Dell Configuration Guide for the S6000–ON System 9.7(0.
Notes, Cautions, and Warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2015 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents 1 About this Guide.............................................................................................................31 Audience........................................................................................................................................................................... 31 Conventions......................................................................................................................................................................
Creating a Custom Privilege Level.............................................................................................................................. 52 Removing a Command from EXEC Mode...................................................................................................................52 Moving a Command from EXEC Privilege Mode to EXEC Mode................................................................................52 Allowing Access to CONFIGURATION Mode Commands...............
Forcibly Authorizing or Unauthorizing a Port.................................................................................................................... 78 Re-Authenticating a Port..................................................................................................................................................78 Configuring Timeouts.......................................................................................................................................................
How BFD Works.............................................................................................................................................................. 110 BFD Packet Format....................................................................................................................................................111 BFD Sessions...........................................................................................................................................................
Configuring Passive Peering...................................................................................................................................... 161 Maintaining Existing AS Numbers During an AS Migration......................................................................................... 161 Allowing an AS Number to Appear in its Own AS Path..............................................................................................162 Enabling Graceful Restart.........................
Syslog Error When the Table is Full........................................................................................................................... 199 Syslog Warning Upon 90 Percent Utilization of CAM................................................................................................199 Syslog Warning for Discrepancies Between Configured Extended Prefixes...............................................................199 Unified Forwarding Table (UFT) Modes............................
Propagation of DCB Information.............................................................................................................................. 226 Auto-Detection and Manual Configuration of the DCBx Version.............................................................................. 226 Behavior of Tagged Packets.....................................................................................................................................
Enabling IP Source Address Validation......................................................................................................................263 DHCP MAC Source Address Validation.................................................................................................................... 264 Enabling IP+MAC Source Address Validation............................................................................................................264 Viewing the Number of SAV Dropped Packets....
LACP and IPv4 Routing............................................................................................................................................287 LACP and IPv6 Routing........................................................................................................................................... 288 BGP Graceful Restart..............................................................................................................................................
Related Configuration Tasks.....................................................................................................................................309 Viewing IGMP Enabled Interfaces................................................................................................................................... 310 Selecting an IGMP Version..............................................................................................................................................
Configuring Management Interfaces........................................................................................................................ 330 Configuring Management Interfaces on the S-Series...............................................................................................330 VLAN Interfaces............................................................................................................................................................. 331 Loopback Interfaces..........
Set Auto-Negotiation Options..................................................................................................................................353 View Advanced Interface Information............................................................................................................................ 354 Configuring the Interface Sampling Size.................................................................................................................. 354 Dynamic Counters............
21 IPv6 Routing.............................................................................................................. 376 Protocol Overview..........................................................................................................................................................376 Extended Address Space..........................................................................................................................................376 Stateless Autoconfiguration................
Displaying iSCSI Optimization Information......................................................................................................................403 23 Intermediate System to Intermediate System............................................................405 IS-IS Protocol Overview.................................................................................................................................................405 IS-IS Addressing...................................................
Clearing the MAC Address Table.............................................................................................................................. 442 Setting the Aging Time for Dynamic Entries.............................................................................................................442 Configuring a Static MAC Address........................................................................................................................... 442 Displaying the MAC Address Table....
27 Microsoft Network Load Balancing............................................................................ 474 NLB Unicast Mode Scenario...........................................................................................................................................474 NLB Multicast Mode Scenario........................................................................................................................................474 Limitations With Enabling NLB on Switches....................
Creating Multiple Spanning Tree Instances.....................................................................................................................503 Influencing MSTP Root Selection.................................................................................................................................. 504 Interoperate with Non-Dell Networking OS Bridges.......................................................................................................
OSPF ACK Packing..................................................................................................................................................543 Setting OSPF Adjacency with Cisco Routers........................................................................................................... 543 Configuration Information..............................................................................................................................................
Use PIM-SSM with IGMP Version 2 Hosts.................................................................................................................... 586 Configuring PIM-SSM with IGMPv2........................................................................................................................ 586 36 Port Monitoring.........................................................................................................588 Important Points to Remember..........................................
Enabling QoS Rate Adjustment.......................................................................................................................................627 Enabling Strict-Priority Queueing................................................................................................................................... 628 Queue Classification Requirements for PFC Functionality..............................................................................................
Configuring Interfaces for Layer 2 Mode........................................................................................................................658 Enabling Rapid Spanning Tree Protocol Globally.............................................................................................................659 Adding and Removing Interfaces....................................................................................................................................
User Roles................................................................................................................................................................693 AAA Authentication and Authorization for Roles...................................................................................................... 697 Role Accounting.......................................................................................................................................................
46 Simple Network Management Protocol (SNMP)....................................................... 726 Protocol Overview..........................................................................................................................................................726 Implementation Information............................................................................................................................................726 SNMPv3 Compliance With FIPS....................................
48 Spanning Tree Protocol (STP)................................................................................... 749 Protocol Overview..........................................................................................................................................................749 Configure Spanning Tree................................................................................................................................................ 749 Related Configuration Tasks...................
Guidelines for Configuring Multipoint Receive-Only Tunnels........................................................................................... 774 Multipoint Receive-Only Type and IP Unnumbered Interfaces for Tunnels...................................................................... 774 51 Upgrade Procedures.................................................................................................. 775 Get Help with Upgrades...................................................................
RSTP Configuration....................................................................................................................................................... 802 Preventing Forwarding Loops in a VLT Domain........................................................................................................ 802 Sample RSTP Configuration.....................................................................................................................................802 Configuring VLT.........
DHCP.......................................................................................................................................................................847 VRF Configuration..........................................................................................................................................................847 Load VRF CAM......................................................................................................................................................
Deciding to Tune Buffers..........................................................................................................................................895 Using a Pre-Defined Buffer Profile............................................................................................................................897 Sample Buffer Profile Configuration.........................................................................................................................
1 About this Guide This guide describes the protocols and features the Dell Networking Operating System (OS) supports and provides configuration instructions and examples for implementing them. The S6000–ON platform is available with Dell Networking OS version 9.7 (0.0) and beyond. Though this guide contains information on protocols, it is not intended to be a complete reference. This guide is a reference for configuring protocols on Dell Networking systems.
2 Configuration Fundamentals The Dell Networking Operating System (OS) command line interface (CLI) is a text-based interface you can use to configure interfaces and protocols. The CLI is largely the same for each platform except for some commands and command outputs. The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and you can limit user access to modes using privilege levels.
Beneath CONFIGURATION mode are submodes that apply to interfaces, protocols, and features. The following example shows the submode command structure. Two sub-CONFIGURATION modes are important when configuring the chassis for the first time: • • INTERFACE submode is the mode in which you configure Layer 2 and Layer 3 protocols and IP services specific to an interface.
ROUTER OSPFV3 ROUTER RIP SPANNING TREE TRACE-LIST VLT DOMAIN VRRP UPLINK STATE GROUP uBoot Navigating CLI Modes The Dell Networking OS prompt changes to indicate the CLI mode. The following table lists the CLI mode, its prompt, and information about how to access and exit the CLI mode. Move linearly through the command modes, except for the end command which takes you directly to EXEC Privilege mode and the exit command which moves you up one command mode level.
CLI Command Mode Prompt Access Command VLAN Interface Dell(conf-if-vl-1)# interface (INTERFACE modes) STANDARD ACCESS-LIST Dell(config-std-nacl)# ip access-list standard (IP ACCESS-LIST Modes) EXTENDED ACCESS-LIST Dell(config-ext-nacl)# ip access-list extended (IP ACCESS-LIST Modes) IP COMMUNITY-LIST Dell(config-community-list)# ip community-list AUXILIARY Dell(config-line-aux)# line (LINE Modes) CONSOLE Dell(config-line-console)# line (LINE Modes) VIRTUAL TERMINAL Dell(config-line-vty
CLI Command Mode Prompt Access Command ECMP Dell(conf-ecmp-group-ecmpgroup-id)# ecmp-group EIS Dell(conf-mgmt-eis)# management egress-interfaceselection FRRP Dell(conf-frrp-ring-id)# protocol frrp LLDP Dell(conf-lldp)# or Dell(confif—interface-lldp)# protocol lldp (CONFIGURATION or INTERFACE Modes) LLDP MANAGEMENT INTERFACE Dell(conf-lldp-mgmtIf)# management-interface (LLDP Mode) LINE Dell(config-line-console) or Dell(config-line-vty) line console orline vty MONITOR SESSION Dell(conf-m
1 2 3 4 5 6 Management Member Member Member Member Member online not present not present not present not present not present S6000-ON S6000-ON 1-0(0-3932) 128 -- Power Supplies -Unit Bay Status Type FanStatus FanSpeed(rpm) --------------------------------------------------------------------------1 1 up AC absent 0 1 2 absent absent 0 -- Fan Status -Unit Bay TrayStatus Fan0 Speed Fan1 Speed -----------------------------------------------------------------------------------1 1 up up 0 up 0 1 2 up up 0
• Enter ? after a partial keyword lists all of the keywords that begin with the specified letters. Dell(conf)#cl? class-map clock Dell(conf)#cl • Enter [space]? after a keyword lists all of the keywords that can follow the specified keyword. Dell(conf)#clock ? summer-time Configure summer (daylight savings) time timezone Configure time zone Dell(conf)#clock Entering and Editing Commands Notes for entering commands. • The CLI is not case-sensitive. • You can enter partial CLI keywords.
Short-Cut Key Combination Action Esc D Deletes all characters from the cursor to the end of the word. Command History Dell Networking OS maintains a history of previously-entered commands for each mode. For example: • When you are in EXEC mode, the UP and DOWN arrow keys display the previously-entered EXEC mode commands. • When you are in CONFIGURATION mode, the UP or DOWN arrows keys recall the previously-entered CONFIGURATION mode commands.
1 2 3 4 5 6 7 not present online online not present not present online online not present not present E48TB E48TB 1-1-463 48 E48VB E48VB 1-1-463 48 The display command displays additional configuration information. The no-more command displays the output all at once rather than one screen at a time. This is similar to the terminal length command except that the no-more option affects the output of the specified command only. The save command copies the output to a file for future reference.
3 Getting Started This chapter describes how you start configuring your system. When you power up the chassis, the system performs a power-on self test (POST) during which the line card status light emitting diodes (LEDs) blink green. The system then loads the Dell Networking Operating System (OS). Boot messages scroll up the terminal window during this process. No user interaction is required if the boot process proceeds without interruption.
• 8 data bits • 1 stop bit • No flow control Pin Assignments You can connect to the console using a RJ-45 to RJ-45 rollover cable and a RJ-45 to DB-9 female DTE adapter to a terminal server (for example, a PC). The pin assignments between the console and a DTE terminal server are as follows: Table 2.
• You can manage all Dell Networking products in-band via the front-end data ports through interfaces assigned an IP address as well. Accessing the System Remotely Configuring the system for remote access is a three-step process, as described in the following topics: 1. Configure an IP address for the management port. Configure the Management Port IP Address 2. Configure a management route with a default gateway. Configure a Management Route 3. Configure a username and password.
username username password [encryption-type] password – encryption-type: specifies how you are inputting the password, is 0 by default, and is not required. * 0 is for inputting the password in clear text. * 7 is for inputting a password that is already encrypted using a Type 7 hash. Obtaining the encrypted password from the configuration of another Dell Networking system. Configuring the Enable Password Access EXEC Privilege mode using the enable command. EXEC Privilege mode is unrestricted by default.
Table 3.
write command, the mount command is saved to the startup configuration. As a result, each time the device re-boots, the NFS file system is mounted during start up. Table 5. Forming a copy Command Location source-file-url Syntax destination-file-url Syntax For a remote file location: copy nfsmount://{}/filepath/filename} username:password tftp://{hostip | hostname}/ filepath/filename NFS File System Important Points to Remember • You cannot copy a file from one remote system to another.
Save the Running-Configuration The running-configuration contains the current system configuration. Dell Networking recommends coping your runningconfiguration to the startup-configuration. The commands in this section follow the same format as those commands in the Copy Files to and from the System section but use the filenames startup-configuration and running-configuration. These commands assume that current directory is the internal flash, which is the system default.
Dell#dir Directory of flash: 1 drw32768 2 drwx 512 3 drw8192 4 drw8192 5 drw8192 6 drw8192 7 d--8192 8 -rw- 33059550 9 -rw- 27674906 10 -rw- 27674906 11 drw8192 12 -rw7276 13 -rw7341 14 -rw- 27674906 15 -rw- 27674906 --More-- Jan Jul Mar Mar Mar Mar Mar Jul Jul Jul Jan Jul Jul Jul Jul 01 23 30 30 30 30 30 11 06 06 01 20 20 06 06 1980 2007 1919 1919 1919 1919 1919 2007 2007 2007 1980 2007 2007 2007 2007 00:00:00 00:38:44 10:31:04 10:31:04 10:31:04 10:31:04 10:31:04 17:49:46 00:20:24 19:54:52 00:18:28 01:
show file-systems The output of the show file-systems command in the following example shows the total capacity, amount of free memory, file structure, media type, read/write privileges for each storage device in use. Dell#show file-systems Size(b) Free(b) Feature Type Flags 520962048 213778432 dosFs2.0 USERFLASH 127772672 21936128 dosFs2.
Using Hashes to Validate Software Images You can use the MD5 message-digest algorithm or SHA256 Secure Hash Algorithm to validate the software image on the flash drive, after the image has been transferred to the system, but before the image has been installed. The validation calculates a hash value of the downloaded image file on system’s flash drive, and, optionally, compares it to a Dell Networking published hash for that file.
SHA256 Dell# verify sha256 flash://FTOS-SE-9.5.0.0.bin e6328c06faf814e6899ceead219afbf9360e986d692988023b749e6b2093e933 SHA256 hash VERIFIED for FTOS-SE-9.5.0.0.
4 Management This chapter describes the different protocols or services used to manage the Dell Networking system. Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line. There are 16 privilege levels, of which three are pre-defined. The default privilege level is 1. Level Description Level 0 Access to the system begins at EXEC mode, and EXEC mode commands are limited to enable, disable, and exit.
level level command. In the command, specify the privilege level of the user or terminal line and specify all the keywords in the command to which you want to allow access. Allowing Access to the Following Modes This section describes how to allow access to the INTERFACE, LINE, ROUTE-MAP, and ROUTER modes. Similar to allowing access to CONFIGURATION mode, to allow access to INTERFACE, LINE, ROUTE-MAP, and ROUTER modes, you must first allow access to the command that enters you into the mode.
Dell#show priv Current privilege level is 3. Dell#? capture Capture packet configure Configuring from terminal disable Turn off privileged commands enable Turn on privileged commands exit Exit from the EXEC ip Global IP subcommands monitor Monitoring feature mtrace Trace reverse multicast path from destination to source ping Send echo messages quit Exit from the EXEC show Show running system information [output omitted] Dell#config [output omitted] Dell(conf)#do show priv Current privilege level is 3.
Applying a Privilege Level to a Terminal Line To set a privilege level for a terminal line, use the following command. • Configure a privilege level for a user. CONFIGURATION mode username username privilege level NOTE: When you assign a privilege level between 2 and 15, access to the system begins at EXEC mode, but the prompt is hostname#, rather than hostname>. Configuring Logging The Dell Networking OS tracks changes in the system using event and error messages.
The audit log contains configuration events and information. The types of information in this log consist of the following: • User logins to the switch. • System events for network issues or system issues. • Users making configuration changes. The switch logs who made the configuration changes and the date and time of the change. However, each specific change on the configuration is not logged. Only that the configuration was modified is logged with the user ID, date, and time of the change.
line vty0 ( 10.14.1.91 ) Clearing Audit Logs To clear audit logs, use the clear logging auditlog command in Exec mode. When RBAC is enabled, only the system administrator user role can issue this command. Example of the clear logging auditlog Command Dell# clear logging auditlog Configuring Logging Format To display syslog messages in a RFC 3164 or RFC 5424 format, use the logging version [0 | 1} command in CONFIGURATION mode. By default, the system log version is set to 0.
Setting Up a Secure Connection to a Syslog Server You can use reverse tunneling with the port forwarding to securely connect to a syslog server. Pre-requisites To configure a secure connection from the switch to the syslog server: 1. On the switch, enable the SSH server Dell(conf)#ip ssh server enable 2.
Log Messages in the Internal Buffer All error messages, except those beginning with %BOOTUP (Message), are log in the internal buffer.
– Add line on a 5.7 SunOS UNIX system. local7.debugging /var/adm/ftos.log In the previous lines, local7 is the logging facility level and debugging is the severity level. Changing System Logging Settings You can change the default settings of the system logging by changing the severity level and the storage location. The default is to log all messages up to debug level, that is, all system messages. By changing the severity level in the logging commands, you control the number of system messages logged.
Display the Logging Buffer and the Logging Configuration To display the current contents of the logging buffer and the logging settings for the system, use the show logging command in EXEC privilege mode. When RBAC is enabled, the security logs are filtered based on the user roles. Only the security administrator and system administrator can view the security logs.
– local0 (for local use) – local1 (for local use) – local2 (for local use) – local3 (for local use) – local4 (for local use) – local5 (for local use) – local6 (for local use) – local7 (for local use) – lpr (for line printer system messages) – mail (for mail system messages) – news (for USENET news messages) – sys9 (system use) – sys10 (system use) – sys11 (system use) – sys12 (system use) – sys13 (system use) – sys14 (system use) – syslog (for syslog messages) – user (for user programs) – uucp (UNIX to UNIX
You can configure multiple virtual terminals at one time by entering a number and an end-number. 2. Configure a level and set the maximum number of messages to print. LINE mode logging synchronous [level severity-level | all] [limit] Configure the following optional parameters: • level severity-level: the range is from 0 to 7. The default is 2. Use the all keyword to include all messages. • limit: the range is from 20 to 300. The default is 20.
• Configure FTP Server Parameters (optional) • Configure FTP Client Parameters (optional) Enabling the FTP Server To enable the system as an FTP server, use the following command. To view FTP configuration, use the show running-config ftp command in EXEC privilege mode. • Enable FTP on the system.
– For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. CONFIGURATION mode ip ftp source-interface interface • Configure a password. CONFIGURATION mode ip ftp password password • Enter a username to use on the FTP client. CONFIGURATION mode ip ftp username name To view the FTP configuration, use the show running-config ftp command in EXEC privilege mode, as shown in the example for Enable FTP Server.
Configuring Login Authentication for Terminal Lines You can use any combination of up to six authentication methods to authenticate a user on a terminal line. A combination of authentication methods is called a method list. If the user fails the first authentication method, Dell Networking OS prompts the next method until all methods are exhausted, at which point the connection is terminated. The available authentication methods are: enable Prompt for the enable password.
• Set the number of minutes and seconds. The default is 10 minutes on the console and 30 minutes on VTY. Disable EXEC time out by setting the time-out period to 0. LINE mode exec-timeout minutes [seconds] • Return to the default time-out values. LINE mode no exec-timeout Example of Setting the Time Out Period for EXEC Privilege Mode The following example shows how to set the time-out period and how to view the configuration using the show config command from LINE mode.
login: admin Dell# Lock CONFIGURATION Mode Dell Networking OS allows multiple users to make configurations at the same time. You can lock CONFIGURATION mode so that only one user can be in CONFIGURATION mode at any time (Message 2). You can set two types of lockst: auto and manual. • Set auto-lock using the configuration mode exclusive auto command from CONFIGURATION mode. When you set auto-lock, every time a user is in CONFIGURATION mode, all other users are denied access.
Important Points to Remember • When you restore all the units in a stack, these units are placed in standalone mode. • When you restore a single unit in a stack, only that unit is placed in standalone mode. No other units in the stack are affected. • When you restore the units in standalone mode, the units remain in standalone mode after the restoration. • After the restore is complete, the units power cycle immediately.
press any key 3. Assign the new location of the FTOS image to be used when the system reloads. To boot from flash partition A: BOOT_USER # boot change primary boot device : flash file name : systema BOOT_USER # To boot from flash partition B: BOOT_USER # boot change primary boot device : flash file name : systemb BOOT_USER # To boot from network: BOOT_USER # boot change primary boot device : tftp file name : FTOS-SI-9-5-0-169.bin Server IP address : 10.16.127.35 BOOT_USER # 4.
5 802.1X 802.1X is a method of port security. A device connected to a port that is enabled with 802.1X is disallowed from sending or receiving packets on the network until its identity can be verified (through a username and password, for example). This feature is named for its IEEE specification. 802.
Figure 3. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the network is the supplicant. The supplicant is not allowed to communicate on the network until the authenticator authorizes the port. It can only communicate with the authenticator in response to 802.1X requests. • The device with which the supplicant communicates is the authenticator. The authenticator is the gate keeper of the network.
6. If the identity information provided by the supplicant is valid, the authentication server sends an Access-Accept frame in which network privileges are specified. The authenticator changes the port state to authorized and forwards an EAP Success frame. If the identity information is invalid, the server sends an Access-Reject frame. If the port state remains unauthorized, the authenticator forwards an EAP Failure frame. Figure 4. EAP Port-Authentication EAP over RADIUS 802.
RADIUS Attributes for 802.1 Support Dell Networking systems include the following RADIUS attributes in all 802.1X-triggered Access-Request messages: Attribute 31 Calling-station-id: relays the supplicant MAC address to the authentication server. Attribute 41 NAS-Port-Type: NAS-port physical port type. 15 indicates Ethernet. Attribute 61 NAS-Port: the physical port number by which the authenticator is connected to the supplicant.
Enabling 802.1X Enable 802.1X globally. Figure 6. 802.1X Enabled 1. Enable 802.1X globally. CONFIGURATION mode dot1x authentication 2. Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [range] 3. Enable 802.1X on the supplicant interface only. INTERFACE mode dot1x authentication Examples of Verifying that 802.1X is Enabled Globally and on an Interface Verify that 802.
In the following example, the bold lines show that 802.1X is enabled. Dell#show running-config | find dot1x dot1x authentication ! [output omitted] ! interface TenGigabitEthernet 2/1/1 no ip address dot1x authentication no shutdown ! Dell# To view 802.1X configuration information for an interface, use the show dot1x interface command. In the following example, the bold lines show that 802.1X is enabled on all ports unauthorized by default. Dell#show dot1x interface TenGigabitEthernet 2/1/1 802.
• Configure a maximum number of times the authenticator re-transmits a Request Identity frame. INTERFACE mode dot1x max-eap-req number The range is from 1 to 10. The default is 2. The example in Configuring a Quiet Period after a Failed Authentication shows configuration information for a port for which the authenticator re-transmits an EAP Request Identity frame after 90 seconds and re-transmits a maximum of 10 times.
Forcibly Authorizing or Unauthorizing a Port IEEE 802.1X requires that a port can be manually placed into any of three states: • ForceAuthorized — an authorized state. A device connected to this port in this state is never subjected to the authentication process, but is allowed to communicate on the network. Placing the port in this state is same as disabling 802.1X on the port. • ForceUnauthorized — an unauthorized state.
INTERFACE mode dot1x reauthentication [interval] seconds The range is from 1 to 65535. • The default is 3600. Configure the maximum number of times that the supplicant can be re-authenticated. INTERFACE mode dot1x reauth-max number The range is from 1 to 10. The default is 2. Example of Re-Authenticating a Port and Verifying the Configuration The bold lines show that re-authentication is enabled and the new maximum and re-authentication time period.
dot1x server-timeout seconds The range is from 1 to 300. The default is 30. Example of Viewing Configured Server Timeouts The example shows configuration information for a port for which the authenticator terminates the authentication process for an unresponsive supplicant or server after 15 seconds. The bold lines show the new supplicant and server timeouts. Dell(conf-if-Te-1/1/1)#dot1x port-control force-authorized Dell(conf-if-Te-1/1/1)#do show dot1x interface TenGigabitEthernet 1/1/1 802.
Figure 7. Dynamic VLAN Assignment 1. Configure 8021.x globally (refer to Enabling 802.1X) along with relevant RADIUS server configurations (refer to the illustration inDynamic VLAN Assignment with Port Authentication). 2. Make the interface a switchport so that it can be assigned to a VLAN. 3. Create the VLAN to which the interface will be assigned. 4. Connect the supplicant to the port configured for 802.1X. 5.
• If the supplicant fails authentication a specified number of times, the authenticator places the port in the Authentication-fail VLAN. • If a port is already forwarding on the Guest VLAN when 802.1X is enabled, the port is moved out of the Guest VLAN and the authentication process begins. Configuring a Guest VLAN If the supplicant does not respond within a determined amount of time ([reauth-max + 1] * tx-period, the system assumes that the host does not have 802.
Example of Viewing Configured Authentication View your configuration using the show config command from INTERFACE mode, as shown in the example in Configuring a Guest VLAN or using the show dot1x interface command from EXEC Privilege mode. 802.
6 Access Control Lists (ACLs) This chapter describes access control lists (ACLs), prefix lists, and route-maps. At their simplest, access control lists (ACLs), prefix lists, and route-maps permit or deny traffic based on MAC and/or IP addresses. This chapter describes implementing IP ACLs, IP prefix lists and route-maps. For MAC ACLS, refer to Layer 2.
CAM Usage The following section describes CAM allocation and CAM optimization. • User Configurable CAM Allocation • CAM Optimization User Configurable CAM Allocation Allocate space for IPV6 ACLs by using the cam-acl command in CONFIGURATION mode. The CAM space is allotted in filter processor (FP) blocks. The total space allocated must equal 13 FP blocks. (There are 16 FP blocks, but System Flow requires three blocks that cannot be reallocated.
• L2 Ingress Access list • L2 Egress Access list NOTE: IP ACLs are supported over VLANs in Dell Networking OS version 6.2.1.1 and higher. ACLs and VLANs There are some differences when assigning ACLs to a VLAN rather than a physical port. For example, when using a single port-pipe, if you apply an ACL to a VLAN, one copy of the ACL entries is installed in the ACL CAM on the port-pipe. The entry looks for the incoming VLAN in the packet.
Important Points to Remember • For route-maps with more than one match clause: – Two or more match clauses within the same route-map sequence have the same match commands (though the values are different), matching a packet against these clauses is a logical OR operation. – Two or more match clauses within the same route-map sequence have different match commands, matching a packet against these clauses is a logical AND operation.
The following example shows matching instances of a route-map. Dell#show route-map route-map zakho, permit, sequence 10 Match clauses: Set clauses: route-map zakho, permit, sequence 20 Match clauses: interface TenGigabitEthernet 1/1/1 Set clauses: tag 35 level stub-area Dell# To delete all instances of that route map, use the no route-map map-name command. To delete just one instance, add the sequence number to the command syntax.
Example of the match Command to Match All Specified Values In the next example, there is a match only if a route has both of the specified characteristics. In this example, there a match only if the route has a tag value of 1000 and a metric value of 2000. Also, if there are different instances of the same route-map, then it’s sufficient if a permit match happens in any instance of that route-map.
• Match next-hop routes specified in a prefix list (IPv4). CONFIG-ROUTE-MAP mode match ip next-hop {access-list-name | prefix-list prefix-list-name} • Match next-hop routes specified in a prefix list (IPv6). CONFIG-ROUTE-MAP mode match ipv6 next-hop {access-list-name | prefix-list prefix-list-name} • Match source routes specified in a prefix list (IPv4).
• set local-preference value Specify a value for redistributed routes. CONFIG-ROUTE-MAP mode • set metric {+ | - | metric-value} Specify an OSPF or ISIS type for redistributed routes. CONFIG-ROUTE-MAP mode • set metric-type {external | internal | type-1 | type-2} Assign an IP address as the route’s next hop. CONFIG-ROUTE-MAP mode • set next-hop ip-address Assign an IPv6 address as the route’s next hop. CONFIG-ROUTE-MAP mode • set ipv6 next-hop ip-address Assign an ORIGIN attribute.
redistribute static metric 20 metric-type 2 tag 0 route-map staticospf ! route-map staticospf permit 10 match interface TenGigabitEthernet 1/1/1 match metric 255 set level backbone Configure a Route Map for Route Tagging One method for identifying routes from different routing protocols is to assign a tag to routes from that protocol. As the route enters a different routing domain, it is tagged. The tag is passed along with the route as it passes through different routing protocols.
• If you configure an explicit deny, the second and subsequent fragments do not hit the implicit permit rule for fragments. • Loopback interfaces do not support ACLs using the IP fragment option. If you configure an ACL with the fragments option and apply it to a Loopback interface, the command is accepted but the ACL entries are not actually installed the offending rule in CAM.
Dell(conf-ext-nacl)#deny ip any any fragment Dell(conf-ext-nacl) Example of Logging Denied Packets To log all the packets denied and to override the implicit deny rule and the implicit permit rule for TCP/ UDP fragments, use a configuration similar to the following.
The following example shows how the seq command orders the filters according to the sequence number assigned. In the example, filter 25 was configured before filter 15, but the show config command displays the filters in the correct order. Dell(config-std-nacl)#seq 25 deny ip host 10.5.0.0 any log Dell(config-std-nacl)#seq 15 permit tcp 10.3.0.0 /16 any Dell(config-std-nacl)#show config ! ip access-list standard dilling seq 15 permit tcp 10.3.0.0/16 any seq 25 deny ip host 10.5.0.
seq 50 permit tcp 10.8.0.0 /16 10.50.188.118 /31 eq 49 seq 55 permit udp 10.15.1.0 /24 10.50.188.118 /31 range 1812 1813 To delete a filter, enter the show config command in IP ACCESS LIST mode and locate the sequence number of the filter you want to delete. Then use the no seq sequence-number command in IP ACCESS LIST mode.
seq sequence-number {deny | permit} tcp {source mask | any | host ip-address}} [count [byte]] [order] [fragments] Example of the seq Command When you create the filters with a specific sequence number, you can create the filters in any order and the filters are placed in the correct order. NOTE: When assigning sequence numbers to filters, you may have to insert a new filter. To prevent reconfiguring multiple filters, assign sequence numbers in multiples of five or another number.
To view all configured IP ACLs and the number of packets processed through the ACL, use the show ip accounting accesslist command in EXEC Privilege mode, as shown in the first example in Configure a Standard IP ACL Filter. Configure Layer 2 and Layer 3 ACLs Both Layer 2 and Layer 3 ACLs may be configured on an interface in Layer 2 mode.
Applying an IP ACL To apply an IP ACL (standard or extended) to a physical or port channel interface, use the following commands. 1. Enter the interface number. CONFIGURATION mode interface interface slot/port 2. Configure an IP address for the interface, placing it in Layer-3 mode. INTERFACE mode ip address ip-address 3. Apply an IP ACL to traffic entering or exiting an interface.
To create an ingress ACL, use the ip access-group command in EXEC Privilege mode. The example shows applying the ACL, rules to the newly created access group, and viewing the access list. Example of Applying ACL Rules to Ingress Traffic and Viewing ACL Configuration To specify ingress, use the in keyword. Begin applying rules to the ACL with the ip access-list extended abcd command. To view the access-list, use the show command.
ip control-plane [egress filter] 2. Apply Egress ACLs to IPv6 system traffic. CONFIGURATION mode ipv6 control-plane [egress filter] 3. Create a Layer 3 ACL using permit rules with the count option to describe the desired CPU traffic.
• Configuring a prefix list • Use a prefix list for route redistribution For a complete listing of all commands related to prefix lists, refer to the Dell Networking OS Command Line Interface Reference Guide. Creating a Prefix List To create a prefix list, use the following commands. 1. Create a prefix list and assign it a unique name. You are in PREFIX LIST mode. CONFIGURATION mode ip prefix-list prefix-name 2. Create a prefix list with a sequence number and a deny or permit action.
ip prefix-list prefix-name 2. Create a prefix list filter with a deny or permit action. CONFIG-NPREFIXL mode {deny | permit} ip-prefix [ge min-prefix-length] [le max-prefix-length] The optional parameters are: • ge min-prefix-length: is the minimum prefix length to be matched (0 to 32). • le max-prefix-length: is the maximum prefix length to be matched (0 to 32).
Prefix-list with the last deletion/insertion: filter_ospf ip prefix-list filter_in: count: 3, range entries: 3, sequences: 5 - 10 ip prefix-list filter_ospf: count: 4, range entries: 1, sequences: 5 - 10 Dell> Applying a Prefix List for Route Redistribution To pass traffic through a configured prefix list, use the prefix list in a route redistribution command. Apply the prefix list to all traffic redistributed into the routing process.
distribute-list prefix-list-name out [connected | rip | static] Example of Viewing Configured Prefix Lists (ROUTER OSPF mode) To view the configuration, use the show config command in ROUTER OSPF mode, or the show running-config ospf command in EXEC mode. Dell(conf-router_ospf)#show config ! router ospf 34 network 10.2.1.1 255.255.255.255 area 0.0.0.
resequence prefix-list {ipv4 | ipv6} {prefix-list-name StartingSeqNum Step-to-Increment} Examples of Resequencing ACLs When Remarks and Rules Have the Same Number or have Different Numbers Remarks and rules that originally have the same sequence number have the same sequence number after you apply the resequence command. The example shows the resequencing of an IPv4 access-list beginning with the number 2 and incrementing by 2.
traffic. Route maps process routes for route redistribution. For example, a route map can be called to filter only specific routes and to add a metric. Route maps also have an “implicit deny.” Unlike ACLs and prefix lists; however, where the packet or traffic is dropped, in route maps, if a route does not match any of the route map conditions, the route is not redistributed.
If you configure the flow-based enable command and do not apply an ACL on the source port or the monitored port, both flow-based monitoring and port mirroring do not function. Flow-based monitoring is supported only for ingress traffic and not for egress packets. The port mirroring application maintains a database that contains all monitoring sessions (including port monitor sessions).
ip access-list For more information, see Access Control Lists (ACLs). 3. Apply the ACL to the monitored port. INTERFACE mode ip access-group access-list Example of the flow-based enable Command To view an access-list that you applied to an interface, use the show ip accounting access-list command from EXEC Privilege mode.
7 Bidirectional Forwarding Detection (BFD) BFD is a protocol that is used to rapidly detect communication failures between two adjacent systems. It is a simple and lightweight replacement for existing routing protocol link state detection mechanisms. It also provides a failure detection solution for links on which no routing protocol is used. BFD is a simple hello mechanism. Two neighboring systems running BFD establish a session using a three-way handshake.
BFD Packet Format Control packets are encapsulated in user datagram protocol (UDP) packets. The following illustration shows the complete encapsulation of a BFD control packet inside an IPv4 packet. Figure 8. BFD in IPv4 Packet Format Field Description Diagnostic Code The reason that the last session failed. State The current local session state. Refer to BFD Sessions. Flag A bit that indicates packet function.
Field Description My Discriminator A random number generated by the local system to identify the session. Your Discriminator A random number generated by the remote system to identify the session. Discriminator values are necessary to identify the session to which a control packet belongs because there can be many sessions running on a single interface. Desired Min TX Interval The minimum rate at which the local system would like to send control packets to the remote system.
Administratively Down The local system does not participate in a particular session. Down The remote system is not sending control packets or at least not within the detection time for a particular session. Init The local system is communicating. Up Both systems are exchanging control packets. The session is declared down if: • A control packet is not received within the detection time. • Sufficient echo packets are lost.
Figure 9.
Session State Changes The following illustration shows how the session state on a system changes based on the status notification it receives from the remote system. For example, if a session on a system is down and it receives a Down status notification from the remote system, the session state on the local system changes to Init. Figure 10. Session State Changes Important Points to Remember • • Enable BFD on both ends of a link. • Demand mode, authentication, and the Echo function are not supported.
• Configure BFD for VRRP • Configuring Protocol Liveness • Troubleshooting BFD Configure BFD for Physical Ports Configuring BFD for physical ports is supported on the C-Series and E-Series platforms only. BFD on physical ports is useful when you do not enable the routing protocol. Without BFD, if the remote system fails, the local system does not remove the connected route until the first failed attempt to send a packet.
Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the following illustration. The configuration parameters do not need to match. Figure 11. Establishing a BFD Session on Physical Ports 1. Enter interface mode. CONFIGURATION mode interface 2. Assign an IP address to the interface if one is not already assigned. INTERFACE mode ip address ip-address 3.
Neighbor parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Role: Active Delete session on Down: False Client Registered: CLI Uptime: 00:03:57 Statistics: Number of packets received from neighbor: 1775 Number of packets sent to neighbor: 1775 Number of state changes: 1 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 4 Log messages display when you configure both interfaces for BFD.
• Disable BFD on an interface. INTERFACE mode no bfd enable • Enable BFD on an interface. INTERFACE mode bfd enable If you disable BFD on a local interface, this message displays: R1(conf-if-te-4/24/1)#01:00:52: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Ad Dn for neighbor 2.2.2.
ip route bfd Example of the show bfd neighbors Command to Verify Static Routes To verify that sessions have been created for static routes, use the show bfd neighbors command. R1(conf)#ip route 2.2.3.0/24 2.2.2.2 R1(conf)#ip route bfd R1(conf)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult Clients 2.2.2.1 2.2.2.
• Disabling BFD for OSPF Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state. Figure 13. Establishing Sessions with OSPF Neighbors To establish BFD with all OSPF neighbors or with OSPF neighbors on a single interface, use the following commands. • Establish sessions with all OSPF neighbors.
The bold line shows the OSPF BFD sessions. R2(conf-router_ospf)#bfd all-neighbors R2(conf-router_ospf)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr * 2.2.2.2 * 2.2.3.1 RemoteAddr Interface State Rx-int Tx-int Mult Clients 2.2.2.1 Te 2/1/1 Up 100 100 3 O 2.2.3.2 Te 2/2/1 Up 100 100 3 O Changing OSPF Session Parameters Configure BFD sessions with default intervals and a default role.
2. Establish sessions with OSPFv3 neighbors. Related Configuration Tasks • Changing OSPFv3 Session Parameters • Disabling BFD for OSPFv3 Establishing Sessions with OSPFv3 Neighbors You can establish BFD sessions with all OSPFv3 neighbors at once or with all neighbors out of a specific interface. Sessions are only established when the OSPFv3 adjacency is in the Full state. To establish BFD with all OSPFv3 neighbors or with OSPFv3 neighbors on a single interface, use the following commands.
• Disable BFD sessions with OSPFv3 neighbors on a single interface. INTERFACE mode ipv6 ospf bfd all-neighbors disable Configure BFD for IS-IS When using BFD with IS-IS, the IS-IS protocol registers with the BFD manager on the RPM. BFD sessions are then established with all neighboring interfaces participating in IS-IS. If a neighboring interface fails, the BFD agent on the line card notifies the BFD manager, which in turn notifies the IS-IS protocol that a link state change occurred.
• Establish sessions with all IS-IS neighbors. ROUTER-ISIS mode • bfd all-neighbors Establish sessions with IS-IS neighbors on a single interface. INTERFACE mode isis bfd all-neighbors Example of Verifying Sessions with IS-IS Neighbors To view the established sessions, use the show bfd neighbors command. The bold line shows that IS-IS BFD sessions are enabled. Changing IS-IS Session Parameters BFD sessions are configured with default intervals and a default role.
Prerequisites Before configuring BFD for BGP, you must first configure the following settings: 1. Configure BGP on the routers that you want to interconnect, as described in Border Gateway Protocol IPv4 (BGPv4). 2. Enable fast fall-over for BGP neighbors to reduce convergence time (the neighbor fall-over command), as described in BGP Fast Fall-Over. Establishing Sessions with BGP Neighbors Before configuring BFD for BGP, you must first configure BGP on the routers that you want to interconnect.
As long as each BFD for BGP neighbor receives a BFD control packet within the configured BFD interval for failure detection, the BFD session remains up and BGP maintains its adjacencies. If a BFD for BGP neighbor does not receive a control packet within the detection interval, the router informs any clients of the BFD session (other routing protocols) about the failure. It then depends on the individual routing protocols that uses the BGP link to determine the appropriate response to the failure condition.
• Remove the disabled state of a BFD for BGP session with a specified neighbor. ROUTER BGP mode no neighbor {ip-address | peer-group-name} bfd disable Use BFD in a BGP Peer Group You can establish a BFD session for the members of a peer group (the neighbor peer-group-name bfd command in ROUTER BGP configuration mode).
neighbor 2.2.2.2 remote-as 1 neighbor 2.2.2.2 no shutdown neighbor 3.3.3.2 remote-as 1 neighbor 3.3.3.2 no shutdown bfd all-neighbors The following example shows viewing all BFD neighbors. R2# show bfd neighbors * - Active session role Ad Dn - Admin Down B - BGP C - CLI I - ISIS O - OSPF R - Static Route (RTM) M - MPLS V - VRRP LocalAddr * 1.1.1.3 * 2.2.2.3 * 3.3.3.3 RemoteAddr 1.1.1.2 2.2.2.2 3.3.3.
Actual parameters: TX: 100ms, RX: 100ms, Multiplier: 3 Role: Active Delete session on Down: True Client Registered: BGP Uptime: 00:02:22 Statistics: Number of packets received from neighbor: 1428 Number of packets sent to neighbor: 1428 Number of state changes: 1 Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 4 The following example shows viewing configured BFD counters.
The bold lines show the message displayed when you enable a BFD session with different configurations: • Message displays when you enable a BFD session with a BGP neighbor that inherits the global BFD session settings configured with the global bfd all-neighbors command. • Message displays when you enable a BFD session with a BGP neighbor using the neighbor ip-address bfd command.
Configure BFD for VRRP When using BFD with VRRP, the VRRP protocol registers with the BFD manager on the route processor module (RPM). BFD sessions are established with all neighboring interfaces participating in VRRP. If a neighboring interface fails, the BFD agent on the line card notifies the BFD manager, which in turn notifies the VRRP protocol that a link state change occurred. Configuring BFD for VRRP is a three-step process: 1. Enable BFD globally. Refer to Enabling BFD Globally. 2.
To establish a session with a particular VRRP neighbor, use the following command. • Establish a session with a particular VRRP neighbor. INTERFACE mode vrrp bfd neighbor ip-address Examples of Viewing VRRP Sessions with Neighbors or State Information To view the established sessions, use the show bfd neighbors command. The bold line shows that VRRP BFD sessions are enabled.
To view session parameters, use the show bfd neighbors detail command, as shown in the example in Verifying BFD Sessions with BGP Neighbors Using the show bfd neighbors command example in Displaying BFD for BGP Information. Disabling BFD for VRRP If you disable any or all VRRP sessions, the sessions are torn down. A final Admin Down control packet is sent to all neighbors and sessions on the remote system change to the Down state.
00:54:38 : Received packet for session with neighbor 2.2.2.2 on Te 4/24/1 RX packet dump: Version:1, Diag code:0, State:Init, Poll bit:0, Final bit:0, Demand bit:0 myDiscrim:6, yourDiscrim:4, minTx:1000000, minRx:1000000, multiplier:3, minEchoRx:0 00:54:38: %RPM0-P:RP2 %BFDMGR-1-BFD_STATE_CHANGE: Changed session state to Up for neighbor 2.2.2.2 on interface Te 4/24/1 (diag: 0) The following example shows hexadecimal output from the debug bfd packet command.
8 Border Gateway Protocol IPv4 (BGPv4) This chapter provides a general description of BGPv4 as it is supported in the Dell Networking Operating System (OS). BGP protocol standards are listed in the Standards Compliance chapter. BGP is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS). The primary function of the BGP is to exchange network reachability information with other BGP systems.
Figure 17. Internal BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol — a computer network in which BGP maintains the path that updated information takes as it diffuses through the network. Updates traveling through the network and returning to the same node are easily detected and discarded.
Figure 18. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers. A Peer is also called a Neighbor. Establish a Session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies.
State Description Idle BGP initializes all resources, refuses all inbound BGP connection attempts, and initiates a TCP connection to the peer. Connect In this state the router waits for the TCP connection to complete, transitioning to the OpenSent state if successful. If that transition is not successful, BGP resets the ConnectRetry timer and transitions to the Active state when the timer expires. Active The router resets the ConnectRetry timer to zero and returns to the Connect state.
Figure 19. BGP Router Rules 1. Router B receives an advertisement from Router A through eBGP. Because the route is learned through eBGP, Router B advertises it to all its iBGP peers: Routers C and D. 2. Router C receives the advertisement but does not advertise it to any peer because its only other peer is Router D, an iBGP peer, and Router D has already learned it through iBGP from Router B. 3.
reduce the options. If a number of best paths is determined, this selection criteria is applied to group’s best to determine the ultimate best path. In non-deterministic mode (the bgp non-deterministic-med command is applied), paths are compared in the order in which they arrive. This method can lead to Dell Networking OS choosing different best paths from a set of paths, depending on the order in which they were received from the neighbors because MED may or may not get compared between the adjacent paths.
b. A path with no AS_PATH configured has a path length of 0. c. AS_CONFED_SET is not included in the AS_PATH length. d. AS_CONFED_SEQUENCE has a path length of 1, no matter how many ASs are in the AS_CONFED_SEQUENCE. 5. Prefer the path with the lowest ORIGIN type (IGP is lower than EGP, and EGP is lower than INCOMPLETE). 6. Prefer the path with the lowest multi-exit discriminator (MED) attribute. The following criteria apply: a.
Figure 21. BGP Local Preference Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discriminator (MED) can be used to assign a preference to a preferred path. MED is one of the criteria used to determine the best path, so keep in mind that other criteria may impact selection, as shown in the illustration in Best Path Selection Criteria. One AS assigns the MED a value and the other AS uses that value to decide the preferred path.
Figure 22. Multi-Exit Discriminators NOTE: Configuring the set metric-type internal command in a route-map advertises the IGP cost as MED to outbound EBGP peers when redistributing routes. The configured set metric value overwrites the default IGP cost. If the outbound route-map uses MED, it overwrites IGP MED. Origin The origin indicates the origin of the prefix, or how the prefix came into BGP. There are three origin codes: IGP, EGP, INCOMPLETE.
NOTE: Any update that contains the AS path number 0 is valid. The AS path is shown in the following example. The origin attribute is shown following the AS path information (shown in bold).
Implement BGP with Dell Networking OS The following sections describe how to implement BGP on Dell Networking OS. Additional Path (Add-Path) Support The add-path feature reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing paths with new ones. By default, a BGP speaker advertises only the best path to its peers for a given address prefix.
Ignore Router-ID for Some Best-Path Calculations Dell Networking OS allows you to avoid unnecessary BGP best-path transitions between external paths under certain conditions. The bgp bestpath router-id ignore command reduces network disruption caused by routing and forwarding plane changes and allows for faster convergence. Four-Byte AS Numbers Dell Networking OS supports 4-Byte (32-bit) format when configuring autonomous system numbers (ASNs).
Dynamic AS Number Notation Application Dell Networking OS applies the ASN notation type change dynamically to the running-config statements. When you apply or change an asnotation, the type selected is reflected immediately in the running-configuration and the show commands (refer to the following two examples).
Dell(conf-router_bgp)#do show ip bgp BGP table version is 28093, local router ID is 172.30.1.57 AS Number Migration With this feature you can transparently change the AS number of an entire BGP network and ensure that the routes are propagated throughout the network while the migration is in progress. When migrating one AS to another, perhaps combining ASs, an eBGP network may lose its routing to an iBGP if the ASN changes.
If you use the “no prepend” option, the Local-AS does not prepend to the updates received from the eBGP peer. If you do not select “no prepend” (the default), the Local-AS is added to the first AS segment in the AS-PATH. If an inbound route-map is used to prepend the as-path to the update from the peer, the Local-AS is added first. For example, consider the topology described in the previous illustration.
• To avoid SNMP timeouts with a large-scale configuration (large number of BGP neighbors and a large BGP Loc-RIB), Dell Networking recommends setting the timeout and retry count values to a relatively higher number. For example, t = 60 or r = 5. • To return all values on an snmpwalk for the f10BgpM2Peer sub-OID, use the -C c option, such as snmpwalk -v 2c -C c c public. • An SNMP walk may terminate pre-maturely if the index does not increment lexicographically.
Item Default Graceful Restart feature Disabled Local preference 100 MED 0 Route Flap Damping Parameters half-life = 15 minutes reuse = 750 suppress = 2000 max-suppress-time = 60 minutes external distance = 20 Distance internal distance = 200 local distance = 200 keepalive = 60 seconds Timers holdtime = 180 seconds Add-path Disabled Enabling BGP By default, BGP is not enabled on the system. Dell Networking OS supports one autonomous system (AS) and assigns the AS number (ASN).
CONFIG-ROUTER-BGP mode bgp four-octet-as-support NOTE: Use it only if you support 4-Byte AS numbers or if you support AS4 number representation. If you are supporting 4-Byte ASNs, enable this command. Disable 4-Byte support and return to the default 2-Byte format by using the no bgp four-octet-as-support command. You cannot disable 4-Byte support if you currently have a 4-Byte ASN configured. Disabling 4-Byte AS numbers also disables ASDOT and ASDOT+ number representation.
100.10.92.9 65192 0 192.168.10.1 65123 0 192.168.12.2 65123 0 R2# 0 0 0 0 0 0 0 0 0 0 never 0 never 0 never Active Active Active The following example shows the show ip bgp summary command output (4–byte AS number displays). R2#show ip bgp summary BGP router identifier 192.168.10.2, local AS number 48735.
Local host: 10.114.8.39, Local port: 1037 Foreign host: 10.114.8.60, Foreign port: 179 BGP neighbor is 10.1.1.1, remote AS 65535, internal link Administratively shut down BGP version 4, remote router ID 10.0.0.
Only one form of AS number representation is supported at a time. You cannot combine the types of representations within an AS. To configure AS4 number representations, use the following commands. • Enable ASPLAIN AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asplain NOTE: ASPLAIN is the default method Dell Networking OS uses and does not appear in the configuration display. • Enable ASDOT AS Number representation.
Configuring Peer Groups To configure multiple BGP neighbors at one time, create and populate a BGP peer group. An advantage of peer groups is that members of a peer group inherit the configuration properties of the group and share same update policy. A maximum of 256 peer groups are allowed on the system. Create a peer group by assigning it a name, then adding members to the peer group. After you create a peer group, you can configure route policies for it.
When you add a peer to a peer group, it inherits all the peer group’s configured parameters.
Peer-group zanzibar, remote AS 65535 BGP version 4 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast BGP neighbor is zanzibar, peer-group internal, Number of peers in this group 26 Peer-group members (* - outbound optimized): 10.68.160.1 10.68.161.1 10.68.162.1 10.68.163.1 10.68.164.1 10.68.165.1 10.68.166.1 10.68.167.1 10.68.168.1 10.68.169.1 10.68.170.1 10.68.171.1 10.68.172.1 10.68.173.1 10.68.174.1 10.68.175.1 10.68.176.1 10.68.177.1 10.68.178.1 10.68.179.1 10.68.180.
BGP neighbor is 100.100.100.100, remote AS 65517, internal link Member of peer-group test for session parameters BGP version 4, remote router ID 30.30.30.
neighbor 100.100.100.100 no shutdown Dell# Configuring Passive Peering When you enable a peer-group, the software sends an OPEN message to initiate a TCP connection. If you enable passive peering for the peer group, the software does not send an OPEN message, but it responds to an OPEN message. When a BGP neighbor connection with authentication configured is rejected by a passive peer-group, Dell Networking OS does not allow another passive peer-group on the same subnet to connect with the BGP neighbor.
Example of the Verifying that Local AS Numbering is Disabled The first line in bold shows the actual AS number. The second two lines in bold show the local AS number (6500) maintained during migration. To disable this feature, use the no neighbor local-as command in CONFIGURATION ROUTER BGP mode. R2(conf-router_bgp)#show conf ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.
network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.9 local-as 6500 neighbor 100.10.92.9 no shutdown neighbor 192.168.10.1 remote-as 65123 neighbor 192.168.10.1 update-source Loopback 0 neighbor 192.168.10.1 no shutdown neighbor 192.168.12.2 remote-as 65123 neighbor 192.168.12.
bgp graceful-restart [stale-path-time time-in-seconds] • The default is 360 seconds. Local router supports graceful restart as a receiver only. CONFIG-ROUTER-BGP mode bgp graceful-restart [role receiver-only] Enabling Neighbor Graceful Restart BGP graceful restart is active only when the neighbor becomes established. Otherwise, it is disabled. Graceful-restart applies to all neighbors with established adjacency.
ip as-path access-list as-path-name 2. Enter the parameter to match BGP AS-PATH for filtering. CONFIG-AS-PATH mode {deny | permit} filter parameter This is the filter that is used to match the AS-path. The entries can be any format, letters, numbers, or regular expressions. You can enter this command multiple times if multiple filters are desired. For accepted expressions, refer to Regular Expressions as Filters. 3. Return to CONFIGURATION mode. AS-PATH ACL mode exit 4. Enter ROUTER BGP mode.
Regular Expressions as Filters Regular expressions are used to filter AS paths or community lists. A regular expression is a special character used to define a pattern that is then compared with an input string. For an AS-path access list, as shown in the previous commands, if the AS path matches the regular expression in the access list, the route matches the access list. The following lists the regular expressions accepted in Dell Networking OS.
Dell(config-as-path)#deny 32$ Dell(config-as-path)#ex Dell(conf)#router bgp 99 Dell(conf-router_bgp)#neighbor AAA filter-list Eagle in Dell(conf-router_bgp)#show conf ! router bgp 99 neighbor AAA peer-group neighbor AAA filter-list Eaglein neighbor AAA no shutdown neighbor 10.155.15.2 remote-as 32 neighbor 10.155.15.2 filter-list 1 in neighbor 10.155.15.
Enabling Additional Paths The add-path feature is disabled by default. NOTE: Dell Networking OS recommends not using multipath and add path simultaneously in a route reflector. To allow multiple paths sent to peers, use the following commands. 1. Allow the advertisement of multiple paths for the same address prefix without the new paths replacing any previous ones. CONFIG-ROUTER-BGP mode bgp add-path [both|received|send] path-count count The range is from 2 to 64. 2.
• • • no-export: routes with the COMMUNITY attribute of NO_EXPORT. quote-regexp: then any number of regular expressions. The software applies all regular expressions in the list. regexp: then a regular expression. Example of the show ip community-lists Command To view the configuration, use the show config command in CONFIGURATION COMMUNITY-LIST or CONFIGURATION EXTCOMMUNITY LIST mode or the show ip {community-lists | extcommunity-list} command in EXEC Privilege mode.
deny deny deny deny deny deny deny deny deny deny deny deny deny deny deny deny deny deny Dell# 701:20 702:20 703:20 704:20 705:20 14551:20 701:112 702:112 703:112 704:112 705:112 14551:112 701:667 702:667 703:667 704:666 705:666 14551:666 Filtering Routes with Community Lists To use an IP community list or IP extended community list to filter routes, you must apply a match community filter to a route map and then apply that route map to a BGP neighbor or peer group. 1.
To send the COMMUNITY attribute to BGP neighbors, use the following command. • Enable the software to send the router’s COMMUNITY attribute to the BGP neighbor or peer group specified. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} send-community To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode.
Origin codes: i - IGP, e - EGP, ? - incomplete Network * i 3.0.0.0/8 *>i 4.2.49.12/30 * i 4.21.132.0/23 *>i 4.24.118.16/30 *>i 4.24.145.0/30 *>i 4.24.187.12/30 *>i 4.24.202.0/30 *>i 4.25.88.0/30 *>i 6.1.0.0/16 *>i 6.2.0.0/22 *>i 6.3.0.0/18 *>i 6.4.0.0/16 *>i 6.5.0.0/19 *>i 6.8.0.0/20 *>i 6.9.0.0/20 *>i 6.10.0.0/15 *>i 6.14.0.0/15 *>i 6.133.0.0/21 *>i 6.151.0.0/16 --More-- Next Hop Metric 195.171.0.16 195.171.0.16 195.171.0.16 195.171.0.16 195.171.0.16 195.171.0.16 195.171.0.16 195.171.0.16 195.171.0.
A more flexible method for manipulating the LOCAL_PREF attribute value is to use a route map. 1. Enter the ROUTE-MAP mode and assign a name to a route map. CONFIGURATION mode route-map map-name [permit | deny] [sequence-number] 2. Change LOCAL_PREF value for routes meeting the criteria of this route map. CONFIG-ROUTE-MAP mode set local-preference value 3. Return to CONFIGURATION mode. CONFIG-ROUTE-MAP mode exit 4. Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5.
• Sets weight for the route. CONFIG-ROUTE-MAP mode set weight weight – weight: the range is from 0 to 65535. To view BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode or the show runningconfig bgp command in EXEC Privilege mode. Enabling Multipath By default, the software allows one path to a destination. You can enable multipath to allow up to 64 parallel paths to a destination.
• ge: minimum prefix length to be matched. • le: maximum prefix length to me matched. For information about configuring prefix lists, refer to Access Control Lists (ACLs). 3. Return to CONFIGURATION mode. CONFIG-PREFIX LIST mode exit 4. Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5. Filter routes based on the criteria in the configured prefix list.
5. Filter routes based on the criteria in the configured route map. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-map map-name {in | out} Configure the following parameters: • ip-address or peer-group-name: enter the neighbor’s IP address or the peer group’s name. • map-name: enter the name of a configured route map. • in: apply the route map to inbound routes. • out: apply the route map to outbound routes.
With route reflection configured properly, IBGP routers are not fully meshed within a cluster but all receive routing information. Configure clusters of routers where one router is a concentration router and the others are clients who receive their updates from the concentration router. To configure a route reflector, use the following commands. • Assign an ID to a router reflector cluster. CONFIG-ROUTER-BGP mode bgp cluster-id cluster-id • You can have multiple clusters in an AS.
the confederations appear as one AS. Within the confederation sub-AS, the IBGP neighbors are fully meshed and the MED, NEXT_HOP, and LOCAL_PREF attributes are maintained between confederations. To configure BGP confederations, use the following commands. • Specifies the confederation ID. CONFIG-ROUTER-BGP mode bgp confederation identifier as-number – as-number: from 0 to 65535 (2 Byte) or from 1 to 4294967295 (4 Byte). • Specifies which confederation sub-AS are peers.
– half-life: the range is from 1 to 45. Number of minutes after which the Penalty is decreased. After the router assigns a Penalty of 1024 to a route, the Penalty is decreased by half after the half-life period expires. The default is 15 minutes. – reuse: the range is from 1 to 20000. This number is compared to the flapping route’s Penalty value. If the Penalty value is less than the reuse value, the flapping route is once again advertised (or no longer suppressed).
The following example shows how to configure values to reuse or restart a route. In the following example, default = 15 is the set time before the value decrements, bgp dampening 2 ? is the set re-advertise value, bgp dampening 2 2000 ? is the suppress value, and bgp dampening 2 2000 3000 ? is the time to suppress a route. Default values are also shown.
– keepalive: the range is from 1 to 65535. Time interval, in seconds, between keepalive messages sent to the neighbor routers. The default is 60 seconds. – holdtime: the range is from 3 to 65536. Time interval, in seconds, between the last keepalive message and declaring the router dead. The default is 180 seconds. To view non-default values, use the show config command in CONFIGURATION ROUTER BGP mode or the show runningconfig bgp command in EXEC Privilege mode.
Example of Soft-Reconfigration of a BGP Neighbor The example enables inbound soft reconfiguration for the neighbor 10.108.1.1. All updates received from this neighbor are stored unmodified, regardless of the inbound policy. When inbound soft reconfiguration is done later, the stored information is used to generate a new set of inbound updates. Dell>router bgp 100 neighbor 10.108.1.1 remote-as 200 neighbor 10.108.1.
• Exchange of IPv4 multicast route information occurs through the use of two new attributes called MP_REACH_NLRI and MP_UNREACH_NLRI, for feasible and withdrawn routes, respectively. • If the peer has not been activated in any AFI/SAFI, the peer remains in Idle state. Most Dell Networking OS BGP IPv4 unicast commands are extended to support the IPv4 multicast RIB using extra options to the command.
• debug ip bgp [ip-address | peer-group peer-group-name] updates [in | out] [prefix-list name] Enable soft-reconfiguration debug. EXEC Privilege mode debug ip bgp {ip-address | peer-group-name} soft-reconfiguration To enhance debugging of soft reconfig, use the bgp soft-reconfig-backup command only when route-refresh is not negotiated to avoid the peer from resending messages. In-BGP is shown using the show ip protocols command. Dell Networking OS displays debug messages on the console.
'UPDATE error/Missing well-known attr' Sent : 1 Recv: 0 'Connection Reset' Sent : 1 Recv: 0 Last notification (len 21) sent 00:26:02 ago ffffffff ffffffff ffffffff ffffffff 00160303 03010000 Last notification (len 21) received 00:26:20 ago ffffffff ffffffff ffffffff ffffffff 00150306 00000000 Last PDU (len 41) received 00:26:02 ago that caused notification to be issued ffffffff ffffffff ffffffff ffffffff 00290200 00000e01 02040201 00024003 04141414 0218c0a8 01000000 Local host: 1.1.1.
PDU[4] : len 19, captured 00:34:20 ago ffffffff ffffffff ffffffff ffffffff 00130400 [. . .] The following example shows how to view space requirements for storing all the PDUs. With full internet feed (205K) captured, approximately 11.8MB is required to store all of the PDUs. Dell(conf-router_bgp)#do show capture bgp-pdu neighbor 172.30.1.250 Incoming packet capture enabled for BGP neighbor 172.30.1.250 Available buffer size 29165743, 192991 packet(s) captured using 11794257 bytes [. . .
Figure 24. Sample Configurations Example of Enabling BGP (Router 1) R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int te 1/21/1 R1(conf-if-te-1/21/1)#ip address 10.0.1.21/24 R1(conf-if-te-1/21/1)#no shutdown R1(conf-if-te-1/21/1)#show config ! interface TengigabitEthernet 1/21/1 ip address 10.0.1.
R1(conf-router_bgp)#neighbor 192.168.128.3 remote 100 R1(conf-router_bgp)#neighbor 192.168.128.3 no shut R1(conf-router_bgp)#neighbor 192.168.128.3 update-source loop 0 R1(conf-router_bgp)#show config ! router bgp 99 network 192.168.128.0/24 neighbor 192.168.128.2 remote-as 99 neighbor 192.168.128.2 update-source Loopback 0 neighbor 192.168.128.2 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.168.128.
R3(conf-if-te-3/11/1)#show config ! interface TengigabitEthernet 3/11/1 ip address 10.0.3.33/24 no shutdown R3(conf-if-lo-0)#int te 3/21/1 R3(conf-if-te-3/21/1)#ip address 10.0.2.3/24 R3(conf-if-te-3/21/1)#no shutdown R3(conf-if-te-3/21/1)#show config ! interface TengigabitEthernet 3/21/1 ip address 10.0.2.3/24 no shutdown R3(conf-if-te-3/21/1)# R3(conf-if-te-3/21/1)#router bgp 100 R3(conf-router_bgp)#show config ! router bgp 100 R3(conf-router_bgp)#network 192.168.128.0/24 R3(conf-router_bgp)#neighbor 192.
CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Update source set to Loopback 0 Peer active in peer-group outbound optimization For address family: IPv4 Unicast BGP table version 1, neighbor version 1 Prefixes accepted 1 (consume 4 bytes), withdrawn 0 by peer Prefixes advertised 1, denied 0, withdrawn 0 from peer Connections established 2; dropped 1 Last reset 00:00:57, due to user reset Notification History 'Connect
2 BGP path attribute entrie(s) using 128 bytes of memory 2 BGP AS-PATH entrie(s) using 90 bytes of memory 2 neighbor(s) using 9216 bytes of memory Neighbor AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/Pfx 192.168.128.1 99 140 136 2 0 (0) 00:11:24 1 192.168.128.
Member of peer-group BBB for session parameters BGP version 4, remote router ID 192.168.128.
9 Content Addressable Memory (CAM) CAM is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 and Layer 3 forwarding information, access-lists (ACLs), flows, and routing policies. CAM Allocation CAM Allocation for Ingress To allocate the space for regions such has L2 ingress ACL, IPV4 ingress ACL, IPV6 ingress ACL, IPV4 QOS, L2 QOS, PBR, VRF ACL etc on the S-Series by using the cam-acl command in CONFIGURATION mode.
Table 11. Additional Default CAM Allocation Settings Additional CAM Allocation Setting FCoE ACL (fcoeacl) 0 ISCSI Opt ACL (iscsioptacl) 0 The ipv6acl and vman-dual-qos allocations must be entered as a factor of 2 (2, 4, 6, 8, 10). All other profile allocations can use either even or odd numbered ranges. You must save the new CAM settings to the startup-config (write-mem or copy run start) then reload the system for the new settings to take effect.
4. Reload the system. EXEC Privilege mode reload Test CAM Usage Use this command to determine whether sufficient CAM space is available to enable a service-policy. Create a Class Map with all required ACL rules, then execute the test cam-usage command in Privilege mode to verify the actual CAM space required. The Status column in the command output indicates whether or not the policy can be enabled.
View CAM-ACL Settings Thisshow cam-acl command shows the cam-acl setting that will be loaded after the next reload.
IpMacAcl VmanQos VmanDualQos EcfmAcl FcoeAcl iscsiOptAcl ipv4pbr vrfv4Acl Openflow fedgovacl : : : : : : : : : : 0 0 0 0 0 0 0 0 0 0 -- Stack unit 0 -Current Settings(in block sizes) 1 block = 128 entries L2Acl : 6 Ipv4Acl : 4 Ipv6Acl : 0 Ipv4Qos : 2 L2Qos : 1 L2PT : 0 IpMacAcl : 0 VmanQos : 0 VmanDualQos : 0 EcfmAcl : 0 FcoeAcl : 0 iscsiOptAcl : 0 ipv4pbr : 0 vrfv4Acl : 0 Openflow : 0 fedgovacl : 0 -- Stack unit 7 -Current Settings(in block sizes) 1 block = 128 entries L2Acl : 6 Ipv4Acl : 4 Ipv6Acl : 0
| | | 0 | | | | | | | | | | | Codes: * - cam usage Dell# 7 OUT-L2 ACL IN-L3 ACL IN-V6 ACL IN-L2 ACL OUT-L3 ACL OUT-V6 ACL OUT-L2 ACL is above 90%.
Syslog Error When the Table is Full In the Dell Networking OS, the table full condition is displayed as CAM full only for LPM. But now the LPM is split into two tables. There are two syslog errors that are displayed: 1. /65 to /128 Table full. 2. 0/0 – 0/64 Table full. A table-full error message is displayed once the number of entries is crossed the table size. Table-full message is generated only once when it crosses the threshold.
Dell(conf)# Dell(conf)#end Dell#01:13:44: %STKUNIT0-M:CP %SYS-5-CONFIG_I: Configured from console Dell# 2. Display the hardware forwarding table mode in the current boot and in the next boot.
10 Control Plane Policing (CoPP) Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system’s control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, rate-limits, traffic to an acceptable level.
Figure 26. CoPP Implemented Versus CoPP Not Implemented Configure Control Plane Policing The system can process a maximum of 4200 packets per second (PPS). Protocols that share a single queue may experience flaps if one of the protocols receives a high rate of control traffic even though per protocol CoPP is applied. This happens because queuebased rate limiting is applied first.
Configuring CoPP for Protocols This section lists the commands necessary to create and enable the service-policies for CoPP. For complete information about creating ACLs and QoS rules, refer to Access Control Lists (ACLs) and Quality of Service (QoS). The basics for creating a CoPP service policy are to create a Layer 2, Layer 3, and/or an IPv6 ACL rule for the desired protocol type. Then, create a QoS input policy to rate-limit the protocol traffics according to the ACL.
Dell(conf)#mac access-list extended lacp cpu-qos Dell(conf-mac-acl-cpuqos)#permit lacp Dell(conf-mac-acl-cpuqos)#exit Dell(conf)#ipv6 access-list ipv6-icmp cpu-qos Dell(conf-ipv6-acl-cpuqos)#permit icmp Dell(conf-ipv6-acl-cpuqos)#exit Dell(conf)#ipv6 access-list ipv6-vrrp cpu-qos Dell(conf-ipv6-acl-cpuqos)#permit vrrp Dell(conf-ipv6-acl-cpuqos)#exit The following example shows creating the QoS input policy.
The basics for creating a CoPP service policy is to create QoS policies for the desired CPU bound queue and associate it with a particular rate-limit. The QoS policies are assigned to a control-plane service policy for each port-pipe. 1. Create a QoS input policy for the router and assign the policing. CONFIGURATION mode qos-policy-input name cpu-qos 2. Create an input policy-map to assign the QoS policy to the desired service queues.l.
Q6 Q7 Dell# 400 1100 Example of Viewing Queue Mapping To view the queue mapping for each configured protocol, use the show ip protocol-queue-mapping command.
11 Data Center Bridging (DCB) Ethernet Enhancements in Data Center Bridging The following section describes DCB. The device supports the following DCB features: • Priority-based flow control (PFC) • Enhanced transmission selection (ETS) DCB refers to a set of IEEE Ethernet enhancements that provide data centers with a single, robust, converged network to support multiple traffic types, including local area network (LAN), server, and storage traffic.
• 802.1Qaz — Enhanced Transmission Selection (ETS) • 802.1Qau — Congestion Notification • Data Center Bridging Exchange (DCBx) protocol NOTE: Dell Networking OS supports only the PFC, ETS, and DCBx features in data center bridging. Priority-Based Flow Control In a data center network, priority-based flow control (PFC) manages large bursts of one traffic type in multiprotocol links so that it does not affect other traffic types and no frames are lost due to congestion.
• PFC uses DCB MIB IEEE 802.1azd2.5 and PFC MIB IEEE 802.1bb-d2.2 • PFC supports buffering to receive data that continues to arrive on an interface while the remote system reacts to the PFC operation. • PFC uses DCB MIB IEEE 802.1azd2.5 and PFC MIB IEEE 802.1bb-d2.2. • PFC is supported on specified 802.1p priority traffic (dot1p 0 to 7) and is configured per interface.
Table 13. ETS Traffic Groupings Traffic Groupings Description Group ID A 4-bit identifier assigned to each priority group. The range is from 0 to 7 configurable; 8 - 14 reservation and 15.0 - 15.7 is strict priority group.. Group bandwidth Percentage of available bandwidth allocated to a priority group. Group transmission selection algorithm (TSA) Type of queue scheduling a priority group uses. In Dell Networking OS, ETS is implemented as follows: • ETS supports groups of 802.
Data Center Bridging in a Traffic Flow The following figure shows how DCB handles a traffic flow on an interface. Figure 28. DCB PFC and ETS Traffic Handling Enabling Data Center Bridging DCB is automatically configured when you configure FCoE or iSCSI optimization. Data center bridging supports converged enhanced Ethernet (CEE) in a data center network. DCB is disabled by default. It must be enabled to support CEE.
NOTE: To save the pfc buffering configuration changes, save the configuration and reboot the system. NOTE: Dell Networking OS Behavior: DCB is not supported if you enable link-level flow control on one or more interfaces. For more information, refer to Ethernet Pause Frames. QoS dot1p Traffic Classification and Queue Assignment The following section describes QoS dot1P traffic classification and assignments.
• fpEgrQBuffSnapshotTable • fpIngPgBuffSnapshotTable • fpStatsPerPgTable • pfcPerPrioTable fpEgrQBuffSnapshot This table fetches the BST statistics at Egress Port with respect to the buffer used. This table displays the Table Snapshot of the Buffer cells used by Unicast and Multicast Data and Control Queues. fpIngPgBuffSnapsho This table fetches the BST statistics at the Ingress Port with respect to the Shared Cells and the Headroom tTable cells used per Priority Group.
As a result, PFC and lossless port queues are disabled on 802.1p priorities, and all priorities are mapped to the same priority queue and equally share the port bandwidth. • To change the ETS bandwidth allocation configured for a priority group in a DCB map, do not modify the existing DCB map configuration. Instead, first create a new DCB map with the desired PFC and ETS settings, and apply the new map to the interfaces to override the previous DCB map settings.
Step Task Command Command Mode Separate priority values with a comma. Specify a priority range with a dash, for example: pfc priority 3,5-7 1. You cannot configure PFC using the pfc priority command on an interface on which a DCB map has been applied or which is already configured for lossless queues (pfc no-drop queues command).
Step Task Command Command Mode Range: 0-3. Separate queue values with a comma; specify a priority range with a dash; for example: pfc nodrop queues 1,3 or pfc no-drop queues 2-3 Default: No lossless queues are configured. Data Center Bridging: Default Configuration Before you configure PFC and ETS on a switch see the priority group setting taken into account the following default settings: DCB is enabled. PFC and ETS are globally enabled by default.
from peer devices. By applying a DCB map with PFC enabled, you enable PFC operations on ingress port traffic. To achieve complete lossless handling of traffic, configure PFC priorities on all DCB egress ports. NOTE: DCB maps are supported only on physical Ethernet interfaces. • To remove a DCB map, including the PFC configuration it contains, use the no dcb map command in Interface configuration mode.
• Traffic in priority groups is assigned to strict-queue or weighted round-robin (WRR) scheduling in an ETS configuration and is managed using the ETS bandwidth-assignment algorithm. Dell Networking OS de-queues all frames of strict-priority traffic before servicing any other queues. A queue with strict-priority traffic can starve other queues in the same port. • ETS-assigned bandwidth allocation and strict-priority scheduling apply only to data queues, not to control queues.
Configuring Priority-Based Flow Control Priority-Based Flow Control (PFC) provides a flow control mechanism based on the 802.1p priorities in converged Ethernet traffic received on an interface and is enabled by default when you enable DCB. As an enhancement to the existing Ethernet pause mechanism, PFC stops traffic transmission for specified priorities (Class of Service (CoS) values) without impacting other priority classes. Different traffic types are assigned to different priority classes.
Lossless traffic egresses out the no-drop queues. Ingress dot1p traffic from PFC-enabled interfaces is automatically mapped to the no-drop egress queues. 1. Enter INTERFACE Configuration mode. CONFIGURATION mode interface type slot/port/subport 2. Configure the port queues that will still function as no-drop queues for lossless traffic. INTERFACE mode pfc no-drop queues queue-range For the dot1p-queue assignments, refer to the dot1p Priority-Queue Assignment table.
Creating an ETS Priority Group An ETS priority group specifies the range of 802.1p priority traffic to which a QoS output policy with ETS settings is applied on an egress interface. 1. Configure a DCB Map. CONFIGURATION mode dcb-map dcb-map-name The dcb-map-name variable can have a maximum of 32 characters. 2. Create an ETS priority group. CONFIGURATION mode priority-group group-num {bandwidth bandwidth | strict-priority} pfc off The range for priority group is from 0 to 7.
The maximum number of priority groups supported in ETS output policies on an interface is equal to the number of data queues (4) on the port. The 802.1p priorities in a priority group can map to multiple queues. If you configure more than one priority queue as strict priority or more than one priority group as strict priority, the higher numbered priority queue is given preference when scheduling data traffic. ETS Operation with DCBx The following section describes DCBx negotiation with peer ETS devices.
4. Exit QoS Output Policy Configuration mode. QoS OUTPUT POLICY mode exit 5. Enter INTERFACE Configuration mode. CONFIGURATION mode interface type slot/port/subport 6. Apply the QoS output policy with the bandwidth percentage for specified priority queues to an egress interface. INTERFACE mode service-policy output output-policy-name Applying DCB Policies in a Switch Stack You can apply DCB policies with PFC and ETS configurations to all stacked ports in a switch stack or on a stacked switch.
DCBx Port Roles To enable the auto-configuration of DCBx-enabled ports and propagate DCB configurations learned from peer DCBx devices internally to other switch ports, use the following DCBx port roles. Auto-upstream The port advertises its own configuration to DCBx peers and is willing to receive peer configuration. The port also propagates its configuration to other ports on the switch. The first auto-upstream that is capable of receiving a peer configuration is elected as the configuration source.
devices but do not accept or propagate internal or external configurations. Unlike other user-configured ports, the configuration of DCBx ports in Manual mode is saved in the running configuration. On a DCBx port in a manual role, all PFC, application priority, ETS recommend, and ETS configuration TLVs are enabled.
– The switch is capable of supporting the received DCB configuration values through either a symmetric or asymmetric parameter exchange. A newly elected configuration source propagates configuration changes received from a peer to the other auto-configuration ports. Ports receiving auto-configuration information from the configuration source ignore their current settings and use the configuration source information.
The internal Priority assigned for the packet by Ingress FP is used by the memory management unit (MMU) to assign the packet to right queue by indexing the internal-priority to queue map table (TABLE 1) in hardware. PRIO2COS setting for honoring the PFC protocol packets from the Peer switches is as per above Packet-Dot1p->queue table (Table 2). The packets that come in with packet-dot1p 2 alone will be assigned to PG6 on ingress.
DCBx Example The following figure shows how to use DCBx. The external 40GbE 40GbE ports on the base module (ports 33 and 37) of two switches are used for uplinks configured as DCBx auto-upstream ports. The device is connected to third-party, top-of-rack (ToR) switches through 40GbE uplinks. The ToR switches are part of a Fibre Channel storage network. The internal ports (ports 1-32) connected to the 10GbE backplane are configured as auto-downstream ports. Figure 29.
interface type slot/port/subport 2. Enter LLDP Configuration mode to enable DCBx operation. INTERFACE mode [no] protocol lldp 3. Configure the DCBx version used on the interface, where: auto configures the port to operate using the DCBx version received from a peer. PROTOCOL LLDP mode [no] DCBx version {auto | cee | cin | ieee-v2.5} • cee: configures the port to use CEE (Intel 1.01). • cin: configures the port to use Cisco-Intel-Nuova (DCBx 1.0). • ieee-v2.5: configures the port to use IEEE 802.
NOTE: To disable TLV transmission, use the no form of the command; for example, no advertise DCBx-applntlv iscsi. For information about how to use iSCSI, refer to iSCSI Optimization To verify the DCBx configuration on a port, use the show interface DCBx detail command. Configuring DCBx Globally on the Switch To globally configure the DCBx operation on a switch, follow these steps. 1. Enter Global Configuration mode. EXEC PRIVILEGE mode configure 2. Enter LLDP Configuration mode to enable DCBx operation.
NOTE: To disable TLV transmission, use the no form of the command; for example, no advertise DCBx-applntlv iscsi. 6. Configure the FCoE priority advertised for the FCoE protocol in Application Priority TLVs. PROTOCOL LLDP mode [no] fcoe priority-bits priority-bitmap The priority-bitmap range is from 1 to FF. The default is 0x8. 7. Configure the iSCSI priority advertised for the iSCSI protocol in Application Priority TLVs.
– tlv: enables traces for DCBx TLVs. Verifying the DCB Configuration To display DCB configurations, use the following show commands. Table 15. Displaying DCB Configurations Command Output show dot1p-queue mapping Displays the current 802.1p priority-queue mapping. show dcb [stack-unit unit-number] Displays the data center bridging status, number of PFC-enabled ports, and number of PFC-enabled queues. On the master switch in a stack, you can specify a stack-unit number. The range is from 0 to 5.
The following example shows the output of the show qos dcb-map test command. Dell#show qos dcb-map test ----------------------State :Complete PfcMode:ON -------------------PG:0 TSA:ETS BW:50 PFC:OFF Priorities:0 1 2 5 6 7 PG:1 TSA:ETS BW:50 Priorities:3 4 PFC:ON The following example shows the show interfaces pfc summary command.
Table 16. show interface pfc summary Command Description Fields Description Interface Interface type with stack-unit and port number. Admin mode is on; Admin is enabled PFC Admin mode is on or off with a list of the configured PFC priorities . When PFC admin mode is on, PFC advertisements are enabled to be sent and received from peers; received PFC configuration takes effect. The admin operational status for a DCBx exchange of PFC configuration is enabled or disabled.
Fields Description PFC TLV Statistics: Output TLV pkts Number of PFC TLVs transmitted. PFC TLV Statistics: Error pkts Number of PFC error packets received. PFC TLV Statistics: Pause Tx pkts Number of PFC pause frames transmitted. PFC TLV Statistics: Pause Rx pkts Number of PFC pause frames received The following example shows the show interface pfc statistics command.
Oper status is init ETS DCBx Oper status is Down State Machine Type is Asymmetric Conf TLV Tx Status is enabled Reco TLV Tx Status is enabled 0 Input Conf TLV Pkts, 1955 Output Conf TLV Pkts, 0 Error Conf TLV Pkts 0 Input Reco TLV Pkts, 1955 Output Reco TLV Pkts, 0 Error Reco TLV Pkts Dell(conf)# show interfaces tengigabitethernet 1/1/1 ets detail Interface TenGigabitEthernet 1/1/1 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters : -----------------Admin is enabl
Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters : -----------------Admin is enabled TC-grp Priority# Bandwidth 0 0,1,2,3,4,5,6,7 100% 1 0% 2 0% 3 0% 4 0% 5 0% 6 0% 7 0% Priority# Bandwidth TSA 0 1 2 3 4 5 6 7 Remote Parameters: ------------------Remote is disabled Local Parameters : -----------------Local is enabled TC-grp Priority# 0 0,1,2,3,4,5,6,7 1 2 3 4 5 6 7 TSA ETS ETS ETS ETS ETS ETS ETS ETS 13% 13% 13% 13% 12% 12% 12% 12% ETS ETS ETS ETS ETS ETS ETS
Field Description Admin mode ETS mode: on or off. Admin Parameters ETS configuration on local port, including priority groups, assigned dot1p priorities, and bandwidth allocation. Remote Parameters ETS configuration on remote peer port, including Admin mode (enabled if a valid TLV was received or disabled), priority groups, assigned dot1p priorities, and bandwidth allocation.
Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters: -------------------Admin is enabled TC-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3,4,5,6,7 100% ETS 1 2 3 4 5 6 7 8 Stack unit 2 stack port all Max Supported TC Groups is 4 Number of Traffic Classes is 1 Admin mode is on Admin Parameters: -------------------Admin is enabled TC-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3,4,5,6,7 100%
P-PFC Configuration TLV enabled p-PFC Configuration TLV disabled F-Application priority for FCOE enabled f-Application Priority for FCOE disabled I-Application priority for iSCSI enabled i-Application Priority for iSCSI disabled ----------------------------------------------------------------------Interface TenGigabitEthernet 1/14/1 Remote Mac Address 00:01:e8:8a:df:a0 Port Role is Auto-Upstream DCBx Operational Status is Enabled Is Configuration Source? FALSE Local DCBx Compatibility mode is CEE Local DCBx
Field Description Local DCBx Status: DCBx Max Version Supported Highest DCBx version supported in Control TLVs. Local DCBx Status: Sequence Number Sequence number transmitted in Control TLVs. Local DCBx Status: Acknowledgment Number Acknowledgement number transmitted in Control TLVs. Local DCBx Status: Protocol State Current operational state of DCBx protocol: ACK or IN-SYNC. Peer DCBx Status: DCBx Operational Version DCBx version advertised in Control TLVs received from peer device.
Performing PFC Using DSCP Bits Instead of 802.1p Bits Priority based Flow Control (PFC) is currently supported on Dell Networking OS for tagged packets based on the packet Dot1p. In certain data center deployments, VLAN configuration is avoided on the servers and all packets from the servers are untagged. These packets will carry IP header and can be differentiated based on the DSCP fields they carry on the server facing switch ports.
• One lossless queue is used. Figure 30. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For more information, refer to QoS dot1p Traffic Classification and Queue Assignment.
dot1p Value in the Incoming Frame Priority Group Assignment 5 LAN 6 LAN 7 LAN The following describes the priority group-bandwidth assignment. Priority Group Bandwidth Assignment IPC 5% SAN 50% LAN 45% PFC and ETS Configuration Command Examples The following examples show PFC and ETS configuration commands to manage your data center traffic.
Unused bandwidth usage: Strict-priority groups: Normally, if there is no traffic or unused bandwidth for a priority group, the bandwidth allocated to the group is distributed to the other priority groups according to the bandwidth percentage allocated to each group.
The default behavior causes up to a maximum of 6.6 MB to be used for PFC-related traffic. The remaining approximate space of 1 MB can be used by lossy traffic. You can allocate all the remaining 1 MB to lossless PFC queues. If you allocate in such a way, the performance of lossy traffic is reduced and degraded. Although you can allocate a maximum buffer size, it is used only if a PFC priority is configured and applied on the interface.
12 Dynamic Host Configuration Protocol (DHCP) DHCP is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network endstations (hosts) based on configuration policies determined by network administrators.
Option Number and Description Domain Name Server Option 6 Domain Name Option 15 Specifies the domain name servers (DNSs) that are available to the client. Specifies the domain name that clients should use when resolving hostnames via DNS. IP Address Lease Time Option 51 DHCP Message Type Option 53 Specifies the amount of time that the client is allowed to use an assigned IP address.
Assign an IP Address using DHCP The following section describes DHCP and the client in a network. When a client joins a network: 1. The client initially broadcasts a DHCPDISCOVER message on the subnet to discover available DHCP servers. This message includes the parameters that the client requires and might include suggested values for those parameters. 2. Servers unicast or broadcast a DHCPOFFER message in response to the DHCPDISCOVER that offers to the client values for the requested parameters.
you configure IP source address validation on a member port of a virtual local area network (VLAN) and then attempt to apply an access list to the VLAN, Dell Networking OS displays the first line in the following message. If you first apply an ACL to a VLAN and then attempt enable IP source address validation on one of its member ports, Dell Networking OS displays the second line in the following message. % Error: Vlan member has access-list configured. % Error: Vlan has an access-list configured.
ip dhcp server 2. Create an address pool and give it a name. DHCP mode pool name 3. Specify the range of IP addresses from which the DHCP server may assign addresses. DHCP mode network network/prefix-length • network: the subnet address. • prefix-length: specifies the number of bits used for the network portion of the address you specify. The prefix-length range is from 17 to 31. 4. Display the current pool configuration.
The default is 24 hours. Specifying a Default Gateway The IP address of the default router should be on the same subnet as the client. To specify a default gateway, follow this step. • Specify default gateway(s) for the clients on the subnet, in order of preference. DHCP default-router address Configure a Method of Hostname Resolution Dell systems are capable of providing DHCP clients with parameters for two methods of hostname resolution—using DNS or NetBIOS WINS.
DHCP mode pool name 2. Specify the client IP address. DHCP host address 3. Specify the client hardware address. DHCP hardware-address hardware-address type • hardware-address: the client MAC address. • type: the protocol of the hardware platform. The default protocol is Ethernet. Debugging the DHCP Server To debug the DHCP server, use the following command. • Display debug information for DHCP server.
• By default, the switch is configured to operate in Jumpstart mode as a DHCP client that sends DHCP requests to a DHCP server to retrieve configuration information (IP address, boot-image filename, and configuration file). All ports and management interfaces are brought up in Layer 3 mode and pre-configured with no shutdown and no ip address. For this reason, you cannot enter configuration commands to set up the switch.
INTERFACE mode ip address dhcp Dynamically assigned IP addresses can be released without removing the DHCP client operation on the interface on a switch configured as a DHCP client. 3. Manually acquire a new IP address from the DHCP server by releasing a dynamically acquired IP address while retaining the DHCP client configuration on the interface. EXEC Privilege mode release dhcp interface type slot/port[/subport] 4. Acquire a new IP address with renewed lease time from a DHCP server.
DHCP Client Operation with Other Features The DHCP client operates with other Dell Networking OS features, as the following describes. Stacking The DHCP client daemon runs only on the master unit and handles all DHCP packet transactions. It periodically synchronizes the lease file with the standby unit. When a stack failover occurs, the new master requires the same DHCP server-assigned IP address on DHCP client interfaces.
The received stacking configuration is always applied on the master stack unit. option #230 "unit-number:3#priority:2#stack-group:14" Configure Secure DHCP DHCP as defined by RFC 2131 provides no authentication or security mechanisms. Secure DHCP is a suite of features that protects networks that use dynamic address allocation from spoofing and attacks.
When you enable DHCP snooping, the relay agent builds a binding table — using DHCPACK messages — containing the client MAC address, IP addresses, IP address lease time, port, VLAN ID, and binding type. Every time the relay agent receives a DHCPACK on a trusted port, it adds an entry to the table.
CONFIGURATION mode ipv6 dhcp snooping vlan vlan-id Adding a Static Entry in the Binding Table To add a static entry in the binding table, use the following command. • Add a static entry in the binding table. EXEC Privilege mode ip dhcp snooping binding mac Adding a Static IPV6 DHCP Snooping Binding Table To add a static entry in the snooping database, use the following command. • Add a static entry in the snooping binding table.
Database write-delay (In minutes) : 0 DHCP packets information Relay Information-option packets Relay Trust downstream packets Snooping packets : 0 : 0 : 0 Packets received on snooping disabled L3 Ports Snooping packets processed on L2 vlans : 0 : 142 DHCP Binding File Details Invalid File Invalid Binding Entry Binding Entry lease expired List of Trust Ports List of DHCP Snooping Enabled Vlans List of DAI Trust ports : 0 : 0 : 0 :Te 1/4/1 :Vl 10 :Te 1/4/1 Displaying the Contents of the DHCPv6 Bindin
To view the number of entries in the table, use the show ip dhcp snooping binding command. This output displays the snooping binding table created using the ACK packets from the trusted port. Dell#show ip dhcp snooping binding Codes : S - Static D - Dynamic IP Address MAC Address Expires(Sec) Type VLAN Interface ================================================================ 10.1.1.251 00:00:4d:57:f2:50 172800 D Vl 10 Te 1/2/1 10.1.1.252 00:00:4d:57:e6:f6 172800 D Vl 10 Te 1/1/1 10.1.1.
NOTE: Dynamic ARP inspection (DAI) uses entries in the L2SysFlow CAM region, a sub-region of SystemFlow. One CAM entry is required for every DAI-enabled VLAN. You can enable DAI on up to 16 VLANs on a system. However, the ExaScale default CAM profile allocates only nine entries to the L2SysFlow region for DAI. You can configure 10 to 16 DAIenabled VLANs by allocating more CAM space to the L2SysFlow region before enabling DAI. SystemFlow has 102 entries by default.
• Specify an interface as trusted so that ARPs are not validated against the binding table. INTERFACE mode arp inspection-trust Dell Networking OS Behavior: Introduced in Dell Networking OS version 8.2.1.0, DAI was available for Layer 3 only. However, Dell Networking OS version 8.2.1.1 extends DAI to Layer 2. Source Address Validation Using the DHCP binding table, Dell Networking OS can perform three types of source address validation (SAV). Table 22.
DHCP MAC Source Address Validation DHCP MAC source address validation (SAV) validates a DHCP packet’s source hardware address against the client hardware address field (CHADDR) in the payload. Dell Networking OS ensures that the packet’s source MAC address is checked against the CHADDR field in the DHCP header only for packets from snooped VLANs. • Enable DHCP MAC SAV.
Total cam count 2 deny vlan 10 count (0 packets) deny vlan 20 count (0 packets) The following output of the show ip dhcp snooping source-address-validation discard-counters interface interface command displays the number of SAV dropped packets on a particular interface.
13 Equal Cost Multi-Path (ECMP) Equal cost multi-path (ECMP) is supported on Dell Networking OS. ECMP for Flow-Based Affinity Flow-based affinity includes the following: • Link Bundle Monitoring Configuring the Hash Algorithm TeraScale has one algorithm that is used for link aggregation groups (LAGs), ECMP, and NH-ECMP, and ExaScale can use three different algorithms for each of these features. To adjust the ExaScale behavior to match TeraScale, use the following command.
Dell Networking OS provides a command line interface (CLI)-based solution for modifying the hash seed to ensure that on each configured system, the ECMP selection is same. When configured, the same seed is set for ECMP, LAG, and NH, and is used for incoming traffic only. NOTE: While the seed is stored separately on each port-pipe, the same seed is used across all CAMs. NOTE: You cannot separate LAG and ECMP, but you can use different algorithms across the chassis with the same seed.
To configure the maximum number of paths, use the following command. NOTE: Save the new ECMP settings to the startup-config (write-mem) then reload the system for the new settings to take effect. • Configure the maximum number of paths per ECMP group. CONFIGURATION mode. • ip ecmp-group maximum-paths {2-64} Enable ECMP group path management. CONFIGURATION mode.
The range is from 1 to 64. Viewing an ECMP Group NOTE: An ecmp-group index is generated automatically for each unique ecmp-group when you configure multipath routes to the same network. The system can generate a maximum of 512 unique ecmp-groups. The ecmp-group indices are generated in even numbers (0, 2, 4, 6... 1022) and are for information only. You can configure ecmp-group with id 2 for link bundle monitoring.
Support for moving /128 IPv6 Prefixes and /32 IPv4 Prefixes The software supports a command to program IPv6 /128 route prefixes in the route table. You can define IPv6 /128 route prefixes in the route table using the ipv6 unicast-host-routecommand. You can also define IPv4 /32 route prefixes in the host table using the ipv4 unicast-host-routecommand.
14 FCoE Transit The Fibre Channel over Ethernet (FCoE) Transit feature is supported on Ethernet interfaces. When you enable the switch for FCoE transit, the switch functions as a FIP snooping bridge. NOTE: FIP snooping is not supported on Fibre Channel interfaces or in a Fibre Channel over Ethernet FCoE provides a converged Ethernet network that allows the combination of storage-area network (SAN) and LAN traffic on a Layer 2 link by encapsulating Fibre Channel data into Ethernet frames.
Table 23. FIP Functions FIP Function Description FIP VLAN discovery FCoE devices (ENodes) discover the FCoE VLANs on which to transmit and receive FIP and FCoE traffic. FIP discovery FCoE end-devices and FCFs are automatically discovered. Initialization FCoE devices learn ENodes from the FLOGI and FDISC to allow immediate login and create a virtual link with an FCoE switch. Maintenance A valid virtual link between an FCoE device and an FCoE switch is maintained and the LOGO functions properly.
Dynamic ACL generation on the switch operating as a FIP snooping bridge function as follows: Port-based ACLs These ACLs are applied on all three port modes: on ports directly connected to an FCF, server-facing ENode ports, and bridge-to-bridge links. Port-based ACLs take precedence over global ACLs. FCoE-generated ACLs These take precedence over user-configured ACLs. A user-configured ACL entry cannot deny FCoE and FIP snooping frames.
• To assign a MAC address to an FCoE end-device (server ENode or storage device) after a server successfully logs in, set the FCoE MAC address prefix (FC-MAP) value an FCF uses. The FC-MAP value is used in the ACLs installed in bridge-to-bridge links on the switch. • To provide more port security on ports that are directly connected to an FCF and have links to other FIP snooping bridges, set the FCF or Bridge-to-Bridge Port modes.
Important Points to Remember • Enable DCBx on the switch before enabling the FIP Snooping feature. • To enable the feature on the switch, configure FIP Snooping. • To allow FIP frames to pass through the switch on all VLANs, enable FIP snooping globally on a switch. • A switch can support a maximum eight VLANs. Configure at least one FCF/bridge-to-bridge port mode interface for any FIP snooping-enabled VLAN. • You can configure multiple FCF-trusted interfaces in a VLAN.
If you disable FCoE transit, FIP and FCoE traffic are handled as normal Ethernet frames and no FIP snooping ACLs are generated. The VLAN-specific and FIP snooping configuration is disabled and stored until you re-enable FCoE transit and the configurations are re-applied. Enable FIP Snooping on VLANs You can enable FIP snooping globally on a switch on all VLANs or on a specified VLAN.
Table 24. Impact of Enabling FIP Snooping Impact Description MAC address learning MAC address learning is not performed on FIP and FCoE frames, which are denied by ACLs dynamically created by FIP snooping on server-facing ports in ENode mode. MTU auto-configuration MTU size is set to mini-jumbo (2500 bytes) when a port is in Switchport mode, the FIP snooping feature is enabled on the switch, and FIP snooping is enabled on all or individual VLANs.
5. Enable FIP snooping on all VLANs or on a specified VLAN. CONFIGURATION mode or VLAN INTERFACE mode. fip-snooping enable 6. Configure the port for bridge-to-FCF links. INTERFACE mode or CONFIGURATION mode fip-snooping port-mode fcf NOTE: To disable the FCoE transit feature or FIP snooping on VLANs, use the no version of a command; for example, no feature fip-snooping or no fip-snooping enable. Displaying FIP Snooping Information Use the following show commands to display information on FIP snooping, .
aa:bb:cc:00:00:00 aa:bb:cc:00:00:00 FCoE MAC 0e:fc:00:01:00:01 0e:fc:00:01:00:02 0e:fc:00:01:00:03 0e:fc:00:01:00:04 0e:fc:00:01:00:05 Te 1/4/1 Te 1/4/1 FC-ID 01:00:01 01:00:02 01:00:03 01:00:04 01:00:05 aa:bb:cd:00:00:00 aa:bb:cd:00:00:00 Port WWPN 31:00:0e:fc:00:00:00:00 41:00:0e:fc:00:00:00:00 41:00:0e:fc:00:00:00:01 41:00:0e:fc:00:00:00:02 41:00:0e:fc:00:00:00:03 Te 1/4/2 Te 1/4/2 100 100 Port WWNN 21:00:0e:fc:00:00:00:00 21:00:0e:fc:00:00:00:00 21:00:0e:fc:00:00:00:00 21:00:0e:fc:00:00:00:00 21:00
The following example shows the show fip-snooping fcf command. Dell# show fip-snooping fcf FCF MAC FCF Interface VLAN FC-MAP FKA_ADV_PERIOD No. of Enodes ------------------- ---- ------------------- ------------54:7f:ee:37:34:40 Po 22 100 0e:fc:00 4000 2 The following table describes the show fip-snooping fcf command fields. Table 28. show fip-snooping fcf Command Description Field Description FCF MAC MAC address of the FCF.
Number Number Number Number Number Number Number Number Number of of of of of of of of of FLOGI Rejects FDISC Accepts FDISC Rejects FLOGO Accepts FLOGO Rejects CVL FCF Discovery Timeouts VN Port Session Timeouts Session failures due to Hardware Config :0 :0 :0 :0 :0 :0 :0 :0 :0 The following example shows the show fip-snooping statistics port-channel command.
Field Description Number of Multicast Discovery Advertisements Number of FIP-snooped multicast discovery advertisements received on the interface. Number of Unicast Discovery Advertisements Number of FIP-snooped unicast discovery advertisements received on the interface. Number of FLOGI Accepts Number of FIP FLOGI accept frames received on the interface. Number of FLOGI Rejects Number of FIP FLOGI reject frames received on the interface.
FCoE Transit Configuration Example The following illustration shows a switch used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. Figure 35. Configuration Example: FIP Snooping on a Switch In this example, DCBx and PFC are enabled on the FIP snooping bridge and on the FCF ToR switch.
Example of Configuring the ENode Server-Facing Port Dell(conf)# interface tengigabitethernet 1/1 Dell(conf-if-te-1/1/1)# portmode hybrid Dell(conf-if-te-1/1/1)# switchport Dell(conf-if-te-1/1/1)# protocol lldp Dell(conf-if-te-1/1/1-lldp)# dcbx port-role auto-downstream NOTE: A port is enabled by default for bridge-ENode links.
15 Flex Hash and Optimized Boot-Up This chapter describes the Flex Hash and fast-boot enhancements. Flex Hash Capability Overview This functionality is supported on the platform. The flex hash functionality enables you to configure a packet search key and matches packets based on the search key. When a packet matches the search key, two 16-bit hash fields are extracted from the start of the L4 header and provided as inputs (bins 2 and 3) for RTAG7 hash computation.
CONFIGURATION mode Dell(conf)# load-balance flexhash ipv4/ipv6 ip-proto offset1 [offset2 ] To delete the configured flex hash setting, use the no version of the command. Configuring Fast Boot and LACP Fast Switchover Configure the optimized booting time functionality by performing the following steps. This procedure is supported on the platform. 1. Enable the system to restart with optimized booting-time functionality enabled.
from an older release of Dell Networking OS to Release 9.3(0.0) or later. Dell recommends that you do not downgrade your system from Release 9.3(0.0) to an earlier release that does not support the fast boot functionality because the system behavior is unexpected and undefined. • Fast boot uses the Symmetric Multiprocessing (SMP) utility that is enabled on the Intel CPU on the S6000 Switch to enhance the speed of the system startup. SMP is supported on the S6000 platform.
A file is generated to indicate that the system is undergoing a fast boot, which is used after the system comes up. After the Dell Networking OS image is loaded and activated, and the appropriate software components come up, the following additional actions are performed: • If a database of dynamic ARP entries is present on the flash drive, that information is read and the ARP entries are restored; the entries are installed on the switch as soon as possible.
Unexpected Reload of the System When an unexpected or unplanned reload occurs, such as a reset caused by the software, the system performs the regular boot sequence even if it is configured for fast boot. When the system comes up, dynamic ARP or ND database entries are not present or required to be restored. The system boot up mode will not be fast boot and actions specific to this mode will not be performed.
RDMA Over Converged Ethernet (RoCE) Overview This functionality is supported on the platform. RDMA is a technology that a virtual machine (VM) uses to directly transfer information to the memory of another VM, thus enabling VMs to be connected to storage networks. With RoCE, RDMA enables data to be forwarded without passing through the CPU and the main memory path of TCP/IP.
Typically, a Layer 3 physical interface processes only untagged or priority-tagged packets. Tagged packets that are received on Layer 3 physical interfaces are dropped. To enable the routing of tagged packets, the port that receives such tagged packets needs to be configured as a switchport and must be bound to a VLAN as a tagged member port. A lite subinterface is similar to a normal Layer 3 physical interface, except that additional provisioning is performed to set the VLAN ID for encapsulation.
16 Force10 Resilient Ring Protocol (FRRP) FRRP provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree protocol (STP), though even with optimizations, STP can take up to 50 seconds to converge (depending on the size of network and node of failure) may require 4 to 5 seconds to reconverge.
Ring Checking At specified intervals, the Master node sends a ring health frame (RHF) through the ring. If the ring is complete, the frame is received on its secondary port and the Master node resets its fail-period timer and continues normal operation. If the Master node does not receive the RHF before the fail-period timer expires (a configurable timer), the Master node moves from the Normal state to the Ring-Fault state and unblocks its Secondary port.
• One Master node per ring — all other nodes are Transit. • Each node has two member interfaces — primary and secondary. • There is no limit to the number of nodes on a ring. • Master node ring port states — blocking, pre-forwarding, forwarding, and disabled. • Transit node ring port states — blocking, pre-forwarding, forwarding, and disabled. • STP disabled on ring interfaces. • Master node secondary port is in blocking state during Normal operation.
Concept Explanation • Hello RHF (HRHF) — These frames are processed only on the Master node’s Secondary port. The Transit nodes pass the HRHF through without processing it. An HRHF is sent at every Hello interval. • Topology Change RHF (TCRHF) — These frames contains ring status, keepalive, and the control and member VLAN hash. The TCRHF is processed at each node of the ring.
Configuring the Control VLAN Control and member VLANS are configured normally for Layer 2. Their status as control or member is determined at the FRRP group commands. For more information about configuring VLANS in Layer 2 mode, refer to Layer 2. Be sure to follow these guidelines: • All VLANS must be in Layer 2 mode. • You can only add ring nodes to the VLAN. • A control VLAN can belong to one FRRP group only. • Tag control VLAN ports.
member-vlan vlan-id {range} VLAN-ID, Range: VLAN IDs for the ring’s member VLANS. 6. Enable FRRP. CONFIG-FRRP mode. no disable Configuring and Adding the Member VLANs Control and member VLANS are configured normally for Layer 2. Their status as Control or Member is determined at the FRRP group commands. For more information about configuring VLANS in Layer 2 mode, refer to the Layer 2 chapter. Be sure to follow these guidelines: • All VLANS must be in Layer 2 mode. • Tag control VLAN ports.
member-vlan vlan-id {range} VLAN-ID, Range: VLAN IDs for the ring’s Member VLANs. 6. Enable this FRRP group on this switch. CONFIG-FRRP mode. no disable Setting the FRRP Timers To set the FRRP timers, use the following command. NOTE: Set the Dead-Interval time 3 times the Hello-Interval. • Enter the desired intervals for Hello-Interval or Dead-Interval times. CONFIG-FRRP mode.
show frrp summary Ring ID: the range is from 1 to 255. Troubleshooting FRRP To troubleshoot FRRP, use the following information. Configuration Checks • Each Control Ring must use a unique VLAN ID. • Only two interfaces on a switch can be Members of the same control VLAN. • There can be only one Master node for any FRRP group. • You can configure FRRP on Layer 2 interfaces only.
! interface Vlan 101 no ip address tagged TenGigabitEthernet 2/14/1,31/1 no shutdown ! interface Vlan 201 no ip address tagged TenGigabitEthernet 2/14/1,31/1 no shutdown ! protocol frrp 101 interface primary TenGigabitEthernet 2/14/1 secondary TenGigabitEthernet 2/31/1 controlvlan 101 member-vlan 201 mode transit no disable Example of R3 TRANSIT interface TenGigabitEthernet 3/14/1 no ip address switchport no shutdown ! interface TenGigabitEthernet 3/21/1 no ip address switchport no shutdown ! interface Vlan
17 GARP VLAN Registration Protocol (GVRP) GARP VLAN registration protocol (GVRP) is supported on Dell Networking OS. Typical virtual local area network (VLAN) implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GVRP, defined by the IEEE 802.1q specification, is a Layer 2 network protocol that provides for automatic VLAN configuration of switches. GVRP-compliant switches use GARP to register and de-register attribute values, such as VLAN IDs, with each other.
Figure 36. Global GVRP Configuration Example Basic GVRP configuration is a two-step process: 1. Enabling GVRP Globally 2. Enabling GVRP on a Layer 2 Interface Related Configuration Tasks • • Configure GVRP Registration Configure a GARP Timer Enabling GVRP Globally To configure GVRP globally, use the following command. • Enable GVRP for the entire switch.
protocol gvrp no disable Dell(config-gvrp)# To inspect the global configuration, use the show gvrp brief command. Enabling GVRP on a Layer 2 Interface To enable GVRP on a Layer 2 interface, use the following command. • Enable GVRP on a Layer 2 interface.
no shutdown Dell(conf-if-te-1/21/1)# Configure a GARP Timer Set GARP timers to the same values on all devices that are exchanging information using GVRP. There are three GARP timer settings. • Join — A GARP device reliably transmits Join messages to other devices by sending each Join message two times. To define the interval between the two sending operations of each Join message, use this parameter. The Dell Networking OS default is 200ms.
18 Internet Group Management Protocol (IGMP) Internet group management protocol (IGMP) is supported on Dell Networking OS. Multicast is premised on identifying many hosts by a single destination IP address; hosts represented by the same IP address are a multicast group. IGMP is a Layer 3 multicast protocol that hosts use to join or leave a multicast group.
Figure 37. IGMP Messages in IP Packets Join a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier or it may send an unsolicited report to its querier. Responding to an IGMP Query The following describes how a host can join a multicast group. 1. One router on a subnet is elected as the querier. The querier periodically multicasts (to all-multicast-systems address 224.0.0.1) a general query to all hosts on the subnet. 2.
• To enable filtering, routers must keep track of more state information, that is, the list of sources that must be filtered. An additional query type, the Group-and-Source-Specific Query, keeps track of state changes, while the Group-Specific and General queries still refresh the existing state.
3. The host’s third message indicates that it is only interested in traffic from sources 10.11.1.1 and 10.11.1.2. Because this request again prevents all other sources from reaching the subnet, the router sends another group-and-source query so that it can satisfy all other hosts. There are no other interested hosts so the request is recorded. Figure 40.
Figure 41. Membership Queries: Leaving and Staying Configure IGMP Configuring IGMP is a two-step process. 1. Enable multicast routing using the ip multicast-routing command. 2. Enable a multicast routing protocol.
Viewing IGMP Enabled Interfaces Interfaces that are enabled with PIM-SM are automatically enabled with IGMP. To view IGMP-enabled interfaces, use the following command. • View IGMP-enabled interfaces. EXEC Privilege mode show ip igmp interface Example of the show ip igmp interface Command Dell#show ip igmp interface TenGigabitEthernet 3/10/1 Inbound IGMP access group is not set Internet address is 165.87.34.
• View both learned and statically configured IGMP groups. EXEC Privilege mode show ip igmp groups Example of the show ip igmp groups Command Dell#show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface 225.1.1.1 TenGigabitEthernet 1/1/1 225.1.2.1 TenGigabitEthernet 1/1/1 Mode IGMPV2 IGMPV2 Uptime 00:11:19 00:10:19 Expires 00:01:50 00:01:50 Last Reporter 165.87.34.100 165.87.31.
Enabling IGMP Immediate-Leave If the querier does not receive a response to a group-specific or group-and-source query, it sends another (querier robustness value). Then, after no response, it removes the group from the outgoing interface for the subnet. IGMP immediate leave reduces leave latency by enabling a router to immediately delete the group membership on an interface after receiving a Leave message (it does not send any group-specific or group-and-source queries before deleting the entry).
Related Configuration Tasks • Removing a Group-Port Association • Disabling Multicast Flooding • Specifying a Port as Connected to a Multicast Router • Configuring the Switch as Querier Example of ip igmp snooping enable Command Dell(conf)#ip igmp snooping enable Dell(conf)#do show running-config igmp ip igmp snooping enable Dell(conf)# Removing a Group-Port Association To configure or view the remove a group-port association feature, use the following commands.
EXEC Privilege mode. show ip igmp snooping mrouter Configuring the Switch as Querier To configure the switch as a querier, use the following command. Hosts that do not support unsolicited reporting wait for a general query before sending a membership report. When the multicast source and receivers are in the same VLAN, multicast traffic is not routed and so there is no querier.
Transit traffic (destination IP not configured in the switch) that is received on the front-end port with destination on the management port is dropped and received in the management port with destination on the front-end port is dropped. Switch-destined traffic (destination IP configured in the switch) is: • Received in the front-end port with destination IP equal to management port IP address or management port subnet broadcast address is dropped.
Application Name Port Number Client Server 443 for secure httpd 8008 HTTP server port for confd application 8888 secure HTTP server port for confd application If you configure a source interface is for any EIS management application, EIS might not coexist with that interface and the behavior is undefined in such a case. You can configure the source interface for the following applications: FTP, ICMP (ping and traceroute utilities), NTP, RADIUS, TACACS, Telnet, TFTP, syslog, and SNMP traps.
• If ping and traceroute are destined to the management port IP address, the response traffic for these packets is sent by doing route lookup in the EIS routing table. When the feature is disabled using the no management egress-interface-selection command, the following operations are performed: • All management application configuration is removed. • All routes installed in the management EIS routing table are removed.
• In the ARP layer, for all ARP packets received through the management interface, a double route lookup is done, one in the default routing table and another in the management EIS routing table. This is because in the ARP layer, we do not have TCP/UDP port information to decide the table in which the route lookup should be done. • The show arp command is enhanced to show the routing table type for the ARP entry.
received in the management port destined on the data port network is dropped and traffic received in the front-end port destined on the management network is dropped. Mapping of Management Applications and Traffic Type The following table summarizes the behavior of applications for various types of traffic when the management egress interface selection feature is enabled. Table 31.
a data port, then the management application traffic is sent out through the front-end data port. This fallback mechanism is required. 2. Non-Management Applications (Applications that are not configured as management applications as defined by this feature): Non-management application traffic exits out of either front-end data port or management port based on routing table. If there is a default route on both the management and front-end data port, the default for the data port is preferred route.
EIS Behavior: If source TCP or UDP port matches an EIS management or a non-EIS management application and source IP address is management port IP address, management port is the preferred egress port selected based on route lookup in EIS table. If the management port is down or the route lookup fails, packets are dropped. If the source TCP/UDP port or source IP address does not match the management port IP address, a route lookup is done in the default routing table.
sFlow management application is supported only in standalone boxes and switch shall throw error message if sFlow is configured in stacking environment Designating a Multicast Router Interface To designate an interface as a multicast router interface, use the following command. Dell Networking OS also has the capability of listening in on the incoming IGMP general queries and designate those interfaces as the multicast router interface when the frames have a non-zero IP source address.
19 Interfaces This chapter describes interface types, both physical and logical, and how to configure them with Dell Networking Operating System (OS). • 10 Gigabit Ethernet / 40 Gigabit Ethernet interfaces are supported on the S6000–ON platform.
Interface Type Modes Possible Default Mode Requires Creation Default State Port Channel L2, L3 L3 Yes Shutdown (disabled) VLAN L2, L3 L2 Yes (except default) L2 - Shutdown (disabled) L3 - No Shutdown (enabled) View Basic Interface Information To view basic interface information, use the following command. You have several options for viewing interface status and configuration parameters. • Lists all configurable interfaces on the chassis.
Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Time since last interface status change: 00:00:31 Dell# To view which interfaces are enabled for Layer 3 data transmission, use the show ip interfaces brief command in EXEC Privilege mode. In the following example, TenGigabitEthernet interface 1/6/1 is in Layer 3 mode because an IP address has been assigned to it and the interface’s status is operationally up.
INTERFACE mode no shutdown To confirm that the interface is enabled, use the show config command in INTERFACE mode. To leave INTERFACE mode, use the exit command or end command. You cannot delete a physical interface. Physical Interfaces The Management Ethernet interface is a single RJ-45 Fast Ethernet port on each unit of the S6000–ON The interface provides dedicated management access to the system.
QSFP QSFP QSFP QSFP QSFP QSFP QSFP QSFP 0 0 0 0 0 0 0 0 Transceiver Code Encoding Length(SFM) Km Length(OM3) 2m Length(OM2) 1m Length(OM1) 1m Length(Copper) 1m Vendor Rev = = = = = = = = 0x04 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x05 0x00 0x32 0x00 0x00 0x00 0 Overview of Layer Modes On all systems running Dell Networking OS, you can place physical interfaces, port channels, and VLANs in Layer 2 mode or Layer 3 mode. By default, VLANs are in Layer 2 mode.
• no shutdown Place the interface in Layer 2 (switching) mode. INTERFACE mode switchport To view the interfaces in Layer 2 mode, use the show interfaces switchport command in EXEC mode. Configuring Layer 3 (Network) Mode When you assign an IP address to a physical interface, you place it in Layer 3 mode. To enable Layer 3 mode on an individual interface, use the following commands. In all interface types except VLANs, the shutdown command prevents all traffic from passing through the interface.
Example of the show ip interface Command You can only configure one primary IP address per interface. You can configure up to 255 secondary IP addresses on a single interface. To view all interfaces to see with an IP address assigned, use the show ip interfaces brief command in EXEC mode as shown in View Basic Interface Information. To view IP information on an interface in Layer 3 mode, use the show ip interface command in EXEC Privilege mode.
NOTE: If you configure SNMP as the management application for EIS and you add a default management route, when you perform an SNMP walk and check the debugging logs for the source and destination IPs, the SNMP agent uses the destination address of incoming SNMP packets as the source address for outgoing SNMP responses for security. Management Interfaces The system supports the Management Ethernet interface as well as the standard interface on any port. You can use either method to connect to the system.
Description: This is the Managment Interface Hardware is Force10Eth, address is 00:01:e8:cc:cc:ce Current address is 00:01:e8:cc:cc:ce Pluggable media not present Interface index is 46449666 Internet address is 10.11.131.
! no shutdown Loopback Interfaces A Loopback interface is a virtual interface in which the software emulates an interface. Packets routed to it are processed locally. Because this interface is not a physical interface, you can configure routing protocols on this interface to provide protocol stability. You can place Loopback interfaces in default Layer 3 mode. To configure, view, or delete a Loopback interface, use the following commands. • Enter a number as the Loopback interface.
Port Channel Definition and Standards Link aggregation is defined by IEEE 802.3ad as a method of grouping multiple physical interfaces into a single logical interface—a link aggregation group (LAG) or port channel. A LAG is “a group of links that appear to a MAC client as if they were a single link” according to IEEE 802.3ad. In Dell Networking OS, a LAG is referred to as a port channel interface. A port channel provides redundancy by aggregating physical interfaces into one logical interface.
10/100/1000 Mbps Interfaces in Port Channels When both 10/100/1000 interfaces and GigE interfaces are added to a port channel, the interfaces must share a common speed. When interfaces have a configured speed different from the port channel speed, the software disables those interfaces. The common speed is determined when the port channel is first enabled. At that time, the software checks the first interface listed in the port channel configuration.
You can configure a port channel as you would a physical interface by enabling or configuring protocols or assigning access control lists. Adding a Physical Interface to a Port Channel The physical interfaces in a port channel can be on any line card in the chassis, but must be the same physical type.
The following example shows the port channel’s mode (L2 for Layer 2 and L3 for Layer 3 and L2L3 for a Layer 2-port channel assigned to a routed VLAN), the status, and the number of interfaces belonging to the port channel. Dell>show interface port-channel 20 Port-channel 20 is up, line protocol is up Hardware address is 00:01:e8:01:46:fa Internet address is 1.1.120.
INTERFACE PORT-CHANNEL mode interface port-channel id number 3. Add the interface to the second port channel. INTERFACE PORT-CHANNEL mode channel-member interface Example of Moving an Interface to a New Port Channel The following example shows moving the TenGigabitEthernet 1/8/1 interface from port channel 4 to port channel 3.
Dell(conf-if)#switchport 3. Verify the manually configured VLAN membership (show interfaces switchport interface command).
NOTE: Hash-based load-balancing on multi-protocol label switching (MPLS) does not work when you enable packetbased hashing (load-balance ip-selection packet-based). Load-Balancing Method For LAG hashing on the source IP, destination IP, source transmission control protocol (TCP)/user datagram protocol (UDP) port, and destination TCP/UDP port are used for hash computation by default. For packets without a Layer 3 header, Dell Networking OS automatically uses load-balance mac source-dest-mac.
• Change to another algorithm. CONFIGURATION mode hash-algorithm [ecmp{crc16|crc16cc|crc32LSB|crc32MSB|crc-upper|dest-ip|lsb|xor1|xor2| xor4|xor8|xor16}] Example of the hash-algorithm Command Dell(conf)#hash-algorithm ecmp xor 26 lag crc 26 nh-ecmp checksum 26 Dell(conf)# The hash-algorithm command is specific to ECMP group. The default ECMP hash configuration is crc-lower. This command takes the lower 32 bits of the hash key to compute the egress port.
Bulk Configuration Examples Use the interface range command for bulk configuration. • Create a Single-Range • Create a Multiple-Range • Exclude Duplicate Entries • Exclude a Smaller Port Range • Overlap Port Ranges • Commas • Add Ranges Create a Single-Range The following is an example of a single range.
Commas The following is an example of how to use commas to add different interface types to the range, enabling all TenGigabitEthernet interfaces in the range 5/1/1 to 5/4/4 and both TenGigabitEthernet interfaces 1/1/1 and 1/1/2.
Monitoring and Maintaining Interfaces Monitor interface statistics with the monitor interface command. This command displays an ongoing list of the interface status (up/down), number of packets, traffic statistics, and so on. To view the interface’s statistics, use the following command. • View the interface’s statistics.
q Dell# Maintenance Using TDR The time domain reflectometer (TDR) is supported on all Dell Networking switch/routers. TDR is an assistance tool to resolve link issues that helps detect obvious open or short conditions within any of the four copper pairs. TDR sends a signal onto the physical cable and examines the reflection of the signal that returns.
Converting a QSFP or QSFP+ Port to an SFP or SFP+ Port You can convert a QSFP or QSFP+ port to an SFP or SFP+ port using the Quad to Small Form Factor Pluggable Adapter (QSA). QSA provides smooth connectivity between devices that use Quad Lane Ports (such as the 40 Gigabit Ethernet adapters) and 10 Gigabit hardware that uses SFP+ based cabling. Using this adapter, you can effectively use a QSFP or QSFP+ module to connect to a lower-end switch or server that uses an SFP or SFP+ based module.
Support for LM4 Optics The newly supported LM4 optics are similar in behavior to the LR4 optics that are already supported. However, in the output of show inventory media command, an LM4 optical module is denoted as 40G-LM4. Barring this exception, the functionality and behavior of LM4 optics is similar to LR4 optics. Example Scenarios Consider the following scenarios: • QSFP port 0 is connected to a QSA with SFP+ optical cables plugged in.
Dell#show interfaces tengigabitethernet 1/4/1 transceiver SFP 4/1 Serial ID Base Fields SFP 4/1 Id = 0x0d SFP 4/1 Ext Id = 0x00 SFP 4/1 Connector = 0x23 SFP 4/1 Transceiver Code = 0x08 0x00 0x00 0x00 0x00 0x00 0x00 0x00 SFP 4/1 Encoding = 0x00 ……………… ……………… SFP 4/1 Diagnostic Information =================================== SFP 4/1 Rx Power measurement type = OMA =================================== SFP 4/1 Temp High Alarm threshold = 0.000C SFP 4/1 Voltage High Alarm threshold = 0.
To view dampening information on all or specific dampened interfaces, use the show interfaces dampening command from EXEC Privilege mode. Dell# show interfaces dampening InterfaceStateFlapsPenaltyHalf-LifeReuseSuppressMax-Sup Te 1/1/1Up005750250020 Te 1/2/1Up21200205001500300 Te 1/3/1Down4850306002000120 To view a dampening summary for the entire system, use the show interfaces dampening summary command from EXEC Privilege mode.
Transmission Media MTU Range (in bytes) 576-9234 = IP MTU Link Bundle Monitoring Monitoring linked LAG bundles allows traffic distribution amounts in a link to be monitored for unfair distribution at any given time. A threshold of 60% is defined as an acceptable amount of traffic on a member link. Links are monitored in 15-second intervals for three consecutive instances. Any deviation within that time sends Syslog and an alarm event generates.
Changes in the flow-control values may not be reflected automatically in show interface output. To display the change, apply the new flow-control setting, shutdown the interface using the shutdown command, enable the interface using the no shutdown command, and use the show interface command to verify the changes. Enabling Pause Frames Enable Ethernet pause frames flow control on all ports on a chassis or a line card. If not, the system may exhibit unpredictable behavior.
• All members must have the same link MTU value and the same IP MTU value. • The port channel link MTU and IP MTU must be less than or equal to the link MTU and IP MTU values configured on the channel members. For example, if the members have a link MTU of 2100 and an IP MTU 2000, the port channel’s MTU values cannot be higher than 2100 for link MTU or 2000 bytes for IP MTU. VLANs: • All members of a VLAN must have the same IP MTU value. • Members can have different Link MTU values.
[Use the command on the remote system that is equivalent to the first command.] 3. Access CONFIGURATION mode. EXEC Privilege mode config 4. Access the port. CONFIGURATION mode interface interface slot/port/subport 5. Set the local port speed. INTERFACE mode speed {10 | 100 | 1000 | auto} 6. Optionally, set full- or half-duplex. INTERFACE mode duplex {half | full} 7. Disable auto-negotiation on the port.
no ip address speed 100 duplex full no shutdown Set Auto-Negotiation Options The negotiation auto command provides a mode option for configuring an individual port to forced master/ forced slave once auto-negotiation is enabled. CAUTION: Ensure that only one end of the node is configured as forced-master and the other is configured as forcedslave.
View Advanced Interface Information The following options have been implemented for the show [ip | running-config] interfaces commands for (only) stack-unit interfaces. When you use the configured keyword, only interfaces that have non-default configurations are displayed. Dummy stack-unit interfaces (created with the stack-unit command) are treated like any other physical interface.
Example of the rate-interval Command The bold lines shows the default value of 299 seconds, the change-rate interval of 100, and the new rate interval set to 100.
The following counter-dependent applications are supported by Dell Networking OS: • Egress VLAN • Ingress VLAN • Next Hop 2 • Next Hop 1 • Egress ACLs • ILM • IP FLOW • IP ACL • IP FIB • L2 ACL • L2 FIB Clearing Interface Counters The counters in the show interfaces command are reset by the clear counters command. This command does not clear the counters any SNMP program captures. To clear the counters, use the following the command.
ranges. You can associate multicast MAC or hardware addresses to an interface range and VLANs by using the mac-addresstable static multicast-mac-address vlan vlan-id output-range interface command. Compressing Configuration Files The functionality to optimize and reduce the sizes of the configuration files is supported on the device. You can compress the running configuration by grouping all the VLANs and the physical interfaces with the same property.
! ! interface TenGigabitEthernet 1/3/1 interface TenGigabitEthernet 1/34/1 no ip address ip address 2.1.1.1/16 shutdown shutdown ! ! interface TenGigabitEthernet 1/4/1 interface group Vlan 2 , Vlan 100 no ip address no ip address shutdown no shutdown ! ! interface TenGigabitEthernet 1/10/1 interface group Vlan 3 – 5 no ip address tagged te 1/1/1 shutdown no ip address ! shutdown interface TenGigabitEthernet 1/34/1 ! ip address 2.1.1.
tagged te 1/1/1 no ip address shutdown ! interface Vlan 100 no ip address no shutdown ! interface Vlan 1000 ip address 1.1.1.1/16 no shutdown Uncompressed config size – 52 lines write memory compressed The write memory compressed CLI will write the operating configuration to the startup-config file in the compressed mode. In stacking scenario, it will also take care of syncing it to all the standby and member units.
20 IPv4 Routing IPv4 routing is supported on Dell Networking OS. The Dell Networking Operating System (OS) supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking OS.
Assigning IP Addresses to an Interface Assign primary and secondary IP addresses to physical or logical (for example, [virtual local area network [VLAN] or port channel) interfaces to enable IP communication between the system and hosts connected to that interface. In Dell Networking OS, you can assign one primary address and up to 255 secondary IP addresses to each interface. 1. Enter the keyword interface then the type of interface and slot/port/subport information.
ip route [vrf vrf-name] ip-address mask {ip-address | interface [ip-address]} [distance] [permanent] [tag tag-value] [vrf vrf-name] Use the following required and optional parameters: – vrf vrf-name : use the VRF option after the ip route keyword to configure a static route on that particular VRF, use the VRF option after the next hop to specify which VRF the next hop belongs to. This will be used in route leaking cases.
S 6.1.2.15/32 S 6.1.2.16/32 S 6.1.2.17/32 S 11.1.1.0/24 Direct, Lo 0 --More-- via 6.1.20.2, Te 5/1/1 via 6.1.20.2, Te 5/1/1 via 6.1.20.2, Te 5/1/1 Direct, Nu 0 1/0 1/0 1/0 0/0 00:02:30 00:02:30 00:02:30 00:02:30 Dell Networking OS installs a next hop that is on the directly connected subnet of current IP address on the interface (for example, if interface TenGigabitEthernet 1/1/1 is on 172.31.5.0 subnet, Dell Networking OS installs the static route).
Using the Configured Source IP Address in ICMP Messages This feature is supported on the platform. ICMP error or unreachable messages are now sent with the configured IP address of the source interface instead of the front-end port IP address as the source IP address. Enable the generation of ICMP unreachable messages through the ip unreachable command in Interface mode.
Enabling Directed Broadcast By default, Dell Networking OS drops directed broadcast packets destined for an interface. This default setting provides some protection against denial of service (DoS) attacks. To enable Dell Networking OS to receive directed broadcasts, use the following command. • Enable directed broadcast. INTERFACE mode ip directed-broadcast To view the configuration, use the show config command in INTERFACE mode.
gxr f00-3 Dell> (perm, OK) (perm, OK) - IP IP 192.71.18.2 192.71.23.1 To view the current configuration, use the show running-config resolve command. Specifying the Local System Domain and a List of Domains If you enter a partial domain, Dell Networking OS can search different domains to finish or fully qualify that partial domain. A fully qualified domain name (FQDN) is any name that is terminated with a period/dot. Dell Networking OS searches the host table first to resolve the partial domain.
---------------------------------------------------------------------Tracing the route to www.force10networks.com (10.11.84.18), 30 hops max, 40 byte packets ---------------------------------------------------------------------TTL Hostname Probe1 Probe2 Probe3 1 10.11.199.190 001.000 ms 001.000 ms 002.000 ms 2 gwegress-sjc-02.force10networks.com (10.11.30.126) 005.000 ms 001.000 ms 001.000 ms 3 fw-sjc-01.force10networks.com (10.11.127.254) 000.000 ms 000.000 ms 000.000 ms 4 www.dell.com (10.11.84.18) 000.
Example of the show arp Command These entries do not age and can only be removed manually. To remove a static ARP entry, use the no arp ip-address command. To view the static entries in the ARP cache, use the show arp static command in EXEC privilege mode. Dell#show arp Protocol Address Age(min) Hardware Address Interface VLAN CPU -------------------------------------------------------------------------------Internet 10.1.2.
• update the ARP table of other nodes on the network in case of an address change In the request, the host uses its own IP address in the Sender Protocol Address and Target Protocol Address fields. In Dell Networking OS versions prior to 8.3.1.0, if a gratuitous ARP is received some time after an ARP request is sent, only RP2 installs the ARP information. For example: 1. At time t=0 Dell Networking OS sends an ARP request for IP A.B.C.D 2.
Figure 43. ARP Learning via ARP Request with ARP Learning via Gratuitous ARP Enabled Whether you enable or disable ARP learning via gratuitous ARP, the system does not look up the target IP. It only updates the ARP entry for the Layer 3 interface with the source IP of the request. Configuring ARP Retries In Dell Networking OS versions prior to 8.3.1.0, the number of ARP retries is set to five and is not configurable.
Configuration Tasks for ICMP The following lists the configuration tasks for ICMP. • Enabling ICMP Unreachable Messages For a complete listing of all commands related to ICMP, refer to the Dell Networking OS Command Line Reference Guide. Enabling ICMP Unreachable Messages By default, ICMP unreachable messages are disabled. When enabled, ICMP unreachable messages are created and sent out all interfaces. To disable and re-enable ICMP unreachable messages, use the following commands.
• Enable UPD helper. ip udp-helper udp-ports Example of Enabling UDP Helper and Using the UDP Helper show Command Dell(conf-if-te-1/1/1)#ip udp-helper udp-port 1000 Dell(conf-if-te-1/1/1)#show config ! interface TenGigabitEthernet 1/1/1 ip address 2.1.1.1/24 ip udp-helper udp-port 1000 no shutdown To view the interfaces and ports on which you enabled UDP helper, use the show ip udp-helper command from EXEC Privilege mode.
• UDP Helper with Subnet Broadcast Addresses • UDP Helper with Configured Broadcast Addresses • UDP Helper with No Configured Broadcast Addresses UDP Helper with Broadcast-All Addresses When the destination IP address of an incoming packet is the IP broadcast address, Dell Networking OS rewrites the address to match the configured broadcast address. In the following illustration: 1. Packet 1 is dropped at ingress if you did not configure UDP helper address. 2.
Figure 45. UDP Helper with Subnet Broadcast Addresses UDP Helper with Configured Broadcast Addresses Incoming packets with a destination IP address matching the configured broadcast address of any interface are forwarded to the matching interfaces. In the following illustration, Packet 1 has a destination IP address that matches the configured broadcast address of VLAN 100 and 101.
Troubleshooting UDP Helper To display debugging information for troubleshooting, use the debug ip udp-helper command. Example of the debug ip udp-helper Command Dell(conf)# debug ip udp-helper 01:20:22: Pkt rcvd on Te 5/1/1 with IP DA (0xffffffff) will be sent on Te 5/1/2 Te 5/1/3 Vlan 3 01:44:54: Pkt rcvd on Te 7/1/1 is handed over for DHCP processing. When using the IP helper and UDP helper on the same interface, use the debug ip dhcp command. Example Output from the debug ip dhcp Command Packet 0.0.0.
21 IPv6 Routing Internet protocol version 6 (IPv6) routing is supported on Dell Networking OS. NOTE: The IPv6 basic commands are supported on all platforms. However, not all features are supported on all platforms, nor for all releases. To determine the Dell Networking Operating System (OS) version supporting which features and platforms, refer to Implementing IPv6 with Dell Networking OS. IPv6 is the successor to IPv4.
Dell Networking OS manipulation of IPv6 stateless autoconfiguration supports the router side only. Neighbor discovery (ND) messages are advertised so the neighbor can use this information to auto-configure its address. However, received ND messages are not used to create an IPv6 address. NOTE: Inconsistencies in router advertisement values between routers are logged per RFC 4861.
On the S6000 platform, for IPv6 /65 to /128 will consume the same storage banks which is used by the L3_DEFIP table. Once the IPv6 128 bit is enabled, number of entries in L3_DEFIP will be reduced. LPM partitioning will take effect after reboot of the box. This is because the SDK does the LPM partitioning during the chip initialization. The longest prefix match (LPM) table on the S6000 platform supports different types of prefixes for IPv6 and IPv4.
Flow Label (20 bits) The Flow Label field identifies packets requiring special treatment in order to manage real-time data traffic. The sending router can label sequences of IPv6 packets so that forwarding routers can process packets within the same flow without needing to reprocess each packet’s header separately. NOTE: All packets in the flow must have the same source and destination addresses. Payload Length (16 bits) The Payload Length field specifies the packet payload.
Source Address (128 bits) The Source Address field contains the IPv6 address for the packet originator. Destination Address (128 bits) The Destination Address field contains the intended recipient’s IPv6 address. This can be either the ultimate destination or the address of the next hop router. Extension Header Fields Extension headers are used only when necessary. Due to the streamlined nature of the IPv6 header, adding extension headers do not severely impact performance.
The third byte specifies whether the information can change en route to the destination. The value is 1 if it can change; the value is 0 if it cannot change. Addressing IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). For example, 2001:0db8:0000:0000:0000:0000:1428:57ab is a valid IPv6 address. If one or more four-digit group(s) is 0000, the zeros may be omitted and replaced with two colons(::).
Implementing IPv6 with Dell Networking OS Dell Networking OS supports both IPv4 and IPv6 and both may be used simultaneously in your system. The following table lists the Dell Networking OS version in which an IPv6 feature became available for each platform. The sections following the table give greater detail about the feature. Feature and Functionality Documentation and Chapter Location Basic IPv6 Commands IPv6 Basic Commands in the Dell Networking OS Command Line Interface Reference Guide.
Feature and Functionality Documentation and Chapter Location ISIS for IPv6 support for distribute lists and administrative distance Intermediate System to Intermediate System OSPF for IPv6 (OSPFv3) OSPFv3 in the Dell Networking OS Command Line Reference Guide. IPv6 IS-IS in the Dell Networking OS Command Line Reference Guide.
The Dell Networking OS ping and traceroute commands extend to support IPv6 addresses. These commands use ICMPv6 Type-2 messages. Path MTU Discovery Path MTU, in accordance with RFC 1981, defines the largest packet size that can traverse a transmission path without suffering fragmentation. Path MTU for IPv6 uses ICMPv6 Type-2 messages to discover the largest MTU along the path from source to destination and avoid the need to fragment the packet. The recommended MTU for IPv6 is 1280.
Figure 49. NDP Router Redirect IPv6 Neighbor Discovery of MTU Packets You can set the MTU advertised through the RA packets to incoming routers, without altering the actual MTU setting on the interface. The ipv6 nd mtu command sets the value advertised to routers. It does not set the actual MTU rate. For example, if you set ipv6 nd mtu to 1280, the interface still passes 1500-byte packets, if that is what is set with the mtu command.
Dell(conf-if-te-1/1/1)#ipv6 nd dns-server 1000::1 ? <0-4294967295> Max lifetime (sec) which RDNSS address may be used for name resolution infinite Infinite lifetime (sec) which RDNSS address may be used for name resolution Dell(conf-if-te-1/1/1)#ipv6 nd dns-server 1000::1 1 Debugging IPv6 RDNSS Information Sent to the Host To verify that the IPv6 RDNSS information sent to the host is configured correctly, use the debug ipv6 nd command in EXEC Privilege mode.
ND advertised hop limit is 64 IPv6 hop limit for originated packets ND dns-server address is 1000::1 with ND dns-server address is 3000::1 with ND dns-server address is 2000::1 with is 64 lifetime of 1 seconds lifetime of 1 seconds lifetime of 0 seconds To display IPv6 RDNSS information, use the show configuration command in INTERFACE CONFIG mode. Dell(conf-if-te-1/1/1)#show configuration The following example uses the show configuration command to display IPv6 RDNSS information.
To have the changes take effect, save the new CAM settings to the startup-config (write-mem or copy run start) then reload the system for the new settings. • Allocate space for IPV6 ACLs. Enter the CAM profile name then the allocated amount. CONFIGURATION mode cam-acl { ipv6acl } When not selecting the default option, enter all of the profiles listed and a range for each. The total space allocated must equal 13. The ipv6acl range must be a factor of 2. • Show the current CAM settings.
ipv6 route prefix type {slot/port/subport} forwarding router tag – prefix: IPv6 route prefix – type {slot/port/subport}: interface type and slot/port/subport – forwarding router: forwarding router’s address – tag: route tag Enter the keyword interface then the type of interface and slot/port information: – For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/subport information.
Example of show ipv6 Command Options Dell#show ipv6 ? accounting IPv6 accounting information cam IPv6 CAM Entries fib IPv6 FIB Entries interface IPv6 interface information mbgproutes MBGP routing table mld MLD information mroute IPv6 multicast-routing table neighbors IPv6 neighbor information ospf OSPF information pim PIM V6 information prefix-list List IPv6 prefix lists route IPv6 routing information rpf RPF table Dell# Showing an IPv6 Interface To view the IPv6 configuration for a specific interface, use
ND retransmit interval is 1000 milliseconds ND hop limit is 64 Showing IPv6 Routes To view the global IPv6 routing information, use the following command. • Show IPv6 routing information for the specified route type. EXEC mode show ipv6 route type The following keywords are available: – To display information about a network, enter ipv6 address (X:X:X:X::X). – To display information about a host, enter hostname. – To display information about all IPv6 routes (including non-active routes), enter all.
Dell# Direct, Nu 0, 00:34:42 The following example shows the show ipv6 route static command.
Configuring IPv6 RA Guard The IPv6 Router Advertisement (RA) guard allows you to block or reject the unwanted router advertisement guard messages that arrive at the network device platform. To configure the IPv6 RA guard, perform the following steps: 1. Configure the terminal to enter the Global Configuration mode. EXEC Privilege mode configure terminal 2. Enable the IPv6 RA guard. CONFIGURATION mode ipv6 nd ra-guard enable 3. Create the policy.
router—lifetime value The router lifetime range is from 0 to 9,000 seconds. 11. Apply the policy to trusted ports. POLICY LIST CONFIGURATION mode trusted-port 12. Set the maximum transmission unit (MTU) value. POLICY LIST CONFIGURATION mode mtu value The MTU range is from 1,280 to 11,982 bytes. 13. Set the advertised reachability time. POLICY LIST CONFIGURATION mode reachable—time value The reachability time range is from 0 to 3,600,000 milliseconds. 14. Set the advertised retransmission time.
EXEC Privilege mode show ipv6 nd ra-guard policy policy-name The policy name string can be up to 140 characters. Example of the show ipv6 nd ra-guard policy Command Dell#show ipv6 nd ra-guard policy test ipv6 nd ra-guard policy test device-role router hop-limit maximum 1 match ra ipv6-access-list access other-config-flag on router-preference maximum medium trusted-port Interfaces : Te 1/1/1 Dell# Monitoring IPv6 RA Guard To debug IPv6 RA guard, use the following command.
22 iSCSI Optimization iSCSI optimization is supported on Dell Networking OS. This chapter describes how to configure internet small computer system interface (iSCSI) optimization, which enables quality-ofservice (QoS) treatment for iSCSI traffic.
switch is configured to use dot1p priority-queue assignments to ensure that iSCSI traffic in these sessions receives priority treatment when forwarded on stacked switch hardware. Figure 50. iSCSI Optimization Example Monitoring iSCSI Traffic Flows The switch snoops iSCSI session-establishment and termination packets by installing classifier rules that trap iSCSI protocol packets to the CPU for examination.
You can configure whether the iSCSI optimization feature uses the VLAN priority or IP DSCP mapping to determine the traffic class queue. By default, iSCSI flows are assigned to dot1p priority 4. To map incoming iSCSI traffic on an interface to a dot1p priority-queue other than 4, use the CoS dot1p-priority command (refer to QoS dot1p Traffic Classification and Queue Assignment). Dell Networking recommends setting the CoS dot1p priority-queue to 0 (zero).
The following message displays the first time a Dell EqualLogic array is detected and describes the configuration changes that are automatically performed: %STKUNIT0-M:CP %IFMGR-5-IFM_ISCSI_AUTO_CONFIG: This switch is being configured for optimal conditions to support iSCSI traffic which will cause some automatic configuration to occur including jumbo frames and flow-control on all ports; no storm control and spanning-tree port fast to be enabled on the port of detection.
Enable and Disable iSCSI Optimization The following describes enabling and disabling iSCSI optimizaiton. NOTE: iSCSI monitoring is disabled by default. iSCSI auto-configuration and auto-detection is enabled by default. If you enable iSCSI, flow control is automatically enabled on all interfaces. To disable flow control on all interfaces, use the no flow control rx on tx off command and save the configuration.
iSCSI Optimization Prerequisites The following are iSCSI optimization prerequisites. • iSCSI optimization requires LLDP on the switch. LLDP is enabled by default (refer to Link Layer Discovery Protocol (LLDP)). • iSCSI optimization requires configuring two ingress ACL groups The ACL groups are allocated after iSCSI Optimization is configured. Configuring iSCSI Optimization To configure iSCSI optimization, use the following commands. 1. For a non-DCB environment: Enable session monitoring.
• tcp-port-n is the TCP port number or a list of TCP port numbers on which the iSCSI target listens to requests. You can configure up to 16 target TCP ports on the switch in one command or multiple commands. The default is 860, 3260. Separate port numbers with a comma. If multiple IP addresses are mapped to a single TCP port, use the no iscsi target port tcp-port-n command to remove all IP addresses assigned to the TCP number.
INTERFACE mode [no] iscsi profile-compellent. The default is: Compellent disk arrays are not detected. Displaying iSCSI Optimization Information To display information on iSCSI optimization, use the following show commands. • • • • Display the currently configured iSCSI settings. show iscsi Display information on active iSCSI sessions on the switch. show iscsi sessions Display detailed information on active iSCSI sessions on the switch .
Up Time:00:00:01:28(DD:HH:MM:SS) Time for aging out:00:00:09:34(DD:HH:MM:SS) ISID:806978696102 Initiator Initiator Target Target Connection IP Address TCP Port IP Address TCPPort ID 10.10.0.44 33345 10.10.0.101 3260 0 VLT PEER2 Session 0: ------------------------------------------------------------Target:iqn.2010-11.com.ixia:ixload:iscsi-TG1 Initiator:iqn.2010-11.com.ixia.
23 Intermediate System to Intermediate System Intermediate system to intermediate system (Is-IS) is supported on Dell Networking OS. • • • • The IS-IS protocol is an interior gateway protocol (IGP) that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. The IS-IS protocol standards are listed in the Standards Compliance chapter.
Figure 51. ISO Address Format Multi-Topology IS-IS Multi-topology IS-IS (MT IS-IS) allows you to create multiple IS-IS topologies on a single router with separate databases. Use this feature to place a virtual physical topology into logical routing domains, which can each support different routing and security policies. All routers on a LAN or point-to-point must have at least one common supported topology when operating in Multi-Topology IS-IS mode.
neighbor within its LSPs. The local router does not form an adjacency if both routers do not have at least one common MT over the interface. Graceful Restart Both Helper and Restart modes of Graceful restart are supported on the device. Graceful restart is a protocol-based mechanism that preserves the forwarding table of the restarting router and its neighbors for a specified period to minimize the loss of packets.
• MT Reachable IPv6 Prefixes TLV — appears for each IPv6 an IS announces for a given MT ID. Its structure is aligned with the extended IS Reachability TLV Type 236 and add an MT ID. By default, Dell Networking OS supports dynamic host name exchange to assist with troubleshooting and configuration. By assigning a name to an IS-IS NET address, you can track IS-IS information on that address easier. Dell Networking OS does not support ISO CLNS routing; however, the ISO NET format is supported for addressing.
• Controlling Routing Updates • Configuring Authentication Passwords • Setting the Overload Bit • Debuging IS-IS Enabling IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS routing process and assign a NET address. To exchange protocol information with neighbors, enable IS-IS on an interface, instead of on a network as with other routing protocols. In IS-IS, neighbors form adjacencies only when they are same IS type.
ipv6 address ipv6-address mask • • ipv6 address: x:x:x:x::x mask: The prefix length is from 0 to 128. The IPv6 address must be on the same subnet as other IS-IS neighbors, but the IP address does not need to relate to the NET address. 6. Enable IS-IS on the IPv4 interface. ROUTER ISIS mode ip router isis [tag] If you configure a tag variable, it must be the same as the tag variable assigned in step 1. 7. Enable IS-IS on the IPv6 interface.
IS-IS: IS-IS: IS-IS: IS-IS: Dell# Level-1 SPF Calculations : 29 Level-2 SPF Calculations : 29 LSP checksum errors received : 0 LSP authentication failures : 0 You can assign more NET addresses, but the System ID portion of the NET address must remain the same. Dell Networking OS supports up to six area addresses. Some address considerations are: • In order to be neighbors, configure Level 1 routers with at least one common area address.
ROUTER-ISIS mode graceful-restart interval minutes The range is from 1 to 120 minutes. • The default is 5 minutes. Enable the graceful restart maximum wait time before a restarting peer comes up. ROUTER-ISIS mode graceful-restart restart-wait seconds When implementing this command, be sure to set the t3 timer to adjacency on the restarting router. The range is from 1 to 120 minutes. • The default is 30 seconds.
====================== Graceful Restart Interval/Blackout time T3 Timer T3 Timeout Value T2 Timeout Value T1 Timeout Value Adjacency wait time : : : : : : : Operational Timer Value ====================== Current Mode/State : T3 Time left : T2 Time left : Restart ACK rcv count : Restart Req rcv count : Suppress Adj rcv count : Restart CSNP rcv count : Database Sync count : Enabled 1 min Manual 30 30 (level-1), 30 (level-2) 5, retry count: 1 30 Normal/RUNNING 0 0 (level-1), 0 0 (level-1), 0 0 (level-1), 0
The default is 5 seconds. • The default level is Level 1. Set the LSP size. ROUTER ISIS mode lsp-mtu size – size: the range is from 128 to 9195. • The default is 1497. Set the LSP refresh interval. ROUTER ISIS mode lsp-refresh-interval seconds – seconds: the range is from 1 to 65535. • The default is 900 seconds. Set the maximum time LSPs lifetime. ROUTER ISIS mode max-lsp-lifetime seconds – seconds: the range is from 1 to 65535. The default is 1200 seconds.
Table 35. Metric Styles Metric Style Characteristics Cost Range Supported on IS-IS Interfaces narrow Sends and accepts narrow or old TLVs (Type, Length, Value). 0 to 63 wide Sends and accepts wide or new TLVs. 0 to 16777215 transition Sends both wide (new) and narrow (old) TLVs. 0 to 63 narrow transition Sends narrow (old) TLVs and accepts both narrow (old) and wide (new) TLVs. 0 to 63 wide transition Sends wide (new) TLVs and accepts both narrow (old) and wide (new) TLVs.
– default-metric: the range is from 0 to 63 if the metric-style is narrow, narrow-transition, or transition. • The range is from 0 to 16777215 if the metric style is wide or wide transition. Assign a metric for an IPv6 link or interface. INTERFACE mode isis ipv6 metric default-metric [level-1 | level-2] – default-metric: the range is from 0 to 63 for narrow and transition metric styles. The range is from 0 to 16777215 for wide metric styles. The default is 10. The default level is level-1.
Example of the show isis database Command to View Level 1-2 Link State Databases To view which IS-type is configured, use the show isis protocol command in EXEC Privilege mode. The show config command in ROUTER ISIS mode displays only non-default information. If you do not change the IS-type, the default value (level-1-2) is not displayed. The default is Level 1-2 router. When the IS-type is Level 1-2, the software maintains two Link State databases, one for each level.
Enter the type of interface and slot/port/subport information: – For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/subport information. – For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. – For a Loopback interface, enter the keyword loopback then a number from 0 to 16383. – For a port channel interface, enter the keywords port-channel then a number.
– static: for user-configured routes. – bgp: for BGP routes only. • Deny RTM download for pre-existing redistributed IPv6 routes. ROUTER ISIS-AF IPV6 mode distribute-list redistributed-override in Redistributing IPv4 Routes In addition to filtering routes, you can add routes from other routing instances or protocols to the IS-IS process. With the redistribute command syntax, you can include BGP, OSPF, RIP, static, or directly connected routes in the IS-IS process.
redistribute {bgp as-number | connected | rip | static} [level-1 level-1-2 | level-2] [metric metric-value] [metric-type {external | internal}] [route-map map-name] Configure the following parameters: – level-1, level-1-2, or level-2: assign all redistributed routes to a level. The default is level-2. – metric-value: the range is from 0 to 16777215. The default is 0. – metric-type: choose either external or internal. The default is internal. • – map-name: enter the name of a configured route map.
To remove a password, use either the no area-password or no domain-password commands in ROUTER ISIS mode. Setting the Overload Bit Another use for the overload bit is to prevent other routers from using this router as an intermediate hop in their shortest path first (SPF) calculations. For example, if the IS-IS routing database is out of memory and cannot accept new LSPs, Dell Networking OS sets the overload bit and IS-IS traffic continues to transit the system.
To view specific information, enter the following optional parameter: – interface: Enter the type of interface and slot/port information to view IS-IS information on that interface only. • View IS-IS SNP packets, include CSNPs and PSNPs. EXEC Privilege mode debug isis snp-packets [interface] To view specific information, enter the following optional parameter: – interface: Enter the type of interface and slot/port information to view IS-IS information on that interface only.
Metric Style Correct Value Range for the isis metric Command wide 0 to 16777215 narrow 0 to 63 wide transition 0 to 16777215 narrow transition 0 to 63 transition 0 to 63 Maximum Values in the Routing Table IS-IS metric styles support different cost ranges for the route. The cost range for the narrow metric style is 0 to 1023, while all other metric styles support a range of 0 to 0xFE000000. Change the IS-IS Metric Style in One Level Only By default, the IS-IS metric style is narrow.
Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value narrow transition wide original value narrow transition narrow original value narrow transition wide transition original value narrow transition transition original value wide transition wide original value wide transition narrow default value (10) if the original value is greater than 63. A message is sent to the console.
Level-1 Metric Style Level-2 Metric Style Resulting Metric Value wide wide transition original value wide transition truncated value narrow transition wide original value narrow transition narrow original value narrow transition wide transition original value narrow transition transition original value transition wide original value transition narrow original value transition wide transition original value transition narrow transition original value wide transition wide or
Figure 52. IPv6 IS-IS Sample Topography IS-IS Sample Configuration — Congruent Topology IS-IS Sample Configuration — Multi-topology IS-IS Sample Configuration — Multi-topology Transition The following is a sample configuration for enabling IPv6 IS-IS. Dell(conf-if-te-3/17/1)#show config ! interface TenGigabitEthernet 3/17/1 ip address 24.3.1.
exit-address-family Dell (conf-router_isis)# Dell (conf-if-te-3/17/1)#show config ! interface TenGigabitEthernet 3/17/1 ipv6 address 24:3::1/76 ipv6 router isis no shutdown Dell (conf-if-te-3/17/1)# Dell (conf-router_isis)#show config ! router isis net 34.0000.0000.AAAA.
24 Link Aggregation Control Protocol (LACP) Link aggregation control protocol (LACP) is supported on Dell Networking OS. Introduction to Dynamic LAGs and LACP A link aggregation group (LAG), referred to as a port channel by Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic. The benefits and constraints are basically the same, as described in Port Channel Interfaces in the Interfaces chapter.
• You can configure a maximum of 128 port-channels with up to 16 members per channel. LACP Modes Dell Networking OS provides three modes for configuration of LACP — Off, Active, and Passive. • Off — In this state, an interface is not capable of being part of a dynamic LAG. LACP does not run on any port that is configured to be in this state. • Active — In this state, the interface is said to be in the “active negotiating state.” LACP runs on any link that is configured to be in this state.
LACP Configuration Tasks The following are LACP configuration tasks. • Creating a LAG • Configuring the LAG Interfaces as Dynamic • Setting the LACP Long Timeout • Monitoring and Debugging LACP • Configuring Shared LAG State Tracking Creating a LAG To create a dynamic port channel (LAG), use the following command. First you define the LAG and then the LAG interfaces. • Create a dynamic port channel (LAG). CONFIGURATION mode • interface port-channel Create a dynamic port channel (LAG).
Dell(conf)#interface Gigabitethernet 4/16 Dell(conf-if-gi-4/16)#no shutdown Dell(conf-if-gi-4/16)#port-channel-protocol lacp Dell(conf-if-gi-4/16-lacp)#port-channel 32 mode active The port-channel 32 mode active command shown here may be successfully issued as long as there is no existing static channelmember configuration in LAG 32. Setting the LACP Long Timeout PDUs are exchanged between port channel (LAG) interfaces to maintain LACP sessions.
Shared LAG State Tracking Shared LAG state tracking provides the flexibility to bring down a port channel (LAG) based on the operational state of another LAG. At any time, only two LAGs can be a part of a group such that the fate (status) of one LAG depends on the other LAG. As shown in the following illustration, the line-rate traffic from R1 destined for R4 follows the lowest-cost route via R2. Traffic is equally distributed between LAGs 1 and 2.
As shown in the following illustration, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down after the failure. This effect is logged by Message 1, in which a console message declares both LAGs down at the same time. Figure 54.
LACP Basic Configuration Example The screenshots in this section are based on the following example topology. Two routers are named ALPHA and BRAVO, and their hostname prompts reflect those names. Figure 55. LACP Basic Configuration Example Configure a LAG on ALPHA The following example creates a LAG on ALPHA.
0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics 136 packets, 16718 bytes, 0 underruns 0 64-byte pkts, 15 over 64-byte pkts, 121 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 136 Multicasts, 0 Broadcasts, 0 Unicasts 0 Vlans, 0 throttles, 0 discarded, 0 collisions, 0 wreddrops Rate info (interval 299 seconds): Input 00.00 Mbits/sec,0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec,0 packets/sec, 0.
Figure 57.
Figure 58.
Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config ! interface Port-channel 10 no ip address switchport no shutdown ! Bravo(conf-if-po-10)#exit Bravo(conf)#int gig 3/21 Bravo(conf)#no ip address Bravo(conf)#no switchport Bravo(conf)#shutdown Bravo(conf-if-gi-3/21)#port-channel-protocol lacp Bravo(conf-if-gi-3/21-lacp)#port-channel 10 mode active Bravo(conf-if-gi-3/21-lacp)#no shut Bravo(conf-if-gi-3/21)#end ! interface GigabitEthernet 3/21 no ip address ! port-channel-
Figure 59.
Figure 60.
Figure 61. Inspecting the LAG Status Using the show lacp command The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode. It was designed to carry IP traffic but is general enough to allow any type of network layer datagram to be sent over a PPP connection.
25 Layer 2 Layer 2 features are supported on Dell Networking OS. Manage the MAC Address Table Dell Networking OS provides the following management activities for the MAC address table. • Clearing the MAC Address Table • Setting the Aging Time for Dynamic Entries • Configuring a Static MAC Address • Displaying the MAC Address Table Clearing the MAC Address Table You may clear the MAC address table of dynamic entries. To clear a MAC address table, use the following command.
• Create a static MAC address entry in the MAC address table. CONFIGURATION mode mac-address-table static Displaying the MAC Address Table To display the MAC address table, use the following command. • Display the contents of the MAC address table. EXEC Privilege mode show mac-address-table [address | aging-time [vlan vlan-id]| count | dynamic | interface | static | vlan] – address: displays the specified entry. – aging-time: displays the configured aging-time.
Setting the MAC Learning Limit To set a MAC learning limit on an interface, use the following command. • Specify the number of MAC addresses that the system can learn off a Layer 2 interface. INTERFACE mode mac learning-limit address_limit Three options are available with the mac learning-limit command: – dynamic – no-station-move – station-move NOTE: An SNMP trap is available for mac learning-limit station-move. No other SNMP traps are available for MAC Learning Limit, including limit violations.
mac learning-limit no-station-move The no-station-move option, also known as “sticky MAC,” provides additional port security by preventing a station move. When you configure this option, the first entry in the table is maintained instead of creating an entry on the new interface. nostation-move is the default behavior. Entries created before you set this option are not affected. To display a list of all interfaces with a MAC learning limit, use the following command.
station-move-violation shutdown-offending • Shut down both the first and second port to learn the MAC address. INTERFACE mode station-move-violation shutdown-both • Display a list of all of the interfaces configured with MAC learning limit or station move violation. CONFIGURATION mode show mac learning-limit violate-action NOTE: When the MAC learning limit (MLL) is configured as no-station-move, the MLL will be processed as static entries internally.
Figure 62. Redundant NICs with NIC Teaming When you use NIC teaming, consider that the server MAC address is originally learned on Port 0/1 of the switch (shown in the following) and Port 0/5 is the failover port. When the NIC fails, the system automatically sends an ARP request for the gateway or host NIC to resolve the ARP and refresh the egress interface.
(as shown in the following illustration). The redundant pairs feature allows you to create redundant links in networks that do not use STP by configuring backup interfaces for the interfaces on either side of the primary link. NOTE: For more information about STP, refer to Spanning Tree Protocol (STP). Assign a backup interface to an interface using the switchport backup command. The backup interface remains in a Down state until the primary fails, at which point it transitions to Up state.
In a redundant pair, any combination of physical and port-channel interfaces is supported as the two interfaces in a redundant pair. For example, you can configure a static (without LACP) or dynamic (with LACP) port-channel interface as either the primary or backup link in a redundant pair with a physical interface.
LAG Mode Status Uptime Ports 1 L2 up 00:08:33 Te 1/1 (Up) 2 L2 up 00:00:02 Te 2/1 (Up) Dell#configure Dell(conf)#interface port-channel 1 Dell(conf-if-po-1)#switchport backup interface port-channel 2 Apr 9 00:15:13: %STKUNIT0-M:CP %IFMGR-5-L2BKUP_WARN: Do not run any Layer2 protocols on Po 1 and Po 2 Apr 9 00:15:13: %STKUNIT0-M:CP %IFMGR-5-OSTATE_DN: Changed interface state to down: Po 2 Apr 9 00:15:13: %STKUNIT0-M:CP %IFMGR-5-STATE_ACT_STBY: Changed interface state to standby: Po 2 Dell(conf-if-po-1)# Dell
The report consists of several packets in SNAP format that are sent to the nearest known MAC address. In the event of a far-end failure, the device stops receiving frames and, after the specified time interval, assumes that the far-end is not available. The connecting line protocol is brought down so that upper layer protocols can detect the neighbor unavailability faster. FEFD State Changes FEFD has two operational modes, Normal and Aggressive.
• Enable FEFD globally on all interfaces. CONFIGURATION mode fefd-global To report interval frequency and mode adjustments, use the following commands. 1. Setup two or more connected interfaces for Layer 2 or Layer 3. INTERFACE mode ip address ip address, switchport 2. Activate the necessary ports administratively. INTEFACE mode no shutdown 3. Enable fefd globally.
To set up and activate two or more connected interfaces, use the following commands. 1. Setup two or more connected interfaces for Layer 2 or Layer 3. INTERFACE mode ip address ip address, switchport 2. Activate the necessary ports administratively. INTERFACE mode no shutdown 3.
Sender info -- Mgmt Mac(00:01:e8:14:89:25), Slot-Port-Subport(Te 1/1/1) Peer info -- Mgmt Mac (00:01:e8:14:89:25), Slot-Port-Subport(Te 4/1/1) Sender hold time -- 3 (second) An RPM Failover In the event that an RPM failover occurs, FEFD becomes operationally down on all enabled ports for approximately 8-10 seconds before automatically becoming operational again. 02-05-2009 12:40:38 Local7.Debug 10.16.151.12 Feb 5 07:06:09: %RPM1-S:CP %RAM-6-FAILOVER_REQ: RPM failover request from active peer: User request.
26 Link Layer Discovery Protocol (LLDP) The link layer discovery protocol (LLDP) is supported on Dell Networking OS. 802.1AB (LLDP) Overview LLDP — defined by IEEE 802.1AB — is a protocol that enables a local area network (LAN) device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN infrastructure devices.
Type TLV Description 2 Port ID An administratively assigned name that identifies a port through which TLVs are sent and received. 3 Time to Live An administratively assigned name that identifies a port through which TLVs are sent and received. — Optional Includes sub-types of TLVs that advertise specific configuration information. These sub-types are Management TLVs, IEEE 802.1, IEEE 802.3, and TIA-1057 Organizationally Specific TLVs. Figure 67.
IEEE Organizationally Specific TLVs Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Networking system to advertise any or all of these TLVs. Table 41. Optional TLV Types Type TLV Description 4 Port description A user-defined alphanumeric string that describes the port. Dell Networking OS does not currently support this TLV.
Type TLV Description 127 Link Aggregation Indicates whether the link is capable of being aggregated, whether it is currently in a LAG, and the port identification of the LAG. Dell Networking OS does not currently support this TLV. 127 Maximum Frame Size Indicates the maximum frame size capability of the MAC and PHY.
Type SubType TLV Description 127 3 Location Identification Indicates that the physical location of the device expressed in one of three possible formats: • • • 127 4 Inventory Management TLVs Implementation of this set of TLVs is optional in LLDP-MED devices. None or all TLVs must be supported. Dell Networking OS does not currently support these TLVs.
Figure 69. LLDP-MED Capabilities TLV Table 43. Dell Networking OS LLDP-MED Capabilities Bit Position TLV Dell Networking OS Support 0 LLDP-MED Capabilities Yes 1 Network Policy Yes 2 Location Identification Yes 3 Extended Power via MDI-PSE Yes 4 Extended Power via MDI-PD No 5 Inventory No 6–15 reserved No Table 44.
Table 45. Network Policy Applications Type Application Description 0 Reserved — 1 Voice Specify this application type for dedicated IP telephony handsets and other appliances supporting interactive voice services. 2 Voice Signaling Specify this application type only if voice control packets use a separate network policy than voice data.
Figure 71. Extended Power via MDI TLV Configure LLDP Configuring LLDP is a two-step process. 1. Enable LLDP globally. 2. Advertise TLVs out of an interface. Related Configuration Tasks • Viewing the LLDP Configuration • Viewing Information Advertised by Adjacent LLDP Agents • Configuring LLDPDU Intervals • Configuring Transmit and Receive Mode • Configuring a Time to Live • Debugging LLDP Important Points to Remember • LLDP is enabled by default.
multiplier no show LLDP multiplier configuration Negate a command or set its defaults Show LLDP configuration Dell(conf-lldp)#exit Dell(conf)#interface tengigabitethernet 1/3/1 Dell(conf-if-te-1/3/1)#protocol lldp Dell(conf-if-te-1/3/1-lldp)#? advertise Advertise TLVs disable Disable LLDP protocol on this interface end Exit from configuration mode exit Exit from LLDP configuration mode hello LLDP hello configuration mode LLDP mode configuration (default = rx and tx) multiplier LLDP multiplier configuratio
Disabling and Undoing LLDP on Management Ports To disable or undo LLDP on management ports, use the following command. 1. Enter Protocol LLDP mode. CONFIGURATION mode. protocol lldp 2. Enter LLDP management-interface mode. LLDP-MANAGEMENT-INTERFACE mode. management-interface 3. Enter the disable command. LLDP-MANAGEMENT-INTERFACE mode. To undo an LLDP management port configuration, precede the relevant command with the keyword no.
– voice – voice-signaling In the following example, LLDP is enabled globally. R1 and R2 are transmitting periodic LLDPDUs that contain management, 802.1, and 802.3 TLVs. Figure 72. Configuring LLDP Viewing the LLDP Configuration To view the LLDP configuration, use the following command. • Display the LLDP configuration.
Viewing Information Advertised by Adjacent LLDP Agents To view brief information about adjacent devices or to view all the information that neighbors are advertising, use the following commands. • • Display brief information about adjacent devices. show lldp neighbors Display all of the information that neighbors are advertising.
• Configure a non-default transmit interval.
advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#mode ? rx Rx only tx Tx only R1(conf-lldp)#mode tx R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description mode tx no disable R1(conf-lldp)#no mode R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size adverti
no disable R1(conf-lldp)# Debugging LLDP You can view the TLVs that your system is sending and receiving. To view the TLVs, use the following commands. • View a readable version of the TLVs. debug lldp brief • View a readable version of the TLVs plus a hexadecimal version of the entire LLDPDU. debug lldp detail Figure 73. The debug lldp detail Command — LLDPDU Packet Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802.1AB MIB objects.
Table 46. LLDP Configuration MIB Objects MIB Object Category LLDP Variable LLDP MIB Object Description LLDP Configuration adminStatus lldpPortConfigAdminStatus Whether you enable the local LLDP agent for transmit, receive, or both. msgTxHold lldpMessageTxHoldMultiplier Multiplier value. msgTxInterval lldpMessageTxInterval Transmit Interval value. rxInfoTTL lldpRxInfoTTL Time to live for received TLVs. txInfoTTL lldpTxInfoTTL Time to live for transmitted TLVs.
TLV Type TLV Name TLV Variable System LLDP MIB Object 4 Port Description port description Local lldpLocPortDesc Remote lldpRemPortDesc Local lldpLocSysName Remote lldpRemSysName Local lldpLocSysDesc Remote lldpRemSysDesc Local lldpLocSysCapSupported Remote lldpRemSysCapSupported Local lldpLocSysCapEnabled Remote lldpRemSysCapEnabled Local lldpLocManAddrLen Remote lldpRemManAddrLen Local lldpLocManAddrSubtype Remote lldpRemManAddrSubtype Local lldpLocManAddr Remote lldp
TLV Type 127 TLV Name VLAN Name TLV Variable System LLDP MIB Object PPVID Local lldpXdot1LocProtoVlanId Remote lldpXdot1RemProtoVlanId Local lldpXdot1LocVlanId Remote lldpXdot1RemVlanId Local lldpXdot1LocVlanName Remote lldpXdot1RemVlanName Local lldpXdot1LocVlanName Remote lldpXdot1RemVlanName VID VLAN name length VLAN name Table 49.
TLV Sub-Type TLV Name TLV Variable DSCP Value 3 Location Identifier Location Data Format Location ID Data 4 Extended Power via MDI Power Device Type Power Source System LLDP-MED MIB Object Remote lldpXMedRemMediaPolicy Priority Local lldpXMedLocMediaPolicy Dscp Remote lldpXMedRemMediaPolicy Dscp Local lldpXMedLocLocationSubt ype Remote lldpXMedRemLocationSub type Local lldpXMedLocLocationInfo Remote lldpXMedRemLocationInfo Local lldpXMedLocXPoEDevice Type Remote lldpXMedRemXPo
27 Microsoft Network Load Balancing This functionality is supported on Dell Networking OS. Network Load Balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems. NLB uses a distributed methodology or pattern to equally split and balance the network traffic load across a set of servers that are part of the cluster or group.
In the multicast NLB mode, a static ARP configuration command is configured to associate the cluster IP address with a multicast cluster MAC address. With multicast NLB mode, the data is forwarded to all the servers based on the port specified using the Layer 2 multicast command, which is the mac-address-table static multicast vlan output-range , command in CONFIGURATION mode.
Configuring a Switch for NLB This functionality is supported on the platform. To enable a switch for unicast NLB mode of functioning, perform the following steps: Enter the ip vlan-flooding command to specify that all Layer 3 unicast routed data traffic, going through a VLAN member port, needs to be flooded across all the member ports of that VLAN.
28 Multicast Source Discovery Protocol (MSDP) Multicast source discovery protocol (MSDP) is supported on Dell Networking OS. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context of MSDP is a contiguous set of routers operating PIM within a common boundary defined by an exterior gateway protocol, such as border gateway protocol (BGP).
Figure 75. MSDP SA Message Format Anycast RP Using MSDP, anycast RP provides load sharing and redundancy in PIM-SM networks. Anycast RP allows two or more rendezvous points (RPs) to share the load for source registration and the ability to act as hot backup routers for each other. Anycast RP allows you to configure two or more RPs with the same IP address on Loopback interfaces. The Anycast RP Loopback address are configured with a 32-bit mask, making it a host address.
3. Enable MSDP. 4. Peer the RPs in each routing domain with each other. Refer to Enable MSDP. Related Configuration Tasks The following lists related MSDP configuration tasks.
Figure 76.
Figure 77.
Figure 78.
Figure 79. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. 1. Enable MSDP. CONFIGURATION mode ip multicast-msdp 2. Peer PIM systems in different administrative domains. CONFIGURATION mode ip msdp peer connect-source Examples of Configuring and Viewing MSDP R3_E600(conf)#ip multicast-msdp R3_E600(conf)#ip msdp peer 192.168.0.
Peer Addr Description Local Addr State Source SA Up/Down To view details about a peer, use the show ip msdp peer command in EXEC privilege mode. Multicast sources in remote domains are stored on the RP in the source-active cache (SA cache). The system does not create entries in the multicast routing table until there is a local receiver for the corresponding multicast group. R3_E600#show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 192.168.0.
If the total number of active sources is already larger than the limit when limiting is applied, the sources that are already in Dell Networking OS are not discarded. To enforce the limit in such a situation, use the clear ip msdp sa-cache command to clear all existing entries. Clearing the Source-Active Cache To clear the source-active cache, use the following command. • Clear the SA cache of all, local, or rejected entries, or entries for a specific group.
Figure 80.
Figure 81.
Figure 82.
Figure 83. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command. • Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check. CONFIGURATION mode ip msdp default-peer ip-address list If you do not specify an access list, the peer accepts all sources that peer advertises. All sources from RPs that the ACL denies are subject to the normal RPF check.
GroupAddr 229.0.50.2 229.0.50.3 229.0.50.4 SourceAddr 24.0.50.2 24.0.50.3 24.0.50.4 RPAddr 200.0.0.50 200.0.0.50 200.0.0.50 LearnedFrom 10.0.50.2 10.0.50.2 10.0.50.2 Dell#ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 3 rejected SAs received, cache-size 32766 UpTime GroupAddr SourceAddr RPAddr 00:33:18 229.0.50.64 24.0.50.64 200.0.1.50 00:33:18 229.0.50.65 24.0.50.65 200.0.1.50 00:33:18 229.0.50.66 24.0.50.66 200.0.1.50 Expire 73 73 73 UpTime 00:13:49 00:13:49 00:13:49 LearnedFrom 10.0.50.2 10.
seq 10 deny ip any any R1_E600(conf)#do show ip msdp sa-cache R1_E600(conf)#do show ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 1 rejected SAs received, cache-size 1000 UpTime GroupAddr SourceAddr RPAddr LearnedFrom 00:02:20 239.0.0.1 10.11.4.2 192.168.0.1 local Reason Redistribute Preventing MSDP from Caching a Remote Source To prevent MSDP from caching a remote source, use the following commands. 1. OPTIONAL: Cache sources that the SA filter denies in the rejected SA cache.
Example of Verifying the System is not Advertising Local Sources In the following example, R1 stops advertising source 10.11.4.2. Because it is already in the SA cache of R3, the entry remains there until it expires. [Router 1] R1_E600(conf)#do show run msdp ! ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 0 ip msdp sa-filter out 192.168.0.3 list mylocalfilter R1_E600(conf)#do show run acl ! ip access-list extended mylocalfilter seq 5 deny ip host 239.0.0.1 host 10.11.4.
SAs learned from this peer: 0 SA Filtering: Input (S,G) filter: myremotefilter Output (S,G) filter: none [Router 1] R1_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.3 Local Addr: 0.0.0.0(0) Connect Source: Lo 0 State: Inactive Up/Down Time: 00:00:03 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 0/0 SAs learned from this peer: 0 SA Filtering: Clearing Peer Statistics To clear the peer statistics, use the following command.
03:16:09 : MSDP-0: Peer 192.168.0.3, 03:16:27 : MSDP-0: Peer 192.168.0.3, 03:16:38 : MSDP-0: Peer 192.168.0.3, 03:16:39 : MSDP-0: Peer 192.168.0.3, 03:17:09 : MSDP-0: Peer 192.168.0.3, 03:17:10 : MSDP-0: Peer 192.168.0.3, 03:17:27 : MSDP-0: Peer 192.168.0.
Figure 84. MSDP with Anycast RP Configuring Anycast RP To configure anycast RP, use the following commands. 1. In each routing domain that has multiple RPs serving a group, create a Loopback interface on each RP serving the group with the same IP address. CONFIGURATION mode interface loopback 2. Make this address the RP for the group. CONFIGURATION mode ip pim rp-address 3.
CONFIGURATION mode ip msdp peer 5. Advertise the network of each of the unique Loopback addresses throughout the network. ROUTER OSPF mode network Reducing Source-Active Message Flooding RPs flood source-active messages to all of their peers away from the RP. When multiple RPs exist within a domain, the RPs forward received active source information back to the originating RP, which violates the RFP rule. You can prevent this unnecessary flooding by creating a mesh-group.
network 10.11.1.0/24 area 0 network 10.11.3.0/24 area 0 network 192.168.0.11/32 area 0 ! ip ip ip ip ip multicast-msdp msdp peer 192.168.0.3 connect-source Loopback 1 msdp peer 192.168.0.22 connect-source Loopback 1 msdp mesh-group AS100 192.168.0.22 msdp originator-id Loopback 1! ip pim rp-address 192.168.0.1 group-address 224.0.0.0/4 The following example shows an R2 configuration for MSDP with Anycast RP. ip multicast-routing ! interface TenGigabitEthernet 2/1/1 ip pim sparse-mode ip address 10.11.4.
ip pim sparse-mode ip address 10.11.0.32/24 no shutdown interface TenGigabitEthernet 3/41/1 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown ! router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.3/32 area 0 redistribute static redistribute connected redistribute bgp 200 ! router bgp 200 redistribute ospf 1 neighbor 192.168.0.22 remote-as 100 neighbor 192.168.0.22 ebgp-multihop 255 neighbor 192.168.0.
ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! router ospf 1 network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 192.168.0.1/32 area 0 network 10.11.3.0/24 area 0 ! ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 0 ! ip pim rp-address 192.168.0.1 group-address 224.0.0.0/4 ip multicast-routing ! interface TenGigabitEthernet 2/1/1 ip pim sparse-mode ip address 10.11.4.1/24 no shutdown ! interface TenGigabitEthernet 2/11/1 ip pim sparse-mode ip address 10.11.1.
ip address 10.11.80.3/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown ! router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.3/32 area 0 redistribute static redistribute connected redistribute bgp 200 ! router bgp 200 redistribute ospf 1 neighbor 192.168.0.2 remote-as 100 neighbor 192.168.0.2 ebgp-multihop 255 neighbor 192.168.0.2 update-source Loopback 0 neighbor 192.168.0.2 no shutdown ! ip multicast-msdp ip msdp peer 192.168.0.
29 Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) is supported on Dell Networking OS. Protocol Overview MSTP — specified in IEEE 802.1Q-2003 — is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves on per-VLAN spanning tree plus (PVST+). MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances.
Spanning Tree Variations The Dell Networking OS supports four variations of spanning tree, as shown in the following table. Table 50. Spanning Tree Variations Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w Multiple Spanning Tree Protocol (MSTP) 802 .1s Per-VLAN Spanning Tree Plus (PVST+) Third Party Implementation Information The following describes the MSTP implementation information.
Enable Multiple Spanning Tree Globally MSTP is not enabled by default. To enable MSTP globally, use the following commands. When you enable MSTP, all physical, VLAN, and port-channel interfaces that are enabled and in Layer 2 mode are automatically part of the MSTI 0. • Within an MSTI, only one path from any bridge to any other bridge is enabled. • Bridges block a redundant path by disabling one of the link ports. 1. Enter PROTOCOL MSTP mode. CONFIGURATION mode protocol spanning-tree mstp 2.
Dell(conf-mstp)#msti 2 vlan 200-300 Dell(conf-mstp)#show config ! protocol spanning-tree mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200-300 All bridges in the MSTP region must have the same VLAN-to-instance mapping. To view which instance a VLAN is mapped to, use the show spanning-tree mst vlan command from EXEC Privilege mode.
The range is from 0 to 61440, in increments of 4096. The default is 32768. Example of Assigning and Verifying the Root Bridge Priority By default, the simple configuration shown previously yields the same forwarding path for both MSTIs. The following example shows how R3 is assigned bridge priority 0 for MSTI 2, which elects a different root bridge than MSTI 2. To view the bridge priority, use the show config command from PROTOCOL MSTP mode.
MST region name: my-mstp-region Revision: 0 MSTI VID 1 100 2 200-300 Modifying Global Parameters The root bridge sets the values for forward-delay, hello-time, max-age, and max-hops and overwrites the values set on other MSTP bridges. • Forward-delay — the amount of time an interface waits in the Listening state and the Learning state before it transitions to the Forwarding state. • Hello-time — the time interval in which the bridge sends MSTP bridge protocol data units (BPDUs).
Example of the forward-delay Parameter To view the current values for MSTP parameters, use the show running-config spanning-tree mstp command from EXEC privilege mode.
To view the current values for these interface parameters, use the show config command from INTERFACE mode. Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner. In this mode, an interface forwards frames by default until it receives a BPDU that indicates that it should behave otherwise; it does not go through the Learning and Listening states.
To view the enable status of this feature, use the show running-config spanning-tree mstp command from EXEC Privilege mode. MSTP Sample Configurations The running-configurations support the topology shown in the following illustration. The configurations are from Dell Networking OS systems. Figure 86. MSTP with Three VLANs Mapped to Two Spanning Tree Instances Router 1 Running-Configuration This example uses the following steps: 1.
! interface Vlan 200 no ip address tagged TenGigabitEthernet 1/21,31/1 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 1/21,31/1 no shutdown Router 2 Running-Configuration This example uses the following steps: 1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2. Assign Layer-2 interfaces to the MSTP topology. 3. Create VLANs mapped to MSTP instances tag interfaces to the VLANs.
MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 ! (Step 2) interface TenGigabitEthernet 3/11/1 no ip address switchport no shutdown ! interface TenGigabitEthernet 3/21/1 no ip address switchport no shutdown ! (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 3/11/1,21/1 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 3/11/1,21/1 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 3/11/1,21/1 no shutdown SFTOS Example Running-Configuration This example us
tagged 1/0/31 tagged 1/0/32 exit interface vlan 300 tagged 1/0/31 tagged 1/0/32 exit Debugging and Verifying MSTP Configurations To debut and verify MSTP configuration, use the following commands. • Display BPDUs. EXEC Privilege mode debug spanning-tree mstp bpdu • Display MSTP-triggered topology change messages.
The following example shows viewing the debug log of a successful MSTP configuration. Dell#debug spanning-tree mstp bpdu MSTP debug bpdu is ON Dell# 4w0d4h : MSTP: Sending BPDU on Te 2/21/1 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x6e CIST Root Bridge Id: 32768:0001.e806.953e, Ext Path Cost: 0 Regional Bridge Id: 32768:0001.e806.
30 Multicast Features Multicast features are supported on Dell Networking OS. NOTE: Multicast is supported on secondary IP addresses on the platform. NOTE: Multicast routing for IPv6 is not supported. NOTE: Multicast routing is supported across default and non-default VRFs.
Protocol Ethernet Address PIM-SM 01:00:5e:00:00:0d • The Dell Networking OS implementation of MTRACE is in accordance with IETF draft draft-fenner-traceroute-ipm. • Multicast is not supported on secondary IP addresses. • Egress L3 ACL is not applied to multicast data traffic if you enable multicast routing. Multicast Policies Dell Networking OS offers parallel multicast features for IPv4. • IPv4 Multicast Policies IPv4 Multicast Policies The following sections describe IPv4 multicast policies.
NOTE: The IN-L3-McastFib CAM partition is used to store multicast routes and is a separate hardware limit that exists per port-pipe. Any software-configured limit may supersede by this hardware space limitation. The opposite is also true, the CAM partition might not be exhausted at the time the system-wide route limit the ip multicast-limit command sets is reached. Preventing a Host from Joining a Group You can prevent a host from joining a particular group by blocking specific IGMP reports.
Figure 87. Preventing a Host from Joining a Group Table 52. Preventing a Host from Joining a Group — Description Location Description 1/21/1 • • • • Interface TenGigabitEthernet 1/21/1 ip pim sparse-mode ip address 10.11.12.1/24 no shutdown 1/31/1 • • • • Interface TenGigabitEthernet 1/31/1 ip pim sparse-mode ip address 10.11.13.1/24 no shutdown 2/1/1 • • • Interface TenGigabitEthernet 2/1/1 ip pim sparse-mode ip address 10.11.1.
Location Description • no shutdown 2/11/1 • • • • Interface TenGigabitEthernet 2/11/1 ip pim sparse-mode ip address 10.11.12.2/24 no shutdown 2/31/1 • • • • Interface TenGigabitEthernet 2/31/1 ip pim sparse-mode ip address 10.11.23.1/24 no shutdown 3/1/1 • • • • Interface TenGigabitEthernet 3/1/1 ip pim sparse-mode ip address 10.11.5.1/24 no shutdown 3/11/1 • • • • Interface TenGigabitEthernet 3/11/1 ip pim sparse-mode ip address 10.11.13.
Setting a Threshold for Switching to the SPT The functionality to specify a threshold for switchover to the shortest path trees (SPTs) is available on the platform. After a receiver receives traffic from the RP, PM-SM switches to SPT to forward multicast traffic. Every multicast group has an RP and a unidirectional shared tree (group-specific shared tree).
Figure 88. Preventing a Source from Transmitting to a Group Table 54. Preventing a Source from Transmitting to a Group — Description Location Description 1/21/1 • • • • Interface TenGigabitEthernet 1/21/1 ip pim sparse-mode ip address 10.11.12.1/24 no shutdown 1/31/1 • • • • Interface TenGigabitEthernet 1/31/1 ip pim sparse-mode ip address 10.11.13.1/24 no shutdown 2/1/1 • • • Interface TenGigabitEthernet 2/1/1 ip pim sparse-mode ip address 10.11.1.
Location Description • no shutdown 2/11/1 • • • • Interface TenGigabitEthernet 2/11/1 ip pim sparse-mode ip address 10.11.12.2/24 no shutdown 2/31/1 • • • • Interface TenGigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.23.1/24 no shutdown 3/1/1 • • • • Interface TenGigabitEthernet 3/1/1 ip pim sparse-mode ip address 10.11.5.1/24 no shutdown 3/11/1 • • • • Interface TenGigabitEthernet 3/11/1 ip pim sparse-mode ip address 10.11.13.
NOTE: When you configure a join filter that filter is applicable for both ingress and egress flows. There is no option to specify in or out parameters while configuring a join filter.
31 Object Tracking IPv4/IPv6 object tracking is available on Dell Networking OS. Object tracking allows the Dell Networking Operating System (OS) client processes, such as virtual router redundancy protocol (VRRP), to monitor tracked objects (for example, interface or link status) and take appropriate action when the state of an object changes. NOTE: In Dell Networking OS release version 8.4.1.0, object tracking is supported only on VRRP.
Figure 89. Object Tracking Example When you configure a tracked object, such as an IPv4/IPv6 a route or interface, you specify an object number to identify the object. Optionally, you can also specify: • UP and DOWN thresholds used to report changes in a route metric. • A time delay before changes in a tracked object’s state are reported to a client. Track Layer 2 Interfaces You can create an object to track the line-protocol state of a Layer 2 interface.
A tracked route matches a route in the routing table only if the exact address and prefix length match an entry in the routing table. For example, when configured as a tracked route, 10.0.0.0/24 does not match the routing table entry 10.0.0.0/8. If no route-table entry has the exact address and prefix length, the tracked route is considered to be DOWN.
If you do not configure a delay, a notification is sent immediately as soon as a change in the state of a tracked object is detected. The time delay in communicating a state change is specified in seconds. VRRP Object Tracking As a client, VRRP can track up to 20 objects (including route entries, and Layer 2 and Layer 3 interfaces) in addition to the 12 tracked interfaces supported for each VRRP group. You can assign a unique priority-cost value from 1 to 254 to each tracked VRRP object or group interface.
Valid delay times are from 0 to 180 seconds. The default is 0. 3. (Optional) Identify the tracked object with a text description. OBJECT TRACKING mode description text The text string can be up to 80 characters. 4. (Optional) Display the tracking configuration and the tracked object’s status.
Valid object IDs are from 1 to 65535. 2. (Optional) Configure the time delay used before communicating a change in the status of a tracked interface. OBJECT TRACKING mode delay {[up seconds] [down seconds]} Valid delay times are from 0 to 180 seconds. The default is 0. 3. (Optional) Identify the tracked object with a text description. OBJECT TRACKING mode description text The text string can be up to 80 characters. 4. (Optional) Display the tracking configuration and the tracked object’s status.
• By the reachability of the route's next-hop router. The UP/DOWN state of the route is determined by the entry of the next-hop address in the ARP cache. A tracked route is considered to be reachable if there is an ARP cache entry for the route's next-hop address. If the next-hop address in the ARP cache ages out for a route tracked for its reachability, an attempt is made to regenerate the ARP cache entry to see if the nexthop address appears before considering the route DOWN.
The default is 0. 3. (Optional) Identify the tracked object with a text description. OBJECT TRACKING mode description text The text string can be up to 80 characters. 4. (Optional) Display the tracking configuration and the tracked object’s status. EXEC Privilege mode show track object-id Example of the track ip route reachability Command Example of the track ipv6 route reachability Command Dell(conf)#track 104 ip route 10.0.0.
Enter an IPv4 address in dotted decimal format. Valid IPv4 prefix lengths are from /0 to /32. Enter an IPv6 address in X:X:X:X::X format. Valid IPv6 prefix lengths are from /0 to /128. (Optional) E-Series only: For an IPv4 route, you can enter a VRF name. 3. (Optional) Configure the time delay used before communicating a change in the UP and/or DOWN status of a tracked route. OBJECT TRACKING mode delay {[up seconds] [down seconds]} Valid delay times are from 0 to 180 seconds. The default is 0. 4.
• Display the configuration and status of currently tracked Layer 2 or Layer 3 interfaces, IPv4 or IPv6 routes, and a VRF instance. show track [object-id [brief] | interface [brief] [vrf vrf-name] | ip route [brief] [vrf vrf-name] | resolution | vrf vrf-name [brief] | brief] • Use the show running-config track command to display the tracking configuration of a specified object or all objects that are currently configured on the router.
3 changes, last change 00:02:39 First-hop interface is GigabitEthernet 13/4 Dell#show running-config track track 1 ip route 23.0.0.0/8 reachability track 2 ipv6 route 2040::/64 metric threshold delay down 3 delay up 5 threshold metric up 200 track 3 ipv6 route 2050::/64 reachability track 4 interface GigabitEthernet 13/4 ip routing track 5 ip route 192.168.0.
32 Open Shortest Path First (OSPFv2 and OSPFv3) Open shortest path first (OSPFv2 for IPv4) and OSPF version 3 (OSPF for IPv6) are supported on Dell Networking OS. This chapter provides a general description of OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Dell Networking Operating System (OS). NOTE: The fundamental mechanisms of OSPF (flooding, DR election, area support, SPF calculations, and so on) are the same between OSPFv2 and OSPFv3.
Figure 90. Autonomous System Areas Area Types The backbone of the network is Area 0. It is also called Area 0.0.0.0 and is the core of any AS. All other areas must connect to Area 0. Areas can be defined in such a way that the backbone is not contiguous. In this case, backbone connectivity must be restored through virtual links. Virtual links are configured between any backbone routers that share a link to a non-backbone area and function as if they were direct links.
Networks and Neighbors As a link-state protocol, OSPF sends routing information to other OSPF routers concerning the state of the links between them. The state (up or down) of those links is important. Routers that share a link become neighbors on that segment. OSPF uses the Hello protocol as a neighbor discovery and keep alive mechanism. After two routers are neighbors, they may proceed to exchange and synchronize their databases, which creates an adjacency.
Figure 91. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example. Area Border Router (ABR) Within an AS, an area border router (ABR) connects one or more areas to the backbone.
Autonomous System Border Router (ASBR) The autonomous system border area router (ASBR) connects to more than one AS and exchanges information with the routers in other ASs. Generally, the ASBR connects to a non-interior gate protocol (IGP) such as BGP or uses static routes. Internal Router (IR) The internal router (IR) has adjacencies with ONLY routers in the same area, as Router E, M, and I shown in the previous example.
For all LSA types, there are 20-byte LSA headers. One of the fields of the LSA header is the link-state ID. Each router link is defined as one of four types: type 1, 2, 3, or 4. The LSA includes a link ID field that identifies, by the network number and mask, the object this link connects to. Depending on the type, the link ID has different meanings. • 1: point-to-point connection to another router/neighboring router. • 2: connection to a transit network IP address of the DR.
Figure 92. Priority and Cost Examples OSPF with Dell Networking OS Dell Networking OS supports up to 10,000 OSPF routes for OSPFv2. Within that 10,000 routes, you can designate up to 8,000 routes as external and up to 2,000 as inter/intra area routes. Dell Networking OS version 9.4(0.0) and later support only one OSPFv2 process per VRF. Dell Networking OS version 9.7(0.0) and later support OSPFv3 in VRF. Also, on OSPFv3, Dell Networking OS supports only one OSPFv3 process per VRF.
Graceful Restart When a router goes down without a graceful restart, there is a possibility for loss of access to parts of the network due to ongoing network topology changes. Additionally, LSA flooding and reconvergence can cause substantial delays. It is, therefore, desirable that the network maintains a stable topology if it is possible for data flow to continue uninterrupted.
Fast Convergence (OSPFv2, IPv4 Only) Fast convergence allows you to define the speeds at which LSAs are originated and accepted, and reduce OSPFv2 end-to-end convergence time. Dell Networking OS allows you to accept and originate LSAa as soon as they are available to speed up route information propagation. NOTE: The faster the convergence, the more frequent the route calculations and updates. This impacts CPU utilization and may impact adjacency stability in larger topologies.
aid:1500 chk:0xdbee aut:0 auk: keyid:0 from:Vl 1000 LSType:Type-5 AS External id:160.1.1.0 adv:6.1.0.0 seq:0x8000000c LSType:Type-5 AS External id:160.1.2.0 adv:6.1.0.0 seq:0x8000000c 00:10:41 : OSPF(1000:00): Rcv. v:2 t:5(LSAck) l:64 Acks 2 rid:2.2.2.2 aid:1500 chk:0xdbee aut:0 auk: keyid:0 from:Vl 100 LSType:Type-5 AS External id:160.1.1.0 adv:6.1.0.0 seq:0x8000000c LSType:Type-5 AS External id:160.1.2.0 adv:6.1.0.0 seq:0x8000000c 00:10:41 : OSPF(1000:00): Rcv. v:2 t:4(LSUpd) l:100 rid:6.1.0.
Internet Address 20.0.0.1/24, Area 0 Process ID 10, Router ID 1.1.1.2, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 1.1.1.2, Interface address 30.0.0.1 Backup Designated Router (ID) 1.1.1.1, Interface address 30.0.0.2 Timer intervals configured, Hello 20, Dead 80, Wait 20, Retransmit 5 Hello due in 00:00:04 Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 1.1.1.
If implementing multi-process OSPF, create an equal number of Layer 3 enabled interfaces and OSPF process IDs. For example, if you create four OSPFv2 process IDs, you must have four interfaces with Layer 3 enabled. 1. Assign an IP address to an interface. CONFIG-INTERFACE mode ip address ip-address mask The format is A.B.C.D/M. If you are using a Loopback interface, refer to Loopback Interfaces. 2. Enable the interface. CONFIG-INTERFACE mode no shutdown 3.
Example of Viewing the Current OSPFv2 Status Dell#show ip ospf 55555 Routing Process ospf 55555 with ID 10.10.10.10 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Number of area in this router is 0, normal 0 stub 0 nssa 0 Dell# Enabling Multi-Process OSPF (OSPFv2, IPv4 Only) Multi-process OSPF allows multiple OSPFv2 processes on a single router.
CONFIG-ROUTER-OSPF-id mode network ip-address mask area area-id The IP Address Format is A.B.C.D/M. The area ID range is from 0 to 65535 or A.B.C.D/M. Enable OSPFv2 on Interfaces Enable and configure OSPFv2 on each interface (configure for Layer 3 protocol), and not shutdown. You can also assign OSPFv2 to a Loopback interface as a virtual interface. OSPF functions and features, such as MD5 Authentication, Grace Period, Authentication Wait Time, are assigned on a per interface basis.
Backup Designated Router (ID) 11.1.2.1, Interface address 10.2.3.1 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:05 Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 13.1.1.1 (Designated Router) Dell> Loopback interfaces also help the OSPF process. OSPF picks the highest interface address as the router-id and a Loopback interface address has a higher precedence than other interface addresses.
Area ID is the number or IP address assigned when creating the area. Example of the show ip ospf database database-summary Command To view which LSAs are transmitted, use the show ip ospf database process-id database-summary command in EXEC Privilege mode. Dell#show ip ospf 34 database database-summary OSPF Router with ID (10.1.2.100) (Process ID 34) Area 2.2.2.2 3.3.3.
TenGigabitEthernet 2/1/1 is up, line protocol is down Internet Address 10.1.3.100/24, Area 2.2.2.2 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.1.2.100, Interface address 10.1.3.100 Backup Designated Router (ID) 0.0.0.0, Interface address 0.0.0.
SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Convergence Level 0 Min LSA origination 5 secs, Min LSA arrival 1 secs Number of area in this router is 0, normal 0 stub 0 nssa 0 Dell# Changing OSPFv2 Parameters on Interfaces In Dell Networking OS, you can modify the OSPF settings on the interfaces. Some interface parameter values must be consistent across all interfaces to avoid routing errors.
– seconds: the range is from 1 to 65535 (the default is 5 seconds). • The retransmit interval must be the same on all routers in the OSPF network. Change the wait period between link state update packets sent out the interface. CONFIG-INTERFACE mode ip ospf transmit-delay seconds – seconds: the range is from 1 to 65535 (the default is 1 second). The transmit delay must be the same on all routers in the OSPF network.
does not take effect immediately after the authentication change wait timer expires; OSPF accepts both the old as well as new authentication schemes for a time period that is equal to two times the configured authentication change wait timer. After this time period, OSPF accepts only the new authentication scheme. This transmission stops when the period ends. The default is 0 seconds. Enabling OSPFv2 Graceful Restart Graceful restart is enabled for the global OSPF process.
To disable OSPFv2 graceful-restart after you have enabled it, use the no graceful-restart grace-period command in CONFIG-ROUTEROSPF- id mode. The command returns OSPF graceful-restart to its default state. NOTE: The Helper mode is enabled by default on the device. To enable the restart mode also on the device, you must configure the grace period using the graceful-restart grace-period command. After you enable restart mode the router advertises the neighbor as fully adjacent during a restart.
Redistributing Routes You can add routes from other routing instances or protocols to the OSPF process. With the redistribute command, you can include RIP, static, or directly connected routes in the OSPF process. NOTE: Do not route iBGP routes to OSPF unless there are route-maps associated with the OSPF redistribution. To redistribute routes, use the following command. • Specify which routes are redistributed into OSPF process.
• show routes To help troubleshoot OSPFv2, use the following commands. • View the summary of all OSPF process IDs enables on the router. EXEC Privilege mode • show running-config ospf View the summary information of the IP routes. EXEC Privilege mode • show ip route summary View the summary information for the OSPF database. EXEC Privilege mode • show ip ospf database View the configuration of OSPF neighbors connected to the local router.
area 2 virtual-link 4.4.4.4 area 2 virtual-link 90.90.90.90 retransmit-interval 300 ! ipv6 router ospf 999 default-information originate always router-id 10.10.10.10 Dell# Sample Configurations for OSPFv2 The following configurations are examples for enabling OSPFv2. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations. You can copy and paste from these examples to your CLI.
interface Loopback 30 ip address 192.168.100.100/24 no shutdown ! interface TenGigabitEthernet 3/1/1 ip address 10.1.13.3/24 no shutdown ! interface TenGigabitEthernet 3/2/1 ip address 10.2.13.3/24 no shutdown OSPF Area 0 — Te 2/1/1 and 2/2/1 router ospf 22222 network 192.168.100.0/24 area 0 network 10.2.21.0/24 area 0 network 10.2.22.0/24 area 0 ! interface Loopback 20 ip address 192.168.100.20/24 no shutdown ! interface TenGigabitEthernet 2/1/1 ip address 10.2.21.
Assigning IPv6 Addresses on an Interface To assign IPv6 addresses to an interface, use the following commands. 1. Assign an IPv6 address to the interface. CONF-INT-type slot/port mode ipv6 address ipv6 address IPv6 addresses are normally written as eight groups of four hexadecimal digits; separate each group by a colon (:). The format is A:B:C::F/128. 2. Bring up the interface.
CONFIGURATION mode no ipv6 router ospf process-id • Reset the OSPFv3 process. EXEC Privilege mode clear ipv6 ospf process Assigning OSPFv3 Process ID and Router ID to a VRF To assign, disable, or reset OSPFv3 on a non-default VRF, use the following commands. • Enable the OSPFv3 process on a non-default VRF and enter OSPFv3 mode. CONFIGURATION mode ipv6 router ospf {process ID}} • The process ID range is from 0 to 65535. Assign the router ID for this OSPFv3 process.
passive-interface {interface slot/port/subport} Interface: identifies the specific interface that is passive. – For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/subport information. – For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. – For a port channel interface, enter the keywords port-channel then a number. – For a VLAN interface, enter the keyword vlan then a number from 1 to 4094.
By default, OSPFv3 graceful restart is disabled and functions only in a helper role to help restarting neighbor routers in their graceful restarts when it receives a Grace LSA. To enable OSPFv3 graceful restart, enter the ipv6 router ospf process-id command to enter OSPFv3 configuration mode. Then configure a grace period using the graceful-restart grace-period command. The grace period is the time that the OSPFv3 neighbors continue to advertise the restarting router as though it is fully adjacent.
show ipv6 ospf database database-summary Examples of the Graceful Restart show Commands The following example shows the show run ospf command. Dell#show run ospf ! router ospf 1 router-id 200.1.1.1 log-adjacency-changes graceful-restart grace-period 180 network 20.1.1.0/24 area 0 network 30.1.1.0/24 area 0 ! ipv6 router ospf 1 log-adjacency-changes graceful-restart grace-period 180 The following example shows the show ipv6 ospf database database-summary command.
OSPFv3 Authentication Using IPsec OSPFv3 uses IPsec to provide authentication for OSPFv3 packets. IPsec authentication ensures security in the transmission of OSPFv3 packets between IPsec-enabled routers. IPsec is a set of protocols developed by the internet engineering task force (IETF) to support secure exchange of packets at the IP layer. IPsec supports two encryption modes: transport and tunnel. • Transport mode — encrypts only the data portion (payload) of each packet, but leaves the header untouched.
• In an OSPFv3 authentication policy: – AH is used to authenticate OSPFv3 headers and certain fields in IPv6 headers and extension headers. – MD5 and SHA1 authentication types are supported; encrypted and unencrypted keys are supported. • In an OSPFv3 encryption policy: – Both encryption and authentication are used. – IPsec security associations (SAs) are supported only in Transport mode (Tunnel mode is not supported).
• Display the security associations set up for OSPFv3 interfaces in authentication policies. show crypto ipsec sa ipv6 Configuring IPsec Encryption on an Interface To configure, remove, or display IPsec encryption on an interface, use the following commands.
The configuration of IPSec authentication on an interface-level takes precedence over an area-level configuration. If you remove an interface configuration, an area authentication policy that has been configured is applied to the interface. • Enable IPSec authentication for OSPFv3 packets in an area. CONF-IPV6-ROUTER-OSPF mode area-id authentication ipsec spi number {MD5 | SHA1} [key-encryption-type] key – area area-id: specifies the area for which OSPFv3 traffic is to be authenticated.
– authentication-algorithm: specifies the authentication algorithm to use for encryption. The valid values are MD5 or SHA1. – key: specifies the text string used in authentication. All neighboring OSPFv3 routers must share key to exchange information. For MD5 authentication, the key must be 32 hex digits (non-encrypted) or 64 hex digits (encrypted). For SHA-1 authentication, the key must be 40 hex digits (non-encrypted) or 80 hex digits (encrypted).
Inbound AH Key Outbound AH Key Transform set : bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97e : bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97e : ah-md5-hmac Crypto IPSec client security policy data Policy name : OSPFv3-0-501 Policy refcount : 1 Inbound ESP SPI : 501 (0x1F5) Outbound ESP SPI : 501 (0x1F5) Inbound ESP Auth Key : bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9ef5706ba8ed8bb5efe91e97eb7c0c30808825fb5 Outbound ESP Auth Key : bbdd96e6eb4828e2e27bc3f9ff541e43faa759c9
Troubleshooting OSPFv3 Dell Networking OS has several tools to make troubleshooting easier. Consider the following information as these are typical issues that interrupt the OSPFv3 process. NOTE: The following troubleshooting section is not meant to be a comprehensive list, only examples of typical troubleshooting checks.
33 Policy-based Routing (PBR) Policy-based Routing (PBR) allows a switch to make routing decisions based on policies applied to an interface.
To enable a PBR, you create a redirect list. Redirect lists are defined by rules, or routing policies.
Ingress and egress Hot Lock PBR allow you to add or delete new rules into an existing policy (already written into CAM) without disruption to traffic flow. Existing entries in CAM are adjusted to accommodate the new entries. Hot Lock PBR is enabled by default. Configuration Task List for Policy-based Routing To enable the PBR: • Create a Redirect List • Create a Rule for a Redirect-list • Create a Track-id list. For complete tracking information, refer to Object Tracking chapter.
FORMAT: 0-255 for IP protocol number, or enter protocol type source ip-address or any or host ip-address is the Source’s IP address FORMAT: A.B.C.D/NN, or ANY or HOST IP address destination ip-address or any or host ip-address is the Destination’s IP address FORMAT: A.B.C.D/NN, or ANY or HOST IP address Delete a rule with the no redirect command.
Dell(conf-redirect-list)#seq 15 redirect Dell(conf-redirect-list)#seq 20 redirect Dell(conf-redirect-list)#show config ! ip redirect-list test seq 10 redirect 10.1.1.2 ip 20.1.1.0/24 seq 15 redirect 10.1.1.3 ip 20.1.1.0/25 seq 20 redirect 10.1.1.3 ip 20.1.1.0/24 Dell(conf-redirect-list)# 10.1.1.3 ip 20.1.1.0/25 any 10.1.1.3 ip 20.1.1.128/24 any any any any NOTE: Starting in release 9.4(0.
redirect-list-name is the name of a redirect list to apply to this interface. FORMAT: up to 16 characters Delete the redirect list from this interface with the [no] ip redirect-group command. In this example, the list “xyz” is applied to the tenGigabitEthernet 2/1/1 interface.
[up], Next-hop reachable (via Vl 20) , Track 200 [up], Next-hop reachable (via Po 5) , Track 200 [up], Next-hop reachable (via Po 7) , Track 200 [up], Next-hop reachable (via Te 2/18/1) , Track 200 [up], Next-hop reachable (via Te 2/19/1) Use the show ip redirect-list (without the list name) to display all the redirect-lists configured on the device. Dell#show ip redirect-list IP redirect-list rcl0: Defined as: seq 5 permit ip 200.200.200.200 200.200.200.200 199.199.199.199 199.199.199.
Policy-based Routing (PBR)
34 PIM Sparse-Mode (PIM-SM) Protocol-independent multicast sparse-mode (PIM-SM) is supported on Dell Networking OS. PIM-SM is a multicast protocol that forwards multicast traffic to a subnet only after a request using a PIM Join message; this behavior is the opposite of PIM-Dense mode, which forwards multicast traffic to all subnets until a request to stop. Implementation Information Be aware of the following PIM-SM implementation information.
Refuse Multicast Traffic A host requesting to leave a multicast group sends an IGMP Leave message to the last-hop DR. If the host is the only remaining receiver for that group on the subnet, the last-hop DR is responsible for sending a PIM Prune message up the RPT to prune its branch to the RP. 1. After receiving an IGMP Leave message, the gateway removes the interface on which it is received from the outgoing interface list of the (*,G) entry.
ip multicast-routing Related Configuration Tasks The following are related PIM-SM configuration tasks. • • • • Configuring S,G Expiry Timers Configuring a Static Rendezvous Point Configuring a Designated Router Creating Multicast Boundaries and Domains Enable PIM-SM You must enable PIM-SM on each participating interface. 1. Enable multicast routing on the system. CONFIGURATION mode ip multicast-routing 2. Enable PIM-Sparse mode.
(10.87.31.5, 192.1.2.1), uptime 00:01:24, expires 00:02:26, flags: FT Incoming interface: TenGigabitEthernet 2/11/1, RPF neighbor 0.0.0.0 Outgoing interface list: TenGigabitEthernet 1/11/1 TenGigabitEthernet 1/12/1 TenGigabitEthernet 2/13/1 --More-- Configuring S,G Expiry Timers By default, S, G entries expire in 210 seconds. You can configure a global expiry time (for all [S,G] entries) or configure an expiry time for a particular entry.
Configuring a Static Rendezvous Point The rendezvous point (RP) is a PIM-enabled interface on a router that acts as the root a group-specific tree; every group must have an RP. • Identify an RP by the IP address of a PIM-enabled or Loopback interface. ip pim rp-address Example of Viewing an RP on a Loopback Interface Dell#sh run int loop0 ! interface Loopback 0 ip address 1.1.1.1/32 ip pim sparse-mode no shutdown Dell#sh run pim ! ip pim rp-address 1.1.1.1 group-address 224.0.0.
• Change the interval at which a router sends hello messages. INTERFACE mode ip pim query-interval seconds • Display the current value of these parameter. EXEC Privilege mode show ip pim interface Creating Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary defined by PIM multicast border routers (PMBRs). PMBRs connect each PIM domain to the rest of the Internet.
35 PIM Source-Specific Mode (PIM-SSM) PIM source-specific mode (PIM-SSM) is supported on Dell Networking OS. PIM-SSM is a multicast protocol that forwards multicast traffic from a single source to a subnet. In the other versions of protocol independent multicast (PIM), a receiver subscribes to a group only. The receiver receives traffic not just from the source in which it is interested but from all sources sending to that group.
Enabling PIM-SSM To enable PIM-SSM, follow these steps. 1. Create an ACL that uses permit rules to specify what range of addresses should use SSM. CONFIGURATION mode ip access-list standard name 2. Enter the ip pim ssm-range command and specify the ACL you created. CONFIGURATION mode ip pim ssm-range acl-name Enabling PIM-SSM To display address ranges in the PIM-SSM range, use the show ip pim ssm-range command from EXEC Privilege mode. R1(conf)#do show run pim ! ip pim rp-address 10.11.12.
ip pim rp-address 10.11.12.2 group-address 224.0.0.0/4 ip pim ssm-range ssm R1(conf)#do show run acl ! ip access-list standard map seq 5 permit host 239.0.0.2 ! ip access-list standard ssm seq 5 permit host 239.0.0.2 R1(conf)#ip igmp ssm-map map 10.11.5.2 R1(conf)#do show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Mode Uptime Expires 239.0.0.2 Vlan 300 IGMPv2-Compat 00:00:07 Never Member Ports: Te 1/1/1 239.0.0.1 Vlan 400 INCLUDE 00:00:10 Never 10.11.4.
36 Port Monitoring Port monitoring is supported on Dell Networking OS. Mirroring is used for monitoring Ingress or Egress or both Ingress and Egress traffic on a specific port(s). This mirrored traffic can be sent to a port where a network sniffer can connect and monitor the traffic.
1/17/1) to point to another new destination (for example, 1/4). If you attempt to configure another destination (to create 5 MG port), this message displays: % Error will be thrown in case of RPM and ERPM features.
Figure 94. Port Monitoring Configurations on the S-Series Dell Networking OS Behavior: All monitored frames are tagged if the configured monitoring direction is egress (TX), regardless of whether the monitored port (MD) is a Layer 2 or Layer 3 port. If the MD port is a Layer 2 port, the frames are tagged with the VLAN ID of the VLAN to which the MD belongs. If the MD port is a Layer 3 port, the frames are tagged with VLAN ID 4095.
0 Te 1/1/1 Te 1/2/1 rx Port N/A N/A Dell(conf)#monitor session 0 Dell(conf-mon-sess-0)#source po 10 dest ten 1/2/1 dir rx Dell(conf-mon-sess-0)#do show monitor session SessID Source Destination Dir Mode Source IP ------ ------------------ ---- --------0 Te 1/1/1 Te 1/2/1 rx Port N/A 0 Po 10 Te 1/2/1 rx Port N/A Dest IP -------N/A N/A Dell(conf)#monitor session 1 Dell(conf-mon-sess-1)#source vl 40 dest ten 1/3/1 dir rx Dell(conf-mon-sess-1)#flow-based enable Dell(conf-mon-sess-1)#exit Dell(conf)#do
Enabling Flow-Based Monitoring Flow-based monitoring is supported only on the S-Series platform. Flow-based monitoring conserves bandwidth by monitoring only specified traffic instead of all traffic on the interface. This feature is particularly useful when looking for malicious traffic. It is available for Layer 2 and Layer 3 ingress and egress traffic. You can specify traffic using standard or extended access-lists. 1. Enable flow-based monitoring for a monitoring session.
Remote Port Mirroring While local port monitoring allows you to monitor traffic from one or more source ports by directing it to a destination port on the same switch/router, remote port mirroring allows you to monitor Layer 2 and Layer 3 ingress and/or egress traffic on multiple source ports on different switches and forward the mirrored traffic to multiple destination ports on different switches.
Configuring Remote Port Mirroring Remote port mirroring requires a source session (monitored ports on different source switches), a reserved tagged VLAN for transporting mirrored traffic (configured on source, intermediate, and destination switches), and a destination session (destination ports connected to analyzers on destination switches).
• You can configure additional destination ports in an active session. • You can tunnel the mirrored traffic from multiple remote-port source sessions to the same destination port. • By default, destination port sends the mirror traffic to the probe port by stripping off the rpm header. We can also configure the destination port to send the mirror traffic with the rpm header intact in the original mirror traffic.. • By default, ingress traffic on a destination port is dropped.
Configuring the Sample Remote Port Mirroring Remote port mirroring requires a source session (monitored ports on different source switches), a reserved tagged VLAN for transporting mirrored traffic (configured on source, intermediate, and destination switches), and a destination session (destination ports connected to analyzers on destination switches). Configuration Steps for RPM Step Command Purpose 1 configure terminal Enter global configuration mode.
Dell(conf-if-te-1/30)#exit Dell(conf)#interface vlan 30 Dell(conf-if-vl-30)#mode remote-port-mirroring Dell(conf-if-vl-30)#tagged te 1/30/1 Dell(conf-if-vl-30)#exit Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#channel-member te 1/28/1 - 1/28/2 Dell(conf-if-po-10)#no shutdown Dell(conf-if-po-10)#exit Dell(conf)#monitor session 3 type rpm Dell(conf-mon-sess-3)#source port-channel 10 dest remote-vlan 30 dir both Dell(conf-mon-sess-3)#no disable Dell(conf-mon-sess-3)# Dell(conf-mon-sess-3)#exit Dell
Dell(conf)#monitor session 3 type rpm Dell(conf-mon-sess-3)#source remote-vlan 30 destination te 1/6/1 Dell(conf-mon-sess-3)#tagged destination te 1/6/1 Dell(conf-mon-sess-3)#end Dell# Dell#show monitor session SessID Source Destination Dir Mode Source IP ------ ------------------ ---- --------1 remote-vlan 10 Te 1/4/1 N/A N/A N/A 2 remote-vlan 20 Te 1/5/1 N/A N/A N/A 3 remote-vlan 30 Te 1/6/1 N/A N/A N/A Dell# Dest IP -------N/A N/A N/A Configuring RSPAN Source Sessions to Avoid BPD Issues When ever you
Configuring the Encapsulated Remote Port Mirroring The ERPM session copies traffic from the source ports/lags or source VLANs and forwards the traffic using routable GREencapsulated packets to the destination ip address specified in the session. Important: The steps to be followed for the ERPM Encapsulation : • Dell Networking OS supports ERPM Source session only. The Encapsulated packets terminate at the destination ip or at the analyzer.
7 no enable (Optional) No disable command is mandatory in order for a erpm session to be active. The following example shows a sample configuration . Dell(conf)#monitor session 0 type erpm Dell(conf-mon-sess-0)#source tengigabitethernet 1/9/1 direction rx Dell(conf-mon-sess-0)#source port-channel 1 direction tx Dell(conf-mon-sess-0)#erpm source-ip 1.1.1.1 dest-ip 7.1.1.
ERPM Behavior on a typical Dell Networking OS The Dell Networking OS is designed to support only the Encapsulation of the data received / transmitted at the specified source port (Port A). An ERPM destination session / decapsulation of the ERPM packets at the destination Switch are not supported. As seen in the above figure, the packets received/transmitted on Port A will be encapsulated with an IP/GRE header plus a new L2 header and sent to the destination ip address (Port D’s ip address) on the sniffer.
b. Using Python script – Either have a Linux server's ethernet port ip as the ERPM destination ip or connect the ingress interface of the server to the ERPM MirrorToPort. The analyzer should listen in the forward/egress interface. If there is only one interface, one can choose the ingress and forward interface to be same and listen in the tx direction of the interface. – Download/ Write a small script (for example: erpm.
37 Per-VLAN Spanning Tree Plus (PVST+) Per-VLAN spanning tree plus (PVST+) is supported on Dell Networking OS. Protocol Overview PVST+ is a variation of spanning tree — developed by a third party — that allows you to configure a separate spanning tree instance for each virtual local area network (VLAN). For more information about spanning tree, refer to the Spanning Tree Protocol (STP) chapter. Figure 96.
Dell Networking Term IEEE Specification Multiple Spanning Tree Protocol (MSTP) 802 .1s Per-VLAN Spanning Tree Plus (PVST+) Third Party Implementation Information • The Dell Networking OS implementation of PVST+ is based on IEEE Standard 802.1w. • The Dell Networking OS implementation of PVST+ uses IEEE 802.1s costs as the default costs (as shown in the following table). Other implementations use IEEE 802.1w costs as the default costs.
PROTOCOL PVST mode disable • Disable PVST+ on an interface, or remove a PVST+ parameter configuration. INTERFACE mode no spanning-tree pvst Example of Viewing PVST+ Configuration To display your PVST+ configuration, use the show config command from PROTOCOL PVST mode.
The bridge with the bridge value for bridge priority is elected root. Because all bridges use the default priority (until configured otherwise), the lowest MAC address is used as a tie-breaker. To increase the likelihood that a bridge is selected as the STP root, assign bridges a low non-default value for bridge priority. To assign a bridge priority, use the following command. • Assign a bridge priority. PROTOCOL PVST mode vlan bridge-priority The range is from 0 to 61440. The default is 32768.
• The default is 15 seconds. Change the hello-time parameter. PROTOCOL PVST mode vlan hello-time NOTE: With large configurations (especially those configurations with more ports), Dell Networking recommends increasing the hello-time. The range is from 1 to 10. • The default is 2 seconds. Change the max-age parameter. PROTOCOL PVST mode vlan max-age The range is from 6 to 40. The default is 20 seconds. The values for global PVST+ parameters are given in the output of the show spanning-tree pvst command.
• Refer to the table for the default values. Change the port priority of an interface. INTERFACE mode spanning-tree pvst vlan priority. The range is from 0 to 240, in increments of 16. The default is 128. The values for interface PVST+ parameters are given in the output of the show spanning-tree pvst command, as previously shown. Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner.
Networking OS from executing this action, use the no spanning-tree pvst err-disable cause invalid-pvstbpdu command. After you configure this command, if the port receives a PVST+ BPDU, the BPDU is dropped and the port remains operational. Enabling PVST+ Extend System ID In the following example, ports P1 and P2 are untagged members of different VLANs. These ports are untagged because the hub is VLAN unaware.
switchport no shutdown ! interface TenGigabitEthernet 1/32/1 no ip address switchport no shutdown ! protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 interface Vlan 100 no ip address tagged TenGigabitEthernet 1/22,32/1 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 1/22,32/1 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 1/22,32/1 no shutdown ! protocol spanning-tree pvst no disable vlan 100 bridge-priority 4096 Example of PVST+ Configu
no shutdown ! interface Vlan 100 no ip address tagged TenGigabitEthernet 3/12,22/1 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 3/12,22/1 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 3/12,22/1 no shutdown ! protocol spanning-tree pvst no disable vlan 300 bridge-priority 4096 Per-VLAN Spanning Tree Plus (PVST+) 611
38 Quality of Service (QoS) Quality of service (QoS) is supported on Dell Networking OS. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 57.
Feature Direction Create Input Policy Maps Ingress Honor DSCP Values on Ingress Packets Ingress Honoring dot1p Values on Ingress Packets Ingress Create Output Policy Maps Egress Specify an Aggregate QoS Policy Egress Create Output Policy Maps Egress Enabling QoS Rate Adjustment Enabling Strict-Priority Queueing Egress Weighted Random Early Detection Create WRED Profiles Egress Figure 99.
• • • • RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 Headers RFC 2475, An Architecture for Differentiated Services RFC 2597, Assured Forwarding PHB Group RFC 2598, An Expedited Forwarding PHB You cannot configure port-based and policy-based QoS on the same interface. Port-Based QoS Configurations You can configure the following QoS features on an interface.
NOTE: You cannot configure service-policy input and service-class dynamic dot1p on the same interface. • Honor dot1p priorities on ingress traffic. INTERFACE mode service-class dynamic dot1p Example of Configuring an Interface to Honor dot1p Priorities on Ingress Traffic Dell#configure terminal Dell(conf)#interface tengigabitethernet 1/1 Dell(conf-if-te-1/1/1)#service-class dynamic dot1p Dell(conf-if-te-1/1/1)#end Priority-Tagged Frames on the Default VLAN Priority-tagged frames are 802.
Example of rate shape Command Dell#configure terminal Dell(conf)#interface tengigabitethernet 1/1/1 Dell(conf-if-te-1/1/1)#rate shape 500 50 Dell(conf-if-te-1/1/1)#end Policy-Based QoS Configurations Policy-based QoS configurations consist of the components shown in the following example. Figure 100. Constructing Policy-Based QoS Configurations Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic.
NOTE: IPv6 and IP-any class maps cannot match on ACLs or VLANs. Use step 1 or step 2 to start creating a Layer 3 class map. 1. Create a match-any class map. CONFIGURATION mode class-map match-any 2. Create a match-all class map. CONFIGURATION mode class-map match-all 3. Specify your match criteria. CLASS MAP mode match {ip | ipv6 | ip-any} After you create a class-map, Dell Networking OS places you in CLASS MAP mode. Match-any class maps allow up to five ACLs. Match-all class-maps allow only one ACL.
Creating a Layer 2 Class Map All class maps are Layer 3 by default; however, you can create a Layer 2 class map by specifying the layer2 option with the class-map command. A Layer 2 class map differentiates traffic according to 802.1p value and/or VLAN and/or characteristics defined in a MAC ACL.. Use Step 1 or Step 2 to start creating a Layer 2 class map. 1. Create a match-any class map. CONFIGURATION mode class-map match-any 2. Create a match-all class map. CONFIGURATION mode class-map match-all 3.
EXEC Privilege mode show qos class-map Examples of Traffic Classifications The following example shows incorrect traffic classifications.
Dot1p to Queue Mapping Requirement The dot1p to queue mapping on the system is global and this is used to configure the PRIO2COS table configuration. For DSCP based PFC feature on untagged packets, this mapping must be the same as the default dot1p to queue mapping and should not be changed (as in TABLE 1). If a custom dot1p to queue mapping is present it should be reconfigured to the default dot1p to queue mapping.
Creating an Input QoS Policy To create an input QoS policy, use the following steps. 1. Create a Layer 3 input QoS policy. CONFIGURATION mode qos-policy-input Create a Layer 2 input QoS policy by specifying the keyword layer2 after the qos-policy-input command. 2.
Allocating Bandwidth to Queue Schedule packets for egress based on Deficit Round Robin (DRR). These strategies both offer a guaranteed data rate. The following table lists the default bandwidth weights for each queue, and their equivalent percentage which is derived by dividing the bandwidth weight by the sum of all queue weights. Table 59. Default Bandwidth Weights Queue Default Weight Equivalent Percentage 0 1 6.67% 1 2 13.33% 2 4 26.67% 3 8 53.33% • Allocate bandwidth to queues.
1. Create the color-aware map QoS DSCP color map. CONFIGURATION mode qos dscp-color-map color-map-name 2. Create the color aware map profile. DSCP-COLOR-MAP dscp {yellow | red} {list-dscp-values} 3. Apply the map profile to the interface. CONFIG-INTERFACE mode qos dscp-color-policy color-map-name Example: Create a DSCP Color Map The following example creates a DSCP color map profile, color-awareness policy, and applies it to interface te 1/11.
interface: Enter the name of the interface that has the color policy configured. Examples for Displaying a DSCP Color Policy Display summary information about a color policy for one or more interfaces. Dell# show qos dscp-color-policy summary Interface dscp-color-map TE 1/10/1 mapONE TE 1/11/1 mapTWO Display summary information about a color policy for a specific interface.
POLICY-MAP-IN mode policy-service-queue qos-polcy Honoring DSCP Values on Ingress Packets Dell Networking OS provides the ability to honor DSCP values on ingress packets using Trust DSCP feature. The following table lists the standard DSCP definitions and indicates to which queues Dell Networking OS maps DSCP values. When you configure trust DSCP, the matched packets and matched bytes counters are not incremented in the show qos statistics. Table 60.
Table 62. Default dot1p to Queue Mapping dot1p Queue ID 0 2 1 0 2 1 3 3 4 4 5 5 6 6 7 7 The dot1p value is also honored for frames on the default VLAN. For more information, refer to Priority-Tagged Frames on the Default VLAN. • Enable the trust dot1p feature. POLICY-MAP-IN mode trust dot1p Mapping dot1p Values to Service Queues All traffic is by default mapped to the same queue, Queue 0.
service-policy input Specify the keyword layer2 if the policy map you are applying a Layer 2 policy map. Creating Output Policy Maps 1. Create an output policy map. CONFIGURATION mode policy-map-output 2. After you create an output policy map, do one or more of the following: Applying an Output QoS Policy to a Queue Specifying an Aggregate QoS Policy Applying an Output Policy Map to an Interface 3. Apply the policy map to an interface.
• Payload: (variable) • Cyclic redundancy check (CRC): 4 bytes • Inter-frame gap (IFG): (variable) You can optionally include overhead fields in rate metering calculations by enabling QoS rate adjustment. QoS rate adjustment is disabled by default. • Specify the number of bytes of packet overhead to include in rate limiting, policing, and shaping calculations. CONFIGURATION mode qos-rate-adjust overhead-bytes For example, to include the Preamble and SFD, type qos-rate-adjust 8.
But when queue 1 gets congested on switch B, PFC frames for tagged packets will not be generated as PFC is not enabled on dot1p priority 5. Support for marking dot1p value in L3 Input Qos Policy In case the incoming packet is untagged and the packet which goes out to the peer is tagged, then the dot1p should be marked appropriately using L3 Input Qos Policy. This is required because in the peer switch PFC will be generated based on the dot1p value.
Figure 101. Packet Drop Rate for WRED You can create a custom WRED profile or use one of the five pre-defined profiles. Creating WRED Profiles To create WRED profiles, use the following commands. 1. Create a WRED profile. CONFIGURATION mode wred-profile 2. Specify the minimum and maximum threshold values. WRED mode threshold Applying a WRED Profile to Traffic After you create a WRED profile, you must specify to which traffic Dell Networking OS should apply the profile.
Displaying Default and Configured WRED Profiles To display the default and configured WRED profiles, use the following command. • Display default and configured WRED profiles and their threshold values. EXEC mode show qos wred-profile Displaying WRED Drop Statistics To display WRED drop statistics, use the following command. • Display the number of packets Dell Networking OS the WRED profile drops.
NOTE: The show cam-usage command provides much of the same information as the test cam-usage command, but whether a policy-map can be successfully applied to an interface cannot be determined without first measuring how many CAM entries the policy-map would consume; the test cam-usage command is useful because it provides this measurement. • Verify that there are enough available CAM entries.
QOS-POLICY-OUT mode Dell(config-qos-policy-out)# rate shape pps peak-rate burst-packets 2. Alternatively, configure the peak rate and peak burst size in bytes. QOS-POLICY-OUT mode Dell(config-qos-policy-out)# rate shape Kbps peak-rate burst-KB 3. Configure the committed rate and committed burst size in pps. QOS-POLICY-OUT mode Dell(config-qos-policy-out)# rate shape pps peak-rate burst-packets committed pps committed-rate burst-packets 4.
Global Service Pools With WRED and ECN Settings Support for global service pools is now available. You can configure global service pools that are shared buffer pools accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed. Two service pools are used– one for loss-based queues and the other for lossless (priority-based flow control (PFC)) queues. You can enable WRED and ECN configuration on the global service-pools.
Configuring WRED and ECN Attributes The functionality to configure a weight factor for the WRED and ECN functionality for backplane ports is supported on the Z9000 platform. WRED drops packets when the average queue length exceeds the configured threshold value to signify congestion. Explicit Congestion Notification (ECN) is a capability that enhances WRED by marking the packets instead of causing WRED to drop them when the threshold value is exceeded.
• Because this functionality forcibly marks all the packets matching the specific match criteria as ‘yellow’, Dell Networking OS does not support Policer based coloring and this feature concurrently. • If single rate two color policer is configured along with this feature, then by default all packets less than PIR would be considered as “Green” But ‘Green’ packets matching the specific match criteria for which ‘color-marking’ is configured will be over-written and marked as “Yellow”.
Match qualifiers can be directly configured in the class-map command or it can be specified through one or more ACL which in turn specifies the combination of match qualifiers. Until Release 9.3(0.0), support is available for classifying traffic based on the 6-bit DSCP field of the IPv4 packet. As a part of this feature, the 2-bit ECN field of the IPv4 packet will also be available to be configured as one of the match qualifier.
The following combination of marking actions to be specified match sequence of the class-map command: • set a new DSCP for the packet • set the packet color as ‘yellow’ • set the packet color as ‘yellow’ and set a new DSCP for the packet This marking action to set the color of the packet is allowed only on the ‘match-any’ logical operator of the class-map.
! ip access-list standard dscp_50_non_ecn seq 5 permit any dscp 50 ecn 0 ! ip access-list standard dscp_40_non_ecn seq 5 permit any dscp 40 ecn 0 ! class-map match-any class_dscp_40 match ip access-group dscp_40_non_ecn set-color yellow match ip access-group dscp_40_ecn ! class-map match-any class_dscp_50 match ip access-group dscp_50_non_ecn set-color yellow match ip access-group dscp_50_ecn ! policy-map-input pmap_dscp_40_50 service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50
The maximum number of ports, including fan-out, supported is 104 and the maximum number of queues supported is 21. Analyzing and evaluating buffer statistics enables monitoring of resources and tuning of allocation of buffers. Max Use count mode provides the maximum values of counters accumulated over a period of time. Current Use count mode enables you to obtain a snapshot of the counters, at a particular time, using a triggering utility.
39 Routing Information Protocol (RIP) Routing information protocol (RIP) is supported on Dell Networking OS. RIP is based on a distance-vector algorithm; it tracks distances or hop counts to nearby routers when establishing network connections. RIP protocol standards are listed in the Standards Compliance chapter. Protocol Overview RIP is the oldest interior gateway protocol. There are two versions of RIP: RIP version 1 (RIPv1) and RIP version 2 (RIPv2). These versions are documented in RFCs 1058 and 2453.
Table 64. RIP Defaults Feature Default Interfaces running RIP • • Listen to RIPv1 and RIPv2 Transmit RIPv1 RIP timers • • • • update timer = 30 seconds invalid timer = 180 seconds holddown timer = 180 seconds flush timer = 240 seconds Auto summarization Enabled ECMP paths supported 16 Configuration Information By default, RIP is disabled in Dell Networking OS. To configure RIP, you must use commands in two modes: ROUTER RIP and INTERFACE.
Examples of Verifying RIP is Enabled and Viewing RIP Routes After designating networks with which the system is to exchange RIP information, ensure that all devices on that network are configured to exchange RIP information. The Dell Networking OS default is to send RIPv1 and to receive RIPv1 and RIPv2. To change the RIP version globally, use the version command in ROUTER RIP mode.
8.0.0.0/8 auto-summary 12.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 12.0.0.0/8 auto-summary 20.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 20.0.0.0/8 auto-summary 29.10.10.0/24 directly connected,Fa 1/49 29.0.0.0/8 auto-summary 31.0.0.0/8 [120/1] via 29.10.10.12, 00:00:26, Fa 31.0.0.0/8 auto-summary 192.162.2.0/24 [120/1] via 29.10.10.12, 00:01:21, Fa 192.162.2.0/24 auto-summary 192.161.1.0/24 [120/1] via 29.10.10.12, 00:00:27, Fa 192.161.1.0/24 auto-summary 192.162.3.0/24 [120/1] via 29.10.10.
ROUTER RIP mode • distribute-list prefix-list-name in Assign a configured prefix list to all outgoing RIP routes. ROUTER RIP mode distribute-list prefix-list-name out To view the current RIP configuration, use the show running-config command in EXEC mode or the show config command in ROUTER RIP mode. Adding RIP Routes from Other Instances In addition to filtering routes, you can add routes from other routing instances or protocols to the RIP process.
ip rip send version [1] [2] Examples of the RIP Process To see whether the version command is configured, use the show config command in ROUTER RIP mode. The following example shows the RIP configuration after the ROUTER RIP mode version command is set to RIPv2. When you set the ROUTER RIP mode version command, the interface (TenGigabitEthernet 1/1/1) participating in the RIP process is also set to send and receive RIPv2 (shown in bold).
Generating a Default Route Traffic is forwarded to the default route when the traffic’s network is not explicitly listed in the routing table. Default routes are not enabled in RIP unless specified. Use the default-information originate command in ROUTER RIP mode to generate a default route into RIP. In Dell Networking OS, default routes received in RIP updates from other routes are advertised if you configure the default-information originate command. • Specify the generation of a default route in RIP.
ROUTER RIP mode offset-list access-list-name {in | out} offset [interface] Configure the following parameters: – prefix-list-name: the name of an established Prefix list to determine which incoming routes are modified – offset: the range is from 0 to 16. – interface: the type, slot, and number of an interface. To view the configuration changes, use the show config command in ROUTER RIP mode. Debugging RIP The debug ip rip command enables RIP debugging.
RIP Configuration on Core2 The following example shows how to configure RIPv2 on a host named Core2. Example of Configuring RIPv2 on Core 2 Core2(conf-if-te-2/3/1)# Core2(conf-if-te-2/3/1)#router rip Core2(conf-router_rip)#ver 2 Core2(conf-router_rip)#network 10.200.10.0 Core2(conf-router_rip)#network 10.300.10.0 Core2(conf-router_rip)#network 10.11.10.0 Core2(conf-router_rip)#network 10.11.20.0 Core2(conf-router_rip)#show config ! router rip network 10.0.0.
C 10.11.20.0/24 R 10.11.30.0/24 C 10.200.10.0/24 C 10.300.10.0/24 R 192.168.1.0/24 R 192.168.2.0/24 Core2# R 192.168.1.0/24 R 192.168.2.0/24 Direct, Te 2/3/1 via 10.11.20.1, Te 2/3/1 Direct, Te 2/4/1 Direct, Te 2/5/1 via 10.11.20.1, Te 2/3/1 via 10.11.20.1, Te 2/3/1 0/0 120/1 0/0 0/0 120/1 120/1 00:02:02 00:01:20 00:03:03 00:02:42 00:01:20 00:01:20 via 10.11.20.1, Te 2/3/1 via 10.11.20.
• To display Core 3 RIP activity, use the show ip protocols command. Examples of the show ip Commands to View Learned RIP Routes on Core 3 The following example shows the show ip rip database command to view the learned RIP routes on Core 3. Core3#show ip rip database Total number of routes in RIP database: 7 10.11.10.0/24 [120/1] via 10.11.20.2, 00:00:13, TenGigabitEthernet 10.200.10.0/24 [120/1] via 10.11.20.2, 00:00:13, TenGigabitEthernet 10.300.10.0/24 [120/1] via 10.11.20.
Routing Information Sources: Gateway Distance Last Update 10.11.20.2 120 00:00:22 Distance: (default is 120) Core3# RIP Configuration Summary Examples of Viewing RIP Configuration on Core 2 and Core 3 The following example shows viewing the RIP configuration on Core 2. ! interface TenGigabitEthernet ip address 10.11.10.1/24 no shutdown ! interface TenGigabitEthernet ip address 10.11.20.2/24 no shutdown ! interface TenGigabitEthernet ip address 10.200.10.
40 Remote Monitoring (RMON) Remote monitoring (RMON) is supported on Dell Networking OS. RMON is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet interfaces. RMON operates with the simple network management protocol (SNMP) and monitors all nodes on a local area network (LAN) segment.
Setting the rmon Alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode. • Set an alarm on any MIB object.
– number: assign an event number in integer format from 1 to 65535. The number value must be unique in the RMON event table. – log: (Optional) enter the keyword log to generate an RMON event log, it sets the eventType to either log or log-andsnmptrap in the RMON event table. The default is None. – trap community: (Optional) enter the keyword trap and SNMP community string to generate SNMP traps for an RMON event entry, it sets the eventType to either snmptrap or log-and-snmptrap in the RMON event table.
– integer: a value from 1 to 65,535 that identifies the RMON group of statistics. The value must be a unique index in the RMON History Table. – owner: (Optional) specifies the name of the owner of the RMON group of statistics. The default is a null-terminated string. – ownername: (Optional) records the name of the owner of the RMON group of statistics. – buckets: (Optional) specifies the maximum number of buckets desired for the RMON collection history group of statistics.
41 Rapid Spanning Tree Protocol (RSTP) Rapid spanning tree protocol (RSTP) is supported on Dell Networking OS. Protocol Overview RSTP is a Layer 2 protocol — specified by IEEE 802.1w — that is essentially the same as spanning-tree protocol (STP) but provides faster convergence and interoperability with switches configured with STP and multiple spanning tree protocol (MSTP). The Dell Networking OS supports three other variations of spanning tree, as shown in the following table. Table 65.
• Adding a group of ports to a range of VLANs sends multiple messages to the rapid spanning tree protocol (RSTP) task, avoid using the range command. When using the range command, Dell Networking recommends limiting the range to five ports and 40 VLANs. RSTP and VLT Virtual link trunking (VLT) provides loop-free redundant topologies and does not require RSTP. RSTP can cause temporary port state blocking and may cause topology changes after link or node failures.
Enabling Rapid Spanning Tree Protocol Globally Enable RSTP globally on all participating bridges; it is not enabled by default. When you enable RSTP, all physical and port-channel interfaces that are enabled and in Layer 2 mode are automatically part of the RST topology. • Only one path from any bridge to any other bridge is enabled. • Bridges block a redundant path by disabling one of the link ports. To enable RSTP globally for all Layer 2 interfaces, use the following commands. 1.
Figure 103. Rapid Spanning Tree Enabled Globally To view the interfaces participating in RSTP, use the show spanning-tree rstp command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. Dell#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15, max hops 0 Bridge Identifier has priority 32768, Address 0001.e801.
Number of transitions to forwarding state 1 BPDU : sent 121, received 5 The port is not in the Edge port mode Port 380 (TenGigabitEthernet 2/4/1) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.380 Designated root has priority 32768, address 0001.e801.cbb4 Designated bridge has priority 32768, address 0001.e801.cbb4 Designated port id is 128.
The following table displays the default values for RSTP. Table 66.
snmp-server enable traps xstp Modifying Interface Parameters On interfaces in Layer 2 mode, you can set the port cost and port priority values. • • Port cost — a value that is based on the interface type. The previous table lists the default values. The greater the port cost, the less likely the port is selected to be a forwarding port. Port priority — influences the likelihood that a port is selected to be a forwarding port in case that several ports have the same port cost.
Dell(conf-rstp)#bridge-priority 4096 04:27:59: %RPM0-P:RP2 %SPANMGR-5-STP_ROOT_CHANGE: RSTP root changed. My Bridge ID: 4096:0001.e80b.88bd Old Root: 32768:0001.e801.cbb4 New Root: 4096:0001.e80b.88bd Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner. In this mode an interface forwards frames by default until it receives a BPDU that indicates that it should behave otherwise; it does not go through the Learning and Listening states.
Configuring Fast Hellos for Link State Detection To achieve sub-second link-down detection so that convergence is triggered faster, use RSTP fast hellos. The standard RSTP linkstate detection mechanism does not offer the same low link-state detection speed. RSTP fast hellos decrease the hello interval to the order of milliseconds and all timers derived from the hello timer are adjusted accordingly. This feature does not inter-operate with other vendors, and is available only for RSTP.
42 Software-Defined Networking (SDN) Dell Networking operating software supports Software-Defined Networking (SDN). For more information, refer to the SDN Deployment Guide.
43 Security Security features are supported on Dell Networking OS. This chapter describes several ways to provide security to the Dell Networking system. For details about all the commands described in this chapter, refer to the Security chapter in the Dell Networking OS Command Reference Guide. AAA Accounting Accounting, authentication, and authorization (AAA) accounting is part of the AAA security model.
– suppress: Do not generate accounting records for a specific type of user. – default | name: enter the name of a list of accounting methods. – start-stop: use for more accounting information, to send a start-accounting notice at the beginning of the requested event and a stop-accounting notice at the end. – wait-start: ensures that the TACACS+ security server acknowledges the start notice before granting the user's process request.
Monitoring AAA Accounting Dell Networking OS does not support periodic interim accounting because the periodic command can cause heavy congestion when many users are logged in to the network. No specific show command exists for TACACS+ accounting. To obtain accounting records displaying information about users currently logged in, use the following command. • Step through all active sessions and print all the accounting records for the actively accounted functions.
Configuring AAA Authentication Login Methods To configure an authentication method and method list, use the following commands. Dell Networking OS Behavior: If you use a method list on the console port in which RADIUS or TACACS is the last authentication method, and the server is not reachable, Dell Networking OS allows access even though the username and password credentials cannot be verified.
Enabling AAA Authentication — RADIUS To enable authentication from the RADIUS server, and use TACACS as a backup, use the following commands. 1. Enable RADIUS and set up TACACS as backup. CONFIGURATION mode aaa authentication enable default radius tacacs 2. Establish a host address and password. CONFIGURATION mode radius-server host x.x.x.x key some-password 3. Establish a host address and password. CONFIGURATION mode tacacs-server host x.x.x.
Password obscuring masks the password and keys for display only but does not change the contents of the file. The string of asterisks is the same length as the encrypted string for that line of configuration. To verify that you have successfully obscured passwords and keys, use the show running-config command or show startup-config command. If you are using role-based access control (RBAC), only the system administrator and security administrator roles can enable the service obscure-password command.
Configuration Task List for Privilege Levels The following list has the configuration tasks for privilege levels and passwords.
To view the configuration for the enable secret command, use the show running-config command in EXEC Privilege mode. In custom-configured privilege levels, the enable command is always available. No matter what privilege level you entered Dell Networking OS, you can enter the enable 15 command to access and configure all CLIs.
• reset: return the command to its default privilege mode. Examples of Privilege Level Commands To view the configuration, use the show running-config command in EXEC Privilege mode. The following example shows a configuration to allow a user john to view only EXEC mode commands and all snmp-server commands.
Specifying LINE Mode Password and Privilege You can specify a password authentication of all users on different terminal lines. The user’s privilege level is the same as the privilege level assigned to the terminal line, unless a more specific privilege level is assigned to the user. To specify a password for the terminal line, use the following commands. • Configure a custom privilege level for the terminal lines. LINE mode privilege level level • – level level: The range is from 0 to 15.
Transactions between the RADIUS server and the client are encrypted (the users’ passwords are not sent in plain text). RADIUS uses UDP as the transport protocol between the RADIUS server host and the client. For more information about RADIUS, refer to RFC 2865, Remote Authentication Dial-in User Service.
• Monitoring RADIUS (optional) For a complete listing of all Dell Networking OS commands related to RADIUS, refer to the Security chapter in the Dell Networking OS Command Reference Guide. NOTE: RADIUS authentication and authorization are done in a single step. Hence, authorization cannot be used independent of authentication. However, if you have configured RADIUS authorization and have not configured authentication, a message is logged stating this.
CONFIGURATION mode radius-server host {hostname | ip-address} [auth-port port-number] [retransmit retries] [timeout seconds] [key [encryption-type] key] Configure the optional communication parameters for the specific host: – auth-port port-number: the range is from 0 to 65535. Enter a UDP port number. The default is 1812. – retransmit retries: the range is from 0 to 100. Default is 3. – timeout seconds: the range is from 0 to 1000. Default is 5 seconds.
– seconds: the range is from 0 to 1000. Default is 5 seconds. To view the configuration of RADIUS communication parameters, use the show running-config command in EXEC Privilege mode. Monitoring RADIUS To view information on RADIUS transactions, use the following command. • View RADIUS transactions to troubleshoot problems. EXEC Privilege mode debug radius TACACS+ Dell Networking OS supports terminal access controller access control system (TACACS+ client, including support for login authentication.
4. Assign the method-list to the terminal line. LINE mode login authentication {method-list-name | default} Example of a Failed Authentication To view the configuration, use the show config in LINE mode or the show running-config tacacs+ command in EXEC Privilege mode. If authentication fails using the primary method, Dell Networking OS employs the second method (or third method, if necessary) automatically.
Example of Specifying a TACACS+ Server Host Dell(conf)# Dell(conf)#aaa authentication login tacacsmethod tacacs+ Dell(conf)#aaa authentication exec tacacsauthorization tacacs+ Dell(conf)#tacacs-server host 25.1.1.2 key Force Dell(conf)# Dell(conf)#line vty 0 9 Dell(config-line-vty)#login authentication tacacsmethod Dell(config-line-vty)#end Specifying a TACACS+ Server Host To specify a TACACS+ server host and configure its communication parameters, use the following command.
Protection from TCP Tiny and Overlapping Fragment Attacks Tiny and overlapping fragment attack is a class of attack where configured ACL entries — denying TCP port-specific traffic — is bypassed and traffic is sent to its destination although denied by the ACL. RFC 1858 and 3128 proposes a countermeasure to the problem. This countermeasure is configured into the line cards and enabled by default.
To disable SSH server functions, use the no ip ssh server enable command. Using SCP with SSH to Copy a Software Image To use secure copy (SCP) to copy a software image through an SSH connection from one switch to another, use the following commands. On the chassis, invoke SCP.
Configuring the SSH Server Key Exchange Algorithm To configure the key exchange algorithm for the SSH server, use the ip ssh server kex key-exchange-algorithm command in CONFIGURATION mode. key-exchange-algorithm : Enter a space-delimited list of key exchange algorithms that will be used by the SSH server.
• hmac-sha2-256-96 When FIPS is enabled, the default HMAC algorithm is hmac-sha1-96. Example of Configuring a HMAC Algorithm The following example shows you how to configure a HMAC algorithm list. Dell(conf)# ip ssh server mac hmac-sha1-96 Configuring the SSH Server Cipher List To configure the cipher list supported by the SSH server, use the ip ssh server cipher cipher-list command in CONFIGURATION mode. cipher-list-: Enter a space-delimited list of ciphers the SSH server will support.
SSH server ciphers : 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192ctr,aes256-ctr. SSH server macs : hmac-md5,hmac-md5-96,hmac-sha1,hmac-sha1-96,hmac-sha2-256,hmacsha2-256-96. SSH server kex algorithms : diffie-hellman-group-exchange-sha1,diffie-hellman-group1sha1,diffie-hellman-group14-sha1. Password Authentication : enabled. Hostbased Authentication : disabled. RSA Authentication : disabled.
no ip ssh password-authentication or no ip ssh rsa-authentication 6. Enable host-based authentication. CONFIGURATION mode ip ssh hostbased-authentication enable 7. Bind shosts and rhosts to host-based authentication. CONFIGURATION mode ip ssh pub-key-file flash://filename or ip ssh rhostsfile flash://filename Examples of Creating shosts and rhosts The following example shows creating shosts. admin@Unix_client# cd /etc/ssh admin@Unix_client# ls moduli sshd_config ssh_host_dsa_key.pub ssh_host_key.
Troubleshooting SSH To troubleshoot SSH, use the following information. You may not bind id_rsa.pub to RSA authentication while logged in via the console. In this case, this message displays:%Error: No username set for this term. Enable host-based authentication on the server (Dell Networking system) and the client (Unix machine). The following message appears if you attempt to log in via SSH and host-based is disabled on the client.
2. Enter a password. 3. Assign an access class. 4. Enter a privilege level. You can assign line authentication on a per-VTY basis; it is a simple password authentication, using an access-class as authorization. Configure local authentication globally and configure access classes on a per-user basis. Dell Networking OS can assign different access classes to different users by username. Until users attempt to log in, Dell Networking OS does not know if they will be assigned a VTY line.
The following example shows how to deny incoming connections from subnet 10.0.0.0 without displaying a login prompt.
A constrained RBAC model provides for separation of duty and as a result, provides greater security than the hierarchical RBAC model. Essentially, a constrained model puts some limitations around each role’s permissions to allow you to partition of tasks. However, some inheritance is possible. Default command permissions are based on CLI mode (such as configure, interface, router), any specific command settings, and the permissions allowed by the privilege and role commands.
If you do not, the following error is displayed when you attempt to enable role-based only AAA authorization. % Error: Exec authorization must be applied to more than one line to be useful, e.g. console and vty lines. Could use default authorization method list as alternative. 5. Verify the configuration has been applied to the console or VTY line.
• Modifying Command Permissions for Roles • Adding and Deleting Users from a Role Creating a New User Role Instead of using the system defined user roles, you can create a new user role that best matches your organization. When you create a new user role, you can first inherit permissions from one of the system defined roles. Otherwise you would have to create a user role’s command permissions from scratch. You then restrict commands or add commands to that role.
Modifying Command Permissions for Roles You can modify (add or delete) command permissions for newly created user roles and system defined roles using the role mode { { { addrole | deleterole } role-name } | reset } command command in Configuration mode. NOTE: You cannot modify system administrator command permissions. If you add or delete command permissions using the role command, those changes only apply to the specific user role. They do not apply to other roles that have inheritance from that role.
Dell(conf)#show role mode configure interface Role access: netadmin, secadmin, sysadmin Example: Verify that the Security Administrator Can Access Interface Mode The following example shows that the secadmin role can now access Interface mode (highlighted in bold).
NOTE: If you already have a user ID that exists with a privilege level, you can add the user role to username that has a privilege Dell (conf) #no username john The following example adds a user, to the secadmin user role. Dell (conf)#username john role secadmin password 0 password AAA Authentication and Authorization for Roles This section describes how to configure AAA Authentication and Authorization for Roles.
You can further restrict users’ permissions, using the aaa authorization command command in CONFIGURATION mode. aaa authorization command {method-list-name | default} method [… method4] Examples of Applying a Method List The following configuration example applies a method list: TACACS+, RADIUS and local: ! radius-server host 10.16.150.203 key ! tacacs-server host 10.16.150.
Configuring TACACS+ and RADIUS VSA Attributes for RBAC For RBAC and privilege levels, the Dell Networking OS RADIUS and TACACS+ implementation supports two vendor-specific options: privilege level and roles. The Dell Networking vendor-ID is 6027 and the supported option has attribute of type string, which is titled “Force10-avpair”.
The following example shows you how to configure AAA accounting to monitor commands executed by the users who have a secadmin user role. Dell(conf)#aaa accounting command role secadmin default start-stop tacacs+ Applying an Accounting Method to a Role To apply an accounting method list to a role executed by a user with that user role, use the accounting command in LINE mode.
Displaying Role Permissions Assigned to a Command To display permissions assigned to a command, use the show role command in EXEC Privilege mode. The output displays the user role and or permission level.
44 Service Provider Bridging Service provider bridging is supported on Dell Networking OS. VLAN Stacking VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad — Provider Bridges, which is an amendment to IEEE 802.1Q — Virtual Bridged Local Area Networks. It enables service providers to use 802.1Q architecture to offer separate VLANs to customers with no coordination between customers, and minimal coordination between customers and the provider. Using only 802.
Figure 104. VLAN Stacking in a Service Provider Network Important Points to Remember • Interfaces that are members of the Default VLAN and are configured as VLAN-Stack access or trunk ports do not switch untagged traffic. To switch traffic, add these interfaces to a non-default VLAN-Stack-enabled VLAN. • Dell Networking cautions against using the same MAC address on different customer VLANs, on the same VLAN-Stack VLAN.
Related Configuration Tasks • Configuring the Protocol Type Value for the Outer VLAN Tag • Configuring Dell Networking OS Options for Trunk Ports • Debugging VLAN Stacking • VLAN Stacking in Multi-Vendor Networks Creating Access and Trunk Ports To create access and trunk ports, use the following commands. • Access port — a port on the service provider edge that directly connects to the customer. An access port may belong to only one service provider VLAN.
Example of Viewing VLAN Stack Member Status To display the status and members of a VLAN, use the show vlan command from EXEC Privilege mode. Members of a VLANStacking-enabled VLAN are marked with an M in column Q.
switchport vlan-stack trunk shutdown Dell(conf-if-te-1/1/1)#interface vlan 100 Dell(conf-if-vl-100)#untagged tengigabitethernet 1/1/1 Dell(conf-if-vl-100)#interface vlan 101 Dell(conf-if-vl-101)#tagged tengigabitethernet 1/1/1 Dell(conf-if-vl-101)#interface vlan 103 Dell(conf-if-vl-103)#vlan-stack compatible Dell(conf-if-vl-103-stack)#member tengigabitethernet 1/1/1 Dell(conf-if-vl-103-stack)#do show vlan Codes: Q: U x G - * - Default VLAN, G - GVRP VLANs Untagged, T - Tagged Dot1x untagged, X - Dot1x tagg
VLAN Stacking The default TPID for the outer VLAN tag is 0x9100. The system allows you to configure both bytes of the 2 byte TPID. Previous versions allowed you to configure the first byte only, and thus, the systems did not differentiate between TPIDs with a common first byte. For example, 0x8100 and any other TPID beginning with 0x81 were treated as the same TPID, as shown in the following illustration. Dell Networking OS Versions 8.2.1.
Figure 105.
Figure 106.
Figure 107. Single and Double-Tag TPID Mismatch VLAN Stacking Packet Drop Precedence The drop eligible indicator (DEI) bit in the S-Tag indicates to a service provider bridge which packets it should prefer to drop when congested. Enabling Drop Eligibility Enable drop eligibility globally before you can honor or mark the DEI value. When you enable drop eligibility, DEI mapping or marking takes place according to the defaults. In this case, the CFI is affected according to the following table. Table 68.
Ingress Egress DEI Disabled DEI Enabled Access Port Trunk Port Retain inner tag CFI Retain inner tag CFI Set outer tag CFI to 0 Set outer tag CFI to 0 To enable drop eligibility globally, use the following command. • Make packets eligible for dropping based on their DEI value. CONFIGURATION mode dei enable By default, packets are colored green, and DEI is marked 0 on egress.
Example of Viewing DEI-Marking Configuration To display the DEI-marking configuration, use the show interface dei-mark [interface slot/port/subport | linecard number port-set number] in EXEC Privilege mode.
Examples of QoS Interface Configuration and Rate Policing policy-map-input in layer2 service-queue 3 class-map a qos-policy 3 ! class-map match-any a layer2 match mac access-group a ! mac access-list standard a seq 5 permit any ! qos-policy-input 3 layer2 rate-police 40 Likewise, in the following configuration, packets with dot1p priority 0–3 are marked as dot1p 7 in the outer tag and queued to Queue 3. Rate policing is according to qos-policy-input 3.
Separate C-Tag values by commas. Dashed ranges are permitted. Dynamic Mode CoS overrides any Layer 2 QoS configuration in case of conflicts. NOTE: Because dot1p-mapping marks and queues packets, the only remaining applicable QoS configuration is rate metering. You may use Rate Shaping or Rate Policing. Layer 2 Protocol Tunneling Spanning tree bridge protocol data units (BPDUs) use a reserved destination MAC address called the bridge group address, which is 01-80-C2-00-00-00.
You might need to transport control traffic transparently through the intermediate network to the other region. Layer 2 protocol tunneling enables BPDUs to traverse the intermediate network by identifying frames with the Bridge Group Address, rewriting the destination MAC to a user-configured non-reserved address, and forwarding the frames. Because the frames now use a unique MAC address, BPDUs are treated as normal data frames by the switches in the intermediate network core.
Implementation Information • • • L2PT is available for STP, RSTP, MSTP, and PVST+ BPDUs. No protocol packets are tunneled when you enable VLAN stacking. L2PT requires the default CAM profile. Enabling Layer 2 Protocol Tunneling To enable Layer 2 protocol tunneling, use the following command. 1. Verify that the system is running the default CAM profile. Use this CAM profile for L2PT. EXEC Privilege mode show cam-profile 2. Enable protocol tunneling globally on the system.
4. Set a maximum rate at which the RPM processes BPDUs for L2PT. VLAN STACKING mode protocol-tunnel rate-limit The default is: no rate limiting. The range is from 64 to 320 kbps. Debugging Layer 2 Protocol Tunneling To debug Layer 2 protocol tunneling, use the following command. • Display debugging information for L2PT. EXEC Privilege mode debug protocol-tunnel Provider Backbone Bridging IEEE 802.1ad—Provider Bridges amends 802.
45 sFlow Configuring sFlow is supported on Dell Networking OS. Overview The Dell Networking Operating System (OS) supports sFlow version 5. sFlow is a standard-based sampling technology embedded within switches and routers which is used to monitor network traffic. It is designed to provide traffic monitoring for high-speed networks with many switches and routers. sFlow uses two types of sampling: • Statistical packet-based sampling of switched or routed packet flows.
• Community list and local preference fields are not filled in extended gateway element in the sFlow datagram. • 802.1P source priority field is not filled in extended switch element in sFlow datagram. • Only Destination and Destination Peer AS number are packed in the dst-as-path field in extended gateway element. • If the packet being sampled is redirected using policy-based routing (PBR), the sFlow datagram may contain incorrect extended gateway/router information.
Enabling and Disabling sFlow on an Interface By default, sFlow is disabled on all interfaces. This CLI is supported on physical ports and link aggregation group (LAG) ports. To enable sFlow on a specific interface, use the following command. • Enable sFlow on an interface. INTERFACE mode [no] sflow ingress-enable To disable sFlow on an interface, use the no version of this command.
Example of the show running-config sflow Command Dell#show running-config sflow ! sflow collector 100.1.1.12 agent-addr 100.1.1.1 sflow enable sflow max-header-size extended Dell#show run int tengigabitEthernet 1/10/1 ! interface TenGigabitEthernet 1/10/1 no ip address switchport sflow ingress-enable sflow max-header-size extended no shutdown sFlow Show Commands Dell Networking OS includes the following sFlow display commands.
show sflow interface interface-name Examples of the sFlow show Commands The following example shows the show sflow interface command. Dell#show sflow interface tengigabitethernet 1/1/1 Te 1/1/1 sFlow type :Ingress Configured sampling rate :16384 Actual sampling rate :16384 Counter polling interval :20 Extended max header size :128 Samples rcvd from h/w :0 The following example shows the show running-config interface command.
Changing the Polling Intervals The sflow polling-interval command configures the polling interval for an interface in the maximum number of seconds between successive samples of counters sent to the collector. This command changes the global default counter polling (20 seconds) interval. You can configure an interface to use a different polling interval. To configure the polling intervals globally (in CONFIGURATION mode) or by interface (in INTERFACE mode), use the following command.
Examples of Verifying Extended sFlow The bold line shows that extended sFlow settings are enabled on all three types. Dell#show sflow sFlow services are enabled Egress Management Interface sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 20 Global default extended maximum header size: 128 bytes Global extended information enabled: none 1 collectors configured Collector IP addr: 100.1.1.1, Agent IP addr: 1.1.1.
IP SA IP DA srcAS and srcPeerAS dstAS and dstPeerAS Description IP DA is not learned via BGP. Version 7.8.1.0 allows extended gateway information in cases where the source and destination IP addresses are learned by different routing protocols, and for cases where is source is reachable over ECMP. BGP BGP Exported Exported Extended gateway data is packed.
46 Simple Network Management Protocol (SNMP) Simple network management protocol (SNMP) is supported on Dell Networking OS. NOTE: On Dell Networking routers, standard and private SNMP management information bases (MIBs) are supported, including all Get and a limited number of Set operations (such as set vlan and copy cmd). Protocol Overview Network management stations use SNMP to retrieve or alter management data from network elements.
FIPS Mode Privacy Options Authentication Options Disabled des56 md5 (HMAC-MD5-96) Enabled (DES56-CBC) aes128 (AES128-CFB) sha (HMAC-SHA1-96) aes128 (AES128-CFB) sha (HMAC-SHA1-96) To enable security for SNMP packets transferred between the server and the client, you can use the snmp-server user username group groupname 3 auth authentication-type auth-password priv aes128 priv-password command to specify that AES-CFB 128 encryption algorithm needs to be used.
• Copying Configuration Files via SNMP • Manage VLANs Using SNMP • Enabling and Disabling a Port using SNMP • Fetch Dynamic MAC Entries using SNMP • Deriving Interface Indices • Monitor Port-channels Important Points to Remember • Typically, 5-second timeout and 3-second retry values on an SNMP server are sufficient for both LAN and WAN applications.
Setting Up User-Based Security (SNMPv3) When setting up SNMPv3, you can set users up with one of the following three types of configuration for SNMP read/write operations. Users are typically associated to an SNMP group with permissions provided, such as OID view. • noauth — no password or privacy. Select this option to set up a user with no password or privacy privileges. This setting is the basic configuration. Users must have a group and profile that do not require password privileges.
Select a User-based Security Type Dell(conf)#snmp-server host 1.1.1.1 traps {oid tree} version 3 ? auth Use the SNMPv3 authNoPriv Security Level noauth Use the SNMPv3 noAuthNoPriv Security Level priv Use the SNMPv3 authPriv Security Level Dell(conf)#snmp-server host 1.1.1.1 traps {oid tree} version 3 noauth ? WORD SNMPv3 user name Reading Managed Object Values You may only retrieve (read) managed object values if your management station is a member of the same community as the SNMP agent.
Example of Writing the Value of a Managed Object > snmpset -v 2c -c mycommunity 10.11.131.161 sysName.0 s "R5" SNMPv2-MIB::sysName.0 = STRING: R5 Configuring Contact and Location Information using SNMP You may configure system contact and location information from the Dell Networking system or from the management station using SNMP. To configure system contact and location information from the Dell Networking system and from the management station using SNMP, use the following commands.
• Force10 enterpriseSpecific protocol traps — bgp, ecfm, stp, and xstp. To configure the system to send SNMP notifications, use the following commands. 1. Configure the Dell Networking system to send notifications to an SNMP server. CONFIGURATION mode snmp-server host ip-address [traps | informs] [version 1 | 2c |3] [community-string] To send trap messages, enter the keyword traps. To send informational messages, enter the keyword informs.
Example of Dell Networking Enterprise-specific SNMP Traps envmon STACK_STATE: Stack unit %d is in Active State STACKUNITUP: Stack unit 0 is up envmon CARD_SHUTDOWN: %sLine card %d down - %s CARD_DOWN: %sLine card %d down - %s LINECARDUP: %sLine card %d is up CARD_MISMATCH: Mismatch: line card %d is type %s - type %s required.
%SPANMGR-5-MSTP_TOPOLOGY_CHANGE: Topology change BridgeAddr: 0001.e801.fc35 Mstp Instance Id 0 port Te 1/8/1 transitioned from forwarding to discarding state.
MIB Object OID Object Values Description specify copySrcFileLocation and copySrcFileName. copySrcFileLocation .1.3.6.1.4.1.6027.3.5.1.1.1.1.3 1 = flash Specifies the location of source file. 2 = slot0 • 3 = tftp 4 = ftp If copySrcFileLocation is FTP or SCP, you must specify copyServerAddress, copyUserName, and copyUserPassword. 5 = scp 6 = usbflash copySrcFileName .1.3.6.1.4.1.6027.3.5.1.1.1.1.4 Path (if the file is not in the Specifies name of the file. current directory) and filename.
MIB Object OID Object Values Description copyUserPassword .1.3.6.1.4.1.6027.3.5.1.1.1.1.10 Password for the server. Password for the FTP, TFTP, or SCP server. Copying a Configuration File To copy a configuration file, use the following commands. NOTE: In UNIX, enter the snmpset command for help using the following commands. Place the f10-copy-config.mib file in the directory from which you are executing the snmpset command or in the snmpset tool path. 1.
Examples of Copying Configuration Files The following examples show the command syntax using MIB object names and the same command using the object OIDs. In both cases, a unique index number follows the object. The following example shows copying configuration files using MIB object names. > snmpset -v 2c -r 0 -t 60 -c private -m ./f10-copy-config.mib 10.10.10.10 copySrcFileType. 101 i 2 copyDestFileType.101 i 3 FTOS-COPY-CONFIG-MIB::copySrcFileType.
FTOS-COPY-CONFIG-MIB::copyServerAddress.110 = IpAddress: 11.11.11.11 FTOS-COPY-CONFIG-MIB::copyUserName.110 = STRING: mylogin FTOS-COPY-CONFIG-MIB::copyUserPassword.110 = STRING: mypass Copying the Startup-Config Files to the Server via TFTP To copy the startup-config to the server via TFTP from the UNIX machine, use the following command. NOTE: Verify that the file exists and its permissions are set to 777. Specify the relative path to the TFTP root directory.
MIB Object OID Values Description copyFailCause .1.3.6.1.4.1.6027.3.5.1.1.1.1.14 1 = bad filename Specifies the reason the copy request failed. 2 = copy in progress 3 = disk full 4 = file exists 5 = file not found 6 = timeout 7 = unknown copyEntryRowStatus .1.3.6.1.4.1.6027.3.5.1.1.1.1.15 Row status Specifies the state of the copy operation. Uses CreateAndGo when you are performing the copy. The state is set to active when the copy is completed.
MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory. The following table lists the MIB object that contains the available memory size on flash memory. Table 72. MIB Objects for Displaying the Available Memory Size on Flash via SNMP MIB Object OID Description chStackUnitFlashUsageUtil 1.3.6.1.4.1.6027.3.10.1.2.9.1.6 Contains flash memory usage in percentage.
• To view the viewing the software core files generated by the system, use the following command. snmpwalk -v2c -c public 192.168.60.120 .1.3.6.1.4.1.6027.3.10.1.2.10 enterprises.6027.3.10.1.2.10.1.1.1.1 = 1 enterprises.6027.3.10.1.2.10.1.1.1.2 = 2 enterprises.6027.3.10.1.2.10.1.1.1.3 = 3 enterprises.6027.3.10.1.2.10.1.1.2.1 = 1 enterprises.6027.3.10.1.2.10.1.2.1.1 = "/CORE_DUMP_DIR/flashmntr.core.gz" enterprises.6027.3.10.1.2.10.1.2.1.2 = "/CORE_DUMP_DIR/FTP_STK_MEMBER/ f10cp_l2mgr_131108080758_Stk1.
Displaying the Ports in a VLAN Dell Networking OS identifies VLAN interfaces using an interface index number that is displayed in the output of the show interface vlan command. Add Tagged and Untagged Ports to a VLAN The value dot1qVlanStaticEgressPorts object is an array of all VLAN members. The dot1qVlanStaticUntaggedPorts object is an array of only untagged VLAN members. All VLAN members that are not in dot1qVlanStaticUntaggedPorts are tagged.
• Set the amount of time after an IS-IS reload is performed before ingress traffic is allowed at startup. set-overload-bit on-startup isis The following OIDs are configurable through the snmpset command. The node OID is 1.3.6.1.4.1.6027.3.
Table 74. MIB Objects for Fetching Dynamic MAC Entries in the Forwarding Database MIB Object OID MIB Description dot1dTpFdbTable .1.3.6.1.2.1.17.4.3 Q-BRIDGE MIB List the learned unicast MAC addresses on the default VLAN. dot1qTpFdbTable .1.3.6.1.2.1.17.7.1.2. 2 Q-BRIDGE MIB List the learned unicast MAC addresses on non-default VLANs. dot3aCurAggFdb Table .1.3.6.1.4.1.6027.3.2. 1.1.5 F10-LINK-AGGREGATION MIB List the learned MAC addresses of aggregated links (LAG).
Deriving Interface Indices Dell Networking OS assigns an interface number to each (configured or unconfigured) physical and logical interface. The interface index is a binary number with bits that indicate the slot number, port number, interface type, and card type of the interface. Dell Networking OS converts this binary index number to decimal, and displays it in the output of the show interface command.
Monitor Port-Channels To check the status of a Layer 2 port-channel, use f10LinkAggMib (.1.3.6.1.4.1.6027.3.2). In the following example, Po 1 is a switchport and Po 2 is in Layer 3 mode. Example of SNMP Trap for Monitored Port-Channels [senthilnathan@lithium ~]$ snmpwalk -v 2c -c public 10.11.1.1 .1.3.6.1.4.1.6027.3.2.1.1 SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.1.1 = INTEGER: 1 SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.1.2 = INTEGER: 2 SNMPv2-SMI::enterprises.6027.3.2.1.1.1.1.2.
SNMPv2-SMI::enterprises.6027.3.1.1.4.1.2 = STRING: "OSTATE_UP: Changed interface state to up: Po 1" Troubleshooting SNMP Operation When you use SNMP to retrieve management data from an SNMP agent on a Dell Networking router, take into account the following behavior. • When you query an IPv4 icmpMsgStatsInPkts object in the ICMP table by using the snmpwalk command, the output for echo replies may be incorrectly displayed.
47 Storm Control Storm control is supported on Dell Networking OS. The storm control feature allows you to control unknown-unicast and broadcast traffic on Layer 2 and Layer 3 physical interfaces. Dell Networking Operating System (OS) Behavior: Dell Networking OS supports broadcast control (the storm-control broadcast command) for Layer 2 and Layer 3 traffic. Configure Storm Control Storm control is supported in INTERFACE mode and CONFIGURATION mode.
48 Spanning Tree Protocol (STP) The spanning tree protocol (STP) is supported on Dell Networking OS. Protocol Overview STP is a Layer 2 protocol — specified by IEEE 802.1d — that eliminates loops in a bridged topology by enabling only a single path through the network. By eliminating loops, the protocol improves scalability in a large network and allows you to implement redundant paths, which can be activated after the failure of active paths.
• • To add interfaces to the spanning tree topology after you enable STP, enable the port and configure it for Layer 2 using the switchport command. The IEEE Standard 802.1D allows 8 bits for port ID and 8 bits for priority. The 8 bits for port ID provide port IDs for 256 ports. Configuring Interfaces for Layer 2 Mode All interfaces on all switches that participate in spanning tree must be in Layer 2 mode and enabled. Figure 111.
Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. Dell(conf-if-te-1/1/1)#show config ! interface TenGigabitEthernet 1/1/1 no ip address switchport no shutdown Dell(conf-if-te-1/1/1)# Enabling Spanning Tree Protocol Globally Enable the spanning tree protocol globally; it is not enabled by default.
no disable Examples of Verifying Spanning Tree Information To disable STP globally for all Layer 2 interfaces, use the disable command from PROTOCOL SPANNING TREE mode. To verify that STP is enabled, use the show config command from PROTOCOL SPANNING TREE mode.
Te 1/4/1 Dell# 8.514 8 4 FWD 0 32768 0001.e80d.2462 8.514 Adding an Interface to the Spanning Tree Group To add a Layer 2 interface to the spanning tree topology, use the following command. • Enable spanning tree on a Layer 2 interface. INTERFACE mode spanning-tree 0 Modifying Global Parameters You can modify the spanning tree parameters. The root bridge sets the values for forward-delay, hello-time, and max-age and overwrites the values set on other bridges participating in STP.
• Change the max-age parameter (the refresh interval for configuration information that is generated by recomputing the spanning tree topology). PROTOCOL SPANNING TREE mode max-age seconds The range is from 6 to 40. The default is 20 seconds. To view the current values for global parameters, use the show spanning-tree 0 command from EXEC privilege mode. Refer to the second example in Enabling Spanning Tree Protocol Globally.
• Enable PortFast on an interface. INTERFACE mode spanning-tree stp-id portfast [bpduguard | [shutdown-on-violation]] Example of Verifying PortFast is Enabled on an Interface To verify that PortFast is enabled on a port, use the show spanning-tree command from EXEC Privilege mode or the show config command from INTERFACE mode. Dell Networking recommends using the show config command.
– Disabling global spanning tree (the no spanning-tree in CONFIGURATION mode). Figure 113. Enabling BPDU Guard Dell Networking OS Behavior: BPDU guard and BPDU filtering both block BPDUs, but are two separate features. BPDU guard: • is used on edgeports and blocks all traffic on edgeport if it receives a BPDU. • drops the BPDU after it reaches the RPM and generates a console message.
Te 1/6/1 Root 128.263 128 20000 FWD 20000 P2P No Te 1/7/1 ErrDis 128.264 128 20000 EDS 20000 P2P No Dell(conf-if-te-1/7/1)#do show ip interface brief tengigabitEthernet 1/7/1 Interface IP-Address OK Method Status Protocol TenGigabitEthernet 1/7/1 unassigned YES Manual up up Selecting STP Root The STP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it becomes the root bridge. You can also specify that a bridge is the root or the secondary root.
BPDU is ignored and the port on Switch C transitions from a forwarding to a root-inconsistent state (shown by the green X icon). As a result, Switch A becomes the root bridge. Figure 114. STP Root Guard Prevents Bridging Loops Configuring Root Guard Enable STP root guard on a per-port or per-port-channel basis.
– 0: enables root guard on an STP-enabled port assigned to instance 0. – mstp: enables root guard on an MSTP-enabled port. – rstp: enables root guard on an RSTP-enabled port. – pvst: enables root guard on a PVST-enabled port. To disable STP root guard on a port or port-channel interface, use the no spanning-tree 0 rootguard command in an interface configuration mode.
As shown in the following illustration (STP topology 2, upper right), a loop can also be created if the forwarding port on Switch B becomes busy and does not forward BPDUs within the configured forward-delay time. As a result, the blocking port on Switch C transitions to a forwarding state, and both Switch A and Switch C transmit traffic to Switch B (STP topology 2, lower right).
– Spanning Tree Protocol (STP) – Rapid Spanning Tree Protocol (RSTP) – Multiple Spanning Tree Protocol (MSTP) – Per-VLAN Spanning Tree Plus (PVST+) • You cannot enable root guard and loop guard at the same time on an STP port. For example, if you configure loop guard on a port on which root guard is already configured, the following error message is displayed: % Error: RootGuard is configured. Cannot configure LoopGuard.
49 System Time and Date System time and date settings and the network time protocol (NTP) are supported on Dell Networking OS. You can set system times and dates and maintained through the NTP. They are also set through the Dell Networking Operating System (OS) command line interfaces (CLIs) and hardware settings. In the release 9.4.(0.0), support for reaching an NTP server through different VRFs is included. You can configure a maximum of eight logging servers across different VRFs or the same VRF.
Dell Networking OS synchronizes with a time-serving host to get the correct time. You can set Dell Networking OS to poll specific NTP time-serving hosts for the current time. From those time-serving hosts, the system chooses one NTP host with which to synchronize and serve as a client to the NTP host. As soon as a host-client relationship is established, the networking device propagates the time information throughout its local network.
• Specify the NTP server to which the Dell Networking system synchronizes. CONFIGURATION mode ntp server ip-address Examples of Viewing System Clock To display the system clock state with respect to NTP, use the show ntp status command from EXEC Privilege mode. R6_E300(conf)#do show ntp status Clock is synchronized, stratum 2, reference is 192.168.1.1 frequency is -369.623 ppm, stability is 53.319 ppm, precision is 4294967279 reference time is CD63BCC2.0CBBD000 (16:54:26.
• Configure a source IP address for NTP packets. CONFIGURATION mode ntp source interface Enter the following keywords and slot/port or number information: – For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/subport information. – For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. – For a Loopback interface, enter the keyword loopback then a number from 0 to 16383.
ntp server [vrf] {hostname | ipv4-address |ipv6-address} [ key keyid] [prefer] [version number] Configure the IP address of a server and the following optional parameters: • – vrf-name : Enter the name of the VRF through which the NTP server is reachable. – hostname : Enter the keyword hostname to see the IP address or host name of the remote device. – ipv4-address : Enter an IPv4 address in dotted decimal format (A.B.C.D).
NOTE: • Leap Indicator (sys.leap, peer.leap, pkt.leap) — This is a two-bit code warning of an impending leap second to be inserted in the NTP time scale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rollover interval) in the day of insertion to be increased or decreased by one.
Setting the Time and Date for the Switch Software Clock You can change the order of the month and day parameters to enter the time and date as time day month year. You cannot delete the software clock. The software clock runs only when the software is up. The clock restarts, based on the hardware clock, when the switch reboots. To set the software clock, use the following command. • Set the system software clock to the current time and date.
Setting Daylight Saving Time Once Set a date (and time zone) on which to convert the switch to daylight saving time on a one-time basis. To set the clock for daylight savings time once, use the following command. • Set the clock to the appropriate timezone and daylight saving time. CONFIGURATION mode clock summer-time time-zone date start-month start-day start-year start-time end-month end-day end-year end-time [offset] – time-zone: enter the three-letter name for the time zone.
– start-month: Enter the name of one of the 12 months in English. You can enter the name of a day to change the order of the display to time day month year. – start-day: Enter the number of the day. The range is from 1 to 31. You can enter the name of a month to change the order of the display to time day month year. – start-year: Enter a four-digit number as the year. The range is from 1993 to 2035. – start-time: Enter the time in hours:minutes.
50 Tunneling Tunnel interfaces create a logical tunnel for IPv4 or IPv6 traffic. Tunneling supports RFC 2003, RFC 2473, and 4213. DSCP, hop-limits, flow label values, OSPFv2, and OSPFv3 are also supported. ICMP error relay, PATH MTU transmission, and fragmented packets are not supported. Configuring a Tunnel You can configure a tunnel in IPv6 mode, IPv6IP mode, and IPIP mode. You can configure a tunnel in IPv6 mode, IPv6IP mode, and IPIP mode.
Dell(conf-if-tu-3)#tunnel destination 8::9 Dell(conf-if-tu-3)#tunnel mode ipv6 Dell(conf-if-tu-3)#ip address 3.1.1.1/24 Dell(conf-if-tu-3)#ipv6 address 3::1/64 Dell(conf-if-tu-3)#no shutdown Dell(conf-if-tu-3)#show config ! interface Tunnel 3 ip address 3.1.1.1/24 ipv6 address 3::1/64 tunnel destination 8::9 tunnel source 5::5 tunnel mode ipv6 no shutdown Configuring Tunnel Keepalive Settings You can configure a tunnel keepalive target, keepalive interval, and attempts.
Dell(conf-if-tu-1)#ip unnumbered tengigabitethernet 1/1/1 Dell(conf-if-tu-1)#ipv6 unnumbered tengigabitethernet 1/1/1 Dell(conf-if-tu-1)#tunnel source 40.1.1.1 Dell(conf-if-tu-1)#tunnel mode ipip decapsulate-any Dell(conf-if-tu-1)#no shutdown Dell(conf-if-tu-1)#show config ! interface Tunnel 1 ip unnumbered TenGigabitEthernet 1/1/1 ipv6 unnumbered TenGigabitEthernet 1/1/1 tunnel source 40.1.1.
no shutdown Guidelines for Configuring Multipoint Receive-Only Tunnels • Maximum number of allowed remote end-points that can be configured for a single multipoint receive-only tunnel is eight. Maximum number of allowed remote end-points that can be configured for all multipoint receive-only tunnels depends on the hardware table size to setup termination (it is 512 entries in S4810 and S4820T platforms) and the count is tracked across all of the tunnel remote end-points configured in the system.
51 Upgrade Procedures To find the upgrade procedures, go to the Dell Networking OS Release Notes for your system type to see all the requirements needed to upgrade to the desired Dell Networking OS version. To upgrade your system type, follow the procedures in the Dell Networking OS Release Notes. Get Help with Upgrades Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center. You can reach Technical Support: • On the web: http://www.dell.
52 Virtual LANs (VLANs) Virtual LANs (VLANs) are supported on Dell Networking OS. VLANs are a logical broadcast domain or logical grouping of interfaces in a local area network (LAN) in which all data received is kept locally and broadcast to all members of the group. When in Layer 2 mode, VLANs move traffic at wire speed and can span multiple devices. The Dell Networking Operating System (OS) supports up to 4093 port-based VLANs and one default VLAN, as specified in IEEE 802.1Q.
NOTE: You cannot assign an IP address to the Default VLAN. To assign an IP address to a VLAN that is currently the Default VLAN, create another VLAN and assign it to be the Default VLAN. For more information about assigning IP addresses, refer to Assigning an IP Address to a VLAN. • Untagged interfaces must be part of a VLAN. To remove an untagged interface from the Default VLAN, create another VLAN and place the interface into that VLAN.
• The VLAN protocol identifier identifies the frame as tagged according to the IEEE 802.1Q specifications (2 bytes). • Tag control information (TCI) includes the VLAN ID (2 bytes total). The VLAN ID can have 4,096 values, but two are reserved. NOTE: The insertion of the tag header into the Ethernet frame increases the size of the frame to more than the 1,518 bytes as specified in the IEEE 802.3 standard. Some devices that are not compliant with IEEE 802.3 may not support the larger frame size.
Assigning Interfaces to a VLAN You can only assign interfaces in Layer 2 mode to a VLAN using the tagged and untagged commands. To place an interface in Layer 2 mode, use the switchport command. You can further designate these Layer 2 interfaces as tagged or untagged. For more information, refer to the Interfaces chapter and Configuring Layer 2 (Data Link) Mode.
NUM Status Q * 1 Inactive 2 Active T T 3 Active T T 4 Active T Ports Po1(So 0/0-1) Te 1/1/1 Po1(So 0/0-1) Te 1/2/1 Po1(So 0/0-1) When you remove a tagged interface from a VLAN (using the no tagged interface command), it remains tagged only if it is a tagged interface in another VLAN. If the tagged interface is removed from the only VLAN to which it belongs, the interface is placed in the Default VLAN as an untagged interface.
* 1 2 3 4 Inactive Active T T Active T T Active U Po1(So 0/0-1) Te 1/3/1 Po1(So 0/0-1) Te 1/1/1 Te 1/2/1 The only way to remove an interface from the Default VLAN is to place the interface in Default mode by using the no switchport command in INTERFACE mode. Assigning an IP Address to a VLAN VLANs are a Layer 2 feature. For two physical interfaces on different VLANs to communicate, you must assign an IP address to the VLANs to route traffic between the two interfaces.
3. Configure the interface for Switchport mode. INTERFACE mode switchport 4. Add the interface to a tagged or untagged VLAN. VLAN INTERFACE mode [tagged | untagged] Enabling Null VLAN as the Default VLAN In a Carrier Ethernet for Metro Service environment, service providers who perform frequent reconfigurations for customers with changing requirements occasionally enable multiple interfaces, each connected to a different customer, before the interfaces are fully configured.
53 VLT Proxy Gateway The Virtual link trucking (VLT) proxy gateway feature allows a VLT domain to locally terminate and route L3 packets that are destined to a L3 end point in another VLT domain. Enable the VLT proxy gateway using the link layer discover protocol (LLDP) method or the static configuration. For more information, refer to Dell Networking OS Command Line Reference Guide.
Guidelines for Enabling the VLT Proxy Gateway Keep the following points in mind when you enable this functionality: 1. The proxy gateway is supported only for VLT; for example, across VLT domain. 2. You must enable the VLT peer-routing command for the VLT proxy gateway to function. 3. The current design does not handle asymmetric virtual local area network (VLAN) configuration scenarios such as the same VLAN configured with L2 mode on one VLT domain and L3 mode on another VLT domain.
11. VRRP and IPv6 routing is not supported. 12. Private VLANs (PVLANs) are not supported. 13. When a Virtual Machine (VM) moves from one VLT domain to the another VLT domain, the VM host send the gratuitous ARP (GARP) , which in-turn triggers a mac movement from the previous VLT domain to the newer VLT domain. 14. After a station move, if a host sends a TTL1 packet destined to its gateway; for example, a previous VLT node, the packet may be dropped. 15.
• The new proxy gateway TLV is carried on the physical links under the port channel only • There should be at least one link connection to each unit of the VLT domain Following are the prerequisites for Proxy Gateway LLDP configuration: • LLDP must be globally enabled • No interface– level LLDP disable CLIs on the interfaces configured for proxy gateway, and you must enable both transmission and reception • You must connect both units of the remote VLT domain by the port channel member.
Sample Scenario for VLT Proxy Gateway 1. The above figure show a sample VLT Proxy gateway scenario. Their are no diagonal links in the square VLT connection between the C and D in VLT domain 1 and C1 and D1 in the VLT domain 2. This undergo sub-optimal routing with the VLT Proxy Gateway LLDP method. For VLT Proxy Gateway to work in this scenario you must configure the , VLT-peer-mac transmit command under VLT Domain Proxy Gateway LLDP mode, in both C and D (VLT domain 1) and C1 and D1 (VLT domain 2).
Static Configuration Method Dell(conf-vlt-domain)#proxy-gateway static Dell(conf-vlt-domain-pxy-gw-static)#remote-mac-address exclude-vlan 10 5. Packet duplication may happen with “Exclude-VLAN” configuration – Assume exclude-vlan (say VLAN 10) is configured in C and D and in C1 and D1; If packets for VLAN 10 with C’s MAC address (C is in VLT domain 1) gets an L3 hit at C1 in VLT domain 2, they are switched to both D1 (via ICL) and C via inter DC link.
Dell(conf-vlt-domain-proxy-gw-lldp)#peer-domain-link port-channel interface exclude-vlan vlan-range 4. Display the VLT proxy gateway configuration.
54 Virtual Link Trunking (VLT) Virtual link trunking (VLT) is supported on Dell Networking OS. Overview VLT allows physical links between two chassis to appear as a single virtual link to the network core or other switches such as Edge, Access, or top-of-rack (ToR). VLT reduces the role of spanning tree protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distribution or core switches, and by supporting a loop-free topology.
Figure 118. VLT on Switches VLT on Core Switches You can also deploy VLT on core switches. Uplinks from servers to the access layer and from access layer to the aggregation layer are bundled in LAG groups with end-to-end Layer 2 multipathing. This set up requires “horizontal” stacking at the access layer and VLT at the aggregation layer such that all the uplinks from servers to access and access to aggregation are in Active-Active Load Sharing mode.
Figure 119. Enhanced VLT VLT Terminology The following are key VLT terms. • Virtual link trunk (VLT) — The combined port channel between an attached device and the VLT peer switches. • VLT backup link — The backup link monitors the vitality of VLT peer switches. The backup link sends configurable, periodic keep alive messages between the VLT peer switches. • VLT interconnect (VLTi) — The link used to synchronize states between the VLT peer switches.
• Dell Networking strongly recommends that the VLTi (VLT interconnect) be a static LAG and that you disable LACP on the VLTi. • Ensure that the spanning tree root bridge is at the Aggregation layer. If you enable RSTP on the VLT device, refer to RSTP and VLT for guidelines to avoid traffic loss. • If you reboot both VLT peers in BMP mode and the VLT LAGs are static, the DHCP server reply to the DHCP discover offer may not be forwarded by the ToR to the correct node.
Configuration Notes When you configure VLT, the following conditions apply. • VLT domain – A VLT domain supports two chassis members, which appear as a single logical device to network access devices connected to VLT ports through a port channel. – A VLT domain consists of the two core chassis, the interconnect trunk, backup link, and the LAG members connected to attached devices. – Each VLT domain has a unique MAC address that you create or VLT creates automatically.
NOTE: If you configure the VLT system MAC address or VLT unit-id on only one of the VLT peer switches, the link between the VLT peer switches is not established. Each VLT peer switch must be correctly configured to establish the link between the peers. – If the link between the VLT peer switches is established, changing the VLT system MAC address or the VLT unit-id causes the link between the VLT peer switches to become disabled.
– For detailed information about how to use VRRP in a VLT domain, refer to the following VLT and VRRP interoperability section. – For information about configuring IGMP Snooping in a VLT domain, refer to VLT and IGMP Snooping. – All system management protocols are supported on VLT ports, including SNMP, RMON, AAA, ACL, DNS, FTP, SSH, Syslog, NTP, RADIUS, SCP, TACACS+, Telnet, and LLDP. – Enable Layer 3 VLAN connectivity VLT peers by configuring a VLAN network interface for the same VLAN on both switches.
If the VLTi link fails, the status of the remote VLT Primary Peer is checked using the backup link. If the remote VLT Primary Peer is available, the Secondary Peer disables all VLT ports to prevent loops. If all ports in the VLTi link fail or if the communication between VLTi links fails, VLT checks the backup link to determine the cause of the failure.
• Non-VLT Sync — Entries learned on non-VLT interfaces are synced on both VLT peers. • Tunneling — Control information is associated with tunnel traffic so that the appropriate VLT peer can mirror the ingress port as the VLT interface rather than pointing to the VLT peer’s VLTi link. • Statistics and Counters — Statistical and counter information displays IPv6 information when applicable. • Heartbeat — You can configure an IPv4 or IPv6 address as a backup link destination.
Figure 120. PIM-Sparse Mode Support on VLT On each VLAN where the VLT peer nodes act as the first hop or last hop routers, one of the VLT peer nodes is elected as the PIM designated router. If you configured IGMP snooping along with PIM on the VLT VLANs, you must configure VLTi as the static multicast router port on both VLT peer switches. This ensures that for first hop routers, the packets from the source are redirected to the designated router (DR) if they are incorrectly hashed.
To verify the PIM neighbors on the VLT VLAN and on the multicast port, use the show ip pim neighbor, show ip igmp snooping mrouter, and show running config commands. You cannot configure VLT peer nodes as rendezvous points, but you can connect PIM routers to VLT ports. If the VLT node elected as the designated router fails and you enable VLT Multicast Routing, multicast routes are synced to the other peer for traffic forwarding to ensure minimal traffic loss.
3. Configure the peer-routing timeout. VLT DOMAIN mode peer-routing—timeout value value: Specify a value (in seconds) from 1 to 65535. The default value is infinity (without configuring the timeout). VLT Multicast Routing VLT Multicast Routing provides resiliency to multicast routed traffic during the multicast routing protocol convergence period after a VLT link or VLT peer fails using the least intrusive method (PIM) and does not alter current protocol behavior.
4. Configure a PIM-SM compatible VLT node as a designated router (DR). For more information, refer to Configuring a Designated Router. 5. Configure a PIM-enabled external neighboring router as a rendezvous point (RP). For more information, refer to Configuring a Static Rendezvous Point. 6. Configure the VLT VLAN routing metrics to prefer VLT VLAN interfaces over non-VLT VLAN interfaces. For more information, refer to Classify Traffic. 7.
interconnect. Only the primary VLT switch determines the RSTP roles and states on VLT ports and ensures that the VLT interconnect link is never blocked. In the case of a primary VLT switch failure, the secondary switch starts sending BPDUs with its own bridge ID and inherits all the port states from the last synchronization with the primary switch. An access device never detects the change in primary/secondary roles and does not see it as a topology change.
4. • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/subport information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port information. Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown 5. Repeat Steps 1 to 4 on the VLT peer switch to configure the VLT interconnect. Enabling VLT and Creating a VLT Domain To enable VLT and create a VLT domain, use the following steps. 1.
Enter the slot (0-1) and the port (0). 2. Configure an IPv4 address (A.B.C.D) or IPv6 address (X:X:X:X::X) and mask (/x) on the interface. MANAGEMENT INTERFACE mode {ip address ipv4-address/ mask | ipv6 address ipv6-address/ mask} This is the IP address to be configured on the VLT peer with the back-up destination command. 3. Ensure that the interface is active. MANAGEMENT INTERFACE mode no shutdown 4. Repeat Steps 1 to 3 on the VLT peer switch.
VLT DOMAIN CONFIGURATION mode system-mac mac-address mac-address To explicitly configure the default MAC address for the domain by entering a new MAC address, use the system-mac command. The format is aaaa.bbbb.cccc. Also, reconfigure the same MAC address on the VLT peer switch. Use this command to minimize the time required for the VLT system to synchronize the default MAC address of the VLT domain on both peer switches when one peer switch reboots. 4.
INTERFACE PORT-CHANNEL mode vlt-peer-lag port-channel id-number The valid port-channel ID numbers are from 1 to 128. 7. Repeat Steps 1 to 6 on the VLT peer switch to configure the same port channel as part of the VLT domain. 8. On an attached switch or server: To connect to the VLT domain and add port channels to it, configure a port channel. For an example of how to verify the port-channel configuration, refer to VLT Sample Configuration.
CONFIGURATION mode vlt domain domain-id The range of domain IDs is from 1 to 1000. 4. Enter the port-channel number that acts as the interconnect trunk. VLT DOMAIN CONFIGURATION mode peer-link port-channel id-number The range is from 1 to 128. 5. Configure the IP address of the management interface on the remote VLT peer to be used as the endpoint of the VLT backup link for sending out-of-band hello messages.
10. Associate the port channel to the corresponding port channel in the VLT peer for the VLT connection to an attached device. INTERFACE PORT-CHANNEL mode vlt-peer-lag port-channel id-number Valid port-channel ID numbers are from 1 to 128. 11. Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown 12. Add links to the eVLT port. Configure a range of interfaces to bulk configure. CONFIGURATION mode interface range {port-channel id} 13. Enable LACP on the LAN port.
EXEC Privilege mode show running-config vlt 7. Configure the peer 1 management ip/ interface ip for which connectivity is present in VLT peer 1. EXEC mode or EXEC Privilege mode show interfaces interface 8. Configure the VLT links between VLT peer 1 and VLT peer 2 to the top of rack unit (shown in the following example). 9. Configure the static LAG/LACP between ports connected from VLT peer 1 and VLT peer 2 to the top of rack unit. EXEC Privilege mode show running-config entity 10.
1. Configure the peer 2 management ip/ interface ip for which connectivity is present in VLT peer 1. 2. Configure the peer 1 management ip/ interface ip for which connectivity is present in VLT peer 2. s4810-2#show running-config vlt ! vlt domain 5 peer-link port-channel 1 back-up destination 10.11.206.58 s4810-2# show interfaces managementethernet 1/1 Internet address is 10.11.206.43/16 s4810-4#show running-config vlt ! vlt domain 5 peer-link port-channel 1 back-up destination 10.11.206.
s60-1#show running-config interface tengigabitethernet 1/30/1 ! interface TenGigabitEthernet 1/30/1 no ip address ! port-channel-protocol LACP port-channel 100 mode active no shutdown s60-1#show running-config interface port-channel 100 ! interface Port-channel 100 no ip address switchport no shutdown s60-1#show interfaces port-channel 100 brief Codes: L - LACP Port-channel L LAG 100 Mode L2 Status up Uptime 03:33:48 Ports Te 1/8/1 (Up) Te 1/30/1 (Up) Verify VLT is up.
PVST+ Configuration PVST+ is supported in a VLT domain. Before you configure VLT on peer switches, configure PVST+ in the network. PVST+ is required for initial loop prevention during the VLT startup phase. You may also use PVST+ for loop prevention in the network outside of the VLT port channel. Run PVST+ on both VLT peer switches. PVST+ instance will be created for every VLAN configured in the system.
eVLT Configuration Example The following example demonstrates the steps to configure enhanced VLT (eVLT) in a network. In this example, you are configuring two domains. Domain 1 consists of Peer 1 and Peer 2; Domain 2 consists of Peer 3 and Peer 4, as shown in the following example. In Domain 1, configure Peer 1 fist, then configure Peer 2. When that is complete, perform the same steps for the peer nodes in Domain 2. The interface used in this example is TenGigabitEthernet. Figure 121.
Next, configure the VLT domain and VLTi on Peer 2. Domain_1_Peer2#configure Domain_1_Peer2(conf)#interface port-channel 1 Domain_1_Peer2(conf-if-po-1)# channel-member TenGigabitEthernet 1/8-9/1 Domain_1_Peer2(conf) #vlt domain Domain_1_Peer2(conf-vlt-domain)# Domain_1_Peer2(conf-vlt-domain)# Domain_1_Peer2(conf-vlt-domain)# Domain_1_Peer2(conf-vlt-domain)# 1000 peer-link port-channel 1 back-up destination 10.16.130.12 system-mac mac-address 00:0a:00:0a:00:0a unit-id 1 Configure eVLT on Peer 2.
Domain_2_Peer4(conf-vlt-domain)# system-mac mac-address 00:0b:00:0b:00:0b Domain_2_Peer4(conf-vlt-domain)# unit-id 1 Configure eVLT on Peer 4. Domain_2_Peer4(conf)#interface port-channel 100 Domain_2_Peer4(conf-if-po-100)# switchport Domain_2_Peer4(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_2_Peer4(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 4.
Verifying a VLT Configuration To monitor the operation or verify the configuration of a VLT domain, use any of the following show commands on the primary and secondary VLT switches. • Display information on backup link operation. EXEC mode • show vlt backup-link Display general status information about VLT domains currently configured on the switch.
HeartBeat Timeout: UDP Port: HeartBeat Messages Sent: HeartBeat Messages Received: 3 34998 1026 1025 Dell_VLTpeer2# show vlt backup-link VLT Backup Link ----------------Destination: Peer HeartBeat status: HeartBeat Timer Interval: HeartBeat Timeout: UDP Port: HeartBeat Messages Sent: HeartBeat Messages Received: 10.11.200.20 Up 1 3 34998 1030 1014 The following example shows the show vlt brief command.
The following example shows the show vlt role command.
Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ---------- -------- ---- ------- --------- ------- -----------------Po 1 128.2 128 200000 DIS 800 4096 0001.e88a.d656 128.2 Po 3 128.4 128 200000 DIS 800 4096 0001.e88a.d656 128.4 Po 4 128.5 128 200000 DIS 800 4096 0001.e88a.d656 128.5 Po 100 128.101 128 800 FWD(VLTi) 800 0 0001.e88a.dff8 128.101 Po 110 128.111 128 00 FWD(vlt) 800 4096 0001.e88a.d656 128.111 Po 111 128.112 128 200000 DIS(vlt) 800 4096 0001.e88a.d656 128.
Configure the port channel to an attached device. Dell_VLTpeer1(conf)#interface port-channel 110 Dell_VLTpeer1(conf-if-po-110)#no ip address Dell_VLTpeer1(conf-if-po-110)#switchport Dell_VLTpeer1(conf-if-po-110)#channel-member fortyGigE 1/8 Dell_VLTpeer1(conf-if-po-110)#no shutdown Dell_VLTpeer1(conf-if-po-110)#vlt-peer-lag port-channel 110 Dell_VLTpeer1(conf-if-po-110)#end Verify that the port channels used in the VLT domain are assigned to the same VLAN.
G - GVRP tagged, M - Vlan-stack, H - Hyperpull tagged NUM Status Description Q Ports 10 Active U Po110(Fo 1/12) T Po100(Fo 1/9,10) Verifying a Port-Channel Connection to a VLT Domain (From an Attached Access Switch) On an access device, verify the port-channel connection to a VLT domain.
Description Behavior at Peer Up Behavior During Run Time Action to Take System MAC mismatch A syslog error message and an SNMP trap are generated. A syslog error message and an SNMP trap are generated. Verify that the unit ID of VLT peers is not the same on both units and that the MAC address is the same on both units. Unit ID mismatch The VLT peer does not boot up. The VLTi is forced to a down state. The VLT peer does not boot up. The VLTi is forced to a down state.
The association of PVLAN with the VLT LAG must also be identical. After the VLT LAG is configured to be a member of either the primary or secondary PVLAN (which is associated with the primary), ICL becomes an automatic member of that PVLAN on both switches. This association helps the PVLAN data flow received on one VLT peer for a VLT LAG to be transmitted on that VLT LAG from the peer. You can associate either a VLT VLAN or a VLT LAG to a PVLAN.
The PVLAN mode of VLT LAGs on one peer is validated against the PVLAN mode of VLT LAGs on the other peer. MAC addresses that are learned on that VLT LAG are synchronized between the peers only if the PVLAN mode on both the peers is identical. For example, if the MAC address is learned on a VLT LAG and the VLAN is a primary VLT VLAN on one peer and not a primary VLT VLAN on the other peer, MAC synchronization does not occur.
Table 79.
VLT LAG Mode PVLAN Mode of VLT VLAN Peer1 Peer2 Peer1 Peer2 Trunk Access Primary/Normal Secondary ICL VLAN Membership Mac Synchronization No No Configuring a VLT VLAN or LAG in a PVLAN You can configure the VLT peers or nodes in a private VLAN (PVLAN). Because the VLT LAG interfaces are terminated on two different nodes, PVLAN configuration of VLT VLANs and VLT LAGs are symmetrical and identical on both the VLT peers. PVLANs provide Layer 2 isolation between ports within the same VLAN.
8. (Optional) To configure a VLT LAG, enter the VLAN ID number of the VLAN where the VLT forwards packets received on the VLTi from an adjacent peer that is down. VLT DOMAIN CONFIGURATION mode peer-link port-channel id-number peer-down-vlan vlan interface number The range is from 1 to 4094. Associating the VLT LAG or VLT VLAN in a PVLAN 1. Access INTERFACE mode for the port that you want to assign to a PVLAN. CONFIGURATION mode interface interface 2. Enable the port. INTERFACE mode no shutdown 3.
Proxy ARP Capability on VLT Peer Nodes The proxy ARP functionality is supported on VLT peer nodes. A proxy ARP-enabled device answers the ARP requests that are destined for another host or router. The local host forwards the traffic to the proxy ARP-enabled device, which in turn transmits the packets to the destination. By default, proxy ARP is enabled. To disable proxy ARP, use the no proxy-arp command in the interface mode. To re-enable proxy ARP, use the ip proxy-arp command in INTERFACE mode.
When a VLT node detects peer up, it will not perform proxy ARP for the peer IP addresses. IP address synchronization occurs again between the VLT peers. Proxy ARP is enabled only if peer routing is enabled on both the VLT peers. If you disable peer routing by using the no peerroutingcommand in VLT DOMAIN node, a notification is sent to the VLT peer to disable the proxy ARP.
Configuring VLAN-Stack over VLT To configure VLAN-stack over VLT, follow these steps. 1. Configure the VLT LAG as VLAN-stack access or trunk mode on both the peers. INTERFACE PORT-CHANNEL mode vlan-stack {access | trunk} 2. Configure VLAN as VLAN-stack compatible on both the peers. INTERFACE VLAN mode vlan-stack compatible 3. Add the VLT LAG as a member to the VLAN-stack on both the peers. INTERFACE VLAN mode member port-channel port—channel ID 4. Verify the VLAN-stack configurations.
no shutdown Dell# Dell(conf)#interface port-channel 20 Dell(conf-if-po-20)#switchport Dell(conf-if-po-20)#vlt-peer-lag port-channel 20 Dell(conf-if-po-20)#vlan-stack trunk Dell(conf-if-po-20)#no shutdown Dell#show running-config interface port-channel 20 ! interface Port-channel 20 no ip address switchport vlan-stack trunk vlt-peer-lag port-channel 20 no shutdown Dell# Configure VLAN as VLAN-Stack VLAN and add the VLT LAG as Members to the VLAN Dell(conf)#interface vlan 50 Dell(conf-if-vl-50)#vlan-stack com
back-up destination 10.16.151.
NUM 50 Status Active Description Dell# 834 Virtual Link Trunking (VLT) Q M M V Ports Po10(Te 1/8/1) Po20(Te 1/20/1) Po1(Te 1/30-32/1)
55 Virtual Extensible LAN (VXLAN) Virtual Extensible LAN (VXLAN) is supported on Dell Networking OS. Overview S6000 device acts as the VXLAN gateway and performs the VXLAN Tunnel End Point (VTEP) functionality. VXLAN is a technology where in the data traffic from the virtualized servers is transparently transported over an existing legacy network. Components of VXLAN network VXLAN provides a mechanism to extend an L2 network over an L3 network.
• Service Node (SN) • Legacy TOR Network Virtualization Platform (NVP) Controller NVP Controller is the network controller for managing cloud components. The OVSDB protocol is the protocol used for communication between VTEPs and the controller. In the current release, the qualified controller for the VXLAN Gateway function is NSX-from VMWare. The top-level functions of NVP are: • Provide a GUI for creating service gateways. • Manage the VTEPs.
• The S6000 VTEP acts according to the TOR schema defined by VMWare. The solution is very specific to VMWare-based orchestration platforms and does not work with other orchestration platforms. VXLAN Frame Format VXLAN provides a mechanism to extend an L2 network over an L3 network. In short, VXLAN is an L2 overlay scheme over an L3 network and this overlay is termed as a VXLAN segment. VMs within the same VXLAN segment communicate with each other through a 24–bit ID called VXLAN Network Identifier (VNI).
VXLAN Header : Frame Check Sequence (FCS): • VXLAN Port : IANA-assigned VXLAN Port (4789). • UDP Checksum: The UDP checksum field is transmitted as zero. When a packet is received with a UDP checksum of zero, it is accepted for decapsulation. • VXLAN Flags : Reserved bits set to zero except bit 3, the first bit, which is set to 1 for a valid VNI • VNI: The 24-bit field that is the VXLAN Network Identifier • Reserved: A set of fields, 24 bits and 8 bits, that are reserved and set to zero .
2. Create Service Node To create service node, the required fields are the IP address and SSL certificate of the server. The Service node is responsible for broadcast/unknown unicast/multicast traffic replication. The following is the snapshot of the user interface for the creation of service node: 3. Create VXLAN Gateway To create a VXLAN L2 Gateway, the IP address of the Gateway is mandatory. The following is the snapshot of the user interface in creating a VXLAN Gateway 4.
5. Create Logical Switch Port A logical switch port provides a logical connection point for a VM interface (VIF) and a L2 gateway connection to an external network. It binds the virtual access ports in the GW to logical network (VXLAN) and VLAN. NOTE: For more details about NVP controller configuration, refer to the NVP user guide from VMWare . Configuring VxLAN Gateway To configure the VxLAN gateway on the S6000 platform, follow these steps: 1. Connecting to NVP controller 2.
VxLAN INSTANCE mode gateway-ip IP address 5. max-back off (Optional) VxLAN INSTANCE mode max_backoff time The range is from 1000-180000. The default value is 30000 milliseconds. 6. fail-mode (Optional) VxLAN INSTANCE mode fail-mode secure If the local VTEP loses connectivity with the controller, it will delete all its database and hardware flows/resources. 7.
Port : Fo 1/12 Vlan : 100 Rx Packets : 13 Rx Bytes : 1317 Tx Packets : 13 Tx Bytes : 1321 The following example shows the show vxlan vxlan-instance physical-locator command. Dell#show vxlan vxlan-instance 1 physical-locator Instance : 1 Tunnel : count 1 36.1.1.1 : vxlan_over_ipv4 (up) The following example shows the show vxlan vxlan-instance unicast-mac-local command. The following example shows the show vxlan vxlan-instance unicast-mac-remote command.
Port : Fo 0/124 Vlan : 100 Rx Packets : 13 Rx Bytes : 1317 Tx Packets : 13 Tx Bytes : 1321 The following example shows the show vxlan vxlan-instance physical-locator command. Dell#show vxlan vxlan-instance 1 physical-locator Instance : 1 Tunnel : count 1 36.1.1.1 : vxlan_over_ipv4 (up) The following example shows the show vxlan vxlan-instance unicast-mac-local command.
56 Virtual Routing and Forwarding (VRF) Virtual Routing and Forwarding (VRF) allows a physical router to partition itself into multiple Virtual Routers (VRs). The control and data plane are isolated in each VR so that traffic does NOT flow across VRs.Virtual Routing and Forwarding (VRF) allows multiple instances of a routing table to co-exist within the same router at the same time. VRF Overview VRF improves functionality by allowing network paths to be segmented without using multiple devices.
Figure 122. VRF Network Example VRF Configuration Notes Although there is no restriction on the number of VLANs that can be assigned to a VRF instance, the total number of routes supported in VRF is limited by the size of the IPv4 CAM. VRF is implemented in a network device by using Forwarding Information Bases (FIBs). A network device may have the ability to configure different virtual routers, where entries in the FIB that belong to one VRF cannot be accessed by another VRF on the same device.
Table 80. Feature/Capability Support Status for Default VRF Support Status for Non-default VRF Configuration rollback for commands introduced or modified Yes No LLDP protocol on the port Yes No 802.
Feature/Capability Support Status for Default VRF Support Status for Non-default VRF sFlow Yes No VRRP on physical and logical interfaces Yes Yes VRRPV3 Yes Yes Secondary IP Addresses Yes No Following IPv6 capabilities No Basic Yes No OSPFv3 Yes Yes IS-IS Yes Yes BGP Yes Yes ACL Yes No Multicast Yes No NDP Yes Yes RAD Yes Yes Ingress/Egress Storm-Control (perinterface/global) Yes No DHCP DHCP requests are not forwarded across VRF instances.
Creating a Non-Default VRF Instance VRF is enabled by default on the switch and supports up to 64 VRF instances: 1 to 63 and the default VRF (0). Task Command Syntax Command Mode Create a non-default VRF instance by specifying a name and VRF ID number, and enter VRF configuration mode.
Task Command Syntax Command Mode instances (including the default VRF 0), do not enter a value for vrf-name. Assigning an OSPF Process to a VRF Instance OSPF routes are supported on all VRF instances. Refer to for complete OSPF configuration information. Assign an OSPF process to a VRF instance . Return to CONFIGURATION mode to enable the OSPF process. The OSPF Process ID is the identifying number assigned to the OSPF process, and the Router ID is the IP address associated with the OSPF process.
Task Command Syntax Command Mode AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 43, Gratuitous ARP sent: 0 Virtual MAC address: 00:00:5e:00:01:0a Virtual IP address: 10.1.1.100 Authentication: (none) Configuring Management VRF You can assign a management interface to a management VRF. Task Command Syntax Command Mode Create a management VRF. ip vrf management CONFIGURATION Assign a management port to a management VRF.
Figure 123.
Figure 124. Setup VRF Interfaces The following example relates to the configuration shown in Figure1 and Figure 2. Router 1 ip vrf blue 1 ! ip vrf orange 2 ! ip vrf green 3 ! interface TenGigabitEthernet no ip address switchport no shutdown ! interface TenGigabitEthernet ip vrf forwarding blue ip address 10.0.0.1/24 no shutdown ! interface TenGigabitEthernet ip vrf forwarding orange ip address 20.0.0.
ip vrf forwarding green ip address 30.0.0.1/24 no shutdown ! interface Vlan 128 ip vrf forwarding blue ip address 1.0.0.1/24 tagged TenGigabitEthernet 3/1/1 no shutdown ! interface Vlan 192 ip vrf forwarding orange ip address 2.0.0.1/24 tagged TenGigabitEthernet 3/1/1 no shutdown ! interface Vlan 256 ip vrf forwarding green ip address 3.0.0.1/24 tagged TenGigabitEthernet 3/1/1 no shutdown ! router ospf 1 vrf blue router-id 1.0.0.1 network 1.0.0.0/24 area 0 network 10.0.0.
ip vrf forwarding blue ip address 1.0.0.2/24 tagged TenGigabitEthernet 3/1/1 no shutdown interface Vlan 192 ip vrf forwarding orange ip address 2.0.0.2/24 tagged TenGigabitEthernet 3/1/1 no shutdown ! interface Vlan 256 ip vrf forwarding green ip address 3.0.0.2/24 tagged TenGigabitEthernet 3/1/1 no shutdown ! router ospf 1 vrf blue router-id 1.0.0.2 network 11.0.0.0/24 area 0 network 1.0.0.0/24 area 0 passive-interface TenGigabitEthernet 2/1/1 ! router ospf 2 vrf orange router-id 2.0.0.2 network 21.0.0.
L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set C C O Destination ----------1.0.0.0/24 10.0.0.0/24 11.0.0.0/24 Gateway ------Direct, Vl 128 Direct, Te 1/1/1 via 1.0.0.
Dell#show ip ospf 1 neighbor Neighbor ID Pri 1.0.0.1 1 FULL/BDR ! Dell#sh ip ospf 2 neighbor Neighbor ID Pri 2.0.0.1 1 FULL/BDR ! Dell#show ip route vrf blue State Dead Time 00:00:36 Address 1.0.0.1 Interface Vl 128 Area State Dead Time 00:00:33 Address 2.0.0.
Route Leaking VRFs Static routes can be used to redistribute routes between non-default to default/non-default VRF and vice-versa. You can configure route leaking between two VRFs using the following command: ip route vrf x.x.x.x s.s.s.s nh.nh.nh.nh vrf default. This command indicates that packets that are destined to x.x.x.x/s.s.s.s are reachable through nh.nh.nh.nh in the default VRF table. Meaning, the routes to x.x.x.x/s.s.s.
purpose, routes corresponding VRF-Shared routes are leaked to only VRF-Red and VRF-Blue. And for reply, routes corresponding to VRF-Red and VRF-Blue are leaked to VRF-Shared. For leaking the routes from VRF-Shared to VRF-Red and VRF-Blue, you can configure route-export tag on VRF-shared (source VRF, who is exporting the routes); the same route-export tag value should be configured on VRF-Red and VRF-blue as route-import tag (target VRF, that is importing the routes).
Dell# show ip route vrf VRF-Green O 33.3.3.3/32 via 133.3.3.3 00:00:11 C 133.3.3.0/24 110/0 Direct, Te 1/13/1 0/0 22:39:61 Dell# show ip route vrf VRF-Shared O 44.4.4.4/32 via 144.4.4.4 110/0 00:00:11 C 144.4.4.0/24 Direct, Te 1/4/1 0/0 00:32:36 Show routing tables of VRFs( after route-export and route-import tags are configured). Dell# show ip route vrf VRF-Red O C O C 11.1.1.1/32 111.1.1.0/24 44.4.4.4/32 144.4.4.0/24 via 111.1.1.
• IPv6 link local routes will never be leaked from one VRF to another. Configuring Route Leaking with Filtering When you initalize route leaking from one VRF to another, all the routes are exposed to the target VRF. If the size of the source VRF's RTM is considerablly large, an import operation results in the duplication of the target VRF's RTM with the source RTM entries.
The show run output for the above configuration is as follows: ip vrf vrf-Red ip route-export 1:1 export_ospfbgp_protocol ip route-import 2:2 ! this action exports only the OSPF and BGP routes to other VRFs ! ip vrf vrf-Blue ip route-export 2:2 ip route-import 1:1 import_ospf_protocol !this action accepts only OSPF routes from VRF-red even though both OSPF as well as BGP routes are shared The show VRF commands displays the following output: Dell# show ip route vrf VRF-Blue C 122.2.2.
57 Virtual Router Redundancy Protocol (VRRP) Virtual router redundancy protocol (VRRP) is supported on Dell Networking OS. VRRP Overview VRRP is designed to eliminate a single point of failure in a statically routed network. VRRP specifies a MASTER router that owns the next hop IP and MAC address for end stations on a local area network (LAN). The MASTER router is chosen from the virtual routers by an election process and forwards packets sent to the next hop IP address.
Figure 125. Basic VRRP Configuration VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End-station connections to the network are redundant and are not dependent on internal gateway protocol (IGP) protocols to converge or update routing tables. VRRP Implementation Within a single VRRP group, up to 12 virtual IP addresses are supported.
Configuration Task List The following list specifies the configuration tasks for VRRP.
• VRRPv3 as defined in RFC 5798, Virtual Router Redundancy Protocol (VRRP) Version 3 for IPv4 and IPv6 You can also migrate a IPv4 group from VRRPv2 to VRRP3. To configure the VRRP version for IPv4, use the version command in INTERFACE mode. Example: Configuring VRRP to Use Version 3 The following example configures the IPv4 VRRP 100 group to use VRRP protocol version 3.
• • – For example, an interface (on which you enable VRRP) contains a primary IP address of 50.1.1.1/24 and a secondary IP address of 60.1.1.1/24. The VRRP group (VRID 1) must contain virtual addresses belonging to either subnet 50.1.1.0/24 or subnet 60.1.1.0/24, but not from both subnets (though Dell Networking OS allows the same). If the virtual IP address and the interface’s primary/secondary IP address are the same, the priority on that VRRP group MUST be set to 255.
TenGigabitEthernet 1/2/1, VRID: 111, Net: 10.10.2.1 State: Master, Priority: 100, Master: 10.10.2.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 27, Gratuitous ARP sent: 2 Virtual MAC address: 00:00:5e:00:01:6f Virtual IP address: 10.10.2.2 10.10.2.3 Authentication: When the VRRP process completes its initialization, the State field contains either Master or Backup.
NOTE: You must configure all virtual routers in the VRRP group the same: you must enable authentication with the same password or authentication is disabled. To configure simple authentication, use the following command. • Configure a simple text password. INTERFACE-VRID mode authentication-type simple [encryption-type] password Parameters: – encryption-type: 0 indicates unencrypted; 7 indicates encrypted. – password: plain text.
vrrp-group 111 authentication-type simple 7 387a7f2df5969da4 no preempt priority 255 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.3 virtual-address 10.10.10.10 Changing the Advertisement Interval By default, the MASTER router transmits a VRRP advertisement to all members of the VRRP group every one second, indicating it is operational and is the MASTER router.
no preempt priority 255 virtual-address virtual-address virtual-address virtual-address 10.10.10.1 10.10.10.2 10.10.10.3 10.10.10.10 Track an Interface or Object You can set Dell Networking OS to monitor the state of any interface according to the virtual group. Each VRRP group can track up to 12 interfaces and up to 20 additional objects, which may affect the priority of the VRRP group. If the tracked interface goes down, the VRRP group’s priority decreases by a default value of 10 (also known as cost).
show vrrp • (Optional) Display the configuration of tracked objects in VRRP groups on a specified interface. EXEC mode or EXEC Privilege mode show running-config interface interface Examples of Configuring and Viewing the track Command The following example shows how to configure tracking using the track command. Dell(conf-if-te-1/1/1)#vrrp-group 111 Dell(conf-if-te-1/1/1-vrid-111)#track Tengigabitethernet 1/2/1 The following example shows how to verify tracking using the show conf command.
The following example shows verifying the VRRP configuration on an interface. Dell#show running-config interface tengigabitethernet 1/8/1 interface TenGigabitEthernet 1/8/1 no ip address ipv6 address 2007::30/64 vrrp-ipv6-group 1 track 2 priority-cost 20 track 3 priority-cost 30 virtual-address 2007::1 virtual-address fe80::1 no shutdown Setting VRRP Initialization Delay When configured, VRRP is enabled immediately upon system reload or boot.
Sample Configurations Before you set up VRRP, review the following sample configurations. VRRP for an IPv4 Configuration The following configuration shows how to enable IPv4 VRRP. This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes.
R2(conf-if-te-2/31/1-vrid-99)#priority 200 R2(conf-if-te-2/31/1-vrid-99)#virtual 10.1.1.3 R2(conf-if-te-2/31/1-vrid-99)#no shut R2(conf-if-te-2/31/1)#show conf ! interface TenGigabitEthernet 2/31/1 ip address 10.1.1.1/24 ! vrrp-group 99 priority 200 virtual-address 10.1.1.3 no shutdown R2(conf-if-te-2/31/1)#end R2#show vrrp -----------------TenGigabitEthernet 2/31/1, VRID: 99, Net: 10.1.1.1 State: Master, Priority: 200, Master: 10.1.1.
Figure 127. VRRP for an IPv6 Configuration NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be MASTER even if one of two routers has a higher IP or IPv6 address. The following example shows configuring VRRP for IPv6 Router 2 and Router 3. Configure a virtual link local (fe80) address for each VRRPv3 group created for an interface.
R2(conf-if-te-1/1/1-vrid-10)#virtual-address fe80::10 R2(conf-if-te-1/1/1-vrid-10)#virtual-address 1::10 R2(conf-if-te-1/1/1-vrid-10)#no shutdown R2(conf-if-te-1/1/1)#show config interface TenGigabitEthernet 1/1/1 ipv6 address 1::1/64 vrrp-group 10 priority 100 virtual-address fe80::10 virtual-address 1::10 no shutdown R2(conf-if-te-1/1/1)#end R2#show vrrp -----------------TenGigabitEthernet 1/1/1, IPv6 VRID: 10, Version: 3, Net:fe80::201:e8ff:fe6a:c59f VRF: 0 default-vrf State: Master, Priority: 100, Maste
VRRP in a VRF: Non-VLAN Scenario The following example shows how to enable VRRP in a non-VLAN. The following example shows a typical use case in which you create three virtualized overlay networks by configuring three VRFs in two E-Series switches. The default gateway to reach the internet in each VRF is a static route with the next hop being the virtual IP address configured in VRRP. In this scenario, a single VLAN is associated with each VRF.
S1(conf)#interface TenGigabitEthernet 1/1/1 S1(conf-if-te-1/1/1)#ip vrf forwarding VRF-1 S1(conf-if-te-1/1/1)#ip address 10.10.1.5/24 S1(conf-if-te-1/1/1)#vrrp-group 11 % Info: The VRID used by the VRRP group 11 in S1(conf-if-te-1/1/1-vrid-101)#priority 100 S1(conf-if-te-1/1/1-vrid-101)#virtual-address S1(conf-if-te-1/1/1)#no shutdown ! S1(conf)#interface TenGigabitEthernet 1/2/1 S1(conf-if-te-1/2/1)#ip vrf forwarding VRF-2 S1(conf-if-te-1/2/1)#ip address 10.10.1.
S2(conf-if-te-1/3/1)#ip vrf forwarding VRF-3 S2(conf-if-te-1/3/1)#ip address 20.1.1.6/24 S2(conf-if-te-1/3/1)#vrrp-group 15 % Info: The VRID used by the VRRP group 15 in VRF 3 will be 243. S2(conf-if-te-1/3/1-vrid-105)#priority 100 S2(conf-if-te-1/3/1-vrid-105)#virtual-address 20.1.1.5 S2(conf-if-te-1/3/1)#no shutdown VLAN Scenario In another scenario, to connect to the LAN, VRF-1, VRF-2, and VRF-3 use a single physical interface with multiple tagged VLANs (instead of separate physical interfaces).
VRF: 1 vrf1 State: Master, Priority: 100, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 278, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:01 Virtual IP address: 10.1.1.100 Authentication: (none) Dell#show vrrp vrf vrf2 port-channel 1 -----------------Port-channel 1, IPv4 VRID: 1, Version: 2, Net: 10.1.1.1 VRF: 2 vrf2 State: Master, Priority: 100, Master: 10.1.1.
VRF: 1 vrf1 State: Master, Priority: 100, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 278, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:01 Virtual IP address: 10.1.1.100 Authentication: (none) Vlan 400, IPv4 VRID: 10, Version: 2, Net: 20.1.1.2 VRF: 1 vrf1 State: Backup, Priority: 90, Master: 20.1.1.
Figure 129. VRRP for IPv6 Topology NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be master even if one of two routers has a higher IP or IPv6 address.
NOTE: The virtual IPv6 address you configure should be the same as the IPv6 subnet to which the interface belongs.
Virtual MAC address: 00:00:5e:00:02:ff Virtual IP address: 10:1:1::255 fe80::255 Dell#show vrrp tengigabitethernet 2/8/1 TenGigabitEthernet 2/8/1, IPv6 VRID: 255, Version: 3, Net: fe80::201:e8ff:fe8a:e9ed VRF: 0 default State: Master, Priority: 110, Master: fe80::201:e8ff:fe8a:e9ed (local) Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept Mode: FALSE, Master AdvInt: 100 centisec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 120 Virtual MAC address: 00:00:5e:00:02:ff Virtual IP address: 10:1:1::25
58 S-Series Debugging and Diagnostics This chapter describes debugging and diagnostics for the device. Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostics tests are grouped into three levels: • • • Level 0 — Level 0 diagnostics check for the presence of various components and perform essential path verifications. In addition, Level 0 diagnostics verify the identification registers of the components on the board.
3. Start diagnostics on the unit. diag stack-unit stack-unit-number When the tests are complete, the system displays the following message and automatically reboots the unit. Dell#00:09:42 : Diagnostic test results are stored on file: flash:/TestReport-SU-0.txt Diags completed... Rebooting the system now!!! Mar 12 10:40:35: %S6000:0 %DIAGAGT-6-DA_DIAG_DONE: Diags finished on stack unit 0 Diagnostic results are printed to a file in the flash using the filename format TestReport-SU-.txt.
The following example shows the diag command (standalone unit). Dell#diag stack-unit 1 level0 Warning - diagnostic execution will cause multiple link flaps on the peer side - advisable to shut directly connected ports Proceed with Diags [confirm yes/no]: yes Dell#Dec 15 04:14:07: %S4820:0 %DIAGAGT-6-DA_DIAG_STARTED: Starting diags on stack unit 1 00:12:10 : System may take additional time for Driver Init. 00:12:10 : Approximate time to complete the Diags ...
Test 5.001 - Psu1 Status Monitor Test ............................... NOT PRESENT Test 5 - Psu Status Monitor Test .................................... NOT PRESENT Test 6.000 - Psu0 Fan Speed Monitor Test ............................ PASS diagS6000IsPsuGood[954]: ERROR: Psu:1, Power supply is not present. Test 6.001 - Psu1 Fan Speed Monitor Test ............................ NOT PRESENT Test 6 - Psu Fan Speed Monitor Test ................................. NOT PRESENT Test 7.
Test 18 - CFast Presence Test ....................................... PASS Test 19 - Management Phy Presence Test .............................. PASS Configuring 104 10GbE Ports on the S6000 Platform The capability to configure up to 104 10-Gigabit Ethernet ports is supported on the S6000 platform. Starting with Dell Networking OS version 9.4(0.0), you can configure a maximum of 104 10G ports on an S6000 switch.
• To view the disabled ports, you can use thedisabled-ports keyword with the show system stack-unit 0 command. • Before you configure the last available port in Quad mode, you are prompted to confirm whether you want to configure the port Fanout mode, as shown in the following example. Dell(conf)#stack-unit 0 port 0 portmode quad Maximum number of ports that can be made Quad mode in the range <0-63> is configured. Ports 12,16,60, will be disabled on reload.
UserPort PortNumber Ingress Drops 0 1 0 4 5 0 8 9 0 12 13 0 16 17 0 20 21 0 24 25 0 28 29 0 32 33 0 36 37 0 40 41 0 44 45 0 48 49 0 52 50 0 56 51 0 60 52 0 64 53 0 68 57 0 72 61 0 76 65 0 80 69 0 84 73 0 88 77 0 92 81 0 96 85 0 100 89 0 104 93 0 108 97 0 112 101 0 116 102 0 12 103 0 1 104 0 IngMac Drops 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Total Mmu Drops 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 EgMac Drops Egress Drops 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
Enabling Environmental Monitoring The device components use environmental monitoring hardware to detect transmit power readings, receive power readings, and temperature updates. To receive periodic power updates, you must enable the following command. • Enable environmental monitoring.
NOTE: Exercise care when removing a card; if it has exceeded the major or shutdown thresholds, the card could be hot to the touch. Recognize an Under-Voltage Condition If the system detects an under-voltage condition, it sends an alarm. To recognize this condition, look for the following system message: %CHMGR-1-CARD_SHUTDOWN: Major alarm: Line card 2 down - auto-shutdown due to under voltage. This message indicates that the specified card is not receiving enough power.
Buffer Tuning Buffer tuning allows you to modify the way your switch allocates buffers from its available memory and helps prevent packet drops during a temporary burst of traffic. The S-Series application-specific integrated circuit (ASICs) implement the key functions of queuing, feature lookups, and forwarding lookups in hardware.
Figure 131. Buffer Tuning Points Deciding to Tune Buffers Dell Networking recommends exercising caution when configuring any non-default buffer settings, as tuning can significantly affect system performance. The default values work for most cases. As a guideline, consider tuning buffers if traffic is bursty (and coming from several interfaces). In this case: • Reduce the dedicated buffer on all queues/interfaces. • Increase the dynamic buffer on all interfaces.
buffer dynamic • Change the number of packet-pointers per queue. BUFFER PROFILE mode buffer packet-pointers • Apply the buffer profile to a line card. CONFIGURATION mode buffer fp-uplink linecard • Apply the buffer profile to a CSF to FP link.
The following example shows viewing the buffer profile allocations. Dell#show running-config interface tengigabitethernet 2/1/1 ! interface TenGigabitEthernet 2/1/1 no ip address mtu 9252 switchport no shutdown buffer-policy myfsbufferprofile The following example shows viewing the default buffer profile on an interface. Dell#show buffer-profile detail interface tengigabitethernet 1/10/1 Interface Te 1/10/1 Buffer-profile fsqueue-fp Dynamic buffer 1256.
Similarly, when you configure buffer-profile global, you cannot not apply a buffer profile on any single interface. A message similar to the following displays: % Error: Global pre-defined buffer profile already applied. Failed to apply user-defined buffer profile on interface Te 1/1/1. Please remove global pre-defined buffer profile. To apply a predefined buffer profile, use the following command. • Apply one of the pre-defined buffer profiles for all port pipes in the system.
• • • • clear clear clear clear hardware hardware hardware hardware stack-unit stack-unit stack-unit stack-unit stack-unit-number stack-unit-number stack-unit-number stack-unit-number unit 0-1 counters cpu data-plane statistics cpu party-bus statistics stack-port 48-51 Displaying Drop Counters To display drop counters, use the following commands. • • Identify which stack unit, port pipe, and port is experiencing internal drops.
20 0 21 0 22 0 23 0 24 0 25 0 26 0 27 0 28 0 29 0 30 0 31 0 32 0 33 0 34 0 35 0 36 0 37 0 38 0 39 0 40 0 41 0 42 0 43 0 44 0 45 0 46 0 47 0 48 0 49 0 49 0 49 0 49 0 52 0 52 900 20 0 21 0 22 0 23 0 24 0 25 0 26 0 27 0 28 0 29 0 30 0 31 0 32 0 33 0 34 0 35 0 36 0 37 0 38 0 39 0 40 0 41 0 42 0 43 0 44 0 45 0 46 0 47 0 48 0 49 0 50 0 51 0 52 0 61 0 62 S-Series Debugging and Diagnostics 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 52 0 52 0 53 0 53 0 53 0 53 0 54/1 0 54/2 0 54/3 0 54/4 0 Internal 0 Internal 0 0 63 0 64 0 65 0 66 0 67 0 68 0 69 0 70 0 71 0 72 0 53 0 57 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 4659499 0 0 Dell#show hardware stack-unit 1 drops unit 0 port 1 Drops in UserPort 1: --- Ingress Drops --Ingress Drops IBP CBP Full Drops PortSTPnotFwd Drops IPv4 L3 Discards Policy Discards Packets dropped by FP (L2+L3) Drops Port bitmap z
TTL Threshold Drops INVALID VLAN CNTR Drops L2MC Drops PKT Drops of ANY Conditions Hg MacUnderflow TX Err PKT Counter --- Error counters--Internal Mac Transmit Errors Unknown Opcodes Internal Mac Receive Errors : : : : : : 0 0 0 0 0 0 : 0 : 0 : 0 Dataplane Statistics The show hardware stack-unit cpu data-plane statistics command provides insight into the packet types coming to the CPU.
0 dropped, 0 errors Output Statistics: 1649566 packets, 1935316203 bytes 0 errors Display Stack Port Statistics The show hardware stack-unit stack-port command displays input and output statistics for a stack-port interface.
To enable full application core dumps, use the following command. • Enable RPM core dumps and specify the Shutdown mode. CONFIGURATION mode logging coredump server To undo this command, use the no logging coredump server command. Mini Core Dumps Dell Networking OS supports mini core dumps on the application and kernel crashes. The mini core dump applies to Master, Standby, and Member units. Application and kernel mini core dumps are always enabled.
--------------------FREE MEMORY--------------uvmexp.free = 0x2312 Enabling TCP Dumps A TCP dump captures CPU-bound control plane traffic to improve troubleshooting and system manageability. When you enable TCP dump, it captures all the packets on the local CPU, as specified in the CLI. You can save the traffic capture files to flash, FTP, SCP, or TFTP. The files saved on the flash are located in the flash:// TCP_DUMP_DIR/Tcpdump_/ directory and labeled tcpdump_*.pcap.
59 Standards Compliance This chapter describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking Operating System (OS), Dell Networking OS also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website. Click “Browse and search IETF documents,” enter an RFC number, and inspect the top of the resulting document for obsolescence citations to related RFCs.
RFC and I-D Compliance Dell Networking OS supports the following standards. The standards are grouped by related protocol. The columns showing support by platform indicate which version of Dell Networking OS first supports the standard. General Internet Protocols The following table lists the Dell Networking OS support per platform for general internet protocols. Table 84. General Internet Protocols RFC# Full Name S-Series 768 User Datagram Protocol 7.6.1 793 Transmission Control Protocol 7.6.
RFC# Full Name S-Series 1042 A Standard for the Transmission of IP Datagrams 7.6.1 over IEEE 802 Networks 1191 Path MTU Discovery 1305 Network Time Protocol (Version 3) Specification, 7.6.1 Implementation and Analysis 1519 Classless Inter-Domain Routing (CIDR): an Address Assignment and Aggregation Strategy 7.6.1 1542 Clarifications and Extensions for the Bootstrap Protocol 7.6.1 1812 Requirements for IP Version 4 Routers 7.6.1 2131 Dynamic Host Configuration Protocol 7.6.
RFC# Full Name S-Series 4862 IPv6 Stateless Address Autoconfiguration 8.3.12.0 5175 IPv6 Router Advertisement Flags Option 8.3.12.0 Border Gateway Protocol (BGP) The following table lists the Dell Networking OS support per platform for BGP protocols. Table 87. Border Gateway Protocol (BGP) RFC# Full Name S-Series/Z-Series 1997 BGP ComAmtturnibituitees 7.8.1 2385 Protection of BGP Sessions via the TCP MD5 Signature Option 7.8.1 2439 BGP Route Flap Damping 7.8.
Intermediate System to Intermediate System (IS-IS) The following table lists the Dell Networking OS support per platform for IS-IS protocol. Table 89.
Multicast The following table lists the Dell Networking OS support per platform for Multicast protocol. Table 91. Multicast RFC# Full Name S-Series 1112 Host Extensions for IP Multicasting 7.8.1 2236 Internet Group Management Protocol, Version 2 7.8.1 2710 Multicast Listener Discovery (MLD) for IPv6 3376 Internet Group Management Protocol, Version 3 7.8.1 3569 An Overview of Source-Specific Multicast (SSM) 7.8.
RFC# Full Name S4810 1850 OSPF Version 2 Management Information Base 7.6.1 1901 Introduction to Communitybased SNMPv2 7.6.1 2011 SNMPv2 Management 7.6.1 Information Base for the Internet Protocol using SMIv2 2012 SNMPv2 Management Information Base for the Transmission Control Protocol using SMIv2 7.6.1 2013 SNMPv2 Management Information Base for the User Datagram Protocol using SMIv2 7.6.1 2024 Definitions of Managed Objects for Data Link Switching using SMIv2 7.6.
RFC# Full Name S4810 2578 Structure of Management Information Version 2 (SMIv2) 7.6.1 2579 Textual Conventions for SMIv2 7.6.1 2580 Conformance Statements for SMIv2 7.6.1 2618 RADIUS Authentication Client MIB, except the following four counters: 7.6.1 S4820T Z-Series 9.5.(0.0) 9.5.(0.0) radiusAuthClientInvalidServerAdd resses radiusAuthClientMalformedAcce ssResponses radiusAuthClientUnknownTypes radiusAuthClientPacketsDropped 2698 A Two Rate Three Color Marker 9.5.(0.
RFC# Full Name S4810 S4820T Z-Series 3418 Management Information Base (MIB) for the Simple Network Management Protocol (SNMP) 7.6.1 3434 Remote Monitoring MIB Extensions for High Capacity Alarms, High-Capacity Alarm Table (64 bits) 7.6.1 3580 IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines 7.6.
RFC# Full Name S4810 S4820T Z-Series 9.2.(0.0) 9.2.(0.0) interfaces. Used in the Programmatic Interface RESTAPI feature. IEEE 802.1AB Management Information Base module for LLDP configuration, statistics, local system data and remote systems data components. 7.7.1 IEEE 802.1AB The LLDP Management 7.7.1 Information Base extension module for IEEE 802.1 organizationally defined discovery information. (LLDP DOT1 MIB and LLDP DOT3 MIB) IEEE 802.1AB The LLDP Management 7.7.
RFC# Full Name S4810 FORCE10-LINKAGGMIB Force10 Enterprise Link Aggregation MIB 7.6.1 S4820T FORCE10-CHASSIS-MIB Force10 E-Series Enterprise Chassis MIB FORCE10-COPYCONFIG-MIB Force10 File Copy MIB (supporting SNMP SET operation) 7.7.1 FORCE10-MONMIB Force10 Monitoring MIB 7.6.1 FORCE10-PRODUCTSMIB Force10 Product Object Identifier 7.6.1 MIB FORCE10-SS-CHASSIS- Force10 S-Series Enterprise MIB Chassis MIB 7.6.1 FORCE10-SMI Force10 Structure of Management Information 7.6.
