 22 Number of Vlan Requests :0 Number of Vlan Notifications :2 Number of Multicast Discovery Solicits :0 Number of Unicast Discovery Solicits :0 Number of FLOGI :0 Number of FDISC :0 Number of FLOGO :0 Number of Enode Keep Alive :0 Number of VN Port Kee
Field Description Number of VN Port Keep Alives Number of FIP-snooped VN port keep-alive frames received on the interface. Number of Multicast Discovery Advertisements Number of FIP-snooped multicast discovery advertisements received on the interface. Number of Unicast Discovery Advertisements Number of FIP-snooped unicast discovery advertisements received on the interface. Number of FLOGI Accepts Number of FIP FLOGI accept frames received on the interface.
FCoE Transit Configuration Example The following illustration shows an S4810 switch used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. Figure 40. Configuration Example: FIP Snooping on an S4810 Switch In this example, DCBx and PFC are enabled on the FIP snooping bridge and on the FCF ToR switch.
Example of Enabling the FIP Snooping Feature on the Switch (FIP Snooping Bridge) Example of Enabling FIP Snooping on the FCoE VLAN Example of Enabling an FC-MAP Value on a VLAN Example of Configuring the ENode Server-Facing Port Example of Configuring the FCF-Facing Port Example of Configuring FIP Snooping Ports as Tagged Members of the FCoE VLAN Dell(conf)# feature fip-snooping Dell(conf)# interface vlan 10 Dell(conf-if-vl-10)# fip-snooping enable Dell(conf-if-vl-10)# fip-snooping fc-map 0xOEFC01 NOTE: Con
Enabling FIPS Cryptography 17 Federal information processing standard (FIPS) cryptography is supported on the S4820T platform. This chapter describes how to enable FIPS cryptography requirements on Dell Networking platforms. This feature provides cryptographic algorithms conforming to various FIPS standards published by the National Institute of Standards and Technology (NIST), a non-regulatory agency of the US Department of Commerce.
Enabling FIPS Mode To enable or disable FIPS mode, use the console port. Secure the host attached to the console port against unauthorized access. Any attempts to enable or disable FIPS mode from a virtual terminal session are denied. When you enable FIPS mode, the following actions are taken: • If enabled, the SSH server is disabled. • All open SSH and Telnet sessions, as well as all SCP and FTP file transfers, are closed.
Monitoring FIPS Mode Status To view the status of the current FIPS mode (enabled/disabled), use the following commands. • Use either command to view the status of the current FIPS mode. show fips status show system Example of the show fips status Command Example of the show system Command Dell#show fips status FIPS Mode : Enabled for the system using the show system command.
• To disable FIPS mode from a console port. CONFIGURATION mode no fips mode enable The following Warning message displays: WARNING: Disabling FIPS mode will close all SSH/Telnet connections, restart those servers, and destroy all configured host keys.
18 Force10 Resilient Ring Protocol (FRRP) Force10 resilient ring protocol (FRRP) is supported on the S4820T platform. FRRP provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses.
The Member VLAN is the VLAN used to transmit data as described earlier. The Control VLAN is used to perform the health checks on the ring. The Control VLAN can always pass through all ports in the ring, including the secondary port of the Master node. Ring Status The ring failure notification and the ring status checks provide two ways to ensure the ring remains up and active in the event of a switch or port failure.
Multiple FRRP Rings Up to 255 rings are allowed per system and multiple rings can be run on one system. More than the recommended number of rings may cause interface instability. You can configure multiple rings with a single switch connection; a single ring can have multiple FRRP groups; multiple rings can be connected with a common link. The S4820T support up to 32 rings on a system (including stacked units).
Concept Explanation Control VLAN Each ring has a unique Control VLAN through which tagged ring health frames (RHF) are sent. Control VLANs are used only for sending RHF, and cannot be used for any other purpose. Member VLAN Each ring maintains a list of member VLANs. Member VLANs must be consistent across the entire ring. Port Role Each node has two ports for each ring: Primary and Secondary. The Master node Primary port generates RHFs. The Master node Secondary port receives the RHFs.
Concept Explanation There is no periodic transmission of TCRHFs. The TCRHFs are sent on triggered events of ring failure or ring restoration only. Implementing FRRP • FRRP is media and speed independent. • FRRP is a Dell proprietary protocol that does not interoperate with any other vendor. • You must disable the spanning tree protocol (STP) on both the Primary and Secondary interfaces before you can enable FRRP. • All ring ports must be Layer 2 ports.
Configuring the Control VLAN Control and member VLANS are configured normally for Layer 2. Their status as control or member is determined at the FRRP group commands. For more information about configuring VLANS in Layer 2 mode, refer to Layer 2. Be sure to follow these guidelines: • All VLANS must be in Layer 2 mode. • You can only add ring nodes to the VLAN. • A control VLAN can belong to one FRRP group only. • Tag control VLAN ports.
3. Assign the Primary and Secondary ports and the control VLAN for the ports on the ring. CONFIG-FRRP mode. interface primary int slot/port secondary int slot/port control-vlan vlan id Interface: • For a 10/100/1000 Ethernet interface, enter the keyword GigabitEthernet then the slot/port information. • For a Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/port information. • For a SONET interface, enter the keyword sonet then the slot/port information.
To create the Members VLANs for this FRRP group, use the following commands on all of the Transit switches in the ring. 1. Create a VLAN with this ID number. CONFIGURATION mode. interface vlan vlan-id VLAN ID: the range is from 1 to 4094. 2. Tag the specified interface or range of interfaces to this VLAN. CONFIG-INT-VLAN mode. tagged interface slot/port {range} Interface: • Slot/Port, range: Slot and Port ID for the interface. The range is entered Slot/Port-Port.
5. Identify the Member VLANs for this FRRP group. CONFIG-FRRP mode. member-vlan vlan-id {range} VLAN-ID, Range: VLAN IDs for the ring’s Member VLANs. 6. Enable this FRRP group on this switch. CONFIG-FRRP mode. no disable Setting the FRRP Timers To set the FRRP timers, use the following command. NOTE: Set the Dead-Interval time 3 times the Hello-Interval. • Enter the desired intervals for Hello-Interval or Dead-Interval times. CONFIG-FRRP mode.
• Show the information for the identified FRRP group. EXEC or EXEC PRIVELEGED mode. show frrp ring-id • Ring ID: the range is from 1 to 255. Show the state of all FRRP groups. EXEC or EXEC PRIVELEGED mode. show frrp summary Ring ID: the range is from 1 to 255. Troubleshooting FRRP To troubleshoot FRRP, use the following information. Configuration Checks • • • • • • Each Control Ring must use a unique VLAN ID. Only two interfaces on a switch can be Members of the same control VLAN.
no ip address tagged GigabitEthernet 1/24,34 no shutdown ! protocol frrp 101 interface primary GigabitEthernet 1/24 secondary GigabitEthernet 1/34 control-vlan 101 member-vlan 201 mode master no disable interface GigabitEthernet 2/14 no ip address switchport no shutdown ! interface GigabitEthernet 2/31 no ip address switchport no shutdown ! interface Vlan 101 no ip address tagged GigabitEthernet 2/14,31 no shutdown ! interface Vlan 201 no ip address tagged GigabitEthernet 2/14,31 no shutdown ! protocol frrp
secondary GigabitEthernet 3/14 control-vlan 101 member-vlan 201 mode transit no disable 378 Force10 Resilient Ring Protocol (FRRP)
19 GARP VLAN Registration Protocol (GVRP) GARP VLAN registration protocol (GVRP) is supported on the S4820T platform. Typical virtual local area network (VLAN) implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GVRP, defined by the IEEE 802.1q specification, is a Layer 2 network protocol that provides for automatic VLAN configuration of switches.
Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. Then, GVRP configuration is per interface on a switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged. In the following example, that type of port is referred to as a VLAN trunk port, but it is not necessary to specifically identify to the Dell Networking OS that the port is a trunk port. Figure 41.
• Configure a GARP Timer Enabling GVRP Globally To configure GVRP globally, use the following command. • Enable GVRP for the entire switch. CONFIGURATION mode gvrp enable Example of Configuring GVRP Dell(conf)#protocol gvrp Dell(config-gvrp)#no disable Dell(config-gvrp)#show config ! protocol gvrp no disable Dell(config-gvrp)# To inspect the global configuration, use the show gvrp brief command. Enabling GVRP on a Layer 2 Interface To enable GVRP on a Layer 2 interface, use the following command.
not be unconfigured when it receives a Leave PDU. Therefore, the registration mode on that interface is FIXED. • Forbidden Mode — Disables the port to dynamically register VLANs and to propagate VLAN information except information about VLAN 1. A port with forbidden registration type thus allows only VLAN 1 to pass through even though the PDU carries information for more VLANs.
LeaveAll Timer Dell(conf)# 5000 Dell Networking OS displays this message if an attempt is made to configure an invalid GARP timer: Dell(conf)#garp timers join 300 % Error: Leave timer should be >= 3*Join timer. RPM Redundancy The current version of Dell Networking OS supports 1+1 hitless route processor module (RPM) redundancy. The primary RPM performs all routing, switching, and control operations while the standby RPM monitors the primary RPM.
20 High Availability (HA) High availability (HA) is supported on the S4820T platform. HA is a collection of features that preserves system continuity by maximizing uptime and minimizing packet loss during system disruptions. To support all the features within the HA collection, you should have the latest boot code. The following table lists the boot code requirements as of this Dell Networking OS release. Table 26. Boot Code Requirements Component Boot Code S4820T RPM 2 .8.2.0 S4820T Line Card 2 .8.
• RPM Synchronization Boot the Chassis with a Single RPM You can boot the chassis with one RPM and later add a second RPM, which automatically becomes the standby RPM. Dell Networking OS displays the following message when the standby RPM is online. %RPM-2-MSG:CP0 %POLLMGR-2-ALT_RPM_STATE: Alternate RPM is present %IRC-6-IRC_COMMUP: Link to peer RPM is up %RAM-6-RAM_TASK: RPM1 is in Standby State.
* ---------------------------------------------* * Incompatible SW Version detected !! * * This RPM -> 7.4.2.0 * Peer RPM -> 7.4.1.0 * ************************************************ 00:00:12: Different 00:00:12: 00:00:14: %RPM0-U:CP %IRC-4-IRC_VERSION: Current RPM 7.4.2.0 Peer RPM 7.4.1.0 software version detected %RPM0-U:CP %IRC-6-IRC_COMMUP: Link to peer RPM is up %RPM0-U:CP %RAM-6-ELECTION_ROLE: RPM0 is transitioning to Primary RPM. System failed to boot up.
Failover Count: 0 Last failover timestamp: None Last failover Reason: None Last failover type: None -- Last Data Block Sync Record: ------------------------------------------------Line Card Config: succeeded May 19 2008 11:34:06 Start-up Config: succeeded May 19 2008 11:34:06 Runtime Event Log: succeeded May 19 2008 11:34:06 Running Config: succeeded May 19 2008 11:34:07 Dell# Support for RPM Redundancy by Dell Networking OS Version Dell Networking OS supports increasing levels of RPM redundancy (warm and
Configuring RPM Redundancy To select a primary RPM, use the following command. The RPM in slot 0 is the primary RPM by default. • Manually select the primary RPM.
CONFIGURATION mode redundancy auto-failover-limit (no parameters) Disabling Auto-Reboot To disable auto-reboot, use the following command. • Prevent a failed RPM from rebooting after a failover. CONFIGURATION mode redundancy disable-auto-reboot Manually Synchronizing RPMs To manually synchronize RPMs at any time, use the following command. • Manually synchronize RPMs.
0 1 active standby online online 7-5-1-71 7-5-1-71 Linecard Online Insertion and Removal Dell Networking OS detects the line card type when you insert a line card into a online chassis. Dell Networking OS writes the line card type to the running-config and maintains this information as a logical configuration if you remove the card (or the card fails).
-- Line card 0 -Status : not present Required Type : E48VB - 48-port GE 10/100/1000Base-T line card with RJ45 interfaces and PoE (CB) Dell(conf)#int gig 0/0 Dell(conf-if-gi-0/0)# Replacing a Line Card If you are replacing a line card with a line card of the same type, you may replace the card without any additional configuration. If you are replacing a line card with a line card of a different type, remove the card and then remove the existing line card configuration.
Hitless Behavior Hitless behavior is supported only on the S4820T platform. Hitless is a protocol-based system behavior that makes an RPM failover on the local system transparent to remote systems. The system synchronizes protocol information on the standby and primary RPMs such that, in the event of an RPM failover, it is not necessary to notify the remote systems of a local state change.
Software Resiliency During normal operations, Dell Networking OS monitors the health of both hardware and software components in the background to identify potential failures, even before these failures manifest. Software Component Health Monitoring On each of the line cards and the RPM, there are a number of software components. Dell Networking OS performs a periodic health check on each of these components by querying the status of a flag, which the corresponding component resets within a specified time.
System Log Event messages provide system administrators diagnostics and auditing information. Dell Networking OS sends event messages to the internal buffer, all terminal lines, the console, and optionally to a syslog server. For more information about event messages and configurable options, refer to Management. Hot-Lock Behavior Dell Networking OS hot-lock features allow you to append and delete their corresponding content addressable memory (CAM) entries dynamically without disrupting traffic.
Enabling Process Restartability The restart time varies by process. In general, interface-related processes are hitless and can be restarted in seconds; if a restart is successful, traffic is not interrupted. Protocol tasks and line card processes are not hitless and take longer to restart. You can select which process may attempt to restart and the number of consecutive restart attempts before failover, but by default, every process fails over. • Enable process restartability for a process or task.
Internet Group Management Protocol (IGMP) 21 Internet group management protocol (IGMP) is supported on the S4820T platform. Multicast is premised on identifying many hosts by a single destination IP address; hosts represented by the same IP address are a multicast group. IGMP is a Layer 3 multicast protocol that hosts use to join or leave a multicast group.
Figure 42. IGMP Messages in IP Packets Join a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier or it may send an unsolicited report to its querier. Responding to an IGMP Query The following describes how a host can join a multicast group. 1. One router on a subnet is elected as the querier. The querier periodically multicasts (to all-multicastsystems address 224.0.0.1) a general query to all hosts on the subnet. 2.
response, the querier removes the group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet. IGMP Version 3 Conceptually, IGMP version 3 behaves the same as version 2. However, there are differences. • Version 3 adds the ability to filter by multicast source, which helps multicast routing protocols avoid forwarding traffic to subnets where there are no interested receivers.
Figure 44. IGMP Version 3–Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. 1. The first unsolicited report from the host indicates that it wants to receive traffic for group 224.1.1.1. 2. The host’s second report indicates that it is only interested in traffic from group 224.1.1.1, source 10.11.1.1.
Figure 45. Membership Reports: Joining and Filtering Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. 1. Host 1 sends a message indicating it is leaving group 224.1.1.1 and that the included filter for 10.11.1.1 and 10.11.1.2 are no longer necessary. 2.
Figure 46. Membership Queries: Leaving and Staying Configure IGMP Configuring IGMP is a two-step process. 1. Enable multicast routing using the ip multicast-routing command. 2. Enable a multicast routing protocol.
• Fast Convergence after MSTP Topology Changes • Designating a Multicast Router Interface Viewing IGMP Enabled Interfaces Interfaces that are enabled with PIM-SM are automatically enabled with IGMP. To view IGMP-enabled interfaces, use the following command. • View IGMP-enabled interfaces. EXEC Privilege mode show ip igmp interface Example of the show ip igmp interface Command Dell#show ip igmp interface gig 7/16 GigabitEthernet 7/16 is up, line protocol is up Internet address is 10.87.3.
IGMP version is 3 Dell(conf-if-gi-1/13)# Viewing IGMP Groups To view both learned and statically configured IGMP groups, use the following command. • View both learned and statically configured IGMP groups. EXEC Privilege mode show ip igmp groups Example of the show ip igmp groups Command Dell(conf-if-gi-1/0)#do sho ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Uptime 224.1.1.1 GigabitEthernet 1/0 00:00:03 224.1.2.
INTERFACE mode • ip igmp query-interval Adjust the maximum response time. INTERFACE mode • ip igmp query-max-resp-time Adjust the last member query interval. INTERFACE mode ip igmp last-member-query-interval Adjusting the IGMP Querier Timeout Value If there is more than one multicast router on a subnet, only one is elected to be the querier, which is the router that sends queries to the subnet. 1. Routers send queries to the all multicast systems address, 224.0.0.1.
Enabling IGMP Immediate-Leave If the querier does not receive a response to a group-specific or group-and-source query, it sends another (querier robustness value). Then, after no response, it removes the group from the outgoing interface for the subnet. IGMP immediate leave reduces leave latency by enabling a router to immediately delete the group membership on an interface after receiving a Leave message (it does not send any group-specific or group-and-source queries before deleting the entry).
• View the configuration. CONFIGURATION mode • show running-config Disable snooping on a VLAN.
• Configure the switch to only forward unregistered packets to ports on a VLAN that are connected to mrouter ports. CONFIGURATION mode no ip igmp snooping flood Specifying a Port as Connected to a Multicast Router To statically specify or view a port in a VLAN, use the following commands. • Statically specify a port in a VLAN as connected to a multicast router. INTERFACE VLAN mode • ip igmp snooping mrouter View the ports that are connected to multicast routers. EXEC Privilege mode.
ip igmp snooping last-member-query-interval Fast Convergence after MSTP Topology Changes The following describes the fast convergence feature. When a port transitions to the Forwarding state as a result of an STP or MSTP topology change, Dell Networking OS sends a general query out of all ports except the multicast router ports. The host sends a response to the general query and the forwarding database is updated without having to wait for the query interval to expire.
One typical example is an SSH session to an unknown destination or an SSH connection that is destined to the management port IP address. The management default route can coexist with front-end default routes. If SSH is specified as a management application, SSH links to and from an unknown destination uses the management default route.
The switch also processes user-specified port numbers for applications such as RADIUS, TACACS, SSH, and sFlow. The OS maintains a list of configured management applications and their port numbers. You can configure two default routes, one configured on the management port and the other on the frontend port. Two tables, namely, Egress Interface Selection routing table and default routing table, are maintained.
• If ping and traceroute are destined to the management port IP address, the response traffic for these packets is sent by doing route lookup in the EIS routing table. When the feature is disabled using the no management egress-interface-selection command, the following operations are performed: • All management application configuration is removed. • All routes installed in the management EIS routing table are removed.
• If the route lookup in the EIS routing table fails or if management port is down, then packets are dropped. The application-specific count of the dropped packets is incremented and is viewed using the show management application pkt-drop-cntr command. This counter is cleared using clear management application pkt-drop-cntr command. • Packets whose destination TCP/UDP port does not match a configured management application, take the regular route lookup flow in the IP stack.
the destination. The fallback route between the management and data networks is used in such a case. At any given time, end users can access Dell Networking OS applications using either ip1 or ip2. Return traffic for such end-user-originated sessions destined to management port ip1 is handled using the EIS route lookup. Handling of Transit Traffic (Traffic Separation) This is forwarded traffic where destination IP is not an IP address configured in the switch.
Transit Traffic This phenomenon occurs where traffic is transiting the switch. Traffic has not originated from the switch and is not terminating on the switch. • Drop the packets that are received on the front-end data port with destination on the management port. • Drop the packets that received on the management port with destination as the front-end data port. Switch-Destined Traffic This phenomenon occurs where traffic is terminated on the switch.
Protocol Behavior when EIS is Enabled Behavior when EIS is Disabled dns EIS Behavior Default Behavior ftp EIS Behavior Default Behavior ntp EIS Behavior Default Behavior radius EIS Behavior Default Behavior Sflow-collector Default Behavior Snmp (SNMP Mib response and SNMP Traps) EIS Behavior Default Behavior ssh EIS Behavior Default Behavior syslog EIS Behavior Default Behavior tacacs EIS Behavior Default Behavior telnet EIS Behavior Default Behavior tftp EIS Behavior Defau
Default Behavior: Route lookup is done in the default routing table and appropriate egress port is selected.
Designating a Multicast Router Interface To designate an interface as a multicast router interface, use the following command. Dell Networking OS also has the capability of listening in on the incoming IGMP general queries and designate those interfaces as the multicast router interface when the frames have a non-zero IP source address. All IGMP control packets and IP multicast data traffic originating from receivers is forwarded to multicast router interfaces.
Interfaces 22 This chapter describes interface types, both physical and logical, and how to configure them with Dell Networking Operating System (OS). • 10 Gigabit Ethernet / 40 Gigabit Ethernet interfaces are supported on the S4820T platform.
Interface Types The following table describes different interface types.
Dell#show interfaces tengigabitethernet 1/0 TenGigabitEthernet 1/0 is up, line protocol is up Hardware is Force10Eth, address is 00:01:e8:05:f3:6a Current address is 00:01:e8:05:f3:6a Pluggable media present, XFP type is 10GBASE-LR. Medium is MultiRate, Wavelength is 1310nm XFP receive power reading is -3.7685 Interface index is 67436603 Internet address is 65.113.24.
! interface GigabitEthernet no ip address shutdown ! interface GigabitEthernet no ip address shutdown ! interface GigabitEthernet no ip address shutdown ! interface GigabitEthernet no ip address shutdown 9/6 9/7 9/8 9/9 Enabling a Physical Interface After determining the type of physical interfaces available, to enable and configure the interfaces, enter INTERFACE mode by using the interface interface slot/port command. 1.
Dell Networking OS Behavior: The S4820T system uses a single MAC address for all physical interfaces. Configuration Task List for Physical Interfaces By default, all interfaces are operationally disabled and traffic does not pass through them.
Example of a Basic Layer 2 Interface Configuration Dell(conf-if)#show config ! interface Port-channel 1 no ip address switchport no shutdown Dell(conf-if)# Configuring Layer 2 (Interface) Mode To configure an interface in Layer 2 mode, use the following commands. • Enable the interface. INTERFACE mode • no shutdown Place the interface in Layer 2 (switching) mode. INTERFACE mode switchport For information about enabling and configuring the Spanning Tree Protocol, refer to Spanning Tree Protocol (STP).
no ip address switchport no shutdown Dell(conf-if)#ip address 10.10.1.1 /24 % Error: Port is in Layer 2 mode Gi 1/2. Dell(conf-if)# To determine the configuration of an interface, use the show config command in INTERFACE mode or the various show interface commands in EXEC mode. Configuring Layer 3 (Interface) Mode To assign an IP address, use the following commands. • Enable the interface. INTERFACE mode • no shutdown Configure a primary IP address and mask on the interface.
attacks on front-end ports. The following protocols support EIS: DNS, FTP, NTP, RADIUS, sFlow, SNMP, SSH, Syslog, TACACS, Telnet, and TFTP. This feature does not support sFlow on stacked units. When you enable this feature, all management routes (connected, static, and default) are copied to the management EIS routing table. Use the management route command to add new management routes to the default and EIS routing tables. Use the show ip management-eis-route command to view the EIS routes.
• Enter the slot and the port (0) to configure a Management interface. CONFIGURATION mode interface managementethernet interface • The slot range is 0. Configure an IP address and mask on a Management interface. INTERFACE mode ip address ip-address mask – ip-address mask: enter an address in dotted-decimal format (A.B.C.D). The mask must be in / prefix format (/x). Configuring Management Interfaces on the S-Series You can manage the S-Series from any port.
Gateway of last resort is 10.11.131.254 to network 0.0.0.0 Destination ----------*S 0.0.0.0/0 C 10.11.130.0/23 Dell# Gateway Dist/Metric Last Change ----------------- ----------via 10.11.131.254, Gi 0/48 1/0 1d2h Direct, Gi 0/48 0/0 1d2h VLAN Interfaces VLANs are logical interfaces and are, by default, in Layer 2 mode. Physical interfaces and port channels can be members of VLANs. For more information about VLANs and Layer 2, refer to Layer 2 and Virtual LANs (VLANs).
Loopback Interfaces A Loopback interface is a virtual interface in which the software emulates an interface. Packets routed to it are processed locally. Because this interface is not a physical interface, you can configure routing protocols on this interface to provide protocol stability. You can place Loopback interfaces in default Layer 3 mode. To configure, view, or delete a Loopback interface, use the following commands. • Enter a number as the Loopback interface.
Port Channel Definition and Standards Link aggregation is defined by IEEE 802.3ad as a method of grouping multiple physical interfaces into a single logical interface—a link aggregation group (LAG) or port channel. A LAG is “a group of links that appear to a MAC client as if they were a single link” according to IEEE 802.3ad. In Dell Networking OS, a LAG is referred to as a port channel interface. A port channel provides redundancy by aggregating physical interfaces into one logical interface.
Dell Networking OS brings up 10/100/1000 interfaces that are set to auto negotiate so that their speed is identical to the speed of the first channel member in the port channel. 10/100/1000 Mbps Interfaces in Port Channels When both 10/100/1000 interfaces and GigE interfaces are added to a port channel, the interfaces must share a common speed. When interfaces have a configured speed different from the port channel speed, the software disables those interfaces.
Creating a Port Channel You can create up to 128 port channels with eight port members per group on the S4820T. To configure a port channel, use the following commands. 1. Create a port channel. CONFIGURATION mode interface port-channel id-number 2. Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown After you enable the port channel, you can place it in Layer 2 or Layer 3 mode.
To add a physical interface to a port, use the following commands. 1. Add the interface to a port channel. INTERFACE PORT-CHANNEL mode channel-member interface The interface variable is the physical interface type and slot/port information. 2. Double check that the interface was added to the port channel.
Output 81.60Mbits/sec, 133658 packets/sec Time since last interface status change: 04:31:57 Dell> When more than one interface is added to a Layer 2-port channel, Dell Networking OS selects one of the active interfaces in the port channel to be the primary port. The primary port replies to flooding and sends protocol data units (PDUs). An asterisk in the show interfaces port-channel brief command indicates the primary port.
Dell(conf-if-portch)#show config ! interface Port-channel 4 no ip address channel-member GigabitEthernet 1/8 no shutdown Dell(conf-if-portch)#no chann gi 1/8 Dell(conf-if-portch)#int port 5 Dell(conf-if-portch)#channel gi 1/8 Dell(conf-if-portch)#sho conf ! interface Port-channel 5 no ip address channel-member GigabitEthernet 1/8 shutdown Dell(conf-if-portch)# Configuring the Minimum Oper Up Links in a Port Channel You can configure the minimum links in a port channel (LAG) that must be in “oper up” status
• Remove the port channel with tagging enabled from the VLAN. INTERFACE VLAN mode no tagged port-channel id number or • no untagged port-channel id number Identify which port channels are members of VLANs. EXEC Privilege mode show vlan Configuring VLAN Tags for Member Interfaces To configure and verify VLAN tags for individual members of a port channel, perform the following: 1. Configure VLAN membership on individual ports INTERFACE mode Dell(conf-if-te-0/2)#vlan tagged 2,3-4 2.
ip address ip-address mask [secondary] – ip-address mask: enter an address in dotted-decimal format (A.B.C.D). The mask must be in slash format (/24). – secondary: the IP address is the interface’s backup IP address. You can configure up to eight secondary IP addresses. Deleting or Disabling a Port Channel To delete or disable a port channel, use the following commands. • Delete a port channel. CONFIGURATION mode • no interface portchannel channel-number Disable a port channel.
[no] load-balance {ip-selection [dest-ip | source-ip]} | {mac [dest-mac | source-dest-mac | source-mac]} | {tcp-udp enable} {ipv6-selection} {tunnel}| {ingress-port} You can select one, two, or all three of the following basic hash methods: – ip-selection [dest-ip | source-ip] — Distribute IP traffic based on the IP destination or source address.
Example of the hash-algorithm Command Dell(conf)#hash-algorithm ecmp xor 26 lag crc 26 nh-ecmp checksum 26 Dell(conf)# The hash-algorithm command is specific to ECMP group. The default ECMP hash configuration is crclower. This command takes the lower 32 bits of the hash key to compute the egress port.
The show configuration command is also available under Interface Range mode. This command allows you to display the running configuration only for interfaces that are part of interface range. Bulk Configuration Examples Use the interface range command for bulk configuration. • Create a Single-Range • Create a Multiple-Range • Exclude Duplicate Entries • Exclude a Smaller Port Range • Overlap Port Ranges • Commas • Add Ranges Create a Single-Range The following is an example of a single range.
Overlap Port Ranges The following is an example showing how the interface-range prompt extends a port range from the smallest start port number to the largest end port number when port ranges overlap. handles overlapping port ranges.
Choosing an Interface-Range Macro To use an interface-range macro, use the following command. • Selects the interfaces range to be configured using the values saved in a named interface-range macro. CONFIGURATION mode interface range macro name Example of Using a Macro to Change the Interface Range Configuration Mode The following example shows how to change to the interface-range configuration mode using the interface-range macro named “test.
Monitor time: 00:00:00 Refresh Intvl.
To test and display TDR results, use the following commands. 1. To test for cable faults on the GigabitEthernet cable. EXEC Privilege mode tdr-cable-test gigabitethernet / Between two ports, do not start the test on both ends of the cable. Enable the interface before starting the test. Enable the port to run the test or the test prints an error message. 2. Displays TDR test results.
• The quad port must be in a default configuration before you can split it into 4x10G ports. The 40G port is lost in the configuration when the port is split; be sure that the port is also removed from other L2/L3 feature configurations. • The system must be reloaded after issuing the CLI for the change to take effect. Link Dampening Interface state changes occur when interfaces are administratively brought up or down or if an interface state changes.
To view the link dampening configuration on an interface, use the show config command. To view dampening information on all or specific dampened interfaces, use the show interfaces dampening command from EXEC Privilege mode.
The following table lists the range for each transmission media. Transmission Media MTU Range (in bytes) Ethernet 594-12000 = link MTU 576-9234 = IP MTU Link Bundle Monitoring Link bundle monitoring is supported only on the S4820T platform. Monitoring linked LAG bundles allows traffic distribution amounts in a link to be monitored for unfair distribution at any given time. A threshold of 60% is defined as an acceptable amount of traffic on a member link.
Control how the system responds to and generates 802.3x pause frames on Ethernet interfaces. The default is rx off tx off. INTERFACE mode. flowcontrol rx [off | on] tx [off | on] Where: rx on: Processes the received flow control frames on this port. rx off: Ignores the received flow control frames on this port. tx on: Sends control frames from this port to the connected device when a higher rate of traffic is received.
The flow control sender and receiver must be on the same port-pipe. Flow control is not supported across different port-pipes. To enable pause frames, use the following command. • Control how the system responds to and generates 802.3x pause frames on 1 and 10Gig line cards. INTERFACE mode flowcontrol rx [off | on] tx [off | on] [threshold {<1-2047> <1-2013> <1-2013>}] – rx on: enter the keywords rx on to process the received flow control frames on this port.
• All members must have the same link MTU value and the same IP MTU value. • The port channel link MTU and IP MTU must be less than or equal to the link MTU and IP MTU values configured on the channel members. For example, if the members have a link MTU of 2100 and an IP MTU 2000, the port channel’s MTU values cannot be higher than 2100 for link MTU or 2000 bytes for IP MTU. VLANs: • All members of a VLAN must have the same IP MTU value. • Members can have different Link MTU values.
Setting the Speed and Duplex Mode of Ethernet Interfaces To discover whether the remote and local interface requires manual speed synchronization, and to manually synchronize them if necessary, use the following command sequence. 1. Determine the local interface status. Refer to the following example. EXEC Privilege mode show interfaces [interface | linecard slot-number] status 2. Determine the remote interface status.
Gi 0/1 Down Gi 0/2 Down Gi 0/3 Down Gi 0/4 Force10Port Up Gi 0/5 Down Gi 0/6 Down Gi 0/7 Up Gi 0/8 Down Gi 0/9 Down Gi 0/10 Down Gi 0/11 Down Gi 0/12 Down [output omitted] Auto Auto Auto 1000 Mbit Auto Auto 1000 Mbit Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto 1 1 -30-130 --1502,1504,1506-1508,1602 ------ In the previous example, several ports display “Auto” in the Speed field, including port 0/1.
Adjusting the Keepalive Timer To change the time interval between keepalive messages on the interfaces, use the keepalive command. The interface sends keepalive messages to itself to test network connectivity on the interface. To change the default time interval between keepalive messages, use the following command. • Change the default interval between keepalive messages. INTERFACE mode • keepalive [seconds] View the new setting.
802.1QTagged: True Vlan membership: Vlan 2 Name: GigabitEthernet 13/3 802.1QTagged: True Vlan membership: Vlan 2 --More-- Configuring the Interface Sampling Size Although you can enter any value between 30 and 299 seconds (the default), software polling is done once every 15 seconds. So, for example, if you enter “19”, you actually get a sample of the past 15 seconds. All LAG members inherit the rate interval configuration from the LAG.
TenGigabitEthernet 10/0 is down, line protocol is down Hardware is Force10Eth, address is 00:01:e8:01:9e:d9 Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 10000 Mbit ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 1d23h45m Queueing strategy: fifo 0 packets input, 0 bytes Input 0 IP Packets, 0 Vlans 0 MPLS 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts Received 0 input symbol
EXEC Privilege mode clear counters [interface] [vrrp [vrid] | learning-limit] (OPTIONAL) Enter the following interface keywords and slot/port or number information: – For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/port information. – For a Loopback interface, enter the keyword loopback then a number from 0 to 16383. – For a Port Channel interface, enter the keywords port-channel then a number.
You can create VLAN groups using the interface group command. This command will create nonexistant VLANs specified in a range. On successful command execution, the CLI switches to the interface group context. The configuration commands inside the group context will be the similar to that of the existing range command. Two existing exec mode CLIs are enhanced to display and store the running configuration in the compressed mode.
no ip address ip address 2.1.1.1/16 shutdown shutdown ! ! interface TenGigabitEthernet 0/4 interface group Vlan 2 , Vlan 100 no ip address no ip address shutdown no shutdown ! ! interface TenGigabitEthernet 0/10 interface group Vlan 3 – 5 no ip address tagged te 0/0 shutdown no ip address ! shutdown interface TenGigabitEthernet 0/34 ! ip address 2.1.1.1/16 interface Vlan 1000 shutdown ip address 1.1.1.
tagged te 0/0 no ip address shutdown ! interface Vlan 100 no ip address no shutdown ! interface Vlan 1000 ip address 1.1.1.1/16 no shutdown Uncompressed config size – 52 lines write memory compressed The write memory compressed CLI will write the operating configuration to the startup-config file in the compressed mode. In stacking scenario, it will also take care of syncing it to all the standby and member units.
Internet Protocol Security (IPSec) 23 Internet protocol security (IPSec) is available on the S4820Tplatform. IPSec is an end-to-end security scheme for protecting IP communications by authenticating and encrypting all packets in a communication session. Use IPSec between hosts, between gateways, or between hosts and gateways. IPSec is compatible with Telnet and FTP protocols. It supports two operational modes: Transport and Tunnel.
Configuring IPSec The following sample configuration shows how to configure FTP and telnet for IPSec. 1. Define the transform set. CONFIGURATION mode crypto ipsec transform-set myXform-seta esp-authentication md5 espencryption des 2. Define the crypto policy.
IPv4 Routing 24 IPv4 routing is supported on the S4820T platform. The Dell Networking Operating System (OS) supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking OS.
• • • Assigning IP Addresses to an Interface (mandatory) Configuring Static Routes (optional) Configure Static Routes for the Management Interface (optional) For a complete listing of all commands related to IP addressing, refer to the Dell Networking OS Command Line Interface Reference Guide.
interface GigabitEthernet 0/0 ip address 10.11.1.1/24 no shutdown ! Dell(conf-if)# Dell(conf-if)#show conf ! interface GigabitEthernet 0/0 ip address 10.11.1.1/24 no shutdown ! Dell(conf-if)# Configuring Static Routes A static route is an IP address that you manually configure and that the routing protocol does not learn, such as open shortest path first (OSPF). Often, static routes are used as backup routes in case other dynamically learned routes are unreachable.
S 6.1.2.4/32 S 6.1.2.5/32 S 6.1.2.6/32 S 6.1.2.7/32 S 6.1.2.8/32 S 6.1.2.9/32 S 6.1.2.10/32 S 6.1.2.11/32 S 6.1.2.12/32 S 6.1.2.13/32 S 6.1.2.14/32 S 6.1.2.15/32 S 6.1.2.16/32 S 6.1.2.17/32 S 11.1.1.0/24 Direct, Lo 0 --More-- via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.
S S S S S S S S S S S S S 6.1.2.6/32 6.1.2.7/32 6.1.2.8/32 6.1.2.9/32 6.1.2.10/32 6.1.2.11/32 6.1.2.12/32 6.1.2.13/32 6.1.2.14/32 6.1.2.15/32 6.1.2.16/32 6.1.2.17/32 11.1.1.0/24 --More-- via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.
Using the Configured Source IP Address in ICMP Messages This feature is supported on the S4820T platform. ICMP error or unreachable messages are now sent with the configured IP address of the source interface instead of the front-end port IP address as the source IP address. Enable the generation of ICMP unreachable messages through the ip unreachable command in Interface mode.
To configure the duration for which the device waits for the ACK packet to be sent from the requesting host to establish the TCP connection, perform the following steps: 1. Define the wait duration in seconds for the TCP connection to be established. CONFIGURATION mode Dell(conf)#ip tcp reduced-syn-ack-wait <9-75> You can use the no ip tcp reduced-syn-ack-wait command to restore the default behavior, which causes the wait period to be set as 8 seconds. 2.
CONFIGURATION mode • ip domain-lookup Specify up to six name servers. CONFIGURATION mode ip name-server ip-address [ip-address2 ... ip-address6] The order you entered the servers determines the order of their use. Example of the show hosts Command To view current bindings, use the show hosts command. Dell>show host Default domain is force10networks.com Name/address lookup uses domain service Name servers are not set Host Flags TTL Type Address -------- ----- ------- ------ks (perm, OK) - IP 2.2.2.
Configuring DNS with Traceroute To configure your switch to perform DNS with traceroute, use the following commands. • Enable dynamic resolution of host names. CONFIGURATION mode • ip domain-lookup Specify up to six name servers. CONFIGURATION mode ip name-server ip-address [ip-address2 ... ip-address6] • The order you entered the servers determines the order of their use.
corresponding IP address. This table is called the ARP Cache and dynamically learned addresses are removed after a defined period of time. For more information about ARP, refer to RFC 826, An Ethernet Address Resolution Protocol. In Dell Networking OS, Proxy ARP enables hosts with knowledge of the network to accept and forward packets from hosts that contain no knowledge of the network. Proxy ARP makes it possible for hosts to be ignorant of the network, including subnetting.
-------------------------------------------------------------------------------Internet 10.1.2.4 17 08:00:20:b7:bd:32 Ma 1/0 CP Dell# Enabling Proxy ARP By default, Proxy ARP is enabled. To disable Proxy ARP, use the no proxy-arp command in the interface mode. To re-enable Proxy ARP, use the following command. • Re-enable Proxy ARP. INTERFACE mode ip proxy-arp To view if Proxy ARP is enabled on the interface, use the show config command in INTERFACE mode.
• • • detect IP address conflicts inform switches of their presence on a port so that packets can be forwarded update the ARP table of other nodes on the network in case of an address change In the request, the host uses its own IP address in the Sender Protocol Address and Target Protocol Address fields. In Dell Networking OS versions prior to 8.3.1.0, if a gratuitous ARP is received some time after an ARP request is sent, only RP2 installs the ARP information. For example: 1.
Figure 48. ARP Learning via ARP Request with ARP Learning via Gratuitous ARP Enabled Whether you enable or disable ARP learning via gratuitous ARP, the system does not look up the target IP. It only updates the ARP entry for the Layer 3 interface with the source IP of the request. Configuring ARP Retries In Dell Networking OS versions prior to 8.3.1.0, the number of ARP retries is set to five and is not configurable.
ICMP For diagnostics, the internet control message protocol (ICMP) provides routing information to end stations by choosing the best route (ICMP redirect messages) or determining if a router is reachable (ICMP Echo or Echo Reply). ICMP error messages inform the router of problems in a particular packet. These messages are sent only on unicast traffic. Configuration Tasks for ICMP The following lists the configuration tasks for ICMP.
2. Configure a broadcast address on interfaces that will receive UDP broadcast traffic. Refer to Configuring a Broadcast Address. Important Points to Remember • The existing ip directed broadcast command is rendered meaningless if you enable UDP helper on the same interface. • The broadcast traffic rate should not exceed 200 packets per second when you enable UDP helper. • You may specify a maximum of 16 UDP ports.
Example of Configuring a Broadcast Address Example of Viewing Configured Broadcast Addresses Dell(conf-if-vl-100)#ip udp-broadcast-address 1.1.255.255 Dell(conf-if-vl-100)#show config ! interface Vlan 100 ip address 1.1.0.1/24 ip udp-broadcast-address 1.1.255.255 untagged GigabitEthernet 1/2 no shutdown To view the configured broadcast address for an interface, use show interfaces command.
1. It is flooded on VLAN 101 without changing the destination address because the forwarding process is Layer 2. 2. If you enabled UDP helper, the system changes the destination IP address to the configured broadcast address 1.1.255.255 and forwards the packet to VLAN 100. 3. Packet 2 is also forwarded to the ingress interface with an unchanged destination address because it does not have broadcast address configured. Figure 49.
UDP Helper with Configured Broadcast Addresses Incoming packets with a destination IP address matching the configured broadcast address of any interface are forwarded to the matching interfaces. In the following illustration, Packet 1 has a destination IP address that matches the configured broadcast address of VLAN 100 and 101. If you enabled UDP helper and the UDP port number matches, the packet is flooded on both VLANs with an unchanged destination address. Packet 2 is sent from a host on VLAN 101.
When using the IP helper and UDP helper on the same interface, use the debug ip dhcp command. Example Output from the debug ip dhcp Command Packet 0.0.0.0:68 -> 255.255.255.255:67 TTL 128 2005-11-05 11:59:35 %RELAY-I-PACKET, BOOTP REQUEST (Unicast) received at interface 172.21.50.193 BOOTP Request, XID = 0x9265f901, secs = 0 hwaddr = 00:02:2D:8D: 46:DC, giaddr = 0.0.0.0, hops = 2 2005-11-05 11:59:35 %RELAY-I-BOOTREQUEST, Forwarded BOOTREQUEST for 00:02:2D:8D: 46:DC to 137.138.17.
IPv6 Routing 25 Internet protocol version 6 (IPv6) routing is supported on the S4820T platform. NOTE: The IPv6 basic commands are supported on all platforms. However, not all features are supported on all platforms, nor for all releases. To determine the Dell Networking Operating System (OS) version supporting which features and platforms, refer to Implementing IPv6 with Dell Networking OS. IPv6 is the successor to IPv4.
NOTE: Dell Networking OS provides the flexibility to add prefixes on Router Advertisements (RA) to advertise responses to Router Solicitations (RS). By default, RA response messages are sent when an RS message is received. Dell Networking OS manipulation of IPv6 stateless autoconfiguration supports the router side only. Neighbor discovery (ND) messages are advertised so the neighbor can use this information to autoconfigure its address. However, received ND messages are not used to create an IPv6 address.
IPv6 Header Fields The 40 bytes of the IPv6 header are ordered, as shown in the following illustration. Figure 52. IPv6 Header Fields Version (4 bits) The Version field always contains the number 6, referring to the packet’s IP version. Traffic Class (8 bits) The Traffic Class field deals with any data that needs special handling. These bits define the packet priority and are defined by the packet Source. Sending and forwarding routers use this field to identify different IPv6 classes and priorities.
The following lists the Next Header field values. Value Description 0 Hop-by-Hop option header 4 IPv4 6 TCP 8 Exterior Gateway Protocol (EGP) 41 IPv6 43 Routing header 44 Fragmentation header 50 Encrypted Security 51 Authentication header 59 No Next Header 60 Destinations option header NOTE: This table is not a comprehensive list of Next Header field values. For a complete and current listing, refer to the Internet Assigned Numbers Authority (IANA) web page at .
However, if the Destination Address is a Hop-by-Hop options header, the Extension header is examined by every forwarding router along the packet’s route. The Hop-by-Hop options header must immediately follow the IPv6 header, and is noted by the value 0 (zero) in the Next Header field. Extension headers are processed in the order in which they appear in the packet header. Hop-by-Hop Options Header The Hop-by-Hop options header contains information that is examined by every router along the packet’s path.
of double colons is supported in a single address. Any number of consecutive 0000 groups may be reduced to two colons, as long as there is only one double colon used in an address. Leading and/or trailing zeros in a group can also be omitted (as in ::1 for localhost, 1:: for network addresses and :: for unspecified addresses). All the addresses in the following list are all valid and equivalent.
Implementing IPv6 with Dell Networking OS Dell Networking OS supports both IPv4 and IPv6 and both may be used simultaneously in your system. The following table lists the Dell Networking OS version in which an IPv6 feature became available for each platform. The sections following the table give greater detail about the feature. Feature and Functionality Dell Networking OS Release Introduction Documentation and Chapter Location S4820T Basic IPv6 Commands 8.3.
Feature and Functionality Dell Networking OS Release Introduction Documentation and Chapter Location S4820T IS-IS for IPv6 8.3.19 Intermediate System to Intermediate System IPv6 IS-IS in the Dell Networking OS Command Line Reference Guide. IS-IS for IPv6 support for redistribution 8.3.19 Intermediate System to Intermediate System IPv6 IS-IS in the Dell Networking OS Command Line Reference Guide. ISIS for IPv6 support for distribute lists and administrative distance 8.3.
Feature and Functionality Dell Networking OS Release Introduction Documentation and Chapter Location S4820T (outbound SSH) Layer 3 only Secure Shell (SSH) server support over IPv6 (inbound SSH) Layer 3 only 8.3.19 Secure Shell (SSH) Over an IPv6 Transport IPv6 Access Control Lists 8.3.19 IPv6 Access Control Lists in the Dell Networking OS Command Line Reference Guide. 8.3.19 IPv6 PIM in the Dell Networking OS Command Line Reference Guide.
Figure 53. Path MTU Discovery Process IPv6 Neighbor Discovery IPv6 neighbor discovery protocol (NDP) is supported on the S4820T platform. NDP is a top-level protocol for neighbor discovery on an IPv6 network. In lieu of address resolution protocol (ARP), NDP uses “Neighbor Solicitation” and “Neighbor Advertisement” ICMPv6 messages for determining relationships between neighboring nodes.
Figure 54. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets You can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface. The ipv6 nd mtu command sets the value advertised to routers. It does not set the actual MTU rate. For example, if you set ipv6 nd mtu to 1280, the interface still passes 1500-byte packets, if that is what is set with the mtu command.
• Clearing IPv6 Routes Adjusting Your CAM-Profile The cam-acl command is supported on the S4820T platform. Although adjusting your CAM-profile is not a mandatory step, if you plan to implement IPv6 ACLs, adjust your CAM settings. The CAM space is allotted in FP blocks. The total space allocated must equal 13 FP blocks. There are 16 FP blocks, but the System Flow requires three blocks that cannot be reallocated. You must enter the ipv6acl allocation as a factor of 2 (2, 4, 6, 8, 10).
You can configure up to two IPv6 addresses on management interfaces, allowing required default router support on the management port that is acting as host, per RFC 4861. Data ports support more than two IPv6 addresses. When you configure IPv6 addresses on multiple interfaces (the ipv6 address command) and verify the configuration (the show ipv6 interfaces command), the same link local (fe80) address is displayed for each IPv6 interface. • Enter the IPv6 Address for the device.
Configuring Telnet with IPv6 IPv6 telnet is supported on the S4820T platform. The Telnet client and server in Dell Networking OS supports IPv6 connections. You can establish a Telnet session directly to the router using an IPv6 Telnet client, or you can initiate an IPv6 Telnet connection from the router. NOTE: Telnet to link local addresses is supported on the S4820T. • Enter the IPv6 Address for the device.
mbgproutes mld mroute neighbors ospf pim prefix-list route rpf Dell# MBGP routing table MLD information IPv6 multicast-routing table IPv6 neighbor information OSPF information PIM V6 information List IPv6 prefix lists IPv6 routing information RPF table Showing an IPv6 Interface To view the IPv6 configuration for a specific interface, use the following command. • Show the currently running configuration for the specified interface.
DAD is enabled, number of DAD attempts: 3 ND reachable time is 32000 milliseconds ND base reachable time is 30000 milliseconds ND retransmit interval is 1000 milliseconds ND hop limit is 64 Showing IPv6 Routes To view the global IPv6 routing information, use the following command. • Show IPv6 routing information for the specified route type. EXEC mode show ipv6 route type The following keywords are available: – To display information about a network, enter ipv6 address (X:X:X:X::X).
C 600::/64 [0/0] Direct, Te 0/24, 00:34:42 C 601::/64 [0/0] Direct, Te 0/24, 00:34:18 C 912::/64 [0/0] Direct, Lo 2, 00:02:33 O IA 999::1/128 [110/2] via fe80::201:e8ff:fe8b:3166, Te 0/24, 00:01:30 L fe80::/10 [0/0] Direct, Nu 0, 00:34:42 Dell# Dell#show ipv6 route static Destination Dist/Metric, Gateway, Last Change ----------------------------------------------------S 8888:9999:5555:6666:1111:2222::/96 [1/0] via 2222:2222:3333:3333::1, Gi 9/1, 00:03:16 S 9999:9999:9999:9999::/64 [1/0] via 8888:9999:5555:
– *: all routes. – ipv6 address: the format is x:x:x:x::x. – mask: the prefix length is from 0 to 128. NOTE: IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing.
iSCSI Optimization 26 iSCSI optimization is supported on the S4820T platform. This chapter describes how to configure internet small computer system interface (iSCSI) optimization, which enables quality-of-service (QoS) treatment for iSCSI traffic.
• If you configure flow-control, iSCSI uses the current configuration. If you do not configure flowcontrol, iSCSI auto-configures flow control settings so that receive-only is enabled and transmit-only is disabled. . • iSCSI monitoring sessions — the switch monitors and tracks active iSCSI sessions in connections on the switch, including port information and iSCSI session information. • iSCSI QoS — A user-configured iSCSI class of service (CoS) profile is applied to all iSCSI traffic.
Monitoring iSCSI Traffic Flows The switch snoops iSCSI session-establishment and termination packets by installing classifier rules that trap iSCSI protocol packets to the CPU for examination. Devices that initiate iSCSI sessions usually use well-known TCP ports 3260 or 860 to contact targets. When you enable iSCSI optimization, by default the switch identifies IP packets to or from these ports as iSCSI traffic.
If more than 256 simultaneous sessions are logged continuously, the following message displays indicating the queue rate limit has been reached: %STKUNIT2-M:CP %iSCSI-5-ISCSI_OPT_MAX_SESS_EXCEEDED: New iSCSI Session Ignored: ISID 400001370000 InitiatorName - iqn.1991-05.com.microsoft:dt-brcd-cna-2 TargetName iqn.2001-05.com.equallogic:4-52aed6-b90d9446c-162466364804fa49-wj-v1 TSIH - 0" NOTE: If you are using EqualLogic or Compellent storage arrays, more than 256 simultaneous iSCSI sessions are possible.
Configuring Detection and Ports for Dell Compellent Arrays To configure a port connected to a Dell Compellent storage array, use the following command. • Configure a port connected to a Dell Compellent storage array. INTERFACE Configuration mode iscsi profile-compellent The command configures a port for the best iSCSI traffic conditions.
iSCSI optimization, which can turn on flow control again on reboot, use the no iscsi enable command and save the configuration. When you enable iSCSI on the switch, the following actions occur: • Link-level flow control is globally enabled, if it is not already enabled, and PFC is disabled. • iSCSI session snooping is enabled. • iSCSI LLDP monitoring starts to automatically detect EqualLogic arrays.
Parameter Default Value iSCSI session monitoring Disabled. The CAM allocation for iSCSI is set to zero (0). iSCSI Optimization Prerequisites The following are iSCSI optimization prerequisites. • iSCSI optimization requires LLDP on the switch. LLDP is enabled by default (refer to Link Layer Discovery Protocol (LLDP)). • iSCSI optimization requires configuring two ingress ACL groups The ACL groups are allocated after iSCSI Optimization is configured.
5. Reload the switch. EXEC Privilege mode reload After the switch is reloaded, DCB/ DCBx and iSCSI monitoring are enabled. 6. (Optional) Configure the iSCSI target ports and optionally the IP addresses on which iSCSI communication is monitored. CONFIGURATION mode [no] iscsi target port tcp-port-1 [tcp-port-2...tcp-port-16] [ip-address address] • tcp-port-n is the TCP port number or a list of TCP port numbers on which the iSCSI target listens to requests.
8. (Optional) Set the aging time for iSCSI session monitoring. CONFIGURATION mode [no] iscsi aging time time. The range is from 5 to 43,200 minutes. The default is 10 minutes. 9. (Optional) Configures DCBX to send iSCSI TLV advertisements. LLDP CONFIGURATION mode or INTERFACE LLDP CONFIGURATION mode [no] advertise dcbx-app-tlv iscsi. You can send iSCSI TLVs either globally or on a specified interface. The interface configuration takes priority over global configuration. The default is Enabled. 10.
iSCSI COS : dot1p is 4 no-remark Session aging time: 10 Maximum number of connections is 256 -----------------------------------------------iSCSI Targets and TCP Ports: -----------------------------------------------TCP Port Target IP Address 3260 860 VLT PEER1 Dell#show iscsi session Session 0: ---------------------------------------------------------------------------------Target: iqn.2001-05.com.equallogic:0-8a0906-0e70c2002-10a0018426a48c94-iom010 Initiator: iqn.1991-05.com.
Intermediate System to Intermediate System 27 Intermediate system to intermediate system (Is-IS) is supported on the S4820T platform. • IS-IS is supported on the S4820T with Dell Networking OS 8.3(19.0). • • The IS-IS protocol is an interior gateway protocol (IGP) that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. • The IS-IS protocol standards are listed in the Standards Compliance chapter.
The NET length is variable, with a maximum of 20 bytes and a minimum of 8 bytes. It is composed of the following: • area address — within your routing domain or area, each area must have a unique area value. The first byte is called the authority and format indicator (AFI). • system address — the router’s MAC address. • N-selector — this is always 0. The following illustration is an example of the ISO-style address to show the address format IS-IS uses. In this example, the first five bytes (47.0005.
Transition Mode All routers in the area or domain must use the same type of IPv6 support, either single-topology or multitopology. A router operating in multi-topology mode does not recognize the ability of the singletopology mode router to support IPv6 traffic, which leads to holes in the IPv6 topology.
A new TLV (the Restart TLV) is introduced in the IIH PDUs, indicating that the router supports graceful restart. Timers Three timers are used to support IS-IS graceful restart functionality. After you enable graceful restart, these timers manage the graceful restart process. There are three times, T1, T2, and T3. • The T1 timer specifies the wait time before unacknowledged restart requests are generated.
• Accepts external IPv6 information and advertises this information in the PDUs. The following table lists the default IS-IS values. Table 34.
Enabling IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS routing process and assign a NET address. To exchange protocol information with neighbors, enable IS-IS on an interface, instead of on a network as with other routing protocols. In IS-IS, neighbors form adjacencies only when they are same IS type. For example, a Level 1 router never forms an adjacency with a Level 2 router.
4. Enter an IPv4 Address. INTERFACE mode ip address ip-address mask Assign an IP address and mask to the interface. The IP address must be on the same subnet as other IS-IS neighbors, but the IP address does not need to relate to the NET address. 5. Enter an IPv6 Address. INTERFACE mode ipv6 address ipv6-address mask • • ipv6 address: x:x:x:x::x mask: The prefix length is from 0 to 128.
Generate narrow metrics: Accept narrow metrics: Generate wide metrics: Accept wide metrics: Dell# level-1-2 level-1-2 none none To view IS-IS protocol statistics, use the show isis traffic command in EXEC Privilege mode.
3. Set the minimum interval between SPF calculations. ROUTER ISIS AF IPV6 mode spf-interval [level-l | level-2 | interval] [initial_wait_interval [second_wait_interval]] Use this command for IPv6 route computation only when you enable multi-topology. If using singletopology mode, to apply to both IPv4 and IPv6 route computations, use the spf-interval command in CONFIG ROUTER ISIS mode. 4. Implement a wide metric-style globally.
• – retry-times: number of times an unacknowledged restart request is sent before the restarting router gives up the graceful restart engagement with the neighbor. (The range is from 1 to 10 attempts. The default is 1.) Configure the time for the graceful restart timer T2 that a restarting router uses as the wait time for each database to synchronize.
Database Sync count : 0 (level-1), 0 (level-2) Circuit GigabitEthernet 2/10: Mode: Normal L1-State:NORMAL, L2-State: NORMAL L1: Send/Receive: RR:0/0, RA: 0/0, SA:0/0 T1 time left: 0, retry count left:0 L2: Send/Receive: RR:0/0, RA: 0/0, SA:0/0 T1 time left: 0, retry count left:0 Dell# To view all interfaces configured with IS-IS routing along with the defaults, use the show isis interface command in EXEC Privilege mode.
• Set the LSP refresh interval. ROUTER ISIS mode lsp-refresh-interval seconds – seconds: the range is from 1 to 65535. • The default is 900 seconds. Set the maximum time LSPs lifetime. ROUTER ISIS mode max-lsp-lifetime seconds – seconds: the range is from 1 to 65535. The default is 1200 seconds. Example of Viewing IS-IS Configuration (ROUTER ISIS Mode) To view the configuration, use the show config command in ROUTER ISIS mode or the show running-config isis command in EXEC Privilege mode.
Metric Style Characteristics Cost Range Supported on IS-IS Interfaces transition Sends both wide (new) and narrow (old) TLVs. 0 to 63 narrow transition Sends narrow (old) TLVs and accepts both narrow (old) and wide (new) TLVs. 0 to 63 wide transition Sends wide (new) TLVs and accepts both narrow (old) and wide (new) TLVs. 0 to 16777215 To change the IS-IS metric style of the IS-IS process, use the following command. • Set the metric style for the IS-IS process.
INTERFACE mode isis metric default-metric [level-1 | level-2] – default-metric: the range is from 0 to 63 if the metric-style is narrow, narrow-transition, or transition. • The range is from 0 to 16777215 if the metric style is wide or wide transition. Assign a metric for an IPv6 link or interface. INTERFACE mode isis ipv6 metric default-metric [level-1 | level-2] – default-metric: the range is from 0 to 63 for narrow and transition metric styles. The range is from 0 to 16777215 for wide metric styles.
• Default is level-1-2. Change the IS-type for the IS-IS process. ROUTER ISIS mode is-type {level-1 | level-1-2 | level-2} Example of the show isis database Command to View Level 1-2 Link State Databases To view which IS-type is configured, use the show isis protocol command in EXEC Privilege mode. The show config command in ROUTER ISIS mode displays only non-default information. If you do not change the IS-type, the default value (level-1-2) is not displayed. The default is Level 1-2 router.
Distribute Routes Another method of controlling routing information is to filter the information through a prefix list. Prefix lists are applied to incoming or outgoing routes and routes must meet the conditions of the prefix lists or Dell Networking OS does not install the route in the routing table. The prefix lists are globally applied on all interfaces running IS-IS. Configure the prefix list in PREFIX LIST mode prior to assigning it to the IS-IS process.
Applying IPv6 Routes To apply prefix lists to incoming or outgoing IPv6 routes, use the following commands. NOTE: These commands apply to IPv6 IS-IS only. To apply prefix lists to IPv4 routes, use ROUTER ISIS mode, previously shown. • Apply a configured prefix list to all incoming IPv6 IS-IS routes.
NOTE: These commands apply to IPv4 IS-IS only. To apply prefix lists to IPv6 routes, use ADDRESSFAMILY IPV6 mode, shown later. • Include BGP, directly connected, RIP, or user-configured (static) routes in IS-IS. ROUTER ISIS mode redistribute {bgp as-number | connected | rip | static} [level-1 level-1-2 | level-2] [metric metric-value] [metric-type {external | internal}] [route-map map-name] Configure the following parameters: – level-1, level-1-2, or level-2: assign all redistributed routes to a level.
• – map-name: enter the name of a configured route map. Include specific OSPF routes in IS-IS.ROUTER ISIS mode redistribute ospf process-id [level-1| level-1-2 | level-2] [metric value] [match external {1 | 2} | match internal] [metric-type {external | internal}] [route-map map-name] Configure the following parameters: – – – – – – – – process-id: the range is from 1 to 65535. level-1, level-1-2, or level-2: assign all redistributed routes to a level. The default is level-2.
Setting the Overload Bit Another use for the overload bit is to prevent other routers from using this router as an intermediate hop in their shortest path first (SPF) calculations. For example, if the IS-IS routing database is out of memory and cannot accept new LSPs, Dell Networking OS sets the overload bit and IS-IS traffic continues to transit the system. To set or remove the overload bit manually, use the following commands. • Set the overload bit in LSPs.
To view specific information, enter the following optional parameter: • – interface: Enter the type of interface and slot/port information to view IS-IS information on that interface only. View information about IS-IS local update packets. EXEC Privilege mode debug isis local-updates [interface] To view specific information, enter the following optional parameter: • – interface: Enter the type of interface and slot/port information to view IS-IS information on that interface only.
• narrow (supports only type, length, and value [TLV] up to 63) • wide (supports TLV up to 16777215) • transition (supports both narrow and wide and uses a TLV up to 63) • narrow transition (accepts both narrow and wide and sends only narrow or old-style TLV) • wide transition (accepts both narrow and wide and sends only wide or new-style TLV) Configure Metric Values For any level (Level-1, Level-2, or Level-1-2), the value range possible in the isis metric command in INTERFACE mode changes depend
Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value NOTE: A truncated value is a value that is higher than 63, but set back to 63 because the higher value is not supported. wide narrow transition default value (10) if the original value is greater than 63. A message is sent to the console.
Table 37. Metric Value when the Metric Style Changes Multiple Times Beginning Metric Style Next Metric Style Resulting Metric Value Next Metric Style Final Metric Value wide transition truncated value wide original value is recovered wide transition transition truncated value wide transition original value is recovered wide transition truncated value narrow default value (10).
Level-1 Metric Style Level-2 Metric Style Resulting Metric Value wide transition narrow transition truncated value wide transition transition truncated value Sample Configurations The following configurations are examples for enabling IPv6 IS-IS. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations. NOTE: Only one IS-IS process can run on the router, even if both IPv4 and IPv6 routing is being used.
Figure 57. IPv6 IS-IS Sample Topography IS-IS Sample Configuration — Congruent Topology IS-IS Sample Configuration — Multi-topology IS-IS Sample Configuration — Multi-topology Transition The following is a sample configuration for enabling IPv6 IS-IS. Dell(conf-if-te-3/17)#show config ! interface TenGigabitEthernet 3/17 ip address 24.3.1.
router isis net 34.0000.0000.AAAA.00 ! address-family ipv6 unicast multi-topology exit-address-family Dell (conf-router_isis)# Dell (conf-if-te-3/17)#show config ! interface TenGigabitEthernet 3/17 ipv6 address 24:3::1/76 ipv6 router isis no shutdown Dell (conf-if-te-3/17)# Dell (conf-router_isis)#show config ! router isis net 34.0000.0000.AAAA.
28 Link Aggregation Control Protocol (LACP) Link aggregation control protocol (LACP) is supported on the S4820T platform. Introduction to Dynamic LAGs and LACP A link aggregation group (LAG), referred to as a port channel by Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic. The benefits and constraints are basically the same, as described in Port Channel Interfaces in the Interfaces chapter.
• There is a difference between the shutdown and no interface port-channel commands: – The shutdown command on LAG “xyz” disables the LAG and retains the user commands. However, the system does not allow the channel number “xyz” to be statically created. – The no interface port-channel channel-number command deletes the specified LAG, including a dynamically created LAG. This command removes all LACP-specific commands on the member interfaces.
• Configure LACP mode. LACP mode [no] port-channel number mode [active | passive | off] – number: cannot statically contain any links. • The default is LACP active. Configure port priority. LACP mode [no] lacp port-priority priority-value The range is from 1 to 65535 (the higher the number, the lower the priority). The default is 32768. LACP Configuration Tasks The following are LACP configuration tasks.
Configuring the LAG Interfaces as Dynamic After creating a LAG, configure the dynamic LAG interfaces. To configure the dynamic LAG interfaces, use the following command. • Configure the dynamic LAG interfaces. CONFIGURATION mode port-channel-protocol lacp Example of the port-channel-protocol lacp Command Dell(conf)#interface Gigabitethernet 3/15 Dell(conf-if-gi-3/15)#no shutdown Dell(conf-if-gi-3/15)#port-channel-protocol lacp Dell(conf-if-gi-3/15-lacp)#port-channel 32 mode active ...
Dell(conf-if-po-32)#switchport Dell(conf-if-po-32)#lacp long-timeout Dell(conf-if-po-32)#end Dell# show lacp 32 Port-channel 32 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e800.a12b Partner System ID: Priority 32768, Address 0001.e801.
Figure 58. Shared LAG State Tracking To avoid packet loss, redirect traffic through the next lowest-cost link (R3 to R4). Dell Networking OS has the ability to bring LAG 2 down if LAG 1 fails, so that traffic can be redirected. This redirection is what is meant by shared LAG state tracking. To achieve this functionality, you must group LAG 1 and LAG 2 into a single entity, called a failover group. Configuring Shared LAG State Tracking To configure shared LAG state tracking, you configure a failover group.
port-channel failover-group group 1 port-channel 1 port-channel 2 As shown in the following illustration, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down after the failure. This effect is logged by Message 1, in which a console message declares both LAGs down at the same time. Figure 59.
• • • • Only a LAG can be a member of a failover group. You can configure shared LAG state tracking on one side of a link or on both sides. If a LAG that is part of a failover group is deleted, the failover group is deleted. If a LAG moves to the Down state due to this feature, its members may still be in the Up state. LACP Basic Configuration Example The screenshots in this section are based on the following example topology.
Hardware is Force10Eth, address is 00:01:e8:06:95:c0 Current address is 00:01:e8:06:95:c0 Interface Index is 109101113 Port will not be disabled on partial SFM failure Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 1000 Mbit, Mode full duplex, Slave Flowcontrol rx on tx on ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 00:02:11 Queueing strategy: fifo Input statistics: 132 packets, 163668 bytes 0 Vlans 0 64-byte pkts, 12 over 64-byte pkts, 120 over 1
Figure 61.
Figure 62.
Figure 63.
interface GigabitEthernet 2/31 no ip address Bravo(conf-if-gi-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config ! interface Port-channel 10 no ip address switchport no shutdown ! Bravo(conf-if-po-10)#exit Bravo(conf)#int gig 3/21 Bravo(conf)#no ip address Bravo(conf)#no switchport Bravo(conf)#shutdown Bravo(conf-if-gi-3/21)#port-channel-protocol lacp Bravo(conf-if-gi-3/21-lacp)#port-channel 10 mode active Bravo(
Figure 64.
Figure 65.
Figure 66. Inspecting the LAG Status Using the show lacp command The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode. It was designed to carry IP traffic but is general enough to allow any type of network layer datagram to be sent over a PPP connection.
Layer 2 29 Layer 2 features are supported on the S4820T platform. Manage the MAC Address Table Dell Networking OS provides the following management activities for the MAC address table. • Clearing the MAC Address Table • Setting the Aging Time for Dynamic Entries • Configuring a Static MAC Address • Displaying the MAC Address Table Clearing the MAC Address Table You may clear the MAC address table of dynamic entries. To clear a MAC address table, use the following command.
The range is from 10 to 1000000. Configuring a Static MAC Address A static entry is one that is not subject to aging. Enter static entries manually. To create a static MAC address entry, use the following command. • Create a static MAC address entry in the MAC address table. CONFIGURATION mode mac-address-table static Displaying the MAC Address Table To display the MAC address table, use the following command. • Display the contents of the MAC address table.
interface) before the system verifies that sufficient CAM space exists. If the CAM check fails, a message is displayed: %E90MH:5 %ACL_AGENT-2-ACL_AGENT_LIST_ERROR: Unable to apply access-list MacLimit on GigabitEthernet 5/84 In this case, the configuration is still present in the running-config and show output. Remove the configuration before re-applying a MAC learning limit with a lower value. Also, ensure that you can view the Syslog messages on your session.
mac learning-limit mac-address-sticky Using sticky MAC addresses allows you to associate a specific port with MAC addresses from trusted devices. If you enable sticky MAC, the specified port retains any dynamically-learned addresses and prevents them from being transferred or learned on other ports. If you configure mac-learning-limit and you enabled sticky MAC, all dynamically-learned addresses are converted to sticky MAC addresses for the selected port.
no ip address switchport mac learning-limit 1 dynamic no-station-move mac learning-limit station-move-violation log no shutdown Learning Limit Violation Actions Learning limit violation actions are supported only on the S4820T platform. To configure the system to take an action when the MAC learning limit is reached on an interface and a new address is received using one the following options with the mac learning-limit command, use the following commands.
Recovering from Learning Limit and Station Move Violations After a learning-limit or station-move violation shuts down an interface, you must manually reset it. To reset the learning limit, use the following commands. NOTE: Alternatively, you can reset the interface by shutting it down using the shutdown command and then re-enabling it using the no shutdown command. • Reset interfaces in the ERR_Disabled state caused by a learning limit violation or station move violation.
When you use NIC teaming, consider that the server MAC address is originally learned on Port 0/1 of the switch (shown in the following) and Port 0/5 is the failover port. When the NIC fails, the system automatically sends an ARP request for the gateway or host NIC to resolve the ARP and refresh the egress interface. When the ARP is resolved, the same MAC address is learned on the same port where the ARP is resolved (in the previous example, this location is Port 0/5 of the switch).
Apply all other configurations to each interface in the redundant pair such that their configurations are identical, so that transition to the backup interface in the event of a failure is transparent to rest of the network. Figure 69. Configuring Redundant Layer 2 Pairs without Spanning Tree You configure a redundant pair by assigning a backup interface to a primary interface with the switchport backup interface command.
LACP) port-channel interface as either the primary or backup link in a redundant pair with a physical interface. To ensure that existing network applications see no difference when a primary interface in a redundant pair transitions to the backup interface, be sure to apply identical configurations of other traffic parameters to each interface.
down: Gi 3/41 00:24:55: %RPM0-P:CP %IFMGR-5-INACTIVE: Changed Vlan interface state to inactive: Vl 1 00:24:55: %RPM0-P:CP %IFMGR-5-OSTATE_UP: Changed interface state to up: Gi 3/42 00:24:55: %RPM0-P:CP %IFMGR-5-ACTIVE: Changed Vlan interface state to active: Vl 1 00:24:55: %RPM0-P:CP %IFMGR-5-STATE_STBY_ACT: Changed interface state from standby to active: Gi 3/42 Dell(conf-if-gi-3/41)#do show ip int brief | find 3/41 GigabitEthernet 3/41 unassigned NO Manual administratively down down GigabitEthernet 3/42 u
Figure 70. Configuring Far-End Failure Detection The report consists of several packets in SNAP format that are sent to the nearest known MAC address. In the event of a far-end failure, the device stops receiving frames and, after the specified time interval, assumes that the far-end is not available. The connecting line protocol is brought down so that upper layer protocols can detect the neighbor unavailability faster. FEFD State Changes FEFD has two operational modes, Normal and Aggressive.
4. If the FEFD enabled system is configured to use FEFD in Normal mode and neighboring echoes are not received after three intervals, (you can set each interval can be set between 3 and 300 seconds) the state changes to unknown. 5. If the FEFD system has been set to Aggressive mode and neighboring echoes are not received after three intervals, the state changes to Err-disabled.
To report interval frequency and mode adjustments, use the following commands. 1. Setup two or more connected interfaces for Layer 2 or Layer 3. INTERFACE mode ip address ip address, switchport 2. Activate the necessary ports administratively. INTEFACE mode no shutdown 3. Enable fefd globally. CONFIGURATION mode fefd {interval | mode} Example of the show fefd Command To display information about the state of each interface, use the show fefd command in EXEC privilege mode.
To set up and activate two or more connected interfaces, use the following commands. 1. Setup two or more connected interfaces for Layer 2 or Layer 3. INTERFACE mode ip address ip address, switchport 2. Activate the necessary ports administratively. INTERFACE mode no shutdown 3.
Dell#debug fefd packets Dell#2w1d22h : FEFD packet sent via interface Gi 1/0 Sender state -- Bi-directional Sender info -- Mgmt Mac(00:01:e8:14:89:25), Slot-Port(Gi 1/0) Peer info -- Mgmt Mac (00:01:e8:14:89:25), Slot-Port(Gi 4/0) Sender hold time -- 3 (second) 2w1d22h : FEFD packet received on interface Gi 4/0 Sender state -- Bi-directional Sender info -- Mgmt Mac(00:01:e8:14:89:25), Slot-Port(Gi 1/0) Peer info -- Mgmt Mac (00:01:e8:14:89:25), Slot-Port(Gi 4/0) Sender hold time -- 3 (second) An RPM Failov
Link Layer Discovery Protocol (LLDP) 30 The link layer discovery protocol (LLDP) is supported on the S4820T platform. 802.1AB (LLDP) Overview LLDP — defined by IEEE 802.1AB — is a protocol that enables a local area network (LAN) device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN infrastructure devices.
Table 40. Type, Length, Value (TLV) Types Type TLV Description 0 End of LLDPDU Marks the end of an LLDPDU. 1 Chassis ID An administratively assigned name that identifies the LLDP agent. 2 Port ID An administratively assigned name that identifies a port through which TLVs are sent and received. 3 Time to Live An administratively assigned name that identifies a port through which TLVs are sent and received.
Figure 73. Organizationally Specific TLV IEEE Organizationally Specific TLVs Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Networking system to advertise any or all of these TLVs. Table 41. Optional TLV Types Type TLV Description 4 Port description A user-defined alphanumeric string that describes the port. Dell Networking OS does not currently support this TLV.
Type TLV Description 127 Protocol Identity Indicates the protocols that the port can process. Dell Networking OS does not currently support this TLV. 127 MAC/PHY Configuration/Status Indicates the capability and current setting of the duplex status and bit rate, and whether the current settings are the result of auto-negotiation. This TLV is not available in the Dell Networking OS implementation of LLDP, but is available and mandatory (non-configurable) in the LLDP-MED implementation.
Regarding connected endpoint devices, LLDP-MED provides network connectivity devices with the ability to: • manage inventory • manage Power over Ethernet (PoE) • identify physical location • identify network policy LLDP-MED is designed for, but not limited to, VoIP endpoints. TIA Organizationally Specific TLVs The Dell Networking system is an LLDP-MED Network Connectivity Device (Device Type 4).
Type SubType TLV Description None or all TLVs must be supported. Dell Networking OS does not currently support these TLVs. 127 5 Inventory — Hardware Revision Indicates the hardware revision of the LLDPMED device. 127 6 Inventory — Firmware Revision Indicates the firmware revision of the LLDPMED device. 127 7 Inventory — Software Revision Indicates the software revision of the LLDPMED device. 127 8 Inventory — Serial Number Indicates the device serial number of the LLDP-MED device.
Figure 74. LLDP-MED Capabilities TLV Table 43. Dell Networking OS LLDP-MED Capabilities Bit Position TLV Dell Networking OS Support 0 LLDP-MED Capabilities Yes 1 Network Policy Yes 2 Location Identification Yes 3 Extended Power via MDI-PSE Yes 4 Extended Power via MDI-PD No 5 Inventory No 6–15 reserved No Table 44.
NOTE: As shown in the following table, signaling is a series of control packets that are exchanged between an endpoint device and a network connectivity device to establish and maintain a connection. These signal packets might require a different network policy than the media packets for which a connection is made. In this case, configure the signaling application. Table 45.
Extended Power via MDI TLV The extended power via MDI TLV enables advanced PoE management between LLDP-MED endpoints and network connectivity devices. Advertise the extended power via MDI on all ports that are connected to an 802.3af powered, LLDP-MED endpoint device. • Power Type — there are two possible power types: power source entity (PSE) or power device (PD). The Dell Networking system is a PSE, which corresponds to a value of 0, based on the TIA-1057 specification.
Important Points to Remember • LLDP is enabled by default. • Dell Networking systems support up to eight neighbors per interface. • Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by eight exceeds the maximum, the system does not configure more than 8000. • INTERFACE level configurations override all CONFIGURATION level configurations. • LLDP is not hitless.
Enabling LLDP LLDP is enabled by default. Enable and disable LLDP globally or per interface. If you enable LLDP globally, all UP interfaces send periodic LLDPDUs. To enable LLDP, use the following command. 1. Enter Protocol LLDP mode. CONFIGURATION or INTERFACE mode protocol lldp 2. Enable LLDP. PROTOCOL LLDP mode no disable Disabling and Undoing LLDP To disable or undo LLDP, use the following command. • Disable LLDP globally or for an interface.
To advertise TLVs, use the following commands. 1. Enter LLDP mode. CONFIGURATION or INTERFACE mode protocol lldp 2. Advertise one or more TLVs. PROTOCOL LLDP mode advertise {dcbx-appln-tlv | dcbx-tlv | dot3-tlv | interface-port-desc | management-tlv | med } Include the keyword for each TLV you want to advertise. • For management TLVs: system-capabilities, system-description. • For 802.1 TLVs: port-protocol-vlan-id, port-vlan-id vlan-name. • For 802.3 TLVs: max-frame-size.
Viewing the LLDP Configuration To view the LLDP configuration, use the following command. • Display the LLDP configuration.
Example of Viewing Details Advertised by Neighbors R1#show lldp neighbors detail ======================================================================== Local Interface Gi 1/21 has 1 neighbor Total Frames Out: 6547 Total Frames In: 4136 Total Neighbor information Age outs: 0 Total Frames Discarded: 0 Total In Error Frames: 0 Total Unrecognized TLVs: 0 Total TLVs Discarded: 0 Next packet will be sent after 7 seconds The neighbors are given below: -------------------------------------------------------------
rx Rx only tx Tx only R1(conf-lldp)#mode tx R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description mode tx no disable R1(conf-lldp)#no mode R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)# Configuring
advertise management-tlv system-capabilities system-description mode tx no disable R1(conf-lldp)#no mode R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)# Configuring a Time to Live The information received from a neighbor expires after a specific amount of time (measured in seconds) called a time to live (TTL).
Debugging LLDP You can view the TLVs that your system is sending and receiving. To view the TLVs, use the following commands. • View a readable version of the TLVs. • debug lldp brief View a readable version of the TLVs plus a hexadecimal version of the entire LLDPDU. debug lldp detail Figure 78. The debug lldp detail Command — LLDPDU Packet Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802.1AB MIB objects.
• received and transmitted LLDP-MED TLVs Table 46. LLDP Configuration MIB Objects MIB Object Category LLDP Variable LLDP adminStatus Configuration Basic TLV Selection LLDP MIB Object Description lldpPortConfigAdminStatus Whether you enable the local LLDP agent for transmit, receive, or both. msgTxHold lldpMessageTxHoldMultiplie Multiplier value. r msgTxInterval lldpMessageTxInterval Transmit Interval value. rxInfoTTL lldpRxInfoTTL Time to live for received TLVs.
MIB Object Category LLDP Variable LLDP MIB Object statsTLVsUnrecognizedTota lldpStatsRxPortTLVsUnreco l gnizedTotal Description Total number of all TLVs the local agent does not recognize. Table 47.
TLV Type TLV Name TLV Variable management address System LLDP MIB Object Remote lldpRemManAddrSu btype Local lldpLocManAddr Remote lldpRemManAddr interface numbering Local subtype interface number OID lldpLocManAddrIfSu btype Remote lldpRemManAddrIfS ubtype Local lldpLocManAddrIfId Remote lldpRemManAddrIfId Local lldpLocManAddrOID Remote lldpRemManAddrOI D Table 48. LLDP 802.
TLV Type TLV Name TLV Variable VLAN name System LLDP MIB Object Remote lldpXdot1RemVlanN ame Local lldpXdot1LocVlanNa me Remote lldpXdot1RemVlanN ame Table 49.
TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object L2 Priority Local lldpXMedLocMediaP olicyPriority Remote lldpXMedRemMedia PolicyPriority Local lldpXMedLocMediaP olicyDscp Remote lldpXMedRemMedia PolicyDscp Local lldpXMedLocLocatio nSubtype Remote lldpXMedRemLocati onSubtype Local lldpXMedLocLocatio nInfo Remote lldpXMedRemLocati onInfo Local lldpXMedLocXPoED eviceType Remote lldpXMedRemXPoED eviceType Local lldpXMedLocXPoEPS EPowerSource DSCP Value 3 Location Ident
TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object Power Value Local lldpXMedLocXPoEPS EPortPowerAv lldpXMedLocXPoEP DPowerReq Remote lldpXMedRemXPoEP SEPowerAv lldpXMedRemXPoEP DPowerReq Link Layer Discovery Protocol (LLDP) 593
Microsoft Network Load Balancing 31 This functionality is supported on the S4820T platform. Network Load Balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems. NLB uses a distributed methodology or pattern to equally split and balance the network traffic load across a set of servers that are part of the cluster or group.
• With NLB feature enabled, after learning the NLB ARP entry, all the subsequent traffic is flooded on all ports in VLAN1. With NLB, the data frame is forwarded to all the servers for them to perform load-balancing. NLB Multicast Mode Scenario Consider a sample topology in which four servers, namely S1 through S4, are configured as a cluster or a farm. This set of servers is connected to a Layer 3 switch, which in turn is connected to the end-clients.
flooded out of all member ports. Since all the servers in the cluster receive traffic, failover and balancing are preserved. Enable and Disable VLAN Flooding • The older ARP entries are overwritten whenever newer NLB entries are learned. • All ARP entries, learned after the feature is enabled, are deleted when the feature is disabled, and RP2 triggers an ARP resolution. The feature is disabled with the no ip vlan-flooding command.
Multicast Source Discovery Protocol (MSDP) 32 Multicast source discovery protocol (MSDP) is supported on the S4820T platform. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context of MSDP is a contiguous set of routers operating PIM within a common boundary defined by an exterior gateway protocol, such as border gateway protocol (BGP).
Figure 79. Multicast Source Discovery Protocol (MSDP) RPs advertise each (S,G) in its domain in type, length, value (TLV) format. The total number of TLVs contained in the SA is indicated in the “Entry Count” field. SA messages are transmitted every 60 seconds, and immediately when a new source is detected. Figure 80.
Anycast RP Using MSDP, anycast RP provides load sharing and redundancy in PIM-SM networks. Anycast RP allows two or more rendezvous points (RPs) to share the load for source registration and the ability to act as hot backup routers for each other. Anycast RP allows you to configure two or more RPs with the same IP address on Loopback interfaces. The Anycast RP Loopback address are configured with a 32-bit mask, making it a host address.
• Accept Source-Active Messages that Fail the RFP Check • Specifying Source-Active Messages • Limiting the Source-Active Cache • Preventing MSDP from Caching a Local Source • Preventing MSDP from Caching a Remote Source • Preventing MSDP from Advertising a Local Source • Terminating a Peership • Clearing Peer Statistics • Debugging MSDP • MSDP with Anycast RP • MSDP Sample Configurations Figure 81.
Figure 82.
Figure 83.
Figure 84. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. 1. Enable MSDP. CONFIGURATION mode ip multicast-msdp 2. Peer PIM systems in different administrative domains.
Example of Configuring MSDP Example of Viewing Peer Information R3_E600(conf)#ip multicast-msdp R3_E600(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3_E600(conf)#do show ip msdp summary Peer Addr Description Local Addr State Source SA Up/Down To view details about a peer, use the show ip msdp peer command in EXEC privilege mode. Multicast sources in remote domains are stored on the RP in the source-active cache (SA cache).
Limiting the Source-Active Cache Set the upper limit of the number of active sources that the Dell Networking OS caches. The default active source limit is 500K messages. When the total number of active sources reaches the specified limit, subsequent active sources are dropped even if they pass the reverse path forwarding (RPF) and policy check. To limit the number of sources that SA cache stores, use the following command. • Limit the number of sources that can be stored in the SA cache.
Figure 85.
Figure 86.
Figure 87.
Figure 88. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command. • Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check. CONFIGURATION mode ip msdp default-peer ip-address list If you do not specify an access list, the peer accepts all sources that peer advertises. All sources from RPs that the ACL denies are subject to the normal RPF check.
Dell(conf)#ip access-list standard fifty Dell(conf)#seq 5 permit host 200.0.0.50 Dell#ip msdp sa-cache MSDP Source-Active Cache - 3 entries GroupAddr SourceAddr RPAddr LearnedFrom 229.0.50.2 24.0.50.2 200.0.0.50 10.0.50.2 229.0.50.3 24.0.50.3 200.0.0.50 10.0.50.2 229.0.50.4 24.0.50.4 200.0.0.50 10.0.50.2 Dell#ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 3 rejected SAs received, cache-size 32766 UpTime GroupAddr SourceAddr RPAddr 00:33:18 229.0.50.64 24.0.50.64 200.0.1.50 00:33:18 229.0.50.65 24.0.50.
Example of Verifying the System is not Caching Local Sources When you apply this filter, the SA cache is not affected immediately. When sources that are denied by the ACL time out, they are not refreshed. Until they time out, they continue to reside in the cache. To apply the redistribute filter to entries already present in the SA cache, first clear the SA cache. You may optionally store denied sources in the rejected SA cache. R1_E600(conf)#do show run msdp ! ip multicast-msdp ip msdp peer 192.168.0.
R3_E600(conf)#do show ip msdp sa-cache R3_E600(conf)# R3_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 0.0.0.0(639) Connect Source: Lo 0 State: Listening Up/Down Time: 00:01:19 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 0/0 SAs learned from this peer: 0 SA Filtering: Input (S,G) filter: myremotefilter Output (S,G) filter: none Preventing MSDP from Advertising a Local Source To prevent MSDP from advertising a local source, use the following command.
Logging Changes in Peership States To log changes in peership states, use the following command. • Log peership state changes. CONFIGURATION mode ip msdp log-adjacency-changes Terminating a Peership MSDP uses TCP as its transport protocol. In a peering relationship, the peer with the lower IP address initiates the TCP session, while the peer with the higher IP address listens on port 639. • Terminate the TCP connection with a peer.
Example of the clear ip msdp peer Command and Verifying Statistics are Cleared R3_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 192.168.0.3(639) Connect Source: Lo 0 State: Established Up/Down Time: 00:04:26 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 5/0 SAs learned from this peer: 0 SA Filtering: Input (S,G) filter: myremotefilter Output (S,G) filter: none R3_E600(conf)#do clear ip msdp peer 192.168.0.
technique is less effective as traffic increases because preemptive load balancing requires prior knowledge of traffic distributions. • lack of scalable register decasulation: With only a single RP per group, all joins are sent to that RP regardless of the topological distance between the RP, sources, and receivers, and data is transmitted to the RP until the SPT switch threshold is reached.
Configuring Anycast RP To configure anycast RP, use the following commands. 1. In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address. CONFIGURATION mode interface loopback 2. Make this address the RP for the group. CONFIGURATION mode ip pim rp-address 3. In each routing domain that has multiple RPs serving a group, create another Loopback interface on each RP serving the group with a unique IP address.
CONFIGURATION mode ip msdp originator-id Example of R1 Configuration for MSDP with Anycast RP Example of R2 Configuration for MSDP with Anycast RP Example of R3 Configuration for MSDP with Anycast RP ip multicast-routing ! interface GigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown ! interface GigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface GigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.
ip address 10.11.0.23/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! interface Loopback 1 ip address 192.168.0.22/32 no shutdown ! router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.22/32 area 0 redistribute static redistribute connected redistribute bgp 100 ! router bgp 100 redistribute ospf 1 neighbor 192.168.0.3 remote-as 200 neighbor 192.168.0.3 ebgp-multihop 255 neighbor 192.168.0.
neighbor 192.168.0.22 ebgp-multihop 255 neighbor 192.168.0.22 update-source Loopback 0 neighbor 192.168.0.22 no shutdown ! ip ip ip ip ! ip ip ! ip multicast-msdp msdp peer 192.168.0.11 connect-source Loopback 0 msdp peer 192.168.0.22 connect-source Loopback 0 msdp sa-filter out 192.168.0.22 route 192.168.0.1/32 10.11.0.23 route 192.168.0.22/32 10.11.0.23 pim rp-address 192.168.0.3 group-address 224.0.0.
interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.1/24 no shutdown ! interface GigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.1.21/24 no shutdown ! interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.0.23/24 no shutdown ! interface Loopback 0 ip address 192.168.0.2/32 no shutdown ! router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.
redistribute connected redistribute bgp 200 ! router bgp 200 redistribute ospf 1 neighbor 192.168.0.2 remote-as 100 neighbor 192.168.0.2 ebgp-multihop 255 neighbor 192.168.0.2 update-source Loopback 0 neighbor 192.168.0.2 no shutdown ! ip multicast-msdp ip msdp peer 192.168.0.1 connect-source Loopback 0 ! ip route 192.168.0.2/32 10.11.0.23 ip multicast-routing ! interface GigabitEthernet 4/1 ip pim sparse-mode ip address 10.11.5.1/24 no shutdown ! interface GigabitEthernet 4/22 ip address 10.10.42.
33 Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) is supported on the S4820T platform. Protocol Overview MSTP — specified in IEEE 802.1Q-2003 — is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves on per-VLAN spanning tree plus (PVST+). MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances.
Spanning Tree Variations The Dell Networking OS supports four variations of spanning tree, as shown in the following table. Table 50. Spanning Tree Variations Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w Multiple Spanning Tree Protocol (MSTP) 802 .1s Per-VLAN Spanning Tree Plus (PVST+) Third Party Implementation Information The following describes the MSTP implementation information.
• Prevent Network Disruptions with BPDU Guard • Enabling SNMP Traps for Root Elections and Topology Changes • Configuring Spanning Trees as Hitless Enable Multiple Spanning Tree Globally MSTP is not enabled by default. To enable MSTP globally, use the following commands. When you enable MSTP, all physical, VLAN, and port-channel interfaces that are enabled and in Layer 2 mode are automatically part of the MSTI 0. • Within an MSTI, only one path from any bridge to any other bridge is enabled.
msti Specify the keyword vlan then the VLANs that you want to participate in the MSTI. Example of the msti Command Example of Viewing Participating VLANs Example of Viewing Forward and Discard States of Participating Ports Dell(conf)#protocol spanning-tree mstp Dell(conf-mstp)#msti 1 vlan 100 Dell(conf-mstp)#msti 2 vlan 200-300 Dell(conf-mstp)#show config ! protocol spanning-tree mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200-300 All bridges in the MSTP region must have the same VLAN-to-instance mapping.
Number of transitions to forwarding state 1 BPDU (MRecords): sent 39291, received 7547 The port is not in the Edge port mode Influencing MSTP Root Selection MSTP determines the root bridge, but you can assign one bridge a lower priority to increase the probability that it becomes the root bridge. To change the bridge priority, use the following command. • Assign a number as the bridge priority.
Dell Networking OS equipment that participates in MSTP, ensure these values match on all the equipment. NOTE: Some non-Dell Networking OS equipment may implement a non-null default region name. SFTOS, for example, uses the Bridge ID, while others may use a MAC address. Changing the Region Name or Revision To change the region name or revision, use the following commands. • Change the region name. PROTOCOL MSTP mode • name name Change the region revision number.
To change the MSTP parameters, use the following commands on the root bridge. 1. Change the forward-delay parameter. PROTOCOL MSTP mode forward-delay seconds The range is from 4 to 30. The default is 15 seconds. 2. Change the hello-time parameter. PROTOCOL MSTP mode hello-time seconds NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. 3. Change the max-age parameter.
Modifying the Interface Parameters You can adjust two interface parameters to increase or decrease the probability that a port becomes a forwarding port. • • Port cost is a value that is based on the interface type. The greater the port cost, the less likely the port is selected to be a forwarding port. Port priority influences the likelihood that a port is selected to be a forwarding port in case that several ports have the same port cost.
you implement only bpduguard, although the interface is placed in an Error Disabled state when receiving the BPDU, the physical interface remains up and spanning-tree drops packets in the hardware after a BPDU violation. BPDUs are dropped in the software after receiving the BPDU violation. This feature is the same as PortFast mode in spanning tree. CAUTION: Configure EdgePort only on links connecting to an end station. EdgePort can cause loops if you enable it on an interface connected to a network.
To view the enable status of this feature, use the show running-config spanning-tree mstp command from EXEC Privilege mode. MSTP Sample Configurations The running-configurations support the topology shown in the following illustration. The configurations are from Dell Networking OS systems. Figure 91. MSTP with Three VLANs Mapped to Two Spanning Tree Instances Router 1 Running-Configuration This example uses the following steps: 1.
! (Step 3) interface Vlan 100 no ip address tagged GigabitEthernet 1/21,31 no shutdown ! interface Vlan 200 no ip address tagged GigabitEthernet 1/21,31 no shutdown ! interface Vlan 300 no ip address tagged GigabitEthernet 1/21,31 no shutdown Router 2 Running-Configuration This example uses the following steps: 1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2. Assign Layer-2 interfaces to the MSTP topology. 3.
Router 3 Running-Configuration This example uses the following steps: 1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2. Assign Layer-2 interfaces to the MSTP topology. 3. Create VLANs mapped to MSTP instances tag interfaces to the VLANs.
(Step 2) interface 1/0/31 no shutdown spanning-tree port mode enable switchport protected 0 exit interface 1/0/32 no shutdown spanning-tree port mode enable switchport protected 0 exit (Step 3) interface vlan 100 tagged 1/0/31 tagged 1/0/32 exit interface vlan 200 tagged 1/0/31 tagged 1/0/32 exit interface vlan 300 tagged 1/0/31 tagged 1/0/32 exit Debugging and Verifying MSTP Configurations To debut and verify MSTP configuration, use the following commands. • Display BPDUs.
• MSTP flags indicate communication received from the same region. – As shown in the following, the MSTP routers are located in the same region. – Does the debug log indicate that packets are coming from a “Different Region”? If so, one of the key parameters is not matching. • MSTP Region Name and Revision. – The configured name and revisions must be identical among all the routers.
4w0d4h : MSTP: Received BPDU on Gi 2/21 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x78Different Region (Indicates MSTP routers are in different regions and are not communicating with each other.) CIST Root Bridge Id: 32768:0001.e806.953e, Ext Path Cost: 0 Regional Bridge Id: 32768:0001.e806.953e, CIST Port Id: 128:470 Msg Age: 0, Max Age: 20, Hello: 2, Fwd Delay: 15, Ver1 Len: 0, Ver Name: Tahiti, Rev: 123, Int Root Path Cost: 0 Rem Hops: 20, Bridge Id: 32768:0001.e8d5.
Multicast Features 34 Multicast features are supported on the S4820T platform. NOTE: Multicast is supported on secondary IP addresses on the S4820T platform. NOTE: Multicast routing for IPv6 is not supported. The Dell Networking Operating System (OS) supports the following multicast protocols: • PIM Sparse-Mode (PIM-SM) • Internet Group Management Protocol (IGMP) • Multicast Source Discovery Protocol (MSDP) Enabling IP Multicast Enable IP multicast is supported on the S4820TS6000 platform.
Figure 92. Multicast with ECMP Implementation Information Because protocol control traffic in Dell Networking OS is redirected using the MAC address, and multicast control traffic and multicast data traffic might map to the same MAC address, Dell Networking OS might forward data traffic with certain MAC addresses to the CPU in addition to control traffic. As the upper5 bits of an IP Multicast address are dropped in the translation, 32 different multicast group IDs all map to the same Ethernet address.
Protocol Ethernet Address PIM-SM 01:00:5e:00:00:0d • The Dell Networking OS implementation of MTRACE is in accordance with IETF draft draft-fennertraceroute-ipm. • Multicast is not supported on secondary IP addresses. • Egress L3 ACL is not applied to multicast data traffic if you enable multicast routing. First Packet Forwarding for Lossless Multicast All initial multicast packets are forwarded to receivers to achieve lossless multicast.
• If the limit is decreased after it is reached, Dell Networking OS does not clear the existing sessions. Entries are cleared after a timeout (you may also clear entries using clear ip mroute). NOTE: Dell Networking OS waits at least 30 seconds between stopping and starting IGMP join processing. You may experience this delay when manipulating the limit after it is reached.
no access list limiting Receiver 1, so both IGMP reports are accepted, and two corresponding entries are created in the routing table. Figure 93. Preventing a Host from Joining a Group Table 52. Preventing a Host from Joining a Group — Description Location Description 1/21 • • • Multicast Features Interface GigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.12.
Location Description • no shutdown 1/31 • • • • Interface GigabitEthernet 1/31 ip pim sparse-mode ip address 10.11.13.1/24 no shutdown 2/1 • • • • Interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.1.1/24 no shutdown 2/11 • • • • Interface GigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.12.2/24 no shutdown 2/31 • • • • Interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.23.
Location Description • • ip igmp access-group igmpjoinfilR2G2 no shutdown Rate Limiting IGMP Join Requests If you expect a burst of IGMP Joins, protect the IGMP process from overload by limiting that rate at which new groups can be joined. Hosts whose IGMP requests are denied will use the retry mechanism built-in to IGMP so that they’re membership is delayed rather than permanently denied. • Limit the rate at which new groups can be joined.
Figure 94. Preventing a Source from Transmitting to a Group Table 53. Preventing a Source from Transmitting to a Group — Description Location Description 1/21 • • • • Interface GigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.12.1/24 no shutdown 1/31 • • • Interface GigabitEthernet 1/31 ip pim sparse-mode ip address 10.11.13.
Location Description • no shutdown 2/1 • • • • Interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.1.1/24 no shutdown 2/11 • • • • Interface GigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.12.2/24 no shutdown 2/31 • • • • Interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.23.1/24 no shutdown 3/1 • • • • Interface GigabitEthernet 3/1 ip pim sparse-mode ip address 10.11.5.
Preventing a PIM Router from Processing a Join To permit or deny PIM Join/Prune messages on an interface using an extended IP access list, use the following command. NOTE: Dell Networking recommends not using the ip pim join-filter command on an interface between a source and the RP router. Using this command in this scenario could cause problems with the PIM-SM source registration process resulting in excessive traffic being sent to the CPU of both the RP and PIM DR of the source.
Open Shortest Path First (OSPFv2 and OSPFv3) 35 Open shortest path first (OSPFv2 for IPv4) and OSPF version 3 (OSPF for IPv6) are supported on the S4820T platform. This chapter provides a general description of OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Dell Networking Operating System (OS). NOTE: The fundamental mechanisms of OSPF (flooding, DR election, area support, SPF calculations, and so on) are the same between OSPFv2 and OSPFv3.
Areas allow you to further organize your routers within in the AS. One or more areas are required within the AS. Areas are valuable in that they allow sub-networks to "hide" within the AS, thus minimizing the size of the routing tables on all routers. An area within the AS may not see the details of another area’s topology. AS areas are known by their area number or the router’s IP address. Figure 95. Autonomous System Areas Area Types The backbone of the network is Area 0. It is also called Area 0.0.0.
The backbone is the only area with a default area number. All other areas can have their Area ID assigned in the configuration. In the previous example, Routers A, B, C, G, H, and I are the Backbone. • A stub area (SA) does not receive external route information, except for the default route. These areas do receive information from inter-area (IA) routes. NOTE: Configure all routers within an assigned stub area as stubby, and not generate LSAs that do not apply.
Figure 96. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example. Area Border Router (ABR) Within an AS, an area border router (ABR) connects one or more areas to the backbone.
An ABR can connect to many areas in an AS, and is considered a member of each area it connects to. Autonomous System Border Router (ASBR) The autonomous system border area router (ASBR) connects to more than one AS and exchanges information with the routers in other ASs. Generally, the ASBR connects to a non-interior gate protocol (IGP) such as BGP or uses static routes.
available. An ABR floods the information for the router (for example, the ASBR where the Type 5 advertisement originated. The link-state ID for Type 4 LSAs is the router ID of the described ASBR). • Type 5: LSA — These LSAs contain information imported into OSPF from other routing processes. They are flooded to all areas, except stub areas. The link-state ID of the Type 5 LSA is the external network number.
Router Priority and Cost Router priority and cost is the method the system uses to “rate” the routers. For example, if not assigned, the system selects the router with the highest priority as the DR. The second highest priority is the BDR. • • Priority is a numbered rating 0 to 255. The higher the number, the higher the priority. Cost is a numbered rating 1 to 65535. The higher the number, the greater the cost. The cost assigned reflects the cost should the router fail.
Dell Networking OS supports stub areas, totally stub (no summary) and not so stubby areas (NSSAs) and supports the following LSAs, as described earlier.
• Helper-reject role in which OSPF does not participate in the graceful restart of a neighbor. OSPFv2 supports helper-only and restarting-only roles. By default, both helper and restarting roles are enabled. OSPFv2 supports the helper-reject role globally on a router. OSPFv3 supports helper-only and restarting-only roles. The helper-only role is enabled by default. To enable the restarting role in addition to the helper-only role, configure a grace period.
example, if you create five OSPFv2 processes on a system, there must be at least five interfaces assigned in Layer 3 mode. Each OSPFv2 process is independent. If one process loses adjacency, the other processes continue to function. Processing SNMP and Sending SNMP Traps Though there are may be several OSPFv2 processes, only one process can process simple network management protocol (SNMP) requests and send SNMP traps.
LSType:Type-5 AS External(5) Age:1 Seq:0x8000000c id:170.1.1.0 Adv:6.1.0.0 Netmask:255.255.255.0 fwd:0.0.0.0 E2, tos:0 metric:0 LSType:Type-5 AS External(5) Age:1 Seq:0x8000000c id:170.1.2.0 Adv:6.1.0.0 Netmask:255.255.255.0 fwd:0.0.0.0 E2, tos:0 metric:0 To confirm that you enabled RFC-2328–compliant OSPF flooding, use the show ip ospf command. Dell#show ip ospf Routing Process ospf 1 with ID 2.2.2.
Internet Address 20.0.0.1/24, Area 0 Process ID 10, Router ID 1.1.1.2, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 1.1.1.2, Interface address 30.0.0.1 Backup Designated Router (ID) 1.1.1.1, Interface address 30.0.0.2 Timer intervals configured, Hello 20, Dead 80, Wait 20, Retransmit 5 Hello due in 00:00:04 Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 1.1.1.
Enabling OSPFv2 To enable Layer 3 routing, assign an IP address to an interface (physical or Loopback). By default, OSPF, similar to all routing protocols, is disabled. You must configure at least one interface for Layer 3 before enabling OSPFv2 globally. If implementing multi-process OSPF, create an equal number of Layer 3 enabled interfaces and OSPF process IDs. For example, if you create four OSPFv2 process IDs, you must have four interfaces with Layer 3 enabled. 1. Assign an IP address to an interface.
• Disable OSPF. CONFIGURATION mode • no router ospf process-id Reset the OSPFv2 process. EXEC Privilege mode • clear ip ospf process-id View the current OSPFv2 status. EXEC mode show ip ospf process-id Example of Viewing the Current OSPFv2 Status Dell#show ip ospf 55555 Routing Process ospf 55555 with ID 10.10.10.
3. Return to CONFIGURATION mode to enable the OSPFv2 process globally. CONFIGURATION mode router ospf process-id [vrf] The range is from 0 to 65535. After the OSPF process and the VRF are tied together, the OSPF process ID cannot be used again in the system. If you try to enable more OSPF processes than available Layer 3 interfaces, the following message displays: C300(conf)#router ospf 1 % Error: No router ID available.
In the example below, an IP address is assigned to an interface and an OSPFv2 area is defined that includes the IP address of a Layer 3 interface. The first bold lines assign an IP address to a Layer 3 interface, and theno shutdown command ensures that the interface is UP. The second bold line assigns the IP address of an interface to an area.
Loopback interfaces also help the OSPF process. OSPF picks the highest interface address as the routerid and a Loopback interface address has a higher precedence than other interface addresses. Dell#show ip ospf 1 int GigabitEthernet 13/23 is up, line protocol is up Internet Address 10.168.0.1/24, Area 0.0.0.1 Process ID 1, Router ID 10.168.253.2, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State DROTHER, Priority 1 Designated Router (ID) 10.168.253.5, Interface address 10.168.0.
Example of the show ip ospf database database-summary Command To view which LSAs are transmitted, use the show ip ospf database process-id databasesummary command in EXEC Privilege mode. Dell#show ip ospf 34 database database-summary OSPF Router with ID (10.1.2.100) (Process ID 34) Area 2.2.2.2 3.3.3.3 Dell# ID Router Network S-Net S-ASBR Type-7 Subtotal 1 0 0 0 0 1 1 0 0 0 0 1 To view information on areas, use the show ip ospf process-id command in EXEC Privilege mode.
Example of Viewing Passive Interfaces When you configure a passive interface, the show ip ospf process-id interface command adds the words passive interface to indicate that the hello packets are not transmitted on that interface (shown in bold). Dell#show ip ospf 34 int GigabitEthernet 0/0 is up, line protocol is down Internet Address 10.1.2.100/24, Area 1.1.1.1 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DOWN, Priority 1 Designated Router (ID) 10.1.
NOTE: A higher convergence level can result in occasional loss of OSPF adjacency. Generally, convergence level 1 meets most convergence requirements. Only select higher convergence levels following consultation with Dell Technical Support. Example of the fast-converge Command Example of Disabling Fast-Convergence In the examples below, Convergence Level shows the fast-converge parameter setting and Min LSA origination shows the LSA parameters (shown in bold).
• The dead interval must be the same on all routers in the OSPF network. Change the time interval between hello-packet transmission. CONFIG-INTERFACE mode ip ospf hello-interval seconds – seconds: the range is from 1 to 65535 (the default is 10 seconds). • The hello interval must be the same on all routers in the OSPF network. Use the MD5 algorithm to produce a message digest or key, which is sent instead of the key.
The bold lines in the example show the change on the interface. The change is reflected in the OSPF configuration. Dell(conf-if)#ip ospf cost 45 Dell(conf-if)#show config ! interface GigabitEthernet 0/0 ip address 10.1.2.100 255.255.255.0 no shutdown ip ospf cost 45 Dell(conf-if)#end Dell#show ip ospf 34 interface GigabitEthernet 0/0 is up, line protocol is up Internet Address 10.1.2.100/24, Area 2.2.2.2 Process ID 34, Router ID 10.1.2.
Enabling OSPFv2 Graceful Restart Graceful restart is enabled for the global OSPF process. For more information, refer to Graceful Restart. The Dell Networking implementation of OSPFv2 graceful restart enables you to specify: • grace period — the length of time the graceful restart process can last before OSPF terminates it. • helper-reject neighbors — the router ID of each restart router that does not receive assistance from the configured router.
3. Configure the graceful restart role or roles that this OSPFv2 router performs. CONFIG-ROUTEROSPF- id mode graceful-restart role [helper-only | restart-only] Dell Networking OS supports the following options: • Helper-only: the OSPFv2 router supports graceful-restart only as a helper router. • Restart-only: the OSPFv2 router supports graceful-restart only during unplanned restarts. By default, OSPFv2 supports both restarting and helper roles.
seq sequence-number {deny |permit} ip-prefix [ge min-prefix-length] [le maxprefix-length] The optional parameters are: – ge min-prefix-length: is the minimum prefix length to match (from 0 to 32). – le max-prefix-length: is the maximum prefix length to match (from 0 to 32). For configuration information about prefix lists, refer to Access Control Lists (ACLs). Applying Prefix Lists To apply prefix lists to incoming or outgoing OSPF routes, use the following commands.
network 10.1.2.32 0.0.0.255 area 2.2.2.2 network 10.1.3.24 0.0.0.255 area 3.3.3.3 distribute-list dilling in Dell(conf-router_ospf)# Troubleshooting OSPFv2 Dell Networking OS has several tools to make troubleshooting easier. Be sure to check the following, as these questions represent typical issues that interrupt an OSPFv2 process. NOTE: The following is not a comprehensive list, just some examples of typical troubleshooting checks.
• View debug messages. EXEC Privilege mode debug ip ospf process-id [event | packet | spf | database-timers rate-limit] To view debug messages for a specific OSPF process ID, use the debug ip ospf process-id command. If you do not enter a process ID, the command applies to the first OSPF process. To view debug messages for a specific operation, enter one of the optional keywords: – event: view OSPF event messages. – packet: view OSPF packet information. – spf: view SPF information.
Figure 98. Basic Topology and CLI Commands for OSPFv2 OSPF Area 0 — Gl 1/1 and 1/2 router ospf 11111 network 10.0.11.0/24 area 0 network 10.0.12.0/24 area 0 network 192.168.100.0/24 area 0 ! interface GigabitEthernet 1/1 ip address 10.1.11.1/24 no shutdown ! interface GigabitEthernet 1/2 ip address 10.2.12.2/24 no shutdown ! interface Loopback 10 ip address 192.168.100.100/24 no shutdown OSPF Area 0 — Gl 3/1 and 3/2 router ospf 33333 network 192.168.100.0/24 area 0 network 10.0.13.0/24 area 0 network 10.
OSPF Area 0 — Gl 2/1 and 2/2 router ospf 22222 network 192.168.100.0/24 area 0 network 10.2.21.0/24 area 0 network 10.2.22.0/24 area 0 ! interface Loopback 20 ip address 192.168.100.20/24 no shutdown ! interface GigabitEthernet 2/1 ip address 10.2.21.2/24 no shutdown ! interface GigabitEthernet 2/2 ip address 10.2.22.2/24 no shutdown Configuration Task List for OSPFv3 (OSPF for IPv6) Open shortest path first version 3 (OSPF for IPv6) is supported on the S4820T platform.
Assigning IPv6 Addresses on an Interface To assign IPv6 addresses to an interface, use the following commands. 1. Assign an IPv6 address to the interface. CONF-INT-type slot/port mode ipv6 address ipv6 address IPv6 addresses are normally written as eight groups of four hexadecimal digits; separate each group by a colon (:). The format is A:B:C::F/128. 2. Bring up the interface.
– number: the IPv4 address. The format is A.B.C.D. NOTE: Enter the router-id for an OSPFv3 router as an IPv4 IP address. • Disable OSPF. CONFIGURATION mode • no ipv6 router ospf process-id Reset the OSPFv3 process. EXEC Privilege mode clear ipv6 ospf process Enter an example that illustrates the current task (optional). Enter the tasks the user should do after finishing this task (optional). Configuring Stub Areas To configure IPv6 stub areas, use the following command.
To indicate that hello packets are not transmitted on that interface, when you configure a passive interface, the show ipv6 ospf interface command adds the words passive interface. Redistributing Routes You can add routes from other routing instances or protocols to the OSPFv3 process. With the redistribute command, you can include RIP, static, or directly connected routes in the OSPF process. Route redistribution is also supported between OSPF Routing process IDs.
period command. The grace period is the time that the OSPFv3 neighbors continue to advertise the restarting router as though it is fully adjacent. When you enable graceful restart (restarting role), an OSPFv3 restarting expects its OSPFv3 neighbors to help when it restarts by not advertising the broken link. When you enable the helper-reject role on an interface using the ipv6 ospf graceful-restart helper-reject command, you reconfigure OSPFv3 graceful restart to function in a restarting-only role.
• Display the Type-11 Grace LSAs sent and received on an OSPFv3 router (shown in the following example). EXEC Privilege mode • show ipv6 ospf database grace-lsa Display the currently configured OSPFv3 parameters for graceful restart (shown in the following example).
Dell#show ipv6 ospf database grace-lsa ! Type-11 Grace LSA (Area 0) LS Age Link State ID Advertising Router LS Seq Number Checksum Length Associated Interface Restart Interval Restart Reason : : : : : : : : : 10 6.16.192.66 100.1.1.1 0x80000001 0x1DF1 36 Gi 5/3 180 Switch to Redundant Processor OSPFv3 Authentication Using IPsec OSPFv3 authentication using IP security (IPsec) is supported only on S4820T platform. OSPFv3 uses IPsec to provide authentication for OSPFv3 packets.
between the two mechanisms is the extent of the coverage. ESP only protects IP header fields if they are encapsulated by ESP. You decide the set of IPsec protocols that are employed for authentication and encryption and the ways in which they are employed. When you correctly implement and deploy IPsec, it does not adversely affect users or hosts. AH and ESP are designed to be cryptographic algorithm-independent.
– Configuring IPsec Authentication on an Interface – Configuring IPsec Encryption on an Interface – Configuring IPsec Authentication for an OSPFv3 Area – Configuring IPsec Encryption for an OSPFv3 Area – Displaying OSPFv3 IPsec Security Policies Configuring IPsec Authentication on an Interface To configure, remove, or display IPsec authentication on an interface, use the following commands.
NOTE: When you configure encryption using the ipv6 ospf encryption ipsec command, you enable both IPsec encryption and authentication. However, when you enable authentication on an interface using the ipv6 ospf authentication ipsec command, you do not enable encryption at the same time. The SPI value must be unique to one IPsec security policy (authentication or encryption) on the router. Configure the same authentication policy (the same SPI and key) on each OSPFv3 interface in a link.
If you have enabled IPSec encryption in an OSPFv3 area using the area encryption command, you cannot use the area authentication command in the area at the same time. The configuration of IPSec authentication on an interface-level takes precedence over an area-level configuration. If you remove an interface configuration, an area authentication policy that has been configured is applied to the interface. • Enable IPSec authentication for OSPFv3 packets in an area.
– area area-id: specifies the area for which OSPFv3 traffic is to be encrypted. For area-id, enter a number or an IPv6 prefix. – spi number: is the security policy index (SPI) value. The range is from 256 to 4294967295. – esp encryption-algorithm: specifies the encryption algorithm used with ESP. The valid values are 3DES, DES, AES-CBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. – key: specifies the text string used in the encryption.
Example of the show crypto ipsec policy Command Example of the show crypto ipsec sa ipv6 Command In the first example, the keys are not encrypted (shown in bold). In the second and third examples, the keys are encrypted (shown in bold).
outbound ah sas spi : 500 (0x1f4) transform : ah-md5-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE inbound esp sas outbound esp sas Interface: TenGigabitEthernet 0/1 Link Local address: fe80::201:e8ff:fe40:4d11 IPSecv6 policy name: OSPFv3-1-600 inbound ah sas outbound ah sas inbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE outbound esp sas spi : 600 (0x258) transform : esp-des
• show ipv6 routes Viewing Summary Information To get general route, configuration, links status, and debug information, use the following commands. • View the summary information of the IPv6 routes. EXEC Privilege mode • show ipv6 route summary View the summary information for the OSPFv3 database. EXEC Privilege mode • show ipv6 ospf database View the configuration of OSPFv3 neighbors. EXEC Privilege mode • show ipv6 ospf neighbor View debug messages for all OSPFv3 interfaces.
Policy-based Routing (PBR) 36 Policy-based Routing is supported on the S4820T platform. This chapter covers the following topics: • Overview • Implementing Policy-based Routing with Dell Networking OS • Configuration Task List for Policy-based Routing • Sample Configuration Overview Policy-based Routing (PBR) enables you to make routing decisions based on policies applied to a specific interface.
To enable a PBR, you create a Redirect List. Redirect lists are defined by rules, or routing policies.
Implementing Policy-based Routing with Dell Networking OS • Non-contiguous bitmasks for PBR • Hot-Lock PBR Non-contiguous bitmasks for PBR Non-contiguous bitmasks for PBR allows more granular and flexible control over routing policies. Network addresses that are in the middle of a subnet can be included or excluded. Specific bitmasks can be entered using the dotted decimal format. Non-contiguous bitmask example Dell#show ip redirect-list IP redirect-list rcl0: Defined as: seq 5 permit ip 200.200.200.
The following example creates a redirect list by the name of “xyz.” Dell(conf)#ip redirect-list ? WORD Redirect-list name (max 16 chars) Dell(conf)#ip redirect-list xyz Create a Rule for a Redirect-list Use the following command in CONFIGURATION REDIRECT-LIST mode to set the rules for the redirect list. You can enter the command multiple times and create a sequence of redirect rules. Use the seq nn redirect version of the command to organize your rules.
Dell(conf-redirect-list)#redirect 3.3.3.3 ? <0-255> An IP protocol number icmp Internet Control Message Protocol ip Any Internet Protocol tcp Transmission Control Protocol udp User Datagram Protocol Dell(conf-redirect-list)#redirect 3.3.3.3 ip ? A.B.C.D Source address any Any source host host A single source host Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 ? Mask A.B.C.D or /nn Mask in dotted decimal or in format Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.1 /32 ? A.B.C.
PBR Exceptions (Permit) Use the command permit to create an exception to a redirect list. Exceptions are used when a forwarding decision should be based on the routing table rather than a routing policy. Dell Networking OS assigns the first available sequence number to a rule configured without a sequence number and inserts the rule into the PBR CAM region next to the existing entries. Since the order of rules is important, ensure that you configure any necessary sequence numbers.
Applying a Redirect-list to an Interface Example: Dell(conf-if-te-4/0)#ip redirect-group xyz Dell(conf-if-te-4/0)# Applying a Redirect-list to an Interface Example: Dell(conf-if-te-1/0)#ip redirect-group test Dell(conf-if-te-1/0)#ip redirect-group xyz Dell(conf-if-te-1/0)#show config ! interface TenGigabitEthernet 1/0 no ip address ip redirect-group test ip redirect-group xyz shutdown Dell(conf-if-te-1/0)# In addition to supporting multiple redirect-lists in a redirect-group, multiple redirect-groups are su
NOTE: If, the redirect-list is applied to an interface, the output of show ip redirect-list redirect-listname command displays reachability and ARP status for the specified next-hop.
Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-3/23)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168.2.0/24 any EDGE_ROUTER(conf-redirect-list)# seq 15 permit ip any any EDGE_ROUTER(conf-redirect-list)#show config ! ip redirect-list GOLD description Route GOLD traffic to ISP_GOLD. seq 5 redirect 10.99.99.254 ip 192.
View Redirect-List GOLD EDGE_ROUTER#show ip redirect-list IP redirect-list GOLD: Defined as: seq 5 redirect 10.99.99.254 ip 192.168.1.0/24 any, Next-hop reachable (via Te 3/23), ARP resolved seq 10 redirect 10.99.99.254 ip 192.168.2.
PIM Sparse-Mode (PIM-SM) 37 Protocol-independent multicast sparse-mode (PIM-SM) is supported on the S4820T platform. PIM-SM is a multicast protocol that forwards multicast traffic to a subnet only after a request using a PIM Join message; this behavior is the opposite of PIM-Dense mode, which forwards multicast traffic to all subnets until a request to stop. Implementation Information Be aware of the following PIM-SM implementation information.
received becomes the outgoing interface associated with the (*,G) entry. This process constructs an RPT branch to the RP. 3. If a host on the same subnet as another multicast receiver sends an IGMP report for the same multicast group, the gateway takes no action.
Important Point to Remember If you use a Loopback interface with a /32 mask as the RP, you must enable PIM Sparse-mode on the interface. Configuring PIM-SM Configuring PIM-SM is a three-step process. 1. Enable multicast routing (refer to the following step). 2. Select a rendezvous point. 3. Enable PIM-SM on an interface. Enable multicast routing. CONFIGURATION mode ip multicast-routing Related Configuration Tasks The following are related PIM-SM configuration tasks.
189.87.31.6 Gi 7/11 189.87.50.6 Gi 7/13 Dell# 0x0 0x4 v2/S v2/S 0 1 30 30 1 1 127.87.31.6 127.87.50.6 NOTE: You can influence the selection of the Rendezvous Point by enabling PIM-Sparse mode on a Loopback interface and assigning a low IP address. To display PIM neighbors for each interface, use the show ip pim neighbor command EXEC Privilege mode. Dell#show ip Neighbor Address 127.87.5.5 127.87.3.5 127.87.50.
To configure a global expiry time or to configure the expiry time for a particular (S,G) entry, use the following commands. 1. Enable global expiry timer for S, G entries. CONFIGURATION mode ip pim sparse-mode sg-expiry-timer seconds The range is from 211 to 86,400 seconds. The default is 210. 2. Create an extended ACL. CONFIGURATION mode ip access-list extended access-list-name 3. Specify the source and group to which the timer is applied using extended ACLs with permit rules only.
Configuring a Static Rendezvous Point The rendezvous point (RP) is a PIM-enabled interface on a router that acts as the root a group-specific tree; every group must have an RP. • Identify an RP by the IP address of a PIM-enabled or Loopback interface. ip pim rp-address Example of Viewing an RP on a Loopback Interface Dell#sh run int loop0 ! interface Loopback 0 ip address 1.1.1.1/32 ip pim sparse-mode no shutdown Dell#sh run pim ! ip pim rp-address 1.1.1.1 group-address 224.0.0.
Configuring a Designated Router Multiple PIM-SM routers might be connected to a single local area network (LAN) segment. One of these routers is elected to act on behalf of directly connected hosts. This router is the designated router (DR). The DR is elected using hello messages. Each PIM router learns about its neighbors by periodically sending a hello message out of each PIM-enabled interface. Hello messages contain the IP address of the interface out of which it is sent and a DR priority value.
PIM Source-Specific Mode (PIM-SSM) 38 PIM source-specific mode (PIM-SSM) is supported on the platform. PIM-SSM is a multicast protocol that forwards multicast traffic from a single source to a subnet. In the other versions of protocol independent multicast (PIM), a receiver subscribes to a group only. The receiver receives traffic not just from the source in which it is interested but from all sources sending to that group.
Configure PIM-SMM Configuring PIM-SSM is a two-step process. 1. Configure PIM-SMM. 2. Enable PIM-SSM for a range of addresses. Related Configuration Tasks • Use PIM-SSM with IGMP Version 2 Hosts Enabling PIM-SSM To enable PIM-SSM, follow these steps. 1. Create an ACL that uses permit rules to specify what range of addresses should use SSM. CONFIGURATION mode ip access-list standard name 2. Enter the ip pim ssm-range command and specify the ACL you created.
• • • When you remove the mapping configuration, Dell Networking OS removes the corresponding (S,G) states that it created and re-establishes the original (*,G) states. You may enter multiple ssm-map commands for different access lists. You may also enter multiple ssm-map commands for the same access list, as long as they use different source addresses. When an extended ACL is associated with this command, Dell Networking OS displays an error message.
Interface Vlan 400 Group 239.0.0.1 Uptime 00:00:05 Expires Never Router mode INCLUDE Last reporter 10.11.4.2 Last reporter mode INCLUDE Last report received ALLOW Group source list Source address Uptime Expires 10.11.5.
39 Port Monitoring Port monitoring is supported on the S4820T platform. Mirroring is used for monitoring Ingress or Egress or both Ingress and Egress traffic on a specific port(s). This mirrored traffic can be sent to a port where a network sniffer can connect and monitor the traffic.
2 Te 0/0 Te 0/2 both Port N/A N/A Dell (conf-mon-sess-2)#do show running-config monitor session ! monitor session 1 source TenGigabitEthernet 0/0 destination TenGigabitEthernet 0/1 direction both ! monitor session 2 source TenGigabitEthernet 0/0 destination TenGigabitEthernet 0/2 direction both Dell (conf-mon-sess-2)# ! Port Monitoring The S4820T supports multiple source-destination statements in a monitor session. The maximum number of source ports that can be supported in a session is 128.
Dell(conf-mon-sess-300)#source TeGig 0/17 destination TeGig 0/1 direction tx Dell(conf-mon-sess-300)#do show mon session SessionID Source Destination Direction Mode Type --------- ------ ----------- --------- ------0 Te 0/13 Gi 0/1 rx interface Port-based 10 Te 0/14 Gi 0/2 rx interface Port-based 20 Te 0/15 Gi 0/3 rx interface Port-based 30 Te 0/16 Gi 0/37 rx interface Port-based 300 Te 0/17 Gi 0/1 tx interface Port-based In the example below, 0/25 and 0/26 belong to Port-pipe 1.
Configuring Port Monitoring To configure port monitoring, use the following commands. 1. Verify that the intended monitoring port has no configuration other than no shutdown, as shown in the following example. EXEC Privilege mode show interface 2. Create a monitoring session using the command monitor session from CONFIGURATION mode, as shown in the following example. CONFIGURATION mode monitor session monitor session type rpm/erpm type is an optional keyword, required only for rpm and erpm 3.
Note: Source as VLAN is achieved via Flow based mirroring. Please refer section Enabling Flow-Based Monitoring. In the following example, the host and server are exchanging traffic which passes through the uplink interface 1/1. Port 1/1 is the monitored port and port 1/42 is the destination port, which is configured to only monitor traffic received on tengigabitethernet 1/1 (host-originated traffic). Figure 100.
3. Apply the ACL to the monitored port. INTERFACE mode ip access-group access-list Example of the flow-based enable Command To view an access-list that you applied to an interface, use the show ip accounting access-list command from EXEC Privilege mode. Dell(conf)#monitor session 0 Dell(conf-mon-sess-0)#flow-based enable Dell(conf)#ip access-list ext testflow Dell(config-ext-nacl)#seq 5 permit icmp any any count bytes monitor Dell(config-ext-nacl)#seq 10 permit ip 102.1.1.
Remote Port Mirroring Example Remote port mirroring uses the analyzers shown in the aggregation network in Site A. The VLAN traffic on monitored links from the access network is tagged and assigned to a dedicated L2 VLAN. Monitored links are configured in two source sessions shown with orange and green circles. Each source session uses a separate reserved VLAN to transmit mirrored packets (mirrored source-session traffic is shown with an orange or green circle with a blue border).
• You can configure any switch in the network with source ports and destination ports, and allow it to function in an intermediate transport session for a reserved VLAN at the same time for multiple remote-port mirroring sessions. You can enable and disable individual mirroring sessions. • BPDU monitoring is not required to use remote port mirroring.
• By default, destination port sends the mirror traffic to the probe port by stripping off the rpm header. We can also configure the destination port to send the mirror traffic with the rpm header intact in the original mirror traffic.. • By default, ingress traffic on a destination port is dropped. Restrictions When you configure remote port mirroring, the following restrictions apply: • You can configure the same source port to be used in multiple source sessions.
R R 100 300 Active Active T Fo 0/44 T Fo 0/52 Configuring the Sample Remote Port Mirroring Remote port mirroring requires a source session (monitored ports on different source switches), a reserved tagged VLAN for transporting mirrored traffic (configured on source, intermediate, and destination switches), and a destination session (destination ports connected to analyzers on destination switches).
Dell(conf)#mac access-list standard mac_acl Dell(config-std-macl)#permit 00:00:00:00:11:22 count monitor Dell(config-std-macl)#exit Dell(conf)#interface vlan 100 Dell(conf-if-vl-100)#mac access-group mac_acl1 in Dell(conf-if-vl-100)#exit Dell(conf)#inte te 0/30 Dell(conf-if-te-0/30)#no shutdown Dell(conf-if-te-0/30)#switchport Dell(conf-if-te-0/30)#exit Dell(conf)#interface vlan 30 Dell(conf-if-vl-30)#mode remote-port-mirroring Dell(conf-if-vl-30)#tagged te 0/30 Dell(conf-if-vl-30)#exit Dell(conf)#interface
Dell(conf-if-vl-20)#mode remote-port-mirroring Dell(conf-if-vl-20)#tagged te 0/1 Dell(conf-if-vl-20)#exit Dell(conf)#interface vlan 30 Dell(conf-if-vl-30)#mode remote-port-mirroring Dell(conf-if-vl-30)#tagged te 0/2 Dell(conf-if-vl-30)#exit Dell(conf)#monitor session 1 type rpm Dell(conf-mon-sess-1)#source remote-vlan 10 dest te 0/3 Dell(conf-mon-sess-1)#exit Dell(conf)#monitor session 2 type rpm Dell(conf-mon-sess-2)#source remote-vlan 20 destination te 0/4 Dell(conf-mon-sess-2)#tagged destination te 0/4 D
5. Show the output for the LACP. Dell#show interfaces port-channel brief Codes: L - LACP Port-channel O - OpenFlow Controller Port-channel LAG L1 L2 Dell# Mode L3 L2 Status up up Uptime 00:01:17 00:00:58 Ports Te 0/44 Te 0/45 (Up) (Up) Configuring the Encapsulated Remote Port Mirroring The ERPM session copies traffic from the source ports/lags or source VLANs and forwards the traffic using routable GRE-encapsulated packets to the destination ip address specified in the session.
4 direction Specify rx, tx or both in case to monitor ingress/egress or both ingress and egress packets on the specified port.. 5 erpm source-ip dest-ip Specify the source ip address and the destination ip where the packet needs to be sent. 6 flow-based enable Specify flow-based enable for mirroring on a flow by flow basis and also for vlan as source. 7 no enable (Optional) No disable command is mandatory in order for a erpm session to be active.
ERPM Behavior on a typical Dell Networking OS The Dell Networking OS is designed to support only the Encapsulation of the data received / transmitted at the specified source port (Port A). An ERPM destination session / decapsulation of the ERPM packets at the destination Switch are not supported. As seen in the above figure, the packets received/transmitted on Port A will be encapsulated with an IP/GRE header plus a new L2 header and sent to the destination ip address (Port D’s ip address) on the sniffer.
39th byte in a given ERPM packet. The first 38/42 bytes of the header needs to be ignored/ chopped off. – Some tools support options to edit the capture file. We can make use of such features (for example: editcap ) and chop the ERPM header part and save it to a new trace file. This new file (i.e. the original mirrored packet) can be converted back into stream and fed to any egress interface. b.
Private VLANs (PVLAN) 40 The private VLAN (PVLAN) feature is supported on the S4820T platform. For syntax details about the commands described in this chapter, refer to the Private VLANs commands chapter in the Dell Networking OS Command Line Reference Guide. Private VLANs extend the Dell Networking OS security suite by providing Layer 2 isolation between ports within the same virtual local area network (VLAN).
– A primary VLAN has one or more secondary VLANs. – A primary VLAN and each of its secondary VLANs decrement the available number of VLAN IDs in the switch. – A primary VLAN has one or more promiscuous ports. – A primary VLAN might have one or more trunk ports, or none. • Secondary VLAN — a subdomain of the primary VLAN. – There are two types of secondary VLAN — community VLAN and isolated VLAN.
INTERFACE VLAN mode • [no] private-vlan mapping secondary-vlan vlan-list Display type and status of PVLAN interfaces. EXEC mode or EXEC Privilege mode • show interfaces private-vlan [interface interface] Display PVLANs and/or interfaces that are part of a PVLAN. EXEC mode or EXEC Privilege mode • show vlan private-vlan [community | interface | isolated | primary | primary_vlan | interface interface] Display primary-secondary VLAN mapping.
4. Select the PVLAN mode. INTERFACE mode switchport mode private-vlan {host | promiscuous | trunk} • host (isolated or community VLAN port) • promiscuous (intra-VLAN communication port) • trunk (inter-switch PVLAN hub port) Example of the switchport mode private-vlan Command For interface details, refer to Enabling a Physical Interface in the Interfaces chapter. NOTE: You cannot add interfaces that are configured as PVLAN ports to regular VLANs.
4. Map secondary VLANs to the selected primary VLAN. INTERFACE VLAN mode private-vlan mapping secondary-vlan vlan-list The list of secondary VLANs can be: 5. • Specified in comma-delimited (VLAN-ID,VLAN-ID) or hyphenated-range format (VLAN-IDVLAN-ID). • Specified with this command even before they have been created. • Amended by specifying the new secondary VLAN to be added to the list. Add promiscuous ports as tagged or untagged interfaces.
4. Add one or more host ports to the VLAN. INTERFACE VLAN mode tagged interface or untagged interface You can enter the interfaces singly or in range format, either comma-delimited (slot/ port,port,port) or hyphenated (slot/ port-port). You can only add host (isolated) ports to the VLAN. Creating an Isolated VLAN An isolated VLAN is a secondary VLAN of a primary VLAN. An isolated VLAN port can only talk with the promiscuous ports in that primary VLAN. 1.
Dell(conf-vlan-100)# private-vlan mode isolated Dell(conf-vlan-100)# untagged Gi 2/2 Private VLAN Configuration Example The following example shows a private VLAN topology. Figure 101. Sample Private VLAN Topology The following configuration is based on the example diagram for the C300–1: • Gi 0/0 and Gi 23 are configured as promiscuous ports, assigned to the primary VLAN, VLAN 4000. • Gi 0/25 is configured as a PVLAN trunk port, also assigned to the primary VLAN 4000.
• The ports in isolated VLAN 4003 can only communicate with the promiscuous ports in the primary VLAN 4000. • All the ports in the secondary VLANs (both community and isolated VLANs) can only communicate with ports in the other secondary VLANs of that PVLAN over Layer 3, and only when the ip localproxy-arp command is invoked in the primary VLAN.
• The following examples show the results of using this command without the command options on the C300 and S50V switches in the topology diagram previously shown. Display the primary-secondary VLAN mapping. The following example shows the output from the S50V. show vlan private-vlan mapping This command is specific to the PVLAN feature.
no ip address switchport switchport mode private-vlan promiscuous no shutdown ! interface GigabitEthernet 0/4 no ip address switchport switchport mode private-vlan host no shutdown ! interface GigabitEthernet 0/5 no ip address switchport switchport mode private-vlan host no shutdown ! interface GigabitEthernet 0/6 no ip address switchport switchport mode private-vlan host no shutdown ! interface GigabitEthernet 0/25 no ip address switchport switchport mode private-vlan trunk no shutdown ! interface Vlan 40
Per-VLAN Spanning Tree Plus (PVST+) 41 Per-VLAN spanning tree plus (PVST+) is supported on the S4820T platform. Protocol Overview PVST+ is a variation of spanning tree — developed by a third party — that allows you to configure a separate spanning tree instance for each virtual local area network (VLAN). For more information about spanning tree, refer to the Spanning Tree Protocol (STP) chapter. Figure 102.
Table 54. Spanning Tree Variations Dell Networking OS Supports Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w Multiple Spanning Tree Protocol (MSTP) 802 .1s Per-VLAN Spanning Tree Plus (PVST+) Third Party Implementation Information • The Dell Networking OS implementation of PVST+ is based on IEEE Standard 802.1w. • The Dell Networking OS implementation of PVST+ uses IEEE 802.
Enabling PVST+ When you enable PVST+, Dell Networking OS instantiates STP on each active VLAN. 1. Enter PVST context. PROTOCOL PVST mode protocol spanning-tree pvst 2. Enable PVST+. PROTOCOL PVST mode no disable Disabling PVST+ To disable PVST+ globally or on an interface, use the following commands. • Disable PVST+ globally. PROTOCOL PVST mode • disable Disable PVST+ on an interface, or remove a PVST+ parameter configuration.
Figure 103. Load Balancing with PVST+ The bridge with the bridge value for bridge priority is elected root. Because all bridges use the default priority (until configured otherwise), the lowest MAC address is used as a tie-breaker. To increase the likelihood that a bridge is selected as the STP root, assign bridges a low non-default value for bridge priority. To assign a bridge priority, use the following command. • Assign a bridge priority.
Root Identifier has priority 4096, Address 0001.e80d.b6d6 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 4096, Address 0001.e80d.b6d6 Configured hello time 2, max age 20, forward delay 15 We are the root of VLAN 100 Current root has priority 4096, Address 0001.e80d.b6d6 Number of topology changes 5, last change occurred 00:34:37 ago on Gi 1/32 Port 375 (GigabitEthernet 1/22) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.
PROTOCOL PVST mode vlan max-age The range is from 6 to 40. The default is 20 seconds. The values for global PVST+ parameters are given in the output of the show spanning-tree pvst command. Modifying Interface PVST+ Parameters You can adjust two interface parameters (port cost and port priority) to increase or decrease the probability that a port becomes a forwarding port. • Port cost — a value that is based on the interface type.
The range is from 0 to 240, in increments of 16. The default is 128. The values for interface PVST+ parameters are given in the output of the show spanning-tree pvst command, as previously shown. Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner. In this mode an interface forwards frames by default until it receives a BPDU that indicates that it should behave otherwise; it does not go through the Learning and Listening states.
PVST+ in Multi-Vendor Networks Some non-Dell Networking systems which have hybrid ports participating in PVST+ transmit two kinds of BPDUs: an 802.1D BPDU and an untagged PVST+ BPDU. Dell Networking systems do not expect PVST+ BPDU (tagged or untagged) on an untagged port. If this situation occurs, Dell Networking OS places the port in an Error-Disable state. This behavior might result in the network not converging.
Example of Viewing the Extend System ID in a PVST+ Configuration Dell(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.73f7 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32773 (priority 32768 sys-id-ext 5), Address 0001.e832.
no ip address switchport no shutdown ! interface Vlan 100 no ip address tagged GigabitEthernet 2/12,32 no shutdown ! interface Vlan 200 no ip address tagged GigabitEthernet 2/12,32 no shutdown ! interface Vlan 300 no ip address tagged GigabitEthernet 2/12,32 no shutdown ! protocol spanning-tree pvst no disable vlan 200 bridge-priority 4096 interface GigabitEthernet 3/12 no ip address switchport no shutdown ! interface GigabitEthernet 3/22 no ip address switchport no shutdown ! interface Vlan 100 no ip addr
Quality of Service (QoS) 42 Quality of service (QoS) is supported on the S4820T platform. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 56.
Feature Direction Configure a Scheduler to Queue Egress Specify WRED Drop Precedence Egress Create Policy Maps Ingress + Egress Create Input Policy Maps Ingress Honor DSCP Values on Ingress Packets Ingress Honoring dot1p Values on Ingress Packets Ingress Create Output Policy Maps Egress Specify an Aggregate QoS Policy Egress Create Output Policy Maps Egress Enabling QoS Rate Adjustment Enabling StrictPriority Queueing Weighted Random Early Detection Egress Create WRED Profiles Egress
Figure 105. Dell Networking QoS Architecture Implementation Information The Dell Networking QoS implementation complies with IEEE 802.1p User Priority Bits for QoS Indication.
• Configuring Port-Based Rate Policing • Configuring Port-Based Rate Shaping Setting dot1p Priorities for Incoming Traffic Dell Networking OS places traffic marked with a priority in a queue based on the following table. If you set a dot1p priority for a port-channel, all port-channel members are configured with the same value. You cannot assign a dot1p value to an individual interface in a port-channel. Table 57.
Example of Configuring an Interface to Honor dot1p Priorities on Ingress Traffic Dell#config t Dell(conf)#interface tengigabitethernet 1/0 Dell(conf-if)#service-class dynamic dot1p Dell(conf-if)#end Dell# Priority-Tagged Frames on the Default VLAN Priority-tagged frames on the default VLAN is available on the S4820T platform. Priority-tagged frames are 802.1Q tagged frames with VLAN ID 0. For VLAN classification, these packets are treated as untagged.
• rate shape Apply rate shaping to a queue. QoS Policy mode Rate-shape Example of rate shape Command Dell#config Dell(conf)#interface tengigabitethernet 1/0 Dell(conf-if)#rate shape 500 50 Dell(conf-if)#end Dell# Policy-Based QoS Configurations Policy-based QoS configurations consist of the components shown in the following example. Figure 106.
Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to each class. For both class maps, Layer 2 and Layer 3, Dell Networking OS matches packets against match criteria in the order that you configure them. Creating a Layer 3 Class Map A Layer 3 class map differentiates ingress packets based on the DSCP value or IP precedence, and characteristics defined in an IP ACL.
Dell(conf)#interface gig 1/0 Dell(conf-if-gi-1/0)#service-policy input pmap Creating a Layer 2 Class Map All class maps are Layer 3 by default; however, you can create a Layer 2 class map by specifying the layer2 option with the class-map command. A Layer 2 class map differentiates traffic according to 802.1p value and/or VLAN and/or characteristics defined in a MAC ACL.. Use Step 1 or Step 2 to start creating a Layer 2 class map. 1. Create a match-any class map. CONFIGURATION mode class-map match-any 2.
The order can range from 0 to 254. By default, all ACL rules have an order of 255. Displaying Configured Class Maps and Match Criteria To display all class-maps or a specific class map, use the following command. Dell Networking OS Behavior: An explicit “deny any" rule in a Layer 3 ACL used in a (match any or match all) class-map creates a "default to Queue 0" entry in the CAM, which causes unintended traffic classification. In the following example, traffic is classified in two Queues, 1 and 2.
Create a QoS Policy There are two types of QoS policies — input and output. Input QoS policies regulate Layer 3 and Layer 2 ingress traffic. The regulation mechanisms for input QoS policies are rate policing and setting priority values. Output QoS policies regulate egress traffic. The regulation mechanisms for output QoS policies are rate limiting, rate shaping, and WRED.
Creating an Output QoS Policy To create an output QoS policy, use the following commands. 1. Create an output QoS policy. CONFIGURATION mode qos-policy-output 2. After you configure an output QoS policy, do one or more of the following: Scheduler Strict — Policy-based Strict-priority Queueing configuration is done through scheduler strict. It is applied to Qos-policy-output. When scheduler strict is applied to multiple Queues, high queue number takes precedence.
Create Policy Maps There are two types of policy maps: input and output. Creating Input Policy Maps There are two types of input policy-maps: Layer 3 and Layer 2. 1. Create a Layer 3 input policy map. CONFIGURATION mode policy-map-input Create a Layer 2 input policy map by specifying the keyword layer2 with the policy-map-input command. 2.
Table 59.
Mapping dot1p Values to Service Queues All traffic is by default mapped to the same queue, Queue 0. If you honor dot1p on ingress, you can create service classes based the queueing strategy in Honoring dot1p Values on Ingress Packets. You may apply this queuing strategy globally by entering the following command from CONFIGURATION mode. • All dot1p traffic is mapped to Queue 0 unless you enable service-class dynamic dot1p on an interface or globally.
Creating Output Policy Maps Creating output policy maps is supported on the S4820T platform. 1. Create an output policy map. CONFIGURATION mode policy-map-output 2. After you create an output policy map, do one or more of the following: Applying an Output QoS Policy to a Queue Specifying an Aggregate QoS Policy Applying an Output Policy Map to an Interface 3. Apply the policy map to an interface.
• Start frame delimiter (SFD): 1 byte • Destination MAC address: 6 bytes • Source MAC address: 6 bytes • Ethernet Type/Length: 2 bytes • Payload: (variable) • Cyclic redundancy check (CRC): 4 bytes • Inter-frame gap (IFG): (variable) You can optionally include overhead fields in rate metering calculations by enabling QoS rate adjustment. QoS rate adjustment is disabled by default. • Specify the number of bytes of packet overhead to include in rate limiting, policing, and shaping calculations.
WRED uses a profile to specify minimum and maximum threshold values. The minimum threshold is the allotted buffer space for specified traffic, for example, 1000KB on egress. If the 1000KB is consumed, packets are dropped randomly at an exponential rate until the maximum threshold is reached (as shown in the following illustration); this procedure is the “early detection” part of WRED.
Creating WRED Profiles To create WRED profiles, use the following commands. 1. Create a WRED profile. CONFIGURATION mode wred-profile 2. Specify the minimum and maximum threshold values. WRED mode threshold Applying a WRED Profile to Traffic After you create a WRED profile, you must specify to which traffic Dell Networking OS should apply the profile. Dell Networking OS assigns a color (also called drop precedence) — red, yellow, or green — to each packet based on it DSCP value before queuing it.
Displaying WRED Drop Statistics To display WRED drop statistics, use the following command. • Display the number of packets Dell Networking OS the WRED profile drops.
• Available CAM — the available number of CAM entries in the specified CAM partition for the specified line card or stack-unit port-pipe. • Estimated CAM — the estimated number of CAM entries that the policy will consume when it is applied to an interface. • Status — indicates whether the specified policy-map can be completely applied to an interface in the port-pipe.
achieved. Also, the devices can respond to congestion before a queue overflows and packets are dropped, enabling improved queue management. When a packet reaches the device with ECN enabled for WRED, the average queue size is computed. To measure the average queue size, a weight factor is used. This weight factor is user-configurable. You can use the wred weight number command to configure the weight for the WRED average queue size.
The following table describes the WRED and ECN operations that occur for various scenarios of WRED and ECN configuration on the queue and service pool. (X denotes not-applicable in the table, 1 indicates that the setting is enabled, 0 represents a disabled setting. ) Table 62.
To configure the weight factor for WRED and ECN capabilities, global buffer pools for multiple queues, and associating a service class with ECN marking, perform the following: 1. Configure the weight factor for the computation of average-queue size. This weight value applies to front-end ports. QOS-POLICY-OUT mode Dell(conf-qos-policy-out)#wred—profile weight number 2. Configure a WRED profile, and specify the threshold and maximum drop rate.
Classifying Layer 2 Traffic on Layer 3 Interfaces To process Layer 3 packets that contain Dot1p — (IEEE 802.1p) Packet classification (Layer 2 headers), configure VLAN tags on a physical Layer 3 interface (that is configured with an IP address and is not associated with any VLAN). You can also configure a VLAN subinterface over a physical underlying interface and classify packets using the dot1p value.
queue. When you link class maps to queues using the service-queue command, Dell Networking OS matches the class-maps according to queue priority (queue numbers closer to 0 have lower priorities). To create IP VLAN and DSCP values as match criteria in a Layer 3 class map, and to associate the class map with a policy map that is linked to a service queue, perform the following: 1.
Routing Information Protocol (RIP) 43 Routing information protocol (RIP) is supported on the S4820T platform. RIP is based on a distance-vector algorithm; it tracks distances or hop counts to nearby routers when establishing network connections. RIP protocol standards are listed in the Standards Compliance chapter. Protocol Overview RIP is the oldest interior gateway protocol. There are two versions of RIP: RIP version 1 (RIPv1) and RIP version 2 (RIPv2).
Implementation Information Dell Networking OS supports both versions of RIP and allows you to configure one version globally and the other version on interfaces or both versions on the interfaces. The following table lists the defaults for RIP in Dell Networking OS. Table 63.
Enabling RIP Globally By default, RIP is not enabled in Dell Networking OS. To enable RIP globally, use the following commands. 1. Enter ROUTER RIP mode and enable the RIP process on Dell Networking OS. CONFIGURATION mode router rip 2. Assign an IP network address as a RIP network to exchange routing information.
29.0.0.0/8 31.0.0.0/8 [120/1] via 31.0.0.0/8 192.162.2.0/24 [120/1] via 192.162.2.0/24 192.161.1.0/24 [120/1] via 192.161.1.0/24 192.162.3.0/24 [120/1] via 192.162.3.0/24 auto-summary 29.10.10.12, 00:00:26, Fa 0/0 auto-summary 29.10.10.12, 00:01:21, Fa 0/0 auto-summary 29.10.10.12, 00:00:27, Fa 0/0 auto-summary 29.10.10.12, 00:01:22, Fa 0/0 auto-summary To disable RIP globally, use the no router rip command in CONFIGURATION mode.
• Assign a configured prefix list to all incoming RIP routes. ROUTER RIP mode • distribute-list prefix-list-name in Assign a configured prefix list to all outgoing RIP routes. ROUTER RIP mode distribute-list prefix-list-name out To view the current RIP configuration, use the show running-config command in EXEC mode or the show config command in ROUTER RIP mode.
Setting the Send and Receive Version To change the RIP version globally or on an interface in Dell Networking OS, use the following command. To specify the RIP version, use the version command in ROUTER RIP mode. To set an interface to receive only one or the other version, use the ip rip send version or the ip rip receive version commands in INTERFACE mode. You can set one RIP version globally on the system using system.
Dell# To configure an interface to receive or send both versions of RIP, include 1 and 2 in the command syntax. The command syntax for sending both RIPv1 and RIPv2 and receiving only RIPv2 is shown in the following example. Dell(conf-if)#ip rip send version 1 2 Dell(conf-if)#ip rip receive version 2 The following example of the show ip protocols command confirms that both versions are sent out that interface.
Summarize Routes Routes in the RIPv2 routing table are summarized by default, thus reducing the size of the routing table and improving routing efficiency in large networks. By default, the autosummary command in ROUTER RIP mode is enabled and summarizes RIP routes up to the classful network boundary. If you must perform routing between discontiguous subnets, disable automatic summarization. With automatic route summarization disabled, subnets are advertised.
– interface: the type, slot, and number of an interface. To view the configuration changes, use the show config command in ROUTER RIP mode. Debugging RIP The debug ip rip command enables RIP debugging. When you enable debugging, you can view information on RIP protocol changes or RIP routes. To enable RIP debugging, use the following command. • debug ip rip [interface | database | events | trigger] EXEC privilege mode Enable debugging of RIP.
RIP Configuration on Core2 The following example shows how to configure RIPv2 on a host named Core2. Example of Configuring RIPv2 on Core 2 Core2(conf-if-gi-2/31)# Core2(conf-if-gi-2/31)#router rip Core2(conf-router_rip)#ver 2 Core2(conf-router_rip)#network 10.200.10.0 Core2(conf-router_rip)#network 10.300.10.0 Core2(conf-router_rip)#network 10.11.10.0 Core2(conf-router_rip)#network 10.11.20.0 Core2(conf-router_rip)#show config ! router rip network 10.0.0.
> - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ----------- ------- ----------- ----------C 10.11.10.0/24 Direct, Gi 2/11 0/0 00:02:26 C 10.11.20.0/24 Direct, Gi 2/31 0/0 00:02:02 R 10.11.30.0/24 via 10.11.20.1, Gi 2/31 120/1 00:01:20 C 10.200.10.0/24 Direct, Gi 2/41 0/0 00:03:03 C 10.300.10.0/24 Direct, Gi 2/42 0/0 00:02:42 R 192.168.1.0/24 via 10.11.20.1, Gi 2/31 120/1 00:01:20 R 192.168.2.0/24 via 10.11.20.
network 192.168.1.0 network 192.168.2.0 version 2 Core3(conf-router_rip)# Core 3 RIP Output The examples in this section show the core 2 RIP output. • To display Core 3 RIP database, use the show ip rip database command. • To display Core 3 RIP setup, use the show ip route command. • To display Core 3 RIP activity, use the show ip protocols command.
Sending updates every 30 seconds, next due in 6 Invalid after 180 seconds, hold down 180, flushed after 240 Output delay 8 milliseconds between packets Automatic network summarization is in effect Outgoing filter for all interfaces is Incoming filter for all interfaces is Default redistribution metric is 1 Default version control: receive version 2, send version 2 Interface Recv Send GigabitEthernet 3/21 2 2 GigabitEthernet 3/11 2 2 GigabitEthernet 3/44 2 2 GigabitEthernet 3/43 2 2 Routing for Networks: 10.
no shutdown ! interface GigabitEthernet 3/43 ip address 192.168.1.1/24 no shutdown ! interface GigabitEthernet 3/44 ip address 192.168.2.1/24 no shutdown ! router rip version 2 network 10.11.20.0 network 10.11.30.0 network 192.168.1.0 network 192.168.2.
Remote Monitoring (RMON) 44 Remote monitoring (RMON) is supported on the S4820T platform. RMON is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet interfaces. RMON operates with the simple network management protocol (SNMP) and monitors all nodes on a local area network (LAN) segment.
• • long as the master RPM had been running long enough to sample all the data. NMS backs up all the long-term data collection and displays the failover downtime from the performance graph. Chassis Down — When a chassis goes down, all sampled data is lost. But the RMON configurations are saved in the configuration file. The sampling process continues after the chassis returns to operation. Platform Adaptation — RMON supports all Dell Networking chassis and all Dell Networking Ethernet interfaces.
The following example configures RMON alarm number 10. The alarm monitors the MIB variable 1.3.6.1.2.1.2.2.1.20.1 (ifEntry.ifOutErrors) once every 20 seconds until the alarm is disabled, and checks the rise or fall of the variable. The alarm is triggered when the 1.3.6.1.2.1.2.2.1.20.1 value shows a MIB counter increase of 15 or more (such as from 100000 to 100015). The alarm then triggers event number 1, which is configured with the RMON event command. Possible events include a log entry or an SNMP trap.
– controlEntry: specifies the RMON group of statistics using a value. – integer: a value from 1 to 65,535 that identifies the RMON Statistics Table. The value must be unique in the RMON Statistic Table. – owner: (Optional) specifies the name of the owner of the RMON group of statistics. – ownername: (Optional) records the name of the owner of the RMON group of statistics. The default is a null-terminated string.
Rapid Spanning Tree Protocol (RSTP) 45 Rapid spanning tree protocol (RSTP) is supported on the S4820T platform. Protocol Overview RSTP is a Layer 2 protocol — specified by IEEE 802.1w — that is essentially the same as spanning-tree protocol (STP) but provides faster convergence and interoperability with switches configured with STP and multiple spanning tree protocol (MSTP). The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 64.
Important Points to Remember • RSTP is disabled by default. • Dell Networking OS supports only one Rapid Spanning Tree (RST) instance. • All interfaces in virtual local area networks (VLANs) and all enabled interfaces in Layer 2 mode are automatically added to the RST topology. • Adding a group of ports to a range of VLANs sends multiple messages to the rapid spanning tree protocol (RSTP) task, avoid using the range command.
3. Enable the interface. INTERFACE mode no shutdown Example of Verifying an Interface is in Layer 2 Mode and Enabled To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. The bold lines indicate that the interface is in Layer 2 mode.
Figure 109. Rapid Spanning Tree Enabled Globally To view the interfaces participating in RSTP, use the show spanning-tree rstp command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. Dell#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15, max hops 0 Bridge Identifier has priority 32768, Address 0001.e801.
Number of transitions to forwarding state 1 BPDU : sent 121, received 2 The port is not in the Edge port mode Port 379 (GigabitEthernet 2/3) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.379 Designated root has priority 32768, address 0001.e801.cbb4 Designated bridge has priority 32768, address 0001.e801.cbb4 Designated port id is 128.
Modifying Global Parameters You can modify RSTP parameters. The root bridge sets the values for forward-delay, hello-time, and max-age and overwrites the values set on other bridges participating in the Rapid Spanning Tree group. • Forward-delay — the amount of time an interface waits in the Listening state and the Learning state before it transitions to the Forwarding state. • Hello-time — the time interval in which the bridge sends RSTP BPDUs.
NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. • The default is 2 seconds. Change the max-age parameter. PROTOCOL SPANNING TREE RSTP mode max-age seconds The range is from 6 to 40. The default is 20 seconds. To view the current values for global parameters, use the show spanning-tree rstp command from EXEC privilege mode.
To view the current values for interface parameters, use the show spanning-tree rstp command from EXEC privilege mode. Enabling SNMP Traps for Root Elections and Topology Changes To enable SNMP traps collectively, use this command. Enable SNMP traps for RSTP, MSTP, and PVST+ collectively. snmp-server enable traps xstp Influencing RSTP Root Selection RSTP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it is selected as the root bridge.
• If the interface to be shut down is a port channel, all the member ports are disabled in the hardware. • When you add a physical port to a port channel already in the Error Disable state, the new member port is also disabled in the hardware. • When you remove a physical port from a port channel in the Error Disable state, the error disabled state is cleared on this physical port (the physical port is enabled in the hardware).
The range is from 50 to 950 milliseconds. Example of Verifying Hello-Time Interval Dell(conf-rstp)#do show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 0001.e811.2233 Root Bridge hello time 50 ms, max age 20, forward delay 15 Bridge ID Priority 0, Address 0001.e811.2233 We are the root Configured hello time 50 ms, max age 20, forward delay 15 NOTE: The hello time is encoded in BPDUs in increments of 1/256ths of a second.
Software-Defined Networking (SDN) 46 Dell Networking operating software supports Software-Defined Networking (SDN). For more information, refer to the SDN Deployment Guide.
Security 47 Security features are supported on the S4820T platform. This chapter describes several ways to provide security to the Dell Networking system. For details about all the commands described in this chapter, refer to the Security chapter in the Dell Networking OS Command Reference Guide. AAA Accounting Accounting, authentication, and authorization (AAA) accounting is part of the AAA security model.
– system: sends accounting information of any other AAA configuration. – exec: sends accounting information when a user has logged in to EXEC mode. – command level: sends accounting of commands executed at the specified privilege level. – default | name: enter the name of a list of accounting methods. – start-stop: use for more accounting information, to send a start-accounting notice at the beginning of the requested event and a stop-accounting notice at the end.
accounting commands 15 com15 accounting exec execAcct Example of Enabling AAA Accounting with a Named Method List Dell(config-line-vty)# accounting commands 15 com15 Dell(config-line-vty)# accounting exec execAcct Monitoring AAA Accounting Dell Networking OS does not support periodic interim accounting because the periodic command can cause heavy congestion when many users are logged in to the network. No specific show command exists for TACACS+ accounting.
NOTE: In the release 9.4.(0.0), RADIUS and TACACS servers support VRF-awareness functionality. You can create RADIUS and TACACS groups and then map multiple servers to a group. The group to which you map multiple servers is bound to a single VRF. Configuration Task List for AAA Authentication The following sections provide the configuration tasks.
3. Assign a method-list-name or the default list to the terminal line. LINE mode login authentication {method-list-name | default} To view the configuration, use the show config command in LINE mode or the show runningconfig in EXEC Privilege mode. NOTE: Dell Networking recommends using the none method only as a backup. This method does not authenticate users. The none and enable methods do not work with secure shell (SSH). You can create multiple method lists and assign them to different terminal lines.
Dell(config)# aaa authentication enable default radius tacacs Radius and TACACS server has to be properly setup for this. Dell(config)# radius-server host x.x.x.x key Dell(config)# tacacs-server host x.x.x.x key To use local authentication for enable secret on the console, while using remote authentication on VTY lines, issue the following commands.
After you configure other privilege levels, enter those levels by adding the level parameter after the enable command or by configuring a user name or password that corresponds to the privilege level. For more information about configuring user names, refer to Configuring a Username and Password. By default, commands in Dell Networking OS are assigned to different privilege levels. You can access those commands only if you have access to that privilege level.
enable command, then the privilege level. If you do not enter a privilege level, the default level 15 is assumed. To configure a password for a specific privilege level, use the following command. • Configure a password for a privilege level. CONFIGURATION mode enable password [level level] [encryption-mode] password Configure the optional and required parameters: – level level: Specify a level from 0 to 15. Level 15 includes all levels. – encryption-type: Enter 0 for plain text or 7 for encrypted text.
To assign commands and passwords to a custom privilege level, use the following commands. You must be in privilege level 15. 1. Assign a user name and password. CONFIGURATION mode username name [access-class access-list-name] [privilege level] [nopassword | password [encryption-type] password] Configure the optional and required parameters: • • • • • • 2. name: enter a text string (up to 63 characters). access-class access-list-name: enter the name of a configured IP ACL.
Line 2: All other users are assigned a password to access privilege level 8. Line 3: The configure command is assigned to privilege level 8 because it needs to reach CONFIGURATION mode where the snmp-server commands are located. Line 4: The snmp-server commands, in CONFIGURATION mode, are assigned to privilege level 8.
To specify a password for the terminal line, use the following commands. • Configure a custom privilege level for the terminal lines. LINE mode privilege level level • – level level: The range is from 0 to 15. Levels 0, 1, and 15 are pre-configured. Levels 2 to 14 are available for custom configuration. Specify either a plain text or encrypted password.
6. Enter the following commands at the Grub command line prompt (grub>). set stconfigignore=true save_env stconfigignore reboot 7. The Z9000 system boots up with factory default configuration. The default Dell> system prompt displays when the system boots. 8. Copy the startup-config into the running-config. 9. To display the content of the startup-config, remove the previous authentication configuration and set the new authentication parameters. The rest of the previous configuration is preserved.
If an error occurs in the transmission or reception of RADIUS packets, you can view the error by enabling the debug radius command. Transactions between the RADIUS server and the client are encrypted (the users’ passwords are not sent in plain text). RADIUS uses UDP as the transport protocol between the RADIUS server host and the client. For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service.
• Set a privilege level. privilege level Configuration Task List for RADIUS To authenticate users using RADIUS, you must specify at least one RADIUS server so that the system can communicate with and configure RADIUS as one of your authentication methods. The following list includes the configuration tasks for RADIUS.
CONFIGURATION mode • line {aux 0 | console 0 | vty number [end-number]} Enable AAA login authentication for the specified RADIUS method list. LINE mode login authentication {method-list-name | default} • This procedure is mandatory if you are not using default lists. To use the method list.
To delete a RADIUS server host, use the no radius-server host {hostname | ip-address} command. Setting Global Communication Parameters for all RADIUS Server Hosts You can configure global communication parameters (auth-port, key, retransmit, and timeout parameters) and specific host communication parameters on the same system. However, if you configure both global and specific host parameters, the specific host parameters override the global parameters for that RADIUS server host.
TACACS+ Dell Networking OS supports terminal access controller access control system (TACACS+ client, including support for login authentication. Configuration Task List for TACACS+ The following list includes the configuration task for TACACS+ functions.
Example of a Failed Authentication To view the configuration, use the show config in LINE mode or the show running-config tacacs + command in EXEC Privilege mode. If authentication fails using the primary method, Dell Networking OS employs the second method (or third method, if necessary) automatically. For example, if the TACACS+ server is reachable, but the server key is invalid, Dell Networking OS proceeds to the next authentication method.
Example of Specifying a TACACS+ Server Host Dell(conf)# Dell(conf)#aaa authentication login tacacsmethod tacacs+ Dell(conf)#aaa authentication exec tacacsauthorization tacacs+ Dell(conf)#tacacs-server host 25.1.1.2 key Force Dell(conf)# Dell(conf)#line vty 0 9 Dell(config-line-vty)#login authentication tacacsmethod Dell(config-line-vty)#end Specifying a TACACS+ Server Host To specify a TACACS+ server host and configure its communication parameters, use the following command.
Command Authorization The AAA command authorization feature configures Dell Networking OS to send each configuration command to a TACACS server for authorization before it is added to the running configuration. By default, the AAA authorization commands configure the system to check both EXEC mode and CONFIGURATION mode commands. Use the no aaa authorization config-commands command to enable only EXEC mode command checking.
• Display SSH connection information. EXEC Privilege mode show ip ssh Specifying an SSH Version The following example uses the ip ssh server version 2 command to enable SSH version 2 and the show ip ssh command to confirm the setting. Dell(conf)#ip ssh server version 2 Dell(conf)#do show ip ssh SSH server : disabled. SSH server version : v2. Password Authentication : enabled. Hostbased Authentication : disabled. RSA Authentication : disabled.
• ip ssh key-size: configure the size of the server-generated RSA SSHv1 key. • ip ssh password-authentication enable: enable password authentication for the SSH server. • ip ssh pub-key-file: specify the file the host-based authentication uses. • ip ssh rhostsfile: specify the rhost file the host-based authorization uses. • ip ssh rsa-authentication enable: enable RSA authentication for the SSHv2 server. • ip ssh rsa-authentication: add keys for the RSA authentication.
Example of Enabling SSH Password Authentication To view your SSH configuration, use the show ip ssh command from EXEC Privilege mode. Dell(conf)#ip ssh server enable % Please wait while SSH Daemon initializes ... done. Dell(conf)#ip ssh password-authentication enable Dell#sh ip ssh SSH server : enabled. Password Authentication : enabled. Hostbased Authentication : disabled. RSA Authentication : disabled.
3. Create a list of IP addresses and usernames that are permitted to SSH in a file called rhosts. Refer to the second example. 4. Copy the file shosts and rhosts to the Dell Networking system. 5. Disable password authentication and RSA authentication, if configured CONFIGURATION mode or EXEC Privilege mode no ip ssh password-authentication or no ip ssh rsa-authentication 6. Enable host-based authentication. CONFIGURATION mode ip ssh hostbased-authentication enable 7.
ssh ip_address Example of Client-Based SSH Authentication Dell#ssh 10.16.127.201 ? -l User name option -p SSH server port option (default 22) -v SSH protocol version Troubleshooting SSH To troubleshoot SSH, use the following information. You may not bind id_rsa.pub to RSA authentication while logged in via the console. In this case, this message displays:%Error: No username set for this term. Enable host-based authentication on the server (Dell Networking system) and the client (Unix machine).
Authentication Method VTY access-class support? Username access-class support? Remote authorization support? RADIUS YES NO YES (with Dell Networking OS version 6.1.1.0 and later) Dell Networking OS provides several ways to configure access classes for VTY lines, including: • VTY Line Local Authentication and Authorization • VTY Line Remote Authentication and Authorization VTY Line Local Authentication and Authorization Dell Networking OS retrieves the access class from the local database.
VTY Line Remote Authentication and Authorization Dell Networking OS retrieves the access class from the VTY line. The Dell Networking OS takes the access class from the VTY line and applies it to ALL users. Dell Networking OS does not need to know the identity of the incoming user and can immediately apply the access class. If the authentication method is RADIUS, TACACS+, or line, and you have configured an access class for the VTY line, Dell Networking OS immediately applies it.
Service Provider Bridging 48 Service provider bridging is supported on the S4820T platform. VLAN Stacking Virtual local area network (VLAN) stacking is supported on the S4820T platform. VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad — Provider Bridges, which is an amendment to IEEE 802.1Q — Virtual Bridged Local Area Networks. It enables service providers to use 802.
Figure 110. VLAN Stacking in a Service Provider Network Important Points to Remember • Interfaces that are members of the Default VLAN and are configured as VLAN-Stack access or trunk ports do not switch untagged traffic. To switch traffic, add these interfaces to a non-default VLANStack-enabled VLAN. • Dell Networking cautions against using the same MAC address on different customer VLANs, on the same VLAN-Stack VLAN.
Configure VLAN Stacking Configuring VLAN-Stacking is a three-step process. 1. Creating Access and Trunk Ports 2. Assign access and trunk ports to a VLAN (Creating Access and Trunk Ports). 3. Enabling VLAN-Stacking for a VLAN.
interface GigabitEthernet 7/12 no ip address switchport vlan-stack trunk no shutdown Enable VLAN-Stacking for a VLAN To enable VLAN-Stacking for a VLAN, use the following command. • Enable VLAN-Stacking for the VLAN. INTERFACE VLAN mode vlan-stack compatible Example of Viewing VLAN Stack Member Status To display the status and members of a VLAN, use the show vlan command from EXEC Privilege mode. Members of a VLAN-Stacking-enabled VLAN are marked with an M in column Q.
To configure trunk ports, use the following commands. 1. Configure a trunk port to carry untagged, single-tagged, and double-tagged traffic by making it a hybrid port. INTERFACE mode portmode hybrid NOTE: You can add a trunk port to an 802.1Q VLAN as well as a Stacking VLAN only when the TPID 0x8100. 2. Add the port to a 802.1Q VLAN as tagged or untagged.
Example of Debugging a VLAN and its Ports The port notations are as follows: • MT — stacked trunk • MU — stacked access port • T — 802.1Q trunk port • U — 802.
untagged traffic and maps each to the appropriate VLAN, as shown by the packet originating from Building A. Therefore, a mismatched TPID results in the port not differentiating between tagged and untagged traffic. Figure 111.
Figure 112.
Figure 113. Single and Double-Tag TPID Mismatch The following table details the outcome of matched and mismatched TPIDs in a VLAN-stacking network with the S-Series. Table 67. Behaviors for Mismatched TPID Network Position Incoming Packet TPID System TPID Match Type Pre-Version 8.2.1.0 Version 8.2.1.
Network Position Core Egress Access Point Incoming Packet TPID System TPID Match Type Pre-Version 8.2.1.0 Version 8.2.1.
• Make packets eligible for dropping based on their DEI value. CONFIGURATION mode dei enable By default, packets are colored green, and DEI is marked 0 on egress. Honoring the Incoming DEI Value To honor the incoming DEI value, you must explicitly map the DEI bit to an Dell Networking OS drop precedence. Precedence can have one of three colors. Precedence Description Green High-priority packets that are the least preferred to be dropped. Yellow Lower-priority packets that are treated as best-effort.
Example of Viewing DEI-Marking Configuration To display the DEI-marking configuration, use the show interface dei-mark [interface slot/ port | linecard number port-set number] in EXEC Privilege mode.
configuration, the queue selected by Dynamic Mode CoS takes precedence. However, rate policing for the queue is determined by QoS configuration. For example, the following access-port configuration maps all traffic to Queue 0: vlan-stack dot1p-mapping c-tag-dot1p 0-7 sp-tag-dot1p 1 However, if the following QoS configuration also exists on the interface, traffic is queued to Queue 0 but is policed at 40Mbps (qos-policy-input for queue 3) because class-map "a" of Queue 3 also matches the traffic.
Mapping C-Tag to S-Tag dot1p Values To map C-Tag dot1p values to S-Tag dot1p values and mark the frames accordingly, use the following commands. 1. Allocate CAM space to enable queuing frames according to the C-Tag or the S-Tag. CONFIGURATION mode cam-acl l2acl number ipv4acl number ipv6acl number ipv4qos number l2qos number l2pt number ipmacacl number ecfmacl number {vman-qos | vman-qos-dualfp} number • vman-qos: mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p.
Figure 115. VLAN Stacking without L2PT You might need to transport control traffic transparently through the intermediate network to the other region. Layer 2 protocol tunneling enables BPDUs to traverse the intermediate network by identifying frames with the Bridge Group Address, rewriting the destination MAC to a user-configured non-reserved address, and forwarding the frames.
the intermediate network because only Dell Networking OS could recognize the significance of the destination MAC address and rewrite it to the original Bridge Group Address. In Dell Networking OS version 8.2.1.0 and later, the L2PT MAC address is user-configurable, so you can specify an address that non-Dell Networking systems can recognize and rewrite the address at egress edge. Figure 116. VLAN Stacking with L2PT Implementation Information • L2PT is available for STP, RSTP, MSTP, and PVST+ BPDUs.
Enabling Layer 2 Protocol Tunneling To enable Layer 2 protocol tunneling, use the following command. 1. Verify that the system is running the default CAM profile. Use this CAM profile for L2PT. EXEC Privilege mode show cam-profile 2. Enable protocol tunneling globally on the system. CONFIGURATION mode protocol-tunnel enable 3. Tunnel BPDUs the VLAN.
4. Set a maximum rate at which the RPM processes BPDUs for L2PT. VLAN STACKING mode protocol-tunnel rate-limit The default is: no rate limiting. The range is from 64 to 320 kbps. Debugging Layer 2 Protocol Tunneling To debug Layer 2 protocol tunneling, use the following command. • Display debugging information for L2PT. EXEC Privilege mode debug protocol-tunnel Provider Backbone Bridging IEEE 802.1ad—Provider Bridges amends 802.
sFlow 49 Configuring sFlow is supported on the S4820T platform. Overview The Dell Networking Operating System (OS) supports sFlow version 5. sFlow is a standard-based sampling technology embedded within switches and routers which is used to monitor network traffic. It is designed to provide traffic monitoring for high-speed networks with many switches and routers. sFlow uses two types of sampling: • Statistical packet-based sampling of switched or routed packet flows.
Important Points to Remember • The Dell Networking OS implementation of the sFlow MIB supports sFlow configuration via snmpset. • Dell Networking recommends the sFlow Collector be connected to the Dell Networking chassis through a line card port rather than the route processor module (RPM) management Ethernet port. • Dell Networking OS exports all sFlow packets to the collector. A small sampling rate can equate to many exported packets.
Collector IP addr: 10.10.10.3, Agent IP addr: 10.10.0.
Example of Viewing sFlow Configuration (Global) The first bold line indicates sFlow is globally enabled. The second bold lines indicate sFlow is enabled on linecards Gi 1/16 and Gi 1/17 Dell#show sflow sFlow services are enabled Global default sampling rate: 32768 Global default counter polling interval: 20 1 collectors configured Collector IP addr: 133.33.33.53, Agent IP addr: 133.33.33.
show sflow stack—unit slot-number Example of Viewing sFlow Configuration (Line Card) Dell#show sflow stack-unit 1 stack-unit 1 Samples rcvd from h/w Samples dropped for sub-sampling Total UDP packets exported UDP packets exported via RPM UDP packets dropped :165 :69 :77 :77 : Configuring Specify Collectors The sflow collector command allows identification of sFlow collectors to which sFlow datagrams are forwarded. You can specify up to two sFlow collectors.
sampling-rate until the CPU condition is cleared. This is as per sFlow version 5 draft. After the back-off changes the sample-rate, you must manually change the sampling rate to the desired value. As a result of back-off, the actual sampling-rate of an interface may differ from its configured sampling rate. You can view the actual sampling-rate of the interface and the configured sample-rate by using the show sflow command.
Dell#show sflow sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 20 Global extended information enabled: none 0 collectors configured 0 UDP packets exported 0 UDP packets dropped 0 sFlow samples collected 0 sFlow samples dropped due to sub-sampling Important Points to Remember • To export extended-gateway data, BGP must learn the IP destination address.
IP SA IP DA srcAS and srcPeerAS dstAS and dstPeerAS Description source and destination IP addresses are learned by different routing protocols, and for cases where is source is reachable over ECMP. BGP 862 BGP Exported Exported Extended gateway data is packed.
50 Simple Network Management Protocol (SNMP) Simple network management protocol (SNMP) is supported on the S4820T platform. NOTE: On Dell Networking routers, standard and private SNMP management information bases (MIBs) are supported, including all Get and a limited number of Set operations (such as set vlan and copy cmd). Protocol Overview Network management stations use SNMP to retrieve or alter management data from network elements.
Configuration mode. When the FIPS mode is enabled on the system, SNMPv3 operates in a FIPScompliant manner, and only the FIPS-approved algorithm options are available for SNMPv3 user configuration. When the FIPS mode is disabled on the system, all options are available for SNMPv3 user configuration.
Configuration Task List for SNMP Configuring SNMP version 1 or version 2 requires a single step. NOTE: The configurations in this chapter use a UNIX environment with net-snmp version 5.4. This environment is only one of many RFC-compliant SNMP utilities you can use to manage your Dell Networking system using SNMP. Also, these configurations use SNMP version 2c. • Creating a Community Configuring SNMP version 3 requires configuring SNMP users in one of three methods.
Creating a Community For SNMPv1 and SNMPv2, create a community to enable the community-based security in Dell Networking OS. The management station generates requests to either retrieve or alter the value of a management object and is called the SNMP manager. A network element that processes SNMP requests is called an SNMP agent. An SNMP community is a group of SNMP agents and managers that are allowed to interact.
CONFIGURATION mode • snmp-server group group-name 3 noauth auth read name write name Configure an SNMPv3 view. CONFIGURATION mode snmp-server view view-name oid-tree {included | excluded} NOTE: To give a user read and write view privileges, repeat this step for each privilege type. • Configure the user with an authorization password (password privileges only). CONFIGURATION mode • snmp-server user name group-name 3 noauth auth md5 auth-password Configure an SNMP group (password privileges only).
There are several UNIX SNMP commands that read data. • Read the value of a single managed object. • snmpget -v version -c community agent-ip {identifier.instance | descriptor.instance} Read the value of the managed object directly below the specified object. • snmpgetnext -v version -c community agent-ip {identifier.instance | descriptor.instance} Read the value of many objects at once. snmpwalk -v version -c community agent-ip {identifier.instance | descriptor.
Configuring Contact and Location Information using SNMP You may configure system contact and location information from the Dell Networking system or from the management station using SNMP. To configure system contact and location information from the Dell Networking system and from the management station using SNMP, use the following commands. • (From a Dell Networking system) Identify the system manager along with this person’s contact information (for example, an email address or phone number).
Subscribing to Managed Object Value Updates using SNMP By default, the Dell Networking system displays some unsolicited SNMP messages (traps) upon certain events and conditions. You can also configure the system to send the traps to a management station. Traps cannot be saved on the system. Dell Networking OS supports the following three sets of traps: • • • RFC 1157-defined traps — coldStart, warmStart, linkDown, linkUp, authenticationFailure, and egpNeighbborLoss.
snmp coldstart snmp linkdown snmp linkup SNMP_COLD_START: Agent Initialized - SNMP COLD_START. SNMP_WARM_START:Agent Initialized - SNMP WARM_START. PORT_LINKDN:changed interface state to down:%d PORT_LINKUP:changed interface state to up:%d Enabling a Subset of SNMP Traps You can enable a subset of Dell Networking enterprise-specific SNMP traps using one of the following listed command options. To enable a subset of Dell Networking enterprise-specific SNMP traps, use the following command.
envmon fan FAN_TRAY_BAD: Major alarm: fantray %d is missing or down FAN_TRAY_OK: Major alarm cleared: fan tray %d present FAN_BAD: Minor alarm: some fans in fan tray %d are down FAN_OK: Minor alarm cleared: all fans in fan tray %d are good vlt Enable VLT traps. vrrp Enable VRRP state change traps xstp %SPANMGR-5-STP_NEW_ROOT: New Spanning Tree Root, Bridge ID Priority 32768, Address 0001.e801.fc35.
Copy Configuration Files Using SNMP To do the following, use SNMP from a remote client. • copy the running-config file to the startup-config file • copy configuration files from the Dell Networking system to a server • copy configuration files from a server to the Dell Networking system You can perform all of these tasks using IPv4 or IPv6 addresses. The examples in this section use IPv4 addresses; however, you can substitute IPv6 addresses for the IPv4 addresses in all of the examples.
MIB Object OID Object Values Description copyDestFileType . 1.3.6.1.4.1.6027.3.5.1.1.1. 1.5 1 = Dell Networking OS file Specifies the type of file to copy to. 2 = running-config • 3 = startup-config • copyDestFileLocation . 1.3.6.1.4.1.6027.3.5.1.1.1. 1.6 1 = flash If copySourceFileType is running-config or startup-config, the default copyDestFileLocatio n is flash. If copyDestFileType is a binary, you must specify copyDestFileLocatio n and copyDestFileName.
Copying a Configuration File To copy a configuration file, use the following commands. NOTE: In UNIX, enter the snmpset command for help using the following commands. Place the f10-copy-config.mib file in the directory from which you are executing the snmpset command or in the snmpset tool path. 1. Create an SNMP community string with read/write privileges. CONFIGURATION mode snmp-server community community-name rw 2. Copy the f10-copy-config.
• Copy the running-config to the startup-config from the UNIX machine. snmpset -v 2c -c public force10system-ip-address copySrcFileType.index i 2 copyDestFileType.index i 3 Example of Copying Configuration Files (Using MIB Object Names) Example of Copying Configuration Files (Using OIDs) The following examples show the command syntax using MIB object names and the same command using the object OIDs. In both cases, a unique index number follows the object. > snmpset -v 2c -r 0 -t 60 -c private -m .
Copying the Startup-Config Files to the Server via FTP To copy the startup-config to the server via FTP from the UNIX machine, use the following command. Copy the startup-config to the server via FTP from the UNIX machine. snmpset -v 2c -c public -m ./f10-copy-config.mib force10system-ip-address copySrcFileType.index i 2 copyDestFileName.index s filepath/filename copyDestFileLocation.index i 4 copyServerAddress.index a server-ip-address copyUserName.index s server-login-id copyUserPassword.
s filepath/filename copyDestFileType.index i 3 copyServerAddress.index a server-ip-address copyUserName.index s server-login-id copyUserPassword.index s server-login-password Example of Copying a Binary File From the Server to the Startup-Configuration via FTP > snmpset -v 2c -c private -m ./f10-copy-config.mib 10.10.10.10 copySrcFileType. 10 i 1 copySrcFileLocation.10 i 4 copyDestFileType.10 i 3 copySrcFileName.10 s /home/ myfilename copyServerAddress.10 a 172.16.1.56 copyUserName.
Obtaining a Value for MIB Objects To obtain a value for any of the MIB objects, use the following command. • Get a copy-config MIB object value. snmpset -v 2c -c public -m ./f10-copy-config.mib force10system-ip-address [OID.index | mib-object.index] index: the index value used in the snmpset command used to complete the copy operation. NOTE: You can use the entire OID rather than the object name. Use the form: OID.index.
Assigning a VLAN Alias Write a character string to the dot1qVlanStaticName object to assign a name to a VLAN. Example of Assigning a VLAN Alias using SNMP [Unix system output] > snmpset -v2c -c mycommunity 10.11.131.185 . 1.3.6.1.2.1.17.7.1.4.3.1.1.1107787786 s "My VLAN" SNMPv2-SMI::mib-2.17.7.1.4.3.1.1.
• Seven hex pairs represent a stack unit. Seven pairs accommodate the greatest number of ports available — 64 ports on the S4820T. On the S4820T, the last stack unit begins on the 66th bit. The first hex pair, 00 in the previous example, represents ports 1 to 7 in Stack Unit 0. The next pair to the right represents ports 8 to 15. To resolve the hex pair into a representation of the individual ports, convert the hex pair to binary.
Example of Adding an Untagged Port to a VLAN using SNMP Example of Adding a Tagged Port to a VLAN using SNMP >snmpset -v2c -c mycommunity 10.11.131.185 . 1.3.6.1.2.1.17.7.1.4.3.1.2.1107787786 x "40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" .1.3.6.1.2.1.17.7.1.4.3.1.4.
The following OIDs are configurable through the snmpset command. The node OID is 1.3.6.1.4.1.6027.3.18 F10-ISIS-MIB::f10IsisSysOloadSetOverload F10-ISIS-MIB::f10IsisSysOloadSetOloadOnStartupUntil F10-ISIS-MIB::f10IsisSysOloadWaitForBgp F10-ISIS-MIB::f10IsisSysOloadV6SetOverload F10-ISIS-MIB::f10IsisSysOloadV6SetOloadOnStartupUntil F10-ISIS-MIB::f10IsisSysOloadV6WaitForBgp To enable overload bit for IPv4 set 1.3.6.1.4.1.6027.3.18.1.1 and IPv6 set 1.3.6.1.4.1.6027.3.18.1.4 To set time to wait set 1.3.6.1.4.1.
Fetch Dynamic MAC Entries using SNMP Dell Networking supports the RFC 1493 dot1d table for the default VLAN and the dot1q table for all other VLANs. NOTE: The 802.1q Q-BRIDGE MIB defines VLANs regarding 802.1d, as 802.1d itself does not define them. As a switchport must belong a VLAN (the default VLAN or a configured VLAN), all MAC address learned on a switchport are associated with a VLAN. For this reason, the Q-Bridge MIB is used for MAC address query.
In the following example, GigabitEthernet 1/21 is moved to VLAN 1000, a non-default VLAN. To fetch the MAC addresses learned on non-default VLANs, use the object dot1qTpFdbTable. The instance number is the VLAN number concatenated with the decimal conversion of the MAC address.
To display the interface number, use the following command. • Display the interface index number. EXEC Privilege mode show interface Example of Deriving the Interface Index Number To view the system image on Flash Partition A, use the chSysSwInPartitionAImgVers object or, to view the system image on Flash Partition B, use the chSysSwInPartitionBImgVers object. Table 73. MIB Objects for Viewing the System Image on Flash Partitions MIB Object OID Description MIB chSysSwInPartitionAImg 1.3.6.1.4.1.6027.
SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.6.2 = STRING: "Gi 5/85 " << Channel member for Po2 dot3aCommonAggFdbIndex SNMPv2-SMI::enterprises.6027.3.2.1.1.6.1.1.1107755009.1 = INTEGER: 1107755009 dot3aCommonAggFdbVlanId SNMPv2-SMI::enterprises.6027.3.2.1.1.6.1.2.1107755009.1 = INTEGER: 1 dot3aCommonAggFdbTagConfig SNMPv2-SMI::enterprises.6027.3.2.1.1.6.1.3.1107755009.1 = INTEGER: 2 (Tagged 1 or Untagged 2) dot3aCommonAggFdbStatus SNMPv2-SMI::enterprises.6027.3.2.1.1.6.1.4.1107755009.
Troubleshooting SNMP Operation When you use SNMP to retrieve management data from an SNMP agent on a Dell Networking router, take into account the following behavior. • When you query an IPv4 icmpMsgStatsInPkts object in the ICMP table by using the snmpwalk command, the output for echo replies may be incorrectly displayed. To correctly display this information under ICMP statistics, use the show ip traffic command.
Stacking 51 Stacking is supported on the S4820T platform. Stacking is supported on the S4820T platform with the Dell Networking OS version 8.3.19.0 and newer. NOTE: The S4820T commands accept Unit ID numbers 0-11, though the S4820T supports stacking up to three units only with Dell Networking OS version 8.3.19.0 and version 8.3.10.2. The S4820T supports stacking up to six units with Dell Networking OS version 8.3.19.0.
• Switch failure • Inter-switch stacking link failure • Switch insertion • Switch removal If the master switch goes off line, the standby replaces it as the new master and the switch with the next highest priority or MAC address becomes standby. Stack Master Election The stack elects a master and standby unit at bootup time based on two criteria. • Unit priority — User-configurable. The range is from 1 to 14. A higher value (14) means a higher priority. The default is 1.
3 4 5 6 7 8 9 10 Member Member Member Member Member Member Member Member online online not present not present not present not present not present not present S4810 S4810 S4810 S4810 4810-8-3-12-1447 64 4810-8-3-12-1447 64 Virtual IP You can manage the stack using a single IP, known as a virtual IP, that is retained in the stack even after a failover. The virtual IP address is used to log in to the current master unit of the stack. Both IPv4 and IPv6 addresses are supported as virtual IPs.
-----------------------------------------------------0 Management online S50V S50V 7.8.1.
5 6 7 Member Member Member not present not present not present Stacking LAG When multiple links are used between stack units, Dell Networking OS automatically bundles them in a stacking LAG to provide aggregated throughput and redundancy. The stacking LAG is established automatically and transparently by Dell Networking OS (without user configuration) after peering is detected and behaves as follows: • The stacking LAG dynamically aggregates; it can lose link members or gain new links.
is removed, the standby unit becomes the stack manager and Dell Networking OS elects a new standby unit. Dell Networking OS resets the failed master unit: after online, it becomes a member unit; the remaining members remain online. Example of S-Series Stack Manager Redundancy (S50) Stack#show redundancy -- Stack-unit Status ------------------------------------------------Mgmt ID: 0 Stack-unit ID: 1 Stack-unit Redundancy Role: Primary Stack-unit State: Active Stack-unit SW Version: 7.8.1.
Example of Accessing Non-Master Units on a Stack via the Console Port -------------------CONSOLE ACCESS ON THE STANDBY---------------2-unit-stack(standby)#? cd Change current directory clear Reset functions copy Copy from one file to another delete Delete a file dir List files on a filesystem disable Turn off privileged commands enable Turn on privileged commands exit Exit from the EXEC format Format a filesystem package automation package related commands pwd Display current working directory rename Rename
• • Remove Units or Front End Ports from a Stack Split an S-Series Stack Create an S-Series Stack Stacking is enabled on the S4820T using the front end ports. No configuration is allowed on front end ports used for stacking. Stacking can be made between 10G ports of two units or 40G ports of two units. The stack links between the two units are grouped into a single LAG. Stack Group/Port Numbers By default, each unit in Standalone mode is numbered stack-unit 0.
• before the management unit downloads its Dell Networking OS version 8.3.12.0 or later to the new unit. The syslog includes the unit number, previous version, and version being downloaded. • when the firmware synchronization is complete. • if the system check fails, a message such as a hardware incompatibility message or incompatible uboot version is generated. If the unit is placed in a card problem state, the management unit also generates an SNMP trap.
Creating a New Stack Prior to creating a stack, know which unit will be the management unit and which will be the standby unit. Enable the front ports of the units for stacking. For more information, refer to Enabling Front End Port Stacking. To create a new stack, use the following commands. 1. Power up all units in the stack. 2. Verify that each unit has the same Dell Networking OS version prior to stacking them together. EXEC Privilege mode show version 3.
Example of a Syslog Example of Viewing Stack Unit Information After Reload Example of Configuring Two Stacked Switches (S4820T) Figure 119. Creating a New S4820T Stack In the following example, stack unit is the master management unit, stack unit 2is the standby unit. The cables are connected to each unit.
Stack MAC : 00:01:e8:8c:53:32 Reload Type : normal-reload [Next boot : normal-reload] -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------0 Member not present 1 Management online S4810 S4810 4810-8-3-12-1447 64 2 Standby online S4810 S4810 4810-8-3-12-1447 64 3 Member online S4810 S4810 4810-8-3-12-1447 64 4 Member online S4810 S4810 4810-8-3-12-1447 64 5 Member not present 6 Member not present 7 Member not present 8 Member not presen
0/0 0/1 0/2 0/3 S4810-1# 1/0 1/1 1/2 1/3 10 10 10 10 up up up up up up up up Add Units to an Existing S-Series Stack You can add units to an existing stack in one of three ways. • By manually assigning a new unconfigured unit a position in an existing stack. • By adding a configured unit to an existing stack. • By merging two stacks.
Example of Adding an S4820T Stack Unit with a Conflicting Stack Number (Before) Example of Adding an S4820T Stack Unit with a Conflicting Stack Number (After) Dell#show system brief Stack MAC : 00:01:e8:8a:df:e6 Reload Type : normal-reload -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------0 Management online S4810 S4810 8-3-7-13 64 1 Member not present 2 Member not present 3 Standby online S4810 S4810 8-3-7-13 64 4 Member not present 5 Me
4. 5. Log on to the CLI and enter global configuration mode. • Login: username • Password: ***** • Dell> enable • Dell# configure Configure the ports on the added switch for stacking. CONFIGURATION mode stack-unit 0 stack-group group-number 6. • stack-unit 0: defines the default ID unit-number in the initial configuration of a switch. • stack-group group-number: configures a port for stacking. Save the stacking configuration on the ports. EXEC Privilege mode write memory 7.
Split an S-Series Stack To split a stack, unplug the desired stacking cables. You may do this at any time, whether the stack is powered or unpowered, and the units are online or offline. Each portion of the split stack retains the startup and running configuration of the original stack. For a parent stack that is split into two child stacks, A and B, each with multiple units: • If one of the new stacks receives the master and the standby management units, it is unaffected by the split.
stack-unit provision Displaying Information about an S-Series Stack To display information about the S-Series stack, use the following command. • Display for stack-identity, status, and hardware information on every unit in a stack. EXEC Privilege mode show system • Refer to the following example. Display most of the information in show system, but in a more convenient tabular form. EXEC Privilege mode show system brief • Refer to the following example.
-- Power Supplies -Unit Bay Status Type FanStatus -----------------------------------------0 0 absent absent 0 1 up AC up -- Fan Status -Unit Bay TrayStatus Fan0 Speed Fan1 Speed ------------------------------------------0 0 up up 6960 up 6960 0 1 up up 6720 up 6720 Speed in RPM -- Unit 1 -Unit Type Status Required Type : Member Unit : not present : S4810 - 52-port GE/TE/FG (SE) -- Unit 2 -Unit Type Status : Member Unit : not present -- Unit 3 -Unit Type Status Next Boot Required Type Current Type Maste
10 11 Member Member not present not present Display information about an S4820T stack using the show system stack-ports command.
• A new standby is elected. When the former stack master comes back online, it becomes a member unit. Prevent the stack master from rebooting after a failover. CONFIGURATION mode redundancy disable-auto-reboot stack-unit • This command does not affect a forced failover, manual reset, or a stack-link disconnect. Display redundancy information.
Example of Viewing Status for Stacked Switches in a Ring Topology Example of Viewing Status for a Single Switch Example of Viewing Status for Stacked Switches in a Daisy Chain Topology The following example shows four switches stacked together with two 40G links in a ring topology.
1 1 up AC up -- Fan Status -Unit Bay TrayStatus Fan0 Speed Fan1 Speed -------------------------------------------1 0 up up 7200 up 7200 1 1 up up 7200 up 7440 Speed in RP The following example shows three switches stacked together in a daisy chain topology.
Reload Type : normal-reload -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports ----------------------------------------------------0 Management online S4810 S4810 8-3-7-13 64 1 Member online S4810 S4810 8-3-7-13 64 2 Member not present 3 Standby online S4810 S4810 8-3-7-13 64 Dell#show system brief Stack MAC : 00:01:e8:8a:df:e6 Reload Type : normal-reload -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports ------------------------------------------------------0 Management online S48
• • Recover from a Card Problem State on an S-Series Stack Recover from a Card Mismatch State on an S-Series Stack Recover from Stack Link Flaps S-Series stack link integrity monitoring enables units to monitor their own stack ports and disable any stack port that flaps five times within 10 seconds.
3 4 5 6 7 8 9 10 11 Member Member Member Member Member Member Member Member Member not not not not not not not not not present present present present present present present present present -- Power Supplies -Unit Bay Status Type FanStatus -----------------------------------0 0 down DC down 0 1 up DC up 1 0 absent absent 1 1 up AC up -- Fan Status -Unit Bay TrayStatus Fan0 Speed Fan1 Speed -------------------------------------------0 0 up up 9360 up 9360 0 1 up up 9600 up 9360 1 0 up up 6720 up 6720 1
1 Management online S50N S50N 7.8.1.0 52 2 Standby online S50V S50V 7.8.1.0 52 3 Member not present 4 Member not present 5 Member not present 6 Member not present 7 Member not present ------------------STANDALONE UNIT AFTER------------------------01:38:34: %STKUNIT0-M:CP %POLLMGR-2-ALT_STACK_UNIT_STATE: Alternate Stack-unit is present 01:38:34: %STKUNIT0-M:CP %CHMGR-5-STACKUNITDETECTED: Stack unit 1 present Going for reboot.
Storm Control 52 Storm control is supported on the S4820T platform. The storm control feature allows you to control unknown-unicast and broadcast traffic on Layer 2 and Layer 3 physical interfaces. Dell Networking Operating System (OS) Behavior: Dell Networking OS supports broadcast control (the storm-control broadcast command) for Layer 2 and Layer 3 traffic. Dell Networking OS Behavior: The minimum number of packets per second (PPS) that storm control can limit on the S4820T is two.
Spanning Tree Protocol (STP) 53 The spanning tree protocol (STP) is supported on the S4820T platform. Protocol Overview STP is a Layer 2 protocol — specified by IEEE 802.1d — that eliminates loops in a bridged topology by enabling only a single path through the network. By eliminating loops, the protocol improves scalability in a large network and allows you to implement redundant paths, which can be activated after the failure of active paths.
Important Points to Remember • • • • • STP is disabled by default. The Dell Networking OS supports only one spanning tree instance (0). For multiple instances, enable the multiple spanning tree protocol (MSTP) or per-VLAN spanning tree plus (PVST+). You may only enable one flavor of spanning tree at any one time. All ports in virtual local area networks (VLANs) and all enabled interfaces in Layer 2 mode are automatically added to the spanning tree topology at the time you enable the protocol.
To configure and enable the interfaces for Layer 2, use the following command. 1. If the interface has been assigned an IP address, remove it. INTERFACE mode no ip address 2. Place the interface in Layer 2 mode. INTERFACE switchport 3. Enable the interface. INTERFACE mode no shutdown Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode.
Figure 121. Spanning Tree Enabled Globally To enable STP globally, use the following commands. 1. Enter PROTOCOL SPANNING TREE mode. CONFIGURATION mode protocol spanning-tree 0 2. Enable STP. PROTOCOL SPANNING TREE mode no disable Example of Verifying Spanning Tree is Enabled Example of Viewing Spanning Tree Configuration Example of Verifying a Port Participates in Spanning Tree To disable STP globally for all Layer 2 interfaces, use the disable command from PROTOCOL SPANNING TREE mode.
To view the spanning tree configuration and the interfaces that are participating in STP, use the show spanning-tree 0 command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. R2#show spanning-tree 0 Executing IEEE compatible Spanning Tree Protocol Bridge Identifier has priority 32768, address 0001.e826.ddb7 Configured hello time 2, max age 20, forward delay 15 Current root has priority 32768, address 0001.e80d.
INTERFACE mode spanning-tree 0 Modifying Global Parameters You can modify the spanning tree parameters. The root bridge sets the values for forward-delay, hellotime, and max-age and overwrites the values set on other bridges participating in STP. NOTE: Dell Networking recommends that only experienced network administrators change the spanning tree parameters. Poorly planned modification of the spanning tree parameters can negatively affect network performance.
• Change the max-age parameter (the refresh interval for configuration information that is generated by recomputing the spanning tree topology). PROTOCOL SPANNING TREE mode max-age seconds The range is from 6 to 40. The default is 20 seconds. To view the current values for global parameters, use the show spanning-tree 0 command from EXEC privilege mode. Refer to the second example in Enabling Spanning Tree Protocol Globally.
the BPDU, the physical interface remains up and spanning-tree drops packets in the hardware after a BPDU violation. BPDUs are dropped in the software after receiving the BPDU violation. CAUTION: Enable PortFast only on links connecting to an end station. PortFast can cause loops if it is enabled on an interface connected to a network. To enable PortFast on an interface, use the following command. • Enable PortFast on an interface.
• • • • • If the interface to be shut down is a port channel, all the member ports are disabled in the hardware. When you add a physical port to a port channel already in the Error Disable state, the new member port is also disabled in the hardware. When you remove a physical port from a port channel in the Error Disable state, the Error Disabled state is cleared on this physical port (the physical port is enabled in the hardware).
• disables spanning tree on an interface • drops all BPDUs at the line card without generating a console message Example of Blocked BPDUs Dell(conf-if-gi-0/7)#do show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e805.fb07 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 0001.e85d.0e90 Configured hello time 2, max age 20, forward delay 15 Interface Name PortID Prio ---------- -------Gi 0/6 128.
Root Bridge hello time 2, max age 20, forward delay 15 Dell# STP Root Guard STP root guard is supported on the S4820T platform. Use the STP root guard feature in a Layer 2 network to avoid bridging loops. In STP, the switch in the network with the lowest priority (as determined by STP or set with the bridge-priority command) is selected as the root bridge. If two switches have the same priority, the switch with the lower MAC address is selected as the root.
Figure 123. STP Root Guard Prevents Bridging Loops Configuring Root Guard Enable STP root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with STP root guard: • Root guard is supported on any STP-enabled port or port-channel interface except when used as a stacking port.
• Enable root guard on a port or port-channel interface. INTERFACE mode or INTERFACE PORT-CHANNEL mode spanning-tree {0 | mstp | rstp | pvst} rootguard – 0: enables root guard on an STP-enabled port assigned to instance 0. – mstp: enables root guard on an MSTP-enabled port. – rstp: enables root guard on an RSTP-enabled port. – pvst: enables root guard on a PVST-enabled port.
STP Loop Guard STP loop guard is supported only on the S4820T platform. The STP loop guard feature provides protection against Layer 2 forwarding loops (STP loops) caused by a hardware failure, such as a cable failure or an interface fault. When a cable or interface fails, a participating STP link may become unidirectional (STP requires links to be bidirectional) and an STP port does not receive BPDUs. When an STP blocking port does not receive BPDUs, it transitions to a Forwarding state.
Figure 124. STP Loop Guard Prevents Forwarding Loops Configuring Loop Guard Enable STP loop guard on a per-port or per-port channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with loop guard: • Loop guard is supported on any STP-enabled port or port-channel interface.
• You cannot enable root guard and loop guard at the same time on an STP port. For example, if you configure loop guard on a port on which root guard is already configured, the following error message is displayed: % Error: RootGuard is configured. Cannot configure LoopGuard. • Enabling Portfast BPDU guard and loop guard at the same time on a port results in a port that remains in a blocking state and prevents traffic from flowing through it.
System Time and Date 54 System time and date settings and the network time protocol (NTP) are supported on the S4820T platform. You can set system times and dates and maintained through the NTP. They are also set through the Dell Networking Operating System (OS) command line interfaces (CLIs) and hardware settings. In the release 9.4.(0.0), support for reaching an NTP server through different VRFs is included. You can configure a maximum of eight logging servers across different VRFs or the same VRF.
certain fields in the message, recalculates the checksum and returns the message immediately. Information included in the NTP message allows the client to determine the server time regarding local time and adjust the local clock accordingly. In addition, the message includes information to calculate the expected timekeeping accuracy and reliability, as well as select the best from possibly several servers.
Implementation Information Dell Networking systems can only be an NTP client. Configure the Network Time Protocol Configuring NTP is a one-step process. • Enabling NTP Related Configuration Tasks • Configuring NTP Broadcasts • Setting the Hardware Clock with the Time Derived from NTP • Disabling NTP on an Interface • Configuring a Source IP Address for NTP Packets (optional) Enabling NTP NTP is disabled by default.
Setting the Hardware Clock with the Time Derived from NTP To set the hardware clock, use the following command. • Periodically update the system hardware clock with the time value derived from NTP.
• Configure a source IP address for NTP packets. CONFIGURATION mode ntp source interface Enter the following keywords and slot/port or number information: – For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet then the slot/port information. – For a loopback interface, enter the keyword loopback then a number between 0 and 16383. – For a port channel interface, enter the keyword lag then a number from 1 to 255 for TeraScale and ExaScale.
3. Define a trusted key. CONFIGURATION mode ntp trusted-key number Configure a number from 1 to 4294967295. The number must be the same as the number used in the ntp authentication-key command. 4. Configure an NTP server. CONFIGURATION mode ntp server ip-address [key keyid] [prefer] [version number] Configure the IP address of a server and the following optional parameters: • key keyid: configure a text string as the key exchanged between the NTP server and the client.
stratum - 1 primary reference clock, 2 secondary reference clock (via NTP) version - NTP version 3 leap NOTE: • Leap Indicator (sys.leap, peer.leap, pkt.leap) — This is a two-bit code warning of an impending leap second to be inserted in the NTP time scale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rollover interval) in the day of insertion to be increased or decreased by one.
• Setting the Timezone • Setting Daylight Saving Time Once • Setting Recurring Daylight Saving Time Setting the Time and Date for the Switch Hardware Clock To set the time and date for the switch hardware clock, use the following command. • Set the hardware clock to the current time and date. EXEC Privilege mode calendar set time month day year – time: enter the time in hours:minutes:seconds. For the hour variable, use the 24-hour format; for example, 17:15:00 is 5:15 pm.
Setting the Timezone Universal time coordinated (UTC) is the time standard based on the International Atomic Time standard, commonly known as Greenwich Mean time. When determining system time, include the differentiator between UTC and your local timezone. For example, San Jose, CA is the Pacific Timezone with a UTC offset of -8. To set the clock timezone, use the following command. • Set the clock to the appropriate timezone.
– end-month: enter the name of one of the 12 months in English. You can enter the name of a day to change the order of the display to time day month year. – end-day: enter the number of the day. The range is from 1 to 31. You can enter the name of a month to change the order of the display to time day month year. – end-year: enter a four-digit number as the year. The range is from 1993 to 2035. – end-time: enter the time in hours:minutes.
* first: Enter the keyword first to start daylight saving time in the first week of the month. * last: Enter the keyword last to start daylight saving time in the last week of the month. – end-month: Enter the name of one of the 12 months in English. You can enter the name of a day to change the order of the display to time day month year. – end-day: Enter the number of the day. The range is from 1 to 31. You can enter the name of a month to change the order of the display to time day month year.
Tunneling 55 Tunneling is supported on the S4820T platform. Tunneling supports RFC 2003, RFC 2473, and 4213. DSCP, hop-limits, flow label values, OSPFv2, and OSPFv3 are also supported. ICMP error relay, PATH MTU transmission, and fragmented packets are not supported. Configuring a Tunnel Configuring a tunnel is supported on the S4820T platform. You can configure a tunnel in IPv6 mode, IPv6IP mode, and IPIP mode.
ipv6 address 2::1/64 tunnel destination 90.1.1.1 tunnel source 60.1.1.1 tunnel mode ipv6ip no shutdown The following sample configuration shows a tunnel configured in IPIP mode (IPv4 tunnel carries IPv4 and IPv6 traffic): Dell(conf)#interface tunnel 3 Dell(conf-if-tu-3)#tunnel source 5::5 Dell(conf-if-tu-3)#tunnel destination 8::9 Dell(conf-if-tu-3)#tunnel mode ipv6 Dell(conf-if-tu-3)#ip address 3.1.1.
Configuring the ip and ipv6 unnumbered Configuring the tunnel interface is supported on the S4820T platform. You can configure the tunnel in ip unnumbered and ipv6 unnumbered command. To configure the tunnel interface to operate without a unique explicit ip/ ipv6 address, select the interface from which the tunnel will borrow its address. The following sample configuration shows the IP unnumbered command: Dell(conf-if-te-0/0)#show config ! interface TenGigabitEthernet 0/0 ip address 20.1.1.
tunnel mode ipip decapsulate-any no shutdown Configuring the tunnel source anylocal Configuring a tunnel source anylocal is supported on the S4820T platform. The anylocal argument can be used in place of the ip address or interface, but only with multipoint receive-only mode tunnels.
Uplink Failure Detection (UFD) 56 Uplink failure detection (UFD) is supported on the S4820T platform. Feature Description UFD provides detection of the loss of upstream connectivity and, if used with network interface controller (NIC) teaming, automatic recovery from a failed link. A switch provides upstream connectivity for devices, such as servers. If a switch loses its upstream connectivity, downstream devices also lose their connectivity.
Figure 126. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group. An interface in an uplink-state group can be a physical interface or a port-channel (LAG) aggregation of physical interfaces. An enabled uplink-state group tracks the state of all assigned upstream interfaces.
Figure 127. Uplink Failure Detection Example If only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstream ports associated with the upstream interface are put into a Link-Down state. You can configure this number and is calculated by the ratio of the upstream port bandwidth to the downstream port bandwidth in the same uplink-state group.
– An uplink-state group is considered to be operationally down if it has no upstream interfaces in the Link-Up state. No uplink-state tracking is performed when a group is disabled or in an Operationally Down state. • You can assign physical port or port-channel interfaces to an uplink-state group. – You can assign an interface to only one uplink-state group. Configure each interface assigned to an uplink-state group as either an upstream or downstream interface, but not both.
Configuring Uplink Failure Detection To configure UFD, use the following commands. 1. Create an uplink-state group and enable the tracking of upstream links on the switch/router. CONFIGURATION mode uplink-state-group group-id • group-id: values are from 1 to 16. To delete an uplink-state group, use the no uplink-state-group group-id command. 2. Assign a port or port-channel to the uplink-state group as an upstream or downstream interface.
4. (Optional) Enable auto-recovery so that UFD-disabled downstream ports in the uplink-state group come up when a disabled upstream port in the group comes back up. UPLINK-STATE-GROUP mode downstream auto-recover The default is auto-recovery of UFD-disabled downstream ports is enabled. To disable auto-recovery, use the no downstream auto-recover command. 5. (Optional) Enters a text description of the uplink-state group.
Example of Syslog Messages Before and After Entering the clear ufd-disable uplink-stategroup Command (S50) The following example message shows the Syslog messages that display when you clear the UFDDisabled state from all disabled downstream interfaces in an uplink-state group by using the clear ufd-disable uplink-state-group group-id command. All downstream interfaces return to an operationally up state.
02:38:53: %RPM0-P:CP %IFMGR-5-OSTATE_UP: Changed interface state to up: Fo 13/3 02:38:53: %RPM0-P:CP %IFMGR-5-OSTATE_UP: Changed interface state to up: Fo 13/5 02:38:53: %RPM0-P:CP %IFMGR-5-OSTATE_UP: Changed interface state to up: Fo 13/6 Displaying Uplink Failure Detection To display information on the UFD feature, use any of the following commands. • Display status information on a specified uplink-state group or all groups.
Dell# show uplink-state-group 16 Uplink State Group: 16 Status: Disabled, Up Dell#show uplink-state-group detail (Up): Interface up (Dwn): Interface down (Dis): Interface disabled Uplink State Group : 1 Upstream Interfaces : Downstream Interfaces : Status: Enabled, Up Uplink State Group : 3 Status: Enabled, Up Upstream Interfaces : Gi 0/46(Up) Gi 0/47(Up) Downstream Interfaces : Te 13/0(Up) Te 13/1(Up) Te 13/3(Up) Te 13/5(Up) Te 13/6(Up) Uplink State Group : 5 Status: Enabled, Down Upstream Interfaces : G
Dell#show running-config uplink-state-group ! no enable uplink state track 1 downstream GigabitEthernet 0/2, 4, 6, 11-19 upstream TengigabitEthernet 0/48, 52 upstream PortChannel 1 ! uplink state track 2 downstream GigabitEthernet 0/1, 3, 5, 7-10 upstream TengigabitEthernet 0/56, 60 Dell(conf-uplink-state-group-16)# show configuration ! uplink-state-group 16 no enable description test downstream disable links all downstream GigabitEthernet 0/40 upstream GigabitEthernet 0/41 upstream Port-channel 8 Sample C
Dell(conf-uplink-state-group-3)#exit Dell(conf)#exit Dell# 00:13:06: %STKUNIT0-M:CP %SYS-5-CONFIG_I: Configured from console by console Dell# show running-config uplink-state-group ! uplink-state-group 3 description Testing UFD feature downstream disable links 2 downstream GigabitEthernet 0/1-2,5,9,11-12 upstream GigabitEthernet 0/3-4 Dell# show uplink-state-group 3 Uplink State Group: 3 Status: Enabled, Up Dell# show uplink-state-group detail (Up): Interface up (Dwn): Interface down (Dis): Interface disabl
Upgrade Procedures 57 To find the upgrade procedures, go to the Dell Networking OS Release Notes for your system type to see all the requirements needed to upgrade to the desired Dell Networking OS version. To upgrade your system type, follow the procedures in the Dell Networking OS Release Notes. Get Help with Upgrades Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center. You can reach Technical Support: • On the web: http://support.dell.
Virtual LANs (VLANs) 58 Virtual LANs (VLANs) are supported on the S4820T platform. VLANs are a logical broadcast domain or logical grouping of interfaces in a local area network (LAN) in which all data received is kept locally and broadcast to all members of the group. When in Layer 2 mode, VLANs move traffic at wire speed and can span multiple devices. The Dell Networking Operating System (OS) supports up to 4093 port-based VLANs and one default VLAN, as specified in IEEE 802.1Q.
By default, VLAN 1 is the Default VLAN. To change that designation, use the default vlan-id command in CONFIGURATION mode. You cannot delete the Default VLAN. NOTE: You cannot assign an IP address to the Default VLAN. To assign an IP address to a VLAN that is currently the Default VLAN, create another VLAN and assign it to be the Default VLAN. For more information about assigning IP addresses, refer to Assigning an IP Address to a VLAN. • Untagged interfaces must be part of a VLAN.
information is preserved as the frame moves through the network. The following example shows the structure of a frame with a tag header. The VLAN ID is inserted in the tag header. Figure 128. Tagged Frame Format The tag header contains some key information that Dell Networking OS uses: • The VLAN protocol identifier identifies the frame as tagged according to the IEEE 802.1Q specifications (2 bytes). • Tag control information (TCI) includes the VLAN ID (2 bytes total).
• Configure a port-based VLAN (if the VLAN-ID is different from the Default VLAN ID) and enter INTERFACE VLAN mode. CONFIGURATION mode interface vlan vlan-id To activate the VLAN, after you create a VLAN, assign interfaces in Layer 2 mode to the VLAN. Example of Verifying a Port-Based VLAN To view the configured VLANs, use the show vlan command in EXEC Privilege mode.
The following example shows the steps to add a tagged interface (in this case, port channel 1) to VLAN 4. To view the interface’s status. Interface (po 1) is tagged and in VLAN 2 and 3, use the show vlan command. In a port-based VLAN, use the tagged command to add the interface to another VLAN. The show vlan command output displays the interface’s (po 1) changed status. Except for hybrid ports, only a tagged interface can be a member of multiple VLANs.
Moving Untagged Interfaces To move untagged interfaces from the Default VLAN to another VLAN, use the following commands. 1. Access INTERFACE VLAN mode of the VLAN to which you want to assign the interface. CONFIGURATION mode interface vlan vlan-id 2. Configure an interface as untagged. INTERFACE mode untagged interface This command is available only in VLAN interfaces.
4 Dell# Active T U Gi 3/1 Gi 3/2 The only way to remove an interface from the Default VLAN is to place the interface in Default mode by using the no switchport command in INTERFACE mode. Assigning an IP Address to a VLAN VLANs are a Layer 2 feature. For two physical interfaces on different VLANs to communicate, you must assign an IP address to the VLANs to route traffic between the two interfaces.
To configure a port so that it can be a member of an untagged and tagged VLANs, use the following commands. 1. Remove any Layer 2 or Layer 3 configurations from the interface. INTERFACE mode 2. Configure the interface for Hybrid mode. INTERFACE mode portmode hybrid 3. Configure the interface for Switchport mode. INTERFACE mode switchport 4. Add the interface to a tagged or untagged VLAN.
Virtual Link Trunking (VLT) 59 Virtual link trunking (VLT) is supported on the S4820T platform. Overview VLT allows physical links between two chassis to appear as a single virtual link to the network core or other switches such as Edge, Access, or top-of-rack (ToR). VLT reduces the role of spanning tree protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distribution or core switches, and by supporting a loop-free topology.
Figure 129. VLT on S4820T Switches VLT on Core Switches You can also deploy VLT on core switches. Uplinks from servers to the access layer and from access layer to the aggregation layer are bundled in LAG groups with end-to-end Layer 2 multipathing. This set up requires “horizontal” stacking at the access layer and VLT at the aggregation layer such that all the uplinks from servers to access and access to aggregation are in Active-Active Load Sharing mode.
Figure 130. Enhanced VLT VLT Terminology The following are key VLT terms. • Virtual link trunk (VLT) — The combined port channel between an attached device and the VLT peer switches. • VLT backup link — The backup link monitors the vitality of VLT peer switches. The backup link sends configurable, periodic keep alive messages between the VLT peer switches. • VLT interconnect (VLTi) — The link used to synchronize states between the VLT peer switches. Both ends must be on 10G or 40G interfaces.
Configure Virtual Link Trunking VLT requires that you enable the feature and then configure the same VLT domain, backup link, and VLT interconnect on both peer switches. Important Points to Remember • You cannot enable S4820T stacking simultaneously with VLT. If you enable both at the same time, unexpected behavior occurs. Refer to VLT and Stacking. • VLT port channel interfaces must be switch ports. • If you include RSTP on the system, configure it before VLT. Refer to Configure Rapid Spanning Tree.
• VLT Heartbeat is supported only on default VRFs. • In a scenario where one hundred hosts are connected to a Peer1 on a non-VLT domain and traffic flows through Peer1 to Peer2; when you move these hosts from a non-VLT domain to a VLT domain and send ARP requests to Peer1, only half of these ARP requests reach Peer1, while the remaining half reach Peer2 (beacuse of LAG hashing).
– The port channel must be in Default mode (not Switchport mode) to have VLTi recognize it. – The system automatically includes the required VLANs in VLTi. You do not need to manually select VLANs. – VLT peer switches operate as separate chassis with independent control and data planes for devices attached to non-VLT ports. – Port-channel link aggregation (LAG) across the ports in the VLT interconnect is required; individual ports are not supported.
– The chassis backup link does not carry control plane information or data traffic. Its use is restricted to health checks only. • Virtual link trunks (VLTs) between access devices and VLT peer switches – To connect servers and access switches with VLT peer switches, you use a VLT port channel, as shown in Overview. Up to 48 port-channels are supported; up to eight member links are supported in each port channel between the VLT domain and an access device.
• Software features supported on VLT physical ports – In a VLT domain, the following software features are supported on VLT physical ports: 802.1p, LLDP, flow control, port monitoring, and jumbo frames. • Software features not supported with VLT – In a VLT domain, the following software features are supported on non-VLT ports: 802.1x, , DHCP snooping, FRRP, IPv6 dynamic routing, ingress and egress QOS.
MAC address is selected as the Primary Peer. You can configure another peer as the Primary Peer using the VLT domain domain-id role priority priority-value command. If the VLTi link fails, the status of the remote VLT Primary Peer is checked using the backup link. If the remote VLT Primary Peer is available, the Secondary Peer disables all VLT ports to prevent loops.
VLT and Stacking You cannot enable stacking on S4820T units with VLT. If you enable stacking on a unit on which you want to enable VLT, you must first remove the unit from the existing stack. For information about how to remove a unit from a stack, refer to Removing a Unit from an S-Series Stack. After you remove the unit, you can configure VLT on the unit.
PIM-Sparse Mode Support on VLT The designated router functionality of the PIM Sparse-Mode multicast protocol is supported on VLT peer switches for multicast sources and receivers that are connected to VLT ports. VLT peer switches can act as a last-hop router for IGMP receivers and as a first-hop router for multicast sources. Figure 131.
(DR) if they are incorrectly hashed. In addition to being first-hop or last -hop routers, the peer node can also act as an intermediate router. On a VLT-enabled PIM router, if any PIM neighbor is reachable through a Spanned Layer 3 (L3) VLAN interface, this must be the only PIM-enabled interface to reach that neighbor. A Spanned L3 VLAN is any L3 VLAN configured on both peers in a VLT domain. This does not apply to server-side L2 VLT ports because they do not connect to any PIM routers.
local DA entries in TCAM. In case a VLT node is down, a timer that allows you to configure the amount of time needed for peer recovery provides resiliency. You can enable VLT unicast across multiple configurations using VLT links. You can enable ECMP on VLT nodes using VLT unicast. VLT unicast routing is supported on both IPv6/IPv4. To enable VLT unicast routing, both VLT peers must be in L3 mode. Static route and routing protocols such as RIP, OSPF, ISIS, and BGP are supported.
• VLT resiliency — After a VLT link or peer failure, if the traffic hashes to the VLT peer, the traffic continues to be routed using multicast until the PIM protocol detects the failure and adjusts the multicast distribution tree. • Optimal routing — The VLT peer that receives the incoming traffic can directly route traffic to all downstream routers connected on VLT ports.
Non-VLT ARP Sync Synchronization for non-ARP routing table entries is supported on the S4820T platform. ARP entries (including ND entries) learned on other ports are synced with the VLT peer to support station move scenarios. NOTE: ARP entries learned on non-VLT, non-spanned VLANs are not synced with VLT peers. RSTP Configuration RSTP is supported in a VLT domain. Before you configure VLT on peer switches, configure RSTP in the network.
Sample RSTP Configuration The following is a sample of an RSTP configuration. Using the example shown in the Overview section as a sample VLT topology, the primary VLT switch sends BPDUs to an access device (switch or server) with its own RSTP bridge ID. BPDUs generated by an RSTP-enabled access device are only processed by the primary VLT switch. The secondary VLT switch tunnels the BPDUs that it receives to the primary VLT switch over the VLT interconnect.
Configuring a VLT Interconnect To configure a VLT interconnect, follow these steps. 1. Configure the port channel for the VLT interconnect on a VLT switch and enter interface configuration mode. CONFIGURATION mode interface port-channel id-number Enter the same port-channel number configured with the peer-link port-channel command as described in Enabling VLT and Creating a VLT Domain. NOTE: To be included in the VLTi, the port channel must be in Default mode (no switchport or VLAN assigned). 2.
Enabling VLT and Creating a VLT Domain To enable VLT and create a VLT domain, use the following steps. 1. Enable VLT on a switch, then configure a VLT domain and enter VLT-domain configuration mode. CONFIGURATION mode vlt domain domain-id The domain ID range is from 1 to 1000. Configure the same domain ID on the peer switch to allow for common peering. VLT uses the domain ID to automatically create a VLT MAC address for the domain.
Configuring a VLT Backup Link To configure a VLT backup link, use the following command. 1. Specify the management interface to be used for the backup link through an out-of-band management network. CONFIGURATION mode interface managementethernet slot/ port Enter the slot (0-1) and the port (0). 2. Configure an IPv4 address (A.B.C.D) or IPv6 address (X:X:X:X::X) and mask (/x) on the interface.
Reconfiguring the Default VLT Settings (Optional) To reconfigure the default VLT settings, use the following commands. 1. Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000. 2. (Optional) After you configure the VLT domain on each peer switch on both sides of the interconnect trunk, by default, Dell Networking OS elects a primary and secondary VLT peer device.
Connecting a VLT Domain to an Attached Access Device (Switch or Server) To connect a VLT domain to an attached access device, use the following commands. On a VLT peer switch: To connect to an attached device, configure the same port channel ID number on each peer switch in the VLT domain. 1. Configure the same port channel to be used to connect to an attached device and enter interface configuration mode. CONFIGURATION mode interface port-channel id-number 2. Remove an IP address from the interface.
Configuring a VLT VLAN Peer-Down (Optional) To configure a VLT VLAN peer-down, use the following commands. 1. Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000. 2. Enter the port-channel number that acts as the interconnect trunk. VLT DOMAIN CONFIGURATION mode peer-link port-channel id-number The range is from 1 to 128. 3.
3. Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000. 4. Enter the port-channel number that acts as the interconnect trunk. VLT DOMAIN CONFIGURATION mode peer-link port-channel id-number The range is from 1 to 128. 5. Configure the IP address of the management interface on the remote VLT peer to be used as the endpoint of the VLT backup link for sending out-of-band hello messages.
8. Configure enhanced VLT. Configure the port channel to be used for the VLT interconnect on a VLT switch and enter interface configuration mode. CONFIGURATION mode interface port-channel id-number Enter the same port-channel number configured with the peer-link port-channel command in the Enabling VLT and Creating a VLT Domain. 9. Place the interface in Layer 2 mode. INTERFACE PORT-CHANNEL mode switchport 10.
VLT Sample Configuration To review a sample VLT configuration setup, study these steps. 1. Configure the VLT domain with the same ID in VLT peer 1 and VLT peer 2. VLT DOMAIN mode vlt domain domain id 2. Configure the VLTi between VLT peer 1 and VLT peer 2. 3. You can configure LACP/static LAG between the peer units (not shown).
13. Verify that the VLT LAG is running in both VLT peer units. EXEC mode or EXEC Privilege mode show interfaces interface Example of Configuring VLT In the following sample VLT configuration steps, VLT peer 1 is S4820T-2, VLT peer 2 is S4820T-4, and the ToR is S60-1. NOTE: If you use a third-party ToR unit, Dell Networking recommends using static LAGs with VLT peers to avoid potential problems if you reboot the VLT peers. Configure the VLT domain with the same ID in VLT peer 1 and VLT peer 2.
Configure the VLT links between VLT peer 1 and VLT peer 2 to the Top of Rack unit. In the following example, port Te 0/40 in VLT peer 1 is connected to Te 0/48 of TOR and port Te 0/18 in VLT peer 2 is connected to Te 0/50 of TOR. 1. Configure the static LAG/LACP between the ports connected from VLT peer 1 and VLT peer 2 to the Top of Rack unit. 2. Configure the VLT peer link port channel id in VLT peer 1 and VLT peer 2. 3.
no ip address switchport no shutdown s60-1# s60-1#show interfaces port-channel 100 brief Codes: L - LACP Port-channel L LAG 100 Mode L2 Status up Uptime 03:33:48 s60-1# Ports Te 0/48 (Up) Te 0/50 (Up) Verify VLT is up. Verify that the VLTi (ICL) link, backup link connectivity (heartbeat status), and VLT peer link (peer chassis) are all up.
Figure 132. eVLT Configuration Example eVLT Configuration Step Examples In Domain 1, configure the VLT domain and VLTi on Peer 1. Domain_1_Peer1#configure Domain_1_Peer1(conf)#interface port-channel 1 Domain_1_Peer1(conf-if-po-1)# channel-member TenGigabitEthernet 0/8-9 Domain_1_Peer1(conf)#vlt domain 1000 Domain_1_Peer1(conf-vlt-domain)# peer-link port-channel 1 Domain_1_Peer1(conf-vlt-domain)# back-up destination 10.16.130.
Domain_1_Peer2(conf-vlt-domain)# back-up destination 10.16.130.12 Domain_1_Peer2(conf-vlt-domain)# system-mac mac-address 00:0a:00:0a:00:0a Domain_1_Peer2(conf-vlt-domain)# unit-id 1 Configure eVLT on Peer 2. Domain_1_Peer2(conf)#interface port-channel 100 Domain_1_Peer2(conf-if-po-100)# switchport Domain_1_Peer2(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_1_Peer2(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 2.
Configure eVLT on Peer 4. Domain_2_Peer4(conf)#interface port-channel 100 Domain_2_Peer4(conf-if-po-100)# switchport Domain_2_Peer4(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_2_Peer4(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 4.
VLT_Peer2(conf-if-vl-4001)#exit VLT_Peer2(conf)#end Verifying a VLT Configuration To monitor the operation or verify the configuration of a VLT domain, use any of the following show commands on the primary and secondary VLT switches. • Display information on backup link operation. EXEC mode • show vlt backup-link Display general status information about VLT domains currently configured on the switch.
Example of the show vlt backup-link Command Example of the show vlt brief Command Example of the show vlt detail Command Example of the show vlt role Command Example of the show running-config vlt Command Example of the show vlt statistics Command Example of the show spanning-tree rstp Command Dell_VLTpeer1# show vlt backup-link VLT Backup Link ----------------Destination: Peer HeartBeat status: HeartBeat Timer Interval: HeartBeat Timeout: UDP Port: HeartBeat Messages Sent: HeartBeat Messages Received: 10.
Version: Local System MAC address: Remote System MAC address: Configured System MAC address: Remote system version: Delay-Restore timer: 5(1) 00:01:e8:8a:e7:e7 00:01:e8:8a:e9:70 00:0a:0a:01:01:0a 5(1) 90 seconds Dell_VLTpeer1# show vlt detail Local LAG Id -----------100 127 Peer LAG Id ----------100 2 Local Status Peer Status Active VLANs ------------ ----------- ------------UP UP 10, 20, 30 UP UP 20, 30 Dell_VLTpeer2# show vlt detail Local LAG Id -----------2 100 Peer LAG Id ----------127 100 Local
ICL Hello's Received: 98 Dell_VLTpeer2# show vlt statistics VLT Statistics ---------------HeartBeat Messages Sent: HeartBeat Messages Received: ICL Hello's Sent: ICL Hello's Received: 994 978 89 89 The bold section displays the RSTP state of port channels in the VLT domain. Port channel 100 is used in the VLT interconnect trunk (VLTi) to connect to VLT peer2. Port channels 110, 111, and 120 are used to connect to access switches or servers (vlt).
Additional VLT Sample Configurations To configure VLT, configure a backup link and interconnect trunk, create a VLT domain, configure a backup link and interconnect trunk, and connect the peer switches in a VLT domain to an attached access device (switch or server). Review the following examples of VLT configurations. Configuring Virtual Link Trunking (VLT Peer 1) Enable VLT and create a VLT domain with a backup-link and interconnect trunk (VLTi).
Configuring Virtual Link Trunking (VLT Peer 2) Enable VLT and create a VLT domain with a backup-link VLT interconnect (VLTi). Dell_VLTpeer2(conf)#vlt domain 999 Dell_VLTpeer2(conf-vlt-domain)#peer-link port-channel 100 Dell_VLTpeer2(conf-vlt-domain)#back-up destination 10.11.206.23 Dell_VLTpeer2(conf-vlt-domain)#exit Configure the backup link. Dell_VLTpeer2(conf)#interface ManagementEthernet 0/0 Dell_VLTpeer2(conf-if-ma-0/0)#ip address 10.11.206.
no ip address switchport channel-member fortyGigE 1/18,22 no shutdown Troubleshooting VLT To help troubleshoot different VLT issues that may occur, use the following information. NOTE: For information on VLT Failure mode timing and its impact, contact your Dell Networking representative. Table 76.
Description Behavior at Peer Up Behavior During Run Time Action to Take System MAC mismatch A syslog error message and an SNMP trap are generated. A syslog error message and an SNMP trap are generated. Verify that the unit ID of VLT peers is not the same on both units and that the MAC address is the same on both units. Unit ID mismatch The VLT peer does not boot up. The VLTi is forced to a down state. The VLT peer does not boot up. The VLTi is forced to a down state.
Specifying VLT Nodes in a PVLAN You can configure VLT peer nodes in a private VLAN (PVLAN) on the S4820T platform. VLT enables redundancy without the implementation of Spanning Tree Protocol (STP), and provides a loop-free network with optimal bandwidth utilization. Because the VLT LAG interfaces are terminated on two different nodes, PVLAN configuration of VLT VLANs and VLT LAGs are symmetrical and identical on both the VLT peers. PVLANs provide Layer 2 isolation between ports within the same VLAN.
not validated if you associate an ICL to a PVLAN. Similarly, if you dissociate an ICL from a PVLAN, although the PVLAN parity exists, ICL is removed from that PVLAN. Association of VLTi as a Member of a PVLAN If a VLAN is configured as a non-VLT VLAN on both the peers, the VLTi link is made a member of that VLAN if the VLTi link is configured as a PVLAN or normal VLAN on both the peers.
PVLAN Operations When a VLT Peer is Restarted When the VLT peer node is rebooted, the VLAN membership of the VLTi link is preserved and when the peer node comes back online, a verification is performed with the newly received PVLAN configuration from the peer. If any differences are identified, the VLTi link is either added or removed from the VLAN. When the peer node restarts and returns online, all the PVLAN configurations are exchanged across the peers.
VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Mac Synchronization Peer1 Peer2 Peer1 Peer2 Promiscuo us Trunk Primary Primary Yes No Trunk Access Primary Secondary No No Promiscuo us Promiscuo us Primary Primary Yes Yes Promiscuo us Access Primary Secondary No No Promiscuo us Promiscuo us Primary Primary Yes Yes - Secondary (Community) - Secondary (Isolated) No No Secondary (Community) Secondary (Isolated) No No • • Yes Yes Access Promiscuo us Acc
VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Mac Synchronization Peer1 Peer2 Peer1 Peer2 Access Access Secondary (Community) Secondary (Community) No No - Primary VLAN Y - Primary VLAN X No No Promiscuo us Access Primary Secondary No No Trunk Access Primary/Normal Secondary No No Configuring a VLT VLAN or LAG in a PVLAN You can configure the VLT peers or nodes in a private VLAN (PVLAN).
4. Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown 5. To configure the VLT interconnect, repeat Steps 1–4 on the VLT peer switch. 6. Enter VLT-domain configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000. 7. Enter the port-channel number that acts as the interconnect trunk. VLT DOMAIN CONFIGURATION mode peer-link port-channel id-number The range is from 1 to 128. 8.
5. Access INTERFACE VLAN mode for the VLAN to which you want to assign the PVLAN interfaces. CONFIGURATION mode interface vlan vlan-id 6. Enable the VLAN. INTERFACE VLAN mode no shutdown 7. To obtain maximum VLT resiliency, configure the PVLAN IDs and mappings to be identical on both the VLT peer nodes. Set the PVLAN mode of the selected VLAN to primary. INTERFACE VLAN mode private-vlan mode primary 8. Map secondary VLANs to the selected primary VLAN.
proxy ARP. For example, consider a sample topology in which VLAN 100 is configured on two VLT nodes, node 1 and node 2. ICL link is not configured between the two VLT nodes. Assume that the VLAN 100 IP address in node 1 is 10.1.1.1/24 and VLAN 100 IP address in node 2 is 20.1.1.2/24. In this case, if the ARP request for 20.1.1.1 reaches node 1, node 1 will not perform the ARP request for 20.1.1.2. Proxy ARP is supported only for the IP address belongs to the received interface IP network.
VLT Nodes as Rendezvous Points for Multicast Resiliency You can configure virtual link trunking (VLT) peer nodes as rendezvous points (RPs) in a Protocol Independent Multicast (PIM) domain on the S4820T platform. PIM uses a VLT node as the RP to distribute multicast traffic to a multicast group. Messages to join the multicast group (Join messages) and data are sent towards the RP, so that receivers can discover who the senders are and begin receiving traffic destined for the multicast group.
VLT Proxy Gateway 60 This chapter describes the VLT Proxy Gateway feature. Proxy Gateway in VLT Domains The functionality to configure the proxy gateway in VLT domains is supported on the S4810, S4820T, S6000, Z9000 platforms. You can configure a proxy gateway in VLT domains. A proxy gateway enables you to locally route the packets that are destined to L3 endpoint of the other VLT domain.
When the routing table across DCs is not symmetrical, there is a possibility of a routing miss by a DC that do not have the route for the L3 traffic. Since routing protocols will enabled and both the DC’s comes in same subnet there will not be route asymmetry dynamically. But if static route is configured on one DC and not on the other, it will result is asymmetry. Proxy routing can still be achieved locally by configuring a static route or default gateway.
8. LLDP port channel interface can’t be changed to legacy lag when proxy gateway is enabled. 9.“vlt-peer-mac transmit” is recommended only for square VLT without any diagonal links. 10. VRRP and IPv6 routing is not supported now. 11. With the existing hardware capabilities, only 512 my_station_tcam entries can be supported. 12. PVLAN not supported 13. After VM Motion, it’s expected that VM Host will send GARP in term, host previous VLT Domain will have mac movement points to newer VLT Domain 14.
• There are only a couple of MACs for each unit to be transmitted so that all current active MACs can definitely be carried on the newly defined TLV. • This TLV is recognizable only by FTOS devices with this feature support. Other device will ignore this field and should still be able to process other standard TLVs. The LLDP organizational TLV passes local DA information to peer VLT domain devices so they can act as proxy gateway.
2. Trace route across VLT domains may show extra hops. 3. IP route symmetry must be maintained across the VLT domains. Assume if the route to a destination is not available at C2, though the packet hits the MY_STATION_TCAM and routing is enabled for that VLAN, if there is no entry for that prefix in the routing table it will dropped to CPU. By default, all route miss packets are given to CPU. To avoid this static entry must be configured. 4.
8. Packet duplication – Assume exclude-vlan (say VLAN 10) is configured on C2/D2 for C1’s MAC. If packets for VLAN 10 with C1’s MAC get a hit at C2, they will be switched to both D2 (via ICL) and C1 via inter DC link. This could lead to packet duplication. So, if C1’s MAC is learnt at C2 then the packet would not have flooded (to D2) and only switched to C1 and thus avoided packet duplication. Configuring an LLDP VLT Proxy Gateway You can configure a proxy gateway in VLT domains.
Virtual Routing and Forwarding (VRF) 61 Virtual Routing and Forwarding (VRF) is supported only on platform S4820T VRF Overview VRF allows a physical router to partition itself into multiple Virtual Routers (VRs). The control and data plane are isolated in each VR so that traffic does NOT flow across VRs.Virtual Routing and Forwarding (VRF) allows multiple instances of a routing table to co-exist within the same router at the same time.
Figure 133. VRF Network Example VRF Configuration Notes On routers, VRF feature supports up to 64 VRF instances: 1 to 63 and the default VRF (0). Although there is no restriction on the number of VLANs that can be assigned to a VRF instance, the total number of routes supported in VRF is limited by the size of the IPv4 CAM. VRF is implemented in a network device by using Forwarding Information Bases (FIBs).
A network device may have the ability to configure different virtual routers, where entries in the FIB that belong to one VRF cannot be accessed by another VRF on the same device. Only Layer 3 interfaces can belong to a VRF.
Feature/Capability Support Status for Default VRF Support Status for Non-default VRF FRRP (if applicable) for VLANs Yes No Multicast protocols (PIM-SM, PIM-DM, MSDP) Yes No Layer 3 (IPv4/IPv6) ACLs, TraceLists, PBR, QoS on VLANs Yes Yes Layer 3 (IPv4/IPv6) ACLs, TraceLists, PBR, QoS on physical interfaces and LAGs Yes IPv4 ARP Yes Yes IPv6 Neighbor Discovery Yes No Layer 2 ACLs on VLANs Yes No FEED Yes No Layer 2 QoS Yes Yes Support for storm-control (broadcast and unknownunicas
Feature/Capability Support Status for Default VRF Support Status for Non-default VRF BGP Yes No ACL Yes Yes Multicast Yes No NDP Yes No RAD Yes No Ingress/Egress Storm-Control (per-interface/global) Yes No DHCP DHCP requests are not forwarded across VRF instances. The DHCP client and server must be on the same VRF instance. VRF Configuration The VRF configuration tasks are: 1. Enabling VRF in Configuration Mode 2. Creating a Non-Default VRF 3.
Task Command Syntax Command Mode and VRF ID number, and enter VRF configuration mode. Assign an Interface to a VRF You must enter the ip vrf forwarding command before you configure the IP address or any other setting on an interface. NOTE: You can configure an IP address or subnet on a physical or VLAN interface that overlaps the same IP address or subnet configured on another interface only if the interfaces are assigned to different VRFs.
Configure VRRP on a VRF You can configure the VRRP feature on interfaces that belong to a VRF instance. In a virtualized network that consists of multiple VRFs, various overlay networks can exist on a shared physical infrastructure. Nodes (hosts and servers) that are part of the VRFs can be configured with IP static routes for reaching specific destinations through a given gateway in a VRF.
Figure 134.
Figure 135. Setup VRF Interfaces The following example relates to the configuration shown in Figure1 and Figure 2.
Router 1 ip vrf blue 1 ! ip vrf orange 2 ! ip vrf green 3 ! interface TenGigabitEthernet 3/0 no ip address switchport no shutdown ! interface GigabitEthernet 7/0 ip vrf forwarding blue ip address 10.0.0.1/24 no shutdown ! interface GigabitEthernet 7/1 ip vrf forwarding orange ip address 20.0.0.1/24 no shutdown ! interface GigabitEthernet 7/2 ip vrf forwarding green ip address 30.0.0.1/24 no shutdown ! interface Vlan 128 ip vrf forwarding blue ip address 1.0.0.
Router 2 ip vrf blue 1 ! ip vrf orange 2 ! ip vrf green 3 ! interface TenGigabitEthernet 3/0 no ip address switchport no shutdown ! interface GigabitEthernet 9/18 ip vrf forwarding blue ip address 11.0.0.1/24 no shutdown ! interface GigabitEthernet 9/19 ip vrf forwarding orange ip address 21.0.0.1/24 no shutdown ! interface GigabitEthernet 9/20 ip vrf forwarding green ip address 31.0.0.1/24 no shutdown ! interface Vlan 128 ip vrf forwarding blue ip address 1.0.0.
The following shows the output of the show commands on Router 1. Router 1 Dell#show ip vrf VRF-Name VRF-ID Interfaces default-vrf 0 blue 1 orange 2 green 3 Dell#show ip ospf 1 neighbor Neighbor ID Pri State 1.0.0.2 1 FULL/DR Dell#sh ip ospf 2 neighbor Neighbor ID Pri State 2.0.0.
O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Last Change --------------------------C 2.0.0.0/24 Direct, Vl 192 00:20:55 C 20.0.0.0/24 Direct, Gi 7/1 0/0 00:10:05 O 21.0.0.0/24 via 2.0.0.
9/0-17,21-47, Gi 11/0-47, Gi 12/0-47, Gi 13/0-47, blue 1 orange 9/19, 2 green Dell#show ip ospf 1 neighbor Neighbor ID Pri Interface Area 1.0.0.1 1 FULL/BDR 128 0 ! Dell#sh ip ospf 2 neighbor Neighbor ID Pri Interface Area 2.0.0.1 1 FULL/BDR 192 0 ! Dell#show ip route vrf blue Ma 0/0, Ma 1/0, Nu 0, Vl 1 Gi 9/18, Vl 128 Gi Vl 192 Gi 9/20, Vl 256 3 State Dead Time 00:00:36 State Dead Time 00:00:33 Address 1.0.0.1 Vl Address 2.0.0.
L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Last Change --------------------C 2.0.0.0/24 00:26:44 O 20.0.0.0/24 00:14:22 C 21.0.0.0/24 0/0 Gateway Dist/Metric ------- ----------- Direct, Vl 192 via 2.0.0.
ip vrf forwarding VRF2 ip address 140.0.0.1/24 ip route vrf VRF1 20.0.0.0/16 140.0.0.2 vrf VRF2 ip route vrf VRF2 40.0.0.0/16 120.0.0.
Virtual Router Redundancy Protocol (VRRP) 62 Virtual router redundancy protocol (VRRP) is supported on the S4820T platform. VRRP Overview VRRP is designed to eliminate a single point of failure in a statically routed network. VRRP specifies a MASTER router that owns the next hop IP and MAC address for end stations on a local area network (LAN). The MASTER router is chosen from the virtual routers by an election process and forwards packets sent to the next hop IP address.
Figure 136. Basic VRRP Configuration VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End-station connections to the network are redundant and are not dependent on internal gateway protocol (IGP) protocols to converge or update routing tables. VRRP Implementation Within a single VRRP group, up to 12 virtual IP addresses are supported.
decreases based on the dynamics of the network, the advertisement intervals may increase or decrease accordingly. CAUTION: Increasing the advertisement interval increases the VRRP Master dead interval, resulting in an increased failover time for Master/Backup election. Take caution when increasing the advertisement interval, as the increased dead interval may cause packets to be dropped during that switch-over time. Table 79.
INTERFACE mode vrrp-group vrid The VRID range is from 1 to 255. • NOTE: The interface must already have a primary IP address defined and be enabled, as shown in the second example. Delete a VRRP group. INTERFACE mode no vrrp-group vrid Example of Configuring VRRP Example of Verifying the VRRP Configuration Dell(conf)#int gi 1/1 Dell(conf-if-gi-1/1)#vrrp-group 111 Dell(conf-if-gi-1/1-vrid-111)# Dell(conf-if-gi-1/1)#show conf ! interface GigabitEthernet 1/1 ip address 10.10.10.
belonging to either subnet 50.1.1.0/24 or subnet 60.1.1.0/24, but not from both subnets (though Dell Networking OS allows the same). • If the virtual IP address and the interface’s primary/secondary IP address are the same, the priority on that VRRP group MUST be set to 255. The interface then becomes the OWNER router of the VRRP group and the interface’s physical MAC address is changed to that of the owner VRRP group’s MAC address.
The following example shows the same VRRP group (VRID 111) configured on multiple interfaces on different subnets. Dellshow vrrp -----------------GigabitEthernet 1/1, VRID: 111, Net: 10.10.10.1 State: Master, Priority: 255, Master: 10.10.10.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 1768, Gratuitous ARP sent: 5 Virtual MAC address: 00:00:5e:00:01:6f Virtual IP address: 10.10.10.1 10.10.10.2 10.10.10.3 10.10.10.
Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 2343, Gratuitous ARP sent: 5 Virtual MAC address: 00:00:5e:00:01:6f Virtual IP address: 10.10.10.1 10.10.10.2 10.10.10.3 10.10.10.10 Authentication: (none) -----------------GigabitEthernet 1/2, VRID: 111, Net: 10.10.2.1 State: Master, Priority: 125, Master: 10.10.2.
Disabling Preempt The preempt command is enabled by default. The command forces the system to change the MASTER router if another router with a higher priority comes online. Prevent the BACKUP router with the higher priority from becoming the MASTER router by disabling preempt. NOTE: You must configure all virtual routers in the VRRP group the same: you must configure all with preempt enabled or configure all with preempt disabled.
The range is from 1 to 255 seconds. The default is 1 second. Example of the advertise-interval Command Example of Verifying the Configured Advertisement Interval Dell(conf-if-gi-1/1)#vrrp-group 111 Dell(conf-if-gi-1/1-vrid-111)#advertise-interval 10 Dell(conf-if-gi-1/1-vrid-111)# Dell(conf-if-gi-1/1-vrid-111)#show conf ! vrrp-group 111 advertise-interval 10 authentication-type simple 7 387a7f2df5969da4 no preempt priority 255 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.
NOTE: You can configure a tracked object for a VRRP group (using the track object-id command in INTERFACE-VRID mode) before you actually create the tracked object (using a track object-id command in CONFIGURATION mode). However, no changes in the VRRP group’s priority occur until the tracked object is defined and determined to be down.
advertise-interval 10 authentication-type simple 7 387a7f2df5969da4 no preempt priority 255 track GigabitEthernet 1/2 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.3 virtual-address 10.10.10.
Setting VRRP Initialization Delay VRRP initialization delay is supported on the S4820T platform. When configured, VRRP is enabled immediately upon system reload or boot. You can delay VRRP initialization to allow the IGP and EGP protocols to be enabled prior to selecting the VRRP Master. This delay ensures that VRRP initializes with no errors or conflicts. You can configure the delay for up to 15 minutes, after which VRRP enables normally.
Sample Configurations Before you set up VRRP, review the following sample configurations. VRRP for an IPv4 Configuration The following configuration shows how to enable IPv4 VRRP. This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes.
Example of Configuring VRRP for IPv4 Router 2 Example of Configuring VRRP for IPv6 Router 2 and Router 3 R2(conf)#int gi 2/31 R2(conf-if-gi-2/31)#ip address 10.1.1.1/24 R2(conf-if-gi-2/31)#vrrp-group 99 R2(conf-if-gi-2/31-vrid-99)#priority 200 R2(conf-if-gi-2/31-vrid-99)#virtual 10.1.1.3 R2(conf-if-gi-2/31-vrid-99)#no shut R2(conf-if-gi-2/31)#show conf ! interface GigabitEthernet 2/31 ip address 10.1.1.1/24 ! vrrp-group 99 priority 200 virtual-address 10.1.1.
Figure 138. VRRP for an IPv6 Configuration NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be MASTER even if one of two routers has a higher IP or IPv6 address. Configure a virtual link local (fe80) address for each VRRPv3 group created for an interface. The VRRPv3 group becomes active as soon as you configure the link local address.
Although R2 and R3 have the same default, priority (100), R2 is elected master in the VRRPv3 group because the GigE 0/0 interface has a higher IPv6 address than the GigE 1/0 interface on R3.
VRRP in a VRF Configuration The following example shows how to enable VRRP operation in a VRF virtualized network for the following scenarios. • Multiple VRFs on physical interfaces running VRRP. • Multiple VRFs on VLAN interfaces running VRRP. To view a VRRP in a VRF configuration, use the show commands. VRRP in a VRF: Non-VLAN Scenario The following example shows how to enable VRRP in a non-VLAN.
Figure 139. VRRP in a VRF: Non-VLAN Example Example of Configuring VRRP in a VRF on Switch-1 (Non-VLAN) Example of Configuring VRRP in a VRF on Switch-2 (Non-VLAN Configuration) Switch-1 S1(conf)#ip vrf default-vrf 0 ! S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface GigabitEthernet 12/1 S1(conf-if-gi-12/1)#ip vrf forwarding VRF-1 S1(conf-if-gi-12/1)#ip address 10.10.1.
S1(conf-if-gi-12/2)#no shutdown ! S1(conf)#interface GigabitEthernet 12/3 S1(conf-if-gi-12/3)#ip vrf forwarding VRF-3 S1(conf-if-gi-12/3)#ip address 20.1.1.5/24 S1(conf-if-gi-12/3)#vrrp-group 15 % Info: The VRID used by the VRRP group 15 in VRF 3 will be 243. S1(conf-if-gi-12/3-vrid-105)#priority 255 S1(conf-if-gi-12/3-vrid-105)#virtual-address 20.1.1.
associated with each VLAN are configured on the provider edge (PE) router in the point-of-presence (POP).
S2(conf-if-vl-100)#tagged gigabitethernet 12/4 S2(conf-if-vl-100)#vrrp-group 11 % Info: The VRID used by the VRRP group 11 in VRF 1 will be 177. S2(conf-if-vl-100-vrid-101)#priority 255 S2(conf-if-vl-100-vrid-101)#virtual-address 10.10.1.2 S2(conf-if-vl-100)#no shutdown ! S2(conf-if-gi-12/4)#interface vlan 200 S2(conf-if-vl-200)#ip vrf forwarding VRF-2 S2(conf-if-vl-200)#ip address 10.10.1.
S-Series Debugging and Diagnostics 63 This chapter describes debugging and diagnostics for the S4820T platform. Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostics tests are grouped into three levels: • Level 0 — Level 0 diagnostics check for the presence of various components and perform essential path verifications. In addition, Level 0 diagnostics verify the identification registers of the components on the board.
Running Offline Diagnostics To run offline diagnostics, use the following commands. For more information, refer to the examples following the steps. 1. Place the unit in the offline state. EXEC Privilege mode offline stack-unit You cannot enter this command on a MASTER or Standby stack unit. NOTE: The system reboots when the offline diagnostics complete. This is an automatic process.
Example of the offline stack-unit Command Example of the show system brief Command Example of the diag Command (Standalone Unit) Example of the diag Command (Stack Member) Example of the show file flash:\\ Command (Standalone Unit) Dell#offline stack-unit 2 Warning - Diagnostic execution will cause stack-unit to reboot after completion of diags.
00:09:37: %S50N:0 %DIAGAGT-6-DA_DIAG_DONE: Diags finished on stack unit 0 Diags completed... Rebooting the system now!!! [reboot output omitted] S50N#00:01:35: %STKUNIT0-M:CP %SYS-5-CONFIG_I: Configured from console by console dir Directory of flash: 1 drw- 16384 Jan 01 1980 00:00:00 +00:00 . 2 drwx 1536 Feb 29 1996 00:05:22 +00:00 ..
Country Code: 01 Date Code: 12172007 Serial Number: DL267160098 Part Number: 7590003600 Product Revision: B Product Order Number: ${ *************** LEVEL 0 DIAGNOSTICS************************** Test 0 - CPLD Presence Test ............................ PASS Hardware PCB Revision is - Revision B Test 1 - CPLD Hardware PCB Revision Test ............... PASS Test 2.000 - CPLD Fan-0 Presence Test .................. PASS Test 2.001 - CPLD Fan-1 Presence Test .................. PASS Test 2.
Table 80. Line Card Restart Causes and Reasons Causes Displayed Reasons Remote power cycle of the chassis push button reset reload soft reset reboot after a crash soft reset Hardware Watchdog Timer The hardware watchdog command automatically reboots an Dell Networking OS switch/router with a single RPM that is unresponsive. This is a last resort mechanism intended to prevent a manual power cycle. Using the Show Hardware Commands The show hardware command tree is supported on the S4820T only.
• show hardware stack-unit {0-11} buffer unit {0-1} port {1-64 | all} bufferinfo View the forwarding plane statistics containing the packet buffer statistics per COS per port. EXEC Privilege mode • show hardware stack-unit {0-11} buffer unit {0-1} port {1-64} queue {0-14 | all} buffer-info View input and output statistics on the party bus, which carries inter-process communication traffic between CPUs.
show hardware stack-unit {0-11} unit {0-1} table-dump {table name} Enabling Environmental Monitoring The S4820T components use environmental monitoring hardware to detect transmit power readings, receive power readings, and temperature updates. To receive periodic power updates, you must enable the following command. • Enable environmental monitoring.
2. Check air flow through the system. Ensure that the air ducts are clean and that all fans are working correctly. 3. After the software has determined that the temperature levels are within normal limits, you can repower the card safely. To bring back the line card online, use the power-on command in EXEC mode. In addition, to control airflow for adequate system cooling, Dell Networking requires that you install blanks in all slots without a line card.
OID String OID Name Description .1.3.6.1.4.1.6027.3.16.1.1.4 fpPacketBufferTable View the modular packet buffers details per stack unit and the mode of allocation. .1.3.6.1.4.1.6027.3.16.1.1.5 fpStatsPerPortTable View the forwarding plane statistics containing the packet buffer usage per port per stack unit. .1.3.6.1.4.1.6027.3.16.1.1.6 fpStatsPerCOSTable View the forwarding plane statistics containing the packet buffer statistics per COS per port.
• Dynamic buffer — this pool is shared memory that is allocated as needed, up to a configured limit. Using dynamic buffers provides the benefit of statistical buffer sharing. An interface requests dynamic buffers when its dedicated buffer pool is exhausted. The buffer manager grants the request based on three conditions: – The number of used and available dynamic buffers. – The maximum number of cells that an interface can occupy. – Available packet pointers (2k per interface).
• Reduce the dedicated buffer on all queues/interfaces. • Increase the dynamic buffer on all interfaces. • Increase the cell pointers on a queue that you are expecting will receive the largest number of packets. To define, change, and apply buffers, use the following commands. • Define a buffer profile for the FP queues. CONFIGURATION mode • buffer-profile fp fsqueue Define a buffer profile for the CSF queues.
You cannot allocate more than the available memory for the dedicated buffers. If the system determines that the sum of the configured dedicated buffers allocated to the queues is more than the total available memory, the configuration is rejected, returning a syslog message similar to the following: 00:04:20: %S50N:0 %DIFFSERV-2-DSA_DEVICE_BUFFER_UNAVAILABLE: Unable to allocate dedicated buffers for stack-unit 0, port pipe 0, egress port 25 due to unavailability of cells.
6 7 3.00 3.00 256 256 Dell#sho buffer-profile detail fp-uplink stack-unit 0 port-set 0 Linecard 0 Port-set 0 Buffer-profile fsqueue-hig Dynamic Buffer 1256.00 (Kilobytes) Queue# Dedicated Buffer Buffer Packets (Kilobytes) 0 3.00 256 1 3.00 256 2 3.00 256 3 3.00 256 4 3.00 256 5 3.00 256 6 3.00 256 7 3.
Sample Buffer Profile Configuration The two general types of network environments are sustained data transfers and voice/data. Dell Networking recommends a single-queue approach for data transfers.
Displaying Drop Counters To display drop counters, use the following commands. • Identify which stack unit, port pipe, and port is experiencing internal drops. • show hardware stack-unit 0–11 drops [unit 0 [port 0–63]] Display drop counters.
--- Egress FORWARD PROCESSOR Drops --IPv4 L3UC Aged & Drops : 0 TTL Threshold Drops : 0 INVALID VLAN CNTR Drops : 0 L2MC Drops : 0 PKT Drops of ANY Conditions : 0 Hg MacUnderflow : 0 TX Err PKT Counter : 0 Dataplane Statistics The show hardware stack-unit cpu data-plane statistics command provides insight into the packet types coming to the CPU.
txPkt(COS7) txPkt(UNIT0) :0 :0 Dell#sh hardware stack-unit 2 cpu party-bus statistics Input Statistics: 27550 packets, 2559298 bytes 0 dropped, 0 errors Output Statistics: 1649566 packets, 1935316203 bytes 0 errors Display Stack Port Statistics The show hardware stack-unit stack-port command displays input and output statistics for a stack-port interface.
GT255.ge0 GT511.ge0 GTPKT.ge0 GTBCA.ge0 GTBYT.ge0 RUC.cpu0 TDBGC6.cpu0 : : : : : : : 4 1 973 1 71,531 972 1,584 +4 +1 +972 +1 +71,467 +971 +1,449= Enabling Application Core Dumps Application core dumps are disabled by default. A core dump file can be very large. Due to memory requirements the file can only be sent directly to an FTP server; it is not stored on the local flash. To enable full application core dumps, use the following command. • Enable RPM core dumps and specify the Shutdown mode.
10 -rw11 -rw12 -rw13 -rw- 156 156 156 156 Aug 28 2009 19:07:36 +00:00 f10StkUnit0.frrp.acore.mini.txt Aug 31 2009 16:18:50 +00:00 f10StkUnit2.sysd.acore.mini.txt Aug 29 2009 14:28:34 +00:00 f10StkUnit0.ipm1.acore.mini.txt Aug 31 2009 16:14:56 +00:00 f10StkUnit0.acl.acore.mini.
Standards Compliance 64 This chapter describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking Operating System (OS), Dell Networking OS also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website.
MTU 9,252 bytes RFC and I-D Compliance Dell Networking OS supports the following standards. The standards are grouped by related protocol. The columns showing support by platform indicate which version of Dell Networking OS first supports the standard. General Internet Protocols The following table lists the Dell Networking OS support per platform for general internet protocols. Table 83. General Internet Protocols RFC# Full Name S-Series 768 User Datagram Protocol 7.6.
General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols. Table 84. General IPv4 Protocols RFC# Full Name S-Series 791 Internet Protocol 7.6.1 792 Internet Control Message Protocol 7.6.1 826 An Ethernet Address Resolution Protocol 7.6.1 1027 Using ARP to Implement Transparent Subnet Gateways 7.6.1 1035 DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION (client) 7.6.
General IPv6 Protocols The following table lists the Dell Networking OS support per platform for general IPv6 protocols. Table 85. General IPv6 Protocols RFC# Full Name S-Series 1886 DNS Extensions to support IP version 6 7.8.1 1981 (Partial) Path MTU Discovery for IP version 6 7.8.1 2460 Internet Protocol, Version 6 (IPv6) Specification 7.8.1 2462 (Partial) IPv6 Stateless Address Autoconfiguration 7.8.1 2464 Transmission of IPv6 Packets over Ethernet Networks 7.8.
RFC# Full Name S-Series/Z-Series 2545 Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing 2796 BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP) 2842 Capabilities Advertisement with BGP-4 7.8.1 2858 Multiprotocol Extensions for BGP-4 7.8.1 2918 Route Refresh Capability for BGP-4 7.8.1 3065 Autonomous System Confederations for BGP 7.8.1 4360 BGP Extended Communities Attribute 7.8.1 4893 BGP Support for Four-octet AS Number Space 7.8.
Intermediate System to Intermediate System (IS-IS) The following table lists the Dell Networking OS support per platform for IS-IS protocol. Table 88.
Multicast The following table lists the Dell Networking OS support per platform for Multicast protocol. Table 90. Multicast RFC# Full Name S-Series 1112 Host Extensions for IP Multicasting 7.8.1 2236 Internet Group Management Protocol, 7.8.1 Version 2 2710 Multicast Listener Discovery (MLD) for IPv6 3376 Internet Group Management Protocol, 7.8.
RFC# Full Name S4810 S4820T Z9000 Management of TCP/IPbased internets 1157 A Simple Network Management Protocol (SNMP) 7.6.1 1212 Concise MIB Definitions 7.6.1 1215 A Convention for Defining 7.6.1 Traps for use with the SNMP 1493 Definitions of Managed 7.6.1 Objects for Bridges [except for the dot1dTpLearnedEntryDisc ards object] 1724 RIP Version 2 MIB Extension 1850 OSPF Version 2 7.6.1 Management Information Base 1901 Introduction to Community-based SNMPv2 7.6.
RFC# Full Name S4810 S4820T Z9000 Digital Hierarchy (SONET/ SDH) Interface Type 2570 Introduction and Applicability Statements for Internet Standard Management Framework 7.6.1 2571 An Architecture for 7.6.1 Describing Simple Network Management Protocol (SNMP) Management Frameworks 2572 Message Processing and Dispatching for the Simple Network Management Protocol (SNMP) 2574 User-based Security 7.6.
RFC# Full Name S4810 S4820T Z9000 radiusAuthClientMalforme dAccessResponses radiusAuthClientUnknown Types radiusAuthClientPacketsD ropped 3635 Definitions of Managed Objects for the Ethernetlike Interface Types 7.6.1 2674 Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering and Virtual LAN Extensions 7.6.1 2787 Definitions of Managed Objects for the Virtual Router Redundancy Protocol 7.6.
RFC# Full Name S4810 3418 Management Information 7.6.1 Base (MIB) for the Simple Network Management Protocol (SNMP) 3434 Remote Monitoring MIB Extensions for High Capacity Alarms, HighCapacity Alarm Table (64 bits) 7.6.1 3580 IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines 7.6.1 3815 Definitions of Managed Objects for the Multiprotocol Label Switching (MPLS), Label Distribution Protocol (LDP) 4001 Textual Conventions for Internet Network Addresses 8.3.
RFC# Full Name S4810 S4820T Z9000 9.2(0.0) 9.2(0.0) 9.2(0.0) 9.2.(0.0) 9.2.(0.0) isisISAdjTable isisISAdjAreaAddrTable isisISAdjIPAddrTable isisISAdjProtSuppTable draft-ietf-netmodinterfaces-cfg-03 Defines a YANG data model for the configuration of network interfaces. Used in the Programmatic Interface RESTAPI feature. IEEE 802.1AB Management Information 7.7.1 Base module for LLDP configuration, statistics, local system data and remote systems data components. IEEE 802.
RFC# Full Name S4810 FORCE10-FIB-MIB Force10 CIDR Multipath Routes MIB (The IP Forwarding Table provides information that you can use to determine the egress port of an IP packet and troubleshoot an IP reachability issue.
RFC# Full Name S4810 FORCE10-TRAPALARM-MIB Force10 Trap Alarm MIB 7.6.1 S4820T Z9000 MIB Location You can find Force10 MIBs under the Force10 MIBs subhead on the Documentation page of iSupport: https://www.force10networks.com/CSPortal20/KnowledgeBase/Documentation.aspx You also can obtain a list of selected MIBs and their OIDs at the following URL: https://www.force10networks.com/CSPortal20/Main/Login.aspx Some pages of iSupport require a login. To request an iSupport account, go to: https://www.
