Dell 9.9(0.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2015 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents 1 About this Guide............................................................................................................ 35 Audience.......................................................................................................................................................................... 35 Conventions.....................................................................................................................................................................
Configure File Management............................................................................................................................................. 53 Copying Files to and from the System..............................................................................................................................54 Important Points to Remember..................................................................................................................................
Enabling the FTP Server.............................................................................................................................................76 Configuring FTP Server Parameters........................................................................................................................... 76 Configuring FTP Client Parameters.............................................................................................................................77 Terminal Lines..........
Important Points to Remember.................................................................................................................................. 98 Enabling 802.1X................................................................................................................................................................ 99 Configuring Request Identity Re-Transmissions..............................................................................................................
Counting ACL Hits.................................................................................................................................................... 125 Configure Ingress ACLs...................................................................................................................................................125 Configure Egress ACLs...................................................................................................................................................
Sessions and Peers......................................................................................................................................................... 167 Establish a Session....................................................................................................................................................167 Route Reflectors.....................................................................................................................................................
Enabling Multipath......................................................................................................................................................... 202 Filtering BGP Routes Using Route Maps........................................................................................................................ 203 Filtering BGP Routes Using AS-PATH Information.........................................................................................................
Configure Control Plane Policing.................................................................................................................................... 238 Configuring CoPP for Protocols..................................................................................................................................... 239 Configuring CoPP for CPU Queues................................................................................................................................
Configuring DCBx.................................................................................................................................................... 265 Verifying the DCB Configuration.................................................................................................................................... 269 Sample DCB Configuration.............................................................................................................................................
Inter Switch Link (ISL)............................................................................................................................................. 305 Principal Switch Selection and Domain ID Assignment............................................................................................. 305 Route Table.............................................................................................................................................................. 306 Zoning..............
Configuring Fibre Channel Interfaces............................................................................................................................. 336 Displaying Fibre Channel Information.............................................................................................................................. 337 Troubleshooting Fibre Channel Operation.......................................................................................................................
Automatic and Manual Stack Unit Failover...............................................................................................................360 Synchronization between Management and Standby Units..................................................................................... 360 Forcing an Stack Unit Failover.................................................................................................................................. 361 Specifying an Auto-Failover Limit.................
Advanced Interface Configuration..................................................................................................................................380 Interface Types............................................................................................................................................................... 381 View Basic Interface Information.....................................................................................................................................
Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port......................................................................................... 402 Important Points to Remember................................................................................................................................ 403 Example Scenarios................................................................................................................................................... 403 Link Dampening....................
Configuring ARP Retries................................................................................................................................................ 428 ICMP..............................................................................................................................................................................429 Configuration Tasks for ICMP..................................................................................................................................
Monitoring iSCSI Traffic Flows................................................................................................................................. 450 Application of Quality of Service to iSCSI Traffic Flows............................................................................................450 Information Monitored in iSCSI Traffic Flows.............................................................................................................
Configure a LAG on ALPHA..................................................................................................................................... 484 32 Layer 2...................................................................................................................... 492 Manage the MAC Address Table.................................................................................................................................... 492 Clearing the MAC Address Table.....................
Relevant Management Objects.......................................................................................................................................518 34 Microsoft Network Load Balancing............................................................................523 NLB Unicast Mode Scenario.......................................................................................................................................... 523 NLB Multicast Mode Scenario...................................
Interoperate with Non-Dell Networking OS Bridges....................................................................................................... 552 Modifying Global Parameters......................................................................................................................................... 553 Modifying the Interface Parameters...............................................................................................................................
Set Tracking Delays.................................................................................................................................................. 587 VRRP Object Tracking............................................................................................................................................. 588 Object Tracking Configuration........................................................................................................................................
Apply a Redirect-list to an Interface using a Redirect-group.....................................................................................649 Sample Configuration......................................................................................................................................................651 Create the Redirect-List GOLDAssign Redirect-List GOLD to Interface 2/11View Redirect-List GOLD.................... 652 42 PIM Sparse-Mode (PIM-SM).........................................
Creating a Primary VLAN......................................................................................................................................... 683 Creating a Community VLAN................................................................................................................................... 684 Creating an Isolated VLAN.......................................................................................................................................
Global Service Pools With WRED and ECN Settings................................................................................................. 717 Configuring WRED and ECN Attributes.......................................................................................................................... 718 Guidelines for Configuring ECN for Classifying and Color-Marking Packets....................................................................
Modifying Interface Parameters................................................................................................................................ 751 Configuring an EdgePort.......................................................................................................................................... 752 Influencing RSTP Root Selection..............................................................................................................................
Debugging VLAN Stacking....................................................................................................................................... 782 VLAN Stacking in Multi-Vendor Networks................................................................................................................782 VLAN Stacking Packet Drop Precedence....................................................................................................................... 787 Enabling Drop Eligibility..........
Enabling an SNMP Agent to Notify Syslog Server Failure.............................................................................................. 808 Copy Configuration Files Using SNMP...........................................................................................................................809 Copying a Configuration File.....................................................................................................................................
Provisioning a Stack Unit................................................................................................................................................ 841 Converting Four 10 GbE Ports to 40 GbE Ports for Stacking......................................................................................... 842 Removing a Stack Group from Stacking Mode...............................................................................................................842 Remove a Switch from a Stack...
59 SupportAssist............................................................................................................872 Configuring SupportAssist Using a Configuration Wizard............................................................................................... 872 Configuring SupportAssist Manually............................................................................................................................... 873 Configuring SupportAssist Activity..............................
Getting Help with Switch Information.............................................................................................................................901 64 Virtual LANs (VLANs)............................................................................................... 902 Default VLAN.................................................................................................................................................................902 Port-Based VLANs..............................
Configuring a VLT VLAN Peer-Down (Optional).......................................................................................................930 Configuring Enhanced VLT (eVLT) (Optional).......................................................................................................... 930 PVST+ Configuration..................................................................................................................................................... 932 Sample PVST+ Configuration..........
Configuring VRRP on a VRF Instance...................................................................................................................... 967 Configuring Management VRF.................................................................................................................................968 Configuring a Static Route....................................................................................................................................... 968 Sample VRF Configuration......
Deciding to Tune Buffers......................................................................................................................................... 1012 Sample Buffer Profile Configuration........................................................................................................................ 1014 Troubleshooting Packet Loss.........................................................................................................................................
1 About this Guide This guide describes the protocols and features supported on Dell Networking switches and routers by the Dell Networking operating system (OS) and provides configuration instructions and examples for implementing them. The S5000 switch is available with Dell Networking OS version 9.1(1.0) and later version. It also supports stacking. Though this guide contains information on protocols, it is not intended to be a complete reference.
2 Configuration Fundamentals The Dell Networking OS command line interface (CLI) is a text-based interface that you use to configure interfaces and protocols. The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and you can limit user access to modes using privilege levels. In Dell Networking OS, after you enable a command, it is entered into the running configuration file.
NOTE: At any time, entering a question mark (?) displays the available command options. For example, when you are in CONFIGURATION mode, entering the question mark first lists all the available commands, including the possible submodes. • INTERFACE sub-mode — is the mode in which you configure Layer 2 and Layer 3 protocols and IP services specific to an interface.
Table 1. Dell Networking OS Command Modes CLI Command Mode Prompt Access Command EXEC Dell> Access the router through the console or Telnet. EXEC Privilege Dell# • • CONFIGURATION Dell(conf)# From EXEC mode, enter the enable command. From any other mode, use the end command. • From EXEC privilege mode, enter the configure command. • From every mode except EXEC and EXEC Privilege, enter the exit command. NOTE: Access all of the following modes from CONFIGURATION mode.
CLI Command Mode Prompt Access Command PREFIX-LIST Dell(conf-nprefixl)# ip prefix-list RAPID SPANNING TREE Dell(config-rstp)# protocol spanning-tree rstp GVRP Dell (conf-gvrp) protocol gvrp LLDP Dell (conf-lldp) protocol lldp FIBRE CHANNEL Dell (conf-fcoe) protocol fc REDIRECT Dell (conf-redirect-list)# ip redirect-list ROUTE-MAP Dell (conf-route-map)# route-map ROUTER BGP Dell(conf-router_bgp)# router bgp ROUTER ISIS Dell(conf-router_isis)# router isis ROUTER OSPF Dell(conf-r
• • • • • • 1GbE: Ports from 0 to 47 10GbE: Ports from 0 to 63 40GbE: Ports 48, 52, 56, and 60 Universal Port: Ports from 0 to 47 Management: Port 0 Fibre Channel: Ports from 0 to 11 The do Command You can enter an EXEC mode command from any CONFIGURATION mode (CONFIGURATION, INTERFACE, SPANNING TREE, and so on.) without having to return to EXEC mode by preceding the EXEC mode command with the do command. The following example shows the output of the do command.
interface TenGigabitEthernet 5/1 no ip address shutdown Dell(conf-if-te-5/1)# Layer 2 protocols are disabled by default. Enable them using the no disable command. For example, in PROTOCOL SPANNING TREE mode, enter no disable to enable Spanning Tree. Obtaining Help Obtain a list of keywords and a brief functional description of those keywords at any CLI mode using the ? or help command: • To list the keywords available in the current mode, enter ? at the prompt or after a keyword.
Short-Cut Key Combination Action CNTL-A Moves the cursor to the beginning of the command line. CNTL-B Moves the cursor back one character. CNTL-D Deletes character at cursor. CNTL-E Moves the cursor to the end of the line. CNTL-F Moves the cursor forward one character. CNTL-I Completes a keyword. CNTL-K Deletes all characters from the cursor to the end of the command line. CNTL-L Re-enters the previous command.
• show run | grep Ethernet ignore-case returns instances containing both “Ethernet” and “ethernet.” The grep command displays only the lines containing specified text. The following example shows this command used in combination with the do show stack-unit all stack-ports all pfc details | grep 0 command.
Multiple Users in Configuration Mode Dell Networking OS notifies all users when there are multiple users logged in to CONFIGURATION mode. A warning message indicates the username, type of connection (console or VTY), and in the case of a VTY connection, the IP address of the terminal on which the connection was established.
3 Getting Started This chapter helps you get started using the S5000. Accessing Ports The S5000 has two management ports available for system access — a console port and a universal serial bus (USB)-B port. The USB-B port acts the same as the console port. The terminal settings are the same for both access ports. Accessing the RJ-45/RS-232 Console Port The RS-232/RJ-45 console port is labeled on the lower left-hand side of the S5000 system as you face the Utility side of the chassis.
Pin Assignments You can connect to the console using a RJ-45 to RJ-45 rollover cable and a RJ-45 to DB-9 female DTE adapter to a terminal server (for example, a PC). The pin assignments between the console and a DTE terminal server are as follows: Table 2.
Following are the points to remember, when you are trying to establish an SSH session to the device to run commands or script files: • There is an upper limit of 10 concurrent sessions in SSH. Therefore, you might expect a failure in executing SSH-related scripts. • To avoid denial of service (DoS) attacks, a rate-limit of 10 concurrent sessions per minute in SSH is devised. Therefore, you might experience a failure in executing SSH-related scripts when multiple short SSH commands are executed.
S5000 Boot Selector Label 1.3.0.0m CPU0: P2020, Version: 2.1, (0x80e20021) Core: E500, Version: 5.1, (0x80211051) . . Board: S5000 Dell CPU CPLD: S5000 CPLD Rev 41 Board Revision 1 . . Boot Selector set to Bootflash Partition A image... Verifying Copyright Information..success for Image - 0 Boot Selector: Booting Bootflash Partition A image... Copying stage-2 loader from 0x800000 to 0x7f800000(size = 0x200000) F10 Boot Image selection DONE.
Release Image Created 2013/4/15 - 18:11:28 SOFTWARE IMAGE HEADER DATA : ---------------------------Software Image[1] Img file Name : CPRPLP-RPM-AP-9-0-1-0.bin Software Image[2] Img file Name : NBSDPCPRPLP-RPM-AP-9-0-1-0.bin . Starting Dell Networking application 00:00:38: %STKUNIT0-M:CP %RAM-6-ELECTION_ROLE: Stack unit 0 is transitioning to Management unit.
Configuring the Enable Password Access EXEC Privilege mode using the enable command. EXEC Privilege mode is unrestricted by default. Configure a password as a basic security measure. There are two types of enable passwords: • enable password stores the password in the running/startup configuration using a DES encryption method. • enable secret is stored in the running/startup configuration in using a stronger, MD5 encryption method. Dell Networking recommends using the enable secret password.
Default Configuration A version of Dell Networking OS is pre-loaded onto the chassis; however, the system is not configured when you power up for the first time (except for the default hostname, which is Dell). You must configure the system using the CLI.
no shutdown Configure a Management Route Define a path from the system to the network from which you are accessing the system remotely. Management routes are separate from IP routes and are only used to manage the system through the management port. To configure a management route, use the following command. • Configure a management route to the network from which you are accessing the system.
To view which interfaces are tagged or untagged and to view which VLAN the interfaces belong, use the show vlan command. To view just the interfaces that are in Layer 2 mode, use the show interfaces switchport command in EXEC Privilege mode or EXEC mode. To tag frames leaving an interface in Layer 2 mode, assign that interface to a port-based VLAN to tag it with that VLAN ID. 1. Access the INTERFACE VLAN mode of the VLAN to which you want to assign the interface.
Copying Files to and from the System The command syntax for copying files is similar to UNIX. The copy command uses the format copy source-file-url destination-file-url. NOTE: For a detailed description of the copy command, refer to the Dell Networking OS Command Line Reference Guide. • To copy a local file to a remote system, combine the file-origin syntax for a local file location with the file-destination syntax for a remote file location.
Mounting an NFS File System This feature enables you to quickly access data on an NFS mounted file system. You can perform file operations on an NFS mounted file system using supported file commands. This feature allows an NFS mounted device to be recognized as a file system. This file system is visible on the device and you can execute all file commands that are available on conventional file systems such as a Flash file system.
Password to login remote host: ! Example of Copying to NFS Mount Dell#copy flash://test.txt nfsmount:/// Destination file name [test.txt]: ! 15 bytes successfully copied Dell#copy flash://ashu/capture.txt.pcap nfsmount:/// Destination file name [test.txt]: ! 15 bytes successfully copied Dell#copy flash://ashu/capture.txt.pcap nfsmount:///ashutosh/snoop.pcap ! 24 bytes successfully copied Dell# Dell#copy tftp://10.16.127.
Viewing Files You can only view file information and content on local file systems. To view a list of files or the contents of a file, use the following commands. • View a list of files on the internal flash. EXEC Privilege mode dir flash: • View a list of files on the usbflash. EXEC Privilege mode dir usbflash: • View the contents of a file in the internal flash. EXEC Privilege mode show file flash://filename • View the contents of a file in the usb flash.
View Configuration Files Configuration files have three commented lines at the beginning of the file, as shown in the following example, to help you track the last time any user made a change to the file, which user made the changes, and when the file was last saved to the startupconfiguration.
Table 6. Standard and Compressed Configurations int vlan 2 int vlan 3 int vlan 4 int vlan 5 int vlan 100 int vlan 1000 no ip address tagged te 1/1 tagged te 1/1 tagged te 1/1 no ip address ip address 1.1.1.1/16 no shut no ip address no ip address no ip address no shut no shut shut shut shut int te 1/1 int te 1/2 int te 1/3 int te 1/4 int te 1/10 int te 1/34 no ip address no ip address no ip address no ip address no ip address ip address 2.1.1.
! shutdown interface TenGigabitEthernet 1/34 ! ip address 2.1.1.1/16 interface Vlan 1000 shutdown ip address 1.1.1.1/16 ! no shutdown interface Vlan 2 ! no ip address no shutdown Compressed config size – 27 lines. ! interface Vlan 3 tagged te 1/1 no ip address shutdown ! interface Vlan 4 tagged te 1/1 no ip address shutdown ! interface Vlan 5 tagged te 1/1 no ip address shutdown ! interface Vlan 100 no ip address no shutdown ! interface Vlan 1000 ip address 1.1.1.
The write memory compressed CLI will write the operating configuration to the startup-config file in the compressed mode. In stacking scenario, it will also take care of syncing it to all the standby and member units.
3 -rwx 1272 Apr 29 2011 16:15:14 +00:00 startup-config 4 -rwx 3998 May 11 2011 23:36:12 +00:00 test Enabling Software Features on Devices Using a Command Option This capability to activate software applications or components on a device using a command is supported on this platform. Starting with Release 9.4(0.0), you can enable or disable specific software features or applications that need to run on a device by using a command attribute in the CLI interface.
Upgrading and Downgrading Dell Networking OS To upgrade or downgrade Dell Networking OS, refer to the Release Notes for the version you want to load on the system. Using Hashes to Verify Software Images Before Installation You can use the MD5 message-digest algorithm or SHA256 Secure Hash Algorithm to validate the software image on the flash drive, after the image has been transferred to the system, but before the image has been installed.
MD5 Dell# verify md5 flash://FTOS-SE-9.5.0.0.bin 275ceb73a4f3118e1d6bcf7d75753459 MD5 hash VERIFIED for FTOS-SE-9.5.0.0.bin SHA256 Dell# verify sha256 flash://FTOS-SE-9.5.0.0.bin e6328c06faf814e6899ceead219afbf9360e986d692988023b749e6b2093e933 SHA256 hash VERIFIED for FTOS-SE-9.5.0.0.bin Using HTTP for File Transfers Stating with Release 9.3(0.1), you can use HTTP to copy files or configuration details to a remote server.
4 Switch Management This chapter explains the different protocols or services used to manage the S5000 switch. Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line. There are 16 privilege levels, of which three are pre-defined. The default privilege level is 1. Level Description Level 1 Access to the system begins at EXEC mode, and EXEC mode commands are limited to enable, disable, and exit.
level level command. In the command, specify the privilege level of the user or terminal line and specify all the keywords in the command to which you want to allow access. Allowing Access to the Following Modes This section describes how to allow access to the INTERFACE, LINE, ROUTE-MAP, and ROUTER modes. Similar to allowing access to CONFIGURATION mode, to allow access to INTERFACE, LINE, ROUTE-MAP, and ROUTER modes, first allow access to the command that enters you into the mode.
[telnet output omitted] Dell#show priv Current privilege level is 3.
Line mode privilege level level NOTE: When you assign a privilege level between 2 and 15, access to the system begins at EXEC mode, but the prompt is hostname#, rather than hostname>. Configuring Logging The Dell Networking OS tracks changes in the system using event and error messages. By default, Dell Networking OS logs these messages on: • the internal buffer • console and terminal lines • any configured syslog servers To disable logging, use the following commands.
CONFIGURATION mode no logging buffer • Disable logging to terminal lines. CONFIGURATION mode no logging monitor • Disable console logging. CONFIGURATION mode no logging console Sending System Messages to a Syslog Server To send system messages to a syslog server by specifying the server, use the following command. • Specify the server to which you want to send system messages. You can configure up to eight syslog servers.
login statistics enable After enabling login statistics, the system stores the login activity details for the last 30 days. 2. (Optional) Configure the number of days for which the system stores the user login statistics. The range is from 1 to 30. CONFIGURATION mode login statistics time-period days Example of Configuring Login Activity Tracking The following example enables login activity tracking. The system stores the login activity details for the last 30 days.
-----------------------------------------------------------------User: admin Last login time: Mon Feb 16 04:40:00 2015 Last login location: Line vty0 ( 10.14.1.97 ) Unsuccessful login attempt(s) since the last successful login: 0 Unsuccessful login attempt(s) in last 11 day(s): 3 ------------------------------------------------------------------ Limit Concurrent Login Sessions Dell Networking OS enables you to limit the number of concurrent login sessions of users on VTY, auxiliary, and console lines.
Connected to 10.11.178.14. Escape character is '^]'. Login: admin Password: Current sessions for user admin: Line Location 2 vty 0 10.14.1.97 3 vty 1 10.14.1.97 Clear existing session? [line number/Enter to cancel]: When you try to create more than the permitted number of sessions, the following message appears, prompting you to close one of the existing sessions. If you close any of the existing sessions, you are allowed to login. $ telnet 10.11.178.17 Trying 10.11.178.17... Connected to 10.11.178.17.
logging buffered size • Specify the number of messages that Dell Networking OS saves to its logging history table. CONFIGURATION mode logging history size size To view the logging buffer and configuration, use the show logging command in EXEC privilege mode, as shown in the example for Display the Logging Buffer and the Logging Configuration.
Configuring a UNIX Logging Facility Level You can save system log messages with a UNIX system logging facility. To configure a UNIX logging facility level, use the following command. • Specify one of the following parameters.
Synchronizing Log Messages You can configure Dell Networking OS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system. 1. Enter LINE mode.
File Transfer Services With Dell Networking OS, you can configure the system to transfer files over the network using the file transfer protocol (FTP). One FTP application is copying the system image files over an interface on to the system; however, FTP is not supported on virtual local area network (VLAN) interfaces. For more information about FTP, refer to RFC 959, File Transfer Protocol. NOTE: To transmit large files, Dell Networking recommends configuring the switch as an FTP server.
– password: enter a text string. NOTE: You cannot use the change directory (cd) command until you have configured ftp-server topdir. To view the FTP configuration, use the show running-config ftp command in EXEC privilege mode. Configuring FTP Client Parameters To configure FTP client parameters, use the following commands. • Enter the following keywords and slot/port or number information: – For a Gigabit Ethernet interface, enter the GigabitEthernet keyword then the slot/port information.
Example of an ACL that Permits Terminal Access To view the configuration, use the show config command in LINE mode. Dell(config-std-nacl)#show config ! ip access-list standard myvtyacl seq 5 permit host 10.11.0.1 Dell(config-std-nacl)#line vty 0 Dell(config-line-vty)#show config line vty 0 access-class myvtyacl Dell Networking OS Behavior: Prior to Dell Networking OS version 7.4.2.0, in order to deny access on a VTY line, apply an ACL and accounting, authentication, and authorization (AAA) to the line.
Dell(config-line-vty)#password myvtypassword Dell(config-line-vty)#show config line vty 0 password myvtypassword login authentication myvtymethodlist line vty 1 password myvtypassword login authentication myvtymethodlist line vty 2 password myvtypassword login authentication myvtymethodlist Dell(config-line-vty)# Setting Time Out of EXEC Privilege Mode EXEC time-out is a basic security feature that returns Dell Networking OS to EXEC mode after a period of inactivity on the terminal lines.
Example of the telnet Command for Device Access Dell# telnet 10.11.80.203 Trying 10.11.80.203... Connected to 10.11.80.203. Exit character is '^]'. Login: Login: admin Password: Dell>exit Dell#telnet 2200:2200:2200:2200:2200::2201 Trying 2200:2200:2200:2200:2200::2201... Connected to 2200:2200:2200:2200:2200::2201. Exit character is '^]'. FreeBSD/i386 (freebsd2.dell.com) (ttyp1) login: admin Dell# Lock CONFIGURATION Mode Dell Networking OS allows multiple users to make configurations at the same time.
NOTE: If your session times out and you return to EXEC mode, the CONFIGURATION mode lock is unconfigured. View the Configuration Lock Status If you attempt to enter CONFIGURATION mode when another user has locked it, you may view which user has control of CONFIGURATION mode using the show configuration lock command from EXEC Privilege mode. You can then send any user a message using the send command from EXEC Privilege mode.
hit any key 4. Set the system parameters to ignore the enable password when the system reloads. BOOT USER mode ignore enable-password 5. Reload the system. BOOT USER mode reload 6. Configure a new enable password. CONFIGURATION mode enable {secret | password} 7. Save the running-config to the startup-config.
5 802.1ag Ethernet operations, administration, and maintenance (OAM) are a set of tools used to install, monitor, troubleshoot, and manage Ethernet infrastructure deployments. Ethernet OAM consists of three main areas: • Service layer OAM — IEEE 802.1ag connectivity fault management (CFM) • Link layer OAM — IEEE 802.
Maintenance Domains Connectivity fault management (CFM) divides a network into hierarchical maintenance domains, as shown in the following illustration. A CFM maintenance domain is a management space on a network that a single management entity owns and operates. The network administrator assigns a unique maintenance level (from 0 to 7) to each domain to define the hierarchical relationship between domains.
Figure 4. Maintenance Points Maintenance End Points A maintenance end point (MEP) is a logical entity that marks the end point of a domain. There are two types of MEPs defined in 802.1ag for an 802.1 bridge: • Up-MEP — monitors the forwarding path internal to a bridge on the customer or provider edge. On Dell Networking systems, the internal forwarding path is effectively the switch fabric and forwarding engine. • Down-MEP — monitors the forwarding path external another bridge.
Configuring the CFM To configure the CFM, follow these steps: 1. Configure the ecfmacl CAM region using the cam-acl command. Refer to Configure Ingress ACLs. 2. Enabling Ethernet CFM 3. Creating a Maintenance Domain 4. Creating a Maintenance Association 5. Create Maintenance Points 6. Use CFM tools: a. Continuity Check Messages b. Sending Loopback Messages and Responses c.
Services MA-Name My_MA VLAN 200 CC-Int 10s X-CHK Status enabled Domain Name: praveen Level: 6 Total Service: 1 Services MA-Name VLAN CC-Int Your_MA 100 10s X-CHK Status enabled Creating a Maintenance Association A maintenance association (MA) is a subdivision of an MD that contains all managed entities corresponding to a single end-to-end service, typically a virtual area network (VLAN). An MA is associated with a VLAN ID. • Create maintenance association.
---------------------------------------------------------------100 cfm0 7 MEP Te 4/10 Enabled test0 10 DOWN 00:01:e8:59:23:45 200 cfm1 6 MEP Te 4/10 Enabled test1 20 DOWN 00:01:e8:59:23:45 300 cfm2 5 MEP Te 4/10 Enabled test2 30 DOWN 00:01:e8:59:23:45 Creating a Maintenance Intermediate Point Maintenance intermediate point (MIP) is a logical entity configured at a port of a switch that constitutes intermediate points of a maintenance entity (ME).
Domain Name: cfm0 MA Name: test0 Level: 7 VLAN: 10 MP ID: 900 Sender Chassis ID: Dell MEP Interface status: Up MEP Port status: Forwarding Receive RDI: FALSE MP Status: Active Setting the MP Database Persistence To set the database persistence, use the following command. • Set the amount of time that data from a missing MEP is kept in the continuity check database. ECFM DOMAIN mode database hold-time minutes The default is 100 minutes. The range is from 100 to 65535 minutes.
• Loss of three consecutive CCMs from any of the remote MEP, which indicates a network failure. • Reception of a CCM with an incorrect CCM transmission interval, which indicates a configuration error. • Reception of a CCM with an incorrect MEP ID or MAID, which indicates a configuration or cross-connect error. This error could happen when different VLANs are cross-connected due to a configuration error.
Sending Linktrace Messages and Responses Linktrace message and response (LTM, LTR), also called Layer 2 Traceroute, is an administratively sent multicast frame transmitted by MEPs to track, hop-by-hop, the path to another MEP or MIP within the maintenance domain. All MEPs and MIPs in the same domain respond to an LTM with a unicast LTR. Intermediate MIPs forward the LTM toward the target MEP. Figure 6.
• Set the size of the Link Trace Cache. ETHERNET CFM mode traceroute cache size entries The default is 100. • The range is from 1 to 4095 entries. Display the Link Trace Cache. EXEC Privilege mode • show ethernet cfm traceroute-cache Delete all Link Trace Cache entries.
• Enable SNMP trap messages for Ethernet CFM.
Received: 0 Rcvd Out Of Order: 0 Received Bad MSDU: 0 Transmitted: 0 Dell#show ethernet cfm port-statistics interface tengigabitethernet 0/5 Port statistics for port: Te 0/5 ================================== RX Statistics ============= Total CFM Pkts 75394 CCM Pkts 75394 LBM Pkts 0 LTM Pkts 0 LBR Pkts 0 LTR Pkts 0 Bad CFM Pkts 0 CFM Pkts Discarded 0 CFM Pkts forwarded 102417 TX Statistics ============= Total CFM Pkts 10303 CCM Pkts 0 LBM Pkts 0 LTM Pkts 3 LBR Pkts 0 LTR Pkts 0 94 802.
6 802.1X 802.1X is a method of port security. A device connected to a port that is enabled with 802.1X is disallowed from sending or receiving packets on the network until its identity can be verified (through a username and password, for example). This feature is named for its IEEE specification. 802.
Figure 8. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the network is the supplicant. The supplicant is not allowed to communicate on the network until the authenticator authorizes the port. It can only communicate with the authenticator in response to 802.1X requests. • The device with which the supplicant communicates is the authenticator. The authenticator is the gate keeper of the network.
6. If the identity information the supplicant provides is valid, the authentication server sends an Access-Accept frame in which network privileges are specified. The authenticator changes the port state to authorized and forwards an EAP Success frame. If the identity information is invalid, the server sends an Access-Reject frame. If the port state remains unauthorized, the authenticator forwards an EAP Failure frame. Figure 9. EAP Port-Authentication EAP over RADIUS 802.
RADIUS Attributes for 802.1 Support Dell Networking systems include the following RADIUS attributes in all 802.1X-triggered Access-Request messages: Attribute 31 Calling-station-id: relays the supplicant MAC address to the authentication server. Attribute 41 NAS-Port-Type: NAS-port physical port type. 15 indicates Ethernet. Attribute 61 NAS-Port: the physical port number by which the authenticator is connected to the supplicant.
Enabling 802.1X Enable 802.1X globally. Figure 11. 802.1X Enabled 1. Enable 802.1X globally. CONFIGURATION mode dot1x authentication 2. Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [range] 3. Enable 802.1X on the supplicant interface only. INTERFACE mode dot1x authentication Example of Verifying that 802.1X is Enabled Globally Example of Verifying 802.1X is Enabled on an Interface Verify that 802.
The bold lines show that 802.1X is enabled. Dell#show running-config | find dot1x dot1x authentication ! [output omitted] ! interface TenGigabitEthernet 2/1 no ip address dot1x authentication no shutdown ! Dell# View 802.1X configuration information for an interface using the show dot1x interface command. The bold lines show that 802.1X is enabled on all ports unauthorized by default. Dell#show dot1x interface TenGigabitEthernet 2/1 802.
• The default is 30. Configure a maximum number of times that a Request Identity frame is re-transmitted by the authenticator. INTERFACE mode dot1x max-eap-req number The range is from 1 to 10. The default is 2. The example in Configuring a Quiet Period after a Failed Authentication shows configuration information for a port for which the authenticator re-transmits an EAP Request Identity frame after 90 seconds and re-transmits a maximum of 10 times.
Auth PAE State: Backend State: Initialize Initialize Forcibly Authorizing or Unauthorizing a Port IEEE 802.1X requires that a port can be manually placed into any of three states: • ForceAuthorized — an authorized state. A device connected to this port in this state is never subjected to the authentication process, but is allowed to communicate on the network. Placing the port in this state is same as disabling 802.1X on the port. • ForceUnauthorized — an unauthorized state.
• Configure the authenticator to periodically re-authenticate the supplicant. INTERFACE mode dot1x reauthentication [interval] seconds The range is from 1 to 65535. • The default is 3600. Configure the maximum number of times that the supplicant can be re-authenticated. INTERFACE mode dot1x reauth-max number The range is from 1 to 10. The default is 2.
dot1x server-timeout seconds The range is from 1 to 300. The default is 30. Example of Viewing Configured Server Timeouts The example shows configuration information for a port for which the authenticator terminates the authentication process for an unresponsive supplicant or server after 15 seconds. The bold lines show the new supplicant and server timeouts. Dell(conf-if-Te-0/0)#dot1x port-control force-authorized Dell(conf-if-Te-0/0)#do show dot1x interface TenGigabitEthernet 0/0 802.
Figure 12. Dynamic VLAN Assignment 1. Configure 8021.x globally (refer to Enabling 802.1X) along with relevant RADIUS server configurations. 2. Make the interface a switchport so that it can be assigned to a VLAN. 3. Create the VLAN to which the interface is assigned. 4. Connect the supplicant to the port configured for 802.1X. 5. Verify that the port has been authorized and placed in the desired VLAN.
• If a port is already forwarding on the Guest VLAN when 802.1X is enabled, the port is moved out of the Guest VLAN and the authentication process begins. Configuring a Guest VLAN If the supplicant does not respond within a determined amount of time ([reauth-max + 1] * tx-period, the system assumes that the host does not have 802.1X capability and the port is placed in the Guest VLAN. NOTE: For more information about configuring timeouts, refer to Configuring Timeouts.
View your configuration using the show config command from INTERFACE mode, as shown in the example in Configuring a Guest VLAN or using the show dot1x interface command from EXEC Privilege mode. Example of Viewing Guest and Authentication-Fail Configurations Dell (conf-if-te 2/1)#dot1x port-control force-authorized Dell (conf-if-te 2/1)#show dot1x interface TenGigabitEthernet 2/1 802.
7 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM) This chapter describes the access control list (ACL) virtual local area network (VLAN) group and content addressable memory (CAM) enhancements. Optimizing CAM Utilization During the Attachment of ACLs to VLANs To minimize the number of entries in CAM, enable and configure the ACL CAM feature. Use this feature when you apply ACLs to a VLAN (or a set of VLANs) and when you apply ACLs to a set of ports.
• The description of the ACL group is added or removed. Guidelines for Configuring ACL VLAN Groups Keep the following points in mind when you configure ACL VLAN groups: • The interfaces where you apply the ACL VLAN group function as restricted interfaces. The ACL VLAN group name identifies the group of VLANs that performs hierarchical filtering. • You can add only one ACL to an interface at a time.
3. Apply an egress IP ACL to the ACL VLAN group. CONFIGURATION (conf-acl-vl-grp) mode ip access-group {group name} out implicit-permit 4. Add VLAN member(s) to an ACL VLAN group. CONFIGURATION (conf-acl-vl-grp) mode member vlan {VLAN-range} 5. Display all the ACL VLAN groups or display a specific ACL VLAN group, identified by name.
EXEC Privilege mode Dell#show cam-usage switch Stackunit|Portpipe| CAM Partition | Total CAM | Used CAM |Available CAM ========|========|=================|============|============|============= 1 | 0 | IN-L2 ACL | 1536 | 0 | 1536 | | OUT-L2 ACL | 206 | 9 | 197 Codes: * - cam usage is above 90%. Viewing CAM Usage View the amount of CAM space available, used, and remaining in each partition (including IPv4Flow and Layer 2 ACL sub- partitions) using the show cam-usage command in EXEC Privilege mode.
11 | | | | 1 | | | | OUT-L2 ACL IN-L2 ACL IN-L2 FIB OUT-L2 ACL | | | | 0 7152 32768 0 | | | | 0 0 1081 0 | | | | 0 7152 31687 0 The following output displays CAM space usage for Layer 3 ACLs: Dell#show cam-usage router Linecard|Portpipe| CAM Partition | Total CAM | Used CAM |Available CAM ========|========|=================|=============|=============|============== 11 | 0 | IN-L3 ACL | 8192 | 3 | 8189 | | IN-L3 FIB | 196607 | 1 | 196606 | | IN-L3-SysFlow | 2878 | 0 | 2878 | | IN-L3-TrcList | 102
8 Access Control Lists (ACLs) This chapter describes access control lists (ACLs), prefix lists, and route-maps. The S5000 switch supports: • Access control lists (ACLs) • Ingress IP and MAC ACLs • Egress IP and MAC ACLs At their simplest, access control lists (ACLs), prefix lists, and route-maps permit or deny traffic based on MAC and/or IP addresses. This chapter describes implementing IP ACLs, IP prefix lists and route-maps. For MAC ACLS, refer to Layer 2.
NOTE: Hot lock ACLs are supported for Ingress ACLs only. CAM Allocation and CAM Optimization The S5000 supports the CAM allocation and CAM optimization. For more information, refer to the following: • User Configurable CAM Allocation • CAM Optimization User Configurable CAM Allocation Allocate space for IPV6 ACLs by using the cam-acl command in CONFIGURATION mode. The CAM space is allotted in filter processor (FP) blocks. The total space allocated must equal 13 FP blocks.
The following example shows the output when executing this command. The status column indicates whether you can enable the policy.
Example of Viewing CAM-ACL Settings NOTE: If you change the cam-acl setting from CONFIGURATION mode, the output of this command does not reflect any changes until you save the running-configuration and reload the chassis.
Dell# View CAM Usage View the amount of CAM space available, used, and remaining in each ACL partition using the show cam-usage command from EXEC Privilege mode.
NOTE: IP ACLs are supported over VLANs in Dell Networking OS version 6.2.1.1 and higher. ACLs and VLANs There are some differences when assigning ACLs to a VLAN rather than a physical port. For example, when using a single port-pipe, if you apply an ACL to a VLAN, one copy of the ACL entries is installed in the ACL CAM on the port-pipe. The entry looks for the incoming VLAN in the packet.
• Both standard and extended ACLs support IP fragments. • Second and subsequent fragments are allowed because a Layer 4 rule cannot be applied to these fragments. If the packet is denied eventually, the first fragment is denied and the packet as a whole cannot be reassembled. • Implementing the required rules uses a significant number of CAM entries per TCP/UDP entry. • For IP ACL, Dell Networking OS always applies implicit deny. You do not have to configure it.
Example of Layer 4 ACL Rules In this first example, TCP packets from host 10.1.1.1 with TCP destination port equal to 24 are permitted. All others are denied. Dell(conf)#ip access-list extended ABC Dell(conf-ext-nacl)#permit tcp host 10.1.1.1 any eq 24 Dell(conf-ext-nacl)#deny ip any any fragment Dell(conf-ext-nacl) Example of TCP Packets In the following example, the TCP packets that are first fragments or non-fragmented from host 10.1.1.1 with TCP destination port equal to 24 are permitted.
Example of Viewing the Rules of a Specific ACL on an Interface Example of the seq Command to Order Filters Dell#show ip accounting access-list ToOspf interface gig 1/6 Standard IP access list ToOspf seq 5 deny any seq 10 deny 10.2.0.0 /16 seq 15 deny 10.3.0.0 /16 seq 20 deny 10.4.0.0 /16 seq 25 deny 10.5.0.0 /16 seq 30 deny 10.6.0.0 /16 seq 35 deny 10.7.0.0 /16 seq 40 deny 10.8.0.0 /16 seq 45 deny 10.9.0.0 /16 seq 50 deny 10.10.0.
To view all configured IP ACLs, use the show ip accounting access-list command in EXEC Privilege mode. Example of Viewing Standard ACL Filter Sequence for an Interface Dell#show ip accounting access example interface tengig 4/12 Extended IP access list example seq 10 deny tcp any any eq 111 seq 15 deny udp any any eq 111 seq 20 deny udp any any eq 2049 seq 25 deny udp any any eq 31337 seq 30 deny tcp any any range 12345 12346 seq 35 permit udp host 10.21.126.225 10.4.5.0 /28 seq 40 permit udp host 10.21.
Configuring Filters Without a Sequence Number If you are creating an extended ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. Dell Networking OS assigns filters in multiples of five. To configure a filter for an extended IP ACL without a specified sequence number, use any or all of the following commands: • Configure a deny or permit filter to examine IP packets.
• When Dell Networking OS switches the packets, the egress L3 ACL does not filter the packet. For the following features, if you enable counters on rules that have already been configured and a new rule is either inserted or prepended, all the existing counters are reset: • L2 ingress access list • L3 egress access list • L2 egress access list • L3 ingress access list If a rule is simply appended, existing counters are not affected. Table 9.
3. Apply an IP ACL to traffic entering or exiting an interface. INTERFACE mode ip access-group access-list-name {in | out} [implicit-permit] [vlan vlan-range] NOTE: The number of entries allowed per ACL is hardware-dependent. For detailed specification about entries allowed per ACL, refer to your line card documentation. 4. Apply rules to the new ACL.
Dell(conf-if-te-0/0)#end Dell#configure terminal Dell(conf)#ip access-list extended abcd Dell(config-ext-nacl)#permit tcp any any Dell(config-ext-nacl)#deny icmp any any Dell(config-ext-nacl)#permit 1.1.1.2 Dell(config-ext-nacl)#end Dell#show ip accounting access-list ! Extended Ingress IP access list abcd on tengigEthernet 0/0 seq 5 permit tcp any any seq 10 deny icmp any any seq 15 permit 1.1.1.
CONFIGURATION mode ip control-plane [egress filter] 2. Apply Egress ACLs to IPv6 system traffic. CONFIGURATION mode ipv6 control-plane [egress filter] 3. Create a Layer 3 ACL using permit rules with the count option to describe the desired CPU traffic.
NOTE: You can only apply ACLs for Loopback to incoming traffic. To apply ACLs on Loopback, use the ip access-group command in INTERFACE mode. This example shows the interface configuration status, adding rules to the access group, and displaying the list of rules in the ACL.
Implementation Information In Dell Networking OS, prefix lists are used in processing routes for routing protocols (for example, router information protocol [RIP], open shortest path first [OSPF], and border gateway protocol [BGP]). It is important to know which protocol your system supports prior to implementing prefix-lists. NOTE: The S5000 platform does not support all protocols. It is important to know which protocol you are supporting prior to implementing Prefix-Lists.
! ip prefix-list juba seq 12 deny 134.23.0.0/16 seq 15 deny 120.0.0.0/8 le 16 seq 20 permit 0.0.0.0/0 le 32 Dell(conf-nprefixl)# NOTE: The last line in the prefix list Juba contains a “permit all” statement. By including this line in a prefix list, you specify that all routes not matching any criteria in the prefix list are forwarded. To delete a filter, use the no seq sequence-number command in PREFIX LIST mode.
Example of the show ip prefix-list detail Command Example of the show ip prefix-list summary Command Dell>show ip prefix detail Prefix-list with the last deletion/insertion: filter_ospf ip prefix-list filter_in: count: 3, range entries: 3, sequences: 5 - 10 seq 5 deny 1.102.0.0/16 le 32 (hit count: 0) seq 6 deny 2.1.0.0/16 ge 23 (hit count: 0) seq 10 permit 0.0.0.0/0 le 32 (hit count: 0) ip prefix-list filter_ospf: count: 4, range entries: 1, sequences: 5 - 10 seq 5 deny 100.100.1.
Applying a Filter to a Prefix List (OSPF) To apply a filter to routes in open shortest path first (OSPF), use the following commands. • Enter OSPF mode. CONFIGURATION mode router ospf • Apply a configured prefix list to incoming routes. You can specify an interface. If you enter the name of a non-existent prefix list, all routes are forwarded. CONFIG-ROUTER-OSPF mode distribute-list prefix-list-name in [interface] • Apply a configured prefix list to incoming routes.
Rules Resquencing Rules After Resequencing: seq 5 permit any host 1.1.1.1 seq 10 permit any host 1.1.1.2 seq 15 permit any host 1.1.1.3 seq 20 permit any host 1.1.1.4 Resequencing an ACL or Prefix List Resequencing is available for IPv4 and IPv6 ACLs, prefix lists, and MAC ACLs. To resequence an ACL or prefix list, use the following commands. You must specify the list name, starting number, and increment when using these commands.
Dell(config-ext-nacl)# show config ! ip access-list extended test remark 4 XYZ remark 5 this remark corresponds to permit any host 1.1.1.1 seq 5 permit ip any host 1.1.1.1 remark 9 ABC remark 10 this remark corresponds to permit ip any host 1.1.1.2 seq 10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.
• • • • Creating a Route Map (mandatory) Configure Route Map Filters (optional) Configure a Route Map for Route Redistribution (optional) Configure a Route Map for Route Tagging (optional) Creating a Route Map Route maps, ACLs, and prefix lists are similar in composition because all three contain filters, but route map filters do not contain the permit and deny actions found in ACLs and prefix lists. Route map filters match certain routes and set or specify values.
Dell#show route-map route-map zakho, permit, sequence 20 Match clauses: interface GigabitEthernet 0/1 Set clauses: tag 35 level stub-area Dell# The following example shows a route map with multiple instances. The show config command displays only the configuration of the current route map instance. To view all instances of a specific route map, use the show route-map command.
In the following example, instance 10 permits the route having a tag value of 1000 and instances 20 and 30 deny the route having a tag value of 1000. In this scenario, Dell Networking OS scans all the instances of the route-map for any permit statement. If there is a match anywhere, the route is permitted. However, other instances of the route-map deny it.
• Match source routes specified in a prefix list (IPv6). CONFIG-ROUTE-MAP mode match ipv6 route-source {access-list-name | prefix-list prefix-list-name} • Match routes with a specific value. CONFIG-ROUTE-MAP mode match metric metric-value • Match BGP routes based on the ORIGIN attribute. CONFIG-ROUTE-MAP mode match origin {egp | igp | incomplete} • Match routes specified as internal or external to OSPF, ISIS level-1, ISIS level-2, or locally generated.
set next-hop ip-address • Assign an IPv6 address as the route’s next hop. CONFIG-ROUTE-MAP mode set ipv6 next-hop ip-address • Assign an ORIGIN attribute. CONFIG-ROUTE-MAP mode set origin {egp | igp | incomplete} • Specify a tag for the redistributed routes. CONFIG-ROUTE-MAP mode set tag tag-value • Specify a value as the route’s weight. CONFIG-ROUTE-MAP mode set weight value To create route map instances, use these commands.
Configure a Route Map for Route Tagging One method for identifying routes from different routing protocols is to assign a tag to routes from that protocol. As the route enters a different routing domain, it is tagged. The tag is passed along with the route as it passes through different routing protocols. You can use this tag when the route leaves a routing domain to redistribute those routes again.
9 Bidirectional Forwarding Detection (BFD) BFD is a protocol that is used to rapidly detect communication failures between two adjacent systems. It is a simple and lightweight replacement for existing routing protocol link state detection mechanisms. It also provides a failure detection solution for links on which no routing protocol is used. BFD is a simple hello mechanism. Two neighboring systems running BFD establish a session using a three-way handshake.
BFD Packet Format Control packets are encapsulated in user datagram protocol (UDP) packets. The following illustration shows the complete encapsulation of a BFD control packet inside an IPv4 packet. Figure 13. BFD in IPv4 Packet Format Field Description Diagnostic Code The reason that the last session failed. State The current local session state. Refer to BFD Sessions. Flag A bit that indicates packet function.
Field Description Length The entire length of the BFD packet. My Discriminator A random number the local system generates to identify the session. Your Discriminator A random number the remote system generates to identify the session. Discriminator values are necessary to identify the session to which a control packet belongs because there can be many sessions running on a single interface.
Administratively Down The local system does not participate in a particular session. Down The remote system is not sending control packets or at least not within the detection time for a particular session. Init The local system is communicating. Up Both systems are exchanging control packets. The session is declared down if: • A control packet is not received within the detection time. • Sufficient echo packets are lost.
Figure 14.
Session State Changes The following illustration shows how the session state on a system changes based on the status notification it receives from the remote system. For example, if a session on a system is down and it receives a Down status notification from the remote system, the session state on the local system changes to Init. Figure 15.
• Troubleshooting BFD Configure BFD for Physical Ports Configuring BFD for physical ports is supported on the C-Series and E-Series platforms only. BFD on physical ports is useful when you do not enable the routing protocol. Without BFD, if the remote system fails, the local system does not remove the connected route until the first failed attempt to send a packet. When you enable BFD, the local system removes the route as soon as it stops receiving periodic control packets from the remote system.
Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the following illustration. The configuration parameters do not need to match. Figure 16. Establishing a BFD Session on Physical Ports 1. Enter interface mode. CONFIGURATION mode interface 2. Assign an IP address to the interface if one is not already assigned. INTERFACE mode ip address ip-address 3.
Neighbor parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Role: Active Delete session on Down: False Client Registered: CLI Uptime: 00:03:57 Statistics: Number of packets received from neighbor: 1775 Number of packets sent to neighbor: 1775 Number of state changes: 1 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 4 Log messages display when you configure both interfaces for BFD.
INTERFACE mode • no bfd enable Enable BFD on an interface. INTERFACE mode bfd enable If you disable BFD on a local interface, this message displays: R1(conf-if-te-4/24)#01:00:52: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Ad Dn for neighbor 2.2.2.2 on interface Te 4/24 (diag: 0) If the remote system state changes due to the local state administration being down, this message displays: R2>01:32:53: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Down for neighbor 2.
Example of the show bfd neighbors Command to Verify Static Routes To verify that sessions have been created for static routes, use the show bfd neighbors command. R1(conf)#ip route 2.2.3.0/24 2.2.2.2 R1(conf)#ip route bfd R1(conf)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients 2.2.2.1 2.2.2.
Enabling BFD Globally You must enable BFD globally on both routers. To enable the BFD globally, use the following command. • Enable BFD globally. CONFIGURATION mode bfd enable Example of Verifying that BFD is Enabled To verify that BFD is enabled globally, use the show running bfd command. The bold line shows that BFD is enabled.
Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state. Figure 18. Establishing Sessions with OSPF Neighbors To establish BFD with all OSPF neighbors or with OSPF neighbors on a single interface, use the following commands. • Establish sessions with all OSPF neighbors.
The bold line shows the OSPF BFD sessions. Dell(conf-router_ospf)#bfd all-neighbors Dell(conf-router_ospf)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr * 2.2.2.2 RemoteAddr Interface State Rx-int Tx-int Mult Clients 2.2.2.1 Te 2/1 Up 100 100 3 O Changing OSPF Session Parameters Configure BFD sessions with default intervals and a default role.
Configuring BFD for IS-IS is a two-step process: 1. Enable BFD globally. 2. Establish sessions for all or particular IS-IS neighbors. Related Configuration Tasks • • Changing IS-IS Session Parameters Disabling BFD for IS-IS Establishing Sessions with IS-IS Neighbors BFD sessions can be established for all IS-IS neighbors at once or sessions can be established for all neighbors out of a specific interface. Figure 19.
The bold line shows that IS-IS BFD sessions are enabled. R2(conf-router_isis)#bfd all-neighbors R2(conf-router_isis)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr * 2.2.2.2 RemoteAddr Interface State Rx-int Tx-int Mult Clients 2.2.2.1 Te 2/1 Up 100 100 3 I Changing IS-IS Session Parameters BFD sessions are configured with default intervals and a default role.
Configure BFD for BGP In a BGP core network, BFD provides rapid detection of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence. BFD for BGP is supported on 1GE, 10GE, 40GE, portchannel, and VLAN interfaces. BFD for BGP does not support IPv6 and the BGP multihop feature. Prerequisites Before configuring BFD for BGP, first configure the following settings: 1.
BFD packets originating from a router are assigned to the highest priority egress queue to minimize transmission delays. Incoming BFD control packets received from the BGP neighbor are assigned to the highest priority queue within the control plane policing (COPP) framework to avoid BFD packets drops due to queue congestion. BFD notifies BGP of any failure conditions that it detects on the link. BGP initiates recovery actions.
Disabling BFD for BGP You can disable BFD for BGP. To disable a BFD for BGP session with a specified neighbor, use the first command. To remove the disabled state of a BFD for BGP session with a specified neighbor, use the second command. The BGP link with the neighbor returns to normal operation and uses the BFD session parameters globally configured with the bfd all-neighbors command or configured for the peer group to which the neighbor belongs. • Disable a BFD for BGP session with a specified neighbor.
• Displays routing information exchanged with BGP neighbors, including BFD for BGP sessions. EXEC Privilege mode show ip bgp neighbors [ip-address] Example of Verifying BGP Configuration Example of Viewing All BFD Neighbors Example of Viewing BFD Neighbor Detail Example of Viewing Configured BFD Counters Example of Viewing BFD Summary Information Example of Viewing BFD Information for a Specified Neighbor Dell# show running-config bgp ! router bgp 2 neighbor 1.1.1.2 remote-as 1 neighbor 1.1.1.
Uptime: 00:07:55 Statistics: Number of packets received from neighbor: 4762 Number of packets sent to neighbor: 4490 Number of state changes: 2 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 5 Session Discriminator: 10 Neighbor Discriminator: 11 Local Addr: 2.2.2.3 Local MAC Addr: 00:01:e8:66:da:34 Remote Addr: 2.2.2.
The bold line shows the message displayed when you enable BFD for BGP connections. Dell# show ip bgp summary BGP router identifier 10.0.0.1, local AS number 2 BGP table version is 0, main routing table version 0 BFD is enabled, Interval 100 Min_rx 100 Multiplier 3 Role Active 3 neighbor(s) using 24168 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pfx 1.1.1.2 2.2.2.2 3.3.3.
... Neighbor is using BGP neighbor mode BFD configuration Peer active in peer-group outbound optimization ... R2# show ip bgp neighbors 2.2.2.4 BGP neighbor is 2.2.2.4, remote AS 1, external link Member of peer-group pg1 for session parameters BGP version 4, remote router ID 12.0.0.4 BGP state ESTABLISHED, in this state for 00:05:33 ... Neighbor is using BGP peer-group mode BFD configuration Peer active in peer-group outbound optimization ...
The following example displays hexadecimal output from the debug bfd packet command. RX packet dump: 20 c0 03 18 00 00 00 05 00 00 00 04 00 01 86 a0 00 01 86 a0 00 00 00 00 00:34:13 : Sent packet for session with neighbor 2.2.2.2 on Gi 4/24 TX packet dump: 20 c0 03 18 00 00 00 04 00 00 00 05 00 01 86 a0 00 01 86 a0 00 00 00 00 00:34:14 : Received packet for session with neighbor 2.2.2.
10 Border Gateway Protocol IPv4 (BGPv4) Border gateway protocol IPv4 (BGPv4) version 4 (BGPv4) is supported on Dell Networking OS This chapter provides a general description of BGPv4 as it is supported in the Dell Networking operating system (OS). BGP is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS). The primary function of the BGP is to exchange network reachability information with other BGP systems.
Figure 21. Internal BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol — a computer network in which BGP maintains the path that updated information takes as it diffuses through the network. Updates traveling through the network and returning to the same node are easily detected and discarded.
Figure 22. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two endpoints of that session are Peers. A Peer is also called a Neighbor. Establish a Session Events and timers drive information exchange between peers. The focus in BGP is on the traffic routing policies.
State Description Idle BGP initializes all resources, refuses all inbound BGP connection attempts, and initiates a TCP connection to the peer. Connect In this state the router waits for the TCP connection to complete, transitioning to the OpenSent state if successful. If that transition is not successful, BGP resets the ConnectRetry timer and transitions to the Active state when the timer expires. Active The router resets the ConnectRetry timer to zero and returns to the Connect state.
Figure 23. BGP Router Rules 1. Router B receives an advertisement from Router A through eBGP. Because the route is learned through eBGP, Router B advertises it to all its iBGP peers: Routers C and D. 2. Router C receives the advertisement but does not advertise it to any peer because its only other peer is Router D, an iBGP peer, and Router D has already learned it through iBGP from Router B. 3.
which they were received from the neighbors because MED may or may not get compared between the adjacent paths. In deterministic mode, Dell Networking OS compares MED between the adjacent paths within an AS group because all paths in the AS group are from the same AS. The following illustration shows that the decisions BGP goes through to select the best path. The list following the illustration details the path selection criteria. Figure 24. BGP Best Path Selection Best Path Selection Details 1.
7. Prefer external (EBGP) to internal (IBGP) paths or confederation EBGP paths. 8. Prefer the path with the lowest IGP metric to the BGP if next-hop is selected when synchronization is disabled and only an internal path remains. 9. Dell Networking OS deems the paths as equal and does not perform steps 9 through 11, if the following criteria is met: 10. a. the IBGP multipath or EBGP multipath are configured (the maximum-path command). b.
Figure 25. BGP Local Preference Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discriminator (MED) can be used to assign a preference to a preferred path. MED is one of the criteria used to determine the best path, so keep in mind that other criteria may effect selection, as shown in the illustration in Best Path Selection Criteria. One AS assigns the MED a value and the other AS uses that value to decide the preferred path.
Figure 26. Multi-Exit Discriminators Origin The origin indicates the origin of the prefix, or how the prefix came into BGP. There are three origin codes: IGP, EGP, INCOMPLETE. Origin Type Description IGP Indicates the prefix originated from information learned through an interior gateway protocol. EGP Indicates the prefix originated from information learned from an EGP protocol, which NGP replaced. INCOMPLETE Indicates that the prefix originated from an unknown source.
Example of Viewing AS Paths Dell#show ip bgp paths Total 30655 Paths Address Hash Refcount Metric 0x4014154 0 3 18508 0x4013914 0 3 18508 0x5166d6c 0 3 18508 0x5e62df4 0 2 18508 0x3a1814c 0 26 18508 0x567ea9c 0 75 18508 0x6cc1294 0 2 18508 0x6cc18d4 0 1 18508 0x5982e44 0 162 18508 0x67d4a14 0 2 18508 0x559972c 0 31 18508 0x59cd3b4 0 2 18508 0x7128114 0 10 18508 0x536a914 0 3 18508 0x2ffe884 0 1 18508 Path 701 3549 19421 i 701 7018 14990 i 209 4637 1221 9249 9249 i 701 17302 i 209 22291 i 209 3356 2529 i 20
Advertise IGP Cost as MED for Redistributed Routes When using multipath connectivity to an external AS, you can advertise the MED value selectively to each peer for redistributed routes. For some peers you can set the internal/IGP cost as the MED while setting others to a constant pre-defined metric as MED value. Dell Networking OS supports configuring the set metric-type internal command in a route-map to advertise the IGP cost as the MED to outbound EBGP peers when redistributing routes.
Traditional Format DOT Format 65001 0.65501 65536 1.0 100000 1.34464 4294967295 65535.65535 When creating Confederations (Communities), all the routers in a Confederation must be either 4 Byte or 2 Byte identified routers. You cannot mix them. Configure 4-byte AS numbers with the four-octet-support command. AS4 Number Representation Dell Networking OS supports multiple representations of 4-byte AS numbers: asplain, asdot+, and asdot.
ASDOT+ Dell(conf-router_bgp)#bgp asnotation asdot+ Dell(conf-router_bgp)#show conf ! router bgp 100 bgp asnotation asdot+ bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057
Figure 27. Before and After AS Number Migration with Local-AS Enabled When you complete your migration, and you have reconfigured your network with the new information, disable this feature. If you use the “no prepend” option, the Local-AS does not prepend to the updates received from the eBGP peer. If you do not select “no prepend” (the default), the Local-AS is added to the first AS segment in the AS-PATH.
BGP4 Management Information Base (MIB) The FORCE10-BGP4-V2-MIB enhances Dell Networking OS BGP management information base (MIB) support with many new simple network management protocol (SNMP) objects and notifications (traps) defined in draft-ietf-idr-bgp4-mibv2-05. To see these enhancements, download the MIB from the Dell Networking website, www.dell.com. NOTE: For the Force10-BGP4-V2-MIB and other MIB documentation, refer to the Dell iSupport web page.
Traps (notifications) specified in the BGP4 MIB draft are not supported. Such traps (bgpM2Established and bgpM2BackwardTransition) are supported as part of RFC 1657.
Item Default holdtime = 180 seconds Enabling BGP By default, BGP is not enabled on the system. Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN). To establish BGP sessions and route traffic, configure at least one BGP neighbor or peer. In BGP, routers with an established TCP connection are called neighbors or peers. After a connection is established, the neighbors exchange full BGP routing tables with incremental updates afterward.
CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group name} remote-as as-number • peer-group name: 16 characters • as-number: from 0 to 65535 (2 Byte) or from 1 to 4294967295 (4 Byte) or 0.1 to 65535.65535 (Dotted format) Formats: IP Address A.B.C.D You must Configuring Peer Groups before assigning it a remote AS. 3. Enable the BGP neighbor.
100.10.92.9 65192 0 192.168.10.1 65123 0 192.168.12.2 65123 0 Dell# 0 0 0 0 0 0 0 0 0 0 0 0 never never never Active Active Active For the router’s identifier, Dell Networking OS uses the highest IP address of the Loopback interfaces configured. Because Loopback interfaces are virtual, they cannot go down, thus preventing changes in the router ID. If you do not configure Loopback interfaces, the highest IP address of any interface is used as the router ID.
Dell#show running-config bgp ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list ISP1in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.9 no shutdown neighbor 192.168.10.1 remote-as 65123 neighbor 192.168.10.
Example of the bgp asnotation asplain Command Example of the bgp asnotation asdot Command Example of the bgp asnotation asdot+ Command Dell(conf-router_bgp)#bgp asnotation asplain Dell(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.250 route-map rmap1 in neighbor 172.30.1.250 password 7 5ab3eb9a15ed02ff4f0dfd4500d6017873cfd9a267c04957 neighbor 172.30.1.
neighbor peer-group-name no shutdown By default, all peer groups are disabled. 3. Create a BGP neighbor. CONFIG-ROUTERBGP mode neighbor ip-address remote-as as-number 4. Enable the neighbor. CONFIG-ROUTERBGP mode neighbor ip-address no shutdown 5. Add an enabled neighbor to the peer group. CONFIG-ROUTERBGP mode neighbor ip-address peer-group peer-group-name 6. Add a neighbor as a remote AS. CONFIG-ROUTERBGP mode neighbor {ip-address | peer-group name} remote-as as-number Formats: IP Address A.B.C.
NOTE: When you configure a new set of BGP policies for a peer group, always reset the peer group by entering the clear ip bgp peer-group peer-group-name command in EXEC Privilege mode. To view the configuration, use the show config command in CONFIGURATION ROUTER BGP mode. When you create a peer group, it is disabled (shutdown). The following example shows the creation of a peer group (zanzibar) (in bold).
10.68.169.1 10.68.170.1 10.68.171.1 10.68.172.1 10.68.173.1 10.68.174.1 10.68.175.1 10.68.176.1 10.68.177.1 10.68.178.1 10.68.179.1 10.68.180.1 10.68.181.1 10.68.182.1 10.68.183.1 10.68.184.1 10.68.185.1 Dell> Configuring BGP Fast Fall-Over By default, the hold time governs a BGP session. BGP routers typically carry large routing tables, so frequent session resets are not desirable. The BGP fast fall-over feature reduces the convergence time while maintaining stability.
ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) fall-over enabled Update source set to Loopback 0 Peer active in peer-group outbound optimization For address family: IPv4 Unicast BGP table version 52, neighbor version 52 4 accepted prefixes consume 16 bytes Prefix advertised 0, denied 0, withdrawn 0 Connections established 6; dropped 5 Last reset 00:19:37, due to Reset by peer Notification History 'C
When a passive peer-group rejects a BGP neighbor connection with authentication configured, Dell Networking OS does not allow another passive peer-group on the same subnet to connect with the BGP neighbor. To work around this, change the BGP configuration or change the order of the peer group configuration. You can constrain the number of passive sessions the neighbor accepts. The limit keyword allows you to set the total number of sessions the neighbor accepts, between 2 and 265.
Dell(conf-router_bgp)#show conf ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Name in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.
Enabling Graceful Restart To lessen the negative effects of a BGP restart, use the graceful restart feature. Dell Networking OS advertises support for this feature to BGP neighbors through a capability advertisement. You can enable graceful restart by router and/or by peer or peer group. NOTE: By default, BGP graceful restart is disabled. The default role for BGP is as a receiving or restarting peer.
With the graceful restart feature, Dell Networking OS enables the receiving/restarting mode by default. In Receiver-Only mode, graceful restart saves the advertised routes of peers that support this capability when they restart. This option provides support for remote peers for their graceful restart without supporting the feature itself. You can implement BGP graceful restart either by neighbor or by BGP peer-group.
AS-PATH ACL mode exit 4. Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5. Use a configured AS-PATH ACL for route filtering and manipulation. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} filter-list as-path-name {in | out} If you assign a non-existent or empty AS-PATH ACL, the software allows all routes. Example of the show ip bgp paths Command To view all BGP path attributes in the BGP database, use the show ip bgp paths command in EXEC Privilege mode.
Regular Expression Definition * (asterisk) Matches 0 or more sequences of the immediately previous character or pattern. + (plus) Matches 1 or more sequences of the immediately previous character or pattern. ? (question) Matches 0 or 1 sequence of the immediately previous character or pattern.
deny 32$ Dell# Filtering BGP Routes Using AS-PATH Information To filter routes based on AS-PATH information, use these commands. 1. Create an AS-PATH ACL and assign it a name. CONFIGURATION mode ip as-path access-list as-path-name 2. Create an AS-PATH ACL filter with a deny or permit action. AS-PATH ACL mode {deny | permit} as-regular-expression 3. Return to CONFIGURATION mode. AS-PATH ACL exit 4. Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5.
Configure the following parameters: – level-1, level-1-2, or level-2: Assign all redistributed routes to a level. The default is level-2. – metric value: The value is from 0 to 16777215. The default is 0. – map-name: name of a configured route map. • Include specific OSPF routes in IS-IS.
IETF RFC 1997 defines the COMMUNITY attribute and the predefined communities of INTERNET, NO_EXPORT_SUBCONFED, NO_ADVERTISE, and NO_EXPORT. All BGP routes belong to the INTERNET community. In the RFC, the other communities are defined as follows: • All routes with the NO_EXPORT_SUBCONFED (0xFFFFFF03) community attribute are not sent to CONFED-EBGP or EBGP peers, but are sent to IBGP peers within CONFED-SUB-AS. • All routes with the NO_ADVERTISE (0xFFFFFF02) community attribute must not be advertised.
Filtering Routes with Community Lists To use an IP community list or IP extended community list to filter routes, apply a match community filter to a route map and then apply that route map to a BGP neighbor or peer group. 1. Enter the ROUTE-MAP mode and assign a name to a route map. CONFIGURATION mode route-map map-name [permit | deny] [sequence-number] 2. Configure a match filter for all routes meeting the criteria in the IP community or IP extended community list.
route-map map-name [permit | deny] [sequence-number] 2. Configure a set filter to delete all COMMUNITY numbers in the IP community list. CONFIG-ROUTE-MAP mode set comm-list community-list-name delete OR set community {community-number | local-as | no-advertise | no-export | none} Configure a community list by denying or permitting specific community numbers or types of community. 3.
Changing MED Attributes By default, Dell Networking OS uses the MULTI_EXIT_DISC or MED attribute when comparing EBGP paths from the same AS. To change how the MED attribute is used, enter any or all of the following commands. • Enable MED comparison in the paths from neighbors with different ASs. CONFIG-ROUTER-BGP mode bgp always-compare-med • By default, this comparison is not performed. Change the bestpath MED selection.
5. Apply the route map to the neighbor or peer group’s incoming or outgoing routes. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-map map-name {in | out} To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode. To view a route map configuration, use the show route-map command in EXEC Privilege mode. Changing the NEXT_HOP Attribute You can change how the NEXT_HOP attribute is used.
• Enable multiple parallel paths. CONFIG-ROUTER-BGP mode maximum-paths {ebgp | ibgp} number The number range is from 1 to 16. The default is 1. Filtering BGP Routes Using Route Maps To filter routes using a route map, use these commands. 1. Create a route map and assign it a name. CONFIGURATION mode route-map map-name [permit | deny] [sequence-number] 2. Create multiple route map filters with a match or set action.
AS-PATH ACL mode {deny | permit} as-regular-expression 3. Return to CONFIGURATION mode. AS-PATH ACL exit 4. Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5. Filter routes based on the criteria in the configured route map. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} filter-list as-path-name {in | out} Configure the following parameters: • ip-address or peer-group-name: enter the neighbor’s IP address or the peer group’s name.
ip prefix-list prefix-name 2. Create multiple prefix list filters with a deny or permit action. CONFIG-PREFIX LIST mode seq sequence-number {deny | permit} {any | ip-prefix [ge | le] } • ge: minimum prefix length to match. • le: maximum prefix length to match. For information about configuring prefix lists, refer to Access Control Lists (ACLs). 3. Return to CONFIGURATION mode. CONFIG-PREFIX LIST mode exit 4. Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5.
CONFIG-ROUTE-MAP mode exit 4. Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5. Filter routes based on the criteria in the configured route map. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-map map-name {in | out} Configure the following parameters: • ip-address or peer-group-name: enter the neighbor’s IP address or the peer group’s name. • map-name: enter the name of a configured route map. • in: apply the route map to inbound routes.
To forward all routes not meeting the AS-PATH ACL criteria, include the permit .* filter in your AS-PATH ACL. Configuring BGP Route Reflectors BGP route reflectors are intended for ASs with a large mesh; they reduce the amount of BGP control traffic. With route reflection configured properly, IBGP routers are not fully meshed within a cluster but all receive routing information.
*> 9.141.128.0/24 10.114.8.33 Dell# 0 18508 701 7018 2686 ? Configuring BGP Confederations Another way to organize routers within an AS and reduce the mesh for IBGP peers is to configure BGP confederations. As with route reflectors, BGP confederations are recommended only for IBGP peering involving many IBGP peering sessions per router. Basically, when you configure BGP confederations, you break the AS into smaller sub-AS, and to those outside your network, the confederations appear as one AS.
To configure route flap dampening parameters, set dampening parameters using a route map, clear information on route dampening and return suppressed routes to active state, view statistics on route flapping, or change the path selection from the default mode (deterministic) to non-deterministic, use the following commands. • Enable route dampening.
bgp non-deterministic-med NOTE: When you change the best path selection method, path selection for existing paths remains unchanged until you reset it by entering the clear ip bgp command in EXEC Privilege mode. Example of Configuring a Route for Reuse or Restart Example of Viewing the Number of Dampened Routes To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode or the show running-config bgp command in EXEC Privilege mode.
• whichever is the lower value; one-third of the new holdtime value, or the configured keepalive value is the new keepalive value. • Configure timer values for a BGP neighbor or peer group. CONFIG-ROUTER-BGP mode neighbors {ip-address | peer-group-name} timers keepalive holdtime – keepalive: the range is from 1 to 65535. Time interval, in seconds, between keepalive messages sent to the neighbor routers. The default is 60 seconds. • – holdtime: the range is from 3 to 65536.
– neighbor-address: Clears the neighbor with this IP address. – AS Numbers: Peers’ AS numbers to clear. – ipv4: Clears information for the IPv4 address family. • – peer-group-name: Clears all members of the specified peer group. Enable soft-reconfiguration for the BGP neighbor specified. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} soft-reconfiguration inbound BGP stores all the updates the neighbor receives but does not reset the peer-session.
Enabling MBGP Configurations Multiprotocol BGP (MBGP) is an enhanced BGP that carries IP multicast routes. BGP carries two sets of routes: one set for unicast routing and one set for multicast routing. The routes associated with multicast routing are used by the protocol independent multicast (PIM) to build data distribution trees. The S5000 supports MBGP for IPv6 Unicast and IPv4 multicast. Dell Networking OS MBGP is implemented per RFC 1858.
• View information about BGP route being dampened. EXEC Privilege mode • debug ip bgp dampening [in | out] View information about local BGP state changes and other BGP events. EXEC Privilege mode • debug ip bgp [ip-address | peer-group peer-group-name] events [in | out] View information about BGP KEEPALIVE messages. EXEC Privilege mode • debug ip bgp [ip-address | peer-group peer-group-name] keepalive [in | out] View information about BGP notifications received from or sent to neighbors.
Sent 48 messages, 0 in queue 3 opens, 2 notifications, 0 updates 43 keepalives, 0 route refresh requests Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) For address family: IPv4 Unicast BGP table version 1395, neighbor ver
ffffffff ffffffff ffffffff ffffffff 00130400 PDU[3] : len 19, captured 00:34:51 ago ffffffff ffffffff ffffffff ffffffff 00130400 PDU[4] : len 19, captured 00:34:22 ago ffffffff ffffffff ffffffff ffffffff 00130400 [. . .] Outgoing packet capture enabled for BGP neighbor 20.20.20.
Figure 28. Sample Configurations Example of Enabling BGP (Router 1) Example of Enabling BGP (Router 2) Dell# conf Dell(conf)#int loop 0 Dell(conf-if-lo-0)#ip address 192.168.128.1/24 Dell(conf-if-lo-0)#no shutdown Dell(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.1/24 no shutdown Dell(conf-if-lo-0)#int te 1/21 Dell(conf-if-te-1/21)#ip address 10.0.1.21/24 Dell(conf-if-te-1/21)#no shutdown Dell(conf-if-te-1/21)#show config ! interface TengigabitEthernet 1/21 ip address 10.0.1.
Dell(conf-router_bgp)#neighbor 192.168.128.2 update-source loop 0 Dell(conf-router_bgp)#neighbor 192.168.128.3 remote 100 Dell(conf-router_bgp)#neighbor 192.168.128.3 no shut Dell(conf-router_bgp)#neighbor 192.168.128.3 update-source loop 0 Dell(conf-router_bgp)#show config ! router bgp 99 network 192.168.128.0/24 neighbor 192.168.128.2 remote-as 99 neighbor 192.168.128.2 update-source Loopback 0 neighbor 192.168.128.2 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.168.128.
router bgp 99 bgp router-id 192.168.128.2 network 192.168.128.0/24 bgp graceful-restart neighbor 192.168.128.1 remote-as 99 neighbor 192.168.128.1 update-source Loopback 0 neighbor 192.168.128.1 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.168.128.3 update-source Loopback 0 neighbor 192.168.128.3 no shutdown Dell(conf-router_bgp)#end Dell#show ip bgp summary BGP router identifier 192.168.128.
router bgp 100 network 192.168.128.0/24 neighbor 192.168.128.1 remote-as 99 neighbor 192.168.128.1 update-source Loopback 0 neighbor 192.168.128.1 no shutdown neighbor 192.168.128.2 remote-as 99 neighbor 192.168.128.2 update-source Loopback 0 neighbor 192.168.128.2 no shutdown Dell(conf)#end Dell#show ip bgp summary BGP router identifier 192.168.128.
BGP neighbor is 192.168.128.2, remote AS 99, internal link Member of peer-group AAA for session parameters BGP version 4, remote router ID 192.168.128.
Last reset 00:00:54, due to user reset Dell# Example of Enabling Peer Groups (Router 2) Dell#conf Dell(conf)#router bgp 99 Dell(conf-router_bgp)# neighbor CCC peer-group Dell(conf-router_bgp)# neighbor CC no shutdown Dell(conf-router_bgp)# neighbor BBB peer-group Dell(conf-router_bgp)# neighbor BBB no shutdown Dell(conf-router_bgp)# neighbor 192.168.128.1 peer AAA Dell(conf-router_bgp)# neighbor 192.168.128.1 no shut Dell(conf-router_bgp)# neighbor 192.168.128.3 peer BBB Dell(conf-router_bgp)# neighbor 192.
Dell(conf-router_bgp)# Dell(conf-router_bgp)# Dell(conf-router_bgp)# Dell(conf-router_bgp)# Dell(conf-router_bgp)# Dell(conf-router_bgp)# Dell(conf-router_bgp)# Dell(conf-router_bgp)# Dell(conf-router_bgp)# neighbor neighbor neighbor neighbor neighbor neighbor neighbor neighbor AAA peer-group AAA no shutdown CCC peer-group CCC no shutdown 192.168.128.2 peer-group BBB 192.168.128.2 no shutdown 192.168.128.1 peer-group BBB 192.168.128.
Update source set to Loopback 0 Peer active in peer-group outbound optimization For address family: IPv4 Unicast BGP table version 2, neighbor version 2 Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer Prefixes advertised 1, denied 0, withdrawn 0 from peer Connections established 6; dropped 5 Last reset 00:12:01, due to Closed by neighbor Notification History 'HOLD error/Timer expired' Sent : 1 Recv: 0 'Connection Reset' Sent : 2 Recv: 2 Last notification (len 21) received 00:12:01 ago ffffffff ff
11 Bare Metal Provisioning (BMP) Bare Metal Provisioning 2.0 is included as part of the Dell Networking OS image. BMP improves accessibility to the S5000 switch by automatically loading pre-defined configurations and boot images that are stored in file servers. You can use BMP on a single switch or on multiple switches. For more information about BMP in Auto-Configuration mode, refer to the Open Automation Guide.
configuration file stored in the local flash on the switch is loaded as part of the stop jump-start command and AutoConfiguration mode is changed to Normal reload. The reload settings that you configure with the reload-type command are stored in non-volatile memory and retained for future reboots. Enter the reload command to reload the switch in the current configured mode: Normal or Jumpstart mode. • Reload a switch running BMP version 2.0 in either Normal or Jumpstart mode.
• Boot File Name: The Dell Networking OS image to load on the switch. The boot filename is expected to use Option 67 or the boot filename in the boot payload of the DHCP offer. If both are specified, Option 67 is used. • Configuration File Name: The configurations to apply to the switch. The configuration filename is expected to use Option 209. • File Server Address: The server where the Image and Configurations file are placed. The address is assumed to be a TFTP address unless it is given as a URL.
After 10 minutes of rediscovery attempts, the server IP address is blacklisted as shown in the system log: 00:05:45:%STKUNIT0-M:CP %JUMPSTART-5-JUMPSTART_DISCOVER: DHCP DISCOVER sent 47. 00:05:45:%STKUNIT0-M:CP %JUMPSTART-5-JUMPSTART_DISCOVER: DHCP DISCOVER sent 00:05:45:%STKUNIT0-M:CP %JUMPSTART-5-DHCP_OFFER_REJECTED: Server IP address 10.11.197.39 was previously rejected.
– If the image download fails, the switch does not try to download the configuration file and starts sending requests for a new DHCP offer from a different server. The previously offered server is blacklisted. • If the offer contains only a boot image that cannot be downloaded, BMP requests another DHCP offer.
00:01:31: 00:01:31: 00:01:47: 00:01:47: 00:01:47: 00:01:47: 00:01:47: 3.
c. If the configuration file is downloaded from the server, any saved startup-configuration on the flash is ignored. If no configuration file is downloaded from the server or if you disabled the config-download parameter, the startupconfiguration file on the flash is loaded as in normal reload. 6. When the Dell Networking OS image and the configuration file have been downloaded, the IP address is released. 00:04:06: %STKUNIT0-M:CP %JUMPSTART-5-JUMPSTART_RELEASE: DHCP RELEASE sent on Fo 0/56.
12 Content Addressable Memory (CAM) Content addressable memory (CAM) is supported on Dell Networking OS. CAM is a type of memory that stores information in the form of a lookup table. On the S5000 systems, CAM stores Layer 2 and Layer 3 forwarding information, access-lists (ACLs), flows, and routing policies. CAM Allocation User-configurable CAM allocation is supported on the S5000 switch in separate partitions for ingress and egress ACLs and QoS policies.
nlbclusteracl 0 FcoeAcl 0 iscsiOptAcl 0 ipv4pbr 0 vrfv4Acl 0 Openflow 0 fedgovacl 0 Re-Allocating CAM for Ingress ACLs and QoS The default CAM allocation settings for ingress ACL and QoS regions are shown in the following list.
l2acl number ipv4acl number ipv6acl number ipv4qos number l2qos number l2pt number ipmacacl number ecfmacl number {vman-qos number | vman-dual-qos number} [fcoeacl number] [iscsioptacl number] 3. Verify the new settings that will be written to the CAM on the next reload. EXEC Privilege mode show cam-acl 4. Reload the system. EXEC Privilege mode reload Re-Allocating CAM for Egress ACLs The default CAM allocation settings for the three egress ACL and QoS regions on an S5000 switch include the following.
You can create a class map with all required ACL rules and then enter the test cam-usage command in Privilege mode to verify the actual CAM space required. The following example shows the command output. The status column indicates whether you can enable the policy.
Ipv4Acl Ipv6Acl : : 1 2 -- Stack unit 0 -Current Settings(in block sizes) L2Acl : 1 Ipv4Acl : 1 Ipv6Acl : 2 Dell# CAM Optimization To optimize CAM utilization for QoS entries by minimizing the required policy-map CAM space, use the cam-optimization command. If you apply a policy map containing classification rules (ACL and/or DSCP/IP-precedence rules) to more than one physical interface on the same port-pipe, only a single copy of the policy is written (only one FP entry is used).
13 Control Plane Policing (CoPP) Control plane policing (CoPP) is supported on Dell Networking OS. Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system’s control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, rate-limits, traffic to an acceptable level.
Figure 30. CoPP Implemented Versus CoPP Not Implemented Configure Control Plane Policing The S5000 can process a maximum of 4200 packets per second (PPS). Protocols that share a single queue may experience flaps if one of the protocols receives a high rate of control traffic even though Per Protocol CoPP is applied. This happens because QueueBased Rate Limiting is applied first.
Configuring CoPP for Protocols This section lists the commands necessary to create and enable the service-policies for CoPP. For complete information about creating ACLs and QoS rules, refer to Access Control Lists (ACLs) and Quality of Service (QoS). The basics for creating a CoPP service policy are to create a Layer 2, Layer 3, and/or an IPv6 ACL rule for the desired protocol type. Then, create a QoS input policy to rate-limit the protocol traffics according to the ACL.
Dell(conf)#ip access-list extended bgp cpu-qos Dell(conf-ip-acl-cpuqos)#permit bgp Dell(conf-ip-acl-cpuqos)#exit Dell(conf)#mac access-list extended lacp cpu-qos Dell(conf-mac-acl-cpuqos)#permit lacp Dell(conf-mac-acl-cpuqos)#exit Dell(conf)#ipv6 access-list ipv6-icmp cpu-qos Dell(conf-ipv6-acl-cpuqos)#permit icmp Dell(conf-ipv6-acl-cpuqos)#exit Dell(conf)#ipv6 access-list ipv6-vrrp cpu-qos Dell(conf-ipv6-acl-cpuqos)#permit vrrp Dell(conf-ipv6-acl-cpuqos)#exit Dell(conf)#qos-policy-in rate_limit_200k cpu-qo
The basics for creating a CoPP service policy are to create QoS policies for the desired CPU bound queue and associate it with a particular rate-limit. The QoS policies are assigned to a control-plane service policy for each port-pipe. 1. Create a QoS input policy for the router and assign the policing. CONFIGURATION mode qos-policy-input name cpu-qos 2. Create an input policy-map to assign the QoS policy to the desired service queues.l.
Q5 Q6 Q7 Dell# 400 400 1100 Example of Viewing Queue Mapping To view the queue mapping for each configured protocol, use the show ip protocol-queue-mapping command.
14 Data Center Bridging (DCB) Ethernet Enhancements in Data Center Bridging The following section describes DCB. The device supports the following DCB features: • Data center bridging exchange protocol (DCBx) • Priority-based flow control (PFC) • Enhanced transmission selection (ETS) To configure PFC, ETS, and DCBx for DCB, refer to Sample DCB Configuration for the CLI configurations.
To ensure lossless delivery and latency-sensitive scheduling of storage and service traffic and I/O convergence of LAN, storage, and server traffic over a unified fabric, IEEE data center bridging adds the following extensions to a classical Ethernet network: • 802.1Qbb — Priority-based Flow Control (PFC) • 802.1Qaz — Enhanced Transmission Selection (ETS) • 802.
• A dynamic threshold handles intermittent traffic bursts and varies based on the number of PFC priorities contending for buffers, while a static threshold places an upper limit on the transmit time of a queue after receiving a message to pause a specified priority. PFC traffic is paused only after surpassing both static and dynamic thresholds for the priority specified for the port. • By default, PFC is enabled when you enable DCB.
Data Center Bridging Exchange Protocol (DCBx) The data center bridging exchange (DCBx) protocol is disabled by default on the S4810; ETS is also disabled. DCBx allows a switch to automatically discover DCB-enabled peers and exchange configuration information. PFC and ETS use DCBx to exchange and negotiate parameters with peer devices. DCBx capabilities include: • Discovery of DCB capabilities on peer-device connections. • Determination of possible mismatch in DCB configuration on a peer link.
DCB processes virtual local area network (VLAN)-tagged packets and dot1p priority values. Untagged packets are treated with a dot1p priority of 0. For DCB to operate effectively, you can classify ingress traffic according to its dot1p priority so that it maps to different data queues. The dot1p-queue assignments used are shown in the following table. To enable DCB, enable either the iSCSI optimization configuration or the FCoE configuration.
As a result, PFC and lossless port queues are disabled on 802.1p priorities, and all priorities are mapped to the same priority queue and equally share the port bandwidth. • To change the ETS bandwidth allocation configured for a priority group in a DCB map, do not modify the existing DCB map configuration. Instead, first create a new DCB map with the desired PFC and ETS settings, and apply the new map to the interfaces to override the previous DCB map settings.
priority-group group-num {bandwidth bandwidth | strict-priority} pfc on The range for priority group is from 0 to 7. Set the bandwidth in percentage. The percentage range is from 1 to 100% in units of 1%. Committed and peak bandwidth is in megabits per second. The range is from 0 to 40000. Committed and peak burst size is in kilobytes. Default is 50. The range is from 0 to 10000. The pfc on command enables priority-based flow control. 3.
The configuration of no-drop queues provides flexibility for ports on which PFC is not needed but lossless traffic should egress from the interface. Lossless traffic egresses out the no-drop queues. Ingress dot1p traffic from PFC-enabled interfaces is automatically mapped to the no-drop egress queues. 1. Enter INTERFACE Configuration mode. CONFIGURATION mode interface type slot/port 2. Configure the port queues that will still function as no-drop queues for lossless traffic.
When a DCB input policy with PFC profile is configured or unconfigured on an interface or a range of interfaces not receiving any traffic, interfaces with PFC settings that receive appropriate PFC-enabled traffic (unicast, mixed-frame-size traffic) display incremental values in the CRC and discards counters. (These ingress interfaces receiving pfc-enabled traffic have an egress interface that has a compatible PFC configuration). NOTE: DCB maps are supported only on physical Ethernet interfaces.
Table 15. DCB Map to an Ethernet Port Step Task Command Command Mode 1 Enter interface configuration mode on an Ethernet port. interface {tengigabitEthernet CONFIGURATION slot/port | fortygigabitEthernet slot/ port} 2 Apply the DCB map on the Ethernet port to configure it with the PFC and ETS settings in the map; for example: dcb-map name INTERFACE Dell# interface tengigabitEthernet 1/1 Dell(config-if-te-1/1)# dcb-map SAN_A_dcb_map1 Repeat Steps 1 and 2 to apply a DCB map to more than one port.
Example: Port A —> Port B Port C —> Port B PFC no-drop queues are configured for queues 1, 2 on Port B. PFC capability is enabled on priorities 3, 4 on PORT A and C. Port B acting as Egress During the congestion, [traffic pump on priorities 3 and 4 from PORT A and PORT C is at full line rate], PORT A and C send out the PFCs to rate the traffic limit. Egress drops are not observed on Port B since traffic flow on priorities is mapped to loss less queues.
Step Task Command Command Mode 6 Configure the port queues that still function as no-drop queues for lossless traffic. For the dot1p-queue assignments. pfc no-drop queuesqueue-range INTERFACE The maximum number of lossless queues globally supported on a port is 2. You cannot configure PFC no-drop queues on an interface on which a DCB map with PFC enabled has been applied, or which is already configured for PFC using the pfc priority command. Range: 0-3.
The default behavior causes up to a maximum of 6.6 MB to be used for PFC-related traffic. The remaining approximate space of 1 MB can be used by lossy traffic. You can allocate all the remaining 1 MB to lossless PFC queues. If you allocate in such a way, the performance of lossy traffic is reduced and degraded. Although you can allocate a maximum buffer size, it is used only if a PFC priority is configured and applied on the interface.
NOTE: Although, each port on the S4810, S4820T, and S5000 devices support 8 QoS queues, you can configure only 4 QoS queues (0-3)to manage data traffic. The remaining 4 queues (4-7) are reserved for control traffic. Table 18. Queue Assignments 3. Internalpriority 0 1 2 3 4 5 6 7 Queue 0 0 0 1 2 3 3 3 Dot1p->Queue Mapping Configuration is retained at the default value. 4.
Creating an ETS Priority Group An ETS priority group specifies the range of 802.1p priority traffic to which a QoS output policy with ETS settings is applied on an egress interface. 1. Configure a DCB Map. CONFIGURATION mode dcb-map dcb-map-name The dcb-map-name variable can have a maximum of 32 characters. 2. Create an ETS priority group. CONFIGURATION mode priority-group group-num {bandwidth bandwidth | strict-priority} pfc off The range for priority group is from 0 to 7.
The maximum number of priority groups supported in ETS output policies on an interface is equal to the number of data queues (4) on the port. The 802.1p priorities in a priority group can map to multiple queues. If you configure more than one priority queue as strict priority or more than one priority group as strict priority, the higher numbered priority queue is given preference when scheduling data traffic. ETS Operation with DCBx The following section describes DCBx negotiation with peer ETS devices.
4. Exit QoS Output Policy Configuration mode. QoS OUTPUT POLICY mode Dell(conf-if-te-0/1)#exit 5. Enter INTERFACE Configuration mode. CONFIGURATION mode interface type slot/port 6. Apply the QoS output policy with the bandwidth percentage for specified priority queues to an egress interface. INTERFACE mode Dell(conf-if-te-0/1)#service-policy output test12 Configuring ETS in a DCB Map An S5000 switch supports the use of a DCB map in which you configure enhanced transmission selection (ETS) setting.
ETS Prerequisites and Restrictions On an S6000 switch, ETS is enabled by default on Ethernet ports with equal bandwidth assigned to each 802.1p priority. You can change the default ETS configuration only by using a DCB map.
mapped to one queue takes precedence over the strict priority group whose traffic is mapped to two queues. Therefore, in this example, scheduling traffic to priority group 1 (mapped to one strict-priority queue) takes precedence over scheduling traffic to priority group 3 (mapped to two strict-priority queues).
DCBx Port Roles To enable the auto-configuration of DCBx-enabled ports and propagate DCB configurations learned from peer DCBx devices internally to other switch ports, use the following DCBx port roles. Auto-upstream The port advertises its own configuration to DCBx peers and is willing to receive peer configuration. The port also propagates its configuration to other ports on the switch. The first auto-upstream that is capable of receiving a peer configuration is elected as the configuration source.
devices but do not accept or propagate internal or external configurations. Unlike other user-configured ports, the configuration of DCBx ports in Manual mode is saved in the running configuration. On a DCBx port in a manual role, all PFC, application priority, ETS recommend, and ETS configuration TLVs are enabled.
– The switch is capable of supporting the received DCB configuration values through either a symmetric or asymmetric parameter exchange. A newly elected configuration source propagates configuration changes received from a peer to the other auto-configuration ports. Ports receiving auto-configuration information from the configuration source ignore their current settings and use the configuration source information.
Figure 34. DCBx Sample Topology DCBx Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure DCBx operation on a port: • For DCBx, on a port interface, enable LLDP in both Send (TX) and Receive (RX) mode (the protocol lldp mode command; refer to the example in CONFIGURATION versus INTERFACE Configurations in the Link Layer Discovery Protocol (LLDP) chapter). If multiple DCBx peer ports are detected on a local DCBx interface, LLDP is shut down.
• cee: configures the port to use CEE (Intel 1.01). • cin: configures the port to use Cisco-Intel-Nuova (DCBx 1.0). • ieee-v2.5: configures the port to use IEEE 802.1Qaz (Draft 2.5). The default is Auto. 4. Configure the DCBx port role the interface uses to exchange DCB information. PROTOCOL LLDP mode [no] DCBx port-role {config-source | auto-downstream | auto-upstream | manual} • auto-upstream: configures the port to receive a peer configuration.
Configuring DCBx Globally on the Switch To globally configure the DCBx operation on a switch, follow these steps. 1. Enter Global Configuration mode. EXEC PRIVILEGE mode configure 2. Enter LLDP Configuration mode to enable DCBx operation. CONFIGURATION mode [no] protocol lldp 3. Configure the DCBx version used on all interfaces not already configured to exchange DCB information. PROTOCOL LLDP mode [no] DCBx version {auto | cee | cin | ieee-v2.
[no] fcoe priority-bits priority-bitmap The priority-bitmap range is from 1 to FF. The default is 0x8. 7. Configure the iSCSI priority advertised for the iSCSI protocol in Application Priority TLVs. PROTOCOL LLDP mode [no] iscsi priority-bits priority-bitmap The priority-bitmap range is from 1 to FF. The default is 0x10. DCBx Error Messages The following syslog messages appear when an error in DCBx operation occurs.
Verifying the DCB Configuration To display DCB configurations, use the following show commands. Table 19. Displaying DCB Configurations Command Output show qos dot1p-queue mapping Displays the current 802.1p priority-queue mapping. show dcb [stack-unit unit-number] Displays the data center bridging status, number of PFC-enabled ports, and number of PFC-enabled queues. On the master switch in a stack, you can specify a stack-unit number. The range is from 0 to 5.
The following example shows the output of the show qos dcb-map test command. Dell#show qos dcb-map test ----------------------State :Complete PfcMode:ON -------------------PG:0 TSA:ETS BW:50 PFC:OFF Priorities:0 1 2 5 6 7 PG:1 TSA:ETS BW:50 Priorities:3 4 PFC:ON The following example shows the show interfaces pfc summary command.
Table 20. show interface pfc summary Command Description Fields Description Interface Interface type with stack-unit and port number. Admin mode is on; Admin is enabled PFC Admin mode is on or off with a list of the configured PFC priorities . When PFC admin mode is on, PFC advertisements are enabled to be sent and received from peers; received PFC configuration takes effect. The admin operational status for a DCBx exchange of PFC configuration is enabled or disabled.
Fields Description PFC TLV Statistics: Output TLV pkts Number of PFC TLVs transmitted. PFC TLV Statistics: Error pkts Number of PFC error packets received. PFC TLV Statistics: Pause Tx pkts Number of PFC pause frames transmitted. PFC TLV Statistics: Pause Rx pkts Number of PFC pause frames received The following example shows the show interface pfc statistics command.
ETS DCBx Oper status is Down State Machine Type is Asymmetric Conf TLV Tx Status is enabled Reco TLV Tx Status is enabled 0 Input Conf TLV Pkts, 1955 Output Conf TLV Pkts, 0 Error Conf TLV Pkts 0 Input Reco TLV Pkts, 1955 Output Reco TLV Pkts, 0 Error Reco TLV Pkts Dell(conf)# show interfaces tengigabitethernet 1/1 ets detail Interface TenGigabitEthernet 1/1 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters : -----------------Admin is enabled TC-grp Priority# Band
Number of Traffic Classes is 8 Admin mode is on Admin Parameters : -----------------Admin is enabled TC-grp Priority# Bandwidth 0 0,1,2,3,4,5,6,7 100% 1 0% 2 0% 3 0% 4 0% 5 0% 6 0% 7 0% Priority# Bandwidth TSA 0 1 2 3 4 5 6 7 Remote Parameters: ------------------Remote is disabled Local Parameters : -----------------Local is enabled TC-grp Priority# 0 0,1,2,3,4,5,6,7 1 2 3 4 5 6 7 TSA ETS ETS ETS ETS ETS ETS ETS ETS 13% 13% 13% 13% 12% 12% 12% 12% ETS ETS ETS ETS ETS ETS ETS ETS Bandwidth 100% 0% 0% 0%
Field Description Admin mode ETS mode: on or off. Admin Parameters ETS configuration on local port, including priority groups, assigned dot1p priorities, and bandwidth allocation. Remote Parameters ETS configuration on remote peer port, including Admin mode (enabled if a valid TLV was received or disabled), priority groups, assigned dot1p priorities, and bandwidth allocation.
Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters: -------------------Admin is enabled TC-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3,4,5,6,7 100% ETS 1 2 3 4 5 6 7 8 Stack unit 1 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters: -------------------Admin is enabled TC-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3,4,5,6,7 100%
P-PFC Configuration TLV enabled p-PFC Configuration TLV disabled F-Application priority for FCOE enabled f-Application Priority for FCOE disabled I-Application priority for iSCSI enabled i-Application Priority for iSCSI disabled ----------------------------------------------------------------------Interface TenGigabitEthernet 1/14 Remote Mac Address 00:01:e8:8a:df:a0 Port Role is Auto-Upstream DCBx Operational Status is Enabled Is Configuration Source? FALSE Local DCBx Compatibility mode is CEE Local DCBx C
Field Description Local DCBx Status: DCBx Max Version Supported Highest DCBx version supported in Control TLVs. Local DCBx Status: Sequence Number Sequence number transmitted in Control TLVs. Local DCBx Status: Acknowledgment Number Acknowledgement number transmitted in Control TLVs. Local DCBx Status: Protocol State Current operational state of DCBx protocol: ACK or IN-SYNC. Peer DCBx Status: DCBx Operational Version DCBx version advertised in Control TLVs received from peer device.
Figure 35. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For more information, refer to QoS dot1p Traffic Classification and Queue Assignment.
dot1p Value in the Incoming Frame Priority Group Assignment 6 LAN 7 LAN The following describes the priority group-bandwidth assignment. Priority Group Bandwidth Assignment IPC 5% SAN 50% LAN 45% PFC and ETS Configuration Command Examples The following examples show PFC and ETS configuration commands to manage your data center traffic. 1. Enabling DCB Dell(conf)#dcb enable 2.
NOTE: Dell Networking does not recommend mapping all ingress traffic to a single queue when using PFC and ETS. However, Dell Networking does recommend using Ingress traffic classification using the service-class dynamic dot1p command (honor dot1p) on all DCB-enabled interfaces.
CONFIGURATION mode dcb pfc-shared-buffer-size 4000 dcb pfc-total-buffer-size 5000 3. Configure the number of PFC queues. CONFIGURATION mode dcb enable pfc-queues pfc-queues The number of ports supported based on lossless queues configured depends on the buffer. The default number of PFC queues in the system is two for S4810 and Z9500, and one for S6000 platforms.
15 Dynamic Host Configuration Protocol (DHCP) DHCP is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network endstations (hosts) based on configuration policies that network administrators determine.
Option Number and Description Domain Name Server Option 6 Domain Name Option 15 Specifies the domain name servers (DNSs) that are available to the client. Specifies the domain name that clients should use when resolving hostnames via DNS. IP Address Lease Time Option 51 DHCP Message Type Option 53 Specifies the amount of time that the client is allowed to use an assigned IP address.
4. After receiving a DHCPREQUEST, the server binds the clients’ unique identifier (the hardware address plus IP address) to the accepted configuration parameters and stores the data in a database called a binding table. The server then broadcasts a DHCPACK message, which signals to the client that it may begin using the assigned parameters. 5. When the client leaves the network, or the lease time expires, returns its IP address to the server in a DHCPRELEASE message.
• The S5000 supports 4K DHCP Snooping entries. • The S5000 supports Dynamic ARP Inspection on 16 VLANs per system. For more information, refer to Dynamic ARP Inspection. NOTE: If the DHCP server is on the top of rack (ToR) and the VLTi (ICL) is down due to a failed link, when a VLT node is rebooted in BMP (Bare Metal Provisioning) mode, it is not able to reach the DHCP server, resulting in BMP failure.
• Using DHCP Clear Commands Configuring the Server for Automatic Address Allocation Automatic address allocation is an address assignment method by which the DHCP server leases an IP address to a client from a pool of available addresses. An address pool is a range of IP addresses that the DHCP server may assign. The subnet number indexes the address pools. To create an address pool, follow these steps. 1. Access the DHCP server CLI context. CONFIGURATION mode ip dhcp server 2.
Specifying a Default Gateway The IP address of the default router should be on the same subnet as the client. To specify a default gateway, follow this step. • Specify default gateway(s) for the clients on the subnet, in order of preference. DHCP default-router address Enabling the DHCP Server To set up the DHCP Server, you must first enable it. The DHCP server is disabled by default. 1. Enter the DHCP command-line context. CONFIGURATION mode ip dhcp server 2. Enable DHCP server.
domain-name name 2. Specify in order of preference the DNS servers that are available to a DHCP client. DHCP dns-server address Using NetBIOS WINS for Address Resolution Windows internet naming service (WINS) is a name resolution service that Microsoft DHCP clients use to correlate host names to IP addresses within a group of networks. Microsoft DHCP clients can be one of four types of NetBIOS nodes: broadcast, peer-to-peer, mixed, or hybrid. 1.
Using DHCP Clear Commands To clear DHCP binding entries, address conflicts, and server counters, use the following commands. • Clear DHCP binding entries for the entire binding table. EXEC Privilege mode clear ip dhcp binding • Clear a DHCP binding entry for an individual IP address. EXEC Privilege mode clear ip dhcp binding ip address • Clear a DHCP address conflict. EXEC Privilege mode clear ip dhcp conflict • Clear DHCP server counters.
Figure 39. Configuring a Relay Agent To view the ip helper-address configuration for an interface, use the show ip interface command from EXEC privilege mode. Example of the show ip interface Command Dell#show ip int tengig 1/3 TenGigabitEthernet 1/3 is up, line protocol is down Internet address is 10.11.0.1/24 Broadcast address is 10.11.0.255 Address determined by user input IP MTU is 1500 bytes Helper address is 192.168.0.1 192.168.0.
Configure the System for User Port Stacking When you set the DHCP offer on the DHCP server, you can set the stacking-option variable to provide the stack-port detail so a stack can be formed when you connect the units. Configure Secure DHCP DHCP as defined by RFC 2131 provides no authentication or security mechanisms. Secure DHCP is a suite of features that protects networks that use dynamic address allocation from spoofing and attacks.
When you enable DHCP snooping, the relay agent builds a binding table — using DHCPACK messages — containing the client MAC address, IP addresses, IP address lease time, port, VLAN ID, and binding type. Every time the relay agent receives a DHCPACK on a trusted port, it adds an entry to the table.
Example of the show ip dhcp snooping Command View the DHCP snooping statistics with the show ip dhcp snooping command. Dell#show ip dhcp snooping IP IP IP IP DHCP DHCP DHCP DHCP Snooping Snooping Mac Verification Relay Information-option Relay Trust Downstream : : : : Enabled. Disabled. Disabled. Disabled.
A spoofed ARP message is one in which the MAC address in the sender hardware address field and the IP address in the sender protocol field are strategically chosen by the attacker. For example, in an MITM attack, the attacker sends a client an ARP message containing the attacker’s MAC address and the gateway’s IP address. The client then thinks that the attacker is the gateway, and sends all internet-bound packets to it.
To see how many valid and invalid ARP packets have been processed, use the show arp inspection statistics command. Dell#show arp inspection statistics Dynamic ARP Inspection (DAI) Statistics --------------------------------------Valid ARP Requests : 0 Valid ARP Replies : 1000 Invalid ARP Requests : 1000 Invalid ARP Replies : 0 Dell# Bypassing the ARP Inspection You can configure a port to skip ARP inspection by defining the interface as trusted, which is useful in multiswitch environments.
• Enable IP source address validation. INTERFACE mode ip dhcp source-address-validation • Enable IP source address validation with VLAN option. INTERFACE mode ip dhcp source-address-validation vlan vlan-id NOTE: Before enabling SAV With VLAN option, allocate at least one FP block to the ipmacacl CAM region. DHCP MAC Source Address Validation DHCP MAC source address validation (SAV) validates a DHCP packet’s source hardware address against the client hardware address field (CHADDR) in the payload.
To display the IP+MAC ACL for an interface for the entire system, use the show ip dhcp snooping source-addressvalidation [interface] command in EXEC Privilege mode. Viewing the Number of SAV Dropped Packets The following output of the show ip dhcp snooping source-address-validation discard-counters command displays the number of SAV dropped packets.
16 Equal Cost Multi-Path (ECMP) Equal cost multi-path (ECMP) is supported on Dell Networking OS. ECMP for Flow-Based Affinity IPv6 /128 routes having multiple paths do not form ECMPs. The /128 route is treated as a host entry and finds its place in the host table. NOTE: Using XOR algorithms result in imbalanced loads across an ECMP/LAG when the number of members in said ECMP/LAG is a multiple of 4.
ipv6 ecmp-deterministic Configuring the Hash Algorithm Seed Deterministic ECMP sorts ECMPs in order even though RTM provides them in a random order. However, the hash algorithm uses as a seed the lower 12 bits of the chassis MAC, which yields a different hash result for every chassis. This behavior means that for a given flow, even though the prefixes are sorted, two unrelated chassis can select different hops.
Managing ECMP Group Paths Configure the maximum number of paths for an ECMP route that the L3 CAM can hold to avoid path degeneration. When you do not configure the maximum number of routes, the CAM can hold a maximum ECMP per route. To configure the maximum number of paths, use the following command. NOTE: Save the new ECMP settings to the startup-config (write-mem) then reload the system for the new settings to take effect. • Configure the maximum number of paths per ECMP group. CONFIGURATION mode.
• The default is 60%. Display details for an ECMP group bundle. EXEC mode show link-bundle-distribution ecmp-group ecmp-group-id The range is from 1 to 64. Viewing an ECMP Group NOTE: An ecmp-group index is generated automatically for each unique ecmp-group when you configure multipath routes to the same network. The system can generate a maximum of 512 unique ecmp-groups. The ecmp-group indices are generated in even numbers (0, 2, 4, 6... 1022) and are for information only.
17 Fabric Services The following example shows how fabric services operate. Figure 40.
Configuring Switch Mode to Fabric Services To configure switch mode to Fabric services, use the following commands. 1. Configure Switch mode to Fabric Services. CONFIGURATION mode fc switch-mode fabric-services 2. Configure the SAN fabric to which the FC port connects by entering the name of the FCoE map applied to the interface.
Command Description show fc ns switch Display all the devices in name server database of the switch. show fc ns switch brief Displays the local name server entries — brief version. show fc ns fabric Display all the devices in name server database of the fabric. show fc ns fabric Displays the fabric name server entries — brief version. show fc topology Displays the topology information of the local switch.
Route Table To view the established routes between server and target ports, use the show fc route command. Zoning The zoning configurations are supported for Fabric Services operation on the S5000. In Fabric Services, the fcoe-map default_full_fabrichas the default Zone mode set to deny. This setting denies all the fabric connections unless included in an active zoneset. To change this setting, use the default-zone-allow command.
The member can be WWPN (00:00:00:00:00:00:00:00), port ID (000000), or alias name (word). Example of Creating a Zone Alias and Adding Members Dell(conf)#fc alias al1 Dell(conf-fc-alias-al1)#member 030303 Dell(conf-fc-alias-al1)#exit Dell(conf)#fc zone z1 Dell(conf-fc-zone-z1)#member al1 Dell(conf-fc-zone-z1)#exit Creating Zonesets A zoneset is a grouping or configuration of zones. To create a zoneset and zones into the zoneset, use the following steps. 1. Create a zoneset.
Configuring Fabric Parameters To configure fabric parameters, follow these steps. 1. Enable the Fibre Channel Domain-id Lock. FCoE-map configuration mode domain-id-lock For example: Dell(conf-fmap-default_full_fabric-fcfabric)# domain-id-lock 2. Disable the Fibre Channel Domain-id Lock. no domain-id-lock For example: Dell(conf-fmap-default_full_fabric-fcfabric)# no domain-id-lock 3. Configure the domain-id.
Displaying the Fabric Parameters To display information on switch-wide and interface-specific fabric parameters, use the show commands in the following table. Examples of these show commands follow this table. Command Description show config Displays the fabric parameters. show fcoe-map Displays the fcoe-map. show fc fabric Displays the information on all switches in the fabric. show fc lsdb Displays the link state database information.
======================================= Switch Config Parameters ======================================== R_A_TOV (ms) 10001 R_T_TOV (ms) 101 E_D_TOV (ms) 101 DomainID 3 DomainID-Locked OFF Principal-Pri 253 ========================================= Switch Zoning Parameters ========================================= Default Zone Mode: Allow Active Zoneset: zs1 ======================================================= Members Fc 0/0 Fc 0/1 Fc 0/2 Fc 0/3 Fc 0/4 Fc 0/5 Fc 0/6 Fc 0/7 Fc 0/8 Fc 0/9 Fc 0/10 Fc 0/11
Age LinkCount NeighborID LocalPort RemotePort LinkCost NeighborID LocalPort RemotePort LinkCost Dell# 1 2 1 1 3 250 2 3 3 125 Example of the show fc ns switch Command Dell#show fc ns switch Total number of devices = 1 Switch Name 10:00:5c:f9:dd:ef:0a:00 Domain Id 1 Switch Port 53 Port Id 01:35:00 Port Name 10:00:8c:7c:ff:17:f8:01 Node Name 20:00:8c:7c:ff:17:f8:01 Class of Service 8 Symbolic Port Name Brocade-1860 | 3.0.3.
Example of the show fc ns fabric brief Command Dell#show fc ns fabric brief Total number of devices = 2 Intf# Domain FC-ID Enode-WWPN Enode-WWNN Fc 0/3 2 02:09:00 32:11:0e:fc:00:00:00:88 22:11:0e:fc:00:00:00:88 Te 0/13 2 02:0b:00 31:11:0e:fc:00:00:00:77 21:11:0e:fc:00:00:00:77 Dell# Example of the show fc route Command Dell#show fc route Domain Id 2 =================================================== Source FCF-Bridge Destination =================================================== Te 0/18 5c:f9:dd:ef:1e:03
Example of the show fc switch Command Dell#show fc switch Switch Mode : Fabric-Services Switch WWN : 10:00:5c:f9:dd:ef:0a:00 Dell# Example of the show fc topology Command Dell#show fc topology Port Port Local Number Type PortWWN ID ______ ____ _______ _________ Fc 0/0 F 20:00:5c:f9:dd:ef:24:40 Remote PortWWN Remote NodeWWN _______ _______ FCID/ Domain 32:11:0e:fc:00:00:00:66 22:11:0e:fc:00:00:00:66 02:00:00 Fabric Services 313
18 FCoE Transit The Fibre Channel over Ethernet (FCoE) Transit feature is supported on the S5000 switch on Ethernet interfaces. When you enable the switch for FCoE transit, the switch functions as a FIP snooping bridge. NOTE: FIP snooping is not supported on Fibre Channel interfaces, in an S5000 switch stack, or on links between VLT peer switches.
Table 25. FIP Functions FIP Function Description FIP VLAN discovery FCoE devices (ENodes) discover the FCoE VLANs on which to transmit and receive FIP and FCoE traffic. FIP discovery FCoE end-devices and FCFs are automatically discovered. Initialization FCoE devices learn ENodes from the FLOGI and FDISC to allow immediate login and create a virtual link with an FCoE switch. Maintenance A valid virtual link between an FCoE device and an FCoE switch is maintained and the LOGO functions properly.
FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to transmit between an FCoE end-device and an FCF. An Ethernet bridge that provides these functions is called a FIP snooping bridge (FSB). NOTE: When you enable FCoE transit on an S5000, the switch functions as a FIP snooping bridge.
Figure 42. FIP Snooping on an S5000 Switch The following sections describe how to configure the FIP snooping feature on a switch that functions as a FIP snooping bridge so that it can perform the following functions: • Allocate CAM resources for FCoE. • Perform FIP snooping (allowing and parsing FIP frames) globally on all VLANs or on a per-VLAN basis.
FIP Snooping in a Switch Stack FIP snooping supports switch stacking as follows: • A switch stack configuration is synchronized with the standby stack unit. • Dynamic population of the FCoE database (ENode, Session, and FCF tables) is synchronized with the standby stack unit. The FCoE database is maintained by snooping FIP keep-alive messages. • In case of a failover, the new master switch starts the required timers for the FCoE database tables. Timers run only on the master stack unit.
FIP Snooping Prerequisites Before you enable FCoE transit and configure FIP snooping on a switch, ensure that certain conditions are met. A FIP snooping bridge requires data center bridging exchange protocol (DCBx) and priority-based flow control (PFC) to be enabled on the switch for lossless Ethernet connections (refer to the Data Center Bridging (DCB)chapter). Dell Networking recommends also enabling enhanced transmission selection (ETS); however, ETS is recommended but not required.
Openflow : fedgovacl : nlbclusteracl: 0 0 0 st-sjc-s5000-29# Enabling the FCoE Transit Feature The following sections describe how to enable FCoE transit. NOTE: FCoE transit is disabled by default. To enable this feature, you must follow the Configuring FIP Snooping. As soon as you enable the FCoE transit feature on a switch-bridge, existing VLAN-specific and FIP snooping configurations are applied.
Configure a Port for a Bridge-to-FCF Link If a port is directly connected to an FCF, configure the port mode as FCF. Initially, all FCoE traffic is blocked; only FIP frames are allowed to pass. NOTE: FCoE-Trusted Port mode used to connect to another FIP snooping bridge (bridge-bridge link) is not supported on the S5000 switch. FCoE traffic is allowed on the port only after a successful fabric login (FLOGI) request/response and confirmed use of the configured FC-MAP value for the VLAN.
Impact on Other Software Features When you enable FIP snooping on a switch, other software features are impacted. The following table lists the impact of FIP snooping. Table 27. Impact of Enabling FIP Snooping Impact Description MAC address learning MAC address learning is not performed on FIP and FCoE frames, which are denied by ACLs dynamically created by FIP snooping on server-facing ports in ENode mode.
Configuring FIP Snooping You can enable FIP snooping globally on all FCoE VLANs on a switch or on an individual FCoE VLAN in bridge-to-FCF links. By default, FIP snooping is disabled. NOTE: When you configure the S5000 as an NPIV proxy gateway and enable Fibre Channel capability (the feature fc command), FIP snooping is automatically enabled on all VLANs on the switch, using the default FIP snooping settings. Only the fip-snooping max-sessions-per-enodemac command is supported to configure FIP snooping. 1.
Displaying FIP Snooping Information To display information on FIP snooping, use the following show commands. Table 28. Displaying FIP Snooping Information Command Output show fip-snooping sessions [interface vlan vlan-id] Displays information on FIP-snooped sessions on all VLANs or a specified VLAN, including the ENode interface and MAC address, the FCF interface and MAC address, VLAN ID, FCoE MAC address and FCoE session ID number (FC-ID), worldwide node name (WWNN) and the worldwide port name (WWPN).
The following table describes the show fip-snooping sessions command fields. Table 29. show fip-snooping sessions Command Description Field Description ENode MAC MAC address of the ENode. ENode Interface Slot/ port number of the interface connected to the ENode. FCF MAC MAC address of the FCF. FCF Interface Slot/ port number of the interface to which the FCF is connected. VLAN VLAN ID number the session uses. FCoE MAC MAC address of the FCoE session the FCF assigns.
Table 31. show fip-snooping fcf Command Description Field Description FCF MAC MAC address of the FCF. FCF Interface Slot/port number of the interface to which the FCF is connected. VLAN VLAN ID number the session uses. FC-MAP FC-Map value the FCF advertises. ENode Interface Slot/number of the interface connected to the ENode. FKA_ADV_PERIOD Period of time (in milliseconds) during which FIP keep-alive advertisements are transmitted. No of ENodes Number of ENodes connected to the FCF.
The following example shows the show fip-snooping statistics port-channel command.
Field Description Number of FDISC Accepts Number of FIP FDISC accept frames received on the interface. Number of FDISC Rejects Number of FIP FDISC reject frames received on the interface. Number of FLOGO Accepts Number of FIP FLOGO accept frames received on the interface. Number of FLOGO Rejects Number of FIP FLOGO reject frames received on the interface. Number of CVLs Number of FIP clear virtual link frames received on the interface.
FCoE Transit Configuration Example The following illustration shows an S5000 switch enabled for FCoE transit and used as a FIP snooping bridge for FCoE traffic between an ENode (server CNA) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. Figure 43. Configuration Example of FCoE Transit on an S5000 Switch In this example, DCBx and PFC are enabled on the FIP snooping bridge and on the FCF ToR switch.
Dell(conf-if-te-0/1)# switchport Dell(conf-if-te-0/1)# protocol lldp Dell(conf-if-te-0/1-lldp)# dcbx port-role auto-downstream NOTE: A port is enabled by default for bridge-ENode links.
19 FIPS Cryptography Federal information processing standard (FIPS) cryptography provides cryptographic algorithms conforming to various FIPS standards published by the National Institute of Standards and Technology (NIST), a non-regulatory agency of the US Department of Commerce. FIPS mode is also validated for numerous platforms to meet the FIPS-140-2 standard for a software-based cryptographic module. This chapter describes how to enable FIPS cryptography requirements on Dell Networking platforms.
• • • All open SSH and Telnet sessions, as well as all SCP and FTP file transfers, are closed. Any existing host keys (both RSA and RSA1) are deleted from system memory and NVRAM storage. FIPS mode is enabled. – If you enable the SSH server when you enter the fips mode enable command, it is re-enabled for version 2 only. – If you re-enable the SSH server, a new RSA host key-pair is generated automatically. You can also manually create this keypair using the crypto key generate command.
Reload Type : normal-reload [Next boot : normal-reload] -- Unit 0 -Unit Type Status Next Boot Required Type Current Type Master priority Hardware Rev Num Ports Up Time Dell Networking Jumbo Capable POE Capable FIPS Mode Burned In MAC No Of MACs ... : Management Unit : online : online : S4810 - 52-port GE/TE/FG (SE) : S4810 - 52-port GE/TE/FG (SE) : 0 : 3.
Boot Selector Memory Size Serial Number Part Number Vendor Id Date Code Country Code Piece Part ID PPID Revision Service Tag Expr Svc Code Auto Reboot Last Restart Burned In MAC No Of MACs : : : : : : : : : : : : : : : 3.2.0.0a 3203928064 bytes Rev N/A N/A N/A N/A disabled powered-on 74:86:7a:ff:71:8c 3 -- Linecard 1 -Unit Type : Linecard Status : online Next Boot : online Required Type : Z9500LC12 - 12-port TE/FG (ZC) Hardware Rev : 1.
-- Power Supplies -Unit Bay Status Type FanStatus FanSpeed(rpm) Power Usage (W) ----------------------------------------------------------------------------0 0 up UNKNOWN up 3536 0.0 0 1 up UNKNOWN up 3504 0.0 0 2 up UNKNOWN up 3440 0.0 0 3 up UNKNOWN up 3440 0.0 Total power: 0.
20 Fibre Channel Interface The S5000 functions as a converged enhanced Ethernet (CEE) switch that supports both LAN and storage area network (SAN) traffic using the Fibre Channel protocol. To access a SAN fabric, use a Fibre Channel (FC) module installed in the S5000. S5000 FC ports operate at 2G, 4G, and 8G speed. By default, FC ports have autosensing speed enabled to use or negotiate port speed with a peer SAN switch.
INTERFACE FIBRE_CHANNEL mode speed {auto | 2G | 4G | 8G} The valid values are: 2, 4 Gbps or 8 Gbps or autosensing. The default is an FC port autosenses the speed of a peer FC port. 3. Enable the Fibre Channel port. INTERFACE FIBRE_CHANNEL mode no shutdown Displaying Fibre Channel Information To display information on switch-wide and interface-specific Fibre Channel operation, use the following commands. Examples of the show commands follow this table.
Field Description Information: Fibrechannel 0/0 is down, FC link is down Administrative state of the Fibre Channel interface (up/no shutdown or down/ shutdown) and operational state of the FC link (up or down). Pluggable media present, SFP+ type Pluggable optic is inserted in the port or not, and the SFP+ optic type. Wavelength Wavelength of the inserted optic. SFP+ receive power Power received on SFP+ optic. Interface index Index number of FC port.
Field Description LongFramesIn Number of long frames received. LossOfSync Number of loss of synchronization errors. ShortFramesIn Number of truncated frames received. RxLinkResets Number of link resets on received frames. TxLinkResets Number of link resets on transmitted frames. TotalLinkResets Total number of link resets. TotalRxFrames Total number of frames received. TotalTxFrames Total number of frames transmitted. RxOfflineSequences Number of offline sequences received.
Command Description create fcdump-support Gather information about the Fibre Channel operation and store the FC dump file in flash/ CORE_DUMP_DIR. Generates Syslog messages at the start and end of the FC dump file creation. change fctrace-level number Use for debugging purposes. Change the FC trace level used to record FC information in the FC trace file. The range is from 0 to 4, where: • 0 = Turns FC traces off. • 1 = Records FC error messages. • 2 = Records FC warning messages.
Built by build at tools-sjc-01 on Sat Mar 9 13:25:54 2013 S5000 Boot Selector Label 1.3.0.0m CPU0: Core: Clock P2020, Version: 2.1, (0x80e20021) E500, Version: 5.1, (0x80211051) Configuration: CPU0:1200 MHz, CPU1:1200 MHz, CCB:600 MHz, DDR:330 MHz (660 MT/s data rate) (Asynchronous), LBC:37.
Example of the show system stack-unit Command Dell#show system stack-unit 0 port-group portmode PortGroupId Ports Mode(Curr Boot) Mode(Next Boot) 0 0,1 FC FC 1 2,3 FC FC 2 4,5 ETH FC 3 6,7 FC ETH 4 8,9 FC FC 5 10,11 FC FC Dell# 342 Fibre Channel Interface
21 Force10 Resilient Ring Protocol (FRRP) Force10 resilient ring protocol (FRRP) provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree protocol (STP), though even with optimizations, STP can take up to 50 seconds to converge (depending on the size of network and node of failure) may require four to five seconds to reconverge.
Figure 44. Normal Operating FRRP Topology A virtual LAN (VLAN) is configured on all node ports in the ring. All ring ports must be members of the Member VLAN and the Control VLAN.
The Member VLAN is the VLAN used to transmit data as described earlier. The Control VLAN is used to perform the health checks on the ring. The Control VLAN can always pass through all ports in the ring, including the secondary port of the Master node. Ring Status The ring failure notification and the ring status checks provide two ways to ensure that the ring remains up and active in the event of a switch or port failure.
FRRP running on it: one for each ring. The example topology that follows shows R3 assuming the role of a Transit node for both FRRP 101 and FRRP 202. Figure 45. Example of Multiple Rings Connected by a Single Switch Important FRRP Points FRRP provides a convergence time that can generally range between 150 ms and 1500 ms for Layer 2 networks. The Master node originates a high-speed frame that circulates around the ring. This frame, appropriately, sets up or breaks down the ring.
• Ring health frames (RHF) – Hello RHF: sent at 500 ms (hello interval); Only the Master node transmits and processes Hello RHF. – Topology Change RHF: triggered updates; processed at all nodes. Important FRRP Concepts The following table lists some important FRRP concepts. Concept Explanation Ring ID Each ring has a unique 8-bit ring ID through which the ring is identified (for example, FRRP 101 and FRRP 202, as shown in the illustration in Member VLAN Spanning Two Rings Connected by One Switch.
Implementing FRRP • FRRP is media and speed independent. • FRRP is a Dell proprietary protocol that does not interoperate with any other vendor. • You must disable the spanning tree protocol (STP) on both the Primary and Secondary interfaces before you can enable FRRP. • All ring ports must be Layer 2 ports. This is required for both Master and Transit nodes. • A VLAN configured as a control VLAN for a ring cannot be configured as a control or member VLAN for any other ring.
• You cannot configure a VLAN as both a control VLAN and member VLAN on the same ring. • Only two interfaces can be members of a control VLAN (the Master Primary and Secondary ports). • Member VLANs across multiple rings are not supported in Master nodes. To create the control VLAN for this FRRP group, use the following commands on the switch that is to act as the Master node. 1. Create a VLAN with this ID number. CONFIGURATION mode. interface vlan vlan-id The VLAN ID range is from 1 to 4094. 2.
• All VLANS must be in Layer 2 mode. • Tag control VLAN ports. Member VLAN ports, except the Primary/Secondary interface, can be tagged or untagged. • The control VLAN must be the same for all nodes on the ring. To create the Members VLANs for this FRRP group, use the following commands on all of the Transit switches in the ring. 1. Create a VLAN with this ID number. CONFIGURATION mode. interface vlan vlan-id The VLAN ID range is from 1 to 4094. 2.
• Enter the desired intervals for Hello-Interval or Dead-Interval times. CONFIG-FRRP mode. timer {hello-interval|dead-interval} milliseconds – Hello-Interval: the range is from 50 to 2000, in increments of 50 (default is 500). – Dead-Interval: the range is from 50 to 6000, in increments of 50 (default is 1500). Clearing the FRRP Counters To clear the FRRP counters, use one of the following commands. • Clear the counters associated with this Ring ID. EXEC PRIVELEGED mode.
• There can be only one Master node for any FRRP group. • You can configure FRRP on Layer 2 interfaces only. • Spanning Tree (if you enable it globally) must be disabled on both Primary and Secondary interfaces when you enable FRRP. – When the interface ceases to be a part of any FRRP process, if you enable Spanning Tree globally, also enable it explicitly for the interface. • The maximum number of rings allowed on a chassis is 255.
no shutdown ! interface GigabitEthernet 2/31 no ip address switchport no shutdown ! interface Vlan 101 no ip address tagged GigabitEthernet 2/14,31 no shutdown ! interface Vlan 201 no ip address tagged GigabitEthernet 2/14,31 no shutdown ! protocol frrp 101 interface primary GigabitEthernet 2/14 secondary GigabitEthernet 2/31 control-vlan 101 member-vlan 201 mode transit no disable Example of R3 TRANSIT interface GigabitEthernet 3/14 no ip address switchport no shutdown ! interface GigabitEthernet 3/21 no i
22 GARP VLAN Registration Protocol (GVRP) Typical virtual local area network (VLAN) implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GVRP, defined by the IEEE 802.1q specification, is a Layer 2 network protocol that provides for automatic VLAN configuration of switches. The GARP VLAN registration protocol (GVRP)-compliant switches use GARP to register and de-register attribute values, such as VLAN IDs, with each other.
Figure 47. Global GVRP Configuration Example Basic GVRP configuration is a two-step process: 1. Enabling GVRP Globally 2. Enabling GVRP on a Layer 2 Interface Related Configuration Tasks • • Configure GVRP Registration Configure a GARP Timer Enabling GVRP Globally To configure GVRP globally, use the following command. • Enable GVRP for the entire switch.
no disable Dell(config-gvrp)# To inspect the global configuration, use the show gvrp brief command. Enabling GVRP on a Layer 2 Interface To enable GVRP on a Layer 2 interface, use the following command. • Enable GVRP on a Layer 2 interface.
no shutdown Dell(conf-if-te-1/21)# Configure a GARP Timer Set GARP timers to the same values on all devices that are exchanging information using GVRP. There are three GARP timer settings. • Join — A GARP device reliably transmits Join messages to other devices by sending each Join message two times. To define the interval between the two sending operations of each Join message, use this parameter. The Dell Networking OS default is 200 ms.
23 High Availability (HA) High availability (HA) is a collection of features that preserves system continuity by maximizing uptime and minimizing packet loss during system disruptions. High Availability on Stacks A stack has a master and standby management unit that provide redundancy in a similar way to redundant route processor modules (RPMs).
• Protocol independent multicast — sparse mode • Intermediate system to intermediate system Software Resiliency During normal operations, Dell Networking OS monitors the health of both hardware and software components in the background to identify potential failures, even before these failures manifest. System Health Monitoring Dell Networking OS also monitors the overall health of the system.
Component Redundancy Dell Networking systems eliminate single points of failure by providing dedicated or load-balanced redundancy for each component. Automatic and Manual Stack Unit Failover Stack unit failover is the process of the standby unit becoming a management unit. Dell Networking OS fails over to the standby stack unit when: 1. Communication is lost between the standby and primary stack unit. 2. You request a failover via the CLI.
Forcing an Stack Unit Failover To force an Stack unit failover, use the following command. Use this feature when you are replacing a stack unit and when you are performing a warm upgrade. • To trigger a stack unit failover. EXEC Privilege mode redundancy force-failover stack-unit Example of the redundancy force-failover stack-unit Command Dell#redundancy force-failover stack-unit System configuration has been modified.
24 Internet Group Management Protocol (IGMP) Multicast is premised on identifying many hosts by a single destination IP address; hosts represented by the same IP address are a multicast group. The internet group management protocol (IGMP) is a Layer 3 multicast protocol that hosts use to join or leave a multicast group.
Figure 48. IGMP Messages in IP Packets Join a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier or it may send an unsolicited report to its querier. Responding to an IGMP Query The following describes how a host can join a multicast group. 1. One router on a subnet is elected as the querier. The querier periodically multicasts (to all-multicast-systems address 224.0.0.1) a general query to all hosts on the subnet. 2.
• To enable filtering, routers must keep track of more state information, that is, the list of sources that must be filtered. An additional query type, the Group-and-Source-Specific Query, keeps track of state changes, while the Group-Specific and General queries still refresh the existing state.
3. The host’s third message indicates that it is only interested in traffic from sources 10.11.1.1 and 10.11.1.2. Because this request again prevents all other sources from reaching the subnet, the router sends another group-and-source query so that it can satisfy all other hosts. There are no other interested hosts so the request is recorded. Figure 51.
Figure 52. Membership Queries: Leaving and Staying Configure IGMP Configuring IGMP is a two-step process. 1. Enable multicast routing using the ip multicast-routing command. 2. Enable a multicast routing protocol.
Viewing IGMP Enabled Interfaces Interfaces that are enabled with PIM-SM are automatically enabled with IGMP. To view IGMP-enabled interfaces, use the following command. • View IGMP-enabled interfaces. EXEC Privilege mode show ip igmp interface Example of the show ip igmp interface Command Dell#show ip igmp interface tengig 7/16 TenGigabitEthernet 7/16 is up, line protocol is up Internet address is 10.87.3.
• View both learned and statically configured IGMP groups. EXEC Privilege mode show ip igmp groups Example of the show ip igmp groups Command Dell(conf-if-te-1/0)#do sho ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Uptime Expires Last Reporter 224.1.1.1 TenGigabitEthernet 1/0 00:00:03 Never CLI 224.1.2.1 TenGigabitEthernet 1/0 00:56:55 00:01:22 1.1.1.2 Adjusting Timers The following sections describe viewing and adjusting timers.
Enabling IGMP Immediate-Leave If the querier does not receive a response to a group-specific or group-and-source query, it sends another (querier robustness value). Then, after no response, it removes the group from the outgoing interface for the subnet. IGMP immediate leave reduces leave latency by enabling a router to immediately delete the group membership on an interface after receiving a Leave message (it does not send any group-specific or group-and-source queries before deleting the entry).
Related Configuration Tasks • Enabling IGMP Immediate-Leave • Disabling Multicast Flooding • Specifying a Port as Connected to a Multicast Router • Configuring the Switch as Querier Example of ip igmp snooping enable Command Dell(conf)#ip igmp snooping enable Dell(conf)#do show running-config igmp ip igmp snooping enable Dell(conf)# Removing a Group-Port Association To configure or view the remove a group-port association feature, use the following commands.
Disabling Multicast Flooding If the switch receives a multicast packet that has an IP address of a group it has not learned (unregistered frame), the switch floods that packet out of all ports on the VLAN. When you configure the no ip igmp snooping flood command, the system drops the packets immediately. The system does not forward the frames on mrouter ports, even if they are present. Disable Layer 3 multicast (no ip multicast-routing) in order to disable multicast flooding.
Fast Convergence after MSTP Topology Changes The following describes the fast convergence feature. When a port transitions to the Forwarding state as a result of an STP or MSTP topology change, Dell Networking OS sends a general query out of all ports except the multicast router ports. The host sends a response to the general query and the forwarding database is updated without having to wait for the query interval to expire.
Application Name Port Number Client SNMP 162 for SNMP Traps (client), Supported Server 161 for SNMP MIB response (server) NTP 123 Supported DNS 53 Supported FTP 20/21 Supported Syslog 514 Supported Telnet 23 Supported TFTP 69 Supported Radius 1812,1813 Supported Tacacs 49 Supported HTTP 80 for httpd Supported Supported Supported 443 for secure httpd 8008 HTTP server port for confd application 8888 secure HTTP server port for confd application If you configure a source int
• Applications can be configured or unconfigured as management applications using the application or no application command. All configured applications are considered as management applications and the rest of them as non-management applications. • All the management routes (connected, static and default) are duplicated and added to the management EIS routing table. • Any new management route added is installed to both the EIS routing table and default routing table.
application, then sin_port of destination sockaddr structure is set to Management EIS ID 2 so that route lookup can be done in the management EIS routing table. • To ensure that protocol separation is done only for switch initiated traffic where the application acts as client, only the destination TCP/UDP port is compared and not the source TCP/UDP port. The source TCP/UDP port becomes a known port number when the box acts as server. • TFTP is an exception to the preceding logic.
applications takes a preference for ip1 as source IP and uses the management network to reach the destination. If the management port is down or the route lookup in EIS routing table fails, ip2 is the source IP and the front-panel port is used to reach the destination. The fallback route between the management and data networks is used in such a case. At any given time, end users can access Dell Networking OS applications using either ip1 or ip2.
Switch-Destined Traffic This phenomenon occurs where traffic is terminated on the switch. Traffic has not originated from the switch and is not transiting the switch. The switch accepts all traffic destined to the switch, which is received on management or front-end data port. Response traffic with management port IP address as source IP address is handled in the same manner as switch originated traffic. Switch-Originated Traffic This phenomenon occurs where traffic is originating from the switch. 1.
Protocol Behavior when EIS is Enabled Behavior when EIS is Disabled tacacs EIS Behavior Default Behavior telnet EIS Behavior Default Behavior tftp EIS Behavior Default Behavior icmp (ping and traceroute) EIS Behavior for ICMP Default Behavior Behavior of Various Applications for Switch-Destined Traffic This section describes the different system behaviors that occur when traffic is terminated on the switch. Traffic has not originated from the switch and is not transiting the switch.
VLT feature is for the front-end port only. Because this feature is specific to the management port, this feature can coexist with VLT and nothing specific needs to be done in this feature to handle VLT scenario. DHCP • If DHCP Client is enabled on the management port, a management default route is installed to the switch. • If management EIS is enabled, this default route is added to the management EIS routing table and the default routing table.
25 Interfaces This chapter describes interface types, both physical and logical, and how to configure them with Dell Networking Operating System (OS). • The system supports 10 Gigabit Ethernet and 40 Gigabit Ethernet interfaces. NOTE: Only Dell-qualified optics are supported on these interfaces. Non-Dell optics are set to error-disabled state by default.
Interface Types The following table describes different interface types. Table 37.
Input Statistics: 0 packets, 0 bytes 0 Vlans 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics: 3 packets, 192 bytes, 0 underruns 3 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 3 Broadcasts, 0 Unicasts 0 Vlans, 0 throttles, 0 discarded, 0 co
Resetting an Interface to its Factory Default State You can reset the configurations applied on an interface to its factory default state. To reset the configuration, perform the following steps: 1. View the configurations applied on an interface. INTERFACE mode show config Dell(conf-if-te-1/5)#show config ! interface TenGigabitEthernet 1/5 no ip address portmode hybrid switchport rate-interval 8 mac learning-limit 10 no-station-move no shutdown 2. Reset an interface to its factory default state.
Physical Interfaces The Management Ethernet interface is a single RJ-45 Fast Ethernet port on a switch. The interface provides dedicated management access to the system. Stack-unit interfaces support Layer 2 and Layer 3 traffic over the 10-Gigabit Ethernet and 40-Gigabit Ethernet, 25–Gigabit Ethernet, 40–Gigabit Ethernet, 50–Gigabit Ethernet, and 100–Gigabit Ethernet interfaces. These interfaces can also become part of virtual interfaces such as virtual local area networks (VLANs) or port channels.
Configuring Layer 2 (Data Link) Mode Do not configure switching or Layer 2 protocols such as spanning tree protocol (STP) on an interface unless the interface has been set to Layer 2 mode. To set Layer 2 data transmissions through an individual interface, use the following command. • Enable Layer 2 data transmissions through an individual interface.
interface TenGigabitEthernet 1/2 no ip address switchport no shutdown Dell(conf-if)#ip address 10.10.1.1 /24 % Error: Port is in Layer 2 mode Te 1/2. Dell(conf-if)# To determine the configuration of an interface, use the show config command in INTERFACE mode or the various show interface commands in EXEC mode. Configuring Layer 3 (Interface) Mode To assign an IP address, use the following commands. • Enable the interface.
Important Points to Remember • Deleting a management route removes the route from both the EIS routing table and the default routing table. • If the management port is down or route lookup fails in the management EIS routing table, the outgoing interface is selected based on route lookup from the default routing table. • If a route in the EIS table conflicts with a front-end port route, the front-end port route has precedence.
Viewing Two Global IPv6 Addresses Important Points to Remember — virtual-ip You can configure two global IPv6 addresses on the system in EXEC Privilege mode. To view the addresses, use the show interface managementethernet command, as shown in the following example. If you try to configure a third IPv6 address, an error message displays. If you enable auto-configuration, all IPv6 addresses on that management interface are auto-configured.
• Primary and secondary management interface IP and virtual IP must be in the same subnet. To view the Primary RPM Management port, use the show interface Managementethernet command in EXEC Privilege mode. If there are two RPMs, you cannot view information on that interface. Configuring a Management Interface on an Ethernet Port You can manage the system through any port using remote access such as Telnet. To configure an IP address for the port, use the following commands.
NOTE: You cannot simultaneously use egress rate shaping and ingress rate policing on the same VLAN. Dell Networking OS supports Inter-VLAN routing (Layer 3 routing in VLANs). You can add IP addresses to VLANs and use them in routing protocols in the same manner that physical interfaces are used. For more information about configuring different routing protocols, refer to the chapters on the specific protocol.
Null Interfaces The Null interface is another virtual interface. There is only one Null interface. It is always up, but no traffic is transmitted through this interface. To enter INTERFACE mode of the Null interface, use the following command. • Enter INTERFACE mode of the Null interface. CONFIGURATION mode interface null 0 The only configurable command in INTERFACE mode of the Null interface is the ip unreachable command.
Member ports of a LAG are added and programmed into the hardware in a predictable order based on the port ID, instead of in the order in which the ports come up. With this implementation, load balancing yields predictable results across line card resets and chassis reloads. A physical interface can belong to only one port channel at a time. Each port channel must contain interfaces of the same interface type/speed. Port channels can contain a mix of 1G/10G/40G.
After you enable the port channel, you can place it in Layer 2 or Layer 3 mode. To place the port channel in Layer 2 mode or configure an IP address to place the port channel in Layer 3 mode, use the switchport command. You can configure a port channel as you would a physical interface by enabling or configuring protocols or assigning access control lists.
The following example shows the port channel’s mode (L2 for Layer 2 and L3 for Layer 3 and L2L3 for a Layer 2-port channel assigned to a routed VLAN), the status, and the number of interfaces belonging to the port channel. Dell>show interface port-channel 20 Port-channel 20 is up, line protocol is up Hardware address is 00:01:e8:01:46:fa Internet address is 1.1.120.
INTERFACE PORT-CHANNEL mode interface port-channel id number 3. Add the interface to the second port channel. INTERFACE PORT-CHANNEL mode channel-member interface Example of Moving an Interface to a New Port Channel The following example shows moving the TenGigabitEthernet 1/8 interface from port channel 4 to port channel 3.
untagged port-channel id number • An interface without tagging enabled can belong to only one VLAN. Remove the port channel with tagging enabled from the VLAN. INTERFACE VLAN mode no tagged port-channel id number or no untagged port-channel id number • Identify which port channels are members of VLANs. EXEC Privilege mode show vlan Configuring VLAN Tags for Member Interfaces To configure and verify VLAN tags for individual members of a port channel, perform the following: 1.
– secondary: the IP address is the interface’s backup IP address. You can configure up to eight secondary IP addresses. Deleting or Disabling a Port Channel To delete or disable a port channel, use the following commands. • Delete a port channel. CONFIGURATION mode • no interface portchannel channel-number Disable a port channel. shutdown When you disable a port channel, all interfaces within the port channel are operationally down also.
The hash-algorithm command is specific to ECMP group. The default ECMP hash configuration is crc-lower. This command takes the lower 32 bits of the hash key to compute the egress port.
• Create a Multiple-Range • Exclude Duplicate Entries • Exclude a Smaller Port Range • Overlap Port Ranges • Commas • Add Ranges Create a Single-Range The following is an example of a single range. Example of the interface range Command (Single Range) Dell(config)# interface range tengigabitethernet 1/1 - 23 Dell(config-if-range-te-1/1-23)# no shutdown Dell(config-if-range-te-1/1-23)# Create a Multiple-Range The following is an example of multiple range.
Add Ranges The following example shows how to use commas to add VLAN and port-channel interfaces to the range. Example of Adding VLAN and Port-Channel Interface Ranges Dell(config-if-range-te-1/1-2)# interface range Vlan 2 – 100 , Port 1 – 25 Dell(config-if-range-te-1/1-2-vl-2-100-po-1-25)# no shutdown Defining Interface Range Macros You can define an interface-range macro to automatically select a range of interfaces for configuration.
Example of the monitor interface Command The information displays in a continuous run, refreshing every 2 seconds by default. To manage the output, use the following keys. • m — Change mode • l — Page up • T — Increase refresh interval (by 1 second) • t — Decrease refresh interval (by 1 second) • c — Clear screen • a — Page down • q — Quit Dell#monitor interface Te 3/1 Dell uptime is 1 day(s), 4 hour(s), 31 minute(s) Monitor time: 00:00:00 Refresh Intvl.
EXEC Privilege mode tdr-cable-test tengigabitethernet slot/port Between two ports, do not start the test on both ends of the cable. Enable the interface before starting the test. Enable the port to run the test or the test prints an error message. 2. Displays TDR test results.
Gigabit port and you can use only that port for data transfer. As a result, only the first fanned-out port is identified as the active 10 Gigabit port with a speed of 10G or 1G depending on whether you insert an SFP+ or SFP cable respectively. NOTE: Although it is possible to configure the remaining three 10 Gigabit ports, the Link UP event does not occur for these ports leaving the lanes unusable. Dell Networking OS perceives these ports to be in a Link Down state.
NOTE: In the following show interfaces tengigbitethernet commands, the ports 1,2, and 3 are inactive and no physical SFP or SFP+ connection actually exists on these ports. However, Dell Networking OS still perceives these ports as valid and the output shows that pluggable media (optical cables) is inserted into these ports. This is a software limitation for this release.
……………… Dell#show interfaces tengigabitethernet 0/7 transceiver SFP 0 Serial ID Base Fields SFP 0 Id = 0x0d SFP 0 Ext Id = 0x00 SFP 0 Connector = 0x23 SFP 0 Transceiver Code = 0x08 0x00 0x00 0x00 0x00 0x00 0x00 0x00 SFP 0 Encoding = 0x00 ……………… Dell#show interfaces tengigabitethernet 0/8 transceiver QSFP 0 Serial ID Base Fields QSFP 0 Id = 0x0d QSFP 0 Ext Id = 0x00 QSFP 0 Connector = 0x23 QSFP 0 Transceiver Code = 0x08 0x00 0x00 0x00 0x00 0x00 0x00 0x00 QSFP 0 Encoding = 0x00 ……………… ……………… QSFP 0 Diagnostic
tengigabitethernet 0/1 is up, line protocol is down Hardware is DellEth, address is 90:b1:1c:f4:9a:fa Current address is 90:b1:1c:f4:9a:fa Pluggable media present, SFP+ type is 10GBASE-SX ………. LineSpeed 10000 Mbit Dell#show interfaces tengigabitethernet 0/3 tengigabitethernet 0/1 is up, line protocol is down Hardware is DellEth, address is 90:b1:1c:f4:9a:fa Current address is 90:b1:1c:f4:9a:fa Pluggable media present, SFP+ type is 10GBASE-SX ……….
0 0 0 0 0 0 0 0 0 4 5 6 7 8 9 10 11 12 SFP SFP SFP SFP QSFP QSFP QSFP QSFP QSFP 10GBASE-SX 10GBASE-SX 10GBASE-SX 10GBASE-SX 4x10GBASE-CR1-3M 4x10GBASE-CR1-3M 4x10GBASE-CR1-3M 4x10GBASE-CR1-3M 40GBASE-SR4 APF12420031B3P APF12420031B3P APF12420031B3P APF12420031B3P APF12420031B3P APF12420031B3P APF12420031B3P APF12420031B3P Link Dampening Interface state changes occur when interfaces are administratively brought up or down or if an interface state changes.
Te 1/2Up21200205001500300 Te 1/2Down4850306002000120 To view a dampening summary for the entire system, use the show interfaces dampening summary command from EXEC Privilege mode. Dell# show interfaces dampening summary 20 interfaces are configured with dampening. 3 interfaces are currently suppressed. Following interfaces are currently suppressed: Te 1/2 Te 3/1 Te 4/2 Dell# Clearing Dampening Counters To clear dampening counters and accumulated penalties, use the following command.
consecutive instances. Any deviation within that time sends Syslog and an alarm event generates. When the deviation clears, another Syslog sends and a clear alarm event generates. The link bundle utilization is calculated as the total bandwidth of all links divided by the total bytes-per-second of all links. If you enable monitoring, the utilization calculation is performed when the utilization of the link-bundle (not a link within a bundle) exceeds 60%.
Enabling Pause Frames Enable Ethernet pause frames flow control on all ports on a chassis or a line card. If not, the system may exhibit unpredictable behavior. NOTE: Changes in the flow-control values may not be reflected automatically in the show interface output. As a workaround, apply the new settings, execute shut then no shut on the interface, and then check the running-config of the port. NOTE: If you disable rx flow control, Dell Networking recommends rebooting the system.
• All members must have the same link MTU value and the same IP MTU value. • The port channel link MTU and IP MTU must be less than or equal to the link MTU and IP MTU values configured on the channel members. For example, if the members have a link MTU of 2100 and an IP MTU 2000, the port channel’s MTU values cannot be higher than 2100 for link MTU or 2000 bytes for IP MTU. VLANs: • All members of a VLAN must have the same IP MTU value. • Members can have different Link MTU values.
3. Access CONFIGURATION mode. EXEC Privilege mode config 4. Access the port. CONFIGURATION mode interface interface slot/port 5. Set the local port speed. INTERFACE mode speed {10 | 100 | 1000 | auto} 6. Optionally, set full- or half-duplex. INTERFACE mode duplex {half | full} 7. Disable auto-negotiation on the port. INTERFACE mode no negotiation auto If the speed was set to 1000, do not disable auto-negotiation. 8. Verify configuration changes.
speed 100 duplex full no shutdown Set Auto-Negotiation Options The negotiation auto command provides a mode option for configuring an individual port to forced master/ forced slave once auto-negotiation is enabled. CAUTION: Ensure that only one end of the node is configured as forced-master and the other is configured as forcedslave.
Dell#show ip interface br tengigabitEthernet 1 configured Dell#show running-config interfaces configured Dell#show running-config interface tengigabitEthernet 1 configured In EXEC mode, the show interfaces switchport command displays only interfaces in Layer 2 mode and their relevant configuration information. The show interfaces switchport command displays the interface, whether it supports IEEE 802.1Q tagging or not, and the VLANs to which the interface belongs.
0 throttles, 0 discarded Rate info (interval 299 seconds): Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.
• Clear the counters used in the show interface commands for all VRRP groups, VLANs, and physical interfaces or selected ones. Without an interface specified, the command clears all interface counters. EXEC Privilege mode clear counters [interface] [vrrp [vrid] | learning-limit] (OPTIONAL) Enter the following interface keywords and slot/port or number information: – For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information.
26 Internet Protocol Security (IPSec) Internet protocol security (IPSec) is an end-to-end security scheme for protecting IP communications by authenticating and encrypting all packets in a communication session. Use IPSec between hosts, between gateways, or between hosts and gateways. IPSec is compatible with Telnet and FTP protocols. It supports two operational modes: Transport and Tunnel. • Transport mode — (default) Use to encrypt only the payload of the packet. Routing information is unchanged.
CONFIGURATION mode crypto ipsec policy myCryptoPolicy 10 ipsec-manual transform-set myXform-set session-key inbound esp 256 auth encrypt session-key outbound esp 257 auth encrypt match 0 tcp a::1 /128 0 a::2 /128 23 match 1 tcp a::1 /128 23 a::2 /128 0 match 2 tcp a::1 /128 0 a::2 /128 21 match 3 tcp a::1 /128 21 a::2 /128 0 match 4 tcp 1.1.1.1 /32 0 1.1.1.2 /32 23 match 5 tcp 1.1.1.1 /32 23 1.1.1.2 /32 0 match 6 tcp 1.1.1.1 /32 0 1.1.1.2 /32 21 match 7 tcp 1.1.1.1 /32 21 1.1.1.
27 IPv4 Routing The Dell Networking Operating System (OS) supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking OS.
Assigning IP Addresses to an Interface Assign primary and secondary IP addresses to physical or logical (for example, [virtual local area network [VLAN] or port channel) interfaces to enable IP communication between the system and hosts connected to that interface. You can assign one primary address and up to 255 secondary IP addresses to each interface. 1. Enter the keyword interface then the type of interface and slot/port information. CONFIGURATION mode interface slot/port 2.
Use the following required and optional parameters: – vrf vrf-name : use the VRF option after the ip route keyword to configure a static route on that particular VRF, use the VRF option after the next hop to specify which VRF the next hop belongs to. This will be used in route leaking cases. – ip-address: enter an address in dotted decimal format (A.B.C.D). – mask: enter a mask in slash prefix-length format (/X). – interface: enter an interface type then the slot/port information.
CONFIGURATION mode management route ip-address mask {forwarding-router-address | ManagementEthernet slot/ port} Example of the show ip management-route Command To view the configured static routes for the management port, use the show ip management-route command in EXEC privilege mode. Dell#show ip management-route Destination ----------10.16.0.0/16 172.16.1.0/24 Gateway ------ManagementEthernet 1/1 10.16.151.
Configure the source to send the configured source interface IP address instead of using its front-end IP address in the ICMP unreachable messages and in the traceroute command output. Use the ip icmp source-interface interface or the ipv6 icmp source-interface interface commands in Configuration mode to enable the ICMP error messages to be sent with the source interface IP address. This functionality is supported on loopback, VLAN, port channel, and physical interfaces for IPv4 and IPv6 messages.
The following sections describe DNS and the resolution of host names. • Enabling Dynamic Resolution of Host Names • Specifying the Local System Domain and a List of Domains • Configuring DNS with Traceroute Name server, Domain name, and Domain list are VRF specific. The maximum number of Name servers and Domain lists per VRF is six. Enabling Dynamic Resolution of Host Names By default, dynamic resolution of host names (DNS) is disabled. To enable DNS, use the following commands.
ip domain-list name Configure this command up to six times to specify a list of possible domain names. Dell Networking OS searches the domain names in the order they were configured until a match is found or the list is exhausted. Configuring DNS with Traceroute To configure your switch to perform DNS with traceroute, use the following commands. • Enable dynamic resolution of host names. CONFIGURATION mode ip domain-lookup • Specify up to six name servers.
For more information about Proxy ARP, refer to RFC 925, Multi-LAN Address Resolution, and RFC 1027, Using ARP to Implement Transparent Subnet Gateways. Configuration Tasks for ARP For a complete listing of all ARP-related commands, refer to the Dell Networking OS Command Line Reference Guide.
To view if Proxy ARP is enabled on the interface, use the show config command in INTERFACE mode. If it is not listed in the show config command output, it is enabled. Only non-default information is displayed in the show config command output. Clearing ARP Cache To clear the ARP cache of dynamically learnt ARP information, use the following command. • Clear the ARP caches for all interfaces or for a specific interface by entering the following information.
Figure 53. ARP Learning via ARP Request Beginning with Dell Networking OS version 8.3.1.0, when you enable ARP learning via gratuitous ARP, the system installs a new ARP entry, or updates an existing entry for all received ARP requests. Figure 54. ARP Learning via ARP Request with ARP Learning via Gratuitous ARP Enabled Whether you enable or disable ARP learning via gratuitous ARP, the system does not look up the target IP.
• The range is from 1 to 3600. Display all ARP entries learned via gratuitous ARP. EXEC Privilege mode show arp retries ICMP For diagnostics, the internet control message protocol (ICMP) provides routing information to end stations by choosing the best route (ICMP redirect messages) or determining if a router is reachable (ICMP Echo or Echo Reply). ICMP error messages inform the router of problems in a particular packet. These messages are sent only on unicast traffic.
• UDP helper is compatible with IP helper (ip helper-address): – UDP broadcast traffic with port number 67 or 68 are unicast to the dynamic host configuration protocol (DHCP) server per the ip helper-address configuration whether or not the UDP port list contains those ports. – If the UDP port list contains ports 67 or 68, UDP broadcast traffic is forwarded on those ports. Enabling UDP Helper To enable UDP helper, use the following command. • Enable UPD helper.
0 packets, 0 bytes Time since last interface status change: 00:07:44 Configurations Using UDP Helper When you enable UDP helper and the destination IP address of an incoming packet is a broadcast address, Dell Networking OS suppresses the destination address of the packet. The following sections describe various configurations that employ UDP helper to direct broadcasts.
UDP Helper with Subnet Broadcast Addresses When the destination IP address of an incoming packet matches the subnet broadcast address of any interface, the system changes the address to the configured broadcast address and sends it to matching interface. In the following illustration, Packet 1 has the destination IP address 1.1.1.255, which matches the subnet broadcast address of VLAN 101.
UDP Helper with No Configured Broadcast Addresses The following describes UDP helper with no broadcast addresses configured. • If the incoming packet has a broadcast destination IP address, the unaltered packet is routed to all Layer 3 interfaces. • If the Incoming packet has a destination IP address that matches the subnet broadcast address of any interface, the unaltered packet is routed to the matching interfaces.
28 IPv6 Routing Internet Protocol Version 6 (IPv6) is the successor to IPv4. Due to the rapid growth in internet users and IP addresses, IPv4 is reaching its maximum usage. IPv6 will eventually replace IPv4 usage to allow for the constant expansion. This chapter provides a brief description of the differences between IPv4 and IPv6, and the Dell Networking support of IPv6. This chapter is not intended to be a comprehensive description of IPv6. Protocol Overview IPv6 is an evolution of IPv4.
The router redirect functionality in the neighbor discovery protocol (NDP) is similar to IPv4 router redirect messages. NDP uses ICMPv6 redirect messages (Type 137) to inform nodes that a better router exists on the link. IPv6 Headers The IPv6 header has a fixed length of 40 bytes. This fixed length provides 16 bytes each for source and destination information and eight bytes for general header information.
NOTE: All packets in the flow must have the same source and destination addresses. Payload Length (16 bits) The Payload Length field specifies the packet payload. This is the length of the data following the IPv6 header. IPv6 Payload Length only includes the data following the header, not the header itself. The Payload Length limit of 2 bytes requires that the maximum packet payload be 64 KB. However, the Jumbogram option type Extension header supports larger packet sizes when required.
Source Address (128 bits) The Source Address field contains the IPv6 address for the packet originator. Destination Address (128 bits) The Destination Address field contains the intended recipient’s IPv6 address. This can be either the ultimate destination or the address of the next hop router. Extension Header Fields Extension headers are used only when necessary. Due to the streamlined nature of the IPv6 header, adding extension headers do not severely impact performance.
The third byte specifies whether the information can change en route to the destination. The value is 1 if it can change; the value is 0 if it cannot change. Addressing IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). For example, 2001:0db8:0000:0000:0000:0000:1428:57ab is a valid IPv6 address. If one or more four-digit group(s) is 0000, the zeros may be omitted and replaced with two colons(::).
ICMPv6 ICMP for IPv6 combines the roles of ICMP, IGMP and ARP in IPv4. Like IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting. The Dell Networking OS implementation of ICMPv6 is based on RFC 2463. Generally, ICMPv6 uses two message types: • Error reporting messages indicate when the forwarding or delivery of the packet failed at the destination or intermediate node.
NOTE: If a neighboring node does not have an IPv6 address assigned, it must be manually pinged to allow the IPv6 device to determine the relationship of the neighboring node. NOTE: To avoid problems with network discovery, Dell Networking recommends configuring the static route last or assigning an IPv6 address to the interface and assigning an address to the peer (the forwarding router’s address) less than 10 seconds apart. With ARP, each node broadcasts ARP requests on the entire link.
• Clearing IPv6 Routes Adjusting Your CAM-Profile Although adjusting your CAM-profile is not a mandatory step, if you plan to implement IPv6 ACLs, adjust your CAM settings. The CAM space is allotted in FP blocks. The total space allocated must equal 13 FP blocks. There are 16 FP blocks, but the System Flow requires three blocks that cannot be reallocated. You must enter the ipv6acl allocation as a factor of 2 (2, 4, 6, 8, 10). All other profile allocations can use either even or oddnumbered ranges.
– ipv6 address: x:x:x:x::x – mask: The prefix length is from 0 to 128. NOTE: IPv6 addresses are normally written as eight groups of four hexadecimal digits. Separate each group by a colon (:). Omitting zeros is accepted as described in Addressing. Assigning a Static IPv6 Route To configure IPv6 static routes, use the ipv6 route command.
SNMP over IPv6 You can configure SNMP over IPv6 transport so that an IPv6 host can perform SNMP queries and receive SNMP notifications from a device running Dell Networking OS IPv6. The Dell Networking OS SNMP-server commands for IPv6 have been extended to support IPv6. For more information regarding SNMP commands, refer to the SNMP and SYSLOG chapters in the Dell Networking OS Command Line Interface Reference Guide.
– For a Loopback interface, enter the keyword loopback then the Loopback number. – For a port-channel interface, enter the keywords port-channel then the port-channel number. – For a VLAN interface, enter the keyword vlan then the VLAN ID.
static Total 0 5 0 0 The following example shows the show ipv6 route command.
Clearing IPv6 Routes To clear routes from the IPv6 routing table, use the following command. • Clear (refresh) all or a specific route from the IPv6 routing table. EXEC mode clear ipv6 route {* | ipv6 address prefix-length} – *: all routes. – ipv6 address: the format is x:x:x:x::x. – mask: the prefix length is from 0 to 128. NOTE: IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:).
match ra{ipv6-access-list name | ipv6-prefix-list name | mac-access-list name} 8. Enable verification of the advertised other configuration parameter. POLICY LIST CONFIGURATION mode other-config-flag {on | off} 9. Enable verification of the advertised default router preference value. The preference value must be less than or equal to the specified limit. POLICY LIST CONFIGURATION mode router-preference maximum {high | low | medium} 10. Set the router lifetime.
trusted-port Dell(conf-ra_guard_policy_list)# Configuring IPv6 RA Guard on an Interface To configure the IPv6 Router Advertisement (RA) guard on an interface, perform the following steps: 1. Configure the terminal to enter the Interface mode. CONFIGURATION mode interface interface-type slot/port 2. Apply the IPv6 RA guard to a specific interface. INTERFACE mode ipv6 nd ra-guard attach policy policy-name [vlan [vlan 1, vland 2, vlan 3.....]] 3.
29 iSCSI Optimization This chapter describes how to configure internet small computer system interface (iSCSI) optimization, which enables quality-ofservice (QoS) treatment for iSCSI traffic. iSCSI Optimization Overview iSCSI is a TCP/IP-based protocol for establishing and managing connections between IP-based storage devices and initiators in a storage area network (SAN). iSCSI optimization provides a means of monitoring iSCSI sessions and applying quality of service (QoS) policies on iSCSI traffic.
Figure 61. Example of iSCSI Optimization Monitoring iSCSI Traffic Flows The switch snoops iSCSI session-establishment and termination packets by installing classifier rules that trap iSCSI protocol packets to the CPU for examination. Devices that initiate iSCSI sessions usually use well-known TCP ports 3260 or 860 to contact targets. When you enable iSCSI optimization, by default the switch identifies IP packets to or from these ports as iSCSI traffic.
other than 4, use the CoS dot1p-priority command (refer to QoS dot1p Traffic Classification and Queue Assignment). Dell Networking recommends setting the CoS dot1p priority-queue to 0 (zero). You can configure whether iSCSI frames are re-marked to contain the configured VLAN priority tag or IP DSCP when forwarded through the switch. NOTE: On a switch in which a large proportion of traffic is iSCSI, CoS queue assignments may interfere with other network control-plane traffic, such as ARP or LACP.
• Unicast storm control is disabled on the interface LLDP identifies. Configuring Detection and Ports for Dell Compellent Arrays To configure a port connected to a Dell Compellent storage array, use the following command. • Configure a port connected to a Dell Compellent storage array. INTERFACE Configuration mode iscsi profile-compellent The command configures a port for the best iSCSI traffic conditions.
Default iSCSI Optimization Values The following table lists the default values for the iSCSI optimization feature. Table 40. iSCSI Optimization Defaults Parameter Default Value iSCSI Optimization global setting Disabled iSCSI CoS mode (802.1p priority queue mapping) Enabled: dot1p priority 4 without the remark setting iSCSI CoS Packet classification VLAN classifies the iSCSI packets instead of by DSCP values.
• 3. ip-address specifies the IP address of the iSCSI target. When you enter the no form of the command, and the TCP port to be deleted is one bound to a specific IP address, the IP address value must be included in the command. Set the QoS policy that is applied to the iSCSI flows.
Displaying iSCSI Optimization Information To display information on iSCSI optimization, use the following show commands. • • • • Display the currently configured iSCSI settings. show iscsi Display information on active iSCSI sessions on the switch. show iscsi sessions Display detailed information on active iSCSI sessions on the switch. To display detailed information on specified iSCSI session, enter the session’s iSCSI ID.
VLT PEER2 Session 0: ------------------------------------------------------------Target:iqn.2010-11.com.ixia:ixload:iscsi-TG1 Initiator:iqn.2010-11.com.ixia.ixload:initiator-iscsi-2c Up Time:00:00:01:28(DD:HH:MM:SS) Time for aging out:00:00:09:34(DD:HH:MM:SS) ISID:806978696102 Initiator Initiator Target Target Connection IP Address TCP Port IP Address TCPPort ID 10.10.0.53 33432 10.10.0.
30 Intermediate System to Intermediate System Intermediate System to Intermediate System (IS-IS) protocol is an interior gateway protocol (IGP) that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. The IS-IS protocol standards are listed in the Standards Compliance chapter.
Figure 62. ISO Address Format Multi-Topology IS-IS Multi-topology IS-IS (MT IS-IS) allows you to create multiple IS-IS topologies on a single router with separate databases. Use this feature to place a virtual physical topology into logical routing domains, which can each support different routing and security policies. All routers on a LAN or point-to-point must have at least one common supported topology when operating in Multi-Topology IS-IS mode.
Graceful Restart Graceful restart is supported on the S5000 platform for both Helper and Restart modes. Graceful restart is a protocol-based mechanism that preserves the forwarding table of the restarting router and its neighbors for a specified period to minimize the loss of packets. A graceful-restart router does not immediately assume that a neighbor is permanently down and does not trigger a topology change.
By default, Dell Networking OS supports dynamic host name exchange to assist with troubleshooting and configuration. By assigning a name to an IS-IS NET address, you can track IS-IS information on that address easier. Dell Networking OS does not support ISO CLNS routing; however, the ISO NET format is supported for addressing. To support IPv6, the Dell Networking implementation of IS-IS performs the following tasks: • Advertises IPv6 information in the PDUs.
• Setting the Overload Bit • Debugging IS-IS Enabling IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS routing process and assign a NET address. To exchange protocol information with neighbors, enable IS-IS on an interface, instead of on a network as with other routing protocols. In IS-IS, neighbors form adjacencies only when they are same IS type. For example, a Level 1 router never forms an adjacency with a Level 2 router.
• mask: The prefix length is from 0 to 128. The IPv6 address must be on the same subnet as other IS-IS neighbors, but the IP address does not need to relate to the NET address. 6. Enable IS-IS on the IPv4 interface. ROUTER ISIS mode ip router isis [tag] If you configure a tag variable, it must be the same as the tag variable assigned in step 1. 7. Enable IS-IS on the IPv6 interface.
IS-IS: LSP authentication failures : 0 Dell# You can assign more NET addresses, but the System ID portion of the NET address must remain the same. Dell Networking OS supports up to six area addresses. Some address considerations are: • In order to be neighbors, configure Level 1 routers with at least one common area address. • A Level 2 router becomes a neighbor with another Level 2 router regardless of the area address configured.
The range is from 1 to 120 minutes. • The default is 5 minutes. Enable the graceful restart maximum wait time before a restarting peer comes up. ROUTER-ISIS mode graceful-restart restart-wait seconds When implementing this command, be sure to set the t3 timer to adjacency on the restarting router. The range is from 1 to 120 minutes. • The default is 30 seconds.
T3 Timer T3 Timeout Value T2 Timeout Value T1 Timeout Value Adjacency wait time : : : : : Operational Timer Value ====================== Current Mode/State : T3 Time left : T2 Time left : Restart ACK rcv count : Restart Req rcv count : Suppress Adj rcv count : Restart CSNP rcv count : Database Sync count : Manual 30 30 (level-1), 30 (level-2) 5, retry count: 1 30 Normal/RUNNING 0 0 (level-1), 0 0 (level-1), 0 0 (level-1), 0 0 (level-1), 0 0 (level-1), 0 0 (level-1), 0 (level-2) (level-2) (level-2) (lev
• Set the LSP size. ROUTER ISIS mode lsp-mtu size – size: the range is from 128 to 9195. • The default is 1497. Set the LSP refresh interval. ROUTER ISIS mode lsp-refresh-interval seconds – seconds: the range is from 1 to 65535. • The default is 900 seconds. Set the maximum time LSPs lifetime. ROUTER ISIS mode max-lsp-lifetime seconds – seconds: the range is from 1 to 65535. The default is 1200 seconds.
Metric Style Characteristics Cost Range Supported on IS-IS Interfaces transition Sends both wide (new) and narrow (old) TLVs. 0 to 63 narrow transition Sends narrow (old) TLVs and accepts both narrow (old) and wide (new) TLVs. 0 to 63 wide transition Sends wide (new) TLVs and accepts both narrow (old) and wide (new) TLVs. 0 to 16777215 To change the IS-IS metric style of the IS-IS process, use the following command. • Set the metric style for the IS-IS process.
• Assign a metric for an IPv6 link or interface. INTERFACE mode isis ipv6 metric default-metric [level-1 | level-2] – default-metric: the range is from 0 to 63 for narrow and transition metric styles. The range is from 0 to 16777215 for wide metric styles. The default is 10. The default level is level-1. For more information about this command, refer to Configuring the IS-IS Metric Style. The following table describes the correct value range for the isis metric command.
The default is Level 1-2 router. When the IS-type is Level 1-2, the software maintains two Link State databases, one for each level. To view the Link State databases, use the show isis database command. Dell#show isis database IS-IS Level-1 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL B233.00-00 0x00000003 0x07BF 1088 0/0/0 eljefe.00-00 * 0x00000009 0xF76A 1126 0/0/0 eljefe.01-00 * 0x00000001 0x68DF 1122 0/0/0 eljefe.02-00 * 0x00000001 0x2E7F 1113 0/0/0 Dell.
– level-1, level-1-2, or level-2: assign all redistributed routes to a level. The default is level-2. – metric-value the range is from 0 to 16777215. The default is 0. – metric-type: choose either external or internal. The default is internal. • – map-name: enter the name of a configured route map. Include specific OSPF routes in IS-IS.
To view the IS-IS configuration globally (including both IPv4 and IPv6 settings), use the show running-config isis command in EXEC Privilege mode. To view the current IPv4 IS-IS configuration, use the show config command in ROUTER ISIS mode. To view the current IPv6 IS-IS configuration, use the show config command in ROUTER ISIS-ADDRESS FAMILY IPV6 mode. Configuring Authentication Passwords You can assign an authentication password for routers in Level 1 and for routers in Level 2.
B233.00-00 0x00000003 0x07BF 1074 0/0/0 eljefe.00-00 * 0x0000000A 0xF963 1196 0/0/1 eljefe.01-00 * 0x00000001 0x68DF 1108 0/0/0 eljefe.02-00 * 0x00000001 0x2E7F 1099 0/0/0 Force10.00-00 0x00000002 0xD1A7 1088 0/0/0 IS-IS Level-2 Link State Database LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL B233.00-00 0x00000006 0xC38A 1110 0/0/0 eljefe.00-00 * 0x0000000E 0x53BF 1196 0/0/1 eljefe.01-00 * 0x00000001 0x68DF 1108 0/0/0 eljefe.02-00 * 0x00000001 0x2E7F 1099 0/0/0 Dell.
To disable a specific debug command, enter the keyword no then the debug command. For example, to disable debugging of IS-IS updates, use the no debug isis updates-packets command. To disable all IS-IS debugging, use the no debug isis command. To disable all debugging, use the undebug all command. IS-IS Metric Styles The following sections provide additional information about the IS-IS metric styles.
Table 43. Metric Value When the Metric Style Changes Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value wide narrow default value (10) if the original value is greater than 63. A message is sent to the console. wide transition truncated value (the truncated value appears in the LSP only). The original isis metric value is displayed in the show config and show runningconfig commands and is used if you change back to transition metric style.
Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value config commands and is used if you change back to transition metric style. Moving to transition and then to another metric style produces different results. Table 44.
Level-1 Metric Style Level-2 Metric Style Resulting Metric Value wide transition narrow transition truncated value wide transition transition truncated value Sample Configurations The following configurations are examples for enabling IPv6 IS-IS. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations. NOTE: Only one IS-IS process can run on the router, even if both IPv4 and IPv6 routing is being used.
IS-IS Sample Configuration — Congruent Topology The following is a sample configuration for enabling IPv6 IS-IS. Dell(conf-if-te-3/17)#show config ! interface TenGigabitEthernet 3/17 ip address 24.3.1.1/24 ipv6 address 24:3::1/76 ip router isis ipv6 router isis no shutdown Dell (conf-if-te-3/17)# Dell (conf-router_isis)#show config ! router isis metric-style wide level-1 metric-style wide level-2 net 34.0000.0000.AAAA.
31 Link Aggregation Control Protocol (LACP) A link aggregation group (LAG), referred to as a port channel by Dell Networking OS, provides both load-sharing and port redundancy across stack units. You can enable LAGs as static or dynamic. Introduction to Dynamic LAGs and LACP The unique benefit of a dynamic LAG is that its ports can toggle between participating in the LAG or acting as dedicated ports, whereas ports in a static LAG must be removed from the LAG in order to act alone.
LACP Modes Dell Networking OS provides three modes for configuration of LACP — Off, Active, and Passive. • Off — In this state, an interface is not capable of being part of a dynamic LAG. LACP does not run on any port that is configured to be in this state. • Active — In this state, the interface is said to be in the “active negotiating state.” LACP runs on any link that is configured to be in this state.
LACP Configuration Tasks The following are LACP configuration tasks. • Creating a LAG • Configuring the LAG Interfaces as Dynamic • Setting the LACP Long Timeout • Monitoring and Debugging LACP Creating a LAG To create a dynamic port channel (LAG), use the following command. First you define the LAG and then the LAG interfaces. • Create a dynamic port channel (LAG). CONFIGURATION mode • interface port-channel Create a dynamic port channel (LAG).
Dell(conf-if-te-4/16)#no shutdown Dell(conf-if-te-4/16)#port-channel-protocol lacp Dell(conf-if-te-4/16-lacp)#port-channel 32 mode active The port-channel 32 mode active command shown here may be successfully issued as long as there is no existing static channelmember configuration in LAG 32. Setting the LACP Long Timeout PDUs are exchanged between port channel (LAG) interfaces to maintain LACP sessions. PDUs are transmitted at either a slow or fast transmission rate, depending upon the LACP timeout value.
Shared LAG State Tracking Shared LAG state tracking provides the flexibility to bring down a port channel (LAG) based on the operational state of another LAG. At any time, only two LAGs can be a part of a group such that the fate (status) of one LAG depends on the other LAG. As shown in the following illustration, the line-rate traffic from R1 destined for R4 follows the lowest-cost route via R2. Traffic is equally distributed between LAGs 1 and 2.
As shown in the following illustration, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down after the failure. Message 1 logs this effect, in which a console message declares down both LAGs at the same time. Figure 65.
LACP Basic Configuration Example The screenshots in this section are based on the following example topology. Two routers are named ALPHA and BRAVO, and their hostname prompts reflect those names. Figure 66. LACP Basic Configuration Example Configure a LAG on ALPHA The following example creates a LAG on ALPHA.
0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics 136 packets, 16718 bytes, 0 underruns 0 64-byte pkts, 15 over 64-byte pkts, 121 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 136 Multicasts, 0 Broadcasts, 0 Unicasts 0 Vlans, 0 throttles, 0 discarded, 0 collisions, 0 wreddrops Rate info (interval 299 seconds): Input 00.00 Mbits/sec,0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec,0 packets/sec, 0.
Figure 68.
Figure 69.
Summary of the LAG Configuration on Bravo Bravo(conf-if-te-3/21)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config ! interface Port-channel 10 no ip address switchport no shutdown ! Bravo(conf-if-po-10)#exit Bravo(conf)#int tengig 3/21 Bravo(conf)#no ip address Bravo(conf)#no switchport Bravo(conf)#shutdown Bravo(conf-if-te-3/21)#port-channel-protocol lacp Bravo(conf-if-te-3/21-lacp)#port-channel 10 mode active Bravo(
Figure 70.
Figure 71.
Figure 72. Inspecting the LAG Status Using the show lacp command The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode. It was designed to carry IP traffic but is general enough to allow any type of network layer datagram to be sent over a PPP connection.
32 Layer 2 Layer 2 features are supported on Dell Networking OS. Manage the MAC Address Table Dell Networking OS provides the following management activities for the MAC address table. • Clearing the MAC Address Table • Setting the Aging Time for Dynamic Entries • Configuring a Static MAC Address • Displaying the MAC Address Table Clearing the MAC Address Table You may clear the MAC address table of dynamic entries. To clear a MAC address table, use the following command.
• Create a static MAC address entry in the MAC address table. CONFIGURATION mode mac-address-table static Displaying the MAC Address Table To display the MAC address table, use the following command. • Display the contents of the MAC address table. EXEC Privilege mode show mac-address-table [address | aging-time [vlan vlan-id]| count | dynamic | interface | static | vlan] – address: displays the specified entry. – aging-time: displays the configured aging-time.
mac learning-limit Dynamic The MAC address table is stored on the Layer 2 forwarding information base (FIB) region of the CAM. The Layer 2 FIB region allocates space for static MAC address entries and dynamic MAC address entries. When you enable MAC learning limit, entries created on this port are static by default. When you configure the dynamic option, learned MAC addresses are stored in the dynamic region and are subject to aging. Entries created before this option is set are not affected.
• Shut down the first port to learn the MAC address. INTERFACE mode station-move-violation shutdown-original • Shut down the second port to learn the MAC address. INTERFACE mode station-move-violation shutdown-offending • Shut down both the first and second port to learn the MAC address. INTERFACE mode station-move-violation shutdown-both • Display a list of all of the interfaces configured with MAC learning limit or station move violation.
Figure 73. Redundant NICs with NIC Teaming When you use NIC teaming, consider that the server MAC address is originally learned on Port 0/1 of the switch (shown in the following) and Port 0/5 is the failover port. When the NIC fails, the system automatically sends an ARP request for the gateway or host NIC to resolve the ARP and refresh the egress interface.
Configure Redundant Pairs Networks that employ switches that do not support the spanning tree protocol (STP) — for example, networks with digital subscriber line access multiplexers (DSLAM) — cannot have redundant links between switches because they create switching loops (as shown in the following illustration). The redundant pairs feature allows you to create redundant links in networks that do not use STP by configuring backup interfaces for the interfaces on either side of the primary link.
Dell Networking OS supports only Gigabit, 10 Gigabit, and 40-Gigabit ports and port channels as primary/backup interfaces in redundant pairs. (A port channel is also referred to as a link aggregation group (LAG). For more information, refer to Interfaces).
00:24:55: %STKUNIT0-M:CP %IFMGR-5-ACTIVE: Changed Vlan interface state to active: Vl 1 00:24:55: %STKUNIT0-M:CP %IFMGR-5-STATE_STBY_ACT: Changed interface state from standby to active: Te 3/42 Dell(conf-if-te-3/41)#do show ip int brief | find 3/41 TenGigabitEthernet 3/41 unassigned NO Manual administratively down down TenGigabitEthernet 3/42 unassigned YES Manual up up [output omitted] Example of Configuring Redundant Pairs on a Port-Channel on the S5000 Dell#show interfaces port-channel brief Codes: L - LA
Figure 76. Configuring Far-End Failure Detection The report consists of several packets in SNAP format that are sent to the nearest known MAC address. In the event of a far-end failure, the device stops receiving frames and, after the specified time interval, assumes that the far-end is not available. The connecting line protocol is brought down so that upper layer protocols can detect the neighbor unavailability faster. FEFD State Changes FEFD has two operational modes, Normal and Aggressive.
Table 46.
Example of the show fefd Command To display information about the state of each interface, use the show fefd command in EXEC privilege mode. Dell#show fefd FEFD is globally 'ON', interval is 3 seconds, mode is 'Normal'.
Dell(conf-if-te-1/1)#do show fefd | grep 1/1 Te 1/1 Normal 3 Unknown Debugging FEFD To debug FEFD, use the first command. To provide output for each packet transmission over the FEFD enabled connection, use the second command. • Display output whenever events occur that initiate or disrupt an FEFD enabled connection. EXEC Privilege mode debug fefd events • Provide output for each packet transmission over the FEFD enabled connection.
33 Link Layer Discovery Protocol (LLDP) Link Layer Discovery Protocol (LLDP) — defined by IEEE 802.1AB — is a protocol that enables a local area network (LAN) device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN infrastructure devices. 802.1AB (LLDP) Overview The collected information is stored in a management information base (MIB) on each device, and is accessible via simple network management protocol (SNMP).
Type TLV Description 2 Port ID An administratively assigned name that identifies a port through which TLVs are sent and received. 3 Time to Live An administratively assigned name that identifies a port through which TLVs are sent and received. — Optional Includes subtypes of TLVs that advertise specific configuration information. These subtypes are Management TLVs, IEEE 802.1, IEEE 802.3, and TIA-1057 Organizationally Specific TLVs. Figure 78.
IEEE Organizationally Specific TLVs The IEEE 802.1 and 802.3 working groups define eight TLV types as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Networking system to advertise any or all of these TLVs. Table 48. Optional TLV Types Type TLV Description 4 Port description A user-defined alphanumeric string that describes the port. Dell Networking OS does not currently support this TLV. 5 System name A user-defined alphanumeric string that identifies the system.
Type TLV Description 127 Link Aggregation Indicates whether the link is capable of being aggregated, whether it is currently in a LAG, and the port identification of the LAG. Dell Networking OS does not currently support this TLV. 127 Maximum Frame Size Indicates the maximum frame size capability of the MAC and PHY.
Type SubType TLV Description expressed in one of three possible formats: • • • 127 4 Inventory Management TLVs Implementation of this set of TLVs is optional in LLDP-MED devices. None or all TLVs must be supported. Dell Networking OS does not currently support these TLVs. 127 Coordinate Based LCI Civic Address LCI Emergency Call Services ELIN Location Identification Indicates power requirements, priority, and power status.
Figure 80. LLDP-MED Capabilities TLV Table 50. Dell Networking OS LLDP-MED Capabilities Bit Position TLV Dell Networking OS Support 0 LLDP-MED Capabilities Yes 1 Network Policy Yes 2 Location Identification Yes 3 Extended Power via MDI-PSE Yes 4 Extended Power via MDI-PD No 5 Inventory No 6–15 reserved No Table 51.
Table 52. Network Policy Applications Type Application Description 0 Reserved — 1 Voice Specify this application type for dedicated IP telephony handsets and other appliances supporting interactive voice services. 2 Voice Signaling Specify this application type only if voice control packets use a separate network policy than voice data.
Figure 82. Extended Power via MDI TLV Configure LLDP Configuring LLDP is a two-step process. 1. Enable LLDP globally. 2. Advertise TLVs out of an interface. Related Configuration Tasks • Viewing the LLDP Configuration • Viewing Information Advertised by Adjacent LLDP Agents • Configuring LLDPDU Intervals • Configuring Transmit and Receive Mode • Configuring a Time to Live • Debugging LLDP Important Points to Remember • LLDP is enabled by default.
no show Negate a command or set its defaults Show LLDP configuration Dell(conf-lldp)#exit Dell(conf)#interface tengigabitethernet 0/3 Dell(conf-if-te-0/3)#protocol lldp Dell(conf-if-te-0/3-lldp)#? advertise Advertise TLVs disable Disable LLDP protocol on this interface end Exit from configuration mode exit Exit from LLDP configuration mode hello LLDP hello configuration mode LLDP mode configuration (default = rx and tx) multiplier LLDP multiplier configuration no Negate a command or set its defaults show
Disabling and Undoing LLDP on Management Ports To disable or undo LLDP on management ports, use the following command. 1. Enter Protocol LLDP mode. CONFIGURATION mode. protocol lldp 2. Enter LLDP management-interface mode. LLDP-MANAGEMENT-INTERFACE mode. management-interface 3. Enter the disable command. LLDP-MANAGEMENT-INTERFACE mode. To undo an LLDP management port configuration, precede the relevant command with the keyword no.
– voice-signaling In the following example, LLDP is enabled globally. R1 and R2 are transmitting periodic LLDPDUs that contain management, 802.1, and 802.3 TLVs. Figure 83. Configuring LLDP Viewing the LLDP Configuration To view the LLDP configuration, use the following command. • Display the LLDP configuration.
Viewing Information Advertised by Adjacent LLDP Agents To view brief information about adjacent devices or to view all the information that neighbors are advertising, use the following commands. • Display brief information about adjacent devices. show lldp neighbors • Display all of the information that neighbors are advertising.
hello Example of Viewing LLDPDU Intervals R1(conf)#protocol lldp R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#mode ? rx Rx only tx Tx only R1(conf-lldp)#mode tx R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities sy
tx Tx only R1(conf-lldp)#mode tx R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description mode tx no disable R1(conf-lldp)#no mode R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)# Configuring a Time to L
Debugging LLDP You can view the TLVs that your system is sending and receiving. To view the TLVs, use the following commands. • View a readable version of the TLVs. debug lldp brief • View a readable version of the TLVs plus a hexadecimal version of the entire LLDPDU. debug lldp detail Figure 84. The debug lldp detail Command — LLDPDU Packet Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802.1AB MIB objects.
Table 53. LLDP Configuration MIB Objects MIB Object Category LLDP Variable LLDP MIB Object Description LLDP Configuration adminStatus lldpPortConfigAdminStatus Whether you enable the local LLDP agent for transmit, receive, or both. msgTxHold lldpMessageTxHoldMultiplier Multiplier value. msgTxInterval lldpMessageTxInterval Transmit Interval value. rxInfoTTL lldpRxInfoTTL Time to live for received TLVs. txInfoTTL lldpTxInfoTTL Time to live for transmitted TLVs.
TLV Type TLV Name TLV Variable System LLDP MIB Object 4 Port Description port description Local lldpLocPortDesc Remote lldpRemPortDesc Local lldpLocSysName Remote lldpRemSysName Local lldpLocSysDesc Remote lldpRemSysDesc Local lldpLocSysCapSupported Remote lldpRemSysCapSupported Local lldpLocSysCapEnabled Remote lldpRemSysCapEnabled Local lldpLocManAddrLen Remote lldpRemManAddrLen Local lldpLocManAddrSubtype Remote lldpRemManAddrSubtype Local lldpLocManAddr Remote lldp
TLV Type 127 TLV Name VLAN Name TLV Variable System LLDP MIB Object PPVID Local lldpXdot1LocProtoVlanId Remote lldpXdot1RemProtoVlanId Local lldpXdot1LocVlanId Remote lldpXdot1RemVlanId Local lldpXdot1LocVlanName Remote lldpXdot1RemVlanName Local lldpXdot1LocVlanName Remote lldpXdot1RemVlanName VID VLAN name length VLAN name Table 56.
TLV Sub-Type TLV Name TLV Variable DSCP Value 3 Location Identifier Location Data Format Location ID Data 4 Extended Power via MDI Power Device Type Power Source System LLDP-MED MIB Object Remote lldpXMedRemMediaPolicy Priority Local lldpXMedLocMediaPolicy Dscp Remote lldpXMedRemMediaPolicy Dscp Local lldpXMedLocLocationSubt ype Remote lldpXMedRemLocationSub type Local lldpXMedLocLocationInfo Remote lldpXMedRemLocationInfo Local lldpXMedLocXPoEDevice Type Remote lldpXMedRemXPo
34 Microsoft Network Load Balancing Network load balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems (OSs). NLB uses a distributed methodology or pattern to equally split and balance the network traffic load across a set of servers that are part of the cluster or group.
In Multicast NLB mode, configure a static ARP configuration command to associate the cluster IP address with a multicast cluster MAC address.
Configuring a Switch for NLB To enable a switch for Unicast NLB mode, perform the following steps: Enter the ip vlan-flooding command to specify that all Layer 3 unicast routed data traffic going through a VLAN member port floods across all the member ports of that VLAN. CONFIGURATION mode ip vlan-flooding There might be some ARP table entries that are resolved through ARP packets, which had the Ethernet MAC SA different from the MAC information inside the ARP packet.
35 Multicast Source Discovery Protocol (MSDP) Multicast Source Discovery Protocol (MSDP) is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context of MSDP is a contiguous set of routers operating PIM within a common boundary defined by an exterior gateway protocol, such as border gateway protocol (BGP). Protocol Overview Each rendezvous point (RP) peers with every other RP via the transmission control protocol (TCP).
Figure 86. MSDP SA Message Format Anycast RP Using MSDP, anycast RP provides load sharing and redundancy in PIM-SM networks. Anycast RP allows two or more rendezvous points (RPs) to share the load for source registration and the ability to act as hot backup routers for each other. Anycast RP allows you to configure two or more RPs with the same IP address on Loopback interfaces. The Anycast RP Loopback addresses are configured with a 32-bit mask, making it a host address.
3. Enable MSDP. 4. Peer the RPs in each routing domain with each other. Refer to Enable MSDP. Related Configuration Tasks The following lists related MSDP configuration tasks.
Figure 87.
Figure 88.
Figure 89.
Figure 90. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. 1. Enable MSDP. CONFIGURATION mode ip multicast-msdp 2. Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source Examples of Configuring and Viewing MSDP Dell(conf)#ip multicast-msdp Dell(conf)#ip msdp peer 192.168.0.
To view details about a peer, use the show ip msdp peer command in EXEC privilege mode. Multicast sources in remote domains are stored on the RP in the source-active cache (SA cache). The system does not create entries in the multicast routing table until there is a local receiver for the corresponding multicast group. R3_E600#show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 192.168.0.
Clearing the Source-Active Cache To clear the source-active cache, use the following command. • Clear the source-active cache of all, local, or rejected entries, or entries for a specific group. CONFIGURATION mode clear ip msdp sa-cache [group-address | local | rejected-sa] Enabling the Rejected Source-Active Cache To cache rejected sources, use the following command.
Figure 91.
Figure 92.
Figure 93.
Figure 94. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command. • Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check. CONFIGURATION mode ip msdp default-peer ip-address list If you do not specify an access list, the peer accepts all sources that peer advertises. All sources from RPs that the ACL denies are subject to the normal RPF check.
229.0.50.2 229.0.50.3 229.0.50.4 24.0.50.2 24.0.50.3 24.0.50.4 200.0.0.50 200.0.0.50 200.0.0.50 10.0.50.2 10.0.50.2 10.0.50.2 Dell#ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 3 rejected SAs received, cache-size 32766 UpTime GroupAddr SourceAddr RPAddr 00:33:18 229.0.50.64 24.0.50.64 200.0.1.50 00:33:18 229.0.50.65 24.0.50.65 200.0.1.50 00:33:18 229.0.50.66 24.0.50.66 200.0.1.50 73 73 73 00:13:49 00:13:49 00:13:49 LearnedFrom 10.0.50.2 10.0.50.2 10.0.50.
R1_E600(conf)#do show ip msdp sa-cache R1_E600(conf)#do show ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 1 rejected SAs received, cache-size 1000 UpTime GroupAddr SourceAddr RPAddr LearnedFrom 00:02:20 239.0.0.1 10.11.4.2 192.168.0.1 local Reason Redistribute Preventing MSDP from Caching a Remote Source To prevent MSDP from caching a remote source, use the following commands. 1. OPTIONAL: Cache sources that the SA filter denies in the rejected SA cache.
Example of Verifying that the System is not Advertising Local Sources In the following example, R1 stops advertising source 10.11.4.2. Because it is already in the SA cache of R3, the entry remains there until it expires. [Router 1] R1_E600(conf)#do show run msdp ! ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 0 ip msdp sa-filter out 192.168.0.3 list mylocalfilter R1_E600(conf)#do show run acl ! ip access-list extended mylocalfilter seq 5 deny ip host 239.0.0.1 host 10.11.4.
SAs learned from this peer: 0 SA Filtering: Input (S,G) filter: myremotefilter Output (S,G) filter: none [Router 1] R1_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.3 Local Addr: 0.0.0.0(0) Connect Source: Lo 0 State: Inactive Up/Down Time: 00:00:03 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 0/0 SAs learned from this peer: 0 SA Filtering: Clearing Peer Statistics To clear the peer statistics, use the following command.
03:16:09 : MSDP-0: Peer 192.168.0.3, 03:16:27 : MSDP-0: Peer 192.168.0.3, 03:16:38 : MSDP-0: Peer 192.168.0.3, 03:16:39 : MSDP-0: Peer 192.168.0.3, 03:17:09 : MSDP-0: Peer 192.168.0.3, 03:17:10 : MSDP-0: Peer 192.168.0.3, 03:17:27 : MSDP-0: Peer 192.168.0.
CONFIGURATION mode ip msdp originator-id Examples of R1, R2, and R3 Configuration for MSDP with Anycast RP The following example shows an R1 configuration for MSDP with Anycast RP. ip multicast-routing ! interface TenGigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown ! interface TenGigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface TenGigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.
! interface Loopback 1 ip address 192.168.0.22/32 no shutdown ! router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.22/32 area 0 redistribute static redistribute connected redistribute bgp 100 ! router bgp 100 redistribute ospf 1 neighbor 192.168.0.3 remote-as 200 neighbor 192.168.0.3 ebgp-multihop 255 neighbor 192.168.0.3 no shutdown ! ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 1 ip msdp peer 192.168.0.
! ip pim rp-address 192.168.0.3 group-address 224.0.0.0/4 ip multicast-routing ! interface GigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown interface GigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown ! router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.
interface TenGigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! router ospf 1 network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 192.168.0.1/32 area 0 network 10.11.3.0/24 area 0 ! ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 0 ! ip pim rp-address 192.168.0.1 group-address 224.0.0.
interface TenGigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown ! interface ManagementEthernet 0/0 ip address 10.11.80.3/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown ! router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.3/32 area 0 redistribute static redistribute connected redistribute bgp 200 ! router bgp 200 redistribute ospf 1 neighbor 192.168.0.2 remote-as 100 neighbor 192.168.0.2 ebgp-multihop 255 neighbor 192.168.0.
36 Multiple Spanning Tree Protocol (MSTP) MSTP — specified in IEEE 802.1Q-2003 — is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves on per-VLAN spanning tree plus (PVST+). MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances. Protocol Overview In contrast, PVST+ allows a spanning tree instance for each VLAN.
Related Configuration Tasks The following are the related configuration tasks for MSTP.
To remove an interface from the MSTP topology, use the no spanning-tree 0 command. Creating Multiple Spanning Tree Instances To create multiple spanning tree instances, use the following command. A single MSTI provides no more benefit than RSTP. To take full advantage of MSTP, create multiple MSTIs and map VLANs to them. • Create an MSTI. PROTOCOL MSTP mode msti Specify the keyword vlan then the VLANs that you want to participate in the MSTI.
Designated bridge has priority 32768, address 0001.e809.c24a Designated port id is 128.384, designated path cost 20000 Number of transitions to forwarding state 1 BPDU (MRecords): sent 39291, received 7547 The port is not in the Edge port mode Influencing MSTP Root Selection MSTP determines the root bridge, but you can assign one bridge a lower priority to increase the probability that it becomes the root bridge. To change the bridge priority, use the following command.
Modifying Global Parameters The root bridge sets the values for forward-delay, hello-time, max-age, and max-hops and overwrites the values set on other MSTP bridges. • Forward-delay — the amount of time an interface waits in the Listening state and the Learning state before it transitions to the Forwarding state. • Hello-time — the time interval in which the bridge sends MSTP bridge protocol data units (BPDUs).
Dell(conf-mstp)#forward-delay 16 Dell(conf-mstp)#exit Dell(conf)#do show running-config spanning-tree mstp ! protocol spanning-tree mstp no disable name my-mstp-region MSTI 1 VLAN 100 MSTI 2 VLAN 200-300 forward-delay 16 MSTI 2 bridge-priority 4096 Dell(conf)# Modifying the Interface Parameters You can adjust two interface parameters to increase or decrease the probability that a port becomes a forwarding port. • Port cost is a value that is based on the interface type.
Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner. In this mode, an interface forwards frames by default until it receives a BPDU that indicates that it should behave otherwise; it does not go through the Learning and Listening states. The bpduguard shutdown-on-violation option causes the interface hardware to shut down when it receives a BPDU.
• Configure a hello time on the order of milliseconds. PROTOCOL RSTP mode hello-time milli-second interval The range is from 50 to 950 milliseconds. Example of Verifying Hello-Time Interval Dell(conf-rstp)#do show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 0001.e811.2233 Root Bridge hello time 50 ms, max age 20, forward delay 15 Bridge ID Priority 0, Address 0001.e811.
Router 1 Running-Configuration This example uses the following steps: 1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2. Assign Layer-2 interfaces to the MSTP topology. 3. Create VLANs mapped to MSTP instances tag interfaces to the VLANs.
no ip address switchport no shutdown ! (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 2/11,31 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 2/11,31 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 2/11,31 no shutdown Router 3 Running-Configuration This example uses the following steps: 1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2. Assign Layer-2 interfaces to the MSTP topology. 3.
1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2. Assign Layer-2 interfaces to the MSTP topology. 3. Create VLANs mapped to MSTP instances tag interfaces to the VLANs.
To monitor and verify that the MSTP configuration is connected and communicating as desired, use the debug spanning-tree mstp bpdu command. Key items to look for in the debug report include: • MSTP flags indicate communication received from the same region. – As shown in the following, the MSTP routers are located in the same region. – Does the debug log indicate that packets are coming from a “Different Region”? If so, one of the key parameters is not matching. • MSTP Region Name and Revision.
The following example shows viewing the debug log of an unsuccessful MSTP configuration. 4w0d4h : MSTP: Received BPDU on Gi 2/21 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x78Different Region (Indicates MSTP routers are in different regions and are not communicating with each other.) CIST Root Bridge Id: 32768:0001.e806.953e, Ext Path Cost: 0 Regional Bridge Id: 32768:0001.e806.
37 Multicast Features The Dell Networking operating system (OS) supports the following multicast protocols. • PIM Sparse-Mode (PIM-SM) • Internet Group Management Protocol (IGMP) • Multicast Source Discovery Protocol (MSDP) Enabling IP Multicast Enabling IP Multicast is supported on the S5000 switch. Prior to enabling any multicast protocols, you must enable multicast routing. • Enable multicast routing.
First Packet Forwarding for Lossless Multicast All initial multicast packets are forwarded to receivers to achieve lossless multicast. In previous versions, when the Dell Networking system is an RP, all initial packets are dropped until PIM creates an (S,G) entry. When the system is an RP and a Source DR, these initial packet drops represent a loss of native data, and when the system is an RP only, the initial packets drops represent a loss of register packets.
NOTE: The IN-L3-McastFib CAM partition is used to store multicast routes and is a separate hardware limit that exists per port-pipe. Any software-configured limit may supersede by this hardware space limitation. The opposite is also true, the CAM partition might not be exhausted at the time the system-wide route limit the ip multicast-limit command sets is reached. Preventing a Host from Joining a Group You can prevent a host from joining a particular group by blocking specific IGMP reports.
Figure 97. Preventing a Host from Joining a Group Table 58. Preventing a Host from Joining a Group — Description Location Description 1/21 • • • • Interface TenGigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.12.1/24 no shutdown 1/31 • • • • Interface TenGigabitEthernet 1/31 ip pim sparse-mode ip address 10.11.13.1/24 no shutdown 2/1 • • • Interface TenGigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.1.
Location Description • no shutdown 2/11 • • • • Interface TenGigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.12.2/24 no shutdown 2/31 • • • • Interface TenGigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.23.1/24 no shutdown 3/1 • • • • Interface TenGigabitEthernet 3/1 ip pim sparse-mode ip address 10.11.5.1/24 no shutdown 3/11 • • • • Interface TenGigabitEthernet 3/11 ip pim sparse-mode ip address 10.11.13.
Preventing a Source from Registering with the RP To prevent the PIM source DR from sending register packets to RP for the specified multicast source and group, use the following command. If the source DR never sends register packets to the RP, no hosts can ever discover the source and create a shortest path tree (SPT) to it. • Prevent a source from transmitting to a particular group.
Table 59. Preventing a Source from Transmitting to a Group — Description Location Description 1/21 • • • • Interface GigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.12.1/24 no shutdown 1/31 • • • • Interface GigabitEthernet 1/31 ip pim sparse-mode ip address 10.11.13.1/24 no shutdown 2/1 • • • • Interface GigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.1.1/24 no shutdown 2/11 • • • • Interface GigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.12.
Location Description • no shutdown Preventing a PIM Router from Processing a Join To permit or deny PIM Join/Prune messages on an interface using an extended IP access list, use the following command. NOTE: Dell Networking recommends not using the ip pim join-filter command on an interface between a source and the RP router.
38 NPIV Proxy Gateway The N-port identifier virtualization (NPIV) proxy gateway (NPG) provides FCoE-FC bridging capability on the S5000 switch. This chapter describes how to configure and use an NPIV proxy gateway on an S5000 switch in a storage area network (SAN).
Figure 99. NPIV Proxy Gateway Example An S5000 FC port is configured as an N (node) port that logs in to an F (fabric) port on the upstream FC core switch and creates a channel for N-port identifier virtualization. NPIV allows multiple N-port fabric logins at the same time on a single, physical Fibre Channel link. Converged Network Adapter (CNA) ports on servers connect to S5000 Ten-Gigabit Ethernet ports and log in to an upstream FC core switch through the S5000 N port.
• When you apply the FCoE map to a server-facing Ethernet port in ENode mode, ACLs are automatically configured to allow only FCoE traffic from servers that perform a successful FLOGI on the FC switch. All other traffic on the VLAN is denied. You can specify one or more upstream N ports in an FCoE map. The FCoE map also contains the VLAN ID of the dedicated VLAN used to transmit FCoE traffic between the SAN fabric and servers.
Term Description FCF Fibre Channel forwarder: FCoE-enabled switch that can forward FC traffic to both downstream FCoE and upstream FC devices. An NPIV proxy gateway functions as an FCF to export upstream F port configurations to downstream server CNA ports. FC-MAP FCoE MAC-address prefix — The unique 24-bit MAC address prefix in FCoE packets used to generate a fabric-provided MAC address (FPMA). The FPMA is required to send FCoE packets from a server to a SAN fabric.
• FIP keepalive (FKA) advertisement timeout. NOTE: In each FCoE map, the fabric ID, FC-MAP value, and FCoE VLAN must be unique. To access one SAN fabric, use one FCoE map. You cannot use the same FCoE map to access different fabrics. When you configure an S5000 as an NPG, FCoE transit with FIP snooping is automatically enabled and configured using the parameters in the FCoE map applied to server-facing Ethernet and fabric-facing FC interfaces (refer to FIP Snooping on an NPIV Proxy Gateway).
DCB MAP mode priority-group group_num {bandwidth percentage | strict-priority} pfc {on | off} The sum of all allocated bandwidth percentages must be 100%. Strict-priority traffic is serviced first. Afterward, bandwidth allocated to other priority groups is made available and allocated according to the specified percentages. If a priority group does not use its allocated bandwidth, the unused bandwidth is made available to other priority groups.
NOTE: You cannot apply a DCB map on a port channel. However, you can apply a DCB map on the ports that are members of the port channel. 2. Apply the DCB map on an Ethernet port or port channel. INTERFACE mode dcb-map name The port is configured with the PFC and ETS settings in the DCB map. For example: Dell# interface tengigabitEthernet 0/0 Dell(config-if-te-0/0)# dcb-map SAN_DCB1 To apply a DCB map to more than one port or port channel, repeat this step.
Applying an FCoE Map on Server-Facing Ethernet Ports You can apply multiple FCoE maps on an Ethernet port or port channel. When you apply an FCoE map on a server-facing port or port channel: • The port is configured to operate in hybrid mode (accept both tagged and untagged VLAN frames). • The associated FCoE VLAN is enabled on the port or port channel. When you enable a server-facing Ethernet port, the servers respond to the FIP advertisements by performing FLOGIs on upstream virtualized FCF ports.
fabric map-name Repeat this step to apply an FCoE map to more than one FC port. For example: Dell# interface fi 0/0 Dell(config-if-fc-0/0)# fabric SAN_FABRIC_A 3. Enable the port for FC transmission.
Enable an Upstream FC Port Dell(config)# interface fibrechannel 0/0 Dell(config-if-fc-0)# no shutdown Enable a Downstream Ethernet Port Dell(config)#interface tengigabitEthernet 0/0 Dell(conf-if-te-0)# no shutdown Enable a Downstream Port Channel Dell(config)# interface port-channel 0/3 Dell(config-po-3)# no shutdown Display NPIV Proxy Gateway Information To display information on NPG operation, use the following show commands.
Te 1/20 Te 1/21 Down Down Auto Auto Auto Auto --- The following lists the show interfaces status command example field descriptions. Field Description Port Server-facing 10GbE Ethernet (Te), 40GbE Ethernet (Fo), or fabric-facing Fibre Channel (Fc) port with slot/ port information. Description Text description of port. Status Operational status of port: • Ethernet ports — up (transmitting FCoE and LAN storage traffic) or down (not transmitting traffic).
Field Description FC-MAP FCoE MAC-address prefix value — The unique 24-bit MAC address prefix that identifies a fabric. FKA-ADV-period Time interval (in seconds) used to transmit FIP keepalive advertisements. FCF Priority The priority a server uses to select an upstream FCoE forwarder.
The following lists the show npiv devices brief command example field descriptions. Field Description Total NPIV Devices Number of downstream ENodes connected to a fabric over the NPIV proxy gateway. ENode-Intf Ethernet interface (slot/port) to which a server CNA is connected. ENode-WWPN Worldwide port name (WWPN) of a server CNA port. FCoE-Vlan VLAN ID of the dedicated VLAN used to transmit FCoE traffic to and from the fabric.
Field Description FCF MAC Fibre Channel forwarder MAC: MAC address of FCF interface. Fabric Intf Fabric-facing Fibre Channel port (slot/port) on which FCoE traffic is transmitted to the specified fabric. FCoE VLAN ID of the dedicated VLAN used to transmit FCoE traffic from a server CNA to a fabric and configured on both the server-facing port and server CNA port. Fabric Map Name of the FCoE map containing the FCoE/FC configuration parameters for the server CNA-fabric connection.
Field Description • Active — Transmitting traffic. • Inactive — Not transmitting traffic. Description Text description of VLAN. Fabric SAN fabric to which Fibre Channel traffic is sent. Q Ports Ports and port channels that are members of the VLAN.
39 Object Tracking IPv4 or IPv6 object tracking is available on Dell Networking OS. Object tracking allows the Dell Networking OS client processes, such as virtual router redundancy protocol (VRRP), to monitor tracked objects (for example, interface or link status) and take appropriate action when the state of an object changes. NOTE: In Dell Networking OS release version 8.4.1.0, object tracking is supported only on VRRP.
Figure 100. Object Tracking Example When you configure a tracked object, such as an IPv4/IPv6 a route or interface, you specify an object number to identify the object. Optionally, you can also specify: • UP and DOWN thresholds used to report changes in a route metric. • A time delay before changes in a tracked object’s state are reported to a client. Track Layer 2 Interfaces You can create an object to track the line-protocol state of a Layer 2 interface.
A tracked route matches a route in the routing table only if the exact address and prefix length match an entry in the routing table. For example, when configured as a tracked route, 10.0.0.0/24 does not match the routing table entry 10.0.0.0/8. If no route-table entry has the exact address and prefix length, the tracked route is considered to be DOWN.
If you do not configure a delay, a notification is sent when a change in the state of a tracked object is detected. The time delay in communicating a state change is specified in seconds. VRRP Object Tracking As a client, VRRP can track up to 20 objects (including route entries, and Layer 2 and Layer 3 interfaces) in addition to the 12 tracked interfaces supported for each VRRP group. You can assign a unique priority-cost value from 1 to 254 to each tracked VRRP object or group interface.
3. (Optional) Identify the tracked object with a text description. OBJECT TRACKING mode description text The text string can be up to 80 characters. 4. (Optional) Display the tracking configuration and the tracked object’s status.
Valid delay times are from 0 to 180 seconds. The default is 0. 3. (Optional) Identify the tracked object with a text description. OBJECT TRACKING mode description text The text string can be up to 80 characters. 4. (Optional) Display the tracking configuration and the tracked object’s status.
cache ages out for a route tracked for its reachability, an attempt is made to regenerate the ARP cache entry to see if the nexthop address appears before considering the route DOWN. • By comparing the threshold for a route’s metric with current entries in the route table. The UP/DOWN state of the tracked route is determined by the threshold for the current value of the route metric in the routing table.
3. (Optional) Identify the tracked object with a text description. OBJECT TRACKING mode description text The text string can be up to 80 characters. 4. (Optional) Display the tracking configuration and the tracked object’s status. EXEC Privilege mode show track object-id Examples of IPv4 and IPv6 Tracking Route Reachability Examples of IPv4 and IPv6 Tracking Route Reachability The following example configures object tracking on the reachability of an IPv4 route: Dell(conf)#track 104 ip route 10.0.0.
track object-id {ip route ip-address/prefix-len | ipv6 route ipv6-address/prefix-len} metric threshold [vrf vrf-name] Valid object IDs are from 1 to 65535. Enter an IPv4 address in dotted decimal format. Valid IPv4 prefix lengths are from /0 to /32. Enter an IPv6 address in X:X:X:X::X format. Valid IPv6 prefix lengths are from /0 to /128. (Optional) E-Series only: For an IPv4 route, you can enter a VRF name. 3.
Displaying Tracked Objects To display the currently configured objects used to track Layer 2 and Layer 3 interfaces, and IPv4 and IPv6 routes, use the following show commands. To display the configuration and status of currently tracked Layer 2 or Layer 3 interfaces, IPv4 or IPv6 routes, or a VRF instance, use the show track command. You can also display the currently configured per-protocol resolution values used to scale route metrics when tracking metric thresholds.
IPv6 Route Resolution ISIS 1 Example of the show track vrf Command Dell#show track vrf red Track 5 IP route 192.168.0.0/24 reachability, Vrf: red Reachability is Up (CONNECTED) 3 changes, last change 00:02:39 First-hop interface is TenGigabitEthernet 1/4 Example of Viewing Object Tracking Configuration Dell#show running-config track track 1 ip route 23.0.0.
40 Open Shortest Path First (OSPFv2) Open Shortest Path First (OSPFv2) is supported on Dell Networking OS. OSPF protocol standards are listed in the Standards Compliance chapter. Protocol Overview OSPF routing is a link-state routing protocol that calls for the sending of link-state advertisements (LSAs) to all other routers within the same autonomous system (AS) areas. Information on attached interfaces, metrics used, and other variables is included in OSPF LSAs.
Figure 101. Autonomous System Areas Area Types The backbone of the network is Area 0. It is also called Area 0.0.0.0 and is the core of any AS. All other areas must connect to Area 0. Areas can be defined in such a way that the backbone is not contiguous. In this case, backbone connectivity must be restored through virtual links. Virtual links are configured between any backbone routers that share a link to a non-backbone area and function as if they were direct links.
Networks and Neighbors As a link-state protocol, OSPF sends routing information to other OSPF routers concerning the state of the links between them. The state (up or down) of those links is important. Routers that share a link become neighbors on that segment. OSPF uses the Hello protocol as a neighbor discovery and keep alive mechanism. After two routers are neighbors, they may proceed to exchange and synchronize their databases, which creates an adjacency.
Figure 102. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example. Area Border Router (ABR) Within an AS, an area border router (ABR) connects one or more areas to the backbone.
Autonomous System Border Router (ASBR) The autonomous system border area router (ASBR) connects to more than one AS and exchanges information with the routers in other ASs. Generally, the ASBR connects to a non-interior gate protocol (IGP) such as BGP or uses static routes. Internal Router (IR) The internal router (IR) has adjacencies with ONLY routers in the same area, as Router E, M, and I shown in the previous example.
• 1: point-to-point connection to another router/neighboring router. • 2: connection to a transit network IP address of the DR. • 3: connection to a stub network IP network/subnet number. • 4: virtual link neighboring router ID. LSA Throttling LSA throttling provides configurable interval timers to improve OSPF convergence times.
Figure 103. Priority and Cost Examples Implementing OSPF with Dell Networking OS Dell Networking OS supports up to 10,000 OSPF routes. Within that 10,000, you can designate up to 8,000 routes as external and up to 2,000 as inter/intra area routes. The S5000 supports up to 16 processes simultaneously.
NOTE: The faster the convergence, the more frequent the route calculations and updates. This impacts CPU utilization and may impact adjacency stability in larger topologies. Multi-Process OSPFv2 (IPv4 only) Multi-Process OSPF is supported on the S5000 switch for OSPFv2 with IPv4 only. Multi-process OSPF allows multiple OSPFv2 processes on a single router.
Supports only single TOS (TOS0) routes It is an Autonomous System Boundary Router It is Flooding according to RFC 2328 SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Number of area in this router is 1, normal 0 stub 0 nssa 1 --More-- OSPF ACK Packing The OSPF ACK packing feature bundles multiple LS acknowledgements in a single packet, significantly reducing the number of ACK packets transmitted when the number of LSAs increases.
NOTE: By default, OSPF is disabled. Configuration Task List for OSPFv2 (OSPF for IPv4) The following configuration tasks include two mandatory tasks and several optional tasks.
The OSPF process ID is the identifying number assigned to the OSPF process. The router ID is the IP address associated with the OSPF process. After the OSPF process and the VRF are tied together, the OSPF process ID cannot be used again in the system.
Dell(conf-router_ospf-1)# Dell# Dell Networking recommends using the interface IP addresses for the OSPFv2 router ID for easier management and troubleshooting. To view the configuration, use the show config command in CONFIGURATION ROUTER OSPF mode. OSPF, by default, sends hello packets out to all physical interfaces assigned an IP address that is a subset of a network on which OSPF is enabled. To view currently active interfaces and the areas assigned to them, use the show ip ospf interface command.
CONFIGURATION mode ipv6 router ospf {process ID} vrf {vrf-name} • The process ID range is from 0 to 65535. Assign the router ID for this OSPFv3 process. CONF-IPV6-ROUTER-OSPF mode router-id {number} – number: the IPv4 address. The format is A.B.C.D. NOTE: Enter the router-id for an OSPFv3 router as an IPv4 IP address. • Disable OSPF. CONFIGURATION mode no ipv6 router ospf process-id vrf {vrf-name} • Reset the OSPFv3 process.
Example of the show ip ospf database database-summary Command To view which LSAs are transmitted, use the show ip ospf database process-id database-summary command in EXEC Privilege mode. Dell#show ip ospf 34 database database-summary OSPF Router with ID (10.1.2.100) (Process ID 34) Area 2.2.2.2 3.3.3.3 Dell# ID Router Network S-Net S-ASBR Type-7 Subtotal 1 0 0 0 0 1 1 0 0 0 0 1 To view information on areas, use the show ip ospf process-id command in EXEC Privilege mode.
– For a port channel, enter the keywords port-channel then a number from 1 to 255. – For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information (for example, passive-interface ten 2/3). – For a VLAN, enter the keyword vlan then a number from 1 to 4094 (for example, passive-interface vlan 2222). The keyword default sets all interfaces on this OSPF process as passive.
NOTE: A higher convergence level can result in occasional loss of OSPF adjacency. Generally, convergence level 1 meets most convergence requirements. Only select higher convergence levels following consultation with Dell Technical Support. Examples of the fast-converge Command In the following examples, Convergence Level shows the fast-converge parameter setting and Min LSA origination shows the LSA parameters (shown in bold).
– seconds: the range is from 1 to 65535 (the default is 10 seconds). • The hello interval must be the same on all routers in the OSPF network. Use the MD5 algorithm to produce a message digest or key, which is sent instead of the key. CONFIG-INTERFACE mode ip ospf message-digest-key keyid md5 key – keyid: the range is from 1 to 255. – Key: a character string. NOTE: Be sure to write down or otherwise record the key. You cannot learn the key after it is configured.
Backup Designated Router (ID) 10.1.2.100, Interface address 0.0.0.0 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:06 Neighbor Count is 0, Adjacent neighbor count is 0 Dell# Enabling OSPFv2 Authentication To enable or change various OSPF authentication parameters, use the following commands. • Set a clear text authentication scheme on the interface.
– router ID: IP address associated with the virtual link neighbor. – hello interval seconds: the range is from 1 to 8192 (the default is 10). – retransmit interval seconds: the range is from 1 to 3600 (the default is 5). – transmit delay seconds: the range is from 1 to 3600 (the default is 1). – dead interval seconds: the range is from 1 to 8192 (the default is 40). – authentication key: eight characters. – message digest key keyid: the range is from 1 to 255. – md5 key: 16 characters.
To redistribute routes, use the following command. • Specify which routes are redistributed into OSPF process. CONFIG-ROUTEROSPF-id mode redistribute {bgp | connected | isis | rip | static} [metric metric-value | metric-type type-value] [route-map map-name] [tag tag-value] Configure the following required and optional parameters: – bgp, connected, isis, rip, static: enter one of the keywords to redistribute those routes. – metric metric-value: the range is from 0 to 4294967295.
• View the summary information of the IP routes. EXEC Privilege mode show ip route summary • View the summary information for the OSPF database. EXEC Privilege mode show ip ospf database • View the configuration of OSPF neighbors connected to the local router. EXEC Privilege mode show ip ospf neighbor • View the LSAs currently in the queue. EXEC Privilege mode show ip ospf timers rate-limit • View debug messages.
Sample Configurations for OSPFv2 The following configurations are examples for enabling OSPFv2. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations. You can copy and paste from these examples to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes. Basic OSPFv2 Router Topology The following illustration is a sample basic OSPFv2 topology. Figure 104.
ip address 10.1.13.3/24 no shutdown ! interface TenGigabitEthernet 3/2 ip address 10.2.13.3/24 no shutdown OSPF Area 0 — Gl 2/1 and 2/2 router ospf 22222 network 192.168.100.0/24 area 0 network 10.2.21.0/24 area 0 network 10.2.22.0/24 area 0 ! interface Loopback 20 ip address 192.168.100.20/24 no shutdown ! interface TenGigabitEthernet 2/1 ip address 10.2.21.2/24 no shutdown ! interface TenGigabitEthernet 2/2 ip address 10.2.22.
timers spf 2 5 Dell(conf-ipv6-router_ospf)# Dell(conf-ipv6-router_ospf)#end Dell# Enabling IPv6 Unicast Routing To enable IPv6 unicast routing, use the following command. • Enable IPv6 unicast routing globally. CONFIGURATION mode ipv6 unicast routing Assigning IPv6 Addresses on an Interface To assign IPv6 addresses to an interface, use the following commands. 1. Assign an IPv6 address to the interface.
router-id {number} – number: the IPv4 address. The format is A.B.C.D. NOTE: Enter the router-id for an OSPFv3 router as an IPv4 IP address. • Disable OSPF. CONFIGURATION mode no ipv6 router ospf process-id • Reset the OSPFv3 process. EXEC Privilege mode clear ipv6 ospf process Assigning OSPFv3 Process ID and Router ID to a VRF To assign, disable, or reset OSPFv3 on a non-default VRF, use the following commands. • Enable the OSPFv3 process on a non-default VRF and enter OSPFv3 mode.
Configuring Passive-Interface To suppress the interface’s participation on an OSPFv3 interface, use the following command. This command stops the router from sending updates on that interface. • Specify whether some or all some of the interfaces are passive. CONF-IPV6-ROUTER-OSPF mode passive-interface {interface slot/port} Interface: identifies the specific interface that is passive. – For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information.
– metric-type metric-type: enter 1 for OSPFv3 external route type 1 OR 2 for OSPFv3 external route type 2. – route-map map-name: enter a name of a configured route map. Enabling OSPFv2 Graceful Restart Graceful restart is enabled for the global OSPF process. The Dell Networking implementation of OSPFv2 graceful restart enables you to specify: • • • • grace period — the length of time the graceful restart process can last before OSPF terminates it.
For more information about OSPF graceful restart, refer to the Dell Networking OS Command Line Reference Guide. Example of the show run ospf Command When you configure a graceful restart on an OSPFv2 router, the show run ospf command displays information similar to the following. Dell#show run ospf ! router ospf 1 graceful-restart grace-period 300 graceful-restart role helper-only graceful-restart mode unplanned-only graceful-restart helper-reject 10.1.1.1 graceful-restart helper-reject 20.1.1.1 network 10.
Rx New LSAS Ext LSA Count Rte Max Eq Cost Paths GR grace-period GR mode 114085 0 5 180 planned and unplanned Area 0 database summary Type Brd Rtr Count AS Bdr Rtr Count LSA count Summary LSAs Rtr LSA Count Net LSA Count Inter Area Pfx LSA Count Inter Area Rtr LSA Count Group Mem LSA Count Count/Status 2 2 12010 1 4 3 12000 0 0 The following example shows the show ipv6 ospf database grace-lsa command.
Tunnel mode. However, Tunnel mode is not supported in Dell Networking OS. For detailed information about the IP ESP protocol, refer to RFC 4303. In OSPFv3 communication, IPsec provides security services between a pair of communicating hosts or security gateways using either AH or ESP. In an authentication policy on an interface or in an OSPF area, AH and ESP are used alone; in an encryption policy, AH and ESP may be used together. The difference between the two mechanisms is the extent of the coverage.
Configuring IPsec Authentication on an Interface To configure, remove, or display IPsec authentication on an interface, use the following commands. Prerequisite: Before you enable IPsec authentication on an OSPFv3 interface, first enable IPv6 unicast routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign it to an area (refer to Configuration Task List for OSPFv3 (OSPF for IPv6)).
– key: specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. Required lengths of a non-encrypted or encrypted key are: 3DES - 48 or 96 hex digits; DES - 16 or 32 hex digits; AES-CBC - 32 or 64 hex digits for AES-128 and 48 or 96 hex digits for AES-192. – key-encryption-type: (optional) specifies if the key is encrypted. The valid values are 0 (key is not encrypted) or 7 (key is encrypted).
The SPI value must be unique to one IPsec security policy (authentication or encryption) on the router. Configure the same encryption policy (the same SPI and keys) on each interface in an OPSFv3 link. NOTE: When you configure encryption using the area encryption command, you enable both IPsec encryption and authentication. However, when you enable authentication on an area using the area authentication command, you do not enable encryption at the same time.
– – – – For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. For a port channel interface, enter the keywords port-channel then a number. For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. Examples of the show crypto ipsec Commands In the first example, the keys are not encrypted (shown in bold).
in use settings : {Transport, } replay detection support : N STATUS : ACTIVE inbound esp sas outbound esp sas Interface: TenGigabitEthernet 1/2 Link Local address: fe80::201:e8ff:fe40:4d11 IPSecv6 policy name: OSPFv3-1-600 inbound ah sas outbound ah sas inbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE outbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detec
• View the summary information for the OSPFv3 database. EXEC Privilege mode show ipv6 ospf [vrf vrf-name] database • View the configuration of OSPFv3 neighbors. EXEC Privilege mode show ipv6 ospf [vrf vrf-name] neighbor • View debug messages for all OSPFv3 interfaces. EXEC Privilege mode debug ipv6 ospf [vrf vrf-name] [event | packet] {type slot/port} – For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information.
Dell(conf-ipv6-router_ospf)#end Dell# Enabling IPv6 Unicast Routing To enable IPv6 unicast routing, use the following command. • Enable IPv6 unicast routing globally. CONFIGURATION mode ipv6 unicast routing Applying cost for OSPFv3 Change in bandwidth directly affects the cost of OSPF routes. • Explicitly specify the cost of sending a packet on an interface. INTERFACE mode ipv6 ospf interface-cost • – interface-cost:The range is from 1 to 65535. Default cost is based on the bandwidth.
• Assign the OSPFv3 process and an OSPFv3 area to this interface. CONF-INT-type slot/port mode ipv6 ospf process-id area area-id – process-id: the process ID number assigned. – area-id: the area ID for this interface. Assigning OSPFv3 Process ID and Router ID Globally To assign, disable, or reset OSPFv3 globally, use the following commands. • Enable the OSPFv3 process globally and enter OSPFv3 mode. CONFIGURATION mode ipv6 router ospf {process ID} • The range is from 0 to 65535.
NOTE: Enter the router-id for an OSPFv3 router as an IPv4 IP address. • Disable OSPF. CONFIGURATION mode no ipv6 router ospf process-id vrf {vrf-name} • Reset the OSPFv3 process. EXEC Privilege mode clear ipv6 ospf [vrf vrf-name] process Configuring Stub Areas To configure IPv6 stub areas, use the following command. • Configure the area as a stub area. CONF-IPV6-ROUTER-OSPF mode area area-id stub [no-summary] – no-summary: use these keywords to prevent transmission in to the area of summary ASBR LSAs.
Configure the following required and optional parameters: – bgp | connected | static: enter one of the keywords to redistribute those routes. – metric metric-value: The range is from 0 to 4294967295. – metric-type metric-type: enter 1 for OSPFv3 external route type 1 OR 2 for OSPFv3 external route type 2. – route-map map-name: enter a name of a configured route map. – tag tag-value: The range is from 0 to 4294967295.
CONF-IPV6-ROUTER-OSPF mode graceful-restart mode [planned-only | unplanned-only] – Planned-only: the OSPFv3 router supports graceful restart only for planned restarts. A planned restart is when you manually enter a redundancy force-failover rpm command to force the primary RPM over to the secondary RPM. During a planned restart, OSPFv3 sends out a Grace LSA before the system switches over to the secondary RPM. OSPFv3 is notified that a planned restart is happening.
AS Scope LSA Count AS Scope LSA Cksum sum Originate New LSAS Rx New LSAS Ext LSA Count Rte Max Eq Cost Paths GR grace-period GR mode 0 0 73 114085 0 5 180 planned and unplanned Area 0 database summary Type Brd Rtr Count AS Bdr Rtr Count LSA count Summary LSAs Rtr LSA Count Net LSA Count Inter Area Pfx LSA Count Inter Area Rtr LSA Count Group Mem LSA Count Count/Status 2 2 12010 1 4 3 12000 0 0 The following example shows the show ipv6 ospf database grace-lsa command.
security services for both IPv4 and IPv6. Insert the ESP header after the IP header and before the next layer protocol header in Transport mode. It is possible to insert the ESP header between the next layer protocol header and encapsulated IP header in Tunnel mode. However, Tunnel mode is not supported in Dell Networking OS. For detailed information about the IP ESP protocol, refer to RFC 4303.
Configuring IPsec Authentication on an Interface To configure, remove, or display IPsec authentication on an interface, use the following commands. Prerequisite: Before you enable IPsec authentication on an OSPFv3 interface, first enable IPv6 unicast routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign it to an area (refer to Configuration Task List for OSPFv3 (OSPF for IPv6)).
– esp encryption-algorithm: specifies the encryption algorithm used with ESP. The valid values are 3DES, DES, AESCBC, and NULL. For AES-CBC, only the AES-128 and AES-192 ciphers are supported. – key: specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information.
Configuring IPsec Encryption for an OSPFv3 Area To configure, remove, or display IPsec encryption in an OSPFv3 area, use the following commands. Prerequisite: Before you enable IPsec encryption in an OSPFv3 area, first enable OSPFv3 globally on the router (refer to Configuration Task List for OSPFv3 (OSPF for IPv6)). The SPI value must be unique to one IPsec security policy (authentication or encryption) on the router.
EXEC Privilege show crypto ipsec sa ipv6 [interface interface] To display information on the SAs used on a specific interface, enter interface interface, where interface is one of the following values: – For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. – For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. – For a port channel interface, enter the keywords port-channel then a number.
transform : ah-md5-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE outbound ah sas spi : 500 (0x1f4) transform : ah-md5-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE inbound esp sas outbound esp sas Interface: TenGigabitEthernet 1/2 Link Local address: fe80::201:e8ff:fe40:4d11 IPSecv6 policy name: OSPFv3-1-600 inbound ah sas outbound ah sas inbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, }
• show ipv6 routes Viewing Summary Information To get general route, configuration, links status, and debug information, use the following commands. • View the summary information of the IPv6 routes. EXEC Privilege mode show ipv6 route [vrf vrf-name] summary • View the summary information for the OSPFv3 database. EXEC Privilege mode show ipv6 ospf [vrf vrf-name] database • View the configuration of OSPFv3 neighbors.
41 Policy-based Routing (PBR) Policy-based Routing (PBR) allows a switch to make routing decisions based on policies applied to an interface. Overview When a router receives a packet it normally decides where to forward it based on the destination address in the packet, which is used to look up an entry in a routing table. However, in some cases, there may be a need to forward the packet based on other criteria: size, source, protocol type, destination, and so on.
• Destination port • TCP Flags After a redirect-list is applied to an interface, all traffic passing through it is subjected to the rules defined in the redirect-list. The traffic is forwarded based on the following: • Next-hop addresses are verified. If the specified next hop is reachable, the traffic is forwarded to the specified next-hop. • If the specified next-hops are not reachable, the normal routing table is used to forward the traffic.
• Create a Track-id list. For complete tracking information, refer to Object Tracking chapter. • Apply a Redirect-list to an Interface using a Redirect-group PBR Exceptions (Permit) Use the command permit to create an exception to a redirect list. Exceptions are used when a forwarding decision should be based on the routing table rather than a routing policy.
• tunnel is used to configure the tunnel settings • tunnel-id is used to redirect the traffic • track is used to track the object-id • track is to enable the tracking • FORMAT: A.B.C.D • FORMAT: slot/port • ip-protocol-number or protocol-type is the type of protocol to be redirected • FORMAT: 0-255 for IP protocol number, or enter protocol type • source ip-address or any or host ip-address is the Source’s IP address • FORMAT: A.B.C.
Example: Creating Multiple Rules for a Redirect-List Dell(conf)#ip redirect-list test Dell(conf-redirect-list)#seq 10 redirect Dell(conf-redirect-list)#seq 15 redirect Dell(conf-redirect-list)#seq 20 redirect Dell(conf-redirect-list)#show config ! ip redirect-list test seq 10 redirect 10.1.1.2 ip 20.1.1.0/24 seq 15 redirect 10.1.1.3 ip 20.1.1.0/25 seq 20 redirect 10.1.1.3 ip 20.1.1.0/24 Dell(conf-redirect-list)# 10.1.1.2 ip 20.1.1.0/24 any 10.1.1.3 ip 20.1.1.0/25 any 10.1.1.3 ip 20.1.1.
shutdown Dell(conf-if-te-1/2)# Dell(conf-if-gi-1/1)#ip redirect-group test Dell(conf-if-gi-1/1)#ip redirect-group xyz Dell(conf-if-gi-1/1)#show config ! interface GigabitEthernet 1/1 no ip address ip redirect-group test ip redirect-group xyz shutdown Dell(conf-if-te-1/2)# In addition to supporting multiple redirect-lists in a redirect-group, multiple redirect-groups are supported on a single interface. Dell Networking OS has the capability to support multiple groups on an interface for backup purposes.
Use the show ip redirect-list (without the list name) to display all the redirect-lists configured on the device. Dell#show ip redirect-list IP redirect-list rcl0: Defined as: seq 5 permit ip 200.200.200.200 200.200.200.200 199.199.199.199 199.199.199.199 seq 10 redirect 1.1.1.2 tcp 234.224.234.234 255.234.234.234 222.222.222.
Create the Redirect-List GOLD EDGE_ROUTER(conf-if-Te-2/23)#ip redirect-list GOLD EDGE_ROUTER(conf-redirect-list)#description Route GOLD traffic to ISP_GOLD. EDGE_ROUTER(conf-redirect-list)#direct 10.99.99.254 ip 192.168.1.0/24 any EDGE_ROUTER(conf-redirect-list)#redirect 10.99.99.254 ip 192.168.2.0/24 any EDGE_ROUTER(conf-redirect-list)# seq 15 permit ip any any EDGE_ROUTER(conf-redirect-list)#show config ! ip redirect-list GOLD description Route GOLD traffic to ISP_GOLD. seq 5 redirect 10.99.99.254 ip 192.
IP redirect-list GOLD: Defined as: seq 5 redirect 10.99.99.254 ip 192.168.1.0/24 any, Next-hop reachable (via Te 3/23) seq 10 redirect 10.99.99.254 ip 192.168.2.0/24 any, Next-hop reachable (via Te 3/23) seq 15 permit ip any any Applied interfaces: Te 2/11 EDGE_ROUTER# Configuration Tasks for Creating a PBR list using Explicit Track Objects for Redirect IP's Create Track Objects to track the Redirect IP's: Dell#configure terminal Dell(conf)#track 3 ip host 42.1.1.
Configuration Tasks for Creating a PBR list using Explicit Track Objects for Tunnel Interfaces Creating steps for Tunnel Interfaces: Dell#configure terminal Dell(conf)#interface tunnel 1 Dell(conf-if-tu-1)#tunnel destination 40.1.1.2 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)#tunnel mode ipip Dell(conf-if-tu-1)#tunnel keepalive 60.1.1.2 Dell(conf-if-tu-1)#ip address 60.1.1.
IP redirect-list explicit_tunnel: Defined as: seq 5 redirect tunnel 1 track 1 tcp 155.55.2.0/24 222.22.2.0/24, Track 1 [up], Next-hop reachable (via Te 1/32) seq 10 redirect tunnel 1 track 1 tcp any any, Track 1 [up], Next-hop reachable (via Te 1/32) seq 15 redirect tunnel 1 track 1 udp 155.55.0.0/16 host 144.144.144.144, Track 1 [up], Next-hop reachable (via Te 1/32) seq 20 redirect tunnel 2 track 2 tcp 155.55.2.0/24 222.22.2.
42 PIM Sparse-Mode (PIM-SM) PIM-sparse mode (PIM-SM) is a multicast protocol that forwards multicast traffic to a subnet only after a request using a PIM Join message; this behavior is the opposite of PIM-Dense mode, which forwards multicast traffic to all subnets until a request to stop. Implementation Information Be aware of the following PIM-SM implementation information. • The Dell Networking implementation of PIM-SM is based on IETF Internet Draft draft-ietf-pim-sm-v2-new-05.
Refuse Multicast Traffic A host requesting to leave a multicast group sends an IGMP Leave message to the last-hop DR. If the host is the only remaining receiver for that group on the subnet, the last-hop DR is responsible for sending a PIM Prune message up the RPT to prune its branch to the RP. 1. After receiving an IGMP Leave message, the gateway removes the interface on which it is received from the outgoing interface list of the (*,G) entry.
Examples of the show ip pim Commands To display which interfaces are enabled with PIM-SM, use the show ip pim interface command from EXEC Privilege mode. Dell#show ip pim interface Address Interface VIFindex Ver/ Mode 189.87.5.6 Te 4/11 0x2 v2/S 189.87.3.2 Te 4/12 0x3 v2/S 189.87.31.6 Te 7/11 0x0 v2/S 189.87.50.6 Te 7/13 0x4 v2/S Dell# Nbr Count 1 1 0 1 Query Intvl 30 30 30 30 DR DR Prio 1 127.87.5.6 1 127.87.3.5 1 127.87.31.6 1 127.87.50.
The default is 210. 2. Create an extended ACL. CONFIGURATION mode ip access-list extended access-list-name 3. Specify the source and group to which the timer is applied using extended ACLs with permit rules only. CONFIG-EXT-NACL mode [seq sequence-number] permit ip source-address/mask | any | host source-address} {destination-address/mask | any | host destination-address} 4. Set the expiry time for a specific (S,G) entry (as shown in the following example).
! ip pim rp-address 1.1.1.1 group-address 224.0.0.0/4 Overriding Bootstrap Router Updates PIM-SM routers must know the address of the RP for each group for which they have (*,G) entry. This address is obtained automatically through the bootstrap router (BSR) mechanism or a static RP configuration. Use the following command if you have configured a static RP for a group.
• Create multicast boundaries and domains by filtering inbound and outbound BSR messages per interface. ip pim bsr-border • Remove candidate RP advertisements.
43 PIM Source-Specific Mode (PIM-SSM) PIM source-specific mode (PIM-SSM) is a multicast protocol that forwards multicast traffic from a single source to a subnet. In the other versions of protocol independent multicast (PIM), a receiver subscribes to a group only. The receiver receives traffic not just from the source in which it is interested but from all sources sending to that group.
Enabling PIM-SSM To enable PIM-SSM, follow these steps. 1. Create an ACL that uses permit rules to specify what range of addresses should use SSM. CONFIGURATION mode ip access-list standard name 2. Enter the ip pim ssm-range command and specify the ACL you created. CONFIGURATION mode ip pim ssm-range acl-name Enabling PIM-SSM To display address ranges in the PIM-SSM range, use the show ip pim ssm-range command from EXEC Privilege mode. R1(conf)#do show run pim ! ip pim rp-address 10.11.12.
R1(conf)#do show run acl ! ip access-list standard map seq 5 permit host 239.0.0.2 ! ip access-list standard ssm seq 5 permit host 239.0.0.2 R1(conf)#ip igmp ssm-map map 10.11.5.2 R1(conf)#do show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Mode Uptime Expires 239.0.0.2 Vlan 300 IGMPv2-Compat 00:00:07 Never Member Ports: Te 1/1 239.0.0.1 Vlan 400 INCLUDE 00:00:10 Never 10.11.4.2 R1(conf)#show ip igmp ssm-map Last Reporter 10.11.3.
SSM Map Information Group : 239.0.0.2 Source(s) : 10.11.5.2 R1(conf)#do show ip igmp groups detail Interface Group Uptime Expires Router mode Last reporter Last reporter mode Last report Group source Source address 10.11.5.2 00:00:01 Vlan 300 239.0.0.2 00:00:01 Never IGMPv2-Compat 10.11.3.2 IGMPv2 received Join list Uptime Expires Never Interface Vlan 400 Group 239.0.0.1 Uptime 00:00:05 Expires Never Router mode INCLUDE Last reporter 10.11.4.
44 Port Monitoring Port monitoring (also referred to as mirroring ) allows you to monitor ingress and/or egress traffic on specified ports. The mirrored traffic can be sent to a port to which a network analyzer is connected to inspect or troubleshoot the traffic. Mirroring is used for monitoring Ingress or Egress or both Ingress and Egress traffic on a specific port(s). This mirrored traffic can be sent to a port where a network sniffer can connect and monitor the traffic.
In the following examples, ports 1/13, 1/14, 1/15, and 1/16 all belong to the same port-pipe. They are pointing to four different destinations (1/1, 1/2, 1/3, and 1/37). Now it is not possible for another source port from the same port-pipe (for example, 1/17) to point to another new destination (for example, 1/4). If you attempt to configure another destination (to create 5 MG port), this message displays: % Error will be thrown in case of RPM and ERPM features.
Figure 105. Port Monitoring Configurations Dell Networking OS Behavior: All monitored frames are tagged if the configured monitoring direction is egress (TX), regardless of whether the monitored port (MD) is a Layer 2 or Layer 3 port. If the MD port is a Layer 2 port, the frames are tagged with the VLAN ID of the VLAN to which the MD belongs. If the MD port is a Layer 3 port, the frames are tagged with VLAN ID 4095.
0 Te 1/1 Te 1/2 rx Port N/A N/A Dell(conf)#monitor session 0 Dell(conf-mon-sess-0)#source po 10 dest ten 1/2 dir rx Dell(conf-mon-sess-0)#do show monitor session SessID Source Destination Dir Mode Source IP ------ ------------------ ---- --------0 Te 1/1 Te 1/2 rx Port N/A 0 Po 10 Te 1/2 rx Port N/A Dest IP -------N/A N/A Dell(conf)#monitor session 1 Dell(conf-mon-sess-1)#source vl 40 dest ten 1/3 dir rx Dell(conf-mon-sess-1)#flow-based enable Dell(conf-mon-sess-1)#exit Dell(conf)#do show monitor s
MONITOR SESSION mode flow-based enable 2. Define in access-list rules that include the keyword monitor. For port monitoring, Dell Networking OS only considers traffic matching rules with the keyword monitor. CONFIGURATION mode ip access-list Refer to Access Control Lists (ACLs). 3. Apply the ACL to the monitored port.
intermediate switch that participates in the transport of mirrored traffic must be configured with the reserved L2 VLAN. Remote port monitoring supports mirroring sessions in which multiple source and destination ports are distributed across multiple switches Remote Port Mirroring Example Remote port mirroring uses the analyzers shown in the aggregation network in Site A. The VLAN traffic on monitored links from the access network is tagged and assigned to a dedicated L2 VLAN.
• A remote port mirroring session mirrors monitored traffic by prefixing the reserved VLAN tag to monitored packets so that they are copied to the reserve VLAN. • Mirrored traffic is transported across the network using 802.1Q-in-802.1Q tunneling. The source address, destination address and original VLAN ID of the mirrored packet are preserved with the tagged VLAN header. Untagged source packets are tagged with the reserve VLAN ID.
• You cannot configure a source port channel or source VLAN in a source session if the port channel or VLAN has a member port that is configured as a destination port in a remote-port mirroring session. • A destination port for remote port mirroring cannot be used as a source port, including the session in which the port functions as the destination port. • A destination port cannot be used in any spanning tree instance. • The reserved VLAN used to transport mirrored traffic must be a L2 VLAN.
3 source Interface | Range Specify the port or list of ports that needs to be monitored 4 direction Specify rx, tx or both in case to monitor ingress/egress or both ingress and egress packets on the specified port.. 5 rpm source-ip dest-ip Specify the source ip address and the destination ip where the packet needs to be sent. 6 flow-based enable Specify flow-based enable for mirroring on a flow by flow basis and also for vlan as source.
Dell(conf)#end Dell# Dell#show monitor session SessID Source Destination ------ ---------------1 Te 1/5 remote-vlan 10 2 Vl 100 remote-vlan 20 3 Po 10 remote-vlan 30 Dell# Dir --rx rx both Mode ---Port Flow Port Source IP --------N/A N/A N/A Dest IP -------N/A N/A N/A Configuring the sample Source Remote Port Mirroring Dell(conf)#inte te 1/1 Dell(conf-if-te-1/1)#switchport Dell(conf-if-te-1/1)#no shutdown Dell(conf-if-te-1/1)#exit Dell(conf)#interface te 1/2 Dell(conf-if-te-1/2)#switchport Dell(conf-if
1. Enable control plane egress acl using the following command: 2. Create an extended MAC access list and add a deny rule of (0x0180c2xxxxxx) packets using the following commands: mac control-plane egress-acl mac access-list extended mac2 seq 5 deny any 01:80:c2:00:00:00 00:00:00:ff:ff:ff count 3. Apply ACL on that RPM VLAN. In this example RPM vlan is 10.
• Same port can be configured as both source and destination in an ERSPAN session. • TTL and ToS values can be configured in IP header of ERSPAN traffic. Configuration steps for ERPM To configure an ERPM session: Table 62. Configuration steps for ERPM Step Command Purpose 1 configure terminal Enter global configuration mode. 2 monitor session type erpm Specify a session ID and ERPM as the type of monitoring session, and enter Monitoring-Session configuration mode.
interface Vlan 11 no ip address tagged TenGigabitEthernet 1/1-3 mac access-group flow in <<<<<<<<<<<<<< Only ingress packets are supported for mirroring shutdown Dell# ERPM Behavior on a typical Dell Networking OS The Dell Networking OS is designed to support only the Encapsulation of the data received / transmitted at the specified source port (Port A). An ERPM destination session / decapsulation of the ERPM packets at the destination Switch are not supported. Figure 108.
– Some tools support options to edit the capture file. We can make use of such features (for example: editcap ) and chop the ERPM header part and save it to a new trace file. This new file (i.e. the original mirrored packet) can be converted back into stream and fed to any egress interface. b. Using Python script – Either have a Linux server's ethernet port ip as the ERPM destination ip or connect the ingress interface of the server to the ERPM MirrorToPort.
45 Private VLANs (PVLAN) Private VLANs (PVLANs) extend the Dell Networking OS security suite by providing Layer 2 isolation between ports within the same virtual local area network (VLAN). For syntax details about the commands described in this chapter, refer to the Private VLANs commands chapter in the Dell Networking OS Command Line Reference Guide. A PVLAN partitions a traditional VLAN into subdomains identified by a primary and secondary VLAN pair.
– There are two types of secondary VLAN — community VLAN and isolated VLAN. PVLAN port types include: • Community port — a port that belongs to a community VLAN and is allowed to communicate with other ports in the same community VLAN and with promiscuous ports. • Host port — in the context of a private VLAN, is a port in a secondary VLAN: – The port must first be assigned that role in INTERFACE mode. – A port assigned the host role cannot be added to a regular VLAN.
• Display primary-secondary VLAN mapping. EXEC mode or EXEC Privilege mode show vlan private-vlan mapping • Set the PVLAN mode of the selected port. INTERFACE switchport mode private-vlan {host | promiscuous | trunk} NOTE: Secondary VLANs are Layer 2 VLANs, so even if they are operationally down while primary VLANs are operationally up, Layer 3 traffic is still transmitted across secondary VLANs. NOTE: The outputs of the show arp and show vlan commands provide PVLAN data.
The following example shows the switchport mode private-vlan command on a port and on a port channel.
ip address ip address 7. (OPTIONAL) Enable/disable Layer 3 communication between secondary VLANs. INTERFACE VLAN mode ip local-proxy-arp NOTE: If a promiscuous or host port is untagged in a VLAN and it receives a tagged packet in the same VLAN, the packet is NOT dropped. Creating a Community VLAN A community VLAN is a secondary VLAN of the primary VLAN in a private VLAN. The ports in a community VLAN can talk to each other and with the promiscuous ports in the primary VLAN. 1.
INTERFACE VLAN mode tagged interface or untagged interface You can enter the interfaces singly or in range format, either comma-delimited (slot/port,port,port) or hyphenated (slot/ port-port). You can only add ports defined as host to the VLAN. Example of Configuring Private VLAN Members The following example shows the use of the PVLAN commands that are used in VLAN INTERFACE mode to configure the PVLAN member VLANs (primary, community, and isolated VLANs).
• • • • The ports in community VLAN 4001 can communicate directly with each other and with promiscuous ports. The ports in community VLAN 4002 can communicate directly with each other and with promiscuous ports. The ports in isolated VLAN 4003 can only communicate with the promiscuous ports in the primary VLAN 4000.
The following example shows the vlan private-vlan command output from S5000-1. S5000-1#show vlan private-vlan Primary Secondary Type Active ------- --------- --------- -----4000 Primary Yes 4001 Community Yes 4002 Community Yes 4003 Isolated Yes Ports ---------Te 0/0,23,25 Te 4/0,23 Te 4/24,47 Te 0/24,47 The following example shows the show vlan private-vlan command output from S5000–2.
switchport switchport mode private-vlan host no shutdown ! interface TenGigabitEthernet 0/25 no ip address switchport switchport mode private-vlan trunk no shutdown ! interface Vlan 4000 private-vlan mode primary private-vlan mapping secondary-vlan 4001-4003 no ip address tagged TenGigabitEthernet 0/3,25 no shutdown ! interface Vlan 4001 private-vlan mode community 688 Private VLANs (PVLAN)
46 Per-VLAN Spanning Tree Plus (PVST+) Per-VLAN spanning tree plus (PVST+) is a variation of Spanning Tree — developed by a third party — that allows you to configure a separate Spanning Tree instance for each VLAN. For more information about Spanning Tree, refer to Spanning Tree Protocol (STP). Protocol Overview Figure 110. Per-VLAN Spanning Tree The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 63.
Dell Networking Term IEEE Specification Multiple Spanning Tree Protocol (MSTP) 802 .1s Per-VLAN Spanning Tree Plus (PVST+) Third Party Implementation Information • The Dell Networking OS implementation of PVST+ is based on IEEE Standard 802.1w. • The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs (as shown in the following table). Other implementations use IEEE 802.1w costs as the default costs.
• Disable PVST+ globally. PROTOCOL PVST mode disable • Disable PVST+ on an interface, or remove a PVST+ parameter configuration. INTERFACE mode no spanning-tree pvst Example of Viewing PVST+ Configuration To display your PVST+ configuration, use the show config command from PROTOCOL PVST mode.
The bridge with the bridge value for bridge priority is elected root. Because all bridges use the default priority (until configured otherwise), the lowest MAC address is used as a tie-breaker. To increase the likelihood that a bridge is selected as the STP root, assign bridges a low non-default value for bridge priority. To assign a bridge priority, use the following command. • Assign a bridge priority. PROTOCOL PVST mode vlan vlan-range bridge-priority value The VLAN range is from 1 to 4094.
The VLAN range is from 1 to 4094. The range is from 4 to 30. • The default is 15 seconds. Change the hello-time parameter. PROTOCOL PVST mode vlan vlan-range hello-time value NOTE: With large configurations (especially those configurations with more ports), Dell Networking recommends increasing the hello-time. The VLAN range is from 1 to 4094. The range is from 1 to 10. • The default is 2 seconds. Change the max-age parameter.
To change the port cost or port priority of an interface, use the following commands. • Change the port cost of an interface. INTERFACE mode spanning-tree pvst vlan vlan-range cost value. The VLAN range is from 1 to 4094. The range is from 0 to 200000. • Refer to the table for the default values. Change the port priority of an interface. INTERFACE mode spanning-tree pvst vlan vlan-range priority value. The range is from 0 to 240, in increments of 16. The default is 128.
– Disable the shutdown-on-violation command on the interface (the no spanning-tree stp-id portfast [bpduguard | [shutdown-on-violation]] command). – Disable spanning tree on the interface (the no spanning-tree command in INTERFACE mode). – Disabling global spanning tree (the no spanning-tree command in CONFIGURATION mode). PVST+ in Multi-Vendor Networks Some non-Dell Networking systems which have hybrid ports participating in PVST+ transmit two kinds of BPDUs: an 802.1D BPDU and an untagged PVST+ BPDU.
PVST+ Sample Configurations The following examples provide the running configurations for the topology shown in the previous illustration.
interface TenGigabitEthernet 3/12 no ip address switchport no shutdown ! interface TenGigabitEthernet 3/22 no ip address switchport no shutdown ! interface Vlan 100 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 3/12,22 no shutdown Per-VLAN Spanning Tree Plus (PVST+) 697
47 Quality of Service (QoS) This chapter describes how to use and configure Quality of Service service (QoS) features on the switch. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 65.
Feature Direction Create Input Policy Maps Ingress Honor DSCP Values on Ingress Packets Ingress Honoring dot1p Values on Ingress Packets Ingress Create Output Policy Maps Egress Specify an Aggregate QoS Policy Egress Create Output Policy Maps Egress Enabling QoS Rate Adjustment Enabling Strict-Priority Queueing Egress Weighted Random Early Detection Create WRED Profiles Egress Figure 113.
• RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 Headers • RFC 2475, An Architecture for Differentiated Services • RFC 2597, Assured Forwarding PHB Group • RFC 2598, An Expedited Forwarding PHB You cannot configure port-based and policy-based QoS on the same interface. Port-Based QoS Configurations You can configure the following QoS features on an interface.
Priority-Tagged Frames on the Default VLAN Priority-tagged frames are 802.1Q tagged frames with VLAN ID 0. For VLAN classification, these packets are treated as untagged. However, the dot1p value is still honored when you configure service-class dynamic dot1p or trust dot1p. When priority-tagged frames ingress an untagged port or hybrid port, the frames are classified to the default VLAN of the port and to a queue according to their dot1p priority if you configure service-class dynamic dotp or trust dot1p.
rate-shape Example of rate shape Command Dell#configure terminal Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te-1/1)#rate shape 500 50 Dell(conf-if-te-1/1)#end Policy-Based QoS Configurations Policy-based QoS configurations consist of the components shown in the following example. Figure 114. Constructing Policy-Based QoS Configurations Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic.
NOTE: IPv6 and IP-any class maps cannot match on ACLs or VLANs. Use step 1 or step 2 to start creating a Layer 3 class map. 1. Create a match-any class map. CONFIGURATION mode class-map match-any 2. Create a match-all class map. CONFIGURATION mode class-map match-all 3. Specify your match criteria. CLASS MAP mode match {ip | ipv6 | ip-any} After you create a class-map, Dell Networking OS places you in CLASS MAP mode. Match-any class maps allow up to five ACLs. Match-all class-maps allow only one ACL.
Use Step 1 or Step 2 to start creating a Layer 2 class map. 1. Create a match-any class map. CONFIGURATION mode class-map match-any 2. Create a match-all class map. CONFIGURATION mode class-map match-all 3. Specify your match criteria. CLASS MAP mode match mac After you create a class-map, Dell Networking OS places you in CLASS MAP mode. Match-any class maps allow up to five access-lists. Match-all class-maps allow only one. You can match against only one VLAN ID. 4. Link the class-map to a queue.
Examples of Traffic Classifications The following example shows incorrect traffic classifications.
Create a QoS Policy There are two types of QoS policies — input and output. Input QoS policies regulate Layer 3 and Layer 2 ingress traffic. The regulation mechanisms for input QoS policies are rate policing and setting priority values. • Layer 3 — QoS input policies allow you to rate police and set a DSCP or dot1p value. In addition, you can configure a drop precedence for incoming packets based on their DSCP value by using a DSCP color map. For more information, see DSCP Color Maps.
CONFIGURATION mode qos-policy-output 2. After you configure an output QoS policy, do one or more of the following: Scheduler Strict — Policy-based Strict-priority Queueing configuration is done through scheduler strict. It is applied to Qospolicy-output. When scheduler strict is applied to multiple Queues, high queue number takes precedence. Allocating Bandwidth to Queue Specifying WRED Drop Precedence Configuring Policy-Based Rate Shaping To configure policy-based rate shaping, use the following command.
wred For more information, refer to Applying a WRED Profile to Traffic. Create Policy Maps There are two types of policy maps: input and output. Creating Input Policy Maps There are two types of input policy-maps: Layer 3 and Layer 2. 1. Create a Layer 3 input policy map. CONFIGURATION mode policy-map-input Create a Layer 2 input policy map by specifying the keyword layer2 with the policy-map-input command. 2.
DSCP/CP hex range (XXX)xxx DSCP Definition Traditional IP Precedence Internal Queue ID DSCP/CP decimal 100XXX AF4 (Assured Forwarding) Flash Override 2 32–47 011XXX AF3 Flash 1 16–31 010XXX AF2 Immediate 1 16–31 001XXX AF1 Priority 0 0–15 000XXX BE (Best Effort) Best Effort 0 0–15 • Enable the trust DSCP feature. POLICY-MAP-IN mode trust diffserv Honoring dot1p Values on Ingress Packets Dell Networking OS honors dot1p values on ingress packets with the Trust dot1p feature.
Guaranteeing Bandwidth to dot1p-Based Service Queues To guarantee bandwidth to dot1p-based service queues, use the following command. Apply this command in the same way as the bandwidth-percentage command in an output QoS policy (refer to Allocating Bandwidth to Queue). The bandwidth-percentage command in QOS-POLICY-OUT mode supersedes the service-class bandwidth-percentage command. • Guarantee a minimum bandwidth to queues globally.
Applying an Output Policy Map to an Interface To apply an output policy map to an interface, use the following command. • Apply an input policy map to an interface. INTERFACE mode service-policy output You can apply the same policy map to multiple interfaces, and you can modify a policy map after you apply it. DSCP Color Maps This section describes how to configure color maps and how to display the color map and color map configuration.
qos dscp-color-policy color-map-name Example: Create a DSCP Color Map The following example creates a DSCP color map profile, color-awareness policy, and applies it to interface te 1/11. Create the DSCP color map profile, bat-enclave-map, with a yellow drop precedence , and set the DSCP values to 9,10,11,13,15,16 Dell(conf)# qos dscp-color-map bat-enclave-map Dell(conf-dscp-color-map)# dscp yellow 9,10,11,13,15,16 Dell (conf-dscp-color-map)# exit Assign the color map, bat-enclave-map to interface te 1/11 .
Display detailed information about a color policy for a specific interface Dell# show qos dscp-color-policy detail tengigabitethernet 1/10 Interface TenGigabitEthernet 1/10 Dscp-color-map mapONE yellow 4,7 red 20,30 Enabling QoS Rate Adjustment By default while rate limiting, policing, and shaping, Dell Networking OS does not include the Preamble, SFD, or the IFG fields.
Weighted Random Early Detection Weighted random early detection (WRED) is a congestion avoidance mechanism that drops packets to prevent buffering resources from being consumed. The WRED congestion avoidance mechanism drops packets to prevent buffering resources from being consumed. Traffic is a mixture of various kinds of packets. The rate at which some types of packets arrive might be greater than others.
Applying a WRED Profile to Traffic After you create a WRED profile, you must specify to which traffic Dell Networking OS should apply the profile. Dell Networking OS assigns a color (also called drop precedence) — red, yellow, or green — to each packet based on it DSCP value before queuing it. DSCP is a 6–bit field. Dell Networking uses the first three bits (LSB) of this field (DP) to determine the drop precedence. • DP values of 110 and 100, 101 map to yellow; all other values map to green.
Example of the show qos statistics egress-queue Command Pre-Calculating Available QoS CAM Space Before Dell Networking OS version 7.3.1, there was no way to measure the number of CAM entries a policy-map would consume (the number of CAM entries that a rule uses is not predictable; from 1 to 16 entries might be used per rule depending upon its complexity). Therefore, it was possible to apply to an interface a policy-map that requires more entries than are available.
space on the buffer and traffic manager (BTM) (ingress or egress) can be consumed by only one or few types of traffic, leaving no space for other types. You can apply a WRED profile to a policy-map so that the specified traffic can be prevented from consuming too much of the BTM resources. WRED drops packets when the average queue length exceeds the configured threshold value to signify congestion.
The following table describes the WRED and ECN operations that occur for various scenarios of WRED and ECN configuration on the queue and service pool. (X denotes not-applicable in the table, 1 indicates that the setting is enabled, 0 represents a disabled setting. ) Table 69.
4. Create a global buffer pool that is a shared buffer pool accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed. mode Dell(conf) #service-pool wred green pool0 thresh-1 pool1 thresh-2 Dell(conf) #service-pool wred yellow pool0 thresh-3 pool1 thresh-4 Dell(conf) #service-pool wred weight pool0 11 pool1 4 5. Create a service class and associate the threshold weight of the shared buffer with each of the queues per port in the egress direction.
match ip access-group ecn_0 set-color yellow ! policy-map-input ecn_0_pmap service-queue 0 class-map ecn_0_cmap Applying this policy-map “ecn_0_pmap” will mark all the packets with ‘ecn == 0’ as yellow packets on queue0 (default queue). Classifying Incoming Packets Using ECN and Color-Marking Explicit Congestion Notification (ECN) is a capability that enhances WRED by marking the packets instead of causing WRED to drop them when the threshold value is exceeded.
You can use the ecn keyword with the ip access-list standard, ip access-list extended, seq, and permit commands for standard and extended IPv4 ACLs to match incoming packets with the specified ECN values. Similar to ‘dscp’ qualifier in the existing L3 ACL command, the ‘ecn’ qualifier can be used along with all other supported ACL match qualifiers such as SIP/DIP/TCP/UDP/SRC PORT/DST PORT/ ICMP. Until Release 9.3(0.
Approach without explicit ECN match qualifiers for ECN packets: ! ip access-list standard dscp_50 seq 5 permit any dscp 50 ! ip access-list standard dscp_40 seq 5 permit any dscp 40 ! ip access-list standard dscp_50_non_ecn seq 5 permit any dscp 50 ecn 0 ! ip access-list standard dscp_40_non_ecn seq 5 permit any dscp 40 ecn 0 ! class-map match-any class_dscp_40 match ip access-group dscp_40_non_ecn set-color yellow match ip access-group dscp_40 ! class-map match-any class_dscp_50 match ip access-group dscp_
Applying Layer 2 Match Criteria on a Layer 3 Interface To process Layer 3 packets that contain a dot1p (IEEE 802.1p) VLAN Layer 2 header, configure VLAN tags on a Layer 3 port interface which is configured with an IP address but has no VLAN associated with it. You can also configure a VLAN sub-interface on the port interface and apply a policy map that classifies packets using the dot1p VLAN ID.
CONFIGURATION mode Dell(conf)#qos-policy-input pp_qospolicy 5. Configure the DSCP value to be set on matched packets. QOS-POLICY-IN mode Dell(conf-qos-policy-in)#set ip-dscp 5 6. Create an input policy map. CONFIGURATION mode Dell(conf)#policy-map-input pp_policmap 7. Create a service queue to associate the class map and QoS policy map.
For the L3 Routed packets, the DSCP marking is the only marking action supported in the software. As a part of this feature, the additional marking action to set the “color” of the traffic will be provided. Until Release 9.3(0.0), the software has the capability to qualify only on the 6-bit DSCP part of the ToS field in IPv4 Header. You can now accept and process incoming packets based on the 2-bit ECN part of the ToS field in addition to the DSCP categorization.
• match ip precedence • match ip vlan Guidelines for Configuring ECN for Classifying and Color-Marking Packets Keep the following points in mind while configuring the marking and mapping of incoming packets using ECN fields in IPv4 headers: • Currently Dell Networking OS supports matching only the following TCP flags: – ACK – FIN – SYN – PSH – RST – URG In the existing software, ECE/CWR TCP flag qualifiers are not supported.
Sample configuration to mark non-ecn packets as “yellow” with single traffic class Consider the use case where the packet with DSCP value “40” need to be enqueued in queue#2 and packets with DSCP value as 50 need to be enqueued in queue#3. And all the packets with ecn value as ‘0’ must be marked as ‘yellow’. The above requirement can be achieved using either of the two approaches. The above requirement can be achieved using either of the two approaches.
! policy-map-input pmap_dscp_40_50 service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Enabling Buffer Statistics Tracking You can enable the tracking of statistical values of buffer spaces at a global level. The buffer statistics tracking utility operates in the max use count mode that enables the collection of maximum values of counters. To configure the buffer statistics tracking utility, perform the following step: 1.
Unit 1 unit: 3 port: 17 (interface Fo 1/160) --------------------------------------Q# TYPE Q# TOTAL BUFFERED CELLS --------------------------------------MCAST 3 0 Unit 1 unit: 3 port: 21 (interface Fo 1/164) --------------------------------------Q# TYPE Q# TOTAL BUFFERED CELLS --------------------------------------MCAST 3 0 Unit 1 unit: 3 port: 25 (interface Fo 1/168) --------------------------------------Q# TYPE Q# TOTAL BUFFERED CELLS --------------------------------------MCAST 3 0 Unit 1 unit: 3 port: 29
48 Routing Information Protocol (RIP) RIP is based on a distance-vector algorithm; it tracks distances or hop counts to nearby routers when establishing network connections. RIP protocol standards are listed in the Standards Compliance chapter. Protocol Overview RIP is the oldest interior gateway protocol. There are two versions of RIP: RIP version 1 (RIPv1) and RIP version 2 (RIPv2). These versions are documented in RFCs 1058 and 2453.
Feature Default • Transmit RIPv1 RIP timers • • • • update timer = 30 seconds invalid timer = 180 seconds holddown timer = 180 seconds flush timer = 240 seconds Auto summarization Enabled ECMP paths supported 16 Configuration Information By default, RIP is disabled in Dell Networking OS. To configure RIP, you must use commands in two modes: ROUTER RIP and INTERFACE.
The Dell Networking OS default is to send RIPv1 and to receive RIPv1 and RIPv2. To change the RIP version globally, use the version command in ROUTER RIP mode. To view the global RIP configuration, use the show running-config command in EXEC mode or the show config command in ROUTER RIP mode. Dell(conf-router_rip)#show config ! router rip network 10.0.0.0 Dell(conf-router_rip)# When the RIP process has learned the RIP routes, use the show ip rip database command in EXEC mode to view those routes.
To control the source of RIP route information, use the following commands. • Define a specific router to exchange RIP information between it and the Dell Networking system. ROUTER RIP mode neighbor ip-address • You can use this command multiple times to exchange RIP information with as many RIP networks as you want. Disable a specific interface from sending or receiving RIP routing information.
Distance: (default is 120) Dell# To configure an interface to receive or send both versions of RIP, include 1 and 2 in the command syntax. The command syntax for sending both RIPv1 and RIPv2 and receiving only RIPv2 is shown in the following example. Dell(conf-if)#ip rip send version 1 2 Dell(conf-if)#ip rip receive version 2 The following example of the show ip protocols command confirms that both versions are sent out that interface.
The autosummary command requires no other configuration commands. To disable automatic route summarization, enter no autosummary in ROUTER RIP mode. NOTE: If you enable the ip split-horizon command on an interface, the system does not advertise the summarized address. Controlling Route Metrics As a distance-vector protocol, RIP uses hop counts to determine the best route, but sometimes the shortest hop count is a route over the lowest-speed link.
To disable RIP, use the no debug ip rip command. RIP Configuration Example The examples in this section show the command sequence to configure RIPv2 on the two routers shown in the following illustration — Core 2 and Core 3. The host prompts used in the following example reflect those names.
• • To display Core 2 RIP setup, use the show ip route command. To display Core 2 RIP activity, use the show ip protocols command. The following example shows the show ip rip database command to view the learned RIP routes on Core 2. Core2(conf-router_rip)#end 00:12:24: %RPM0-P:CP %SYS-5-CONFIG_I: Configured from console by console Core2#show ip rip database Total number of routes in RIP database: 7 10.11.30.0/24 [120/1] via 10.11.20.1, 00:00:03, TenGigabitEthernet 2/31 10.300.10.
TenGigabitEthernet 2/11 2 2 Routing for Networks: 10.300.10.0 10.200.10.0 10.11.20.0 10.11.10.0 Routing Information Sources: Gateway Distance Last Update 10.11.20.1 120 00:00:12 Distance: (default is 120) Core2# RIP Configuration on Core3 The following example shows how to configure RIPv2 on a host named Core3. Example of Configuring RIPv2 on Core3 Core3(conf-if-te-3/21)#router rip Core3(conf-router_rip)#version 2 Core3(conf-router_rip)#network 192.168.1.0 Core3(conf-router_rip)#network 192.168.2.
B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ----------- ------- --------------------R 10.11.10.0/24 via 10.11.20.
! interface TenGigabitEthernet 2/42 ip address 10.250.10.1/24 no shutdown router rip version 2 10.200.10.0 10.300.10.0 10.11.10.0 10.11.20.0 The following example shows viewing the RIP configuration on Core 3. ! interface TenGigabitEthernet 3/11 ip address 10.11.30.1/24 no shutdown ! interface TenGigabitEthernet 3/21 ip address 10.11.20.1/24 no shutdown ! interface TenGigabitEthernet 3/43 ip address 192.168.1.1/24 no shutdown ! interface TenGigabitEthernet 3/44 ip address 192.168.2.
49 Remote Monitoring (RMON) RMON is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet interfaces. RMON operates with the simple network management protocol (SNMP) and monitors all nodes on a local area network (LAN) segment. RMON monitors traffic passing through the router and segment traffic not destined for the router.
[no] rmon alarm number variable interval {delta | absolute} rising-threshold [value event-number] falling-threshold value event-number [owner string] OR [no] rmon hc-alarm number variable interval {delta | absolute} rising-threshold value event-number falling-threshold value event-number [owner string] Configure the alarm using the following optional parameters: – number: alarm number, an integer from 1 to 65,535, the value must be unique in the RMON Alarm Table.
– description string: (Optional) specifies a description of the event, which is identical to the event description in the eventTable of the RMON MIB. The default is a null-terminated string. – owner string: (Optional) owner of this event, which is identical to the eventOwner in the eventTable of the RMON MIB. Default is a null-terminated string. Example of the rmon event Command To disable RMON on the interface, use the no form of this command.
– interval: (Optional) specifies the number of seconds in each polling cycle. – seconds: (Optional) the number of seconds in each polling cycle. The value is ranged from 5 to 3,600 (Seconds). The default is 1,800 (as defined in RFC-2819). Example of the rmon collection history Command To remove a specified RMON history group of statistics collection, use the no form of this command.
50 Rapid Spanning Tree Protocol (RSTP) Rapid spanning tree protocol (RSTP) is supported on Dell Networking OS. Protocol Overview RSTP is a Layer 2 protocol — specified by IEEE 802.1w — that is essentially the same as spanning-tree protocol (STP) but provides faster convergence and interoperability with switches configured with STP and multiple spanning tree protocol (MSTP). The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 71.
RSTP and VLT Virtual link trunking (VLT) provides loop-free redundant topologies and does not require RSTP. RSTP can cause temporary port state blocking and may cause topology changes after link or node failures. Spanning tree topology changes are distributed to the entire Layer 2 network, which can cause a network-wide flush of learned media access control (MAC) and address resolution protocol (ARP) addresses, requiring these addresses to be relearned.
Figure 117. Example of Configuring Interfaces for Layer 2 Mode 1. If the interface has been assigned an IP address, remove it. INTERFACE mode no ip address 2. Place the interface in Layer 2 mode. INTERFACE mode switchport 3. Enable the interface. INTERFACE mode no shutdown Example of Verifying that an Interface is in Layer 2 Mode and Enabled To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode.
switchport no shutdown Dell(conf-if-gi-1/1)# Enabling Rapid Spanning Tree Protocol Globally Enable RSTP globally on all participating bridges; it is not enabled by default. When you enable RSTP, all physical and port-channel interfaces that are enabled and in Layer 2 mode are automatically part of the RST topology. • Only one path from any bridge to any other bridge is enabled. • Bridges block a redundant path by disabling one of the link ports.
Figure 118. Rapid Spanning Tree Enabled Globally To view the interfaces participating in RSTP, use the show spanning-tree rstp command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. Dell#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15, max hops 0 Bridge Identifier has priority 32768, Address 0001.e801.
Number of transitions to forwarding state 1 BPDU : sent 121, received 5 The port is not in the Edge port mode Port 380 (TenGigabitEthernet 2/4) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.380 Designated root has priority 32768, address 0001.e801.cbb4 Designated bridge has priority 32768, address 0001.e801.cbb4 Designated port id is 128.
The following table displays the default values for RSTP. Table 72.
To change the port cost or priority of an interface, use the following commands. • Change the port cost of an interface. INTERFACE mode spanning-tree rstp cost cost The range is from 0 to 65535. • The default is listed in the previous table. Change the port priority of an interface. INTERFACE mode spanning-tree rstp priority priority-value The range is from 0 to 15. The default is 128. To view the current values for interface parameters, use the show spanning-tree rstp command from EXEC privilege mode.
Example of Verifying an EdgePort is Enabled on an Interface To verify that EdgePort is enabled on a port, use the show spanning-tree rstp command from EXEC privilege mode or the show config command from INTERFACE mode. NOTE: Dell Networking recommends using the show config command from INTERFACE mode. In the following example, the bold line indicates that the interface is in EdgePort mode.
51 Software-Defined Networking (SDN) Dell Networking operating software supports Software-Defined Networking (SDN). For more information, refer to the SDN Deployment Guide.
52 Security This chapter describes several ways to provide security to the Dell Networking system. For details about all the commands described in this chapter, refer to the Security chapter in the Dell Networking OS Command Line Reference Guide. AAA Accounting Accounting, authentication, and authorization (AAA) accounting is part of the AAA security model. For details about commands related to AAA security, refer to the Security chapter in the Dell Networking OS Command Line Reference Guide.
– start-stop: use for more accounting information, to send a start-accounting notice at the beginning of the requested event and a stop-accounting notice at the end. – wait-start: ensures that the TACACS+ security server acknowledges the start notice before granting the user's process request. – stop-only: use for minimal accounting; instructs the TACACS+ server to send a stop record accounting notice at the end of the requested user process. – tacacs+: designate the security service.
Monitoring AAA Accounting Dell Networking OS does not support periodic interim accounting because the periodic command can cause heavy congestion when many users are logged in to the network. No specific show command exists for TACACS+ accounting. To obtain accounting records displaying information about users currently logged in, use the following command. • Step through all active sessions and print all the accounting records for the actively accounted functions.
Configuring AAA Authentication Login Methods To configure an authentication method and method list, use the following commands. Dell Networking OS Behavior: If you use a method list on the console port in which RADIUS or TACACS is the last authentication method, and the server is not reachable, Dell Networking OS allows access even though the username and password credentials cannot be verified.
Enabling AAA Authentication — RADIUS To enable authentication from the RADIUS server, and use TACACS as a backup, use the following commands. 1. Enable RADIUS and set up TACACS as backup. CONFIGURATION mode aaa authentication enable default radius tacacs 2. Establish a host address and password. CONFIGURATION mode radius-server host x.x.x.x key some-password 3. Establish a host address and password. CONFIGURATION mode tacacs-server host x.x.x.
Password obscuring masks the password and keys for display only but does not change the contents of the file. The string of asterisks is the same length as the encrypted string for that line of configuration. To verify that you have successfully obscured passwords and keys, use the show running-config command or show startup-config command. If you are using role-based access control (RBAC), only the system administrator and security administrator roles can enable the service obscure-password command.
Configuration Task List for Privilege Levels The following list has the configuration tasks for privilege levels and passwords.
To view the configuration for the enable secret command, use the show running-config command in EXEC Privilege mode. In custom-configured privilege levels, the enable command is always available. No matter what privilege level you entered Dell Networking OS, you can enter the enable 15 command to access and configure all CLIs.
Examples of Privilege Level Commands To view the configuration, use the show running-config command in EXEC Privilege mode. The following example shows a configuration to allow a user john to view only EXEC mode commands and all snmp-server commands. Because the snmp-server commands are enable level commands and, by default, found in CONFIGURATION mode, also assign the launch command for CONFIGURATION mode, configure, to the same privilege level as the snmp-server commands.
Specifying LINE Mode Password and Privilege You can specify a password authentication of all users on different terminal lines. The user’s privilege level is the same as the privilege level assigned to the terminal line, unless a more specific privilege level is assigned to the user. To specify a password for the terminal line, use the following commands. • Configure a custom privilege level for the terminal lines. LINE mode privilege level level • – level level: The range is from 0 to 15.
Transactions between the RADIUS server and the client are encrypted (the users’ passwords are not sent in plain text). RADIUS uses UDP as the transport protocol between the RADIUS server host and the client. For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service.
Setting Access to Privilege Levels through RADIUS To configure a privilege level for users to enter into when they connect to a session, use the RADIUS server. This value is configured on the client system. Configure a privilege level. privilege level Configuration Task List for RADIUS To authenticate users using RADIUS, specify at least one RADIUS server so that the system can communicate with and configure RADIUS as one of your authentication methods.
line {aux 0 | console 0 | vty number [end-number]} • Enable AAA login authentication for the specified RADIUS method list. LINE mode login authentication {method-list-name | default} • This procedure is mandatory if you are not using default lists. To use the method list.
• – seconds: the range is from 0 to 2147483647. The default is 0 seconds. Configure a key for all RADIUS communications between the system and RADIUS server hosts. CONFIGURATION mode radius-server key [encryption-type] key – encryption-type: enter 7 to encrypt the password. Enter 0 to keep the password as plain text. • – key: enter a string. The key can be up to 42 characters long. You cannot use spaces in the key. Configure the number of times Dell Networking OS retransmits RADIUS requests.
CONFIGURATION mode tacacs-server host {ip-address | host} Enter the IP address or host name of the TACACS+ server. Use this command multiple times to configure multiple TACACS+ server hosts. 2. Enter a text string (up to 16 characters long) as the name of the method list you wish to use with the TACAS+ authentication method. CONFIGURATION mode aaa authentication login {method-list-name | default} tacacs+ [...method3] The TACACS+ method must not be the last method specified. 3. Enter LINE mode.
Dell(conf)#%RPM0-P:CP %SEC-5-LOGIN_SUCCESS: Login successful for user angeline on vty0 (10.11.9.209) %RPM0-P:CP %SEC-3-AUTHENTICATION_ENABLE_SUCCESS: Enable password authentication success on vty0 ( 10.11.9.209 ) Monitoring TACACS+ To view information on TACACS+ transactions, use the following command. • View TACACS+ transactions to troubleshoot problems. EXEC Privilege mode debug tacacs+ TACACS+ Remote Authentication Dell Networking OS takes the access class from the TACACS+ server.
Protection from TCP Tiny and Overlapping Fragment Attacks Tiny and overlapping fragment attack is a class of attack where configured ACL entries — denying TCP port-specific traffic — is bypassed and traffic is sent to its destination although denied by the ACL. RFC 1858 and 3128 proposes a countermeasure to the problem. This countermeasure is configured into the line cards and enabled by default.
Using SCP with SSH to Copy a Software Image To use secure copy (SCP) to copy a software image through an SSH connection from one switch to another, use the following commands. 1. On Chassis One, set the SSH port number (port 22 by default). CONFIGURATION mode ip ssh server port number 2. On Chassis One, enable SSH. CONFIGURATION mode ip ssh server enable 3. On Chassis Two, invoke SCP. CONFIGURATION mode copy scp: flash: 4.
Secure Shell Authentication Secure Shell (SSH) is disabled by default. Enable SSH using the ip ssh server enable command. SSH supports three methods of authentication: • Enabling SSH Authentication by Password • Using RSA Authentication of SSH • Configuring Host-Based SSH Authentication • Using Client-Based SSH Authentication Important Points to Remember • If you enable more than one method, the order in which the methods are preferred is based on the ssh_config file on the Unix machine.
5. Bind the public keys to RSA authentication. EXEC Privilege mode ip ssh rsa-authentication my-authorized-keys flash://public_key Example of Generating RSA Keys admin@Unix_client#ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/admin/.ssh/id_rsa): /home/admin/.ssh/id_rsa already exists. Overwrite (y/n)? y Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/admin/.ssh/id_rsa.
admin@Unix_client# ls id_rsa id_rsa.pub shosts admin@Unix_client# cat shosts 10.16.127.201, ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA8K7jLZRVfjgHJzUOmXxuIbZx/AyW hVgJDQh39k8v3e8eQvLnHBIsqIL8jVy1QHhUeb7GaDlJVEDAMz30myqQbJgXBBRTWgBpLWwL/ doyUXFufjiL9YmoVTkbKcFmxJEMkE3JyHanEi7hg34LChjk9hL1by8cYZP2kYS2lnSyQWk= The following example shows creating rhosts. admin@Unix_client# ls id_rsa id_rsa.pub rhosts shosts admin@Unix_client# cat rhosts 10.16.127.
VTY Line and Access-Class Configuration Various methods are available to restrict VTY access in Dell Networking OS. These methods depend on which authentication scheme you use — line, local, or remote. Table 73. VTY Access Authentication Method VTY access-class support? Username access-class support? Remote authorization support? Line YES NO NO Local NO YES NO TACACS+ YES NO YES (with Dell Networking OS version 5.2.1.0 and later) RADIUS YES NO YES (with Dell Networking OS version 6.1.1.
Dell(config-line-vty)#login authentication localmethod Dell(config-line-vty)#end VTY Line Remote Authentication and Authorization Dell Networking OS retrieves the access class from the VTY line. The Dell Networking OS takes the access class from the VTY line and applies it to ALL users. Dell Networking OS does not need to know the identity of the incoming user and can immediately apply the access class.
53 Service Provider Bridging Service provider bridging is supported on Dell Networking OS. VLAN Stacking VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad — Provider Bridges, which are an amendment to IEEE 802.1Q — Virtual Bridged Local Area Networks. It enables service providers to use 802.1Q architecture to offer separate VLANs to customers with no coordination between customers, and minimal coordination between customers and the provider. Using only 802.
Figure 119. VLAN Stacking in a Service Provider Network Important Points to Remember • Interfaces that are members of the Default VLAN and are configured as VLAN-Stack access or trunk ports do not switch untagged traffic. To switch traffic, add these interfaces to a non-default VLAN-Stack-enabled VLAN. • Dell Networking cautions against using the same MAC address on different customer VLANs, on the same VLAN-Stack VLAN.
Related Configuration Tasks • Configuring the Protocol Type Value for the Outer VLAN Tag • Dell Networking OS Options for Trunk Ports • Debugging VLAN Stacking • VLAN Stacking in Multi-Vendor Networks Creating Access and Trunk Ports To create access and trunk ports, use the following commands. • Access port — a port on the service provider edge that directly connects to the customer. An access port may belong to only one service provider VLAN.
Example of Viewing VLAN Stack Member Status To display the status and members of a VLAN, use the show vlan command from EXEC Privilege mode. Members of a VLANStacking-enabled VLAN are marked with an M in column Q.
Dell(conf-if-te-0/1)#interface vlan 100 Dell(conf-if-vl-100)#untagged tengigabitethernet 0/1 Dell(conf-if-vl-100)#interface vlan 101 Dell(conf-if-vl-101)#tagged tengigabitethernet 0/1 Dell(conf-if-vl-101)#interface vlan 103 Dell(conf-if-vl-103)#vlan-stack compatible Dell(conf-if-vl-103-stack)#member tengigabitethernet 0/1 Dell(conf-if-vl-103-stack)#do show vlan Codes: Q: U x G - * - Default VLAN, G - GVRP VLANs Untagged, T - Tagged Dot1x untagged, X - Dot1x tagged GVRP tagged, M - Vlan-stack NUM * 1 100 1
VLAN Stacking The default TPID for the outer VLAN tag is 0x9100. The system allows you to configure both bytes of the 2 byte TPID. Previous versions allowed you to configure the first byte only, and thus, the systems did not differentiate between TPIDs with a common first byte. For example, 0x8100 and any other TPID beginning with 0x81 were treated as the same TPID, as shown in the following illustration. Dell Networking OS Versions 8.2.1.
Figure 120.
Figure 121.
Figure 122. Single and Double-Tag TPID Mismatch The following table details the outcome of matched and mismatched TPIDs in a VLAN-stacking network. Table 74. Behaviors for Mismatched TPID Network Position Incoming Packet TPID System TPID Match Type 9.1(1.
Network Position Egress Access Point Incoming Packet TPID System TPID Match Type 9.1(1.
You may enter the command once for 0 and once for 1. Packets with an unmapped DEI value are colored green. Example of Viewing DEI-Honoring Configuration To display the DEI-honoring configuration, use the show interface dei-honor [interface slot/port | linecard number port-set number] in EXEC Privilege mode.
Figure 123. Statically and Dynamically Assigned dot1p for VLAN Stacking When configuring Dynamic Mode CoS, you have two options: • • Mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p. In this case, you must have other dot1p QoS configurations; this option is classic dot1p marking. Mark the S-Tag dot1p and queue the frame according to the S-Tag dot1p.
qos-policy-input 3 layer2 rate-police 30 ! interface TenGigabitEthernet 1/21 no ip address switchport vlan-stack access vlan-stack dot1p-mapping c-tag-dot1p 0-3 sp-tag-dot1p 7 service-policy input in layer2 no shutdown Mapping C-Tag to S-Tag dot1p Values To map C-Tag dot1p values to S-Tag dot1p values and mark the frames accordingly, use the following commands. 1. Allocate CAM space to enable queuing frames according to the C-Tag or the S-Tag.
Figure 124. VLAN Stacking without L2PT You might need to transport control traffic transparently through the intermediate network to the other region. Layer 2 protocol tunneling enables BPDUs to traverse the intermediate network by identifying frames with the Bridge Group Address, rewriting the destination MAC to a user-configured non-reserved address, and forwarding the frames.
Figure 125. VLAN Stacking with L2PT Implementation Information • • • L2PT is available for STP, RSTP, MSTP, and PVST+ BPDUs. No protocol packets are tunneled when you enable VLAN stacking. L2PT requires the default CAM profile. Enabling Layer 2 Protocol Tunneling To enable Layer 2 protocol tunneling, use the following command. 1. Verify that the system is running the default CAM profile. Use this CAM profile for L2PT. EXEC Privilege mode show cam-profile 2.
3. Tunnel BPDUs the VLAN. INTERFACE VLAN mode protocol-tunnel stp Specifying a Destination MAC Address for BPDUs By default, Dell Networking OS uses a Dell Networking-unique MAC address for tunneling BPDUs. You can configure another value. To specify a destination MAC address for BPDUs, use the following command. • Overwrite the BPDU with a user-specified destination MAC address when BPDUs are tunneled across the provider network.
Provider Backbone Bridging IEEE 802.1ad — Provider Bridges amends 802.1Q—Virtual Bridged Local Area Networks so that service providers can use 802.1Q architecture to offer separate VLANs to customers with no coordination between customers, and minimal coordination between customers and the provider. 802.
54 sFlow The Dell Networking Operating System (OS) supports sFlow version 5. Overview sFlow is a standard-based sampling technology embedded within switches and routers which is used to monitor network traffic. It is designed to provide traffic monitoring for high-speed networks with many switches and routers. sFlow uses two types of sampling: • Statistical packet-based sampling of switched or routed packet flows. • Time-based sampling of interface counters.
Implementation Information Dell Networking sFlow is designed so that the hardware sampling rate is per line card port-pipe and is decided based on all the ports in that port-pipe. If you do not enable sFlow on any port specifically, the global sampling rate is downloaded to that port and is to calculate the portpipe’s lowest sampling rate. This design supports the possibility that sFlow might be configured on that port in the future. Back-off is triggered based on the port-pipe’s hardware sampling rate.
• Enable sFlow on an interface. INTERFACE mode [no] sflow enable To disable sFlow on an interface, use the no version of this command. Enabling sFlow Max-Header Size Extended To configure the maximum header size of a packet to 256 bytes, use the following commands: • Set the maximum header size of a packet. CONFIGURATION mode INTERFACE mode sflow max-header-size extended By default, the maximum header size of a packet is 128 bytes. When sflow max-header-size extended is enabled, 256 bytes are copied.
! interface TenGigabitEthernet 1/10 no ip address switchport sflow ingress-enable sflow max-header-size extended no shutdown sFlow Show Commands Dell Networking OS includes the following sFlow display commands. • Displaying Show sFlow Global • Displaying Show sFlow on an Interface • Displaying Show sFlow on a Stack-unit Displaying Show sFlow Global To view sFlow statistics, use the following command. • Display sFlow configuration information and statistics.
The following example shows the show running-config interface command. Dell#show running-config interface tengigabitethernet 1/16 ! interface TenGigabitEthernet 1/16 no ip address mtu 9252 ip mtu 9234 switchport sflow enable sflow sample-rate 8192 no shutdown Displaying Show sFlow on a Stack-unit To view sFlow statistics on a specified stack-unit, use the following command. • Display sFlow configuration information and statistics on the specified interface.
Back-Off Mechanism If the sampling rate for an interface is set to a very low value, the CPU can get overloaded with flow samples under high-traffic conditions. In such a scenario, a binary back-off mechanism gets triggered, which doubles the sampling-rate (halves the number of samples per second) for all interfaces. The backoff mechanism continues to double the sampling-rate until the CPU condition is cleared. This is as per sFlow version 5 draft.
55 Simple Network Management Protocol (SNMP) NOTE: On Dell Networking routers, standard and private SNMP management information bases (MIBs) are supported, including all Get and a limited number of Set operations (such as set vlan and copy cmd). Protocol Overview Network management stations use SNMP to retrieve or alter management data from network elements. A datum of management information is called a managed object; the value of a managed object can be static or variable.
• Enabling and Disabling a Port using SNMP • Fetch Dynamic MAC Entries using SNMP • Monitor Port-Channels Important Points to Remember • Typically, 5-second timeout and 3-second retry values on an SNMP server are sufficient for both LAN and WAN applications. If you experience a timeout with these values, increase the timeout value to greater than 3 seconds, and increase the retry value to greater than 2 seconds on your SNMP server. • User ACLs override group ACLs.
• auth — password privileges. Select this option to set up a user with password authentication. • priv — password and privacy privileges. Select this option to set up a user with password and privacy privileges. To set up user-based security (SNMPv3), use the following commands. • Configure the user with view privileges only (no password or privacy privileges).
Reading Managed Object Values You may only retrieve (read) managed object values if your management station is a member of the same community as the SNMP agent. Dell Networking supports RFC 4001, Textual Conventions for Internet Work Addresses that define values representing a type of internet address. These values display for ipAddressTable objects using the snmpwalk command. There are several UNIX SNMP commands that read data. • Read the value of a single managed object.
Configuring Contact and Location Information using SNMP You may configure system contact and location information from the Dell Networking system or from the management station using SNMP. To configure system contact and location information from the Dell Networking system and from the management station using SNMP, use the following commands. • (From a Dell Networking system) Identify the system manager along with this person’s contact information (for example, an email address or phone number).
To configure the system to send SNMP notifications, use the following commands. 1. Configure the Dell Networking system to send notifications to an SNMP server. CONFIGURATION mode snmp-server host ip-address [traps | informs] [version 1 | 2c |3] [community-string] To send trap messages, enter the keyword traps. To send informational messages, enter the keyword informs. To send the SNMP version to use for notification messages, enter the keyword version.
RPM_STATE: RPM1 is in Active State RPM_STATE: RPM0 is in Standby State RPM_DOWN: RPM 0 down - hard reset RPM_DOWN: RPM 0 down - card removed HOT_FAILOVER: RPM Failover Completed SFM_DISCOVERY: Found SFM 1 SFM_REMOVE: Removed SFM 1 MAJOR_SFM: Major alarm: Switch fabric down MAJOR_SFM_CLR: Major alarm cleared: Switch fabric up MINOR_SFM: MInor alarm: No working standby SFM MINOR_SFM_CLR: Minor alarm cleared: Working standby SFM present TASK SUSPENDED: SUSPENDED - svce:%d - inst:%d - task:%s RPM0-P:CP %CHMGR-2
%ECFM-5-ECFM_REMOTE_ALARM: Remote CCM Defect detected by MEP 3 in Domain customer1 at Level 7 VLAN 1000 %ECFM-5-ECFM_RDI_ALARM: RDI Defect detected by MEP 3 in Domain customer1 at Level 7 VLAN 1000 entity Enable entity change traps Trap SNMPv2-MIB::sysUpTime.0 = Timeticks: (1487406) 4:07:54.06, SNMPv2-MIB::snmpTrapOID.0 = OID: SNMPv2-SMI::mib-2.47.2.0.1, SNMPv2-SMI::enterprises.6027.3.6.1.1.2.0 = INTEGER: 4 Trap SNMPv2-MIB::sysUpTime.0 = Timeticks: (1488564) 4:08:05.64, SNMPv2-MIB::snmpTrapOID.
"NOT_REACHABLE: Syslog server 10.11.226.121 (port: 9140) is not reachable" SNMPv2-SMI::enterprises.6027.3.6.1.1.2.0 = INTEGER: 2 Following is the sample audit log message that other syslog servers that are reachable receive: Oct 21 00:46:13: dv-fedgov-s4810-6: %EVL-6-NOT_REACHABLE:Syslog server 10.11.226.121 (port: 9140) is not reachable Following example shows the SNMP trap that is sent when connectivity to the syslog server is resumed: DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (10230) 0:01:42.
MIB Object OID Object Values copySrcFileName .1.3.6.1.4.1.6027.3.5.1.1.1.1.4 Path (if the file is not in the Specifies name of the file. current directory) and filename. • If copySourceFileType is set to running-config or startup-config, copySrcFileName is not required. copyDestFileType .1.3.6.1.4.1.6027.3.5.1.1.1.1.5 1 = Dell Networking OS file 2 = running-config Description Specifies the type of file to copy to. • 3 = startup-config • copyDestFileLocation .1.3.6.1.4.1.6027.3.5.1.1.1.1.
snmp-server community community-name rw 2. Copy the f10-copy-config.mib MIB from the Dell iSupport web page to the server to which you are copying the configuration file. 3. On the server, use the snmpset command as shown in the following example. snmpset -v snmp-version -c community-name -m mib_path/f10-copy-config.mib force10systemip-address mib-object.index {i | a | s} object-value... • Every specified object must have an object value and must precede with the keyword i. Refer to the previous table.
Copying the Startup-Config Files to the Running-Config To copy the startup-config to the running-config from a UNIX machine, use the following command. • Copy the startup-config to the running-config from a UNIX machine. snmpset -c private -v 2c force10system-ip-address copySrcFileType.index i 3 copyDestFileType.index i 2 Examples of Copying Configuration Files from a UNIX Machine The following example shows how to copy configuration files from a UNIX machine using the object name.
Example of Copying Configuration Files via TFTP From a UNIX Machine .snmpset -v 2c -c private -m ./f10-copy-config.mib 10.10.10.10 copySrcFileType.4 i 3 copyDestFileType.4 i 1 copyDestFileLocation.4 i 3 copyDestFileName.4 s /home/myfilename copyServerAddress.4 a 11.11.11.11 Copy a Binary File to the Startup-Configuration To copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP, use the following command.
MIB Object OID Values Description copyEntryRowStatus .1.3.6.1.4.1.6027.3.5.1.1.1.1.15 Row status Specifies the state of the copy operation. Uses CreateAndGo when you are performing the copy. The state is set to active when the copy is completed. Obtaining a Value for MIB Objects To obtain a value for any of the MIB objects, use the following command. • Get a copy-config MIB object value. snmpset -v 2c -c public -m ./f10-copy-config.mib force10system-ip-address [OID.index | mib-object.
Viewing the Available Flash Memory Size • To view the available flash memory using SNMP, use the following command. snmpget -v2c -c public 192.168.60.120 .1.3.6.1.4.1.6027.3.10.1.2.9.1.6.1 enterprises.6027.3.10.1.2.9.1.5.1 = Gauge32: 24 The output above displays that 24% of the flash memory is used. MIB Support to Display the Software Core Files Generated by the System Dell Networking provides MIB objects to display the software core files generated by the system.
enterprises.6027.3.10.1.2.10.1.3.1.2 enterprises.6027.3.10.1.2.10.1.3.1.3 enterprises.6027.3.10.1.2.10.1.3.2.1 enterprises.6027.3.10.1.2.10.1.4.1.1 enterprises.6027.3.10.1.2.10.1.4.1.2 enterprises.6027.3.10.1.2.10.1.4.1.3 enterprises.6027.3.10.1.2.10.1.4.2.1 enterprises.6027.3.10.1.2.10.1.5.1.1 enterprises.6027.3.10.1.2.10.1.5.1.2 enterprises.6027.3.10.1.2.10.1.5.1.3 enterprises.6027.3.10.1.2.10.1.5.2.
Interface index is 1107787786 Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed auto ARP type: ARPA, ARP Timeout 04:00:00 To display the ports in a VLAN, send an snmpget request for the object dot1qStaticEgressPorts using the interface index as the instance number, as shown. The following example shows viewing VLAN ports using SNMP with no ports assigned. > snmpget -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.2.1107787786 SNMPv2-SMI::mib-2.17.7.1.4.3.1.2.
• • To add a tagged port to a VLAN, write the port to the dot1qVlanStaticEgressPorts object. To add an untagged port to a VLAN, write the port to the dot1qVlanStaticEgressPorts and dot1qVlanStaticUntaggedPorts objects. NOTE: Whether adding a tagged or untagged port, specify values for both dot1qVlanStaticEgressPorts and dot1qVlanStaticUntaggedPorts. Example of Adding an Untagged Port to a VLAN using SNMP In the following example, Port 0/2 is added as an untagged member of VLAN 10.
To enable overload bit for IPv4 set 1.3.6.1.4.1.6027.3.18.1.1 and IPv6 set 1.3.6.1.4.1.6027.3.18.1.4 To set time to wait set 1.3.6.1.4.1.6027.3.18.1.2 and 1.3.6.1.4.1.6027.3.18.1.5 respectively To set time to wait till bgp session are up set 1.3.6.1.4.1.6027.3.18.1.3 and 1.3.6.1.4.1.6027.3.18.1.6 Enabling and Disabling a Port using SNMP To enable and disable a port using SNMP, use the following commands. 1. Create an SNMP community on the Dell system. CONFIGURATION mode snmp-server community 2.
In the following example, R1 has one dynamic MAC address, learned off of port TenGigabitEthernet 1/21, which a member of the default VLAN, VLAN 1. The SNMP walk returns the values for dot1dTpFdbAddress, dot1dTpFdbPort, and dot1dTpFdbStatus. Each object is comprised of an OID concatenated with an instance number. In the case of these objects, the instance number is the decimal equivalent of the MAC address; derive the instance number by converting each hex pair to its decimal equivalent.
The interface index is a binary number with bits that indicate the slot number, port number, interface type, and card type of the interface. Dell Networking OS converts this binary index number to decimal, and displays it in the output of the show interface command.
SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.4.2 = INTEGER: 1 SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.5.1 = Hex-STRING: 00 00 SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.5.2 = Hex-STRING: 00 00 SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.6.1 = STRING: "Gi 5/84 " << Channel member for Po1 SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.6.2 = STRING: "Gi 5/85 " << Channel member for Po2 dot3aCommonAggFdbIndex SNMPv2-SMI::enterprises.6027.3.2.1.1.6.1.1.1107755009.
• When you query an IPv4 icmpMsgStatsInPkts object in the ICMP table by using the snmpwalk command, the echo response output may not be displayed. To correctly display ICMP statistics, such as echo response, use the show ip traffic command.
56 Stacking Stacking provides a single point of management and network interface controller (NIC) teaming for high availability and higher throughput. Stacking is supported on the 10 GbE data ports of Ethernet module. Stacking is not supported on Fibre Channel/Ethernet Universal Port Modules. You can connect up to six S5000 switches in a single stack using port cables; no special cabling is required.
Stack Management Roles The stack elects the management units for the stack management. • Stack master — primary management unit, also called the master unit. • Standby — secondary management unit. The master holds the control plane and the other units maintain a local copy of the forwarding databases. From the stack master you can configure: • System-level features that apply to all stack members. • Interface-level features for each stack member.
• When a stack reloads and all units come up at the same time (for example, when all units boot up from flash), all units participate in the election. The master and standby are chosen based on the highest MAC address or (if configured) the highest priorities.
Stacking LAG When multiple links are used between stack units, Dell Networking OS automatically bundles them in a stacking LAG to provide aggregated throughput and redundancy. The stacking LAG is established automatically and transparently by Dell Networking OS (without user configuration) after peering is detected and behaves as follows: • The stacking LAG dynamically aggregates; it can lose link members or gain new links.
STP: SPAN: no block sync done no block sync done Management Access on Stacks You can access the stack via the console port or VTY line. • Console access — You may access the stack through the console port of the master unit (stack manager) only. Similar to a standby RPM, the console port of the standby unit does not provide management capability; only a limited number of commands are available. Member units provide a limited set of commands.
The front end ports accommodate SFP, SFP+ and QSFP+. • Ports are divided into 16 stack-groups (0 to 15) as shown in the following example. The stack groups must be of a single speed either all 10G or all 40G. – stack-group 0 corresponds to ports 0-3, stack-group 1 corresponds to ports 4-7, so on through stack-group 11. – stack-group 12 corresponds to the 40G port 48, stack-group 13 corresponds to port 52, so on through stack group 15. Figure 128.
NOTE: After a port is allocated for stacking, you can only use it for stacking. If stack-group 1 is allocated for stacking, you can use ports 1, 2, 3, and 4 for stacking but not for Ethernet anymore. If only port 1 is used for stacking, ports 2, 3, and 4 are spare; they cannot be used for Ethernet. 1. Assign a stack group for each unit. CONFIGURATION mode stack-unit id stack-group id Begin with the first port on the management unit. Next, configure both ports on each subsequent unit.
NOTE: The device does not require special stacking cables. The cables used to connect the data ports are sufficient. 7. Reload the stack one unit at a time. EXEC Privilege mode show system brief Start with the management unit, then the standby, then each of the members in order of their assigned stack number (or the position in the stack you want each unit to take). Allow each unit to completely boot, and verify that the stack manager detects the unit, then power the next unit.
Manually Assigning a New Unit to an Existing Stack To manually assign a new unit a position in an existing stack, use the following steps. 1. On the stack, determine the next available stack-unit number, and the management priority of the management unit. EXEC Privilege mode show system brief or show system stack-unit 2. On the new unit, number it the next available stack-unit number. EXEC Privilege mode stack-unit stack-unit-number renumber stack-unit-new-number 3.
8. If a standalone switch already has stack groups configured. Attach cables to connect the ports already configured as stack groups on the switch to one or more switches in the stack. Dell Networking OS automatically assigns a number to the new unit and adds it as member switch in the stack. The new unit synchronizes its running and startup configurations with the stack.
• If you use only two S5000 units in a stack, you can connect up to four 40 GbE ports in links between the two switches.
Figure 130. S5000 Supported Stacking Topologies Configuring an S5000 Switch Stack To configure and bring up a switch stack, follow these steps. 1. Power down the switches stack and attach port cables to connect the ports between pairs of switches. Connect ports with the same speed on each pair of stacked switches. 2. Power up each stack unit. 3. Configure the stacking ports on each switch, including unit number and priority. 4.
• If you use three or more units in an S5000 stack, you can connect up to eight 10 GbE or two 40 GbE links between peer switches. If you use only two units in an S5000 stack, you can connect up to four 40 GbE links between peer switches. • All stacked S5000 switches must run the same Dell Networking OS version. The minimum Dell Networking OS version required is 9.1(1.0). To check the Dell Networking OS version that a switch is running, power on the switch and enter the show version command.
Global Configuration mode stack-unit priority 2. Revert the management priority of a stack unit to the default value of 0. Global Configuration mode no stack-unit unit-number priority number NOTE: If you reconfigure the priorities of stacked switches in an existing S5000 stack, reload the stack so that a new master and standby election performs. Renumbering a Stack Unit By default, each stack unit is assigned the unit-number 0.
• priority value specifies the management priority. The range is from 1 to 14. The default is 0. The unit with the highest priority is elected stack master. 4. Repeat Steps 1 to 3 on each stack unit to pre-configure the election of master and standby stack units. 5. Assign a number to the stack unit, EXEC Privilege stack-unit 0 renumber unit-number • • stack-unit 0 is the default stack-unit number. stack-unit unit-number is the new stack-unit number. The valid values are from 0 to 11.
S5000-1(conf)#stack-unit 2 stack-group 2 Dell(conf)#Feb 8 17:11:10: %STKUNIT2-M:CP %IFMGR-6-STACK_PORTS_ADDED: Ports Te 2/8 Te 2/9 Te 2/10 Te 2/11 have been configured as stacking ports. Please save and reload for config to take effect S5000-1(conf)#end S5000-1#Feb 8 17:11:12: %STKUNIT2-M:CP %SYS-5-CONFIG_I: Configured from console reload System configuration has been modified.
The following example displays a stack configuration. S5000-1#show system Stack MAC : 5c:f9:dd:ef:0a:c0 Reload-Type : normal-reload [Next boot : normal-reload] -- Unit 0 -Unit Type Status Next Boot Required Type Current Type Master priority Hardware Rev Num Ports Up Time Dell Version Jumbo Capable POE Capable FIPS Mode Burned In MAC No Of MACs : : : : : : : : : : : : : : : Management Unit online online S5000 - 4-module, 4-port GE/TE/FG (SH) S5000 - 4-module, 4-port GE/TE/FG (SH) 0 3.0 64 46 min, 55 sec 9.
Required Type : -- Unit 3 -Unit Type : Member Unit Status : not present Required Type : -- Unit 4 -Unit Type : Member Unit Status : not present Required Type : -- Unit 5 -Unit Type : Member Unit Status : not present Required Type : -- Unit 6 -Unit Type : Member Unit Status : not present Required Type : -- Unit 7 -Unit Type : Member Unit Status : not present Required Type : -- Unit 8 -Unit Type : Member Unit Status : not present Required Type : -- Unit 9 -Unit Type : Member Unit Status : not present Required
EXEC Privilege mode reload Dell Networking OS Behavior: A stacking configuration is handled as follows: • If a stack unit goes down and is removed from the stack, the logical provisioning configured for the stack-unit number is saved on the master and standby switches. • When you add a new unit to the stack and the stack already has an existing member unit with the same stack-unit number, the new unit is assigned the smallest available unit number (from 0 to 11).
Remove a Switch from a Stack After you remove all ports from an S5000 stack, the switch functions in standalone mode but retains the running and startup configuration that was last synchronized by the master switch while it operated as a stack unit. For more information, refer to Removing a Stack Group from Stacking Mode. To remove a switch from a stack, disconnect the stacking cables from the unit either when the unit is powered on or off and is online or offline.
CONFIGURATION mode stack-unit 0 stack-group group-number 5. • stack-unit 0 defines the default ID unit-number in the initial configuration of a switch. • stack-group group-number configures a group of 10 GbE ports or a single 40 GbE port for stacking. Save the stacking configuration. EXEC Privilege mode write memory 6. Reload the switch. Dell networking OS automatically assigns a number to the new unit and adds it as member switch in the stack.
Split a Stack To split an S5000 stack, unplug the port cables between member units at any time: while the stack is powered on or off and when the units are online or offline. Each portion of the split stack retains the startup and running configuration of the original stack. For a stack that is split into two smaller stacks, each with multiple units: • If one of the new stacks receives the master and standby units, it is unaffected by the split.
Verify a Stack Configuration The following lists the status of a stacked switch (master, standby master, or member unit) according to the color of the System Status LED on its front panel. Color Meaning Green The switch is online and operating as a master, standby, or member unit in a stack or as a standalone unit. Blinking Green The switch is booting up. Amber A failure condition in switch operation has occurred.
7 8 9 10 11 12 13 14 15 0/28,29,30,31 0/32,33,34,35 0/36,37,38,39 0/40,41,42,43 0/44,45,46,47 0/48 0/52 0/56 0/60 The following example shows the show system stack-ports (ring) command.
2/19 3/4 3/5 3/6 3/7 3/8 3/9 3/10 3/11 3/12 3/13 3/14 3/15 3/16 3/17 3/18 3/19 4/4 4/5 4/6 4/7 4/8 4/9 4/10 4/11 3/11 2/12 2/13 2/14 2/15 2/16 2/17 2/18 2/19 4/4 4/5 4/6 4/7 4/8 4/9 4/10 4/11 3/12 3/13 3/14 3/15 3/16 3/17 3/18 3/19 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 10 up up up up up up up up up up up up up up up up up up up up up up up up up up up up up up up up up up up up up up up up up up up up up up up up up up The following example shows the show system stack-
Troubleshooting a Switch Stack To perform troubleshooting operations on a switch stack, use the following commands on the master switch. Command Output show system stack-ports status Displays the status of stacked ports on stack units. show redundancy Displays the standby unit status, failover configuration, and result of the last master-standby synchronization; allows you to verify the readiness for a stack failover.
Stack-unit State: Peer stack-unit ID: Stack-unit SW Version: Standby 3 S5000-9-1-0-10 -- Stack-unit Redundancy Configuration ------------------------------------------------Primary Stack-unit: mgmt-id 0 Auto Data Sync: Full Failover Type: Hot Failover Auto reboot Stack-unit: Disabled Auto failover limit: 3 times in 60 minutes -- Stack-unit Failover Record ------------------------------------------------Failover Count: 0 Last failover timestamp: None Last failover Reason: None Last failover type: None -- L
Feb 13 15:26:19: %STKUNIT4-M:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Te 2/1 Feb 13 15:26:19: %STKUNIT4-M:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Po 1 Feb 13 15:26:19: %STKUNIT4-M:CP %IFMGR-1-DEL_PORT: Removed port: Te 2/0-11,20-23, Fo 2/ 48,52,56,60, Feb 13 15:26:19: %STKUNIT3-S:CP %IFMGR-1-DEL_PORT: Removed port: Te 2/0-11,20-23, Fo 2/ 48,52,56,60, Unplugged Stacking Cable Problem: A stacking cable is unplugged from a member switch.
Resolution: When the entire stack is reloaded, the recovered master switch becomes the master unit of the stack. Stack Unit in Card-Problem State Due to Incorrect Dell Networking OS Version Problem: A stack unit enters a Card-Problem state because the switch has a different Dell Networking OS version than the master unit. The switch does not come online as a stack unit.
Upgrading a Switch Stack To upgrade all switches in a stack with the same Dell Networking OS version, follow these steps. 1. Copy the new Dell Networking OS image to a network server. 2. Download the Dell networking OS image by accessing an interactive CLI that requests the server IP address and image filename, and prompts you to upgrade all member stack units.
Upgrading a Single Stack Unit You can manually upgrade the Dell Networking OS image in the boot partition of a member unit from the corresponding partition in the master unit. To upgrade an individual stack unit with a new Dell Networking OS version, follow these steps. 1. Download the Dell networking OS image from the master's boot partition to the member unit, and upgrade the relevant boot partition in the single stack-member unit. EXEC Privilege upgrade system stack-unit unit-number partition 2.
57 Storm Control The storm control feature allows you to control unknown-unicast, muticast, and broadcast control traffic on Layer 2 and Layer 3 physical interfaces. The minimum number of packets per second (PPS) that storm control can limit is two. Dell Networking Operating System (OS) Behavior: Dell Networking OS supports broadcast control (the storm-control broadcast command) for Layer 2 and Layer 3 traffic.
• Configure the percentage of broadcast traffic allowed on an interface (ingress only). INTERFACE mode storm-control broadcast packets_per_second in • Configure the percentage of multicast traffic allowed on C-Series or S-Series interface (ingress only) network only. INTERFACE mode storm-control multicast packets_per_second in • Shut down the port if it receives the PFC/LLFC packets more than the configured rate.
58 Spanning Tree Protocol (STP) Spanning tree protocol (STP) is a Layer 2 protocol — specified by IEEE 802.1d — that eliminates loops in a bridged topology by enabling only a single path through the network. Protocol Overview By eliminating loops, the protocol improves scalability in a large network and allows you to implement redundant paths, which can be activated after the failure of active paths.
• • To add interfaces to the spanning tree topology after you enable STP, enable the port and configure it for Layer 2 using the switchport command. The IEEE Standard 802.1D allows 8 bits for port ID and 8 bits for priority. The 8 bits for port ID provide port IDs for 256 ports. Configuring Interfaces for Layer 2 Mode All interfaces on all switches that participate in spanning tree must be in Layer 2 mode and enabled. Figure 131.
Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-te-1/1)#show config ! interface TenGigabitEthernet 1/1 no ip address switchport no shutdown Dell(conf-if-te-1/1)# Enabling Spanning Tree Protocol Globally Enable the spanning tree protocol globally; it is not enabled by default.
Examples of Verifying Spanning Tree Information To disable STP globally for all Layer 2 interfaces, use the disable command from PROTOCOL SPANNING TREE mode. To verify that STP is enabled, use the show config command from PROTOCOL SPANNING TREE mode.
Adding an Interface to the Spanning Tree Group To add a Layer 2 interface to the spanning tree topology, use the following command. • Enable spanning tree on a Layer 2 interface. INTERFACE mode spanning-tree 0 Removing an Interface from the Spanning Tree Group To remove a Layer 2 interface from the spanning tree topology, use the following command. • Disable spanning tree on a Layer 2 interface. INTERFACE mode no spanning-tree 0 Modifying Global Parameters You can modify the spanning tree parameters.
NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. • the default is 2 seconds. Change the max-age parameter (the refresh interval for configuration information that is generated by recomputing the spanning tree topology). PROTOCOL SPANNING TREE mode max-age seconds The range is from 6 to 40. The default is 20 seconds.
state when receiving the BPDU, the physical interface remains up and spanning-tree drops packets in the hardware after a BPDU violation. BPDUs are dropped in the software after receiving the BPDU violation. CAUTION: Enable PortFast only on links connecting to an end station. PortFast can cause loops if it is enabled on an interface connected to a network. To enable PortFast on an interface, use the following command. • Enable PortFast on an interface.
– Disable the shutdown-on-violation command on the interface (the no spanning-tree stp-id portfast [bpduguard | [shutdown-on-violation]] command). – Disable spanning tree on the interface (the no spanning-tree command in INTERFACE mode). – Disabling global spanning tree (the no spanning-tree in CONFIGURATION mode). Figure 133. Enabling BPDU Guard Dell Networking OS Behavior: BPDU guard and BPDU filtering both block BPDUs, but are two separate features.
Interface Name Role PortID Prio Cost Sts Cost Link-type Edge ---------- ------ -------- ---- ------- --- ---------------Te 0/6 Root 128.263 128 20000 FWD 20000 P2P No Te 0/7 ErrDis 128.264 128 20000 EDS 20000 P2P No Dell(conf-if-gi-0/7)#do show ip int br gi 0/7 Interface IP-Address OK Method Status Protocol TenGigabitEthernet 0/7 unassigned YES Manual up up Global BPDU Filtering By default, when you enable BPDU filtering globally, it stops transmitting BPDUs on the operational portfast-enabled ports.
Figure 135. BPDU Filtering Enabled on an Interface Selecting STP Root STP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it becomes the root bridge. You can also specify that a bridge is the root or the secondary root. To change the bridge priority or specify that a bridge is the root or secondary root, use the following command. • Assign a number as the bridge priority or designate it as the root or secondary root.
Because any switch in an STP network with a lower priority can become the root bridge, the forwarding topology may not be stable. The location of the root bridge can change, resulting in unpredictable network behavior. The STP root guard feature ensures that the position of the root bridge does not change. Root Guard Scenario For example, as shown in the following illustration (STP topology 1, upper left) Switch A is the root bridge in the network core.
Configuring Root Guard Enable STP root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with STP root guard: • • • • • Root guard is supported on any STP-enabled port or port-channel interface except when used as a stacking port.
• Configure all spanning tree types to be hitless. CONFIGURATION mode redundancy protocol xstp Example of Configuring all Spanning Tree Types to be Hitless Dell(conf)#redundancy protocol xstp Dell#show running-config redundancy ! redundancy protocol xstp Dell# STP Loop Guard The STP loop guard feature provides protection against Layer 2 forwarding loops (STP loops) caused by a hardware failure, such as a cable failure or an interface fault.
Figure 137. STP Loop Guard Prevents Forwarding Loops Configuring Loop Guard Enable STP loop guard on a per-port or per-port channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with loop guard: • Loop guard is supported on any STP-enabled port or port-channel interface.
– If a BPDU is received from a remote device, BPDU guard places the port in an Err-Disabled Blocking state and no traffic is forwarded on the port. – If no BPDU is received from a remote device, loop guard places the port in a Loop-Inconsistent Blocking state and no traffic is forwarded on the port. • When used in a PVST+ network, STP loop guard is performed per-port or per-port channel at a VLAN level.
59 SupportAssist SupportAssist sends troubleshooting data securely to Dell. SupportAssist in this Dell Networking OS release does not support automated email notification at the time of hardware fault alert, automatic case creation, automatic part dispatch, or reports. SupportAssist requires Dell Networking OS 9.9(0.0) and SmartScripts 9.7 or later to be installed on the Dell Networking device. Figure 138.
support-assist activate Dell(conf)#support-assist activate This command guides you through steps to configure SupportAssist. Configuring SupportAssist Manually To manually configure SupportAssist service, use the following commands. 1. Accept the end-user license agreement (EULA). CONFIGURATION mode eula-consent {support-assist} {accept | reject} NOTE: Once accepted, you do not have to accept the EULA again. Dell(conf)# eula-consent support-assist accept I accept the terms of the license agreement.
support-assist Dell(conf)#support-assist Dell(conf-supportassist)# 3. (Optional) Configure the contact information for the company. SUPPORTASSIST mode contact-company name {company-name}[company-next-name] ... [company-next-name] Dell(conf)#support-assist Dell(conf-supportassist)#contact-company name test Dell(conf-supportassist-cmpy-test)# 4. (Optional) Configure the contact name for an individual.
[no] activity {full-transfer} Dell(conf-supportassist)#activity full-transfer Dell(conf-supportassist-act-full-transfer)# 2. Copy an action-manifest file for an activity to the system. SUPPORTASSIST ACTIVITY mode action-manifest get tftp | ftp | flash Dell(conf-supportassist-act-full-transfer)#action-manifest get tftp://10.0.0.1/test file Dell(conf-supportassist-act-full-transfer)# The custom action-manifest file is a JSON file.
[no] enable Dell(conf-supportassist-act-full-transfer)#enable Dell(conf-supportassist-act-full-transfer)# Configuring SupportAssist Company SupportAssist Company mode allows you to configure name, address and territory information of the company. SupportAssist Company configurations are optional for the SupportAssist service. To configure SupportAssist company, use the following commands. 1. Configure the contact information for the company.
[no] email-address primary email-address [alternate email-address] Dell(conf-supportassist-pers-john_doe)#email-address primary jdoe@mycompany.com Dell(conf-supportassist-pers-john_doe)# 3. Configure phone numbers of the contact person. SUPPORTASSIST PERSON mode [no] phone primary phone [alternate phone] Dell(conf-supportassist-pers-john_doe)#phone primary +919999999999 Dell(conf-supportassist-pers-john_doe)# 4. Configure the preferred method for contacting the person.
SUPPORTASSIST SERVER mode [no] url uniform-resource-locator Dell(conf-supportassist-serv-default)#url https://192.168.1.1/index.htm Dell(conf-supportassist-serv-default)# Viewing SupportAssist Configuration To view the SupportAssist configurations, use the following commands. 1. Display information on SupportAssist feature status including any activities, status of communication, last time communication sent, and so on.
Additional information about the SupportAssist EULA is as follows: By installing SupportAssist, you allow Dell to save your contact information (e.g. name, phone number and/or email address) which would be used to provide technical support for your Dell products and services. Dell may use the information for providing recommendations to improve your IT infrastructure.
60 System Time and Date System time and date settings and the network time protocol (NTP) are supported on Dell Networking OS. You can set system times and dates and maintained through the NTP. They are also set through the Dell Networking Operating System (OS) command line interfaces (CLIs) and hardware settings. The Dell Networking OS supports reaching an NTP server through different VRFs. You can configure a maximum of eight logging servers across different VRFs or the same VRF.
Dell Networking OS synchronizes with a time-serving host to get the correct time. You can set Dell Networking OS to poll specific NTP time-serving hosts for the current time. From those time-serving hosts, the system chooses one NTP host with which to synchronize and serve as a client to the NTP host. As soon as a host-client relationship is established, the networking device propagates the time information throughout its local network.
• Specify the NTP server to which the Dell Networking system synchronizes. CONFIGURATION mode ntp server ip-address Examples of Viewing System Clock To display the system clock state with respect to NTP, use the show ntp status command from EXEC Privilege mode. R6_E300(conf)#do show ntp status Clock is synchronized, stratum 2, reference is 192.168.1.1 frequency is -369.623 ppm, stability is 53.319 ppm, precision is 4294967279 reference time is CD63BCC2.0CBBD000 (16:54:26.
• Configure a source IP address for NTP packets. CONFIGURATION mode ntp source interface Enter the following keywords and slot/port or number information: – For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port information. – For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. – For a Loopback interface, enter the keyword loopback then a number from 0 to 16383.
ntp server [vrf] {hostname | ipv4-address |ipv6-address} [ key keyid] [prefer] [version number] Configure the IP address of a server and the following optional parameters: • – vrf-name : Enter the name of the VRF through which the NTP server is reachable. – hostname : Enter the keyword hostname to see the IP address or host name of the remote device. – ipv4-address : Enter an IPv4 address in dotted decimal format (A.B.C.D).
NOTE: • Leap Indicator (sys.leap, peer.leap, pkt.leap) — This is a two-bit code warning of an impending leap second to be inserted in the NTP time scale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rollover interval) in the day of insertion to be increased or decreased by one.
Setting the Time and Date for the Switch Software Clock You can change the order of the month and day parameters to enter the time and date as time day month year. You cannot delete the software clock. The software clock runs only when the software is up. The clock restarts, based on the hardware clock, when the switch reboots. To set the software clock, use the following command. • Set the system software clock to the current time and date.
Setting Daylight Saving Time Once Set a date (and time zone) on which to convert the switch to daylight saving time on a one-time basis. To set the clock for daylight savings time once, use the following command. • Set the clock to the appropriate timezone and daylight saving time. CONFIGURATION mode clock summer-time time-zone date start-month start-day start-year start-time end-month end-day end-year end-time [offset] – time-zone: enter the three-letter name for the time zone.
– start-month: Enter the name of one of the 12 months in English. You can enter the name of a day to change the order of the display to time day month year. – start-day: Enter the number of the day. The range is from 1 to 31. You can enter the name of a month to change the order of the display to time day month year. – start-year: Enter a four-digit number as the year. The range is from 1993 to 2035. – start-time: Enter the time in hours:minutes.
61 Tunneling Tunnel interfaces create a logical tunnel for IPv4 or IPv6 traffic. Tunneling supports RFC 2003, RFC 2473, and 4213. DSCP, hop-limits, flow label values, open shortest path first (OSPF) v2, and OSPFv3 are supported. Internet control message protocol (ICMP) error relay, PATH MTU transmission, and fragmented packets are not supported. Configuring a Tunnel You can configure a tunnel in IPv6 mode, IPv6IP mode, and IPIP mode.
Dell(conf-if-tu-3)#tunnel destination 8::9 Dell(conf-if-tu-3)#tunnel mode ipv6 Dell(conf-if-tu-3)#ip address 3.1.1.1/24 Dell(conf-if-tu-3)#ipv6 address 3::1/64 Dell(conf-if-tu-3)#no shutdown Dell(conf-if-tu-3)#show config ! interface Tunnel 3 ip address 3.1.1.1/24 ipv6 address 3::1/64 tunnel destination 8::9 tunnel source 5::5 tunnel mode ipv6 no shutdown Configuring Tunnel Keepalive Settings You can configure a tunnel keepalive target, keepalive interval, and attempts.
Dell(conf-if-tu-1)#ipv6 unnumbered tengigabitethernet 1/1 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)#tunnel mode ipip decapsulate-any Dell(conf-if-tu-1)#no shutdown Dell(conf-if-tu-1)#show config ! interface Tunnel 1 ip unnumbered TenGigabitEthernet 1/1 ipv6 unnumbered TenGigabitEthernet 1/1 tunnel source 40.1.1.
62 Uplink Failure Detection (UFD) Uplink failure detection (UFD) provides detection of the loss of upstream connectivity and, if used with NIC teaming, automatic recovery from a failed link. Feature Description A switch provides upstream connectivity for devices, such as servers. If a switch loses its upstream connectivity, downstream devices also lose their connectivity.
Figure 140. Uplink Failure Detection How Uplink Failure Detection Works UFD creates an association between upstream and downstream interfaces. The association of uplink and downlink interfaces is called an uplink-state group. An interface in an uplink-state group can be a physical interface or a port-channel (LAG) aggregation of physical interfaces. An enabled uplink-state group tracks the state of all assigned upstream interfaces.
Figure 141. Uplink Failure Detection Example If only one of the upstream interfaces in an uplink-state group goes down, a specified number of downstream ports associated with the upstream interface are put into a Link-Down state. You can configure this number by using the ratio of the upstream port bandwidth to the downstream port bandwidth in the same uplink-state group. This calculation ensures that there is no traffic drops due to insufficient bandwidth on the upstream links to the routers/switches.
• If one of the upstream interfaces in an uplink-state group goes down, either a user-configurable set of downstream ports or all the downstream ports in the group are put in an Operationally Down state with an UFD Disabled error. The order in which downstream ports are disabled is from the lowest numbered port to the highest.
NOTE: Downstream interfaces in an uplink-state group are put into a Link-Down state with an UFD-Disabled error message only when all upstream interfaces in the group go down. To revert to the default setting, use the no downstream disable links command. 4. (Optional) Enable auto-recovery so that UFD-disabled downstream ports in the uplink-state group come up when a disabled upstream port in the group comes back up.
Example of Syslog Messages Before and After Entering the clear ufd-disable uplink-state-group Command (S50) The following example message shows the Syslog messages that display when you clear the UFD-Disabled state from all disabled downstream interfaces in an uplink-state group by using the clear ufd-disable uplink-state-group group-id command. All downstream interfaces return to an operationally up state.
interface specifies one of the following interface types: – 10 Gigabit Ethernet: enter tengigabitethernet slot/port. – 40 Gigabit Ethernet: enter fortygigabitethernet slot/port. – Port channel: enter port-channel {1-512}. • If a downstream interface in an uplink-state group is disabled (Oper Down state) by uplink-state tracking because an upstream port is down, the message error-disabled[UFD] displays in the output. Display the current configuration of all uplink-state groups or a specified group.
Interface index is 280544512 Internet address is not set MTU 1554 bytes, IP MTU 1500 bytes LineSpeed 1000 Mbit, Mode auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout 04:00:00 Last clearing of "show interface" counters 00:25:46 Queueing strategy: fifo Input Statistics: 0 packets, 0 bytes 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Ou
Dell(conf-uplink-state-group-3)# downstream disable links 2 Dell(conf-uplink-state-group-3)# upstream tengigabitethernet 0/3-4 00:10:00: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Downstream interface set to UFD error-disabled: Gi 0/1 Dell# 00:10:00: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Gi 0/1 Dell(conf-uplink-state-group-3)# description Testing UFD feature Dell(conf-uplink-state-group-3)# show config ! uplink-state-group 3 description Testing UFD feature downstream disable links 2 do
63 Upgrade Procedures To find the upgrade procedures, go to the Dell Networking OS Release Notes for your system type to see all the requirements needed to upgrade to the desired Dell Networking OS version. To upgrade your system type, follow the procedures in the Dell Networking OS Release Notes. Get Help with Upgrades Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center. You can reach Technical Support: • On the web: http://dell.
64 Virtual LANs (VLANs) VLANs are a logical broadcast domain or logical grouping of interfaces in a local area network (LAN) in which all data received is kept locally and broadcast to all members of the group. When in Layer 2 mode, VLANs move traffic at wire speed and can span multiple devices. The Dell Networking operating system (OS) supports up to 4093 port-based VLANs and one default VLAN, as specified in IEEE 802.1Q.
NOTE: You cannot assign an IP address to the Default VLAN. To assign an IP address to a VLAN that is the Default VLAN, create another VLAN and assign it to be the Default VLAN. For more information about assigning IP addresses, refer to Assigning an IP Address to a VLAN. • • Untagged interfaces must be part of a VLAN. To remove an untagged interface from the Default VLAN, create another VLAN and place the interface into that VLAN.
• The VLAN protocol identifier identifies the frame as tagged according to the IEEE 802.1Q specifications (2 bytes). • Tag control information (TCI) includes the VLAN ID (2 bytes total). The VLAN ID can have 4,096 values, but two are reserved. NOTE: The insertion of the tag header into the Ethernet frame increases the size of the frame to more than the 1,518 bytes as specified in the IEEE 802.3 standard. Some devices that are not compliant with IEEE 802.3 may not support the larger frame size.
Assigning Interfaces to a VLAN You can only assign interfaces in Layer 2 mode to a VLAN using the tagged and untagged commands. To place an interface in Layer 2 mode, use the switchport command. You can further designate these Layer 2 interfaces as tagged or untagged. For more information, refer to the Interfaces chapter and Configuring Layer 2 (Data Link) Mode.
NUM Status Q * 1 Inactive 2 Active T T 3 Active T T 4 Active T Dell# Ports Po1(So 0/0-1) Te 3/0 Po1(So 0/0-1) Te 3/1 Po1(So 0/0-1) When you remove a tagged interface from a VLAN (using the no tagged interface command), it remains tagged only if it is a tagged interface in another VLAN. If the tagged interface is removed from the only VLAN to which it belongs, the interface is placed in the Default VLAN as an untagged interface.
2 Active 3 Active 4 Dell# Active T T T T U Po1(So 0/0-1) Te 3/0 Po1(So 0/0-1) Te 3/1 Te 3/2 The only way to remove an interface from the Default VLAN is to place the interface in Default mode by using the no switchport command in INTERFACE mode. Assigning an IP Address to a VLAN VLANs are a Layer 2 feature. For two physical interfaces on different VLANs to communicate, assign an IP address to the VLANs to route traffic between the two interfaces.
Native VLAN support breaks this barrier so that you can connect a port to both VLAN-aware and VLAN-unaware stations. Such ports are referred to as hybrid ports. Physical and port-channel interfaces may be hybrid ports. Native VLAN is useful in deployments where a Layer 2 port can receive both tagged and untagged traffic on the same physical port. The classic example is connecting a voice-over-IP (VoIP) phone and a PC to the same port of the switch.
65 VLT Proxy Gateway The Virtual link trucking (VLT) proxy gateway feature allows a VLT domain to locally terminate and route L3 packets that are destined to a Layer 3 (L3) end point in another VLT domain. Enable the VLT proxy gateway using the link layer discover protocol (LLDP) method or the static configuration. For more information, refer to Dell Networking OS Command Line Reference Guide.
Figure 143. Sample Configuration for a VLT Proxy Gateway Guidelines for Enabling the VLT Proxy Gateway Keep the following points in mind when you enable a VLT proxy gateway: • Proxy gateway is supported only for VLT; for example, across a VLT domain. • You must enable the VLT peer-routing command for the VLT proxy gateway to function.
• Dell Networking recommends the vlt-peer-mac transmit command only for square VLTs without diagonal links. • The virtual router redundancy (VRRP) protocol and IPv6 routing is not supported. • Private VLANs (PVLANs) are not supported. • When a Virtual Machine (VM) moves from one VLT domain to the another VLT domain, the VM host sends the gratuitous ARP (GARP) , which in-turn triggers a mac movement from the previous VLT domain to the newer VLT domain.
• You must have at least one link connection to each unit of the VLT domain. Following are the prerequisites for Proxy Gateway LLDP configuration: • You must globally enable LLDP. • You cannot have interface–level LLDP disable commands on the interfaces configured for proxy gateway and you must enable both transmission and reception. • You must connect both units of the remote VLT domain by the port channel member.
• The above figure shows a sample VLT Proxy gateway scenario. There are no diagonal links in the square VLT connection between the C and D in VLT domain 1 and C1 and D1 in the VLT domain 2. This causes sub-optimal routing with the VLT Proxy Gateway LLDP method. For VLT Proxy Gateway to work in this scenario you must configure the VLT-peer-mac transmit command under VLT Domain Proxy Gateway LLDP mode, in both C and D (VLT domain 1) and C1 and D1 (VLT domain 2).
Sample Static Configuration on C switch or C1 switch Switch_C#conf Switch_C(conf)#vlt domain 1 Switch_C(conf-vlt-domain1)#proxy-gateway static Switch_C(conf-vlt-domain1-pxy-gw-static)#remote-mac-address ....
66 Virtual Link Trunking (VLT) Virtual link trunking (VLT) allows physical links between two chassis to appear as a single virtual link to the network core or other switches such as Edge, Access or ToR. VLT reduces the role of Spanning Tree protocols by allowing LAG terminations on two separate distribution or core switches, and by supporting a loop free topology. (A Spanning Tree protocol is still needed to prevent the initial loop that may occur prior to VLT being established.
Figure 145. Virtual Link Trunking on S5000 Switches VLT on Core Switches You can also deploy VLT on core switches. Uplinks from servers to the access layer and from access layer to the aggregation layer are bundled in LAG groups with end-to-end Layer 2 multipathing. This set up requires “horizontal” stacking at the access layer and VLT at the aggregation layer such that all the uplinks from servers to access and access to aggregation are in Active-Active Load Sharing mode.
Figure 146. VLT on Core Switches Multiple VLT A multiple VLT (mVLT) configuration allows two different VLT domains connected by a standard LACP LAG to form a loop-free Layer 2 topology in the aggregation layer. This configuration supports a maximum of four (4) units, increasing the number of available ports and allowing for dual redundancy of the VLT. The following illustration shows how the core/aggregation port density in the Layer 2 topology is increased using mVLT.
Figure 147. Example of a Multiple VLT Configuration VLT Terminology The following are key VLT terms. • Virtual link trunk (VLT) — The combined port channel between an attached device and the VLT peer switches. • VLT backup link — The backup link monitors the vitality of VLT peer switches. The backup link sends configurable, periodic keep alive messages between the VLT peer switches. • VLT interconnect (VLTi) — The link used to synchronize states between the VLT peer switches.
• VLT is not supported on an S5000 configured for FCoE transit or NPIV proxy gateway. • VLT port channel interfaces must be switch ports. • If you include RSTP on the system, configure it before VLT. Refer to Configuring Rapid Spanning Tree. • Dell Networking strongly recommends that the VLTi (VLT interconnect) be a static LAG and that you disable LACP on the VLTi. • Ensure that the spanning tree root bridge is at the Aggregation layer.
– Port-channel link aggregation (LAG) across the ports in the VLT interconnect is required; individual ports are not supported. Dell Networking strongly recommends configuring a static LAG for VLTi. – The VLT interconnect synchronizes L2 and L3 control-plane information across the two chassis. – The VLT interconnect is used for data traffic only when there is a link failure that requires using VLTi in order for data packets to reach their final destination.
– If VLTi connectivity with a peer is lost but the VLT backup connectivity indicates that the peer is still alive, the VLT ports on the Secondary peer are orphaned and are shut down. * In one possible topology, a switch uses the BMP feature to receive its IP address, configuration files, and boot image from a DHCP server that connects to the switch through the VLT domain.
• – If all ports in the VLT interconnect fail, or if the messaging infrastructure fails to communicate across the interconnect trunk, the VLT management system uses the backup link interface to determine whether the failure is a link-level failure or whether the remote peer has failed entirely. If the remote peer is still alive (heartbeat messages are still being received), the VLT secondary switch disables its VLT port channels.
VLT Port Delayed Restoration When a VLT node boots up, if the VLT ports have been previously saved in the start-up configuration, they are not immediately enabled. To ensure MAC and ARP entries from the VLT per node are downloaded to the newly enabled VLT node, the system allows time for the VLT ports on the new node to be enabled and begin receiving traffic. The delay-restore feature waits for all saved configurations to apply, then starts a configurable timer.
Figure 148. Example of PIM-Sparse Mode on VLT On each VLAN where the VLT peer nodes act as the first hop or last hop routers, one of the VLT peer nodes is elected as the PIM designated router. If you configured IGMP snooping along with PIM on the VLT VLANs, you must configure VLTi as the static multicast router port on both VLT peer switches. This allows multicast traffic that originates from the source that is connected to the VLT ports to reach the PIM router which has downstream neighbors.
RSTP Configuration RSTP is supported in a VLT domain. Before you configure VLT on peer switches, configure RSTP in the network. RSTP is required for initial loop prevention during the VLT startup phase. You may also use RSTP for loop prevention in the network outside of the VLT port channel. For information about how to configure RSTP, Rapid Spanning Tree Protocol (RSTP). Run RSTP on both VLT peer switches.
Configure RSTP on VLT Peers to Prevent Forwarding Loops (VLT Peer 2) Dell_VLTpeer2(conf)#protocol spanning-tree rstp Dell_VLTpeer2(conf-rstp)#no disable Dell_VLTpeer2(conf-rstp)#bridge-priority 0 Configuring VLT To configure VLT, use the following procedure. Prerequisites: Before you begin, make sure that both VLT peer switches are running the same Dell Networking OS version and are configured for RSTP as described in RSTP Configuration.
Enabling VLT and Creating a VLT Domain To enable VLT and create a VLT domain, use the following steps. 1. Enable VLT on a switch, then configure a VLT domain and enter VLT-Domain Configuration mode. CONFIGURATION mode vlt domain domain-id The domain ID range is from 1 to 1000. Configure the same domain ID on the peer switch to allow for common peering. VLT uses the domain ID to automatically create a VLT MAC address for the domain.
3. Ensure that the interface is active. MANAGEMENT INTERFACE mode no shutdown 4. Repeat Steps 1 to 3 on the VLT peer switch. To set an amount of time, in seconds, to delay the system from restoring the VLT port, use the delay-restore command at any time. Configuring a VLT Port Delay Period To configure a VLT port delay period, use the following commands. 1. Enter VLT-Domain Configuration mode for a specified VLT domain. CONFIGURATION mode vlt domain domain-id The range of domain IDs from 1 to 1000.
Also, reconfigure the same MAC address on the VLT peer switch. Use this command to minimize the time required for the VLT system to synchronize the default MAC address of the VLT domain on both peer switches when one peer switch reboots. 4. (Optional) When you create a VLT domain on a switch, Dell Networking OS automatically assigns a unique unit ID (0 or 1) to each peer switch.
7. Repeat Steps 1 to 6 on the VLT peer switch to configure the same port channel as part of the VLT domain. 8. On an attached switch or server: To connect to the VLT domain and add port channels to it, configure a port channel. For an example of how to verify the port-channel configuration, refer to VLT Sample Configuration. To configure the VLAN where a VLT peer forwards received packets over the VLTi from an adjacent VLT peer that is down, use the peer-down-vlan parameter.
The range of domain IDs is from 1 to 1000. 4. Enter the port-channel number that acts as the interconnect trunk. VLT DOMAIN CONFIGURATION mode peer-link port-channel id-number The range is from 1 to 128. 5. Configure the IP address of the management interface on the remote VLT peer to be used as the endpoint of the VLT backup link for sending out-of-band hello messages.
INTERFACE PORT-CHANNEL mode vlt-peer-lag port-channel id-number Valid port-channel ID numbers are from 1 to 128. 11. Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown 12. Add links to the eVLT port. Configure a range of interfaces to bulk configure. CONFIGURATION mode interface range {port-channel id} 13. Enable LACP on the LAN port. INTERFACE mode port-channel-protocol lacp 14. Configure the LACP port channel mode. INTERFACE mode port-channel number mode [active] 15.
Configure PVST+ on VLT Peers to Prevent Forwarding Loops (VLT Peer 2) Dell_VLTpeer2(conf)#protocol spanning-tree pvst Dell_VLTpeer2(conf-pvst)#no disable Dell_VLTpeer2(conf-pvst)#vlan 1000 bridge-priority 4096 Configure both ends of the VLT interconnect trunk with identical PVST+ configurations. When you enable VLT, the show spanning-tree pvst brief command output displays VLT information (refer to Verifying a VLT Configuration).
EXEC mode or EXEC Privilege mode show interfaces interface 8. Configure the VLT links between VLT peer 1 and VLT peer 2 to the top of rack unit (shown in the following example). 9. Configure the static LAG/LACP between ports connected from VLT peer 1 and VLT peer 2 to the top of rack unit. EXEC Privilege mode show running-config entity 10. Configure the VLT peer link port channel id in VLT peer 1 and VLT peer 2. EXEC mode or EXEC Privilege mode show interfaces interface 11.
S5000-2# show interfaces managementethernet 0/0 Internet address is 10.11.206.43/16 S5000-4#show running-config vlt ! vlt domain 5 peer-link port-channel 1 back-up destination 10.11.206.43 S5000-4# S5000-4#show running-config interface managementethernet 0/0 ip address 10.11.206.58/16 no shutdown Configure the VLT links between VLT peer 1 and VLT peer 2 to the top of rack unit.
s60-1#show running-config interface port-channel 100 ! interface Port-channel 100 no ip address switchport no shutdown s60-1# s60-1#show port-channel interface 100 brief Codes: L - LACP Port-channel LAG Mode Status Uptime Ports L 100 L2 up 03:33:48 Te 0/48 (Up) Te 0/50 (Up) s60-1# Verify that VLT is up. Verify that the VLTi (ICL) link, backup link connectivity (heartbeat status) and VLT peer link (peer chassis) are all up.
Figure 149. eVLT Configuration Example eVLT Configuration Step Examples In Domain 1, configure the VLT domain and VLTi on Peer 1. Domain_1_Peer1#configure Domain_1_Peer1(conf)#interface port-channel 1 Domain_1_Peer1(conf-if-po-1)# channel-member TenGigabitEthernet 1/8-9 Domain_1_Peer1(conf)#vlt domain 1000 Domain_1_Peer1(conf-vlt-domain)# peer-link port-channel 1 Domain_1_Peer1(conf-vlt-domain)# back-up destination 10.16.130.
Domain_1_Peer2(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_1_Peer2(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 2. Domain_1_Peer2(conf)#interface range tengigabitethernet 1/28 - 29 Domain_1_Peer2(conf-if-range-te-1/28-29)# port-channel-protocol LACP Domain_1_Peer2(conf-if-range-te-1/28-29)# port-channel 100 mode active Domain_1_Peer2(conf-if-range-te-1/28-29)# no shutdown In Domain 2, configure the VLT domain and VLTi on Peer 3.
PIM-Sparse Mode Configuration Example The following sample configuration shows how to configure the PIM Sparse mode designated router functionality on the VLT domain with two VLT port-channels that are members of VLAN 4001. For more information, refer to PIM-Sparse Mode Support on VLT. Examples of Configuring PIM-Sparse Mode The following example shows how to enable PIM multicast routing on the VLT node globally.
• Display the VLT peer status, role of the local VLT switch, VLT system MAC address and system priority, and the MAC address and priority of the locally-attached VLT device. EXEC mode • show vlt role Display the current configuration of all VLT domains or a specified group on the switch. EXEC mode • show running-config vlt Display statistics on VLT operation.
Role Priority: ICL Link Status: HeartBeat Status: VLT Peer Status: Local Unit Id: Version: Local System MAC address: Remote System MAC address: Configured System MAC address: Remote system version: Delay-Restore timer: 32768 Up Up Up 0 5(1) 00:01:e8:8a:e9:70 00:01:e8:8a:e7:e7 00:0a:0a:01:01:0a 5(1) 90 seconds Dell_VLTpeer2# show vlt brief VLT Domain Brief -----------------Domain ID: Role: Role Priority: ICL Link Status: HeartBeat Status: VLT Peer Status: Local Unit Id: Version: Local System MAC address: R
The following example shows the show running-config vlt command. Dell_VLTpeer1# show running-config vlt ! vlt domain 30 peer-link port-channel 60 back-up destination 10.11.200.18 Dell_VLTpeer2# show running-config vlt ! vlt domain 30 peer-link port-channel 60 back-up destination 10.11.200.20 The following example shows the show vlt statistics command.
Name PortID Prio Cost Sts Cost Bridge ID PortID ---------- -------- ---- ------- -------- - ------- ------------Po 1 128.2 128 200000 DIS 0 0 0001.e88a.dff8 128.2 Po 3 128.4 128 200000 DIS 0 0 0001.e88a.dff8 128.4 Po 4 128.5 128 200000 DIS 0 0 0001.e88a.dff8 128.5 Po 100 128.101 128 800 FWD(VLTi)0 0 0001.e88a.dff8 128.101 Po 110 128.111 128 00 FWD(vlt) 0 0 0001.e88a.dff8 128.111 Po 111 128.112 128 200000 DIS(vlt) 0 0 0001.e88a.dff8 128.112 Po 120 128.121 128 2000 FWD(vlt) 0 0 0001.e88a.dff8 128.
Configuring Virtual Link Trunking (VLT Peer 2) Enable VLT and create a VLT domain with a backup-link VLT interconnect (VLTi). Dell_VLTpeer2(conf)#vlt domain 999 Dell_VLTpeer2(conf-vlt-domain)#peer-link port-channel 100 Dell_VLTpeer2(conf-vlt-domain)#back-up destination 10.11.206.23 Dell_VLTpeer2(conf-vlt-domain)#exit Configure the backup link. Dell_VLTpeer2(conf)#interface ManagementEthernet 0/0 Dell_VLTpeer2(conf-if-ma-0/0)#ip address 10.11.206.
Troubleshooting VLT To help troubleshoot different VLT issues that may occur, use the following information. NOTE: For information on VLT Failure mode timing and its impact, contact your Dell Networking representative. Table 85. Troubleshooting VLT Description Behavior at Peer Up Behavior During Run Time Bandwidth monitoring A syslog error message and an SNMP trap is generated when the VLTi bandwidth usage goes above the 80% threshold and when it drops below 80%.
Description Behavior at Peer Up Behavior During Run Time Action to Take information, refer to the Release Notes for this release. VLT LAG ID is not configured on one VLT peer A syslog error message is generated. The peer with the VLT configured remains active. A syslog error message is generated. The peer with the VLT configured remains active. Verify the VLT LAG ID is configured correctly on both VLT peers. VLT LAG ID mismatch The VLT port channel is brought down.
Keep the following points in mind when you configure VLT nodes in a PVLAN: • Configure the VLTi link to be in trunk mode. Do not configure the VLTi link to be in access or promiscuous mode. • You can configure a VLT LAG or port channel to be in trunk, access, or promiscuous port modes when you include the VLT LAG in a PVLAN. The VLT LAG settings must be the same on both the peers. If you configure a VLT LAG as a trunk port, you can associate that LAG to be a member of a normal VLAN or a PVLAN.
PVLAN Operations When One VLT Peer is Down When a VLT port moves to the Admin or Operationally Down state on only one of the VLT nodes, the VLT Lag is still considered to be up. All the PVLAN MAC entries that correspond to the operationally down VLT LAG are maintained as synchronized entries in the device. These MAC entries are removed when the peer VLT LAG also becomes inactive or a change in PVLAN configuration occurs.
VLT LAG Mode PVLAN Mode of VLT VLAN ICL VLAN Membership Mac Synchronization Peer1 Peer2 Peer1 Peer2 Promiscuous Promiscuous Primary Primary Yes Yes Promiscuous Access Primary Secondary No No Promiscuous Promiscuous Primary Primary Yes Yes - Secondary (Community) - Secondary (Isolated) No No Secondary (Community) Secondary (Isolated) No No • • Yes Yes Access Promiscuous Access Promiscuous Primary X Primary X Primary Primary Yes Yes - Secondary (Community) - Se
Creating a VLT LAG or a VLT VLAN 1. Configure the port channel for the VLT interconnect on a VLT switch and enter interface configuration mode CONFIGURATION mode interface port-channel id-number. Enter the same port-channel number configured with the peer-link port-channel command as described in Enabling VLT and Creating a VLT Domain. NOTE: To be included in the VLTi, the port channel must be in Default mode (no switchport or VLAN assigned). 2. Remove an IP address from the interface.
interface interface 2. Enable the port. INTERFACE mode no shutdown 3. Set the port in Layer 2 mode. INTERFACE mode switchport 4. Select the PVLAN mode. INTERFACE mode switchport mode private-vlan {host | promiscuous | trunk} • • • 5. host (isolated or community VLAN port) promiscuous (intra-VLAN communication port) trunk (inter-switch PVLAN hub port) Access INTERFACE VLAN mode for the VLAN to which you want to assign the PVLAN interfaces. CONFIGURATION mode interface vlan vlan-id 6.
3 forwarding level. VLT peer routing enables you to replace VRRP with routed VLT to route the traffic from Layer 2 access nodes. With proxy ARP, hosts can resolve the MAC address of the VLT node even when VLT node is down. If the ICL link is down when a VLT node receives an ARP request for the IP address of the VLT peer, owing to LAG-level hashing algorithm in the top-of-rack (TOR) switch, the incorrect VLT node responds to the ARP request with the peer MAC address.
VLT Nodes as Rendezvous Points for Multicast Resiliency You can configure virtual link trunking (VLT) peer nodes as rendezvous points (RPs) in a Protocol Independent Multicast (PIM) domain. PIM uses a VLT node as the RP to distribute multicast traffic to a multicast group. Messages to join the multicast group (Join messages) and data are sent towards the RP, so that receivers can discover who the senders are and begin receiving traffic destined for the multicast group.
member port-channel port—channel ID 4. Verify the VLAN-stack configurations. EXEC Privilege show running-config Sample configuration of VLAN-stack over VLT (Peer 1) Configure VLT domain Dell(conf)#vlt domain 1 Dell(conf-vlt-domain)#peer-link port-channel 1 Dell(conf-vlt-domain)#back-up destination 10.16.151.
Configure VLAN as VLAN-Stack VLAN and add the VLT LAG as Members to the VLAN Dell(conf)#interface vlan 50 Dell(conf-if-vl-50)#vlan-stack compatible Dell(conf-if-vl-50-stack)#member port-channel 10 Dell(conf-if-vl-50-stack)#member port-channel 20 Dell#show running-config interface vlan 50 ! interface Vlan 50 vlan-stack compatible member Port-channel 10,20 shutdown Dell# Verify that the Port Channels used in the VLT Domain are Assigned to the VLAN-Stack VLAN Dell#show vlan id 50 Codes: * - Default VLAN, G - G
no shutdown Dell# Dell(conf)#interface port-channel 20 Dell(conf-if-po-20)#switchport Dell(conf-if-po-20)#vlt-peer-lag port-channel 20 Dell(conf-if-po-20)#vlan-stack trunk Dell(conf-if-po-20)#no shutdown Dell#show running-config interface port-channel 20 ! interface Port-channel 20 no ip address switchport vlan-stack trunk vlt-peer-lag port-channel 20 no shutdown Dell# Configure the VLAN as VLAN-Stack VLAN and add the VLT LAG as members to the VLAN Dell(conf)#interface vlan 50 Dell(conf-if-vl-50)#vlan-stack
Peer routing for IPv6 packets in a VLT domain is supported. This mechanism of IPv6 peer routing is supported on all the platforms that are compatible with IPv6 routing and support VLT. This functionality performs the following operations: • Forwarding the control traffic to correct VLT node when the control traffic reaches wrong VLT node due to hashing at the VLT LAG level on the ToR. • Routing the data traffic which is destined to peer VLT node.
Tunneling of IPv6 ND in a VLT Domain Tunneling an NA packet from one VLT node to its peer is required because an NA may reach the wrong VLT node instead of arriving at the destined VLT node. This may occur because of LAG hashing at the top of the rack (ToR) switch. The tunneled NA will carry some control information along with it so that the appropriate VLT node can mimic the ingress port as the VLT interface rather than pointing to VLT node’s interconnecting link (ICL link).
Figure 151. Sample Configuration of IPv6 Peer Routing in a VLT Domain Neighbor Solicitation from VLT Hosts Consider a case in which NS for VLT node1 IP reaches VLT node1 on VLT interface and NS for VLT node1 IP reaches VLT node2 due to LAG level hashing in TOR. When VLT node1 receives NS from VLT VLAN interface, it unicasts NA packet on the VLT interface. When NS reaches VLT node2 it is flooded on all interfaces including ICL. When VLT node 1 receives NS on ICL then it floods NA packet on the VLAN.
Consider a situation in which NA for VLT node1 reaches VLT node1 on non-VLT interface and NA for VLT node1 reaches VLT node2 on non-VLT interface. When VLT node1 receives NA on VLT interface, it learns the Host MAC address on received interface. This learned neighbor entry is synchronized to VLT node2 as it is learned on ICL.
Non-VLT host to Non-VLT host traffic flow When VLT node receives traffic from non-VLT host intended to the non-VLT host, it does neighbor entry lookup and routes traffic over ICL interface. If traffic reaches wrong VLT peer, it routes the traffic over ICL. Router Solicitation When VLT node receives router Solicitation on VLT interface/non-VLT interface it consumes the packets and will send RA back on the received interface. VLT node will drop the RS message if it is received over ICL interface.
67 Virtual Routing and Forwarding (VRF) Virtual Routing and Forwarding (VRF) allows a physical router to partition itself into multiple Virtual Routers (VRs). The control and data plane are isolated in each VR so that traffic does NOT flow across VRs.Virtual Routing and Forwarding (VRF) allows multiple instances of a routing table to co-exist within the same router at the same time. VRF Overview VRF improves functionality by allowing network paths to be segmented without using multiple devices.
Figure 152. VRF Network Example VRF Configuration Notes Although there is no restriction on the number of VLANs that can be assigned to a VRF instance, the total number of routes supported in VRF is limited by the size of the IPv4 CAM. VRF is implemented in a network device by using Forwarding Information Bases (FIBs). A network device may have the ability to configure different virtual routers, where entries in the FIB that belong to one VRF cannot be accessed by another VRF on the same device.
Table 87. Software Features Supported on VRF Feature/Capability Support Status for Default VRF Support Status for Non-default VRF Configuration rollback for commands introduced or modified Yes No LLDP protocol on the port Yes No 802.
Feature/Capability Support Status for Default VRF Support Status for Non-default VRF sFlow Yes No VRRP on physical and logical interfaces Yes Yes VRRPV3 Yes Yes Secondary IP Addresses Yes No Following IPv6 capabilities No Basic Yes No OSPFv3 Yes Yes IS-IS Yes Yes BGP Yes Yes ACL Yes No Multicast Yes No NDP Yes Yes RAD Yes Yes Ingress/Egress Storm-Control (perinterface/global) Yes No DHCP DHCP requests are not forwarded across VRF instances.
Creating a Non-Default VRF Instance VRF is enabled by default on the switch and supports up to 64 VRF instances: 1 to 63 and the default VRF (0). Table 89. Creating a Non-Default VRF Instance Task Command Syntax Command Mode Create a non-default VRF instance by specifying a name and VRF ID number, and enter VRF configuration mode.
Table 92. View VRF Instance Information Task Command Syntax show ip vrf [vrf-name] Display the interfaces assigned to a VRF instance. To display information on all VRF instances (including the default VRF 0), do not enter a value for vrf-name. Command Mode EXEC Assigning an OSPF Process to a VRF Instance OSPF routes are supported on all VRF instances. Refer toOpen Shortest Path First (OSPFv2) for complete OSPF configuration information. Assign an OSPF process to a VRF instance .
Task Command Syntax Command Mode View VRRP command output show vrrp vrf vrf1 -----------------for the VRF vrf1 TenGigabitEthernet 1/13, IPv4 VRID: 10, Version: 2, Net: 10.1.1.1 VRF: 2 vrf1 State: Master, Priority: 100, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 43, Gratuitous ARP sent: 0 Virtual MAC address: 00:00:5e:00:01:0a Virtual IP address: 10.1.1.
Table 96. Configuring a Static Route Task Command Syntax Command Mode Configure a static route that points to a management interface. management route ip-address mask managementethernet ormanagement route ipv6address prefix-length managementethernet CONFIGURATION NOTE: You can also have the management route to point to a front-end port in case of the management VRF. For example: management route 2::/64 te 0/0.
Figure 154. Setup VRF Interfaces The following example relates to the configuration shown in Figure1 and Figure 2. Router 1 ip vrf blue 1 ! ip vrf orange 2 ! ip vrf green 3 ! interface TenGigabitEthernet no ip address switchport no shutdown ! interface TenGigabitEthernet ip vrf forwarding blue ip address 10.0.0.1/24 no shutdown ! interface TenGigabitEthernet ip vrf forwarding orange ip address 20.0.0.
ip vrf forwarding green ip address 30.0.0.1/24 no shutdown ! interface Vlan 128 ip vrf forwarding blue ip address 1.0.0.1/24 tagged TenGigabitEthernet 3/1 no shutdown ! interface Vlan 192 ip vrf forwarding orange ip address 2.0.0.1/24 tagged TenGigabitEthernet 3/1 no shutdown ! interface Vlan 256 ip vrf forwarding green ip address 3.0.0.1/24 tagged TenGigabitEthernet 3/1 no shutdown ! router ospf 1 vrf blue router-id 1.0.0.1 network 1.0.0.0/24 area 0 network 10.0.0.
ip vrf forwarding blue ip address 1.0.0.2/24 tagged TenGigabitEthernet 3/1 no shutdown interface Vlan 192 ip vrf forwarding orange ip address 2.0.0.2/24 tagged TenGigabitEthernet 3/1 no shutdown ! interface Vlan 256 ip vrf forwarding green ip address 3.0.0.2/24 tagged TenGigabitEthernet 3/1 no shutdown ! router ospf 1 vrf blue router-id 1.0.0.2 network 11.0.0.0/24 area 0 network 1.0.0.0/24 area 0 passive-interface TenGigabitEthernet 2/1 ! router ospf 2 vrf orange router-id 2.0.0.2 network 21.0.0.
E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set C C O Destination ----------1.0.0.0/24 10.0.0.0/24 11.0.0.0/24 Gateway ------Direct, Vl 128 Direct, Te 1/1 via 1.0.0.
Dell#show ip ospf 1 neighbor Neighbor ID Pri 1.0.0.1 1 FULL/BDR ! Dell#sh ip ospf 2 neighbor Neighbor ID Pri 2.0.0.1 1 FULL/BDR ! Dell#show ip route vrf blue State Dead Time 00:00:36 Address 1.0.0.1 Interface Vl 128 Area State Dead Time 00:00:33 Address 2.0.0.
Route Leaking VRFs Static routes can be used to redistribute routes between non-default to default/non-default VRF and vice-versa. You can configure route leaking between two VRFs using the following command: ip route vrf x.x.x.x s.s.s.s nh.nh.nh.nh vrf default. This command indicates that packets that are destined to x.x.x.x/s.s.s.s are reachable through nh.nh.nh.nh in the default VRF table. Meaning, the routes to x.x.x.x/s.s.s.
purpose, routes corresponding VRF-Shared routes are leaked to only VRF-Red and VRF-Blue. And for reply, routes corresponding to VRF-Red and VRF-Blue are leaked to VRF-Shared. For leaking the routes from VRF-Shared to VRF-Red and VRF-Blue, you can configure route-export tag on VRF-shared (source VRF, who is exporting the routes); the same route-export tag value should be configured on VRF-Red and VRF-blue as route-import tag (target VRF, that is importing the routes).
ip vrf forwarding VRF-green ip address ip—address mask A non-default VRF named VRF-green is created and the interface is assigned to it. 10. Configure the import target in the source VRF VRF-Shared for reverse communication with VRF-red and VRF-blue.
O 22.2.2.2/32 00:00:11 via 122.2.2.2 C O C Direct, Te 1/12 0/0 22:39:61 via vrf-shared:144.4.4.4 0/0 00:32:36 Direct, vrf-shared:Te 1/4 0/0 00:32:36 122.2.2.0/24 44.4.4.4/32 144.4.4.0/24 110/0 Dell# show ip route vrf VRF-Green O 33.3.3.3/32 00:00:11 via 133.3.3.3 C Direct, Te 1/13 0/0 133.3.3.0/24 110/0 22:39:61 Dell# show ip route vrf VRF-Shared O 11.1.1.1/32 via VRF-Red:111.1.1.1 110/0 C 111.1.1.0/24 Direct, VRF-Red:Te 1/11 0/0 O 22.2.2.2/32 via VRF-Blue:122.2.2.2 110/0 C 122.2.2.
While importing these routes into VRF-blue, you can further specify match conditions at the import end to define the filtering criteria based on which the routes are imported into VRF-blue. You can define a route-map import_ospf_protocol and then specify the match criteria as OSPF using the match source-protocol ospf command. You can then use the ip route-import route-map command to import routes matching the filtering criteria defined in the import_ospf_protocol route-map.
The show run output for the above configuration is as follows: ip vrf vrf-Red ip route-export 1:1 export_ospfbgp_protocol ip route-import 2:2 ! this action exports only the OSPF and BGP routes to other VRFs ! ip vrf vrf-Blue ip route-export 2:2 ip route-import 1:1 import_ospf_protocol !this action accepts only OSPF routes from VRF-red even though both OSPF as well as BGP routes are shared The show VRF commands displays the following output: Dell# show ip route vrf VRF-Blue C 122.2.2.
68 Virtual Router Redundancy Protocol (VRRP) Virtual router redundancy protocol (VRRP) is designed to eliminate a single point of failure in a statically routed network. VRRP Overview VRRP specifies a MASTER router that owns the next hop IP and MAC address for end stations on a local area network (LAN). The MASTER router is chosen from the virtual routers by an election process and forwards packets sent to the next hop IP address.
Figure 155. Basic VRRP Configuration VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End-station connections to the network are redundant and are not dependent on internal gateway protocol (IGP) protocols to converge or update routing tables. VRRP Implementation The S5000 supports a total of 255 VRRP groups on a switch. Within a single VRRP group, up to 12 virtual IP addresses are supported.
CAUTION: Increasing the advertisement interval increases the VRRP Master dead interval, resulting in an increased failover time for Master/Backup election. Take caution when increasing the advertisement interval, as the increased dead interval may cause packets to drop during that switch-over time. Table 98.
INTERFACE mode no vrrp-group vrid Examples of Configuring and Verifying VRRP The following examples how to configure VRRP. Dell(conf)#int Te 1/1 Dell(conf-if-Te-1/1)#vrrp-group 111 Dell(conf-if-Te-1/1-vrid-111)# The following examples how to verify the VRRP configuration. Dell(conf-if-Te-1/1)#show conf ! interface TenGigabitEthernet 1/1 ip address 10.10.10.1/24 ! vrrp-group 111 no shutdown Dell(conf-if-Te-1/1)# Configuring a Virtual IP Address To configure a virtual IP address, use the following commands.
no shutdown Dell(conf-if-te-1/1)# The following example shows the same VRRP group (VRID 111) configured on multiple interfaces on different subnets. Dellshow vrrp -----------------TenGigabitEthernet 1/1, VRID: 111, Net: 10.10.10.1 State: Master, Priority: 255, Master: 10.10.10.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 1768, Gratuitous ARP sent: 5 Virtual MAC address: 00:00:5e:00:01:6f Virtual IP address: 10.10.10.1 10.10.10.2 10.10.10.3 10.10.10.
10.10.10.1 10.10.10.2 10.10.10.3 10.10.10.10 Authentication: (none) -----------------TenGigabitEthernet 1/2, VRID: 111, Net: 10.10.2.1 State: Master, Priority: 125, Master: 10.10.2.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 601, Gratuitous ARP sent: 2 Virtual MAC address: 00:00:5e:00:01:6f Virtual IP address: 10.10.2.2 10.10.2.
• Prevent any BACKUP router with a higher priority from becoming the MASTER router. INTERFACE-VRID mode no preempt Examples of Disabling Preempt Re-enable preempt by entering the preempt command. When you enable preempt, it does not display in the show commands, because it is a default setting. The following example shows how to disable preempt using the no preempt command.
advertise-interval 10 authentication-type simple 7 387a7f2df5969da4 no preempt priority 255 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.3 virtual-address 10.10.10.10 Dell(conf-if-te-1/1-vrid-111)# Track an Interface or Object You can set Dell Networking OS to monitor the state of any interface according to the virtual group. Each VRRP group can track up to 12 interfaces and up to 20 additional objects, which may affect the priority of the VRRP group.
• show track (Optional) Display the configuration and the UP or DOWN state of tracked interfaces and objects in VRRP groups, including the time since the last change in an object’s state. EXEC mode or EXEC Privilege mode • show vrrp (Optional) Display the configuration of tracked objects in VRRP groups on a specified interface.
Virtual MAC address: 00:00:5e:00:02:01 Virtual IP address: 2007::1 fe80::1 Tracking states for 2 resource Ids: 2 - Up IPv6 route, 2040::/64, priority-cost 20, 00:02:11 3 - Up IPv6 route, 2050::/64, priority-cost 30, 00:02:11 The following example shows verifying the VRRP configuration on an interface.
Sample Configurations Before you set up VRRP, review the following sample configurations. VRRP for an IPv4 Configuration The following configuration shows how to enable IPv4 VRRP. This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes.
R2(conf-if-te-2/31-vrid-99)#priority 200 R2(conf-if-te-2/31-vrid-99)#virtual 10.1.1.3 R2(conf-if-te-2/31-vrid-99)#no shut R2(conf-if-te-2/31)#show conf ! interface TenGigabitEthernet 2/31 ip address 10.1.1.1/24 ! vrrp-group 99 priority 200 virtual-address 10.1.1.3 no shutdown R2(conf-if-te-2/31)#end R2#show vrrp -----------------TenGigabitEthernet 2/31, VRID: 99, Net: 10.1.1.1 State: Master, Priority: 200, Master: 10.1.1.
Figure 157. Example of VRRP for an IPv6 Configuration NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be MASTER even if one of two routers has a higher IP or IPv6 address. The following example shows configuring VRRP for IPv6 Router 2 and Router 3. Configure a virtual link local (fe80) address for each VRRPv3 group created for an interface.
virtual-address 1::10 no shutdown R2(conf-if-te-0/0)#end R2#show vrrp -----------------TenGigabitEthernet 0/0, IPv6 VRID: 10, Version: 3, Net:fe80::201:e8ff:fe6a:c59f VRF: 0 default-vrf State: Master, Priority: 100, Master: fe80::201:e8ff:fe6a:c59f (local) Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept Mode: FALSE, Master AdvInt: 100 centisec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 135 Virtual MAC address: 00:00:5e:00:02:0a Virtual IP address: 1::10 fe80::10 Router 3 R3(conf)#interface t
on each VRF instance in order that there is one MASTER and one backup router for each VRF. In VRF-1 and VRF-2, Switch-2 serves as owner-master of the VRRP group and Switch-1 serves as the backup. On VRF-3, Switch-1 is the owner-master and Switch-2 is the backup. In VRF-1 and VRF-2 on Switch-2, the virtual IP and node IP address, subnet, and VRRP group are the same. On Switch-1, the virtual IP address, subnet, and VRRP group are the same in VRF-1 and VRF-2, but the IP address of the node interface is unique.
S1(conf-if-te-12/2)#vrrp-group 11 % Info: The VRID used by the VRRP group 11 in VRF 2 will be 178. S1(conf-if-te-12/2-vrid-101)#priority 100 S1(conf-if-te-12/2-vrid-101)#virtual-address 10.10.1.2 S1(conf-if-te-12/2)#no shutdown ! S1(conf)#interface TenGigabitEthernet 12/3 S1(conf-if-te-12/3)#ip vrf forwarding VRF-3 S1(conf-if-te-12/3)#ip address 20.1.1.5/24 S1(conf-if-te-12/3)#vrrp-group 15 % Info: The VRID used by the VRRP group 15 in VRF 3 will be 243.
VRRP in VRF: Switch-1 VLAN Configuration VRRP in VRF: Switch-2 VLAN Configuration Switch-1 S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface TenGigabitEthernet 12/4 S1(conf-if-te-12/4)#no ip address S1(conf-if-te-12/4)#switchport S1(conf-if-te-12/4)#no shutdown ! S1(conf-if-te-12/4)#interface vlan 100 S1(conf-if-vl-100)#ip vrf forwarding VRF-1 S1(conf-if-vl-100)#ip address 10.10.1.
S2(conf-if-vl-200)#ip address 10.10.1.2/24 S2(conf-if-vl-200)#tagged tengigabitethernet 12/4 S2(conf-if-vl-200)#vrrp-group 11 % Info: The VRID used by the VRRP group 11 in VRF 2 will be 178. S2(conf-if-vl-200-vrid-101)#priority 255 S2(conf-if-vl-200-vrid-101)#virtual-address 10.10.1.2 S2(conf-if-vl-200)#no shutdown ! S2(conf-if-te-12/4)#interface vlan 300 S2(conf-if-vl-300)#ip vrf forwarding VRF-3 S2(conf-if-vl-300)#ip address 20.1.1.
Figure 159. VRRP for IPv6 Topology NOTE: This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, and so on.
NOTE: The virtual IPv6 address you configure should be the same as the IPv6 subnet to which the interface belongs.
Virtual IP address: 10:1:1::255 fe80::255 Dell#show vrrp tengigabitethernet 2/8 TenGigabitEthernet 2/8, IPv6 VRID: 255, Version: 3, Net: fe80::201:e8ff:fe8a:e9ed VRF: 0 default State: Master, Priority: 110, Master: fe80::201:e8ff:fe8a:e9ed (local) Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept Mode: FALSE, Master AdvInt: 100 centisec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 120 Virtual MAC address: 00:00:5e:00:02:ff Virtual IP address: 10:1:1::255 fe80::255 Dell# Dell#show vrrp vrf vrf1 v
Displaying VRRP in a VRF Configuration To display information on a VRRP group that is configured on an interface that belongs to a VRF instance, use the following commands. • Display information on a VRRP group that is configured on an interface that belongs to a VRF instance. show running-config track [interface interface] • Display information on VRRP groups configured on interfaces that belong to a VRF instance.
69 S5000 Debugging and Diagnostics Offline Diagnostics The diagnostics tests are grouped into three levels: • Level 0 — Level 0 diagnostics check for the presence of various components and perform essential path verifications. In addition, Level 0 diagnostics verify the identification registers of the components on the board. • Level 1 — A smaller set of diagnostic tests. Level 1 diagnostics perform status/self-test for all the components on the board and test their registers for appropriate values.
show system brief 3. Start diagnostics on the unit. diag When the tests are complete, the system displays the following message and automatically reboots the unit. Diagnostic results are printed to a file in the flash using the filename format TestReport-SU-.txt. Log messages differ somewhat when diagnostics are done on a standalone unit and on a stack member. 4. View the results of the diagnostic tests.
-- Fan Status -Unit Bay TrayStatus Fan0 Speed Fan1 Speed Fan2 Speed Fan3 Speed --------------------------------------------------------------0 0 absent or down 0 1 up up 4800 up 4800 up 4800 up 4800 0 2 up up 4800 up 4800 up 4800 up 4800 0 3 absent or down Dell# As shown in the following two examples, log messages differ somewhat when diagnostics are done on a standalone unit and on a stack member. The following is an example of running offline diagnostics on a standalone unit.
Stack Unit Board Serial Number : DL267160098 CPU Version : MPC8541, Version: 1.1 PLD Version : 5 Diag image based on build : E_MAIN4.7.7.206 Stack Unit Board Voltage levels - 3.300000 V, 2.500000 V, 1.800000 V, 1.250000 V, 1.200000 V, 2.000000 V Stack Unit Board temperature : 26 Degree C Stack Unit Number : 0 ****************************Stack Unit EEPROM INFO******************************* ********MFG INFO******************* Data in Chassis Eeprom Mfg Info is listed as...
Hardware Watchdog Timer The hardware watchdog command automatically reboots an Dell Networking OS switch/router with a single RPM that is unresponsive. This is a last resort mechanism intended to prevent a manual power cycle. Using the Show Hardware Commands These commands display information from a hardware sub-component and from hardware-based feature tables. The following lists the show hardware commands available as of the latest Dell Networking OS version.
EXEC Privilege mode • show hardware stack-unit {0-11} stack-port {0-64} View the counters in the field processors of the stack unit. EXEC Privilege mode • show hardware stack-unit {0-11} unit {0-0} counters View the details of the FP Devices and Hi gig ports on the stack-unit. EXEC Privilege mode • show hardware stack-unit {0-11} unit {0-0} details Execute a specified bShell command from the CLI without going into the bShell.
SFP+ SFP+ SFP+ SFP+ SFP+ SFP+ SFP+ 1 1 1 1 1 1 1 Serial Extended ID fields Options = 0x00 0x1a BR max = 0 BR min = 0 Vendor SN = AL30LGT Datecode = 110715 CheckCodeExt = 0xdb SFP+ 1 Diagnostic Information =================================== SFP+ 1 Rx Power measurement type = Average =================================== SFP+ 1 Temp High Alarm threshold = 78.000C SFP+ 1 Voltage High Alarm threshold = 3.700V SFP+ 1 Bias High Alarm threshold = 11.800mA SFP+ 1 TX Power High Alarm threshold = 0.
In addition, Dell Networking requires that you install blanks in all empty slots to control airflow for adequate system cooling. Recognize an Under-Voltage Condition If the system detects an under-voltage condition, it sends an alarm. To recognize this condition, look for the following system message: %CHMGR-1-CARD_SHUTDOWN: Major alarm: Line card 2 down - auto-shutdown due to under voltage. This message indicates that the specified card is not receiving enough power.
Forwarding processor (FP) ASICs provide Ethernet MAC functions, queueing, and buffering, as well as store feature and forwarding tables for hardware-based lookup and forwarding decisions. 1G and 10G interfaces use different FPs. As shown in the following example, you can tune buffers at three locations. 1. CSF — Output queues going from the CSF. 2. FP Uplink — Output queues going from the FP to the CSF IDP links. 3. Front-End Link — Output queues going from the FP to the front-end PHY.
Figure 160. Buffer Tuning Points Deciding to Tune Buffers Dell Networking recommends exercising caution when configuring any non-default buffer settings, as tuning can significantly affect system performance. The default values work for most cases. As a guideline, consider tuning buffers if traffic is bursty (and coming from several interfaces). In this case: • Reduce the dedicated buffer on all queues/interfaces. • Increase the dynamic buffer on all interfaces.
• buffer dynamic Change the number of packet-pointers per queue. BUFFER PROFILE mode • buffer packet-pointers Apply the buffer profile to a line card. CONFIGURATION mode • buffer fp-uplink linecard Apply the buffer profile to a CSF to FP link.
Dell#show buffer-profile detail int te 0/10 Interface Te 0/10 Buffer-profile fsqueue-fp Dynamic buffer 1256.00 (Kilobytes) Queue# Dedicated Buffer Buffer Packets (Kilobytes) 0 3.00 256 1 3.00 256 2 3.00 256 3 3.00 256 4 3.00 256 5 3.00 256 6 3.00 256 7 3.00 256 Dell#show buffer-profile detail fp-uplink stack-unit 0 port-set 0 Stack-unit 0 Port-set 0 Buffer-profile fsqueue-hig Dynamic Buffer 1256.00 (Kilobytes) Queue# Dedicated Buffer Buffer Packets (Kilobytes) 0 3.00 256 1 3.00 256 2 3.00 256 3 3.
• • • • • • • • • • • • • • • • show hardware stack-unit 0-11 drops unit 0-0 port 0-63 show hardware stack-unit 0-11 stack-port 48-51 show hardware stack-unit 0-11 unit 0-1 {counters | details | port-stats [detail] | register | execute-shell-cmd | ipmc-replication | table-dump} show hardware drops interface [range] interface show hardware stack-unit buffer-stats-snapshot unit resource x show hardware buffer inteface interface{priority-group { id | all } | queue { id| all} ] buffer-info show hardw
Port bitmap zero Drops Rx VLAN Drops --- Ingress MAC counters--Ingress FCSDrops Ingress MTUExceeds --- MMU Drops --Ingress MMU Drops HOL DROPS(TOTAL) HOL DROPS on COS0 HOL DROPS on COS1 HOL DROPS on COS2 HOL DROPS on COS3 HOL DROPS on COS4 HOL DROPS on COS5 HOL DROPS on COS6 HOL DROPS on COS7 HOL DROPS on COS8 HOL DROPS on COS9 HOL DROPS on COS10 HOL DROPS on COS11 HOL DROPS on COS12 HOL DROPS on COS13 HOL DROPS on COS14 HOL DROPS on COS15 HOL DROPS on COS16 HOL DROPS on COS17 TxPurge CellErr Aged Drops ---
rxPkt(COS3) rxPkt(COS4) rxPkt(COS5) rxPkt(COS6) rxPkt(COS7) rxPkt(UNIT0) rxPkt(UNIT1) rxPkt(UNIT2) rxPkt(UNIT3) transmitted txRequested noTxDesc txError txReqTooLarge txInternalError txDatapathErr txPkt(COS0) txPkt(COS1) txPkt(COS2) txPkt(COS3) txPkt(COS4) txPkt(COS5) txPkt(COS6) txPkt(COS7) txPkt(UNIT0) :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 :0 Example of Viewing Party Bus Statistics Dell#sh hardware stack-unit 2 cpu party-bus statistics Input Statistics: 27550 packets, 2
Example of Displaying Stack Unit Counters RIPC4.ge0 RUC.ge0 RDBGC0.ge0 RDBGC1.ge0 RDBGC5.ge0 RDBGC7.ge0 GR64.ge0 GR127.ge0 GR255.ge0 GRPKT.ge0 GRBYT.ge0 GRMCA.ge0 GRBCA.ge0 GT64.ge0 GT127.ge0 GT255.ge0 GT511.ge0 GTPKT.ge0 GTBCA.ge0 GTBYT.ge0 RUC.cpu0 TDBGC6.
2 3 4 5 6 7 8 9 drwx -rwx -rwx -rwx -rwx -rwx -rwx -rwx 4096 512 299829760 471494 1626169 466916 512 512 Feb Jan Jan Jan Jan Jan Jan Jan 09 28 22 22 22 22 30 30 2013 2013 2013 2013 2013 2013 2013 2013 16:07:12 10:42:14 23:27:46 23:40:40 23:40:46 23:49:34 00:41:10 00:49:38 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 +00:00 .. f10StkUnit9.kcore.mini.txt f10StkUnit9.kcore.gz f10cp_dsm_130122233423_Stk8.acore.gz sysdlp_Stk8.acore.gz f10cp_dsm_130122234622_Stk9.acore.gz f10StkUnit10.kcore.mini.
70 Standards Compliance This chapter describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking Operating System (OS), Dell Networking OS also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website. Click “Browse and search IETF documents,” enter an RFC number, and inspect the top of the resulting document for obsolescence citations to related RFCs.
RFC and I-D Compliance Dell Networking OS supports the following standards. The standards are grouped by related protocol. The columns showing support by platform indicate which version of Dell Networking OS first supports the standard. General Internet Protocols The following table lists the Dell Networking OS support per platform for general internet protocols. Table 100. General Internet Protocols RFC# Full Name Dell networking OS 9.1(1.
RFC# Full Name Dell networking OS 9.1(1.
RFC# Full Name Dell networking OS 9.1(1.0) 4862 IPv6 Stateless Address Autoconfiguration √ 5175 IPv6 Router Advertisement Flags Option √ Border Gateway Protocol (BGP) The following table lists the Dell Networking OS support per platform for BGP protocols. Table 103.
Intermediate System to Intermediate System (IS-IS) The following table lists the Dell Networking OS support per platform for IS-IS protocol. Table 105. Intermediate System to Intermediate System (IS-IS) RFC# Full Name Dell networking OS 9.1(1.
Multicast The following table lists the Dell Networking OS support per platform for Multicast protocol. Table 107. Multicast RFC# Full Name Dell networking OS 9.1(1.
RFC# Full Name Dell networking OS 9.1(1.
RFC# Full Name Dell networking OS 9.1(1.
RFC# Full Name Dell networking OS 9.1(1.0) draft-grant-tacacs -02 The TACACS+ Protocol √ draft-ietf-idr-bgp4 -mib-06 Definitions of Managed Objects for the Fourth Version of the Border Gateway Protocol (BGP-4) using SMIv2 √ draft-ietf-isis-wgmib- 16 Management Information Base for Intermediate System to Intermediate System (IS-IS): √ isisSysObject (top level scalar objects) isisISAdjTable isisISAdjAreaAddrTable isisISAdjIPAddrTable isisISAdjProtSuppTable IEEE 802.
RFC# Full Name Dell networking OS 9.1(1.
