FTOS Configuration Guide for the S5000 Switch FTOS 9.0(1.
Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Information in this publication is subject to change without notice. © 2013 Dell Networking. All rights reserved.
1 About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Saving the Running-configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Configuring the Overload bit for Startup Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Viewing Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Viewing Configuration Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Recovering from a Failed Start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 5 802.1ag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Ethernet CFM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Maintenance Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Maintenance Points . . . .
www.dell.com | support.dell.com Configuring a Guest VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 Configuring an Authentication-fail VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 7 Access Control Lists (ACLs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Route Map Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Configuring a route map for route redistribution . . . . . . . . . . . . . . . . . . . . . . . . 143 Configuring a route map for route tagging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Continue clause . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 8 Bidirectional Forwarding Detection (BFD) . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com AS Number Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 BGP4 Management Information Base (MIB) . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 Configuration Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203 BGP Configuration. . . . . . . . . . . . . .
13 Data Center Bridging (DCB) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287 Ethernet Enhancements in Data Center Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . 287 Priority-Based Flow Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288 Enhanced Transmission Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289 Data Center Bridging Exchange Protocol . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com 14 Dynamic Host Configuration Protocol (DHCP) . . . . . . . . . . . . . . . . . . . . . . . . . . 333 Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333 DHCP Packet Format and Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334 Assigning an IP Address using DHCP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335 Implementation Information . . . . . . . . . . . .
FIP Snooping in an S5000 Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363 Impact on Other Software Features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364 FIP Snooping Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364 FIP Snooping Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365 FIP Snooping Configuration Procedure . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com IGMP version 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398 IGMP version 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399 Configuring IGMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402 Related Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1G/10G interfaces in port channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 422 Configuration task list for port channel interfaces . . . . . . . . . . . . . . . . . . . . . . . 423 Creating a port channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423 Adding a physical interface to a port channel . . . . . . . . . . . . . . . . . . . . . . . . . . 424 Reassigning an interface to a new port channel . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Configuration Task List for IP Addresses. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456 Directed Broadcast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460 Resolution of Host Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460 ARP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Timers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486 Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487 Configuration Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488 Configuration Task List for IS-IS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488 Configuring the distance of a route . . . .
www.dell.com | support.dell.com LACP Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533 Creating a LAG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533 Configuring the LAG interface as dynamic . . . . . . . . . . . . . . . . . . . . . . . . . . . . 534 Setting the LACP long timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 534 Monitoring and Debugging LACP . . . .
Viewing Information Advertised by Adjacent LLDP Agents . . . . . . . . . . . . . . . . . . . 561 Configuring LLDPDU Intervals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563 Configuring Transmit and Receive Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 564 Configuring a Time to Live . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565 Debugging LLDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Modifying Global Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607 Modifying Interface Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 608 Configuring an EdgePort . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 609 Flushing MAC Addresses after a Topology Change . . . . . . . . . . . . . . . . . . . . . . . . 610 MSTP Sample Configurations . . . .
Tracking Layer 3 Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 649 Tracking IPv4 and IPv6 Routes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 649 Setting Tracking Delays. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 650 VRRP Object Tracking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 650 Object Tracking Configuration . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Creating Multicast Boundaries and Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 698 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 698 36 Port Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 699 Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuring Port-based Rate Shaping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 731 Policy-based QoS Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 731 Classifying Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 732 Creating a QoS Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 734 Creating Policy Maps. . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Modifying Global Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 773 Modifying Interface Parameters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 774 Configuring an EdgePort . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 775 Influencing RSTP Root Selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
VLAN Stacking Packet Drop Precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 817 Enable Drop Eligibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 817 Honoring the Incoming DEI Value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 818 Marking Egress Packets with a DEI Value. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 818 Dynamic Mode CoS for VLAN Stacking . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Managing VLANs using SNMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 847 Creating a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 847 Assigning a VLAN Alias . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 847 Displaying the Ports in a VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Upgrading a Switch Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 889 Upgrading a Single Stack Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 890 48 Storm Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 891 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 891 Configuring Storm Control . .
www.dell.com | support.dell.com Enabling NTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 916 Setting the Hardware Clock with the Time Derived from NTP . . . . . . . . . . . . . . 916 Configuring NTP broadcasts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 917 Disabling NTP on an interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 917 Configuring a source IP address for NTP packets. . .
54 Virtual Link Trunking (VLT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 953 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 953 VLT on Core Switches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 955 Enhanced VLT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 956 VLT Terminology . . . . . . . . . . .
www.dell.com | support.dell.com Environmental monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1022 Recognizing an over-temperature condition . . . . . . . . . . . . . . . . . . . . . . . . . . 1023 Troubleshooting an over-temperature condition . . . . . . . . . . . . . . . . . . . . . . . 1024 Recognizing an under-voltage condition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1024 Troubleshooting an under-voltage condition . . . . . . . . . . .
1 About this Guide Objectives This guide describes the protocols and features supported on Dell Networking switches and routers by the Dell Networking Operating System (FTOS) and provides configuration instructions and examples for implementing them. It supports the S5000 platform. The S5000 switch is available with FTOS version 9.0(1.3) and supports stacking. Though this guide contains information on protocols, it is not intended to be a complete reference.
www.dell.com | support.dell.com 30 Related Documents For more information about the S5000 switch, refer to the following documents: • • • | Dell Networking S5000 Getting Started Guide FTOS Version 9.0(1.3) Dell Networking S5000 Installation Guide FTOS Version 9.0(1.3) FTOS Command Line Reference Guide for the S5000 Switch, FTOS 9.0(1.
2 Configuration Fundamentals The FTOS Command Line Interface (CLI) is a text-based interface through which you can configure interfaces and protocols. The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and you can limit user access to modes using privilege levels. In FTOS, after a command is enabled, it is entered into the running configuration file.
www.dell.com | support.dell.com Figure 2-1. Logging into the System using Telnet telnet 172.31.1.53 Trying 172.31.1.53... Connected to 172.31.1.53. Escape character is '^]'. Login: username Password: FTOS> EXEC mode prompt CLI Modes Different sets of commands are available in each mode. A command found in one mode cannot be executed from another mode (with the exception of EXEC mode commands preceded by the command do; for more information, refer to The do Command and EXEC Privilege Mode commands).
EXEC EXEC Privilege CONFIGURATION AS-PATH ACL INTERFACE GIGABIT ETHERNET TEN GIGABIT ETHERNET FORTY GIGABIT ETHERNET FIBRE CHANNEL INTERFACE RANGE LOOPBACK MANAGEMENT ETHERNET NULL PORT-CHANNEL VLAN IP IPv6 IP COMMUNITY-LIST IP ACCESS-LIST STANDARD ACCESS-LIST EXTENDED ACCESS-LIST LINE CONSOLE VIRTUAL TERMINAL MAC ACCESS-LIST MAC CONTROL-PLANE MONITOR SESSION MULTIPLE SPANNING TREE Per-VLAN SPANNING TREE RAPID SPANNING TREE GVRP LLDP FIBRE CHANNEL PREFIX-LIST REDIRECT ROUTE-MAP ROUTER BGP ROUTER ISIS ROUTER
www.dell.com | support.dell.com Navigating CLI Modes The FTOS prompt changes to indicate the CLI mode. Table 2-1 lists the CLI mode, its prompt, and information on how to access and exit this CLI mode. You must move linearly through the command modes, with the exception of the end command which takes you directly to EXEC Privilege mode; the exit command moves you up one command mode level.
Table 2-1.
www.dell.com | support.dell.com Table 2-1. FTOS Command Modes CLI Command Mode TRACE-LIST Prompt Access Command FTOS(conf-trace-acl)# ip trace-list The following example illustrates how to change the command mode from CONFIGURATION mode to PROTOCOL SPANNING TREE. Figure 2-2.
You can install Ethernet and Fibre Channel modules in any slot (0 to 3) on the I/O panel. On the S5000, the valid slot numbers are the supported stack-unit numbers (0 to 11). The valid port numbers for each interface type are listed below. • • • • • 1GbE: Ports 0-47 10GbE: Ports 0-63 40GbE: Ports 48, 52, 56, and 60 Fibre Channel: Ports 0-47 Management: Port 0 The do Command Enter an EXEC mode command from any CONFIGURATION mode (CONFIGURATION, INTERFACE, SPANNING TREE, etc.
www.dell.com | support.dell.com Figure 2-5. Undoing a command with the no Command FTOS(conf)#interface tengigabitethernet 5/1 FTOS(conf-if-te-5/1)#ip address 192.168.10.1/24 FTOS(conf-if-te-5/1)#show config ! interface TenGigabitEthernet 5/1 ! ip address 192.168.10.
• A keyword followed by [space]? lists all of the keywords that can follow the specified keyword. Figure 2-8. Keyword ? Command Example FTOS(conf)#clock ? summer-time timezone FTOS(conf)#clock keyword plus “[space]?” for compatible keywords Configure summer (daylight savings) time Configure time zone Entering and Editing Commands When entering commands: • • • • • • Table 2-2. The CLI is not case sensitive. You can enter partial CLI keywords.
www.dell.com | support.dell.com Table 2-2. Short-Cut Keys and their Actions (continued) Key Combination Action Esc F Moves the cursor forward one word. Esc D Deletes all characters from the cursor to the end of the word. Command History FTOS maintains a history of previously-entered commands for each mode. For example: • • When you are in EXEC mode, the UP and DOWN arrow keys display the previously-entered EXEC mode commands.
Note: FTOS accepts a space or no space before and after the pipe. To filter on a phrase with spaces, underscores, or ranges, enclose the phrase with double quotation marks. • except displays text that does not match the specified text. The following example shows this command used in combination with the command do show stack-unit all stack-ports all pfc details | except 0. Figure 2-10.
www.dell.com | support.dell.com Multiple Users in Configuration mode FTOS notifies all users in the event that there are multiple users logged into CONFIGURATION mode. A warning message indicates the username, type of connection (console or vty), and in the case of a vty connection, the IP address of the terminal on which the connection was established.
3 Getting Started This chapter contains the following major sections: • • • • • • • • • • • • • • • • • • • • • • • • • • • • Accessing Ports Accessing the RJ-45/RS-232 Console Port Accessing the RJ-45 console port with a DB-9 adapter Accessing the USB-B Console Port Booting Process Entering the Initial Configuration Information Configuring the Enable Password Configuring a Host Name Navigating CLI Modes Default Configuration Configuring Layer 2 (Data Link) Mode Accessing the System Remotely Configuring th
www.dell.com | support.dell.com Accessing Ports The S5000 has two management ports available for system access—a console port and a Universal Serial Bus (USB)-B port. The USB-B port acts exactly the same as the console port. The terminal settings are the same for both access ports. Accessing the RJ-45/RS-232 Console Port Note: Before starting this procedure, be sure you have a terminal emulation program already installed on your PC.
Accessing the RJ-45 console port with a DB-9 adapter You can connect to the console using a RJ-45 to RJ-45 rollover cable and a RJ-45 to DB-9 female DTE adapter to a terminal server (for example, PC). Table 3-1 lists the pin assignments. Table 3-1.
www.dell.com | support.dell.com . The Command Line Interface (CLI) prompt appears (FTOS>_) when you are connected to the S5000. Note: Only one of the console ports can be active at a time; the USB console takes priority over the RJ-45 console by default. When a USB Host (PC) is plugged into the USB console port, the hardware automatically switches over to use the USB console.
Booting Process After you set up the S5000 as described in the installation procedure in the S5000 Getting Started Guide, the switch boots up. Figure 3-2 shows an example of the completed boot process. Figure 3-2. Completed Boot Process (1 of 3 screens) U-Boot 2012.04(Dell Networking) Built by build at tools-sjc-01 on Tue Jan 15 S5000 Boot Selector Label 1.3.0.0m CPU0: Core: .
www.dell.com | support.dell.com Figure 3-3. Completed Boot Process (2 of 3 screens) Booting PRIMARY configuration... boot device file name Management Etherenet IP address Server IP address Default Gateway IP address Management Etherenet MAC address : : : : : : tftp FTOS-SH-9-0-1-0.bin 10.11.210.35/16 10.11.8.13 10.11.210.63 5C:F9:DD:EF:0A:42 Management ethernet Port Configuration: Auto Negotiate Using e1000#0 device TFTP from server 10.11.8.13; our IP address is 10.11.210.35 Filename 'FTOS-SH-9-0-1-0.
Figure 3-4. Completed Boot Process (3 of 3 screens) 00:00:38: %STKUNIT0-M:CP %RAM-6-ELECTION_ROLE: Stack unit 0 is transitioning to Management unit.
www.dell.com | support.dell.com Configuring the Enable Password Access the EXEC Privilege mode using the enable command. The EXEC Privilege mode is unrestricted by default. Configure a password as a basic security measure. There are two types of enable passwords: • enable password stores the password in the running/startup configuration using a DES encryption method. • enable secret is stored in the running/startup configuration in using a stronger, MD5 encryption method.
Configuring a Host Name The host name appears in the prompt. The default host name is FTOS. The text string of a host name can consist of letters, digits, and hyphens. To configure a host name: Task Command Syntax Command Mode Create a new host name. hostname name CONFIGURATION The example below illustrates the hostname command. Figure 3-5. Configuring a Hostname Default Hostname FTOS(conf)#hostname R1 R1(conf)# New Hostname Navigating CLI Modes The FTOS prompt changes to indicate the CLI mode.
www.dell.com | support.dell.com Step 2 Task Command Syntax Command Mode Place the interface in Layer 2 (switching) mode. switchport INTERFACE To view the interfaces in Layer 2 mode, use the show interfaces switchport command in EXEC mode. Accessing the System Remotely You can configure the system to access it remotely by Telnet. The system has a dedicated management port and a management routing table that is separate from the IP routing table.
Configuring a Management Route Define a path from the system to the network from which you are accessing the system remotely. Management routes are separate from IP routes and are only used to manage the system through the management port. To configure a management route: Step 1 Task Command Syntax Command Mode Configure a management route to the network from which you are accessing the system.
www.dell.com | support.dell.com To create a port-based VLAN, follow this step: Step 1 Task Command Syntax Command Mode Configure a port-based VLAN (if the vlan-id is different from the Default VLAN ID) and enter INTERFACE VLAN mode. After you create a VLAN, you must assign interfaces in Layer 2 mode to the VLAN to activate the VLAN. interface vlan vlan-id CONFIGURATION To view the configured VLANs, use the show vlan command in EXEC Privilege mode.
To move untagged interfaces, follow these steps: Step Task Command Syntax Command Mode 1 Access the INTERFACE VLAN mode of the VLAN to which you want to assign the interface. interface vlan vlan-id CONFIGURATION 2 Configure an interface as untagged. This command is available only in VLAN interfaces. untagged interface INTERFACE Assigning an IP Address to a VLAN VLANs are a Layer 2 feature.
www.dell.com | support.dell.com Copying Files to and from the System The command syntax for copying files is similar to UNIX. The copy command uses the format copy source-file-url destination-file-url. Note: For a detailed description of the copy command, refer to the FTOS Command Reference Guide. • • To copy a local file to a remote system, combine the file-origin syntax for a local file location with the file-destination syntax for a remote file location, see Table 3-2.
Figure 3-6. Copying a file to a Remote System Local Location Remote Location FTOS#copy flash://FTOS-EF-8.2.1.0.bin ftp://myusername:mypassword@10.10.10.10//FTOS/FTOS-EF-8.2.1.0 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 27952672 bytes successfully copied Figure 3-7 shows an example of using the copy command to import a file to the S5000 switch from an FTP server. Figure 3-7.
www.dell.com | support.dell.
Figure 3-8.
www.dell.com | support.dell.com Figure 3-9. Tracking Changes with Configuration Comments FTOS#show running-config Current Configuration ... ! Version 9-0(1-0) ! Last configuration change at Mon Jun 10 21:20:04 2030 by admin ! boot system stack-unit 0 primary system: B: boot system stack-unit 0 secondary tftp://10.200.200.241/kp-diablo boot system stack-unit 0 default tftp://10.11.200.
Figure 3-10. show file-systems Command Example FTOS#show file-systems Size(b) Free(b) Feature Type Flags 2143281152 2000785408 FAT32 USERFLASH 15848660992 831594496 FAT32 USBFLASH network network network Prefixes rw flash: rw usbflash: rw ftp: rw tftp: rw scp: You can change the default file system so that file management commands apply to a particular device or memory. To change the default storage location: Task Command Syntax Command Mode Change the default directory.
www.dell.com | support.dell.com Figure 3-12. 62 show command-history Command Example FTOS#show command-history [5/18 21:58:32]: CMD-(TEL0):[enable]by admin from vty0 (10.11.68.5) [5/18 21:58:48]: CMD-(TEL0):[configure]by admin from vty0 (10.11.68.5) - Repeated 1 time. [5/18 21:58:57]: CMD-(TEL0):[interface port-channel 1]by admin from vty0 (10.11.68.5) [5/18 21:59:9]: CMD-(TEL0):[show config]by admin from vty0 (10.11.68.5) [5/18 22:4:32]: CMD-(TEL0):[exit]by admin from vty0 (10.11.68.
4 Switch Management This chapter explains the different protocols or services used to manage the S5000 switch, including: • • • • • • • • • • • • • • • • • • • • • • • • • • • • • Configuring Privilege Levels Creating a Custom Privilege Level Removing a command from EXEC mode Moving a command from EXEC privilege mode to EXEC mode Allowing Access to CONFIGURATION mode commands Allowing Access to INTERFACE, LINE, ROUTE-MAP, and ROUTER modes Applying a Privilege Level to a Username Applying a Privilege Level
www.dell.com | support.dell.com Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line. There are 16 privilege levels, of which two are pre-defined. The default privilege level is 1. • • Level 1—Access to the system begins at EXEC mode, and EXEC mode commands are limited to enable, disable, and exit. Level 15—Access to the system begins at EXEC Privilege mode, and all commands are available.
Allowing Access to INTERFACE, LINE, ROUTE-MAP, and ROUTER modes 1. Similar to allowing access to CONFIGURATION mode, to allow access to INTERFACE, LINE, ROUTE-MAP, and ROUTER modes, you must first allow access to the command that enters you into the mode. For example, allow a user to enter INTERFACE mode using the command privilege configure level level interface tengigabitethernet command. 2.
www.dell.com | support.dell.com Figure 4-1.
Applying a Privilege Level to a Username To set a privilege level for a user: Task Command Syntax Command Mode Configure a privilege level for a user. username username privilege level CONFIGURATION Applying a Privilege Level to a Terminal Line To set a privilege level for a terminal line: Task Command Syntax Command Mode Configure a privilege level for a terminal line.
www.dell.com | support.dell.com Log Messages in the Internal Buffer All error messages, except those beginning with %BOOTUP (Message), are logged in the internal buffer.
Changing System Logging Settings You can change the default settings of the system logging by changing the severity level and the storage location. The default is to log all messages up to debug level, that is, all system messages. By changing the severity level in the logging commands, you control the number of system messages logged.
www.dell.com | support.dell.com Displaying the Logging Buffer and the Logging Configuration Display the current contents of the logging buffer and the logging settings for the system, use the show logging command in the EXEC privilege mode as shown in the example below. Figure 4-2.
Configuring a UNIX logging facility level You can save system log messages with a UNIX system logging facility. To configure a UNIX logging facility level, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose logging facility [facility-type] CONFIGURATION Specify one of the following parameters.
www.dell.com | support.dell.com Synchronizing log messages You can configure FTOS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system.
File Transfer Services With FTOS, you can configure the system to transfer files over the network using File Transfer Protocol (FTP). One FTP application is copying the system image files over an interface on to the system; however, FTP is not supported on VLAN interfaces. For more information on FTP, refer to RFC 959, File Transfer Protocol. Note: To transmit large files, Dell Networking recommends configuring the switch as an FTP server.
www.dell.com | support.dell.com Configuring FTP server parameters After the FTP server is enabled on the system, you can configure different parameters. To configure FTP server parameters, use any or all of the following commands in the CONFIGURATION mode: Command Syntax Command Mode Purpose ftp-server topdir dir CONFIGURATION Specify the directory for users using FTP to reach the system. The default is the internal flash directory.
To view FTP configuration, use the show running-config ftp command in the EXEC privilege mode as shown in the example for Enabling FTP server. Terminal Lines You can access the system remotely and restrict access to the system by creating user profiles. The terminal lines on the system provide different means of accessing the system. The virtual terminal lines (VTY) connect you through Telnet to the system. The auxiliary line (aux) connects secondary devices such as modems.
www.dell.com | support.dell.com Configuring Login Authentication for Terminal Lines You can use any combination of up to 6 authentication methods to authenticate a user on a terminal line. A combination of authentication methods is called a method list. If the user fails the first authentication method, FTOS prompts the next method until all methods are exhausted, at which point the connection is terminated. The available authentication methods are: • • • • • • enable—Prompt for the enable password.
Figure 4-6.
www.dell.com | support.dell.com Telneting to Another Network Device To telnet to another device: Task Command Syntax Command Mode Telnet to the stack-unit.You do not need to configure the management port on the stack-unit to be able to telnet to it. telnet-peer-stack-unit EXEC Privilege Telnet to a device with an IPv4 or IPv6 address. If you do not enter an IP address, FTOS enters a Telnet dialog that prompts you for one. • Enter an IPv4 address in dotted decimal format (A.B.C.D).
Figure 4-9. Locking CONFIGURATION mode FTOS(conf)#configuration mode exclusive auto FTOS(conf)#exit Feb 5 11:55:41: %STKUNIT0-M:CP %SYS-5-CONFIG_I: Configured from console FTOS#config ! Locks configuration mode exclusively. FTOS(conf)# If another user attempts to enter CONFIGURATION mode while a lock is in place, Message 1 appears on their terminal.
www.dell.com | support.dell.com Recovering from a Forgotten Password If you configure authentication for the console and you exit out of EXEC mode or your console session times out, you are prompted for a password to re-enter. If you forget your password, follow these steps: Step Task Command Syntax Command Mode 1 Log onto the system via console. 2 Power-cycle the chassis by switching off all of the power modules and then switching them back on.
Step Task Command Syntax Command Mode 4 Set the system parameters to ignore the startup configuration file when the switch reloads. ignore startup config BOOT USER 5 Reload the system. reload BOOT USER 6 Configure a new enable password. enable {secret | password} CONFIGURATION 7 Save the running-config to the startup-config.
| Switch Management www.dell.com | support.dell.
5 802.1ag 802.1ag is available on the S5000 switch. Ethernet Operations, Administration, and Maintenance (OAM) is a set of tools used to install, monitor, troubleshoot, and manage Ethernet infrastructure deployments. Ethernet OAM consists of three main areas: 1. Service Layer OAM: IEEE 802.1ag Connectivity Fault Management (CFM) 2. Link Layer OAM: IEEE 802.3ah OAM 3.
www.dell.com | support.dell.com Ethernet CFM Ethernet CFM is an end-to-end per-service-instance Ethernet OAM scheme which enables: proactive connectivity monitoring, fault verification, and fault isolation. The service-instance with regard to OAM for Metro/Carrier Ethernet is a VLAN. This service is sold to an end-customer by a network service provider. Typically, the service provider contracts with multiple network operators to provide end-to-end service between customers.
Figure 5-1. OAM Domains Service Provider Network Customer Network Customer Network Ethernet Access MPLS Core MPLS Access Customer Domain (7) Provider Domain (6) Operator Domain (5) Operator Domain (5) Operator Domain (5) MPLS Domain (4) Maintenance Points Domains are comprised of logical entities called Maintenance Points. A maintenance point is an interface demarcation that confines CFM frames to a domain.
www.dell.com | support.dell.com Maintenance End Points A Maintenance End Point (MEP) is a logical entity that marks the end-point of a domain. There are two types of MEPs defined in 802.1ag for an 802.1 bridge: • • Up-MEP: monitors the forwarding path internal to an bridge on the customer or provider edge; on Dell Networking systems the internal forwarding path is effectively the switch fabric and forwarding engine. Down-MEP: monitors the forwarding path external to another bridge.
a Continuity Check Messages b Loopback Message and Response c Linktrace Message and Response Related Configuration Tasks • • Enabling CFM SNMP Traps Displaying Ethernet CFM Statistics Enabling Ethernet CFM Task Command Syntax Command Mode Spawn the CFM process. No CFM configuration is allowed until the CFM process is spawned. ethernet cfm CONFIGURATION Disable Ethernet CFM without stopping the CFM process.
www.dell.com | support.dell.com Creating a Maintenance Association A Maintenance Association (MA) is a subdivision of an MD that contains all managed entities corresponding to a single end-to-end service, typically a VLAN. An MA is associated with a VLAN ID. Task Command Syntax Command Mode Create maintenance association. service name vlan vlan-id ECFM DOMAIN Creating Maintenance Points Domains are comprised of logical entities called Maintenance Points.
Task Command Syntax Command Mode FTOS#show ethernet cfm maintenance-points local mep ------------------------------------------------------------------------------MPID Domain Name Level Type Port CCM-Status MA Name VLAN Dir MAC ------------------------------------------------------------------------------100 cfm0 test0 7 10 MEP DOWN Te 4/10 00:01:e8:59:23:45 Enabled 200 cfm1 test1 6 20 MEP DOWN Te 4/10 00:01:e8:59:23:45 Enabled 300 cfm2 test2 5 30 MEP DOWN Te 4/10 00:01:e8:59:23:45 Enabl
www.dell.com | support.dell.com • MIP Database (MIP-DB): Every MIP must maintain a database of all other MEPs in the MA that have announced their presence via CCM Task Command Syntax Command Mode Display the MEP Database.
MEPs and MIPs filter CCMs from higher and lower domain levels as described in Table 5-1. Table 5-1.
www.dell.com | support.dell.com Enabling CCM Step 1 Task Command Syntax Command Mode Enable CCM. no ccm disable ECFM DOMAIN Default: Disabled 2 Configure the transmit interval (mandatory). The interval specified applies to all MEPs in the domain. ccm transmit-interval seconds ECFM DOMAIN Default: 10 seconds Enabling Cross-checking Task Command Syntax Command Mode Enable cross-checking. mep cross-check enable ETHERNET CFM Default: Disabled Start the cross-check operation for an MEP.
Figure 5-4. Linktrace Message and Response MPLS Core MEP Lin MIP ktra c e m M essa MIP MIP ge L i n k t ra ce R e s p o n s e Link trace messages carry a unicast target address (the MAC address of an MIP or MEP) inside a multicast frame. The destination group address is based on the MD level of the transmitting MEP (01:80:C2:00:00:3[8 to F]).
www.dell.com | support.dell.
100 Enabled cfm0 7 test0 MEP 10 Te 4/10 DOWN 00:01:e8:59:23:45 FTOS(conf-if-te-0/6)#do show ethernet cfm domain Domain Name: My_Name MD Index: 1 Level: 0 Total Service: 1 Services MA-Index MA-Name 1 VLAN test 0 Domain Name: Your_Name MD Index: 2 Level: 2 Total Service: 1 Services MA-Index MA-Name 1 CC-Int VLAN test X-CHK Status 1s CC-Int 100 enabled X-CHK Status 1s enabled Displaying Ethernet CFM Statistics Task Command Syntax Command Mode Display MEP CCM statistics.
www.dell.com | support.dell.com 96 Task Command Syntax Command Mode FTOS#show ethernet cfm port-statistics interface tengigabitethernet 0/5 Port statistics for port: Te 0/5 ================================== RX Statistics ============= Total CFM Pkts 75394 CCM Pkts 75394 LBM Pkts 0 LTM Pkts 0 LBR Pkts 0 LTR Pkts 0 Bad CFM Pkts 0 CFM Pkts Discarded 0 CFM Pkts forwarded 102417 TX Statistics ============= Total CFM Pkts 10303 CCM Pkts 0 LBM Pkts 0 LTM Pkts 3 LBR Pkts 0 LTR Pkts 0 | 802.
6 802.1X 802.1X is supported on the S5000 switch. This chapter contains the following major sections: • • • • • • • • • • • • Protocol Overview Port-authentication Process EAP over RADIUS Configuring 802.1X Enabling 802.
www.dell.com | support.dell.com 802.1X employs Extensible Authentication Protocol (EAP)* to transfer a device’s credentials to an authentication server (typically RADIUS) via a mandatory intermediary network access device, in this case, a Dell Networking switch. The network access device mediates all communication between the end-user device and the authentication server so that the network remains secure.
• • The device with which the supplicant communicates is the authenticator. The authenicator is the gate keeper of the network. It translates and forwards requests and responses between the authentication server and the supplicant. The authenticator also changes the status of the port based on the results of the authentication process. The Dell Networking switch is the authenticator.
www.dell.com | support.dell.com Figure 6-2. 802.1X Authentication Process Supplicant Authentication Server Authenticator EAP over LAN (EAPOL) EAP over RADIUS Request Identity Response Identity Access Request Access Challenge EAP Request EAP Reponse Access Request Access {Accept | Reject} EAP {Sucess | Failure} EAP over RADIUS 802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as defined in RFC 3579.
• • • Attribute 41—NAS-Port-Type: NAS-port physical port type. 15 indicates Ethernet. Attribute 61—NAS-Port: the physical port number by which the authenticator is connected to the supplicant. Attribute 81—Tunnel-Private-Group-ID: associate a tunneled session with a particular group of users. Configuring 802.1X Configuring 802.1X on a port is a one-step process: 1. Enabling 802.1X.
www.dell.com | support.dell.com Figure 6-4. Enabling 802.1X To enable 802.1X: Step Task Command Syntax Command Mode 1 Enable 802.1X globally. dot1x authentication CONFIGURATION 2 Enter INTERFACE mode on an interface or a range of interfaces. interface [range] INTERFACE 3 Enable 802.1X on the supplicant interface only. dot1x authentication INTERFACE Verify that 802.
Figure 6-6. Verifying 802.1X Interface Configuration FTOS#show dot1x interface TenGigabitEthernet 2/1 802.
www.dell.com | support.dell.com To configure a maximum number of Request Identity re-transmissions: Step 1 Task Command Syntax Command Mode Configure a maximum number of times that a Request Identity frame can be re-transmitted by the authenticator.
Figure 6-7. Configuring a Request Identity Re-transmissions FTOS(conf-if-range-te-0/0)#dot1x tx-period 90 FTOS(conf-if-range-te-0/0)#dot1x max-eap-req 10 FTOS(conf-if-range-te-0/0)#dot1x quiet-period 120 FTOS#show dot1x interface TenGigabitEthernet 2/1 802.
www.dell.com | support.dell.com The example below shows configuration information for a port that has been force-authorized. Figure 6-8. Configuring Port-control FTOS(conf-if-te-0/0)#dot1x port-control force-authorized FTOS(conf-if-te-0/0)#show dot1x interface TenGigabitEthernet 0/0 802.
Figure 6-9. Configuring a Reauthentiction Period FTOS(conf-if-te-0/0)#dot1x reauthentication interval 7200 FTOS(conf-if-te-0/0)#dot1x reauth-max 10 FTOS(conf-if-te-0/0)#do show dot1x interface TenGigabitEthernet 0/0 802.
www.dell.com | support.dell.com Figure 6-10. Configuring a Timeout FTOS(conf-if-te-0/0)#dot1x port-control force-authorized FTOS(conf-if-te-0/0)#do show dot1x interface TenGigabitEthernet 0/0 802.
Figure 6-11. Dynamic VLAN Assignment with 802.1X FTOS(conf-if-Te-1/10)#show config interface TenGigabitEthernet 1/10 no ip address 2 switchport radius-server host 10.11.197.169 auth-port 1645 dot1x authentication 1 key 7 387a7f2df5969da4 no shutdown End-user Device Switch 4 FTOS#show dot1x interface TenGigabitEthernet 1/10 802.
www.dell.com | support.dell.com If the supplicant fails authentication, the authenticator typically does not enable the port. In some cases this behavior is not appropriate. External users of an enterprise network, for example, might not be able to be authenticated, but still need access to the network. Also, some dumb-terminals such as network printers do not have 802.1X capability and therefore cannot authenticate themselves.
Figure 6-13.
| 802.1X www.dell.com | support.dell.
7 Access Control Lists (ACLs) This chapter describes the access control lists (ACLs), prefix lists, and route-maps.
www.dell.com | support.dell.com An ACL is essentially a filter containing some criteria to match (examine IP, TCP, or UDP packets) and an action to take (permit or deny). ACLs are processed in sequence so that if a packet does not match the criterion in the first filter, the second filter (if configured) is applied. When a packet matches a filter, the switch drops or forwards the packet based on the filter’s specified action.
CAM Allocation and CAM Optimization The S5000 supports the following: • • User Configurable CAM Allocations CAM optimization User-Configurable CAM Allocation You can re-allocate memory space for IPV6 ACLs by using the cam-acl command in CONFIGURATION mode. CAM space is allotted in FP blocks. The total allocated CAM space must equal 13 FP blocks. Note that there are 16 FP blocks, but the System Flow requires 3 blocks that cannot be reallocated.
www.dell.com | support.dell.com Test CAM Usage The test cam-usage command is supported on the S5000 platform. This command applies to the IPv4 ingress CAM partition. Use this command to determine if sufficient ACL CAM space is available to enable a service-policy. Create a Class Map with all required ACL rules, then execute the test cam-usage command in Privilege mode to verify the actual CAM space required. The example below gives a sample of the output shown when executing the command.
ACL Optimization If an access list contains duplicate entries, FTOS deletes one entry to conserve CAM space. Standard and Extended ACLs take up the same amount of CAM space. A single ACL rule uses 2 CAM entries whether it is identified as a standard or extended ACL. Determine the Order in Which ACLs are Used to Classify Traffic When you link class-maps to queues using the service-queue command, FTOS matches the class-maps according to queue priority (queue numbers closer to 0 have lower priorities).
www.dell.com | support.dell.com IP Fragment Handling FTOS supports a configurable option to explicitly deny IP fragmented packets, particularly second and subsequent packets. It extends the existing ACL command syntax with the fragments keyword for all Layer 3 rules applicable to all Layer protocols (permit/deny ip/tcp/udp/icmp). • • • • • • • Both standard and extended ACLs support IP fragments. Second and subsequent fragments are allowed because a Layer 4 rule cannot be applied to these fragments.
Layer 4 ACL Rules Examples In Figure 7-5, first fragments or non-fragmented TCP packets from 10.1.1.1 with TCP destination port equal to 24 are permitted. All other fragments are denied. Figure 7-5. Layer 4 ACL Rules FTOS(conf)#ip access-list extended ABC FTOS(conf-ext-nacl)#permit tcp host 10.1.1.1 any eq 24 FTOS(conf-ext-nacl)#deny ip any any fragment FTOS(conf-ext-nacl) In (Figure 7-6), TCP packets that are first fragments or non-fragmented from host 10.1.1.
www.dell.com | support.dell.com Note the following when configuring ACLs with the fragments keyword. When an ACL filters packets it looks at the Fragment Offset (FO) to determine whether or not it is a fragment. • • FO = 0 means it is either the first fragment or the packet is a non-fragment. FO > 0 means it is dealing with the fragments of the original packet.
When you use the log keyword, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets’ details. To view the rules of a particular ACL configured on a particular interface, use the show ip accounting access-list ACL-name interface interface command in EXEC Privilege mode (Figure 7-8). Figure 7-8.
www.dell.com | support.dell.com Step 2 Command Syntax Command Mode Purpose {deny | permit} {source [mask] | any | host ip-address} [count [byte] | log ] [order] [monitor] [fragments] CONFIG-STD-NACL Configure a drop or forward IP ACL filter. When you use the log keyword, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets’ details.
Configuring an Extended IP ACL Extended IP ACLs filter on source and destination IP addresses, IP host addresses, TCP addresses, TCP host addresses, UDP addresses, and UDP host addresses. Because traffic passes through the filter in the order of the filter’s sequence, you can configure the extended IP ACL by first entering the IP ACCESS LIST mode and then assigning a sequence number to the filter.
www.dell.com | support.dell.com Figure 7-12. Command Example: seq FTOS(config-ext-nacl)#seq 15 deny ip host 112.45.0.0 any log FTOS(config-ext-nacl)#seq 5 permit tcp 12.1.3.45 0.0.255.255 any FTOS(config-ext-nacl)#show confi ! ip access-list extended dilling seq 5 permit tcp 12.1.0.0 0.0.255.255 any seq 15 deny ip host 112.45.0.
Figure 7-13. Extended IP ACL FTOS(config-ext-nacl)#deny tcp host 123.55.34.0 any FTOS(config-ext-nacl)#permit udp 154.44.123.34 0.0.255.255 host 34.6.0.0 FTOS(config-ext-nacl)#show config ! ip access-list extended nimule seq 5 deny tcp host 123.55.34.0 any seq 10 permit udp 154.44.0.0 0.0.255.255 host 34.6.0.
www.dell.com | support.dell.com Table 7-1. L2 and L3 ACL Filtering on Switched Packets L2 ACL Interfaces Behavior L3 ACL Interfaces Behavior Decision on Targeted Traffic Permit Deny Denied by L3 ACL Permit Permit Permitted by L3 ACL Note: If an interface is configured as a “vlan-stack access” port, the packets are filtered by an L2 ACL only. The L3 ACL applied to such a port does not affect traffic.
Step Command Syntax Command Mode Purpose 4 ip access-list [standard | extended] name INTERFACE Apply rules to the new ACL. To view which IP ACL is applied to an interface, use the show config command in the INTERFACE mode as shown below or the show running-config command in the EXEC mode. Figure 7-14. Command example: show config in the INTERFACE Mode FTOS(conf-if-te-0/0)#show conf ! interface GigabitEthernet 0/0 ip address 10.2.1.100 255.255.255.
www.dell.com | support.dell.com Figure 7-15. Creating an Ingress ACL FTOS(conf)#interface tengig 0/0 FTOS(conf-if-te-0/0)#ip access-group abcd in FTOS(conf-if-te-0/0)#show config ! TengigabitEthernet 0/0 no ip address ip access-group abcd in no shutdown FTOS(conf-if-gige0/0)#end FTOS#configure terminal FTOS(conf)#ip access-list extended abcd FTOS(config-ext-nacl)#permit tcp any any FTOS(config-ext-nacl)#deny icmp any any FTOS(config-ext-nacl)#permit 1.1.1.
Figure 7-16. Creating an Egress ACL FTOS(conf)#interface tengig 0/0 FTOS(conf-if-te-0/0)#ip access-group abcd out FTOS(conf-if-te-0/0)#show config ! TengigabitEthernet 0/0 no ip address ip access-group abcd out no shutdown FTOS(conf-if-te-0/0)#end FTOS#configure terminal FTOS(conf)#ip access-list extended abcd FTOS(config-ext-nacl)#permit tcp any any FTOS(config-ext-nacl)#deny icmp any any FTOS(config-ext-nacl)#permit 1.1.1.
www.dell.com | support.dell.com Configuring ACLs to Loopback ACLs can be applied on a Loopback interface. Configuring ACLs onto the CPU in a loopback interface protects the system infrastructure from attack— malicious and incidental—by explicate allowing only authorized traffic. The ACLs on loopback interfaces are applied only to the CPU on the stack-unit—this eliminates the need to apply specific ACLs onto all ingress interfaces and achieves the same results.
Figure 7-17. Applying an ACL to the Loopback Interface FTOS(conf)#interface loopback 0 FTOS(conf-if-lo-0)#ip access-group abcd in FTOS(conf-if-lo-0)#show config ! interface Loopback 0 no ip address ip access-group abcd in no shutdown FTOS(conf-if-lo-0)#end FTOS#configure terminal FTOS(conf)#ip access-list extended abcd FTOS(config-ext-nacl)#permit tcp any any FTOS(config-ext-nacl)#deny icmp any any FTOS(config-ext-nacl)#permit 1.1.1.
www.dell.com | support.dell.com • • • A prefix list without any permit or deny filters allows all routes. An “implicit deny” is assumed (that is, the route is dropped) for all route prefixes that do not match a permit or deny filter in a configured prefix list. After a route matches a filter, the filter’s action is applied. No additional filters are applied to the route. Implementation Information In FTOS, prefix lists are used in processing routes for routing protocols (for example, RIP, OSPF, and BGP).
If you want to forward all routes that do not match the prefix list criteria, you must configure a prefix list filter to permit all routes (permit 0.0.0.0/0 le 32). The “permit all” filter should be the last filter in your prefix list. To permit the default route only, enter permit 0.0.0.0/0. Figure 7-18 shows how the seq command orders the filters according to the sequence number assigned.
www.dell.com | support.dell.com Figure 7-19. Prefix List FTOS(conf-nprefixl)#permit 123.23.0.0 /16 FTOS(conf-nprefixl)#deny 133.24.56.0 /8 FTOS(conf-nprefixl)#show conf ! ip prefix-list awe seq 5 permit 123.23.0.0/16 seq 10 deny 133.0.0.0/8 FTOS(conf-nprefixl)# To delete a filter, enter the show config command in the PREFIX LIST mode and locate the sequence number of the filter you want to delete; then use the no seq sequence-number command in the PREFIX LIST mode.
Using a prefix list for route redistribution To pass traffic through a configured prefix list, you must use the prefix list in a route redistribution command. The prefix list is applied to all traffic redistributed into the routing process and the traffic is either forwarded or dropped depending on the criteria and actions specified in the prefix list.
www.dell.com | support.dell.com To view the configuration, use the show config command in the ROUTER OSPF mode as shown in Figure 7-23 or the show running-config ospf command in the EXEC mode. Figure 7-23. Command Example: show config in ROUTER OSPF Mode FTOS(conf-router_ospf)#show config ! router ospf 34 network 10.2.1.1 255.255.255.255 area 0.0.0.
Resequencing an ACL or Prefix List Resequencing is available for IPv4 and IPv6 ACLs, prefix lists, and MAC ACLs. To resequence an ACL or prefix list use the appropriate command in Table 7-4. You must specify the list name, starting number, and increment. Table 7-4.
www.dell.com | support.dell.com Figure 7-25. Resequencing Remarks FTOS(config-ext-nacl)# show config ! ip access-list extended test remark 4 XYZ remark 5 this remark corresponds to permit any host 1.1.1.1 seq 5 permit ip any host 1.1.1.1 remark 9 ABC remark 10 this remark corresponds to permit ip any host 1.1.1.2 seq 10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.
• When a match is found, the packet is forwarded; no more route-map sequences are processed. • If a continue clause is included in the route-map sequence, the next or a specified route-map sequence is processed after a match is found. Configuration Task List for Route Maps You configure route maps in the ROUTE-MAP mode and apply them in various commands in the ROUTER RIP and ROUTER OSPF modes.
www.dell.com | support.dell.com You can create multiple instances of this route map by using the sequence number option to place the route maps in the correct order. FTOS processes the route maps with the lowest sequence number first. When a configured route map is applied to a command, like redistribute, traffic passes through all instances of that route map until a match is found. Figure 7-27 shows an example with two instances of a route map. Figure 7-27.
Configuring Route Map Filters Within the ROUTE-MAP mode, there are match and set commands. Basically, match commands search for a certain criterion in the routes and the set commands change the characteristics of those routes, either adding something or specifying a level. When there are multiple match commands of the same parameter under one instance of route-map, then FTOS does a match between either of those match commands.
www.dell.com | support.dell.com To configure match criterion for a route map, use any or all of the following commands in the ROUTE-MAP mode: Command Syntax Command Mode Purpose match as-path as-path-name CONFIG-ROUTE-MAP Match routes with the same AS-PATH numbers. match community CONFIG-ROUTE-MAP Match routes with COMMUNITY list attributes in their path. CONFIG-ROUTE-MAP Match routes whose next hop is a specific interface.
Command Syntax Command Mode Purpose match tag tag-value CONFIG-ROUTE-MAP Match routes with a specific tag. To configure a set condition, use any or all of the following commands in the ROUTE-MAP mode: Command Syntax Command Mode Purpose set as-path prepend as-number [... as-number] CONFIG-ROUTE-MAP Add an AS-PATH number to the beginning of the AS-PATH set automatic-tag CONFIG-ROUTE-MAP Generate a tag to be added to redistributed routes.
www.dell.com | support.dell.com Route maps add to that redistribution capability by allowing you to match specific routes and set or change more attributes when redistributing those routes. In Figure 7-30, the redistribute command calls the route map static ospf to redistribute only certain static routes into OSPF. According to the route map static ospf, only routes that have a next hop of TenGigabitethernet interface 0/0 and that have a metric of 255 will be redistributed into the OSPF backbone area.
Continue clause Normally, when a match is found, set clauses are executed, and the packet is then forwarded; no more route-map modules are processed. If the continue command is configured at the end of a module, the next module (or a specified module) is processed even after a match is found. The following example shows a continue clause at the end of a route-map module. In this example, if a match is found in the route-map “test” module 10, module 30 will be processed.
www.dell.com | support.dell.
8 Bidirectional Forwarding Detection (BFD) Bidirectional Forwarding Detection (BFD) is supported only on the S5000 switch.
www.dell.com | support.dell.com BFD also carries less overhead than routing protocol hello mechanisms. Control packets can be encapsulated in any form that is convenient, and, on Dell Networking routers, sessions are maintained by BFD Agents. Only session state changes are reported to the BFD Manager, which in turn notifies the routing protocols that are registered with it. BFD is an independent and generic protocol, which all media, topologies, and routing protocols can support using any encapsulation.
Version (4) IHL TOS Total Length Preamble Flags Start Frame Delimiter Frag Offset Destination MAC TTL (255) Source MAC Protocol Ethernet Type (0x888e) Header Checksum Version (1) State Range: 3784 Source Port Options Diag Code Dest IP Addr Padding Checksum UDP Packet Detect Mult My Discriminator Your Discriminator Random number generated by remote system to identify a session Required Min RX Interval Required Min Echo RX Interval Auth Type The minimum interval between Echo pac
www.dell.com | support.dell.com Table 8-1. BFD Packet Fields Field Description Diagnostic Code The reason that the last session failed. State The current local session state. See BFD sessions. Flag A bit that indicates packet function. If the poll bit is set, the receiving system must respond as soon as possible, without regard to its transmit interval. The responding system clears the poll bit and sets the final bit in its response.
• • Active—The active system initiates the BFD session. Both systems can be active for the same session. Passive—The passive system does not initiate a session. It only responds to a request for session initialization from the active system. A BFD session has two modes: • • Asynchronous mode—In Asynchronous mode, both systems send periodic control messages at an agreed upon interval to indicate that their session status is Up.
www.dell.com | support.dell.com 4. The passive system receives the control packet, changes its state to Up. Both systems agree that a session has been established. However, since both members must send a control packet—that requires a response—anytime there is a state change or change in a session parameter, the passive system sends a final response indicating the state change. After this, periodic control packets are exchanged. Figure 8-2.
Figure 8-3. BFD State Machine current session state Up, Admin Down, Timer the packet received Down Init Down Admin Down, Timer Down Init Init, Up Admin Down, Down, Timer Up Up, Init Important Points to Remember • • • • • • FTOS supports a maximum of 128 sessions per stack unit at 200 minimum transmit and receive intervals with a multiplier of 3, and 64 sessions at 100 minimum transmit and receive intervals with a multiplier of 4. BFD must be enabled on both ends of a link.
www.dell.com | support.dell.com Configuring BFD for Physical Ports Configuring BFD for Physical Ports is supported on the S5000 platform. BFD on physical ports is useful when no routing protocol is enabled. Without BFD, if the remote system fails, the local system does not remove the connected route until the first failed attempt to send a packet. When BFD is enabled, the local system removes the route as soon as it stops receiving periodic control packets from the remote system.
Figure 8-5. Establishing a BFD Session for Physical Ports To establish a session: Step Task Command Syntax Command Mode 1 Enter interface mode interface CONFIGURATION 2 Assign an IP address to the interface if one is not already assigned. ip address ip-address INTERFACE Verify that the session is established using the command show bfd neighbors, as shown in the example below. Figure 8-6.
www.dell.com | support.dell.com Figure 8-7. Viewing Session Details FTOS(conf-if-te-4/24)#do show bfd neighbors detail Session Discriminator: 1 Neighbor Discriminator: 1 Local Addr: 2.2.2.1 Local MAC Addr: 00:01:e8:09:c3:e5 Remote Addr: 2.2.2.
Changing physical port session parameters BFD sessions are configured with default intervals and a default role (active). The parameters that can be configured are: Desired TX Interval, Required Min RX Interval, Detection Multiplier, and system role. These parameters are configured per interface; if you change a parameter, the change affects all physical port sessions on that interface. Dell Networking recommends maintaining the default values.
www.dell.com | support.dell.com To disable BFD on an interface: Step 1 Task Command Syntax Command Mode Disable BFD on an interface. no bfd enable INTERFACE Message 2 Disabling BFD on a Local Interface FTOS(conf-if-te-4/24)#01:00:52: %STKUNIT3-M:CP %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Ad Dn for neighbor 2.2.2.
Figure 8-9. Enabling BFD for Static Routes To establish a BFD session: Step 1 Task Command Syntax Command Mode Establish BFD sessions for all neighbors that are the next hop of a static route. ip route bfd CONFIGURATION Verify that sessions have been created for static routes using the command show bfd neighbors, as shown in the example below. Figure 8-10. Viewing Established Sessions for Static Routes FTOS(conf)#ip route 2.2.3.0/24 2.2.2.
www.dell.com | support.dell.com To change parameters for static route sessions: Step 1 Task Command Syntax Command Mode Change parameters for all static route sessions. ip route bfd interval milliseconds min_rx milliseconds multiplier value role [active | passive] CONFIGURATION View session parameters using the command show bfd neighbors detail, as shown in the example in Figure 8-18. Disabling BFD for static routes If BFD is disabled, all static route BFD sessions are torn down.
Figure 8-11. Establishing Sessions with OSPF Neighbors To establish BFD with all OSPF neighbors: Step 1 Task Command Syntax Command Mode Establish sessions with all OSPF neighbors. bfd all-neighbors ROUTER-OSPF To establish BFD for all OSPF neighbors on a single interface: Step 1 Task Command Syntax Command Mode Establish sessions with all OSPF neighbors on a single interface.
www.dell.com | support.dell.com Changing OSPF session parameters BFD sessions are configured with default intervals and a default role. The parameters that can be configured are: Desired TX Interval, Required Min RX Interval, Detection Multiplier, and system role. These parameters are configured for all OSPF sessions or all OSPF sessions on a particular interface; if you change a parameter globally, the change affects all OSPF neighbors sessions.
Configuring BFD for IS-IS BFD for IS-IS is supported on the S5000 platform. When using BFD with IS-IS, the IS-IS protocol registers with the BFD manager. BFD sessions are then established with all neighboring interfaces participating in IS-IS. If a neighboring interface fails, the BFD agent on the stack unit notifies the BFD manager, which in turn notifies the IS-IS protocol that a link state change occurred. Configuring BFD for IS-IS is a two-step process: 1. Enable BFD globally.
www.dell.com | support.dell.com To establish BFD with all IS-IS neighbors: Step 1 Task Command Syntax Command Mode Establish sessions with all IS-IS neighbors. bfd all-neighbors ROUTER-ISIS To establish BFD with all IS-IS neighbors out of a single interface: Step 1 Task Command Syntax Command Mode Establish sessions with all IS-IS neighbors out of an interface. isis bfd all-neighbors INTERFACE View the established sessions using the command show bfd neighbors, as shown in Figure 8-14.
To change parameters for IS-IS sessions on an interface: Step 1 Task Command Syntax Command Mode Change parameters for all IS-IS sessions out of an interface. isis bfd all-neighbors interval milliseconds min_rx milliseconds multiplier value role [active | passive] INTERFACE View session parameters using the command show bfd neighbors detail, as shown in Figure 8-18.
www.dell.com | support.dell.com 2. Enable fast fall-over for BGP neighbors to reduce convergence time (neighbor fall-over command) as described in BGP fast fall-over. Establishing sessions with BGP neighbors Before configuring BFD for BGP, you must first configure BGP on the routers that you want to interconnect. For more information, refer to Chapter 9, Border Gateway Protocol IPv4 (BGPv4).
BFD notifies BGP of any failure conditions that it detects on the link. Recovery actions are initiated by BGP. BFD for BGP is supported only on directly-connected BGP neighbors and only in BGP IPv4 networks. On an S5000, up to 128 simultaneous BFD sessions are supported. As long as each BFD for BGP neighbor receives a BFD control packet within the configured BFD interval for failure detection, the BFD session remains up and BGP maintains its adjacencies.
www.dell.com | support.dell.com Step Task 6 Command Syntax Command Mode Repeat Steps 1 to 5 on each BGP peer participating in a BFD session. Disabling BFD for BGP To disable a BFD for BGP session with a specified neighbor, enter the neighbor {ip-address | peer-group-name} bfd disable command in ROUTER BGP configuration mode.
Task Command Command Mode Check to see if BFD is enabled for BGP connections. show ip bgp summary Figure 8-20 EXEC Privilege Displays routing information exchanged with BGP neighbors, including BFD for BGP sessions. show ip bgp neighbors [ip-address] Figure 8-21 EXEC Privilege The following examples show the BFD for BGP output displayed for these show commands. Figure 8-16.
www.dell.com | support.dell.com Figure 8-18. Verifying BFD Sessions with BGP Neighbors: show bfd neighbors detail Command FTOS# show bfd neighbors detail Session Discriminator: 9 Neighbor Discriminator: 10 Local Addr: 1.1.1.3 Local MAC Addr: 00:01:e8:66:da:33 Remote Addr: 1.1.1.
Figure 8-19.
www.dell.com | support.dell.com Figure 8-21. Displaying Routing Sessions with BGP Neighbors: show ip bgp neighbors Command FTOS# show ip bgp neighbors 2.2.2.2 BGP neighbor is 2.2.2.2, remote AS 1, external link BGP version 4, remote router ID 12.0.0.
Configuring BFD for VRRP BFD for VRRP is supported on the S5000 platform. When using BFD with VRRP, the VRRP protocol registers with the BFD manager. BFD sessions are established with all neighboring interfaces participating in VRRP. If a neighboring interface fails, the BFD agent on the stack unit notifies the BFD manager, which in turn notifies the VRRP protocol that a link state change occurred. Configuring BFD for VRRP is a three-step process: 1. Enable BFD globally. Refer to Enabling BFD globally. 2.
www.dell.com | support.dell.com To establish sessions with all VRRP neighbors: Step 1 Task Command Syntax Command Mode Establish sessions with all VRRP neighbors. vrrp bfd all-neighbors INTERFACE Establishing VRRP sessions on VRRP neighbors The master router does not care about the state of the backup router, so it does not participate in any VRRP BFD sessions. Therefore, VRRP BFD sessions on the backup router cannot change to the UP state.
Figure 8-24. Viewing Established Sessions for VRRP Neighbors FTOS(conf-if-te-4/25)#do show vrrp -----------------GigabitEthernet 4/1, VRID: 1, Net: 2.2.5.1 State: Backup, Priority: 1, Master: 2.2.5.2 Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 95, Bad pkts rcvd: 0, Adv sent: 933, Gratuitous ARP sent: 3 Virtual MAC address: 00:00:5e:00:01:01 Virtual IP address: 2.2.5.4 Authentication: (none) BFD Neighbors: VRRP BFD Session State RemoteAddr State 2.2.5.
www.dell.com | support.dell.com To disable all VRRP sessions in a particular VRRP group: Step 1 Task Command Syntax Command Mode Disable all VRRP sessions in a VRRP group. bfd disable VRRP Task Command Syntax Command Mode Disable a particular VRRP session on an interface. no vrrp bfd neighbor ip-address INTERFACE To disable a particular VRRP session: Step 1 Configuring BFD for VLANs Configuring BFD for VLANs is supported on the S5000 platform.
Figure 8-25. Establishing Sessions with VLAN Neighbors To establish a BFD session with a VLAN neighbor: Step 1 Task Command Syntax Establish sessions with a VLAN neighbor. bfd neighbor ip-address Command Mode INTERFACE VLAN View the established sessions using the command show bfd neighbors, as shown in Figure 8-26. Figure 8-26. Viewing Established Sessions for VLAN Neighbors FTOS(conf-if-vl-200)#bfd neighbor 2.2.3.
www.dell.com | support.dell.com To change session parameters on an interface: Step 1 Task Command Syntax Command Mode Change session parameters for all sessions on an interface. bfd interval milliseconds min_rx milliseconds multiplier value role [active | passive] INTERFACE VLAN View session parameters using the command show bfd neighbors detail, as shown in Figure 8-10 Disabling BFD for VLANs If BFD is disabled on an interface, sessions on the interface are torn down.
Figure 8-27. Establishing Sessions on Port-Channels To establish a session on a port-channel: Step 1 Task Command Syntax Establish a session on a port-channel. bfd neighbor ip-address Command Mode INTERFACE PORT-CHANNEL View the established sessions using the command show bfd neighbors, as shown in Figure 8-8. Figure 8-28. Viewing Established Sessions for VLAN Neighbors FTOS(conf-if-po-1)#bfd neighbors 2.2.2.
www.dell.com | support.dell.com Changing port-channel session parameters BFD sessions are configured with default intervals and a default role. The parameters that can be configured are: Desired TX Interval, Required Min RX Interval, Detection Multiplier, and system role. These parameters are configured per interface; if you change a parameter, the change affects all sessions on that interface.
Troubleshooting BFD Examine control packet field values using the command debug bfd detail. The following example shows a three-way handshake using this command. Figure 8-29. debug bfd detail Command Output FTOS(conf-if-te-4/24)#00:54:38: %STKUNIT3-M:CP %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Down for neighbor 2.2.2.2 on interface Te 4/24 (diag: 0) 00:54:38 : Sent packet for session with neighbor 2.2.2.
www.dell.com | support.dell.
9 Border Gateway Protocol IPv4 (BGPv4) Border Gateway Protocol IPv4 (BGPv4) version 4 (BGPv4) is supported on the S5000 switch. This chapter is intended to provide a general description of Border Gateway Protocol version 4 (BGPv4) as it is supported in the Dell Networking Operating System (FTOS).
www.dell.com | support.dell.com • • • • Storing Last and Bad PDUs • Capturing PDUs • PDU Counters BGP Regular Expression Optimization Debugging BGP Sample Configurations BGP protocol standards are listed in the Chapter 57, Standards Compliance. Protocol Overview Border Gateway Protocol (BGP) is an external gateway protocol that transmits interdomain routing information within and between Autonomous Systems (AS). Its primary function is to exchange network reachability information with other BGP systems.
BGP Autonomous Zones lpbgp1111 Figure 9-1. Router 5 Router 3 Router 1 Router 2 Router 4 Router 6 Exterior BGP (EBGP) Router 7 AS 1 AS 2 Interior BGP (IBGP) Interior BGP (IBGP) BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol - a computer network in which BGP maintains the path that update information takes as it diffuses through the network.
www.dell.com | support.dell.com Figure 9-2. Full Mesh Examples 4 Routers 6 Routers 8 Routers The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers. A Peer is also called a Neighbor. Establishing a session Information exchange between peers is driven by events and timers.
In order to make decisions in its operations with other BGP peers, a BGP peer uses a simple finite state machine that consists of six states: Idle, Connect, Active, OpenSent, OpenConfirm, and Established. For each peer-to-peer session, a BGP implementation tracks which of these six states the session is in. The BGP protocol defines the messages that each peer should exchange in order to change the session from one state to another. The first state is the Idle mode.
www.dell.com | support.dell.com • If the route was received from a client peer, reflect the route to all nonclient and all client peers. To illustrate how these rules affect routing, refer to the illustration below and the following steps.Routers B, C, D, E, and G are members of the same AS - AS100. These routers are also in the same Route Reflection Cluster, where Router D is the Route Reflector. Router E and H are client peers of Router D; Routers B and C and nonclient peers of Router D.
BGP Attributes Routes learned via BGP have associated properties that are used to determine the best route to a destination when multiple paths exist to a particular destination. These properties are referred to as BGP attributes, and an understanding of how BGP attributes influence route selection is required for the design of robust networks.
www.dell.com | support.dell.com Figure 9-4. BGP Best Path Selection No, or Not Resulting in a Single Route Largest Weight Highest Local Pref Locally Originated Path Shortest AS Path Lowest Origin Code Lowest MED Learned via EBGP Lowest NEXT-HOP Cost Tie Breakers Short Cluster List from Lowest BGP ID Lowest Peering Addr A Single Route is Selected and Installed in the Forwarding Table Best Path selection details 1. Prefer the path with the largest WEIGHT attribute. 2.
• AS_CONFED_SEQUENCE has a path length of 1, no matter how many ASs are in the AS_CONFED_SEQUENCE. 5. Prefer the path with the lowest ORIGIN type (IGP is lower than EGP, and EGP is lower than INCOMPLETE). 6. Prefer the path with the lowest Multi-Exit Discriminator (MED) attribute. The following criteria apply: • • • This comparison is only done if the first (neighboring) AS is the same in the two paths; the MEDs are compared only if the first AS in the AS_SEQUENCE is the same for both paths.
www.dell.com | support.dell.com Weight The Weight attribute is local to the router and is not advertised to neighboring routers. If the router learns about more than one route to the same destination, the route with the highest weight will be preferred. The route with the highest weight is installed in the IP routing table. Local Preference Local Preference (LOCAL_PREF) represents the degree of preference within the entire AS. The higher the number, the greater the preference for the route.
One AS assigns the MED a value and the other AS uses that value to decide the preferred path. For this example, assume the MED is the only attribute applied. In the following illustration, AS100 and AS200 connect in two places. Each connection is a BGP session. AS200 sets the MED for its T1 exit point to 100 and the MED for its OC3 exit point to 50. This sets up a path preference through the OC3 link. The MEDs are advertised to AS100 routers so they know which is the preferred path.
www.dell.com | support.dell.com In FTOS, these origin codes appear as shown in the example below. The question mark (?) indicates an Origin code of INCOMPLETE. The lower case letter (i) indicates an Origin code of IGP. Figure 9-7. Origin attribute reported FTOS#show ip bgp BGP table version is 0, local router ID is 10.101.15.
Next Hop The Next Hop is the IP address used to reach the advertising router. For EBGP neighbors, the Next-Hop address is the IP address of the connection between the neighbors. For IBGP, the EBGP Next-Hop address is carried into the local AS. A Next Hop attribute is set when a BGP speaker advertises itself to another BGP speaker outside its local AS. It can also be set when advertising routes within an AS.
www.dell.com | support.dell.com FTOS 9.0(1.3) supports configuring the set metric-type internal command in a route-map to advertise the IGP cost as the MED to outbound EBGP peers when redistributing routes. The configured set metric value overwrites the default IGP cost. By using the redistribute command in conjunction with the route-map command, you can specify whether a peer advertises the standard MED or uses the IGP cost as the MED.
4-Byte AS Numbers FTOS Version 7.7.1 and later support 4-Byte (32-bit) format when configuring Autonomous System Numbers (ASNs). The 4-Byte support is advertised as a new BGP capability (4-BYTE-AS) in the OPEN message. If a 4-Byte BGP speaker has sent and received this capability from another speaker, all the messages will be 4-octet. The behavior of a 4-Byte BGP speaker will be different with the peer depending on whether the peer is 4-Byte or 2-Byte BGP speaker.
www.dell.com | support.dell.com ASDOT+ representation splits the full binary 4-byte AS number into two words of 16 bits separated by a decimal point (.): .. Some examples are shown in Table 9-2. • • All AS Numbers between 0-65535 are represented as a decimal number, when entered in the CLI as well as when displayed in the show command outputs. AS Numbers larger than 65535 is represented using ASDOT notation as .
Figure 9-9. Dynamic changes of the bgp asnotation command in the show running config ASDOT FTOS(conf-router_bgp)#bgp asnotation asdot FTOS(conf-router_bgp)#show conf ! router bgp 100 bgp asnotation asdot bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057
www.dell.com | support.dell.com Figure 9-10. config Dynamic changes when bgp asnotation command is disabled in the show running AS NOTATION DISABLED FTOS(conf-router_bgp)#no bgp asnotation FTOS(conf-router_bgp)#show conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057
Figure 9-11. Local-AS Scenario Router A AS 100 Router C AS 300 Router B AS 200 Before Migration Router A AS 100 AS 100 Router C AS 300 Router B Local AS 200 After Migration, with Local-AS enabled When you complete your migration, and you have reconfigured your network with the new information you must disable this feature. If the “no prepend” option is used, the local-as will not be prepended to the updates received from the eBGP peer.
www.dell.com | support.dell.com Local-as is prepended before the route-map to give an impression that update passed thru a router in AS 200 before it reached Router B. BGP4 Management Information Base (MIB) The FORCE10-BGP4-V2-MIB enhances FTOS BGP Management Information Base (MIB) support with many new SNMP objects and notifications (traps) defined in the draft-ietf-idr-bgp4-mibv2-05. To see these enhancements, download the MIB from the Dell Networking website, www.dell.com.
• • • • • • • • • • • The AFI/SAFI is not used as an index to the f10BgpM2PeerCountersEntry table. The BGP peer's AFI/ SAFI (IPv4 Unicast or IPv6 Multicast) is used for various outbound counters. Counters corresponding to IPv4 Multicast cannot be queried.
www.dell.com | support.dell.com BGP Configuration To enable the BGP process and begin exchanging information, you must assign an AS number and use commands in the ROUTER BGP mode to configure a BGP neighbor. Defaults By default, BGP is disabled. By default, FTOS compares the MED attribute on different paths from within the same AS (the bgp always-compare-med command is not enabled). Note: In FTOS, all newly configured neighbors and peer groups are disabled.
• • • • • • • • • • • • • • • • • • • • Maintain existing AS numbers during an AS migration Allow an AS number to appear in its own AS path Enable graceful restart Filter on an AS-Path attribute Configure IP community lists Manipulate the COMMUNITY attribute Change MED attribute Change LOCAL_PREFERENCE attribute Change NEXT_HOP attribute Change WEIGHT attribute Enable multipath Filter BGP routes Redistribute routes Configure BGP route reflectors Aggregate routes Configure BGP confederations Enable route fl
www.dell.com | support.dell.com Use these commands in the following sequence, starting in the CONFIGURATION mode to establish BGP sessions on the router. Step 1 Command Syntax Command Mode Purpose router bgp as-number CONFIGURATION Assign an AS number and enter the ROUTER BGP mode. AS Number: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) or 0.1-65535.65535 (Dotted format) Only one AS is supported per system If you enter a 4-Byte AS Number, 4-Byte AS Support is enabled automatically.
Enter show config in CONFIGURATION ROUTER BGP mode to view the BGP configuration. Use the show ip bgp summary command in EXEC Privilege mode to view the BGP status. Figure 9-12 shows the summary with a 2-Byte AS Number displayed; Figure 9-13 shows the summary with a 4-Byte AS Number displayed. Figure 9-12. Command example: show ip bgp summary (2-Byte AS Number displayed) R2#show ip bgp summary 2-Byte AS Number BGP router identifier 192.168.10.
www.dell.com | support.dell.com For the router’s identifier, FTOS uses the highest IP address of the Loopback interfaces configured. Since Loopback interfaces are virtual, they cannot go down, thus preventing changes in the router ID. If no Loopback interfaces are configured, the highest IP address of any interface is used as the router ID. To view the status of BGP neighbors, use the show ip bgp neighbors command in EXEC Privilege mode as shown in the example below.
Figure 9-14. Command example: show ip bgp neighbors FTOS#show ip bgp neighbors BGP neighbor is 10.114.8.60, remote AS 18508, external link External BGP neighbor BGP version 4, remote router ID 10.20.20.
www.dell.com | support.dell.com Figure 9-15. Command example: show running-config bgp R2#show running-config bgp ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list ISP1in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.
Only one form of AS Number Representation is supported at a time. You cannot combine the types of representations within an AS. Task Command Syntax Command Mode Enable ASPLAIN AS Number representation. bgp asnotation asplain CONFIG-ROUTER-BGP Note: ASPLAIN is the default method FTOS uses and does not appear in the configuration display. Enable ASDOT AS Number representation. bgp asnotation asdot CONFIG-ROUTER-BGP Enable ASDOT+ AS Number representation.
www.dell.com | support.dell.com Figure 9-18. Command example and output: bgp asnotation asdot+ FTOS(conf-router_bgp)#bgp asnotation asdot+ FTOS(conf-router_bgp)#show conf ! router bgp 100 bgp asnotation asdot+ bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.250 route-map rmap1 in neighbor 172.30.1.250 password 7 5ab3eb9a15ed02ff4f0dfd4500d6017873cfd9a267c04957 neighbor 172.30.1.
Step Command Syntax Command Mode Purpose 5 neighbor ip-address peer-group CONFIG-ROUTERBGP Add an enabled neighbor to the peer group. peer-group-name neighbor {ip-address | peer-group name} remote-as as-number CONFIG-ROUTERBGP Add a neighbor as a remote AS. Formats: IP Address A.B.C.D Peer-Group Name16 characters AS-number: 0-65535 (2-Byte) or 1-4294967295 | 0.1- 65535.65535 (4-Byte) or 0.1-65535.
www.dell.com | support.dell.com Figure 9-19. Command example: show config (creating peer-group) FTOS(conf-router_bgp)#neighbor zanzibar peer-group FTOS(conf-router_bgp)#show conf ! Configuring neighbor zanzibar router bgp 45 bgp fast-external-fallover bgp log-neighbor-changes neighbor zanzibar peer-group neighbor zanzibar shutdown neighbor 10.1.1.1 remote-as 65535 neighbor 10.1.1.1 shutdown neighbor 10.14.8.60 remote-as 18505 neighbor 10.14.8.
Use the show ip bgp peer-group command in EXEC Privilege mode (Figure 9-21) to view the status of peer groups. Figure 9-21. Command example: show ip bgp peer-group FTOS>show ip bgp peer-group Peer-group zanzibar, remote AS 65535 BGP version 4 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast BGP neighbor is zanzibar, peer-group internal, Number of peers in this group 26 Peer-group members (* - outbound optimized): 10.68.160.1 10.68.161.1 10.68.162.1 10.68.163.1 10.68.
www.dell.com | support.dell.com BGP fast fall-over By default, a BGP session is governed by the hold time. BGP routers typically carry large routing tables, so frequent session resets are not desirable. The BGP fast fall-over feature reduces the convergence time while maintaining stability. The connection to a BGP peer is immediately reset if a link to a directly connected external peer fails. When fall-over is enabled, BGP tracks IP reachability to the peer remote address and the peer local address.
Figure 9-22. Command example: show ip bgp neighbors FTOS#show ip bgp neighbors BGP neighbor is 100.100.100.100, remote AS 65517, internal link Member of peer-group test for session parameters BGP version 4, remote router ID 30.30.30.
www.dell.com | support.dell.com Use the show ip bgp peer-group command to verify that fast fall-over is enabled on a peer-group. Figure 9-23. Command example: show ip bgp peer-group FTOS#sh ip bgp peer-group Peer-group test Fall-over enabled BGP version 4 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast BGP neighbor is test Number of peers in this group 1 Peer-group members (* - outbound optimized): 100.100.100.
Step Command Syntax Command Mode Purpose 2 neighbor peer-group-name subnet subnet-number mask CONFIG-ROUTERBGP Assign a subnet to the peer group. The peer group will respond to OPEN messages sent on this subnet. 3 neighbor peer-group-name no shutdown CONFIG-ROUTERBGP Enable the peer group. 4 neighbor peer-group-name remote-as as-number CONFIG-ROUTERBGP Create and specify a remote peer for BGP neighbor.
www.dell.com | support.dell.com Figure 9-24. Local-as information shown R2(conf-router_bgp)#show conf ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 Actual AS Number network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 Local-AS Number 6500 neighbor 10.10.21.1 filter-list Name in Maintained During Migration neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.
Figure 9-25. Allowas-in information shown R2(conf-router_bgp)#show conf ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 Number of Times ASN 65123 Can Appear in AS PATH neighbor 100.
www.dell.com | support.dell.com If you configure your system to do so, FTOS can perform the following actions during a hot failover: • • • • Save all FIB and CAM entries on the stack unit and continue forwarding traffic while the stack standby unit is coming online. Advertise to all BGP neighbors and peer-groups that the forwarding state of all routes has been saved. This prompts all peers to continue saving the routes they receive and to continue forwarding traffic.
Command Syntax Command Mode Purpose neighbor {ip-address | peer-group-name} graceful-restart [stale-path-time time-in-seconds] CONFIG-ROUTERBGP Set maximum time to retain the restarting neighbor’s or peer-group’s stale paths. Default is 360 seconds. Filter on an AS-Path attribute The BGP attribute, AS_PATH, can be used to manipulate routing policies. The AS_PATH attribute contains a sequence of AS numbers representing the route’s path.
www.dell.com | support.dell.com Use these commands in the following sequence, starting in the CONFIGURATION mode to configure an AS-PATH ACL to filter a specific AS_PATH value. Step 1 Command Syntax Command Mode Purpose ip as-path access-list CONFIGURATION Assign a name to a AS-PATH ACL and enter AS-PATH ACL mode. CONFIG-AS-PATH Enter the parameter to match BGP AS-PATH for filtering. This is the filter that will be used to match the AS-path.
Figure 9-27. Filtering with Regular Expression FTOS(conf)#router bgp 99 FTOS(conf-router_bgp)#neigh AAA peer-group FTOS(conf-router_bgp)#neigh AAA no shut FTOS(conf-router_bgp)#show conf ! router bgp 99 neighbor AAA peer-group neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 Create the Access List and Filter neighbor 10.155.15.2 shutdown FTOS(conf-router_bgp)#neigh 10.155.15.
www.dell.com | support.dell.com Table 9-4. Regular Expression Regular Expressions Definition ( ) (parenthesis) Specifies patterns for multiple use when followed by one of the multiplier metacharacters: asterisk *, plus sign +, or question mark ? [ ] (brackets) Matches any enclosed character; specifies a range of single characters - (hyphen) Used within brackets to specify a range of AS or community numbers. _ (underscore) Matches a ^, a $, a comma, a space, a {, or a }.
Command Syntax Command Mode Purpose redistribute ospf process-id [match external {1 | 2} | match internal] [metric-type {external | internal}] [route-map map-name] ROUTER BGP or CONF-ROUTER_BGPv6_ AF Include specific OSPF routes in IS-IS. Configure the following parameters: • process-id range: 1 to 65535 • match external range: 1 or 2 • match internal • metric-type: external or internal. • map-name: name of a configured route map. Enable additional paths By default, the add-path feature is disabled.
www.dell.com | support.dell.
Step Command Syntax Command Mode Purpose 2 {permit | deny} {{rt | soo} {ASN:NN | IPADDR:N} | regex REGEX-LINE} CONFIG-COMMUNITYLIST Two types of extended communities are supported. Filter routes based on the type of extended communities they carry using one of the following keywords: • rt: Route Target • soo: Route Origin or Site-of-Origin. Support for matching extended communities against regular expression is also supported.
www.dell.com | support.dell.com Step Command Syntax Command Mode Purpose 2 match {community community-list-name [exact] | extcommunity extcommunity-list-name [exact]} CONFIG-ROUTE-MAP Configure a match filter for all routes meeting the criteria in the IP Community or Extended Community list. 3 exit CONFIG-ROUTE-MAP Return to the CONFIGURATION mode. 4 router bgp as-number CONFIGURATION Enter the ROUTER BGP mode. AS-number: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) or 0.1-65535.
If you want to remove or add a specific COMMUNITY number from a BGP path, you must create a route map with one or both of the following statements in the route map. Then apply that route map to a BGP neighbor or peer group. Use these commands in the following sequence, starting in the CONFIGURATION mode: Step Command Syntax Command Mode Purpose route-map map-name [permit | deny] [sequence-number] CONFIGURATION Enter the ROUTE-MAP mode and assign a name to a route map.
www.dell.com | support.dell.com Figure 9-29. Command example: show ip bgp community (Partial) FTOS>show ip bgp community BGP table version is 3762622, local router ID is 10.114.8.48 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * i 3.0.0.0/8 195.171.0.16 100 0 209 701 80 i *>i 4.2.49.12/30 195.171.0.16 100 0 209 i * i 4.21.132.0/23 195.171.0.
Use the following command in the CONFIGURATION ROUTER BGP mode to change the default values of this attribute for all routes received by the router. Command Syntax Command Mode Purpose bgp default local-preference value CONFIG-ROUTERBGP Change the LOCAL_PREF value. • value range: 0 to 4294967295 • Default is 100. Use the show config command in CONFIGURATION ROUTER BGP mode or the show running-config bgp command in EXEC Privilege mode to view BGP configuration.
www.dell.com | support.dell.com You can also use route maps to change this and other BGP attributes. For example, you can include the following command in a route map to specify the next hop address: Command Syntax Command Mode Purpose set next-hop ip-address CONFIG-ROUTE-MAP Sets the next hop address. Change WEIGHT attribute Use the following command in CONFIGURATION ROUTER BGP mode to change the how the WEIGHT attribute is used.
Filter BGP routes Filtering routes allows you to implement BGP policies. You can use either IP prefix lists, route maps, AS-PATH ACLs or IP Community lists (via a route map) to control which routes are accepted and advertised by the BGP neighbor or peer group. Prefix lists filter routes based on route and prefix length, while AS-Path ACLs filter routes based on the Autonomous System number. Route maps can filter and set conditions, change attributes, and assign update policies.
www.dell.com | support.dell.com Step Command Syntax Command Mode Purpose 5 neighbor {ip-address | peer-group-name} distribute-list prefix-list-name {in | out} CONFIG-ROUTERBGP Filter routes based on the ccriteria in the configured prefix list. Configure the following parameters: • ip-address or peer-group-name: enter the neighbor’s IP address or the peer group’s name. • prefix-list-name: enter the name of a configured prefix list. • in: apply the prefix list to inbound routes.
Step Command Syntax Command Mode Purpose neighbor {ip-address | peer-group-name} route-map map-name {in | out} CONFIG-ROUTER-BGP Filter routes based on the criteria in the configured route map. Configure the following parameters: • ip-address or peer-group-name: enter the neighbor’s IP address or the peer group’s name. • map-name: enter the name of a configured route map. • in: apply the route map to inbound routes. • out: apply the route map to outbound routes.
www.dell.com | support.dell.com Configure BGP route reflectors BGP route reflectors are intended for Autonomous Systems with a large mesh and they reduce the amount of BGP control traffic. With route reflection configured properly, IBGP routers are not fully meshed within a cluster but all receive routing information. Configure clusters of routers where one router is a concentration router and others are clients who receive their updates from the concentration router.
Use the following command in the CONFIGURATION ROUTER BGP mode to aggregate routes. Command Syntax Command Mode Purpose aggregate-address ip-address mask [advertise-map map-name] [as-set] [attribute-map map-name] [summary-only] [suppress-map map-name] CONFIG-ROUTERBGP Assign the IP address and mask of the prefix to be aggregated.
www.dell.com | support.dell.com Use the following commands in the CONFIGURATION ROUTER BGP mode to configure BGP confederations. Command Syntax Command Mode Purpose bgp confederation identifier as-number CONFIG-ROUTERBGP Specifies the confederation ID. AS-number: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) bgp confederation peers as-number [... as-number] CONFIG-ROUTERBGP Specifies which confederation sub-AS are peers.
Figure 9-31.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose set dampening half-life reuse CONFIG-ROUTE-MAP Enter the following optional parameters to configure route dampening parameters: • half-life range: 1 to 45. Number of minutes after which the Penalty is decreased. After the router assigns a Penalty of 1024 to a route, the Penalty is decreased by half after the half-life period expires. (Default: 15 minutes) • reuse range: 1 to 20000.
Use the following command in EXEC Privilege mode to clear information on route dampening and return suppressed routes to active state. Command Syntax Command Mode Purpose clear ip bgp dampening [ip-address mask] EXEC Privilege Clear all information or only information on a specific route. Use the following command in EXEC and EXEC Privilege mode to view statistics on route flapping.
www.dell.com | support.dell.com Change BGP timers Use either or both of the following commands in the CONFIGURATION ROUTER BGP mode to configure BGP timers. Command Syntax Command Mode Purpose neighbors {ip-address | peer-group-name} timers keepalive CONFIG-ROUTERBGP Configure timer values for a BGP neighbor or peer group. • keepalive range: 1 to 65535. Time interval, in seconds, between keepalive messages sent to the neighbor routers. (Default: 60 seconds) • holdtime range: 3 to 65536.
Use the clear ip bgp command in EXEC Privilege mode at the system prompt to reset a BGP connection using BGP soft reconfiguration. Command Syntax Command Mode Purpose clear ip bgp {* | neighbor-address | AS Numbers | ipv4 | peer-group-name} [soft [in | out]] EXEC Privilege Clear all information or only specific details.
www.dell.com | support.dell.com Route map continue The BGP route map continue feature (in ROUTE-MAP mode) allows movement from one route-map entry to a specific route-map entry (the sequence number). If the sequence number is not specified, the continue feature moves to the next sequence number (also known as an implied continue). If a match clause exists, the continue feature executes only after a successful match occurs. If there are no successful matches, continue is ignored.
FTOS MBGP is implemented as per RFC 1858. The MBGP feature can be enabled per router and/or per peer/peer-group. Default is IPv4 Unicast routes.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose debug ip bgp dampening [in | out] EXEC Privilege View information on BGP route being dampened. debug ip bgp [ip-address | peer-group peer-group-name] events [in | out] EXEC Privilege View information on local BGP state changes and other BGP events. debug ip bgp [ip-address | peer-group peer-group-name] keepalive [in | out] EXEC Privilege View information about BGP KEEPALIVE messages.
Figure 9-34. Viewing the Last Bad PDU from BGP Peers FTOS(conf-router_bgp)#do show ip bgp neighbors 1.1.1.2 BGP neighbor is 1.1.1.2, remote AS 2, external link BGP version 4, remote router ID 2.4.0.
www.dell.com | support.dell.com Capturing PDUs Capture incoming and outgoing PDUs on a per-peer basis using the command capture bgp-pdu neighbor direction. Disable capturing using the no form of this command. The buffer size supports a maximum value between 40 MB (the default) and 100 MB. The capture buffers are cyclic and reaching the limit prompts the system to overwrite the oldest PDUs when new ones are received for a given neighbor or direction.
• • • • • BGP is disabled A neighbor is unconfigured clear ip bgp is issued New PDU are captured and there is no more space to store them The max buffer size is reduced. (This may cause PDUs to be cleared depending upon the buffer space consumed and the new limit.) With full internet feed (205K) captured, approximately 11.8MB is required to store all of the PDUs, as shown in Figure 9-36. Figure 9-36. Required Memory for Captured PDUs FTOS(conf-router_bgp)#do show capture bgp-pdu neighbor 172.30.1.
Physical Links AS 99 Virtual Links GigE 1/21 10.0.1.21 /24 GigE 2/11 10.0.1.22 /24 Peer Group AAA Loopback ck 1 192.168.128.1 /24 Loopback 1 Lo 192.168.128.2 /24 19 e Pe rG u ro GigE 1/31 10.0.3.31 /24 p BB www.dell.com | support.dell.com Figure 9-37. Sample Configuration Illustration B er Pe GigE 3/11 10.0.3.33 /24 o Gr C CC p u GigE 3/21 10.0.2.3 /24 Loopback 1 192.168.128.3 /24 AS 100 Example: Enable BGP, Router 1 FTOS# conf FTOS(conf)#int loop 0 FTOS(conf-if-lo-0)#ip address 192.168.
FTOS(conf-router_bgp)#network 192.168.128.0/24 FTOS(conf-router_bgp)#neighbor 192.168.128.2 remote 99 FTOS(conf-router_bgp)#neighbor 192.168.128.2 no shut FTOS(conf-router_bgp)#neighbor 192.168.128.2 update-source loop 0 FTOS(conf-router_bgp)#neighbor 192.168.128.3 remote 100 FTOS(conf-router_bgp)#neighbor 192.168.128.3 no shut FTOS(conf-router_bgp)#neighbor 192.168.128.3 update-source loop 0 FTOS(conf-router_bgp)#show config ! router bgp 99 network 192.168.128.0/24 neighbor 192.168.128.
www.dell.com | support.dell.com ! interface TenGigabitEthernet 2/31 ip address 10.0.2.2/24 no shutdown FTOS(conf-if-te-2/31)# FTOS(conf-if-te-2/31)#router bgp 99 FTOS(conf-router_bgp)#network 192.168.128.0/24 FTOS(conf-router_bgp)#neighbor 192.168.128.1 remote 99 FTOS(conf-router_bgp)#neighbor 192.168.128.1 no shut FTOS(conf-router_bgp)#neighbor 192.168.128.1 update-source loop 0 FTOS(conf-router_bgp)#neighbor 192.168.128.3 remote 100 FTOS(conf-router_bgp)#neighbor 192.168.128.
FTOS(conf-if-te-3/11)#show config ! interface TenGigabitEthernet 3/11 ip address 10.0.3.33/24 no shutdown FTOS(conf-if-lo-0)#int tengig 3/21 FTOS(conf-if-te-3/21)#ip address 10.0.2.3/24 FTOS(conf-if-te-3/21)#no shutdown FTOS(conf-if-te-3/21)#show config ! interface TenGigabitEthernet 3/21 ip address 10.0.2.3/24 no shutdown FTOS(conf-if-te-3/21)# FTOS(conf-if-te-3/21)#router bgp 100 FTOS(conf-router_bgp)#show config ! router bgp 100 FTOS(conf-router_bgp)#network 192.168.128.
www.dell.com | support.dell.com FTOS(conf-router_bgp)# network 192.168.128.0/24 FTOS(conf-router_bgp)# neighbor AAA peer-group FTOS(conf-router_bgp)# neighbor AAA no shutdown FTOS(conf-router_bgp)# neighbor BBB peer-group FTOS(conf-router_bgp)# neighbor BBB no shutdown FTOS(conf-router_bgp)# neighbor 192.168.128.2 peer-group AAA FTOS(conf-router_bgp)# neighbor 192.168.128.3 peer-group BBB FTOS(conf-router_bgp)# FTOS(conf-router_bgp)#show config ! router bgp 99 network 192.168.128.
Example: Enable Peer Groups, Router 1 (Continued) Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Update source set to Loopback 0 Peer active in peer-group outbound optimization For address family: IPv4 Unicast BGP table version 1, neighbor version 1 Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer Prefixes advertised
www.dell.com | support.dell.com Example: Enable Peer Groups, Router 2 FTOS#conf FTOS(conf)#router bgp 99 FTOS(conf-router_bgp)# neighbor CCC peer-group FTOS(conf-router_bgp)# neighbor CC no shutdown FTOS(conf-router_bgp)# neighbor BBB peer-group FTOS(conf-router_bgp)# neighbor BBB no shutdown FTOS(conf-router_bgp)# neighbor 192.168.128.1 peer AAA FTOS(conf-router_bgp)# neighbor 192.168.128.1 no shut FTOS(conf-router_bgp)# neighbor 192.168.128.3 peer BBB FTOS(conf-router_bgp)# neighbor 192.168.128.
Minimum time between advertisement runs is 5 seconds Minimum time before advertisements start is 0 seconds Example: Enable Peer Groups, Router 3 FTOS#conf FTOS(conf)#router bgp 100 FTOS(conf-router_bgp)# neighbor FTOS(conf-router_bgp)# neighbor FTOS(conf-router_bgp)# neighbor FTOS(conf-router_bgp)# neighbor FTOS(conf-router_bgp)# neighbor FTOS(conf-router_bgp)# neighbor FTOS(conf-router_bgp)# neighbor FTOS(conf-router_bgp)# neighbor FTOS(conf-router_bgp)# AAA peer-group AAA no shutdown CCC peer-group CCC
www.dell.com | support.dell.
ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Update source set to Loopback 0 Peer active in peer-group outbound optimization For address family: IPv4 Unicast BGP table version 2, neighbor version 2 Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer Prefixes advertised 1, denied 0, withdrawn 0 from peer Border Gateway Protocol IPv4 (BGPv4) | 261
www.dell.com | support.dell.
10 Bare Metal Provisioning 2.0 Bare Metal Provisioning 2.0 is included as part of the FTOS image. It is supported on the S5000 switch. Bare Metal Provisioning (BMP) improves accessibility to the S5000 switch by automatically loading pre-defined configurations and boot images that are stored in file servers. BMP can be used on a single switch or on multiple switches. For more information on using BMP and the different types of modes, refer to the Open Automation Guide.
www.dell.com | support.dell.com Prerequisites Before you use BMP 2.0 to auto-configure a supported Dell Networking switch, you must first configure a Dynamic Host Configuration Protocol (DHCP) server and a file server in the network. Optionally, you can also configure a Domain Name Server (DNS). For more information, refer to DHCP Server, Domain Name Server, and File Server.
Command Syntax Command Mode Purpose stop jump-start EXEC Privilege This command stops the jumpstart reload process while it is in progress and changes the reload type to Normal mode. If the command is initiated while the switch is downloading an image or configuration file, the command takes effect when the DHCP release is sent. The reload settings that you configure with the reload-type command are stored in non-volatile memory and retained for future reboots.
www.dell.com | support.dell.com • • • • • Boot File Name: The FTOS image to be loaded on the switch. The boot file name is expected to use Option 67 or the boot filename in the boot payload of the DHCP offer. If both are specified, Option 67 will be used. Configuration File Name: The configurations to be applied to the switch. The configuration file name is expected to use Option 209. File Server Address: The server where the Image and Configurations file are placed.
option config-file "ftp://user:passwd@10.20.4.1//home/user/ S5000-1.conf"; FTP URL with IP address option config-file "http://myserver/S5000-1.conf"; HTTP URL with hostname (requires DNS) option config-file "tftp://10.10.4.1/S5000-1.conf"; TFTP URL with IP address option config-file "flash://S5000-1.
www.dell.com | support.dell.com DHCP Retry Mechanism BMP will request a different DHCP offer in the following scenarios: • • • If you enter the reload-type jump-start config-download enable command, the DHCP offer specifies both the boot image and the configuration file. • If either the image or the configuration download is successful, BMP does not request another DHCP offer. • If the image download is successful but the configuration download fails, the switch boots up with the default configuration.
Domain Name Server Set up a Domain Name Server (DNS) to determine the host name applied in the switch startup configuration when no configuration file is retrieved from the DHCP server. The DNS server is contacted only when no configuration file is contained in a DHCP server response and the host name is not resolved from the network-config file on the switch. Refer to the FTOS Configuration Guide IPv4 Addressing chapter, Resolution of Host Names for information.
www.dell.com | support.dell.com 5. The switch sends a unicast message to the file server to retrieve the named FTOS file and/or the configuration file from the base directory of the server. a If an option bootfile-name is used, the file name can be 256 bytes. If a filename field is specified in the DHCP Offer, the filename can be 128 bytes. The name can be a fully qualified URL or it can be a file name only.
00:02:47: %STKUNIT0-M:CP 00:02:47: %STKUNIT0-M:CP successful. 00:02:47: %STKUNIT0-M:CP being applied 00:02:47: %STKUNIT0-M:CP 00:02:47: %STKUNIT0-M:CP successful. 00:02:47: %STKUNIT0-M:CP being applied c %JUMPSTART-5-JUMPSTART_RELEASE: DHCP RELEASE sent on Te 0/7. %JUMPSTART-5-JUMPSTART_DOWNLOAD: The config file download is %JUMPSTART-5-CFG_APPLY: The downloaded config from dhcp server is %JUMPSTART-5-JUMPSTART_RELEASE: DHCP RELEASE sent on Te 0/7.
www.dell.com | support.dell.com 272 | Bare Metal Provisioning 2.
11 Content Addressable Memory (CAM) Content Addressable Memory (CAM) operations are supported on the S5000 switch. This chapter includes the following topics: • • • • • Content Addressable Memory CAM Allocation Testing CAM Usage for QoS Policies Displaying CAM-ACL Settings CAM Optimization Content Addressable Memory Content Addressable Memory (CAM) is a type of memory that stores information in the form of a lookup table.
www.dell.com | support.dell.
Re-allocating CAM for Egress ACLs The default CAM allocation settings for the three egress ACL and QoS regions on an S5000 switch are: • L2 ACL(l2acl): 1 • L3 ACL (ipv4acl): 1 • IPv6 L3 ACL (ipv6acl): 2 The total egress CAM ACL space must equal 4 memory blocks. The ranges of supported FP memory blocks are: • L2 ACL(l2acl): 1 to 4. • L3 ACL (ipv4acl): 1 to 4 • IPv6 L3 ACL (ipv6acl): 0 to 4 You must allocate at least one block of memory to the L2ACL and IPv4 ACL regions.
www.dell.com | support.dell.com Displaying CAM-ACL Settings The show cam-acl command is supported on the S5000 to display the current CAM ACL settings for each ingress region.
Displaying CAM-ACL-Egress Settings Use the show cam-acl-egress command on the S5000 to display the current CAM ACL settings for each egress region. The default egress CAM ACL allocation settings on an S5000 (stack unit 0) are: FTOS#show cam-acl-egress -- Chassis Egress Cam ACL -Current Settings(in block sizes) L2Acl : 1 Ipv4Acl : 1 Ipv6Acl : 2 -- Stack unit 0 -Current Settings(in block sizes) L2Acl : 1 Ipv4Acl : 1 Ipv6Acl : 2 FTOS# CAM Optimization CAM optimization is supported on the S5000 platform.
www.dell.com | support.dell.
12 Control Plane Policing (CoPP) Control Plane Policing (CoPP) is supported on the S5000 switch. This chapter includes the following topics: • • • Overview Configuring Control Plane Policing Configuring CoPP for protocols Overview Control Plane Policing (CoPP) uses ACL rules and QoS policies to create filters for a system’s control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, rate-limits, traffic to an acceptable level.
Figure 12-2. CoPP solution example OPSF flood CPU at 1100 PPS ICMP fails Q5 Q4 CPU Processes (OSPF, LACP, STP, ICMP, etc) Packets Q6 400 PPS CPU Software Queue ICMP PING Q7 1100 PPS (Ingress Flow Entries) STP Protocol to Queue Classification Hardware Queue Rate Limiting Front End Ports www.dell.com | support.dell.com The following illustration shows an example of the difference between having CoPP implemented and not having CoPP implemented.
CoPP policies are assigned on a per-protocol or a per-queue basis, and are assigned in CONTROL-PLANE mode to each port-pipe. The CoPP policies are configured by creating extended ACL rules and specifying rate-limits through QoS policies. The ACLs and QoS policies are assigned as service-policies. Configuring CoPP for protocols This section lists the commands necessary to create and enable the service-policies for CoPP.
www.dell.com | support.dell.
Matching QoS Class Map to QoS Policy FTOS(conf)#policy-map-input egressFP_rate_policy cpu-qos FTOS(conf-policy-map-in-cpuqos)#class-map class_ospf qos-policy rate_limit_500k FTOS(conf-policy-map-in-cpuqos)#class-map class_bgp qos-policy rate_limit_400k FTOS(conf-policy-map-in-cpuqos)#class-map class_lacp qos-policy rate_limit_200k FTOS(conf-policy-map-in-cpuqos)#class-map class-ipv6 qos-policy rate_limit_200k FTOS(conf-policy-map-in-cpuqos)#exit Creating Control Plane Service Policy FTOS(conf)#control-plan
www.dell.com | support.dell.
Using the show mac protocol-queue-mapping command to view the queue mapping for the MAC protocols.
www.dell.com | support.dell.
13 Data Center Bridging (DCB) Data center bridging (DCB) features are supported on the S5000 switch, including: • • • Data center bridging exchange protocol (DCBx) Priority-based flow control (PFC) Enhanced transmission selection (ETS) This chapter describes the following data center bridging topics: • • • • • • • • Ethernet Enhancements in Data Center Bridging Data Center Bridging: Default Configuration Enabling Data Center Bridging QoS dot1p Traffic Classification and Queue Assignment Configuring PFC a
www.dell.com | support.dell.com • • • LAN traffic consists of a large number of flows that are generally insensitive to latency requirements, while certain applications, such as streaming video, are more sensitive to latency. Ethernet functions as a best-effort network that may drop packets in case of network congestion. IP networks rely on transport protocols (for example, TCP) for reliable data transmission with the associated cost of greater processing overhead and performance impact.
Figure 13-1. Priority-Based Flow Control PFC is implemented as follows in the Dell Networking operating software (FTOS): • • • • • • PFC is supported on specified 802.1p priority traffic (dot1p 0 to 7) and is configured per interface. However, only two lossless queues are supported on an interface: one for FCoE converged traffic and one for iSCSI storage traffic. You must configure the same lossless queues on all ports.
www.dell.com | support.dell.com Although you can configure strict-priority queue scheduling for a priority group, ETS introduces flexibility that allows the bandwidth allocated to each priority group to be dynamically managed according to the amount of LAN, storage, and server traffic in a flow. Unused bandwidth is dynamically allocated to prioritized priority groups. Traffic is queued according to its 802.
Data Center Bridging Exchange Protocol The data center bridging exchange (DCBx) protocol is enabled by default on the S5000; PFC and ETS are also enabled. For more information, see Data Center Bridging: Default Configuration. DCBx allows a switch to automatically discover DCB-enabled peers and exchange configuration information. PFC and ETS use DCBx to exchange and negotiate parameters with peer devices.
www.dell.com | support.dell.com Data Center Bridging: Default Configuration Before you configure PFC and ETS on an S5000 switch (see DCB Map: Configuration Procedure), take into account the following default settings: • DCB is enabled (see Enabling Data Center Bridging). • • The PFC memory buffer supports up to 64 PFC-enabled ports and two lossless queues per port. PFC and ETS are globally enabled by default: • The default dot1p priority-queue assignments are applied as follows: • 802.
QoS dot1p Traffic Classification and Queue Assignment DCB supports PFC, ETS, and DCBx to handle converged Ethernet traffic that is assigned to an egress queue according to the following quality of service (QoS) methods: • • Important: of two S5000 Honor dot1p: Using the service-class dynamic dot1p command, you can honor dot1p priorities in ingress traffic at the port or global switch level (see Default dot1p to Queue Mapping). Honoring dot1p priorities in ingress traffic is enabled by default.
www.dell.com | support.dell.com Configuring PFC and ETS in a DCB Map An S5000 switch supports the use of a DCB map in which you configure priority-based flow control and enhanced transmission selection settings. To configure PFC and ETS parameters, you must apply a DCB map on an S5000 interface (see Data Center Bridging: Default Configuration). PFC Configuration Notes Priority-based flow control (PFC) provides a flow control mechanism based on the 802.
• • • • When you configure a DCB map, an error message displays if: • The PFC dot1p priorities result in more than two lossless queues. When you apply a DCB map, an error message displays if: • Link-level flow control is already enabled on an interface. You cannot enable PFC and link-level flow control at the same time on an interface. • In a switch stack, configure all stacked ports with the same PFC configuration.
www.dell.com | support.dell.com ETS Configuration Notes ETS provides a way to optimize bandwidth allocation to outbound 802.1p classes of converged Ethernet traffic. Different traffic types have different service needs. Using ETS, you can create groups within an 802.1p priority class to configure different treatment for traffic with different bandwidth, latency, and best-effort needs.
ETS Prerequisites and Restrictions On an S5000 switch, ETS is enabled by default on Ethernet ports; equal bandwidth is assigned to each 802.1p priority. You can change the default ETS configuration only by using a DCB map. For more information, see DCB Map: Configuration Procedure.
www.dell.com | support.dell.com Step 2 Task Command Command Mode Configure the PFC setting (on or off) and the ETS bandwidth percentage allocated to traffic in each priority group or whether priority group traffic should be handled with strict priority scheduling. You can enable PFC on a maximum of two priority queues on an interface. Enabling PFC for dot1p priorities makes the corresponding port queue lossless. The sum of all allocated bandwidth percentages in all groups in the DCB map must be 100%.
Applying a DCB Map on a Port When you apply a DCB map with PFC enabled on an S5000 interface, a memory buffer for PFC-enabled priority traffic is automatically allocated. The buffer size is allocated according to the number of PFC-enabled priorities in the assigned map. To apply a DCB map to an Ethernet port, follow these steps: Step Task Command Command Mode 1 Enter interface configuration mode on an Ethernet port.
www.dell.com | support.dell.com Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface after you disable PFC mode in a DCB map and apply the map on the interface. The configuration of no-drop queues provides flexibility for ports on which PFC is not needed but lossless traffic should egress from the interface. Lossless traffic egresses out the no-drop queues. Ingress 802.
ETS Operation with DCBx In DCBx negotiation with peer ETS devices, ETS configuration is handled as follows: • • • • • ETS TLVs are supported in DCBx versions CIN, CEE, and IEEE2.5. ETS operational parameters are determined by the DCBx port-role configurations (see Configuring DCBx Operation). ETS configurations received from TLVs from a peer are validated. In case of a hardware limitation or TLV error: • DCBx operation on an ETS port goes down.
www.dell.com | support.dell.com Configuring Bandwidth Allocation for DCBx CIN After you apply a DCB map to an interface, if the DCBx version used in your data center network is CIN, you may need to configure a QoS output policy to overwrite the default CIN bandwidth allocation. This default setting divides the bandwidth allocated to each port queue equally between the dot1p priority traffic assigned to the queue.
Configuring DCBx Operation The data center bridging exchange protocol (DCBx) is used by DCB devices to exchange configuration information with directly connected peers using the link layer discovery protocol (LLDP) protocol. DCBx can detect the mis-configuration of a peer DCB device, and optionally, configure peer DCB devices with DCB feature settings to ensure consistent operation in a data center network.
www.dell.com | support.dell.com DCBx Port Roles Note: When you configure the S5000 switch to operate as an NPIV proxy gateway (see NPIV Proxy Gateway), DCBx supports only the manual port role.
• The configuration received from a DCBx peer is not stored in the switch’s running configuration. On a DCBx port that is the configuration source, all PFC and application priority TLVs are enabled. ETS recommend TLVs are disabled and ETS configuration TLVs are enabled. Manual: The port is configured to operate only with administrator-configured settings and does not auto-configure with DCB settings received from a DCBx peer or from an internally propagated configuration from the configuration source.
www.dell.com | support.dell.com Configuration Source Election When an auto-upstream or auto-downstream port receives a DCB configuration from a peer, the port first checks to see if there is an active configuration source on the switch. • • If a configuration source already exists, the received peer configuration is checked against the local port configuration. If the received configuration is compatible, the DCBx marks the port as DCBx-enabled.
Auto-Detection and Manual Configuration of the DCBx Version When operating in Auto-Detection mode (DCBx version auto command in the DCBx Configuration Procedure), a DCBx port automatically detects the DCBx version on a peer port. Legacy CIN and CEE versions are supported in addition to the standard IEEE version 2.5 DCBx. A DCBx port detects a peer version after receiving a valid frame for that version.
www.dell.com | support.dell.com DCBx Example 308 Figure 13-4 shows how DCBx is used. The external 40GbE ports on the base module (ports 33 and 37) of two switches are used for uplinks configured as DCBx auto-upstream ports. The S5000 is connected to third-party, top-of-rack (ToR) switches through 40GbE uplinks. The ToR switches are part of a Fibre Channel storage network. • The internal ports (ports 1-32) connected to the 10GbE backplane are configured as auto-downstream ports.
DCBx Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure DCBx operation on a port: • • • DCBx requires LLDP in both send (TX) and receive (RX) mode to be enabled on a port interface (protocol lldp mode command; refer to the example in CONFIGURATION versus INTERFACE Configurations in the Link Layer Discovery Protocol (LLDP) chapter). If multiple DCBx peer ports are detected on a local DCBx interface, DCBx is shut down on the interface.
www.dell.com | support.dell.com DCBx Configuration Procedure To configure an S5000for DCBx operation in a data center network, you must: 1. Configure ToR- and FCF-facing interfaces as auto-upstream ports. 2. Configure server-facing interfaces as auto-downstream ports. 3. Configure a port to operate in a configuration-source role. 4. Configure ports to operate in a manual role. To verify the DCBx configuration on a port, use the show interface DCBx detail command (Figure 13-11).
Step 5 Task Command Command Mode On manual ports only: Configure the PFC and ETS TLVs advertised to DCBx peers, where: • ets-conf enables the advertisement of ETS Configuration TLVs. • ets-reco enables the advertisement of ETS Recommend TLVs. • pfc enables the advertisement of PFC TLVs. Default: All PFC and ETS TLVs are advertised.
www.dell.com | support.dell.com Step 4 Task Command Command Mode Configure the PFC and ETS TLVs to be advertised on un-configured with a manual port-role, where: • ets-conf enables transmission of ETS Configuration TLVs. • ets-reco enables transmission of ETS Recommend TLVs. • pfc enables transmission of PFC TLVs.
Verifying DCB Configuration To display DCB configurations, use the show commands in Table 13-2. Table 13-2. Displaying DCB Configurations Command Output show qos dot1p-queue-mapping Displays the current 802.1p priority-queue mapping (Figure 13-5). show dcb Displays the DCB status (enabled or disabled) on an S5000 switch. (Figure 13-6) show qos dcb-map name Displays the PFC and ETS configuration in DCB maps configured on an S5000 switch (Figure 32-5).
www.dell.com | support.dell.com Figure 13-7.
Table 13-3. show interfaces pfc Field Descriptions Field Description Remote is enabled, Priority list Remote Willing Status is enabled Operational status (enabled or disabled) of peer device for DCBx exchange of PFC configuration with a list of the configured PFC priorities. Willing status of peer device for DCBx exchange (Willing bit received in PFC TLV): enabled or disabled. Local is enabled DCBx operational status (enabled or disabled) with a list of the configured PFC priorities.
www.dell.com | support.dell.com Table 13-3. 316 show interfaces pfc Field Descriptions Field Input Appln Priority TLV pkts Output Appln Priority TLV pkts Error Appln Priority TLV pkts Description Number of Application Priority TLVs received. Number of Application Priority TLVs transmitted. Number of Application Priority error packets received. Figure 13-8.
Figure 13-9.
www.dell.com | support.dell.
Table 13-4. show interfaces ets Field Descriptions Field Description Interface Interface type with stack-unit and port number. Max Supported TC Group Maximum number of priority groups supported. Number of Traffic Classes Number of 802.1p priorities currently configured. Admin mode ETS mode: on or off. When on, the scheduling and bandwidth allocation configured in an ETS output policy or received in a DCBx TLV from a peer can take effect on an interface.
www.dell.com | support.dell.com Figure 13-10.
Figure 13-11.
www.dell.com | support.dell.com Table 13-5. 322 | show interfaces DCBx detail Field Descriptions Field Description Local DCBx TLVs Transmitted Transmission status (enabled or disabled) of advertised DCB TLVs (see TLV code at the top of the show command output). Local DCBx Status: DCBx Operational Version DCBx version advertised in Control TLVs. Local DCBx Status: DCBx Max Version Supported Highest DCBx version supported in Control TLVs.
Table 13-5. show interfaces DCBx detail Field Descriptions Field Description Total DCBx Frames unrecognized Number of unrecognizable DCBx frames received. Figure 13-12.
www.dell.com | support.dell.com Figure 13-13.
PFC and ETS Configuration Examples This section contains examples of how to configure and apply a DCB map with PFC and ETS settings on dot1p-priority traffic on a port interface. Using PFC and ETS to Manage Data Center Traffic In the following example: • • • • SAN traffic uses dot1p priority 3, has priority-based flow control enabled, and is allocated 50% of the port bandwidth.
www.dell.com | support.dell.com Figure 13-14. Example: PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in Table 13-6. For more information, see QoS dot1p Traffic Classification and Queue Assignment.
Table 13-6. Example: dot1p-Queue Assignment dot1p Value in Incoming Frame Queue Assignment 0 0 1 0 2 0 3 1 4 2 5 3 6 3 7 3 Lossless SAN traffic with dot1p priority 3 is assigned to queue 1. Other traffic types are assigned the 802.1p priorities shown in Table 13-7 and the bandwidth allocations shown in Table 13-8. Table 13-7.
www.dell.com | support.dell.com Figure 13-15.
Using PFC and ETS to Manage Converged Ethernet Traffic in a Switch Stack Figure 13-16 shows how to apply the DCB map (ipc_san_lan) configured in Figure 13-15 on all ports in a switch stack. Figure 13-16. PFC and ETS Configuration in a Switch Stack: Example On the stack master, apply DCB map on all port on stack ports: FTOS(conf)# dcb-map stack-unit all stack-ports all ipc_san_lan Hierarchical Scheduling in ETS Configuration ETS supports up to three levels of hierarchical scheduling.
www.dell.com | support.dell.com Troubleshooting PFC, ETS, and DCBx Operation DCBx Oper Status is Down In the show interfaces pfc | ets | dcbx output, the DCBx operational status may be down for any of the reasons described in Table 13-9. When DCBx is down, the following values display in the show output field for DCBx Oper status: • • • PFC DCBx Oper status: Down ETS DCBx Oper status: Down DCBx Oper status: Disabled. W Table 13-9.
Table 13-9. Reasons why DCBx Oper Status is Down Reason ETS is down (show interfaces ets output) Description One of the following ETS-specific errors occurred in ETS validation: - Unsupported PGID - A priority group exceeds the maximum number of supported priorities. - COSQ is mapped to more than one priority group. - Invalid or unsupported transmission selection algorithm (TSA). - Bandwidth is configured for an unconfigured priority group.
www.dell.com | support.dell.com Debugging DCBx on an Interface 332 To enable DCBx debug traces for all or a specific control path, use the following command: | Task Command Command Mode Enable DCBx debugging, where: • all: Enables all DCBx debugging operations. auto-detect-timer: Enables traces for DCBx auto-detect timers. • config-exchng: Enables traces for DCBx configuration exchanges. • fail: Enables traces for DCBx failures. • mgmt: Enables traces for DCBx management frames.
Skippy812 14 Dynamic Host Configuration Protocol (DHCP) Dynamic Host Configuration Protocol (DHCP) is available on the S5000 switch.
www.dell.com | support.dell.com DHCP Packet Format and Options DHCP uses UDP as its transport protocol. The server listens on port 67 and transmits to port 68; the client listens on port 68 and transmits to port 67. The configuration parameters are carried as options in the DHCP packet in Type, Length, Value (TLV) format; many options are specified in RFC 2132.
Assigning an IP Address using DHCP When a client joins a network: 1. The client initially broadcasts a DHCPDISCOVER message on the subnet to discover available DHCP servers. This message includes the parameters that the client requires and might include suggested values for those parameters. 2. Servers unicast or broadcast a DHCPOFFER message in response to the DHCPDISCOVER that offers to the client values for the requested parameters.
www.dell.com | support.dell.com Implementation Information • • The Dell Networking implementation of DHCP is based on RFC 2131 and RFC 3046. IP Source Address Validation is a sub-feature of DHCP Snooping; FTOS uses ACLs internally to implement this feature and as such, you cannot apply ACLs to an interface which has IP Source Address Validation.
1. Address Storage and Management: DHCP servers are the owners of the addresses used by DHCP clients.The server stores the addresses and manages their use, keeping track of which addresses have been allocated and which are still available. 2. Configuration Parameter Storage and Management: DHCP servers also store and maintain other parameters that are sent to clients when requested. These parameters specify in detail how a client is to operate. 3.
www.dell.com | support.dell.com To create an address pool: Step Task Command Syntax Command Mode 1 Access the DHCP server CLI context. ip dhcp server CONFIGURATION 2 Create an address pool and give it a name. pool name DHCP 3 Specify the range of IP addresses from which the DHCP server may assign addresses. • network is the subnet address. • prefix-length specifies the number of bits used for the network portion of the address you specify.
Enabling DHCP Server This feature is available on the S5000. The DHCP server is disabled by default. Step Task Command Syntax Command Mode 1 Enter the DHCP command-line context. ip dhcp server CONFIGURATION 2 Enable DHCP server. no disable DHCP Default: Disabled 3 Display the current DHCP configuration. show config DHCP In the illustration below, an IP phone is powered by PoE and has acquired an IP address from the Dell Networking system, which is advertising LLDP-MED.
www.dell.com | support.dell.com Address Resolution using NetBIOS WINS Windows Internet Naming Service (WINS) is a name resolution service that Microsoft DHCP clients use to correlate host names to IP addresses within a group of networks. Microsoft DHCP clients can be one of four types of NetBIOS nodes: broadcast, peer-to-peer, mixed, or hybrid.
Debugging DHCP server Task Command Syntax Command Mode Display debug information for DHCP server. debug ip dhcp server [events | packets] EXEC Privilege DHCP Clear Commands Task Command Syntax Command Mode Clear DHCP binding entries for the entire binding table. clear ip dhcp binding EXEC Privilege Clear a DHCP binding entry for an individual IP address. clear ip dhcp binding ip address EXEC Privilege Clear a DHCP address conflict.
DHCP Server 10.11.2.5 Broadcast Source IP : 10.11.1.5 Destination IP: 255.255.255.255 Source Port: 67 Destination Port: 68 Unicast Source IP : 10.11.1.5 Destination IP: 10.11.0.3 Source Port: 67 Destination Port: 68 Unicast www.dell.com | support.dell.com Figure 14-4. Configuring S5000 Switch as a DHCP Relay Device DHCP Server 10.11.1.5 1/4 Broadcast Source IP : 0.0.0.0 Destination IP: 255.255.255.255 Source Port: 68 Destination Port: 67 Relay Agent Address: 0.0.0.0 1/3 Unicast Source IP : 0.0.0.
Configuring Secure DHCP The following feature is available on the S5000 switch. DHCP as defined by RFC 2131 provides no authentication or security mechanisms. Secure DHCP is a suite of features that protects networks that use dynamic address allocation from spoofing and attacks. • • • • Option 82 DHCP Snooping Dynamic ARP Inspection Source Address Validation Option 82 RFC 3046 (Relay Agent Information option, or Option 82) is used for class-based IP address assignment.
www.dell.com | support.dell.com DHCP Snooping DHCP Snooping protects networks from spoofing. In the context of DHCP Snooping, all ports are either trusted or untrusted. By default, all ports are untrusted. Trusted ports are ports through which attackers cannot connect. Manually configure ports connected to legitimate servers and relay agents as trusted.
Enabling DCHP snooping Step Task Command Syntax Command Mode 1 Enable DHCP Snooping globally. ip dhcp snooping CONFIGURATION 2 Specify ports connected to DHCP servers as trusted. ip dhcp snooping trust INTERFACE 3 Enable DHCP Snooping on a VLAN. ip dhcp snooping vlan CONFIGURATION Adding a static entry in the binding table Task Command Syntax Command Mode Add a static entry in the binding table.
www.dell.com | support.dell.com Figure 14-6. Command example: show ip dhcp snooping FTOS#show ip dhcp snooping IP IP IP IP DHCP DHCP DHCP DHCP Snooping Snooping Mac Verification Relay Information-option Relay Trust Downstream : : : : Enabled. Disabled. Disabled. Disabled.
Dynamic ARP Inspection Dynamic ARP inspection prevents ARP spoofing by forwarding only ARP frames that have been validated against the DHCP binding table. ARP is a stateless protocol that provides no authentication mechanism. Network devices accept ARP requests and replies from any device, and ARP replies are accepted even when no request was sent. If a client receives an ARP message for which a relevant entry already exists in its ARP cache, it overwrites the existing entry with the new information.
www.dell.com | support.dell.com • denial of service—an attacker can send a fraudulent ARP messages to a client to associate a false MAC address with the gateway address, which would blackhole all internet-bound packets from the client. Note: DAI uses entries in the L2SysFlow CAM region, a sub-region of SystemFlow. One CAM entry is required for every DAI-enabled VLAN. You can enable DAI on up to 16 VLANs on a system. SystemFlow has 102 entries by default.
Use show arp inspection statistics command to see how many valid and invalid ARP packets have been processed. Figure 14-9.
www.dell.com | support.dell.com The DHCP binding table associates addresses assigned by the DHCP servers, with the port on which the requesting client is attached. When IP Source Address Validation is enabled on a port, the system verifies that the source IP address is one that is associated with the incoming port. If an attacker is impostering as a legitimate client the source address appears on the wrong ingress port, and the system drops the packet.
Step 4 Task Command Syntax Command Mode Enable IP+MAC Source Address Validation. ip dhcp source-address-validation ipmac INTERFACE FTOS creates an ACL entry for each IP+MAC address pair in the binding table and applies it to the interface. Task Command Syntax Command Mode Display the IP+MAC ACL for an interface for the entire system.
www.dell.com | support.dell.
15 Equal Cost Multi-Path (ECMP) Equal Cost Multi-Path (ECMP) is supported on the S5000 switch. This chapter contains the following sections: • • ECMP for Flow-based Affinity Managing ECMP Group Paths ECMP for Flow-based Affinity ECMP for Flow-based Affinity is available on the S5000 switch. Note: IPv6 /128 routes having multiple paths do not form ECMPs. The /128 route is treated as a host entry and finds its place in the host table.
www.dell.com | support.dell.com Task Command Syntax Command Mode Enable IPv6 Deterministic ECMP Next Hop. ipv6 ecmp-deterministic CONFIGURATION Note: Packet loss might occur when you enable ip/ipv6 ecmp-deterministic for the first-time only. Configuring Hash Algorithm Seed Deterministic ECMP sorts ECMPs in order even though RTM provides them in a random order. However, the hash algorithm uses as a seed the lower 12 bits of the chassis MAC, which yields a different hash result for every chassis.
The link bundle utilization is calculated as the total bandwidth of all links divided by the total bytes-per-second of all links. Within each ECMP group, interfaces can be specified. If monitoring is enabled for the ECMP group, the utilization calculation is performed when the utilization of the link-bundle (not a link within a bundle) exceeds 60%. Enable link bundle monitoring using the ecmp-group command.
www.dell.com | support.dell.
16 FCoE Transit The Fibre Channel over Ethernet (FCoE) Transit feature is supported on the S5000 switch on Ethernet interfaces. When you enable an S5000 for FCoE transit, the switch functions as a FIP snooping bridge. Note: FCoE transit with FIP snooping is not supported on Fibre Channel interfaces, in an S5000 switch stack, or on links between VLT peer switches.
www.dell.com | support.dell.com To ensure similar Fibre Channel robustness and security with FCoE in an Ethernet cloud network, the Fibre Channel over Ethernet initialization protocol (FIP) establishes virtual point-to-point links between FCoE end-devices (server ENodes and target storage devices) and FCoE forwarders (FCFs) over transit FCoE-enabled bridges.
Figure 16-1. FIP discovery and login between an ENode and an FCF FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF. An Ethernet bridge that provides these FCoE transit functions is called a FIP snooping bridge (FSB).
www.dell.com | support.dell.com Dynamic ACL generation on the switch operating as a FIP snooping bridge functions as follows: • • • Port-based ACLs are applied on all three port modes: on ports directly connected to an FCF, server-facing ENode ports, and bridge-to-bridge links. Port-based ACLs take precedence over global ACLs. FCoE-generated ACLs take precedence over user-configured ACLs. A user-configured ACL entry cannot deny FCoE and FIP snooping frames. Figure 16-2.
The following sections describe how to configure the FCoE transit feature on a switch that functions as a FIP snooping bridge so that it can perform the following functions: • • • • • • Allocate CAM resources for FCoE. Perform FIP snooping (allowing and parsing FIP frames) globally on all VLANs or on a per-VLAN basis. Set the FCoE MAC address prefix (FC-MAP) value used by an FCF to assign a MAC address to an FCoE end-device (server ENode or storage device) after a server successfully logs in.
www.dell.com | support.dell.com As soon as you enable the FCoE transit feature on a switch-bridge, the existing VLAN-specific and FIP snooping configurations are applied. The FCoE database is populated when the switch connects to a converged network adapter (CNA) or FCF port and compatible DCB configurations are synchronized. By default, all FCoE and FIP frames are dropped unless specifically permitted by existing FIP snooping-generated ACLs. You can reconfigure any of the FIP snooping settings.
Configuring the FC-MAP Value You can configure the FC-MAP value to be applied globally by the switch on all or individual FCoE VLANs to authorize FCoE traffic. The configured FC-MAP value is used to check the FC-MAP value for the MAC address assigned to ENodes in incoming FCoE frames. If the FC-MAP value does not match, FCoE frames are dropped. A session between an ENode and an FCF is established by the switch-bridge only when the FC-MAP value on the FCF matches the FC-MAP value on the FIP snooping bridge.
www.dell.com | support.dell.com Impact on Other Software Features When you enable FCoE transit with FIP snooping on a switch, other software features are impacted as follows: • • • • MAC address learning: MAC address learning is not performed on FIP and FCoE frames, which are denied by ACLs dynamically created by FIP snooping on server-facing ports in ENode mode.
FIP Snooping Restrictions The following restrictions apply when you configure FIP snooping: • • • • • The maximum number of FCoE VLANs supported: • on an S5000 NPIV proxy gateway is 12. • on an S5000 switch not configured as an NPIV proxy gateway is 8. The maximum number of FCFs supported on a FIP snooping-enabled VLAN: • on an S5000 NPIV proxy gateway is 12. • on an S5000 switch not configured as an NPIV proxy gateway is 4.
www.dell.com | support.dell.com FIP Snooping Configuration Procedure You can enable FIP snooping globally on all FCoE VLANs on a switch or on an individual FCoE VLAN in bridge-to-FCF links. By default, FIP snooping is disabled. Note: When you configure the S5000 as an NPIV proxy gateway and enable Fibre Channel capability (feature fc command), FIP snooping is automatically enabled on all VLANs on the switch, using the default FIP snooping settings.
Displaying FIP Snooping Information Use the show commands in Table 16-1 to display information on FIP snooping. Table 16-1.
www.dell.com | support.dell.com Figure 16-3. show fip-snooping sessions Command Example FTOS#show fip-snooping sessions Enode MAC Enode Intf aa:bb:cc:00:00:00 Te 0/42 aa:bb:cc:00:00:00 Te 0/42 aa:bb:cc:00:00:00 Te 0/42 aa:bb:cc:00:00:00 Te 0/42 aa:bb:cc:00:00:00 Te 0/42 FCoE MAC 0e:fc:00:01:00:01 0e:fc:00:01:00:02 0e:fc:00:01:00:03 0e:fc:00:01:00:04 0e:fc:00:01:00:05 Table 16-2.
Table 16-3. show fip-snooping enode Command Description Field Description ENode MAC MAC address of the ENode. ENode Interface Slot/ port number of the interface connected to the ENode. FCF MAC MAC address of the FCF. VLAN VLAN ID number used by the session. FC-ID Fibre Channel session ID assigned by the FCF. Figure 16-6. show fip-snooping fcf Command Example FTOS# show fip-snooping fcf FCF MAC FCF Interface ------------------54:7f:ee:37:34:40 Po 22 Table 16-4.
www.dell.com | support.dell.com Figure 16-7.
Figure 16-8.
www.dell.com | support.dell.com Table 16-5. show fip-snooping statistics Command Descriptions Field Description Number of FDISC Rejects Number of FIP FDISC reject frames received on the interface. Number of FLOGO Accepts Number of FIP FLOGO accept frames received on the interface. Number of FLOGO Rejects Number of FIP FLOGO reject frames received on the interface. Number of CVLs Number of FIP clear virtual link frames received on the interface.
Figure 16-11. Configuration Example: FCoE Transit on an S5000 Switch In Figure 16-11, DCBx and PFC are enabled on the FIP snooping bridge and on the FCF ToR switch. On the FIP snooping bridge, DCBx is configured as follows: • • A server-facing port is configured for DCBx in an auto-downstream role. An FCF-facing port is configured for DCBx in an auto-upstream or configuration-source role.
www.dell.com | support.dell.com Figure 16-12. FIP Snooping Configuration Example Enable the FCoE Transit feature on the switch (FIP snooping bridge): FTOS(conf)# feature fip-snooping Enable FIP snooping on FCoE VLAN 10: FTOS(conf)# interface vlan 10 FTOS(conf-if-vl-10)# fip-snooping enable Enable an FC-MAP value on VLAN 10: FTOS(conf-if-vl-10)# fip-snooping fc-map OEFC01 Note: Configuring an FC-MAP value is only required if you do not use the default FC-MAP value (0x0EFC00).
17 Force10 Resilient Ring Protocol (FRRP) Force10 Resilient Ring Protocol (FRRP) is supported on the S5000 switch. Force10 Resilient Ring Protocol (FRRP) provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a Metropolitan Area Network (MAN) or large campuses.
www.dell.com | support.dell.com Each Transit node is also configured with a Primary port and a Secondary port on the ring, but the port distinction is ignored as long as the node is configured as a Transit node. If the ring is complete, the Master node logically blocks all data traffic in the transmit and receive directions on the Secondary port to prevent a loop.
Ring Checking At specified intervals, the Master Node sends a Ring Health Frame (RHF) through the ring. If the ring is complete, the frame is received on its secondary port and the Master node resets its fail-period timer and continues normal operation. If the Master node does not receive the Ring Health Frame (RHF) before the fail-period timer expires (a configurable timer), the Master node moves from the Normal state to the Ring-Fault state and unblocks its Secondary port.
www.dell.com | support.dell.com Member VLAN Spanning Two Rings Connected by One Switch A Member VLAN can span two rings interconnected by a common switch, in a figure-eight style topology. A switch can act as a Master node for one FRRP Group and a Transit for another FRRP group, or it can be a Transit node for both rings. In the example shown below, FRRP 101 is a ring with its own Control VLAN, and FRRP 202 has its own Control VLAN running on another ring.
Important FRRP Points FRRP provides a convergence time that can generally range between 150ms and 1500ms for Layer 2 networks. The master node originates a high-speed frame that circulates around the ring. This frame, appropriately, sets up or breaks down the ring.
www.dell.com | support.dell.com Table 17-1. FRRP Components (continued) Concept Explanation Ring Interface State Each interface (port) that is part of the ring maintains one of four states • • • • Blocking State: Accepts ring protocol packets but blocks data packets. LLDP, FEFD, or other Layer 2 control packets are accepted. Only the master node Secondary port can enter this state. Pre-Forwarding State: A transition state before moving to the Forward state.
• • The Control VLAN cannot have members that are not ring ports. If multiple rings share one or more member VLANs, they cannot share any links between them. • Member VLANs across multiple rings are not supported in Master nodes. • Each ring has only one Master node; all others are transit nodes. Configuring FRRP These are the tasks to configure FRRP.
www.dell.com | support.dell.com • • • • Control VLAN ports must be tagged. All ports on the ring must use the same VLAN ID for the Control VLAN. A VLAN cannot be configured as both a Control VLAN and Member VLAN on the same ring. Only two interfaces can be members of a Control VLAN (the Master Primary and Secondary ports).
Configuring and adding the Member VLANs Control and Member VLANS are configured normally for Layer 2. Their status as Control or Member is determined at the FRRP group commands. For complete information about configuring VLANS in Layer 2 mode, refer to Layer 2. Be sure to follow these guidelines: • • • All VLANS must be in Layer 2 mode. Control VLAN ports must be tagged. Member VLAN ports except the Primary/Secondary interface can be tagged or untagged.
www.dell.com | support.dell.com Setting FRRP Timers Step Command Syntax Command Mode Purpose 1 timer CONFIG-FRRP Enter the desired intervals for Hello-Interval or Dead-Interval times. Hello-Interval: 50-2000, in increments of 50 (default is 500) Dead-Interval: 50-6000, in increments of 50 (default is 1500) {hello-interval|dead-interval} milliseconds The Dead-Interval time should be set at 3x the Hello-Interval. Clearing FRRP counters Use one of the following commands to clear the FRRP counters.
Troubleshooting FRRP Configuration Checks • • • • • • Each Control Ring must use a unique VLAN ID Only two interfaces on a switch can be Members of the same Control VLAN There can be only one Master node for any FRRP Group. FRRP can be configured on Layer 2 interfaces only Spanning Tree (if enabled globally) must be disabled on both Primary and Secondary when FRRP is enabled.
www.dell.com | support.dell.com Figure 17-3.
18 GARP VLAN Registration Protocol (GVRP) GARP VLAN Registration Protocol (GVRP) is supported on the S5000 switch. This chapter contains the following sections: • • • • • • Protocol Overview Configuring GVRP Enabling GVRP Globally Enabling GVRP on a Layer 2 Interface Configuring GVRP Registration Configuring a GARP Timer Protocol Overview Typical VLAN implementation involves manually configuring each Layer 2 switch that participates in a given VLAN.
www.dell.com | support.dell.com • The S5000 supports Per-VLAN Spanning Tree (PVST+) and allows GVRP and MSTP to be enabled at the same time. Figure 18-1. GVRP Compatibility Error Message FTOS(conf)#protocol spanning-tree pvst FTOS(conf-pvst)#no disable % Error: GVRP running. Cannot enable PVST. FTOS(conf)#protocol gvrp FTOS(conf-gvrp)#no disable % Error: PVST running. Cannot enable GVRP. Configuring GVRP Globally, enable GVRP on each switch to facilitate GVRP communications.
Figure 18-2. GVRP Configuration Overview GVRP is configured globally and on all VLAN trunk ports for the edge and core switches. Edge Switches Edge Switches Core Switches VLANs 70-80 VLANs 10-20 VLANs 10-20 VLANs 30-50 VLANs 30-50 VLANs 70-80 NOTES: VLAN 1 mode is always fixed and cannot be configured All VLAN trunk ports must be configured for GVRP All VLAN trunk ports must be configured as 802.1Q Basic GVRP configuration is a 2-step process: 1. Enabling GVRP Globally. 2.
www.dell.com | support.dell.com Figure 18-3. Enabling GVRP Globally FTOS(conf)#protocol gvrp FTOS(conf-gvrp)#no disable FTOS(conf-gvrp)#show config ! protocol gvrp no disable FTOS(conf-gvrp)# Enabling GVRP on a Layer 2 Interface Enable GVRP on a Layer 2 interface using the command gvrp enable in INTERFACE mode, as shown in the following example.
Figure 18-5.
www.dell.com | support.dell.
19 High Availability High Availability (HA) features are supported only on a stacked S5000 switch; they are not supported on a standalone S5000. High availability is a collection of features that preserves system continuity by maximizing uptime and minimizing packet loss during system disruptions.
www.dell.com | support.dell.com For example, if hitless OSPF is configured over hitless LACP LAGs, both features work seamlessly to deliver a hitless OSPF-LACP result. However, if hitless behavior involves multiple protocols, all must be hitless in order to achieve a hitless end result. For example, if OSPF is hitless but BFD is not, OSPF operates hitlessly and BFD flaps upon an RPM failover.
Trace Log Developers interlace messages with software code to track a the execution of a program. These messages are called trace messages; they are primarily used for debugging and provide lower level information than event messages, which are primarily used by system administrators. FTOS retains executed trace messages for hardware and software and stores them in files (logs) on the internal flash. • • Trace Log—contains trace messages related to software and hardware events, state, and errors.
| High Availability www.dell.com | support.dell.
20 Internet Group Management Protocol (IGMP) Internet Group Management Protocol (IGMP) is supported on S5000 switch. Multicast is premised on identifying many hosts by a single destination IP address; hosts represented by the same IP address are a multicast group. Internet Group Management Protocol (IGMP) is a Layer 3 multicast protocol that hosts use to join or leave a multicast group.
www.dell.com | support.dell.com IGMP Protocol Overview IGMP has three versions. Version 3 obsoletes and is backwards-compatible with version 2; version 2 obsoletes version 1. IGMP version 2 IGMP version 2 improves upon version 1 by specifying IGMP Leave messages, which allows hosts to notify routers that they no longer care about traffic for a particular group.
3. The querier receives the report for a group and adds the group to the list of multicast groups associated with its outgoing port to the subnet. Multicast traffic for the group is then forwarded to that subnet. Sending an Unsolicited IGMP Report: A host does not have to wait for a general query to join a group. It may send an unsolicited IGMP Membership Report, also called an IGMP Join message, to the querier. Leaving a Multicast Group 1.
www.dell.com | support.dell.com Figure 20-2. IGMP version 3 Membership Query Packet Format Max.
Figure 20-4. IGMP Membership Reports: Joining and Filtering Membership Reports: Joining and Filtering 3 Interface Multicast Group Filter Source Source Address Timer Mode Timer 1/1 224.1.1.1 GMI Exclude None 1/1 224.1.1.1 Include 10.11.1.1 GMI 1/1 224.1.1.1 Include 10.11.1.1 GMI IGMP Group-and-Source Specific Query Non-Querier Querier Type: 0x11 Group Address: 244.1.1.1 Number of Sources: 1 Source Address: 10.11.1.1 1/1 10.11.1.
www.dell.com | support.dell.com Figure 20-5. IGMP Membership Queries: Leaving and Staying in Groups Membership Queries: Leaving and Staying Non-Querier Querier Interface Multicast Group Filter Source Source Address Timer Mode Timer 1/1 224.1.1.1 Include 10.11.1.1 LQMT 10.11.1.2 LQMT Non-querier builds identical table and waits Other Querier Present Interval to assume Querier role 1/1 2/1 224.2.2.2 GMI Exclude None IGMP Group-and-Source Specific Query Type: 0x11 Group Address: 224.1.1.
Figure 20-6. Viewing IGMP-enabled Interfaces FTOS#show ip igmp interface tengig 7/16 TenGigabitEthernet 7/16 is up, line protocol is up Internet address is 10.87.3.2/24 IGMP is enabled on interface IGMP query interval is 60 seconds IGMP querier timeout is 300 seconds IGMP max query response time is 10 seconds Last member query response interval is 199 ms IGMP activity: 0 joins, 0 leaves IGMP querying router is 10.87.3.
www.dell.com | support.dell.com Figure 20-8. Viewing Static and Learned IGMP Groups FTOS(conf-if-te-1/0)#do sho ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Uptime Expires Last Reporter 224.1.1.1 TenGigabitEthernet 1/0 00:00:03 Never CLI 224.1.2.1 TenGigabitEthernet 1/0 00:56:55 00:01:22 1.1.1.
2. When a router receives a query it compares the IP address of the interface on which it was received with the source IP address given in the query. If the receiving router IP address is greater than the source address given in the query, the router stops sending queries. By this method, the router with the lowest IP address on the subnet is elected querier and continues to send queries. 3.
www.dell.com | support.dell.com IGMP Snooping Implementation Information • • • IGMP Snooping on FTOS uses IP multicast addresses not MAC addresses. IGMP Snooping is supported on all S5000 stack members. IGMP Snooping reacts to STP and MSTP topology changes by sending a general query on the interface that transitions to the forwarding state. Configuring IGMP Snooping Configuring IGMP Snooping is a one-step process.
Disabling Multicast Flooding If the switch receives a multicast packet that has an IP address of a group it has not learned (unregistered frame), the switch floods that packet out of all ports on the VLAN. You can configure the S5000 to only forward unregistered packets to ports on a VLAN that are connected to multicast routers (mrouter ports) using the command no ip igmp snooping flood from CONFIGURATION mode.
www.dell.com | support.dell.com Adjust the Last Member Query Interval using the command ip igmp snooping last-member-query-interval from INTERFACE VLAN mode. Fast Convergence after MSTP Topology Changes When a port transitions to the Forwarding state as a result of an STP or MSTP topology change, FTOS sends a general query out of all ports except the multicast router ports.
21 Interfaces This chapter describes interface types, both physical and logical, and how to configure them with FTOS.The S5000 supports 10-Gigabit Ethernet, 40-Gigabit Ethernet, and Fibre Channel (2, 4, and 8G) interfaces.
www.dell.com | support.dell.
Figure 21-1.
www.dell.com | support.dell.com Use the show ip interfaces brief command in the EXEC Privilege mode to view which interfaces are enabled for Layer 3 data transmission. In Figure 21-2, the 10-GigabitEthernet interface 1/5 is in Layer 3 mode because an IP address has been assigned to it and the interface’s status is operationally up. Figure 21-2.
Enabling a Physical Interface After determining the type of physical interfaces available, the user may enter the INTERFACE mode by entering the command interface type slot/port to enable and configure the interfaces.
www.dell.com | support.dell.com Configuration Task List for Physical Interfaces By default, all interfaces are operationally disabled and traffic will not pass through them.
Figure 21-4 shows the basic configuration found in a Layer 2 interface. Figure 21-4. show config Command Example of a Layer 2 Interface FTOS(conf-if)#show config ! interface Port-channel 1 no ip address switchport no shutdown FTOS(conf-if)# To configure an interface in Layer 2 mode, use these commands in the INTERFACE mode: Command Syntax Command Mode Purpose no shutdown INTERFACE Enable the interface. switchport INTERFACE Place the interface in Layer 2 (switching) mode.
www.dell.com | support.dell.com If an interface is in the incorrect layer mode for a given command, an error message is displayed. For example, in Figure 21-6, the ip address command triggered an error message because the interface is in Layer 2 mode and the ip address command is a Layer 3 command only. Figure 21-6.
To view IP information on an interface in Layer 3 mode, use the show ip interface command in EXEC Privilege mode (Figure 21-7). Figure 21-7. show ip interface Command Example FTOS>show ip int vlan 58 Vlan 58 is up, line protocol is up Internet address is 1.1.49.1/24 Broadcast address is 1.1.49.
www.dell.com | support.dell.com To configure IP addresses on a Management interface, use the following command in the MANAGEMENT INTERFACE mode: Command Syntax Command Mode Purpose ip address ip-address mask INTERFACE Configure an IP address and mask on the interface. • ip-address mask: enter an address in dotted-decimal format (A.B.C.D), the mask must be in /prefix format (/x) Each Management interface must be configured with a different IP address.
Displaying a Management Interface Configuration You can manage the S5000 from any port. Configure an IP address for the port using the ip address command, and enable it using the command no shutdown. The user may use the command description from INTERFACE mode to note that the interface is the management interface. There is no separate management routing table, so the user must configure all routes in the IP routing table (the ip route command).
www.dell.com | support.dell.com VLAN Interfaces VLANs are logical interfaces and are, by default, in Layer 2 mode. Physical interfaces and port channels can be members of VLANs. For more information on VLANs and Layer 2, refer to Layer 2 and Virtual LANs (VLAN) Note: To monitor VLAN interfaces, use the Management Information Base for Network Management of TCP/IP-based internets: MIB-II (RFC 1213). Note: Egress rate shaping and ingress rate policing cannot be simultaneously used on the same VLAN.
Loopback Interfaces A Loopback interface is a virtual interface in which the software emulates an interface. Packets routed to it are processed locally. Since this interface is not a physical interface, you can configure routing protocols on this interface to provide protocol stability. You can place Loopback interfaces in default Layer 3 mode.
www.dell.com | support.dell.com Port channel benefits Port channels are transparent to network configurations and can be modified and managed as one interface. For example, you configure one IP address for the group and that IP address is used for all routed traffic on the port channel. With this feature, the user can create larger-capacity interfaces by utilizing a group of lower-speed links. For example, the user can build a 5-Gigabit interface by aggregating five 10-Gigabit Ethernet interfaces together.
The common speed is determined when the port channel is first enabled. At that time, the software checks the first interface listed in the port channel configuration. If that interface is enabled, its speed configuration becomes the common speed of the port channel. If the other interfaces configured in that port channel are configured with a different speed, FTOS disables them.
www.dell.com | support.dell.com You can configure a port channel as you would a physical interface by enabling or configuring protocols or assigning access control lists. Adding a physical interface to a port channel The physical interfaces in a port channel can be on any switch in an S5000 stack, but must be the same physical type.
To view the port channel’s status and channel members in a tabular format, use the show interfaces port-channel brief command in EXEC Privilege mode (Figure 21-10). Figure 21-10.
www.dell.com | support.dell.com As soon as a physical interface is added to a port channel, the properties of the port channel determine the properties of the physical interface. The configuration and status of the port channel are also applied to the physical interfaces within the port channel. For example, if the port channel is in Layer 2 mode, you cannot add an IP address or a static MAC address to an interface that is part of that port channel.
Figure 21-13 shows an example of moving the 10-GigabitEthernet 1/8 interface from port channel 1 to port channel 5. Figure 21-13.
www.dell.com | support.dell.com Adding or removing a port channel from a VLAN As with other interfaces, you can add Layer 2 port channel interfaces to VLANs. To add a port channel to a VLAN, you must place the port channel in Layer 2 mode (by using the switchport command). To add a port channel to a VLAN, use either of the following commands: Command Syntax Command Mode Purpose tagged port-channel id number INTERFACE VLAN Add the port channel to the VLAN as a tagged interface.
Deleting or disabling a port channel To delete a port channel, you must be in the CONFIGURATION mode and use the no interface portchannel channel-number command. When you disable a port channel (using the shutdown command) all interfaces within the port channel are operationally down also. Load balancing through port channels FTOS uses hash algorithms for distributing traffic evenly over channel members in a port channel (LAG). The hash algorithm distributes traffic among ECMP paths and LAG members.
www.dell.com | support.dell.com To change the IP traffic load balancing default on the S5000, use the following command: Command Syntax Command Mode Purpose [no] load-balance {ip-selection [dest-ip | source-ip]} | {mac [dest-mac | source-dest-mac | source-mac]} | {tcp-udp enable} | {ing-port} CONFIGURATION Replace the default IP 4-tuple method of balancing traffic over a port channel.
Bulk Configuration Bulk configuration enables you to determine if interfaces are present for physical interfaces or configured for logical interfaces. Interface Range An interface range is a set of interfaces to which other commands may be applied and may be created if there is at least one valid interface within the range. Bulk configuration excludes from configuration any non-existing interfaces from an interface range.
www.dell.com | support.dell.com Creating a single-range Figure 21-15. Creating a Single-Range Bulk Configuration FTOS(conf)# interface range tengigabitethernet 0/0 - 11 FTOS(conf-if-range-te-0/0-11)# no shutdown FTOS(conf-if-range-te-0/0-11)# Creating a multiple-range Figure 21-16.
Commas The example below shows how to use commas to add different interface types to the range, enabling all 10-Gigabit Ethernet interfaces in the range 0/1 to 0/10 and both 10-Gigabit Ethernet interfaces 1/12 and 1/ 20. Figure 21-20.
www.dell.com | support.dell.com Figure 21-22. Define an Interface Range Macro FTOS(conf)# define interface-range test tengigabitethernet 0/1 - 4 Choosing an Interface-range Macro To use an interface-range macro in the interface range command, enter this command: Command Syntax Command Mode Purpose interface range macro name CONFIGURATION Selects the interfaces range to be configured using the values saved in a named interface-range macro.
The information displays in a continuous run, refreshing every 2 seconds by default as shown in the example below. Use the following keys to manage the output. m - Change mode c - Clear screen l - Page up a - Page down T - Increase refresh interval (by 1 second) t - Decrease refresh interval (by 1 second) q - Quit Figure 21-24. monitor interface Command Example FTOS#monitor interface tengig 3/1 Dell Networking uptime is 1 day(s), 4 hour(s), 31 minute(s) Monitor time: 00:00:00 Refresh Intvl.
www.dell.com | support.dell.com Splitting QSFP ports to SFP+ ports Splitting QSFP ports to SFP+ ports is supported on the S5000 switch. The S5000 switch supports splitting a single 40G QSFP port into four 10G SFP+ ports using one of the supported breakout cables (refer to the Installation Guide or the Release Notes for a list of supported cables). Command Syntax Command Mode Purpose stack-unit stack-unit port CONFIGURATION Split a single 40G port into 4-10G ports on the S5000 or Z9000.
Link Dampening Interface state changes occur when interfaces are administratively brought up or down or if an interface state changes. Every time an interface changes state or flaps, routing protocols are notified of the status of the routes that are affected by the change in state, and these protocols go through momentous task of re-converging. Flapping therefore puts the status of entire network at risk of transient loops and black holes.
www.dell.com | support.dell.com Figure 21-26. show interfaces dampening FTOS# show interfaces Interface State Flaps Te 0/0 Up 0 Te 0/1 Up 2 Te 0/2 Down 4 dampening Penalty Half-Life 0 5 1200 20 850 30 Reuse 750 500 600 Suppress 2500 1500 2000 Max-Sup 20 300 120 View a dampening summary for the entire system using the command show interfaces dampening summary from EXEC Privilege mode, as shown in the example below. Figure 21-27.
Configuring MTU size on an Interface The link MTU is the frame size of a packet, and the IP MTU size is used for IP fragmentation. If the system determines that the IP packet must be fragmented as it leaves the interface, FTOS divides the packet into fragments no bigger than the size set in the ip mtu command.
www.dell.com | support.dell.com Using Ethernet Pause Frames for Flow Control Using Ethernet Pause Frames for Flow Control are supported on the S5000 switch. Note: On the S5000, threshold settings are not supported for Ethernet Pause Frame flow control. Ethernet Pause Frames allow for a temporary stop in data transmission. A situation may arise where a sending device may transmit data faster than a destination device can accept it.
Configuring MTU Size on an Interface If a packet includes a Layer 2 header, the difference in bytes between the link MTU and IP MTU must be enough to include the Layer 2 header. For example, for VLAN packets, if the IP MTU is 1400, the Link MTU must be no less than 1422: 1400-byte IP MTU + 22-byte VLAN Tag = 1422-byte link MTU The MTU range is 592-12000, with a default of 1500. The S5000 automatically configures the IP MTU.
www.dell.com | support.dell.com Adjusting the keepalive timer Use the keepalive command to change the time interval between keepalive messages on the interfaces. The interface sends keepalive messages to itself to test network connectivity on the interface. To change the default time interval between keepalive messages, use the following command: Command Syntax Command Mode Purpose keepalive [seconds] INTERFACE Change the default interval between keepalive messages.
In EXEC mode, the show interfaces switchport command displays only interfaces in Layer 2 mode and their relevant configuration information. The show interfaces switchport command as shown in the example below displays the interface, whether the interface supports IEEE 802.1Q tagging or not, and the VLANs to which the interface belongs. Figure 21-30. show interfaces switchport Command Example FTOS#show interfaces switchport Name: TenGigabitEthernet 13/0 802.
www.dell.com | support.dell.com Figure 21-31 shows how to configure rate interval when changing the default value. Figure 21-31.
Dynamic Counters By default, counting for the following four applications is enabled: • • • • IPFLOW IPACL L2ACL L2FIB For remaining applications, FTOS automatically turns on counting when the application is enabled, and is turned off when the application is disabled. Please note that if more than four counter-dependent applications are enabled on a port pipe, there is an impact on line rate performance.
www.dell.com | support.dell.com Clearing interface counters The counters in the show interfaces command are reset by the clear counters command. This command does not clear the counters captured by any SNMP program.
Fibre Channel Interfaces The S5000 functions as a Converged Enhanced Ethernet (CEE) switch that supports both LAN and Storage Area Network (SAN) traffic using the Fibre Channel protocol. To access a SAN fabric, you must use a Fibre Channel (FC) module installed in the S5000. S5000 FC ports operate at 2G, 4G, and 8G speed. By default, FC ports have autosensing speed enabled to use or negotiate port speed with a peer SAN switch.
www.dell.com | support.dell.com Step Command Syntax Command Mode Purpose 2 speed {auto | 2G | 4G | 8G} INTERFACE FIBRE_CHANNEL Configure the speed of an FC port. The valid values are: 2, 4 or 8 Gbps or autosensing. Default: An FC port autosenses the speed of a peer FC port. 3 fabric fcoe-map-name INTERFACE FIBRE_CHANNEL Configure the SAN fabric to which an FC port connects by entering the name of the FCoE map applied to the interface.
Figure 21-33. show interfaces fibrechannel Command Example FTOS#show interfaces fibrechannel 0/0 Fibrechannel 0/0 is down, FC link is down Pluggable media present, SFP+ type is FC-8GBPS-SR Wavelength is 850nm SFP+ receive power reading is -3.
www.dell.com | support.dell.com Table 21-5. 450 show interfaces fibrechannel Command Description Field Description WWN, FC-ID Factory-provided world-wide name (WWN) of FC port (in hexadecimal) that uniquely identifies the port on the switch (not user-configurable) and the unique FC port ID (24-bit in hexadecimal) received from an FC switch in the fabric after a successful login.
Table 21-5. show interfaces fibrechannel Command Description Field Description RxOfflineSequences Number of offline sequences received. TxOfflineSequences Number of offline sequences transmitted. TotalOfflineSequences Total number of offline sequences. Rate Information: Input bytes/sec, frames/sec, % of line-rate Incoming rate of FC traffic in bytes per second, frames per second, and percentage of the total line rate.
www.dell.com | support.dell.com Troubleshooting Fibre Channel Operation To investigate problems in FC interface operation, use the commands in Table 21-7. Table 21-7. Troubleshooting FC Operation Command Output create fc-dump-support Perform a dump of information on S5000 Fibre Channel operation and store the FC dump file in flash/CORE_DUMP_DIR. Syslog messages are generated at the start and end of the FC dump file creation.
Figure 21-37. Displaying the Fibre Channel CPU boot log FTOS#show file flash://TRACE_LOG_DIR/fc_console.log 1U-Boot 2012.04(Dell Networking) Built by build at tools-sjc-01 on Thu Dec 6 14:31:38 2012 S5000 Boot Selector Label 1.3.0.0m CPU0: P2020, Version: 2.1, (0x80e20021) Core: E500, Version: 5.1, (0x80211051) Clock Configuration: CPU0:1200 MHz, CPU1:1200 MHz, CCB:600 MHz, DDR:330 MHz (660 MT/s data rate) (Asynchronous), LBC:37.
| Interfaces www.dell.com | support.dell.
22 IPv4 Routing IPv4 Routing is supported on the S5000 switch. FTOS supports various IP addressing features. This chapter explains the basics of Domain Name Service (DNS), Address Resolution Protocol (ARP), and routing principles and their implementation in FTOS.
www.dell.com | support.dell.com IP Addresses FTOS supports IP version 4, as described in RFC 791. It also supports classful routing and Variable Length Subnet Masks (VLSM). With VLSM one network can be can configured with different masks. Supernetting, which increases the number of subnets, is also supported. Subnetting is when a mask is added to the IP address to separate the network and host portions of the IP address.
To assign an IP address to an interface, use these commands in the following sequence, starting in the CONFIGURATION mode: Step Command Syntax Command Mode Purpose interface interface CONFIGURATION Enter the keyword interface followed by the type of interface and slot/port information: • For a Loopback interface, enter the keyword loopback followed by a number from 0 to 16383. • For the Management interface, enter the keyword ManagementEthernet followed by the slot/port information.
www.dell.com | support.dell.com Figure 22-2. show ip interface Command Example FTOS#show ip int te 0/8 TenGigabiEthernet 0/8 is up, line protocol is up Internet address is 10.69.8.1/24 Broadcast address is 10.69.8.
Figure 22-3. show ip route static Command Example (partial) FTOS#show ip route static Destination Gateway ----------------S 2.1.2.0/24 Direct, Nu 0 S 6.1.2.0/24 via 6.1.20.2, S 6.1.2.2/32 via 6.1.20.2, S 6.1.2.3/32 via 6.1.20.2, S 6.1.2.4/32 via 6.1.20.2, S 6.1.2.5/32 via 6.1.20.2, S 6.1.2.6/32 via 6.1.20.2, S 6.1.2.7/32 via 6.1.20.2, S 6.1.2.8/32 via 6.1.20.2, S 6.1.2.9/32 via 6.1.20.2, S 6.1.2.10/32 via 6.1.20.2, S 6.1.2.11/32 via 6.1.20.2, S 6.1.2.12/32 via 6.1.20.2, S 6.1.2.13/32 via 6.1.20.2, S 6.1.2.
www.dell.com | support.dell.com To view the configured static routes for the management port, use the show ip management-route command in the EXEC privilege mode. Figure 22-4. show ip management-route Command Example FTOS>show ip management-route Destination ----------1.1.1.0/24 172.16.1.0/24 172.31.1.0/24 Gateway ------172.31.1.250 172.31.1.250 ManagementEthernet 1/0 State ----Active Active Connected FTOS> Directed Broadcast By default, FTOS drops directed broadcast packets destined for an interface.
Command Syntax Command Mode Purpose ip domain-lookup CONFIGURATION Enable dynamic resolution of host names. ip name-server ip-address [ip-address2 ... ip-address6] CONFIGURATION Specify up to 6 name servers. The order you entered the servers determines the order of their use. To view current bindings, use the show hosts command. Figure 22-5. show hosts Command Example FTOS>show host Default domain is dell.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose ip domain-list name CONFIGURATION Enter up to 63 characters to configure names to complete unqualified host names. Configure this command up to 6 times to specify a list of possible domain names. FTOS searches the domain names in the order they were configured until a match is found or the list is exhausted. DNS with traceroute To configure your switch to perform DNS with traceroute, follow the steps below in the CONFIGURATION mode.
ARP FTOS uses two forms of address resolution: ARP and Proxy ARP. Address Resolution Protocol (ARP) runs over Ethernet and enables endstations to learn the MAC addresses of neighbors on an IP network. Over time, FTOS creates a forwarding table mapping the MAC addresses to their corresponding IP address. This table is called the ARP Cache and dynamically learned addresses are removed after a defined period of time. For more information on ARP, see RFC 826, An Ethernet Address Resolution Protocol.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose arp ip-address mac-address interface CONFIGURATION Configure an IP address and MAC address mapping for an interface. • ip-address: IP address in dotted decimal format (A.B.C.D). • mac-address: MAC address in nnnn.nnnn.nnnn format • interface: enter the interface type slot/port information. These entries do not age and can only be removed manually. To remove a static ARP entry, use the no arp ip-address command syntax.
Command Syntax Command Mode Purpose clear arp-cache [interface | ip ip-address] [no-refresh] EXEC privilege Clear the ARP caches for all interfaces or for a specific interface by entering the following information: • For a port channel interface, enter the keyword port-channel followed by a number from 1 to 255. • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet followed by the slot/port information.
www.dell.com | support.dell.com Figure 22-8. Learning via Gratuitous ARP VLAN ID: 1.1.1.1 ARP Request Target IP: 1.1.1.3 Host 1 IP: 1.1.1.2 MAC: AA X Target IP is not the VLAN interface IP. Update existing Host 1 entry. Drop packet. Host 2 IP: 1.1.1.3 MAC: BB Whether ARP Learning via Gratuitous ARP is enabled or disabled, the system does not look up the Target IP. It only updates the ARP entry for the Layer 3 interface with the source IP of the request.
Enabling ICMP unreachable messages By default, ICMP unreachable messages are disabled. When enabled ICMP unreachable messages are created and sent out all interfaces. To disable ICMP unreachable messages, use the no ip unreachable command. To reenable the creation of ICMP unreachable messages on the interface, use the following command in the INTERFACE mode: Command Syntax Command Mode Purpose ip unreachable INTERFACE Set FTOS to create and send ICMP unreachable messages on the interface.
www.dell.com | support.dell.com Enabling UDP Helper Enable UPD helper using the command ip udp-helper udp-ports, as shown in the example below. Figure 22-9. Enabling UDP Helper FTOS(conf-if-te-1/1)#ip udp-helper udp-port 1000 FTOS(conf-if-te-1/1)#show config ! interface TenGigabiEthernet 1/1 ip address 2.1.1.
Figure 22-12. Configuring a Broadcast Address FTOS(conf)#do show interfaces vlan 100 Vlan 100 is up, line protocol is down Address is 00:01:e8:0d:b9:7a, Current address is 00:01:e8:0d:b9:7a Interface index is 1107787876 Internet address is 1.1.0.1/24 IP UDP-Broadcast address is 1.1.255.
www.dell.com | support.dell.com 3. Packet 2 is also forwarded to the ingress interface with an unchanged destination address because it does not have broadcast address configured. Figure 22-13. UDP helper with All Broadcast Addresses VLAN 100 IP address: 1.1.0.1/24 Subnet broadcast address: 1.1.0.255 Configured broadcast address: 1.1.255.255 Hosts on VLAN 100: 1.1.0.2, 1.1.0.3, 1.1.0.4 Packet 1 Destination Address: 255.255.255.255 1/2 1/1 1/3 Ingress interface IP Address: 2.1.1.
In the following illustration, Packet 1 has a destination IP address that matches the configured broadcast address of VLAN 100 and 101. If UDP helper is enabled and the UDP port number matches, the packet is flooded on both VLANs with an unchanged destination address. Packet 2 is sent from a host on VLAN 101. It has broadcast MAC address and a destination IP address that matches the configured broadcast address on VLAN 101.
www.dell.com | support.dell.com Figure 22-17. 472 Debugging IP Helper with UDP Helper Packet 0.0.0.0:68 -> 255.255.255.255:67 TTL 128 2005-11-05 11:59:35 %RELAY-I-PACKET, BOOTP REQUEST (Unicast) received at interface 172.21.50.193 BOOTP Request, XID = 0x9265f901, secs = 0 hwaddr = 00:02:2D:8D:46:DC, giaddr = 0.0.0.0, hops = 2 2005-11-05 11:59:35 %RELAY-I-BOOTREQUEST, Forwarded BOOTREQUEST for 00:02:2D:8D:46:DC to 137.138.17.
23 iSCSI Optimization iSCSI optimization is supported on the S5000 switch. This chapter describes how to configure internet small computer system interface (iSCSI) optimization, which enables quality-of-service (QoS) treatment for iSCSI traffic.
www.dell.com | support.dell.com • 474 • iSCSI QoS — A user-configured iSCSI class of service (CoS) profile is applied to all iSCSI traffic. Classifier rules are used to direct the iSCSI data traffic to queues that can be given preferential QoS treatment over other data passing through the switch. Preferential treatment helps to avoid session interruptions during times of congestion that would otherwise cause iSCSI packets to be dropped. iSCSI DCBx TLVs are supported.
Monitoring iSCSI Traffic Flows The switch snoops iSCSI session-establishment and termination packets by installing classifier rules that trap iSCSI protocol packets to the CPU for examination. Devices that initiate iSCSI sessions usually use well-known TCP ports 3260 or 860 to contact targets. When you enable iSCSI optimization, by default the switch identifies IP packets to or from these ports as iSCSI traffic.
www.dell.com | support.dell.com If no iSCSI traffic is detected for a session during a user-configurable aging period, the session data is cleared. If more than 256 simultaneous sessions are logged continuously, the following message displays indicating the queue rate limit has been reached. %STKUNIT2-M:CP %iSCSI-5-ISCSI_OPT_MAX_SESS_EXCEEDED: New iSCSI Session Ignored: ISID 400001370000 InitiatorName - iqn.1991-05.com.microsoft:dt-brcd-cna-2 TargetName iqn.2001-05.com.
The following message is displayed the first time you use the iscsi profile-compellent command to configure a port connected to a Dell Compellent storage array and describes the configuration changes that are automatically performed: %STKUNIT0-M:CP %IFMGR-5-IFM_ISCSI_AUTO_CONFIG: This switch is being configured for optimal conditions to support iSCSI traffic which will cause some automatic configuration to occur including jumbo frames and flow-control on all ports; no storm control and spanning-tree port fa
www.dell.com | support.dell.com Default iSCSI Optimization Values Table 23-1 shows the default values for the iSCSI optimization feature. Table 23-1. iSCSI Optimization: Default Parameters Parameter Default Value iSCSI optimization global setting Disabled iSCSI CoS mode (802.1p priority queue mapping) Enabled: dot1p priority 4 without remark setting iSCSI CoS Packet classification iSCSI packets are classified by VLAN instead of by DSCP values.
Configuring iSCSI Optimization To configure iSCSI optimization on a switch, follow these steps: Step Task Command Command Mode 1 Globally enable iSCSI optimization on the switch. Default: iSCSI optimization is disabled. [no] iscsi enable 2 Configure the iSCSI target ports and optionally the IP addresses on which iSCSI communication will be monitored, where: • tcp-port-n is the TCP port number or a list of TCP port numbers on which the iSCSI target listens to requests.
www.dell.com | support.dell.com Step Task Command Command Mode 5 (Optional) Configures DCBx to send iSCSI TLV advertisements. You can configure iSCSI TLVs to be sent either globally or on a specified interface. The interface configuration takes priority over global configuration. Default: Enabled. [no] advertise dcbx-app-tlv iscsi CONFIGURATION or INTERFACE 6 (Optional) Configures the priority bitmap to be advertised in iSCSI application TLVs. Default: 4 (0x10 in the bitmap).
Figure 23-3. show iscsi session Command Example FTOS#show iscsi session Session 0: ----------------------------------------------------------------------------------------Target: iqn.2001-05.com.equallogic:0-8a0906-0e70c2002-10a0018426a48c94-iom010 Initiator: iqn.1991-05.com.microsoft:win-x9l8v27yajg ISID: 400001370000 Session 1: ----------------------------------------------------------------------------------------Target: iqn.2001-05.com.
| iSCSI Optimization www.dell.com | support.dell.
24 Intermediate System to Intermediate System Intermediate System to Intermediate System (IS-IS) is supported on the S5000 switch. Intermediate System to Intermediate System (IS-IS) protocol is an interior gateway protocol (IGP) that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS, as it is detailed in this chapter.
www.dell.com | support.dell.com routing information directly with external routers located outside of the routing domains. Level 1-2 systems manage both inter-area and intra-area traffic by maintaining two separate link databases; one for Level 1 routes and one for Level 2 routes. A Level 1-2 router does not advertise Level 2 routes to a Level 1 router. To establish adjacencies, each IS-IS router sends different Protocol Data Units (PDU).
Multi-Topology IS-IS (MT IS-IS) allows you to create multiple IS-IS topologies on a single router with separate databases. This feature is used to place a virtual physical topology into logical routing domains, which can each support different routing and security policies. All routers on a LAN or point-to-point must have at least one common supported topology when operating in Multi-Topology IS-IS mode. If IPv4 is the common supported topology between those two routers, adjacency can be formed.
www.dell.com | support.dell.com Graceful Restart Graceful Restart is supported on the S5000 platform for both Helper and Restart modes. Graceful Restart is a protocol-based mechanism that preserves the forwarding table of the restarting router and its neighbors for a specified period to minimize the loss of packets. A graceful-restart router does not immediately assume that a neighbor is permanently down and so does not trigger a topology change.
Implementation Information IS-IS implementation supports one instance of IS-IS and six areas. The system can be configured as a Level 1 router, a Level 2 router, or a Level 1-2 router. For IPv6, the IPv4 implementation has been expanded to include two new type-length-values (TLV) in the protocol data unit (PDU) that carry information required for IPv6 routing. The new TLVs are IPv6 Reachability and IPv6 Interface Address. Also, a new IPv6 protocol identifier has also been included in the supported TLVs.
www.dell.com | support.dell.com Table 24-1. IS-IS Default Values IS-IS Parameter Default Value IS Type Level 1 and Level 2 Equal Cost Multi Paths 16 Configuration Information To use IS-IS, you must configure and enable IS-IS in two or three modes: CONFIGURATION ROUTER ISIS, CONFIGURATION INTERFACE, and (when configuring for IPv6) ADDRESS-FAMILY mode.
Enabling IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS routing process and assign a NET address. To exchange protocol information with neighbors, enable IS-IS on an interface, instead of on a network as with other routing protocols. In IS-IS, neighbors form adjacencies only when they are same IS type. For example, a Level 1 router never forms an adjacency with a Level 2 router.
www.dell.com | support.dell.com Step Task Command Syntax Command Mode 5 Enter an IPv6 Address. ipv6 address : x:x:x:x::x mask : prefix length 0-128 The IPv6 address must be on the same subnet as other IS-IS neighbors, but the IP address does not need to relate to the NET address. ipv6 address ipv6-address mask INTERFACE 6 Enable IS-IS on the IPv4 interface. If you configure a tag variable, it must be the same as the tag variable assigned in step 1.
Figure 24-3.
www.dell.com | support.dell.com Configuring Multi-Topology IS-IS (MT IS-IS) Step 1 Task Command Syntax Command Mode Enable Multi-Topology IS-IS for IPv6. Enter the transition keyword to allow an IS-IS IPv6 user to continue to use single-topology mode while upgrading to multi-topology mode.After every router has been configured with the transition keyword, and all the routers are in MT IS-IS IPv6 mode users can remove the transition keyword on each router.
Command Syntax Command Mode Purpose graceful-restart restart-wait seconds ROUTER-ISIS Enable the Graceful Restart maximum wait time before a restarting peer comes up. Be sure to set the t3 timer to adjacency on the restarting router when implementing this command.
www.dell.com | support.dell.com Use the show isis graceful-restart detail command in EXEC Privilege mode to view all Graceful Restart related configuration. Figure 24-4.
Figure 24-5. Command Example: show isis interface FTOS#show isis interface G1/34 TenGigabiEthernet 2/10 is up, line protocol is up MTU 1497, Encapsulation SAP Routing Protocol: IS-IS Circuit Type: Level-1-2 Interface Index 0x62cc03a, Local circuit ID 1 Level-1 Metric: 10, Priority: 64, Circuit ID: 0000.0000.000B.01 Hello Interval: 10, Hello Multiplier: 3, CSNP Interval: 10 Number of active level-1 adjacencies: 1 Level-2 Metric: 10, Priority: 64, Circuit ID: 0000.0000.000B.
www.dell.com | support.dell.com Figure 24-6. Command Example: show running-config isis FTOS#show running-config isis ! router isis lsp-refresh-interval 902 net 47.0005.0001.000C.000A.4321.00 net 51.0005.0001.000C.000A.4321.00 FTOS# Configuring IS-IS metric style and cost All IS-IS links or interfaces are associated with a cost that is used in the SPF calculations. The possible cost varies depending on the metric style supported.
Figure 24-7. Command Example: show isis protocol FTOS#show isis protocol IS-IS Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223.2425.2627.2829.3031.3233 47.0004.004d.
www.dell.com | support.dell.com Table 24-3. Correct Value Range for the isis metric command Metric Style Correct Value Range narrow transition 0 to 63 transition 0 to 63 Configuring the distance of a route Configure the distance for a route using the distance command from ROUTER ISIS mode.
Figure 24-8. Command Example: show isis database FTOS#show isis database IS-IS Level-1 Link State Database LSPID LSP Seq Num B233.00-00 0x00000003 eljefe.00-00 * 0x00000009 eljefe.01-00 * 0x00000001 eljefe.02-00 * 0x00000001 Dell.00-00 0x00000002 IS-IS Level-2 Link State Database LSPID LSP Seq Num B233.00-00 0x00000006 eljefe.00-00 * 0x0000000D eljefe.01-00 * 0x00000001 eljefe.02-00 * 0x00000001 Dell.
www.dell.com | support.dell.com Use the following commands in ROUTER ISIS mode to apply prefix lists to incoming or outgoing IPv4 routes. Note: These commands apply to IPv4 IS-IS only. Use the ADDRESS-FAMILY IPV6 mode shown later to apply prefix lists to IPv6 routes Command Syntax Command Mode Purpose distribute-list prefix-list-name in [interface] ROUTER ISIS Apply a configured prefix list to all incoming IPv4 IS-IS routes.
Command Syntax Command Mode Purpose distribute-list prefix-list-name in [interface] ROUTER ISIS-AF IPV6 Apply a configured prefix list to all incoming IPv6 IS-IS routes. Enter the type of interface and slot/port information: • For the Loopback interface, enter the keyword loopback followed by a number from 0 to 16383. • For a port channel, enter the keyword port-channel followed by a number from 1 to 255.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose redistribute {bgp as-number | connected | rip | static} [level-1 level-1-2 | level-2] [metric metric-value] [metric-type {external | internal}] [route-map map-name] ROUTER ISIS Include BGP, directly connected, RIP, or user-configured (static) routes in IS-IS. Configure the following parameters: • level-1, level-1-2, or level-2: Assign all redistributed routes to a level. Default is level-2. • metric range: 0 to 16777215. Default is 0.
Command Syntax Command Mode Purpose redistribute ospf process-id [level-1| level-1-2 | level-2] [metric value] [match external {1 | 2} | match internal] [metric-type {external | internal}] [route-map map-name] ROUTER ISIS Include specific OSPF routes in IS-IS. Configure the following parameters: • process-id range: 1 to 65535 • level-1, level-1-2, or level-2: Assign all redistributed routes to a level. Default is level-2. • metric range: 0 to 16777215. Default is 0.
www.dell.com | support.dell.com Setting the overload bit Another use for the overload bit is to prevent other routers from using this router as an intermediate hop in their shortest path first (SPF) calculations. For example, if the IS-IS routing database is out of memory and cannot accept new LSPs, FTOS sets the overload bit and IS-IS traffic continues to transit the system. Use this command the following command in ROUTER ISIS mode to set the overload bit manually.
Command Syntax Command Mode Purpose debug isis adj-packets [interface] EXEC Privilege View information on all adjacency-related activity (for example, hello packets that are sent and received). To view specific information, enter one of the following optional parameters: • interface: Enter the type of interface and slot/port information to view IS-IS information on that interface only. debug isis local-updates [interface] EXEC Privilege View information about IS-IS local update packets.
www.dell.com | support.dell.
In the following scenarios, the IS-type is either Level-1 or Level-2 or Level-1-2 and the metric style changes. Table 24-5. Metric Value when Metric Style Changes Beginning metric style Final metric style Resulting IS-IS metric value wide narrow default value (10) if the original value is greater than 63. A message is sent to the console. wide transition truncated value1 (the truncated value appears in the LSP only.
www.dell.com | support.dell.com 1 a truncated value is a value that is higher than 63, but set back to 63 because the higher value is not supported. Moving to transition and then to another metric style produces different results (Table 24-6). Table 24-6.
Table 24-7. Metric Value with Different Levels Configured with Different Metric Styles (continued) Level-1 metric style Level-2 metric style Resulting isis metric value wide transition narrow transition truncated value wide transition transition truncated value Sample Configuration The following configurations are examples for enabling IPv6 IS-IS. These are not comprehensive directions. They are intended to give you a some guidance with typical configurations.
www.dell.com | support.dell.com Figure 24-10. IS-IS Sample Configuration - Congruent Topology FTOS(conf-if-te-3/17)#show config ! interface TenGigabitEthernet 3/17 ip address 24.3.1.1/24 ipv6 address 24:3::1/76 ip router isis ipv6 router isis no shutdown FTOS (conf-if-te-3/17)# FTOS (conf-router_isis)#show config ! router isis metric-style wide level-1 metric-style wide level-2 net 34.0000.0000.AAAA.00 FTOS (conf-router_isis)# Figure 24-11.
Figure 24-13.
www.dell.com | support.dell.
25 IPv6 Routing IPv6 Routing is supported on the S5000 switch. IPv6 (Internet Protocol Version 6) is the successor to IPv4. Due to the extremely rapid growth in internet users and IP addresses, IPv4 is reaching its maximum usage. IPv6 will eventually replace IPv4 usage to allow for the constant expansion. This chapter provides a brief discussion of the differences between IPv4 and IPv6, and the Dell Networking support of IPv6.
www.dell.com | support.dell.com Protocol Overview IPv6 is an evolution of IPv4. IPv6 is generally installed as an upgrade in devices and operating systems. Most new devices and operating systems support both IPv4 and IPv6. Some key changes in IPv6 are: • • • • Extended Address Space Stateless Autoconfiguration Header Format Simplification Improved Support for Options and Extensions Extended Address Space The address format is extended from 32 bits to 128 bits.
IPv6 Headers The IPv6 header has a fixed length of 40 bytes. This provides 16 bytes each for Source and Destination information and 8 bytes for general header information. The IPv6 header includes the following fields: • • • • • • • • Version (4 bits) Traffic Class (8 bits) Flow Label (20 bits) Payload Length (16 bits) Next Header (8 bits) Hop Limit (8 bits) Source Address (128 bits) Destination Address (128 bits) IPv6 provides for Extension Headers. Extension Headers are used only if necessary.
www.dell.com | support.dell.com Traffic Class (8 bits) The Traffic Class field deals with any data that needs special handling. These bits define the packet priority and are defined by the packet Source. Sending and forwarding routers use this field to identify different IPv6 classes and priorities. Routers understand the priority settings and handle them appropriately during conditions of congestion.
Note: This is not a comprehensive table of Next Header field values. Refer to the Internet Assigned Numbers Authority (IANA) web page at http://www.iana.org/assignments/ protocol-numbers for a complete and current listing. Hop Limit (8 bits) The Hop Limit field shows the number of hops remaining for packet processing. In IPv4, this is known as the Time to Live (TTL) field and uses seconds rather than hops. Each time the packet moves through a forwarding router, this field decrements by 1.
www.dell.com | support.dell.com When a Hop-by-Hop Options header is present, the router only needs this extension header and does not need to take the time to view further into the packet. The Hop-by-Hop Options header contains: • Next Header (1 byte) This field identifies the type of header following the Hop-by-Hop Options header and uses the same values shown in Table 25-1.
• • • • 2001:0db8:0:0:0:0:1428:57ab 2001:0db8:0:0::1428:57ab 2001:0db8::1428:57ab 2001:db8::1428:57ab IPv6 networks are written using Classless Inter-Domain Routing (CIDR) notation. An IPv6 network (or subnet) is a contiguous group of IPv6 addresses the size of which must be a power of two; the initial bits of addresses, which are identical for all hosts in the network, are called the network's prefix.
www.dell.com | support.dell.com ICMPv6 ICMPv6 combines the roles of ICMP, IGMP and ARP in IPv4. Like IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting. The FTOS implementation of ICMPv6 is based on RFC 2463. Generally, ICMPv6 uses two message types: • • Error reporting messages indicate when the forwarding or delivery of the packet failed at the destination or intermediate node.
Figure 25-2. MTU Discovery Path Destination Source Router B Router A MTU = 1600 MTU = 1400 MTU = 1200 Packet (MTU = 1600) ICMPv6 (Type 2) Use MTU = 1400 Packet (MTU = 1400) ICMPv6 (Type 2) Use MTU = 1200 Packet (MTU = 1200) Packet Received IPv6 Neighbor Discovery IPv6 NDP is supported on the S5000 platform. Neighbor Discovery Protocol (NDP) is a top-level protocol for neighbor discovery on an IPv6 network.
www.dell.com | support.dell.com Figure 25-3. NDP Router Redirect Router C Network 2001:db8::1428:57ab Send a Packet to Network 2001:db8::1428:57ab Router A Local Link Router B Packet Destination (2001:db8::1428:57ab) ICMPv6 Redirect (Data: Use Router C) Packet Destination (Destination 2001:db8::1428:57ab) IPv6 Neighbor Discovery of MTU packets You can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface.
Configuration Task List for IPv6 This section contains information regarding the following: • • • • • • • • • • Adjusting your CAM-Profile Assigning an IPv6 Address to an Interface Assigning a Static IPv6 Route Telneting with IPv6 SNMP over IPv6 Showing IPv6 Information Showing an IPv6 Interface Showing IPv6 Routes Showing the Running-Configuration for an Interface Clearing IPv6 Routes Adjusting your CAM-Profile The cam-acl command is supported on the S5000 platform.
www.dell.com | support.dell.com Save the new CAM settings to the startup-config (write-mem or copy run start) then reload the system for the new settings to take effect. Command Syntax Command Mode Purpose cam-acl { ipv6acl } CONFIGURATION Allocate space for IPV6 ACLs. Enter the CAM profile name followed by the amount to be allotted. When not selecting the default option, you must enter all of the profiles listed and a range for each. The total space allocated must equal 13.
Assigning a Static IPv6 Route IPv6 Static Routes are supported on the S5000 platform. Use the ipv6 route command to configure IPv6 static routes. Note: After you configure a static IPv6 route (ipv6 route command) and configure the forwarding router’s address (specified in the ipv6 route command) on a neighbor’s interface, the IPv6 neighbor is not displayed in the show ipv6 route command output.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose telnet ipv6 address EXEC or EXEC Privileged Enter the IPv6 Address for the device. ipv6 address : x:x:x:x::x mask : prefix length 0-128 IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing earlier in this chapter. SNMP over IPv6 SNMP is supported on the S5000 platform.
Command Syntax Command Mode Purpose FTOS#show ipv6 ? accounting IPv6 accounting information cam IPv6 CAM Entries fib IPv6 FIB Entries interface IPv6 interface information mbgproutes MBGP routing table mld MLD information mroute IPv6 multicast-routing table neighbors IPv6 neighbor information ospf OSPF information pim PIM V6 information prefix-list List IPv6 prefix lists route IPv6 routing information rpf RPF table FTOS# Showing an IPv6 Interface View the IPv6 configuration for a specific interface with
www.dell.com | support.dell.com Figure 25-4.
Figure 25-5 illustrates the show ipv6 route command output. Figure 25-5.
www.dell.com | support.dell.com Showing the Running-Configuration for an Interface View the configuration for any interface with the following command.
26 Link Aggregation Control Protocol (LACP) Link Aggregation Control Protocol (LACP) is supported on the S5000 switch. The major sections in the chapter are: • • • Introduction to Dynamic LAGs and LACP LACP Configuration Tasks Shared LAG State Tracking Introduction to Dynamic LAGs and LACP A Link Aggregation Group (LAG), referred to as a port channel by FTOS, can provide both load-sharing and port redundancy across stack units. LAGs can be enabled as static or dynamic.
www.dell.com | support.dell.com • • • • No dual membership in static and dynamic LAGs: • If a physical interface is a part of a static LAG, then the command port-channel-protocol lacp will be rejected on that interface. • If a physical interface is a part of a dynamic LAG, it cannot be added as a member of a static LAG. The command channel-member gigabitethernet x/y will be rejected in the static LAG interface for that physical interface. A dynamic LAG can be created with any type of configuration.
LACP Configuration Commands If aggregated ports are configured with compatible LACP modes (Off, Active, Passive), LACP can automatically link them, as defined in IEEE 802.3, Section 43. The following commands configure LACP: Command Syntax Command Mode Purpose [no] lacp system-priority priority-value CONFIGURATION Configure the system priority.
www.dell.com | support.dell.com Figure 26-2. Placing a LAG into a Non-default VLAN FTOS(conf)#interface vlan 10 FTOS(conf-if-vl-10)#tagged port-channel 32 Configuring the LAG interface as dynamic After creating a LAG, configure the dynamic LAG interfaces. The following example shows ports 3/15, 3/ 16, 4/15, and 4/16 added to LAG 32 in LACP mode with the command port-channel-protocol lacp. Figure 26-3.
To configure the LACP long timeout as shown in the example below: Step 1 Task Command Syntax Command Mode Set the LACP timeout value to 30 seconds. lacp long-timeout CONFIG-INT-PO Figure 26-4. Invoking the LACP Long Timeout FTOS(conf)# interface port-channel 32 FTOS(conf-if-po-32)#no shutdown FTOS(conf-if-po-32)#switchport FTOS(conf-if-po-32)#lacp long-timeout FTOS(conf-if-po-32)#end FTOS# show lacp 32 Port-channel 32 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e800.
www.dell.com | support.dell.com In the following illustration, line-rate traffic from R1 destined for R4 follows the lowest-cost route via R2, as shown. Traffic is equally distributed between LAGs 1 and 2. If LAG 1 fails, all traffic from R1 to R4 flows across LAG 2 only. This condition over-subscribes the link, and packets are dropped. Figure 26-5.
View the failover group configuration using the show running-configuration po-failover-group command, as shown in the example below. Figure 26-7. Viewing Shared LAG State Tracking in the Running-configuration R2#show running-config po-failover-group ! port-channel failover-group group 1 port-channel 1 port-channel 2 In the following illustration, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down upon the failure.
www.dell.com | support.dell.com 538 Note: The set of console messages shown in Message 1 appear only if Shared LAG State Tracking is configured on that router (the feature can be configured on one or both sides of a link). For example, in previous illustration, if Shared LAG State Tracking is configured on R2 only, then no messages appear on R4 regarding the state of LAGs in a failover group.
27 Layer 2 Layer 2 features are supported on the S5000 switch.
www.dell.com | support.dell.com Setting the Aging Time for Dynamic Entries Learned MAC addresses are entered in the table as dynamic entries, which means that they are subject to aging. For any dynamic entry, if no packet arrives on the switch with the MAC address as the source or destination address within the timer period, the address is removed from the table. The default aging time is 1800 seconds. Task Command Syntax Command Mode Disable MAC address aging for all dynamic entries.
• • • • Learning Limit Violation Actions Station Move Violation Actions Recovering from Learning Limit and Station Move Violations Important Points about Configuring Redundant Pairs MAC Address Learning Limit is a method of port security on Layer 2 port-channel and physical interfaces, and VLANs. It enables you to set an upper limit on the number of MAC addresses that learned on an interface/VLAN. After the limit is reached, the system drops all traffic from a device with an unlearned MAC address.
www.dell.com | support.dell.com If mac-learning-limit is configured and sticky MAC is enabled, all dynamically-learned addresses are converted to sticky MAC addresses for the selected port. Any new MAC addresses learned on this port will be converted to sticky MAC addresses. To save all sticky MAC addresses into a configuration file that can be used as a startup configuration file, use the write config command.
is the default behavior. You can configure the system to take an action if a station move occurs using one the following options with the mac learning-limit command:. no-station-move Task Command Syntax Command Mode Generate a system log message indicating a station move. station-move-violation log INTERFACE Shut down the first port to learn the MAC address. station-move-violation shutdown-original INTERFACE Shut down the second port to learn the MAC address.
www.dell.com | support.dell.com NIC Teaming NIC Teaming is available on the S5000 switch. NIC teaming is a feature that allows multiple network interface cards in a server to be represented by one MAC address and one IP address in order to provide transparent redundancy, balancing, and to fully utilize network adapter resources. The following illustration shows a topology where two NICs have been teamed together.
Figure 27-2. Configuring mac-address-table station-move refresh-arp Command X MAC: A:B:C:D:E:F D D:E:F IP: 1.1.1.1 Port 0/1 Move MAC address k Active Lin Port 0/5 fnC0026mp mac-address-table station-move refresh-arp configured at time of NIC teaming Configuring Redundant Pairs Configuring Redundant Pairs is supported on the S5000 switch.
www.dell.com | support.dell.com Figure 27-3. Configuring Redundant Layer 2 Pairs without Spanning Tree You configure a redundant pair by assigning a backup interface to a primary interface with the switchport Initially, the primary interface is active and transmits traffic and the backup interface remains down. If the primary fails for any reason, the backup transitions to an active UP state. If the primary interface fails and later comes back up, it remains as the backup interface for the redundant pair.
Important Points about Configuring Redundant Pairs • • • • You may not configure any interface to be a backup for more than one interface, no interface can have more than one backup, and a backup interface may not have a backup interface. Neither the active nor the backup interface may be a member of a LAG. The active and standby do not have to be of the same type (1G, 10G, etc). You may not enable any Layer 2 protocol on any interface of a redundant pair or to ports connected to them.
www.dell.com | support.dell.com Figure 27-5.
28 Link Layer Discovery Protocol (LLDP) Link Layer Discovery Protocol (LLDP) is supported only on the S5000 switch. This chapter contains the following sections: • • • • • • • • • • • • 802.
www.dell.com | support.dell.com Figure 28-1. Type, Length, Value (TLV) Segment TLVs are encapsulated in a frame called an LLDP Data Unit (LLDPDU) (Figure 28-2), which is transmitted from one LLDP-enabled device to its LLDP-enabled neighbors. LLDP is a one-way protocol. LLDP-enabled devices (LLDP agents) can transmit and/or receive advertisements, but they cannot solicit and do not respond to advertisements. There are five types of TLVs.
Figure 28-2. LLDPDU Frame Optional TLVs FTOS supports the following optional TLVs: • • • Management TLVs IEEE 802.1 and 802.3 Organizationally Specific TLVs TIA-1057 Organizationally Specific TLVs Management TLVs A Management TLV is an Optional TLVs sub-type. This kind of TLV contains essential management information about the sender. The five types are described in Table 28-2. Organizationally Specific TLVs Organizationally specific TLVs can be defined by a professional organization or a vendor.
www.dell.com | support.dell.com IEEE Organizationally Specific TLVs Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups (Table 28-2) as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Networking system to advertise any or all of these TLVs. Table 28-2. Optional TLV Types Type TLV Description Optional TLVs 4 Port description A user-defined alphanumeric string that describes the port. FTOS does not currently support this TLV.
TIA-1057 (LLDP-MED) Overview Link Layer Discovery Protocol—Media Endpoint Discovery (LLDP-MED) as defined by ANSI/ TIA-1057— provides additional organizationally specific TLVs so that endpoint devices and network connectivity devices can advertise their characteristics and configuration information; the OUI for the Telecommunications Industry Association (TIA) is 00-12-BB.
www.dell.com | support.dell.com Table 28-3.
Figure 28-4. LLDP-MED Capabilities TLV Table 28-4. FTOS LLDP-MED Capabilities Bit Position TLV FTOS Support 0 LLDP-MED Capabilities Yes 1 Network Policy Yes 2 Location Identification Yes 3 Extended Power via MDI-PSE Yes 4 Extended Power via MDI-PD No 5 Inventory No 6-15 reserved No Table 28-5.
www.dell.com | support.dell.com The application type is a represented by an integer (the Type integer in Table 28-6), which indicates a device function for which a unique network policy is defined. An individual LLDP-MED Network Policy TLV is generated for each application type that you specify with the FTOS CLI (Advertising TLVs on page 559).
Extended Power via MDI TLV The Extended Power via MDI TLV enables advanced PoE management between LLDP-MED endpoints and network connectivity devices. Advertise the Extended Power via MDI on all ports that are connected to an 802.3af powered, LLDP-MED endpoint device. • • • • Power Type: there are two possible power types: Power Sourcing Entity (PSE) or Power Device (PD). The Dell Networking system is a PSE, which corresponds to a value of 0, based on the TIA-1057 specification.
www.dell.com | support.dell.com Important Points to Remember • • • • • LLDP is disabled by default. Dell Networking systems support up to 8 neighbors per interface. Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by 8 exceeds the maximum, the system will not configure more than 8000. INTERFACE level configurations override all CONFIGURATION level configurations. LLDP is not hitless.
Enabling LLDP LLDP is enabled by default. LLDP can be enabled and disabled globally or per interface. If LLDP is enabled globally, all up interfaces send periodic LLDPDUs. To enable LLDP: Step Task Command Command Mode 1 Enter Protocol LLDP mode. protocol lldp CONFIGURATION or INTERFACE 2 Enable LLDP. no disable PROTOCOL LLDP Disabling and Undoing LLDP • • Disable LLDP globally or for an interface using the command disable.
www.dell.com | support.dell.com Step 2 Task Command Command Mode Advertise one or more TLVs. Include the keyword for each TLV you want to advertise. • For management TLVs: advertise {management-tlv | dot1-tlv | dot3-tlv | med} PROTOCOL LLDP system-capabilities, system-description For 802.1 TLVs: port-protocol-vlan-id, port-vlan-id, vlan-name • • For 802.
Viewing the LLDP Configuration Display the LLDP configuration using the command show config in either the CONFIGURATION or INTERFACE mode, as shown in Figure 28-9 and Figure 28-10, respectively. Figure 28-9. Viewing LLDP Global Configurations R1(conf)#protocol lldp R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description hello 10 no disable R1(conf-lldp)# Figure 28-10.
www.dell.com | support.dell.com Figure 28-12.
Configuring LLDPDU Intervals LLDPDUs are transmitted periodically; the default interval is 30 seconds. You can configure a non-default transmit interval—at CONFIGURATION level or INTERFACE level—using the hello command (Figure 28-13). Figure 28-13.
www.dell.com | support.dell.com 564 Configuring Transmit and Receive Mode Once LLDP is enabled, Dell Networking systems transmit and receive LLDPDUs by default. You can configure the system—at CONFIGURATION level or INTERFACE level—to transmit only by executing the command mode tx, or receive only by executing the command mode rx. Return to the default with the no mode command (Figure 28-14). Figure 28-14.
Configuring a Time to Live The information received from a neighbor expires after a specific amount of time (measured in seconds) called a Time to Live (TTL). The TTL is the product of the LLDPDU transmit interval (hello) and an integer called a multiplier. The default multiplier is 4, which results in a default TTL of 120 seconds. Adjust the TTL value—at CONFIGURATION level or INTERFACE level—using the multiplier command.
www.dell.com | support.dell.com Debugging LLDP The command debug lldp enables you to view the TLVs that your system is sending and receiving. • • Use the debug lldp brief command to view a readable version of the TLVs. Use the debug lldp detail command to view a readable version of the TLVs plus a hexadecimal version of the entire LLDPDU. Figure 28-16.
Table 28-7.
www.dell.com | support.dell.com Table 28-8.
Table 28-9. LLDP 802.1 Organizationally Specific TLV MIB Objects TLV Type TLV Name TLV Variable 127 Port and Protocol VLAN ID port and protocol VLAN supported Local port and protocol VLAN enabled PPVID 127 VLAN Name VID VLAN name length VLAN name Table 28-10.
www.dell.com | support.dell.com Table 28-10.
Table 28-10.
www.dell.com | support.dell.
29 Multicast Source Discovery Protocol (MSDP) Multicast Source Discovery Protocol (MSDP) is supported on the S5000 switch.
Figure 29-1. Multicast Source Discovery Protocol + + P 3 MPC IG Receiver OS PF + PI M PC 2 Source MP IG 4/1 AS Y Area 0 R4 4/31 + PI M AS X Area 0 2/1 OS PF www.dell.com | support.dell.com 3. When an MSDP peer receives an SA message, it determines if there are any group members within the domain interested in any of the advertised sources. If there are, the receiving RP sends a join message to the originating RP, creating an SPT to the source.
Anycast RP allows two or more RPs to be configured with the same IP address on loopback interfaces. The Anycast RP loopback address are configured with a 32-bit mask, making it a host address. All downstream routers are configured to know that the Anycast RP loopback address is the IP address of their local RP. IP routing automatically selects the closest RP for each source and receiver. Assuming that the sources are evenly spaced around the network, an equal number of sources register with each RP.
www.dell.com | support.dell.
interface TenGigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown ! interface TenGigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface TenGigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown PC 1 : 10.11.3.2/24 interface TenGigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.1/24 PC 2 : 10.11.4.2/24 PC 3 : 10.11.5.
Multicast Source Discovery Protocol (MSDP) R1 1/2 PC 1 1/1 1/21 R2 2/11 2/1 PC 2 2/31 R3 3/21 OS PF 3/41 router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.3/32 area 0 redistribute static redistribute connected redistribute bgp 200 R3_E600(conf)#do show run bgp ! router bgp 200 redistribute ospf 1 neighbor 192.168.0.2 remote-as 100 neighbor 192.168.0.2 ebgp-multihop 255 neighbor 192.168.0.2 update-source Loopback 0 neighbor 192.168.0.
M PI P GM +I R1 1/2 RP1 PC 2 Receiver: 239.0.0.1 1/1 1/21 ip multicast routing ! ip pim rp-address 192.168.0.1 group-address 224.0.0.0/4 AS 100 R2 2/31 R3 3/41 4/31 R4 AS 200 ip multicast-routing ! ip pim rp-address 192.168.0.3 group-address 224.0.0.0/4 ip multicast-routing ! ip pim rp-address 192.168.0.3 group-address 224.0.0.0/4 4/1 P GM + I PC 3 Receiver: 239.0.0.1 RP2 3/21 M PI ip multicast-routing ! ip pim rp-address 192.168.0.1 group-address 224.0.0.
Multicast Source Discovery Protocol (MSDP) R1_E600(conf)#do show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr LearnedFrom Expire UpTime 239.0.0.1 10.11.4.2 192.168.0.1 local 95 16:49:25 (10.11.4.2, 239.0.0.1), uptime 1d16h, expires 00:03:12, flags: CTA Incoming interface: GigabitEthernet 1/21, RPF neighbor 10.11.1.21 Outgoing interface list: GigabitEthernet 1/1 Forward/Sparse 22:26:37/Never (*, 239.0.0.1), uptime 22:26:37, expires 00:00:00, RP 192.168.0.
Enabling MSDP Enable MSDP by peering RPs in different administrative domains. Step Task Command Syntax Command Mode 1 Enable MSDP. ip multicast-msdp CONFIGURATION 2 PeerPIM systems in different administrative domains. ip msdp peer connect-source CONFIGURATION Figure 29-7. Configuring an MSDP Peer FTOS(conf)#ip multicast-msdp FTOS(conf)#ip msdp peer 192.168.0.
www.dell.com | support.dell.com • only sources that are in the cache are advertised in the SA to prevent transmitting multiple copies of the same source information. Viewing the Source-active Cache Task Command Syntax Command Mode View the SA cache. show ip msdp sa-cache EXEC Privilege Figure 29-9. Displaying the MSDP Source-active Cache FTOS#show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr 239.0.0.1 10.11.4.2 192.168.0.1 LearnedFrom 192.168.0.
• or because of an SA message format error. Task Command Syntax Command Mode Cache rejected sources. ip msdp cache-rejected-sa CONFIGURATION Accepting Source-active Messages that fail the RFP Check A default peer is a peer from which active sources are accepted even though they fail the RFP check. • • • • In Scenario 1 of Figure 29-10, all MSPD peers are up. In Scenario 2, the peership between RP1 and RP2 is down, but the link (and routing protocols) between them is still up.
MSDP Default Peer Scenario 1 Scenario 2 RP5 RP4 RP5 RP4 (S5, G5) (S4, G4) (S3, G3) (S2, G2) (S5, G5) MSDP Peership MSDP Peership (S4, G4) (S2, G2) RP3 RP2 (S3, G3) RP2 Pe er RP3 sh ip il Fa www.dell.com | support.dell.com Figure 29-10.
Task Command Syntax Command Mode Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check. If you do not specify an access list, the peer accepts all sources advertised by that peer. All sources from RPs denied by the ACL are subjected to the normal RPF check. ip msdp default-peer ip-address list CONFIGURATION Figure 29-11. Accepting Source-active Messages with FTOS(conf)#ip msdp peer 10.0.50.
www.dell.com | support.dell.com Preventing MSDP from Caching a Local Source You can prevent MSDP from caching an active source based on source and/or group. Since the source is not cached, it is not advertised to remote RPs. Task Command Syntax Command Mode OPTIONAL: Cache sources that are denied by the redistribute list in the rejected SA cache. ip msdp cache-rejected-sa CONFIGURATION Prevent the system from caching local SA entries based on source and group using an extended ACL.
Figure 29-13. Preventing MSDP from Advertising a Local Source [Router 3] FTOS(conf)#do show run msdp ! ip multicast-msdp ip msdp peer 192.168.0.1 connect-source Loopback 0 ip msdp sa-filter in 192.168.0.1 list myremotefilter FTOS(conf)#do show run acl ! ip access-list extended myremotefilter seq 5 deny ip host 239.0.0.1 host 10.11.4.2 FTOS(conf)#do show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr LearnedFrom 239.0.0.1 10.11.4.2 192.168.0.1 192.168.0.
www.dell.com | support.dell.com Figure 29-14. Preventing MSDP from Advertising a Local Source [Router 1] R1_E600(conf)#do show run msdp ! ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 0 ip msdp sa-filter out 192.168.0.3 list mylocalfilter R1_E600(conf)#do show run acl ! ip access-list extended mylocalfilter seq 5 deny ip host 239.0.0.1 host 10.11.4.
Logging Changes in Peership States Task Command Syntax Command Mode Log peership state changes. ip msdp log-adjacency-changes CONFIGURATION Terminating a Peership MSDP uses TCP as its transport protocol. In a peering relationship, the peer with the lower IP address initiates the TCP session, while the peer with the higher IP address listens on port 639. Task Command Syntax Command Mode Terminate the TCP connection with a peer.
www.dell.com | support.dell.com Clearing Peer Statistics Task Command Syntax Command Mode Reset the TCP connection to the peer and clear all peer statistics. clear ip msdp peer peer-address CONFIGURATION Figure 29-16. Clearing Peer Statistics FTOS(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 192.168.0.
MSDP with Anycast RP Anycast RP use MSDP with PIM-SM to allow more than one active group to RP mapping. PIM-SM allows only active group to RP mapping, which has several implications: • • • traffic concentration: PIM-SM allows only one active group to RP mapping which means that all traffic for the group must, at least initially, travel over the same part of the network.
www.dell.com | support.dell.com To configure Anycast RP: Step Task Command Syntax Command Mode 1 In each routing domain that will have multiple RPs serving a group, create a loopback interface on each RP serving the group with the same IP address. interface loopback CONFIGURATION 2 Make this address the RP for the group.
Figure 29-19. R1 Configuration for MSDP with Anycast RP ip multicast-routing ! interface TenGigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown ! interface TenGigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface TenGigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! interface Loopback 1 ip address 192.168.0.11/32 no shutdown ! router ospf 1 network 10.11.2.
www.dell.com | support.dell.com Figure 29-20. 594 R2 Configuration for MSDP with Anycast RP ip multicast-routing ! interface TenGigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.1/24 no shutdown ! interface TenGigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.1.21/24 no shutdown ! interface TenGigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.0.23/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! interface Loopback 1 ip address 192.
Figure 29-21. R3 Configuration for MSDP with Anycast RP ip multicast-routing ! interface TenGigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown interface TenGigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown ! router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.
www.dell.com | support.dell.com Figure 29-22. 596 MSDP Sample Configuration: R1 Running-config ip multicast-routing ! interface TenGigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown ! interface TenGigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface TenGigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! router ospf 1 network 10.11.2.0/24 area 0 network 10.11.
Figure 29-23. MSDP Sample Configuration: R2 Running-config ip multicast-routing ! interface TenGigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.1/24 no shutdown ! interface TenGigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.1.21/24 no shutdown ! interface TenGigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.0.23/24 no shutdown ! interface Loopback 0 ip address 192.168.0.2/32 no shutdown ! router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.
www.dell.com | support.dell.com Figure 29-24. 598 MSDP Sample Configuration: R3 Running-config ip multicast-routing ! interface TenGigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown ! interface TenGigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown ! interface ManagementEthernet 0/0 ip address 10.11.80.3/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown ! router ospf 1 network 10.11.6.0/24 area 0 network 192.
Figure 29-25. MSDP Sample Configuration: R4 Running-config ip multicast-routing ! interface TenGigabitEthernet 4/1 ip pim sparse-mode ip address 10.11.5.1/24 no shutdown ! interface TenGigabitEthernet 4/22 ip address 10.10.42.1/24 no shutdown ! interface TenGigabitEthernet 4/31 ip pim sparse-mode ip address 10.11.6.43/24 no shutdown ! interface Loopback 0 ip address 192.168.0.4/32 no shutdown ! router ospf 1 network 10.11.5.0/24 area 0 network 10.11.6.0/24 area 0 network 192.168.0.
www.dell.com | support.dell.
30 Multiple Spanning Tree Protocol (MSTP) Multiple Spanning Tree Protocol (MSTP) is supported on the S5000 switch.
www.dell.com | support.dell.com Figure 30-1. MSTP with Three VLANs Mapped to Two Spanning Tree Instances MSTI 1: VLAN 100 MSTI 2: VLAN 200, VLAN 300 R1 1/21 MSTI 1 root R2 2/11 1/31 Blocking Forwarding 2/31 3/11 3/21 MSTI 2 root R3 FTOS supports three other variations of Spanning Tree, as shown in Table 44. Table 30-1. FTOS Supported Spanning Tree Protocols Dell Networking Term IEEE Specification Spanning Tree Protocol 802.1d Rapid Spanning Tree Protocol 802.
4. Create Multiple Spanning Tree Instances, and map VLANs to them. See page 604.
www.dell.com | support.dell.com Adding and Removing Interfaces • • To add an interface to the MSTP topology, configure it for Layer 2 and add it to a VLAN. If you previously disabled MSTP on the interface using the command no spanning-tree 0, re-enable it using the command spanning-tree 0. Remove an interface from the MSTP topology using the command no spanning-tree 0 command. See also Removing an Interface from the Spanning Tree Group on page 899 for BPDU Filtering behavior.
Figure 30-4. Viewing MSTP Port States FTOS#show spanning-tree msti 1 MSTI 1 VLANs mapped 100 Root Identifier has priority 32768, Address 0001.e806.953e Root Bridge hello time 2, max age 20, forward delay 15, max hops 19 Bridge Identifier has priority 32768, Address 0001.e80d.b6d6 Configured hello time 2, max age 20, forward delay 15, max hops 20 Current root has priority 32768, Address 0001.e806.
www.dell.com | support.dell.com Figure 30-5. Changing the Bridge Priority R3(conf-mstp)#msti 2 bridge-priority 0 1d2h51m: %STKUNIT0-M:CP %SPANMGR-5-STP_ROOT_CHANGE: MSTP root changed for instance 2. My Bridge ID: 0:0001.e809.c24a Old Root: 32768:0001.e806.953e New Root: 0:0001.e809.c24a R3(conf-mstp)#show config ! protocol spanning-tree mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 MSTI 2 bridge-priority 0 Interoperating with Non-FTOS Bridges FTOS supports only one MSTP region.
Figure 30-6. Viewing the MSTP Region Name and Revision FTOS(conf-mstp)#name my-mstp-region FTOS(conf-mstp)#exit FTOS(conf)#do show spanning-tree mst config MST region name: my-mstp-region Revision: 0 MSTI VID 1 100 2 200-300 Modifying Global Parameters The root bridge sets the values for forward-delay, hello-time, max-age, and max-hops and overwrites the values set on other MSTP bridges.
www.dell.com | support.dell.com Figure 30-7.
View the current values for these interface parameters using the command show config from INTERFACE mode. See Figure 30-8. Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner. In this mode an interface forwards frames by default until it receives a BPDU that indicates that it should behave otherwise; it does not go through the Learning and Listening states.
www.dell.com | support.dell.com Figure 30-8.
Figure 30-10.
www.dell.com | support.dell.com Figure 30-11.
Figure 30-12.
www.dell.com | support.dell.com Figure 30-13.
Figure 30-14. Displaying BPDUs and Events FTOS#debug spanning-tree mstp bpdu 1w1d17h : MSTP: Sending BPDU on Te 1/31 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x68 CIST Root Bridge Id: 32768:0001.e806.953e, Ext Path Cost: 20000 Regional Bridge Id: 32768:0001.e809.c24a, CIST Port Id: 128:384 Msg Age: 2, Max Age: 20, Hello: 2, Fwd Delay: 15, Ver1 Len: 0, Ver3 Len: 96 Name: my-mstp-region, Rev: 0, Int Root Path Cost: 20000 Rem Hops: 19, Bridge Id: 32768:0001.e80d.
www.dell.com | support.dell.com Figure 30-15. Sample Output for show running-configuration spanning-tree mstp command FTOS#show run spanning-tree mstp ! protocol spanning-tree mstp name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 Figure 30-16.
31 Multicast Features Multicast Features are supported on the S5000 switch.
Figure 31-1. Multicast with ECMP IG M P J TenGig Z TenGig A TenGig Y Source TenGig W Receiver Rou te 1 IGMP Group Table Group Address Interface Group 1 TenGigabitEthernet Y Group 2 TenGigabitEthernet X Group 3 TenGigabitEthernet X G1 RP IGMP Join: TenGig B n: G3 TenGig X P Joi IGM 2 oin: G 2 ute Ro www.dell.com | support.dell.com In Figure 31-1, the receiver joins three groups.
Protocol Ethernet Address • • • OSPF 01:00:5e:00:00:05 01:00:5e:00:00:06 RIP 01:00:5e:00:00:09 NTP 01:00:5e:00:01:01 VRRP 01:00:5e:00:00:12 PIM-SM 01:00:5e:00:00:0d The FTOS implementation of MTRACE is in accordance with IETF draft draft-fenner-traceroute-ipm. Multicast is not supported on secondary IP addresses. Egress L3 ACL is not applied to multicast data traffic if multicast routing is enabled.
www.dell.com | support.dell.com Limiting the Number of Multicast Routes Task Command Syntax Command Mode Limit the total number of multicast routes on the system. ip multicast-limit CONFIGURATION Range: 1-50000 Default: 15000 When the limit is reached, FTOS does not process any IGMP or MLD joins to PIM—though it still processes leave messages—until the number of entries decreases below 95% of the limit.
FTOS Behavior: Do not enter the command ip igmp access-group before creating the access-list. If you do, upon entering your first deny rule, FTOS clears multicast routing table and re-learns all groups, even those not covered by the rules in the access-list, because there is an implicit deny all rule at the end of all access-lists. Therefore, configuring an IGMP join request filter in this order might result in data loss.
Multicast Features ip igmp snooping enable interface Vlan 400 ip pim sparse-mode ip address 10.11.4.1/24 untagged TenGigabitEthernet 1/2 ip igmp access-group igmpjoinfilR2G2 no shutdown (*, 239.0.0.1), uptime 00:00:06, expires 00:00:00, RP 10.11.12.2, flags: SCJ Incoming interface: TenGigabitEthernet 1/21, RPF neighbor 10.11.12.
Rate Limiting IGMP Join Requests If you expect a burst of IGMP Joins, protect the IGMP process from overload by limiting that rate at which new groups can be joined using the command ip igmp group-join-limit from INTERFACE mode. Hosts whose IGMP requests are denied will use the retry mechanism built-in to IGMP so that they’re membership is delayed rather than permanently denied. View the enable status of this feature using the command show ip igmp interface from EXEC Privilege mode.
| Multicast Features 0:43/Never 0:23, expires 00:03:17, flags: CT thernet 1/31, RPF neighbor 10.11.13.2 0:43/Never 0:17, expires 00:03:17, flags: CT thernet 1/21, RPF neighbor 10.11.12.2 0:43/Never pires 00:00:00, RP 10.11.12.2, flags: SCJ thernet 1/21, RPF neighbor 10.11.12.2 p, State/Mode nnected, L - Local, P - Pruned, T - SPT-bit set, J - Join SPT, andidate for MSDP Advertisement ip pim tib ard/Sparse 00:00:21/00:03:09 0:02, expires 00:03:28, flags: FT thernet 2/1, RPF neighbor 0.0.0.
Preventing a PIM Router from Processing a Join Permit or deny PIM Join/Prune messages on an interface using an extended IP access list. Use the command ip pim join-filter to prevent the PIM SM router from creating state based on multicast source and/ or group. Note: Dell recommends that you do not use the ip pim join-filter command on an interface between a source and the RP router.
| Multicast Features www.dell.com | support.dell.
32 NPIV Proxy Gateway The N-port identifier virtualization (NPIV) proxy gateway (NPG) provides FCoE-FC bridging capability on the S5000 switch.
www.dell.com | support.dell.com Figure 32-1. NPIV Proxy Gateway Example An S5000 FC port is configured as an N (node) port that logs in to an F (fabric) port on the upstream FC core switch and creates a channel for N-port identifier virtualization. NPIV allows multiple N-port fabric logins at the same time on a single, physical Fibre Channel link. Converged Network Adapter (CNA) ports on servers connect to S5000 Ten-Gigabit Ethernet ports and log in to an upstream FC core switch through the S5000 N port.
Using an FCoE map applied to downstream (server-facing) Ethernet ports and upstream (fabric-facing) FC ports, you can configure the association between a SAN fabric and the FCoE VLAN that connects servers over the NPIV proxy gateway to FC switches in the fabric.
www.dell.com | support.dell.com NPIV Proxy Gateway: Terms and Definitions 630 Table 32-1 describes the terms used in an NPG configuration on the S5000. Table 32-1. S5000 NPIV Proxy Gateway: Terms and Definitions Term | Description FC port Fibre Channel port on an S5000 FC module that operates in autosensing, 2, 4, or 8 Gigabit mode. On an NPIV proxy gateway, an FC port can be used as a downlink for a server connection and an uplink for a fabric connection.
DCB Maps A Data Center Bridging (DCB) map is used to configure DCB functionality, such as PFC and ETS, on S5000 Ethernet ports that support CEE traffic and are DCBx-enabled by default. For more information, on PFC and ETS, see Data Center Bridging (DCB). By default, no PFC and ETS settings in a DCB map are applied to S5000 Ethernet ports when they are enabled. On an S5000 NPG, you must configure PFC and ETS parameters in a DCB map and then apply the map to server-facing Ethernet ports (Creating a DCB map).
www.dell.com | support.dell.com Configuring an NPIV Proxy Gateway Prerequisite: Before you configure an NPIV proxy gateway on an S5000: • An S5000 NPIV proxy gateway can be directly connected to a server or connected to a server over a FIP snooping bridge. If the S5000 and a FIP snooping bridge are connected using a port channel (Figure 32-1), configure the port channel on both devices (interface port-channel command on the S5000). Note: DCB is enabled by default on the S5000.
Step 2 Task Command Command Mode Configure the PFC setting (on or off) and the ETS bandwidth percentage allocated to traffic in each priority group or whether priority group traffic should be handled with strict priority scheduling. The sum of all allocated bandwidth percentages must be 100%. Strict-priority traffic is serviced first. Afterwards, bandwidth allocated to other priority groups is made available and allocated according to the specified percentages.
www.dell.com | support.dell.com Applying a DCB map on server-facing Ethernet ports You can apply a DCB map only on a physical Ethernet interface and can apply only one DCB map per interface. Step 1 Task Command Command Mode Enter interface configuration mode on a server-facing port or port channel to apply a DCB map. interface {tengigabitEthernet slot/port | fortygigabitEthernet slot/port} CONFIGURATION dcb-map name INTERFACE Note: You cannot apply a DCB map on a port channel.
Creating an FCoE map An FCoE map consists of: • • • • An association between the dedicated VLAN used to carry FCoE traffic and SAN fabric where the storage arrays are installed. Use a separate FCoE VLAN for each fabric to which FCoE traffic is forwarded. Any non-FCoE traffic sent on a dedicated FCoE VLAN is dropped. The FC-MAP value used to generate the fabric-provided MAC address (FPMA). The FPMA is used by servers to transmit FCoE traffic to the fabric.
www.dell.com | support.dell.com Applying an FCoE map on server-facing Ethernet ports You can apply multiple FCoE maps on an Ethernet port or port channel. When you apply an FCoE map on a server-facing port or port channel: • • The port is configured to operate in hybrid mode (accept both tagged and untagged VLAN frames). The associated FCoE VLAN is enabled on the port or port channel.
Applying an FCoE Map on fabric-facing FC ports S5000 FC ports are configured by default to operate in N port mode to connect to an F port on an FC switch in a fabric. You can apply only one FCoE map on an FC port. When you apply an FCoE map on a fabric-facing FC port, the FC port becomes part of the FCoE fabric, whose settings in the FCoE map are configured on the port and exported to downstream server CNA ports. Each S5000 FC port is associated with an Ethernet MAC address (FCF MAC address).
www.dell.com | support.dell.com Sample Configuration Figure 32-2.
Displaying NPIV Proxy Gateway Information To display information on NPG operation, use the show commands in Table 32-2. Table 32-2. Displaying NPIV Proxy Gateway Information Command Description show interfaces status (Figure 32-3) Displays the operational status of Ethernet and Fibre Channel interfaces on an S5000 NPG. show fcoe-map [brief | map-name] Displays the Fibre Channel and FCoE configuration parameters in FCoE maps.
www.dell.com | support.dell.com Figure 32-3. show interfaces status Command Example FTOS# show interfaces Port Description Fc 0/0 Fc 0/1 Fc 0/2 Fc 0/3 Fc 0/4 Fc 0/5 Fc 0/6 Fc 0/7 Fc 0/8 Fc 0/9 Fc 0/10 Fc 0/11 Te 1/12 Te 1/13 Te 1/14 Te 1/15 Te 1/16 Te 1/17 Te 1/18 Te 1/19 Te 1/20 Te 1/21 Table 32-3.
Figure 32-4. show fcoe-map Command Examples FTOS# show fcoe-map brief Fabric-Name Fabric-Id fid_1003 1003 fid_1004 1004 Vlan-Id 1003 1004 FC-MAP 0efc03 0efc04 FCF-Priority 128 128 Config-State ACTIVE ACTIVE Oper-State UP DOWN FTOS# show fcoe-map fid_1003 Fabric Name Fabric Id Vlan Id Vlan priority FC-MAP FKA-ADV-Period Fcf Priority Config-State Oper-State Members Fc 0/0 Te 0/14 Te 0/16 Table 32-4.
www.dell.com | support.dell.com Figure 32-5. show qos dcb-map Command Examples 642 FTOS# show qos dcb-map dcbmap2 State :Complete PfcMode:ON -------------------PG:0 TSA:ETS BW:50 PFC:OFF Priorities:0 1 2 4 5 6 7 PG:1 TSA:ETS Priorities:3 Table 32-5. BW:50 show qos dcb-map Field Descriptions Field | PFC:ON Description State Complete: All mandatory DCB parameters are correctly configured. In progress: The DCB map configuration is not complete. Some mandatory parameters are not configured.
Figure 32-6. show npiv devices brief Command Example FTOS# show npiv devices brief Total NPIV Devices = 2 -------------------------------------------------------------------------------------------------------ENode-Intf ENode-WWPN FCoE-Vlan Fabric-Intf Fabric-Map LoginMethod Status -------------------------------------------------------------------------------------------------------Te 0/12 Te 0/13 20:01:00:10:18:f1:94:20 10:00:00:00:c9:d9:9c:cb Table 32-6.
www.dell.com | support.dell.com Figure 32-7.
Table 32-7. show npiv devices Field Descriptions Field Description FCoE MAC Fabric-provided MAC address (FPMA). The FPMA consists of the FC-MAP value in the FCoE map and the FC-ID provided by the fabric after a successful FLOGI. In the FPMA, the most significant bytes are the FC-MAP; the least significant bytes are the FC-ID. FC-ID FC port ID provided by the fabric. LoginMethod Method used by the server CNA to log in to the fabric; for example, FLOGI or FDISC.
www.dell.com | support.dell.com Figure 32-9. show vlan Command Examples FTOS# show vlan Codes: * - Default VLAN, G - GVRP VLANs, R - Remote Port Mirroring VLANs, P - Primary, C - Community, I - Isolated, Q: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged G - GVRP tagged, M - Vlan-stack, H - VSN tagged i - Internal untagged, I - Internal tagged, v - VLT untagged, V - VLT tagged * NUM 1 10 11 20 Status Active Inactive Inactive Inactive Table 32-9.
33 Object Tracking IPv4/IPv6 Object Tracking is available on the S5000 switch. This chapter covers the following information: • • • Object Tracking Overview Object Tracking Configuration Displaying Tracked Objects Object tracking allows FTOS client processes, such as VRRP, to monitor tracked objects (for example, interface or link status) and take appropriate action when the state of an object changes. Note: In release 8.4.1.0, object tracking is supported only on VRRP.
www.dell.com | support.dell.com You can create a tracked object to monitor the metric of the default route 0.0.0.0/0. After you configure the default route as a tracked object, you can configure the VRRP group to track the state of the route. In this way, the VRRP priority of the router with the better metric as determined by OSPF automatically becomes master of the VRRP group.
Tracking Layer 3 Interfaces You can create an object that tracks the Layer 3 state (IPv4 or IPv6 routing status) of an interface. • • The Layer 3 status of an interface is UP only if the Layer 2 status of the interface is UP and the interface has a valid IP address. The Layer 3 status of an interface goes DOWN when its Layer 2 status goes down or the IP address is removed from the routing table.
www.dell.com | support.dell.com The UP and DOWN thresholds are user-configurable for each tracked route. The default UP threshold is 254; the default DOWN threshold is 255. The notification of a change in the state of a tracked object is sent when a metric value crosses a configured threshold. The tracking process uses a protocol-specific resolution value to convert the actual metric in the routing table to a scaled metric in the range 0 to 255.
Object Tracking Configuration You can configure the following types of object tracking for a client: • • • Tracking a Layer 2 Interface on page 651 Tracking a Layer 3 Interface on page 652 Tracking an IPv4/IPv6 Route on page 653 For a complete listing of all commands related to object tracking, refer to the FTOS Command Line Interface. Tracking a Layer 2 Interface You can create an object that tracks the line-protocol state of a Layer 2 interface and monitors its operational status (UP or DOWN).
www.dell.com | support.dell.com Figure 33-2. Command Example: track interface line-protocol FTOS(conf)#track 100 interface tengigabitethernet 7/1 line-protocol FTOS(conf-track-100)#delay up 20 FTOS(conf-track-100)#description San Jose data center FTOS(conf-track-100)#end FTOS#show track 100 Track 100 Interface TenGigabitEthernet 7/1 line-protocol Description: San Jose data center Tracking a Layer 3 Interface You can create an object that tracks the routing status of an IPv4 or IPv6 Layer 3 interface.
Step 2 3 4 Task Command Syntax Command Mode (Optional) Configure the time delay used before communicating a change in the status of a tracked interface. delay {[up seconds] [down seconds]} OBJECT TRACKING (Optional) Identify the tracked object with a text description. description text (Optional) Display the tracking configuration and the tracked object’s status. Valid delay times are from 0 to 180 seconds. Default: 0. OBJECT TRACKING The text string can be up to 80 characters.
www.dell.com | support.dell.com In order for an route’s reachability or metric to be tracked, the route must appear as an entry in the routing table. A tracked route is considered to match an entry in the routing table only if the exact IPv4 or IPv6 address and prefix length match an entry in the table. For example, when configured as a tracked route, 10.0.0.0/24 does not match the routing table entry 10.0.0.0/8.
Tracking Route Reachability To configure object tracking on the reachability of an IPv4 or IPv6 route, use the following commands. To remove object tracking, enter the no track object-id command. Step 1 Task Command Syntax Command Mode Configure object tracking on the reachability of an IPv4 or IPv6 route. track object-id {ip route ip-address/prefix-len | ipv6 route ipv6-address/prefix-len} reachability [vrf vrf-name] CONFIGURATION Valid object IDs are from 1 to 65535.
www.dell.com | support.dell.com Figure 33-6.
Step 6 Task Command Syntax Command Mode (Optional) Display the tracking configuration. show track object-id EXEC Privilege Figure 33-7. Command Example: track ip route metric threshold FTOS(conf)#track 6 ip route 2.1.1.0/24 metric threshold FTOS(conf-track-6)#delay down 20 FTOS(conf-track-6)#delay up 20 FTOS(conf-track-6)#description track ip route metric FTOS(conf-track-6)#threshold metric down 40 FTOS(conf-track-6)#threshold metric up 40 FTOS(conf-track-6)#exit FTOS(conf)#track 10 ip route 3.1.1.
www.dell.com | support.dell.com Figure 33-9. Command Example: show track FTOS#show track Track 1 IP route 23.0.0.
Figure 33-12. Command Example: show track vrf FTOS#show track vrf red Track 5 IP route 192.168.0.0/24 reachability, Vrf: red Reachability is Up (CONNECTED) 3 changes, last change 00:02:39 First-hop interface is TenGigabitEthernet 13/4 • show running-config track [object-id] Use the show running-config track command to display the tracking configuration of a specified object or all objects that are currently configured on the router. Figure 33-13.
| Object Tracking www.dell.com | support.dell.
34 Open Shortest Path First (OSPFv2) Open Shortest Path First (OSPFv2) is supported on the S5000 switch.
www.dell.com | support.dell.com Autonomous System (AS) Areas OSPF operate in a type of hierarchy. The largest entity within the hierarchy is the autonomous system (AS), which is a collection of networks under a common administration that share a common routing strategy. OSPF is an intra-AS (interior gateway) routing protocol, although it is capable of receiving routes from and sending routes to other ASs.
Area Types The Backbone of the network is Area 0. It is also called Area 0.0.0.0 and is the core of any Autonomous System (AS). All other areas must connect to Area 0. Areas can be defined in such a way that the backbone is not contiguous. In this case, backbone connectivity must be restored through virtual links. Virtual links are configured between any backbone routers that share a link to a non-backbone area and function as if they were direct links.
www.dell.com | support.dell.com Figure 34-2.
Area Border Router (ABR) Within an AS, an Area Border (ABR) connects one or more areas to the Backbone. The ABR keeps a copy of the link-state database for every area it connects to, so it may keep multiple copies of the link state database. An Area Border Router (ABR) takes information it has learned on one of its attached areas and can summarize it before sending it out on other areas it is connected to. An ABR can connect to many areas in an AS, and is considered a member of each area it connects to.
www.dell.com | support.dell.com The LSA types supported by Dell Networking are defined as follows: • • • • • • • Type 1 - Router LSA • The router lists links to other routers or networks in the same area. Type 1 LSAs are flooded across their own area only. The Link-State ID of the Type 1 LSA is the originating router ID. Type 2 - Network LSA • The Designated Router (DR) in an area lists which routers are joined together within the area. Type 2 LSAs are flooded across their own area only.
LSA throttling LSA throttling provides configurable interval timers to improve OSPF convergence times. The default OSPF static timers (5 seconds for transmission, 1 second for acceptance) ensure sufficient time for sending and resending LSAs and for system acceptance of arriving LSAs. However, some networks may require reduced intervals for LSA transmission and acceptance. The throttling timers allow for this improved convergence times.
www.dell.com | support.dell.com Figure 34-3. Priority and Costs Example Router 2 Priority 180 Cost 50 Router 3 Priority 100 Cost 25 Router 1 Priority 200 Cost 21 Router 4 Priority 150 Cost 20 Router 1 selected by the system as DR. Router 2 selected by the system as BDR. If R1 fails, the system "subtracts" 21 from R1's priority number. R1's new priority is 179. R2 as both the selected BDR and the now-highest priority, becomes the DR. If R3 fails, the system "subtracts" 50 from its priority.
Fast Convergence (OSPFv2, IPv4 only) Fast Convergence allows you to define the speeds at which LSAs are originated and accepted, and reduce OSPFv2 end-to-end convergence time. FTOS enables you to accept and originate LSAa as soon as they are available to speed up route information propagation. Note that the faster the convergence, the more frequent the route calculations and updates. This will impact CPU utilization and may impact adjacency stability in larger topologies.
www.dell.com | support.dell.com Figure 34-4. Enabling RFC-2328 Compliant OSPF Flooding 00:10:41 : OSPF(1000:00): Printed only for ACK packets Rcv. v:2 t:5(LSAck) l:64 Acks 2 rid:2.2.2.2 aid:1500 chk:0xdbee aut:0 auk: keyid:0 from:Vl 1000 LSType:Type-5 AS External id:160.1.1.0 adv:6.1.0.0 seq:0x8000000c LSType:Type-5 AS External id:160.1.2.0 adv:6.1.0.0 seq:0x8000000c 00:10:41 : OSPF(1000:00): Rcv. v:2 t:5(LSAck) l:64 Acks 2 rid:2.2.2.
To ensure equal intervals between the routers, manually set the dead interval of the Dell Networking router to match the Cisco configuration. Use the command “ip ospf dead-interval ” in interface mode: Figure 34-6. Command Example: ip ospf intervals FTOS(conf)#int te 2/2 FTOS(conf-if-te-2/2)#ip ospf hello-interval 20 FTOS(conf-if-te-2/2)#ip ospf dead-interval 80 Dead Interval Set at 4x Hello Interval FTOS(conf-if-te-2/2)# Figure 34-7.
www.dell.com | support.dell.
Return to CONFIGURATION mode to enable the OSPF process. The OSPF Process ID is the identifying number assigned to the OSPF process, and the Router ID is the IP address associated with the OSPF process. . Command Syntax Command Mode Usage router ospf process-id [vrf {vrf name}] CONFIGURATION Enable the OSPFv2 process globally. Range: 0-65535 vrf name: Enter the VRF key word and instance name to tie the OSPF instance to the VRF.
www.dell.com | support.dell.com Enabling Multi-Process OSPF Multi-Process OSPF allows multiple OSPFv2 processes on a single router. Follow the same steps as above, when configuring a single OSPF process. Repeat them as often as necessary for the desired number of processes. Once the process is created, all other configurations apply as usual, Step 1 Command Syntax Command Mode Usage ip address ip-address mask CONFIG-INTERFACE Assign an IP address to an interface. Format: A.B.C.
In CONFIGURATION ROUTER OSPF mode, assign the Router ID. The Router ID is not required to be the router’s IP address. Dell Networking recommends using the IP address as the Router ID for easier management and troubleshooting. Command Syntax Command Mode Usage router-id ip address CONFIG-ROUTER-O SPF-id Assign the Router ID for the OSPFv2 process. IP Address: A.B.C.D Use the no router ospf process-id command syntax in the CONFIGURATION mode to disable OSPF.
www.dell.com | support.dell.com OSPF functions and features, such as MD5 Authentication, Grace Period, Authentication Wait Time, etc, are assigned on a per interface basis. Note: If using features like MD5 Authentication, ensure all the neighboring routers are also configured for MD5. Figure 34-9 presents an example of assigning an IP address to an interface and then assigning an OSPFv2 area that includes that Layer-3 interface’s IP address. Figure 34-9.
Figure 34-10. Command Example: show ip ospf process-id interface FTOS>show ip ospf 1 interface TenGigabitEthernet 12/17 is up, line protocol is up Internet Address 10.2.2.1/24, Area 0.0.0.0 Process ID 1, Router ID 11.1.2.1, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 11.1.2.1, Interface address 10.2.2.1 Backup Designated Router (ID) 0.0.0.0, Interface address 0.0.0.
www.dell.com | support.dell.com To ensure connectivity in your OSPFv2 network, never configure the backbone area as a stub area. Use these commands in the following sequence, starting in EXEC Privilege mode to configure a stub area. Step 1 Command Syntax Command Mode Usage show ip ospf process-id [vrf vrf name] database database-summary EXEC Privilege Review all areas after they were configured to determine which areas are NOT receiving type 5 LSAs.
Configuring LSA throttling timers Configured LSA timers replace the standard transmit and acce4patnce times for LSAs. The LSA throttling timers are configured in milliseconds, with the interval time increasing exponentially until a maximum time has been reached. If the maximum time is reached, the system, the system continues to transmit at the max-interval. If the system is stable for twice the maximum interval time, the system reverts to the start-interval timer and the cycle begins again.
www.dell.com | support.dell.com Use the following command in the ROUTER OSPF mode to suppress the interface’s participation on an OSPF interface. This command stops the router from sending updates on that interface. Command Syntax Command Mode Usage passive-interface {default | interface} CONFIG-ROUTEROSPF-id Specify whether all or some of the interfaces will be passive. Default enabled passive interfaces on ALL interfaces in the OSPF process.
Figure 34-13. Command Example: show ip ospf process-id interface FTOS#show ip ospf 34 int TenGigabitEthernet 0/0 is up, line protocol is down Internet Address 10.1.2.100/24, Area 1.1.1.1 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DOWN, Priority 1 Designated Router (ID) 10.1.2.100, Interface address 0.0.0.0 Backup Designated Router (ID) 0.0.0.0, Interface address 0.0.0.
www.dell.com | support.dell.com Figure 34-14 shows the convergence settings when fast-convergence is enabled and Figure 34-15 shows settings when fast-convergence is disabled. These displays appear with the show ip ospf command. Figure 34-14. Command Example: show ip ospf process-id (fast-convergence enabled) FTOS(conf-router_ospf-1)#fast-converge 2 FTOS(conf-router_ospf-1)#ex FTOS(conf)#ex FTOS#show ip ospf 1 Routing Process ospf 1 with ID 192.168.67.
Use any or all of the following commands in CONFIGURATION INTERFACE mode to change OSPFv2 parameters on the interfaces: Command Syntax Command Mode Usage ip ospf cost CONFIG-INTERFACE Change the cost associated with OSPF traffic on the interface. Cost: 1 to 65535 (default depends on the interface speed). ip ospf dead-interval seconds CONFIG-INTERFACE Change the time interval the router waits before declaring a neighbor dead. Configure Seconds range: 1 to 65535 (default is 40 seconds).
www.dell.com | support.dell.com Figure 34-16. Changing the OSPF Cost Value on an Interface FTOS(conf-if)#ip ospf cost 45 FTOS(conf-if)#show config ! interface TenGigabitEthernet 0/0 ip address 10.1.2.100 255.255.255.0 no shutdown ip ospf cost 45 FTOS(conf-if)#end FTOS#show ip ospf 34 interface The change is made on the interface and it is reflected in the OSPF configuration TenGigabitEthernet 0/0 is up, line protocol is up Internet Address 10.1.2.100/24, Area 2.2.2.2 Process ID 34, Router ID 10.1.2.
• • • dead-interval: dead router detection time authentication-key: authentication key message-digest-key: MD5 authentication key Use the following command in CONFIGURATION ROUTER OSPF mode to configure virtual links.
www.dell.com | support.dell.com Filtering routes To filter routes, use prefix lists. OSPF applies prefix lists to incoming or outgoing routes. Incoming routes must meet the conditions of the prefix lists, and if they do not, OSPF does not add the route to the routing table. Configure the prefix list in CONFIGURATION PREFIX LIST mode prior to assigning it to the OSPF process. Command Syntax Command Mode Usage ip prefix-list prefix-name CONFIGURATION Create a prefix list and assign it a unique name.
Use the following command in CONFIGURATION- ROUTER-OSPF mode to redistribute routes: Command Syntax Command Mode Usage redistribute {bgp | connected | isis | rip | static} [metric metric-value | metric-type type-value] [route-map map-name] [tag tag-value] CONFIG-ROUTEROSPF-id Specify which routes will be redistributed into OSPF process. Configure the following required and optional parameters: • bgp, connected, isis, rip, or static: enter one of the keyword to redistribute those routes.
www.dell.com | support.dell.com • • show virtual links show routes Use the show running-config ospf command to see the state of all the enabled OSPFv2 processes. Command Syntax Command Mode Usage show running-config ospf EXEC Privilege View the summary of all OSPF process IDs enables on the router. Figure 34-19. Command Example: show running-config ospf FTOS#show run ospf ! router ospf 3 ! router ospf 4 router-id 4.4.4.4 network 4.4.4.
Use the following command in EXEC Privilege mode to view the OSPFv2 configuration for LSA throttling: Command Syntax Command Mode Usage show ip ospf timers rate-limit EXEC Privilege View the LSAs currently in the queue. Use the following command in EXEC Privilege mode to configure the debugging options of an OSPFv2 process: Command Syntax Command Mode Usage debug ip ospf process-id [event | packet | spf | database-timers rate-limit] EXEC Privilege View debug messages.
www.dell.com | support.dell.com Figure 34-20. Basic topology and CLI commands for OSPFv2 OSPF AREA 0 Te 2/2 Te 1/2 Te 3/1 router ospf 11111 network 10.0.11.0/24 area 0 network 10.0.12.0/24 area 0 network 192.168.100.0/24 area 0 ! interface TenGigabitEthernet 1/1 ip address 10.1.11.1/24 no shutdown ! interface TenGigabitEthernet 1/2 ip address 10.2.12.2/24 no shutdown ! interface Loopback 10 ip address 192.168.100.
35 PIM Sparse-Mode (PIM-SM) PIM Sparse-Mode (PIM-SM) is supported on the S5000 switch. PIM-Sparse Mode (PIM-SM) is a multicast protocol that forwards multicast traffic to a subnet only upon request using a PIM Join message; this behavior is the opposite of PIM-Dense Mode, which forwards multicast traffic to all subnets until a request to stop.
www.dell.com | support.dell.com Requesting Multicast Traffic A host requesting multicast traffic for a particular group sends an IGMP Join message to its gateway router. The gateway router is then responsible for joining the shared tree to the RP (RPT) so that the host can receive the requested traffic. 1. Upon receiving an IGMP Join message, the receiver gateway router (last-hop DR) creates a (*,G) entry in its multicast routing table for the requested group.
3. Once the RP starts receiving multicast traffic via the (S,G) it unicasts a Register-Stop message to the first-hop DR so that multicast packets are no longer encapsulated in PIM Register packets and unicast. Upon receiving the first multicast packet from a particular source, the last-hop DR sends a PIM Join message to the source to create an SPT to it. 4. There are two paths, then, between the receiver and the source, a direct SPT and an RPT.
www.dell.com | support.dell.com Step Task Command Command Mode 2 Enable PIM-Sparse Mode ip pim sparse-mode INTERFACE Display which interfaces are enabled with PIM-SM using the command show ip pim interface from EXEC Privilege mode, as shown in Figure 35-1. Figure 35-1. Viewing PIM-SM Enabled Interfaces FTOS#show ip pim interface Address Interface VIFindex Ver/ Mode 189.87.5.6 Te 4/11 0x2 v2/S 189.87.3.2 Te 4/12 0x3 v2/S 189.87.31.6 Te 7/11 0x0 v2/S 189.87.50.
Figure 35-3. Viewing the PIM Multicast Routing Table FTOS#show ip pim tib PIM Multicast Routing Table Flags: D - Dense, S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT, Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (*, 192.1.2.1), uptime 00:29:36, expires 00:03:26, RP 10.87.2.6, flags: SCJ Incoming interface: TenGigabitEthernet 4/12, RPF neighbor 10.87.3.
www.dell.com | support.dell.com Step 3 Task Command Syntax Command Mode Set the expiry time for a specific (S,G) entry (Figure 35-4). Range 211-86400 seconds Default: 210 ip pim sparse-mode sg-expiry-timer seconds sg-list CONFIGURATION access-list-name Note: The expiry time configuration is nullified, and the default global expiry time is used if: • an ACL is specified for an in the ip pim sparse-mode sg-expiry-timer command, but the ACL has not been created or is a standard ACL.
Overriding Bootstrap Router Updates PIM-SM routers need to know the address of the RP for each group for which they have (*,G) entry. This address is obtained automatically through the bootstrap router (BSR) mechanism or a static RP configuration. If you have configured a static RP for a group, use the option override with the command ip pim rp-address to override bootstrap router updates with your static RP configuration.
www.dell.com | support.dell.com Creating Multicast Boundaries and Domains 698 A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary defined by PIM Multicast Border Routers (PMBRs). PMBRs connect each PIM domain to the rest of the internet. Create multicast boundaries and domains by filtering inbound and outbound Bootstrap Router (BSR) messages per interface, use the ip pim bsr-border command.
36 Port Monitoring Port Monitoring is supported on the S5000 switch. Port Monitoring is a feature that copies all incoming or outgoing packets on one port and forwards (mirrors) them to another port. The source port is the monitored port (MD) and the destination port is the monitoring port (MG).
www.dell.com | support.dell.com For the S5000, the total number of monitoring sessions is derived by consuming a unique destination port in each session, in each port-pipe. Note: There is no limit to the number of monitoring sessions per system, provided there are only 4 destination ports per port-pipe. If each monitoring session has a unique destination port, then the maximum number of session is 4 per port-pipe.
Figure 36-2. Number of Monitoring Ports on the S5000 FTOS(conf)#mon ses 300 FTOS(conf-mon-sess-300)#source gig 0/17 destination gig 0/4 direction tx % Error: Exceeding max MG ports for this MD port pipe.
www.dell.com | support.dell.com Figure 36-4. Port Monitoring Configurations on the S5000 Stack Unit 0 Port-Pipe 0 Monitor Session 0 MD MD Port-Pipe 0 Port-Pipe 1 MG MD Monitor Session 1 MD MD Monitor Session 2 Port-Pipe 1 Stack Unit 1 MG MG MG MD Configuring Port Monitoring To configure port monitoring: Step Task Command Syntax Command Mode 1 Verify that the intended monitoring port has no configuration other than no shutdown, as shown in Figure 36-5.
In Figure 36-6, the host and server are exchanging traffic which passes through interface gigabitethernet 1/ 1. Interface gigabitethernet 1/1 is the monitored port and gigabitethernet 1/2 is the monitoring port, which is configured to only monitor traffic received on gigabitethernet 1/1 (host-originated traffic). Figure 36-6.
| Port Monitoring www.dell.com | support.dell.
37 Private VLANs (PVLAN) The Private VLANs (PVLAN) feature is supported on the S5000 switch. For syntax details on the commands discussed in this chapter, see the Private VLANs Commands chapter in the FTOS Command Line Reference.
www.dell.com | support.dell.com • • • Ports in a community VLAN can communicate with each other. Ports in a community VLAN can communicate with all promiscuous ports in the primary VLAN. A community VLAN can only contain ports configured as host. Isolated VLAN — An isolated VLAN is a type of secondary VLAN in a primary VLAN: • • • Ports in an isolated VLAN cannot talk directly to each other. Ports in an isolated VLAN can only communicate with promiscuous ports in the primary VLAN.
Private VLAN Commands The commands dedicated to supporting the Private VLANs feature are: Table 37-1. Private VLAN Commands Task Command Syntax Command Mode Enable/disable Layer 3 communication between secondary VLANs. [no] ip local-proxy-arp Note: Even after ip-local-proxy-arp is disabled (no ip-local-proxy-arp) in a secondary VLAN, Layer 3 communication may happen between some secondary VLAN hosts, until the ARP timeout happens on those secondary VLAN hosts.
www.dell.com | support.dell.com Private VLAN Configuration Task List The following sections contain the procedures that configure a private VLAN: • • • • Creating PVLAN ports Creating a Primary VLAN Creating a Community VLAN Creating an Isolated VLAN Creating PVLAN ports Private VLAN ports are those that will be assigned to the private VLAN (PVLAN). Step Command Syntax Command Mode Purpose interface interface CONFIGURATION Access the INTERFACE mode for the port that you want to assign to a PVLAN.
Creating a Primary VLAN A primary VLAN is a port-based VLAN that is specifically enabled as a primary VLAN to contain the promiscuous ports and PVLAN trunk ports for the private VLAN. A primary VLAN also contains a mapping to secondary VLANs, which are comprised of community VLANs and isolated VLANs. Step Command Syntax Command Mode Purpose 1 interface vlan vlan-id CONFIGURATION Access the INTERFACE VLAN mode for the VLAN to which you want to assign the PVLAN interfaces.
www.dell.com | support.dell.com Creating a Community VLAN A community VLAN is a secondary VLAN of the primary VLAN in a private VLAN. The ports in a community VLAN can talk to each other and with the promiscuous ports in the primary VLAN. Step Command Syntax Command Mode Purpose 1 interface vlan vlan-id CONFIGURATION Access the INTERFACE VLAN mode for the VLAN that you want to make a community VLAN. 2 no shutdown INTERFACE VLAN Enable the VLAN.
Figure 37-2.
www.dell.com | support.dell.com The result is that: • • • • The ports in community VLAN 4001 can communicate directly with each other and with promiscuous ports. The ports in community VLAN 4002 can communicate directly with each other and with promiscuous ports The ports in isolated VLAN 4003 can only communicate with the promiscuous ports in the primary VLAN 4000.
• show vlan private-vlan mapping: Display the primary-secondary VLAN mapping. See the example output from the S5000-2 in Figure 37-6. Two show commands revised to display PVLAN data are: • • show arp • show vlan: See revised output in Figure 37-7. Figure 37-4.
www.dell.com | support.dell.com Figure 37-8.
38 Per-VLAN Spanning Tree Plus (PVST+) Per-VLAN Spanning Tree Plus (PVST+) is supported on the S5000 switch.
www.dell.com | support.dell.com Figure 38-1. Per-VLAN Spanning Tree STI 1/2/3 root STI 1: VLAN 100 STI 2: VLAN 200 STI 3: VLAN 300 R2 R3 3/22 2/32 3/12 Forwarding 2/12 1/22 g kin oc Bl X XX 1/32 R1 FTOS supports three other variations of Spanning Tree, as shown in Table 38-1. Table 38-1. FTOS Supported Spanning Tree Protocols Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802.1d Rapid Spanning Tree Protocol (RSTP) 802.
Configuring Per-VLAN Spanning Tree Plus Configuring PVST+ is a four-step process: 1. Configure interfaces for Layer 2. 2. Place the interface in VLANs. 3. Enable PVST+. See page 717. 4. Optionally, for load balancing, select a non-default bridge-priority for a VLAN. See page 718.
www.dell.com | support.dell.com Figure 38-2. Display the PVST+ Configuration FTOS(conf-pvst)#show config verbose ! protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 Influencing PVST+ Root Selection In Figure 38-1, all VLANs use the same forwarding topology because R2 is elected the root, and all Ten-Gigabit Ethernet ports have the same cost. Figure 38-3 changes the bridge priority of each bridge so that a different forwarding topology is generated for each VLAN.
Figure 38-4. Display the PVST+ Forwarding Topology FTOS(conf)#do show spanning-tree pvst vlan 100 VLAN 100 Root Identifier has priority 4096, Address 0001.e80d.b6d6 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 4096, Address 0001.e80d.b6d6 Configured hello time 2, max age 20, forward delay 15 We are the root of VLAN 100 Current root has priority 4096, Address 0001.e80d.
www.dell.com | support.dell.com Task Command Syntax Command Mode Change the max-age parameter. VLAN range: 1 to 4094. Max-age range (in seconds): 6 to 40. Default: 20 seconds vlan vlan-range max-age value PROTOCOL PVST The values for global PVST+ parameters are given in the output of the command show spanning-tree pvst, as shown in Figure 38-4.
Task Command Syntax Command Mode Change the port priority of an interface. VLAN range: 1 to 4094. Priority range: 0 to 240, in increments of 16. Default: 128 spanning-tree pvst vlan vlan-range priority value INTERFACE The values for interface PVST+ parameters are given in the output of the command show spanning-tree pvst, as shown in Figure 38-4. Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner.
www.dell.com | support.dell.com PVST+ in Multi-vendor Networks Some non-Dell Networking systems which have hybrid ports participating in PVST+ transmit two kinds of BPDUs: an 802.1D BPDU and an untagged PVST+ BPDU. Dell Networking systems do not expect PVST+ BPDU (tagged or untagged) on an untagged port. If this happens, FTOS places the port in error-disable state. This behavior might result in the network not converging.
Figure 38-5. PVST+ with Extend System ID VLAN unaware Hub Switch P1 untagged in VLAN 10 X P2 untagged in VLAN 20 moves to blocking unless Extended System ID is enabled Task Command Syntax Command Mode Augment the Bridge ID with the VLAN ID. extend system-id PROTOCOL PVST FTOS(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.
www.dell.com | support.dell.com Figure 38-6.
Figure 38-8.
www.dell.com | support.dell.
39 Quality of Service (QoS) Quality of Service (QoS) is supported on the S5000 switch. Differentiated service is accomplished by classifying and queuing traffic and assigning priorities to those queues.
www.dell.com | support.dell.com • Weighted Random Early Detection • Create WRED Profiles • Pre-calculating Available QoS CAM Space Figure 39-1. Dell Networking QoS Architecture Marking (DiffServ, 802.
• • • Setting dot1p Priorities for Incoming Traffic Configuring Port-based Rate Policing Configuring Port-based Rate Shaping Setting dot1p Priorities for Incoming Traffic Change the priority of incoming traffic on the interface using the command dot1p-priority from INTERFACE mode, as shown in Figure 39-2. FTOS places traffic marked with a priority in a queue based on Table 39-1. If you set a dot1p priority for a port-channel, all port-channel members are configured with the same value.
www.dell.com | support.dell.com On the S5000 you can configure service-class dynamic dot1p from CONFIGURATION mode, which applies the configuration to all interfaces. A CONFIGURATION mode service-class dynamic dot1p entry supersedes any INTERFACE entries. See Mapping dot1p values to service queues on page 737. Note: You cannot configure service-policy input and service-class dynamic dot1p on the same interface. Figure 39-3.
Figure 39-5.
www.dell.com | support.dell.com Figure 39-8. Constructing Policy-based QoS Configurations Interface Input Service Policy 0 Output Service Policy 7 Input Policy Map Input Policy Map Class Map L3 ACL L3 Fields 7 0 DSCP Rate Policing Output Policy Map Output Policy Map Output QoS Policy Input QoS Policy Outgoing Marking Rate Limiting WRED B/W % Classifying Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to each class.
Figure 39-9. Using the Order Keyword in ACLs FTOS(conf)#ip access-list standard acl1 FTOS(config-std-nacl)#permit 20.0.0.0/8 FTOS(config-std-nacl)#exit FTOS(conf)#ip access-list standard acl2 FTOS(config-std-nacl)#permit 20.1.1.
www.dell.com | support.dell.com Creating a QoS Policy There are two types of QoS policies: input and output. Input QoS policies regulate Layer 3 and Layer 2 ingress traffic. The regulation mechanisms for input QoS policies are rate policing and setting priority values. There are two types of input QoS policies: Layer 3 and Layer 2. • • Layer 3 QoS input policies allow you to rate police and set a DSCP or dot1p value. Layer 2 QoS input policies allow you to rate police and set a dot1p value.
1. Create an output QoS policy using the command qos-policy-output from CONFIGURATION mode. 2. Once you configure an output QoS policy, do one or more of the following • • • • Configuring policy-based rate shaping Configuring policy-based rate shaping Allocating bandwidth to queue Specifying WRED drop precedence Configuring policy-based rate shaping: Rate shape egress traffic using the command rate-shape from QOS-POLICY-OUT mode.
www.dell.com | support.dell.com Table 39-3. Queue Assigning Bandwidth Weights for the S5000 Weight Equivalent Percentage Target Allocation 2 128 56.89% 60% 3 32 14.22% 14% Specifying WRED drop precedence: Specifying WRED drop precedence is supported on the S5000 switch. Specify a WRED profile to yellow and/or green traffic using the command wred from QOS-POLICY-OUT mode. See Applying a WRED profile to traffic. Creating Policy Maps There are two types of policy maps: input and output.
FTOS provides the ability to honor DSCP values on ingress packets using Trust DSCP feature. Enable this feature using the command trust diffserv from POLICY-MAP-IN mode. Table 39-4 lists the standard DSCP definitions, and indicates to which queues FTOS maps DSCP values. When Trust DSCP is configured the matched packets and matched bytes counters are not incremented in show qos statistics. Table 39-4.
www.dell.com | support.dell.com Mapping dot1p values to service queues is available on the S5000 switch. On the S5000 all traffic is by default mapped to the same queue, Queue 0. If you honor dot1p on ingress, then you can create service classes based a queueing strategy that uses the command service-class dynamic dot1p from INTERFACE mode. You may apply this queuing strategy globally by entering this command from CONFIGURATION mode.
Specifying an aggregate QoS policy: Specify an aggregate QoS policy using the command policy-aggregate from POLICY-MAP-OUT mode. Applying an output policy map to an interface: Apply an input policy map to an interface using the command service-policy output from INTERFACE mode. You can apply the same policy map to multiple interfaces, and you can modify a policy map after you apply it.
www.dell.com | support.dell.com • A queue with strict-priority can starve other queues in the same port-pipe. Weighted Random Early Detection Weighted Random Early Detection is supported only on the S5000 switch. Weighted Random Early Detection (WRED) congestion avoidance mechanism that drops packets to prevent buffering resources from being consumed. Traffic is a mixture of various kinds of packets. The rate at which some types of packets arrive might be greater than others.
Table 39-6. Pre-defined WRED Profiles for the S5000 Default Profile Minimum Name Threshold Maximum Threshold Maximum Drop Rate wred_fortyg_y 467 4671 50 wred_fortyg_g 467 4671 25 Create WRED Profiles To create a WRED profile: 1. Create a WRED profile using the command wred from CONFIGURATION mode. 2. The command wred places you in WRED mode. From this mode, specify minimum and maximum threshold values using the command threshold.
www.dell.com | support.dell.com Displaying WRED Drop Statistics Display the number of packets FTOS dropped by WRED Profile using the command show qos statistics from EXEC Privilege mode. Figure 39-12.
• • Allowed indicates that the policy-map can be applied because the estimated number of CAM entries is less or equal to the available number of CAM entries. The number of interfaces in the port-pipe to which the policy-map can be applied is given in parenthesis. Exception indicates that the number of CAM entries required to write the policy-map to the CAM is greater than the number of available CAM entries, and therefore the policy-map cannot be applied to an interface in the specified port-pipe.
| Quality of Service (QoS) www.dell.com | support.dell.
40 Routing Information Protocol (RIP) The S5000 switch supports Routing Information Protocol (RIP). RIP is based on a distance-vector algorithm, it tracks distances or hop counts to nearby routers when establishing network connections. • • • • Protocol Overview Implementation Information Configuration Information RIP Configuration Example RIP protocol standards are listed in the Chapter 57, Standards Compliance chapter. Protocol Overview RIP is the oldest interior gateway protocol.
www.dell.com | support.dell.com RIPv2 RIPv2 adds support for subnet fields in the RIP routing updates, thus qualifying it as a classless routing protocol. The RIPv2 message format includes entries for route tags, subnet masks, and next hop addresses. Another enhancement included in RIPv2 is multicasting for route updates on IP multicast address 224.0.0.9.
• Debugging RIP For a complete listing of all commands related to RIP, refer to the FTOS Command Reference. Enabling RIP globally By default, RIP is not enabled in FTOS. To enable RIP, use the following commands in sequence, starting in the CONFIGURATION mode: Step 1 2 Command Syntax Command Mode Purpose router rip CONFIGURATION Enter ROUTER RIP mode and enable the RIP process on FTOS. network ip-address ROUTER RIP Assign an IP network address as a RIP network to exchange routing information.
www.dell.com | support.dell.com Figure 40-2. show ip rip database Command Example (Partial) FTOS#show ip rip database Total number of routes in RIP database: 978 160.160.0.0/16 [120/1] via 29.10.10.12, 00:00:26, Fa 160.160.0.0/16 auto-summary 2.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 2.0.0.0/8 auto-summary 4.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 4.0.0.0/8 auto-summary 8.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 8.0.0.0/8 auto-summary 12.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 12.0.
To control the source of RIP route information, use the following commands, in the ROUTER RIP mode: Command Syntax Command Mode Purpose neighbor ip-address ROUTER RIP Define a specific router to exchange RIP information between it and the Dell Networking system. You can use this command multiple times to exchange RIP information with as many RIP networks as you want. passive-interface interface ROUTER RIP Disable a specific interface from sending or receiving RIP routing information.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose redistribute ospf process-id [match external {1 | 2} | match internal] [metric value] [route-map map-name] ROUTER RIP Include specific OSPF routes in RIP. Configure the following parameters: • process-id range: 1 to 65535 • metric range: 0 to 16 • map-name: name of a configured route map. To view the current RIP configuration, use the show running-config command in the EXEC mode or the show config command in the ROUTER RIP mode.
Figure 40-3.
www.dell.com | support.dell.com Figure 40-5.
If you must perform routing between discontiguous subnets, disable automatic summarization. With automatic route summarization disabled, subnets are advertised. The command autosummary requires no other configuration commands. To disable automatic route summarization, in the ROUTER RIP mode, enter no autosummary. Note: If the ip split-horizon command is enabled on an interface, then the system does not advertise the summarized address.
www.dell.com | support.dell.com To enable RIP debugging, use the following command in the EXEC privilege mode: Command Syntax Command Mode Purpose debug ip rip [interface | database | events | trigger] EXEC privilege Enable debugging of RIP. Figure 40-6 shows the confirmation when the debug function is enabled. Figure 40-6. debug ip rip Command Example FTOS#debug ip rip RIP protocol debug is ON FTOS# To disable RIP, use the no debug ip rip command.
Configuring RIPv2 on Core 2 Figure 40-8. Configuring RIPv2 on Core 2 Core2(conf-if-te-2/31)# Core2(conf-if-te-2/31)#router rip Core2(conf-router_rip)#ver 2 Core2(conf-router_rip)#network 10.200.10.0 Core2(conf-router_rip)#network 10.300.10.0 Core2(conf-router_rip)#network 10.11.10.0 Core2(conf-router_rip)#network 10.11.20.0 Core2(conf-router_rip)#show config ! router rip network 10.0.0.
www.dell.com | support.dell.com Figure 40-10.
RIP Configuration on Core 3 Figure 40-12. RIP Configuration on Core 3 Core3(conf-if-te-3/21)#router rip Core3(conf-router_rip)#version 2 Core3(conf-router_rip)#network 192.168.1.0 Core3(conf-router_rip)#network 192.168.2.0 Core3(conf-router_rip)#network 10.11.30.0 Core3(conf-router_rip)#network 10.11.20.0 Core3(conf-router_rip)#show config ! router rip network 10.0.0.0 network 192.168.1.0 network 192.168.2.
www.dell.com | support.dell.com Figure 40-14.
RIP Configuration Summary Figure 40-16. Summary of Core 2 RIP Configuration Using Output of show run Command ! interface TenGigabitEthernet 2/11 ip address 10.11.10.1/24 no shutdown ! interface TenGigabitEthernet 2/31 ip address 10.11.20.2/24 no shutdown ! interface TenGigabitEthernet 2/41 ip address 10.200.10.1/24 no shutdown ! interface TenGigabitEthernet 2/42 ip address 10.250.10.1/24 no shutdown router rip version 2 10.200.10.0 10.300.10.0 10.11.10.0 10.11.20.0 Figure 40-17.
www.dell.com | support.dell.
41 Remote Monitoring (RMON) Remote Monitoring (RMON) is supported on the S5000 switch. This chapter describes the Remote Monitoring (RMON): • • Implementation Fault Recovery Remote Monitoring (RMON) is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet interfaces. RMON operates with SNMP and monitors all nodes on a LAN segment.
www.dell.com | support.dell.com Fault Recovery RMON provides the following fault recovery functions: Interface Down—When an RMON-enabled interface goes down, monitoring continues. However, all data values are registered as 0xFFFFFFFF (32 bits) or ixFFFFFFFFFFFFFFFF (64 bits). When the interface comes back up, RMON monitoring processes resumes. Note: A Network Management System (NMS) should be ready to interpret a down interface and plot the interface performance graph accordingly.
Setting rmon alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode. To disable the alarm, use the no form of this command: Command Syntax Command Mode Purpose [no] rmon alarm number variable interval {delta | absolute} rising-threshold [value event-number] falling-threshold value event-number [owner string] CONFIGURATION Set an alarm on any MIB object. Use the no form of this command to disable the alarm.
www.dell.com | support.dell.com Figure 41-1. rmon alarm Command Example FTOS(conf)#rmon alarm 10 1.3.6.1.2.1.2.2.1.20.1 20 delta rising-threshold 15 1 falling-threshold 0 owner nms1 Alarm Number MIB Variable Monitor Interval Counter Value Limit Triggered Event The above example configures RMON alarm number 10. The alarm monitors the MIB variable 1.3.6.1.2.1.2.2.1.20.1 (ifEntry.ifOutErrors) once every 20 seconds until the alarm is disabled, and checks the rise or fall of the variable.
Figure 41-2. rmon event Command Example FTOS(conf)#rmon event 1 log trap eventtrap description “High ifOutErrors” owner nms1 The above configuration example creates RMON event number 1, with the description “High ifOutErrors”, and generates a log entry when the event is triggered by an alarm. The user nms1 owns the row that is created in the event table by this command. This configuration also generates an SNMP trap when the event is triggered using the SNMP community string “eventtrap”.
www.dell.com | support.dell.com Configuring RMON collection history To enable the RMON MIB history group of statistics collection on an interface, use the rmon collection history command in interface configuration mode. To remove a specified RMON history group of statistics collection, use the no form of this command.
42 Rapid Spanning Tree Protocol (RSTP) This chapter contains the following major sections: • • • • Protocol Overview Configuring Rapid Spanning Tree Configuring Interfaces for Layer 2 Mode Enabling Rapid Spanning Tree Protocol Globally Protocol Overview Rapid Spanning Tree Protocol (RSTP) is a Layer 2 protocol—specified by IEEE 802.1w—that is essentially the same as Spanning-Tree Protocol (STP) but provides faster convergence and interoperability with switches configured with STP and MSTP.
www.dell.com | support.dell.com • • • • • • • • Modifying Global Parameters Modifying Interface Parameters Configuring an EdgePort Preventing Network Disruptions with BPDU Guard Influencing RSTP Root Selection Configuring Spanning Trees as Hitless SNMP Traps for Root Elections and Topology Changes Flushing MAC Addresses after a Topology Change Important Points to Remember • • • • RSTP is disabled by default. FTOS supports only one Rapid Spanning Tree (RST) instance.
Configuring Interfaces for Layer 2 Mode All interfaces on all bridges that will participate in Rapid Spanning Tree must be in Layer 2 and enabled. Figure 42-1.
www.dell.com | support.dell.com To enable Rapid Spanning Tree globally for all Layer 2 interfaces: Step Task Command Syntax Command Mode 1 Enter the PROTOCOL SPANNING TREE RSTP mode. protocol spanning-tree rstp CONFIGURATIO N 2 Enable Rapid Spanning Tree. no disable PROTOCOL SPANNING TREE RSTP Note: To disable RSTP globally for all Layer 2 interfaces, enter the disable command from PROTOCOL SPANNING TREE RSTP mode.
Figure 42-4. Rapid Spanning Tree Enabled Globally root R1 R2 1/3 Forwarding 2/1 1/4 Blocking 2/2 1/1 1/2 3/1 3/2 3/3 2/3 2/4 3/4 R3 Port 684 (TenGigabitEthernet 4/43) is alternate Discarding Port path cost 20000, Port priority 128, Port Identifier 128.684 Designated root has priority 32768, address 0001.e801.cbb4 Designated bridge has priority 32768, address 0001.e801.cbb4 Designated port id is 128.
www.dell.com | support.dell.com Figure 42-5. show spanning-tree rstp Command Example FTOS#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15, max hops 0 Bridge Identifier has priority 32768, Address 0001.e801.cbb4 Configured hello time 2, max age 20, forward delay 15, max hops 0 We are the root Current root has priority 32768, Address 0001.e801.
Figure 42-6. show spanning-tree rstp brief Command Example R3#show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 0001.e80f.1dad Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ---------- -------- ---- ------- --- ------- -------------------- -------Te 3/1 128.
www.dell.com | support.dell.com Table 42-2 displays the default values for RSTP. Table 42-2.
To change the port cost or priority of an interface, use the following commands: Task Command Syntax Command Mode Change the port cost of an interface. Range: 0 to 65535 Default: see Table 42-2. spanning-tree rstp cost cost INTERFACE Change the port priority of an interface. Range: 0 to 15 Default: 128 spanning-tree rstp priority priority-value INTERFACE View the current values for interface parameters using the show spanning-tree rstp command from EXEC privilege mode. See Figure 42-5.
www.dell.com | support.dell.com FTOS Behavior: Regarding bpduguard shutdown-on-violation behavior: 1 If the interface to be shutdown is a port channel then all the member ports are disabled in the hardware. 2 When a physical port is added to a port channel already in error disable state, the new member port will also be disabled in the hardware.
Figure 42-8. bridge-priority Command Example FTOS(conf-rstp)#bridge-priority 4096 04:27:59: %STKUNITO-M:CP %SPANMGR-5-STP_ROOT_CHANGE: RSTP root changed. My Bridge ID: 4096:0001.e80b.88bd Old Root: 32768:0001.e801.cbb4 New Root: 4096:0001.e80b.88bd Old root bridge ID New root bridge ID SNMP Traps for Root Elections and Topology Changes Enable SNMP traps for RSTP, MSTP, and PVST+ collectively using the command snmp-server enable traps xstp.
www.dell.com | support.dell.
43 Security This chapter discusses several ways to provide access security to the Dell Networking system. • • • • • • • • • AAA Accounting AAA Authentication AAA Authorization RADIUS TACACS+ Protection from TCP Tiny and Overlapping Fragment Attacks SCP and SSH Telnet VTY Line and Access-Class Configuration For details on all commands discussed in this chapter, see the Security Commands chapter in the FTOS Command Reference.
www.dell.com | support.dell.com • • • • • Enabling AAA Accounting (mandatory) Suppressing AAA Accounting for null username sessions (optional) Configuring Accounting of EXEC and privilege-level command usage (optional) Configuring AAA Accounting for terminal lines (optional) Monitoring AAA Accounting (optional) Enabling AAA Accounting The aaa accounting command enables you to create a record for any or all of the accounting functions monitored.
Configuring Accounting of EXEC and privilege-level command usage The network access server monitors the accounting functions defined in the TACACS+ attribute/value (AV) pairs. In the following sample configuration, AAA accounting is set to track all usage of EXEC commands and commands on privilege level 15.
www.dell.com | support.dell.com AAA Authentication FTOS supports a distributed client/server system implemented through Authentication, Authorization, and Accounting (AAA) to help secure networks against unauthorized access. In the Dell Networking implementation, the Dell Networking system acts as a RADIUS or TACACS+ client and sends authentication requests to a central RADIUS or TACACS+ server that contains all user authentication and network service access information.
Configuring AAA Authentication login methods To configure an authentication method and method list, use these commands in the following sequence in the CONFIGURATION mode: Step Command Syntax Command Mode Purpose aaa authentication login {method-list-name | default} method1 [... method4] CONFIGURATION Define an authentication method-list (method-list-name) or specify the default. The default method-list is applied to all terminal lines.
www.dell.com | support.dell.com Enabling AAA Authentication To enable AAA authentication, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose aaa authentication enable {method-list-name | default} method1 [... method4] CONFIGURATION • • • default—Uses the listed authentication methods that follow this argument as the default list of methods when a user logs in.
Server-side configuration TACACS+: When using TACACS+, Dell Networking sends an initial packet with service type SVC_ENABLE, and then, a second packet with just the password. The TACACS server must have an entry for username $enable$. RADIUS: When using RADIUS authentication, FTOS sends an authentication packet with the following: Username: $enab15$ Password: Therefore, the RADIUS server must have an entry for this username.
www.dell.com | support.dell.com By default, commands in FTOS are assigned to different privilege levels. You can access those commands only if you have access to that privilege level. For example, to reach the protocol spanning-tree command, you must log in to the router, enter the enable command for privilege level 15 (this is the default level for the command) and then enter the CONFIGURATION mode. You can configure passwords to control access to the box and assign different privilege levels to users.
Configuring the enable password command To configure FTOS, you must use the enable command to enter the EXEC Privilege level 15. After entering the command, FTOS requests that you enter a password. Privilege levels are not assigned to passwords, rather passwords are assigned to a privilege level. A password for any privilege level can always be changed. To change to a different privilege level, enter the enable command, followed by the privilege level.
www.dell.com | support.dell.com To assign commands and passwords to a custom privilege level, you must be in privilege level 15 and use these commands in the following sequence in the CONFIGURATION mode: Step Command Syntax Command Mode Purpose username name [access-class access-list-name] [privilege level] [nopassword | password [encryption-type] password] CONFIGURATION Assign a user name and password. Configure the optional and required parameters: • name: Enter a text string (up to 63 characters).
Figure 43-2. Configuring a Custom Privilege Level FTOS(conf)#username john privilege 8 password john FTOS(conf)#enable password level 8 notjohn FTOS(conf)#privilege exec level 8 configure FTOS(conf)#privilege config level 8 snmp-server FTOS(conf)#end FTOS#show running-config Current Configuration ...
www.dell.com | support.dell.com To specify a password for the terminal line, use the following commands, in any order, in the LINE mode: Command Syntax Command Mode Purpose privilege level level LINE Configure a custom privilege level for the terminal lines. • level level range: 0 to 15. Levels 0, 1 and 15 are pre-configured. Levels 2 to 14 are available for custom configuration. password [encryption-type] password LINE Specify either a plain text or encrypted password.
RADIUS Authentication and Authorization FTOS supports RADIUS for user authentication (text password) at login and can be specified as one of the login authentication methods in the aaa authentication login command. When configuring AAA authorization, you can configure to limit the attributes of services available to a user. When authorization is enabled, the network access server uses configuration information from the user profile to issue the user's session.
www.dell.com | support.dell.com Auto-command You can configure the system through the RADIUS server to automatically execute a command when you connect to a specific line. To do this, use the command auto-command. The auto-command is executed when the user is authenticated and before the prompt appears to the user.
Command Syntax Command Mode Purpose aaa authorization exec {method-list-name | default} radius tacacs+ CONFIGURATION Create methodlist with RADIUS and TACACS+ as authorization methods. Typical order of methods: RADIUS, TACACS+, Local, None. If authorization is denied by RADIUS, the session ends (radius should not be the last method specified). Applying the method list to terminal lines To enable RADIUS AAA login authentication for a method list, you must apply it to a terminal line.
www.dell.com | support.dell.com To specify multiple RADIUS server hosts, configure the radius-server host command multiple times. If multiple RADIUS server hosts are configured, FTOS attempts to connect with them in the order in which they were configured. When FTOS attempts to authenticate a user, the software connects with the RADIUS server hosts one at a time, until a RADIUS server host responds with an accept or reject response.
Monitoring RADIUS To view information on RADIUS transactions, use the following command in the EXEC Privilege mode: Command Syntax Command Mode Purpose debug radius EXEC Privilege View RADIUS transactions to troubleshoot problems. TACACS+ FTOS supports Terminal Access Controller Access Control System (TACACS+) client, including support for login authentication.
www.dell.com | support.dell.com Step Command Syntax Command Mode Purpose 2 aaa authentication login {method-list-name | default} tacacs+ [...method3] CONFIGURATION Enter a text string (up to 16 characters long) as the name of the method list you wish to use with the TACAS+ authentication method The tacacs+ method should not be the last method specified. 3 line {aux 0 | console 0 | vty number [end-number]} CONFIGURATION Enter the LINE mode.
Figure 43-4.
www.dell.com | support.dell.com Figure 43-5 demonstrates how to configure the access-class from a TACACS+ server. This causes the configured access-class on the VTY line to be ignored. If you have configured a deny10 ACL on the TACACS+ server, FTOS downloads it and applies it. If the user is found to be coming from the 10.0.0.0 subnet, FTOS also immediately closes the Telnet connection. Note, that no matter where the user is coming from, they see the login prompt. Figure 43-5.
To delete a TACACS+ server host, use the no tacacs-server host {hostname | ip-address} command. freebsd2# telnet 2200:2200:2200:2200:2200::2202 Trying 2200:2200:2200:2200:2200::2202... Connected to 2200:2200:2200:2200:2200::2202. Escape character is '^]'. Login: admin Password: FTOS# FTOS# Command Authorization The AAA command authorization feature configures FTOS to send each configuration command to a TACACS server for authorization before it is added to the running configuration.
www.dell.com | support.dell.com SCP is a remote file copy program that works with SSH and is supported by FTOS. Note: The Windows-based WinSCP client software is not supported for secure copying between a PC and an FTOS-based system. Unix-based SCP client software is supported.
Figure 43-6. Specifying an SSH version FTOS(conf)#ip ssh server version 2 FTOS(conf)#do show ip ssh SSH server : disabled. SSH server version : v2. Password Authentication : enabled. Hostbased Authentication : disabled. RSA Authentication : disabled. To disable SSH server functions, enter no ip ssh server enable.
www.dell.com | support.dell.com • • • • • • • • • • ip ssh hostbased-authentication enable: Enable hostbased-authentication for the SSHv2 server. ip ssh key-size: Configure the size of the server-generated RSA SSHv1 key. ip ssh password-authentication enable: Enable password authentication for the SSH server. ip ssh pub-key-file: Specify the file to be used for host-based authentication. ip ssh rhostsfile: Specify the rhost file to be used for host-based authorization.
Figure 43-8. Enabling SSH Password Authentication FTOS(conf)#ip ssh server enable % Please wait while SSH Daemon initializes ... done. FTOS(conf)#ip ssh password-authentication enable FTOS#sh ip ssh SSH server : enabled. Password Authentication : enabled. Hostbased Authentication : disabled. RSA Authentication : disabled. RSA Authentication of SSH The following procedure authenticates an SSH client based on an RSA key using RSA authentication.
www.dell.com | support.dell.com Step 2 Task Command Syntax Create shosts by copying the public RSA key to the to the file shosts in the diretory .ssh, and write the IP address of the host to the file. cp /etc/ssh/ssh_host_rsa_key.pub /.ssh/shosts Figure 43-10. Command Mode Creating shosts admin@Unix_client# cd /etc/ssh admin@Unix_client# ls moduli sshd_config ssh_host_dsa_key.pub ssh_host_rsa_key.pub ssh_config ssh_host_dsa_key ssh_host_rsa_key ssh_host_key.
Figure 43-12. Client-based SSH Authentication FTOS#ssh 10.16.127.201 ? -l User name option -p SSH server port option (default 22) -v SSH protocol version Troubleshooting SSH • You may not bind id_rsa.pub to RSA authentication while logged in via the console. In this case, Message 2 appears. Message 2 RSA Authentication Error %Error: No username set for this term. • Host-based authentication must be enabled on the server (Dell Networkingsystem) and the client (Unix machine).
www.dell.com | support.dell.com VTY Line and Access-Class Configuration Various methods are available to restrict VTY access in FTOS. These depend on which authentication scheme you use — line, local, or remote: Table 43-1. VTY Access Authentication Method Username VTY access-class access-class support? support? Remote authorization support? Line YES NO NO Local NO YES NO TACACS+ YES NO YES (with FTOS 5.2.1.0 and later) RADIUS YES NO YES (with FTOS 6.1.1.
Figure 43-13 shows how to allow or deny a Telnet connection to a user. Users will see a login prompt, even if they cannot login. No access class is configured for the VTY line. It defaults from the local database. Figure 43-13.
www.dell.com | support.dell.com To apply a MAC ACL on a VTY line, use the same access-class command as IP ACLs (Figure 43-15). Figure 43-15 shows how to deny incoming connections from subnet 10.0.0.0 without displaying a login prompt. 808 Figure 43-15.
44 Service Provider Bridging Service Provider Bridging is supported on the S5000 switch. This chapter contains the following major sections: • • • • • • VLAN Stacking Configuring VLAN Stacking VLAN Stacking Packet Drop Precedence Dynamic Mode CoS for VLAN Stacking Layer 2 Protocol Tunneling Provider Backbone Bridging VLAN Stacking VLAN Stacking is supported on the S5000 switch. VLAN Stacking, also called Q-in-Q, is defined in IEEE 802.1ad—Provider Bridges, which is an amendment to IEEE 802.
TPID (0x9100) PCP VID (VLAN 300) DEI TPID (0x8100) PCP VID (VLAN Red) CFI (0) tagged 100 VL AN 0 10 www.dell.com | support.dell.com Figure 44-1.
Creating Access and Trunk Ports An access port is a port on the service provider edge that directly connects to the customer. An access port may belong to only one service provider VLAN. A trunk port is a port on a service provider bridge that connects to another service provider bridge and is a member of multiple service provider VLANs. Physical ports and port-channels can be access or trunk ports.
www.dell.com | support.dell.com Display the status and members of a VLAN using the show vlan command from EXEC Privilege mode. Members of a VLAN-Stacking-enabled VLAN are marked with an M in column Q. Figure 44-3.
In Figure 44-4 TenGigabitEthernet 0/1 a trunk port that is configured as a hybrid port and then added to VLAN 100 as untagged VLAN 101 as tagged, and VLAN 103, which is a stacking VLAN. Figure 44-4.
www.dell.com | support.dell.com Figure 44-5. Example of Output of debug member vlan and debug member port FTOS# debug member vlan 603 vlan id : 603 ports : Te 2/47 (MT), Te 3/1(MU), Te 3/25(MT), Te 3/26(MT), Te 3/27(MU) FTOS#debug member port tengigabitethernet 2/47 vlan id : 603 (MT), 100(T), 101(NU) FTOS# VLAN Stacking in Multi-vendor Networks The first field in the VLAN tag is the Tag Protocol Identifier (TPID), which is two bytes.
Figure 44-6.
TPID 0x9100 Building C DEFAULT VLAN DEFAULT VLAN LA www.dell.com | support.dell.com Figure 44-8. Single and Double-tag TPID Mismatch on the S5000 TPID 0x8181 R2-E-Series w/ FTOS version <8.2.1.
Table 44-1. Network Position S5000 Behavior for Mis-matched TPID Incoming Packet TPID Egress Access Point untagged double-tag 0xUVWX System TPID Match Type 9.0(1.3) 0xUVWX — switch to default VLAN 0xUVWX double-tag match switch to VLAN 0xUVYZ double-tag first-byte match switch to default VLAN 0xQRST double-tag mismatch switch to default VLAN VLAN Stacking Packet Drop Precedence VLAN Stacking Packet Drop Precedence is available on the S5000 platform.
www.dell.com | support.dell.com Honoring the Incoming DEI Value To honor the incoming DEI value, you must explicitly map the DEI bit to an FTOS drop precedence; precedence can have one of three colors: Precedence Description Green High priority packets that are the least preferred to be dropped. Yellow Lower priority packets that are treated as best-effort. Red Lowest priority packets that are always dropped (regardless of congestion status).
Dynamic Mode CoS for VLAN Stacking Dynamic Mode CoS for VLAN Stacking is available on the platform. One of the ways to ensure quality of service for customer VLAN-tagged frames is to use the 802.1p priority bits in the tag to indicate the level of QoS desired. When an S-Tag is added to incoming customer frames, the 802.1p bits on the S-Tag may be configured statically for each customer or derived from the C-Tag using Dynamic Mode CoS. Dynamic Mode CoS maps the C-Tag 802.1p value to a S-Tag 802.1p value.
www.dell.com | support.dell.com FTOS Behavior: For Option A above, when there is a conflict between the queue selected by Dynamic Mode CoS (vlan-stack dot1p-mapping) and a QoS configuration, the queue selected by Dynamic Mode CoS takes precedence. However, rate policing for the queue is determined by QoS configuration.
To map C-Tag dot1p values to S-Tag dot1p values and mark the frames accordingly: Step Task Command Syntax Command Mode Allocate CAM space to enable queuing frames according to the C-Tag or the S-Tag. vman-qos: mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p. This method requires half as many CAM entries as vman-qos-dual-fp. vman-qos-dual-fp: mark the S-Tag dot1p and queue the frame according to the S-Tag dot1p.
SPANNI NG TR VLAN Stacking without L2PT INTE RN E T no spanning-tree ETWORK EN RE SPAN NIN G www.dell.com | support.dell.com Figure 44-10. T EE EE TR ING TREE ANN SP PROVIDER w/ VICE R SE Building B no spanning-tree X BPDU w/ destination MAC address: 01-80-C2-00-00-00 Building A You might need to transport control traffic transparently through the intermediate network to the other region.
Implementation Information • • • L2PT is available for STP, RSTP, MSTP, and PVST+ BPDUs. No protocol packets are tunneled when VLAN Stacking is enabled. L2PT requires the default CAM profile. Enabling Layer 2 Protocol Tunneling Step Task Command Syntax Command Mode 1 Verify that the system is running the default CAM profile; you must use this CAM profile for L2PT. show cam-profile EXEC Privilege 2 Enable protocol tunneling globally on the system.
www.dell.com | support.dell.com Step 4 Task Command Syntax Command Mode Set a maximum rate at which the RPM will process BPDUs for L2PT. Default: no rate limiting protocol-tunnel rate-limit VLAN STACKING S5000 Range: 64 to 320 kbps Debug Layer 2 Protocol Tunneling Task Command Syntax Command Mode Display debugging information for L2PT. debug protocol-tunnel EXEC Privilege Provider Backbone Bridging Provider Backbone Bridging is supported only on the S5000 platform. IEEE 802.
45 sFlow Configuring sFlow is supported on the S5000 switch. This chapter covers the following information: • • • • • • • • • Overview Implementation Information Enabling and Disabling sFlow Enabling and Disabling on an Interface sFlow Show Commands Specifying Collectors Polling Intervals Back-off Mechanism sFlow on LAG ports Overview FTOS supports sFlow version 5. sFlow is a standard-based sampling technology embedded within switches and routers which is used to monitor network traffic.
www.dell.com | support.dell.com Figure 45-1. sFlow Traffic Monitoring System sFlow Collector Switch/Router sFlow Datagrams sFlow Agent Poll Interface Counters Interface Counters Flow Samples Switch ASIC Implementation Information The Dell Networking sFlow is designed so that the hardware sampling rate is per stack unit port-pipe and is decided based upon all the ports in that port-pipe.
• • • • • • • Community list and local preference fields are not filled in extended gateway element in sFlow datagram. 802.1P source priority field is not filled in extended switch element in sFlow datagram. Only Destination and Destination Peer AS number are packed in the dst-as-path field in extended gateway element If packet being sampled is redirected using PBR (Policy-Based Routing), sFlow datagram may contain incorrect extended gateway/router information.
www.dell.com | support.dell.com Show sFlow Globally Use the following command to view sFlow statistics: Command Syntax show sflow Command Mode EXEC Purpose Display sFlow configuration information and statistics. Figure 45-2 is a sample output from the show sflow command: Figure 45-2.
Figure 45-4.
www.dell.com | support.dell.com The polling interval can be configured globally (in CONFIGURATION mode) or by interface (in INTERFACE mode) by executing the interval command: . Command Syntax Command Mode Usage sflow polling-interval interval value CONFIGURATION or INTERFACE Change the global default counter polling interval. interval value—in seconds.
46 Simple Network Management Protocol (SNMP) Simple Network Management Protocol (SNMP) is supported on the S5000 switch.
www.dell.com | support.dell.com • • • FTOS supports up to 16 trap receivers. The FTOS implementation of the sFlow MIB supports sFlow configuration via SNMP sets. SNMP traps for STP and MSTP state changes are based on BRIDGE MIB (RFC 1483) for STP and IEEE 802.1 draft ruzin-mstp-mib-02 for MSTP. Configuring Simple Network Management Protocol Note: The configurations in this chapter use a UNIX environment with net-snmp version 5.4.
SNMP version 3 (SNMPv3) is a user-based security model that provides password authentication for user security and encryption for data security and privacy. Three sets of configurations are available for SNMP read/write operations: no password or privacy, password privileges, password and privacy privileges A maximum of 16 users can be configured even if they are in different groups. Creating a Community For SNMPv1 and SNMPv2, you must create a community to enable the community-based security in FTOS.
www.dell.com | support.dell.com • • • noauth: no password or privacy. Select this option to set a user up with no password or privacy privileges. This is the basic configuration. Users must have a group and profile that do not require password privileges. auth: password privileges. Select this option to set up an user with password authentication priv: password and privacy privileges. Select this option to set up a user with password and privacy privileges. Figure 46-2.
Task Configure the user with a secure authorization password and privacy password. Configure an SNMPv3 view. Command Command Mode snmp-server user name group-name {oid-tree} auth md5 auth-password priv des56 priv password CONFIGURATION snmp-server view view-name oid-tree {included | excluded} CONFIGURATION Read Managed Object Values You may only retrieve (read) managed object values if your management station is a member of the same community as the SNMP agent.
www.dell.com | support.dell.com Task Command Figure 46-4. Reading the Value of the Next Managed Object in the MIB > snmpgetnext -v 2c -c mycommunity 10.11.131.161 .1.3.6.1.2.1.1.3.0 SNMPv2-MIB::sysContact.0 = STRING: > snmpgetnext -v 2c -c mycommunity 10.11.131.161 sysContact.0 Read the value of many objects at once, as shown in Figure 46-5. snmpwalk -v version -c community agent-ip {identifier.instance | descriptor.instance} Figure 46-5.
To configure system contact and location information from the Dell Networking system: Task Command Command Mode Identify the system manager along with this person’s contact information (e.g., E-mail address or phone number). You may use up to 55 characters. Default: None snmp-server contact text CONFIGURATION Identify the physical location of the system. For example, San Jose, 350 Holger Way, 1st floor lab, rack A1-1. You may use up to 55 characters.
www.dell.com | support.dell.com Subscribing to Managed Object Value Updates using SNMP By default, the Dell Networking system displays some unsolicited SNMP messages (traps) upon certain events and conditions. You can also configure the system to send the traps to a management station. Traps cannot be saved on the system.
Enable a subset of Dell Networking enterprise specific SNMP traps using one of the listed command options in Table 46-2 with the command snmp-server enable traps. Note that the envmon option enables all environment traps including those that are enabled with the envmon supply, envmon temperature, and envmon fan options. Table 46-2.
www.dell.com | support.dell.com Table 46-2.
Table 46-2. Dell Networking Enterprise-specific SNMP Traps Command Option Trap Trap SNMPv2-MIB::sysUpTime.0 = Timeticks: (1489568) 4:08:15.68,SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::mib-2.47.2.0.1, SNMPv2-SMI::enterprises.6027.3.6.1.1.2.
www.dell.com | support.dell.com Table 46-3. MIB Objects for Copying Configuration Files via SNMP MIB Object OID Object Values Description copySrcFileName .1.3.6.1.4.1.6027.3.5.1.1.1.1.4 Path (if file is not in Specifies name of the file. current directory) • If copySourceFileType is set to and filename. running-config or startup-config, copySrcFileName is not required. copyDestFileType .1.3.6.1.4.1.6027.3.5.1.1.1.1.
Step Task 3 Command Syntax Command Mode On the server, use the command snmpset as shown: snmpset -v snmp-version -c community-name -m mib_path/f10-copy-config.mib dellsystem-ip-address mib-object.index {i | a | s} object-value... • • • Every specified object must have an object value, which must be preceded by the keyword i. See Table 6 for ranges. index must be unique to all previously executed snmpset commands. If an index value has been used previously, a message like the one in Message 3 appears.
www.dell.com | support.dell.com Table 46-4. Copying Configuration Files via SNMP Task snmpset -v 2c -c public dellsystem-ip-address copySrcFileType.index i 2 copyDestFileType.index i 3 Figure 46-7 show the command syntax using MIB object names. Figure 46-8 shows the same command using the object OIDs. In both cases, the object is followed by a unique index number. Figure 46-7. Copying Configuration Files via SNMP using Object-Name Syntax > snmpset -v 2c -r 0 -t 60 -c private -m ./f10-copy-config.mib 10.
Table 46-4. Copying Configuration Files via SNMP Task • • server-ip-address must be preceded by the keyword a. values for copyUsername and copyUserPassword must be preceded by the keyword s. Figure 46-11. Copying Configuration Files via SNMP and FTP to a Remote Server > snmpset -v 2c -c private -m ./f10-copy-config.mib 10.10.10.10 copySrcFileType.110 i 2 copyDestFileName.110 s /home/startup-config copyDestFileLocation.110 i 4 copyServerAddress.110 a 11.11.11.11 copyUserName.
www.dell.com | support.dell.com Dell Networking provides additional MIB Objects to view copy statistics. These are provided in Table 46-5. Table 46-5. MIB Objects for Copying Configuration Files via SNMP MIB Object OID Values Description copyState .1.3.6.1.4.1.6027.3.5.1.1.1.1.11 1= running 2 = successful 3 = failed Specifies the state of the copy operation. copyTimeStarted .1.3.6.1.4.1.6027.3.5.1.1.1.1.12 Time value Specifies the point in the up-time clock that the copy operation started.
Figure 46-14 shows the command syntax using MIB object names, and Figure 46-15 shows the same command using the object OIDs. In both cases, the object is followed by same index number used in the snmpset command. Figure 46-14. Obtaining MIB Object Values for a Copy Operation using Object-name Syntax > snmpget -v 2c -c private -m ./f10-copy-config.mib 10.11.131.140 copyTimeCompleted.110 FTOS-COPY-CONFIG-MIB::copyTimeCompleted.110 = Timeticks: (1179831) 3:16:38.31 Figure 46-15.
www.dell.com | support.dell.com Figure 46-17. Assign a VLAN Alias using SNMP [Unix system output] > snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.1.1107787786 s "My VLAN" SNMPv2-SMI::mib-2.17.7.1.4.3.1.1.
The table that the Dell Networking system sends in response to the snmpget request is a table that contains hexadecimal (hex) pairs, each pair representing a group of eight ports. • On the S5000, 7 hex pairs represents a stack unit. Seven pairs accommodates the greatest number of ports available–64 ports on the S5000. On the S5000, the last stack unit begins on the 66th bit. The first hex pair, 00 in Figure 46-19, represents ports 1-7 in Stack Unit 0. The next pair to the right represents ports 8-15.
www.dell.com | support.dell.com Adding Tagged and Untagged Ports to a VLAN The value dot1qVlanStaticEgressPorts object is an array of all VLAN members. The dot1qVlanStaticUntaggedPorts object is an array of only untagged VLAN members. All VLAN members that are not in dot1qVlanStaticUntaggedPorts are tagged. • • To add a tagged port to a VLAN, write the port to the dot1qVlanStaticEgressPorts object, as shown in Figure 46-21.
In Figure 46-22, Port 0/2 is added as a tagged member of VLAN 10. Figure 46-22. Adding Tagged Ports to a VLAN using SNMP >snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.2.1107787786 x "40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" .1.3.6.1.2.1.17.7.1.4.3.1.4.
www.dell.com | support.dell.com Enabling and Disabling a Port using SNMP Step Task Command Syntax Command Mode 1 Create an SNMP community on the Dell Networking system. snmp-server community CONFIGURATION 2 From the Dell Networking system, identify the interface index of the port for which you want to change the admin status. Or, from the management system, use the snmpwwalk command to identify the interface index.
Each object is comprised an OID concatenated with an instance number. In the case of these objects, the instance number is the decimal equivalent of the MAC address; derive the instance number by converting each hex pair to its decimal equivalent. For example, the decimal equivalent of E8 is 232, and so the instance number for MAC address 00:01:e8:06:95:ac is.0.1.232.6.149.172. The value of dot1dTpFdbPort is the port number of the port off which the system learns the MAC address.
www.dell.com | support.dell.com Monitoring Port-channels To check the status of a Layer 2 port-channel, use f10LinkAggMib (.1.3.6.1.4.1.6027.3.2). Below, Po 1 is a switchport and Po 2 is in Layer 3 mode. [senthilnathan@lithium ~]$ snmpwalk -v 2c -c public 10.11.1.1 .1.3.6.1.4.1.6027.3.2.1.1 SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.1.1 = INTEGER: 1 SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.1.2 = INTEGER: 2 SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.2.1 = Hex-STRING: 00 01 E8 13 A5 C7 SNMPv2-SMI::enterprises.
IF-MIB::ifIndex.1107755009 = INTEGER: 1107755009 SNMPv2-SMI::enterprises.6027.3.1.1.4.1.2 = STRING: "OSTATE_DN: Changed interface state to down: Po 1" 2010-02-10 14:22:40 10.16.130.4 [10.16.130.4]: SNMPv2-MIB::sysUpTime.0 = Timeticks: (8500932) 23:36:49.32 IF-MIB::linkUp IF-MIB::ifIndex.33865785 = INTEGER: 33865785 STRING: "OSTATE_UP: Changed interface state to up: Te 0/0" SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::enterprises.6027.3.1.1.4.1.2 = 2010-02-10 14:22:40 10.16.130.4 [10.16.130.
www.dell.com | support.dell.
47 Stacking Stacking provides a single point of management and network interface controller (NIC) teaming for high availability and higher throughput. For information on the High Availability features supported on a stacked S5000 switch, refer to the High Availability chapter. Stacking is supported on the S5000 switch on the fixed 40GbE data ports on the front panel or on 10GbE data ports on pluggable modules. Stacking is not supported on 40GbE ports operating in 4x10G (quad) mode.
www.dell.com | support.dell.com Stacking S5000 Switches A stack of S5000 switches operates as a virtual chassis with management units (master and standby) and member units. The FTOS operating software elects a primary (master) and secondary (standby) management unit; all other units are member units. The forwarding database resides on the master switch; all other stack units maintain a synchronized local copy. Each unit in the stack makes forwarding decisions based on their local copy.
• Interface-level features for each stack member The master synchronizes the following information with the standby unit: • • • Stack unit topology Stack running Configuration (which includes ACL, LACP, STP, SPAN, etc.
www.dell.com | support.dell.com • • • When a stack reloads and all units come up at the same time (for example, when all units boot up from flash), all units participate in the election. The master and standby are chosen based on the highest MAC address or (if configured) the highest priorities.
The stack continues to use the master’s chassis MAC address even after a failover. The MAC address is not refreshed until the stack is reloaded and a different unit becomes the stack master. Note: If a removed management unit is brought up as a standalone unit or as part of a different stack, there is a possibility of MAC address collisions. If you add a standalone unit, which has the same priority as the master stack unit, the standalone unit joins the stack as a member unit.
www.dell.com | support.dell.com Figure 47-3. S5000 Stack Manager Redundancy Stack#show redundancy -- Stack-unit Status ------------------------------------------------Mgmt ID: 0 Stack-unit ID: 1 Stack-unit Redundancy Role: Primary Stack-unit State: Active Stack-unit SW Version: 9.0(1.3) Link to Peer: Up -- PEER Stack-unit Status ------------------------------------------------Stack-unit State: Standby Peer stack-unit ID: 2 Stack-unit SW Version: 9.0(1.
Usage Notes: • Stacking is not supported on Fibre Channel ports. • If you use a Fibre Channel module in an S5000 switch, stacking is not supported on Ethernet ports. • If you use three or more S5000 units in a stack, you can connect up to a maximum of eight 10GbE ports or two 40GbE ports in links between peer switches. • If you use only two S5000 units in a stack, you can connect up to four 40GbE ports in links between the two switches. Figure 47-4.
www.dell.com | support.dell.com Table 47-1. S5000 Stack Groups and Ports Stack Group Ports 13 52 14 56 15 60 Example: To configure 10-Gigabit Ethernet ports 16-19 on stack unit 0 for stacking, you would enter the stack-unit 0 stack-group 4 command in global configuration mode. Supported Stacking Topologies The S5000 supports stacking up to six units in a ring or a daisy chain topology. Figure 47-5 shows three stacked S5000 units in each topology.
2. Power up each S5000 stack unit. 3. Configure the stacking ports on each switch, including unit number and priority. 4. Save the stacking configuration to the startup configuration and reload each stacked S5000 switch, one after another. Stacking and Cabling Requirements Before you cable a stack of S5000 switches, review the following requirements: • • • • • • • • You can connect up to a maximum of six S5000s in a single stack.
www.dell.com | support.dell.com Use normal port cables to connect 10GbE and 40GbE stacking ports. Refer to the Dell Networking S5000 Installation Guide for detailed cabling information. Note: The S5000 does not require special stacking cables. The cables used to connect 10GbE and 40GbE data ports are sufficient. The following cabling procedure uses the ring topology in Figure 47-1. Follow the same steps to cable switches in any of the stacking topologies shown in Supported Stacking Topologies.
To revert the management priority of a stack unit to the default value of 0, use the no form of the stack-unit unit-number priority number command. Note: If you reconfigure the priorities of stacked switches in an existing S5000 stack, reload the stack so that a new master and standby election is performed. Renumbering a Stack Unit By default, each stack unit is assigned the unit-number 0.
www.dell.com | support.dell.com Step 5 Task Command Syntax Command Mode Assign a number to the stack unit, where: stack-unit 0 renumber unit-number EXEC Privilege stack-unit 0 is the default stack-unit number. stack-unit unit-number is the new stack-unit number. Valid values: 0 to 11. After you reconfigure the unit number, you are prompted to reload the switch. Type yes to confirm; type no to exit. Yes Before the switch reloads, you are prompted to save the configuration.
Figure 47-7. Example: Configuring Two S5000 Switches in a Stack S5000-1(conf)#stack-unit 2 stack-group 1 FTOS(conf)#Feb 8 17:11:04: %STKUNIT2-M:CP %IFMGR-6-STACK_PORTS_ADDED: Ports Te 2/4 Te 2/5 Te 2/6 Te 2/7 have been configured as stacking ports. Please save and reload for config to take effect S5000-1(conf)#stack-unit 2 stack-group 2 FTOS(conf)#Feb 8 17:11:10: %STKUNIT2-M:CP %IFMGR-6-STACK_PORTS_ADDED: Ports Te 2/8 Te 2/9 Te 2/10 Te 2/11 have been configured as stacking ports.
www.dell.com | support.dell.com Figure 47-8. Example: Verifying the S5000 Two-Switch Stack Configuration S5000-1#show system brief Stack MAC : 5c:f9:dd:ef:0b:c0 Reload-Type : normal-reload [Next boot : normal-reload] -- Stack Info -Unit UnitType Status ReqTyp CurTyp Version Ports -------------------------------------------------------------------------------------0 Member not present 1 Standby online S5000 S5000 9.0(1.3) 64 2 Management online S5000 S5000 9.0(1.
Figure 47-9. Example: Displaying a Stack Configuration (1 of 2 screens) S5000-1#show system Stack MAC : 5c:f9:dd:ef:0a:c0 Reload-Type : normal-reload [Next boot : normal-reload] -- Unit 0 -Unit Type Status Next Boot Required Type Current Type Master priority Hardware Rev Num Ports Up Time FTOS Version Jumbo Capable POE Capable FIPS Mode Burned In MAC No Of MACs : : : : : : : : : : : : : : : Management Unit online online S5000 - 4-module, 4-port GE/TE/FG (SH) S5000 - 4-module, 4-port GE/TE/FG (SH) 0 3.
www.dell.com | support.dell.com Figure 47-10.
Provisioning a Stack Unit You can logically provision a stack-unit number to accept only an S5000 switch. Provisioning is a type of pre-configuration that is stored on the master switch and applied when a stacked unit is assigned the unit number. To provision a stack unit, use the stack-unit provision command in Global Configuration mode, save the provisioning configuration, and reload the stack. Step Task Command Syntax Command Mode 1 Create a virtual stack unit by logically provisioning a switch.
www.dell.com | support.dell.com Removing a Stack Group from Stacking Mode To remove a stack group of four 10GbE ports or one 40GbE port from the stack, use the no form of the stack-unit unit-number stack-group number command. After entering the command, save the configuration and if necessary, re-attach the cables to ports in a different stack group that has been enabled for stacking. Then reload the stack for the change to take effect.
Command Syntax Command Mode Task stack-unit renumber EXEC Privilege On the new unit, configure the next available stack-unit number. stack-unit priority CONFIGURATION On the new unit, assign a management priority based on whether you want the new unit to be the stack manager. To add a standalone switch with no stack groups configured to a stack, follow these steps: Step Task Command Syntax Command Mode 1 Attach port cables to connect ports on the switch to one or more switches in the stack.
www.dell.com | support.dell.com FTOS Behavior: When you add a new switch to a stack: • When a unit is added to a stack, the management unit performs a system check on the new unit to ensure the hardware type (S5000) is compatible. A similar check is performed on the FTOS version. If the stack is running 9.0(1.3) and a new unit is running a different software version, the new unit is put into a card problem state.
• If one of the new stacks receives neither the master nor the standby unit, the stack is reset so that a new election takes place. Managing Redundant Stack Management To manage the redundancy behavior in a stack, use the following redundancy commands. Task Command Syntax Command Mode Reset the current stack master and make the standby unit the new master. A new standby is elected. When the previous stack master comes back online, it becomes a member unit.
www.dell.com | support.dell.com Verifying a Stack Configuration Using LEDs Table 47-2 lists the status of a stacked switch (master, standby master, or member unit) according to the color of the System Status LED on its front panel. Table 47-2. System Status LED on a Stacked Switch Color Meaning Green The switch is online and operating as a master, standby, or member unit in an S5000 stack or as a standalone unit. Blinking Green The switch is booting up.
Figure 47-12.
www.dell.com | support.dell.com Figure 47-13.
Figure 47-14.
www.dell.com | support.dell.com Figure 47-15.
Troubleshooting a Switch Stack Troubleshooting Commands To perform troubleshooting operations on a switch stack, use the commands in Table 47-4 on the master switch. Table 47-4. Troubleshooting Stack Commands Command Output show system stack-ports status (Figure 47-16) Displays the status of stacked ports on stack units.
www.dell.com | support.dell.com Figure 47-17.
Figure 47-18.
www.dell.com | support.dell.com Unplugged Stacking Cable Problem: A stacking cable is unplugged from a member switch. The stack loses half of its bandwidth from the disconnected switch. Resolution: Intra-stack traffic is re-routed on a another link using the redundant stacking port on the switch. A recalculation of control plane and data plane connections is performed. Master Switch Fails Problem: The master switch fails due to a hardware fault, software crash, or power loss.
Master Switch Recovers from Failure Problem: The master switch recovers from a failure after a reboot and rejoins the stack: • • As a member unit if there is already a standby As a standby if there is no standby in the stack Protocol and control plane recovery requires time before the switch is fully online. Resolution: When the entire stack is reloaded, the recovered master switch becomes the master unit of the stack.
www.dell.com | support.dell.com Figure 47-20.
Upgrading a Switch Stack To upgrade all switches in a stack with the same FTOS version, follow these steps: Step Task Command Syntax Command Mode 1 Copy the new FTOS image to a network server. 2 Download the FTOS image by accessing an interactive CLI that requests the server IP address and image filename, and prompts you to upgrade all member stack units. Specify the system partition on the master switch into which you want to copy the FTOS image; valid values are a: and b:.
www.dell.com | support.dell.com Upgrading a Single Stack Unit You can manually upgrade the FTOS image in the boot partition of a member unit from the corresponding partition in the master unit. To upgrade an individual stack unit with a new FTOS version, follow these steps: Step Task Command Syntax Command Mode Download the FTOS image from the master's boot partition to the member unit, and upgrade the relevant boot partition in the single stack-member unit.
48 Storm Control This chapter contains the following sections: • • Overview Configuring Storm Control Overview The storm control feature allows you to control unknown-unicast and broadcast traffic on Layer 2, Layer 3, and multicast physical interfaces. FTOS Behavior: The FTOS operating software supports broadcast control (storm-control broadcast command) for Layer 2 and Layer 3 traffic. FTOS Behavior: The minimum number of packets per second (PPS) that storm control can limit is two.
www.dell.com | support.dell.com Do not apply per-VLAN QoS on an interface that has storm-control enabled (either on an interface or globally).
49 Spanning Tree Protocol (STP) Spanning Tree Protocol (STP) is supported on the S5000 switch.
www.dell.com | support.dell.com FTOS supports three other variations of Spanning Tree, as shown here: Table 49-1. FTOS Supported Spanning Tree Protocols Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802.1d Rapid Spanning Tree Protocol (RSTP) 802.1w Multiple Spanning Tree Protocol (MSTP) 802.1s Per-VLAN Spanning Tree Plus (PVST+) Third Party Configuring Spanning Tree Configuring Spanning Tree is a two-step process: 1. Configuring Interfaces for Layer 2 Mode. 2.
Configuring Interfaces for Layer 2 Mode All interfaces on all switches that will participate in Spanning Tree must be in Layer 2 mode and enabled. Figure 49-1.
www.dell.com | support.dell.com Enabling Spanning Tree Protocol Globally Spanning Tree Protocol must be enabled globally; it is not enabled by default. To enable Spanning Tree globally for all Layer 2 interfaces: Step Task Command Syntax Command Mode 1 Enter the PROTOCOL SPANNING TREE mode. protocol spanning-tree 0 CONFIGURATION 2 Enable Spanning Tree.
Figure 49-4. Spanning Tree Enabled Globally root R1 R2 1/3 Forwarding 2/1 1/4 Blocking 2/2 1/1 1/2 3/1 3/2 3/3 3/4 R3 2/3 2/4 Port 290 (GigabitEthernet 2/4) is Blocking Port path cost 4, Port priority 8, Port Identifier 8.290 Designated root has priority 32768, address 0001.e80d.2462 Designated bridge has priority 32768, address 0001.e80d.2462 Designated port id is 8.
www.dell.com | support.dell.com Figure 49-5. show spanning-tree 0 Command Example FTOS#show spanning-tree 0 Executing IEEE compatible Spanning Tree Protocol Bridge Identifier has priority 32768, address 0001.e826.ddb7 Configured hello time 2, max age 20, forward delay 15 Bpdu filter disabled globally Current root has priority 32768, address 0001.e80d.
Adding an Interface to the Spanning Tree Group To add a Layer 2 interface to the Spanning Tree topology: Task Command Syntax Command Mode Enable Spanning Tree on a Layer 2 interface. spanning-tree 0 INTERFACE Removing an Interface from the Spanning Tree Group To remove a Layer 2 interface from the Spanning Tree topology: Task Command Syntax Command Mode Disable Spanning Tree on a Layer 2 interface. no spanning-tree 0 INTERFACE Modifying Global Parameters You can modify Spanning Tree parameters.
www.dell.com | support.dell.com To change STP global parameters: Task Command Syntax Command Mode Change the forward-delay parameter (the wait time before the interface enters the forwarding state). Range: 4 to 30. Default: 15 seconds forward-delay seconds PROTOCOL SPANNING TREE Change the hello-time parameter (the BPDU transmission interval). Note: With large configurations (especially those with more ports) Dell Networking recommends that you increase the hello-time. Range: 1 to 10.
Enabling PortFast The PortFast feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner. Interfaces forward frames by default until they receive a BPDU that indicates that they should behave otherwise; they do not go through the Learning and Listening states. The bpduguard shutdown-on-violation option causes the interface hardware to be shutdown when it receives a BPDU.
www.dell.com | support.dell.com Figure 49-8 shows a scenario in which an edgeport might unintentionally receive a BPDU. The port on the Dell Networking system is configured with Portfast. If the switch is connected to the hub, the BPDUs that the switch generates might trigger an undesirable topology change. If BPDU Guard is enabled, when the edge port receives the BPDU, the BPDU will be dropped, the port will be blocked, and a console message will be generated.
Figure 49-8. Enabling BPDU Guard Force10(conf-if-gi-3/41)# spanning-tree 0 portfast bpduguard shutdown-on-violation Force10(conf-if-gi-3/41)#show config ! interface GigabitEthernet 3/41 no ip address switchport spanning-tree 0 portfast bpduguard shutdown-on-violation no shutdown 3/41 Hub Switch with Spanning Tree Enabled FTOS Behavior: BPDU Guard and BPDU filtering (refer to Removing an Interface from the Spanning Tree Group) both block BPDUs, but are two separate features.
www.dell.com | support.dell.com Figure 49-9. BPDU Filtering enabled globally Interface BPDU Filtering When BPDU Filtering is enabled on an interface, it should stop sending and receiving BPDUs on the port fast enabled ports. When BPDU guard and BPDU filter is enabled on the port, then BPDU filter takes the highest precedence. By default bpdu filtering on an interface is disabled. Figure 49-10.
STP Root Selection The Spanning Tree Protocol determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it will be selected as the root bridge. You can also specify that a bridge is the root or the secondary root. To change the bridge priority or specify that a bridge is the root or secondary root: Task Command Syntax Command Mode Assign a number as the bridge priority or designate it as the root or secondary root. priority-value range: 0 to 65535.
www.dell.com | support.dell.com In STP topology 2 (Figure 49-12 upper right), STP is enabled on device D on which a software bridge application is started to connect to the network. Because the priority of the bridge in device D is lower than the root bridge in Switch A, device D is elected as root, causing the link between Switches A and B to enter a blocking state. Network traffic then begins to flow in the directions indicated by the BPDU arrows in the topology.
Figure 49-12. STP Root Guard Prevents Bridging Loops Root Guard Configuration You enable STP root guard on a per-port or per-port-channel basis.
www.dell.com | support.dell.com FTOS Behavior: The following conditions apply to a port enabled with STP root guard: • Root guard is supported on any STP-enabled port or port-channel interface except when used as a stacking port.
Configure LACP to be hitless using the command redundancy protocol lacp. Configure all Spanning Tree types to be hitless using the command redundancy protocol xstp from CONFIGURATION mode, as shown in Figure 49-13. Figure 49-13. Configuring all Spanning Tree Types to be Hitless FTOS(conf)#redundancy protocol xstp FTOS#show running-config redundancy ! redundancy protocol xstp FTOS# STP Loop Guard STP Loop Guard is supported only on the S5000 switch.
www.dell.com | support.dell.com Figure 49-14.
Loop Guard Configuration You enable STP loop guard on a per-port or per-port channel basis. FTOS Behavior: The following conditions apply to a port enabled with loop guard: • Loop guard is supported on any STP-enabled port or port-channel interface.
www.dell.com | support.dell.com Displaying STP Guard Configuration To verify the STP guard configured on port or port-channel interfaces, enter the show spanning-tree 0 guard [interface interface] command. The example below shows an STP network (instance 0) in which: • • • Root guard is enabled on a port that is in a root-inconsistent state. Loop guard is enabled on a port that is in a listening state. BPDU guard is enabled on a port that is shut down (Error Disabled state) after receiving a BPDU.
50 System Time and Date System Time and Date settings, and Network Time Protocol are supported on the S5000 switch. System times and dates can be set and maintained through the Network Time Protocol (NTP). They are also set through FTOS CLIs and hardware settings.
www.dell.com | support.dell.com Each of these components are maintained separately in the protocol in order to facilitate error control and management of the subnet itself. They provide not only precision measurements of offset and delay, but also definitive maximum error bounds, so that the user interface can determine not only the time, but the quality of the time as well.
Figure 50-1. NTP Fields Source Port (123) Destination Port (123) Length NTP Packet Payload Checksum Range: +32 to -32 Status Leap Indicator Code: 00: No Warning 01: +1 second 10: -1 second 11: reserved Type Precision Est. Error Est.
www.dell.com | support.dell.com Enabling NTP NTP is disabled by default. To enable it, specify an NTP server to which the Dell Networking system will synchronize. Enter the command multiple times to specify multiple servers. You may specify an unlimited number of servers at the expense of CPU resources. Task Command Command Mode Specify the NTP server to which the Dell Networking system will synchronize.
Configuring NTP broadcasts With FTOS, you can receive broadcasts of time information. You can set interfaces within the system to receive NTP information through broadcast. To configure an interface to receive NTP broadcasts, use the following command in the INTERFACE mode: Task Command Command Set the interface to receive NTP packets. ntp broadcast client INTERFACE Table 50-1. NTP Broadcast 2w1d11h : NTP: Maximum Slew:-0.000470, Remainder = -0.
www.dell.com | support.dell.com To configure an IP address as the source address of NTP packets, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose ntp source interface CONFIGURATION Enter the following keywords and slot/port or number information: • For a loopback interface, enter the keyword loopback followed by a number between 0 and 16383. • For a port channel interface, enter the keyword lag followed by a number from 1 to 255.
Step Command Syntax Command Mode Purpose 3 ntp trusted-key number CONFIGURATION Define a trusted key. Configure a number from 1 to 4294967295. The number must be the same as the number used in the ntp authentication-key command. To view the NTP configuration, use the show running-config ntp command (Figure 40) in the EXEC privilege mode. Figure 50-5 shows an encrypted authentication key. All keys are encrypted. Figure 50-5.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose ntp server ip-address [key keyid] [prefer] [version number] CONFIGURATION Configure an NTP server. Configure the IP address of a server and the following optional parameters: • key keyid: Configure a text string as the key exchanged between the NTP server and client. • prefer: Enter the keyword to set this NTP server as the preferred server. • version number: Enter a number 1 to 3 as the NTP version.
• • • • • • • • Root Delay (sys.rootdelay, peer.rootdelay, pkt.rootdelay): This is a signed fixed-point number indicating the total roundtrip delay to the primary reference source at the root of the synchronization subnet, in seconds. Note that this variable can take on both positive and negative values, depending on clock precision and skew. Root Dispersion (sys.rootdispersion, peer.rootdispersion, pkt.
www.dell.com | support.dell.com Setting the time and date for the switch hardware clock Command Syntax Command Mode Purpose calendar set time month day year EXEC Privilege Set the hardware clock to the current time and date. time: Enter the time in hours:minutes:seconds. For the hour variable, use the 24-hour format, for example, 17:15:00 is 5:15 pm. month: Enter the name of one of the 12 months in English. You can enter the name of a day to change the order of the display to time day month year.
Command Syntax Command Mode Purpose FTOS#clock set 12:11:00 21 may 2012 FTOS# Setting the timezone Coordinated Universal Time (UTC) is the time standard based on the International Atomic Time standard, commonly known as Greenwich Mean time. When determining system time, you must include the differentiator between UTC and your local timezone. For example, San Jose, CA is the Pacific Timezone with a UTC offset of -8.
www.dell.com | support.dell.com Setting Daylight Saving Time Once Set a date (and time zone) on which to convert the switch to daylight saving time on a one-time basis. Command Syntax Command Mode Purpose clock summer-time time-zone date start-month start-day start-year start-time end-month end-day end-year end-time [offset] CONFIGURATION Set the clock to the appropriate timezone and daylight saving time. time-zone: Enter the three-letter name for the time zone.
Setting Recurring Daylight Saving Time Set a date (and time zone) on which to convert the switch to daylight saving time on a specific day every year. If you have already set daylight saving for a one-time setting, you can set that date and time as the recurring setting with the clock summer-time time-zone recurring command.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose start-year: Enter a four-digit number as the year. Range: 1993 to 2035 start-time: Enter the time in hours:minutes. For the hour variable, use the 24-hour format, example, 17:15 is 5:15 pm. end-week: If you entered a start-week, Enter the one of the following as the week that daylight saving ends: • • • week-number: enter a number from 1-4 as the number of the week to end daylight saving time.
Command Syntax Command Mode Purpose FTOS(conf)#clock summer-time pacific recurring ? <1-4> Week number to start first Week number to start last Week number to start FTOS(conf)#clock summer-time pacific recurring FTOS(conf)# System Time and Date | 927
| System Time and Date www.dell.com | support.dell.
51 Uplink Failure Detection (UFD) Uplink Failure Detection (UFD) is supported on the S5000 switch.
www.dell.com | support.dell.com Figure 51-1. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group. An interface in an uplink-state group can be a physical interface or a port-channel (LAG) aggregation of physical interfaces. An enabled uplink-state group tracks the state of all assigned upstream interfaces.
Figure 51-2. Uplink Failure Detection Example If only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstream ports associated with the upstream interface are put into a link-down state. This number is user-configurable and is calculated by the ratio of upstream port bandwidth to downstream port bandwidth in the same uplink-state group.
www.dell.com | support.dell.com An uplink-state group is considered to be operationally up if it has at least one upstream interface in the link-up state. An uplink-state group is considered to be operationally down if it has no upstream interfaces in the link-up state. No uplink-state tracking is performed when a group is disabled or in an operationally down state. • You can assign physical port or port-channel interfaces to an uplink-state group.
Step 2 Command Syntax and Mode Description {upstream | downstream} interface Assigns a port or port-channel to the uplink-state group as an upstream or downstream interface.
www.dell.com | support.dell.com Clearing a UFD-Disabled Interface You can manually bring up a downstream interface in an uplink-state group that has been disabled by UFD and is in a UFD-disabled error state.
Message 1 shows the Syslog messages displayed when you clear the UFD-disabled state from all disabled downstream interfaces in an uplink-state group by entering the clear ufd-disable uplink-state-group group-id command. All downstream interfaces return to an operationally up state.
www.dell.com | support.dell.com Displaying Uplink Failure Detection To display information on the Uplink Failure Detection feature, enter any of the following show commands: Show Command Syntax Description show uplink-state-group [group-id] [detail] Displays status information on a specified uplink-state group or all groups. Valid group-id values are 1 to 16. Command Mode: EXEC detail displays additional status information on the upstream and downstream interfaces in each group (see Figure 51-3).
Figure 51-3.
www.dell.com | support.dell.com Figure 51-4.
• • • • • • Configure uplink-state group 3. Add downstream links TenGigabitethernet 0/1, 0/2, 0/5, 0/9, 0/11, and 0/12. Configure two downstream links to be disabled if an upstream link fails. Add upstream links TenGigabitethernet 0/3 and 0/4. Add a text description for the group. Verify the configuration with various show commands. Figure 51-7.
www.dell.com | support.dell.
52 Upgrade Procedures Refer to the FTOS Release Notes for your Dell Networking switch for information about the requirements and procedures used to upgrade to another FTOS version. Getting Help with Upgrades If you have questions or concerns about FTOS upgrade procedures, contact the Dell Networking Technical Support Center: • • • On the Web: http://support.dell.com/ By email: Dell-Force10_Technical_Support@Dell.
| Upgrade Procedures www.dell.com | support.dell.
53 Virtual LANs (VLAN) Virtual LANs (VLAN) are supported on the S5000 switch. This chapter covers the following information: • • • • • Default VLAN Port-Based VLANs VLANs and Port Tagging Configuration Task List for VLANs Native VLANs Virtual LANs, or VLANs, are a logical broadcast domain or logical grouping of interfaces in a LAN in which all data received is kept locally and broadcast to all members of the group. When in Layer 2 mode, VLANs move traffic at wire speed and can span multiple devices.
www.dell.com | support.dell.com Table 53-1 displays the defaults for VLANs in FTOS. Table 53-1. VLAN Defaults on FTOS Feature Default Spanning Tree group ID All VLANs are part of Spanning Tree group 0 Mode Layer 2 (no IP address is assigned) Default VLAN ID VLAN 1 Default VLAN When you configure interfaces for Layer 2 mode, they are automatically placed in the default VLAN as untagged interfaces. Only untagged interfaces can belong to the default VLAN.
Untagged interfaces must be part of a VLAN. To remove an untagged interface from the Default VLAN, you must create another VLAN and place the interface into that VLAN. Alternatively, enter the no switchport command, and FTOS removes the interface from the Default VLAN. A tagged interface requires an additional step to remove it from Layer 2 mode. Since tagged interfaces can belong to multiple VLANs, you must remove the tagged interface from all VLANs, using the no tagged interface command.
www.dell.com | support.dell.com • Tag Control Information (TCI) includes the VLAN ID (2 bytes total). The VLAN ID can have 4,096 values, but 2 are reserved. Note: The insertion of the tag header into the Ethernet frame increases the size of the frame to more than the 1518 bytes specified in the IEEE 802.3 standard. Some devices that are not compliant with IEEE 802.3 may not support the larger frame size.
Use the show vlan command (Figure 53-3) in the EXEC privilege mode to view the configured VLANs. Figure 53-3. show vlan Command Example FTOS#show vlan Codes: * - Default VLAN, G - GVRP VLANs * NUM 1 2 3 4 5 6 Status Inactive Active Active Active Active Active Q U U U T U U U Ports So 9/4-11 Te 0/1,18 Te 0/2,19 Te 0/3,20 Po 1 Te 0/12 So 9/0 FTOS# A VLAN is active only if the VLAN contains interfaces and those interfaces are operationally up.
www.dell.com | support.dell.com To tag frames leaving an interface in Layer 2 mode, you must assign that interface to a port-based VLAN to tag it with that VLAN ID. To tag interfaces, use these commands in the following sequence: Step Command Syntax Command Mode Purpose 1 interface vlan vlan-id CONFIGURATION Access the INTERFACE VLAN mode of the VLAN to which you want to assign the interface. tagged interface INTERFACE Enable an interface to include the IEEE 802.1Q tag header.
Use the untagged command to move untagged interfaces from the Default VLAN to another VLAN: Step 1 2 Command Syntax Command Mode Purpose interface vlan vlan-id CONFIGURATION Access the INTERFACE VLAN mode of the VLAN to which you want to assign the interface. untagged interface INTERFACE Configure an interface as untagged. This command is available only in VLAN interfaces.
www.dell.com | support.dell.com Assigning an IP address to a VLAN VLANs are a Layer 2 feature. For two physical interfaces on different VLANs to communicate, you must assign an IP address to the VLANs to route traffic between the two interfaces. The shutdown command in INTERFACE mode does not affect Layer 2 traffic on the interface; the shutdown command only prevents Layer 3 traffic from traversing over the interface. Note: An IP address cannot be assigned to the Default VLAN, which, by default, is VLAN 1.
Native VLANs Traditionally, ports can be either untagged for membership to one VLAN or tagged for membership to multiple VLANs. An untagged port must be connected to a VLAN-unaware station (one that does not understand VLAN tags), and a tagged port must be connected to a VLAN-aware station (one that generates and understands VLAN tags). Native VLAN support breaks this barrier so that a port can be connected to both VLAN-aware and VLAN-unaware stations. Such ports are referred to as hybrid ports.
| Virtual LANs (VLAN) www.dell.com | support.dell.
54 Virtual Link Trunking (VLT) Virtual Link Trunking (VLT) is supported on the S5000 switch.
www.dell.com | support.dell.com Caution: Dell Networking recommends not enabling Stacking and VLT simultaneously. If both are enabled at the same time, unexpected behavior will occur. As shown in the following figure, VLT presents a single logical Layer 2 domain from the perspective of attached devices that have a virtual link trunk terminating on separate chassis in the VLT domain. However, the two VLT chassis are independent Layer2/Layer3 (L2/L3) switches for devices in the upstream network.
VLT on Core Switches VLT can also be deployed on core switches. Uplinks from servers to the access layer and from access layer to the aggregation layer are bundled in LAG groups with end-to-end Layer 2 multipathing. This requires “horizontal” stacking at the access layer and VLT at the aggregation layer such that all the uplinks from servers to access and access to aggregation are in active-active load sharing mode.
www.dell.com | support.dell.com Enhanced VLT An enhanced VLT (eVLT) configuration allows two different VLT domains connected by a standard LACP LAG to form a loop free Layer 2 topology in the aggregation layer. This configuration supports a maximum of four (4) units, increasing the number of available ports and allowing for dual redundancy of the VLT. The following figure shows how the core/aggregation port density in the Layer 2 topology is increased using eVLT.
VLT peer device - One of a pair of devices that are connected with the special port channel known as the VLT interconnect (VLTi). VLT peer switches have independent management planes. A VLT interconnect between the VLT chassis maintains synchronization of L2/L3 control planes across the two VLT peer switches. The VLT interconnect uses either 10G or 40G user ports on the chassis. A separate backup link maintains heartbeat messages across an out-of-band management network.
www.dell.com | support.dell.com • Configuration Notes When you configure VLT, the following conditions apply: • • 958 If the DHCP server is located on the ToR and the VLTi (ICL) is down due to a failed link when a VLT node is rebooted in JumpStart mode, it will not be able to reach the DHCP server, resulting in BMP failure. | VLT domain • A VLT domain supports two chassis members, which appear as a single logical device to network access devices connected to VLT ports through a port channel.
• • • • • • • • The VLT interconnect is used for data traffic only when there is a link failure that requires the VLTi to be used in order for data packets to reach their final destination. Unknown, multicast and broadcast traffic can be flooded across the VLT interconnect. MAC addresses for VLANs configured across VLT peer chassis are synchronized over the VLT interconnect on an egress port such as a VLT LAG. MAC addresses are the same on both VLT peer nodes.
www.dell.com | support.dell.com • Virtual link trunks (VLTs) between access devices and VLT peer switches: • To connect servers and access switches with VLT peer switches, you use a VLT port channel (see Figure 54-1). Up to 48 port-channels are supported; up to 8 member links are supported in each port channel between the VLT domain and an access device.
• • • • • Layer 3 VLAN connectivity VLT peers is enabled by configuring a VLAN network interface for the same VLAN on both switches. Software features supported on VLT port-channels: • In a VLT domain, the following software features are supported on VLT port-channels: 802.1p, LLDP, flow control, port monitoring, jumbo frames.
www.dell.com | support.dell.com • The SNMP MIB reports VLT statistics. RSTP and VLT VLT provides loop-free redundant topologies and does not require rapid spanning tree protocol (RSTP). RSTP can cause temporary port state blocking and may cause topology changes after link or node failures. Spanning tree topology changes are distributed to the entire layer 2 network, which can cause a network-wide flush of learned MAC and ARP addresses, requiring these addresses to be re-learned.
VLT and Stacking Stacking S5000 units cannot be enabled with VLT. If stacking is currently enabled on a unit on which you want to enable VLT, you must first remove the unit from the existing stack. For information on how to remove a unit from a stack, see Removing a Switch from a Stack on page 874. After the unit has been removed, VLT can be configured on the unit.
www.dell.com | support.dell.com PIM-Sparse Mode Support on VLT The Designated Router functionality of the PIM Sparse-Mode multicast protocol is supported on VLT peer switches for multicast sources and receivers that are connected to VLT ports. The VLT peer switches can act as a last-hop router for IGMP receivers and as a first-hop router for multicast sources.
VLT peer nodes cannot be configured rendezvous points, PIM routers cannot be connected to VLT ports; you must use a different port. If the VLT node elected as the designated router fails, traffic loss will occur until another VLT node is elected the designated router. RSTP Configuration The RSTP Spanning Tree protocol is supported in a VLT domain.
www.dell.com | support.dell.com Sample RSTP Configuration Using Figure 54-1 as a sample VLT topology, the primary VLT switch will send BPDUs to an access device (switch or server) with its own RSTP bridge ID. BPDUs generated by an RSTP-enabled access device are only processed by the primary VLT switch. The secondary VLT switch tunnels the BPDUs that it receives to the primary VLT switch over the VLT interconnect.
5. Connect the peer switches in a VLT domain to an attached access device (switch or server). Configure a VLT interconnect Step 1 Task Command Syntax Command Mode Configure the port channel to be used for the VLT interconnect on a VLT switch and enter interface configuration mode. Enter the same port-channel number configured with the peer-link port-channel command in the Enable VLT and Create a VLT Domain steps.
www.dell.com | support.dell.com Enable VLT and Create a VLT Domain Step Task Command Syntax Command Mode 3 Configure the port channel to be used as the VLT interconnect between VLT peers in the domain. peer-link port-channel id-number VLT DOMAIN CONFIGURATION 4 (Optional) Prevent a possible loop during the bootup of a VLT peer switch or a device that accesses the VLT domain.
(Optional) Reconfigure default VLT settings Step 1 Task Command Syntax Command Mode Enter VLT-domain configuration mode for a specified VLT domain. vlt domain domain-id CONFIGURATION primary-priority value VLT DOMAIN CONFIGURATION system-mac mac-address VLT DOMAIN CONFIGURATION Range of domain IDs: 1 to 1000. 2 (Optional) After you configure the VLT domain on each peer switch on both sides of the interconnect trunk, by default, the FTOS software elects a primary and secondary VLT peer device.
www.dell.com | support.dell.com Connect a VLT domain to an attached access device (switch or server) Step Task Command Syntax Command Mode On a VLT peer switch: Configure the same port channel ID number on each peer switch in the VLT domain to connect to an attached device as follows: Configure the same port channel to be used to connect to an attached device and enter interface configuration mode. interface port-channel 2 Remove an IP address from the interface.
(Optional) Configure a VLT VLAN peer-down Step 3 Task Enter the VLAN ID number of the VLAN where the VLT forwards packets received on the VLTi from an adjacent peer that is down. Range: 1 to 4094. Command Syntax Command Mode peer-down-vlan vlan VLT DOMAIN CONFIGURATION interface number Use the following procedure to configure enhanced VLT between two VLT domains on your network. Refer to eVLT Configuration Example for a sample configuration.
www.dell.com | support.dell.com (Optional) Configure Enhanced VLT (eVLT) Step 6 Task Command Syntax Command Mode When you create a VLT domain on a switch, the FTOS software automatically creates a VLT-system MAC address used for internal system operations. system-mac mac-address VLT DOMAIN CONFIGURATION mac-address Use the system-mac command to explicitly configure the default MAC address for the domain by entering a new MAC address in the format: aaaa.bbbb.cccc.
(Optional) Configure Enhanced VLT (eVLT) Step Task Command Syntax Command Mode 13 Enable LACP on the LAN port. port-channel-protocol lacp INTERFACE 14 Configure the LACP port channel mode. port-channel number mode [active] INTERFACE 15 Ensure that the interface is active. no shutdown MANAGEMENT INTERFACE 16 Repeat steps 1 through 15 for the VLT peer node in Domain 1. 17 Repeat steps 1 through 15 for the first VLT node in Domain 2.
www.dell.com | support.dell.com Task Command Syntax Command Mode 1. Configure the static LAG/LACP between ports connected from VLT peer 1 and VLT peer 2 to the top of rack unit. show running-config entity EXEC Privilege 2. Configure the VLT peer link port channel id in VLT peer 1 and VLT peer 2. show interfaces interface EXEC EXEC Privilege 3.
S5000-2# show interfaces managementethernet 0/0 Internet address is 10.11.206.43/16 S5000-4#show running-config vlt ! vlt domain 5 peer-link port-channel 1 back-up destination 10.11.206.43 S5000-4# S5000-4#show running-config interface managementethernet 0/0 ip address 10.11.206.58/16 no shutdown Configure the VLT links between VLT peer 1 and VLT peer 2 to the top of rack unit.
www.dell.com | support.dell.com no ip address ! port-channel-protocol LACP port-channel 100 mode active no shutdown s60-1# s60-1#show running-config interface port-channel 100 ! interface Port-channel 100 no ip address switchport no shutdown s60-1# s60-1#show port-channel interface 100 brief Codes: L - LACP Port-channel L LAG Mode 100 L2 Status up Uptime 03:33:48 Ports Te 0/48 Te 0/50 (Up) (Up) s60-1# Verify VLT is up.
eVLT Configuration Example The following example demonstrates the steps to configure enhanced VLT (eVLT) in a network. In this example there are two domains being configured. Domain 1 consists of Peer 1 and Peer 2; Domain 2 consists of Peer 3 and Peer 4 as shown below. In Domain 1, configure Peer 1 fist, then configure Peer 2. When that is complete, perform the same steps for the peer nodes in Domain 2. The interface used in this example is TenGigabitEthernet.
www.dell.com | support.dell.com Next, configure the VLT domain and VLTi on Peer 2: Domain_1_Peer2#configure Domain_1_Peer2(conf)#interface port-channel 1 Domain_1_Peer2(conf-if-po-1)# channel-member TenGigabitEthernet 0/8-9 Domain_1_Peer2(conf)#vlt domain 1000 Domain_1_Peer2(conf-vlt-domain)# peer-link port-channel 1 Domain_1_Peer2(conf-vlt-domain)# back-up destination 10.16.130.
Domain_2_Peer3(conf-if-range-te-0/16-17)# no shutdown Next, configure the VLT domain and VLTi on Peer 4: Domain_2_Peer4#configure Domain_2_Peer4(conf)#interface port-channel 1 Domain_2_Peer4(conf-if-po-1)# channel-member TenGigabitEthernet 0/8-9 Domain_2_Peer4(conf)#vlt domain 1000 Domain_2_Peer4(conf-vlt-domain)# peer-link port-channel 1 Domain_2_Peer4(conf-vlt-domain)# back-up destination 10.18.130.
www.dell.com | support.dell.com VLT_Peer1(conf-if-vl-4001)#ip igmp snooping mrouter interface port-channel 128 VLT_Peer1(conf-if-vl-4001)#exit VLT_Peer1(conf)#end Repeat these steps on VLT Peer Node 2 VLT_Peer2(conf)#ip multicast-routing VLT_Peer2(conf)#interface vlan 4001 VLT_Peer2(conf-if-vl-4001)#ip address 140.0.0.
Show Command Syntax Description show interfaces interface Displays the current status of a port or port-channel interface used in the VLT domain. interface specifies one of the following interface types: 10-Gigabit Ethernet: Enter tengigabitethernet slot/port. 40-Gigabit Ethernet: Enter fortyGigE slot/port. Port channel: Enter port-channel {1-128}. Figure 54-4.
www.dell.com | support.dell.com Figure 54-5.
Figure 54-7. show vlt role Command Output on VLT peer switches FTOS_VLTpeer1# show vlt role VLT Role ---------VLT Role: System MAC address: System Role Priority: Local System MAC address: Local System Role Priority: Primary 00:01:e8:8a:df:bc 32768 00:01:e8:8a:df:bc 32768 FTOS_VLTpeer2# show vlt role VLT Role ---------VLT Role: System MAC address: System Role Priority: Local System MAC address: Local System Role Priority: Figure 54-8.
www.dell.com | support.dell.com Figure 54-10. show spanning-tree rstp Command Output on VLT peer switches FTOS_VLTpeer1# show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 0001.e88a.dff8 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 4096, Address 0001.e88a.d656 Configured hello time 2, max age 20, forward delay 15 Interface Name ---------Po 1 Po 3 Po 4 Po 100 Po 110 Po 111 Po 120 PortID -------128.2 128.4 128.5 128.
Figure 54-11. Configuring Virtual Link Trunking (VLT Peer 1) FTOS_VLTpeer1(conf)#vlt domain 999 FTOS_VLTpeer1(conf-vlt-domain)#peer-link port-channel 100 FTOS_VLTpeer1(conf-vlt-domain)#back-up destination 10.11.206.35 FTOS_VLTpeer1(conf-vlt-domain)#exit Enable VLT and create a VLT domain FTOS_VLTpeer1(conf)#interface ManagementEthernet 0/0 FTOS_VLTpeer1(conf-if-ma-0/0)#ip address 10.11.206.
www.dell.com | support.dell.com Figure 54-12. Configuring Virtual Link Trunking (VLT Peer 2) FTOS_VLTpeer2(conf)#vlt domain 999 FTOS_VLTpeer2(conf-vlt-domain)#peer-link port-channel 100 FTOS_VLTpeer2(conf-vlt-domain)#back-up destination 10.11.206.23 FTOS_VLTpeer2(conf-vlt-domain)#exit Enable VLT and create a VLT domain with a backup-link and interconnect trunk FTOS_VLTpeer2(conf)#interface ManagementEthernet 0/0 FTOS_VLTpeer2(conf-if-ma-0/0)#ip address 10.11.206.
Figure 54-13. Switch) Verifying a Port-Channel Connection to a VLT Domain (From an Attached Access FTOS_TORswitch(conf)# show running-config interface port-channel 11 ! interface Port-channel 11 On an access device, verify the no ip address port-channel connection to a VLT switchport domain channel-member fortyGigE 1/18,22 no shutdown Troubleshooting VLT Use the following information to help to troubleshoot different VLT issues that may occur.
www.dell.com | support.dell.com Behavior During Run Time Description Behavior at Peer Up Action to Take Spanning tree mismatch at port level A syslog error message is generated. A one-time informational syslog message is generated. Correct the spanning tree configuration on the ports. System MAC mismatch A syslog error message and an SNMP trap are generated. A syslog error message and an SNMP trap are generated.
9. Confirm that the management ports are interconnected or connected to a switch that can transfer Heartbeat information.
www.dell.com | support.dell.
55 Virtual Router Redundancy Protocol (VRRP) Virtual Router Redundancy Protocol (VRRP) is supported on the S5000 switch. This chapter covers the following information: • • • • • VRRP Overview VRRP Benefits VRRP Implementation VRRP Configuration Sample Configurations VRRP Overview Virtual Router Redundancy Protocol (VRRP) is designed to eliminate a single point of failure in a statically routed network. VRRP specifies a MASTER router that owns the next hop IP and MAC address for end stations on a LAN.
www.dell.com | support.dell.com In Figure 55-1 below, Router A is configured as the MASTER router. It is configured with the IP address of the virtual router and sends any packets addressed to the virtual router through interface GigabitEthernet 1/1 to the Internet. As the BACKUP router, Router B is also configured with the IP address of the virtual router. If for any reason Router A becomes unavailable, VRRP elects a new MASTER Router. Router B assumes the duties of Router A and becomes the MASTER router.
VRRP Implementation The S5000 supports a total of 2000 VRRP groups on a switch and 512 VRRP groups per interface (Table 55-1). Within a single VRRP group, up to 12 virtual IP addresses are supported. Virtual IP addresses can belong to the primary or secondary IP address’ subnet configured on the interface. You can ping all the virtual IP addresses configured on the Master VRRP router from anywhere in the local subnet.
www.dell.com | support.dell.com • • • • • • • • Creating a Virtual Router (mandatory) Assigning Virtual IP addresses (mandatory) Setting VRRP Group (Virtual Router) Priority (optional) Configuring VRRP Authentication (optional) Disabling Preempt (optional) Changing the Advertisement interval (optional) Tracking an Interface or Object (optional) VRRP initialization delay For a complete listing of all commands related to VRRP, refer to FTOS Command Line Interface.
The S5000 supports a total of 120 VRRP groups on a switch with FTOS or a total of 20 VRRP groups when using SFTOS. To activate a VRRP Group on an interface (so that VRRP group starts transmitting VRRP packets), configure at least one Virtual IP address in a VRRP group. The Virtual IP address is the IP address of the Virtual Router and does not require the IP address mask. You can configure up to 12 Virtual IP addresses on a single VRRP Group (VRID).
www.dell.com | support.dell.com Figure 55-5. Command Example Display: show config for the Interface Note that the Primary IP address and the Virtual IP addresses are on the same subnet in the following example. FTOS(conf-if-te-1/1)#show conf ! interface TenGigabitEthernet 1/1 ip address 10.10.10.1/24 ! vrrp-group 111 priority 255 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.
Setting VRRP Group (Virtual Router) Priority Setting a Virtual Router priority to 255 ensures that router is the “owner” virtual router for the VRRP group. VRRP elects the MASTER router by choosing the router with the highest priority. THe default priority for a Virtual Router is 100. The higher the number, the higher the priority. If the MASTER router fails, VRRP begins the election process to choose a new MASTER router based on the next-highest priority.
www.dell.com | support.dell.com Configuring VRRP Authentication Simple authentication of VRRP packets ensures that only trusted routers participate in VRRP processes. When authentication is enabled, FTOS includes the password in its VRRP transmission, and the receiving router uses that password to verify the transmission. Note: All virtual routers in the VRRP group must be configured the same: authentication must be enabled with the same password or authentication is disabled.
Prevent the BACKUP router with the higher priority from becoming the MASTER router by disabling preempt. Note: All virtual routers in the VRRP group must be configured the same: all configured with preempt enabled or configured with preempt disabled. Since preempt is enabled by default, disable the preempt function with the following command in the VRRP mode. Re-enable preempt by entering the preempt command.
www.dell.com | support.dell.com Change that advertisement interval with the following command in the VRRP mode: Task Command Syntax Command Mode Change the advertisement interval setting. advertise-interval seconds Range: 1-255 seconds Default: 1 second INTERFACE-VRID Figure 55-13. Command Example: advertise-interval FTOS(conf-if-te-1/1)#vrrp-group 111 FTOS(conf-if-te-1/1-vrid-111)#advertise-interval 10 FTOS(conf-if-te-1/1-vrid-111)# Figure 55-14.
• • • 40-Gigabit Ethernet: Enter fortyGigE slot/port. Port channel: Enter port-channel number, where valid port-channel numbers are 1 to 128. VLAN: Enter vlan vlan-id, where valid VLAN IDs are from 1 to 4094. For a virtual group, you can also track the status of a configured object (track object-id command) by entering its object number.
www.dell.com | support.dell.com Figure 55-16. Command Example Display: track in VRID mode FTOS(conf-if-te-1/1-vrid-111)#show conf ! vrrp-group 111 advertise-interval 10 authentication-type simple 7 387a7f2df5969da4 no preempt priority 255 track TenGigabitEthernet 1/2 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.3 virtual-address 10.10.10.10 FTOS(conf-if-te-1/1-vrid-111)# Figure 55-17.
Figure 55-19. Command Example: show running-config interface FTOS#show running-config interface tengigabitethernet 7/30 interface TenGigabitEthernet 7/30 no ip address ipv6 address 2007::30/64 vrrp-ipv6-group 1 track 2 priority-cost 20 track 3 priority-cost 30 virtual-address 2007::1 virtual-address fe80::1 no shutdown VRRP initialization delay VRRP initialization delay is supported on the S5000 only. When configured, VRRP is enabled immediately upon system reload or boot.
www.dell.com | support.dell.com Sample Configurations VRRP for IPv4 Configuration The configuration in Figure 55-20 shows how to enable IPv4 VRRP. This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, etc.
Figure 55-21. Configure VRRP for IPv4 on Routers 2 and 3 -------Router 2 -------R2(conf)#int te 2/31 R2(conf-if-te-2/31)#ip address 10.1.1.2/24 R2(conf-if-te-2/31)#vrrp-group 99 R2(conf-if-te-2/31-vrid-99)#priority 200 R2(conf-if-te-2/31-vrid-99)#virtual 10.1.1.3 R2(conf-if-te-2/31-vrid-99)#no shut R2(conf-if-te-2/31)#show conf ! interface TenGigabitEthernet 2/31 ip address 10.1.1.2/24 ! vrrp-group 99 priority 200 virtual-address 10.1.1.
www.dell.com | support.dell.com VRRP for IPv6 Configuration Figure 55-22 shows an example of a VRRP for IPv6 configuration in which the IPv6 VRRP group consists of two routers. This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, etc.
Figure 55-23.
www.dell.com | support.dell.com VRRP in VRF Configuration The example in this section shows how to enable VRRP operation in a VRF virtualized network for the following scenarios: • • Multiple VRFs on physical interfaces running VRRP Multiple VRFs on VLAN interfaces running VRRP To view a VRRP in VRF configuration, use the show commands described in Displaying a VRRP in VRF Configuration on page 1012. Non-VLAN Scenario Figure 55-24.
Both Switch-1 and Switch-2 have three VRF instances defined: VRF-1, VRF-2, and VRF-3. Each VRF has a separate physical interface to a LAN switch and an upstream VPN interface to connect to the Internet. Both Switch-1 and Switch-2 use VRRP groups on each VRF instance in order that there is one master and one backup router for each VRF. In VRF-1 and VRF-2, Switch-2 serves as owner-master of the VRRP group and Switch-1 serves as the backup. On VRF-3, Switch-1 is the owner-master and Switch-2 is the backup.
www.dell.com | support.dell.com Figure 55-26. VRRP in VRF: Switch-2 Non-VLAN Configuration Switch-2 S2(conf)#ip vrf default-vrf 0 ! S2(conf)#ip vrf VRF-1 1 ! S2(conf)#ip vrf VRF-2 2 ! S2(conf)#ip vrf VRF-3 3 ! S2(conf)#interface TenGigabitEthernet 12/1 S2(conf-if-te-12/1)#ip vrf forwarding VRF-1 S2(conf-if-te-12/1)#ip address 10.10.1.2/24 S2(conf-if-te-12/1)#vrrp-group 11 % Info: The VRID used by the VRRP group 11 in VRF 1 will be 177.
Figure 55-27. VRRP in VRF: Switch-1 VLAN Configuration Switch-1 S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface TenGigabitEthernet 12/4 S1(conf-if-te-12/4)#no ip address S1(conf-if-te-12/4)#switchport S1(conf-if-te-12/4)#no shutdown ! S1(conf-if-te-12/4)#interface vlan 100 S1(conf-if-vl-100)#ip vrf forwarding VRF-1 S1(conf-if-vl-100)#ip address 10.10.1.
www.dell.com | support.dell.com Figure 55-28. VRRP in VRF: Switch-2 VLAN Configuration Switch-2 S2(conf)#ip vrf VRF-1 1 ! S2(conf)#ip vrf VRF-2 2 ! S2(conf)#ip vrf VRF-3 3 ! S2(conf)#interface TenGigabitEthernet 12/4 S2(conf-if-te-12/4)#no ip address S2(conf-if-te-12/4)#switchport S2(conf-if-te-12/4)#no shutdown ! S2(conf-if-te-12/4)#interface vlan 100 S2(conf-if-vl-100)#ip vrf forwarding VRF-1 S2(conf-if-vl-100)#ip address 10.10.1.
To display information on the VRRP groups configured on interfaces that belong to a VRF instance, enter the show vrrp vrf [vrf instance] command: Figure 55-30. Command Example: show vrrp vrf FTOS#show vrrp vrf red -----------------TenGigabitEthernet 13/4, IPv4 Vrrp-group: 4, VRID: 65, Version: 2, Net: 192.168.0.1 VRF: 1 red State: Master, Priority: 100, Master: 192.168.0.
www.dell.com | support.dell.
56 S5000 Debugging and Diagnostics The chapter contains the following major sections: • • • • • • • • • Offline diagnostics Trace logs Hardware watchdog timer Show Hardware Commands Environmental monitoring Buffer tuning Troubleshooting packet loss Application core dumps Mini core dumps Offline diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware.
www.dell.com | support.dell.com Important Points to Remember • You can only perform offline diagnostics on an offline standalone unit or offline member unit of a stack of three or more. You cannot perform diagnostics on the management or standby unit in a stack of two or more (Message 1). Message 1 Offline Diagnostics on Master/Standby Error Running Diagnostics on master/standby unit is not allowed on stack. • • • • Perform offline diagnostics on one stack member at a time.
Figure 56-2.
www.dell.com | support.dell.com As shown in Figure 56-3 and Figure 56-4, log messages differ somewhat when diagnostics are done on a standalone unit and on a stack member. Figure 56-3.
Figure 56-4. Running Offline Diagnostics on an S5000 Stack Member FTOS#diag stack-unit 2 Warning - the stack unit will be pulled out of the stack for diagnostic execution Proceed with Diags [confirm yes/no]: yes Warning - diagnostic execution will cause multiple link flaps on the peer side - advisable to shut directly connected ports Proceed with Diags [confirm yes/no]: yes FTOS#00:03:13: %S25P:2 %DIAGAGT-6-DA_DIAG_STARTED: Starting diags on stack unit 2 00:03:13 : Approximate time to complete these Diags .
www.dell.com | support.dell.com Figure 56-5. Viewing the Results of Offline Diagnostics on a Standalone Unit FTOS#show file flash://TestReport-SU-0.txt **********************************S-Series Diagnostics******************** Stack Unit Board Serial Number : DL267160098 CPU Version : MPC8541, Version: 1.1 PLD Version : 5 Diag image based on build : E_MAIN4.7.7.206 Stack Unit Board Voltage levels - 3.300000 V, 2.500000 V, 1.800000 V, 1.250000 V, 1.200000 V, 2.
Trace logs In addition to the syslog buffer, FTOS buffers trace messages which are continuously written by various FTOS software tasks to report hardware and software events and status information. Each trace message provides the date, time, and name of the FTOS process. All messages are stored in a ring buffer and can be saved to a file either manually or automatically upon failover.
www.dell.com | support.dell.com Table 56-2. show hardware Commands Command Description show hardware stack-unit {0-11} cpu management statistics View internal interface status of the stack-unit CPU port which connects to the external management interface. show hardware stack-unit {0-11} cpu data-plane statistics View driver-level statistics for the data-plane port on the CPU for the specified stack-unit.
Figure 56-6.
www.dell.com | support.dell.com When the system detects a genuine over-temperature condition, it powers off the unit. To recognize this condition, look for the system messages in Message 3.
Troubleshooting an under-voltage condition To troubleshoot an under-voltage condition, check that the correct number of power supplies are installed and their Status LEDs are lit. The SNMP traps and OIDs in Table 56-3 provide information about environmental monitoring hardware and hardware components. Table 56-3. SNMP Traps and OIDs OID String OID Name Description chSysPortXfpRecvPower OID to display the receiving power of the connected optics.
www.dell.com | support.dell.com Buffer tuning Buffer Tuning allows you to modify the way your switch allocates buffers from its available memory, and helps prevent packet drops during a temporary burst of traffic. The application-specific integrated circuits (ASICs) implement the key functions of queuing, feature lookups, and forwarding lookups in the hardware.
Figure 56-8. Buffer Tuning Points CSF Unit 3 1 IDP Switch Links 2 FP Unit 1 3 Front-end Links PHY PHY Deciding to tune buffers Dell Networking recommends exercising caution when configuring any non-default buffer settings, as tuning can significantly affect system performance. The default values work for most cases. As a guideline, consider tuning buffers if traffic is very bursty (and coming from several interfaces). In this case: • • • Reduce the dedicated buffer on all queues/interfaces.
www.dell.com | support.dell.com Buffer tuning commands Task Command Command Mode Define a buffer profile for the FP queues. buffer-profile fp fsqueue CONFIGURATION Define a buffer profile for the CSF queues. buffer-profile csf csqueue CONFIGURATION Change the dedicated buffers on a physical 1G interface. buffer dedicated BUFFER PROFILE Change the maximum amount of dynamic buffers an interface can request. buffer dynamic BUFFER PROFILE Change the number of packet-pointers per queue.
Figure 56-9. Display the Default Buffer Profile FTOS#show buffer-profile stack-unit Stack-Unit Current Buffer-Profile ---------- ---------------------0 Default (Dynamic) FTOS# Figure 56-10.
www.dell.com | support.dell.com Using a pre-defined buffer profile FTOS provides two pre-defined buffer profiles, one for single-queue (for example, non-QoS) applications, and one for four-queue (for example, QoS) applications. Task Command Mode Apply one of two pre-defined buffer profiles for all port pipes in the system. buffer-profile global [1Q | 4Q] CONFIGURATION You must reload the system for the global buffer profile to take effect (Message 5).
Sample buffer profile configuration The two general types of network environments are sustained data transfers and voice/data. Dell Networking recommends a single-queue approach for data transfers (Figure 56-11). Figure 56-11.
www.dell.com | support.dell.com Displaying Drop Counters The show hardware stack-unit 0–11 drops [unit 0 [port 0–63]] command assists in identifying which stack unit, port pipe, and port is experiencing internal drops, as shown in Figure 56-12 and Figure 56-13. Figure 56-12.
Figure 56-13.
www.dell.com | support.dell.com Figure 56-14.
Displaying Stack Port Statistics The show hardware stack-unit stack-port command displays input and output statistics for a stack-port interface (Figure 56-16). Figure 56-16.
www.dell.com | support.dell.com Application core dumps By default, application core dumps are enabled and are stored in a local directory (flash:/core_dump_dir). A core dump file can be very large. Dell recommends that due to memory requirements, you can upload the file directly to an FTP server. so that it is not stored in the local flash. To enable automatic uploading of the core dump file to an FTP server, use the logging coredump server command.
When a member or standby unit crashes, the mini core file gets uploaded to master unit. When the master unit crashes, the mini core file is uploaded to new master. Only the master unit has the ability to upload the coredump. Figure 56-19.
www.dell.com | support.dell.
57 Standards Compliance This document contains the following sections: • • • IEEE Compliance RFC and I-D Compliance MIB Location Note: Unless noted, when a standard cited here is listed as supported by FTOS, FTOS also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website. Click on “Browse and search IETF documents,” enter an RFC number, and inspect the top of the resulting document for obsolescence citations to related RFCs.
www.dell.com | support.dell.com • MTU — 9,252 bytes RFC and I-D Compliance The following standards, grouped by related protocol, are supported by FTOS on the S5000 switch.
General IPv4 Protocols RFC# Full Name FTOS 9.0(1.
www.dell.com | support.dell.
Border Gateway Protocol (BGP) RFC# Full Name FTOS 9.0(1.
www.dell.com | support.dell.com Open Shortest Path First (OSPF) RFC# Full Name FTOS 9.0(1.
Routing Information Protocol (RIP) RFC# Full Name FTOS 9.0(1.3) 1058 Routing Information Protocol 2453 RIP Version 2 4191 Default Router Preferences and More-Specific Routes Multicast RFC# Full Name FTOS 9.0(1.
www.dell.com | support.dell.
Network Management (continued) RFC# Full Name FTOS 9.0(1.
www.dell.com | support.dell.com Network Management (continued) 1048 | RFC# Full Name FTOS 9.0(1.3) ruzin-mstp-mib-0 2 (Traps) Definitions of Managed Objects for Bridges with Multiple Spanning Tree Protocol sFlow.org sFlow Version 5 sFlow.
MIB Location You can view Dell Networking MIBs under the Dell Networking MIBs subhead on the Documentation page of iSupport at: https://www.force10networks.com/csportal20/KnowledgeBase/Documentation.aspx You also can obtain a list of selected MIBs and their OIDs at: https://www.force10networks.com/csportal20/MIBs/MIB_OIDs.aspx Some pages of iSupport require a login. To request an iSupport account, go to: https://www.force10networks.com/CSPortal20/Support/AccountRequest.
| Standards Compliance www.dell.com | support.dell.