FTOS Configuration Guide for the S4820T (FTOS 8.3.19.
Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Information in this publication is subject to change without notice. © 2013 Dell Force10. All rights reserved.
1 About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Configure Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63 Log Messages in the Internal Buffer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63 Configuration Task List for System Log Management . . . . . . . . . . . . . . . . . . . . . . . .63 Disable System Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Linktrace Message and Response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88 Link Trace Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89 Enable CFM SNMP Traps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90 Display Ethernet CFM Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .91 6 802.1X . . . . . . . . . . . . . .
www.dell.com | support.dell.com Configuration Task List for Prefix Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129 ACL Resequencing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133 Resequencing an ACL or Prefix List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134 Route Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4-Byte AS Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .192 AS4 Number Representation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193 AS Number Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195 BGP4 Management Information Base (MIB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .197 Important Points to Remember . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267 Differences Between EtherScale and TeraScale . . . . . . . . . . . . . . . . . . . . . . . . . . .267 Select CAM Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .268 CAM Allocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ETS Operation with DCBx . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .307 Configuring Bandwidth Allocation for DCBx CIN . . . . . . . . . . . . . . . . . . . . . . . . . . .308 Applying DCB Policies in a Switch Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309 Configuring DCBx Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .310 DCBx Operation . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com 15 Equal Cost Multi-Path (ECMP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361 ECMP for Flow-based Affinity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .361 Configurable Hash Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .361 Deterministic ECMP Next Hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuration Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .395 Sample Configuration and Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .395 19 GARP VLAN Registration Protocol (GVRP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397 Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .397 Important Points to Remember . . . . . . . . . .
www.dell.com | support.dell.com Adjusting Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .430 Adjusting Query and Response Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .430 Adjusting the IGMP Querier Timeout Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .431 Configuring a Static IGMP Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Assign a debounce time to an interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .466 Show debounce times in an interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .466 Disable ports when one only SFM is available (E300 only) . . . . . . . . . . . . . . . . . .466 Disable port on one SFM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .467 Link Dampening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Troubleshooting UDP Helper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .501 24 iSCSI Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503 iSCSI Optimization Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .503 Monitoring iSCSI Traffic Flows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Addressing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .550 Implementing IPv6 with FTOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .551 ICMPv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 554 Path MTU Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com mac learning-limit mac-address-sticky . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .591 mac learning-limit station-move . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .591 Learning Limit Violation Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .591 Station Move Violation Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
30 Multicast Source Discovery Protocol (MSDP) . . . . . . . . . . . . . . . . . . . . . . . . . . . 631 Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .631 Anycast RP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .632 Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com 32 Multicast Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 675 Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .675 Enable IP Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .675 Multicast with ECMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure a Static Rendezvous Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .722 Override Bootstrap Router Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .723 Configure a Designated Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .723 Create Multicast Boundaries and Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .724 PIM-SM Graceful Restart . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Configure Port-based Rate Policing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .761 Configure Port-based Rate Limiting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .762 Configure Port-based Rate Shaping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .763 Policy-based QoS Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .764 Classify Traffic . . . . . . . .
SNMP Traps for Root Elections and Topology Changes . . . . . . . . . . . . . . . . . . . . . . . .815 Fast Hellos for Link State Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .815 42 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 817 AAA Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Honor the Incoming DEI Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .865 Mark Egress Packets with a DEI Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .866 Dynamic Mode CoS for VLAN Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .866 Layer 2 Protocol Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Subscribe to Managed Object Value Updates using SNMP . . . . . . . . . . . . . . . . . . . . .891 Copy Configuration Files Using SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .895 Manage VLANs using SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .901 Create a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .901 Assign a VLAN Alias . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Troubleshoot an S-Series Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .938 Recover from Stack Link Flaps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .938 Recover from a Card Problem State on an S-Series Stack . . . . . . . . . . . . . . . . . .939 Recover from a Card Mismatch State on an S-Series Stack . . . . . . . . . . . . . . . . .940 47 Storm Control . . . . . . . . . . . . . . . . . . . . . .
Disable NTP on an interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .969 Configure a source IP address for NTP packets . . . . . . . . . . . . . . . . . . . . . . . . . . .969 Configure NTP authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .970 FTOS Time and Date . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .973 Configuring time and date settings . . . . . . . . . . .
www.dell.com | support.dell.com VLT Port Delayed Restoration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1015 PIM-Sparse Mode Support on VLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1016 RSTP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1017 VLT Configuration Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Displaying Stack Member Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1086 Application core dumps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1087 Mini core dumps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1087 TCP dumps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1088 56 Standards Compliance .
| www.dell.com | support.dell.
1 About this Guide Objectives This guide describes the protocols and features supported by the Force10 Operating System (FTOS) and provides configuration instructions and examples for implementing them. It supports the system platforms E-Series, C-Series, and S-Series. Though this guide contains information on protocols, it is not intended to be a complete reference. This guide is a reference for configuring protocols on Dell Force10 systems.
www.dell.com | support.dell.com Information Symbols Table 1-1 describes symbols contained in this guide. Table 1-1. Information Symbols Symbol Warning Description Note This symbol informs you of important operational information. ces Platform Specific Feature This symbol informs you of a feature that supported on one or two platforms only: e is for E-Series, c is for C-Series, s is for S-Series.
About this Guide | 31
| About this Guide www.dell.com | support.dell.
2 Configuration Fundamentals The FTOS Command Line Interface (CLI) is a text-based interface through which you can configure interfaces and protocols. The CLI is largely the same for the E-Series, C-Series, and S-Series with the exception of some commands and command outputs. The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and you can limit user access to modes using privilege levels.
www.dell.com | support.dell.com CLI Modes Different sets of commands are available in each mode. A command found in one mode cannot be executed from another mode (with the exception of EXEC mode commands preceded by the command do; see The do Command in the Configuration Fundamentals chapter). You can set user access rights to commands and command modes using privilege levels; for more information on privilege levels and security options, refer to Privilege Levels Overview in the Security chapter.
IP IPv6 IP COMMUNITY-LIST IP ACCESS-LIST STANDARD ACCESS-LIST EXTENDED ACCESS-LIST LINE AUXILLIARY CONSOLE VIRTUAL TERMINAL MAC ACCESS-LIST MONITOR SESSION MULTIPLE SPANNING TREE Per-VLAN SPANNING TREE PREFIX-LIST RAPID SPANNING TREE REDIRECT ROUTE-MAP ROUTER BGP ROUTER ISIS ROUTER OSPF ROUTER RIP SPANNING TREE TRACE-LIST Note: In the example above, SONET is not supported on the S4810 or S4820T. Navigating CLI Modes The FTOS prompt changes to indicate the CLI mode.
Prompt Access Command EXEC Privilege FTOS# • • From EXEC mode, enter the command enable. From any other mode, use the command end. CONFIGURATION FTOS(conf)# • From EXEC privilege mode, enter the command configure. From every mode except EXEC and EXEC Privilege, enter the command exit. • Note: Access all of the following modes from CONFIGURATION mode. Note: SONET is not supported on the S4810 or S4820T.
Table 2-1.
www.dell.com | support.dell.
0 0 0 absent or down 1 up Speed in RPM up 18995 up 18995 Undoing Commands When you enter a command, the command line is added to the running configuration file. Disable a command and remove it from the running-config by entering the original command preceded by the command no. For example, to delete an ip address configured on an interface, use the no ip address ip-address command, as shown in the following example.
www.dell.com | support.dell.com change Change subcommands clock Manage the system clock clear configure copy debug --More-- • ? Reset functions Configuring from terminal Copy from one file to another Debug functions after a partial keyword lists all of the keywords that begin with the specified letters. FTOS(conf)#cl? class-map clock FTOS(conf)#cl • A keyword followed by [space]? lists all of the keywords that can follow the specified keyword.
Table 2-2. Short-Cut Keys and their Actions (continued) Key Combination Action CNTL-D Deletes character at cursor. CNTL-E Moves the cursor to the end of the line. CNTL-F Moves the cursor forward one character. CNTL-I Completes a keyword. CNTL-K Deletes all characters from the cursor to the end of the command line. CNTL-L Re-enters the previous command. CNTL-N Return to more recent commands in the history buffer after recalling commands with CTRL-P or the UP arrow key.
www.dell.com | support.dell.com • would not return that search result because it only searches for instances containing a non-capitalized “ethernet.” show run | grep ethernet Executing the command show run | grep Ethernet ignore-case would return instances containing both “Ethernet” and “ethernet.” • grep displays only the lines containing specified text. The following example shows this command used in combination with the command show linecard all.
6 Member not present 7 Member not present 8 Member not present 9 Member not present 11 Member not present -- Power Supplies -Unit Bay Status Type --------------------------------------------------------------0 0 up UNKNOWN 0 1 absent -- Fan Status -- Unit Bay TrayStatus Fan0 Speed Fan1 Speed ---------------------------------------------------------------0 0 absent or down 0 1 up up 18950 up 18950 Speed in RPM FTOS(conf)#do show system brief | find 10 10 Member not present 11 Member not present -- Pow
www.dell.com | support.dell.com 7 not present • • display displays additional configuration information. • save copies the output to a file for future reference. no-more displays the output all at once rather than one screen at a time. This is similar to the command terminal length except that the no-more option affects the output of the specified command only. Note: You can filter a single command output multiple times. The save option should be the last option entered.
3 Getting Started This chapter contains the following major sections: • • • • • • Default Configuration Configure a Host Name Access the System Remotely Configure the Enable Password Configuration File Management File System Management When you power up the chassis, the system performs a Power-On Self Test (POST) during which Route Processor Module (RPM), Switch Fabric Module (SFM), and line card status LEDs blink green.
www.dell.com | support.dell.com The RJ-45/RS-232 console port is labeled on the S4820T chassis. It is to the left of Fan Module 0, as you face the PSU side of the chassis. RJ-45 Console Port To access the console port, follow the procedures below. Refer to Table 3-1, "Pin Assignments Between the Console and a DTE Terminal Server," in Getting Started for the console port pinout. Step Task 1 Install an RJ-45 copper cable into the console port.
Table 3-1. Pin Assignments Between the Console and a DTE Terminal Server (continued) S-Series Console Port RJ-45 to RJ-45 Rollover Cable RJ-45 to DB-9 Adapter Terminal Server Device Signal DB-9 Pin Signal RJ-45 pinout RJ-45 Pinout NC 7 2 4 DTR CTS 8 1 7 RTS Default Configuration A version of FTOS is pre-loaded onto the chassis, however the system is not configured when you power up for the first time (except for the default hostname, which is FTOS).
www.dell.com | support.dell.com • The S-Series (except the S4810 and S4820T) does not have a dedicated management port, but is managed from any port. It does not have a separate management routing table. Access the C-Series, E-Series, S4810, and the S4820T Remotely Configuring the system for Telnet is a three-step process: 1. Configure an IP address for the management port. See Configure the Management Port IP Address. 2. Configure a management route with a default gateway.
To configure a management route: Step 1 Task Command Syntax Command Mode Configure a management route to the network from which you are accessing the system. management route ip-address/mask gateway CONFIGURATION • ip-address: the network address in dotted-decimal format (A.B.C.D). mask: a subnet mask in /prefix-length format (/ xx). gateway: the next hop for network traffic originating from the management port.
www.dell.com | support.dell.com 3. Configure a username and password using the command username from CONFIGURATION mode, as shown in the example below. R5(conf)#int gig 0/48 R5(conf-if-gi-0/48)#ip address 10.11.131.240 R5(conf-if-gi-0/48)#show config ! interface GigabitEthernet 0/48 ip address 10.11.131.240/24 no shutdown R5(conf-if-gi-0/48)#exit R5(conf)#ip route 10.11.32.0/23 10.11.131.
Configuration File Management Files can be stored on and accessed from various storage media. Rename, delete, and copy files on the system from the EXEC Privilege mode. The E-Series EtherScale platform architecture uses MMC cards for both the internal and external Flash memory. MMC cards support a maximum of 100 files. The E-Series TeraScale and ExaScale platforms architecture use Compact Flash for the internal and external Flash memory.
www.dell.com | support.dell.com Table 3-2.
To save the running-configuration: Note: The commands in this section follow the same format as those in Copy Files to and from the System in the Getting Started chapter but use the filenames startup-configuration and running-configuration. These commands assume that current directory is the internal flash, which is the system default.
www.dell.com | support.dell.com View Files File information and content can only be viewed on local file systems. To view a list of files on the internal or external Flash: Step 1 Task Command Syntax Command Mode the internal flash of an RPM dir flash: EXEC Privilege the external flash of an RPM dir slot: View a list of files on: The output of the command dir also shows the read/write privileges, size (in bytes), and date of modification for each file, as shown in the example below.
22 -rwx 30659825 Oct 05 2012 10:32:54 +00:00 1 23 -rwx 28615614 Oct 05 2012 08:58:26 +00:00 fiel1 24 -rwx 30659825 Oct 05 2012 10:32:30 +00:00 file2 25 -rwx 1000000000 Oct 05 2012 10:14:30 +00:00 s4820junk1 26 -rwx 1000000000 Oct 05 2012 10:18:26 +00:00 s4820junk2 27 -rwx 28615614 Oct 05 2012 10:30:06 +00:00 s4820t-FTOS5-SE-1-0-0-26file 30 -rwx 28615614 Oct 05 2012 10:31:36 +00:00 s4820t-FTOS5-SE-1-0-0-26file1 34 -rwx 30659825 Oct 05 2012 10:33:02 +00:00 2 35 -rwx 30659825 Oct 05 2012 10:33:08 +00:00 3 36 -
www.dell.com | support.dell.com --More-- An example of accessing the running configuration file on an external flash drive inserted into the S4820T’s USB port: FTOS#show file-systems Size(b) 2056916992 4040642560 - Free(b) 1774563328 151228416 - Feature Type FAT32 USERFLASH FAT32 USBFLASH network network network Flags rw rw rw rw rw Prefixes flash: usbflash: ftp: tftp: scp: File System Management The Dell Force10 system can use the internal Flash, external Flash, or remote devices to store files.
FTOS#cd slot0: FTOS#copy running-config test FTOS#copy run test ! 7419 bytes successfully copied FTOS#dir Directory of slot0: 1 2 3 4 5 6 7 8 9 drwdrwx ----rw---------------- 32768 512 0 7419 0 0 0 0 0 Jan Jul Jan Jul Jan Jan Jan Jan Jan 01 23 01 23 01 01 01 01 01 1980 2007 1970 2007 1970 1970 1970 1970 1970 00:00:00 00:38:44 00:00:00 20:44:40 00:00:00 00:00:00 00:00:00 00:00:00 00:00:00 . ..
| Getting Started www.dell.com | support.dell.
4 Management Management is supported on platforms: ecs S4820T This chapter explains the different protocols or services used to manage the Dell Force10 system including: • • • • • • • Configure Privilege Levels Configure Logging File Transfer Services Terminal Lines Lock CONFIGURATION mode Recovering from a Forgotten Password on the S4810 or S4820T Recovering from a Failed Start on the S4810 or S4820T Configure Privilege Levels Privilege levels restrict access to commands based on user or terminal line
www.dell.com | support.dell.com Removing a command from EXEC mode Remove a command from the list of available commands in EXEC mode for a specific privilege level using the command privilege exec from CONFIGURATION mode. In the command, specify a level greater than the level given to a user or terminal line, followed by the first keyword of each command to be restricted.
Task Command Syntax Command Mode Allow access to INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode. Specify all keywords in the command. privilege configure level level {interface | line | route-map | router} {command-keyword ||...|| command-keyword} CONFIGURATION Allow access to a CONFIGURATION, INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode command. privilege {configure |interface | line | route-map | router} level level {command ||...
www.dell.com | support.dell.
Configure Logging FTOS tracks changes in the system using event and error messages. By default, FTOS logs these messages on: • • • the internal buffer console and terminal lines, and any configured syslog servers Disable Logging To disable logging: Task Command Syntax Command Mode Disable all logging except on the console. no logging on CONFIGURATION Disable logging to the logging buffer. no logging buffer CONFIGURATION Disable logging to terminal lines.
www.dell.com | support.dell.com Enable and disable system logging using the following commands: Task Command Syntax Command Mode Disable all logging except on the console. no logging on CONFIGURATION Disable logging to the logging buffer. no logging buffer CONFIGURATION Disable logging to terminal lines. no logging monitor CONFIGURATION Disable console logging.
Task Command Syntax Command Mode Specifying the minimum severity level for logging to a syslog server. logging trap level CONFIGURATION Specify the minimum severity level for logging to the syslog history table. logging history level CONFIGURATION Task Specify the size of the logging buffer. Note: When you decrease the buffer size, FTOS deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer.
www.dell.com | support.dell.
To configure a UNIX logging facility level, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose logging facility [facility-type] CONFIGURATION Specify one of the following parameters.
www.dell.com | support.dell.com Synchronize log messages You can configure FTOS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system.
To view the configuration, use the show running-config logging command in the EXEC privilege mode. To disable time stamping on syslog messages, enter no service timestamps [log | debug]. File Transfer Services With FTOS, you can configure the system to transfer files over the network using File Transfer Protocol (FTP). One FTP application is copying the system image files over an interface on to the system; however, FTP is not supported on VLAN interfaces.
www.dell.com | support.dell.com To configure FTP server parameters, use any or all of the following commands in the CONFIGURATION mode: Command Syntax Command Mode Purpose ftp-server topdir dir CONFIGURATION Specify the directory for users using FTP to reach the system. The default is the internal flash directory. ftp-server username username password [encryption-type] CONFIGURATION Specify a user name for all FTP users and configure either a plain text or encrypted password.
Terminal Lines You can access the system remotely and restrict access to the system by creating user profiles. The terminal lines on the system provide different means of accessing the system. The console line (console) connects you through the Console port in the RPMs. The virtual terminal lines (VTY) connect you through Telnet to the system. The auxiliary line (aux) connects secondary devices such as modems.
www.dell.com | support.dell.com • • • • • • enable—Prompt for the enable password. line—Prompt for the e password you assigned to the terminal line. You must configure a password for the terminal line to which you assign a method list that contains the line authentication method. Configure a password using the command password from LINE mode. local—Prompt for the system username and password. none—Do not authenticate the user.
Time out of EXEC Privilege Mode EXEC timeout is a basic security feature that returns FTOS to the EXEC mode after a period of inactivity on terminal lines. To change the timeout period or disable EXEC timeout. Task Command Syntax Command Mode Set the number of minutes and seconds. Default: 10 minutes on console, 30 minutes on VTY. Disable EXEC timeout by setting the timeout period to 0. exec-timeout minutes [seconds] LINE Return to the default timeout values.
www.dell.com | support.dell.com FTOS#telnet 2200:2200:2200:2200:2200::2201 Trying 2200:2200:2200:2200:2200::2201... Connected to 2200:2200:2200:2200:2200::2201. Exit character is '^]'. FreeBSD/i386 (freebsd2.force10networks.com) (ttyp1) login: admin FTOS# Lock CONFIGURATION mode FTOS allows multiple users to make configurations at the same time. You can lock CONFIGURATION mode so that only one user can be in CONFIGURATION mode at any time (Message 2). A two types of locks can be set: auto and manual.
Note: The CONFIGURATION mode lock corresponds to a VTY session, not a user. Therefore, if you configure a lock and then exit CONFIGURATION mode, and another user enters CONFIGURATION mode, when you attempt to re-enter CONFIGURATION mode, you are denied access even though you are the one that configured the lock. Note: If your session times out and you return to EXEC mode, the CONFIGURATION mode lock is unconfigured.
www.dell.com | support.dell.com Step Task Command Syntax Command Mode 8 Remove all authentication statements you might have for the console. no authentication login no password LINE 9 Save the running-config. copy running-config startup-config EXEC Privilege 10 Set the system parameters to use the startup configuration file when the system reloads. setenv stconfigignore false uBoot 11 Save the running-config.
Step Task Command Syntax Command Mode 2 Hit any key to abort the boot process. You enter uBoot immediately, as indicated by the => prompt. hit any key (during bootup) 3 Assign the new location to the FTOS image to be used when the system reloads. setenv [primary_image f10boot location | secondary_image f10boot location | default_image f10boot location] uBoot 4 Assign an IP address to the Management Ethernet interface.
| Management www.dell.com | support.dell.
5 802.1ag 802.1ag is available only on platform: s S4820T Ethernet Operations, Administration, and Maintenance (OAM) is a set of tools used to install, monitor, troubleshoot and manage Ethernet infrastructure deployments. Ethernet OAM consists of three main areas: 1. Service Layer OAM: IEEE 802.1ag Connectivity Fault Management (CFM) 2. Link Layer OAM: IEEE 802.3ah OAM 3.
www.dell.com | support.dell.com There is a need for Layer 2 equivalents to manage and troubleshoot native Layer 2 Ethernet networks. With these tools, you can identify, isolate, and repair faults quickly and easily, which reduces operational cost of running the network. OAM also increases availability and reduces mean time to recovery, which allows for tighter service level agreements, resulting in increased revenue for the service provider.
These roles define the relationships between all devices so that each device can monitor the layers under its responsibility. Maintenance points drop all lower-level frames and forward all higher-level frames.
www.dell.com | support.dell.com Implementation Information • Since the S-Series has a single MAC address for all physical/LAG interfaces, only one MEP is allowed per MA (per VLAN or per MD level). Configure CFM Configuring CFM is a five-step process: 1. Configure the ecfmacl CAM region using the cam-acl command. Refer to Configure Ingress Layer 2 ACL Sub-partitions. 2. Enable Ethernet CFM. 3. Create a Maintenance Domain. 4. Create a Maintenance Association. 5. Create Maintenance Points. 6.
Enable Ethernet CFM Task Command Syntax Command Mode Spawn the CFM process. No CFM configuration is allowed until the CFM process is spawned. ethernet cfm CONFIGURATION Disable Ethernet CFM without stopping the CFM process. disable ETHERNET CFM Create a Maintenance Domain Connectivity Fault Management (CFM) divides a network into hierarchical maintenance domains, as shown in the illustration in Maintenance Domains. Step Task Command Syntax Command Mode 1 Create maintenance domain.
www.dell.com | support.dell.com Create a Maintenance Association A Maintenance Association MA is a subdivision of an MD that contains all managed entities corresponding to a single end-to-end service, typically a VLAN. An MA is associated with a VLAN ID. Task Command Syntax Command Mode Create maintenance association. service name vlan vlan-id ECFM DOMAIN Create Maintenance Points Domains are comprised of logical entities called Maintenance Points.
Task Command Syntax Command Mode FTOS#show ethernet cfm maintenance-points local mep ------------------------------------------------------------------------------MPID Domain Name Level Type Port CCM-Status MA Name VLAN Dir MAC ------------------------------------------------------------------------------100 cfm0 test0 7 10 MEP DOWN Gi 4/10 00:01:e8:59:23:45 Enabled 200 cfm1 test1 6 20 MEP DOWN Gi 4/10 00:01:e8:59:23:45 Enabled 300 cfm2 test2 5 30 MEP DOWN Gi 4/10 00:01:e8:59:23:45 Enabl
www.dell.com | support.dell.com • MIP Database (MIP-DB): Every MIP must maintain a database of all other MEPs in the MA that have announced their presence via CCM Task Command Syntax Command Mode Display the MEP Database.
MEPs and MIPs filter CCMs from higher and lower domain levels as described in Table 5-1, "Continuity Check Message Processing," in 802.1ag. Table 5-1.
www.dell.com | support.dell.com Enable Cross-checking Task Command Syntax Command Mode Enable cross-checking. mep cross-check enable ETHERNET CFM Start the cross-check operation for an MEP. mep cross-check mep-id ETHERNET CFM Configure the amount of time the system waits for a remote MEP to come up before the cross-check operation is started.
Link trace messages carry a unicast target address (the MAC address of an MIP or MEP) inside a multicast frame. The destination group address is based on the MD level of the transmitting MEP (01:80:C2:00:00:3[8 to F]). The MPs on the path to the target MAC address reply to the LTM with an LTR, and relays the LTM towards the target MAC until the target MAC is reached or TTL equals 0. Task Command Syntax Command Mode Send a Linktrace message.
www.dell.com | support.dell.com Enable CFM SNMP Traps. Task Command Syntax Command Mode Enable SNMP trap messages for Ethernet CFM. snmp-server enable traps ecfm CONFIGURATION A Trap is sent only when one of the five highest priority defects occur, as shown in Table 5-2, "ECFM SNMP Traps," in 802.1ag. Table 5-2.
Display Ethernet CFM Statistics Task Command Syntax Command Mode Display MEP CCM statistics. show ethernet cfm statistics [domain {name | level} vlan-id vlan-id mpid mpid EXEC Privilege FTOS# show ethernet cfm statistics Domain Name: Customer Domain Level: 7 MA Name: My_MA MPID: 300 CCMs: Transmitted: LTRs: Unexpected Rcvd: LBRs: Received: Received Bad MSDU: Transmitted: Display CFM statistics by port.
| 802.1ag www.dell.com | support.dell.
6 802.1X 802.1X is supported on platforms: ecs S4820T Protocol Overview 802.1X is a method of port security. A device connected to a port that is enabled with 802.1X is disallowed from sending or receiving packets on the network until its identity can be verified (through a username and password, for example). This feature is named for its IEEE specification. 802.
www.dell.com | support.dell.com Figure 6-1.
3. The authenticator decapsulates the EAP Response from the EAPOL frame, encapsulates it in a RADIUS Access-Request frame, and forwards the frame to the authentication server. 4. The authentication server replies with an Access-Challenge. The Access-Challenge is request that the supplicant prove that it is who it claims to be, using a specified method (an EAP-Method). The challenge is translated and forwarded to the supplicant by the authenticator. 5.
www.dell.com | support.dell.com Figure 6-3. Code RADIUS Frame Format Identifier Range: 1-4 Codes: 1: Access-Request 2: Access-Accept 3: Access-Reject 11: Access-Challenge Length Message-Authenticator Attribute Type (79) EAP-Message Attribute Length EAP-Method Data (Supplicant Requested Credentials) fnC0034mp RADIUS Attributes for 802.1 Support Dell Force10 systems includes the following RADIUS attributes in all 802.1X-triggered Access-Request messages: • • • • 96 | 802.
Configuring 802.1X Configuring 802.1X on a port is a two-step process: 1. Enable 802.1X globally. See page 97. 2. Enable 802.1X on an interface. See page 97. Related Configuration Tasks • • • • • • Configuring Request Identity Re-transmissions on page 99 Configuring Port-control on page 101 Re-authenticating a Port on page 102 Configuring Timeouts on page 103 Configuring a Guest VLAN on page 106 Configuring an Authentication-fail VLAN on page 106 Important Points to Remember • • • FTOS supports 802.
www.dell.com | support.dell.com Figure 6-4. Enabling 802.1X Supplicant Authenticator 2/1 Authentication Server 2/2 FTOS(conf-if-te-2/1-2)#dot1x authentication FTOS(conf-if-te-2/1-2)#show config ! interface TenGigabitEthernet 2/1 no ip address dot1x authentication no shutdown FTOS(conf-if-te-2/1)# ! To enable 802.1X: Step Task Command Syntax Command Mode 1 Enable 802.1X globally. dot1x authentication CONFIGURATION 2 Enter INTERFACE mode on an interface or a range of interfaces.
Figure 6-6. Verifying 802.1X Interface Configuration FTOS#show dot1x interface gigabitethernet 2/1 802.1x information on Gi 2/1: ----------------------------Dot1x Status: Enable Port Control: AUTO Port Auth Status: UNAUTHORIZED Re-Authentication: Disable Untagged VLAN id: None Tx Period: 30 seconds Quiet Period: 60 seconds ReAuth Max: 2 Supplicant Timeout: 30 seconds Server Timeout: 30 seconds Re-Auth Interval: 3600 seconds Max-EAP-Req: 2 Auth Type: SINGLE_HOST Auth PAE State: Backend State: 802.
www.dell.com | support.dell.com Figure 6-7 shows configuration information for a port for which the authenticator re-transmits an EAP Request Identity frame after 90 seconds and re-transmits a maximum of 10 times. Configuring a Quiet Period after a Failed Authentication If the supplicant fails the authentication process, the authenticator sends another Request Identity frame after 30 seconds by default, but this period can be configured.
Forcibly Authorizing or Unauthorizing a Port IEEE 802.1X requires that a port can be manually placed into any of three states: • • • ForceAuthorized is an authorized state. A device connected to this port in this state is never subjected to the authentication process, but is allowed to communicate on the network. Placing the port in this state is same as disabling 802.1X on the port. ForceUnauthorized an unauthorized state.
www.dell.com | support.dell.com Re-authenticating a Port Periodic Re-authentication After the supplicant has been authenticated, and the port has been authorized, the authenticator can be configured to re-authenticates the supplicant periodically. If re-authentication is enabled, the supplicant is required to re-authenticate every 3600 seconds, but this interval can be configured. A maximum number of re-authentications can be configured as well.
Figure 6-9. Configuring a Reauthentiction Period FTOS(conf-if-gi-2/1)#dot1x reauthentication interval 7200 FTOS(conf-if-gi-2/1)#dot1x reauth-max 10 FTOS(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1 802.
www.dell.com | support.dell.com Figure 6-10. Configuring a Timeout FTOS(conf-if-gi-2/1)#dot1x port-control force-authorized FTOS(conf-if-gi-2/1)#do show dot1x interface gigabitethernet 2/1 802.
Figure 6-11. Dynamic VLAN Assignment with 802.1X Force10(conf-if-Te-1/10)#show config interface TenGigabitEthernet 1/10 no ip address 2 switchport radius-server host 10.11.197.169 auth-port 1645 dot1x authentication 1 key 7 387a7f2df5969da4 no shutdown End-user Device Force10 switch 4 Force10#show dot1x interface TenGigabitEthernet 1/10 802.
www.dell.com | support.dell.com If the supplicant fails authentication, the authenticator typically does not enable the port. In some cases this behavior is not appropriate. External users of an enterprise network, for example, might not be able to be authenticated, but still need access to the network. Also, some dumb-terminals such as network printers do not have 802.1X capability and therefore cannot authenticate themselves.
Figure 6-13. Configuring an Authentication-fail VLAN FTOS(conf-if-gi-1/2)#dot1x auth-fail-vlan 100 max-attempts 5 FTOS(conf-if-gi-1/2)#show config ! interface GigabitEthernet 1/2 switchport dot1x guest-vlan 200 dot1x auth-fail-vlan 100 max-attempts 5 no shutdown FTOS(conf-if-gi-1/2)# View your configuration using the command show config from INTERFACE mode, as shown in Figure 6-12, or using the command show dot1x interface command from EXEC Privilege mode as shown in Figure 6-14. Figure 6-14.
| 802.1X www.dell.com | support.dell.
7 Access Control Lists (ACLs) This chapter describes the Access Control Lists (ACLs), prefix lists, and route-maps. ecs Ingress IP and MAC ACLs are supported on platforms: e c s Egress IP and MAC ACLs are supported on platforms: e s Access Control Lists (ACLs) are supported on platforms: S4820T S4820T S4820T Overview At their simplest, Access Control Lists (ACLs), Prefix lists, and Route-maps permit or deny traffic based on MAC and/or IP addresses.
www.dell.com | support.dell.com • • • • Configuring ACLs to Loopback • Applying an ACL on Loopback Interfaces IP Prefix Lists ACL Resequencing Route Maps IP Access Control Lists (ACLs) In the Dell Force10 switch/routers, you can create two different types of IP ACLs: standard or extended. A standard ACL filters packets based on the source IP packet.
CAM Profiling CAM optimization is supported on platforms et The default CAM profile has 1K Layer 2 ingress ACL entries. If you need more memory for Layer 2 ingress ACLs, select the profile l2-ipv4-inacl. When budgeting your CAM allocations for ACLs and QoS configurations, remember that ACL and QoS rules might consume more than one CAM entry depending on complexity. For example, TCP and UDP rules with port range options might require more than one CAM entry.
www.dell.com | support.dell.com • • • • • L3 ACL (ipv4acl): 6 L2 ACL(l2acl): 5 IPv6 L3 ACL (ipv6acl): 0 L3 QoS (ipv4qos): 1 L2 QoS (l2qos): 1 The ipv6acl allocation must be entered as a factor of 2 (2, 4, 6, 8, 10). All other profile allocations can use either even or odd numbered ranges. You must save the new CAM settings to the startup-config (write-mem or copy run start) then reload the system for the new settings to take effect.
Implementing ACLs on FTOS One IP ACL can be assigned per interface with FTOS. If an IP ACL is not assigned to an interface, it is not used by the software in any other capacity. The number of entries allowed per ACL is hardware-dependent. Refer to your line card documentation for detailed specification on entries allowed per ACL. If counters are enabled on IP ACL rules that are already configured, those counters are reset when a new rule is inserted or prepended.
www.dell.com | support.dell.com ACLs acl1 and acl2 have overlapping rules because the address range 20.1.1.0/24 is within 20.0.0.0/8. Therefore, (without the keyword order) packets within the range 20.1.1.0/24 match positive against cmap1 and are buffered in queue 7, though you intended for these packets to match positive against cmap2 and be buffered in queue 4.
• Loopback interfaces do not support ACLs using the IP fragment option. If you configure an ACL with the fragments option and apply it to a loopback interface, the command is accepted, but the ACL entries are not actually installed the offending rule in CAM. IP fragments ACL examples The following configuration permits all packets (both fragmented & non-fragmented) with destination IP 10.1.1.1. The second rule does not get hit at all.
www.dell.com | support.dell.com FTOS(conf-ext-nacl) Note the following when configuring ACLs with the fragments keyword. When an ACL filters packets it looks at the Fragment Offset (FO) to determine whether or not it is a fragment. • • FO = 0 means it is either the first fragment or the packet is a non-fragment. FO > 0 means it is dealing with the fragments of the original packet.
When you use the log keyword, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets’ details. To view the rules of a particular ACL configured on a particular interface, use the show ip accounting access-list ACL-name interface interface command in EXEC Privilege mode as shown in the example below.
www.dell.com | support.dell.com Step 2 Command Syntax Command Mode Purpose {deny | permit} {source [mask] | any | host ip-address} [count [byte] | log ] [order] [monitor] [fragments] CONFIG-STD-NACL Configure a drop or forward IP ACL filter. • log and monitor options are supported on E-Series only. When you use the log keyword, CP processor logs details about the packets that match.
Since traffic passes through the filter in the order of the filter’s sequence, you can configure the extended IP ACL by first entering the IP ACCESS LIST mode and then assigning a sequence number to the filter. Note: On E-Series ExaScale systems, TCP ACL flags are not supported in an extended ACL with IPv6 microcode. An error message is shown if IPv6 microcode is configured and an ACL is entered with a TCP filter included.
www.dell.com | support.dell.com Step 2 Command Syntax seq sequence-number {deny | permit} tcp {source mask | any | host ip-address}} [count [byte] | log ] [order] [monitor] [fragments] Command Mode Purpose CONFIG-EXT-NACL Configure an extended IP ACL filter for TCP packets. • log and monitor options are supported on E-Series only. When you use the log keyword, CP processor logs details about the packets that match.
! ip access-list extended dilling seq 5 permit tcp 12.1.0.0 0.0.255.255 any seq 15 deny ip host 112.45.0.0 any log FTOS(config-ext-nacl)# Configure filters without sequence number If you are creating an extended ACL with only one or two filters, you can let FTOS assign a sequence number based on the order in which the filters are configured. FTOS assigns filters in multiples of 5.
www.dell.com | support.dell.com To view all configured IP ACLs and the number of packets processed through the ACL, use the show ip accounting access-list command in the EXEC Privilege mode as shown in the first example in Configure a standard IP ACL. Established Flag The est (established) flag is deprecated for Terascale series line cards.The flag is only available on legacy EtherScale linecards. Employ the ack and rst flags instead to achieve the same functionality.
Note: If an interface is configured as a vlan-stack access port, the packets are filtered by an L2 ACL only. The L3 ACL applied to such a port does not affect traffic. That is, existing rules for other features (such as trace-list, PBR, and QoS) are applied accordingly to the permitted traffic. For information on MAC ACLs, refer to Layer 2.
www.dell.com | support.dell.com Step Command Syntax Command Mode Purpose 3 ip access-group access-list-name {in | out} [implicit-permit] [vlan vlan-range] INTERFACE Apply an IP ACL to traffic entering or exiting an interface. • out: configure the ACL to filter outgoing traffic. This keyword is supported only on E-Series. Note: The number of entries allowed per ACL is hardware-dependent. Refer to your line card documentation for detailed specification on entries allowed per ACL.
Configuring Ingress ACLs Ingress ACLs are applied to interfaces and to traffic entering the system.These system-wide ACLs eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target traffic, it is a simpler implementation. To create an ingress ACLs, use the ip access-group command in the EXEC Privilege mode as shown below.
www.dell.com | support.dell.com To create an egress ACLs, use the ip access-group command in the EXEC Privilege mode as shown in the example below.
FTOS Behavior: VRRP hellos and IGMP packets are not affected when egress ACL filtering for CPU traffic is enabled. Packets sent by the CPU with the source address as the VRRP virtual IP address have the interface MAC address instead of VRRP virtual MAC address.
www.dell.com | support.dell.com To apply ACLs on loopback, use the ip access-group command in the INTERFACE mode as shown in the example below.
• • • • To deny only /8 prefixes, enter deny x.x.x.x/x ge 8 le 8 To permit routes with the mask greater than /8 but less than /12, enter permit x.x.x.x/x ge 8 le 12 To deny routes with a mask less than /24, enter deny x.x.x.x/x le 24 To permit routes with a mask greater than /20, enter permit x.x.x.x/x ge 20 The following rules apply to prefix lists: • • • A prefix list without any permit or deny filters allows all routes.
www.dell.com | support.dell.com Step Command Syntax Command Mode Purpose 2 seq sequence-number {deny | permit} ip-prefix [ge min-prefix-length] [le max-prefix-length] CONFIG-NPREFIXL Create a prefix list with a sequence number and a deny or permit action. The optional parameters are: • ge min-prefix-length: is the minimum prefix length to be matched (0 to 32). • le max-prefix-length: is the maximum prefix length to be matched (0 to 32).
Step Command Syntax Command Mode Purpose 2 {deny | permit} ip-prefix [ge min-prefix-length] [le max-prefix-length] CONFIG-NPREFIXL Create a prefix list filter with a deny or permit action. The optional parameters are: • ge min-prefix-length: is the minimum prefix length to be matched (0 to 32). • le max-prefix-length: is the maximum prefix length to be matched (0 to 32). The example below illustrates a prefix list in which the sequence numbers were assigned by the software.
www.dell.com | support.dell.com FTOS> FTOS>show ip prefix summary Prefix-list with the last deletion/insertion: filter_ospf ip prefix-list filter_in: count: 3, range entries: 3, sequences: 5 - 10 ip prefix-list filter_ospf: count: 4, range entries: 1, sequences: 5 - 10 FTOS> Use a prefix list for route redistribution To pass traffic through a configured prefix list, you must use the prefix list in a route redistribution command.
Command Syntax Command Mode Purpose distribute-list prefix-list-name in [interface] CONFIG-ROUTER-OSPF Apply a configured prefix list to incoming routes. You can specify an interface. If you enter the name of a non-existent prefix list, all routes are forwarded. distribute-list prefix-list-name out [connected | rip | static] CONFIG-ROUTER-OSPF Apply a configured prefix list to incoming routes. You can specify which type of routes are affected.
www.dell.com | support.dell.com Table 7-3. ACL Resequencing Example (Insert New Rules) seq 7 permit any host 1.1.1.3 seq 10 permit any host 1.1.1.4 Table 7-4. ACL Resequencing Example (Resequenced) seq 5 permit any host 1.1.1.1 seq 10 permit any host 1.1.1.2 seq 15 permit any host 1.1.1.3 seq 20 permit any host 1.1.1.4 Resequencing an ACL or Prefix List Resequencing is available for IPv4 and IPv6 ACLs and prefix lists and MAC ACLs.
! ip access-list extended test remark 2 XYZ remark 4 this remark corresponds to permit any host 1.1.1.1 seq 4 permit ip any host 1.1.1.1 remark 6 this remark has no corresponding rule remark 8 this remark corresponds to permit ip any host 1.1.1.2 seq 8 permit ip any host 1.1.1.2 seq 10 permit ip any host 1.1.1.3 seq 12 permit ip any host 1.1.1.4 Remarks and rules that originally have the same sequence number have the same sequence number after the resequence command is applied.
www.dell.com | support.dell.com Route Maps Route-maps are supported on platforms: ces Like ACLs and prefix lists, route maps are composed of a series of commands that contain a matching criterion and an action, yet route maps can change the packets meeting the criterion. ACLs and prefix lists can only drop or forward the packet or traffic. Route maps process routes for route redistribution. For example, a route map can be called to filter only specific routes and to add a metric.
Create a route map Route maps, ACLs, and prefix lists are similar in composition because all three contain filters, but route map filters are do not contain the permit and deny actions found in ACLs and prefix lists. Route map filters match certain routes and set or specify values.
www.dell.com | support.dell.com FTOS#show route-map route-map zakho, permit, sequence 20 Match clauses: interface GigabitEthernet 0/1 Set clauses: tag 35 level stub-area FTOS# The following text shows an example of a route map with multiple instances. The show config command displays only the configuration of the current route map instance. To view all instances of a specific route map, use the show route-map command.
FTOS(config-route-map)#match metric 2000 In the above route-map, only if a route has both the characteristics mentioned in the route-map, it is matched. Explaining further, the route must have a tag value of 1000 and a metric value of 2000. Only then is there a match. Also, if there are different instances of the same route-map, then it’s sufficient if a permit match happens in any instance of that route-map.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose match interface interface CONFIG-ROUTE-MAP Match routes whose next hop is a specific interface. The parameters are: • For a Fast Ethernet interface, enter the keyword FastEthernet followed by the slot/ port information. • For a 1-Gigabit Ethernet interface, enter the keyword gigabitEthernet followed by the slot/port information. • For a loopback interface, enter the keyword loopback followed by a number between zero (0) and 16383.
Command Syntax Command Mode Purpose match tag tag-value CONFIG-ROUTE-MAP Match routes with a specific tag. To configure a set condition, use any or all of the following commands in the ROUTE-MAP mode: Command Syntax Command Mode Purpose set as-path prepend as-number [... as-number] CONFIG-ROUTE-MAP Add an AS-PATH number to the beginning of the AS-PATH set automatic-tag CONFIG-ROUTE-MAP Generate a tag to be added to redistributed routes.
www.dell.com | support.dell.com Route maps add to that redistribution capability by allowing you to match specific routes and set or change more attributes when redistributing those routes. In the following example, the redistribute command calls the route map static ospf to redistribute only certain static routes into OSPF.
Note: If the continue clause is configured without specifying a module, the next sequential module is processed.
www.dell.com | support.dell.
8 Bidirectional Forwarding Detection (BFD) Bidirectional Forwarding Detection (BFD) is supported only on platforms: e c and S4820T Protocol Overview Bidirectional Forwarding Detection (BFD) is a protocol that is used to rapidly detect communication failures between two adjacent systems. It is a simple and lightweight replacement for existing routing protocol link state detection mechanisms. It also provides a failure detection solution for links on which no routing protocol is used.
www.dell.com | support.dell.com How BFD Works Two neighboring systems running BFD establish a session using a three-way handshake. After the session has been established, the systems exchange control packets at agreed upon intervals. In addition, systems send a control packet anytime there is a state change or change in a session parameter; these control packets are sent without regard to transmit and receive intervals. Note: FTOS does not support multi-hop BFD sessions.
Version (4) IHL TOS Total Length Preamble Flags Start Frame Delimiter Frag Offset Destination MAC TTL (255) Source MAC Protocol Ethernet Type (0x888e) Header Checksum Version (1) State Range: 3784 Source Port Options Diag Code Dest IP Addr Padding Checksum UDP Packet Detect Mult My Discriminator Your Discriminator Random number generated by remote system to identify a session Required Min RX Interval Required Min Echo RX Interval Auth Type The minimum interval between Echo pac
www.dell.com | support.dell.com Table 8-1. BFD Packet Fields Field Description Diagnostic Code The reason that the last session failed. State The current local session state. See BFD sessions. Flag A bit that indicates packet function. If the poll bit is set, the receiving system must respond as soon as possible, without regard to its transmit interval. The responding system clears the poll bit and sets the final bit in its response.
• • Active—The active system initiates the BFD session. Both systems can be active for the same session. Passive—The passive system does not initiate a session. It only responds to a request for session initialization from the active system. A BFD session has two modes: • • Asynchronous mode—In Asynchronous mode, both systems send periodic control messages at an agreed upon interval to indicate that their session status is Up.
www.dell.com | support.dell.com 4. The passive system receives the control packet, changes its state to Up. Both systems agree that a session has been established. However, since both members must send a control packet—that requires a response—anytime there is a state change or change in a session parameter, the passive system sends a final response indicating the state change. After this, periodic control packets are exchanged.
Important Points to Remember • • • • • • • BFD for line card ports is hitless, but is not hitless for VLANs since they are instantiated on the RPM. FTOS supports a maximum of 100 sessions per BFD agent on C-Series and E-Series. Each linecard processor has a BFD Agent, so the limit translates to 100 BFD sessions per linecard (plus, on the E-Series, 100 BFD sessions on RP2, which handles LAG and VLANs).
www.dell.com | support.dell.com 2. Establish a session with a next-hop neighbor. Related configuration tasks • • Viewing physical port session parameters. Disabling and re-enabling BFD. Enabling BFD globally BFD must be enabled globally on both routers, as shown in the illustration in Establishing a session on physical ports. To enable BFD globally: Step 1 Task Command Syntax Command Mode Enable BFD globally.
R2: ACTIVE Role R1: ACTIVE Role 4/24 2/1 FTOS(config)# bfd enable FTOSconfig)# interface gigabitethernet 2/1 FTOS(conf-if-gi-2/1)# ip address 2.2.2.2/24 FTOS(conf-if-gi-2/1)# bfd neighbor 2.2.2.1 FTOS(config)# bfd enable FTOS(config)# interface gigabitethernet 4/24 FTOS(conf-if-gi-2/1)# ip address 2.2.2.1/24 FTOS(conf-if-gi-2/1)# bfd neighbor 2.2.2.
www.dell.com | support.dell.
Delete session on Down: False Client Registered: CLI Uptime: 00:09:06 Statistics: Number of packets received from neighbor: 4092 Number of packets sent to neighbor: 4093 Number of state changes: 1 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 7 Disabling and re-enabling BFD BFD is enabled on all interfaces by default, though sessions are not created unless explicitly configured.
www.dell.com | support.dell.com Configuring BFD for static routes is a three-step process: 1. Enabling BFD globally. 2. On the local system, establish a session with the next hop of a static route. Refer to Configuring BFD for Static Routes. 3. On the remote system, establish a session with the physical port that is the origin of the static route. Refer to Establishing a session on physical ports. Related configuration tasks • • Changing static route session parameters. Disabling BFD for static routes.
I - ISIS R - Static Route (RTM) O - OSPF LocalAddr 2.2.2.1 RemoteAddr 2.2.2.2 Interface State Rx-int Tx-int Mult Clients Gi 4/24 Up 100 100 4 R View detailed session information using the command show bfd neighbors detail, as shown in the example in Verifying BFD sessions with BGP neighbors using show bfd neighbors detail. Changing static route session parameters BFD sessions are configured with default intervals and a default role.
www.dell.com | support.dell.com Configuring BFD for OSPF is a two-step process: 1. Enabling BFD globally. 2. Establishing sessions with OSPF neighbors. Related configuration tasks • • Changing OSPF session parameters. Disabling BFD for OSPF. Establishing sessions with OSPF neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the full state.
View the established sessions using the command show bfd neighbors, as shown in the example below. R2(conf-router_ospf)#bfd all-neighbors R2(conf-router_ospf)#do show bfd neighbors * - Active session role C - CLI Ad Dn I - Admin Down - ISIS O - OSPF R - Static Route (RTM) LocalAddr * 2.2.2.2 * 2.2.3.1 RemoteAddr Interface State Rx-int Tx-int Mult Clients 2.2.3.2 Gi 2/2 2.2.2.
www.dell.com | support.dell.com Disabling BFD for OSPF If BFD is disabled globally, all sessions are torn down, and sessions on the remote system are placed in a Down state. If BFD is disabled on an interface, sessions on the interface are torn down, and sessions on the remote system are placed in a Down state (Message 3). Disabling BFD does not trigger a change in BFD clients; a final Admin Down packet is sent before the session is terminated.
Figure 8-2. Establishing Sessions with IS-IS Neighbors FTOS(conf )# router isis FTOS(conf-router_isis)# net 02.1921.6800.2002.00 FTOS(conf-router_isis)# interface gigabitethernet 2/1 FTOS(conf-if-gi-2/1)#ip address 2.2.2.2/24 FTOS(config-if-gi-2/1)# ip router isis FTOS(config-if-gi-2/1)# exit FTOS(conf )# router isis FTOS(conf-router_isis)# bfd all-neighbors FTOS(conf-router_isis)# interface gigabitethernet 2/2 FTOS(conf-if-gi-2/2)#ip address 2.2.3.
www.dell.com | support.dell.com Changing IS-IS session parameters BFD sessions are configured with default intervals and a default role. The parameters that can be configured are: Desired TX Interval, Required Min RX Interval, Detection Multiplier, and system role. These parameters are configured for all IS-IS sessions or all IS-IS sessions out of an interface; if you change a parameter globally, the change affects all IS-IS neighbors sessions.
To disable BFD sessions with all IS-IS neighbors out of an interface: Step 1 Task Command Syntax Command Mode Disable BFD sessions with all IS-IS neighbors out of an interface. isis bfd all-neighbors disable INTERFACE Configuring BFD for BGP BFD for BGP is only supported on platforms: e c S4820T In a BGP core network, BFD provides rapid detection of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence.
www.dell.com | support.dell.com Interior BGP Interior BGP Router 1 2/2 2.2.4.2 Router 2 1/1 2.2.4.3 Exterior BGP AS 1 FTOS(conf )# bfd enable FTOS(conf )# router bgp 1 FTOS(conf-router-bgp)# neighbor 2.2.4.3 remote-as 2 FTOS(conf-router-bgp)# neighbor 2.2.4.3 no shutdown FTOS(conf-router-bgp)# bfd all-neighbors interval 200 min_rx 200 multiplier 6 role active OR FTOS(conf-router-bgp)# neighbor 2.2.4.3 bfd AS 2 FTOS(conf )# bfd enable FTOS(conf )# router bgp 2 FTOS(conf-router-bgp)# neighbor 2.2.4.
As long as each BFD for BGP neighbor receives a BFD control packet within the configured BFD interval for failure detection, the BFD session remains up and BGP maintains its adjacencies. If a BFD for BGP neighbor does not receive a control packet within the detection interval, the router informs any clients of the BFD session (other routing protocols) about the failure. It then depends on the individual routing protocols that uses the BGP link to determine the appropriate response to the failure condition.
www.dell.com | support.dell.com To remove the disabled state of a BFD for BGP session with a specified neighbor, enter the no neighbor {ip-address | peer-group-name} bfd disable command in ROUTER BGP configuration mode. The BGP link with the neighbor returns to normal operation and uses the BFD session parameters globally configured with the bfd all-neighbors command or configured for the peer group to which the neighbor belongs.
Verifying a BFD for BGP Configuration R2# show running-config bgp ! router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.2 no shutdown neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 no shutdown neighbor 3.3.3.2 remote-as 1 neighbor 3.3.3.
www.dell.com | support.dell.com Delete session on Down: True Client Registered: BGP Uptime: 00:07:55 Statistics: Number of packets received from neighbor: 4762 Number of packets sent to neighbor: 4490 Number of state changes: 2 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 5 Session Discriminator: 10 Neighbor Discriminator: 11 Local Addr: 2.2.2.3 Local MAC Addr: 00:01:e8:66:da:34 Remote Addr: 2.2.2.
Protocol BGP Messages: Registration : 5 Init : 0 De-registration : 4 Up : 6 Down : 0 Admin Down : 2 Interface TenGigabitEthernet 6/2 Protocol BGP Messages: Registration : 1 Init : 0 De-registration : 0 Up : 1 Down : 0 Admin Down : 2 Displaying BFD for BGP status R2# show ip bgp summary BGP router identifier 10.0.0.
www.dell.com | support.dell.
Configuring BFD for VRRP BFD for VRRP is only supported on platforms: ec When using BFD with VRRP, the VRRP protocol registers with the BFD manager on the RPM. BFD sessions are established with all neighboring interfaces participating in VRRP. If a neighboring interface fails, the BFD agent on the line card notifies the BFD manager, which in turn notifies the VRRP protocol that a link state change occurred. Configuring BFD for VRRP is a three-step process: 1. Enable BFD globally.
www.dell.com | support.dell.com VIRTUAL IP Address: 2.2.5.4 R1: BACKUP R2: MASTER 2/3 4/25 FTOS(config-if-range-gi-4/25)# ip address 2.2.5.1/24 FTOS(config-if-range-gi-4/25)# no shutdown FTOS(config-if-range-gi-4/25)# vrrp-group 1 FTOS(config-if-range-gi-4/25)# virtual-address 2.2.5.4 FTOS(config-if-range-gi-4/25)# vrrp bfd all-neighbors FTOS(config-if-range-gi-4/25)# vrrp bfd neighbor 2.2.5.2 IP Address: 2.2.5.3 Gateway: 2.2.5.1 FTOS(conf-if-gi-2/3)#ip address 2.2.5.
C - CLI I - ISIS O - OSPF R - Static Route (RTM) V - VRRP LocalAddr Interface State Rx-int Tx-int Mult Clients 2.2.5.2 Gi 4/25 * 2.2.5.1 RemoteAddr Down 1000 1000 3 V Session state information is also shown in the show vrrp command output, as shown in the following example. R1(conf-if-gi-4/25)#do show vrrp ------------------ GigabitEthernet 4/1, VRID: 1, Net: 2.2.5.1 State: Backup, Priority: 1, Master: 2.2.5.
www.dell.com | support.dell.com View session parameters using the command show bfd neighbors detail, as shown in the example in Verifying BFD sessions with BGP neighbors using show bfd neighbors detail. Disabling BFD for VRRP If any or all VRRP sessions are disabled, the sessions are torn down. A final Admin Down control packet is sent to all neighbors and sessions on the remote system change to the Down state (Message 3).
Related configuration tasks • Establishing sessions with OSPF neighbors. Establishing sessions with VLAN neighbors To establish a session, BFD must be enabled at interface level on both ends of the link, as shown in the illustration below. The session parameters do not need to match. R1 R2 VLAN 200 4/25 2/3 FTOS(config-if-gi-4/25)# switchport FTOS(config-if-gi-4/25)# no shutdown FTOS(config-if-gi-4/25)# interface vlan 200 FTOS(config-if-vl-200)# ip address 2.2.3.
www.dell.com | support.dell.com Configuring BFD for port-channels is a two-step process: 1. Enabling BFD globally. 2. Establishing sessions on port-channels. Related configuration tasks • Disabling BFD for port-channels. Establishing sessions on port-channels To establish a session, BFD must be enabled at interface level on both ends of the link, as shown in the example below. The session parameters do not need to match.
Configuring Protocol Liveness Protocol Liveness is a feature that notifies the BFD Manager when a client protocol is disabled. When a client is disabled, all BFD sessions for that protocol are torn down. Neighbors on the remote system receive an Admin Down control packet and are placed in the Down state (Message 3).
www.dell.com | support.dell.com 20 c0 03 18 00 00 00 05 00 00 00 04 00 01 86 a0 178 00 01 86 a0 00 00 00 00 00:34:14 : Sent packet for session with neighbor 2.2.2.2 on Gi 4/24 L The output for the command debug bfd event is the same as the log messages that appear on the console by default.
9 Border Gateway Protocol IPv4 (BGPv4) Border Gateway Protocol IPv4 (BGPv4) version 4 (BGPv4) is supported on platforms: e c s S4820T Platforms support BGP according to the following table: FTOS version Platform support 8.3.19.0 S4820T 8.3.11.1 Z9000 8.3.7.0 S4810 8.1.1.0 E-Series ExaScale ex 7.8.1.0 S-Series 7.7.1.0. C-Series pre-7.7.1.
www.dell.com | support.dell.
A multihomed AS is one that maintains connections to more than one other AS. This allows the AS to remain connected to the internet in the event of a complete failure of one of their connections. However, this type of AS does not allow traffic from one AS to pass through on its way to another AS. A simple example of this is seen in the illustration below. A stub AS is one that is connected to only one other AS. A transit AS is one that provides connections through itself to separate networks.
www.dell.com | support.dell.com 4 Routers 6 Routers 8 Routers The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers. A Peer is also called a Neighbor. Establishing a session Information exchange between peers is driven by events and timers.
In order to make decisions in its operations with other BGP peers, a BGP peer uses a simple finite state machine that consists of six states: Idle, Connect, Active, OpenSent, OpenConfirm, and Established. For each peer-to-peer session, a BGP implementation tracks which of these six states the session is in. The BGP protocol defines the messages that each peer should exchange in order to change the session from one state to another. The first state is the Idle mode.
www.dell.com | support.dell.com • • If a route was received from a nonclient peer, reflect the route to all client peers. If the route was received from a client peer, reflect the route to all nonclient and all client peers. To illustrate how these rules affect routing, refer to the illustration below and the following steps.Routers B, C, D, E, and G are members of the same AS - AS100. These routers are also in the same Route Reflection Cluster, where Router D is the Route Reflector.
BGP Attributes Routes learned via BGP have associated properties that are used to determine the best route to a destination when multiple paths exist to a particular destination. These properties are referred to as BGP attributes, and an understanding of how BGP attributes influence route selection is required for the design of robust networks.
www.dell.com | support.dell.com Figure 9-1. BGP Best Path Selection No, or Not Resulting in a Single Route Largest Weight Highest Local Pref Locally Originated Path Shortest AS Path Lowest Origin Code Lowest MED Learned via EBGP Lowest NEXT-HOP Cost Tie Breakers Short Cluster List from Lowest BGP ID Lowest Peering Addr A Single Route is Selected and Installed in the Forwarding Table Best Path selection details 1. Prefer the path with the largest WEIGHT attribute. 2.
• AS_CONFED_SEQUENCE has a path length of 1, no matter how many ASs are in the AS_CONFED_SEQUENCE. 5. Prefer the path with the lowest ORIGIN type (IGP is lower than EGP, and EGP is lower than INCOMPLETE). 6. Prefer the path with the lowest Multi-Exit Discriminator (MED) attribute. The following criteria apply: • • • This comparison is only done if the first (neighboring) AS is the same in the two paths; the MEDs are compared only if the first AS in the AS_SEQUENCE is the same for both paths.
www.dell.com | support.dell.com Weight The Weight attribute is local to the router and is not advertised to neighboring routers. If the router learns about more than one route to the same destination, the route with the highest weight will be preferred. The route with the highest weight is installed in the IP routing table. Local Preference Local Preference (LOCAL_PREF) represents the degree of preference within the entire AS. The higher the number, the greater the preference for the route.
One AS assigns the MED a value and the other AS uses that value to decide the preferred path. For this example, assume the MED is the only attribute applied. In the following illustration, AS100 and AS200 connect in two places. Each connection is a BGP session. AS200 sets the MED for its T1 exit point to 100 and the MED for its OC3 exit point to 50. This sets up a path preference through the OC3 link. The MEDs are advertised to AS100 routers so they know which is the preferred path.
www.dell.com | support.dell.com In FTOS, these origin codes appear as shown in the example below. The question mark (?) indicates an Origin code of INCOMPLETE. The lower case letter (i) indicates an Origin code of IGP. FTOS#show ip bgp BGP table version is 0, local router ID is 10.101.15.
Multiprotocol BGP MBGP for IPv6 unicast is supported on platforms e c MBGP for IPv4 Multicast is supported on platform c e s Multiprotocol Extensions for BGP (MBGP) is defined in IETF RFC 2858. MBGP allows different types of address families to be distributed in parallel. This allows information about the topology of IP Multicast-capable routers to be exchanged separately from the topology of normal IPv4 and IPv6 unicast routers.
www.dell.com | support.dell.com Note the following when configuring this functionality: • • • If the redistribute command does not have any metric configured and BGP Peer out-bound route-map does have metric-type internal configured, BGP advertises the IGP cost as MED.
Where the 2-Byte format is 1-65535, the 4-Byte format is 1-4294967295. Enter AS Numbers using the traditional format. If the ASN is greater than 65535, the dot format is shown when using the show ip bgp commands. For example, an ASN entered as 3183856184 will appear in the show commands as 48581.51768; an ASN of 65123 is shown as 65123. To calculate the comparable dot format for an ASN from a traditional format, use ASN/65536. ASN%65536. Table 9-2.
www.dell.com | support.dell.com ASDOT representation combines the ASPLAIN and ASDOT+ representations. AS Numbers less than 65536 appear in integer format (asplain); AS Numbers equal to or greater than 65536 appear using the decimal method (asdot+). For example, the AS Number 65526 appears as 65526, and the AS Number 65546 appears as 1.10. Dynamic AS Number Notation application FTOS 8.3.1.0 applies the ASN Notation type change dynamically to the running-config statements.
Dynamic changes when bgp asnotation command is disabled in the show running config AS NOTATION DISABLED FTOS(conf-router_bgp)#no bgp asnotation FTOS(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057
www.dell.com | support.dell.com Router A AS 100 Router C AS 300 Router B AS 200 Before Migration Router A AS 100 AS 100 Router C AS 300 Router B Local AS 200 After Migration, with Local-AS enabled When you complete your migration, and you have reconfigured your network with the new information you must disable this feature. If the “no prepend” option is used, the local-as will not be prepended to the updates received from the eBGP peer.
BGP4 Management Information Base (MIB) The FORCE10-BGP4-V2-MIB enhances FTOS BGP Management Information Base (MIB) support with many new SNMP objects and notifications (traps) defined in the draft-ietf-idr-bgp4-mibv2-05. To see these enhancements, download the MIB from the Dell Force10 website, www.force10networks.com. Note: Refer to the Dell Force10 iSupport webpage for the Force10-BGP4-V2-MIB and other MIB documentation.
www.dell.com | support.dell.com • • • • • • • • • • The f10BgpM2[Cfg]PeerReflectorClient field is populated based on the assumption that route-reflector clients are not in a full mesh if BGP client-2-client reflection is enabled and that the BGP speaker acting as reflector will advertise routes learned from one client to another client. If disabled, it is assumed that clients are in a full mesh, and there is no need to advertise prefixes to the other clients.
BGP Configuration To enable the BGP process and begin exchanging information, you must assign an AS number and use commands in the ROUTER BGP mode to configure a BGP neighbor. Defaults By default, BGP is disabled. By default, FTOS compares the MED attribute on different paths from within the same AS (the bgp always-compare-med command is not enabled). Note: In FTOS, all newly configured neighbors and peer groups are disabled.
www.dell.com | support.dell.
Use these commands in the following sequence, starting in the CONFIGURATION mode to establish BGP sessions on the router. Step 1 Command Syntax Command Mode Purpose router bgp as-number CONFIGURATION Assign an AS number and enter the ROUTER BGP mode. AS Number: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) or 0.1-65535.65535 (Dotted format) Only one AS is supported per system If you enter a 4-Byte AS Number, 4-Byte AS Support is enabled automatically.
www.dell.com | support.dell.com Enter show config in CONFIGURATION ROUTER BGP mode to view the BGP configuration. Use the show ip bgp summary command in EXEC Privilege mode to view the BGP status. The following example shows the summary with a 2-Byte AS Number displayed; the example in Example: show ip bgp summary (4-Byte AS Number displayed) shows the summary with a 4-Byte AS Number displayed. Example: show ip bgp summary (2-Byte AS Number displayed) R2#show ip bgp summary BGP router identifier 192.168.
To view the status of BGP neighbors, use the show ip bgp neighbors command in EXEC Privilege mode as shown in the example below. For BGP neighbor configuration information, use the show running-config bgp command in EXEC Privilege mode as shown in the second example. Note that the showconfig command in CONFIGURATION ROUTER BGP mode gives the same information as thew show running-config bgp. The following example displays two neighbors: one is an external and the second one is an internal BGP neighbor.
www.dell.com | support.dell.com Last reset never No active TCP connection FTOS# Example: show running-config bgp R2#show running-config bgp ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list ISP1in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.
Only one form of AS Number Representation is supported at a time. You cannot combine the types of representations within an AS. Task Command Syntax Command Mode Enable ASPLAIN AS Number representation. bgp asnotation asplain CONFIG-ROUTER-BGP Note: ASPLAIN is the default method FTOS uses and does not appear in the configuration display. Enable ASDOT AS Number representation. bgp asnotation asdot CONFIG-ROUTER-BGP Enable ASDOT+ AS Number representation.
www.dell.com | support.dell.com neighbor 172.30.1.250 password 7 5ab3eb9a15ed02ff4f0dfd4500d6017873cfd9a267c04957 neighbor 172.30.1.250 no shutdown 5332332 9911991 65057 18508 12182 7018 46164 i Configure Peer Groups To configure multiple BGP neighbors at one time, create and populate a BGP peer group. Another advantage of peer groups is that members of a peer groups inherit the configuration properties of the group and share same update policy. A maximum of 256 Peer Groups are allowed on the system.
Step Command Syntax Command Mode Purpose To add an external BGP (EBGP) neighbor, configure the as-number parameter with a number different from the BGP as-number configured in the router bgp as-number command. To add an internal BGP (IBGP neighbor, configure the as-number parameter with the same BGP as-number configured in the router bgp as-number command. After you create a peer group, you can use any of the commands beginning with the keyword neighbor to configure that peer group.
www.dell.com | support.dell.com Use the neighbor peer-group-name no shutdown command in the CONFIGURATION ROUTER BGP mode to enable a peer group. FTOS(conf-router_bgp)#neighbor zanzibar no shutdown FTOS(conf-router_bgp)#show config ! router bgp 45 bgp fast-external-fallover bgp log-neighbor-changes neighbor zanzibar peer-group neighbor zanzibar no shutdown neighbor 10.1.1.1 remote-as 65535 neighbor 10.1.1.1 shutdown neighbor 10.14.8.60 remote-as 18505 neighbor 10.14.8.
10.68.181.1 10.68.182.1 10.68.183.1 10.68.184.1 10.68.185.1 FTOS> BGP fast fall-over By default, a BGP session is governed by the hold time. BGP routers typically carry large routing tables, so frequent session resets are not desirable. The BGP fast fall-over feature reduces the convergence time while maintaining stability. The connection to a BGP peer is immediately reset if a link to a directly connected external peer fails.
www.dell.com | support.dell.
Configure passive peering When you enable a peer-group, the software sends an OPEN message to initiate a TCP connection. If you enable passive peering for the peer group, the software does not send an OPEN message, but it will respond to an OPEN message. When a BGP neighbor connection with authentication configured is rejected by a passive peer-group, FTOS does not allow another passive peer-group on the same subnet to connect with the BGP neighbor.
www.dell.com | support.dell.com When you complete your migration, be sure to reconfigure your routers with the new information and disable this feature. Command Syntax Command Mode Purpose neighbor {IP address | peer-group-name local-as as number [no prepend] CONFIG-ROUTERBGP Allow external routes from this neighbor. Format: IP Address: A.B.C.D Peer Group Name: 16 characters AS-number: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) or 0.1-65535.
Allow an AS number to appear in its own AS path This command allows you to set the number of times a particular AS number can occur in the AS path. The allow-as feature permits a BGP speaker to allow the ASN to be present for specified number of times in the update received from the peer, even if that ASN matches its own. The AS-PATH loop is detected if the local ASN is present more than the specified number of times in the command.
www.dell.com | support.dell.com Enable graceful restart Use this feature to lessen the negative effects of a BGP restart. FTOS advertises support for this feature to BGP neighbors through a capability advertisement. You can enable graceful restart by router and/or by peer or peer group. Note: By default, BGP graceful restart is disabled. The default role for BGP on is as a receiving or restarting peer.
BGP graceful restart is active only when the neighbor becomes established. Otherwise, it is disabled. Graceful-restart applies to all neighbors with established adjacency. With the graceful restart feature, FTOS enables the receiving/restarting mode by default. In receiver-only mode, graceful restart saves the advertised routes of peers that support this capability when they restart. However, the E-Series does not advertise that it saves these forwarding states when it restarts.
www.dell.com | support.dell.
FTOS(config)#router bgp 99 FTOS(conf-router_bgp)#neigh AAA peer-group FTOS(conf-router_bgp)#neigh AAA no shut FTOS(conf-router_bgp)#show conf ! router bgp 99 neighbor AAA peer-group neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.155.15.2 shutdown FTOS(conf-router_bgp)#neigh 10.155.15.
www.dell.com | support.dell.com Table 9-4. Regular Expression Regular Expressions Definition ( ) (parenthesis) Specifies patterns for multiple use when followed by one of the multiplier metacharacters: asterisk *, plus sign +, or question mark ? [ ] (brackets) Matches any enclosed character; specifies a range of single characters - (hyphen) Used within brackets to specify a range of AS or community numbers. _ (underscore) Matches a ^, a $, a comma, a space, a {, or a }.
Command Syntax Command Mode Purpose redistribute ospf process-id [match external {1 | 2} | match internal] [metric-type {external | internal}] [route-map map-name] ROUTER BGP or CONF-ROUTER_BGPv6_ AF Include specific OSPF routes in IS-IS. Configure the following parameters: • process-id range: 1 to 65535 • match external range: 1 or 2 • match internal • metric-type: external or internal. • map-name: name of a configured route map. Enable additional paths By default, the add-path feature is disabled.
www.dell.com | support.dell.
Step Command Syntax Command Mode Purpose 2 {permit | deny} {{rt | soo} {ASN:NN | IPADDR:N} | regex REGEX-LINE} CONFIG-COMMUNITYLIST Two types of extended communities are supported. Filter routes based on the type of extended communities they carry using one of the following keywords: • rt: Route Target • soo: Route Origin or Site-of-Origin. Support for matching extended communities against regular expression is also supported.
www.dell.com | support.dell.com Step Command Syntax Command Mode Purpose 2 match {community community-list-name [exact] | extcommunity extcommunity-list-name [exact]} CONFIG-ROUTE-MAP Configure a match filter for all routes meeting the criteria in the IP Community or Extended Community list. 3 exit CONFIG-ROUTE-MAP Return to the CONFIGURATION mode. 4 router bgp as-number CONFIGURATION Enter the ROUTER BGP mode. AS-number: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) or 0.1-65535.
If you want to remove or add a specific COMMUNITY number from a BGP path, you must create a route map with one or both of the following statements in the route map. Then apply that route map to a BGP neighbor or peer group. Use these commands in the following sequence, starting in the CONFIGURATION mode: Step Command Syntax Command Mode Purpose route-map map-name [permit | deny] [sequence-number] CONFIGURATION Enter the ROUTE-MAP mode and assign a name to a route map.
www.dell.com | support.dell.com * i 4.21.132.0/23 *>i 4.24.118.16/30 *>i 4.24.145.0/30 *>i 4.24.187.12/30 *>i 4.24.202.0/30 *>i 4.25.88.0/30 *>i 6.1.0.0/16 *>i 6.2.0.0/22 *>i 6.3.0.0/18 *>i 6.4.0.0/16 *>i 6.5.0.0/19 *>i 6.8.0.0/20 *>i 6.9.0.0/20 *>i 6.10.0.0/15 *>i 6.14.0.0/15 *>i 6.133.0.0/21 *>i 6.151.0.0/16 --More-- 195.171.0.16 195.171.0.16 195.171.0.16 195.171.0.16 195.171.0.16 195.171.0.16 195.171.0.16 195.171.0.16 195.171.0.16 195.171.0.16 195.171.0.16 195.171.0.16 195.171.0.16 195.171.0.16 205.
Use the following command in the CONFIGURATION ROUTER BGP mode to change the default values of this attribute for all routes received by the router. Command Syntax Command Mode Purpose bgp default local-preference value CONFIG-ROUTERBGP Change the LOCAL_PREF value. • value range: 0 to 4294967295 • Default is 100. Use the show config command in CONFIGURATION ROUTER BGP mode or the show running-config bgp command in EXEC Privilege mode to view BGP configuration.
www.dell.com | support.dell.com You can also use route maps to change this and other BGP attributes. For example, you can include the following command in a route map to specify the next hop address: Command Syntax Command Mode Purpose set next-hop ip-address CONFIG-ROUTE-MAP Sets the next hop address. Change WEIGHT attribute Use the following command in CONFIGURATION ROUTER BGP mode to change the how the WEIGHT attribute is used.
Filter BGP routes Filtering routes allows you to implement BGP policies. You can use either IP prefix lists, route maps, AS-PATH ACLs or IP Community lists (via a route map) to control which routes are accepted and advertised by the BGP neighbor or peer group. Prefix lists filter routes based on route and prefix length, while AS-Path ACLs filter routes based on the Autonomous System number. Route maps can filter and set conditions, change attributes, and assign update policies.
www.dell.com | support.dell.com Step Command Syntax Command Mode Purpose 5 neighbor {ip-address | peer-group-name} distribute-list prefix-list-name {in | out} CONFIG-ROUTERBGP Filter routes based on the ccriteria in the configured prefix list. Configure the following parameters: • ip-address or peer-group-name: enter the neighbor’s IP address or the peer group’s name. • prefix-list-name: enter the name of a configured prefix list. • in: apply the prefix list to inbound routes.
Step Command Syntax Command Mode Purpose neighbor {ip-address | peer-group-name} route-map map-name {in | out} CONFIG-ROUTER-BGP Filter routes based on the criteria in the configured route map. Configure the following parameters: • ip-address or peer-group-name: enter the neighbor’s IP address or the peer group’s name. • map-name: enter the name of a configured route map. • in: apply the route map to inbound routes. • out: apply the route map to outbound routes.
www.dell.com | support.dell.com Configure BGP route reflectors BGP route reflectors are intended for Autonomous Systems with a large mesh and they reduce the amount of BGP control traffic. With route reflection configured properly, IBGP routers are not fully meshed within a cluster but all receive routing information. Configure clusters of routers where one router is a concentration router and others are clients who receive their updates from the concentration router.
Use the following command in the CONFIGURATION ROUTER BGP mode to aggregate routes. Command Syntax Command Mode Purpose aggregate-address ip-address mask [advertise-map map-name] [as-set] [attribute-map map-name] [summary-only] [suppress-map map-name] CONFIG-ROUTERBGP Assign the IP address and mask of the prefix to be aggregated.
www.dell.com | support.dell.com Use the following commands in the CONFIGURATION ROUTER BGP mode to configure BGP confederations. Command Syntax Command Mode Purpose bgp confederation identifier as-number CONFIG-ROUTERBGP Specifies the confederation ID. AS-number: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) bgp confederation peers as-number [... as-number] CONFIG-ROUTERBGP Specifies which confederation sub-AS are peers.
FTOS(conf-router_bgp)#bgp dampening ? <1-45> Half-life time for the penalty (default = 15) route-map Route-map to specify criteria for dampening FTOS(conf-router_bgp)#bgp dampening 2 ? <1-20000> Value to start reusing a route (default = 750) FTOS(conf-router_bgp)#bgp dampening 2 2000 ? <1-20000> Value to start suppressing a route (default = 2000) FTOS(conf-router_bgp)#bgp dampening 2 2000 3000 ? <1-255> Maximum duration to suppress a stable route (default = 60) FTOS(conf-router_bgp)#bgp dampening 2 200
www.dell.com | support.dell.com Command Syntax Command Mode Purpose set dampening half-life reuse CONFIG-ROUTE-MAP Enter the following optional parameters to configure route dampening parameters: • half-life range: 1 to 45. Number of minutes after which the Penalty is decreased. After the router assigns a Penalty of 1024 to a route, the Penalty is decreased by half after the half-life period expires. (Default: 15 minutes) • reuse range: 1 to 20000.
Use the following command in EXEC and EXEC Privilege mode to view statistics on route flapping. Command Syntax Command Mode Purpose show ip bgp flap-statistics [ip-address [mask]] [filter-list as-path-name] [regexp regular-expression] EXEC EXEC Privilege View all flap statistics or for specific routes meeting the following criteria: • ip-address [mask]: enter the IP address and mask • filter-list as-path-name: enter the name of an AS-PATH ACL.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose timers bgp keepalive holdtime CONFIG-ROUTERBGP Configure timer values for all neighbors. • keepalive range: 1 to 65535. Time interval, in seconds, between keepalive messages sent to the neighbor routers. (Default: 60 seconds) • holdtime range: 3 to 65536. Time interval, in seconds, between the last keepalive message and declaring the router dead.
Command Syntax Command Mode Purpose Entering this command starts the storage of updates, which is required to do inbound soft reconfiguration. Outbound BGP soft reconfiguration does not require inbound soft reconfiguration to be enabled. When soft-reconfiguration is enabled for a neighbor and the clear ip bgp soft in command is executed, the update database stored in the router is replayed and updates are reevaluated.
www.dell.com | support.dell.com Match Clause with a Continue Clause The continue feature can exist without a match clause. Without a match clause, the continue clause executes and jumps to the specified route-map entry. With a match clause and a continue clause, the match clause executes first and the continue clause next in a specified route map entry. The continue clause launches only after a successful match.
Command Syntax Command Mode Purpose neighbor [ip-address | peer-group-name] activate CONFIG-ROUTER-BGP-AF (Address Family) Enable IPv4 Multicast support on a BGP neighbor/peer group When a peer is configured to support IPv4 Multicast, FTOS takes the following actions: • • • • • Send a capacity advertisement to the peer in the BGP Open message specifying IPv4 Multicast as a supported AFI/SAFI (Subsequent Address Family Identifier).
www.dell.com | support.dell.com Command Syntax Command Mode Purpose debug ip bgp [ip-address | peer-group peer-group-name] keepalive [in | out] EXEC Privilege View information about BGP KEEPALIVE messages. debug ip bgp [ip-address | peer-group peer-group-name] notifications [in | out] EXEC Privilege View information about BGP notifications received from or sent to neighbors.
Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) For address family: IPv4 Unicast BGP table version 1395, neighbor version 1394 Prefixes accepted 1 (consume 4 bytes), 0 withdrawn by peer Prefixes advertised 0, rejected 0, 0 withdrawn from peer Connections established 3; dropped 2 Last reset 00:00:12, due to Missing well known att
www.dell.com | support.dell.
172.30.1.250 18508 243295 25 313511 0 0 00:12:46 207896 PDU Counters FTOS version 7.5.1.0 introduces additional counters for various types of PDUs sent and received from neighbors. These are seen in the output of the command show ip bgp neighbor. Sample Configurations The following configurations are examples for enabling BGP and setting up some peer groups. These are not comprehensive directions. They are intended to give you a some guidance with typical configurations.
www.dell.com | support.dell.com Example: Enable BGP, Router 1 R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int gig 1/21 R1(conf-if-gi-1/21)#ip address 10.0.1.21/24 R1(conf-if-gi-1/21)#no shutdown R1(conf-if-gi-1/21)#show config ! interface GigabitEthernet 1/21 ip address 10.0.1.
192.168.128.2 192.168.128.3 R1# 99 100 4 5 5 4 4 1 0 0 0 00:00:32 0 00:00:09 1 4 Example: Enable BGP, Router 2 R2# conf R2(conf)#int loop 0 R2(conf-if-lo-0)#ip address 192.168.128.2/24 R2(conf-if-lo-0)#no shutdown R2(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.2/24 no shutdown R2(conf-if-lo-0)#int gig 2/11 R2(conf-if-gi-2/11)#ip address 10.0.1.22/24 R2(conf-if-gi-2/11)#no shutdown R2(conf-if-gi-2/11)#show config ! interface GigabitEthernet 2/11 ip address 10.0.1.
www.dell.com | support.dell.com BGP router identifier 192.168.128.2, local AS number 99 BGP table version is 1, main routing table version 1 1 network entrie(s) using 132 bytes of memory 3 paths using 204 bytes of memory BGP-RIB over all using 207 bytes of memory 2 BGP path attribute entrie(s) using 128 bytes of memory 2 BGP AS-PATH entrie(s) using 90 bytes of memory 2 neighbor(s) using 9216 bytes of memory Neighbor 192.168.128.1 192.168.128.
! router bgp 100 network 192.168.128.0/24 neighbor 192.168.128.1 remote-as 99 neighbor 192.168.128.1 update-source Loopback 0 neighbor 192.168.128.1 no shutdown neighbor 192.168.128.2 remote-as 99 neighbor 192.168.128.2 update-source Loopback 0 neighbor 192.168.128.2 no shutdown R3(conf)#end R3#show ip bgp summary BGP router identifier 192.168.128.
www.dell.com | support.dell.com BGP router identifier 192.168.128.1, local AS number 99 BGP table version is 1, main routing table version 1 1 network entrie(s) using 132 bytes of memory 3 paths using 204 bytes of memory BGP-RIB over all using 207 bytes of memory 2 BGP path attribute entrie(s) using 96 bytes of memory 2 BGP AS-PATH entrie(s) using 74 bytes of memory 2 neighbor(s) using 8672 bytes of memory Neighbor AS MsgRcvd 192.168.128.2 99 192.168.128.
BGP neighbor is 192.168.128.3, remote AS 100, external link Member of peer-group BBB for session parameters BGP version 4, remote router ID 192.168.128.
www.dell.com | support.dell.com neighbor 192.168.128.3 update-source Loopback 0 neighbor 192.168.128.3 no shutdown R2(conf-router_bgp)#end R2# R2#show ip bgp summary BGP router identifier 192.168.128.
2 BGP path attribute entrie(s) using 128 bytes of memory 2 BGP AS-PATH entrie(s) using 90 bytes of memory 2 neighbor(s) using 9216 bytes of memory Neighbor AS 192.168.128.1 99 192.168.128.2 99 R3#show ip bgp neighbor MsgRcvd 93 122 MsgSent TblVer InQ 99 120 1 1 0 0 OutQ Up/Down State/Pfx (0) 00:00:15 (0) 00:00:11 1 1 BGP neighbor is 192.168.128.1, remote AS 99, external link Member of peer-group BBB for session parameters BGP version 4, remote router ID 192.168.128.
www.dell.com | support.dell.
10 Bare Metal Provisioning 2.0 Bare Metal Provisioning 2.0 is included as part of the FTOS image. It is supported on the following platforms: and S4820T Bare Metal Provisioning (BMP) improves accessibility to the switch by automatically loading pre-defined configurations and boot images that are stored in file servers. BMP can be used on a single switch or on multiple switches. Note: Some of the configuration examples in this chapter use “S4810” within their commands.
www.dell.com | support.dell.com Restrictions BMP 2.0 is supported on the user ports and management ports of a switch. Overview On a new factory-loaded switch, the switch boots up in Jumpstart mode. You can reconfigure a switch to reload between Normal and Jumpstart mode. • • Jumpstart (BMP) mode: The switch automatically configures all ports (management and user ports) as Layer 3 physical ports and acts as a DHCP client on the ports for a user-configured time (DHCP timeout).
To display the currently configured reload mode for a switch running BMP version 2.0, enter the show reload-type or show bootvar command. FTOS#show reload type Reload-Type : config-download : dhcp-timeout : jump-start [Next boot :jump-start] enable 10 FTOS#show bootvar . . content truncated.. Reload Mode = jump-start File URL = tftp:/30.0.0.1/FTOS-SE-8-3-8-17.
www.dell.com | support.dell.com The DHCP option codes used are: •6 •66 •67 •150 •209 Domain Name Server IP TFTP Server name Boot filename TFTP server IP address Configuration File Note: The boot file name and configuration file name must be in the correct format. If it is not, the switch will be unable to download the file from the DHCP server, and will behave as if the server could not be reached.
Following is an example of a configuration of the DHCP server included on the most popular Linux distributions. The dhcpd.conf file shows assignment of a fixed IP address and configuration file based on the MAC address of the switch. Parameter Example Description option boot-filename code 67 = text; option tftp-server-address code 150 = ip-address; option config-file code 209 = text; subnet 10.20.30.0 netmask 255.255.255.0 { option domain-name-servers 20.30.40.1, 20.30.40.
www.dell.com | support.dell.com File Server Set up a file server and ensure connectivity. The server that holds the boot and configuration files must be configured as the network source for the switch. The switch recognizes HTTP, TFTP, FTP, and Flash URLs.
3. The IP address, boot image filename and the configuration filename are reserved for the switch and provided in the DHCP reply (one-file read method). The switch receives its IP address, subnet mask, DHCP server IP, TFTP server address, DNS server IP, bootfile name and the configuration filename from the DHCP server. If a DHCP offer has no image path or configuration file path it is considered to be an invalid BMP DHCP offer, the offer is ignored.
www.dell.com | support.dell.com c 260 If the configuration file is downloaded from the server, any saved startup-configuration on the flash is ignored. If no configuration file is downloaded from the server or the config-download parameter is disable, the startup-configuration file on the flash is loaded as in normal reload. 6. When the FTOS image and the configuration file have been downloaded, the IP address is released.
11 Content Addressable Memory (CAM) Content Addressable Memory (CAM) is supported on platforms: et c s S4820T • • • • • • • • • • • • • • • • • • • Content Addressable Memory CAM Profiles Microcode CAM Profiling for ACLs When to Use CAM Profiling Differences Between EtherScale and TeraScale Important Points to Remember Select CAM Profiles CAM Allocation Test CAM Usage View CAM Profiles View CAM-ACL settings View CAM-ACL settings Configure IPv4Flow Sub-partitions Configure Ingress Layer 2 ACL Sub-partitio
www.dell.com | support.dell.com • The TeraScale EG-series line cards are dual-CAM and use two 18 Megabit CAM modules with a dedicated 512 IPv4 Forwarding Information Base (FIB), and flexible CAM allocations for Layer2, FIB, and ACLs. Either ExaScale 10G or 40G CAM line cards can be used in a system. • CAM Profiles Dell Force10 systems partition each CAM module so that it can store the different types of information. The size of each partition is specified in the CAM profile.
Table 11-1. CAM Profile Descriptions CAM Profile Description unified-default Maintains the CAM allocations for the and IPv4 FIB while allocating more CAM space for the Ingress and Egress Layer 2 ACL, and IPv4 ACL regions. Available Microcodes: ipv6-extacl ipv4-64k-ipv6 Provides IPv6 functionality; an alternate to ipv6-extacl that redistributes CAM space from the IPv4FIB to IPv4Flow and IPv6FIB. Available Microcodes: ipv6-extacl The size of CAM partitions is measured in entries.
www.dell.com | support.dell.com There is a default microcode, and several other microcodes are available, so that you can adjust packet handling according to your application. Specifying a microcode is mandatory when selecting a CAM profile (though you are not required to change it). Note: Not all CAM profiles and microcodes are available for all systems. Refer to the Command Line Interface Reference Guide for details regarding available profiles for each system. Table 11-3.
Table 11-4. Layer 2 ACL CAM Sub-partition Sizes Partition % Allocated L2ACL 14 PVST 50 QoS 12 L2PT 13 FRRP 5 You can re-configure the amount of space, in percentage, allocated to each sub-partition. As with the IPv4Flow partition, you can configure the Layer 2 ACL partition from EXEC Privilege mode or CONFIGURATION mode. The amount of space that you can distribute to the sub-partitions is equal to the amount of CAM space that the selected CAM profile allocates to the Layer 2 ACL partition.
www.dell.com | support.dell.com • If you insert a dual-CAM line card into a chassis with a single-CAM profile, the line card boots with a matching profile, but operates with a lower capability.
When to Use CAM Profiling The CAM profiling feature enables you to partition the CAM to best suit your application. For example: • • • • • • Configure more Layer 2 FIB entries when the system is deployed as a switch. Configure more Layer 3 FIB entries when the system is deployed as a router. Configure more ACLs (when IPv6 is not employed). Hash MPLS packets based on source and destination IP addresses for LAGs. Refer to LAG Hashing. Hash based on bidirectional flow for LAGs.
www.dell.com | support.dell.com Select CAM Profiles A CAM profile is selected in CONFIGURATION mode. The CAM profile is applied to entire system, however, you must save the running-configuration to affect the change. All components in the chassis must have the same CAM profile and microcode. The profile and microcode loaded on the primary RPM determines the profile that is required on all other chassis components.
• • • ECFMACL (ecfmacl): 0 VMAN QoS (vman-qos): 0 VMAN Dual QoS (vman-dual-qos): 0 The following additional CAM Allocation settings are supported on the • • : and S4820T FCoE ACL (fcoeacl): 0 ISCSI Opt ACL (iscsioptacl): 2 The ipv6acl and vman-dual-qos allocations must be entered as a factor of 2 (2, 4, 6, 8, 10). All other profile allocations can use either even or odd numbered ranges.
www.dell.com | support.dell.com Use this command to determine whether sufficient ACL CAM space is available to enable a service-policy. Create a Class Map with all required ACL rules, then execute the test cam-usage command in Privilege mode to verify the actual CAM space required. The following example gives a sample of the output shown when executing the command. The status column indicates whether or not the policy can be enabled.
FTOS#show running-config cam-profile ! cam-profile default microcode default FTOS# View CAM-ACL settings The show cam-acl command is supported on platforms cs S4820T View the current cam-acl settings for the C-Series, S-Series and systems chassis and each component using the command show cam-acl, as shown in as shown in the following examples.
www.dell.com | support.dell.
1 | | | | | | | | | | | | | | | | 1 --More-- | | | | | | | | | | | | | | | | IN-L3-TrcList IN-L3-McastFib IN-L3-Qos IN-L3-PBR IN-V6 ACL IN-V6 FIB IN-V6-SysFlow IN-V6-McastFib OUT-L2 ACL OUT-L3 ACL OUT-V6 ACL IN-L2 ACL IN-L2 FIB IN-L3 ACL IN-L3 FIB IN-L3-SysFlow | | | | | | | | | | | | | | | | 1024 9215 8192 1024 0 0 0 0 1024 1024 0 320 32768 12288 262141 2878 | | | | | | | | | | | | | | | | 0 0 0 0 0 0 0 0 0 0 0 0 1136 2 14 44 | | | | | | | | | | | | | | | | 1024 9215 8192 1024 0 0 0 0 1024 1024
www.dell.com | support.dell.com The amount of space that is allocated among the sub-partitions must be equal to the amount of CAM space allocated to IPv4Flowby the selected CAM profile (refer to Table 11-1.); Message 3 is displayed if the total allocated space is not correct. Message 3 IPv4Flow Configuration Error % Error: Total size must add up to match IPv4flow size of 24K required by the configured profile.
Pbr Qos System Flow Trace Lists : : : : 2K 7K 6K 1K 1K 8K 5K 1K Content Addressable Memory (CAM) | 275
www.dell.com | support.dell.com Configure Ingress Layer 2 ACL Sub-partitions IPv4Flow sub-partitions are supported on platform e The Ingress Layer 2 ACL CAM partition has sub-partitions for several types of information. Table 11-6 lists the sub-partition and the percentage of the Ingress Layer 2 ACL CAM partition that FTOS allocates to each by default. Table 11-6.
To re-allocate CAM space within the Ingress Layer 2 ACL partition on the entire system as shown in the following example. : Step Task Command Syntax Command Mode 1 Re-allocate CAM space within the Ingress Layer 2 ACL partition. cam-l2acl CONFIGURATION 2 Save the running-configuration. copy running-config startup-config EXEC Privilege 3 Verify that FTOS will write the new CAM configuration to the CAM on the next boot. show cam-l2acl EXEC Privilege 4 Reload the system.
www.dell.com | support.dell.com Return to the Default CAM Configuration Return to the default CAM Profile, microcode, IPv4Flow, or Layer 2 ACL configuration using the keyword default from EXEC Privilege mode or from CONFIGURATION mode, as shown in the following example.
• • • • When MPLS IP packets are received, FTOS looks up to 5 labels deep for the IP header. When an IP header is present, hashing is based on IP 3 tuple (source IP address, destination IP address, and IP protocol). If an IP header is not found after the 5th label, hashing is based on the MPLS labels. If the packet has more than 5 MPLS labels, hashing is based on the source and destination MAC address. To enable this type of hashing, use the default CAM profile with the microcode lag-hash-mpls.
www.dell.com | support.dell.com • • • Change to the default profile if downgrading to and FTOS version earlier than 6.3.1.1. Use the CONFIGURATION mode commands so that the profile is change throughout the system. Use the EXEC Privilege mode commands to match the profile of a component to the profile of the target system. QoS CAM Region Limitation The default CAM profile allocates a partition within the IPv4Flow region to store QoS service policies.
12 Control Plane Policing (CoPP) Control Plane Policing (CoPP) is supported on platform: and S4820T Overview Control Plane Policing (CoPP) uses ACL rules and QoS policies to create filters for a system’s control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, rate-limits, traffic to an acceptable level.
Q5 Q4 CPU Processes (OSPF, LACP, STP, ICMP, etc) Q6 400 PPS (Ingress Flow Entries) Packets Protocol to Queue Classification ICMP PING Front End Ports STP Q7 1100 PPS CPU Software Queue www.dell.com | support.dell.com OPSF flood CPU at 1100 PPS ICMP fails Hardware Queue Rate Limiting No CoPP Rules Q3 Q2 Q1 STP Q0 Q7 receives STP at 1100 pps due to network storm/loop. The CPU is hit with the entire 1100 pps and the PING attemp fails intermittently.
The CoPP policies are configured by creating extended ACL rules and specifying rate-limits through QoS policies. The ACLs and QoS policies are assigned as service-policies. Configure CoPP for protocols This section lists the commands necessary to create and enable the service-policies for CoPP. Refer to Access Control Lists (ACLs) and Quality of Service (QoS) for complete information about creating ACLs and QoS rules.
www.dell.com | support.dell.
Match QoS Class Map to QoS Policy FTOS(conf)#policy-map-input egressFP_rate_policy cpu-qos FTOS(conf-policy-map-in-cpuqos)#class-map class_ospf qos-policy rate_limit_500k FTOS(conf-policy-map-in-cpuqos)#class-map class_bgp qos-policy rate_limit_400k FTOS(conf-policy-map-in-cpuqos)#class-map class_lacp qos-policy rate_limit_200k FTOS(conf-policy-map-in-cpuqos)#class-map class-ipv6 qos-policy rate_limit_200k FTOS(conf-policy-map-in-cpuqos)#exit Create Control Plane Service Policy FTOS(conf)#control-plane-cpu
www.dell.com | support.dell.
FTOS# Use the show mac protocol-queue-mapping command to view the queue mapping for the MAC protocols.
www.dell.com | support.dell.
13 Data Center Bridging (DCB) The data center bridging (DCB) features are supported on the .
www.dell.com | support.dell.com For example, instead of deploying an Ethernet network for LAN traffic, additional storage area networks (SANs) to ensure lossless fiber-channel traffic, and a separate InfiniBand network for high-performance inter-processor computing within server clusters, only one DCB-enabled network is required in a data center.
PFC enhances the existing 802.3x pause and 802.1p priority capabilities to enable flow control based on 802.1p priorities (classes of service). Instead of stopping all traffic on a link (as performed by the traditional Ethernet pause mechanism), PFC pauses traffic on a link according to the 802.1p priority set on a traffic type. You can create lossless flows for storage and server traffic while allowing for loss in case of LAN traffic congestion on the same physical interface.
www.dell.com | support.dell.com Enhanced Transmission Selection Enhanced transmission selection (ETS) supports optimized bandwidth allocation between traffic types in multiprotocol (Ethernet, FCoE, SCSI) links. ETS allows you to divide traffic according to its 802.1p priority into different priority groups (traffic classes) and configure bandwidth allocation and queue scheduling for each group to ensure that each traffic type is correctly prioritized and receives its required bandwidth.
• • • Bandwidth allocated by the ETS algorithm is made available after strict-priority groups are serviced. If a priority group does not use its allocated bandwidth, the unused bandwidth is made available to other priority groups. For ETS traffic selection, an algorithm is applied to priority groups using: • Strict-priority shaping • ETS shaping Credit-based shaping is not supported. ETS uses the DCB MIB IEEE 802.1azd2.5.
www.dell.com | support.dell.com Figure 13-3. DCB PFC and ETS Traffic Handling Enabling Data Center Bridging Data center bridging (DCB) is automatically configured when FCoE or iSCSI Optimization are configured. Data center bridging supports converged enhanced Ethernet (CEE) in a data center network. DCB is disabled by default. It must be enabled to support CEE.
Task Command Command Mode Set PFC buffering on the DCB stack unit. dcb stack-unit all pfc-buffering pfc-ports 64 pfc-queues 2 CONFIGURATION Note: Save the configuration and reboot the system to save the pfc buffering configuration changes. FTOS Behavior: DCB is not supported if you enable link-level flow control on one or more interfaces (refer to Ethernet Pause Frames on page 470).
www.dell.com | support.dell.com Table 13-1. dot1p Priority-Queue Assignment dot1p Value in Incoming Frame Egress Queue Assignment 0 0 1 0 2 0 3 1 4 2 5 3 6 3 7 3 Configuring Priority-Based Flow Control Priority-based flow control (PFC) provides a flow control mechanism based on the 802.1p priorities in converged Ethernet traffic received on an interface and is enabled by default when DCB is enabled.
Step 3 Task Command Command Mode Configure the CoS traffic to be stopped for the specified delay. Enter the 802.1p values of the frames to be paused. Range: 0-7. Default: None. Maximum number of loss less queues supported on the switch: 2. Separate priority values with a comma. Specify a priority range with a dash, for example: pfc priority pfc priority priority-range DCB INPUT POLICY 1,3,5-7.
www.dell.com | support.dell.com FTOS Behavior: As soon as you apply a DCB policy with PFC enabled on an interface, DCBx starts exchanging information with PFC-enabled peers. The IEEE802.1Qbb, CEE and CIN versions of PFC TLV are supported. DCBx also validates PFC configurations that are received in TLVs from peer devices. By applying a DCB input policy with PFC enabled, you enable PFC operation on ingress port traffic.
A DCB input policy for PFC applied to an interface may become invalid if dot1p-queue mapping is reconfigured (refer to Create Input Policy Maps in Chapter 38, Quality of Service (QoS)). This situation occurs when the new dot1p-queue assignment exceeds the maximum number (2) of lossless queues supported globally on the switch. In this case, all PFC configurations received from PFC-enabled peers are removed and re-synchronized with the peer devices.
www.dell.com | support.dell.com FTOS Behavior: By default, no lossless queues are configured on a port. A limit of two lossless queues are supported on a port. If the amount of priority traffic that you configure to be paused exceeds the two lossless queues, an error message is displayed. You must reconfigure the input policy using a smaller number of PFC priorities.
DCB and Switch Stacking Caveats for the S4820T The following is a list of behaviors and limitations regarding the use of DCB over S4820T ports involved in switch stacking: • • • • You can enable DCB only on 40 Gig (QSPF+) ports. DCB is not supported over any of the 48 RJ-45 10 Gig ports while they are configured in stacking mode. You cannot configure stacking on any of the 48 RJ-45 10 Gig ports, if DCB is enabled on any of the 40 Gig stacking ports.
www.dell.com | support.dell.com • • • When allocating bandwidth or configuring a queue scheduler for dot1p priorities in a priority group on a DCBx CIN interface, take into account the CIN bandwidth allocation (Configuring Bandwidth Allocation for DCBx CIN) and dot1p-queue mapping (Table 13-1).
Step 3 Task Command Command Mode (Optional) Configure the bandwidth percentage allocated to priority traffic in port queues. Percentage range: 1 to 100% in units of 1%. The sum of bandwidth percentage assigned to dot1p priorities/queues in a priority group should be 100%. Default: None. bandwidth-percentage percentage POLICY-MAP-OUT-ETS exit POLICY-MAP-OUT-ETS Note: If you configure bandwidth allocation, you cannot configure a scheduling method in Step 2.
www.dell.com | support.dell.com FTOS Behavior: Traffic in priority groups is assigned to strict-queue or WERR scheduling in an ETS output policy and is managed using the ETS bandwidth-assignment algorithm. FTOS de-queues all frames of strict-priority traffic before servicing any other queues. A queue with strict-priority traffic can starve other queues in the same port. ETS-assigned bandwidth allocation and scheduling apply only to data queues, not to control queues.
Creating an ETS Priority Group An ETS priority group specifies the range of 802.1p priority traffic to which a QoS output policy with ETS settings is applied on an egress interface. You can associate a priority group to more than one ETS output policy on different interfaces. To create a priority group for ETS, follow these steps: Step Task Command Command Mode 1 Create an ETS priority group to use with an ETS output policy. Maximum: 32 characters.
www.dell.com | support.dell.com Applying an ETS Output Policy for a Priority Group to an Interface 306 To apply ETS on egress port traffic, you must associate a priority group with an ETS output policy which has scheduling and bandwidth configuration in a DCB output policy, and then apply the output policy to an interface. To apply ETS on egress port traffic, follow these steps: Step | Task Command Command Mode 1 Create a DCB output policy to associate an ETS configuration with priority traffic.
FTOS Behavior: Create a DCB output policy to associate a priority group with an ETS output policy with scheduling and bandwidth configuration. You can apply a DCB output policy on multiple egress ports. The ETS configuration associated with 802.1p priority traffic in a DCB output policy is used in DCBx negotiation with ETS peers. When you apply an ETS output policy to an interface, ETS-configured scheduling and bandwidth allocation take precedence over any configured settings in the QoS output policies.
www.dell.com | support.dell.com - The priority group for strict-priority scheduling (scheduler strict command; Creating a QoS ETS Output Policy) If you configure only the priority group in an ETS output policy or only the dot1p priority for strict-priority scheduling, the flow is handled with group strict priority.
Applying DCB Policies in a Switch Stack Note: The S4820T does not support DCB on any of the 48 RJ-45 10 Gigabit stacking links. You can apply a DCB input policy with PFC configuration to all stacked ports in a switch stack or on a stacked switch. You can apply different DCB input policies to different stacked switches. Task Command Command Mode Apply the specified DCB input policy on all ports of the switch stack or a single stacked switch.
www.dell.com | support.dell.com Configuring DCBx Operation The data center bridging exchange protocol (DCBx) is used by DCB devices to exchange configuration information with directly connected peers using the link layer discovery protocol (LLDP) protocol. DCBx can detect the mis-configuration of a peer DCB device, and optionally, configure peer DCB devices with DCB feature settings to ensure consistent operation in a data center network.
• • • When an auto-upstream port (besides the configuration source) receives and overwrites its configuration with internally propagated information, one of the following actions is taken: • If the peer configuration received is compatible with the internally propagated port configuration, the link with the DCBx peer is enabled.
www.dell.com | support.dell.com Default DCBx port role: Manual. Note: On a DCBx port, application priority TLV advertisements are handled as follows: - The application priority TLV is transmitted only if the priorities in the advertisement match the configured PFC priorities on the port. - On auto-upstream and auto-downstream ports: - If a configuration source is elected, the ports send an application priority TLV based on the application priority TLV received on the configuration-source port.
• • • The port is enabled with link up and DCBx enabled. The port has performed a DCBx exchange with a DCBx peer. The switch is capable of supporting the received DCB configuration values through either a symmetric or asymmetric parameter exchange. A newly elected configuration source propagates configuration changes received from a peer to the other auto-configuration ports.
www.dell.com | support.dell.com If you configure a DCBx port to operate with a specific version (DCBx version {cee | cin | ieee-v2.5} command in the DCBx Configuration Procedure), DCBx operations are performed according to the configured version, including fast and slow transmit timers and message formats. If a DCBx frame with a different version is received, a syslog message is generated and the peer version is recorded in the peer status table.
Figure 13-4.
www.dell.com | support.dell.com DCBx Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure DCBx operation on a port: • • DCBx requires LLDP in both send (TX) and receive (RX) mode to be enabled on a port interface (protocol lldp mode command; refer to the example in CONFIGURATION versus INTERFACE Configurations in the Link Layer Discovery Protocol (LLDP) chapter). If a multiple DCBx peer ports are detected on a local DCBx interface, LLDP is shut down.
Step Task Command Command Mode 3 Configure the DCBx version used on the interface, where: auto configures the port to operate using the DCBx version received from a peer. • cee configures the port to use CEE (Intel 1.01). • cin configures the port to use Cisco-Intel-Nuova (DCBx 1.0). • ieee-v2.5 configures the port to use IEEE 802.1Qaz (Draft 2.5). Default: Auto. [no] DCBx version {auto | cee | cin | ieee-v2.
www.dell.com | support.dell.com Step 6 Task Command Command Mode On manual ports only: Configure the Application Priority TLVs advertised on the interface to DCBx peers, where: • fcoe enables the advertisement of FCoE in Application Priority TLVs. • iscsi enables the advertisement of iSCSI in Application Priority TLVs. Default: Application Priority TLVs are enabled to advertise FCoE and iSCSI.
Step 4 Task Command Command Mode Configure the PFC and ETS TLVs to be advertised on un-configured interfaces with a manual port-role, where: • ets-conf enables transmission of ETS Configuration TLVs. • ets-reco enables transmission of ETS Recommend TLVs. • pfc enables transmission of PFC TLVs.
www.dell.com | support.dell.com DCBx Error Messages An error in DCBx operation is displayed using the syslog messages: LLDP_MULTIPLE_PEER_DETECTED: DCBx is operationally disabled after detecting more than one DCBx peer on the port interface. LLDP_PEER_AGE_OUT: DCBx is disabled as a result of LLDP timing out on a DCBx peer interface.
Verifying DCB Configuration Use the show commands in Table 13-2 to display DCB configurations. Table 13-2. Displaying DCB Configurations Command Output show dot1p-queue mapping Displays the current 802.1p priority-queue mapping. show dcb [stack-unit unit-number] Displays data center bridging status, number of PFC-enabled ports, and number of PFC-enabled queues. On the master switch in a stack, you can specify a stack-unit number. Range is : 0 to 5.
www.dell.com | support.dell.com Figure 13-7. show qos dcb-input Command Example FTOS(conf)# show qos dcb-input dcb-input pfc-profile pfc link-delay 32 pfc priority 0-1 dcb-input pfc-profile1 no pfc mode on pfc priority 6-7 Figure 13-8. show qos dcb-output Command Example FTOS# show qos dcb-output dcb-output ets priority-group san qos-policy san priority-group ipc qos-policy ipc priority-group lan qos-policy lan Figure 13-9.
Figure 13-10.
www.dell.com | support.dell.com Table 13-3. 324 show interface pfc summary Command Description Field | Description Remote is enabled, Priority list Remote Willing Status is enabled Operational status (enabled or disabled) of peer device for DCBx exchange of PFC configuration with a list of the configured PFC priorities. Willing status of peer device for DCBx exchange (Willing bit received in PFC TLV): enabled or disabled.
Table 13-3. show interface pfc summary Command Description Field PFC TLV Statistics: Pause Rx pkts Figure 13-11.
www.dell.com | support.dell.com Figure 13-12.
FTOS(conf)# show interfaces tengigabitethernet 0/0 ets detail Interface TenGigabitEthernet 0/0 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters : -----------------Admin is enabled TC-grp Priority# Bandwidth TSA 0 0,1,2,3,4,5,6,7 100% ETS 1 0% ETS 2 0% ETS 3 0% ETS 4 0% ETS 5 0% ETS 6 0% ETS 7 0% ETS Priority# Bandwidth TSA 0 13% ETS 1 13% ETS 2 13% ETS 3 13% ETS 4 12% ETS 5 12% ETS 6 12% ETS 7 12% ETS Remote Parameters: ------------------Remote is disabled Local
www.dell.com | support.dell.com Figure 13-13.
Table 13-4. show interface ets detail Command Description Field Description Interface Interface type with stack-unit and port number. Max Supported TC Group Maximum number of priority groups supported. Number of Traffic Classes Number of 802.1p priorities currently configured. Admin mode ETS mode: on or off. When on, the scheduling and bandwidth allocation configured in an ETS output policy or received in a DCBx TLV from a peer can take effect on an interface.
www.dell.com | support.dell.com Figure 13-14.
Figure 13-16.
www.dell.com | support.dell.com Figure 13-17.
Table 13-5. show interface DCBx detail Command Description Field Description Local DCBx Compatibility mode DCBx version accepted in a DCB configuration as compatible. In auto-upstream mode, a port can only received a DCBx version supported on the remote peer. Local DCBx Configured mode DCBx version configured on the port: CEE, CIN, IEEE v2.5, or Auto (port auto-configures to use the DCBx version received from a peer).
www.dell.com | support.dell.com PFC and ETS Configuration Examples This section contains examples of how to configure and apply DCB input and output policies on an interface. Using PFC and ETS to Manage Data Center Traffic In the following example: • • • 334 | Incoming SAN traffic is configured for priority-based flow control. Outbound LAN, IPC, and SAN traffic is mapped into three ETS priority groups and configured for enhanced traffic selection (bandwidth allocation and scheduling).
Figure 13-18. Example: PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in Table 13-6. For more information, refer to QoS dot1p Traffic Classification and Queue Assignment.
www.dell.com | support.dell.com Table 13-6. Example: dot1p-Queue Assignment dot1p Value in Incoming Frame Queue Assignment 0 0 1 0 2 0 3 1 4 2 5 3 6 3 7 3 Lossless SAN traffic with dot1p priority 3 is assigned to queue 1. Other traffic types are assigned the 802.1p priorities shown in Table 13-7 and the bandwidth allocations shown in Table 13-8. Table 13-7. Example: dot1p-priority class group Assignment dot1p Value in Incoming Frame Table 13-8.
Figure 13-19.
www.dell.com | support.dell.com Figure 13-20.
Hierarchical Scheduling in ETS Output Policies ETS supports up to three levels of hierarchical scheduling. For example, you can apply ETS output policies with the following configurations: • • • Priority group 1 assigns traffic to one priority queue with 20% of the link bandwidth and strict-priority scheduling. Priority group 2 assigns traffic to one priority queue with 30% of the link bandwidth.
| Data Center Bridging (DCB) www.dell.com | support.dell.
14 Dynamic Host Configuration Protocol (DHCP) Dynamic Host Configuration Protocol (DHCP) is available on platforms: e c s S4820T z.
www.dell.com | support.dell.com DHCP Packet Format and Options DHCP uses UDP as its transport protocol. The server listens on port 67 and transmits to port 68; the client listens on port 68 and transmits to port 67. The configuration parameters are carried as options in the DHCP packet in Type, Length, Value (TLV) format; many options are specified in RFC 2132.
Assigning an IP Address using DHCP When a client joins a network: 1. The client initially broadcasts a DHCPDISCOVER message on the subnet to discover available DHCP servers. This message includes the parameters that the client requires and might include suggested values for those parameters. 2. Servers unicast or broadcast a DHCPOFFER message in response to the DHCPDISCOVER that offers to the client values for the requested parameters.
www.dell.com | support.dell.com Implementation Information • • The Dell Force10 implementation of DHCP is based on RFC 2131 and RFC 3046. IP Source Address Validation is a sub-feature of DHCP Snooping; FTOS uses ACLs internally to implement this feature and as such, you cannot apply ACLs to an interface which has IP Source Address Validation.
A DHCP server is a network device that has been programmed to provide network configuration parameters to clients upon request. Servers typically serve many clients, making host management much more organized and efficient. The key responsibilities of DHCP servers are: 1. Address Storage and Management: DHCP servers are the owners of the addresses used by DHCP clients.The server stores the addresses and manages their use, keeping track of which addresses have been allocated and which are still available. 2.
www.dell.com | support.dell.com Create an IP Address Pool An address pool is a range of IP addresses that may be assigned by the DHCP server. Address pools are indexed by subnet number. To create an address pool: Step Task Command Syntax Command Mode 1 Access the DHCP server CLI context. ip dhcp server CONFIGURATION 2 Create an address pool and give it a name. pool name DHCP 3 Specify the range of IP addresses from which the DHCP server may assign addresses. • network is the subnet address.
Specify an Address Lease Time Task Command Syntax Command Mode Specify an address lease time for the addresses in a pool. lease {days [hours] [minutes] | infinite} DHCP Default: 24 hours Specify a Default Gateway The IP address of the default router should be on the same subnet as the client. Task Command Syntax Command Mode Specify default gateway(s) for the clients on the subnet, in order of preference.
www.dell.com | support.dell.com Configure a Method of Hostname Resolution Dell Force10 systems are capable of providing DHCP clients with parameters for two methods of hostname resolution. Address Resolution using DNS A domain is a group of networks. DHCP clients query DNS IP servers when they need to correlate host names to IP addresses. Step Task Command Syntax Command Mode 1 Create a domain.
To create a manual binding: Step Task Command Syntax Command Mode 1 Create an address pool pool name DHCP 2 Specify the client IP address. host address DHCP 3 Specify the client hardware address. • hardware-address is the client MAC address. type is the protocol of the hardware platform. The default protocol is Ethernet. hardware-address hardware-address type DHCP Debug DHCP server Task Command Syntax Command Mode Display debug information for DHCP server.
Note: DHCP Relay is not available on Layer 2 interfaces and VLANs. HCP Relay Device DHCP Server 10.11.2.5 Broadcast Source IP : 10.11.1.5 Destination IP: 255.255.255.255 Source Port: 67 Destination Port: 68 Unicast Source IP : 10.11.1.5 Destination IP: 10.11.0.3 Source Port: 67 Destination Port: 68 Unicast www.dell.com | support.dell.com When ip helper-address is configured, the system listens for DHCP broadcast messages on port 67.
Configure the System for User Port Stacking When you set the DHCP offer on the DHCP server, you can set the stacking-option variable to provide the stack-port detail so a stack can be formed when the units are connected. Configure Secure DHCP The following feature is available on platforms: c es S4820T z except where noted. DHCP as defined by RFC 2131 provides no authentication or security mechanisms.
www.dell.com | support.dell.com The relay agent strips Option 82 from DHCP responses before forwarding them to the client. Task Command Syntax Command Mode Insert Option 82 into DHCP packets. For routers between the relay agent and the DHCP server, enter the trust-downstream option. ip dhcp relay information-option [trust-downstream] CONFIGURATION DHCP Snooping DHCP Snooping protects networks from spoofing. In the context of DHCP Snooping, all ports are either trusted or untrusted.
Enable DCHP snooping Step Task Command Syntax Command Mode 1 Enable DHCP Snooping globally. ip dhcp snooping CONFIGURATION 2 Specify ports connected to DHCP servers as trusted. ip dhcp snooping trust INTERFACE 3 Enable DHCP Snooping on a VLAN. ip dhcp snooping vlan CONFIGURATION Add a static entry in the binding table Task Command Syntax Command Mode Add a static entry in the binding table.
www.dell.com | support.dell.com View the DHCP Snooping statistics with the show ip dhcp snooping command. FTOS#show ip dhcp snooping IP IP IP IP DHCP DHCP DHCP DHCP Snooping Snooping Mac Verification Relay Information-option Relay Trust Downstream : : : : Enabled. Disabled. Disabled. Disabled.
View the number of entries in the table with the show ip dhcp snooping binding command. This output displays the snooping binding table created using the ACK packets from the trusted port. FTOS#show ip dhcp snooping binding Codes : S - Static D - Dynamic IP Address MAC Address Expires(Sec) Type VLAN Interface ======================================================================== 10.1.1.251 00:00:4d:57:f2:50 172800 D Vl 10 Gi 0/2 10.1.1.252 00:00:4d:57:e6:f6 172800 D Vl 10 Gi 0/1 10.1.1.
www.dell.com | support.dell.com • denial of service—an attacker can send a fraudulent ARP messages to a client to associate a false MAC address with the gateway address, which would blackhole all internet-bound packets from the client. Note: DAI uses entries in the L2SysFlow CAM region, a sub-region of SystemFlow. One CAM entry is required for every DAI-enabled VLAN. You can enable DAI on up to 16 VLANs on a system.
Use show arp inspection statistics command to see how many valid and invalid ARP packets have been processed. FTOS#show arp inspection statistics Dynamic ARP Inspection (DAI) Statistics --------------------------------------Valid ARP Requests Valid ARP Replies Invalid ARP Requests Invalid ARP Replies FTOS# : : : : 0 1000 1000 0 Bypass the ARP Inspection You can configure a port to skip ARP inspection by defining the interface as trusted, which is useful in multi-switch environments.
www.dell.com | support.dell.com The DHCP binding table associates addresses assigned by the DHCP servers, with the port on which the requesting client is attached. When IP Source Address Validation is enabled on a port, the system verifies that the source IP address is one that is associated with the incoming port. If an attacker is impostering as a legitimate client the source address appears on the wrong ingress port, and the system drops the packet.
Step 4 Task Command Syntax Command Mode Enable IP+MAC Source Address Validation. ip dhcp source-address-validation ipmac INTERFACE FTOS creates an ACL entry for each IP+MAC address pair in the binding table and applies it to the interface. Task Command Syntax Command Mode Display the IP+MAC ACL for an interface for the entire system.
www.dell.com | support.dell.
15 Equal Cost Multi-Path (ECMP) Equal Cost Multi-Path (ECMP) is supported on platforms: e c s S4820T ECMP for Flow-based Affinity ECMP for Flow-based Affinity is available on platforms: e S4820T The hashing algorithm on E-Series TeraScale and E-Series ExaScale are different. Hashing on ExaScale is based on CRC, checksum, or XOR, and the algorithm on TeraScale is based on checksum only.
www.dell.com | support.dell.com FTOS Behavior: In FTOS versions prior to 8.2.1.2, the ExaScale default hash-algorithm is 0. Beginning with version 8.2.1.2, the default hash-algorithm is 24. Deterministic ECMP Next Hop Deterministic ECMP Next Hop arranges all ECMPs in order before writing them into the CAM. For example, suppose the RTM learns 8 ECMPs in the order that the protocols and interfaces came up. In this case, the FIB and CAM sort them so that the ECMPs are always arranged.
In the illustration below, Core Router 1 is an E-Series TeraScale and Core Router 2 is an E-Series ExaScale. They have similar configurations and have routes for prefix P with two possible next-hops. When Deterministic ECMP is enabled and the hash algorithm and seed are configured the same, each flow is consistently sent to the same next hop even though they are routed through two different chassis.
www.dell.com | support.dell.com Enable link bundle monitoring using the ecmp-group command. Note: An ecmp-group index is generated automatically for each unique ecmp-group when the user configures multipath routes to the same network. The system can generate a maximum of 512 unique ecmp-groups. The ecmp-group indexes are generated in even numbers (0, 2, 4, 6... 1022) and are for information only.
16 Enabling FIPS Cryptography FIPS Cryptography is supported on the and the S4820T This chapter describes how to enable FIPS cryptography requirements on the Dell Force10 S4810 platform. This feature provides cryptographic algorithms conforming to various FIPS standards published by the National Institute of Standards and Technology (NIST), a non-regulatory agency of the US Department of Commerce.
www.dell.com | support.dell.com To enable FIPS mode: Task Command Syntax Command Mode Enable FIPS mode from a console port. fips mode enable CONFIG When the FIPS mode is enabled, the following actions are taken: • • • • If enabled, the SSH server will be disabled. All open SSH and Telnet sessions, as well as all SCP and FTP file transfers, will be closed. Any existing host keys (both RSA and RSA1) will be deleted from system memory and NVRAM storage. The FIPS mode is enabled.
Monitoring FIPS Mode Status The status of the current FIPS mode (Enabled/Disabled) can be viewed directly using either the show fips status command or the show system command as shown below. FTOS#show fips status FIPS Mode : Enabled for the system using the show system command.
| Enabling FIPS Cryptography www.dell.com | support.dell.
17 FIP Snooping FIP snooping is supported on platforms: S4820T This chapter describes the FIP snooping concepts and configuration procedures: • • • • • • • Fibre Channel over Ethernet Ensuring Robustness in a Converged Ethernet Network FIP Snooping on Ethernet Bridges FIP Snooping in a Switch Stack Configuring FIP Snooping Displaying FIP Snooping Information FIP Snooping Configuration Example Fibre Channel over Ethernet Fibre Channel over Ethernet (FCoE) provides a converged Ethernet network that allows
www.dell.com | support.dell.com To ensure similar Fibre Channel robustness and security with FCoE in an Ethernet cloud network, the Fibre Channel over Ethernet initialization protocol (FIP) establishes virtual point-to-point links between FCoE end-devices (server ENodes and target storage devices) and FCoE forwarders (FCFs) over transit FCoE-enabled bridges.
Figure 17-1. FIP discovery and login between an ENode and an FCF FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF. An Ethernet bridge that provides these functions is called a FIP snooping bridge (FSB).
www.dell.com | support.dell.com • 372 • • Port-based ACLs are applied on all three port modes: on ports directly connected to an FCF, server-facing ENode ports, and bridge-to-bridge links. Port-based ACLs take precedence over global ACLs. FCoE-generated ACLs take precedence over user-configured ACLs. A user-configured ACL entry cannot deny FCoE and FIP snooping frames. Figure 17-2 shows a switch used as a FIP snooping bridge in a converged Ethernet network.
The following sections describe how to configure the FIP snooping feature on a switch that functions as a FIP snooping bridge so that it can perform the following functions: • • • • • • Allocate CAM resources for FCoE. Perform FIP snooping (allowing and parsing FIP frames) globally on all VLANs or on a per-VLAN basis. Set the FCoE MAC address prefix (FC-MAP) value used by an FCF to assign a MAC address to an FCoE end-device (server ENode or storage device) after a server successfully logs in.
www.dell.com | support.dell.com Enabling the FIP Snooping Feature Note: FIP Snooping is disabled by default. To enable this feature, you must follow the Configuration Procedure. As soon as you enable the FIP snooping feature on a switch-bridge, existing VLAN-specific and FIP snooping configurations are applied. The FCoE database is populated when the switch connects to a converged network adapter (CNA) or FCF port and compatible DCB configurations are synchronized.
Configuring a Port for a Bridge-to-Bridge Link If a switch port is connected to another FIP snooping bridge, configure the FCoE-Trusted Port mode for bridge-bridge links. Initially, all FCoE traffic is blocked. Only FIP frames with the ALL_FCF_MAC and ALL_ENODE_MAC values in their headers are allowed to pass. After the switch learns the MAC address of a connected FCF, it allows FIP frames destined to or received from the FCF MAC address.
www.dell.com | support.dell.com • VLAN membership: • You must create the VLANs on the switch which handles FCoE traffic (interface vlan command). • You must configure each FIP snooping port to operate in Hybrid mode so that it accepts both tagged and untagged VLAN frames (portmode hybrid command).
Displaying FIP Snooping Information Use the show commands in Table 17-1 to display information on FIP snooping. Table 17-1.
www.dell.com | support.dell.com Table 17-2. show fip-snooping sessions Command Description Field Description ENode MAC MAC address of the ENode. ENode Interface Slot/ port number of the interface connected to the ENode. FCF MAC MAC address of the FCF. FCF Interface Slot/ port number of the interface to which the FCF is connected. VLAN VLAN ID number used by the session. FCoE MAC MAC address of the FCoE session assigned by the FCF. FC-ID Fibre Channel ID assigned by the FCF.
Figure 17-6. show fip-snooping fcf Command Example FTOS# show fip-snooping fcf FCF MAC FCF Interface ------------------54:7f:ee:37:34:40 Po 22 VLAN ---100 FC-MAP -----0e:fc:00 FKA_ADV_PERIOD -------------4000 No. of Enodes ------------2 Table 17-4. show fip-snooping fcf Command Description Field Description FCF MAC MAC address of the FCF. FCF Interface Slot/port number of the interface to which the FCF is connected. VLAN VLAN ID number used by the session.
www.dell.com | support.dell.com Figure 17-7.
Figure 17-8.
www.dell.com | support.dell.com Table 17-5. show fip-snooping statistics Command Descriptions Field Description Number of FDISC Rejects Number of FIP FDISC reject frames received on the interface. Number of FLOGO Accepts Number of FIP FLOGO accept frames received on the interface. Number of FLOGO Rejects Number of FIP FLOGO reject frames received on the interface. Number of CVLs Number of FIP clear virtual link frames received on the interface.
Figure 17-11. Configuration Example: FIP Snooping on an S4810 Switch In Figure 17-11, DCBX and PFC are enabled on the FIP snooping bridge and on the FCF ToR switch. On the FIP snooping bridge, DCBX is configured as follows: • • A server-facing port is configured for DCBX in an auto-downstream role. An FCF-facing port is configured for DCBX in an auto-upstream or configuration-source role.
www.dell.com | support.dell.com Figure 17-12. FIP Snooping Configuration Example Enable the FIP snooping feature on the switch (FIP snooping bridge): FTOS(conf)# feature fip-snooping Enable FIP snooping on FCoE VLAN 10: FTOS(conf)# interface vlan 10 FTOS(conf-if-vl-10)# fip-snooping enable Enable an FC-MAP value on VLAN 10: FTOS(conf-if-vl-10)# fip-snooping fc-map 0xOEFC01 Note: Configuring an FC-MAP value is only required if you do not use the default FC-MAP value (0x0EFC00).
18 Force10 Resilient Ring Protocol (FRRP) Force10 Resilient Ring Protocol (FRRP) is supported on platforms: e cs S4820T Force10 Resilient Ring Protocol (FRRP) provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a Metropolitan Area Network (MAN) or large campuses.
www.dell.com | support.dell.com Each Transit node is also configured with a Primary port and a Secondary port on the ring, but the port distinction is ignored as long as the node is configured as a Transit node. If the ring is complete, the Master node logically blocks all data traffic in the transmit and receive directions on the Secondary port to prevent a loop.
The Master node continues sending Ring Health Frames out its primary port even when operating in the Ring-Fault state. Once the ring is restored, the next status check frame is received on the Master node's Secondary port. This will cause the Master node to transition back to the Normal state.
www.dell.com | support.dell.
Table 18-1. FRRP Components (continued) Concept Explanation Ring Interface State Each interface (port) that is part of the ring maintains one of four states • • • • Blocking State: Accepts ring protocol packets but blocks data packets. LLDP, FEFD, or other Layer 2 control packets are accepted. Only the master node Secondary port can enter this state. Pre-Forwarding State: A transition state before moving to the Forward state. Control traffic is forwarded but data traffic is blocked.
www.dell.com | support.dell.com • • • The Control VLAN is used to carry any data traffic; it carries only RHFs. The Control VLAN cannot have members that are not ring ports. If multiple rings share one or more member VLANs, they cannot share any links between them. • Member VLANs across multiple rings are not supported in Master nodes. • Each ring has only one Master node; all others are transit nodes. FRRP Configuration These are the tasks to configure FRRP.
• • • • • • • All VLANS must be in Layer 2 mode. Only ring nodes can be added to the VLAN. A Control VLAN can belong to one FRRP group only. Control VLAN ports must be tagged. All ports on the ring must use the same VLAN ID for the Control VLAN. A VLAN cannot be configured as both a Control VLAN and Member VLAN on the same ring. Only two interfaces can be members of a Control VLAN (the Master Primary and Secondary ports).
www.dell.com | support.dell.com Step Command Syntax Command Mode Purpose 3 interface primary int slot/port secondary int slot/port control-vlan vlan id CONFIG-FRRP Assign the Primary and Secondary ports, and the Control VLAN for the ports on the ring. Interface: • For a 10/100/1000 Ethernet interface, enter the keyword keyword GigabitEthernet followed by the slot/port information.
Step Command Syntax Command Mode Purpose 2 tagged interface slot/ port {range} CONFIG-INT-VLAN Tag the specified interface or range of interfaces to this VLAN. Interface: • For a 10/100/1000 Ethernet interface, enter the keyword keyword GigabitEthernet followed by the slot/port information. • For a Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information • For a SONET interface, enter the keyword sonet followed by slot/port information.
www.dell.com | support.dell.com Set FRRP Timers Step Command Syntax Command Mode Purpose 1 timer CONFIG-FRRP Enter the desired intervals for Hello-Interval or Dead-Interval times. Hello-Interval: 50-2000, in increments of 50 (default is 500) Dead-Interval: 50-6000, in increments of 50 (default is 1500) {hello-interval|dead-interval} milliseconds The Dead-Interval time should be set at 3x the Hello-Interval. Clear FRRP counters Use one of the following commands to clear the FRRP counters.
Troubleshooting FRRP Configuration Checks • • • • • • Each Control Ring must use a unique VLAN ID Only two interfaces on a switch can be Members of the same Control VLAN There can be only one Master node for any FRRP Group. FRRP can be configured on Layer 2 interfaces only Spanning Tree (if enabled globally) must be disabled on both Primary and Secondary interfaces when FRRP is enabled.
www.dell.com | support.dell.
19 GARP VLAN Registration Protocol (GVRP) GARP VLAN Registration Protocol (GVRP) is supported on platforms: e cs S4820T Protocol Overview Typical VLAN implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GARP VLAN Registration Protocol (GVRP), defined by the IEEE 802.1q specification, is a Layer 2 network protocol that provides for automatic VLAN configuration of switches.
www.dell.com | support.dell.com • On the E-Series, C-Series, and non-S60/S55/S4810/S4820T S-Series, Per-VLAN Spanning Tree (PVST+) or MSTP and GVRP cannot be enabled at the same time, as shown in the example below. If Spanning Tree and GVRP are both required, implement RSTP. The S60, S55, S4810, and S4820T systems do support enabling GVRP and MSTP at the same time. FTOS(conf)#protocol spanning-tree pvst FTOS(conf-pvst)#no disable % Error: GVRP running. Cannot enable PVST. .........
Basic GVRP configuration is a 2-step process: 1. Enabling GVRP Globally. 2. Enabling GVRP on a Layer 2 Interface. Related Configuration Tasks • • Configuring GVRP Registration Configuring a GARP Timer Enabling GVRP Globally Enable GVRP for the entire switch using the command gvrp enable in CONFIGURATION mode, as shown in the following example. Use the show gvrp brief command to inspect the global configuration.
www.dell.com | support.dell.com Configuring GVRP Registration • • Fixed Registration Mode: Configuring a port in fixed registration mode allows for manual creation and registration of VLANs, prevents VLAN de-registration, and registers all VLANs known on other ports on the port. For example, if an interface is statically configured via the CLI to belong to a VLAN, it should not be un-configured when it receives a Leave PDU. So, the registration mode on that interface is FIXED.
• LeaveAll: Upon startup, a GARP device globally starts a LeaveAll timer. Upon expiration of this interval, it will send out a LeaveAll message so that other GARP devices can re-register all relevant attribute information. The device then restarts the LeaveAll timer to begin a new cycle. The LeaveAll timer must be greater than or equal to 5x of the Leave timer. The FTOS default is 10000ms.
www.dell.com | support.dell.
20 High Availability High Availability (HA) is supported on platforms: c e s S4820T Note: High Availability is not supported on the S60 system. High availability is a collection of features that preserves system continuity by maximizing uptime and minimizing packet loss during system disruptions. To support all the features within the HA collection, you should have the latest boot code. The following table lists the boot code requirements as of this FTOS release.
www.dell.com | support.dell.com Component Redundancy Dell Force10 systems eliminate single points of failure by providing dedicated or load-balanced redundancy for each component. RPM Redundancy The current version of FTOS supports 1+1 hitless Route Processor Module (RPM) redundancy. The primary RPM performs all routing, switching, and control operations while the standby RPM monitors the primary RPM.
Version compatibility between RPMs In general, the two RPMs should have the same FTOS version. However, FTOS tolerates some degree of difference between the two versions, as described in Table 20-1, "System Behavior with RPMs with Mismatched FTOS Versions," in High Availability. View the configuration loaded on each RPM using the command show redundancy, as shown in the example in Automatic and manual RPM failover . Table 20-1.
www.dell.com | support.dell.com Automatic and manual RPM failover RPM failover is the process of the standby RPM becoming the primary RPM. FTOS fails over to the standby RPM when: 1. Communication is lost between the standby and primary RPMs 2. You request a failover via the CLI 3. You remove the primary RPM Use the command show redundancy from EXEC Privilege mode to display the reason for the last failover.
C-Series RPMs have one CPU: Control Processor (CP). The CP on the RPM communicates with the LP via IPC. Like the E-Series, the CP monitors the health status of the other processors by sending a heartbeat message. If any CPU fails to acknowledge a consecutive number of heartbeat messages, or the CP itself fails to send heartbeat messages (IPC timeout), the primary RPM requests a failover to the standby RPM, and FTOS displays a message similar to Message 4.
www.dell.com | support.dell.com Table 20-2. Failover Behaviors Platform Failover Trigger Failover Behavior e RP IPC timeout for a non-task crash reason on the primary RPM CP on primary RPM detects the RP IPC timeout and notifies standby RPM. Standby RPM initiates a failover. FTOS saves an RP application core dump, RP IPC-related system status, a CP trace log record, and the CP IPC-related system status. Then the new primary RPM reboots the failed RPM.
RPM synchronization Data between the two RPMs is synchronized immediately after bootup. Once the two RPMs have done an initial full synchronization (block sync), thereafter FTOS only updates changed data (incremental sync). The data that is synchronized consists of configuration data, operational data, state and status, and statistics depending on the FTOS version.
www.dell.com | support.dell.com Specify an Auto-failover Limit When a non-recoverable fatal error is detected, an automatic failover occurs. However, FTOS is configured to auto-failover only three times within any 60 minute period. You may specify a different auto-failover count and period using the command redundancy auto-failover-limit. To re-enable the auto-failover-limit with its default parameters, in CONFIGURATION mode, use the redundancy auto-failover-limit command without parameters.
On the C-Series, when a secondary RPM with a logical SFM is inserted or removed, the system must add or remove the backplane links to the switch fabric trunk. Any time such links are changed, traffic is disrupted. Use the command redundancy sfm standby to avoid any traffic disruption when the secondary RPM is inserted. When this command is executed, the logical SFM on the standby RPM is immediately taken offline, and the SFM state set as standby. Use the command show sfm all to see SFM status information.
www.dell.com | support.dell.com Pre-configure a line card slot You may also pre-configure an empty line card slot with a logical line card using the command linecard from CONFIGURATION mode. After creating the logical line card, you can configure the interfaces on the line card as if it is present, as shown in the example below. FTOS(conf)#do show linecard 0 -- Line card 0 -Status : not present FTOS(conf)#int gig 0/0 ^ % Error: No card configured in slot at "^" marker.
-- Line cards -Slot Status NxtBoot ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 online online E48VB E48VB 7-5-1-71 48 [output omitted] Hitless Behavior Hitless Behavior is supported only on platforms: c e S4820T Hitless behavior is supported on the S4810 with FTOS 8.3.12.0 and later, the S4820T with FTOS 8.3.19.0 and later, or the E-Series ExaScale ex with FTOS 8.2.1.0. and later.
www.dell.com | support.dell.com Graceful Restart Graceful Restart is supported on platforms: e c s S4820T Graceful restart (also called non-stop forwarding) is a protocol-based mechanism that preserves the forwarding table of the restarting router and its neighbors for a specified period to minimize the loss of packets. A graceful-restart router does not immediately assume that a neighbor is permanently down and so does not trigger a topology change.
• For ExaScale, the RPM alone RPM periodically sends out test frames that loop back through the SFM. The loopback health check determines the overall status of the backplane and can identifies a faulty SFM. If three consecutive RPM loopbacks fail, then the software initiates a fault isolation procedure that sequentially disables one SFM at a time and performs the same loopback test.
www.dell.com | support.dell.com Trace Log Developers interlace messages with software code to track a the execution of a program. These messages are called trace messages; they are primarily used for debugging and provide lower level information than event messages, which are primarily used by system administrators. FTOS retains executed trace messages for hardware and software and stores them in files (logs) on the internal flash.
• • Hot-lock IP ACLs (supported on E-Series, C-Series, and S-Series) allow you to append rules to and delete rules from an Access Control List that is already written to CAM. This behavior is enabled by default and is available for both standard and extended ACLs on ingress and egress. For information on configuring ACLs, see Access Control Lists (ACLs).
www.dell.com | support.dell.com Configure Cache Boot Cache Boot is supported on platforms: c e Cache Boot is supported on E-Series ExaScale ex with FTOS 8.2.1.0. and later. FTOS Behavior: On E-Series ExaScale, the SFM auto upgrade feature is not supported with cacheboot. If you attempt an SFM auto upgrade, you must reload the chassis to recover. The Dell Force10 system has the ability to boot the chassis using a cached FTOS image.
Power Status : AC Voltage : ok Serial Number : FX000017082 --More-- 2. The cache boot feature requires at least the boot code versions in Table 20-5, "Boot Code Requirements for Cache Boot," in High Availability. Use show rpm and show linecard commands to verify that you have the proper version. Table 20-5. Boot Code Requirements for Cache Boot Component Boot Code E-Series TeraScale RPM 2.4.2.1 E-Series TeraScale Line Card 2.3.2.1 E-Series ExaScale RPM 2.5.0.3 E-Series ExaScale Line Card 2.9.0.
www.dell.com | support.dell.com linecard 4 invalid linecard 5 is not present. 6.5.1.8 Note: [b] : booted [n] : next boot Upgrade cache boot image(4.7.5.427) for all cards [yes/no]: yes cache boot image downloading in progress... !!!!!!!!!!!!!!!!!!!!! cache boot upgrade in progress. Please do NOT power off the card. Note: Updating Flash Table of Contents... Erasing TOC area...
SECONDARY IMAGE FILE = flash://FTOS-EF-7.7.1.0.bin DEFAULT IMAGE FILE = flash://FTOS-EF-7.6.1.0.bin LOCAL CONFIG FILE = variable does not exist PRIMARY HOST CONFIG FILE = variable does not exist SECONDARY HOST CONFIG FILE = variable does not exist PRIMARY NETWORK CONFIG FILE = variable does not exist SECONDARY NETWORK CONFIG FILE = variable does not exist CURRENT IMAGE FILE = flash://FTOS-EF-7.7.1.0.
www.dell.com | support.dell.com The restart time varies by process. In general, interface-related processes are hitless and can be restarted in seconds; if a restart is successful, traffic is not interrupted. Protocol tasks and line card processes are not hitless and take longer to restart. You can select which process may attempt to restart and the number of consecutive restart attempts before failover, but by default, every process fails over.
21 Internet Group Management Protocol (IGMP) Internet Group Management Protocol (IGMP) is supported on platforms: ecs S4820T Multicast is premised on identifying many hosts by a single destination IP address; hosts represented by the same IP address are a multicast group. Internet Group Management Protocol (IGMP) is a Layer 3 multicast protocol that hosts use to join or leave a multicast group.
www.dell.com | support.dell.com To receive multicast traffic from a particular source, a host must join the multicast group to which the source is sending traffic. A host that is a member of a group is called a receiver. A host may join many groups, and may join or leave any group at any time. A host joins and leaves a multicast group by sending an IGMP message to its IGMP Querier.
2. The querier sends a Group-Specific Query to determine whether there are any remaining hosts in the group. There must be at least one receiver in a group on a subnet for a router to forward multicast traffic for that group to the subnet. 3. Any remaining hosts respond to the query according to the delay timer mechanism (see Adjusting Query and Response Timers). If no hosts respond (because there are none remaining in the group) the querier waits a specified period and sends another query.
www.dell.com | support.dell.com Version (4) IHL TOS (0xc0) Total Length Flags Frag Offset TTL (1) Protocol (2) Header Checksum Type Reserved Src IP Addr Dest IP Addr (224.0.0.
Membership Reports: Joining and Filtering 3 Interface Multicast Group Filter Source Source Address Timer Mode Timer 1/1 224.1.1.1 GMI Exclude None 1/1 224.1.1.1 Include 10.11.1.1 GMI 1/1 224.1.1.1 Include 10.11.1.1 GMI IGMP Group-and-Source Specific Query Non-Querier Querier Type: 0x11 Group Address: 244.1.1.1 Number of Sources: 1 Source Address: 10.11.1.1 1/1 10.11.1.2 GMI 2 Change to Include Type: 0x22 Number of Group Records: 1 Record Type: 3 Number of Sources: 1 Multicast Address: 224.1.1.
www.dell.com | support.dell.com Membership Queries: Leaving and Staying Non-Querier Querier Interface Multicast Group Filter Source Source Address Timer Mode Timer 1/1 224.1.1.1 Include 10.11.1.1 LQMT 10.11.1.2 LQMT Non-querier builds identical table and waits Other Querier Present Interval to assume Querier role 1/1 2/1 224.2.2.2 GMI Exclude None IGMP Group-and-Source Specific Query Type: 0x11 Group Address: 224.1.1.1 Number of Sources: 2 Source Address: 10.11.1.1, 10.11.1.
Viewing IGMP Enabled Interfaces Interfaces that are enabled with PIM-SM are automatically enabled with IGMP. View IGMP-enabled interfaces using the command show ip igmp interface in the EXEC Privilege mode. FTOS#show ip igmp interface gig 7/16 GigabitEthernet 7/16 is up, line protocol is up Internet address is 10.87.3.
www.dell.com | support.dell.com Viewing IGMP Groups View both learned and statically configured IGMP groups using the command show ip igmp groups from EXEC Privilege mode. FTOS(conf-if-gi-1/0)#do sho ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Uptime 224.1.1.1 GigabitEthernet 1/0 00:00:03 224.1.2.1 GigabitEthernet 1/0 00:56:55 Expires Never 00:01:22 Last Reporter CLI 1.1.1.
Adjusting the IGMP Querier Timeout Value If there is more than one multicast router on a subnet, only one is elected to be the querier, which is the router that sends queries to the subnet. 1. Routers send queries to the all multicast systems address, 224.0.0.1. Initially, all routers send queries. 2. When a router receives a query it compares the IP address of the interface on which it was received with the source IP address given in the query.
www.dell.com | support.dell.com IGMP Snooping Multicast packets are addressed with multicast MAC addresses, which represent a group of devices, rather than one unique device. Switches forward multicast frames out of all ports in a VLAN by default, even though there may be only some interested hosts, which is a waste of bandwidth.
Enabling IGMP Immediate-leave Configure the switch to remove a group-port association upon receiving an IGMP Leave message using the command ip igmp fast-leave from INTERFACE VLAN mode. View the configuration using the command show config from INTERFACE VLAN mode, as shown in the example below.
www.dell.com | support.dell.com • • • IGMP snooping Querier does not start if there is a statically configured multicast router interface in the VLAN. The switch may lose the querier election if it does not have the lowest IP address of all potential queriers on the subnet. When enabled, IGMP snooping Querier starts after one query interval in case no IGMP general query (with IP SA lower than its VLAN IP address) is received on any of its VLAN members.
22 Interfaces This chapter describes interface types, both physical and logical, and how to configure them with FTOS. 10/100/1000 Mbps Ethernet, Gigabit Ethernet, and 10 Gigabit Ethernet interfaces are supported on platforms: e c s z SONET interfaces are only supported on platform e.
www.dell.com | support.dell.
Input Statistics: 0 packets, 0 bytes 0 Vlans 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics: 3 packets, 192 bytes, 0 underruns 3 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 3 Broadcasts, 0 Unicasts 0 Vlans, 0 throttles, 0 discar
www.dell.com | support.dell.com no ip address shutdown ! interface GigabitEthernet 9/7 no ip address shutdown ! interface GigabitEthernet 9/8 no ip address shutdown ! interface GigabitEthernet 9/9 no ip address shutdown Enable a Physical Interface After determining the type of physical interfaces available, the user may enter the INTERFACE mode by entering the command interface interface slot/port to enable and configure the interfaces.
Physical Interfaces The Management Ethernet interface is a single RJ-45 Fast Ethernet port on the Route Processor Module (RPM) of the C-Series and E-Series and on each unit of the S4810 and S4820T. It provides dedicated management access to the system. The other S-Series (non-S4810 or S4820T) systems supported by FTOS do not have this dedicated management interface, but you can use any Ethernet port configured with an IP address and route.
www.dell.com | support.dell.com By default, VLANs are in Layer 2 mode. Table 22-1.
Configure Layer 3 (Network) Mode When you assign an IP address to a physical interface, you place it in Layer 3 mode. Use the ip address command and no shutdown command in INTERFACE mode to enable Layer 3 mode on an individual interface. In all interface types except VLANs, the shutdown command prevents all traffic from passing through the interface. In VLANs, the shutdown command prevents Layer 3 traffic from passing through the interface. Layer 2 traffic is unaffected by the shutdown command.
www.dell.com | support.dell.com You can only configure one (1) primary IP address per interface. You can configure up to 255 secondary IP addresses on a single interface. To view all interfaces to see with an IP address assigned, use the show ip interfaces brief command in the EXEC mode as shown in View Basic Interface Information. To view IP information on an interface in Layer 3 mode, use the show ip interface command in the EXEC Privilege mode as shown in the example below.
To configure a Management interface, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose interface Managementethernet interface CONFIGURATION Enter the slot and the port (0). ON the E-Series and C-Series, dual RPMs can be in use. Slot range: C-Series, E-Series: 0-1 S4810, S4820T: 0 To view the Primary RPM Management port, use the show interface Managementethernet command in the EXEC Privilege mode.
www.dell.com | support.dell.com • Once the virtual IP address is removed, the system is accessible through the native IP address of the primary RPM’s management interface. Primary and secondary management interface IP and virtual IP must be in the same subnet. • Configure Management Interfaces on the S-Series The user can manage the S-Series from any port. Configure an IP address for the port using the ip address command, and enable it using the command no shutdown.
VLAN Interfaces VLANs are logical interfaces and are, by default, in Layer 2 mode. Physical interfaces and port channels can be members of VLANs. For more information on VLANs and Layer 2, refer to Layer 2 and Virtual LANs (VLAN) Note: To monitor VLAN interfaces, use the Management Information Base for Network Management of TCP/IP-based internets: MIB-II (RFC 1213). Monitoring VLAN interfaces via SNMP is supported only on E-Series.
www.dell.com | support.dell.com Loopback Interfaces A Loopback interface is a virtual interface in which the software emulates an interface. Packets routed to it are processed locally. Since this interface is not a physical interface, you can configure routing protocols on this interface to provide protocol stability. You can place Loopback interfaces in default Layer 3 mode.
• • • • Port channel definition and standards Port channel benefits Port channel implementation Configuration task list for port channel interfaces Port channel definition and standards Link aggregation is defined by IEEE 802.3ad as a method of grouping multiple physical interfaces into a single logical interface—a Link Aggregation Group (LAG) or port channel. A LAG is “a group of links that appear to a MAC client as if they were a single link” according to IEEE 802.3ad.
www.dell.com | support.dell.com Note: If you are using either 10G ports or 40G ports, the Z9000 supports 8 members per LAG As soon as a port channel is configured, FTOS treats it like a physical interface. For example, IEEE 802.1Q tagging is maintained while the physical interface is in the port channel. Member ports of a LAG are added and programmed into hardware in a predictable order based on the port ID, instead of in the order in which the ports come up.
Configuration task list for port channel interfaces To configure a port channel (LAG), you use the commands similar to those found in physical interfaces. By default, no port channels are configured in the startup configuration.
www.dell.com | support.dell.com You can add any physical interface to a port channel if the interface configuration is minimal. Only the following commands can be configured on an interface if it is a member of a port channel: • • description • mtu • ip mtu (if the interface is on a Jumbo-enabled by default.
Hardware address is 00:01:e8:01:46:fa Internet address is 1.1.120.
www.dell.com | support.dell.com Reassign an interface to a new port channel An interface can be a member of only one port channel. If the interface is a member of a port channel, you must remove it from the first port channel and then add it to the second port channel. Each time you add or remove a channel member from a port channel, FTOS recalculates the hash algorithm for the port channel.
Configure the minimum oper up links in a port channel (LAG) You can configure the minimum links in a port channel (LAG) that must be in “oper up” status for the port channel to be considered to be in “oper up” status. Use the following command in the INTERFACE mode: Command Syntax minimum-links number Command Mode Purpose INTERFACE Enter the number of links in a LAG that must be in “oper up” status.
www.dell.com | support.dell.com Assign an IP address to a port channel You can assign an IP address to a port channel and use port channels in Layer 3 routing protocols. To assign an IP address, use the following command in the INTERFACE mode: Command Syntax Command Mode Purpose ip address ip-address mask [secondary] INTERFACE Configure an IP address and mask on the interface. • ip-address mask: enter an address in dotted-decimal format (A.B.C.D) and the mask must be in slash format (/24).
• • • • IP destination address Protocol type TCP/UDP source port TCP/UDP destination port Balancing may be applied to IPv4, switched IPv6, and non-IP traffic. For these traffic types, the IP-header-based hash and MAC-based hash may be applied to packets by using the following methods. Table 22-3.
www.dell.com | support.dell.com Table 22-4. 5-tuple and 3-tuple Keys Keys 5-tuple TCP/UDP source port X TCP/UDP destination port X 3-tuple Note: For IPV6, only the first 32 bits (LSB) of IP Source Address and IP Destination Address are used for hash generation. The following example shows the configuration and show command for packet-based hashing on the E-Series.
C-Series and S-Series load-balancing For LAG hashing on C-Series and S-Series, the source IP, destination IP, source TCP/UDP port, and destination TCP/UDP port are used for hash computation by default. For packets without a Layer 3 header, FTOS automatically uses load-balance mac source-dest-mac. IP hashing or MAC hashing should not be configured at the same time. If you configure an IP and MAC hashing scheme at the same time, the MAC hashing scheme takes precedence over the IP hashing scheme.
www.dell.com | support.dell.com For the E-Series TeraScale and ExaScale, you can select one of 47 possible hash algorithms (16 on EtherScale). Command Syntax Command Mode Purpose hash-algorithm {algorithm-number} | {ecmp {checksum|crc|xor} [number]} lag {checksum|crc|xor][number]}nh-ecm p {[checksum|crc|xor] [number]}}| {linecard number ip-sa-mask value ip-da-mask value} CONFIGURATION Change the default (0) to another algorithm and apply it to ECMP, LAG hashing, or a particular line card.
Bulk Configuration Bulk configuration enables you to determine if interfaces are present for physical interfaces or configured for logical interfaces. Interface Range An interface range is a set of interfaces to which other commands may be applied and may be created if there is at least one valid interface within the range. Bulk configuration excludes from configuration any non-existing interfaces from an interface range.
www.dell.com | support.dell.
FTOS(config-ifrange-gi-5/1-23-te-1/1-2)# interface range Vlan 2 – 100 , Port 1 – 25 FTOS(config-if-range-gi-5/1-23-te-1/1-2-so-5/1-vl-2-100-po-1-25)# no shutdown FTOS(config-if-range)# Interface Range Macros The user can define an interface-range macro to automatically select a range of interfaces for configuration. Before you can use the macro keyword in the interface-range macro command string, you must define the macro.
www.dell.com | support.dell.com Monitor and Maintain Interfaces Monitor interface statistics with the monitor interface command. This command displays an ongoing list of the interface status (up/down), number of packets, traffic statistics, etc. Command Syntax Command Mode Purpose monitor interface interface EXEC Privilege View the interface’s statistics.
Over 255B packets: 0 0 pps 0 Over 1023B packets: 0 0 pps 0 Over 511B packets: Error statistics: 0 0 pps 0 Input underruns: 0 0 pps 0 Input throttles: 0 0 pps 0 Input giants: Input CRC: Input IP checksum: Input overrun: Output underruns: Output throttles: 0 0 0 0 0 0 0 pps 0 pps 0 pps 0 pps 0 pps 0 pps 0 0 0 0 0 0 m - Change mode c - Clear screen T - Increase refresh interval t - Decrease refresh interval l - Page up q - Quit a - Page down q FTOS# Maintenance using TDR The
www.dell.com | support.dell.com To test the condition of cables on 10/100/1000 BASE-T modules, use the tdr-cable-test command: Step 1 Command Syntax Command Mode Usage tdr-cable-test tengigabitethernet EXEC Privilege To test for cable faults on the GigabitEthernet cable. • Between two ports, the user must not start the test on both ends of the cable. • The user must enable the interface before starting the test. • The port should be enabled to run the test or the test prints an error message.
• [confirm yes/no]: Link Debounce Timer Link Debounce Timer is supported on platform e The Link Debounce Timer feature isolates upper layer protocols on Ethernet switches and routers from very short-term, possibly repetitive interface flaps often caused by network jitter on the DWDM equipment connecting the switch and other devices on a SONET ring. The Link Debounce Timer delays link change notifications, thus decreasing traffic loss due to network configuration.
www.dell.com | support.dell.com FTOS(conf-if-gi-3/1)#= Show debounce times in an interface show interface debounce [type] [slot/port] EXEC Privilege Show the debounce time for the specified interface. Enter the interface type keyword followed by the type of interface and slot/port information: • For a 10/100/1000 Ethernet interface, enter the keyword GigabitEthernet followed by the slot/ port information.
Link Dampening Interface state changes occur when interfaces are administratively brought up or down or if an interface state changes. Every time an interface changes state or flaps, routing protocols are notified of the status of the routes that are affected by the change in state, and these protocols go through momentous task of re-converging. Flapping therefore puts the status of entire network at risk of transient loops and black holes.
www.dell.com | support.dell.com View the link dampening configuration on an interface using the command show config, or view dampening information on all or specific dampened interfaces using the command show interfaces dampening from EXEC Privilege mode, as shown in the following example.
Configure MTU size on an Interface The E-Series supports a link Maximum Transmission Unit (MTU) of 12000 bytes and maximum IP MTU of 9234 bytes. The link MTU is the frame size of a packet, and the IP MTU size is used for IP fragmentation. If the system determines that the IP packet must be fragmented as it leaves the interface, FTOS divides the packet into fragments no bigger than the size set in the ip mtu command.
www.dell.com | support.dell.com Ethernet Pause Frames allow for a temporary stop in data transmission. A situation may arise where a sending device may transmit data faster than a destination device can accept it. The destination sends a PAUSE frame back to the source, stopping the sender’s transmission for a period of time. The globally assigned 48-bit Multicast address 01-80-C2-00-00-01 is used to send and receive pause frames.
Enable Pause Frames Note: On the C-Series and S-Series (non-S4810 or S4820T) platforms, Ethernet Pause Frames TX should be enabled only after consulting with the Dell Force10 Technical Assistance Center. Note: Changes in the flow-control values may not be reflected automatically in the show interface output. As a workaround, apply the new settings, execute shut followed by no shut on the interface, and then check the running-config of the port.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose Parameters: rx on: Enter the keywords rx on to process the received flow control frames on this port. rx off: Enter the keywords rx off to ignore the received flow control frames on this port. tx on: Enter the keywords tx on to send control frames from this port to the connected device when a higher rate of traffic is received.
• The port channel link MTU and IP MTU must be less than or equal to the link MTU and IP MTU values configured on the channel members. Example: If the members have a link MTU of 2100 and an IP MTU 2000, the port channel’s MTU values cannot be higher than 2100 for link MTU or 2000 bytes for IP MTU. VLANs: • • • All members of a VLAN must have the same IP MTU value. Members can have different Link MTU values.
www.dell.com | support.dell.com Table 22-7 presents these platform differences again. Table 22-7. Platform Differences Concerning Port-pipes Chassis Type Port-pipes Channels / Capacity of Each / Slot Port-pipe Channel (Gbps) Raw Slot Capacity (Gbps) E1200/E1200i-AC/DC 2 9 3.125 56.25 E600/E600i 2 9 3.125 56.25 E300 1 8 3.
Step Task Command Syntax Command Mode 3 Access CONFIGURATION mode. config EXEC Privilege 4 Access the port. interface interface slot/port CONFIGURATION 5 Set the local port speed. speed {10 | 100 | 1000 | auto} INTERFACE 6 Optionally, set full- or half-duplex. duplex {half | full} INTERFACE 7 Disable auto-negotiation on the port. If the speed was set to 1000, auto-negotiation does not need to be disabled. no negotiation auto INTERFACE 8 Verify configuration changes.
www.dell.com | support.dell.com duplex full no shutdown Setting Auto-Negotiation Options The negotiation auto command provides a mode option for configuring an individual port to forced master/ forced slave once auto-negotiation is enabled. Caution: Ensure that only one end of the node is configured as forced-master and the other is configured as forced-slave.
View Advanced Interface Information Dell Force10 platforms provide a number of advanced viewing capabilities that control how interface information is presented. These features are the following: • • • • Display Only Configured Interfaces Configure Interface Sampling Size Dynamic Counters Clear interface counters Display Only Configured Interfaces The following options have been implemented for show [ip | running-config] interfaces commands for (only) linecard interfaces.
www.dell.com | support.dell.com Vlan 2 Name: GigabitEthernet 13/2 802.1QTagged: True Vlan membership: Vlan 2 Name: GigabitEthernet 13/3 802.1QTagged: True Vlan membership: Vlan 2 --More-- Configure Interface Sampling Size Use the rate-interval command, in INTERFACE mode, to configure the number of seconds of traffic statistics to display in the show interfaces output. Although any value between 30 and 299 seconds (the default) can be entered, software polling is done once every 15 seconds.
Output 0 Multicasts, 0 Broadcasts, 0 Unicasts 0 IP Packets, 0 Vlans, 0 MPLS 0 throttles, 0 discarded Rate info (interval 299 seconds): Input 00.00 Mbits/sec, Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate 0 packets/sec, 0.
www.dell.com | support.dell.com For remaining applications, FTOS automatically turns on counting when the application is enabled, and is turned off when the application is disabled. Please note that if more than four counter-dependent applications are enabled on a port pipe, there is an impact on line rate performance.
To clear the counters, use the following command in the EXEC Privilege mode: Command Syntax Command Mode Purpose clear counters [interface] [vrrp [vrid] | learning-limit] EXEC Privilege Clear the counters used in the show interface commands for all VRRP groups, VLANs, and physical interfaces or selected ones. Without an interface specified, the command clears all interface counters.
| Interfaces www.dell.com | support.dell.
23 IPv4 Routing IPv4 Routing is supported on platforms: ecs S4820T FTOS supports various IP addressing features. This chapter explains the basics of Domain Name Service (DNS), Address Resolution Protocol (ARP), and routing principles and their implementation in FTOS. • • • • • • IP Addresses Directed Broadcast Resolution of Host Names ARP ICMP UDP Helper Table 23-1 lists the defaults for the IP addressing features described in this chapter. Table 23-1.
www.dell.com | support.dell.com For more information on IP addressing, refer to RFC 791, Internet Protocol. Implementation Information In FTOS, you can configure any IP address as a static route except IP addresses already assigned to interfaces. Note: FTOS versions 7.7.1.0 and later support 31-bit subnet masks (/31, or 255.255.255.254) as defined by RFC 3021. This feature allows you to save two more IP addresses on point-to-point links than 30-bit masks. FTOS supports RFC 3021 with ARP.
To assign an IP address to an interface, use these commands in the following sequence, starting in the CONFIGURATION mode: Step Command Syntax Command Mode Purpose interface interface CONFIGURATION Enter the keyword interface followed by the type of interface and slot/port information: • For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. • For a Loopback interface, enter the keyword loopback followed by a number from 0 to 16383.
www.dell.com | support.dell.com To view the configuration, use the show config command in the INTERFACE mode as shown in the example below or show ip interface in the EXEC privilege mode as shown in the second example. FTOS(conf-if)#show conf ! interface GigabitEthernet 0/0 ip address 10.11.1.1/24 no shutdown ! FTOS(conf-if)# FTOS#show ip int gi 0/8 GigabitEthernet 0/8 is up, line protocol is up Internet address is 10.69.8.1/24 Broadcast address is 10.69.8.
To view the configured routes, use the show ip route static command. FTOS#show ip route static Destination Gateway ----------------S 2.1.2.0/24 Direct, Nu 0 S 6.1.2.0/24 via 6.1.20.2, S 6.1.2.2/32 via 6.1.20.2, S 6.1.2.3/32 via 6.1.20.2, S 6.1.2.4/32 via 6.1.20.2, S 6.1.2.5/32 via 6.1.20.2, S 6.1.2.6/32 via 6.1.20.2, S 6.1.2.7/32 via 6.1.20.2, S 6.1.2.8/32 via 6.1.20.2, S 6.1.2.9/32 via 6.1.20.2, S 6.1.2.10/32 via 6.1.20.2, S 6.1.2.11/32 via 6.1.20.2, S 6.1.2.12/32 via 6.1.20.2, S 6.1.2.13/32 via 6.1.20.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose management route ip-address mask {forwarding-router-address | ManagementEthernet slot/port} CONFIGURATION Assign a static route to point to the management interface or forwarding router. To view the configured static routes for the management port, use the show ip management-route command in the EXEC privilege mode. FTOS#show ip route static Destination Gateway ----------------S 2.1.2.0/24 Direct, Nu 0 S 6.1.2.0/24 via 6.1.20.2, S 6.
Resolution of Host Names Domain Name Service (DNS) maps host names to IP addresses. This feature simplifies such commands as Telnet and FTP by allowing you to enter a name instead of an IP address. Dynamic resolution of host names is disabled by default. Unless the feature is enabled, the system resolves only host names entered into the host table with the ip host command.
www.dell.com | support.dell.com Specify local system domain and a list of domains If you enter a partial domain, FTOS can search different domains to finish or fully qualify that partial domain. A fully qualified domain name (FQDN) is any name that is terminated with a period/dot. FTOS searches the host table first to resolve the partial domain. The host table contains both statically configured and dynamically learnt host and IP addresses.
The following text is an example output of DNS using the traceroute command. FTOS#traceroute www.force10networks.com Translating "www.force10networks.com"...domain server (10.11.0.1) [OK] Type Ctrl-C to abort. -----------------------------------------------------------------------------------------Tracing the route to www.force10networks.com (10.11.84.
www.dell.com | support.dell.com Configure static ARP entries ARP dynamically maps the MAC and IP addresses, and while most network host support dynamic mapping, you can configure an ARP entry (called a static ARP) for the ARP cache. To configure a static ARP entry, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose arp ip-address mac-address interface CONFIGURATION Configure an IP address and MAC address mapping for an interface.
Clear ARP cache To clear the ARP cache of dynamically learnt ARP information, use the following command in the EXEC privilege mode: Command Syntax Command Mode Purpose clear arp-cache [interface | ip EXEC privilege Clear the ARP caches for all interfaces or for a specific interface by entering the following information: • For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information.
www.dell.com | support.dell.com 1. At time t=0 FTOS sends an ARP request for IP A.B.C.D 2. At time t=1 FTOS receives an ARP request for IP A.B.C.D 3. At time t=2 FTOS installs an ARP entry for A.B.C.D only on RP2. Beginning with version 8.3.1.0, when a Gratuitous ARP is received, FTOS installs an ARP entry on all 3 CPUs. Task Command Syntax Command Mode Enable ARP learning via gratuitous ARP. arp learn-enable CONFIGURATION ARP Learning via ARP Request In FTOS versions prior to 8.3.1.
Configurable ARP Retries In FTOS versions prior to 8.3.1.0, the number of ARP retries is set to 5 and is not configurable. After 5 retries, FTOS backs off for 20 seconds before it sends a new request. Beginning with FTOS version 8.3.1.0, the number of ARP retries is configurable. The default backoff interval remains at 20 seconds. On the S4810 and S4820T platforms, with FTOS version 8.3.8.0 and later, the time between ARP resend is configurable. This timer is an exponential backoff timer.
www.dell.com | support.dell.com To reenable the creation of ICMP unreachable messages on the interface, use the following command in the INTERFACE mode: Command Syntax Command Mode Purpose ip unreachable INTERFACE Set FTOS to create and send ICMP unreachable messages on the interface. To view if ICMP unreachable messages are sent on the interface, use the show config command in the INTERFACE mode. If it is not listed in the show config command output, it is enabled.
2. Configure a broadcast address on interfaces that will receive UDP broadcast traffic. Refer to Configuring a Broadcast Address. Important Points to Remember about UDP Helper • • • • The existing command ip directed broadcast is rendered meaningless if UDP helper is enabled on the same interface. The broadcast traffic rate should not exceed 200 packets per second when UDP helper is enabled. You may specify a maximum of 16 UDP ports.
www.dell.com | support.dell.com Configuring a Broadcast Address Configure a broadcast address on an interface using the command ip udp-broadcast-address, as shown in the example below. FTOS(conf-if-vl-100)#ip udp-broadcast-address 1.1.255.255 FTOS(conf-if-vl-100)#show config ! interface Vlan 100 ip address 1.1.0.1/24 ip udp-broadcast-address 1.1.255.
1. Packet 1 is dropped at ingress if no UDP helper address is configured. 2. If UDP helper (using the command ip udp-helper udp-port) is enabled, and the UDP destination port of the packet matches the UDP port configured, the system changes the destination address to the configured broadcast 1.1.255.255 and routes the packet to VLANs 100 and 101.
www.dell.com | support.dell.
Troubleshooting UDP Helper Display debugging information using the command debug ip udp-helper, as shown in the example below. FTOS(conf)# debug ip udp-helper 01:20:22: Pkt rcvd on Gi 5/0 with IP DA (0xffffffff) will be sent on Gi 5/1 Gi 5/2 Vlan 3 01:44:54: Pkt rcvd on Gi 7/0 is handed over for DHCP processing. Use the command debug ip dhcp when using the IP helper and UDP helper on the same interface, as shown in the following example. Packet 0.0.0.0:68 -> 255.255.255.
| IPv4 Routing www.dell.com | support.dell.
24 iSCSI Optimization iSCSI Optimization is supported on platforms and S4820T This chapter describes how to configure internet small computer system interface (iSCSI) optimization, which enables quality-of-service (QoS) treatment for iSCSI traffic.
www.dell.com | support.dell.com • 504 • iSCSI QoS—A user-configured iSCSI class of service (CoS) profile is applied to all iSCSI traffic. Classifier rules are used to direct the iSCSI data traffic to queues that can be given preferential QoS treatment over other data passing through the switch. Preferential treatment helps to avoid session interruptions during times of congestion that would otherwise cause iSCSI packets to be dropped. iSCSI DCBX TLVs are supported.
Monitoring iSCSI Traffic Flows The switch snoops iSCSI session-establishment and termination packets by installing classifier rules that trap iSCSI protocol packets to the CPU for examination. Devices that initiate iSCSI sessions usually use well-known TCP ports 3260 or 860 to contact targets. When you enable iSCSI optimization, by default the switch identifies IP packets to or from these ports as iSCSI traffic.
www.dell.com | support.dell.com If no iSCSI traffic is detected for a session during a user-configurable aging period, the session data is cleared. If more than 256 simultaneous sessions are logged continuously, the following message displays indicating the queue rate limit has been reached. %STKUNIT2-M:CP %iSCSI-5-ISCSI_OPT_MAX_SESS_EXCEEDED: New iSCSI Session Ignored: ISID 400001370000 InitiatorName - iqn.1991-05.com.microsoft:dt-brcd-cna-2 TargetName iqn.2001-05.com.
The following message is displayed the first time you use the iscsi profile-compellent command to configure a port connected to a Dell Compellent storage array and describes the configuration changes that are automatically performed: %STKUNIT0-M:CP %IFMGR-5-IFM_ISCSI_AUTO_CONFIG: This switch is being configured for optimal conditions to support iSCSI traffic which will cause some automatic configuration to occur including jumbo frames and flow-control on all ports; no storm control and spanning-tree port fa
www.dell.com | support.dell.com Default iSCSI Optimization Values Table 24-1 shows the default values for the iSCSI optimization feature. Table 24-1. iSCSI Optimization: Default Parameters Parameter Default Value iSCSI Optimization global setting Enabled iSCSI CoS mode (802.1p priority queue mapping) Enabled: dot1p priority 4 without remark setting iSCSI CoS Packet classification iSCSI packets are classified by VLAN instead of by DSCP values.
Step Task Command Command Mode 4 Configure the iSCSI target ports and optionally the IP addresses on which iSCSI communication will be monitored, where: • tcp-port-n is the TCP port number or a list of TCP port numbers on which the iSCSI target listens to requests. You can configure up to 16 target TCP ports on the switch in one command or multiple commands. Default: 860, 3260. Separate port numbers with a comma. • ip-address specifies the IP address of the iSCSI target.
www.dell.com | support.dell.com Step Task Command Command Mode 9 (Optional) Enter interface configuration mode to configure the auto-detection of Compellent disk arrays. interface port-type slot/port CONFIGURATION 10 (Optional) Configures the auto-detection of Compellent arrays on a port. Default: Compellent disk arrays are not detected.
Figure 24-3. show iscsi session Command Example FTOS#show isci session Session 0: ----------------------------------------------------------------------------------------Target: iqn.2001-05.com.equallogic:0-8a0906-0e70c2002-10a0018426a48c94-iom010 Initiator: iqn.1991-05.com.microsoft:win-x9l8v27yajg ISID: 400001370000 Session 1: ----------------------------------------------------------------------------------------Target: iqn.2001-05.com.
| iSCSI Optimization www.dell.com | support.dell.
25 Intermediate System to Intermediate System Intermediate System to Intermediate System is supported on the e and S4820T platforms. IS-IS is supported on the E-Series ExaScale platform with FTOS 8.1.1.0 and later. It is supported on the and S4820T with FTOS 8.3.10.0. Intermediate System to Intermediate System (IS-IS) protocol is an interior gateway protocol (IGP) that uses a shortest-path-first algorithm. Dell Force10 supports both IPv4 and IPv6 versions of IS-IS, as it is detailed in this chapter.
www.dell.com | support.dell.com systems manage destination paths for external routers. Only Level 2 routers can exchange data packets or routing information directly with external routers located outside of the routing domains. Level 1-2 systems manage both inter-area and intra-area traffic by maintaining two separate link databases; one for Level 1 routes and one for Level 2 routes. A Level 1-2 router does not advertise Level 2 routes to a Level 1 router.
Multi-Topology IS-IS FTOS 7.8.1.0 and later support Multi-Topology Routing IS-IS. E-Series ExaScale platform ex supports Multi-Topology IS-IS with FTOS 8.2.1.0 and later. S-Series platforms and S4820T support Multi-Topology IS-IS with FTOS 8.3.10.0 and later. Multi-Topology IS-IS (MT IS-IS) allows you to create multiple IS-IS topologies on a single router with separate databases.
www.dell.com | support.dell.com Interface support MT IS-IS is supported on physical Ethernet interfaces, physical Sonet interfaces, port-channel interfaces (static & dynamic using LACP), and VLAN interfaces. Adjacencies Adjacencies on point-to-point interfaces are formed as usual, where IS-IS routers do not implement Multi-Topology (MT) extensions. If a local router does not participate in certain MTs, it will not advertise those MT IDs in its IIHs and so will not include that neighbor within its LSPs.
• • • The T1 timer specifies the wait time before unacknowledged restart requests are generated. This is the interval before the system sends a Restart Request (an IIH with RR bit set in Restart TLV) until the CSNP is received from the helping router. The duration can be set to a specific amount of time (seconds) or a number of attempts. The T2 timer is the maximum time that the system will wait for LSP database synchronization. This timer applies to the database type (level-1, level-2 or both).
www.dell.com | support.dell.com Table 25-1 displays the default values for IS-IS. Table 25-1.
• • Set the overload bit on page 535 Debug IS-IS on page 536 Enable IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS routing process and assign a NET address. To exchange protocol information with neighbors, enable IS-IS on an interface, instead of on a network as with other routing protocols. In IS-IS, neighbors form adjacencies only when they are same IS type.
www.dell.com | support.dell.com Step Task Command Syntax Command Mode 3 Enter the interface configuration mode. Enter the keyword interface followed by the type of interface and slot/port information: • For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. • For the Loopback interface on the RPM, enter the keyword loopback followed by a number from 0 to 16383.
Figure 25-2. Command Example: show isis protocol FTOS#show isis protocol IS-IS Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223.2425.2627.2829.3031.3233 47.0004.004d.
www.dell.com | support.dell.com Configure Multi-Topology IS-IS (MT IS-IS) Step 1 Task Command Syntax Command Mode Enable Multi-Topology IS-IS for IPv6. Enter the transition keyword to allow an IS-IS IPv6 user to continue to use single-topology mode while upgrading to multi-topology mode.After every router has been configured with the transition keyword, and all the routers are in MT IS-IS IPv6 mode users can remove the transition keyword on each router.
Configure Multi-Topology IS-IS (MT IS-IS) Step 1 Task Command Syntax Command Mode Enable Multi-Topology IS-IS for IPv6. Enter the transition keyword to allow an IS-IS IPv6 user to continue to use single-topology mode while upgrading to multi-topology mode.After every router has been configured with the transition keyword, and all the routers are in MT IS-IS IPv6 mode users can remove the transition keyword on each router.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose graceful-restart restart-wait seconds ROUTER-ISIS Enable the Graceful Restart maximum wait time before a restarting peer comes up. Be sure to set the t3 timer to adjacency on the restarting router when implementing this command.
Use the show isis graceful-restart detail command in EXEC Privilege mode to view all Graceful Restart related configuration. Figure 25-4.
www.dell.com | support.dell.com Figure 25-5. Command Example: show isis interface FTOS#show isis interface G1/34 GigabitEthernet 2/10 is up, line protocol is up MTU 1497, Encapsulation SAP Routing Protocol: IS-IS Circuit Type: Level-1-2 Interface Index 0x62cc03a, Local circuit ID 1 Level-1 Metric: 10, Priority: 64, Circuit ID: 0000.0000.000B.01 Hello Interval: 10, Hello Multiplier: 3, CSNP Interval: 10 Number of active level-1 adjacencies: 1 Level-2 Metric: 10, Priority: 64, Circuit ID: 0000.0000.000B.
Figure 25-6. Command Example: show running-config isis FTOS#show running-config isis ! router isis lsp-refresh-interval 902 net 47.0005.0001.000C.000A.4321.00 net 51.0005.0001.000C.000A.4321.00 FTOS# Configure IS-IS metric style and cost All IS-IS links or interfaces are associated with a cost that is used in the SPF calculations. The possible cost varies depending on the metric style supported.
www.dell.com | support.dell.com Figure 25-7. Command Example: show isis protocol FTOS#show isis protocol IS-IS Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223.2425.2627.2829.3031.3233 47.0004.004d.
Table 25-3. Correct Value Range for the isis metric command Metric Style Correct Value Range narrow transition 0 to 63 transition 0 to 63 Configuring the distance of a route Configure the distance for a route using the distance command from ROUTER ISIS mode.
www.dell.com | support.dell.com Figure 25-8. Command Example: show isis database FTOS#show isis database IS-IS Level-1 Link State Database LSPID LSP Seq Num B233.00-00 0x00000003 eljefe.00-00 * 0x00000009 eljefe.01-00 * 0x00000001 eljefe.02-00 * 0x00000001 Force10.00-00 0x00000002 IS-IS Level-2 Link State Database LSPID LSP Seq Num B233.00-00 0x00000006 eljefe.00-00 * 0x0000000D eljefe.01-00 * 0x00000001 eljefe.02-00 * 0x00000001 Force10.
Configure the prefix list in the PREFIX LIST mode prior to assigning it to the IS-IS process. For configuration information on prefix lists, see Chapter 7, Access Control Lists (ACLs). IPv4 routes Use the following commands in ROUTER ISIS mode to apply prefix lists to incoming or outgoing IPv4 routes. Note: These commands apply to IPv4 IS-IS only.
www.dell.com | support.dell.com 532 IPv6 routes Use these commands in ADDRESS-FAMILY IPV6 mode to apply prefix lists to incoming or outgoing IPv6 routes. = Note: These commands apply to IPv6 IS-IS only. Use the ROUTER ISIS mode previously shown to apply prefix lists to IPv4 routes. | Command Syntax Command Mode Purpose distribute-list prefix-list-name in [interface] ROUTER ISIS-AF IPV6 Apply a configured prefix list to all incoming IPv6 IS-IS routes.
Redistribute routes In addition to filtering routes, you can add routes from other routing instances or protocols to the IS-IS process. With the redistribute command syntax, you can include BGP, OSPF, RIP, static, or directly connected routes in the IS-IS process. Note: Do not route iBGP routes to IS-IS unless there are route-maps associated with the IS-IS redistribution. IPv4 routes Use any of the following commands in ROUTER ISIS mode to add routes from other routing instances or protocols.
www.dell.com | support.dell.com IPv6 routes Use any of the these commands in ROUTER ISIS ADDRESS-FAMILY IPV6 mode to add routes from other routing instances or protocols. Note: These commands apply to IPv6 IS-IS only. Use the ROUTER ISIS mode previously shown to apply prefix lists to IPv4 routes.
Use either or both of the commands in ROUTER ISIS mode to configure a simple text password. Command Syntax Command Mode Purpose area-password [hmac-md5] password ROUTER ISIS Configure authentication password for an area. FTOS supports HMAC-MD5 authentication. This password is inserted in Level 1 LSPs, Complete SNPs, and Partial SNPs. domain-password [encryption-type | hmac-md5] password ROUTER ISIS Set the authentication password for a routing domain.
www.dell.com | support.dell.com Figure 25-9. Command Example: show isis database FTOS#show isis database IS-IS Level-1 Link State Database LSPID LSP Seq Num B233.00-00 0x00000003 eljefe.00-00 * 0x0000000A eljefe.01-00 * 0x00000001 eljefe.02-00 * 0x00000001 Force10.00-00 0x00000002 IS-IS Level-2 Link State Database LSPID LSP Seq Num B233.00-00 0x00000006 eljefe.00-00 * 0x0000000E eljefe.01-00 * 0x00000001 eljefe.02-00 * 0x00000001 Force10.
Command Syntax Command Mode Purpose debug isis update-packets [interface] EXEC Privilege View sent and received LSPs. To view specific information, enter one of the following optional parameters: • interface: Enter the type of interface and slot/port information to view IS-IS information on that interface only. FTOS displays debug messages on the console. Use the show debugging command in EXEC Privilege mode to view which debugging commands are enabled.
www.dell.com | support.dell.com For any level (Level-1, Level-2, or Level-1-2), the value range possible in the isis metric command in INTERFACE mode changes depending on the metric style. Table 25-4.
Table 25-5.
www.dell.com | support.dell.com Leaking from One Level to Another 540 In the following scenarios, each IS-IS level is configured with a different metric style. Table 25-7.
Sample Configuration The following configurations are examples for enabling IPv6 IS-IS. These are not comprehensive directions. They are intended to give you a some guidance with typical configurations. S Note: Only one IS-IS process can run on the router, even if both IPv4 and IPv6 routing is being used. You can copy and paste from these examples to your CLI. Be sure you make the necessary changes to support your own IP Addresses, Interfaces, Names, etc.
www.dell.com | support.dell.com Figure 25-10. IS-IS Sample Configuration - Congruent Topology FTOS(conf-if-te-3/17)#show config ! interface TenGigabitEthernet 3/17 ip address 24.3.1.1/24 ipv6 address 24:3::1/76 ip router isis ipv6 router isis no shutdown FTOS (conf-if-te-3/17)# FTOS (conf-router_isis)#show config ! router isis metric-style wide level-1 metric-style wide level-2 net 34.0000.0000.AAAA.00 FTOS (conf-router_isis)# Figure 25-11.
Figure 25-13.
www.dell.com | support.dell.
26 IPv6 Routing IPv6 Routing is supported on platforms ecs S4820T Note: The IPv6 basic commands are supported on all platforms. However, not all features are supported on all platforms, nor for all releases. See Table 26-2 to determine the FTOS version supporting which features and platforms. IPv6 (Internet Protocol Version 6) is the successor to IPv4. Due to the extremely rapid growth in internet users and IP addresses, IPv4 is reaching its maximum usage.
www.dell.com | support.dell.com • • • Stateless Autoconfiguration Header Format Simplification Improved Support for Options and Extensions Extended Address Space The address format is extended from 32 bits to 128 bits. This not only provides room for all anticipated needs, it allows for the use of a hierarchical address space structure to optimize global addressing.
• • • • • • • Traffic Class (8 bits) Flow Label (20 bits) Payload Length (16 bits) Next Header (8 bits) Hop Limit (8 bits) Source Address (128 bits) Destination Address (128 bits) IPv6 provides for Extension Headers. Extension Headers are used only if necessary. There can be no extension headers, one extension header or more than one extension header in an IPv6 packet. Extension Headers are defined in the Next Header field of the preceding IPv6 header.
www.dell.com | support.dell.com Flow Label (20 bits) The Flow Label field identifies packets requiring special treatment in order to manage real-time data traffic. The sending router can label sequences of IPv6 packets so that forwarding routers can process packets within the same flow without needing to reprocess each packet’s header separately. Note: All packets in the flow must have the same source and destination addresses.
Hop Limit (8 bits) The Hop Limit field shows the number of hops remaining for packet processing. In IPv4, this is known as the Time to Live (TTL) field and uses seconds rather than hops. Each time the packet moves through a forwarding router, this field decrements by 1. If a router receives a packet with a Hop Limit of 1, it decrements it to 0 (zero). The router discards the packet and sends an ICMPv6 message back to the sending router indicating that the Hop Limit was exceeded in transit.
www.dell.com | support.dell.com The Hop-by-Hop Options header contains: • Next Header (1 byte) This field identifies the type of header following the Hop-by-Hop Options header and uses the same values shown in Table 26-1. • Header Extension Length (1 byte) This field identifies the length of the Hop-by-Hop Options header in 8-byte units, but does not include the first 8 bytes. Consequently, if the header is less than 8 bytes, the value is 0 (zero).
• • 2001:0db8::1428:57ab 2001:db8::1428:57ab IPv6 networks are written using Classless Inter-Domain Routing (CIDR) notation. An IPv6 network (or subnet) is a contiguous group of IPv6 addresses the size of which must be a power of two; the initial bits of addresses, which are identical for all hosts in the network, are called the network's prefix. A network is denoted by the first address in the network and the size in bits of the prefix (in decimal), separated with a slash.
www.dell.com | support.dell.com Table 26-2 lists the FTOS Version in which an IPv6 feature became available for each platform. The sections following the table give some greater detail about the feature. Specific platform support for each feature or functionality is designated by the following symbols: c e s Table 26-2.
Table 26-2. FTOS and IPv6 Feature Support (continued) IS-IS for IPv6 support for redistribution N/A N/A N/A N/A 8.3.10.0 8.3.19.0 Chapter 25, “Intermediate System to Intermediate System,” on page 513 in the FTOS Configuration Guide IPv6 IS-IS in the FTOS Command Line Reference Guide ISIS for IPv6 support for distribute lists and administrative distance N/A N/A N/A N/A 8.3.10.0 8.3.19.
www.dell.com | support.dell.com Table 26-2. FTOS and IPv6 Feature Support (continued) PIM-SM for IPv6 7.4.1 8.2.1 8.4.2 8.4.2 N/A N/A IPv6 Multicast in this chapter; IPv6 PIM in the FTOS Command Line Reference Guide PIM-SSM for IPv6 7.5.1 MLDv1/v2 7.4.1 8.2.1 8.4.2 8.4.2 N/A N/A IPv6 Multicast in this chapter IPv6 PIM in the FTOS Command Line Reference Guide 8.2.1 8.4.2 8.4.
Path MTU Discovery IPv6 MTU Discovery is supported on platforms c e s Path MTU (Maximum Transmission Unit) defines the largest packet size that can traverse a transmission path without suffering fragmentation. Path MTU for IPv6 uses ICMPv6 Type-2 messages to discover the largest MTU along the path from source to destination and avoid the need to fragment the packet. The recommended MTU for IPv6 is 1280.
www.dell.com | support.dell.com Neighbor Discovery Protocol (NDP) is a top-level protocol for neighbor discovery on an IPv6 network. In lieu of ARP, NDP uses “Neighbor Solicitation” and “Neighbor Advertisement” ICMPv6 messages for determining relationships between neighboring nodes. Using these messages, an IPv6 device learns the link-layer addresses for neighbors known to reside on attached links, quickly purging cached values that become invalid.
QoS for IPv6 IPv6 QoS is supported on platform e FTOS IPv6 supports quality of service based on DSCP field. You can configure FTOS to honor the DSCP value on incoming routed traffic and forward the packets with the same value. IPv6 Multicast IPv6 Multicast is supported on platforms e FTOS supports the following protocols to implement IPv6 multicast routing: • • • Multicast Listener Discovery Protocol (MLD).
www.dell.com | support.dell.
Figure 26-5.
www.dell.com | support.dell.com Save the new CAM settings to the startup-config (write-mem or copy run start) then reload the system for the new settings to take effect. Command Syntax Command Mode Purpose cam-acl { ipv6acl } CONFIGURATION Allocate space for IPV6 ACLs. Enter the CAM profile name followed by the amount to be allotted. When not selecting the default option, you must enter all of the profiles listed and a range for each. The total space allocated must equal 13.
Assign a Static IPv6 Route IPv6 Static Routes are supported on platforms c e s Use the ipv6 route command to configure IPv6 static routes. Note: After you configure a static IPv6 route (ipv6 route command) and configure the forwarding router’s address (specified in the ipv6 route command) on a neighbor’s interface, the IPv6 neighbor is not displayed in the show ipv6 route command output.
www.dell.com | support.dell.com Telnet with IPv6 IPv6 Telnet is supported on platforms c e s The Telnet client and server in FTOS support IPv6 connections. You can establish a Telnet session directly to the router using an IPv6 Telnet client, or an IPv6 Telnet connection can be initiated from the router. Note: Telnet to link local addresses is not supported. Command Syntax Command Mode telnet ipv6 address EXEC or EXEC Privileged Purpose Enter the IPv6 Address for the device.
Show IPv6 Information All of the following show commands are supported on platforms c e s View specific IPv6 configuration with the following commands.
www.dell.com | support.dell.com Show an IPv6 Interface View the IPv6 configuration for a specific interface with the following command. Command Syntax Command Mode Purpose show ipv6 interface type {slot/ EXEC Show the currently running configuration for the specified interface Enter the keyword interface followed by the type of interface and slot/port information: • For all brief summary of IPv6 status and configuration, enter the keyword brief.
Figure 26-6.
www.dell.com | support.dell.com Figure 26-7 illustrates the show ipv6 route command output. Figure 26-7.
Show the Running-Configuration for an Interface View the configuration for any interface with the following command. Command Syntax Command Mode Purpose show running-config interface type {slot/port} EXEC Show the currently running configuration for the specified interface Enter the keyword interface followed by the type of interface and slot/port information: • For a 10/100/1000 Ethernet interface, enter the keyword GigabitEthernet followed by the slot/ port information.
www.dell.com | support.dell.com 568 Command Syntax Command Mode Purpose IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing earlier in this chapter.
27 Link Aggregation Control Protocol (LACP) Link Aggregation Control Protocol (LACP) is supported on platforms: e cs S4820T The major sections in the chapter are: • • • • • Introduction to Dynamic LAGs and LACP LACP Configuration Tasks Shared LAG State Tracking Configure LACP as Hitless LACP Basic Configuration Example Introduction to Dynamic LAGs and LACP A Link Aggregation Group (LAG), referred to as a port channel by FTOS, can provide both load-sharing and port redundancy across line cards.
www.dell.com | support.dell.com Important Points to Remember • • • • • • LACP enables you to add members to a port channel (LAG) as long as it has no static members. Conversely, if the LAG already contains a statically defined member (channel-member command), the port-channel mode command is not permitted. A static LAG cannot be created if a dynamic LAG using the selected number already exists.
LACP Configuration Commands If aggregated ports are configured with compatible LACP modes (Off, Active, Passive), LACP can automatically link them, as defined in IEEE 802.3, Section 43. The following commands configure LACP: Command Syntax Command Mode Purpose [no] lacp system-priority priority-value CONFIGURATION Configure the system priority.
www.dell.com | support.dell.com The LAG is in the default VLAN. To place the LAG into a non-default VLAN, use the tagged command on the LAG as shown in the example below: FTOS(conf)#interface vlan 10 FTOS(conf-if-vl-10)#tagged port-channel 32 Configure the LAG interfaces as dynamic After creating a LAG, configure the dynamic LAG interfaces. The following example shows ports 3/15, 3/ 16, 4/15, and 4/16 added to LAG 32 in LACP mode with the command port-channel-protocol lacp.
To configure the LACP long timeout as shown in the example below: Step 1 Task Command Syntax Command Mode Set the LACP timeout value to 30 seconds. lacp long-timeout CONFIG-INT-PO FTOS(conf)# interface port-channel 32 FTOS(conf-if-po-32)#no shutdown FTOS(conf-if-po-32)#switchport FTOS(conf-if-po-32)#lacp long-timeout FTOS(conf-if-po-32)#end FTOS# show lacp 32 Port-channel 32 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e800.
Shared LAG State Tracking provides the flexibility to bring down a port channel (LAG) based on the operational state of another LAG. At any time, only two LAGs can be a part of a group such that the fate (status) of one LAG depends on the other LAG. In the following illustration, line-rate traffic from R1 destined for R4 follows the lowest-cost route via R2, as shown. Traffic is equally distributed between LAGs 1 and 2. If LAG 1 fails, all traffic from R1 to R4 flows across LAG 2 only.
R2#config R2(conf)#port-channel failover-group R2(conf-po-failover-grp)#group 1 port-channel 1 port-channel 2 View the failover group configuration using the show running-configuration po-failover-group command, as shown in the example below. R2#show running-config po-failover-group ! port-channel failover-group group 1 port-channel 1 port-channel 2 In the following illustration, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down upon the failure.
www.dell.com | support.dell.com Last clearing of "show interface" counters 00:01:28 Queueing strategy: fifo Note: The set of console messages shown in Message 1 appear only if Shared LAG State Tracking is configured on that router (the feature can be configured on one or both sides of a link). For example, in previous illustration, if Shared LAG State Tracking is configured on R2 only, then no messages appear on R4 regarding the state of LAGs in a failover group.
LACP Basic Configuration Example The screenshots in this section are based on the example topology shown in the following illustration. Two routers are named ALPHA and BRAVO, and their hostname prompts reflect those names.
www.dell.com | support.dell.
Shows the status of this physical nterface, and shows it is part of port channel 10. Alpha#sh int gig 2/31 GigabitEthernet 2/31 is up, line protocol is up Port is part of Port-channel 10 Hardware is Force10Eth, address is 00:01:e8:06:95:c0 Current address is 00:01:e8:06:95:c0 Interface index is 109101113 Port will not be disabled on partial SFM failure Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes Shows the speed of this physical interface.
www.dell.com | support.dell.com Inspecting Configuration of LAG 10 on ALPHA 580 Indicates the MAC address assigned to the LAG. This does NOT match any of the physical interface MAC addresses.
Using the show lacp Command to Verify LAG 10 Status on ALPHA Alpha#sho lacp 10 Port-channel 10 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e806.953e Partner System ID: Priority 32768, Address 0001.e809.
www.dell.com | support.dell.
Summary of the configuration on BRAVO Summary of the configuration on BRAVO Bravo(conf-if-gi-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config ! interface Port-channel 10 no ip address switchport no shutdown ! Bravo(conf-if-po-10)#exit Bravo(conf)#int gig 3/21 Bravo(conf)#no ip address Bravo(conf)#no switchport Bravo(conf)#shutdown Bravo(conf-if-gi-3/21)#port-channel-protocol lacp Bravo(conf-if-gi-3/21-lacp)#por
www.dell.com | support.dell.com Using the show interface Command to Inspect a LAG Port on BRAVO 584 Shows the status of this nterface. Also shows it is part of LAG 10. Bravo#show int gig 3/21 GigabitEthernet 3/21 is up, line protocol is up Port is part of Port-channel 10 Hardware is Force10Eth, address is 00:01:e8:09:c3:82 Current address is 00:01:e8:09:c3:82 Shows that this is a Layer 2 port.
Using the show interfaces port-channel Command to Inspect LAG 10 Indicates the MAC address assigned to the LAG. This does NOT match any of the physical interface MAC addresses.
www.dell.com | support.dell.com Using the show lacp Command to Inspect LAG Status FTOS#show lacp 10 Port-channel 10 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e809.c24a Partner System ID: Priority 32768, Address 0001.e806.
28 Layer 2 Layer 2 features are supported on platforms: ecs S4820T This chapter describes the following Layer 2 features: • • • • • • • • Managing the MAC Address Table MAC Learning Limit NIC Teaming Microsoft Clustering Configuring Redundant Pairs Restricting Layer 2 Flooding Restricting Layer 2 Multicast Flooding over Low Speed Ports Far-end Failure Detection Managing the MAC Address Table FTOS provides the following management activities for the MAC address table: • • • • Clear the MAC Address Tabl
www.dell.com | support.dell.com Set the Aging Time for Dynamic Entries Learned MAC addresses are entered in the table as dynamic entries, which means that they are subject to aging. For any dynamic entry, if no packet arrives on the switch with the MAC address as the source or destination address within the timer period, the address is removed from the table. The default aging time is 1800 seconds. Task Command Syntax Command Mode Disable MAC address aging for all dynamic entries.
Display the MAC Address Table To display the contents of the MAC address table: Task Command Syntax CommandMode Display the contents of the MAC address table. • address displays the specified entry. • aging-time displays the configured aging-time. • count displays the number of dynamic and static entries for all VLANs, and the total number of entries. • dynamic displays only dynamic entries • interface displays only entries for the specified interface. • static displays only static entries.
www.dell.com | support.dell.com MAC Address Learning Limit is a method of port security on Layer 2 port-channel and physical interfaces, and VLANs. It enables you to set an upper limit on the number of MAC addresses that learned on an interface/VLAN. After the limit is reached, the system drops all traffic from a device with an unlearned MAC address.
mac learning-limit mac-address-sticky Using sticky MAC addresses allows you to associate a specific port with MAC addresses from trusted devices. If sticky MAC is enabled, the specified port will retain any dynamically-learned addresses and prevent them from being transferred or learned on other ports. If mac-learning-limit is configured and sticky MAC is enabled, all dynamically-learned addresses are converted to sticky MAC addresses for the selected port.
www.dell.com | support.dell.com Station Move Violation Actions Station Move Violation Actions are supported only on platforms: e S4820T . no-station-move is the default behavior. You can configure the system to take an action if a station move occurs using one the following options with the mac learning-limit command:. Task Command Syntax Command Mode Generate a system log message indicating a station move. station-move-violation log INTERFACE Shut down the first port to learn the MAC address.
Per-VLAN MAC Learning Limit Per-VLAN MAC Learning Limit is available only on platform: e An individual MAC learning limit can be configured for each VLAN using Per-VLAN MAC Learning Limit. One application of Per-VLAN MAC Learning Limit is on access ports. In the following illustration, an Internet Exchange Point (IXP) connects multiple Internet Service Provider (ISP). An IXP can provide several types of services to its customers including public and private peering.
www.dell.com | support.dell.
(in the above example, this is Port 0/5 of the switch). To ensure the MAC address is disassociated with one port and re-associated with another port in the ARP table, you must configure the command mac-address-table station-move refresh-arp on the Dell Force10 switch at the time that NIC teaming is being configured on the server. Note: If this command is not configured, traffic continues to be forwarded to the failed NIC until the ARP entry on the switch times out. Figure 28-2.
www.dell.com | support.dell.com Default Behavior When an ARP request is sent to a server cluster, either the active server or all of the servers send a reply, depending on the cluster configuration. If the active server sends a reply, the Dell Force10 switch learns the active server’s MAC address. If all servers reply, the switch registers only the last received ARP reply, and the switch learns one server’s actual MAC address (Figure 28-3); the virtual MAC address is never learned.
As shown in Figure 28-5, the server MAC address is given in the Ethernet frame header of the ARP reply, while the virtual MAC address representing the cluster is given in the payload. The vlan-flooding command directs the system to discover that there are different MAC addresses in an ARP reply and associate the virtual MAC address with the VLAN connected to the cluster. Then, all traffic destined for the cluster is flooded out of all member ports.
www.dell.com | support.dell.com Configuring Redundant Pairs Configuring Redundant Pairs is supported on platforms: ecs S4820T Z Networks that employ switches that do not support Spanning Tree (STP) — for example, networks with Digital Subscriber Line Access Mutiplexers (DSLAM) — cannot have redundant links between switches because they create switching loops (Figure 28-6).
You configure a redundant pair by assigning a backup interface to a primary interface with the switchport backup interface command. Initially, the primary interface is active and transmits traffic and the backup interface remains down. If the primary fails for any reason, the backup transitions to an active UP state. If the primary interface fails and later comes back up, it remains as the backup interface for the redundant pair.
www.dell.com | support.dell.com Figure 28-7.
Restricting Layer 2 Flooding Restricting Layer 2 Flooding is supported only on platform: e When Layer 2 multicast traffic must be forwarded on a VLAN that has multiple ports with different speeds on the same port-pipe, forwarding is limited to the speed of the slowest port. Restricted Layer 2 Flooding prevents slower ports from lowering the throughput of multicast traffic on faster ports by restricting flooding to ports with a speed equal to or above a link speed you specify.
www.dell.com | support.dell.com Far-end Failure Detection Far-end Failure Detection is supported on platforms e S4820T Z Far-end Failure Detection (FEFD) is a protocol that senses remote data link errors in a network. It responds by sending a unidirectional report that triggers an echoed response after a specified time interval. FEFD can be enabled globally or locally on an interface basis. Disabling the global FEFD configuration does not disable the interface configuration. Figure 28-10.
FEFD state changes FEFD has two operational modes, Normal and Aggressive. When Normal mode is enabled on an interface an a far-end failure is detected, no intervention is required to reset the interface to bring it back to an FEFD operational state.When Aggressive mode is enabled on an interface in the same state, manual intervention is required to reset the interface.
www.dell.com | support.dell.com Important Points to Remember • FEFD enabled ports are subject to an 8 to 10 second delay during an RPM failover before becoming operational. FEFD can be enabled globally or on a per interface basis. Interface FEFD configurations override global FEFD configurations. FTOS supports FEFD on physical Ethernet interfaces only, excluding the management interface.
Enable FEFD on an Interface Entering the command fefd in INTERFACE mode enables FEFD on a per interface basis. To change the FEFD mode, supplement the fefd command in INTERFACE mode by entering the command fefd [mode {aggressive | normal}]. To disable FEFD protocol on one interface, enter the command fefd disable in INTERFACE mode.
www.dell.com | support.dell.com Figure 28-13.
29 Link Layer Discovery Protocol (LLDP) Link Layer Discovery Protocol (LLDP) is supported only on platforms: ecs S4820T This chapter contains the following sections: • • • 802.1AB (LLDP) Overview TIA-1057 (LLDP-MED) Overview Configuring LLDP 802.1AB (LLDP) Overview Link Layer Discovery Protocol (LLDP)—defined by IEEE 802.1AB—is a protocol that enables a LAN device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN infrastructure devices.
www.dell.com | support.dell.com Figure 29-1. Type, Length, Value (TLV) Segment TLVs are encapsulated in a frame called an LLDP Data Unit (LLDPDU) (Figure 29-2), which is transmitted from one LLDP-enabled device to its LLDP-enabled neighbors. LLDP is a one-way protocol. LLDP-enabled devices (LLDP agents) can transmit and/or receive advertisements, but they cannot solicit and do not respond to advertisements. There are five types of TLVs.
Figure 29-2. LLDPDU Frame Optional TLVs FTOS supports the following optional TLVs: • • • Management TLVs IEEE 802.1 and 802.3 Organizationally Specific TLVs TIA-1057 Organizationally Specific TLVs Management TLVs A Management TLV is an Optional TLVs sub-type. This kind of TLV contains essential management information about the sender. The five types are described in Table 29-2. Organizationally Specific TLVs Organizationally specific TLVs can be defined by a professional organization or a vendor.
www.dell.com | support.dell.com IEEE Organizationally Specific TLVs Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups (Table 29-2) as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Force10 system to advertise any or all of these TLVs. Table 29-2. Optional TLV Types Type TLV Description Optional TLVs 4 Port description A user-defined alphanumeric string that describes the port. FTOS does not currently support this TLV.
TIA-1057 (LLDP-MED) Overview Link Layer Discovery Protocol—Media Endpoint Discovery (LLDP-MED) as defined by ANSI/ TIA-1057— provides additional organizationally specific TLVs so that endpoint devices and network connectivity devices can advertise their characteristics and configuration information; the OUI for the Telecommunications Industry Association (TIA) is 00-12-BB.
www.dell.com | support.dell.com Table 29-3.
Figure 29-4. LLDP-MED Capabilities TLV Table 29-4. FTOS LLDP-MED Capabilities Bit Position TLV FTOS Support 0 LLDP-MED Capabilities Yes 1 Network Policy Yes 2 Location Identification Yes 3 Extended Power via MDI-PSE Yes 4 Extended Power via MDI-PD No 5 Inventory No 6-15 reserved No Table 29-5.
www.dell.com | support.dell.com The application type is a represented by an integer (the Type integer in Table 29-6), which indicates a device function for which a unique network policy is defined. An individual LLDP-MED Network Policy TLV is generated for each application type that you specify with the FTOS CLI (Advertising TLVs on page 618).
Extended Power via MDI TLV The Extended Power via MDI TLV enables advanced PoE management between LLDP-MED endpoints and network connectivity devices. Advertise the Extended Power via MDI on all ports that are connected to an 802.3af powered, LLDP-MED endpoint device. • • • • Power Type: there are two possible power types: Power Sourcing Entity (PSE) or Power Device (PD). The Dell Force10 system is a PSE, which corresponds to a value of 0, based on the TIA-1057 specification.
www.dell.com | support.dell.com Important Points to Remember • • • • • LLDP is disabled by default. Dell Force10 systems support up to 8 neighbors per interface. Dell Force10 systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by 8 exceeds the maximum, the system will not configure more than 8000. INTERFACE level configurations override all CONFIGURATION level configurations. LLDP is not hitless.
Figure 29-7.
www.dell.com | support.dell.com Advertising TLVs You can configure the system to advertise TLVs out of all interfaces or out of specific interfaces. • • If you configure the system globally, all interfaces will send LLDPDUs with the specified TLVs. If you configure an interface, only the interface will send LLDPDUs with the specified TLVs. If LLDP is configured both globally and at interface level, the interface level configuration overrides the global configuration.
Figure 29-8. Configuring LLDP Viewing the LLDP Configuration Display the LLDP configuration using the command show config in either the CONFIGURATION or INTERFACE mode, as shown in Figure 29-9 and Figure 29-10, respectively. Figure 29-9.
www.dell.com | support.dell.com Figure 29-10.
Figure 29-12.
www.dell.com | support.dell.com Figure 29-13.
Figure 29-14.
www.dell.com | support.dell.com Figure 29-15.
FTOS# debug lldp interface gigabitethernet 1/2 packet detail tx FTOS#1w1d19h : Transmit timer blew off for local interface Gi 1/2 1w1d19h : Forming LLDP pkt to send out of interface Gi 1/2 1w1d19h : TLV: Chassis ID, Len: 7, Subtype: Mac address (4), Value: 00:01:e8:0d:b6:d6 1w1d19h : TLV: Port ID, Len: 20, Subtype: Interface name (5), Value: GigabitEthernet 1/2 1w1d19h : TLV: TTL, Len: 2, Value: 120 1w1d19h : TLV: SYS_DESC, Len: 207, Value:Dell Force10 Networks Real Time Operating System Software.
www.dell.com | support.dell.com Table 29-7.
Table 29-8.
www.dell.com | support.dell.com Table 29-9. LLDP 802.1 Organizationally Specific TLV MIB Objects TLV Type TLV Name TLV Variable 127 Port and Protocol VLAN ID port and protocol VLAN supported Local port and protocol VLAN enabled PPVID 127 VLAN Name VID VLAN name length VLAN name Table 29-10.
Table 29-10.
www.dell.com | support.dell.com Table 29-10.
30 Multicast Source Discovery Protocol (MSDP) Multicast Source Discovery Protocol (MSDP) is supported on platforms: e S4820T Protocol Overview Multicast Source Discovery Protocol (MSDP) is a Layer 3 protocol that connects IPv4 PIM-SM domains. A domain in the context of MSDP is contiguous set of routers operating PIM within a common boundary defined by an exterior gateway protocol, such as BGP. Each RP peers with every other RP via TCP. Through this connection, peers advertise the sources in their domain.
www.dell.com | support.dell.com RPs advertise each (S,G) in its domain in Type, Length, Value (TLV) format. The total number of TLVs contained in the SA is indicated in the “Entry Count” field. SA messages are transmitted every 60 seconds, and immediately when a new source is detected. Figure 30-2. Source Port MSDP SA Message Format Dest. Port (639) Seq. Number Type Code: 1: 2: 3: 4: 5: 6: 7: Ack.
Configuring Multicast Source Discovery Protocol Configuring MSDP is a three-step process: 1. Enable an exterior gateway protocol (EGP) with at least two routing domains. Figure 30-5 and MSDP Sample Configurations on page 654 show the OSPF-BGP configuration used in this chapter for MSDP. Otherwise, see Chapter 33, Open Shortest Path First (OSPFv2) and Chapter 9, Border Gateway Protocol IPv4 (BGPv4). 2. Configure PIM-SM within each EGP routing domain.
interface GigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown ! interface GigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface GigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown | Multicast Source Discovery Protocol (MSDP) 1/1 1/21 PC 1 : 10.11.3.2/24 R1 1/2 interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.
router ospf 1 network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 192.168.0.1/32 area 0 network 10.11.3.0/24 area 0 router ospf 1 network 192.168.0.1/32 area 0 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 redistribute static redistribute connected redistribute bgp 100 R2_E300(conf)#do show run bgp ! router bgp 100 redistribute ospf 1 neighbor 192.168.0.3 remote-as 200 neighbor 192.168.0.3 ebgp-multihop 255 neighbor 192.168.0.3 update-source Loopback 0 neighbor 192.168.0.
| Multicast Source Discovery Protocol (MSDP) M PI P GM +I R1 1/2 RP1 PC 2 Receiver: 239.0.0.1 1/1 1/21 ip multicast routing ! ip pim rp-address 192.168.0.1 group-address 224.0.0.0/4 AS 100 R2 2/31 R3 3/41 4/31 R4 AS 200 ip multicast-routing ! ip pim rp-address 192.168.0.3 group-address 224.0.0.0/4 ip multicast-routing ! ip pim rp-address 192.168.0.3 group-address 224.0.0.0/4 4/1 P GM + I PC 3 Receiver: 239.0.0.1 RP2 3/21 M PI ip multicast-routing ! ip pim rp-address 192.168.0.
R1_E600(conf)#do show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr LearnedFrom Expire UpTime 239.0.0.1 10.11.4.2 192.168.0.1 local 95 16:49:25 (10.11.4.2, 239.0.0.1), uptime 1d16h, expires 00:03:12, flags: CTA Incoming interface: GigabitEthernet 1/21, RPF neighbor 10.11.1.21 Outgoing interface list: GigabitEthernet 1/1 Forward/Sparse 22:26:37/Never (*, 239.0.0.1), uptime 22:26:37, expires 00:00:00, RP 192.168.0.
www.dell.com | support.dell.com Enable MSDP Enable MSDP by peering RPs in different administrative domains. Step Task Command Syntax Command Mode 1 Enable MSDP. ip multicast-msdp CONFIGURATION 2 PeerPIM systems in different administrative domains. ip msdp peer connect-source CONFIGURATION Figure 30-7. Configuring an MSDP Peer R3_E600(conf)#ip multicast-msdp R3_E600(conf)#ip msdp peer 192.168.0.
• • RPs can transmit SA messages periodically to prevent SA storms, and only sources that are in the cache are advertised in the SA to prevent transmitting multiple copies of the same source information. View the Source-active Cache Task Command Syntax Command Mode View the SA cache. show ip msdp sa-cache EXEC Privilege Figure 30-9. Displaying the MSDP Source-active Cache R3_E600#show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr 239.0.0.1 10.11.4.2 192.168.0.
www.dell.com | support.dell.com • • Task Command Syntax Command Mode Cache rejected sources. ip msdp cache-rejected-sa CONFIGURATION Accept Source-active Messages that fail the RFP Check A default peer is a peer from which active sources are accepted even though they fail the RFP check. • • • • 640 the peer RP is unreachable, or because of an SA message format error. | In Scenario 1 of Figure 30-10, all MSPD peers are up.
Figure 30-10.
www.dell.com | support.dell.com Task Command Syntax Command Mode Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check. If you do not specify an access list, the peer accepts all sources advertised by that peer. All sources from RPs denied by the ACL are subjected to the normal RPF check. ip msdp default-peer ip-address list CONFIGURATION Figure 30-11. Accepting Source-active Messages with FTOS(conf)#ip msdp peer 10.0.50.
Prevent MSDP from Caching a Local Source You can prevent MSDP from caching an active source based on source and/or group. Since the source is not cached, it is not advertised to remote RPs. Task Command Syntax Command Mode OPTIONAL: Cache sources that are denied by the redistribute list in the rejected SA cache. ip msdp cache-rejected-sa CONFIGURATION Prevent the system from caching local SA entries based on source and group using an extended ACL.
www.dell.com | support.dell.com Prevent MSDP from Caching a Remote Source Task Command Syntax Command Mode OPTIONAL: Cache sources that are denied by the SA filter in the rejected SA cache. ip msdp cache-rejected-sa CONFIGURATION Prevent the system from caching remote sources learned from a specific peer based on source and group. ip msdp sa-filter list out peer list ext-acl CONFIGURATION In Figure 30-14, R1 is advertising source 10.11.4.2.
Prevent MSDP from Advertising a Local Source Task Command Syntax Command Mode Prevent an RP from advertising a source in the SA cache. ip msdp sa-filter list in peer list ext-acl CONFIGURATION In Figure 30-14, R1 stops advertising source 10.11.4.2. Since it is already in the SA cache of R3, the entry remains there until it expires. Figure 30-14. Preventing MSDP from Advertising a Local Source [Router 1] R1_E600(conf)#do show run msdp ! ip multicast-msdp ip msdp peer 192.168.0.
www.dell.com | support.dell.com Log Changes in Peership States Task Command Syntax Command Mode Log peership state changes. ip msdp log-adjacency-changes CONFIGURATION Terminate a Peership MSDP uses TCP as its transport protocol. In a peering relationship, the peer with the lower IP address initiates the TCP session, while the peer with the higher IP address listens on port 639. Task Command Syntax Command Mode Terminate the TCP connection with a peer.
Clear Peer Statistics Task Command Syntax Command Mode Reset the TCP connection to the peer and clear all peer statistics. clear ip msdp peer peer-address CONFIGURATION Figure 30-16. Clearing Peer Statistics R3_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 192.168.0.
www.dell.com | support.dell.com Debug MSDP Task Command Syntax Command Mode Display the information exchanged between peers. debug ip msdp CONFIGURATION Figure 30-17. Debugging MSDP R1_E600(conf)#do debug ip msdp All MSDP debugging has been turned on R1_E600(conf)#03:16:08 : MSDP-0: Peer 03:16:09 : MSDP-0: Peer 192.168.0.3, 03:16:27 : MSDP-0: Peer 192.168.0.3, 03:16:38 : MSDP-0: Peer 192.168.0.3, 03:16:39 : MSDP-0: Peer 192.168.0.3, 03:17:09 : MSDP-0: Peer 192.168.0.3, 03:17:10 : MSDP-0: Peer 192.
MSDP with Anycast RP (10.11.4.2, 239.0.0.1), uptime 00:00:52, expires 00:03:20, flags: FTA Incoming interface: GigabitEthernet 2/1, RPF neighbor 0.0.0.0 Outgoing interface list: GigabitEthernet 2/11 Forward/Sparse 00:00:50/00:02:40 GigabitEthernet 2/31 Forward/Sparse 00:00:50/00:02:40 PI M AS X Area 0 + PI M PC 2 Source + MP IG PC 3 Receiver OS PF + Figure 30-18. MP IG 4/1 R4 4/31 OS PF + 2/1 BGP (*, 239.0.0.1), uptime 00:00:23, expires 00:00:00, RP 192.168.0.
www.dell.com | support.dell.com Reducing Source-active Message Flooding RPs flood source-active messages to all of their peers away from the RP. When multiple RPs exist within a domain, the RPs forward received active source information back to the originating RP, which violates the RFP rule. You can prevent this unnecessary flooding by creating a mesh-group. A mesh in this context is a topology in which each RP in a set of RPs has a peership with all other RPs in the set.
Figure 30-19. R1 Configuration for MSDP with Anycast RP ip multicast-routing ! interface GigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown ! interface GigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface GigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! interface Loopback 1 ip address 192.168.0.11/32 no shutdown ! router ospf 1 network 10.11.2.
www.dell.com | support.dell.com Figure 30-20. 652 R2 Configuration for MSDP with Anycast RP ip multicast-routing ! interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.1/24 no shutdown ! interface GigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.1.21/24 no shutdown ! interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.0.23/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! interface Loopback 1 ip address 192.168.0.
Figure 30-21. R3 Configuration for MSDP with Anycast RP ip multicast-routing ! interface GigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown interface GigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown ! router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.
www.dell.com | support.dell.com 654 MSDP Sample Configurations The following figures show the running-configurations for the routers shown in figures Figure 30-5, Figure 30-4, Figure 30-5, Figure 30-6. Figure 30-22. MSDP Sample Configuration: R1 Running-config ip multicast-routing ! interface GigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown ! interface GigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface GigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.
Figure 30-23. MSDP Sample Configuration: R2 Running-config ip multicast-routing ! interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.1/24 no shutdown ! interface GigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.1.21/24 no shutdown ! interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.0.23/24 no shutdown ! interface Loopback 0 ip address 192.168.0.2/32 no shutdown ! router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.
www.dell.com | support.dell.com Figure 30-24. 656 MSDP Sample Configuration: R3 Running-config ip multicast-routing ! interface GigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown ! interface GigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown ! interface ManagementEthernet 0/0 ip address 10.11.80.3/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown ! router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.
Figure 30-25. MSDP Sample Configuration: R4 Running-config ip multicast-routing ! interface GigabitEthernet 4/1 ip pim sparse-mode ip address 10.11.5.1/24 no shutdown ! interface GigabitEthernet 4/22 ip address 10.10.42.1/24 no shutdown ! interface GigabitEthernet 4/31 ip pim sparse-mode ip address 10.11.6.43/24 no shutdown ! interface Loopback 0 ip address 192.168.0.4/32 no shutdown ! router ospf 1 network 10.11.5.0/24 area 0 network 10.11.6.0/24 area 0 network 192.168.0.
www.dell.com | support.dell.
31 Multiple Spanning Tree Protocol (MSTP) Multiple Spanning Tree Protocol (MSTP) is supported on platforms: ecs S4820T Protocol Overview Multiple Spanning Tree Protocol (MSTP)—specified in IEEE 802.1Q-2003—is an RSTP-based spanning tree variation that improves on PVST+. MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances. In contrast, PVST+ allows a spanning tree instance for each VLAN.
www.dell.com | support.dell.com FTOS supports three other variations of Spanning Tree, as shown in Table 44. Table 31-1. FTOS Supported Spanning Tree Protocols Dell Force10 Term IEEE Specification Spanning Tree Protocol 802.1d Rapid Spanning Tree Protocol 802.1w Multiple Spanning Tree Protocol 802.1s Per-VLAN Spanning Tree Plus Third Party Implementation Information • • • • • The FTOS MSTP implementation is based on IEEE 802.
• • • Preventing Network Disruptions with BPDU Guard on page 953 SNMP Traps for Root Elections and Topology Changes on page 815 Configuring Spanning Trees as Hitless on page 959 Enable Multiple Spanning Tree Globally MSTP is not enabled by default. To enable MSTP: Step Task Command Syntax Command Mode 1 Enter PROTOCOL MSTP mode. protocol spanning-tree mstp CONFIGURATION 2 Enable MSTP.
www.dell.com | support.dell.com Create Multiple Spanning Tree Instances A single MSTI provides no more benefit than RSTP. To take full advantage of MSTP you must create multiple MSTIs and map VLANs to them. Create an MSTI using the command msti from PROTOCOL MSTP mode. Specify the keyword vlan followed by the VLANs that you want to participate in the MSTI, as shown in Figure 31-3. Figure 31-3.
Influence MSTP Root Selection MSTP determines the root bridge, but you can assign one bridge a lower priority to increase the probability that it will become the root bridge. To change the bridge priority: Task Command Syntax Command Mode Assign a number as the bridge priority. A lower number increases the probability that the bridge becomes the root bridge.
www.dell.com | support.dell.com For a bridge to be in the same MSTP region as another, all three of these qualities must match exactly. The default values for name and revision will match on all Dell Force10 FTOS equipment. If you have non-FTOS equipment that will participate in MSTP, ensure these values to match on all the equipment. Note: Some non-FTOS equipment may implement a non-null default region name. SFTOS, for example, uses the Bridge ID, while others may use a MAC address.
To change MSTP parameters, use the following commands on the root bridge: Task Command Syntax Command Mode Change the forward-delay parameter. • Range: 4 to 30 • Default: 15 seconds forward-delay seconds PROTOCOL MSTP Change the hello-time parameter. Note: With large configurations (especially those with more ports) Dell Force10 recommends that you increase the hello-time. Range: 1 to 10 Default: 2 seconds hello-time seconds PROTOCOL MSTP Change the max-age parameter.
www.dell.com | support.dell.com Table 31-2 lists the default values for port cost by interface. Table 31-2.
To enable EdgePort on an interface, use the following command: Task Command Syntax Command Mode Enable EdgePort on an interface. spanning-tree mstp edge-port [bpduguard | shutdown-on-violation] INTERFACE Verify that EdgePort is enabled on a port using the command show config from the INTERFACE mode, as shown in Figure 31-8. FTOS Behavior: Regarding bpduguard shutdown-on-violation behavior: 1 If the interface to be shutdown is a port channel then all the member ports are disabled in the hardware.
www.dell.com | support.dell.com MSTP Sample Configurations The running-configurations in Figure 31-10, Figure 31-11, and Figure 31-11 support the topology shown in Figure 31-9. The configurations are from FTOS systems. An S50 system using SFTOS, configured as shown Figure 31-13, could be substituted for an FTOS router in this sample following topology and MSTP would function as designed. Figure 31-9.
Figure 31-10.
www.dell.com | support.dell.com Figure 31-11.
Figure 31-12.
www.dell.com | support.dell.com Figure 31-13.
Figure 31-14. Displaying BPDUs and Events FTOS#debug spanning-tree mstp bpdu 1w1d17h : MSTP: Sending BPDU on Gi 1/31 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x68 CIST Root Bridge Id: 32768:0001.e806.953e, Ext Path Cost: 20000 Regional Bridge Id: 32768:0001.e809.c24a, CIST Port Id: 128:384 Msg Age: 2, Max Age: 20, Hello: 2, Fwd Delay: 15, Ver1 Len: 0, Ver3 Len: 96 Name: my-mstp-region, Rev: 0, Int Root Path Cost: 20000 Rem Hops: 19, Bridge Id: 32768:0001.e80d.
www.dell.com | support.dell.com Figure 31-15. Sample Output for show running-configuration spanning-tree mstp command FTOS#show run spanning-tree mstp ! protocol spanning-tree mstp name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 Figure 31-16.
32 Multicast Features Multicast Features are supported on platforms: ecs S4820T This chapter contains the following sections: • • • • • Enable IP Multicast on page 675 Multicast with ECMP on page 676 First Packet Forwarding for Lossless Multicast on page 677 Multicast Policies on page 678 Multicast Traceroute on page 685 FTOS supports the following multicast protocols: • • • PIM Sparse-Mode (PIM-SM) on page 717 Internet Group Management Protocol (IGMP) on page 423 Multicast Source Discovery Protocol (
www.dell.com | support.dell.com Multicast with ECMP Dell Force10 multicast uses Equal-cost Multi-path (ECMP) routing to load-balance multiple streams across equal cost links. When creating the shared-tree Protocol Independent Multicast (PIM) uses routes from all configured routing protocols to select the best route to the rendezvous point (RP). If there are multiple, equal-cost paths, the PIM selects the route with the least number of currently running multicast streams.
As the upper five bits of an IP Multicast address are dropped in the translation, 32 different multicast group IDs all map to the same Ethernet address. For example, 224.0.0.5 is a well known IP address for OSPF that maps to the multicast MAC address 01:00:5e:00:00:05. However, 225.0.0.5, 226.0.0.5, etc., map to the same multicast MAC address. The Layer 2 FIB alone cannot differentiate multicast control traffic multicast data traffic with the same address, so if you use IP address 225.0.0.
www.dell.com | support.dell.com Multicast Policies FTOS offers parallel Multicast features for IPv4 and IPv6.
Note: The IN-L3-McastFib CAM partition is used to store multicast routes and is a separate hardware limit that is exists per port-pipe. Any software-configured limit might be superseded by this hardware space limitation. The opposite is also true, the CAM partition might not be exhausted at the time the system-wide route limit set by the ip multicast-limit is reached. Prevent a Host from Joining a Group You can prevent a host from joining a particular group by blocking specific IGMP reports.
| Multicast Features ip igmp snooping enable interface Vlan 400 ip pim sparse-mode ip address 10.11.4.1/24 untagged GigabitEthernet 1/2 ip igmp access-group igmpjoinfilR2G2 no shutdown (*, 239.0.0.1), uptime 00:00:06, expires 00:00:00, RP 10.11.12.2, flags: SCJ Incoming interface: GigabitEthernet 1/21, RPF neighbor 10.11.12.2 Outgoing interface list: Vlan 400 Forward/Sparse 00:00:06/Never interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.23.
Rate Limit IGMP Join Requests If you expect a burst of IGMP Joins, protect the IGMP process from overload by limiting that rate at which new groups can be joined using the command ip igmp group-join-limit from INTERFACE mode. Hosts whose IGMP requests are denied will use the retry mechanism built-in to IGMP so that they’re membership is delayed rather than permanently denied. View the enable status of this feature using the command show ip igmp interface from EXEC Privilege mode.
| Multicast Features (10.11.5.2, 239.0.0.2), uptime 00:00:33, expires 00:03:07, flags: CT Incoming interface: GigabitEthernet 1/31, RPF neighbor 10.11.13.2 Outgoing interface list: Vlan 300 Forward/Sparse 00:00:40/Never (*, 239.0.0.2), uptime 00:00:40, expires 00:00:00, RP 10.11.12.2, flags: SCJ Incoming interface: GigabitEthernet 1/21, RPF neighbor 10.11.12.2 Outgoing interface list: Vlan 300 Forward/Sparse 00:00:40/Never (10.11.5.2, 239.0.0.
Prevent a PIM Router from Processing a Join Permit or deny PIM Join/Prune messages on an interface using an extended IP access list. Use the command ip pim join-filter to prevent the PIM SM router from creating state based on multicast source and/ or group. Note: Dell Force10 recommends that you do not use the ip pim join-filter command on an interface between a source and the RP router.
www.dell.com | support.dell.com Prevent an IPv6 Neighbor from Forming an Adjacency Task Command Syntax Command Mode Prevent a router from participating in PIM.
Multicast Traceroute Multicast Traceroute is supported only on platform: e MTRACE is an IGMP-based tool that prints that network path that a multicast packet takes from a source to a destination, for a particular group. FTOS has mtrace client and mtrace transmit functionality. • • MTRACE Client—an mtrace client transmits mtrace queries and prints out the details received responses.
| Multicast Features www.dell.com | support.dell.
33 Open Shortest Path First (OSPFv2) Open Shortest Path First (OSPFv2) is supported on the S4820T platforms only.
www.dell.com | support.dell.com Autonomous System (AS) Areas OSPF operate in a type of hierarchy. The largest entity within the hierarchy is the autonomous system (AS), which is a collection of networks under a common administration that share a common routing strategy. OSPF is an intra-AS (interior gateway) routing protocol, although it is capable of receiving routes from and sending routes to other ASs.
Area Types The Backbone of the network is Area 0. It is also called Area 0.0.0.0 and is the core of any Autonomous System (AS). All other areas must connect to Area 0. Areas can be defined in such a way that the backbone is not contiguous. In this case, backbone connectivity must be restored through virtual links. Virtual links are configured between any backbone routers that share a link to a non-backbone area and function as if they were direct links.
www.dell.com | support.dell.com Figure 33-2gives some examples of the different router designations. Figure 33-2.
Area Border Router (ABR) Within an AS, an Area Border (ABR) connects one or more areas to the Backbone. The ABR keeps a copy of the link-state database for every area it connects to, so it may keep multiple copies of the link state database. An Area Border Router (ABR) takes information it has learned on one of its attached areas and can summarize it before sending it out on other areas it is connected to. An ABR can connect to many areas in an AS, and is considered a member of each area it connects to.
www.dell.com | support.dell.com Link-State Advertisements (LSAs) A Link-State Advertisement (LSA) communicates the router's local routing topology to all other local routers in the same area. The LSA types supported by Dell Force10 are defined as follows: • • • • • • • Type 1 - Router LSA • The router lists links to other routers or networks in the same area. Type 1 LSAs are flooded across their own area only. The Link-State ID of the Type 1 LSA is the originating router ID.
• • 3: connection to a stub network IP network/subnet number 4: virtual link neighboring router ID LSA throttling LSA throttling provides configurable interval timers to improve OSPF convergence times. The default OSPF static timers (5 seconds for transmission, 1 second for acceptance) ensure sufficient time for sending and resending LSAs and for system acceptance of arriving LSAs. However, some networks may require reduced intervals for LSA transmission and acceptance.
www.dell.com | support.dell.com Figure 33-3. Priority and Costs Example Router 2 Priority 180 Cost 50 Router 3 Priority 100 Cost 25 Router 1 Priority 200 Cost 21 Router 4 Priority 150 Cost 20 Router 1 selected by the system as DR. Router 2 selected by the system as BDR. If R1 fails, the system subtracts 21 fromR1 s priority number. R1 s new pr iority is 179. R2 as both the selected BDR and the now-highest priority, becomes the DR. If R3 fails, the system subtracts R2 s new priority is130.
• • NSSA External (type 7) Opaque Link-local (type 9) Fast Convergence (OSPFv2, IPv4 only) Fast Convergence allows you to define the speeds at which LSAs are originated and accepted, and reduce OSPFv2 end-to-end convergence time. FTOS enables you to accept and originate LSAa as soon as they are available to speed up route information propagation. Note that the faster the convergence, the more frequent the route calculations and updates.
www.dell.com | support.dell.com RFC-2328 Compliant OSPF Flooding In OSPF, flooding is the most resource-consuming task. The flooding algorithm described in RFC 2328 requires that OSPF flood LSAs on all interfaces, as governed by LSA's flooding scope. (Refer to Section 13 of the RFC.) When multiple direct links connect two routers, the RFC 2328 flooding algorithm generates significant redundant information across all links.
OSPF ACK Packing The OSPF ACK Packing feature bundles multiple LS acknowledgements in a single packet, significantly reducing the number of ACK packets transmitted when the number of LSAs increases. This feature also enhances network utilization and reduces the number of small ACK packets sent to a neighboring router. OSPF ACK packing is enabled by default, and non-configurable.
www.dell.com | support.dell.com OSPF must be configured GLOBALLY on the system in CONFIGURATION mode. OSPF features and functions are assigned to each router using the CONFIG-INTERFACE commands for each interface. Note: By default, OSPF is disabled Configuration Task List for OSPFv2 (OSPF for IPv4) Open Shortest Path First version 2 (OSPF for IPv4) is supported on platforms ces 1. Configure a physical interface. Assign an IP address, physical or loopback, to the interface to enable Layer 3 routing. 2.
If implementing, Multi-Process OSPF, you must create an equal number of Layer 3 enabled interfaces and OSPF Process IDs. For example, if you create 4 OSPFv2 process IDs, you must have 4 interfaces with Layer 3 enabled. Use these commands on one of the interfaces to enable OSPFv2 routing. Step 1 Command Syntax Command Mode Usage ip address ip-address mask CONFIG-INTERFACE Assign an IP address to an interface. Format: A.B.C.D/M If using a Loopback interface, refer to Loopback Interfaces on page 446.
www.dell.com | support.dell.com Use the no router ospf process-id command syntax in the CONFIGURATION mode to disable OSPF. Use the clear ip ospf process-id command syntax in EXEC Privilege mode to reset the OSPFv2 process. Use the show ip ospf process-id command in EXEC mode (Figure 408) to view the current OSPFv2 status. Figure 33-8. Command Example: show ip ospf process-id FTOS#show ip ospf 55555 Routing Process ospf 55555 with ID 10.10.10.
If you try to enable more OSPF processes than available Layer 3 interfaces you will see the following message. Message 4 C300(conf)#router ospf 1 % Error: No router ID available. In CONFIGURATION ROUTER OSPF mode, assign the Router ID. The Router ID is not required to be the router’s IP address. Dell Force10 recommends using the IP address as the Router ID for easier management and troubleshooting.
www.dell.com | support.dell.com Enable OSPFv2 on interfaces Each interface must have OSPFv2 enabled on it. It must be configured for Layer 3 protocol, and not be shutdown. OSPFv2 can also be assigned to a loopback interface as a virtual interface. OSPF functions and features, such as MD5 Authentication, Grace Period, Authentication Wait Time, etc, are assigned on a per interface basis. Note: If using features like MD5 Authentication, ensure all the neighboring routers are also configured for MD5.
Figure 33-10. Command Example: show ip ospf process-id interface FTOS>show ip ospf 1 interface GigabitEthernet 12/17 is up, line protocol is up Internet Address 10.2.2.1/24, Area 0.0.0.0 Process ID 1, Router ID 11.1.2.1, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 11.1.2.1, Interface address 10.2.2.1 Backup Designated Router (ID) 0.0.0.0, Interface address 0.0.0.
www.dell.com | support.dell.com Configure stub areas OSPF supports different types of LSAs to help reduce the amount of router processing within the areas. Type 5 LSAs are not flooded into stub areas; the Area Border Router (ABR) advertises a default route into the stub area to which it is attached. Stub area routers use the default route to reach external destinations To ensure connectivity in your OSPFv2 network, never configure the backbone area as a stub area.
Configure LSA throttling timers Configured LSA timers replace the standard transmit and acce4patnce times for LSAs. The LSA throttling timers are configured in milliseconds, with the interval time increasing exponentially until a maximum time has been reached. If the maximum time is reached, the system, the system continues to transmit at the max-interval. If the system is stable for twice the maximum interval time, the system reverts to the start-interval timer and the cycle begins again.
www.dell.com | support.dell.com Use the following command in the ROUTER OSPF mode to suppress the interface’s participation on an OSPF interface. This command stops the router from sending updates on that interface. Command Syntax Command Mode Usage passive-interface {default | interface} CONFIG-ROUTEROSPF-id Specify whether all or some of the interfaces will be passive. Default enabled passive interfaces on ALL interfaces in the OSPF process.
Figure 33-13. Command Example: show ip ospf process-id interface FTOS#show ip ospf 34 int GigabitEthernet 0/0 is up, line protocol is down Internet Address 10.1.2.100/24, Area 1.1.1.1 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DOWN, Priority 1 Designated Router (ID) 10.1.2.100, Interface address 0.0.0.0 Backup Designated Router (ID) 0.0.0.0, Interface address 0.0.0.
www.dell.com | support.dell.com Figure 33-14 shows the convergence settings when fast-convergence is enabled and Figure 33-15 shows settings when fast-convergence is disabled. These displays appear with the show ip ospf command. Figure 33-14. Command Example: show ip ospf process-id (fast-convergence enabled) FTOS(conf-router_ospf-1)#fast-converge 2 FTOS(conf-router_ospf-1)#ex FTOS(conf)#ex FTOS#show ip ospf 1 Routing Process ospf 1 with ID 192.168.67.
Use any or all of the following commands in CONFIGURATION INTERFACE mode to change OSPFv2 parameters on the interfaces: Command Syntax Command Mode Usage ip ospf cost CONFIG-INTERFACE Change the cost associated with OSPF traffic on the interface. Cost: 1 to 65535 (default depends on the interface speed). ip ospf dead-interval seconds CONFIG-INTERFACE Change the time interval the router waits before declaring a neighbor dead. Configure Seconds range: 1 to 65535 (default is 40 seconds).
www.dell.com | support.dell.com Figure 33-16. Changing the OSPF Cost Value on an Interface FTOS(conf-if)#ip ospf cost 45 FTOS(conf-if)#show config ! interface GigabitEthernet 0/0 ip address 10.1.2.100 255.255.255.0 no shutdown ip ospf cost 45 FTOS(conf-if)#end FTOS#show ip ospf 34 interface The change is made on the interface and it is reflected in the OSPF configuration GigabitEthernet 0/0 is up, line protocol is up Internet Address 10.1.2.100/24, Area 2.2.2.2 Process ID 34, Router ID 10.1.2.
• • • • transmit-delay: LSA transmission delay dead-interval: dead router detection time authentication-key: authentication key message-digest-key: MD5 authentication key Use the following command in CONFIGURATION ROUTER OSPF mode to configure virtual links.
www.dell.com | support.dell.com Filter routes To filter routes, use prefix lists. OSPF applies prefix lists to incoming or outgoing routes. Incoming routes must meet the conditions of the prefix lists, and if they do not, OSPF does not add the route to the routing table. Configure the prefix list in CONFIGURATION PREFIX LIST mode prior to assigning it to the OSPF process. Command Syntax Command Mode Usage ip prefix-list prefix-name CONFIGURATION Create a prefix list and assign it a unique name.
Redistribute routes You can add routes from other routing instances or protocols to the OSPF process. With the redistribute command syntax, you can include RIP, static, or directly connected routes in the OSPF process. Note: Do not route iBGP routes to OSPF unless there are route-maps associated with the OSPF redistribution.
www.dell.com | support.dell.com • • Have the routes been included in the OSPF database? Have the OSPF routes been included in the routing table (not just the OSPF database)? Some useful troubleshooting commands are: • • • • • • show interfaces show protocols debug IP OSPF events and/or packets show neighbors show virtual links show routes Use the show running-config ospf command to see the state of all the enabled OSPFv2 processes.
Command Syntax Command Mode Usage show ip ospf database EXEC Privilege View the summary information for the OSPF database Use the following command in EXEC Privilege mode to view the OSPFv2 configuration for a neighboring router: Command Syntax Command Mode Usage show ip ospf neighbor EXEC Privilege View the configuration of OSPF neighbors connected to the local router.
www.dell.com | support.dell.com Basic OSPFv2 Router Topology The following illustration is a sample basic OSPFv2 topology. Figure 33-20. Basic topology and CLI commands for OSPFv2 OSPF AREA 0 GI 2/1 GI 1/1 GI 2/2 GI 1/2 GI 3/1 router ospf 11111 network 10.0.11.0/24 area 0 network 10.0.12.0/24 area 0 network 192.168.100.0/24 area 0 ! interface GigabitEthernet 1/1 ip address 10.1.11.1/24 no shutdown ! interface GigabitEthernet 1/2 ip address 10.2.12.
34 PIM Sparse-Mode (PIM-SM) PIM Sparse-Mode (PIM-SM) is supported on platforms: ecs S4820T PIM-Sparse Mode (PIM-SM) is a multicast protocol that forwards multicast traffic to a subnet only upon request using a PIM Join message; this behavior is the opposite of PIM-Dense Mode, which forwards multicast traffic to all subnets until a request to stop. Implementation Information • • • • • • • • • • The Dell Force10 implementation of PIM-SM is based on the IETF Internet Draft draft-ietf-pim-sm-v2-new-05.
www.dell.com | support.dell.com Requesting Multicast Traffic A host requesting multicast traffic for a particular group sends an IGMP Join message to its gateway router. The gateway router is then responsible for joining the shared tree to the RP (RPT) so that the host can receive the requested traffic. 1. Upon receiving an IGMP Join message, the receiver gateway router (last-hop DR) creates a (*,G) entry in its multicast routing table for the requested group.
source, including the RP, create an (S,G) entry and list the interface on which the message was received as an outgoing interface, thus recreating a SPT to the source. 3. Once the RP starts receiving multicast traffic via the (S,G) it unicasts a Register-Stop message to the first-hop DR so that multicast packets are no longer encapsulated in PIM Register packets and unicast.
www.dell.com | support.dell.com Enable PIM-SM You must enable PIM-SM on each participating interface: Step 1 2 Task Command Command Mode Enable multicast routing on the system. ip multicast-routing CONFIGURATION Enable PIM-Sparse Mode ip pim sparse-mode INTERFACE Display which interfaces are enabled with PIM-SM using the command show ip pim interface from EXEC Privilege mode, as shown in Figure 34-1. Figure 34-1.
Figure 34-3. Viewing the PIM Multicast Routing Table FTOS#show ip pim tib PIM Multicast Routing Table Flags: D - Dense, S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT, Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (*, 192.1.2.1), uptime 00:29:36, expires 00:03:26, RP 10.87.2.6, flags: SCJ Incoming interface: GigabitEthernet 4/12, RPF neighbor 10.87.3.
www.dell.com | support.dell.com Step 3 Task Set the expiry time for a specific (S,G) entry (Figure 34-4). Range 211-86400 seconds Default: 210 Command Syntax Command Mode ip pim sparse-mode sg-expiry-timer seconds sg-list CONFIGURATION access-list-name Note: The expiry time configuration is nullified, and the default global expiry time is used if: • an ACL is specified for an in the ip pim sparse-mode sg-expiry-timer command, but the ACL has not been created or is a standard ACL.
Override Bootstrap Router Updates PIM-SM routers need to know the address of the RP for each group for which they have (*,G) entry. This address is obtained automatically through the bootstrap router (BSR) mechanism or a static RP configuration. If you have configured a static RP for a group, use the option override with the command ip pim rp-address to override bootstrap router updates with your static RP configuration.
www.dell.com | support.dell.com Create Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary defined by PIM Multicast Border Routers (PMBRs). PMBRs connect each PIM domain to the rest of the internet. Create multicast boundaries and domains by filtering inbound and outbound Bootstrap Router (BSR) messages per interface, use the ip pim bsr-border command.
Enable PIM-SM graceful restart (non-stop forwarding capability) using the command ip pim graceful-restart nsf from CONFIGURATION mode. There are two options with this command: • • is the time required by the Dell Force10 system to restart. The default value is 180 seconds. stale-entry-time is the maximum amount of time that the Dell Force10 system preserves entries from a restarting neighbor. The default value is 60 seconds.
| PIM Sparse-Mode (PIM-SM) www.dell.com | support.dell.
35 Port Monitoring Port Monitoring is supported on platforms: ecs S4820T Port Monitoring is a feature that copies all incoming or outgoing packets on one port and forwards (mirrors) them to another port. The source port is the monitored port (MD) and the destination port is the monitoring port (MG). Port Monitoring functionality is different between platforms, but the behavior is the same, with highlighted exceptions.
www.dell.com | support.dell.com • The C-Series and S-Series may only have four destination ports per port-pipe. There is no limitation on the total number of monitoring sessions. Table 35-1 lists the maximum number of monitoring sessions per system. For the C-Series and S-Series, the total number of sessions is derived by consuming a unique destination port in each session, in each port-pipe. Table 35-1.
On the E-Series TeraScale, FTOS supports a single source-destination statement in a monitor session (Message 2). E-Series TeraScale supports only one source and one destination port per port-pipe (Message 3). Therefore, the E-Series TeraScale supports as many monitoring sessions as there are port-pipes in the system. Message 2 Multiple Source-Destination Statements Error Message on E-Series TeraScale % Error: Remove existing monitor configuration.
www.dell.com | support.dell.com The number of source ports FTOS allows within a port-pipe is equal to the number of physical ports in the port-pipe (n). However, n number of ports may only have four different destination ports (Message 5). Figure 35-2.
Figure 35-4.
www.dell.com | support.dell.com Configuring Port Monitoring To configure port monitoring: Step Task Command Syntax Command Mode 1 Verify that the intended monitoring port has no configuration other than no shutdown, as shown in Figure 35-6. show interface EXEC Privilege 2 Create a monitoring session using the command monitor session from CONFIGURATION mode, as shown in Figure 35-6.
Figure 35-7. Port Monitoring Example Host Traffic 1/3 1/1 Server Traffic 1/2 Host Server FTOS(conf-if-gi-1/2)#show config ! interface GigabitEthernet 1/2 no ip address no shutdown Sniffer FTOS(conf )#monitor session 0 FTOS(conf-mon-sess-0)#source gig 1/1 destination gig 1/2 direction rx Port Monitoring 001 Flow-based Monitoring Flow-based Monitoring is supported only on platform e Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead all traffic on the interface.
www.dell.com | support.dell.com Figure 35-8. 734 Configuring Flow-based Monitoring FTOS(conf)#monitor session 0 FTOS(conf-mon-sess-0)#flow-based enable FTOS(conf)#ip access-list ext testflow FTOS(config-ext-nacl)#seq 5 permit icmp any any count bytes monitor FTOS(config-ext-nacl)#seq 10 permit ip 102.1.1.
36 Private VLANs (PVLAN) The Private VLANs (PVLAN) feature is supported on platforms cs S4820T For syntax details on the commands discussed in this chapter, see the Private VLANs Commands chapter in the FTOS Command Line Reference.
www.dell.com | support.dell.com • • • Ports in a community VLAN can communicate with each other. Ports in a community VLAN can communicate with all promiscuous ports in the primary VLAN. A community VLAN can only contain ports configured as host. Isolated VLAN — An isolated VLAN is a type of secondary VLAN in a primary VLAN: • • • Ports in an isolated VLAN cannot talk directly to each other. Ports in an isolated VLAN can only communicate with promiscuous ports in the primary VLAN.
Private VLAN Commands The commands dedicated to supporting the Private VLANs feature are: Table 36-1. Private VLAN Commands Task Command Syntax Command Mode Enable/disable Layer 3 communication between secondary VLANs. [no] ip local-proxy-arp Note: Even after ip-local-proxy-arp is disabled (no ip-local-proxy-arp) in a secondary VLAN, Layer 3 communication may happen between some secondary VLAN hosts, until the ARP timeout happens on those secondary VLAN hosts.
www.dell.com | support.dell.com Private VLAN Configuration Task List The following sections contain the procedures that configure a private VLAN: • • • • Creating PVLAN ports Creating a Primary VLAN on page 739 Creating a Community VLAN on page 740 Creating an Isolated VLAN on page 740 Creating PVLAN ports Private VLAN ports are those that will be assigned to the private VLAN (PVLAN).
Creating a Primary VLAN A primary VLAN is a port-based VLAN that is specifically enabled as a primary VLAN to contain the promiscuous ports and PVLAN trunk ports for the private VLAN. A primary VLAN also contains a mapping to secondary VLANs, which are comprised of community VLANs and isolated VLANs. Step Command Syntax Command Mode Purpose 1 interface vlan vlan-id CONFIGURATION Access the INTERFACE VLAN mode for the VLAN to which you want to assign the PVLAN interfaces.
www.dell.com | support.dell.com Creating a Community VLAN A community VLAN is a secondary VLAN of the primary VLAN in a private VLAN. The ports in a community VLAN can talk to each other and with the promiscuous ports in the primary VLAN. Step Command Syntax Command Mode Purpose 1 interface vlan vlan-id CONFIGURATION Access the INTERFACE VLAN mode for the VLAN that you want to make a community VLAN. 2 no shutdown INTERFACE VLAN Enable the VLAN.
Figure 36-2.
www.dell.com | support.dell.com The result is that: • • • • The ports in community VLAN 4001 can communicate directly with each other and with promiscuous ports. The ports in community VLAN 4002 can communicate directly with each other and with promiscuous ports The ports in isolated VLAN 4003 can only communicate with the promiscuous ports in the primary VLAN 4000.
• show vlan private-vlan mapping: Display the primary-secondary VLAN mapping. See the example • show arp • show vlan: See output from the S50V, above, in Figure 36-6. Two show commands revised to display PVLAN data are: • Figure 36-4. revised output in Figure 36-7. show vlan private-vlan Example Output from C300 c300-1#show vlan private-vlan Primary Secondary Type Active ------- --------- --------- -----4000 Primary Yes 4001 Community Yes 4002 Community Yes 4003 Isolated Yes Figure 36-5.
www.dell.com | support.dell.com Figure 36-8.
37 Per-VLAN Spanning Tree Plus (PVST+) Per-VLAN Spanning Tree Plus (PVST+) is supported on platforms: ecs S4820T Protocol Overview Per-VLAN Spanning Tree Plus (PVST+) is a variation of Spanning Tree—developed by a third party— that allows you to configure a separate Spanning Tree instance for each VLAN. For more information on Spanning Tree, see Chapter 48, Spanning Tree Protocol (STP). Figure 37-1.
www.dell.com | support.dell.com FTOS supports three other variations of Spanning Tree, as shown in Table 37-1. Table 37-1. FTOS Supported Spanning Tree Protocols Dell Force10 Term IEEE Specification Spanning Tree Protocol (STP) 802.1d Rapid Spanning Tree Protocol (RSTP) 802.1w Multiple Spanning Tree Protocol (MSTP) 802.1s Per-VLAN Spanning Tree Plus (PVST+) Third Party Implementation Information • • • • The FTOS implementation of PVST+ is based on IEEE Standard 802.1d.
• • • • Configuring Spanning Trees as Hitless on page 959 PVST+ in Multi-vendor Networks on page 752 PVST+ Extended System ID on page 752 PVST+ Sample Configurations on page 753 Enable PVST+ When you enable PVST+, FTOS instantiates STP on each active VLAN. To enable PVST+ globally: Step Task Command Syntax Command Mode 1 Enter PVST context. protocol spanning-tree pvst PROTOCOL PVST 2 Enable PVST+.
Load Balancing with PVST+ STI 2 root STI 1: VLAN 100 STI 2: VLAN 200 STI 3: VLAN 300 R2 vlan 100 bridge-priority 4096 2/32 Blocking 3/22 X R3 STI 3 root vlan 100 bridge-priority 4096 3/12 2/12 Forwarding www.dell.com | support.dell.com Figure 37-3. 1/22 X X 1/32 STI 1 root R1 vlan 100 bridge-priority 4096 The bridge with the bridge value for bridge priority is elected root.
Figure 37-4. Display the PVST+ Forwarding Topology FTOS_E600(conf)#do show spanning-tree pvst vlan 100 VLAN 100 Root Identifier has priority 4096, Address 0001.e80d.b6d6 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 4096, Address 0001.e80d.b6d6 Configured hello time 2, max age 20, forward delay 15 We are the root of VLAN 100 Current root has priority 4096, Address 0001.e80d.
www.dell.com | support.dell.com Task Command Syntax Command Mode Change the max-age parameter. Range: 6 to 40 Default: 20 seconds vlan max-age PROTOCOL PVST The values for global PVST+ parameters are given in the output of the command show spanning-tree pvst, as shown in Figure 37-4. Modify Interface PVST+ Parameters You can adjust two interface parameters to increase or decrease the probability that a port becomes a forwarding port: • • Port cost is a value that is based on the interface type.
Task Command Syntax Command Mode Change the port priority of an interface. Range: 0 to 240, in increments of 16 Default: 128 spanning-tree pvst vlan priority INTERFACE The values for interface PVST+ parameters are given in the output of the command show spanning-tree pvst, as shown in Figure 37-4. Configure an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner.
www.dell.com | support.dell.com FTOS Behavior: Regarding bpduguard shutdown-on-violation behavior: 1 If the interface to be shutdown is a port channel then all the member ports are disabled in the hardware. 2 When a physical port is added to a port channel already in error disable state, the new member port will also be disabled in the hardware.
Dell Force10 System VLAN unaware Hub P1 untagged in VLAN 10 X P2 untagged in VLAN 20 moves to blocking unless Extended System ID is enabled Task Command Syntax Command Mode Augment the Bridge ID with the VLAN ID. extend system-id PROTOCOL PVST FTOS(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.
www.dell.com | support.dell.com Figure 37-6.
Figure 37-7.
www.dell.com | support.dell.
38 Quality of Service (QoS) Quality of Service (QoS) is supported on platforms: e c s S4820T Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. The E-Series has eight unicast queues per port and 128 multicast queues per-port pipe. Traffic is queued on ingress and egress. By default, on ingress, all data traffic is mapped to Queue 0, and all control traffic is mapped to Queue 7. On egress control traffic is mapped across all eight queues.
www.dell.com | support.dell.com Table 38-1.
Figure 38-1. Dell Force10 QoS Architecture Marking (DiffServ, 802.1p, Exp) Ingress Packet Processing Packet Classification (ACL) Rate Policing Buffers Class-based Queues Switching Rate Limiting Buffers Class-based Queues Egress Congestion Management (WFQ Scheduling) Egress Packet Processing Traffic Shaping Congestion Avoidance (WRED) Implementation Information The Dell Force10 QoS implementation complies with IEEE 802.1p User Priority Bits for QoS Indication.
www.dell.com | support.dell.com • • • • Set dot1p Priorities for Incoming Traffic Configure Port-based Rate Policing Configure Port-based Rate Limiting Configure Port-based Rate Shaping Set dot1p Priorities for Incoming Traffic Change the priority of incoming traffic on the interface using the command dot1p-priority from INTERFACE mode, as shown in Figure 38-2. FTOS places traffic marked with a priority in a queue based on Table 38-2.
On the C-Series and S-Series you can configure service-class dynamic dot1p from CONFIGURATION mode, which applies the configuration to all interfaces. A CONFIGURATION mode service-class dynamic dot1p entry supersedes any INTERFACE entries. See Mapping dot1p values to service queues on page 774. Note: You cannot configure service-policy input and service-class dynamic dot1p on the same interface. Figure 38-3.
www.dell.com | support.dell.com Figure 38-5.
Figure 38-7.
www.dell.com | support.dell.com Policy-based QoS Configurations Policy-based QoS configurations consist of the components shown in Figure 38-9. Figure 38-9.
2. Once you create a class-map, FTOS places you in CLASS MAP mode. From this mode, specify your match criteria using the command match ip, as shown in Figure 38-10. Match-any class maps allow up to five ACLs, and match-all class-maps allow only one ACL. 3. After you specify your match criteria, link the class-map to a queue using the command service-queue from POLICY MAP mode, as shown in Figure 38-10. Figure 38-10.
www.dell.com | support.dell.com In cases such as these, where class-maps with overlapping ACL rules are applied to different queues, use the order keyword to specify the order in which you want to apply ACL rules, as shown in Figure 38-10. The order can range from 0 to 254. FTOS writes to the CAM ACL rules with lower order numbers (order numbers closer to 0) before rules with higher order numbers so that packets are matched as you intended. By default, all ACL rules have an order of 254.
FTOS Behavior: An explicit “deny any" rule in a Layer 3 ACL used in a (match any or match all) class-map creates a "default to Queue 0" entry in the CAM, which causes unintended traffic classification. Below, traffic is classified in two Queues, 1 and 2. Class-map ClassAF1 is “match any,” and ClassAF2 is “match all”.
www.dell.com | support.dell.com Create a QoS Policy There are two types of QoS policies: input and output. Input QoS policies regulate Layer 3 and Layer 2 ingress traffic. The regulation mechanisms for input QoS policies are rate policing and setting priority values. There are two types of input QoS policies: Layer 3 and Layer 2. • • Layer 3 QoS input policies allow you to rate police and set a DSCP or dot1p value. Layer 2 QoS input policies allow you to rate police and set a dot1p value.
Set a DSCP value for egress packets based on ingress QoS classification, as shown in Figure 38-2. The 6 bits that are used for DSCP are also used to identify the queue in which traffic is buffered. When you set a DSCP value, FTOS displays an informational message advising you of the queue to which you should apply the QoS policy (using the command service-queue from POLICY-MAP-IN mode).
www.dell.com | support.dell.com Allocate bandwidth to queue The E-Series schedules unicast, multicast, and replication traffic for egress based on the Weighted Fair Queuing algorithm. The C-Series and S-Series schedule packets for egress based on Deficit Round Robin (DRR). These strategies both offer a guaranteed data rate. To allocate bandwidth to queues on the C-Series and S-Series, assign each queue a weight ranging from 1 to 1024, in increments of 2n, using the command bandwidth-weight.
Specify a WRED profile to yellow and/or green traffic using the command wred from QOS-POLICY-OUT mode. See Apply a WRED profile to traffic. Create Policy Maps There are two types of policy maps: input and output. Create Input Policy Maps There are two types of input policy-maps: Layer 3 and Layer 2. 1. Create a Layer 3 input policy map using the command policy-map-input from CONFIGURATION mode. Create a Layer 2 input policy map by specifying the keyword layer2 with the policy-map-input command. 2.
www.dell.com | support.dell.com Table 38-5.
When using QoS service policies with multiple class maps, you can configure FTOS to use the incoming DSCP or dot1p marking as a secondary option for packet queuing in the event that no match occurs in the class maps. When class-maps are used, traffic is matched against each class-map sequentially from first to last. The sequence is based on the priority of the rules, as follows: 1. rules with lowest priority, or in the absence of a priority configuration, 2.
www.dell.com | support.dell.com To enable Fall Back to trust diffserve or dot1p: Task Command Syntax Command Mode Classify packets according to their DSCP value as a secondary option in case no match occurs against the configured class maps. trust {diffserve | dot1p} fallback POLICY-MAP-IN Mapping dot1p values to service queues Mapping dot1p values to service queues is available only on platforms: c s On the C-Series and S-Series all traffic is by default mapped to the same queue, Queue 0.
2. Once you create an output policy map, do one or more of the following: • • • Apply an output QoS policy to a queue Specify an aggregate QoS policy Apply an output policy map to an interface 3. Apply the policy map to an interface. See page 61. Apply an output QoS policy to a queue Apply an output QoS policy to queues using the command service-queue from INTERFACE mode. Specify an aggregate QoS policy Specify an aggregate QoS policy using the command policy-aggregate from POLICY-MAP-OUT mode.
www.dell.com | support.dell.com QoS Rate Adjustment is disabled by default, and no qos-rate-adjust is listed in the running-configuration. Task Command Syntax Command Mode Include a specified number of bytes of packet overhead to include in rate limiting, policing, and shaping calculations. For example, to include the Preamble and SFD, enter qos-rate-adjust 8. For variable length overhead fields you must know the number of bytes you want to include.
Figure 38-13. Packet Drop Rate for WREDl No Packets Buffered Early Warning Allotted Space Packet Drop Rate All Pckts 0 Pckts 0KB Min Total Buffer Space Max Buffer Space fnC0045mp You can create a custom WRED profile or use on of the five pre-defined profiles. Table 38-7. Pre-defined WRED Profiles (E-Series) Default Profile Name Minimum Threshold Maximum Threshold wred_drop 0 0 wred_ge_y 1024 2048 wred_ge_g 2048 4096 wred_teng_y 4096 8192 wred_teng_g 8192 16384 Table 38-8.
www.dell.com | support.dell.com 2. The command wred places you in WRED mode. From this mode, specify minimum and maximum threshold values using the command threshold. Apply a WRED profile to traffic Once you create a WRED profile you must specify to which traffic FTOS should apply the profile. FTOS assigns a color (also called drop precedence)—red, yellow, or green—to each packet based on it DSCP value before queuing it. DSCP is a 6 bit field.
Display WRED Drop Statistics Display the number of packets FTOS dropped by WRED Profile using the command show qos statistics from EXEC Privilege mode. Figure 38-16.
www.dell.com | support.dell.com Pre-calculating Available QoS CAM Space Pre-calculating Available QoS CAM Space is supported on platforms: c e s Before version 7.3.1 there was no way to measure the number of CAM entries a policy-map would consume (the number of CAM entries that a rule uses is not predictable; 1 to 16 entries might be used per rule depending upon its complexity). Therefore, it was possible to apply to an interface a policy-map that requires more entries than are available.
• Exception indicates that the number of CAM entries required to write the policy-map to the CAM is greater than the number of available CAM entries, and therefore the policy-map cannot be applied to an interface in the specified port-pipe.
| Quality of Service (QoS) www.dell.com | support.dell.
39 Routing Information Protocol (RIP) Routing Information Protocol (RIP) is supported only on platforms: e cs S4820T RIP is supported on the S-Series following the release of FTOS version 7.8.1.0, and on the C-Series with FTOS versions 7.6.1.0 and after. Routing Information Protocol (RIP) is based on a distance-vector algorithm, it tracks distances or hop counts to nearby routers when establishing network connections.
www.dell.com | support.dell.com This first RIP version does not support VLSM or CIDR and is not widely used. RIPv2 RIPv2 adds support for subnet fields in the RIP routing updates, thus qualifying it as a classless routing protocol. The RIPv2 message format includes entries for route tags, subnet masks, and next hop addresses. Another enhancement included in RIPv2 is multicasting for route updates on IP multicast address 224.0.0.9.
• • • • • • Set send and receive version on page 788 (optional) Generate a default route on page 790 (optional) Control route metrics on page 791 (optional) Summarize routes on page 790 (optional) Control route metrics on page 791 Debug RIP on page 791 For a complete listing of all commands related to RIP, refer to the FTOS Command Reference. Enable RIP globally By default, RIP is not enabled in FTOS.
www.dell.com | support.dell.com Figure 39-2. show ip rip database Command Example (Partial) FTOS#show ip rip database Total number of routes in RIP database: 978 160.160.0.0/16 [120/1] via 29.10.10.12, 00:00:26, Fa 160.160.0.0/16 auto-summary 2.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 2.0.0.0/8 auto-summary 4.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 4.0.0.0/8 auto-summary 8.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 8.0.0.0/8 auto-summary 12.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 12.
To control the source of RIP route information, use the following commands, in the ROUTER RIP mode: Command Syntax Command Mode Purpose neighbor ip-address ROUTER RIP Define a specific router to exchange RIP information between it and the Dell Force10 system. You can use this command multiple times to exchange RIP information with as many RIP networks as you want. passive-interface interface ROUTER RIP Disable a specific interface from sending or receiving RIP routing information.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose redistribute isis [level-1 | level-1-2 | level-2] [metric metric-value] [route-map map-name] ROUTER RIP Include IS-IS routes in RIP. • metric range: 0 to 16 • map-name: name of a configured route map. Note: IS-IS is not supported on the S-Series platform. redistribute ospf process-id [match external {1 | 2} | match internal] [metric value] [route-map map-name] ROUTER RIP Include specific OSPF routes in RIP.
Figure 39-3.
www.dell.com | support.dell.com Figure 39-5.
If you must perform routing between discontiguous subnets, disable automatic summarization. With automatic route summarization disabled, subnets are advertised. The command autosummary requires no other configuration commands. To disable automatic route summarization, in the ROUTER RIP mode, enter no autosummary. Note: If the ip split-horizon command is enabled on an interface, then the system does not advertise the summarized address.
www.dell.com | support.dell.com To enable RIP debugging, use the following command in the EXEC privilege mode: Command Syntax Command Mode Purpose debug ip rip [interface | database | events | trigger] EXEC privilege Enable debugging of RIP. Figure 39-6 shows the confirmation when the debug function is enabled. Figure 39-6. debug ip rip Command Example FTOS#debug ip rip RIP protocol debug is ON FTOS# To disable RIP, use the no debug ip rip command.
Configuring RIPv2 on Core 2 Figure 39-8. Configuring RIPv2 on Core 2 Core2(conf-if-gi-2/31)# Core2(conf-if-gi-2/31)#router rip Core2(conf-router_rip)#ver 2 Core2(conf-router_rip)#network 10.200.10.0 Core2(conf-router_rip)#network 10.300.10.0 Core2(conf-router_rip)#network 10.11.10.0 Core2(conf-router_rip)#network 10.11.20.0 Core2(conf-router_rip)#show config ! router rip network 10.0.0.
www.dell.com | support.dell.com Figure 39-10.
RIP Configuration on Core 3 Figure 39-12. RIP Configuration on Core 3 Core3(conf-if-gi-3/21)#router rip Core3(conf-router_rip)#version 2 Core3(conf-router_rip)#network 192.168.1.0 Core3(conf-router_rip)#network 192.168.2.0 Core3(conf-router_rip)#network 10.11.30.0 Core3(conf-router_rip)#network 10.11.20.0 Core3(conf-router_rip)#show config ! router rip network 10.0.0.0 network 192.168.1.0 network 192.168.2.
www.dell.com | support.dell.com Figure 39-14.
RIP Configuration Summary Figure 39-16. Summary of Core 2 RIP Configuration Using Output of show run Command ! interface GigabitEthernet 2/11 ip address 10.11.10.1/24 no shutdown ! interface GigabitEthernet 2/31 ip address 10.11.20.2/24 no shutdown ! interface GigabitEthernet 2/41 ip address 10.200.10.1/24 no shutdown ! interface GigabitEthernet 2/42 ip address 10.250.10.1/24 no shutdown router rip version 2 10.200.10.0 10.300.10.0 10.11.10.0 10.11.20.0 Figure 39-17.
www.dell.com | support.dell.
40 Remote Monitoring (RMON) Remote Monitoring (RMON) is supported on platform: ecs S4820T This chapter describes the Remote Monitoring (RMON): • • Implementation on page 799 Fault Recovery on page 800 Remote Monitoring (RMON) is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Force10 Ethernet Interfaces.
www.dell.com | support.dell.com Fault Recovery RMON provides the following fault recovery functions: Interface Down—When an RMON-enabled interface goes down, monitoring continues. However, all data values are registered as 0xFFFFFFFF (32 bits) or ixFFFFFFFFFFFFFFFF (64 bits). When the interface comes back up, RMON monitoring processes resumes. Note: A Network Management System (NMS) should be ready to interpret a down interface and plot the interface performance graph accordingly.
Set rmon alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode. To disable the alarm, use the no form of this command: Command Syntax Command Mode Purpose [no] rmon alarm number variable interval {delta | absolute} rising-threshold [value event-number] falling-threshold value event-number [owner string] CONFIGURATION Set an alarm on any MIB object. Use the no form of this command to disable the alarm.
www.dell.com | support.dell.com Figure 40-1. rmon alarm Command Example FTOS(conf)#rmon alarm 10 1.3.6.1.2.1.2.2.1.20.1 20 delta rising-threshold 15 1 falling-threshold 0 owner nms1 Alarm Number MIB Variable Monitor Interval Counter Value Limit Triggered Event The above example configures RMON alarm number 10. The alarm monitors the MIB variable 1.3.6.1.2.1.2.2.1.20.1 (ifEntry.ifOutErrors) once every 20 seconds until the alarm is disabled, and checks the rise or fall of the variable.
Figure 40-2. rmon event Command Example FTOS(conf)#rmon event 1 log trap eventtrap description “High ifOutErrors” owner nms1 The above configuration example creates RMON event number 1, with the description “High ifOutErrors”, and generates a log entry when the event is triggered by an alarm. The user nms1 owns the row that is created in the event table by this command. This configuration also generates an SNMP trap when the event is triggered using the SNMP community string “eventtrap”.
www.dell.com | support.dell.com Configure RMON collection history To enable the RMON MIB history group of statistics collection on an interface, use the rmon collection history command in interface configuration mode. To remove a specified RMON history group of statistics collection, use the no form of this command.
41 Rapid Spanning Tree Protocol (RSTP) Rapid Spanning Tree Protocol (RSTP) is supported on platforms: ecs S4820T Protocol Overview Rapid Spanning Tree Protocol (RSTP) is a Layer 2 protocol—specified by IEEE 802.1w—that is essentially the same as Spanning-Tree Protocol (STP) but provides faster convergence and interoperability with switches configured with STP and MSTP. FTOS supports three other variations of Spanning Tree, as shown in Table 41-1. Table 41-1.
www.dell.com | support.dell.com • • • • • • • Configure an EdgePort on page 813 Preventing Network Disruptions with BPDU Guard on page 953 Influence RSTP Root Selection on page 814 Configuring Spanning Trees as Hitless on page 959 SNMP Traps for Root Elections and Topology Changes on page 815 Fast Hellos for Link State Detection on page 815 Flush MAC Addresses after a Topology Change on page 667 Important Points to Remember • • • • RSTP is disabled by default.
Configure Interfaces for Layer 2 Mode All interfaces on all bridges that will participate in Rapid Spanning Tree must be in Layer 2 and enabled. Figure 41-1.
www.dell.com | support.dell.com Enable Rapid Spanning Tree Protocol Globally Rapid Spanning Tree Protocol must be enabled globally on all participating bridges; it is not enabled by default. To enable Rapid Spanning Tree globally for all Layer 2 interfaces: Step Task Command Syntax Command Mode 1 Enter the PROTOCOL SPANNING TREE RSTP mode. protocol spanning-tree rstp CONFIGURATIO N 2 Enable Rapid Spanning Tree.
Figure 41-4. Rapid Spanning Tree Enabled Globally root R1 R2 1/3 Forwarding 2/1 1/4 Blocking 2/2 1/1 1/2 3/1 3/2 3/3 2/3 2/4 3/4 R3 Port 684 (GigabitEthernet 4/43) is alternate Discarding Port path cost 20000, Port priority 128, Port Identifier 128.684 Designated root has priority 32768, address 0001.e801.cbb4 Designated bridge has priority 32768, address 0001.e801.cbb4 Designated port id is 128.
www.dell.com | support.dell.com Figure 41-5. show spanning-tree rstp Command Example FTOS#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15, max hops 0 Bridge Identifier has priority 32768, Address 0001.e801.cbb4 Configured hello time 2, max age 20, forward delay 15, max hops 0 We are the root Current root has priority 32768, Address 0001.e801.
Figure 41-6. show spanning-tree rstp brief Command Example R3#show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 0001.e80f.1dad Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ---------- -------- ---- ------- --- ------- -------------------- -------Gi 3/1 128.
www.dell.com | support.dell.com Table 41-2 displays the default values for RSTP. Table 41-2.
• Port priority influences the likelihood that a port will be selected to be a forwarding port in case that several ports have the same port cost. To change the port cost or priority of an interface, use the following commands: Task Command Syntax Command Mode Change the port cost of an interface. Range: 0 to 65535 Default: see Table 41-2. spanning-tree rstp cost cost INTERFACE Change the port priority of an interface.
www.dell.com | support.dell.com FTOS Behavior: Regarding bpduguard shutdown-on-violation behavior: 1 If the interface to be shutdown is a port channel then all the member ports are disabled in the hardware. 2 When a physical port is added to a port channel already in error disable state, the new member port will also be disabled in the hardware.
Figure 41-8. bridge-priority Command Example FTOS(conf-rstp)#bridge-priority 4096 04:27:59: %RPM0-P:RP2 %SPANMGR-5-STP_ROOT_CHANGE: RSTP root changed. My Bridge ID: 4096:0001.e80b.88bd Old Root: 32768:0001.e801.cbb4 New Root: 4096:0001.e80b.88bd Old root bridge ID New root bridge ID SNMP Traps for Root Elections and Topology Changes Enable SNMP traps for RSTP, MSTP, and PVST+ collectively using the command snmp-server enable traps xstp.
www.dell.com | support.dell.
42 Security Security features are supported on platforms: ecs S4820T This chapter discusses several ways to provide access security to the Dell Force10 system. Platform-specific features are identified by the c, e or s icons (as shown below).
www.dell.com | support.dell.com • • • • • Enable AAA Accounting on page 818 (mandatory) Suppress AAA Accounting for null username sessions on page 818 (optional) Configure Accounting of EXEC and privilege-level command usage on page 819 (optional) Configure AAA Accounting for terminal lines on page 819 (optional) Monitor AAA Accounting on page 819 (optional) Enable AAA Accounting The aaa accounting command enables you to create a record for any or all of the accounting functions monitored.
Configure Accounting of EXEC and privilege-level command usage The network access server monitors the accounting functions defined in the TACACS+ attribute/value (AV) pairs. In the following sample configuration, AAA accounting is set to track all usage of EXEC commands and commands on privilege level 15.
www.dell.com | support.dell.com AAA Authentication FTOS supports a distributed client/server system implemented through Authentication, Authorization, and Accounting (AAA) to help secure networks against unauthorized access. In the Dell Force10 implementation, the Dell Force10 system acts as a RADIUS or TACACS+ client and sends authentication requests to a central RADIUS or TACACS+ server that contains all user authentication and network service access information.
Configure AAA Authentication login methods To configure an authentication method and method list, use these commands in the following sequence in the CONFIGURATION mode: Step Command Syntax Command Mode Purpose aaa authentication login {method-list-name | default} method1 [... method4] CONFIGURATION Define an authentication method-list (method-list-name) or specify the default. The default method-list is applied to all terminal lines.
www.dell.com | support.dell.com Enable AAA Authentication To enable AAA authentication, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose aaa authentication enable CONFIGURATION • {method-list-name | default} method1 [... method4] • • default—Uses the listed authentication methods that follow this argument as the default list of methods when a user logs in.
Server-side configuration TACACS+: When using TACACS+, Dell Force10 sends an initial packet with service type SVC_ENABLE, and then, a second packet with just the password. The TACACS server must have an entry for username $enable$. RADIUS: When using RADIUS authentication, FTOS sends an authentication packet with the following: Username: $enab15$ Password: Therefore, the RADIUS server must have an entry for this username. AAA Authorization FTOS enables AAA new-model by default.
www.dell.com | support.dell.com By default, commands in FTOS are assigned to different privilege levels. You can access those commands only if you have access to that privilege level. For example, to reach the protocol spanning-tree command, you must log in to the router, enter the enable command for privilege level 15 (this is the default level for the command) and then enter the CONFIGURATION mode. You can configure passwords to control access to the box and assign different privilege levels to users.
Configure the enable password command To configure FTOS, you must use the enable command to enter the EXEC Privilege level 15. After entering the command, FTOS requests that you enter a password. Privilege levels are not assigned to passwords, rather passwords are assigned to a privilege level. A password for any privilege level can always be changed. To change to a different privilege level, enter the enable command, followed by the privilege level.
www.dell.com | support.dell.com To assign commands and passwords to a custom privilege level, you must be in privilege level 15 and use these commands in the following sequence in the CONFIGURATION mode: Step Command Syntax Command Mode Purpose username name [access-class access-list-name] [privilege level] [nopassword | password [encryption-type] password] CONFIGURATION Assign a user name and password. Configure the optional and required parameters: • name: Enter a text string (up to 63 characters).
Figure 42-2. Configuring a Custom Privilege Level FTOS(conf)#username john privilege 8 password john FTOS(conf)#enable password level 8 notjohn FTOS(conf)#privilege exec level 8 configure FTOS(conf)#privilege config level 8 snmp-server FTOS(conf)#end FTOS#show running-config Current Configuration ...
www.dell.com | support.dell.com To specify a password for the terminal line, use the following commands, in any order, in the LINE mode: Command Syntax Command Mode Purpose privilege level level LINE Configure a custom privilege level for the terminal lines. • level level range: 0 to 15. Levels 0, 1 and 15 are pre-configured. Levels 2 to 14 are available for custom configuration. password [encryption-type] password LINE Specify either a plain text or encrypted password.
RADIUS Authentication and Authorization FTOS supports RADIUS for user authentication (text password) at login and can be specified as one of the login authentication methods in the aaa authentication login command. When configuring AAA authorization, you can configure to limit the attributes of services available to a user. When authorization is enabled, the network access server uses configuration information from the user profile to issue the user's session.
www.dell.com | support.dell.com Auto-command You can configure the system through the RADIUS server to automatically execute a command when you connect to a specific line. To do this, use the command auto-command. The auto-command is executed when the user is authenticated and before the prompt appears to the user.
Command Syntax Command Mode Purpose aaa authorization exec {method-list-name | default} radius tacacs+ CONFIGURATION Create methodlist with RADIUS and TACACS+ as authorization methods. Typical order of methods: RADIUS, TACACS+, Local, None. If authorization is denied by RADIUS, the session ends (radius should not be the last method specified). Apply the method list to terminal lines To enable RADIUS AAA login authentication for a method list, you must apply it to a terminal line.
www.dell.com | support.dell.com To specify multiple RADIUS server hosts, configure the radius-server host command multiple times. If multiple RADIUS server hosts are configured, FTOS attempts to connect with them in the order in which they were configured. When FTOS attempts to authenticate a user, the software connects with the RADIUS server hosts one at a time, until a RADIUS server host responds with an accept or reject response.
To view the configuration of RADIUS communication parameters, use the show running-config command in the EXEC Privilege mode. Monitor RADIUS To view information on RADIUS transactions, use the following command in the EXEC Privilege mode: Command Syntax Command Mode Purpose debug radius EXEC Privilege View RADIUS transactions to troubleshoot problems. TACACS+ FTOS supports Terminal Access Controller Access Control System (TACACS+ client, including support for login authentication.
www.dell.com | support.dell.com To select TACACS as the login authentication method, use these commands in the following sequence in the CONFIGURATION mode: Step Command Syntax Command Mode Purpose tacacs-server host {ip-address | host} CONFIGURATION Configure a TACACS+ server host. Enter the IP address or host name of the TACACS+ server. Use this command multiple times to configure multiple TACACS+ server hosts. 2 aaa authentication login {method-list-name | default} tacacs+ [...
Figure 42-4.
www.dell.com | support.dell.com Figure 42-5 demonstrates how to configure the access-class from a TACACS+ server. This causes the configured access-class on the VTY line to be ignored. If you have configured a deny10 ACL on the TACACS+ server, FTOS downloads it and applies it. If the user is found to be coming from the 10.0.0.0 subnet, FTOS also immediately closes the Telnet connection. Note, that no matter where the user is coming from, they see the login prompt. Figure 42-5.
To delete a TACACS+ server host, use the no tacacs-server host {hostname | ip-address} command. freebsd2# telnet 2200:2200:2200:2200:2200::2202 Trying 2200:2200:2200:2200:2200::2202... Connected to 2200:2200:2200:2200:2200::2202. Escape character is '^]'. Login: admin Password: FTOS# FTOS# Command Authorization The AAA command authorization feature configures FTOS to send each configuration command to a TACACS server for authorization before it is added to the running configuration.
www.dell.com | support.dell.com SCP is a remote file copy program that works with SSH and is supported by FTOS. Note: The Windows-based WinSCP client software is not supported for secure copying between a PC and an FTOS-based system. Unix-based SCP client software is supported.
Figure 42-6. Specifying an SSH version FTOS(conf)#ip ssh server version 2 FTOS(conf)#do show ip ssh SSH server : disabled. SSH server version : v2. Password Authentication : enabled. Hostbased Authentication : disabled. RSA Authentication : disabled. To disable SSH server functions, enter no ip ssh server enable.
www.dell.com | support.dell.com • • • • • • • • • • • ip ssh hostbased-authentication enable: Enable hostbased-authentication for the SSHv2 server. ip ssh key-size: Configure the size of the server-generated RSA SSHv1 key. ip ssh password-authentication enable: Enable password authentication for the SSH server. ip ssh pub-key-file: Specify the file to be used for host-based authentication. ip ssh rhostsfile: Specify the rhost file to be used for host-based authorization.
Figure 42-8. Enabling SSH Password Authentication FTOS(conf)#ip ssh server enable % Please wait while SSH Daemon initializes ... done. FTOS(conf)#ip ssh password-authentication enable FTOS#sh ip ssh SSH server : enabled. Password Authentication : enabled. Hostbased Authentication : disabled. RSA Authentication : disabled. RSA Authentication of SSH The following procedure authenticates an SSH client based on an RSA key using RSA authentication.
www.dell.com | support.dell.com Step 2 Task Command Syntax Create shosts by copying the public RSA key to the to the file shosts in the diretory .ssh, and write the IP address of the host to the file. cp /etc/ssh/ssh_host_rsa_key.pub /.ssh/shosts Figure 42-10. Command Mode Creating shosts admin@Unix_client# cd /etc/ssh admin@Unix_client# ls moduli sshd_config ssh_host_dsa_key.pub ssh_host_rsa_key.pub ssh_config ssh_host_dsa_key ssh_host_rsa_key ssh_host_key.
Figure 42-12. Client-based SSH Authentication FTOS#ssh 10.16.127.201 ? -l User name option -p SSH server port option (default 22) -v SSH protocol version Troubleshooting SSH • You may not bind id_rsa.pub to RSA authentication while logged in via the console. In this case, Message 2 appears. Message 2 RSA Authentication Error %Error: No username set for this term. • Host-based authentication must be enabled on the server (Dell Force10system) and the client (Unix machine).
www.dell.com | support.dell.com Trace Lists The Trace Lists feature is supported only on the E-Series: e You can log packet activity on a port to confirm the source of traffic attacking a system. Once the Trace list is enabled on the system, you view its traffic log to confirm the source address of the attacking traffic. In FTOS, Trace lists are similar to extended IP ACLs, except that Trace lists are not applied to an interface.
Creating a trace list Trace lists filter and log traffic based on source and destination IP addresses, IP host addresses, TCP addresses, TCP host addresses, UDP addresses, and UDP host addresses. When configuring the Trace list filters, include the count and bytes parameters so that any hits to that filter are logged.
www.dell.com | support.dell.com Step Command Syntax Command Mode Purpose 2 seq sequence-number {deny | permit} tcp {source mask | any | host ip-address} [operator port [port]] {destination mask | any | host ip-address} [operator port [port]] [established] [count [byte] | log] TRACE LIST Configure a trace list filter for TCP packets. • source: An IP address as the source IP address for the filter to match.
Figure 42-13. Trace list Using seq Command Example FTOS(config-trace-acl)#seq 15 deny ip host 12.45.0.0 any log FTOS(config-trace-acl)#seq 5 permit tcp 121.1.3.45 0.0.255.255 any FTOS(config-trace-acl)#show conf ! ip trace-list dilling seq 5 permit tcp 121.1.0.0 0.0.255.255 any seq 15 deny ip host 12.45.0.0 any log FTOS(config-trace-acl)# If you are creating a Trace list with only one or two filters, you can let FTOS assign a sequence number based on the order in which the filters are configured.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose {deny | permit} tcp {source mask | any | host TRACE LIST Configure a deny or permit filter to examine TCP packets. Configure the following required and optional parameters: • source: An IP address as the source IP address for the filter to match. • mask: a network mask • any: to match any IP source address • host ip-address: to match IP addresses in a host. • destination: An IP address as the source IP address for the filter to match.
Figure 42-14. Trace List Example FTOS(config-trace-acl)#deny tcp host 123.55.34.0 any FTOS(config-trace-acl)#permit udp 154.44.123.34 0.0.255.255 host 34.6.0.0 FTOS(config-trace-acl)#show config ! ip trace-list nimule seq 5 deny tcp host 123.55.34.0 any seq 10 permit udp 154.44.0.0 0.0.255.255 host 34.6.0.0 To view all configured Trace lists and the number of packets processed through the Trace list, use the show ip accounting trace-list command (Figure 110) in the EXEC Privilege mode.
www.dell.com | support.dell.com VTY Line and Access-Class Configuration Various methods are available to restrict VTY access in FTOS. These depend on which authentication scheme you use — line, local, or remote: Table 42-1. VTY Access Authentication Method Username VTY access-class access-class support? support? Remote authorization support? Line YES NO NO Local NO YES NO TACACS+ YES NO YES (with FTOS 5.2.1.0 and later) RADIUS YES NO YES (with FTOS 6.1.1.
Figure 42-16 shows how to allow or deny a Telnet connection to a user. Users will see a login prompt, even if they cannot login. No access class is configured for the VTY line. It defaults from the local database. Figure 42-16.
www.dell.com | support.dell.com To apply a MAC ACL on a VTY line, use the same access-class command as IP ACLs (Figure 42-18). Figure 42-18 shows how to deny incoming connections from subnet 10.0.0.0 without displaying a login prompt. 852 Figure 42-18.
43 Service Provider Bridging Service Provider Bridging is supported on platforms: ecs S4820T This chapter contains the following major sections: • • • • • VLAN Stacking VLAN Stacking Packet Drop Precedence Dynamic Mode CoS for VLAN Stacking Layer 2 Protocol Tunneling Provider Backbone Bridging VLAN Stacking VLAN Stacking is supported on platforms: ces VLAN Stacking, also called Q-in-Q, is defined in IEEE 802.1ad—Provider Bridges, which is an amendment to IEEE 802.
VLAN Stacking in a Service Provider Network PCP TPID (0x9100) DEI VID (VLAN 300) PCP TPID (0x8100) CFI (0) VID (VLAN Red) AN 100 tagged 100 AN 0 10 VL VL www.dell.com | support.dell.com Figure 43-1.
Create Access and Trunk Ports An access port is a port on the service provider edge that directly connects to the customer. An access port may belong to only one service provider VLAN. A trunk port is a port on a service provider bridge that connects to another service provider bridge and is a member of multiple service provider VLANs. Physical ports and port-channels can be access or trunk ports.
www.dell.com | support.dell.com Display the status and members of a VLAN using the show vlan command from EXEC Privilege mode. Members of a VLAN-Stacking-enabled VLAN are marked with an M in column Q. Figure 43-3.
Step 2 Task Command Syntax Command Mode Add the port to a 802.1Q VLAN as tagged or untagged. [tagged | untagged] INTERFACE VLAN In Figure 43-4 GigabitEthernet 0/1 a trunk port that is configured as a hybrid port and then added to VLAN 100 as untagged VLAN 101 as tagged, and VLAN 103, which is a stacking VLAN. Figure 43-4.
www.dell.com | support.dell.com Figure 43-5. Example of Output of debug member vlan and debug member port FTOS# debug member vlan 603 vlan id : 603 ports : Gi 2/47 (MT), Gi 3/1(MU), Gi 3/25(MT), Gi 3/26(MT), Gi 3/27(MU) FTOS#debug member port gigabitethernet 2/47 vlan id : 603 (MT), 100(T), 101(NU) FTOS# VLAN Stacking in Multi-vendor Networks The first field in the VLAN tag is the Tag Protocol Identifier (TPID), which is two bytes.
Figure 43-6.
LUE TPID Mismatch and 0x8100 Match on the E-Series TeraScale TPID 0x9100 VLAN GREEN UE N BL VLA R1-E-Series TeraScale TPID: 0x9100 NB CE PROVIDER RVI SE X R2-E-Series TeraScale TPID: 0x8181 VLAN GREEN, VLAN VL AN Building D TPID 0x8100 VL A INTE RN ET www.dell.com | support.dell.com Figure 43-7.
LUE First-byte TPID Match on the E-Series ExaScale TPID 0x9191 VLAN GREEN UE N BL VLA R1-E-Series TeraScale TPID: 0x9191 Building D NB CE PROVIDER RVI SE VLA INTE RN ET Figure 43-8. X R2-E-Series ExaScale TPID: 0x9100 VLAN GREEN, VLAN VL AN PU VLAN R PURPLE ED RP LE Building C VL AN D RE Table 43-1 details the outcome of matched and mis-matched TPIDs in a VLAN-stacking network with the E-Series. Table 43-1.
www.dell.com | support.dell.com You can configure the first eight bits of the TPID using the command vlan-stack protocol-type. The TPID on the C-Series and S-Series systems is global. Ingress frames that do not match the system TPID are treated as untagged. This rule applies for both the outer tag TPID of a double-tagged frame and the TPID of a single-tagged frame.
VLA NB LUE Single and Double-tag First-byte TPID Match on C-Series and S-Series DEFAULT VLAN Figure 43-10. TPID 0x8181 R2-C-Series w/ FTOS <8.2.1.0 ED TPID: 0x8181 VLAN R PURPLE VLAN GREEN, VLAN EN GRE VLAN UE DEFAULT VLAN N BL R3-C-Series w/ FTOS >=8.2.1.0 VL VLA TPID: 0x8181 AN PU R1-C-Series w/ FTOS <8.2.1.
www.dell.com | support.dell.com Table 43-2 details the outcome of matched and mismatched TPIDs in a VLAN-stacking network with the C-Series and S-Series. Table 43-2. C-Series and S-Series Behaviors for Mis-matched TPID Network Position Incoming Packet TPID System TPID Match Type Pre-8.2.1.0 8.2.1.
Enable Drop Eligibility You must enable Drop Eligibility globally before you can honor or mark the DEI value. Task Command Syntax Command Mode Make packets eligible for dropping based on their DEI value. By default, packets are colored green, and DEI is marked 0 on egress. dei enable CONFIGURATION When Drop Eligibility is enabled, DEI mapping or marking takes place according to the defaults. In this case, the CFI is affected according to Table 43-3. Table 43-3.
www.dell.com | support.dell.com Task Command Syntax Command Mode FTOS#show interface dei-honor Default Drop precedence: Green Interface CFI/DEI Drop precedence ------------------------------------------------------------Gi 0/1 0 Green Gi 0/1 1 Yellow Gi 8/9 1 Red Gi 8/40 0 Yellow Mark Egress Packets with a DEI Value On egress, you can set the DEI value according to a different mapping than ingress (see Honor the Incoming DEI Value).
Figure 43-12. Statically and Dynamically Assigned dot1p for VLAN Stacking Untagged S-Tag with statically-assigned dot1p S-Tag DATA 0x0800 SA DA DATA 100 1 C-Tag C-Tag 3 0x0800 0x8100 SA DA 3 100 0x8100 C-Tagged 400 0x9100 SA DA 0x9100 SA DA S-Tag 4 400 S-Tag with mapped dot1p When configuring Dynamic Mode CoS, you have two options: a mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p.
www.dell.com | support.dell.com FTOS Behavior: For Option A above, when there is a conflict between the queue selected by Dynamic Mode CoS (vlan-stack dot1p-mapping) and a QoS configuration, the queue selected by Dynamic Mode CoS takes precedence. However, rate policing for the queue is determined by QoS configuration.
To map C-Tag dot1p values to S-Tag dot1p values and mark the frames accordingly: Step Task Command Syntax Command Mode Allocate CAM space to enable queuing frames according to the C-Tag or the S-Tag. vman-qos: mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p. This method requires half as many CAM entries as vman-qos-dual-fp. vman-qos-dual-fp: mark the S-Tag dot1p and queue the frame according to the S-Tag dot1p.
SPANNI NG TR VLAN Stacking without L2PT INTE RN E T no spanning-tree ETWORK EN RE SPAN NIN G www.dell.com | support.dell.com Figure 43-13. T ING TREE ANN SP PROVIDER w/ VICE R SE EE EE TR Building B no spanning-tree X BPDU w/ destination MAC address: 01-80-C2-00-00-00 Building A You might need to transport control traffic transparently through the intermediate network to the other region.
VLAN Stacking with L2PT SPANNI NG TR Figure 43-14.
www.dell.com | support.dell.com Specify a Destination MAC Address for BPDUs By default, FTOS uses a Dell Force10-unique MAC address for tunneling BPDUs. You can configure another value. Task Command Syntax Command Mode Overwrite the BPDU with a user-specified destination MAC address when BPDUs are tunneled across the provider network.
Debug Layer 2 Protocol Tunneling Task Command Syntax Command Mode Display debugging information for L2PT. debug protocol-tunnel EXEC Privilege Provider Backbone Bridging Provider Backbone Bridging is supported only on platforms: cs IEEE 802.1ad—Provider Bridges amends 802.1Q—Virtual Bridged Local Area Networks so that service providers can use 802.1Q architecture to offer separate VLANs to customers with no coordination between customers, and minimal coordination between customers and the provider.
| Service Provider Bridging www.dell.com | support.dell.
44 sFlow Configuring sFlow is supported on platforms: • • • • • • • • ecs S4820T Enable and Disable sFlow sFlow Show Commands Specify Collectors Polling Intervals Sampling Rate Back-off Mechanism sFlow on LAG ports Extended sFlow Overview FTOS supports sFlow version 5. sFlow is a standard-based sampling technology embedded within switches and routers which is used to monitor network traffic. It is designed to provide traffic monitoring for high speed networks with many switches and routers.
www.dell.com | support.dell.com Figure 44-1. sFlow Traffic Monitoring System sFlow Collector Switch/Router sFlow Datagrams sFlow Agent Poll Interface Counters Interface Counters Flow Samples Switch ASIC Implementation Information The Dell Force10 sFlow is designed so that the hardware sampling rate is per line card port-pipe and is decided based upon all the ports in that port-pipe.
• • • • • • • • • • FTOS exports all sFlow packets to the collector. A small sampling rate can equate to a large number of exported packets. A backoff mechanism will automatically be applied to reduce this amount. Some sampled packets may be dropped when the exported packet rate is high and the backoff mechanism is about to or is starting to take effect. The dropEvent counter, in the sFlow packet, will always be zero.
www.dell.com | support.dell.com sFlow Show Commands FTOS includes the following sFlow display commands: • • • Show sFlow Globally Show sFlow on an Interface Show sFlow on a Line Card Show sFlow Globally Use the following command to view sFlow statistics: Command Syntax show sflow Command Mode EXEC Purpose Display sFlow configuration information and statistics. Figure 44-2 is a sample output from the show sflow command: Figure 44-2.
Figure 44-3. Command Example: show sflow interface FTOS#show sflow interface gigabitethernet 1/16 Gi 1/16 Configured sampling rate :8192 Actual sampling rate :8192 Sub-sampling rate :2 Counter polling interval :15 Samples rcvd from h/w :33 Samples dropped for sub-sampling :6 The configuration, shown in Figure 44-2, is also displayed in the running configuration (Figure 44-4): Figure 44-4.
www.dell.com | support.dell.com Specify Collectors The sflow collector command allows identification of sFlow Collectors to which sFlow datagrams are forwarded. The user can specify up to two sFlow collectors. If two Collectors are specified, the samples are sent to both. Collection through Management interface is supported on platform: e.
The sflow sample-rate command, when issued in CONFIGURATION mode, changes the default sampling rate. By default, the sampling rate of an interface is set to the same value as the current global default sampling rate.If the value entered is not a correct power of 2, the command generates an error message with the previous and next power-of-2 value. Select one of these two number and re-enter the command. (For more information on values in power-of-2, see Sub-sampling on page 881.
www.dell.com | support.dell.com Back-off Mechanism If the sampling rate for an interface is set to a very low value, the CPU can get overloaded with flow samples under high-traffic conditions. In such a scenario, a binary back-off mechanism gets triggered, which doubles the sampling-rate (halves the number of samples per second) for all interfaces. The backoff mechanism continues to double the sampling-rate until CPU condition is cleared. This is as per sFlow version 5 draft.
Figure 44-6. Confirming that Extended sFlow is Enabled FTOS#show sflow sFlow services are enabled Extended sFlow settings Global default sampling rate: 4096 show all 3 types are enabled Global default counter polling interval: 15 Global extended information enabled: gateway, router, switch 1 collectors configured Collector IP addr: 10.10.10.3, Agent IP addr: 10.10.0.
www.dell.com | support.dell.com Table 44-1. IP SA IP DA srcAS and srcPeerAS dstAS and dstPeerAS static/connected/IGP static/connected/IGP — — Extended gateway data is not exported because there is no AS information. static/connected/IGP BGP 0 Exported src_as & src_peer_as are zero because there is no AS information for IGP. BGP static/connected/IGP — — Exported Exported Prior to FTOS version 7.8.1.0, extended gateway data is not be exported because IP DA is not learned via BGP.
45 Simple Network Management Protocol (SNMP) Simple Network Management Protocol (SNMP) is supported on platforms: ecs S4820T SNMP is supported on the E-Series ExaScale platform with FTOS 8.1.1.0 and later. Note: On Dell Force10 routers, standard and private SNMP MIBs are supported, including all Get and a limited number of Set operations (such as set vlan and copy cmd).
www.dell.com | support.dell.com Configure Simple Network Management Protocol Note: The configurations in this chapter use a UNIX environment with net-snmp version 5.4. This is only one of many RFC-compliant SNMP utilities you can use to manage your Dell Force10 system using SNMP. Also, these configurations use SNMP version 2c. Configuring SNMP version 1 or version 2 requires only a single step: 1. Create a community. See page 887.
SNMP version 3 (SNMPv3) is a user-based security model that provides password authentication for user security and encryption for data security and privacy. Three sets of configurations are available for SNMP read/write operations: no password or privacy, password privileges, password and privacy privileges A maximum of 16 users can be configured even if they are in different groups. Create a Community For SNMPv1 and SNMPv2, you must create a community to enable the community-based security in FTOS.
www.dell.com | support.dell.com • • • noauth: no password or privacy. Select this option to set a user up with no password or privacy privileges. This is the basic configuration. Users must have a group and profile that do not require password privileges. auth: password privileges. Select this option to set up an user with password authentication priv: password and privacy privileges. Select this option to set up a user with password and privacy privileges. Figure 45-2.
Task Configure the user with a secure authorization password and privacy password. Configure an SNMPv3 view. Command Command Mode snmp-server user name group-name {oid-tree} auth md5 auth-password priv des56 priv password CONFIGURATION snmp-server view view-name oid-tree {included | excluded} CONFIGURATION Read Managed Object Values You may only retrieve (read) managed object values if your management station is a member of the same community as the SNMP agent.
www.dell.com | support.dell.com Task Command Figure 45-4. Reading the Value of the Next Managed Object in the MIB > snmpgetnext -v 2c -c mycommunity 10.11.131.161 .1.3.6.1.2.1.1.3.0 SNMPv2-MIB::sysContact.0 = STRING: > snmpgetnext -v 2c -c mycommunity 10.11.131.161 sysContact.0 Read the value of many objects at once, as shown in Figure 45-5. Figure 45-5. snmpwalk -v version -c community agent-ip {identifier.instance | descriptor.
To configure system contact and location information from the Dell Force10 system: Task Command Command Mode Identify the system manager along with this person’s contact information (e.g., E-mail address or phone number). You may use up to 55 characters. Default: None snmp-server contact text CONFIGURATION Identify the physical location of the system. For example, San Jose, 350 Holger Way, 1st floor lab, rack A1-1. You may use up to 55 characters.
www.dell.com | support.dell.com To configure the system to send SNMP notifications: Step Task Command Command Mode Configure the Dell Force10 system to send notifications to an SNMP server. • Enter the keyword traps to send trap messages. • Enter the keyword informs to send informational messages. • Enter the keyword version to send the SNMP version to use for notification messages. • Enter the name of the community-string to identify the SNMPv1 community string.
Table 45-2.
www.dell.com | support.dell.com Table 45-2.
Table 45-2. Dell Force10 Enterprise-specific SNMP Traps Command Option Trap Trap SNMPv2-MIB::sysUpTime.0 = Timeticks: (1489568) 4:08:15.68,SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::mib-2.47.2.0.1, SNMPv2-SMI::enterprises.6027.3.6.1.1.2.
www.dell.com | support.dell.com Table 45-3. MIB Objects for Copying Configuration Files via SNMP MIB Object OID Object Values Description copySrcFileName .1.3.6.1.4.1.6027.3.5.1.1.1.1.4 Path (if file is not in Specifies name of the file. current directory) • If copySourceFileType is set to and filename. running-config or startup-config, copySrcFileName is not required. copyDestFileType .1.3.6.1.4.1.6027.3.5.1.1.1.1.
Step Task 3 Command Syntax Command Mode On the server, use the command snmpset as shown: snmpset -v snmp-version -c community-name -m mib_path/f10-copy-config.mib force10system-ip-address mib-object.index {i | a | s} object-value... • • • Every specified object must have an object value, which must be preceded by the keyword i. See Table 6 for ranges. index must be unique to all previously executed snmpset commands.
www.dell.com | support.dell.com Table 45-4. Copying Configuration Files via SNMP Task snmpset -v 2c -c public force10system-ip-address copySrcFileType.index i 2 copyDestFileType.index i 3 Figure 45-7 show the command syntax using MIB object names. Figure 45-8 shows the same command using the object OIDs. In both cases, the object is followed by a unique index number. Figure 45-7. Copying Configuration Files via SNMP using Object-Name Syntax > snmpset -v 2c -r 0 -t 60 -c private -m ./f10-copy-config.
Table 45-4. Copying Configuration Files via SNMP Task • • server-ip-address must be preceded by the keyword a. values for copyUsername and copyUserPassword must be preceded by the keyword s. Figure 45-11. Copying Configuration Files via SNMP and FTP to a Remote Server > snmpset -v 2c -c private -m ./f10-copy-config.mib 10.10.10.10 copySrcFileType.110 i 2 copyDestFileName.110 s /home/startup-config copyDestFileLocation.110 i 4 copyServerAddress.110 a 11.11.11.11 copyUserName.
www.dell.com | support.dell.com Dell Force10 provides additional MIB Objects to view copy statistics. These are provided in Table 45-5. Table 45-5. MIB Objects for Copying Configuration Files via SNMP MIB Object OID Values Description copyState .1.3.6.1.4.1.6027.3.5.1.1.1.1.11 1= running 2 = successful 3 = failed Specifies the state of the copy operation. copyTimeStarted .1.3.6.1.4.1.6027.3.5.1.1.1.1.12 Time value Specifies the point in the up-time clock that the copy operation started.
Figure 45-14 shows the command syntax using MIB object names, and Figure 45-15 shows the same command using the object OIDs. In both cases, the object is followed by same index number used in the snmpset command. Figure 45-14. Obtaining MIB Object Values for a Copy Operation using Object-name Syntax > snmpget -v 2c -c private -m ./f10-copy-config.mib 10.11.131.140 copyTimeCompleted.110 FTOS-COPY-CONFIG-MIB::copyTimeCompleted.110 = Timeticks: (1179831) 3:16:38.31 Figure 45-15.
www.dell.com | support.dell.com Figure 45-17. Assign a VLAN Alias using SNMP [Unix system output] > snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.1.1107787786 s "My VLAN" SNMPv2-SMI::mib-2.17.7.1.4.3.1.1.
The table that the Dell Force10 system sends in response to the snmpget request is a table that contains hexadecimal (hex) pairs, each pair representing a group of eight ports. • • • On the E-Series, 12 hex pairs represents a line card. Twelve pairs accommodates the greatest currently available line card port density, 96 ports. On the C-Series, 28 hex pairs represents a line card.
www.dell.com | support.dell.com The value 40 is in the first set of 7 hex pairs, indicating that these ports are in Stack Unit 0. The hex value 40 is 0100 0000 in binary. As described above, the left-most position in the string represents Port 1. The next position from the left represents Port 2 and has a value of 1, indicating that Port 0/2 is in VLAN 10. The remaining positions are 0, so those ports are not in the VLAN.
In Figure 45-22, Port 0/2 is added as a tagged member of VLAN 10. Figure 45-22. Adding Tagged Ports to a VLAN using SNMP >snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.2.1107787786 x "40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" .1.3.6.1.2.1.17.7.1.4.3.1.4.
www.dell.com | support.dell.com Enable and Disable a Port using SNMP Step Task Command Syntax Command Mode 1 Create an SNMP community on the Dell Force10 system. snmp-server community CONFIGURATION 2 From the Dell Force10 system, identify the interface index of the port for which you want to change the admin status. Or, from the management system, use the snmpwwalk command to identify the interface index.
Each object is comprised an OID concatenated with an instance number. In the case of these objects, the instance number is the decimal equivalent of the MAC address; derive the instance number by converting each hex pair to its decimal equivalent. For example, the decimal equivalent of E8 is 232, and so the instance number for MAC address 00:01:e8:06:95:ac is.0.1.232.6.149.172. The value of dot1dTpFdbPort is the port number of the port off which the system learns the MAC address.
www.dell.com | support.dell.com Deriving Interface Indices FTOS assigns an interface number to each (configured or unconfigured) physical and logical interface. Display the interface index number using the command show interface from EXEC Privilege mode, as shown in Figure 45-26. Figure 45-26.
Figure 45-28. Binary Representation of Interface Index For interface indexing, slot and port numbering begins with the binary one. If the Dell Force10 system begins slot and port numbering from 0, then the binary 1 represents slot and port 0. For example, the index number in Figure 45-28 gives the binary 2 for the slot number, though interface GigabitEthernet 1/21 belongs to Slot 1. This is because the port for this example is on an E-Series which begins numbering slots from 0.
www.dell.com | support.dell.com SNMPv2-SMI::enterprises.6027.3.2.1.1.6.1.4.1107755009.1 = INTEGER: 1 << Status active, 2 – status inactive If we learn MAC addresses for the LAG, status will be shown for those as well. dot3aCurAggVlanId SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.1.1.0.0.0.0.0.1.1 = INTEGER: 1 dot3aCurAggMacAddr SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.2.1.0.0.0.0.0.1.1 = Hex-STRING: 00 00 00 00 00 01 dot3aCurAggIndex SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.3.1.0.0.0.0.0.1.
46 Stacking Stacking is supported on the following platforms: s S-Series (S50/S25), Stacking is supported on the S4810 with FTOS version 8.3.7.1, version 8.3.10.2 and newer. Stacking is supported on the S4820T with FTOS 8.3.19.0. Note: The S4810 commands accept Unit ID numbers 0-11, though the S4810 supports stacking up to 3 units only with FTOS version 8.3.7.1 and version 8.3.10.2. The S4810 supports stacking up to 6 units on FTOS version 8.3.12.0.
www.dell.com | support.dell.com • • • • • • Stack Group/Port Numbers High Availability on S-Series Stacks Important Points to Remember - S4810 and S4820T Stacking S-Series Stacking Configuration Tasks Troubleshoot an S-Series Stack Removing Units or Front End Ports from a Stack S-Series Stacking Overview An S-Series stack is analogous to an E-Series or C-Series system with redundant RPMs and multiple line cards. FTOS elects a management (master) unit, a standby unit, and all other units are member units.
• Switch removal If the master switch goes off line, the standby replaces it as the new master and the switch with the next highest priority or MAC address becomes standby. Stack Master Election The stack elects a master and standby unit at bootup time based on two criteria: • • Unit priority: User-configurable. Range is from 1 to 14. A higher value (14) means a higher priority. Default: 1.
www.dell.com | support.dell.com 4 5 6 7 8 9 10 Member Member Member Member Member Member Member online not present not present not present not present not present not present S4810 S4810 4810-8-3-12-1447 64 Virtual IP The stack can be managed using a single IP, known as a virtual IP, that is retained in the stack even after a failover. The virtual IP address is used to log in to the current master unit of the stack. Both IPv4 and IPv6 addresses are supported as virtual IPs.
Figure 46-2. Adding a Standalone with a Lower MAC Address to a Stack— Before (S50-type) -------------------------------STANDALONE BEFORE CONNECTION---------------------------------Standalone#show system brief Stack MAC : 00:01:e8:d5:ef:81 -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Management online S50V S50V 7.8.1.
www.dell.com | support.dell.com Figure 46-3. Adding a Standalone with a Lower MAC Address and Equal Priority to a Stack—After -------------------------------STANDALONE AFTER CONNECTION---------------------------------Standalone#%STKUNIT0-M:CP %POLLMGR-2-ALT_STACK_UNIT_STATE: Alternate Stack-unit is present 00:20:20: %STKUNIT0-M:CP %CHMGR-5-STACKUNITDETECTED: Stack unit 1 present 00:20:22: %STKUNIT0-M:CP %CHMGR-5-STACKUNITDETECTED: Stack unit 2 present Going for reboot.
Figure 46-4. S4810 supported stacking topologies High Availability on S-Series Stacks S-Series stacks have master and standby management units analogous to Dell Force10 Route Processor Modules (Figure 46-5). The master unit synchronizes the running configuration and protocol states so that the system fails over in the event of a hardware or software fault on the master unit. In such an event, or when the master unit is removed, the standby unit becomes the stack manager and FTOS elects a new standby unit.
www.dell.com | support.dell.com Figure 46-5. S-Series Stack Manager Redundancy (S50-type system) Stack#show redundancy -- Stack-unit Status ------------------------------------------------Mgmt ID: 0 Stack-unit ID: 1 Stack-unit Redundancy Role: Primary Stack-unit State: Active Stack-unit SW Version: 7.8.1.0 Link to Peer: Up -- PEER Stack-unit Status ------------------------------------------------Stack-unit State: Standby Peer stack-unit ID: 2 Stack-unit SW Version: 7.8.1.
Figure 46-6.
www.dell.com | support.dell.com • • • Stacking with 1G interfaces is not supported. Stacking on the S4810 and S4820T is accomplished through front end user ports on the chassis All stack units must have the same version of FTOS. S-Series Stacking Installation Tasks • • • • Create an S-Series Stack Add Units to an Existing S-Series Stack Remove a Unit from an S-Series Stack Split an S-Series Stack Create an S-Series Stack Stacking is enabled on the S4810 and S4820T using the front end ports.
Figure 46-7. S4810 Stack-group assignments Figure 46-8. S4820T Stack-Group Assignment Stack Group 1 Stack Group 3 Stack Group 11 SG-13 SG-15 SG-12 SG-14 Stack Group 0 Stack Group 2 Stack Group 10 You can connect the units while they are powered down or up. Stacking ports are bi-directional. With FTOS 8.3.12.0, when a unit is added to a stack, the management unit performs a system check on the new unit to ensure the hardware type is compatible. A similar check is performed on the FTOS version.
www.dell.com | support.dell.com • if the software version of the new unit predates FTOS 8.3.12.0, the management unit puts the new unit into a card problem state and generates a syslog that identifies the unit, its FTOS version, and its incompatibility for firmware synchronization. Note: You must enter the stack-unit stack-unit stack-group stack-group command when adding units to a stack to ensure the units are assigned to the correct groups.
Creating a New Stack Prior to creating a stack, know which unit will be the management unit and which will be the standby unit. You must also enable the front ports of the units for stacking. For more information, see “Enable Front End Port Stacking” on page 922. To create a new stack: Step Task Command Syntax Command Mode 1 Power up all units in the stack 2 Verify that each unit has the same FTOS version prior to stacking them together.
www.dell.com | support.dell.com Step 7 Task Command Syntax Command Mode Reload the stack one unit at a time. Start with the management unit, then the standby, followed by each of the members in order of their assigned stack number (or the position in the stack you want each unit to take). Allow each unit to completely boot, and verify that the unit is detected by the stack manager, and then power the next unit.
stack-unit 3 stack-group 12 stack-unit 3 stack-group 13 Configure the stack groups on unit 4: stack-unit 4 stack-group 13 stack-unit 4 stack-group 14 Configure the final stack-group on unit 1 to complete the stack. stack-unit 1 stack-group 12 When the stack-group configuration is complete, the system will print a syslog for reload, as shown below. FTOS#configure FTOS(conf)#stack-unit 4 stack-group 13 FTOS(conf)#02:39:12: %STKUNIT4-M:CP %IFMGR-6-STACK_PORTS_ADDED: Ports Fo 4/52 stacking ports.
www.dell.com | support.dell.com -- Fan Status -Unit Bay TrayStatus Fan0 Speed Fan1 Speed ---------------------------------------------------------------------------1 0 up up 9360 up 9360 1 1 up up 9360 up 9360 2 0 up up 7680 up 7680 2 1 up up 7920 up 7680 3 0 up up 9360 up 9360 3 1 up up 9360 up 9360 4 0 up up 9120 up 9120 4 1 up up 9120 up 9360 Speed in RPM The following example shows how to configure two new S4810 or S4820T switches for stacking using 10G ports.
• If the stack has a provision for the stack-number that will be assigned to the new unit, the provision must match the unit type, or FTOS generates a type mismatch error, as shown in Figure 46-11 and Figure 46-12. After the new unit loads, it synchronizes its running and startup configurations with the stack. Manually Assign a New Unit to an Existing Stack To manually assign a new unit a position in an existing stack, use the following steps.
www.dell.com | support.dell.
If a standalone switch already has stack groups configured. Step Task Command Syntax Command Mode 8 Attach cables to connect the ports already configured as stack groups on the switch to one or more switches in the stack. 9 FTOS automatically assigns a number to the new unit and adds it as member switch in the stack. The new unit synchronizes its running and startup configurations with the stack.
www.dell.com | support.dell.
Task Command Syntax Command Mode Display most of the information in show system, but in a more convenient tabular show system brief EXEC Privilege Display the same information in show system, but only for the specified unit. See show system stack-unit EXEC Privilege Display topology and stack link status for the entire stack. The available options separate the show system stack-port output into topology information from link status information. See the example below.
www.dell.com | support.dell.com Unit Type Status Next Boot Required Type Current Type Master priority Hardware Rev Num Ports Up Time FTOS Version Jumbo Capable POE Capable Burned In MAC No Of MACs : : : : : : : : : : : : : : Standby Unit online online S4810 - 52-port GE/TE/FG (SE) S4810 - 52-port GE/TE/FG (SE) 0 3.
Locating an S4820T within a Stack The S4820T has an LED which is used for the purpose of identifying a particular unit within a stack. This LED is located on the PSU side of the S4820T, and is called the “Location” LED.
www.dell.com | support.dell.com Manage Redundancy on an S-Series Stack Task Command Syntax Command Mode redundancy force-failover stack-unit EXEC Privilege Prevent the stack master from rebooting after a failover. This command does not affect a forced failover, manual reset, or a stack-link disconnect. redundancy disable-auto-reboot stack-unit CONFIGURATION Display redundancy information.
• Solid Green indicates the unit is the stack master (management unit) For the S4820T, the following lists the stacking LED’s status indications: Note: On the S4820T, the Stacking LED is located on the PSU side of the unit. • • • Solid Blue indicates the unit is the stack master (management unit). If the S4820T is a standalone unit, it will display Solid Blue as well. Blinking Blue indicates the unit is the stack standby. Solid Green indicates the unit is a stack member.
www.dell.com | support.dell.com Up Time FTOS Version Jumbo Capable POE Capable Boot Flash Memory Size Temperature Voltage Serial Number Part Number Vendor Id Date Code Country Code Piece Part ID PPID Revision Service Tag Expr Svc Code Auto Reboot Burned In MAC No Of MACs : : : : : : : : : : : : : : : : : : : : 1 min, 14 sec 4810-8-3-12-1447 yes no 1.2.0.
Removing Units or Front End Ports from a Stack • • Remove a Unit from an S-Series Stack Remove Front End Port Stacking Remove a Unit from an S-Series Stack The running-configuration and startup-configuration are synchronized on all stack units. A stack member that is disconnected from the stack maintains this configuration. To remove a stack member from the stack, disconnect the stacking cables from the unit. You may do this at any time, whether the unit is powered or unpowered, online or offline.
www.dell.com | support.dell.com Remove Front End Port Stacking To remove the configuration on the front end ports used for stacking, use the following procedure. Task Command Syntax Command Mode Remove the stack group configuration that are configured. no stack-unit id stack-group id CONFIGURATION Save the stacking configuration on the ports. write memory EXEC Privilege Reload the switch. reload EXEC Privilege After the units are reloaded, the system reboots.
Recover from a Card Problem State on an S-Series Stack If a unit added to a stack has a different FTOS version, the unit does not come online and FTOS cites a card problem error, as shown in Figure 46-13. To recover, disconnect the new unit from the stack, change the FTOS version to match the stack, and then reconnect it to the stack, as shown in Figure 46-14. Figure 46-13.
www.dell.com | support.dell.
Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Member not present S25N 1 Management online S50N S50N 7.8.1.0 52 2 Standby online S50V S50V 7.8.1.
| Stacking www.dell.com | support.dell.
47 Storm Control ecs Storm Control for Multicast is supported on platforms: c s Storm Control is supported on platforms: S4820T The storm control feature enables you to control unknown-unicast and broadcast traffic on Layer 2 and Layer 3 physical interfaces. FTOS Behavior: On the E-Series, FTOS supports broadcast control for Layer 3 traffic only. To control Layer 2 broadcast traffic use the command storm-control unknown-unicast.
www.dell.com | support.dell.com Configure storm control from CONFIGURATION mode 944 Configure storm control from CONFIGURATION mode using the command storm control. From CONFIGURATION mode you can configure storm control for ingress and egress traffic.
48 Spanning Tree Protocol (STP) Spanning Tree Protocol (STP) is supported on platforms: e c s S4820T Protocol Overview Spanning Tree Protocol (STP) is a Layer 2 protocol—specified by IEEE 802.1d—that eliminates loops in a bridged topology by enabling only a single path through the network. By eliminating loops, the protocol improves scalability in a large network and enables you to implement redundant paths, which can be activated upon the failure of active paths.
www.dell.com | support.dell.com • • • • • • • • Removing an Interface from the Spanning Tree Group Modifying Global Parameters Modifying Interface STP Parameters Enabling PortFast Preventing Network Disruptions with BPDU Guard STP Root Selection SNMP Traps for Root Elections and Topology Changes Configuring Spanning Trees as Hitless Important Points to Remember • • • • • Spanning Tree Protocol (STP) is disabled by default. FTOS supports only one Spanning Tree instance (0).
Figure 48-1.
www.dell.com | support.dell.com Enabling Spanning Tree Protocol Globally Spanning Tree Protocol must be enabled globally; it is not enabled by default. To enable Spanning Tree globally for all Layer 2 interfaces: Step Task Command Syntax Command Mode 1 Enter the PROTOCOL SPANNING TREE mode. protocol spanning-tree 0 CONFIGURATION 2 Enable Spanning Tree.
Figure 48-2. Spanning Tree Enabled Globally root R1 R2 1/3 Forwarding 2/1 1/4 Blocking 2/2 1/1 1/2 3/1 3/2 3/3 3/4 R3 2/3 2/4 Port 290 (GigabitEthernet 2/4) is Blocking Port path cost 4, Port priority 8, Port Identifier 8.290 Designated root has priority 32768, address 0001.e80d.2462 Designated bridge has priority 32768, address 0001.e80d.2462 Designated port id is 8.
www.dell.com | support.dell.com Confirm that a port is participating in Spanning Tree using the show spanning-tree 0 brief command from EXEC privilege mode. FTOS#show spanning-tree 0 brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e80d.2462 We are the root of the spanning tree Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 0001.e80d.
Modifying Global Parameters You can modify Spanning Tree parameters. The root bridge sets the values for forward-delay, hello-time, and max-age and overwrites the values set on other bridges participating in Spanning Tree. Note: Dell Force10 recommends that only experienced network administrators change the Spanning Tree parameters. Poorly planned modification of the Spanning Tree parameters can negatively impact network performance. Table 48-2 displays the default values for Spanning Tree. Table 48-2.
www.dell.com | support.dell.com View the current values for global parameters using the show spanning-tree 0 command from EXEC privilege mode. Refer to the second example in Enabling Spanning Tree Protocol Globally. Modifying Interface STP Parameters You can set the port cost and port priority values of interfaces in Layer 2 mode. • • Port cost is a value that is based on the interface type. The greater the port cost, the less likely the port will be selected to be a forwarding port.
To enable PortFast on an interface: Task Command Syntax Command Mode Enable PortFast on an interface. spanning-tree stp-id portfast [bpduguard | [shutdown-on-violation]] INTERFACE Verify that PortFast is enabled on a port using the show spanning-tree command from the EXEC privilege mode or the show config command from INTERFACE mode; Dell Force10 recommends using the show config command, as shown in Figure 48-3. Figure 48-3.
www.dell.com | support.dell.com Note: Unless the shutdown-on-violation option is enabled, spanning-tree only drops packets after a BPDU violation; the physical interface remains up, as shown below. FTOS(conf-if-gi-0/7)#do show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e805.fb07 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 0001.e85d.
Figure 48-4. Enabling BPDU Guard FTOS(conf-if-gi-3/41)# spanning-tree 0 portfast bpduguard shutdown-on-violation FTOS(conf-if-gi-3/41)#show config ! interface GigabitEthernet 3/41 no ip address switchport spanning-tree 0 portfast bpduguard shutdown-on-violation no shutdown 3/41 Hub Switch with Spanning Tree Enabled FTOS Behavior: BPDU Guard and BPDU filtering (refer to Removing an Interface from the Spanning Tree Group) both block BPDUs, but are two separate features.
www.dell.com | support.dell.com Task Command Syntax Command Mode Assign a number as the bridge priority or designate it as the root or secondary root. priority-value range: 0 to 65535. The lower the number assigned, the more likely this bridge will become the root bridge. The default is 32768. • The primary option specifies a bridge priority of 8192. • The secondary option specifies a bridge priority of 16384.
In STP topology 3 (Figure 48-6 lower middle), if the root guard feature is enabled on the STP port on Switch C that connects to device D, and device D sends a superior BPDU that would trigger the election of device D as the new root bridge, the BPDU is ignored and the port on Switch C transitions from a forwarding to a root-inconsistent state (shown by the green X icon). As a result, Switch A becomes the root bridge. All incoming and outgoing traffic is blocked on an STP port in a root-inconsistent state.
www.dell.com | support.dell.com Root Guard Configuration You enable STP root guard on a per-port or per-port-channel basis. FTOS Behavior: The following conditions apply to a port enabled with STP root guard: • Root guard is supported on any STP-enabled port or port-channel interface except when used as a stacking port.
Configuring Spanning Trees as Hitless Configuring Spanning Trees as Hitless is supported only on platforms: c e S4820T You can configure Spanning Tree (STP), Rapid Spanning Tree (RSTP), Multiple Spanning Tree (MSTP), and Per-Vlan Spanning Tree (PVST+) to be hitless (all or none must be configured as hitless). When configured as hitless, critical protocol state information is synchronized between RPMs so that RPM failover is seamless and no topology change is triggered.
www.dell.com | support.dell.com As shown in STP topology 3 (Figure 48-8 bottom middle), after you enable loop guard on an STP port or port-channel on Switch C, if no BPDUs are received and the max-age timer expires, the port transitions from a blocked state to a loop-inconsistent state (instead of to a forwarding state). Loop guard blocks the STP port so that no traffic is transmitted and no loop is created.
Figure 48-8.
www.dell.com | support.dell.com Loop Guard Configuration You enable STP loop guard on a per-port or per-port channel basis. FTOS Behavior: The following conditions apply to a port enabled with loop guard: • Loop guard is supported on any STP-enabled port or port-channel interface.
Displaying STP Guard Configuration To verify the STP guard configured on port or port-channel interfaces, enter the show spanning-tree 0 guard [interface interface] command. The example below shows an STP network (instance 0) in which: • • • Root guard is enabled on a port that is in a root-inconsistent state. Loop guard is enabled on a port that is in a listening state. BPDU guard is enabled on a port that is shut down (Error Disabled state) after receiving a BPDU.
www.dell.com | support.dell.
49 System Time and Date System Time and Date settings, and Network Time Protocol are supported on platforms: ecs S4820T System times and dates can be set and maintained through the Network Time Protocol (NTP). They are also set through FTOS CLIs and hardware settings.
www.dell.com | support.dell.com • • Roundtrip delay provides the capability to launch a message to arrive at the reference clock at a specified time. Dispersion represents the maximum error of the local clock relative to the reference clock.
Figure 49-1. NTP Fields Source Port (123) Destination Port (123) Length NTP Packet Payload Checksum Range: +32 to -32 Status Leap Indicator Code: 00: No Warning 01: +1 second 10: -1 second 11: reserved Type Precision Est. Error Est.
www.dell.com | support.dell.com Enable NTP NTP is disabled by default. To enable it, specify an NTP server to which the Dell Force10 system will synchronize. Enter the command multiple times to specify multiple servers. You may specify an unlimited number of servers at the expense of CPU resources. Task Command Command Mode Specify the NTP server to which the Dell Force10 system will synchronize.
Figure 49-4. Displaying the Calculated NTP Synchronization Variables R5/R8(conf)#do show calendar 06:31:02 UTC Mon Mar 13 1989 R5/R8(conf)#ntp update-calendar 1 R5/R8(conf)#do show calendar 06:31:26 UTC Mon Mar 13 1989 R5/R8(conf)#do show calendar 12:24:11 UTC Thu Mar 12 2009 Configure NTP broadcasts With FTOS, you can receive broadcasts of time information. You can set interfaces within the system to receive NTP information through broadcast.
www.dell.com | support.dell.com To configure an IP address as the source address of NTP packets, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose ntp source interface CONFIGURATION Enter the following keywords and slot/port or number information: • For a 1-Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. • For a loopback interface, enter the keyword loopback followed by a number between 0 and 16383.
Step Command Syntax Command Mode Purpose 2 ntp authentication-key number md5 key CONFIGURATION Set an authentication key. Configure the following parameters: number: Range 1 to 4294967295. This number must be the same as the number in the ntp trusted-key command. key: Enter a text string. This text string is encrypted. 3 ntp trusted-key number CONFIGURATION Define a trusted key. Configure a number from 1 to 4294967295.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose ntp server ip-address [key keyid] [prefer] [version number] CONFIGURATION Configure an NTP server. Configure the IP address of a server and the following optional parameters: • key keyid: Configure a text string as the key exchanged between the NTP server and client. • prefer: Enter the keyword to set this NTP server as the preferred server. • version number: Enter a number 1 to 3 as the NTP version.
• • • • • • • • Root Delay (sys.rootdelay, peer.rootdelay, pkt.rootdelay): This is a signed fixed-point number indicating the total roundtrip delay to the primary reference source at the root of the synchronization subnet, in seconds. Note that this variable can take on both positive and negative values, depending on clock precision and skew. Root Dispersion (sys.rootdispersion, peer.rootdispersion, pkt.
www.dell.com | support.dell.com Set the time and date for the switch hardware clock Command Syntax Command Mode Purpose calendar set time month day year EXEC Privilege Set the hardware clock to the current time and date. time: Enter the time in hours:minutes:seconds. For the hour variable, use the 24-hour format, for example, 17:15:00 is 5:15 pm. month: Enter the name of one of the 12 months in English. You can enter the name of a day to change the order of the display to time day month year.
Set the time and date for the switch software clock You can change the order of the month and day parameters to enter the time and date as time day month year. You cannot delete the software clock. The software clock runs only when the software is up. The clock restarts, based on the hardware clock, when the switch reboots. Command Syntax Command Mode Purpose clock set time month day year EXEC Privilege Set the system software clock to the current time and date.
www.dell.com | support.dell.com 976 Command Syntax Command Mode Purpose FTOS#conf FTOS(conf)#clock timezone Pacific -8 FTOS(conf)#01:40:19: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Timezone configuration changed from "UTC 0 hrs 0 mins" to "Pacific -8 hrs 0 mins" FTOS# Set daylight saving time FTOS supports setting the system to daylight saving time once or on a recurring basis every year.
Set Daylight Saving Time Once Set a date (and time zone) on which to convert the switch to daylight saving time on a one-time basis. Command Syntax Command Mode Purpose clock summer-time time-zone date start-month start-day start-year start-time end-month end-day end-year end-time [offset] CONFIGURATION Set the clock to the appropriate timezone and daylight saving time. time-zone: Enter the three-letter name for the time zone. This name is displayed in the show clock output.
www.dell.com | support.dell.com Set Recurring Daylight Saving Time Set a date (and time zone) on which to convert the switch to daylight saving time on a specific day every year. If you have already set daylight saving for a one-time setting, you can set that date and time as the recurring setting with the clock summer-time time-zone recurring command.
Command Syntax Command Mode Purpose start-year: Enter a four-digit number as the year. Range: 1993 to 2035 start-time: Enter the time in hours:minutes. For the hour variable, use the 24-hour format, example, 17:15 is 5:15 pm. end-week: If you entered a start-week, Enter the one of the following as the week that daylight saving ends: • • • week-number: enter a number from 1-4 as the number of the week to end daylight saving time.
www.dell.com | support.dell.
50 Uplink Failure Detection (UFD) Uplink Failure Detection (UFD) is supported on the following platforms: s (S50 only) and S4820T Feature Description Uplink Failure Detection (UFD) provides detection of the loss of upstream connectivity and, if used with NIC teaming, automatic recovery from a failed link. A switch provides upstream connectivity for devices, such as servers. If a switch loses its upstream connectivity, downstream devices also lose their connectivity.
www.dell.com | support.dell.com Figure 50-1. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group. An interface in an uplink-state group can be a physical interface or a port-channel (LAG) aggregation of physical interfaces. An enabled uplink-state group tracks the state of all assigned upstream interfaces.
Figure 50-2. Uplink Failure Detection Example If only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstream ports associated with the upstream interface are put into a link-down state. This number is user-configurable and is calculated by the ratio of upstream port bandwidth to downstream port bandwidth in the same uplink-state group.
www.dell.com | support.dell.com Important Points to Remember When you configure Uplink Failure Detection, the following conditions apply: • You can configure up to sixteen uplink-state groups. By default, no uplink-state groups are created. An uplink-state group is considered to be operationally up if it has at least one upstream interface in the link-up state. An uplink-state group is considered to be operationally down if it has no upstream interfaces in the link-up state.
Configuring Uplink Failure Detection To configure Uplink Failure Detection, follow these steps: Step 1 Command Syntax and Mode Description uplink-state-group group-id Creates an uplink-state group and enabling the tracking of upstream links on the switch/router. Valid group-id values are 1 to 16. To delete an uplink-state group, enter the no uplink-state-group group-id command.
www.dell.com | support.dell.com Step 5 Command Syntax and Mode Description description text (Optional) Enters a text description of the uplink-state group. Maximum length: 80 alphanumeric characters. Command Mode: UPLINK-STATE-GROUP 6 no enable Command Mode: UPLINK-STATE-GROUP (Optional) Disables upstream-link tracking without deleting the uplink-state group. Default: Upstream-link tracking is automatically enabled in an uplink-state group.
Message 1 shows the Syslog messages displayed when you clear the UFD-disabled state from all disabled downstream interfaces in an uplink-state group by entering the clear ufd-disable uplink-state-group group-id command. All downstream interfaces return to an operationally up state.
www.dell.com | support.dell.com 988 Displaying Uplink Failure Detection To display information on the Uplink Failure Detection feature, enter any of the following show commands: | Show Command Syntax Description show uplink-state-group [group-id] [detail] Command Mode: EXEC Displays status information on a specified uplink-state group or all groups. Valid group-id values are 1 to 16.
Figure 50-3.
www.dell.com | support.dell.com Figure 50-4.
Sample Configuration: Uplink Failure Detection Figure 50-7 shows a sample configuration of Uplink Failure Detection on a switch/router in which you: • • • • • • Configure uplink-state group 3. Add downstream links Gigabitethernet 0/1, 0/2, 0/5, 0/9, 0/11, and 0/12. Configure two downstream links to be disabled if an upstream link fails. Add upstream links Gigabitethernet 0/3 and 0/4. Add a text description for the group. Verify the configuration with various show commands. Figure 50-7.
www.dell.com | support.dell.
51 Upgrade Procedures Find the upgrade procedures Go to the FTOS Release Notes for your system type to see all the requirements to upgrade to the desired FTOS version. Follow the procedures in the FTOS Release Notes for the software version you wish to upgrade to. Get Help with upgrades Direct any questions or concerns about FTOS Upgrade Procedures to the Dell Force10 Technical Support Center. You can reach Technical Support: • • • On the Web: www.force10networks.
| Upgrade Procedures www.dell.com | support.dell.
52 Virtual LANs (VLAN) Virtual LANs (VLAN) are supported on platforms: ecs S4820T This section contains the following subsections: • • • • • Default VLAN Port-Based VLANs VLANs and Port Tagging Configuration Task List for VLANs Enable Null VLAN as the Default VLAN Virtual LANs, or VLANs, are a logical broadcast domain or logical grouping of interfaces in a LAN in which all data received is kept locally and broadcast to all members of the group.
www.dell.com | support.dell.com Table 52-1 displays the defaults for VLANs in FTOS. Table 52-1. VLAN Defaults on FTOS Feature Default Spanning Tree group ID All VLANs are part of Spanning Tree group 0 Mode Layer 2 (no IP address is assigned) Default VLAN ID VLAN 1 Default VLAN When interfaces are configured for Layer 2 mode, they are automatically placed in the Default VLAN as untagged interfaces. Only untagged interfaces can belong to the Default VLAN.
Untagged interfaces must be part of a VLAN. To remove an untagged interface from the Default VLAN, you must create another VLAN and place the interface into that VLAN. Alternatively, enter the no switchport command, and FTOS removes the interface from the Default VLAN. A tagged interface requires an additional step to remove it from Layer 2 mode. Since tagged interfaces can belong to multiple VLANs, you must remove the tagged interface from all VLANs, using the no tagged interface command.
www.dell.com | support.dell.com • • The VLAN protocol identifier identifies the frame as tagged according to the IEEE 802.1Q specifications (2 bytes). Tag Control Information (TCI) includes the VLAN ID (2 bytes total). The VLAN ID can have 4,096 values, but 2 are reserved. Note: The insertion of the tag header into the Ethernet frame increases the size of the frame to more than the 1518 bytes specified in the IEEE 802.3 standard. Some devices that are not compliant with IEEE 802.
Use the show vlan command (Figure 52-3) in the EXEC privilege mode to view the configured VLANs. Figure 52-3. show vlan Command Example FTOS#show vlan Codes: * - Default VLAN, G - GVRP VLANs * NUM 1 2 3 4 5 6 FTOS# Status Inactive Active Active Active Active Active Q U U U T U U U Ports So 9/4-11 Gi 0/1,18 Gi 0/2,19 Gi 0/3,20 Po 1 Gi 0/12 So 9/0 A VLAN is active only if the VLAN contains interfaces and those interfaces are operationally up.
www.dell.com | support.dell.com To tag frames leaving an interface in Layer 2 mode, you must assign that interface to a port-based VLAN to tag it with that VLAN ID. To tag interfaces, use these commands in the following sequence: Step Command Syntax Command Mode Purpose 1 interface vlan vlan-id CONFIGURATION Access the INTERFACE VLAN mode of the VLAN to which you want to assign the interface. tagged interface INTERFACE Enable an interface to include the IEEE 802.1Q tag header.
Use the untagged command to move untagged interfaces from the Default VLAN to another VLAN: Step 1 2 Command Syntax Command Mode Purpose interface vlan vlan-id CONFIGURATION Access the INTERFACE VLAN mode of the VLAN to which you want to assign the interface. untagged interface INTERFACE Configure an interface as untagged. This command is available only in VLAN interfaces.
www.dell.com | support.dell.com Assign an IP address to a VLAN VLANs are a Layer 2 feature. For two physical interfaces on different VLANs to communicate, you must assign an IP address to the VLANs to route traffic between the two interfaces. The shutdown command in INTERFACE mode does not affect Layer 2 traffic on the interface; the shutdown command only prevents Layer 3 traffic from traversing over the interface. Note: An IP address cannot be assigned to the Default VLAN, which, by default, is VLAN 1.
Native VLANs Traditionally, ports can be either untagged for membership to one VLAN or tagged for membership to multiple VLANs. An untagged port must be connected to a VLAN-unaware station (one that does not understand VLAN tags), and a tagged port must be connected to a VLAN-aware station (one that generates and understands VLAN tags). Native VLAN support breaks this barrier so that a port can be connected to both VLAN-aware and VLAN-unaware stations. Such ports are referred to as hybrid ports.
www.dell.com | support.dell.com 1004 Enable Null VLAN as the Default VLAN In a Carrier Ethernet for Metro Service environment, service providers who perform frequent reconfigurations for customers with changing requirements occasionally enable multiple interfaces, each connected to a different customer, before the interfaces are fully configured.
53 Virtual Link Trunking (VLT) Virtual Link Trunking (VLT) is supported on the and S4820T platform. Overview Virtual link trunking (VLT) allows physical links between two chassis to appear as a single virtual link to the network core or other switches such as Edge, Access or ToR. VLT reduces the role of Spanning Tree protocols by allowing LAG terminations on two separate distribution or core switches, and by supporting a loop free topology.
www.dell.com | support.dell.com This figure shows VLT deployed on S4810 switches. The S4810 switches appear as a single virtual switch from the point of view of the switch or server supporting LACP. Note: The S4810 is shown in the illustration, but it also applies to the S4820T. Figure 53-1.
The following figure shows stacking at the access, VLT in aggregation, and Layer 3 at the core. The aggregation layer is mostly in the L2/L3 switching/routing layer. For better resiliency in the aggregation, Dell Force10 recommends running the Internal Gateway Protocol on the VLTi VLAN to synchronize the L3 routing table across the two nodes on a VLT system.
www.dell.com | support.dell.com Enhanced VLT An enhanced VLT (eVLT) configuration allows two different VLT domains connected by a standard LACP LAG to form a loop free Layer 2 topology in the aggregation layer. This configuration supports a maximum of four (4) units, increasing the number of available ports and allowing for dual redundancy of the VLT. The following figure shows how the core/aggregation port density in the Layer 2 topology is increased using eVLT.
VLT peer device - One of a pair of devices that are connected with the special port channel known as the VLT interconnect (VLTi). VLT peer switches have independent management planes. A VLT interconnect between the VLT chassis maintains synchronization of L2/L3 control planes across the two VLT peer switches. The VLT interconnect uses either 10G or 40G user ports on the chassis. A separate backup link maintains heartbeat messages across an out-of-band management network.
www.dell.com | support.dell.com • Configuration Notes When you configure VLT, the following conditions apply: • • 1010 If the DHCP server is located on the ToR and the VLTi (ICL) is down due to a failed link when a VLT node is rebooted in JumpStart mode, it will not be able to reach the DHCP server, resulting in BMP failure. | VLT domain • A VLT domain supports two chassis members, which appear as a single logical device to network access devices connected to VLT ports through a port channel.
• • • • • • • • The VLT interconnect is used for data traffic only when there is a link failure that requires the VLTi to be used in order for data packets to reach their final destination. Unknown, multicast and broadcast traffic can be flooded across the VLT interconnect. MAC addresses for VLANs configured across VLT peer chassis are synchronized over the VLT interconnect on an egress port such as a VLT LAG. MAC addresses are the same on both VLT peer nodes.
www.dell.com | support.dell.com • Virtual link trunks (VLTs) between access devices and VLT peer switches: • To connect servers and access switches with VLT peer switches, you use a VLT port channel (see Figure 53-1). Up to 48 port-channels are supported; up to 8 member links are supported in each port channel between the VLT domain and an access device.
• • • • • Layer 3 VLAN connectivity VLT peers is enabled by configuring a VLAN network interface for the same VLAN on both switches. Software features supported on VLT port-channels: • In a VLT domain, the following software features are supported on VLT port-channels: 802.1p, LLDP, flow control, port monitoring, jumbo frames.
www.dell.com | support.dell.com • • If the primary chassis fails, the secondary chassis takes on the operational role of the primary. The SNMP MIB reports VLT statistics. RSTP and VLT VLT provides loop-free redundant topologies and does not require rapid spanning tree protocol (RSTP). RSTP can cause temporary port state blocking and may cause topology changes after link or node failures.
VLT and Stacking Stacking S4810 or S4820T units cannot be enabled with VLT. If stacking is currently enabled on a unit on which you want to enable VLT, you must first remove the unit from the existing stack. For information on how to remove a unit from a stack, see Chapter 46, Stacking, Remove a Unit from an S-Series Stack on page 937. After the unit has been removed, VLT can be configured on the unit.
www.dell.com | support.dell.com PIM-Sparse Mode Support on VLT The Designated Router functionality of the PIM Sparse-Mode multicast protocol is supported on VLT peer switches for multicast sources and receivers that are connected to VLT ports. The VLT peer switches can act as a last-hop router for IGMP receivers and as a first-hop router for multicast sources.
If the VLT node elected as the designated router fails, traffic loss will occur until another VLT node is elected the designated router. RSTP Configuration The RSTP Spanning Tree protocol is supported in a VLT domain. Before you configure VLT on peer switches, you must configure the Rapid Spanning Tree Protocol (RSTP) in the network if it will be included in your configuration. RSTP is required for initial loop prevention during the VLT startup phase.
www.dell.com | support.dell.com Sample RSTP Configuration Using Figure 53-1 as a sample VLT topology, the primary VLT switch will send BPDUs to an access device (switch or server) with its own RSTP bridge ID. BPDUs generated by an RSTP-enabled access device are only processed by the primary VLT switch. The secondary VLT switch tunnels the BPDUs that it receives to the primary VLT switch over the VLT interconnect.
5. Connect the peer switches in a VLT domain to an attached access device (switch or server). Configure a VLT interconnect Step 1 Task Command Syntax Command Mode Configure the port channel to be used for the VLT interconnect on a VLT switch and enter interface configuration mode. Enter the same port-channel number configured with the peer-link port-channel command in the Enable VLT and Create a VLT Domain steps.
www.dell.com | support.dell.com Enable VLT and Create a VLT Domain Step Task Command Syntax Command Mode 3 Configure the port channel to be used as the VLT interconnect between VLT peers in the domain. peer-link port-channel id-number VLT DOMAIN CONFIGURATION 4 (Optional) Prevent a possible loop during the bootup of a VLT peer switch or a device that accesses the VLT domain.
(Optional) Reconfigure default VLT settings Step Task Command Syntax Command Mode 1 Enter VLT-domain configuration mode for a specified VLT domain. Range of domain IDs: 1 to 1000. vlt domain domain-id CONFIGURATION 2 (Optional) After you configure the VLT domain on each peer switch on both sides of the interconnect trunk, by default, the FTOS software elects a primary and secondary VLT peer device. Use the primary-priority command to reconfigure the primary role of VLT peer switches.
www.dell.com | support.dell.com Connect a VLT domain to an attached access device (switch or server) Step Task Command Syntax Command Mode On a VLT peer switch: Configure the same port channel ID number on each peer switch in the VLT domain to connect to an attached device as follows: 1 Configure the same port channel to be used to connect to an attached device and enter interface configuration mode. interface port-channel CONFIGURATION 2 Remove an IP address from the interface.
(Optional) Configure a VLT VLAN peer-down Step 3 Task Command Syntax Command Mode Enter the VLAN ID number of the VLAN where the VLT forwards packets received on the VLTi from an adjacent peer that is down. Range: 1 to 4094. peer-down-vlan vlan VLT DOMAIN CONFIGURATION interface number Use the following procedure to configure enhanced VLT between two VLT domains on your network. Refer to eVLT Configuration Example for a sample configuration.
www.dell.com | support.dell.com 1024 (Optional) Configure Enhanced VLT (eVLT) | Step Task Command Syntax Command Mode 6 When you create a VLT domain on a switch, the FTOS software automatically creates a VLT-system MAC address used for internal system operations. Use the system-mac command to explicitly configure the default MAC address for the domain by entering a new MAC address in the format: aaaa.bbbb.cccc. You must also reconfigure the same MAC address on the VLT peer switch.
(Optional) Configure Enhanced VLT (eVLT) Step Task Command Syntax Command Mode 15 Enable LACP on the LAN port. port-channel-protocol lacp INTERFACE 16 Configure the LACP port channel mode. port-channel number mode [active] INTERFACE 17 Ensure that the interface is active. no shutdown MANAGEMENT INTERFACE 18 Repeat steps 1 through 15 for the VLT peer node in Domain 1. 19 Repeat steps 1 through 15 for the first VLT node in Domain 2.
www.dell.com | support.dell.com Task Command Syntax Command Mode 1. Configure the static LAG/LACP between ports connected from VLT peer 1 and VLT peer 2 to the top of rack unit. show running-config entity EXEC Privilege 2. Configure the VLT peer link port channel id in VLT peer 1 and VLT peer 2. show interfaces interface EXEC EXEC Privilege 3.
s4810-2#show running-config vlt ! vlt domain 5 peer-link port-channel 1 back-up destination 10.11.206.58 s4810-2# s4810-2# show interfaces managementethernet 0/0 Internet address is 10.11.206.43/16 s4810-4#show running-config vlt ! vlt domain 5 peer-link port-channel 1 back-up destination 10.11.206.43 s4810-4# s4810-4#show running-config interface managementethernet 0/0 ip address 10.11.206.58/16 no shutdown Configure the VLT links between VLT peer 1 and VLT peer 2 to the top of rack unit.
www.dell.com | support.dell.
s4810-4# eVLT Configuration Example The following example demonstrates the steps to configure enhanced VLT (eVLT) in a network. In this example there are two domains being configured. Domain 1 consists of Peer 1 and Peer 2; Domain 2 consists of Peer 3 and Peer 4 as shown below. In Domain 1, configure Peer 1 fist, then configure Peer 2. When that is complete, perform the same steps for the peer nodes in Domain 2. The interface used in this example is TenGigabitEthernet.
www.dell.com | support.dell.
Domain_2_Peer3(conf)#interface range tengigabitethernet 0/19 - 20 Domain_2_Peer3(conf-if-range-te-0/16-17)# port-channel-protocol LACP Domain_2_Peer3(conf-if-range-te-0/16-17)# port-channel 100 mode active Domain_2_Peer3(conf-if-range-te-0/16-17)# no shutdown Next, configure the VLT domain and VLTi on Peer 4: Domain_2_Peer4#configure Domain_2_Peer4(conf)#interface port-channel 1 Domain_2_Peer4(conf-if-po-1)# channel-member TenGigabitEthernet 0/8-9 Domain_2_Peer4(conf)#vlt domain 1000 Domain_2_Peer4(conf-vl
www.dell.com | support.dell.com Configure the VLTi port as a Static Multicast Router port for the VLAN VLT_Peer1(conf)#interface vlan 4001 VLT_Peer1(conf-if-vl-4001)#ip igmp snooping mrouter interface port-channel 128 VLT_Peer1(conf-if-vl-4001)#exit VLT_Peer1(conf)#end Repeat these steps on VLT Peer Node 2 VLT_Peer2(conf)#ip multicast-routing VLT_Peer2(conf)#interface vlan 4001 VLT_Peer2(conf-if-vl-4001)#ip address 140.0.0.
Show Command Syntax Description show interfaces interface Displays the current status of a port or port-channel interface used in the VLT domain. interface specifies one of the following interface types: Fast Ethernet: Enter fastethernet slot/port. 1-Gigabit Ethernet: Enter gigabitethernet slot/port. 10-Gigabit Ethernet: Enter tengigabitethernet slot/port. Port channel: Enter port-channel {1-128}. Figure 53-4.
www.dell.com | support.dell.com Figure 53-5.
Figure 53-7. show vlt role Command Output on VLT peer switches FTOS_VLTpeer1# show vlt role VLT Role ---------VLT Role: System MAC address: System Role Priority: Local System MAC address: Local System Role Priority: Primary 00:01:e8:8a:df:bc 32768 00:01:e8:8a:df:bc 32768 FTOS_VLTpeer2# show vlt role VLT Role ---------VLT Role: System MAC address: System Role Priority: Local System MAC address: Local System Role Priority: Secondary 00:01:e8:8a:df:bc 32768 00:01:e8:8a:df:e6 32768 Figure 53-8.
www.dell.com | support.dell.com Figure 53-9.
Figure 53-10. show spanning-tree rstp Command Output on VLT peer switches FTOS_VLTpeer1# show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 0001.e88a.dff8 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 4096, Address 0001.e88a.d656 Configured hello time 2, max age 20, forward delay 15 Interface Name ---------Po 1 Po 3 Po 4 Po 100 Po 110 Po 111 Po 120 PortID -------128.2 128.4 128.5 128.101 128.111 128.112 128.
www.dell.com | support.dell.com Figure 53-11. Configuring Virtual Link Trunking (VLT Peer 1) FTOS_VLTpeer1(conf)#vlt domain 999 FTOS_VLTpeer1(conf-vlt-domain)#peer-link port-channel 100 FTOS_VLTpeer1(conf-vlt-domain)#back-up destination 10.11.206.35 FTOS_VLTpeer1(conf-vlt-domain)#exit Enable VLT and create a VLT domain FTOS_VLTpeer1(conf)#interface ManagementEthernet 0/0 FTOS_VLTpeer1(conf-if-ma-0/0)#ip address 10.11.206.
Figure 53-12. Configuring Virtual Link Trunking (VLT Peer 2) FTOS_VLTpeer2(conf)#vlt domain 999 FTOS_VLTpeer2(conf-vlt-domain)#peer-link port-channel 100 FTOS_VLTpeer2(conf-vlt-domain)#back-up destination 10.11.206.23 FTOS_VLTpeer2(conf-vlt-domain)#exit Enable VLT and create a VLT domain FTOS_VLTpeer2(conf)#interface ManagementEthernet 0/0 FTOS_VLTpeer2(conf-if-ma-0/0)#ip address 10.11.206.
www.dell.com | support.dell.com Figure 53-13. Switch) Verifying a Port-Channel Connection to a VLT Domain (From an Attached Access FTOS_TORswitch(conf)# show running-config interface port-channel 11 ! interface Port-channel 11 On an access device, verify the no ip address port-channel connection to a VLT switchport domain channel-member fortyGigE 1/18,22 no shutdown Troubleshooting VLT Use the following information to help to troubleshoot different VLT issues that may occur.
Description Behavior at Peer Up Behavior During Run Time Action to Take Spanning tree mismatch A syslog error message is at port level generated. A one-time informational syslog message is generated. Correct the spanning tree configuration on the ports. System MAC mismatch A syslog error message and an SNMP trap are generated. A syslog error message and an SNMP trap are generated. Verify that the unit ID of VLT peers is not the same on both units and that the MAC address is the same on both units.
www.dell.com | support.dell.com 8. After reloading, confirm that VLT is enabled. 1042 9. Confirm that the management ports are interconnected or connected to a switch that can transfer Heartbeat information.
54 Virtual Router Redundancy Protocol (VRRP) Virtual Router Redundancy Protocol (VRRP) is supported on platforms: e cs S4820T This chapter covers the following information: • • • • • VRRP Overview VRRP Benefits VRRP Implementation VRRP Configuration Sample Configurations VRRP Overview Virtual Router Redundancy Protocol (VRRP) is designed to eliminate a single point of failure in a statically routed network.
www.dell.com | support.dell.com In Figure 54-1 below, Router A is configured as the MASTER router. It is configured with the IP address of the virtual router and sends any packets addressed to the virtual router through interface GigabitEthernet 1/1 to the Internet. As the BACKUP router, Router B is also configured with the IP address of the virtual router. If for any reason Router A becomes unavailable, VRRP elects a new MASTER Router. Router B assumes the duties of Router A and becomes the MASTER router.
VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End-station connections to the network are redundant and they are not dependent on IGP protocols to converge or update routing tables. VRRP Implementation E-Series supports an unlimited total number of VRRP groups on the switch while supporting up to 255 VRRP groups on a single interface (Table 54-1).
www.dell.com | support.dell.com Table 54-1. Recommended VRRP Advertise Intervals Recommended Advertise Interval Total VRRP Groups E-Series Groups/Interface S-Series (S25, S50) C-Series E-Series ExaScale E-Series TeraScale C-Series S-Series (S25, S50) Between 1000 and 1200 7 seconds 7 seconds 7 seconds 512 255 100 100 Between 1200 and 1500 8 seconds 8 seconds 8 seconds 512 255 120 120 Table 54-2.
• • • • Disable Preempt (optional) Change the Advertisement interval (optional) Track an Interface or Object (optional) VRRP initialization delay For a complete listing of all commands related to VRRP, refer to FTOS Command Line Interface. Create a Virtual Router To enable VRRP, you must create a Virtual Router. In FTOS, a VRRP Group is identified by the Virtual Router Identifier (VRID). To enable a Virtual Router, use the following command in the INTERFACE mode.
www.dell.com | support.dell.com C-Series supports a total of 128 VRRP groups on the switch with varying number of maximum VRRP groups per interface (Table 54-1). S-Series supports a total of 120 VRRP groups on a switch with FTOS or a total of 20 VRRP groups when using SFTOS. The S-Series supports varying number of maximum VRRP groups per interface (Table 54-1).
Figure 54-5. Command Example Display: show config for the Interface Note that the Primary IP address and the Virtual IP addresses are on the same subnet in the following example. FTOS(conf-if-gi-1/1)#show conf ! interface GigabitEthernet 1/1 ip address 10.10.10.1/24 ! vrrp-group 111 priority 255 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.
www.dell.com | support.dell.com Set VRRP Group (Virtual Router) Priority Setting a Virtual Router priority to 255 ensures that router is the “owner” virtual router for the VRRP group. VRRP elects the MASTER router by choosing the router with the highest priority. THe default priority for a Virtual Router is 100. The higher the number, the higher the priority. If the MASTER router fails, VRRP begins the election process to choose a new MASTER router based on the next-highest priority.
Configure VRRP Authentication Simple authentication of VRRP packets ensures that only trusted routers participate in VRRP processes. When authentication is enabled, FTOS includes the password in its VRRP transmission, and the receiving router uses that password to verify the transmission. Note: All virtual routers in the VRRP group must be configured the same: authentication must be enabled with the same password or authentication is disabled.
www.dell.com | support.dell.com Prevent the BACKUP router with the higher priority from becoming the MASTER router by disabling preempt. Note: All virtual routers in the VRRP group must be configured the same: all configured with preempt enabled or configured with preempt disabled. Since preempt is enabled by default, disable the preempt function with the following command in the VRRP mode. Re-enable preempt by entering the preempt command.
Change that advertisement interval with the following command in the VRRP mode: Task Command Syntax Command Mode Change the advertisement interval setting. advertise-interval seconds Range: 1-255 seconds Default: 1 second INTERFACE-VRID Figure 54-13. Command Example: advertise-interval FTOS(conf-if-gi-1/1)#vrrp-group 111 FTOS(conf-if-gi-1/1-vrid-111)#advertise-interval 10 FTOS(conf-if-gi-1/1-vrid-111)# Figure 54-14.
www.dell.com | support.dell.com • • • • 10-Gigabit Ethernet: Enter tengigabitethernet slot/port. Port channel: Enter port-channel number, where valid port-channel numbers are: • For the C-Series and S-Series, 1 to 128 • For the E-Series: 1 to 32 for EtherScale, 1 to 255 for TeraScale, and 1 to 512 for ExaScale SONET: Enter sonet slot/port. VLAN: Enter vlan vlan-id, where valid VLAN IDs are from 1 to 4094.
Figure 54-16. Command Example Display: track in VRID mode FTOS(conf-if-gi-1/1-vrid-111)#show conf ! vrrp-group 111 advertise-interval 10 authentication-type simple 7 387a7f2df5969da4 no preempt priority 255 track GigabitEthernet 1/2 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.3 virtual-address 10.10.10.10 FTOS(conf-if-gi-1/1-vrid-111)# Figure 54-17.
www.dell.com | support.dell.com Figure 54-19. Command Example: show running-config interface FTOS#show running-config interface gigabitethernet 7/30 interface GigabitEthernet 7/30 no ip address ipv6 address 2007::30/64 vrrp-ipv6-group 1 track 2 priority-cost 20 track 3 priority-cost 30 virtual-address 2007::1 virtual-address fe80::1 no shutdown VRRP initialization delay VRRP initialization delay is supported on the and S4820T only.
Sample Configurations VRRP for IPv4 Configuration The configuration in Figure 54-20 shows how to enable IPv4 VRRP. This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, etc. Figure 54-20 shows the VRRP topology created with the CLI configuration in Figure 54-22. Figure 54-20.
www.dell.com | support.dell.com Figure 54-21. Configure VRRP for IPv4 Router 2 R2(conf)#int gi 2/31 R2(conf-if-gi-2/31)#ip address 10.1.1.1/24 R2(conf-if-gi-2/31)#vrrp-group 99 R2(conf-if-gi-2/31-vrid-99)#priority 200 R2(conf-if-gi-2/31-vrid-99)#virtual 10.1.1.3 R2(conf-if-gi-2/31-vrid-99)#no shut R2(conf-if-gi-2/31)#show conf ! interface GigabitEthernet 2/31 ip address 10.1.1.1/24 ! vrrp-group 99 priority 200 virtual-address 10.1.1.
VRRP for IPv6 Configuration Figure 54-22 shows an example of a VRRP for IPv6 configuration in which the IPv6 VRRP group consists of two routers. This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, etc. Figure 54-22 shows the VRRP for IPv6 topology with the CLI configuration. Figure 54-22.
www.dell.com | support.dell.com Figure 54-23.
VRRP in VRF Configuration The example in this section shows how to enable VRRP operation in a VRF virtualized network for the following scenarios: • • Multiple VRFs on physical interfaces running VRRP Multiple VRFs on VLAN interfaces running VRRP To view a VRRP in VRF configuration, use the show commands described in Displaying a VRRP in VRF Configuration on page 1066. Non-VLAN Scenario Figure 54-24. VRRP in VRF: Non-VLAN Example Switch-1 VRID 11 Node IP 10.10.1.5 Virtual IP 10.10.1.
www.dell.com | support.dell.com Both Switch-1 and Switch-2 have three VRF instances defined: VRF-1, VRF-2, and VRF-3. Each VRF has a separate physical interface to a LAN switch and an upstream VPN interface to connect to the Internet. Both Switch-1 and Switch-2 use VRRP groups on each VRF instance in order that there is one master and one backup router for each VRF. In VRF-1 and VRF-2, Switch-2 serves as owner-master of the VRRP group and Switch-1 serves as the backup.
Figure 54-26. VRRP in VRF: Switch-2 Non-VLAN Configuration Switch-2 S2(conf)#ip vrf default-vrf 0 ! S2(conf)#ip vrf VRF-1 1 ! S2(conf)#ip vrf VRF-2 2 ! S2(conf)#ip vrf VRF-3 3 ! S2(conf)#interface GigabitEthernet 12/1 S2(conf-if-gi-12/1)#ip vrf forwarding VRF-1 S2(conf-if-gi-12/1)#ip address 10.10.1.2/24 S2(conf-if-gi-12/1)#vrrp-group 11 % Info: The VRID used by the VRRP group 11 in VRF 1 will be 177. S2(conf-if-gi-12/1-vrid-101)#priority 255 S2(conf-if-gi-12/1-vrid-101)#virtual-address 10.10.1.
www.dell.com | support.dell.com Figure 54-27. 1064 VRRP in VRF: Switch-1 VLAN Configuration Switch-1 S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface GigabitEthernet 12/4 S1(conf-if-gi-12/4)#no ip address S1(conf-if-gi-12/4)#switchport S1(conf-if-gi-12/4)#no shutdown ! S1(conf-if-gi-12/4)#interface vlan 100 S1(conf-if-vl-100)#ip vrf forwarding VRF-1 S1(conf-if-vl-100)#ip address 10.10.1.
Figure 54-28. VRRP in VRF: Switch-2 VLAN Configuration Switch-2 S2(conf)#ip vrf VRF-1 1 ! S2(conf)#ip vrf VRF-2 2 ! S2(conf)#ip vrf VRF-3 3 ! S2(conf)#interface GigabitEthernet 12/4 S2(conf-if-gi-12/4)#no ip address S2(conf-if-gi-12/4)#switchport S2(conf-if-gi-12/4)#no shutdown ! S2(conf-if-gi-12/4)#interface vlan 100 S2(conf-if-vl-100)#ip vrf forwarding VRF-1 S2(conf-if-vl-100)#ip address 10.10.1.
www.dell.com | support.dell.com Displaying a VRRP in VRF Configuration To display information on a VRRP group that is configured on an interface that belongs to a VRF instance, enter the show running-config track [interface interface] command: Figure 54-29. Command Example: show running-config track interface FTOS#show running-config interface gigabitethernet 13/4 interface GigabitEthernet 13/4 ip vrf forwarding red ip address 192.168.0.1/24 vrrp-group 4 virtual-address 192.168.0.
55 S-Series Debugging and Diagnostics The chapter contains the following major sections: • • • • • • • • • • Offline diagnostics Trace logs Last restart reason (S4810 and S4820T) show hardware commands (S4810 and S4820T) Environmental monitoring Buffer tuning Troubleshooting packet loss Application core dumps Mini core dumps TCP dumps Offline diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware.
www.dell.com | support.dell.com Important Points to Remember • You can only perform offline diagnostics on an offline standalone unit or offline member unit of a stack of three or more. You cannot perform diagnostics on the management or standby unit in a stack of two or more (Message 1). Message 1 Offline Diagnostics on Master/Standby Error Running Diagnostics on master/standby unit is not allowed on stack. • • • • Perform offline diagnostics on one stack member at a time.
Figure 55-2. Verifying the Offline/Online Status of an S-Series Stack Unit FTOS#show system brief | no-more Stack MAC : 00:01:e8:d6:02:39 -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports --------------------------------------------------------------------------0 Standby online S25V S25V 4.7.7.220 28 1 Management offline S50N S50N 4.7.7.220 52 2 Member online S25P S25P 4.7.7.
www.dell.com | support.dell.com Figure 55-3. Running Offline Diagnostics on an S-Series Standalone Unit FTOS#diag stack-unit 1 alllevels Warning - diagnostic execution will cause multiple link flaps on the peer side - advisable to shut directly connected ports Proceed with Diags [confirm yes/no]: yes 00:03:35: %S50N:1 %DIAGAGT-6-DA_DIAG_STARTED: Starting diags on stack unit 1 00:03:35 : Approximate time to complete these Diags ...
4. View the results of the diagnostic tests using the command show file flash:// from EXEC Privilege mode, as shown in Figure 55-5. Figure 55-5. Viewing the Results of Offline Diagnostics on a Standalone Unit FTOS#show file flash://TestReport-SU-0.txt **********************************S-Series Diagnostics******************** Stack Unit Board Serial Number : DL267160098 CPU Version : MPC8541, Version: 1.1 PLD Version : 5 Diag image based on build : E_MAIN4.7.7.206 Stack Unit Board Voltage levels - 3.
www.dell.com | support.dell.com Auto Save on Crash or Rollover Exception information on for master or standby units is stored in the flash:/TRACE_LOG_DIR directory. This directory contains files that save trace information when there has been a task crash or timeout. On a master unit, the TRACE_LOG_DIR files can be reached by FTP or by using the show file command from the flash://TRACE_LOG_DIR directory.
show hardware commands (S4810 and S4820T) Note: The show hardware command tree is supported on the S4810 and S4820T only. The show hardware command tree consists of EXEC Privilege commands used with the S4810 and S4820T systems. These commands display information from a hardware sub-component and from hardware-based feature tables. Table 55-3 lists the show hardware commands available as of the latest FTOS version on the S4810 and S4820T.
www.dell.com | support.dell.com Table 55-3. show hardware Commands Command Description show hardware stack-unit {0-11} unit {0-1} ipmc-replication View the Multicast IPMC replication table from the bShell. show hardware stack-unit {0-11} unit {0-1} port-stats [detail] View the internal statistics for each port-pipe (unit) on per port basis. show hardware stack-unit {0-11} unit {0-1} register View the stack-unit internal registers for each port-pipe.
Message 3 Over Temperature Condition System Messages CHMGR-2-MAJOR_TEMP: Major alarm: chassis temperature high (temperature reaches or exceeds threshold of [value]C) CHMGR-2-TEMP_SHUTDOWN_WARN: WARNING! temperature is [value]C; approaching shutdown threshold of [value]C To view the programmed alarm thresholds levels, including the shutdown value, execute the show alarms threshold command shown in Figure 55-7. Figure 55-7.
www.dell.com | support.dell.com This message in Message 4 indicates that the specified card is not receiving enough power. In response, the system first shuts down Power over Ethernet (PoE). If the under-voltage condition persists, line cards are shut down, then RPMs. Troubleshoot an under-voltage condition To troubleshoot an under-voltage condition, check that the correct number of power supplies are installed and their Status LEDs are lit.
• Forwarding Processor (FP) ASICs provide Ethernet MAC functions, queueing and buffering, as well as store feature and forwarding tables for hardware-based lookup and forwarding decisions. 1G and 10G interfaces use different FPs. Table 55-5 describes the type and number of ASICs per platform. Table 55-5. ASICS by Platform Hardware FP CSF S50N, S50V 2 0 S25V, S25P, S25N 1 0 You can tune buffers at three locations, as shown in Figure 55-8. 1. CSF – Output queues going from the CSF. 2.
www.dell.com | support.dell.com Figure 55-8. Buffer Tuning Points CSF Unit 3 1 IDP Switch Links 2 FP Unit 1 3 Front-end Links PHY PHY Deciding to tune buffers Dell Force10 recommends exercising caution when configuring any non-default buffer settings, as tuning can significantly affect system performance. The default values work for most cases. As a guideline, consider tuning buffers if traffic is very bursty (and coming from several interfaces).
Buffer tuning commands Task Command Command Mode Define a buffer profile for the FP queues. buffer-profile fp fsqueue CONFIGURATION Define a buffer profile for the CSF queues. buffer-profile csf csqueue CONFIGURATION Change the dedicated buffers on a physical 1G interface. buffer dedicated BUFFER PROFILE Change the maximum amount of dynamic buffers an interface can request. buffer dynamic BUFFER PROFILE Change the number of packet-pointers per queue.
www.dell.com | support.dell.com Figure 55-9. Display the Default Buffer Profile FTOS#show buffer-profile detail interface gigabitethernet 0/1 Interface Gi 0/1 Buffer-profile Dynamic buffer 194.88 (Kilobytes) Queue# Dedicated Buffer Buffer Packets (Kilobytes) 0 2.50 256 1 2.50 256 2 2.50 256 3 2.50 256 4 9.38 256 5 9.38 256 6 9.38 256 7 9.38 256 Figure 55-10.
Using a pre-defined buffer profile FTOS provides two pre-defined buffer profiles, one for single-queue (i.e non-QoS) applications, and one for four-queue (i.e QoS) applications. Task Command Mode Apply one of two pre-defined buffer profiles for all port pipes in the system. buffer-profile global [1Q|4Q] CONFIGURATION You must reload the system for the global buffer profile to take effect (Message 5).
www.dell.com | support.dell.com Figure 55-11.
Figure 55-12.
www.dell.com | support.dell.com Figure 55-13.
Figure 55-14.
www.dell.com | support.dell.com Displaying Stack Port Statistics The show hardware stack-unit stack-port command displays input and output statistics for a stack-port interface, as shown in Figure 55-16. Figure 55-16.
Application core dumps Application core dumps are disabled by default. A core dump file can be very large. Due to memory requirements the file can only be sent directly to an FTP server. It is not stored on the local flash. Enable full application core dumps with the following: Task Command Syntax Command Mode Enable RPM core dumps and specify the shutdown mode. logging coredump server CONFIGURATION Undo this command using the no logging coredump server.
www.dell.com | support.dell.com Figure 55-19.
Task Command Syntax Command Mode Enable a TCP dump for CPU bound traffic.
www.dell.com | support.dell.
56 Standards Compliance This document contains the following sections: • • • IEEE Compliance RFC and I-D Compliance MIB Location Note: Unless noted, when a standard cited here is listed as supported by FTOS, FTOS also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website. Click on “Browse and search IETF documents,” enter an RFC number, and inspect the top of the resulting document for obsolescence citations to related RFCs.
www.dell.com | support.dell.com • MTU — 9,252 bytes RFC and I-D Compliance The following standards are supported by FTOS, and are grouped by related protocol. The columns showing support by platform indicate which version of FTOS first supports the standard. Note: Checkmarks () in the E-Series column indicate that FTOS support was added before FTOS version 7.5.1. Table 56-1. General Internet Protocols FTOS support, per platform Full Name 768 User Datagram Protocol 7.6.1 7.5.1 8.1.
Table 56-2. General IPv4 Protocols FTOS support, per platform RFC# Full Name E-Series E-Series S-Series C-Series TeraScale ExaScale 791 Internet Protocol 7.6.1 7.5.1 8.1.1 792 Internet Control Message Protocol 7.6.1 7.5.1 8.1.1 826 An Ethernet Address Resolution Protocol 7.6.1 7.5.1 8.1.1 1027 Using ARP to Implement Transparent Subnet Gateways 7.6.1 7.5.1 8.1.1 1035 DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION (client) 7.6.1 7.5.1 8.1.
www.dell.com | support.dell.com Table 56-3. 1094 General IPv6 Protocols FTOS support, per platform | Full Name 1886 DNS Extensions to support IP version 6 7.8.1 7.8.1 8.2.1 1981 (Partial) Path MTU Discovery for IP version 6 7.8.1 7.8.1 8.2.1 2460 Internet Protocol, Version 6 (IPv6) Specification 7.8.1 7.8.1 8.2.1 2462 (Partial) IPv6 Stateless Address Autoconfiguration 7.8.1 7.8.1 8.2.1 2464 Transmission of IPv6 Packets over Ethernet Networks 7.8.1 7.8.1 8.2.
Table 56-4. Border Gateway Protocol (BGP) FTOS support, per platform S-Series C-Series E-Series TeraScale E-Series ExaScale RFC# Full Name 1997 BGP Communities Attribute 7.8.1 7.7.1 8.1.1 2385 Protection of BGP Sessions via the TCP MD5 Signature Option 7.8.1 7.7.1 8.1.1 2439 BGP Route Flap Damping 7.8.1 7.7.1 8.1.1 2545 Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing 7.8.1 8.2.
www.dell.com | support.dell.com Table 56-5. Open Shortest Path First (OSPF) FTOS support, per platform Full Name 1587 The OSPF Not-So-Stubby Area (NSSA) Option 7.6.1 7.5.1 8.1.1 2154 OSPF with Digital Signatures 7.6.1 7.5.1 8.1.1 2328 OSPF Version 2 7.6.1 7.5.1 8.1.1 2370 The OSPF Opaque LSA Option 7.6.1 7.5.1 8.1.1 2740 OSPF for IPv6 7.8.1 8.2.1 3623 Graceful OSPF Restart 7.8.1 7.5.1 8.1.
Table 56-7. Routing Information Protocol (RIP) FTOS support, per platform C-Series E-Series ExaScale Full Name 1058 Routing Information Protocol 7.8.1 7.6.1 8.1.1 2453 RIP Version 2 7.8.1 7.6.1 8.1.1 4191 Default Router Preferences and More-Specific Routes Table 56-8. S-Series E-Series TeraScale RFC# 8.3.12.
www.dell.com | support.dell.com Table 56-9. Multicast FTOS support, per platform RFC# Full Name 1112 | E-Series ExaScale C-Series Host Extensions for IP Multicasting 7.8.1 7.7.1 8.1.1 2236 Internet Group Management Protocol, Version 2 7.8.1 7.7.1 8.1.1 2710 Multicast Listener Discovery (MLD) for IPv6 8.2.1 3376 Internet Group Management Protocol, Version 3 3569 An Overview of Source-Specific Multicast (SSM) 3618 7.8.1 7.7.1 8.1.1 7.8.1 SSM for IPv4 7.7.
Table 56-10. Network Management FTOS support, per platform S-Series C-Series E-Series TeraScale E-Series ExaScale RFC# Full Name 1155 Structure and Identification of Management Information for TCP/IP-based Internets 7.6.1 7.5.1 8.1.1 1156 Management Information Base for Network Management of TCP/IP-based internets 7.6.1 7.5.1 8.1.1 1157 A Simple Network Management Protocol (SNMP) 7.6.1 7.5.1 8.1.1 1212 Concise MIB Definitions 7.6.1 7.5.1 8.1.
www.dell.com | support.dell.com Table 56-10. 1100 Network Management (continued) FTOS support, per platform | C-Series E-Series ExaScale Full Name 2576 Coexistence Between Version 1, Version 2, and Version 3 of the Internet-standard Network Management Framework 7.6.1 7.5.1 8.1.1 2578 Structure of Management Information Version 2 (SMIv2) 7.6.1 7.5.1 8.1.1 2579 Textual Conventions for SMIv2 7.6.1 7.5.1 8.1.1 2580 Conformance Statements for SMIv2 7.6.1 7.5.1 8.1.
Table 56-10. Network Management (continued) FTOS support, per platform C-Series E-Series ExaScale Full Name 3815 Definitions of Managed Objects for the Multiprotocol Label Switching (MPLS), Label Distribution Protocol (LDP) 4001 Textual Conventions for Internet Network Addresses 8.3.12 5060 Protocol Independent Multicast MIB 7.8.1 7.8.1 7.7.1 8.1.1 ANSI/TIA-1057 The LLDP Management Information Base extension module for TIA-TR41.4 Media Endpoint Discovery information 7.7.1 7.6.1 7.6.1 8.
www.dell.com | support.dell.com Table 56-10. Network Management (continued) FTOS support, per platform S-Series C-Series | E-Series ExaScale Full Name FORCE10-CS-C HASSIS-MIB Force10 C-Series Enterprise Chassis MIB FORCE10-IF-EX TENSION-MIB Force10 Enterprise IF Extension MIB (extends the Interfaces portion of the MIB-2 (RFC 1213) by providing proprietary SNMP OIDs for other counters displayed in the "show interfaces" output) 7.6.1 7.6.1 7.6.1 8.1.
MIB Location Force10 MIBs can be found under the Force10 MIBs subhead on the Documentation page of iSupport: https://www.force10networks.com/csportal20/KnowledgeBase/Documentation.aspx You also can obtain a list of selected MIBs and their OIDs at the following URL: https://www.force10networks.com/csportal20/MIBs/MIB_OIDs.aspx Some pages of iSupport require a login. To request an iSupport account, go to: https://www.force10networks.com/CSPortal20/Support/AccountRequest.
| Standards Compliance www.dell.com | support.dell.
Index Numerics 10/100/1000 Base-T Ethernet line card, auto negotiation 474 100/1000 Ethernet interfaces port channels 448 4-Byte AS Numbers 192 802.1AB 1091 802.1D 1091 802.1p 1091 802.1p/Q 1091 802.1Q 1091 802.1s 1091 802.1w 1091 802.1X 1091 802.3ab 1091 802.3ac 1091 802.3ad 1091 802.3ae 1091 802.3af 1091 802.3ak 1091 802.3i 1091 802.3u 1091 802.3x 1091 802.
www.dell.com | support.dell.
fast-convergence OSPF 707 File Transfer Protocol. See FTP.
www.dell.com | support.dell.
NSSA External 695 Opaque Area-local 694 Opaque Link-local 695 Router 694 types supported 694 LSPs 514 M MAC hashing scheme 457 management interface 440 accessing 443 configuring a management interface 443 configuring IP address 443 definition 442 IP address consideration 443 management interface, switch 439 max age 812, 951 MBGP 238 Member VLAN (FRRP) 387 MIB Location 1103 minimum oper up links in a port channel 453 mirror, port 727, 981 remote port mirroring 982 monitor interfaces 462 MSDP 631 MT IS-IS 5
www.dell.com | support.dell.
disabling RIP 786 ECMP paths supported 784 enabling RIP 785 route information 787 setting route metrics 791 summarizing routes 791 timer values 784 version 1 description 783 version default on interfaces 784 RIP routes, maximum 784 RIPv1 783 RIPv2 784 root bridge 811, 951 route maps configuring match commands 139 configuring set commands 141 creating 137 creating multiple instances 137 default action 137 definition 136 deleting 137, 138 implementation 136 implicit deny 136 redistributing routes 141 tagging
www.dell.com | support.dell.
TACACS+ authentication, support for local authorization 851 W When to Use CAM Profiling 267 Index | 1113
| Index www.dell.com | support.dell.
