FTOS Configuration Guide for the S6000 System FTOS 9.0.2.
Warnings, Cautions, and Notes WARNING: A WARNING indicates a potential for property damage, personal injury, or death. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. NOTE: A NOTE indicates important information that helps you make better use of your computer. Information in this publication is subject to change without notice. © 2012 Dell Networking. All rights reserved.
1 About this Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Objectives . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Configuration Task List for System Log Management . . . . . . . . . . . . . . . . . . . . . . . .32 Disable System Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32 Send System Messages to a Syslog Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .32 Configure a Unix System as a Syslog Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33 Change System Logging Settings . . . . .
IP Access Control Lists (ACLs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .64 CAM Profiling, CAM Allocation, and CAM Optimization . . . . . . . . . . . . . . . . . . . . . .64 Implementing ACLs on FTOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66 IP Fragment Handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .67 Configure a standard IP ACL . . . . . . . . . . . . . .
www.dell.com | support.dell.com AS Path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Next Hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Multiprotocol BGP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127 Implementing BGP with FTOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Troubleshoot CAM Profiling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207 CAM Profile Mismatches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207 QoS CAM Region Limitation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .207 11 Control Plane Policing (CoPP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209 Overview . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Digital Optical Monitoring (DOM) Details via Command Line Interface and SNMP 244 Recognize an Overtemperature Condition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .254 Troubleshoot an Overtemperature Condition . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255 Recognize an Under-Voltage Condition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .255 Troubleshoot an Under-Voltage Condition . . . . . . . . . . . . . . . . . . . . . . .
Configuration Source Election . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291 Propagation of DCB Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291 Auto-Detection and Manual Configuration of the DCBx Version . . . . . . . . . . . . . . .292 DCBx Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .292 DCBx Prerequisites and Restrictions . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .345 Configuring GVRP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .346 Related Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .347 Enabling GVRP Globally . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Management Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .370 Configure Management Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .370 VLAN Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371 Loopback Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .372 Null Interfaces . . . . . .
www.dell.com | support.dell.com Enabling UDP Helper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .414 Configuring a Broadcast Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .415 Configurations Using UDP Helper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .416 UDP Helper with Broadcast-all Addresses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Default iSCSI Optimization Values . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .448 iSCSI Optimization Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .448 Configuring iSCSI Optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .448 Displaying iSCSI Optimization Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com MAC Learning Limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .500 mac learning-limit dynamic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .502 mac learning-limit mac-address-sticky . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .502 mac learning-limit station-move . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .539 Configuring Multicast Source Discovery Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . .539 Related Configuration Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .539 Enable MSDP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545 Manage the Source-active Cache . . . .
www.dell.com | support.dell.com Multicast with ECMP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .582 Multicast Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .582 IPv4 Multicast Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .583 31 Open Shortest Path First (OSPFv2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
33 PIM Source-Specific Mode (PIM-SSM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 629 Implementation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .631 Important Points to Remember . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .631 Configure PIM-SM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .631 Related Configuration Tasks . . . . . .
www.dell.com | support.dell.com Classify Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .669 Create a QoS Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .671 Create Policy Maps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .673 QoS Rate Adjustment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configuration Task List for AAA Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .718 AAA Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .720 Configuration Task List for AAA Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . .720 AAA Authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .723 Privilege Levels Overview . . . . . . . . . . .
www.dell.com | support.dell.com Rate-limit BPDUs on the S-Series, and Z-Series . . . . . . . . . . . . . . . . . . . . . . . . . .765 Debug Layer 2 Protocol Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .766 Provider Backbone Bridging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .766 43 sFlow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 767 Overview . . . .
Configure storm control from INTERFACE mode . . . . . . . . . . . . . . . . . . . . . . . . . .795 Configure storm control from CONFIGURATION mode . . . . . . . . . . . . . . . . . . . . .796 46 Spanning Tree Protocol (STP). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 797 Protocol Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .797 Configuring Spanning Tree . . . . . . . . . . . . . . . . . . . . . . . . . . .
www.dell.com | support.dell.com Configuration Task List for VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .830 Native VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .834 Enable Null VLAN as the Default VLAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .835 50 Virtual Link Trunking (VLT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 837 Overview . . . .
1 About this Guide Objectives This guide describes the protocols and features supported by the Force10 Operating System (FTOS) and provides configuration instructions and examples for implementing them. It supports the following system platforms: S-Series s, , and Z-Series z, , The S6000 platform is available with FTOS version 9.0 (2.0) Though this guide contains information on protocols, it is not intended to be a complete reference.
www.dell.com | support.dell.com Conventions This document uses the following conventions to describe command syntax: Convention Description keyword Keywords are in bold and should be entered in the CLI as listed. parameter Parameters are in italics and require a number or word to be entered in the CLI. {X} Keywords and parameters within braces must be entered in the CLI. [X] Keywords and parameters within brackets are optional.
2 Configuration Fundamentals The FTOS command line interface (CLI) is a text-based interface through which you can configure interfaces and protocols. The CLI is largely the same for the S-Series with the exception of some commands and command outputs. The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and you can limit user access to modes using privilege levels.
www.dell.com | support.dell.com CLI Modes Different sets of commands are available in each mode. A command found in one mode cannot be executed from another mode (with the exception of EXEC mode commands preceded by the command do; refer to The do Command on page 8). You can set user access rights to commands and command modes using privilege levels; for more information on privilege levels and security options, refer to Chapter 9, Security, on page 627.
EXEC EXEC Privilege CONFIGURATION ARCHIVE AS-PATH ACL INTERFACE GIGABIT ETHERNET 10 GIGABIT ETHERNET INTERFACE RANGE LOOPBACK MANAGEMENT ETHERNET NULL PORT-CHANNEL SONET VLAN VRRP IP IPv6 IP COMMUNITY-LIST IP ACCESS-LIST STANDARD ACCESS-LIST EXTENDED ACCESS-LIST LINE AUXILIARY CONSOLE VIRTUAL TERMINAL MAC ACCESS-LIST MONITOR SESSION MULTIPLE SPANNING TREE Per-VLAN SPANNING TREE PREFIX-LIST RAPID SPANNING TREE REDIRECT ROUTE-MAP ROUTER BGP ROUTER ISIS ROUTER OSPF ROUTER RIP SPANNING TREE TRACE-LIST Navigati
Prompt Access Command EXEC FTOS> Access the router through the console or Telnet. EXEC Privilege FTOS# • • From EXEC mode, enter the command enable. From any other mode, use the command end. CONFIGURATION FTOS(conf)# • From EXEC privilege mode, enter the command configure. From every mode except EXEC and EXEC Privilege, enter the command exit. • Note: Access all of the following modes from CONFIGURATION mode. IP ACCESS-LIST LINE 6 FTOS Command Modes CLI Command Mode INTERFACE modes www.
Table 2-1.
www.dell.com | support.dell.com The do Command Enter an EXEC mode command from any CONFIGURATION mode (CONFIGURATION, INTERFACE, SPANNING TREE, etc.) without returning to EXEC mode by preceding the EXEC mode command with the command do. Figure 2-4 illustrates the do command. Note: The following commands cannot be modified by the do command: enable, disable, exit, and configure. Figure 2-4.
Obtaining Help Obtain a list of keywords and a brief functional description of those keywords at any CLI mode using the ? or help command: • Enter ? at the prompt or after a keyword to list the keywords available in the current mode. • ? after a prompt lists all of the available keywords. The output of this command is the same for the help command. Figure 2-6.
www.dell.com | support.dell.com • • Table 2-2. The BACKSPACE and DELETE keys erase the previous letter. Key combinations are available to move quickly across the command line, as described in Table 2-2. Short-Cut Keys and their Actions Key Combination Action CNTL-A Moves the cursor to the beginning of the command line. CNTL-B Moves the cursor back one character. CNTL-D Deletes character at cursor. CNTL-E Moves the cursor to the end of the line. CNTL-F Moves the cursor forward one character.
Filtering show Command Outputs Filter the output of a show command to display specific information by adding | [except | find | grep | no-more | save] specified_text after the command. The variable specified_text is the text for which you are filtering and it IS case sensitive unless the ignore-case sub-option is implemented. Starting with FTOS 7.8.1.0, the grep command accepts an ignore-case sub-option that forces the search to case-insensitive.
www.dell.com | support.dell.com Figure 2-10.
• no-more displays the output all at once rather than one screen at a time. This is similar to the command terminal length except that the no-more option affects the output of the specified command only. • save copies the output to a file for future reference. Note: You can filter a single command output multiple times. The save option should be the last option entered.
14 | Configuration Fundamentals www.dell.com | support.dell.
3 Getting Started This chapter contains the following major sections: • • • • • • Default Configuration Configure a Host Name Access the System Remotely Configure the Enable Password Configuration File Management File System Management For details on using the Command Line Interface (CLI), refer to the Accessing the Command Line section in Chapter 1, Configuration Fundamentals. Console access Serial console The RJ-45/RS-232 console port is labeled on the S6000 chassis.
www.dell.com | support.dell.com To access the console port, follow the procedures below. Refer to Table 3-1 for the console port pinout. Step Task 1 Install an RJ-45 copper cable into the console port.Use a rollover (crossover) cable to connect the S6000 console port to a terminal server. 2 Connect the other end of the cable to the DTE terminal server.
Configure a Host Name The host name appears in the prompt. The default host name is FTOS. • • Host names must start with a letter and end with a letter or digit. Characters within the string can be letters, digits, and hyphens. To configure a host name: Step 1 Task Command Syntax Command Mode Create a new host name. hostname name CONFIGURATION Figure 3-2 illustrates the hostname command. Figure 3-2.
www.dell.com | support.dell.com To configure the management port IP address: Step Task Command Syntax Command Mode Enter INTERFACE mode for the Management port. interface ManagementEthernet slot/port • port range: 0 CONFIGURATION 2 Assign an IP address to the interface. ip address ip-address/mask • ip-address: an address in dotted-decimal format (A.B.C.D). • mask: a subnet mask in /prefix-length format (/ xx). INTERFACE 3 Enable the interface.
To configure a username and password: Step 1 Task Command Syntax Command Mode Configure a username and password to access the system remotely. username username password [encryption-type] password encryption-type specifies how you are inputting the password, is 0 by default, and is not required. • 0 is for inputting the password in clear text. • 7 is for inputting a password that is already encrypted using a Type 7 hash.
www.dell.com | support.dell.com Configuration File Management Files can be stored on and accessed from various storage media. Rename, delete, and copy files on the system from the EXEC Privilege mode. Note: Using flash memory cards in the system that have not been approved by Dell Networking can cause unexpected system behavior, including a reboot. Copy Files to and from the System The command syntax for copying files is similar to UNIX.
• • When copying to a server, a hostname can only be used if a DNS server is configured. The usbflash command is supported on S6000. Refer to your system’s Release Notes for a list of approved USB vendors. Figure 3-3 shows an example of using the copy command to save a file to an FTP server. Figure 3-3. Saving a file to a Remote System Local Location Remote Location FTOS#copy flash://FTOS-ZB-8.3.11.4.bin ftp://myusername:mypassword@10.10.10.10//FTOS/FTOS-ZB-8.3.11.1.
www.dell.com | support.dell.
Figure 3-5. Viewing a List of Files in the Internal Flash FTOS#dir Directory of flash: 1 drw2 drwx 3 drw4 drw5 drw6 drw7 d--8 -rw9 -rw10 -rw11 drw12 -rw13 -rw14 -rw15 -rw--More-- 32768 512 8192 8192 8192 8192 8192 33059550 27674906 27674906 8192 7276 7341 27674906 27674906 Jan Jul Mar Mar Mar Mar Mar Jul Jul Jul Jan Jul Jul Jul Jul 01 23 30 30 30 30 30 11 06 06 01 20 20 06 06 1980 2007 1919 1919 1919 1919 1919 2007 2007 2007 1980 2007 2007 2007 2007 00:00:00 . 00:38:44 ..
www.dell.com | support.dell.com Figure 3-6. Tracking Changes with Configuration Comments FTOS#show running-config Current Configuration ... ! Version 9.0(2.0) ! Last configuration change at Tue Apr 12 21:21:59 2011 by default ! Startup-config last updated at Tue Apr 5 00:16:05 2011 by default ! boot system stack-unit 0 primary system: A: boot system stack-unit 0 secondary system: B: boot system stack-unit 0 default tftp://10.16.127.35/ftos-s6000.bin boot system gateway 192.168.1.
You can change the default file system so that file management commands apply to a particular device or memory. To change the default storage location: Task Command Syntax Command Mode Change the default directory. cd directory EXEC Privilege In Figure 3-8, the default storage location is changed to the external Flash of the primary RPM. File management commands then apply to the external Flash rather than the internal Flash. Figure 3-8.
www.dell.com | support.dell.com 26 Upgrading FTOS Note: To upgrade FTOS, refer to the release notes for the version you want to load on the system.
4 Management Management is supported on the following platforms: s z This chapter explains the different protocols or services used to manage the Dell Networking system including: • • • • • • • Configure Privilege Levels Configure Logging File Transfer Services Terminal Lines Lock CONFIGURATION mode Recovering from a Forgotten Password on the S4810 and S6000 Recovering from a Failed Start on the S4810 and S6000 Configure Privilege Levels Privilege levels restrict access to commands based on user or ter
www.dell.com | support.dell.com Removing a command from EXEC mode Remove a command from the list of available commands in EXEC mode for a specific privilege level using the command privilege exec from CONFIGURATION mode. In the command, specify a level greater than the level given to a user or terminal line, followed by the first keyword of each command to be restricted.
Task Command Syntax Command Mode Allow access to INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode. Specify all keywords in the command. privilege configure level level {interface | line | route-map | router} {command-keyword ||...|| command-keyword} CONFIGURATION Allow access to a CONFIGURATION, INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode command. privilege {configure |interface | line | route-map | router} level level {command ||...
www.dell.com | support.dell.com 30 Create a Custom Privilege Level FTOS(conf)#do show run priv ! privilege exec level 3 capture privilege exec level 3 configure privilege exec level 4 resequence privilege exec level 3 capture bgp-pdu privilege exec level 3 capture bgp-pdu max-buffer-size privilege configure level 3 line privilege configure level 3 interface FTOS(conf)#do telnet 10.11.80.201 [telnet output omitted] FTOS#show priv Current privilege level is 3.
Apply a Privilege Level to a Username To set a privilege level for a user: Task Command Syntax Command Mode Configure a privilege level for a user. username username privilege level CONFIGURATION Apply a Privilege Level to a Terminal Line To set a privilege level for a terminal line: Task Command Syntax Command Mode Configure a privilege level for a terminal line.
www.dell.com | support.dell.com Log Messages in the Internal Buffer All error messages, except those beginning with %BOOTUP (Message), are log in the internal buffer.
Configure a Unix System as a Syslog Server Configure a UNIX system as a syslog server by adding the following lines to /etc/syslog.conf on the Unix system and assigning write permissions to the file. • • on a 4.1 BSD UNIX system, add the line: local7.debugging /var/log/force10.log on a 5.7 SunOS UNIX system, add the line: local7.debugging /var/adm/force10.log In the lines above, local7 is the logging facility level and debugging is the severity level.
www.dell.com | support.dell.com To change the severity level of messages logged to a syslog server, use the following command in the CONFIGURATION mode: To view the logging configuration, use the sshow running-config logging Command in the EXEC privilege mode. Display the Logging Buffer and the Logging Configuration Display the current contents of the logging buffer and the logging settings for the system, use the show logging Command in the EXEC privilege mode.
Configure a UNIX logging facility level You can save system log messages with a UNIX system logging facility. To configure a UNIX logging facility level, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose logging facility [facility-type] CONFIGURATION Specify one of the following parameters.
www.dell.com | support.dell.com Synchronize log messages You can configure FTOS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system.
To have FTOS include a timestamp with the syslog message, use the following command syntax in the CONFIGURATION mode: Command Syntax Command Mode Purpose service timestamps [log | debug] [datetime [localtime] [msec] [show-timezone] | uptime] CONFIGURATION Add timestamp to syslog messages. Specify the following optional parameters: • datetime: You can add the keyword localtime to include the localtime, msec, and show-timezone. If you do not add the keyword localtime, the time is UTC. • uptime.
www.dell.com | support.dell.com To view FTP configuration, use the show running-config ftp Command Output in the EXEC privilege mode. show running-config ftp Command Output FTOS#show running ftp ! ftp-server enable ftp-server username nairobi password 0 zanzibar FTOS# Configure FTP server parameters After the FTP server is enabled on the system, you can configure different parameters.
Configure FTP client parameters To configure FTP client parameters, use the following commands in the CONFIGURATION mode: Command Syntax Command Mode Purpose ip ftp source-interface interface CONFIGURATION Enter the following keywords and slot/port number information: • For a 1- Gigabit Ethernet interface, enter the keyword GigabitEthernet followed by the slot/port information. • For a loopback interface, enter the keyword loopback followed by a number between 0 and 16383.
www.dell.com | support.dell.com To apply an IP ACL to a line: Task Command Command Mode Apply an ACL to a VTY line. ip access-class access-list LINE To view the configuration, enter the show config command in the LINE mode, as shown in Applying an Access List to a VTY Line. Applying an Access List to a VTY Line FTOS(config-std-nacl)#show config ! ip access-list standard myvtyacl seq 5 permit host 10.11.0.
To configure authentication for a terminal line: Step Task Command Syntax Command Mode 1 Create an authentication method list. You may use a mnemonic name or use the keyword default. The default authentication method for terminal lines is local, and the default method list is empty. aaa authentication login {method-list-name | default} [method-1] [method-2] [method-3] [method-4] [method-5] [method-6] CONFIGURATION 2 Apply the method list from Step 1 to a terminal line.
www.dell.com | support.dell.com To change the timeout period or disable EXEC timeout. Task Command Syntax Command Mode Set the number of minutes and seconds. Default: 10 minutes on console, 30 minutes on VTY. Disable EXEC timeout by setting the timeout period to 0. exec-timeout minutes [seconds] LINE Return to the default timeout values. no exec-timeout LINE View the configuration using the command show config from LINE mode.
Lock CONFIGURATION mode FTOS allows multiple users to make configurations at the same time. You can lock CONFIGURATION mode so that only one user can be in CONFIGURATION mode at any time (Message 3). A two types of locks can be set: auto and manual. • • Set an auto-lock using the command configuration mode exclusive auto from CONFIGURATION mode. When you set an auto-lock, every time a user is in CONFIGURATION mode all other users are denied access.
www.dell.com | support.dell.com Viewing the Configuration Lock Status If you attempt to enter CONFIGURATION mode when another user has locked it, you may view which user has control of CONFIGURATION mode using the command show configuration lock from EXEC Privilege mode. You can then send any user a message using the send command from EXEC Privilege mode. Alternatively you can clear any line using the command clear from EXEC Privilege mode. If you clear a console session, the user is returned to EXEC mode.
Step 11 Task Command Syntax Command Mode Save the running-config. copy running-config startup-config EXEC Privilege If you forget your password from the S6000, use the following process: Step Task Command Syntax 1 Log onto the system via console. 2 Power-cycle the chassis by disconnecting and.then reconnecting the power cord. 3 Press Esc when prompted to abort the boot process. Press any key Command Mode (during bootup) Note: You must enter the CLI commands.
www.dell.com | support.dell.com Recovering from a Forgotten Enable Password on the S4810 and S6000 If you forget the enable password on the S4810: Step Task Command Syntax Command Mode 1 Log onto the system via console. 2 Power-cycle the chassis by switching off all of the power modules and then switching them back on. 3 Press any key to abort the boot process. You enter uBoot immediately on the S4810, as indicated by the => prompt.
Step Task Command Syntax Command Mode 7 Configure a new enable password. enable {secret | password} CONFIGURATION 8 Save the running-config to the startup-config. copy running-config startup-config EXEC Privilege Recovering from a Failed Start on the S4810 and S6000 A system that does not start correctly might be attempting to boot from a corrupted FTOS image or from a mis-specified location.
48 | Management www.dell.com | support.dell.
5 802.1X 802.1X is supported on the following platforms: s z Protocol Overview 802.1X is a method of port security. A device connected to a port that is enabled with 802.1X is disallowed from sending or receiving packets on the network until its identity can be verified (through a username and password, for example). This feature is named for its IEEE specification. 802.
www.dell.com | support.dell.com Figure 5-1.
3. The authenticator decapsulates the EAP Response from the EAPOL frame, encapsulates it in a RADIUS Access-Request frame, and forwards the frame to the authentication server. 4. The authentication server replies with an Access-Challenge. The Access-Challenge is request that the supplicant prove that it is who it claims to be, using a specified method (an EAP-Method). The challenge is translated and forwarded to the supplicant by the authenticator. 5.
www.dell.com | support.dell.com Figure 5-3. Code RADIUS Frame Format Identifier Length Range: 1-4 Codes: 1: Access-Request 2: Access-Accept 3: Access-Reject 11: Access-Challenge Message-Authenticator Attribute Type (79) EAP-Message Attribute Length EAP-Method Data (Supplicant Requested Credentials) fnC0034mp RADIUS Attributes for 802.1 Support Dell Networking systems includes the following RADIUS attributes in all 802.
Important Points to Remember • • FTOS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. 802.1X is not supported on port-channels or port-channel members. Enabling 802.1X 802.1X must be enabled globally and at the interface level. Figure 5-4. Enabling 802.1X To enable 802.1X: Step Task Command Syntax Command Mode 1 Enable 802.1X globally. dot1x authentication CONFIGURATION 2 Enter INTERFACE mode on an interface or a range of interfaces.
www.dell.com | support.dell.com Figure 5-5. Verifying 802.1X Global Configuration FTOS#show running-config | find dot1x dot1x authentication ! [output omitted] ! interface TengigabitEthernet 2/1 ip address 2.2.2.2/24 dot1x authentication no shutdown ! interface TengigabitEthernet 2/2 ip address 1.0.0.1/24 dot1x authentication no shutdown --More-- 802.1X Enabled 802.1X Enabled on View 802.1X configuration information for an interface using the command show dot1x interface, as shown in Figure 5-6.
To configure the amount of time that the authenticator waits before re-transmitting an EAP Request Identity frame: Step 1 Task Command Syntax Command Mode Configure the amount of time that the authenticator waits before re-transmitting an EAP Request Identity frame.
www.dell.com | support.dell.com Figure 5-7. Configuring a Request Identity Re-transmissions FTOS(conf-if-range-te-2/1)#dot1x tx-period 90 FTOS(conf-if-range-te-2/1)#dot1x max-eap-req 10 FTOS(conf-if-range-te-2/1)#dot1x quiet-period 120 FTOS#show dot1x interface Tengigabitethernet 2/1 802.
Figure 5-8. Configuring Port-control FTOS(conf-if-te-2/1)#dot1x port-control force-authorized FTOS(conf-if-te-2/1)#do show dot1x interface Tengigabitethernet 2/1 802.
www.dell.com | support.dell.com Figure 5-9. Configuring a Reauthentiction Period FTOS(conf-if-te-2/1)#dot1x reauthentication interval 7200 FTOS(conf-if-te-2/1)#dot1x reauth-max 10 FTOS(conf-if-te-2/1)#do show dot1x interface tengigabitethernet 2/1 802.
Figure 5-10. Configuring a Timeout FTOS(conf-if-te-2/1)#dot1x port-control force-authorized FTOS(conf-if-te-2/1)#do show dot1x interface Tengigabitethernet 2/1 802.
www.dell.com | support.dell.com Figure 5-11. Dynamic VLAN Assignment with 802.1X Guest and Authentication-fail VLANs Typically, the authenticator (Dell Networking system) denies the supplicant access to the network until the supplicant is authenticated. If the supplicant is authenticated, the authenticator enables the port and places it in either the VLAN for which the port is configured, or the VLAN that the authentication server indicates in the authentication data.
The Guest VLAN 802.1X extension addresses this limitation with regard to non-802.1X capable devices, and the Authentication-fail VLAN 802.1X extension addresses this limitation with regard to external users. • • If the supplicant fails authentication a specified number of times, the authenticator places the port in the Authentication-fail VLAN. If a port is already forwarding on the Guest VLAN when 802.1X is enabled, then the port is moved out of the Guest VLAN, and the authentication process begins.
www.dell.com | support.dell.com FTOS(conf-if-te-1/2)#dot1x auth-fail-vlan 100 max-attempts 5 FTOS(conf-if-te-1/2)#show config ! interface TengigabitEthernet 1/2 switchport dot1x guest-vlan 200 dot1x auth-fail-vlan 100 max-attempts 5 no shutdown FTOS(conf-if-te-1/2)# View your configuration using the command show config from INTERFACE mode, as shown in Figure 5-12, or using the command show dot1x interface command from EXEC Privilege mode as shown in Figure 5-14. Figure 5-14.
6 Access Control Lists (ACLs) The Access Control Lists (ACLs) chapter also includes prefix lists and route maps. z Ingress IP and MAC ACLs are supported on platforms: s ACLs are supported on platforms: s Egress IP and MAC ACLs are supported on platforms: z z Overview At their simplest, Access Control Lists (ACLs), Prefix lists, and Route-maps permit or deny traffic based on MAC and/or IP addresses. This chapter discusses implementing IP ACLs, IP Prefix lists and Route-maps.
www.dell.com | support.dell.com • • • • • • Configuring Ingress ACLs Configuring Egress ACLs IP Prefix Lists • IP Prefix Lists IP Prefix Lists ACL Resequencing Route Maps on page 86 IP Access Control Lists (ACLs) In the Dell Networking switch/routers, you can create two different types of IP ACLs: standard or extended. A standard ACL filters packets based on the source IP packet.
User Configurable CAM Allocation z User Configurable CAM Allocations are supported on platforms Allocate space for IPV6 ACLs on the by using the cam-acl command in CONFIGURATION mode. The CAM space is allotted in FP blocks. The total space allocated must equal 13 FP blocks. Note that there are 16 FP blocks, but the System Flow requires 3 blocks that cannot be reallocated.
www.dell.com | support.dell.com Implementing ACLs on FTOS One IP ACL can be assigned per interface with FTOS. If an IP ACL is not assigned to an interface, it is not used by the software in any other capacity. The number of entries allowed per ACL is hardware-dependent. Refer to your line card documentation for detailed specification on entries allowed per ACL.
Figure 6-1. Using the Order Keyword in ACLs FTOS(conf)#ip access-list standard acl1 FTOS(config-std-nacl)#permit 20.0.0.0/8 FTOS(config-std-nacl)#exit FTOS(conf)#ip access-list standard acl2 FTOS(config-std-nacl)#permit 20.1.1.
www.dell.com | support.dell.com IP fragments ACL examples The following configuration permits all packets (both fragmented & non-fragmented) with destination IP 10.1.1.1. The second rule does not get hit at all. FTOS(conf)#ip access-list extended ABC FTOS(conf-ext-nacl)#permit ip any 10.1.1.1/32 FTOS(conf-ext-nacl)#deny ip any 10.1.1.1./32 fragments FTOS(conf-ext-nacl) To deny second/subsequent fragments, use the same rules in a different order.
Note the following when configuring ACLs with the fragments keyword. When an ACL filters packets it looks at the Fragment Offset (FO) to determine whether or not it is a fragment. FO = 0 means it is either the first fragment or the packet is a non-fragment. FO > 0 means it is dealing with the fragments of the original packet.
www.dell.com | support.dell.com To view the rules of a particular ACL configured on a particular interface, use the show ip accounting access-list ACL-name interface interface command (Figure 6-2) in EXEC Privilege mode. Figure 6-2. Command Example: show ip accounting access-list FTOS#show ip accounting access ToOspf interface te 1/6 Standard IP access list ToOspf seq 5 deny any seq 10 deny 10.2.0.0 /16 seq 15 deny 10.3.0.0 /16 seq 20 deny 10.4.0.0 /16 seq 25 deny 10.5.0.0 /16 seq 30 deny 10.6.0.
When you use the log keyword, CP processor logs details about the packets that match. Depending on how many packets match the log entry and at what rate, the CP may become busy as it has to log these packets’ details. Figure 6-4 illustrates a standard IP ACL in which the sequence numbers were assigned by the FTOS. The filters were assigned sequence numbers based on the order in which they were configured (for example, the first filter was given the lowest sequence number).
www.dell.com | support.dell.com Configure filters with sequence number To create a filter for packets with a specified sequence number, use these commands in the following sequence, starting in the CONFIGURATION mode: Step 1 2 Command Syntax Command Mode Purpose ip access-list extended access-list-name CONFIGURATION Enter the IP ACCESS LIST mode by creating an extended IP ACL. CONFIG-EXT-NACL Configure a drop or forward filter.
UDP packets: To create a filter for UDP packets with a specified sequence number, use these commands in the following sequence, starting in the CONFIGURATION mode: Step 1 2 Command Syntax Command Mode Purpose ip access-list extended access-list-name CONFIGURATION Create a extended IP ACL and assign it a unique name. CONFIG-EXT-NACL Configure an extended IP ACL filter for UDP packets.
www.dell.com | support.dell.com To configure a filter for an extended IP ACL without a specified sequence number, use any or all of the following commands in the IP ACCESS LIST mode: Command Syntax Command Mode Purpose {deny | permit} {source mask | any | host ip-address} [count [byte] [dscp] [order] [fragments] CONFIG-EXT-NACL Configure a deny or permit filter to examine IP packets.
• When packets are switched by FTOS, the egress L3 ACL does not filter the packet. For the following features, if counters are enabled on rules that have already been configured and a new rule is either inserted or prepended, all the existing counters will be reset: • • L2 Ingress Access list L2 Egress Access list If a rule is simply appended, existing counters are not affected. Table 6-1.
www.dell.com | support.dell.com For more information on Layer-3 interfaces, refer to Chapter 20, Interfaces. To apply an IP ACL (standard or extended) to a physical or port channel interface, use these commands in the following sequence in the INTERFACE mode: Step Command Syntax Command Mode Purpose 1 interface interface slot/port CONFIGURATION Enter the interface number. 2 ip address ip-address INTERFACE Configure an IP address for the interface, placing it in Layer-3 mode.
Step 3 Task View the number of packets matching the ACL using the show ip accounting access-list from EXEC Privilege mode. Configuring Ingress ACLs Ingress ACLs are applied to interfaces and to traffic entering the system.These system-wide ACLs eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target traffic, it is a simpler implementation. To create an ingress ACLs, use the ip access-group command (Figure 233) in the EXEC Privilege mode.
www.dell.com | support.dell.com An egress ACL is used when users would like to restrict egress traffic. For example, when a DOS attack traffic is isolated to one particular interface, you can apply an egress ACL to block that particular flow from exiting the box, thereby protecting downstream devices. To create an egress ACLs, use the ip access-group command (Figure 234) in the EXEC Privilege mode.
FTOS Behavior: VRRP hellos and IGMP packets are not affected when egress ACL filtering for CPU traffic is enabled. Packets sent by the CPU with the source address as the VRRP virtual IP address have the interface MAC address instead of VRRP virtual MAC address. IP Prefix Lists Prefix Lists are supported on platforms: s z IP prefix lists control routing policy.
www.dell.com | support.dell.com Configuration Task List for Prefix Lists To configure a prefix list, you must use commands in the PREFIX LIST, the ROUTER RIP, ROUTER OSPF, and ROUTER BGP modes. Basically, you create the prefix list in the PREFIX LIST mode, and assign that list to commands in the ROUTER RIP, ROUTER OSPF and ROUTER BGP modes.
Figure 6-11. Command Example: seq FTOS(conf-nprefixl)#seq 20 permit 0.0.0.0/0 le 32 FTOS(conf-nprefixl)#seq 12 deny 134.23.0.0 /16 FTOS(conf-nprefixl)#seq 15 deny 120.23.14.0 /8 le 16 FTOS(conf-nprefixl)#show config ! ip prefix-list juba seq 12 deny 134.23.0.0/16 seq 15 deny 120.0.0.0/8 le 16 seq 20 permit 0.0.0.0/0 le 32 FTOS(conf-nprefixl)# Note the last line in the prefix list Juba contains a “permit all” statement.
www.dell.com | support.dell.com To delete a filter, enter the show config command in the PREFIX LIST mode and locate the sequence number of the filter you want to delete; then use the no seq sequence-number command in the PREFIX LIST mode. To view all configured prefix lists, use either of the following commands in the EXEC mode: Command Syntax Command Mode Purpose show ip prefix-list detail [prefix-name] EXEC Privilege Show detailed information about configured Prefix lists.
To apply a filter to routes in RIP (RIP is supported on C and E-Series.), use either of the following commands in the ROUTER RIP mode: Command Syntax Command Mode Purpose router rip CONFIGURATION Enter RIP mode distribute-list prefix-list-name in [interface] CONFIG-ROUTER-RIP Apply a configured prefix list to incoming routes. You can specify an interface. If you enter the name of a nonexistent prefix list, all routes are forwarded.
www.dell.com | support.dell.com Figure 6-16. Command Example: show config in ROUTER OSPF Mode FTOS(conf-router_ospf)#show config ! router ospf 34 network 10.2.1.1 255.255.255.255 area 0.0.0.1 distribute-list prefix awe in FTOS(conf-router_ospf)# ACL Resequencing ACL Resequencing allows you to re-number the rules and remarks in an access or prefix list. The placement of rules within the list is critical because packets are matched against rules in sequential order.
Resequencing an ACL or Prefix List Resequencing is available for IPv4 and IPv6 ACLs and prefix lists and MAC ACLs. To resequence an ACL or prefix list use the appropriate command in Table 6-4. You must specify the list name, starting number, and increment when using these commands. Table 6-4.
www.dell.com | support.dell.com Figure 6-18. Resequencing Remarks FTOS(config-ext-nacl)# show config ! ip access-list extended test remark 4 XYZ remark 5 this remark corresponds to permit any host 1.1.1.1 seq 5 permit ip any host 1.1.1.1 remark 9 ABC remark 10 this remark corresponds to permit ip any host 1.1.1.2 seq 10 permit ip any host 1.1.1.2 seq 15 permit ip any host 1.1.1.3 seq 20 permit ip any host 1.1.1.
• • • Two or more match clauses within the same route-map sequence have different match commands, matching a packet against these clauses is a logical AND operation. If no match is found in a route-map sequence, the process moves to the next route-map sequence until a match is found, or there are no more sequences. When a match is found, the packet is forwarded; no more route-map sequences are processed.
www.dell.com | support.dell.com Figure 6-19. Command Example: show config in the ROUTE-MAP Mode FTOS(config-route-map)#show config ! route-map dilling permit 10 FTOS(config-route-map)# You can create multiple instances of this route map by using the sequence number option to place the route maps in the correct order. FTOS processes the route maps with the lowest sequence number first.
Figure 6-22. Command Example: show route-map FTOS#show route-map dilling route-map dilling, permit, sequence 10 Match clauses: Set clauses: route-map dilling, permit, sequence 15 Match clauses: interface Loopback 23 Set clauses: tag 3444 FTOS# To delete a route map, use the no route-map map-name command in the CONFIGURATION mode. Configure route map filters Within the ROUTE-MAP mode, there are match and set commands.
www.dell.com | support.dell.com Also, if there are different instances of the same route-map, then it’s sufficient if a permit match happens in any instance of that route-map.
Command Syntax Command Mode Purpose match ipv6 address prefix-list-name CONFIG-ROUTE-MAP Match destination routes specified in a prefix list (IPv6). match ip next-hop {access-list-name | prefix-list prefix-list-name} CONFIG-ROUTE-MAP Match next-hop routes specified in a prefix list (IPv4). match ipv6 next-hop {access-list-name | prefix-list prefix-list-name} CONFIG-ROUTE-MAP Match next-hop routes specified in a prefix list (IPv6).
www.dell.com | support.dell.com Command Syntax Command Mode Purpose set tag tag-value CONFIG-ROUTE-MAP Specify a tag for the redistributed routes. set weight value CONFIG-ROUTE-MAP Specify a value as the route’s weight. Use these commands to create route map instances. There is no limit to the number of set and match commands per route map, but the convention is to keep the number of match and set filters in a route map low. Set commands do not require a corresponding match command.
Configure a route map for route tagging One method for identifying routes from different routing protocols is to assign a tag to routes from that protocol. As the route enters a different routing domain, it is tagged and that tag is passed along with the route as it passes through different routing protocols. This tag can then be used when the route leaves a routing domain to redistribute those routes again.
94 | Access Control Lists (ACLs) www.dell.com | support.dell.
7 Bidirectional Forwarding Detection (BFD) Bidirectional Forwarding Detection (BFD) is supported only on the following platforms: z Protocol Overview Bidirectional Forwarding Detection (BFD) is a protocol that is used to rapidly detect communication failures between two adjacent systems. It is a simple and lightweight replacement for existing routing protocol link state detection mechanisms. It also provides a failure detection solution for links on which no routing protocol is used.
www.dell.com | support.dell.com How BFD Works Two neighboring systems running BFD establish a session using a three-way handshake. After the session has been established, the systems exchange control packets at agreed upon intervals. In addition, systems send a control packet anytime there is a state change or change in a session parameter; these control packets are sent without regard to transmit and receive intervals. Note: FTOS does not support multi-hop BFD sessions.
Version (4) IHL TOS Total Length Preamble Flags Start Frame Delimiter Frag Offset Destination MAC TTL (255) Source MAC Protocol Ethernet Type (0x888e) Header Checksum Version (1) State Range: 3784 Source Port Options Diag Code Dest IP Addr Padding Checksum UDP Packet Detect Mult My Discriminator Your Discriminator Random number generated by remote system to identify a session Required Min RX Interval Required Min Echo RX Interval Auth Type The minimum interval between Echo pac
www.dell.com | support.dell.com Table 7-1. BFD Packet Fields Field Description Diagnostic Code The reason that the last session failed. State The current local session state. Refer to BFD sessions. Flag A bit that indicates packet function. If the poll bit is set, the receiving system must respond as soon as possible, without regard to its transmit interval. The responding system clears the poll bit and sets the final bit in its response.
• • Active—The active system initiates the BFD session. Both systems can be active for the same session. Passive—The passive system does not initiate a session. It only responds to a request for session initialization from the active system. A BFD session has two modes: • • Asynchronous mode—In Asynchronous mode, both systems send periodic control messages at an agreed upon interval to indicate that their session status is Up.
www.dell.com | support.dell.com 4. The passive system receives the control packet, changes its state to Up. Both systems agree that a session has been established. However, since both members must send a control packet—that requires a response—anytime there is a state change or change in a session parameter, the passive system sends a final response indicating the state change. After this, periodic control packets are exchanged. Figure 7-2.
BFD State Machine Router A { eBGP Route eBGP Route Router B Router E { Figure 7-3. Router F iBGP Routes iBGP Route Route Reflector Router D Route Reflector Client Peers Router C Router G Router H iBGP Routes Important Points to Remember • • • • • • • BFD for line card ports is hitless, but is not hitless for VLANs since they are instantiated on the RPM. FTOS supports a maximum of 100 sessions per BFD agent.
www.dell.com | support.dell.com When using BFD with OSPF, the OSPF protocol registers with the BFD manager on the RPM. BFD sessions are established with all neighboring interfaces participating in OSPF. If a neighboring interface fails, the BFD agent on the line card notifies the BFD manager, which in turn notifies the OSPF protocol that a link state change occurred. Configuring BFD for OSPF is a two-step process: 1. Enable BFD globally. 2. Establish sessions with a next-hop neighbors.
To establish BFD for all OSPF neighbors on a single interface: Step 1 Task Command Syntax Command Mode Establish sessions with all OSPF neighbors on a single interface. ip ospf bfd all-neighbors INTERFACE View the established sessions using the command show bfd neighbors, as shown in the following illustration. Figure 7-5.
www.dell.com | support.dell.com Disabling BFD for OSPF If BFD is disabled globally, all sessions are torn down, and sessions on the remote system are placed in a Down state. If BFD is disabled on an interface, sessions on the interface are torn down, and sessions on the remote system are placed in a Down state. Disabling BFD does not trigger a change in BFD clients; a final Admin Down packet is sent before the session is terminated.
Figure 7-6. Establishing Sessions with IS-IS Neighbors FTOS(conf )# router isis FTOS(conf-router_isis)# net 02.1921.6800.2002.00 FTOS(conf-router_isis)# interface gigabitethernet 2/1 FTOS(conf-if-gi-2/1)#ip address 2.2.2.2/24 FTOS(config-if-gi-2/1)# ip router isis FTOS(config-if-gi-2/1)# exit FTOS(conf )# router isis FTOS(conf-router_isis)# bfd all-neighbors FTOS(conf-router_isis)# interface gigabitethernet 2/2 FTOS(conf-if-gi-2/2)#ip address 2.2.3.
www.dell.com | support.dell.com Figure 7-7. Viewing Established Sessions for IS-IS Neighbors R2(conf-router_isis)#bfd all-neighbors R2(conf-router_isis)#do show bfd neighbors * Ad Dn C I O R - IS-IS BFD Sessions Active session role Admin Down CLI ISIS OSPF Static Route (RTM) LocalAddr * 2.2.2.2 * 2.2.3.1 RemoteAddr 2.2.2.1 2.2.3.
To disable BFD sessions with all IS-IS neighbors: Step 1 Task Command Syntax Command Mode Disable BFD sessions with all IS-IS neighbors.
www.dell.com | support.dell.com Figure 7-8. BFD Session Between BGP Neighbors Interior BGP Interior BGP Router 1 2/2 2.2.4.2 Router 2 1/1 2.2.4.3 Exterior BGP AS 1 FTOS(conf )# bfd enable FTOS(conf )# router bgp 1 FTOS(conf-router-bgp)# neighbor 2.2.4.3 remote-as 2 FTOS(conf-router-bgp)# neighbor 2.2.4.3 no shutdown FTOS(conf-router-bgp)# bfd all-neighbors interval 200 min_rx 200 multiplier 6 role active OR FTOS(conf-router-bgp)# neighbor 2.2.4.
As long as each BFD for BGP neighbor receives a BFD control packet within the configured BFD interval for failure detection, the BFD session remains up and BGP maintains its adjacencies. If a BFD for BGP neighbor does not receive a control packet within the detection interval, the router informs any clients of the BFD session (other routing protocols) about the failure. It then depends on the individual routing protocols that uses the BGP link to determine the appropriate response to the failure condition.
www.dell.com | support.dell.com Displaying BFD for BGP Information To display information about BFD for BGP sessions on a router, enter one of the following show commands: Task Command Command Mode Verify a BFD for BGP configuration. show running-config bgp Figure 7-9 EXEC Privilege Verify that a BFD for BGP session has been successfully established with a BGP neighbor. A line-by-line listing of established BFD adjacencies is displayed.
Figure 7-11. Verifying BFD Sessions with BGP Neighbors: show bfd neighbors detail Command R2# show bfd neighbors detail Session Discriminator: 9 Neighbor Discriminator: 10 Local Addr: 1.1.1.3 Local MAC Addr: 00:01:e8:66:da:33 Remote Addr: 1.1.1.
www.dell.com | support.dell.com Figure 7-12.
Figure 7-14. Displaying Routing Sessions with BGP Neighbors: show ip bgp neighbors Command R2# show ip bgp neighbors 2.2.2.2 BGP neighbor is 2.2.2.2, remote AS 1, external link BGP version 4, remote router ID 12.0.0.
www.dell.com | support.dell.com Configuring Protocol Liveness 114 Protocol Liveness is a feature that notifies the BFD Manager when a client protocol is disabled. When a client is disabled, all BFD sessions for that protocol are torn down. Neighbors on the remote system receive an Admin Down control packet and are placed in the Down state.
8 Border Gateway Protocol Platforms support BGP according to the following table: FTOS version Platform support Z IPv4: 8.3.11.2 IPv6: 9.0.0.0 8.3.7.0 7.8.1.0 S-Series s This chapter is intended to provide a general description of Border Gateway Protocol version 4 (BGPv4) as it is supported in the Networking Operating System (FTOS).
www.dell.com | support.dell.com • • • AS Number Migration • BGP4 Management Information Base (MIB) • Important Points to Remember Configuration Information • Configuration Task List for BGP • MBGP Configuration • Storing Last and Bad PDUs • Capturing PDUs • PDU Counters Sample Configurations BGP protocol standards are listed in the Appendix A, Standards Compliance chapter.
When BGP operates inside an Autonomous System (AS1 or AS2 as seen in Figure 8-1), it is referred to as Internal BGP (IBGP Interior Border Gateway Protocol). When BGP operates between Autonomous Systems (AS1 and AS2), it is called External BGP (EBGP Exterior Border Gateway Protocol). IBGP provides routers inside the AS with the knowledge to reach routers external to the AS. EBGP routers exchange information with other EBGP routers as well as IBGP routers to maintain connectivity and accessibility.
www.dell.com | support.dell.com Figure 8-2. Full Mesh Examples 4 Routers 6 Routers 8 Routers The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers. A Peer is also called a Neighbor. Establishing a session Information exchange between peers is driven by events and timers.
In order to make decisions in its operations with other BGP peers, a BGP peer uses a simple finite state machine that consists of six states: Idle, Connect, Active, OpenSent, OpenConfirm, and Established. For each peer-to-peer session, a BGP implementation tracks which of these six states the session is in. The BGP protocol defines the messages that each peer should exchange in order to change the session from one state to another. The first state is the Idle mode.
www.dell.com | support.dell.com • • If a route was received from a nonclient peer, reflect the route to all client peers. If the route was received from a client peer, reflect the route to all nonclient and all client peers. To illustrate how these rules affect routing, refer to Figure 8-3 and the following steps. Routers B, C, D, E, and G are members of the same AS - AS100. These routers are also in the same Route Reflection Cluster, where Router D is the Route Reflector.
BGP Attributes Routes learned via BGP have associated properties that are used to determine the best route to a destination when multiple paths exist to a particular destination. These properties are referred to as BGP attributes, and an understanding of how BGP attributes influence route selection is required for the design of robust networks.
www.dell.com | support.dell.com Figure 8-4. BGP Best Path Selection No, or Not Resulting in a Single Route Largest Weight Highest Local Pref Locally Originated Path Shortest AS Path Lowest Origin Code Lowest MED Learned via EBGP Lowest NEXT-HOP Cost Tie Breakers Short Cluster List from Lowest BGP ID Lowest Peering Addr A Single Route is Selected and Installed in the Forwarding Table Best Path selection details 1. Prefer the path with the largest WEIGHT attribute. 2.
• AS_CONFED_SEQUENCE has a path length of 1, no matter how many ASs are in the AS_CONFED_SEQUENCE. 5. Prefer the path with the lowest ORIGIN type (IGP is lower than EGP, and EGP is lower than INCOMPLETE). 6. Prefer the path with the lowest Multi-Exit Discriminator (MED) attribute. The following criteria apply: • • • This comparison is only done if the first (neighboring) AS is the same in the two paths; the MEDs are compared only if the first AS in the AS_SEQUENCE is the same for both paths.
www.dell.com | support.dell.com Weight The Weight attribute is local to the router and is not advertised to neighboring routers. If the router learns about more than one route to the same destination, the route with the highest weight will be preferred. The route with the highest weight is installed in the IP routing table. Local Preference Local Preference (LOCAL_PREF) represents the degree of preference within the entire AS. The higher the number, the greater the preference for the route.
One AS assigns the MED a value and the other AS uses that value to decide the preferred path. For this example, assume the MED is the only attribute applied. In Figure 8-6, AS100 and AS200 connect in two places. Each connection is a BGP session. AS200 sets the MED for its T1 exit point to 100 and the MED for its OC3 exit point to 50. This sets up a path preference through the OC3 link. The MEDs are advertised to AS100 routers so they know which is the preferred path. An MED is a non-transitive attribute.
www.dell.com | support.dell.com Generally, an IGP indicator means that the route was derived inside the originating AS. EGP generally means that a route was learned from an external gateway protocol. An INCOMPLETE origin code generally results from aggregation, redistribution or other indirect ways of installing routes into BGP. In FTOS, these origin codes appear as shown in Figure 8-7. The question mark (?) indicates an Origin code of INCOMPLETE. The lower case letter (i) indicates an Origin code of IGP.
Next Hop The Next Hop is the IP address used to reach the advertising router. For EBGP neighbors, the Next-Hop address is the IP address of the connection between the neighbors. For IBGP, the EBGP Next-Hop address is carried into the local AS. A Next Hop attribute is set when a BGP speaker advertises itself to another BGP speaker outside its local AS. It can also be set when advertising routes within an AS.
www.dell.com | support.dell.com FTOS 8.3.1.0 and later support configuring the set metric-type internal command in a route-map to advertise the IGP cost as the MED to outbound EBGP peers when redistributing routes. The configured set metric value overwrites the default IGP cost. By using the redistribute command in conjunction with the route-map command, you can specify whether a peer advertises the standard MED or uses the IGP cost as the MED.
Where the 2-Byte format is 1-65535, the 4-Byte format is 1-4294967295. Enter AS Numbers using the traditional format. If the ASN is greater than 65535, the dot format is shown when using the show ip bgp commands. For example, an ASN entered as 3183856184 will appear in the show commands as 48581.51768; an ASN of 65123 is shown as 65123. To calculate the comparable dot format for an ASN from a traditional format, use ASN/65536. ASN%65536. Table 8-2.
www.dell.com | support.dell.com ASDOT representation combines the ASPLAIN and ASDOT+ representations. AS Numbers less than 65536 appear in integer format (asplain); AS Numbers equal to or greater than 65536 appear using the decimal method (asdot+). For example, the AS Number 65526 appears as 65526, and the AS Number 65546 appears as 1.10. 130 Dynamic AS Number Notation application FTOS 8.3.1.0 applies the ASN Notation type change dynamically to the running-config statements.
Figure 8-9. Dynamic changes of the bgp asnotation command in the show running config ASDOT FTOS(conf-router_bgp)#bgp asnotation asdot FTOS(conf-router_bgp)#show conf ! router bgp 100 bgp asnotation asdot bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057
www.dell.com | support.dell.com config AS NOTATION DISABLED FTOS(conf-router_bgp)#no bgp asnotation FTOS(conf-router_bgp)#sho conf ! router bgp 100 bgp four-octet-as-support neighbor 172.30.1.250 local-as 65057
Figure 8-11. Local-AS Scenario Router A AS 100 Router C AS 300 Router B AS 200 Before Migration Router A AS 100 AS 100 Router C AS 300 Router B Local AS 200 After Migration, with Local-AS enabled When you complete your migration, and you have reconfigured your network with the new information you must disable this feature. If the “no prepend” option is used, the local-as will not be prepended to the updates received from the eBGP peer.
www.dell.com | support.dell.com BGP4 Management Information Base (MIB) The FORCE10-BGP4-V2-MIB enhances FTOS BGP Management Information Base (MIB) support with many new SNMP objects and notifications (traps) defined in the draft-ietf-idr-bgp4-mibv2-05. To see these enhancements, download the MIB from the Dell Force10 website, www.force10networks.com. Note: Refer to the Dell Force10 iSupport webpage for the Force10-BGP4-V2-MIB and other MIB documentation.
• • • • • • • • • • The f10BgpM2[Cfg]PeerReflectorClient field is populated based on the assumption that route-reflector clients are not in a full mesh if BGP client-2-client reflection is enabled and that the BGP speaker acting as reflector will advertise routes learned from one client to another client. If disabled, it is assumed that clients are in a full mesh, and there is no need to advertise prefixes to the other clients.
www.dell.com | support.dell.com BGP Configuration To enable the BGP process and begin exchanging information, you must assign an AS number and use commands in the ROUTER BGP mode to configure a BGP neighbor. Defaults By default, BGP is disabled. By default, FTOS compares the MED attribute on different paths from within the same AS (the bgp always-compare-med command is not enabled). Note: In FTOS, all newly configured neighbors and peer groups are disabled.
• • • • • • • • • • • • • • • • • • • • Maintain existing AS numbers during an AS migration Allow an AS number to appear in its own AS path Enable graceful restart Filter on an AS-Path attribute Configure IP community lists Manipulate the COMMUNITY attribute Change MED attribute Change LOCAL_PREFERENCE attribute Change NEXT_HOP attribute Change WEIGHT attribute Enable multipath Filter BGP routes Redistribute routes on page 158 Configure BGP route reflectors Aggregate routes Configure BGP confederations Ena
www.dell.com | support.dell.com Use these commands in the following sequence, starting in the CONFIGURATION mode to establish BGP sessions on the router. Step 1 Command Syntax Command Mode Purpose router bgp as-number CONFIGURATION Assign an AS number and enter the ROUTER BGP mode. AS Number: 0-65535 (2-Byte) or 1-4294967295 (4-Byte) or 0.1-65535.65535 (Dotted format) Only one AS is supported per system If you enter a 4-Byte AS Number, 4-Byte AS Support is enabled automatically.
Enter show config in CONFIGURATION ROUTER BGP mode to view the BGP configuration. Use the show ip bgp summary command in EXEC Privilege mode to view the BGP status. Figure 8-12 shows the summary with a 2-Byte AS Number displayed; Figure 8-13 shows the summary with a 4-Byte AS Number displayed. Figure 8-12. Command example: show ip bgp summary (2-Byte AS Number displayed) R2#show ip bgp summary 2-Byte AS Number BGP router identifier 192.168.10.
www.dell.com | support.dell.com For the router’s identifier, FTOS uses the highest IP address of the Loopback interfaces configured. Since Loopback interfaces are virtual, they cannot go down, thus preventing changes in the router ID. If no Loopback interfaces are configured, the highest IP address of any interface is used as the router ID. 140 To view the status of BGP neighbors, use the show ip bgp neighbors (Figure 8-14) command in EXEC Privilege mode.
Figure 8-14. Command example: show ip bgp neighbors FTOS#show ip bgp neighbors BGP neighbor is 10.114.8.60, remote AS 18508, external link External BGP neighbor BGP version 4, remote router ID 10.20.20.
www.dell.com | support.dell.com Figure 8-15. Command example: show running-config bgp R2#show running-config bgp ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list ISP1in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.
Only one form of AS Number Representation is supported at a time. You cannot combine the types of representations within an AS. Task Command Syntax Command Mode Enable ASPLAIN AS Number representation. Figure 8-16 bgp asnotation asplain CONFIG-ROUTER-BGP Note: ASPLAIN is the default method FTOS uses and does not appear in the configuration display. Enable ASDOT AS Number representation. Figure 8-17 bgp asnotation asdot CONFIG-ROUTER-BGP Enable ASDOT+ AS Number representation.
www.dell.com | support.dell.com Figure 8-18. Command example and output: bgp asnotation asdot+ FTOS(conf-router_bgp)#bgp asnotation asdot+ FTOS(conf-router_bgp)#sho conf ! router bgp 100 bgp asnotation asdot+ bgp four-octet-as-support neighbor 172.30.1.250 remote-as 18508 neighbor 172.30.1.250 local-as 65057 neighbor 172.30.1.250 route-map rmap1 in neighbor 172.30.1.250 password 7 5ab3eb9a15ed02ff4f0dfd4500d6017873cfd9a267c04957 neighbor 172.30.1.
Step Command Syntax Command Mode Purpose 5 neighbor ip-address peer-group peer-group-name CONFIG-ROUTER-BGP Add an enabled neighbor to the peer group. 6 neighbor {ip-address | peer-group name} remote-as as-number CONFIG-ROUTER-BGP Add a neighbor as a remote AS. Formats: IP Address A.B.C.D Peer-Group Name16 characters AS-number: 0-65535 (2-Byte) or 1-4294967295 | 0.1- 65535.65535 (4-Byte) or 0.1-65535.
www.dell.com | support.dell.com Figure 8-19. Command example: show config (creating peer-group) FTOS(conf-router_bgp)#neighbor zanzibar peer-group Configuring neighbor zanzibar FTOS(conf-router_bgp)#show conf ! router bgp 45 bgp fast-external-fallover bgp log-neighbor-changes neighbor zanzibar peer-group neighbor zanzibar shutdown neighbor 10.1.1.1 remote-as 65535 neighbor 10.1.1.1 shutdown neighbor 10.14.8.60 remote-as 18505 neighbor 10.14.8.
Figure 8-21. Command example: show ip bgp peer-group FTOS>show ip bgp peer-group Peer-group zanzibar, remote AS 65535 BGP version 4 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast BGP neighbor is zanzibar, peer-group internal, Number of peers in this group 26 Peer-group members (* - outbound optimized): 10.68.160.1 10.68.161.1 10.68.162.1 10.68.163.1 10.68.164.1 10.68.165.1 10.68.166.1 10.68.167.1 10.68.168.1 10.68.169.1 10.68.170.1 10.68.171.1 10.68.172.1 10.68.
www.dell.com | support.dell.com When fall-over is enabled, BGP tracks IP reachability to the peer remote address and the peer local address. Whenever either address becomes unreachable (for example, no active route exists in the routing table for peer IPv6 destinations/local address), BGP brings down the session with the peer. The BGP fast fall-over feature is configured on a per-neighbor or peer-group basis and is disabled by default.
Figure 8-22. Command example: show ip bgp neighbors FTOS#sh ip bgp neighbors BGP neighbor is 100.100.100.100, remote AS 65517, internal link Member of peer-group test for session parameters BGP version 4, remote router ID 30.30.30.
www.dell.com | support.dell.com Figure 8-23. Command example: show ip bgp peer-group FTOS#sh ip bgp peer-group Peer-group test Fall-over enabled BGP version 4 Minimum time between advertisement runs is 5 seconds For address family: IPv4 Unicast BGP neighbor is test Number of peers in this group 1 Peer-group members (* - outbound optimized): 100.100.100.100* FTOS# router bgp 65517 neighbor test peer-group neighbor test fall-over Fast Fall-Over Indicator neighbor test no shutdown neighbor 100.100.
Use these commands in the following sequence, starting in the CONFIGURATION ROUTER BGP mode to configure passive peering. Step Command Syntax Command Mode Purpose 1 neighbor peer-group-name peer-group passive limit CONFIG-ROUTER-BGP Configure a peer group that does not initiate TCP connections with other peers. Enter the limit keyword to restrict the number of sessions accepted. 2 neighbor peer-group-name subnet subnet-number mask CONFIG-ROUTER-BGP Assign a subnet to the peer group.
www.dell.com | support.dell.com Disable this feature, using the no neighbor local-as command in CONFIGURATION ROUTER BGP mode. Figure 8-24. Local-as information shown R2(conf-router_bgp)#show conf ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.
Allow an AS number to appear in its own AS path This command allows you to set the number of times a particular AS number can occur in the AS path. The allow-as feature permits a BGP speaker to allow the ASN to be present for specified number of times in the update received from the peer, even if that ASN matches its own. The AS-PATH loop is detected if the local ASN is present more than the specified number of times in the command.
www.dell.com | support.dell.com Enable graceful restart Use this feature to lessen the negative effects of a BGP restart. FTOS advertises support for this feature to BGP neighbors through a capability advertisement. You can enable graceful restart by router and/or by peer or peer group. Note: By default, BGP graceful restart is disabled. The default role for BGP on is as a receiving or restarting peer.
With the graceful restart feature, FTOS enables the receiving/restarting mode by default. In receiver-only mode, graceful restart saves the advertised routes of peers that support this capability when they restart. . This option provides support for remote peers for their graceful restart without supporting the feature itself. You can implement BGP graceful restart either by neighbor or by BGP peer-group. For more information, please Refer to the following table or the FTOS Command Line Interface Reference.
www.dell.com | support.dell.com Figure 8-26.
Regular Expressions as filters Regular expressions are used to filter AS paths or community lists. A regular expression is a special character used to define a pattern that is then compared with an input string. For an AS-path access list as shown in the commands above, if the AS path matches the regular expression in the access list, then the route matches the access list. Figure 8-27 applies access list Eagle to routes inbound from BGP peer 10.5.5.2.
www.dell.com | support.dell.com Table 8-4 lists the Regular Expressions accepted in FTOS. Table 8-4. Regular Expressions Regular Expression Definition ^ (caret) Matches the beginning of the input string. Alternatively, when used as the first character within brackets [ ^ ] matches any number except the ones specified within the brackets. $ (dollar) Matches the end of the input string. . (period) Matches any single character, including white space.
Command Syntax Command Mode Purpose redistribute isis [level-1 | level-1-2 | level-2] [metric value] [route-map map-name] ROUTER BGP or CONF-ROUTER_BGPv6_AF Include specific ISIS routes in BGP. Configure the following parameters: • level-1, level-1-2, or level-2: Assign all redistributed routes to a level. Default is level-2. • metric range: 0 to 16777215. Default is 0. • map-name: name of a configured route map.
www.dell.com | support.dell.com • • All routes with the NO_ADVERTISE (0xFFFFFF02) community attribute must not be advertised. All routes with the NO_EXPORT (0xFFFFFF01) community attribute must not be advertised outside a BGP confederation boundary, but are sent to CONFED-EBGP and IBGP peers. FTOS also supports BGP Extended Communities as described in RFC 4360—BGP Extended Communities Attribute.
Step 2 Command Syntax Command Mode Purpose {permit | deny} {{rt | soo} {ASN:NN | IPADDR:N} | regex REGEX-LINE} CONFIG-COMMUNITYLIST Two types of extended communities are supported. Filter routes based on the type of extended communities they carry using one of the following keywords: • rt: Route Target • soo: Route Origin or Site-of-Origin. Support for matching extended communities against regular expression is also supported.
www.dell.com | support.dell.com Use these commands in the following sequence, starting in the CONFIGURATION mode, To use an IP Community list or Extended Community List to filter routes, you must apply a match community filter to a route map and then apply that route map to a BGP neighbor or peer group. Step Command Syntax Command Mode Purpose 1 route-map map-name [permit | deny] [sequence-number] CONFIGURATION Enter the ROUTE-MAP mode and assign a name to a route map.
If you want to remove or add a specific COMMUNITY number from a BGP path, you must create a route map with one or both of the following statements in the route map. Then apply that route map to a BGP neighbor or peer group. Use these commands in the following sequence, starting in the CONFIGURATION mode: Step Command Syntax Command Mode Purpose 1 route-map map-name [permit | deny] [sequence-number] CONFIGURATION Enter the ROUTE-MAP mode and assign a name to a route map.
www.dell.com | support.dell.com Figure 8-29. Command example: show ip bgp community (Partial) FTOS>show ip bgp community BGP table version is 3762622, local router ID is 10.114.8.48 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path * i 3.0.0.0/8 195.171.0.16 100 0 209 701 80 i *>i 4.2.49.12/30 195.171.0.16 100 0 209 i * i 4.21.132.0/23 195.171.0.
Command Syntax Command Mode Purpose bgp bestpath med {confed | missing-as-best} CONFIG-ROUTERBGP Change the bestpath MED selection to one of the following: confed: Chooses the bestpath MED comparison of paths learned from BGP confederations. missing-as-best: Treat a path missing an MED as the most preferred one Use the show config command in the CONFIGURATION ROUTER BGP mode to view the nondefault values.
www.dell.com | support.dell.com To view the BGP configuration, use the show config command in the CONFIGURATION ROUTER BGP mode. To view a route map configuration, use the show route-map command in EXEC Privilege mode. Change NEXT_HOP attribute You can change how the NEXT_HOP attribute is used. Use the following command in the CONFIGURATION ROUTER BGP mode to change the how the NEXT_HOP attribute is used.
Enable multipath By default, the software allows one path to a destination. You can enable multipath to allow up to 64 parallel paths to a destination. Use the following command in the CONFIGURATION ROUTER BGP mode to allow more than one path. Command Syntax Command Mode Purpose maximum-paths {ebgp | ibgp} number CONFIG-ROUTER-BGP Enable multiple parallel paths. • number range: 1 to 64 • Default is 1 The show ip bgp network command includes multipath information for that network.
www.dell.com | support.dell.com Use these commands in the following sequence, starting in the CONFIGURATION mode to filter routes using prefix lists. Step Command Syntax Command Mode Purpose 1 ip prefix-list prefix-name CONFIGURATION Create a prefix list and assign it a name. 2 seq sequence-number {deny | permit} {any | ip-prefix [ge | le] } CONFIG-PREFIX LIST Create multiple prefix list filters with a deny or permit action.
Step Command Syntax Command Mode Purpose 2 {match | set} CONFIG-ROUTE-MAP Create multiple route map filters with a match or set action. Refer to Chapter 6, “Access Control Lists (ACLs),” on page 63 for information on configuring route maps. 3 exit CONFIG-ROUTE-MAP Return to the CONFIGURATION mode. 4 router bgp as-number CONFIGURATION Enter ROUTER BGP mode.
www.dell.com | support.dell.com Step 5 Command Syntax Command Mode Purpose neighbor {ip-address | peer-group-name} filter-list as-path-name {in | out} CONFIG-ROUTER-BGP Filter routes based on the criteria in the configured route map. Configure the following parameters: • ip-address or peer-group-name: enter the neighbor’s IP address or the peer group’s name. • as-path-name: enter the name of a configured AS-PATH ACL. • in: apply the AS-PATH ACL map to inbound routes.
Aggregate routes FTOS provides multiple ways to aggregate routes in the BGP routing table. At least one specific route of the aggregate must be in the routing table for the configured aggregate to become active. Use the following command in the CONFIGURATION ROUTER BGP mode to aggregate routes.
www.dell.com | support.dell.com Configure BGP confederations Another way to organize routers within an AS and reduce the mesh for IBGP peers is to configure BGP confederations. As with route reflectors, BGP confederations are recommended only for IBGP peering involving a large number of IBGP peering sessions per router. Basically, when you configure BGP confederations, you break the AS into smaller sub-AS, and to those outside your network, the confederations appear as one AS.
When dampening is applied to a route, its path is described by one of the following terms: • • • history entry—an entry that stores information on a downed route dampened path—a path that is no longer advertised penalized path—a path that is assigned a penalty The CLI example below shows configuring values to start reusing or restarting a route, as well as their default values. Figure 8-31.
www.dell.com | support.dell.com Use the following command in the CONFIGURATION ROUTER BGP mode to configure route flap dampening parameters. Command Syntax Command Mode Purpose bgp dampening [half-life | reuse | suppress max-suppress-time] [route-map map-name] CONFIG-ROUTER-BGP Enable route dampening. Enter the following optional parameters to configure route dampening parameters: • half-life range: 1 to 45. Number of minutes after which the Penalty is decreased.
Command Syntax Command Mode Purpose set dampening half-life reuse suppress max-suppress-time CONFIG-ROUTE-MAP Enter the following optional parameters to configure route dampening parameters: • half-life range: 1 to 45. Number of minutes after which the Penalty is decreased. After the router assigns a Penalty of 1024 to a route, the Penalty is decreased by half after the half-life period expires. (Default: 15 minutes) • reuse range: 1 to 20000.
www.dell.com | support.dell.com Use the following command in EXEC Privilege mode to clear information on route dampening and return suppressed routes to active state. Command Syntax Command Mode Purpose clear ip bgp dampening [ip-address mask] EXEC Privilege Clear all information or only information on a specific route. Use the following command in EXEC and EXEC Privilege mode to view statistics on route flapping.
Change BGP timers Use either or both of the following commands in the CONFIGURATION ROUTER BGP mode to configure BGP timers. Command Syntax Command Mode Purpose neighbors {ip-address | peer-group-name} timers keepalive holdtime CONFIG-ROUTER-BGP Configure timer values for a BGP neighbor or peer group. • keepalive range: 1 to 65535. Time interval, in seconds, between keepalive messages sent to the neighbor routers. (Default: 60 seconds) • holdtime range: 3 to 65536.
www.dell.com | support.dell.com Use the clear ip bgp command in EXEC Privilege mode at the system prompt to reset a BGP connection using BGP soft reconfiguration. Command Syntax Command Mode Purpose clear ip bgp {* | neighbor-address | AS Numbers | ipv4 | peer-group-name} [soft [in | out]] EXEC Privilege Clear all information or only specific details.
Route map continue The BGP route map continue feature (in ROUTE-MAP mode) allows movement from one route-map entry to a specific route-map entry (the sequence number). If the sequence number is not specified, the continue feature moves to the next sequence number (also known as an implied continue). If a match clause exists, the continue feature executes only after a successful match occurs. If there are no successful matches, continue is ignored.
www.dell.com | support.dell.com Default is IPv4 Unicast routes.
Command Syntax Command Mode Purpose debug ip bgp dampening [in | out] EXEC Privilege View information on BGP route being dampened. debug ip bgp [ip-address | peer-group peer-group-name] events [in | out] EXEC Privilege View information on local BGP state changes and other BGP events. debug ip bgp [ip-address | peer-group peer-group-name] keepalive [in | out] EXEC Privilege View information about BGP KEEPALIVE messages.
www.dell.com | support.dell.com Figure 8-34. Viewing the Last Bad PDU from BGP Peers FTOS(conf-router_bgp)#do show ip bgp neighbors 1.1.1.2 BGP neighbor is 1.1.1.2, remote AS 2, external link BGP version 4, remote router ID 2.4.0.
The buffer size supports a maximum value between 40 MB (the default) and 100 MB. The capture buffers are cyclic and reaching the limit prompts the system to overwrite the oldest PDUs when new ones are received for a given neighbor or direction. Setting the buffer size to a value lower than the current max, might cause captured PDUs to be freed to set the new limit. Note: Memory on RP1 is not pre-allocated, and is allocated only when a PDU needs to be captured.
www.dell.com | support.dell.com Figure 8-36. Required Memory for Captured PDUs FTOS(conf-router_bgp)#do show capture bgp-pdu neighbor 172.30.1.250 Incoming packet capture enabled for BGP neighbor 172.30.1.250 Available buffer size 29165743, 192991 packet(s) captured using 11794257 bytes [. . .] FTOS(conf-router_bgp)#do sho ip bg s BGP router identifier 172.30.1.
Figure 8-37.
www.dell.com | support.dell.com Figure 8-38. Enable BGP - Router 1 R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.1/24 no shutdown R1(conf-if-lo-0)#int te 1/21 R1(conf-if-te-1/21)#ip address 10.0.1.21/24 R1(conf-if-te-1/21)#no shutdown R1(conf-if-te-1/21)#show config ! interface TengigabitEthernet 1/21 ip address 10.0.1.
Figure 8-39. Enable BGP - Router 2 R2# conf R2(conf)#int loop 0 R2(conf-if-lo-0)#ip address 192.168.128.2/24 R2(conf-if-lo-0)#no shutdown R2(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.2/24 no shutdown R2(conf-if-lo-0)#int te 2/11 R2(conf-if-te-2/11)#ip address 10.0.1.22/24 R2(conf-if-te-2/11)#no shutdown R2(conf-if-te-2/11)#show config ! interface TengigabitEthernet 2/11 ip address 10.0.1.22/24 no shutdown R2(conf-if-te-2/11)#int te 2/31 R2(conf-if-te-2/31)#ip address 10.0.2.
www.dell.com | support.dell.com Figure 8-40. Enable BGP - Router 3 R3# conf R3(conf)# R3(conf)#int loop 0 R3(conf-if-lo-0)#ip address 192.168.128.3/24 R3(conf-if-lo-0)#no shutdown R3(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.3/24 no shutdown R3(conf-if-lo-0)#int te 3/11 R3(conf-if-te-3/11)#ip address 10.0.3.33/24 R3(conf-if-te-3/11)#no shutdown R3(conf-if-te-3/11)#show config ! interface TengigabitEthernet 3/11 ip address 10.0.3.
Figure 8-41. Enable Peer Group - Router 1 R1#conf R1(conf)#router bgp 99 R1(conf-router_bgp)# network 192.168.128.0/24 R1(conf-router_bgp)# neighbor AAA peer-group R1(conf-router_bgp)# neighbor AAA no shutdown R1(conf-router_bgp)# neighbor BBB peer-group R1(conf-router_bgp)# neighbor BBB no shutdown R1(conf-router_bgp)# neighbor 192.168.128.2 peer-group AAA R1(conf-router_bgp)# neighbor 192.168.128.3 peer-group BBB R1(conf-router_bgp)# R1(conf-router_bgp)#show config ! router bgp 99 network 192.168.128.
www.dell.com | support.dell.com Figure 8-42.
Figure 8-43. Enable Peer Groups - Router 2 R2#conf R2(conf)#router bgp 99 R2(conf-router_bgp)# neighbor CCC peer-group R2(conf-router_bgp)# neighbor CC no shutdown R2(conf-router_bgp)# neighbor BBB peer-group R2(conf-router_bgp)# neighbor BBB no shutdown R2(conf-router_bgp)# neighbor 192.168.128.1 peer AAA R2(conf-router_bgp)# neighbor 192.168.128.1 no shut R2(conf-router_bgp)# neighbor 192.168.128.3 peer BBB R2(conf-router_bgp)# neighbor 192.168.128.
www.dell.com | support.dell.com Figure 8-44. Enable Peer Group - Router 3 R3#conf R3(conf)#router bgp 100 R3(conf-router_bgp)# neighbor AAA peer-group R3(conf-router_bgp)# neighbor AAA no shutdown R3(conf-router_bgp)# neighbor CCC peer-group R3(conf-router_bgp)# neighbor CCC no shutdown R3(conf-router_bgp)# neighbor 192.168.128.2 peer-group BBB R3(conf-router_bgp)# neighbor 192.168.128.2 no shutdown R3(conf-router_bgp)# neighbor 192.168.128.1 peer-group BBB R3(conf-router_bgp)# neighbor 192.168.128.
Figure 8-45.
194 | Border Gateway Protocol www.dell.com | support.dell.
9 Bare Metal Provisioning 2.0 (BMP 2.0) Bare Metal Provisioning 2.0 (BMP 2.0) is included as part of the FTOS image. It is supported on the following platforms: and z. Bare Metal Provisioning (BMP) improves accessibility to the system by automatically loading pre-defined configurations and boot images that are stored in file servers. BMP can be used on a single system or on multiple systems. For more information on using BMP and the different types of modes, refer to the Open Automation Guide.
www.dell.com | support.dell.com Restrictions BMP 2.0 is supported on the user ports and management ports of a switch. Comparison of BMP 1.5 and 2.0 BMP 2.0 provides simplified auto-configuration options for customers. This feature enhancement provides a simplified CLI, additional support for file transfer protocols such as FTP and HTTP, and access to DHCP and file servers from both user and management ports, avoiding the need for dedicated management servers. BMP 1.5 BMP 2.0 Supported on S55 and S60.
To reconfigure a switch to reload between Normal and Jumpstart mode, use the reload-type command. Command Syntax Command Mode Purpose reload-type {normal-reload | jump-start [config-download {enable | disable}] [dhcp-timeout minutes]} EXEC Privilege Reload a switch running BMP version 2.0 in either Normal or Jumpstart (BMP) mode.
www.dell.com | support.dell.com Jumpstart mode Jumpstart (BMP) mode is the default boot mode configured for a new system arriving from Dell Networking. This mode obtains the FTOS image and configuration file from a network source (DHCP and file servers). DHCP Server MAC-Based IP assignment One way to use the Jumpstart mode most efficiently is to configure the DHCP server to assign a fixed IP address, FTOS image, and configuration file based on the system’s MAC address.
Update the following parameters on the appropriate DHCP server. • • • • • Boot File Name: The FTOS image to be loaded on the system. The boot file name is expected to use option 67 or the boot filename in the BOOTP payload of the DHCP offer. If both are specified, option 67 will be used. Configuration File Name: The configurations to be applied to the system. The configuration file name is expected to use option 209. File Server Address: The server where the Image and Configurations file are placed.
www.dell.com | support.dell.com The file server that holds the boot and configuration files must be configured to allow file transfers to the switch. The system recognizes HTTP, TFTP, FTP, USB, and Flash URLs. For example: • • • • • tftp://server ip or name/filename ftp://user:passwd@serverip or name//mypath/FTOS-A.B.C.D.
3. The IP address, boot image filename and the configuration filename are reserved for the system and provided in the DHCP reply (one-file read method). The system receives its IP address, subnet mask, DHCP server IP, TFTP server address, DNS server IP, bootfile name and the configuration filename from the DHCP server. If a DHCP offer has neither an image path or configuration file path it is considered to be an invalid BMP DHCP offer and the offer is ignored.
www.dell.com | support.dell.com • If there is no version mismatch the system downloads the configuration file. 00:03:27: %STKUNIT0-M:CP %JUMPSTART-5-CFG_APPLY: The downloaded config from dhcp server is being applied 00:03:27: %STKUNIT0-M:CP %BMP-5-JUMPSTART: DHCP RELEASE sent on Fo 0/56. 00:03:27: %STKUNIT0-M:CP %SYS-5-CONFIG_LOAD: Loading configuration file c If the configuration file is downloaded from the server, any saved startup-configuration on the flash is ignored.
10 Content Addressable Memory (CAM) Content Addressable Memory (CAM) is supported on the following platforms: • • • • • • • • • s z Content Addressable Memory When to Use CAM Profiling Important Points to Remember CAM Allocation Test CAM Usage View CAM-ACL settings Return to the Default CAM Configuration CAM Optimization Troubleshoot CAM Profiling Content Addressable Memory Content Addressable Memory (CAM) is a type of memory that stores information in the form of a lookup table.
www.dell.com | support.dell.com Important Points to Remember • • • • All stack-unit within a single system must have the same CAM profile; this profile must match the system CAM profile. • FTOS automatically reconfigures the CAM profile on line cards and the secondary RPM to match the system CAM profile by saving the correct profile on the card and then rebooting it. The CAM configuration is applied to entire system when you use CONFIGURATION mode commands.
To configure the IPv4 and IPv6 ACLs and Qos regions on the entire system: Step 1 Task Command Syntax Command Mode Select a cam-acl action cam-acl [default | l2acl] CONFIGURATION Note: Selecting default resets the CAM entries to the default settings. Select l2acl to allocate space for the ACLs, and QoS regions. 2 Enter the number of FP blocks for each region.
www.dell.com | support.dell.com Test CAM Usage The test cam-usage command is supported on platforms s z This command applies to both IPv4 and IPv6 CAM profiles, but is best used when verifying QoS optimization for IPv4 ACLs. Use this command to determine whether sufficient ACL CAM space is available to enable a service-policy. Create a Class Map with all required ACL rules, then execute the test cam-usage command in Privilege mode to verify the actual CAM space required.
Return to the Default CAM Configuration Return to the default CAM Profile, microcode, IPv4Flow, or Layer 2 ACL configuration using the keyword default from EXEC Privilege mode or from CONFIGURATION mode, as shown in Figure 10-3. Figure 10-3. Returning to the default Configuration FTOS(conf)# cam-acl ? default configure cam-acl default.
www.dell.com | support.dell.com FTOS version 7.4.1 introduced the ability to view the actual CAM usage before applying a service-policy.
11 Control Plane Policing (CoPP) Control Plane Policing (CoPP) is supported on the following platforms: and z Overview Control Plane Policing (CoPP) uses ACL rules and QoS policies to create filters for a system’s control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, rate-limits, traffic to an acceptable level.
CoPP Rule Examples Q7 1100 PPS BGP, ICMP Echo, ICMP Reply, ARP Reply, NTP L3 Local Traffic Q6 400 PPS ARP Req, DHCP, Unknown L3, Q5 L2 Broadcast on L3 VLAN, 400 PPS Broadcast L2 DST on VLAN6095 Stacking, IPC, IRC, VLT Q4 2000 PPS sFlow Q3 300 PPS MAC Learning Limit Violation Log, HyperPull Q2 300 PPS MC Data BFD 200 PPS Per-Protocol Rate Limiting OSPF 200 PPS BGP 100 PPS STP 100 PPS ICMP 50 PPS . . . .
CoPP solution example OPSF flood CPU at 1100 PPS ICMP fails Q6 400 PPS Q5 Q4 CPU Processes (OSPF, LACP, STP, ICMP, etc) Packets Q7 1100 PPS (Ingress Flow Entries) ICMP PING Front End Ports STP Protocol to Queue Classification Hardware Queue Rate Limiting CPU Software Queue Figure 11-2. No CoPP Rules Q3 Q2 Q1 STP Q0 Q7 receives STP at 1100 pps due to network storm/loop. The CPU is hit with the entire 1100 pps and the PING attemp fails intermittently.
For example, BGP and ICMP share same queue (Q6); Q6 has 400 PPS of bandwidth by default. The desired rate of ICMP is 100 pps and the remaining 300 pps is assigned to BGP. If ICMP packets comes at 400 pps, BGP packets may be dropped though ICMP packets are rate limited to 100 PPS. This may be solved by increasing Q6 bandwidth to 700 pps to allow both ICMP and BGP packets and then applying per flow CoPP for ICMP and BGP packets.
Step Task Command Syntax Command Mode 7 Enter Control Plane mode. control-plane-cpuqos CONFIGURATION 8 Assign the protocol based service policy on the control plane. Enabling this command on a port-pipe automatically enables the ACL and QoS rules creates with the cpu-qos keyword.
Create QoS Class Map FTOS(conf)#class-map match-any class_ospf cpu-qos FTOS(conf-class-map-cpuqos)#match ip access-group ospf FTOS(conf-class-map-cpuqos)#exit FTOS(conf)#class-map match-any class_bgp cpu-qos FTOS(conf-class-map-cpuqos)#match ip access-group bgp FTOS(conf-class-map-cpuqos)#exit FTOS(conf)#class-map match-any class_lacp cpu-qos FTOS(conf-class-map-cpuqos)#match mac access-group lacp FTOS(conf-class-map-cpuqos)#exit FTOS(conf)#class-map match-any class-ipv6-icmp cpu-qos FTOS(conf-class-map-cpu
Step Task Command Syntax Command Mode 3 Enter Control Plane mode. control-plane-cpuqos CONFIGURATION 4 Assign a CPU queue-based service policy on the control plane in cpuqos mode. Enabling this command sets the queue rates according to those configured.
Use the show ip protocol-queue-mapping command to view the queue mapping for each configured protocol.
12 Dynamic Host Configuration Protocol (DHCP) Dynamic Host Configuration Protocol (DHCP) is available on the following platforms: s z This chapter contains the following sections: • • • • • • Protocol Overview Implementation Information Configuration Tasks Configure the System to be a DHCP Server Configure the System to be a Relay Agent Configure Secure DHCP Protocol Overview Dynamic Host Configuration Protocol (DHCP) is an application layer protocol that dynamically assigns IP addresses and other conf
www.dell.com | support.dell.com DHCP Packet Format and Options DHCP uses UDP as its transport protocol. The server listens on port 67 and transmits to port 68; the client listens on port 68 and transmits to port 67. The configuration parameters are carried as options in the DHCP packet in Type, Length, Value (TLV) format; many options are specified in RFC 2132.
Assigning an IP Address using DHCP When a client joins a network: 1. The client initially broadcasts a DHCPDISCOVER message on the subnet to discover available DHCP servers. This message includes the parameters that the client requires and might include suggested values for those parameters. 2. Servers unicast or broadcast a DHCPOFFER message in response to the DHCPDISCOVER that offers to the client values for the requested parameters.
www.dell.com | support.dell.com Implementation Information • • The Dell Networking implementation of DHCP is based on RFC 2131 and RFC 3046. IP Source Address Validation is a sub-feature of DHCP Snooping; FTOS uses ACLs internally to implement this feature and as such, you cannot apply ACLs to an interface which has IP Source Address Validation.
2. Configuration Parameter Storage and Management: DHCP servers also store and maintain other parameters that are sent to clients when requested. These parameters specify in detail how a client is to operate. 3. Lease Management: DHCP servers use leases to allocate addresses to clients for a limited time. The DHCP server maintains information about each of the leases, including lease length. 4.
www.dell.com | support.dell.com To create an address pool: Step Task Command Syntax Command Mode 1 Access the DHCP server CLI context. ip dhcp server CONFIGURATION 2 Create an address pool and give it a name. pool name DHCP 3 Specify the range of IP addresses from which the DHCP server may assign addresses. • network is the subnet address. • prefix-length specifies the number of bits used for the network portion of the address you specify.
Enable DHCP Server DHCP server is disabled by default. Step Task Command Syntax Command Mode 1 Enter the DHCP command-line context. ip dhcp server CONFIGURATION 2 Enable DHCP server. no disable Default: Disabled DHCP 3 Display the current DHCP configuration. show config DHCP In the following figure, an IP phone is powered by PoE and has acquired an IP address from the Dell Networking system, which is advertising LLDP-MED.
www.dell.com | support.dell.com Address Resolution using NetBIOS WINS Windows Internet Naming Service (WINS) is a name resolution service that Microsoft DHCP clients use to correlate host names to IP addresses within a group of networks. Microsoft DHCP clients can be one of four types of NetBIOS nodes: broadcast, peer-to-peer, mixed, or hybrid.
Debug DHCP server Task Command Syntax Command Mode Display debug information for DHCP server. debug ip dhcp server [events | packets] EXEC Privilege DHCP Clear Commands Task Command Syntax Command Mode Clear DHCP binding entries for the entire binding table. clear ip dhcp binding EXEC Privilege Clear a DHCP binding entry for an individual IP address. clear ip dhcp binding ip address EXEC Privilege Clear a DHCP address conflict.
Configuring Dell Networking Systems as a DHCP Relay Device DHCP Server 10.11.2.5 Broadcast Source IP : 10.11.1.5 Destination IP: 255.255.255.255 Source Port: 67 Destination Port: 68 Unicast Source IP : 10.11.1.5 Destination IP: 10.11.0.3 Source Port: 67 Destination Port: 68 Unicast www.dell.com | support.dell.com Figure 12-4. DHCP Server 10.11.1.5 1/4 Broadcast Source IP : 0.0.0.0 Destination IP: 255.255.255.255 Source Port: 68 Destination Port: 67 Relay Agent Address: 0.0.0.
• • • DHCP Snooping Dynamic ARP Inspection Source Address Validation Option 82 RFC 3046 (Relay Agent Information option, or Option 82) is used for class-based IP address assignment. The code for the Relay Agent Information option is 82, and is comprised of two sub-options, Circuit ID and Remote ID. • • Circuit ID is the interface on which the client-originated message is received. Remote ID identifies the host from which the message is received.
www.dell.com | support.dell.com When DHCP Snooping is enabled, the relay agent builds a binding table—using DHCPACK messages— containing the client MAC address, IP addresses, IP address lease time, port, VLAN ID, and binding type. Every time the relay agent receives a DHCPACK on an trusted port, it adds an entry to the table.
Enable DCHP snooping Step Task Command Syntax Command Mode 1 Enable DHCP Snooping globally. ip dhcp snooping CONFIGURATION 2 Specify ports connected to DHCP servers as trusted. ip dhcp snooping trust INTERFACE 3 Enable DHCP Snooping on a VLAN. ip dhcp snooping vlan vlan CONFIGURATION Add a static entry in the binding table Task Command Syntax Command Mode Add a static entry in the binding table. ip dhcp snooping binding mac EXEC Privilege nn:nn:nn:nn:nn:nn vlan-id vlan ip A.B.C.
www.dell.com | support.dell.com Packets received on snooping disabled L3 Ports : 0 Snooping packets processed on L2 vlans : 142 DHCP Binding File Details Invalid File Invalid Binding Entry Binding Entry lease expired List of Trust Ports List of DHCP Snooping Enabled Vlans List of DAI Trust ports : 0 : 0 : 0 :Te 0/49 :Vl 10 :Te 0/49 Drop DHCP packets on snooped VLANs only Binding table entries are deleted when a lease expires, or the relay agent encounters a DHCPRELEASE. Starting with FTOS Release 8.2.1.
A spoofed ARP message is one in which MAC address in the sender hardware address field and the IP address in the sender protocol field are strategically chosen by the attacker. For example, in an MITM attack, the attacker sends a client an ARP message containing the attacker’s MAC address and the gateway’s IP address. The client then thinks that the attacker is the gateway, and sends all internet-bound packets to it.
www.dell.com | support.dell.com Internet Internet FTOS# 10.1.1.253 10.1.1.254 - 00:00:4d:57:f8:e8 00:00:4d:69:e8:f2 Te 0/3 Te 0/50 Vl 10 CP Vl 10 CP Use show arp inspection statistics command to refer how many valid and invalid ARP packets have been processed.
The DHCP binding table associates addresses assigned by the DHCP servers, with the port on which the requesting client is attached. When IP Source Address Validation is enabled on a port, the system verifies that the source IP address is one that is associated with the incoming port. If an attacker is impostering as a legitimate client the source address appears on the wrong ingress port, and the system drops the packet.
www.dell.com | support.dell.com FTOS creates an ACL entry for each IP+MAC address pair in the binding table and applies it to the interface. 234 | Task Command Syntax Command Mode Display the IP+MAC ACL for an interface for the entire system.
13 Debugging and Diagnostics The chapter contains the following major sections: • • • • • • • • • • Offline Diagnostics TRACE logs Hardware watchdog timer Hardware watchdog timer Environmental monitoring show hardware commands (S6000) Hardware MIB Buffer statistics Mini Core Dumps Kernel Core Dumps TCP Dumps Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware.
www.dell.com | support.dell.com • • • • When offline diagnostics are complete, the unit or stack member reboots automatically. Diagnostics only test connectivity, not the entire data path. Diagnostic results are stored on the flash of the unit on which you performed the diagnostics. Diagnostic tests run in both non-fanout and fanout mode configuration. Running Offline Diagnostics 1.
Figure 13-2.
www.dell.com | support.dell.com Figure 13-3. Running Offline Diagnostics on a S6000 Standalone Unit FTOS#diag stack-unit 0 alllevels Warning - diagnostic execution will cause multiple link flaps on the peer side - advisable to shut directly connected ports Proceed with Diags [confirm yes/no]: yes FTOS#May 8 12:51:31: %S6000:0 %DIAGAGT-6-DA_DIAG_STARTED: Starting diags on stack unit 0 00:43:20 : Approximate time to complete the Diags ...
Figure 13-4. Verifying the Offline/Online Diagnostics of a S6000 Standalone Unit FTOS#show file flash://TestReport-SU-0.txt *******************************S6000 DIAGNOSTICS******************************* Board : S6000 Dell Networking CPU Version : Intel Centerton Processor Stack Unit Board Temp : 29 Degree C Stack Unit Number : 0 Board Service Tag : STG1234 System Cpld Rev : 0xa Master Cpld Rev : 0xc Slave Cpld Rev : 0xa Image Build Version : 9.0(2.
www.dell.com | support.dell.com Test 12.002 - FanTray2 AirFlow Type Test ............................ PASS Test 12 - FanTray AirFlow Type Test ................................. PASS Test 13.000 - I2c Access Test ....................................... PASS Test 13.001 - I2c Access Test ....................................... PASS Test 13.002 - I2c Access Test ....................................... PASS Test 13.003 - I2c Access Test ....................................... PASS Test 13.
Figure 13-6. show diag information Command Example FTOS#show diag information Diag information: Diag software image version: 9.0(2.0) ------------------------------------------------------------------Stack-unit Member 0: Unit diags are done (Stackunit Offline). Stack-unit Member 1: Not present. Stack-unit Member 2: Not present. Stack-unit Member 3: Not present. Stack-unit Member 4: Not present. Stack-unit Member 5: Not present.
www.dell.com | support.dell.com Figure 13-7. show diag stack-unit Command Example FTOS#show diag stackunit 0 Diag status of Stackunit member 0: -------------------------------------------------------------------------Stackunit is currently offline. Stackunit level0 diag issued at Thu May 09, 2013 01:04:35 PM. Current diag status : Unit diags are done.
QSFPPLUSPRESENCETEST(0, 23, 1) USBAACCESSTEST(0, 25, 1) USBHOSTCONTROLLERACCESSTEST(0, 26, 1) End of Diags Duration of execution: 1 min 1 sec TRACE logs In addition to the syslog buffer, FTOS buffers trace messages which are continuously written by various FTOS software tasks to report hardware and software events and status information. Each trace message provides the date, time, and name of the FTOS process.
www.dell.com | support.dell.com The power readings are updated in the interface management (IFM) in the given interval. Without enabling this command all the power readings displayed as zero in interface management (IFM) walk.
Figure 13-8.
www.dell.com | support.dell.com Figure 13-9. Show interfaces Command Example FTOS#show interfaces fortyGigE 0/0 fortyGigE 0/0 is down, line protocol is down Hardware is DellForce10Eth, address is 90:b1:1c:f4:99:ce Current address is 90:b1:1c:f4:99:ce Pluggable media present, QSFP type is 40GBASE-SR4 Wavelength is 850nm QSFP receive power reading is -2.4397dBm Interface index is 33702145 Rx power is displays in dBm units.
Measured Tx power is converted to dbm using following calculation. This value is then multiplied by 100 and displayed in SNMP.( Figure 13-11) Power in dbm = 10*log (measured Tx power) Figure 13-11. Tx Power Calculation Example Tx Power = 0.525mW Then Power = 10 * log (0.525) dBm = -2.798 dBm The value displayed in Snmp = -279 Note: • • • • • The Value of “1000000” indicates the power reading is not supported (for example, copper optics power reading is not supported).
www.dell.com | support.dell.com Figure 13-12.
Temperature displays Celsius units. Temperature via SNMP: OID Name: chSysPortXfpRecvTemp SNMP OID: .1.3.6.1.4.1.6027.3.10.1.2.5.1.7 1. Obtain the temperature of connected optics using a SNMP walk to this OID. 2. The measured power is always in Celsius. Note: • • • The Value of “1000000” indicates the power reading is not supported (for example, copper optics power reading is not supported). The value of “65535” indicates optics is not present.
www.dell.com | support.dell.com Figure 13-13.
QSFP 0 Serial ID Base Fields QSFP 0 Id = 0x0d QSFP 0 Ext Id = 0x00 QSFP 0 Connector = 0x0c QSFP 0 Transceiver Code = 0x04 0x00 0x00 0x00 0x00 0x00 0x00 0x00 QSFP 0 Encoding = 0x05 QSFP 0 Length(SFM) Km = 0x00 QSFP 0 Length(OM3) 2m = 0x32 QSFP 0 Length(OM2) 1m = 0x00 QSFP 0 Length(OM1) 1m = 0x00 QSFP 0 Length(Copper) 1m = 0x00 QSFP 0 Vendor Rev = 0 QSFP 0 Laser Wavelength = 850.
www.dell.com | support.dell.
Figure 13-14. Sample Configs FTOS#conf FTOS(conf)#enable optic-info-update ? interval Polling interval FTOS(conf)#enable optic-info-update interval 120 FTOS(conf)#end FTOS#01:04:28: %STKUNIT0-M:CP %SYS-5-CONFIG_I: Configured from console OID chSysPortXfpRecvPower snmpwalk -c public -v 2c 10.16.132.4 1.3.6.1.4.1.6027.3.10.1.2.5.1.6 SNMPv2-SMI::enterprises.6027.3.10.1.2.5.1.6.1.1 = INTEGER: -242 SNMPv2-SMI::enterprises.6027.3.10.1.2.5.1.6.1.5 = INTEGER: 65535 SNMPv2-SMI::enterprises.6027.3.10.1.2.5.
www.dell.com | support.dell.com Table 13-1. SNMP Traps and OIDs OID String OID Name Description chSysPortXfpRecvPower OID to display the receiving power of the connected optics. chSysPortXfpTxPower OID to display the transmitting power of the connected optics. chSysPortXfpRecvTemp OID to display the Temperature of the connected optics. Receiving power .1.3.6.1.4.1.6027.3.10.1.2.5.1.6 Transmitting power .1.3.6.1.4.1.6027.3.10.1.2.5.1.8 Temperature .1.3.6.1.4.1.6027.3.10.1.2.5.1.
Figure 13-15. show alarms threshold Command Example FTOS#show alarms threshold -- Temperature Limits (deg C) -- --------------------------------------------------------------------------Minor Off Unit0 55 Minor Major Off Major Shutdown 60 75 80 85 Troubleshoot an Overtemperature Condition To troubleshoot an over-temperature condition: 1. Use the show environment commands to monitor the temperature levels. 2. Check air flow through the system. 3.
www.dell.com | support.dell.com Note: Only use the show hardware commands under the guidance of the Dell Networking Technical Assistance Center. Table 13-2. show hardware Commands Command Description show hardware stack-unit {0-5} cpu management statistics View internal interface status of the stack-unit CPU port which connects to the external management interface.
The S6000 supports thirty-two 40G ports or 104 physical ports maximum (mix of 10G and 40G) are allowed ninety-six10G ports or twenty-four 40G ports, and eight fixed 40G ports. Ports 4, 12, 20, 28, 100, 108, 116, and 124 are the ports where fanout configuration is not allowed. That is, fan-out is not supported on the top four ports of the first four columns and the last four columns of the table above. Ports are numbered from 0 and spaced in multiples of four (in order to accommodate fanout) up to 124 ports.
www.dell.com | support.dell.com Table 13-3. (S6000) Internal-Userport-Mapping- (When All Ports are in 40gig Mode) Internal Port Numbering User Port -Numbering Mode xe30 120 40G/10G xe31 124 Fixed 40G Port Troubleshooting packet loss The show hardware stack-unit command are intended to troubleshoot packet loss.
Figure 13-17. Displaying Drop Counters for Unit S6000-B4#show hardware stack-unit 0 drops unit 0 UserPort PortNumber Ingress Drops IngMac Drops Total Mmu Drops EgMac Drops Egress Drops 0 1 0 0 0 0 0 1 2 0 0 0 0 0 2 3 0 0 0 0 0 3 4 0 0 0 0 0 4 5 0 0 0 0 0 8 6 0 0 0 0 0 9 7 0 0 0 0 0 ... Table 13-4. Hardware MIB Buffer statistics OID String OID Name Description .1.3.6.1.4.1.6027.3.16.1.1.
www.dell.com | support.dell.com Figure 13-18.
Displaying Stack Member Counters The show hardware stack-unit 0–5 {counters | details | port-stats [detail] | register} command displays internal receive and transmit statistics, based on the selected command option. A sample of the output is shown for the counters option in the following example. FTOS#show hardware stack-unit 0 unit 0 counters RDBGC0.cpu0 : 716 +716 RDBGC7.cpu0 : 716 +716 ING_NIV_RX_FRAMES.cpu0 : 2,148 +2,148 PG_SHARED_PEAK(7).cpu0 : 2,560 PG_SHARED_CUR(7).
www.dell.com | support.dell.com Application Core Dumps Application core dumps are Enabled by default. A core dump file can be very large. Core dumps are stored in the local flash.
Figure 13-19.
www.dell.com | support.dell.com Maximize the number of packets recorded in a file by specifying the snap-length to capture the file headers only. 264 The tcpdump command has a finite run process. When you enable the command, it runs until the capture-duration timer and/or the packet-count counter threshold is met. If threshold, the system uses a default of five minute capture-duration and/or a single 1k file as the stopping point for the dump.
14 Equal Cost Multi-Path (ECMP) Equal Cost Multi-Path (ECMP) is supported on the following platforms: s • • • z Configurable Hash Algorithm Seed Link Bundle Monitoring Managing ECMP Group Paths Configurable Hash Algorithm Seed Deterministic ECMP sorts ECMPs in order even though RTM provides them in a random order. However, the hash algorithm uses as a seed the lower 12 bits of the chassis MAC, which yields a different hash result for every chassis.
www.dell.com | support.dell.com Monitoring linked ECMP bundles allows traffic distribution amounts in a link to be monitored for unfair distribution at any given time. A default threshold of 60% is defined as an acceptable amount of traffic on a member link. Links are monitored in 15-second intervals for three consecutive instances. Any deviation within that time causes a syslog to be sent and an alarm event to be generated.
Use the ip ecmp-group path-fallback command to enable or disable the feature. Task Command Command Mode Configure the maximum number of paths per ECMP group ip ecmp-group maximum-paths {2-64} CONFIGURATION Enable ECMP group path management ip ecmp-group path-fallback CONFIGURATION Note: You must save the new ECMP settings to the startup-config (write-mem) then reload the system for the new settings to take effect.
www.dell.com | support.dell.
15 Data Center Bridging (DCB) Data center bridging (DCB) features are supported on the • • • switch, including: Data center bridging exchange protocol (DCBx) Priority-based flow control (PFC) Enhanced transmission selection (ETS) This chapter describes the following data center bridging topics: • • • • • • • • Ethernet Enhancements in Data Center Bridging Data Center Bridging: Default Configuration Enabling Data Center Bridging QoS dot1p Traffic Classification and Queue Assignment Configuring Priority-B
www.dell.com | support.dell.com • • • LAN traffic consists of a large number of flows that are generally insensitive to latency requirements, while certain applications, such as streaming video, are more sensitive to latency. Ethernet functions as a best-effort network that may drop packets in case of network congestion. IP networks rely on transport protocols (for example, TCP) for reliable data transmission with the associated cost of greater processing overhead and performance impact.
Figure 15-1. Priority-Based Flow Control PFC is implemented as follows in the Dell Networking operating software (FTOS): • • • • • • PFC is supported on specified 802.1p priority traffic (dot1p 0 to 7) and is configured per interface. However, only two lossless queues are supported on an interface: one for FCoE converged traffic with priority 3 and one for iSCSI storage traffic with priority 4. You must configure the same lossless queues on all ports.
www.dell.com | support.dell.com Although you can configure strict-priority queue scheduling for a priority group, ETS introduces flexibility that allows the bandwidth allocated to each priority group to be dynamically managed according to the amount of LAN, storage, and server traffic in a flow. Unused bandwidth is dynamically allocated to prioritized priority groups. Traffic is queued according to its 802.
Data Center Bridging Exchange Protocol The data center bridging exchange (DCBx) protocol is enabled by default on the S6000; PFC and ETS are also enabled. For more information, refer to Data Center Bridging: Default Configuration. DCBx allows a switch to automatically discover DCB-enabled peers and exchange configuration information. PFC and ETS use DCBx to exchange and negotiate parameters with peer devices.
www.dell.com | support.dell.com Data Center Bridging: Default Configuration Before you configure PFC and ETS on an S6000 switch, take into account the following default settings: • DCB is enabled (Refer to Enabling Data Center Bridging). • By default, the PFC memory buffer supports up to 52 (not 64) PFC-enabled ports and two lossless queues per port. PFC and ETS are globally enabled by default: • The default dot1p priority-queue assignments are applied as follows: • 802.
QoS dot1p Traffic Classification and Queue Assignment DCB supports PFC, ETS, and DCBx to handle converged Ethernet traffic that is assigned to an egress queue according to the following quality of service (QoS) methods: • • Important: of two S5000 Honor dot1p: Using the service-class dynamic dot1p command, you can honor dot1p priorities in ingress traffic at the port or global switch level (Refer to Default dot1p to Queue Mapping). Honoring dot1p priorities in ingress traffic is enabled by default.
www.dell.com | support.dell.com Table 15-1. Default dot1p Priority-Queue Assignment on Switch dot1p Value in Incoming Frame Egress Queue Assignment 0 2 1 0 2 1 3 3 4 4 5 5 6 6 7 7 Configuring Priority-Based Flow Control .Priority-based flow control provides a flow control mechanism based on the 802.1p priorities in converged Ethernet traffic received on an interface and is enabled by default.
Step Task Command 3 Configure the CoS traffic to be stopped for the pfc priority priority-range specified delay. Enter the 802.1p values of the frames to be paused. Valid values: 0-7. Default: None. Maximum number of loss less queues supported on the switch: 2. Separate priority values with a comma; specify a priority range with a dash; for example: pfc Command Mode DCB INPUT POLICY priority 1,3,5-7.
www.dell.com | support.dell.com FTOS Behavior: As soon as you apply a DCB policy with PFC enabled on an interface, DCBX starts exchanging information with PFC-enabled peers. The IEEE802.1Qbb, CEE and CIN versions of PFC TLV are supported. DCBX also validates PFC configurations received in TLVs from peer devices. By applying a DCB input policy with PFC enabled, you enable PFC operation on ingress port traffic.
FTOS Behavior: Traffic may be interrupted when you reconfigure PFC no-drop priorities in an input policy or re-apply the policy to an interface. FTOS does not support MACsec Bypass Capability (MBC). Configuring Lossless Queues DCB also supports the manual configuration of lossless queues on an interface when PFC mode is turned off and priority classes are disabled in a DCB input policy applied to the interface.
www.dell.com | support.dell.com FTOS Behavior: By default, no lossless queues are configured on a port. A limit of two lossless queues are supported on a port. If the amount of priority traffic that you configure to be paused exceeds the two lossless queues, an error message is displayed. You must reconfigure the input policy using a smaller number of PFC priorities.
ETS Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure ETS bandwidth allocation or queue scheduling and apply a QoS DCB Output policy on an interface: • • • • Configuring ETS bandwidth allocation or a queue scheduler for dot1p priorities in a priority group is applicable only if the DCBX version used on a port is CIN (refer to Configuring DCBx on an Interface).
www.dell.com | support.dell.com To create a QoS output policy with ETS settings, follow these steps: 282 | Step Task Command Command Mode 1 Create a QoS output policy to configure the ETS bandwidth allocation and scheduling for priority traffic. Maximum: 32 characters. qos-policy-output policy-name ets CONFIGURATION 2 scheduler value (Optional) Configure the method used to schedule priority traffic in port queues.
FTOS Behavior: Traffic in priority groups is assigned to strict-queue or WERR scheduling in an DCB Output policy and is managed using the ETS bandwidth-assignment algorithm. FTOS deqeues all frames of strict-priority traffic before servicing any other queues. A queue with strict-priority traffic can starve other queues in the same port. ETS-assigned bandwidth allocation and scheduling apply only to data queues, not to control queues. FTOS supports hierarchical scheduling on an interface.
www.dell.com | support.dell.com Creating an ETS Priority Group An ETS priority group specifies the range of 802.1p priority traffic to which a QoS output policy with ETS settings is applied on an egress interface. You can associate a priority group to more than one DCB Output policy on different interfaces. To create a priority group for ETS, follow these steps: Step Task Command Command Mode 1 Create an ETS priority group to use with an ETS output policy. Maximum: 32 characters.
Applying an DCB Output Policy for a Priority Group to an Interface To apply ETS on egress port traffic, you must associate a priority group with an DCB Output policy which has scheduling and bandwidth configuration in a DCB output policy, and then apply the output policy to an interface. To apply ETS on egress port traffic, follow these steps: Step Task Command Command Mode 1 Create a DCB output policy to associate an ETS configuration with priority traffic. Maximum: 32 alphanumeric characters.
www.dell.com | support.dell.com FTOS Behavior: Create a DCB output policy to associate a priority group with an DCB Output policy with scheduling and bandwidth configuration. You can apply a DCB output policy on multiple egress ports. The ETS configuration associated with 802.1p priority traffic in a DCB output policy is used in DCBX negotiation with ETS peers.
- The dot1p priority for strict-priority scheduling (strict-priority command; Strict-priority Queueing) - The priority group for strict-priority scheduling (scheduler strict command; Creating a QoS DCB Output Policy) If you configure only the priority group in an DCB Output policy or only the dot1p priority for strict-priority scheduling, the flow is handled with group strict priority.
www.dell.com | support.dell.com Configuring DCBx Operation The data center bridging exchange protocol (DCBx) is used by DCB devices to exchange configuration information with directly connected peers using the link layer discovery protocol (LLDP) protocol. DCBx can detect the mis-configuration of a peer DCB device, and optionally, configure peer DCB devices with DCB feature settings to ensure consistent operation in a data center network.
DCBx Port Roles Note: When you configure the S6000 switch to operate as an NPIV proxy gateway, DCBx supports only the manual port role. To enable the auto-configuration of DCBx-enabled ports and propagate DCB configurations learned from peer DCBx devices internally to other switch ports, use the following DCBx port roles: • • • Auto-upstream: The port advertises its own configuration to DCBx peers and is willing to receive peer configuration.
www.dell.com | support.dell.com • On a DCBx port that is the configuration source, all PFC and application priority TLVs are enabled. ETS recommend TLVs are disabled and ETS configuration TLVs are enabled. Manual: The port is configured to operate only with administrator-configured settings and does not auto-configure with DCB settings received from a DCBx peer or from an internally propagated configuration from the configuration source.
Configuration Source Election When an auto-upstream or auto-downstream port receives a DCB configuration from a peer, the port first checks to see if there is an active configuration source on the switch. • • If a configuration source already exists, the received peer configuration is checked against the local port configuration. If the received configuration is compatible, the DCBx marks the port as DCBx-enabled.
www.dell.com | support.dell.com Auto-Detection and Manual Configuration of the DCBx Version When operating in Auto-Detection mode (DCBx version auto command in the DCBx Configuration Procedure), a DCBx port automatically detects the DCBx version on a peer port. Legacy CIN and CEE versions are supported in addition to the standard IEEE version 2.5 DCBx. A DCBx port detects a peer version after receiving a valid frame for that version.
Figure 15-4. DCBx Sample Topology DCBx Prerequisites and Restrictions The following prerequisites and restrictions apply when you configure DCBx operation on a port: • • DCBx requires LLDP in both send (TX) and receive (RX) mode to be enabled on a port interface (protocol lldp mode command; refer to the example in CONFIGURATION versus INTERFACE Configurations in the Link Layer Discovery Protocol (LLDP) chapter).
www.dell.com | support.dell.com • • CEE-DCBX supports T11-compliant Gen-2 CNAs. • CIN-DCBX supports Gen-1 CNAs. • IEEE 802.1Qaz (Draft 2.5) supports Gen-2 CNAs. You can also configure an interface to operate using the DCBx version received from a peer (auto-configure option). In this case, the S6000 detects the capabilities of a CNA and auto-configures the interface to the correct DCBx mode.
Step Task Command Command Mode 4 Configure the DCBx port role used by the interface to exchange DCB information, where: • auto-upstream configures the port to receive a peer configuration. The configuration source is elected from auto-upstream ports. • auto-downstream configures the port to accept the internally propagated DCB configuration from a configuration source. • config-source configures the port to serve as the configuration source on the switch.
www.dell.com | support.dell.com Configuring DCBx Globally on the Switch To globally configure DCBx operation on a switch, follow these steps: Step Task Command Command Mode 1 Enter Global Configuration mode. configure EXEC PRIVILEGE 2 Enter LLDP Configuration mode to enable DCBx operation.
Step Task Command Command Mode 6 Configure the FCoE priority advertised for the FCoE protocol in Application Priority TLVs. The priority-bitmap range is from 1 to FF. Default: 0x8. [no] fcoe priority-bits priority-bitmap PROTOCOL LLDP 7 Configure the iSCSI priority advertised for the iSCSI protocol in Application Priority TLVs. The priority-bitmap range is from 1 to FF. Default: 0x10.
www.dell.com | support.dell.com Figure 15-5. 298 show qos dot1p-queue-mapping Command Example FTOS(conf)# show qos dot1p-queue-mapping Dot1p Priority: 0 1 2 3 4 5 6 7 Queue : 2 0 1 3 4 5 6 7 Figure 15-6.
Figure 15-7.
www.dell.com | support.dell.com Table 15-3. 300 show interfaces pfc Field Descriptions Field | Description Remote is enabled, Priority list Remote Willing Status is enabled Operational status (enabled or disabled) of peer device for DCBx exchange of PFC configuration with a list of the configured PFC priorities. Willing status of peer device for DCBx exchange (Willing bit received in PFC TLV): enabled or disabled.
Table 15-3. show interfaces pfc Field Descriptions Field Input Appln Priority TLV pkts Output Appln Priority TLV pkts Error Appln Priority TLV pkts Figure 15-8. Description Number of Application Priority TLVs received. Number of Application Priority TLVs transmitted. Number of Application Priority error packets received.
www.dell.com | support.dell.com Figure 15-9.
FTOS(conf)# show interfaces tengigabitethernet 0/0 ets detail Interface TenGigabitEthernet 0/0 Max Supported TC Groups is 4 Number of Traffic Classes is 8 Admin mode is on Admin Parameters : -----------------Admin is enabled TC-grp Priority# Bandwidth TSA 0 0,1,2,3,4,5,6,7 100% ETS 1 0% ETS 2 0% ETS 3 0% ETS 4 0% ETS 5 0% ETS 6 0% ETS 7 0% ETS Priority# 0 1 2 3 4 5 6 7 Remote Parameters: ------------------Remote is disabled Local Parameters : -----------------Local is enabled TC-grp Priority# 0 0,1,2,3,4,5,
www.dell.com | support.dell.com 304 Table 15-4. show interfaces ets Field Descriptions Field | Description Interface Interface type with stack-unit and port number. Max Supported TC Group Maximum number of priority groups supported. Number of Traffic Classes Number of 802.1p priorities currently configured. Admin mode ETS mode: on or off. When on, the scheduling and bandwidth allocation configured in an DCB Output policy or received in a DCBx TLV from a peer can take effect on an interface.
Figure 15-10.
www.dell.com | support.dell.com Figure 15-11.
Table 15-5. show interfaces DCBx detail Field Descriptions Field Description Local DCBx TLVs Transmitted Transmission status (enabled or disabled) of advertised DCB TLVs (Refer to TLV code at the top of the show command output). Local DCBx Status: DCBx Operational Version DCBx version advertised in Control TLVs. Local DCBx Status: DCBx Max Version Supported Highest DCBx version supported in Control TLVs. Local DCBx Status: Sequence Number Sequence number transmitted in Control TLVs.
www.dell.com | support.dell.com Table 15-5. show interfaces DCBx detail Field Descriptions Field Description Total DCBx Frames unrecognized Number of unrecognizable DCBx frames received. Figure 15-12.
Figure 15-13.
www.dell.com | support.dell.com • 310 DCBx Oper status: Disabled. Table 15-6. W Reasons why DCBx Oper Status is Down Reason | Description Port Shutdown Port is shut down. All other reasons for DCBx inoperation, if any, are ignored. LLDP Rx/Tx is disabled LLDP is disabled (Admin Mode set to rx or tx only) globally or on the interface. Waiting for Peer Waiting for peer or detected peer connection has aged out. Multiple Peer Detected Multiple peer connections detected on the interface.
Table 15-6. Reasons why DCBx Oper Status is Down Reason ETS is down (show interfaces dcb output) Description One of the following ETS-specific errors occurred in ETS validation: - Unsupported PGID - A priority group exceeds the maximum number of supported priorities. - COSQ is mapped to more than one priority group. - Invalid or unsupported transmission selection algorithm (TSA). - Bandwidth is configured for an unconfigured priority group.
www.dell.com | support.dell.com Debugging DCBx on an Interface 312 To enable DCBx debug traces for all or a specific control path, use the following command: | Task Command Command Mode Enable DCBx debugging, where: • all: Enables all DCBx debugging operations. auto-detect-timer: Enables traces for DCBx auto-detect timers. • config-exchng: Enables traces for DCBx configuration exchanges. • fail: Enables traces for DCBx failures. • mgmt: Enables traces for DCBx management frames.
16 FIP Snooping FIP snooping is supported on the platform .
www.dell.com | support.dell.com To ensure similar Fibre Channel robustness and security with FCoE in an Ethernet cloud network, the Fibre Channel over Ethernet initialization protocol (FIP) establishes virtual point-to-point links between FCoE end-devices (server ENodes and target storage devices) and FCoE forwarders (FCFs) over transit FCoE-enabled bridges.
Figure 16-1. FIP discovery and login between an ENode and an FCF FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF. An Ethernet bridge that provides these functions is called a FIP snooping bridge (FSB).
www.dell.com | support.dell.com • • • 316 Port-based ACLs are applied on ports directly connected to an FCF and on server-facing ENode ports. Port-based ACLs take precedence over global ACLs. FCoE-generated ACLs take precedence over user-configured ACLs. A user-configured ACL entry cannot deny FCoE and FIP snooping frames. Figure 16-2 shows an S6000 used as a FIP snooping bridge in a converged Ethernet network. The ToR switch operates as an FCF for FCoE traffic.
The following sections describe how to configure the FIP snooping feature on a switch that functions as a FIP snooping bridge so that it can perform the following functions: • • • • • Perform FIP snooping (allowing and parsing FIP frames) globally on all VLANs or on a per-VLAN basis. Set the FCoE MAC address prefix (FC-MAP) value used by an FCF to assign a MAC address to an FCoE end-device (server ENode or storage device) after a server successfully logs in.
www.dell.com | support.dell.com Enabling the FIP Snooping Feature As soon as you enable the FIP snooping feature on a switch-bridge, existing VLAN-specific and FIP snooping configurations are applied. By default, all FCoE and FIP frames are dropped unless specifically permitted by existing FIP snooping-generated ACLs. You can reconfigure any of the FIP snooping settings. If you disable FIP snooping, FIP and FCoE traffic are handled as normal Ethernet frames and no FIP snooping ACLs are generated.
FCoE traffic is allowed on the port only after a successful FLOGI request/response and confirmed use of the configured FC-MAP value for the VLAN. Impact on other Software Features When you enable FIP snooping on a switch, other software features are impacted as follows: • • • • MAC address learning: MAC address learning is not performed on FIP and FCoE frames, which are denied by ACLs dynamically created by FIP snooping on server-facing ports in ENode mode.
www.dell.com | support.dell.com • • • The maximum number of FIP snooping sessions (including NPIV sessions) supported per ENode server is 16. In a full FCoE N_port ID virtualization (NPIV) configuration, 16 sessions (one FLOGI + fifteen NPIV sessions) are supported per ENode. In an FCoE NPIV configuration, only one session is supported per ENode. The maximum number of FCFs supported per FIP snooping-enabled VLAN is four.
Displaying FIP Snooping Information Use the show commands in Table 16-1 to display information on FIP snooping. Table 16-1.
www.dell.com | support.dell.com Figure 16-3. show fip-snooping sessions Command Example FTOS#show fip-snooping sessions Enode MAC Enode Intf aa:bb:cc:00:00:00 Te 0/42 aa:bb:cc:00:00:00 Te 0/42 aa:bb:cc:00:00:00 Te 0/42 aa:bb:cc:00:00:00 Te 0/42 aa:bb:cc:00:00:00 Te 0/42 FCoE MAC 0e:fc:00:01:00:01 0e:fc:00:01:00:02 0e:fc:00:01:00:03 0e:fc:00:01:00:04 0e:fc:00:01:00:05 Table 16-2.
Figure 16-5. show fip-snooping enode Command Example FTOS# show fip-snooping enode Enode MAC Enode Interface ----------------------d4:ae:52:1b:e3:cd Te 0/11 Table 16-3. FCF MAC ------54:7f:ee:37:34:40 VLAN ---100 FC-ID ----62:00:11 show fip-snooping enode Command Description Field Description ENode MAC MAC address of the ENode. ENode Interface Slot/ port number of the interface connected to the ENode. FCF MAC MAC address of the FCF. VLAN VLAN ID number used by the session.
www.dell.com | support.dell.com Figure 16-7.
Figure 16-8.
www.dell.com | support.dell.com 326 Table 16-5. | show fip-snooping statistics Command Descriptions Field Description Number of Vlan Requests Number of FIP-snooped VLAN request frames received on the interface. Number of VLAN Notifications Number of FIP-snooped VLAN notification frames received on the interface. Number of Multicast Discovery Solicits Number of FIP-snooped multicast discovery solicit frames received on the interface.
Figure 16-9. show fip-snooping system Command Example FTOS# show fip-snooping system Global Mode FCOE VLAN List (Operational) FCFs Enodes Sessions : : : : : Enabled 1, 100 1 2 17 Note: NPIV sessions are included in the number of FIP-snooped sessions displayed. Figure 16-10.
www.dell.com | support.dell.com In Figure 16-11, DCBX and PFC are enabled on the S6000 Switch (FIP snooping bridge) and on the FCF ToR switch. On the FIP snooping bridge, DCBX is configured as follows: • • A server-facing port is configured for DCBX in an auto-downstream role. An FCF-facing port is configured for DCBX in an auto-upstream or configuration-source role.
Figure 16-12. FIP Snooping Configuration Example Enable the FIP snooping feature on the switch (FIP snooping bridge): FTOS(conf)# feature fip-snooping Enable FIP snooping on FCoE VLAN 10: FTOS(conf)# interface vlan 10 FTOS(conf-if-vl-10)# fip-snooping enable Enable an FC-MAP value on VLAN 10: FTOS(conf-if-vl-10)# fip-snooping fc-map 0xOEFC01 Note: Configuring an FC-MAP value is only required if you do not use the default FC-MAP value (0x0EFC00).
330 | FIP Snooping www.dell.com | support.dell.
17 Force10 Resilient Ring Protocol (FRRP) Force10 Resilient Ring Protocol (FRRP) is supported on the following platforms: s z Force10 Resilient Ring Protocol (FRRP) provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a Metropolitan Area Network (MAN) or large campuses.
www.dell.com | support.dell.com to be transmitted and received through it. Refer to Figure 17-1 for a simple example of this FRRP topology. Note that ring direction is determined by the Master node’s Primary and Secondary ports. Figure 17-1.
If the Master node does not receive the Ring Health Frame (RHF) before the fail-period timer expires (a configurable timer), the Master node moves from the Normal state to the Ring-Fault state and unblocks its Secondary port. The Master node also clears its forwarding table and sends a control frame to all other nodes, instructing them to also clear their forwarding tables. Immediately after clearing its forwarding table, each node starts learning the new topology.
www.dell.com | support.dell.com In the example shown in Figure 17-2, FRRP 101 is a ring with its own Control VLAN, and FRRP 202 has its own Control VLAN running on another ring. A Member VLAN that spans both rings is added as a Member VLAN to both FRRP groups. Switch R3 has two instances of FRRP running on it: one for each ring. The example topology that follows shows R3 assuming the role of a Transit node for both FRRP 101 and FRRP 202. Figure 17-2.
• • • • • • • • • Multiple physical rings can be run on the same switch One Master node per ring—all other nodes are Transit Each node has 2 member interfaces—Primary, Secondary No limit to the number of nodes on a ring Master node ring port states—blocking, pre-forwarding, forwarding, disabled Transit node ring port states—blocking, pre-forwarding, forwarding, disabled STP disabled on ring interfaces Master node secondary port is in blocking state during Normal operation Ring Health Frames (RHF) • Hello R
www.dell.com | support.dell.com Table 17-1. FRRP Components (continued) Concept Explanation Ring Interface State Each interface (port) that is part of the ring maintains one of four states • • • • Blocking State: Accepts ring protocol packets but blocks data packets. LLDP, FEFD, or other Layer 2 control packets are accepted. Only the master node Secondary port can enter this state. Pre-Forwarding State: A transition state before moving to the Forward state.
• • • • • The Control VLAN is used to carry any control traffic; it carries only RHFs. The Control VLAN cannot have members that are not ring ports. If multiple rings share one or more member VLANs, they cannot share any links between them. Member VLANs across multiple rings are not supported in Master nodes. Each ring has only one Master node; all others are transit nodes. FRRP Configuration These are the tasks to configure FRRP.
www.dell.com | support.dell.com • • • • • • • • All VLANS must be in Layer 2 mode. Only ring nodes can be added to the VLAN. A Control VLAN can belong to one FRRP group only. Control VLAN ports must be tagged. All ports on the ring must use the same VLAN ID for the Control VLAN. A VLAN cannot be configured as both a Control VLAN and Member VLAN on the same ring. Only two interfaces can be members of a Control VLAN (the Master Primary and Secondary ports).
Step Command Syntax Command Mode Purpose 4 mode master CONFIG-FRRP Configure the Master node 5 member-vlan vlan-id {range} CONFIG-FRRP Identify the Member VLANs for this FRRP group VLAN-ID, Range: VLAN IDs for the ring’s Member VLANS. 6 no disable CONFIG-FRRP Enable FRRP Configure and add the Member VLANs Control and Member VLANS are configured normally for Layer 2. Their status as Control or Member is determined at the FRRP group commands.
www.dell.com | support.dell.com Step 3 Command Syntax Command Mode Purpose interface primary int slot/port secondary int slot/port control-vlan vlan id CONFIG-FRRP Assign the Primary and Secondary ports, and the Control VLAN for the ports on the ring. Interface: • For a 10/100/1000 Ethernet interface, enter the keyword keyword TengigabitEthernet followed by the slot/port information.
Show FRRP configuration Use the following command to view the configuration for the FRRP group. Command Syntax Command Mode Purpose show configuration CONFIG-FRRP Show the configuration for this FRRP group Show FRRP information Use one of the following commands show general FRRP information. Command Syntax Command Mode Purpose show frrp ring-id EXEC or EXEC PRIVELEGED Show the information for the identified FRRP group.
www.dell.com | support.dell.com Figure 17-3.
Force10 Resilient Ring Protocol (FRRP) | 343
www.dell.com | support.dell.
18 GARP VLAN Registration Protocol (GVRP) GARP VLAN Registration Protocol (GVRP) is supported on the following platforms: s z Protocol Overview Typical VLAN implementation involves manually configuring each Layer 2 switch that participates in a given VLAN. GARP VLAN Registration Protocol (GVRP), defined by the IEEE 802.1q specification, is a Layer 2 network protocol that provides for automatic VLAN configuration of switches.
www.dell.com | support.dell.com Figure 18-1. GVRP Compatibility Error Message FTOS(conf)#protocol spanning-tree pvst FTOS(conf-pvst)#no disable % Error: GVRP running. Cannot enable PVST. ......... FTOS(conf)#protocol spanning-tree mstp FTOS(conf-mstp)#no disable % Error: GVRP running. Cannot enable MSTP. ......... FTOS(conf)#protocol gvrp FTOS(conf-gvrp)#no disable % Error: PVST running. Cannot enable GVRP. % Error: MSTP running. Cannot enable GVRP.
Figure 18-2. GVRP Configuration Overview GVRP is configured globally and on all VLAN trunk ports for the edge and core switches. Edge Switches Edge Switches Core Switches VLANs 70-80 VLANs 10-20 VLANs 10-20 VLANs 30-50 VLANs 70-80 VLANs 30-50 NOTES: VLAN 1 mode is always fixed and cannot be configured All VLAN trunk ports must be configured for GVRP All VLAN trunk ports must be configured as 802.1Q Basic GVRP configuration is a 2-step process: 1. Enable GVRP globally. Refer to page 348. 2.
www.dell.com | support.dell.com Figure 18-3. Enabling GVRP Globally FTOS(conf)#protocol gvrp FTOS(config-gvrp)#no disable FTOS(config-gvrp)#show config ! protocol gvrp no disable FTOS(config-gvrp)# Enabling GVRP on a Layer 2 Interface Enable GVRP on a Layer 2 interface using the command gvrp enable in INTERFACE mode, as shown in Figure 18-4.
Based on the configuration in the example shown in Figure 18-5, the interface 1/21 will not be removed from VLAN 34 or VLAN 35 despite receiving a GVRP Leave message. Additionally, the interface will not be dynamically added to VLAN 45 or VLAN 46, even if a GVRP Join message is received. Figure 18-5.
www.dell.com | support.dell.com 350 FTOS displays Message 1 if an attempt is made to configure an invalid GARP timer. Message 1 GARP Timer Error FTOS(conf)#garp timers join 300 % Error: Leave timer should be >= 3*Join timer.
19 Internet Group Management Protocol (IGMP) Internet Group Management Protocol (IGMP) is supported on the following platforms: s z Multicast identifies many hosts by a single destination IP address; hosts represented by the same IP address are a multicast group. Internet group management protocol (IGMP) is a Layer 3 multicast protocol that hosts use to join or leave a multicast group.
www.dell.com | support.dell.com IGMP version 2 IGMP version 2 improves upon version 1 by specifying IGMP Leave messages, which allows hosts to notify routers that they no longer care about traffic for a particular group. Leave messages reduce the amount of time that the router takes to stop forwarding traffic for a group to a subnet (leave latency) after the last host leaves the group.
Sending an Unsolicited IGMP Report A host does not have to wait for a general query to join a group. It may send an unsolicited IGMP Membership Report, also called an IGMP Join message, to the querier. Leaving a Multicast Group 1. A host sends a membership report of type 0x17 (IGMP Leave message) to the all routers multicast address 224.0.0.2 when it no longer cares about multicast traffic for a particular group. 2.
www.dell.com | support.dell.com Figure 19-3. Version (4) IHL IGMP version 3 Membership Report Packet Format TOS (0xc0) Total Length Flags Frag Offset TTL (1) Protocol (2) Header Checksum Type Reserved Src IP Addr Dest IP Addr (224.0.0.
Figure 19-4. IGMP Membership Reports: Joining and Filtering Membership Reports: Joining and Filtering 3 Interface Multicast Group Filter Source Source Address Timer Mode Timer 1/1 224.1.1.1 GMI Exclude None 1/1 224.1.1.1 Include 10.11.1.1 GMI 1/1 224.1.1.1 Include 10.11.1.1 GMI IGMP Group-and-Source Specific Query Non-Querier Querier Type: 0x11 Group Address: 244.1.1.1 Number of Sources: 1 Source Address: 10.11.1.1 1/1 10.11.1.
www.dell.com | support.dell.com Figure 19-5. IGMP Membership Queries: Leaving and Staying in Groups Membership Queries: Leaving and Staying Non-Querier Querier Interface Multicast Group Filter Source Source Address Timer Mode Timer 1/1 224.1.1.1 Include 10.11.1.1 LQMT 10.11.1.2 LQMT Non-querier builds identical table and waits Other Querier Present Interval to assume Querier role 1/1 2/1 224.2.2.2 GMI Exclude None IGMP Group-and-Source Specific Query Type: 0x11 Group Address: 224.1.1.
Viewing IGMP Enabled Interfaces Interfaces that are enabled with PIM-SM are automatically enabled with IGMP. View IGMP-enabled interfaces using the show ip igmp interface command in the EXEC Privilege mode. Figure 19-6. Viewing IGMP-enabled Interfaces FTOS#show ip igmp interface te 7/16 TengigabitEthernet 7/16 is up, line protocol is up Internet address is 10.87.3.
www.dell.com | support.dell.com Figure 19-8. Viewing Static and Learned IGMP Groups FTOS(conf-if-te-1/0)#do sho ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Uptime Expires Last Reporter 224.1.1.1 TengigabitEthernet 1/0 00:00:03 Never CLI 224.1.2.1 TengigabitEthernet 1/0 00:56:55 00:01:22 1.1.1.2 Adjusting Timers View the current value of all IGMP timers using the show ip igmp interface command from EXEC Privilege mode, as shown in Figure 19-6.
2. When a router receives a query, it compares the IP address of the interface on which it was received with the source IP address given in the query. If the receiving router IP address is greater than the source address given in the query, the router stops sending queries. By this method, the router with the lowest IP address on the subnet is elected querier and continues to send queries. 3.
www.dell.com | support.dell.com IGMP Snooping Implementation Information • • • • IGMP Snooping on FTOS uses IP multicast addresses not MAC addresses. IGMP Snooping is not supported on stacked VLANs. IGMP Snooping is supported on all S-Series stack members,. IGMP Snooping reacts to spanning tree protocol (STP) and multiple spanning tree protocol (MSTP) topology changes by sending a general query on the interface that transitions to the Forwarding state.
Disabling Multicast Flooding If the switch receives a multicast packet that has an IP address of a group it has not learned (unregistered frame), the switch floods that packet out of all ports on the VLAN. If the flooding is disabled for the first configured 95 VLANs, unregistered multicast data traffic is forwarded to multicast router ports and for other VLANs, unregistered packets are dropped.
www.dell.com | support.dell.com Fast Convergence after MSTP Topology Changes When a port transitions to the Forwarding state as a result of an STP or MSTP topology change, FTOS sends a general query out of all ports except the multicast router ports. The host sends a response to the general query and the forwarding database is updated without having to wait for the query interval to expire.
20 Interfaces This chapter describes interface types, both physical and logical, and how to configure them with FTOS.
www.dell.com | support.dell.
Figure 20-1. show interfaces Command Example FTOS#show interfaces tengigabitethernet 1/0 TenGigabitEthernet 1/0 is up, line protocol is up Hardware is Dell NetworkingEth, address is 00:01:e8:a0:bf:ed Current address is 00:01:e8:a0:bf:ed Pluggable media present, QSFP type is 40GBASE-SR4 Wavelength is 850nm QSFP receive power reading is -2.
www.dell.com | support.dell.com Figure 20-3. Interfaces listed in the show running-config Command (Partial) FTOS#show running Current Configuration ...
Physical Interfaces The Management Ethernet interface, is a single RJ-45 Fast Ethernet port on each unit of the S6000, S4810, Z9000; it provides dedicated management access to the system. Unit interfaces support Layer 2 and Layer 3 traffic over the 10/100/1000, Gigabit, and 10/40-Gigabit Ethernet interfaces. These interfaces can also become part of virtual interfaces such as VLANs or port channels.
www.dell.com | support.dell.com Overview of Layer Modes On all systems running FTOS, you can place physical interfaces, port channels, and VLANs in Layer 2 mode or Layer 3 mode. By default, VLANs are in Layer 2 mode. Table 20-1.
For information on enabling and configuring Spanning Tree Protocol, refer to Chapter 10, Layer 2, on page 47. To view the interfaces in Layer 2 mode, use the command show interfaces switchport in the EXEC mode. Configure Layer 3 (Network) Mode When you assign an IP address to a physical interface, you place it in Layer 3 mode. Use the ip address command and no shutdown command in INTERFACE mode to enable Layer 3 mode on an individual interface.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose ip address ip-address mask [secondary] INTERFACE Configure a primary IP address and mask on the interface. The ip-address must be in dotted-decimal format (A.B.C.D) and the mask must be in slash format (/xx). Add the keyword secondary if the IP address is the interface’s backup IP address. You can only configure one (1) primary IP address per interface. You can configure up to 255 secondary IP addresses on a single interface.
To configure a Management interface, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose interface Managementethernet interface CONFIGURATION Enter the slot and the port (0). Slot range: S4810: 0 to 11 S6000: 0 to 5 Z9000: 0 To view the Primary RPM Management port, use the show interface Managementethernet command in the EXEC Privilege mode. If there are 2 RPMs, the you cannot view information on that interface.
www.dell.com | support.dell.com FTOS supports Inter-VLAN routing (Layer 3 routing in VLANs). You can add IP addresses to VLANs and use them in routing protocols in the same manner that physical interfaces are used. For more information on configuring different routing protocols, refer to the chapters on the specific protocol. A consideration for including VLANs in routing protocols is that the no shutdown command must be configured. (For routing traffic to flow, the VLAN must be enabled.
To view Loopback interface configurations, use the show interface loopback number command in the EXEC mode. To delete a Loopback interface, use the no interface loopback number command syntax in the CONFIGURATION mode. Many of the same commands found in the physical interface are found in Loopback interfaces. Also refer to IP Prefix Lists on page 79. Null Interfaces The Null interface is the virtual interface which is always up, but no traffic is transmitted through this interface.
www.dell.com | support.dell.com A port channel provides redundancy by aggregating physical interfaces into one logical interface. If one physical interface goes down in the port channel, another physical interface carries the traffic. Port channel benefits Port channels are transparent to network configurations and can be modified and managed as one interface. For example, you configure one IP address for the group and that IP address is used for all routed traffic on the port channel.
FTOS brings up 10/100/1000 interfaces that are set to auto negotiate so that their speed is identical to the speed of the first channel member in the port channel. Configuration task list for port channel interfaces To configure a port channel (LAG), you use the commands similar to those found in physical interfaces. By default, no port channels are configured in the startup configuration.
www.dell.com | support.dell.com Add a physical interface to a port channel The physical interfaces in a port channel can be on any line card in the chassis, but must be the same physical type. Note: Port channels can contain a mix of 10G/40G and 10/100/1000 Ethernet interfaces, but FTOS disables the interfaces that are not the same speed of the first channel member in the port channel (Refer to Configuration task list for port channel interfaces).
Figure 20-9. show interfaces port-channel brief Command Example FTOS#show int port brief LAG Mode 1 L2L3 Status up Uptime 00:06:03 2 up 00:06:03 L2L3 Ports Te 13/6 Te 13/12 Te 13/7 Te 13/8 Te 13/13 Te 13/14 (Up) * (Up) (Up) * (Up) (Up) (Up) FTOS# Figure 20-10 displays the port channel’s mode (L2 for Layer 2 and L3 for Layer 3 and L2L3 for a Layer 2 port channel assigned to a routed VLAN), the status, and the number of interfaces belonging to the port channel. Figure 20-10.
www.dell.com | support.dell.com Figure 20-11. Error Message FTOS(conf-if-portch)#show config ! interface Port-channel 5 no ip address switchport channel-member TengigabitEthernet 1/6 FTOS(conf-if-portch)#int te 1/6 FTOS(conf-if)#ip address 10.56.4.4 /24 % Error: Port is part of a LAG Te1/6. FTOS(conf-if)# Error message Reassign an interface to a new port channel An interface can be a member of only one port channel.
Figure 20-12.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose untagged port-channel id number INTERFACE VLAN Add the port channel to the VLAN as an untagged interface. An interface without tagging enabled can belong to only one VLAN. To remove a port channel from a VLAN, use either of the following commands: Command Syntax Command Mode Purpose no tagged port-channel id number INTERFACE VLAN Remove the port channel with tagging enabled from the VLAN.
Load balancing through port channels FTOS uses hash algorithms for distributing traffic evenly over channel members in a port channel (LAG). The hash algorithm distributes traffic among ECMP paths and LAG members. The distribution is based on a flow, except for packet-based hashing. A flow is identified by the hash and is assigned to one link. In packet-based hashing, a single flow can be distributed on the LAG and uses one link.
www.dell.com | support.dell.com Hash algorithm The load-balance command discussed above selects the hash criteria applied to port channels. If even distribution is not obtained with the load-balance command, the hash-algorithm command can be used to select the hash scheme for LAG and ECMP. The 12 bit Lag Hash can be rotated or shifted till the desired hash is achieved.The default LAG hash algorithm is crc32LSB Change the default algorithm and hash seed and apply it to ECMP and LAG.
Figure 20-15. Command example: hash seed FTOS(conf)#hash-algorithm seed 500 FTOS(conf)#do show hash-algorithm Hash-Algorithm Stack-unit 0 Port-Set 0 Seed 500 Hg-Seed 1197460041 EcmpAlgo- crc32MSB LagAlgo- crc32LSB HgAlgo- crc16 LagAlgo- crc32LSB HgAlgo- crc16 Stack-unit 1 Port-Set 0 Seed 500 Hg-Seed 1197460041 EcmpAlgo- crc32MSB On S-Series, the hash-algorithm command is specific to ECMP groups. The default ECMP hash algorithm is crc32MSB.
www.dell.com | support.dell.com Bulk Configuration Bulk configuration enables you to determine if interfaces are present, for physical interfaces, or, configured, for logical interfaces. Interface Range An interface range is a set of interfaces to which other commands may be applied, and may be created if there is at least one valid interface within the range. Bulk configuration excludes from configuration any non-existing interfaces from an interface range.
Create a single-range Figure 20-16. Creating a Single-Range Bulk Configuration FTOS(config)# interface range Tengigabitethernet 5/1 - 23 FTOS(config-if-range-te-5/1-23)# no shutdown FTOS(config-if-range-gi-5/1-23)# Create a multiple-range Figure 20-17.
www.dell.com | support.dell.com Commas The example below shows how to use commas to add different interface types to the range, enabling all Tengigabit Ethernet interfaces in the range 5/1 to 5/23 and both Ten Gigabit Ethernet interfaces 1/1 and 1/ 2. Figure 20-21.
Define the Interface Range This example shows how to define an interface-range macro named “test” to select 10G/40G interfaces 5/1 through 5/4: FTOS(config)# define interface-range test Tengigabitethernet 5/1 - 4 Choose an Interface-range Macro To use an interface-range macro in the interface range command, enter this command: Command Syntax Command Mode Purpose interface range macro name CONFIGURATION Selects the interfaces range to be configured using the values saved in a named interface-range macr
www.dell.com | support.dell.com The information (Figure 20-23) displays in a continuous run, refreshing every 2 seconds by default. Use the following keys to manage the output. m - Change mode c - Clear screen l - Page up a - Page down T - Increase refresh interval (by 1 second) t - Decrease refresh interval (by 1 second) q - Quit Figure 20-23. Command Example: monitor interface FTOS#monitor interface te 3/1 FTOS uptime is 1 day(s), 4 hour(s), 31 minute(s) Monitor time: 00:00:00 Refresh Intvl.
The S6000 supports splitting a single 40G QSFP port into four 10G SFP+ ports using one of the supported breakout cables (refer to the S6000 Installation Guide or the S6000 Release Notes for a list of supported cables). Command Syntax Command Mode Purpose stack-unit stack-unit port number portmode quad CONFIGURATION Split a single 40G port into 4-10G ports on the S6000. stack-unit: Enter the stack member unit identifier of the stack member to reset.
www.dell.com | support.dell.com Link Dampening Interface state changes occur when interfaces are administratively brought up or down or if an interface state changes. Every time an interface changes state or flaps, routing protocols are notified of the status of the routes that are affected by the change in state, and these protocols go through momentous task of re-converging. Flapping therefore puts the status of entire network at risk of transient loops and black holes.
Figure 20-26. Viewing all Dampened Interfaces FTOS# show interfaces InterfaceState Flaps Te 0/0 Up Te 0/1 Up Te 0/2 Down dampening Penalty Half-LifeReuse SuppressMax-Sup 0 0 5 750 2500 2 1200 20 500 1500 4 850 30 600 2000 20 300 120 View a dampening summary for the entire system using the command show interfaces dampening summary from EXEC Privilege mode, as shown in Figure 20-27. Figure 20-27.
www.dell.com | support.dell.com Table 20-3 lists the range for each transmission media. Table 20-3. MTU Range Transmission Media MTU Range (in bytes) Ethernet 594-12000 = link MTU 576-9234 = IP MTU Ethernet Pause Frames s Threshold Settings are supported only on platforms: s Ethernet Pause Frames is supported on platforms z z Ethernet Pause Frames allow for a temporary stop in data transmission.
When the buffer usage drops by the value specified in the “resume-threshold”, the port again sends a PAUSE frame with 0 as wait-time. This results in resume of the paused traffic flow.” Enable Pause Frames Note: On the S-Series (non-S4810) platforms, Ethernet Pause Frames TX should be enabled only after consulting with the Dell Networking Technical Assistance Center. Ethernet Pause Frames flow control must be enabled on all ports on a chassis or a line card.
www.dell.com | support.dell.com The MTU range is 592-12000, with a default of 1500. The S-Series automatically configure the IP MTU. Table 20-4 lists the various Layer 2 overheads found in FTOS and the number of bytes. Table 20-4.
To view the new setting, use the show config command in the INTERFACE mode. View Advanced Interface Information Display Only Configured Interfaces The following options have been implemented for show [ip | running-config] interfaces commands. When the configured keyword is used, only interfaces that have non-default configurations are displayed. Figure 20-29 lists the possible show commands that have the configured keyword available: Figure 20-29.
www.dell.com | support.dell.com FTOS#show interfaces switchport Name: TengigabitEthernet 13/0 802.1QTagged: True Vlan membership: Vlan 2 Name: TengigabitEthernet 13/1 802.1QTagged: True Vlan membership: Vlan 2 Name: TengigabitEthernet 13/2 802.1QTagged: True Vlan membership: Vlan 2 Name: TengigabitEthernet 13/3 802.
Figure 20-31.
www.dell.com | support.dell.com • 398 L2FIB For remaining applications, FTOS automatically turns on counting when the application is enabled, and is turned off when the application is disabled. Please note that if more than four counter-dependent applications are enabled on a port pipe, there is an impact on line rate performance.
Clear interface counters The counters in the show interfaces command are reset by the clear counters command. This command does not clear the counters captured by any SNMP program. To clear the counters, use the following command in the EXEC Privilege mode: Command Syntax Command Mode Purpose clear counters [interface] [vrrp [vrid] | learning-limit] EXEC Privilege Clear the counters used in the show interface commands for all VRRP groups, VLANs, and physical interfaces or selected ones.
400 | Interfaces www.dell.com | support.dell.
21 IPv4 Routing IPv4 Routing is supported on the following platforms: s z FTOS supports various IP addressing features. This chapter explains the basics of Domain Name Service (DNS), Address Resolution Protocol (ARP), and routing principles and their implementation in FTOS. • • • • • • IP Addresses Directed Broadcast Resolution of Host Names ARP ICMP UDP Helper Table 21-1 lists the defaults for the IP addressing features described in this chapter. Table 21-1.
www.dell.com | support.dell.com 00001010110101100101011110000011 is represented as 10.214.87.131 For more information on IP addressing, refer to RFC 791, Internet Protocol. Implementation Information In FTOS, you can configure any IP address as a static route except IP addresses already assigned to interfaces. Note: FTOS versions 7.7.1.0 and later support 31-bit subnet masks (/31, or 255.255.255.254) as defined by RFC 3021.
To assign an IP address to an interface, use these commands in the following sequence, starting in the CONFIGURATION mode: Step Command Syntax Command Mode Purpose interface interface CONFIGURATION Enter the keyword interface followed by the type of interface and slot/port information: • For a 1-Tengigabit Ethernet interface, enter the keyword TengigabitEthernet followed by the slot/port information. • For a Loopback interface, enter the keyword loopback followed by a number from 0 to 16383.
www.dell.com | support.dell.com Figure 21-2. show ip interface Command Example FTOS#show ip int te 0/8 TengigabitEthernet 0/8 is up, line protocol is up Internet address is 10.69.8.1/24 Broadcast address is 10.69.8.
Figure 21-3. show ip route static Command Example (partial) FTOS#show ip route static Destination Gateway ----------------S 2.1.2.0/24 Direct, Nu 0 S 6.1.2.0/24 via 6.1.20.2, S 6.1.2.2/32 via 6.1.20.2, S 6.1.2.3/32 via 6.1.20.2, S 6.1.2.4/32 via 6.1.20.2, S 6.1.2.5/32 via 6.1.20.2, S 6.1.2.6/32 via 6.1.20.2, S 6.1.2.7/32 via 6.1.20.2, S 6.1.2.8/32 via 6.1.20.2, S 6.1.2.9/32 via 6.1.20.2, S 6.1.2.10/32 via 6.1.20.2, S 6.1.2.11/32 via 6.1.20.2, S 6.1.2.12/32 via 6.1.20.2, S 6.1.2.13/32 via 6.1.20.2, S 6.1.
www.dell.com | support.dell.com To view the configured static routes for the management port, use the show ip management-route command in the EXEC privilege mode. Figure 21-4. show ip management-route Command Example FTOS>show ip management-route Destination ----------1.1.1.0/24 172.16.1.0/24 172.31.1.0/24 Gateway ------172.31.1.250 172.31.1.
Command Syntax Command Mode Purpose ip domain-lookup CONFIGURATION Enable dynamic resolution of host names. ip name-server ip-address [ip-address2 ... ip-address6] CONFIGURATION Specify up to 6 name servers. The order you entered the servers determines the order of their use. To view current bindings, use the show hosts command. Figure 21-5. show hosts Command Example FTOS>show host Default domain is force10networks.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose ip domain-list name CONFIGURATION Enter up to 63 characters to configure names to complete unqualified host names. Configure this command up to 6 times to specify a list of possible domain names. FTOS searches the domain names in the order they were configured until a match is found or the list is exhausted. DNS with traceroute To configure your switch to perform DNS with traceroute, follow the steps below in the CONFIGURATION mode.
ARP FTOS uses two forms of address resolution: ARP and Proxy ARP. Address Resolution Protocol (ARP) runs over Ethernet and enables endstations to learn the MAC addresses of neighbors on an IP network. Over time, FTOS creates a forwarding table mapping the MAC addresses to their corresponding IP address. This table is called the ARP Cache and dynamically learned addresses aSpecify local systemre removed after a defined period of time.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose arp ip-address mac-address interface CONFIGURATION Configure an IP address and MAC address mapping for an interface. • ip-address: IP address in dotted decimal format (A.B.C.D). • mac-address: MAC address in nnnn.nnnn.nnnn format • interface: enter the interface type slot/port information. These entries do not age and can only be removed manually. To remove a static ARP entry, use the no arp ip-address command syntax.
Command Syntax Command Mode Purpose clear arp-cache [interface | ip ip-address] [no-refresh] EXEC privilege Clear the ARP caches for all interfaces or for a specific interface by entering the following information: • For a 1-Tengigabit Ethernet interface, enter the keyword TengigabitEthernet followed by the slot/port information. • For a port channel interface, enter the keyword port-channel followed by a number from 1 to 255 for TeraScale and ExaScale.
www.dell.com | support.dell.com ARP Learning via ARP Request In FTOS versions prior to 8.3.1.0, FTOS learns via ARP Requests only if the Target IP specified in the packet matches the IP address of the receiving router interface. This is the case when a host is attempting to resolve the gateway address. If the Target IP does not match the incoming interface, then the packet is dropped. If there is an existing entry for the requesting host, it is updated. Figure 21-8. Learning via Gratuitous ARP VLAN ID: 1.
The default backoff interval remains at 20 seconds. On the S4810 platform, with FTOS version 8.3.8.0 and later, the time between ARP resend is configurable. This timer is an exponential backoff timer. Over the specified period, the time between ARP requests increases. This reduces the potential for the system to slow down while waiting for a multitude of ARP responses. Task Command Syntax Command Mode Set the number of ARP retries.
www.dell.com | support.dell.com To view if ICMP unreachable messages are sent on the interface, use the show config command in the INTERFACE mode. If it is not listed in the show config command output, it is enabled. Only nondefault information is displayed in the show config command output. UDP Helper UDP helper allows you to direct the forwarding IP/UDP broadcast traffic by creating special broadcast addresses and rewriting the destination IP address of packets to match those addresses.
Figure 21-10. Enabling UDP Helper FTOS(conf-if-te-1/1)#ip udp-helper udp-port 1000 FTOS(conf-if-te-1/1)#show config ! interface TengigabitEthernet 1/1 ip address 2.1.1.1/24 ip udp-helper udp-port 1000 no shutdown View the interfaces and ports on which UDP helper is enabled using the command show ip udp-helper from EXEC Privilege mode, as shown in Figure 21-11. Figure 21-11.
www.dell.com | support.dell.com Figure 21-13. Configuring a Broadcast Address R1_E600(conf)#do show interfaces vlan 100 Vlan 100 is up, line protocol is down Address is 00:01:e8:0d:b9:7a, Current address is 00:01:e8:0d:b9:7a Interface index is 1107787876 Internet address is 1.1.0.1/24 IP UDP-Broadcast address is 1.1.255.
3. Packet 2 is also forwarded to the ingress interface with an unchanged destination address because it does not have broadcast address configured. Figure 21-14. UDP helper with All Broadcast Addresses VLAN 100 IP address: 1.1.0.1/24 Subnet broadcast address: 1.1.0.255 Configured broadcast address: 1.1.255.255 Hosts on VLAN 100: 1.1.0.2, 1.1.0.3, 1.1.0.4 Packet 1 Destination Address: 255.255.255.255 1/2 1/1 1/3 Ingress interface IP Address: 2.1.1.1/24 UDP helper enabled VLAN 101 IP address: 1.11.
www.dell.com | support.dell.com In Figure 21-16, Packet 1 has a destination IP address that matches the configured broadcast address of VLAN 100 and 101. If UDP helper is enabled and the UDP port number matches, the packet is flooded on both VLANs with an unchanged destination address. Packet 2 is sent from a host on VLAN 101. It has broadcast MAC address and a destination IP address that matches the configured broadcast address on VLAN 101.
Figure 21-18. Debugging IP Helper with UDP Helper Packet 0.0.0.0:68 -> 255.255.255.255:67 TTL 128 2005-11-05 11:59:35 %RELAY-I-PACKET, BOOTP REQUEST (Unicast) received at interface 172.21.50.193 BOOTP Request, XID = 0x9265f901, secs = 0 hwaddr = 00:02:2D:8D:46:DC, giaddr = 0.0.0.0, hops = 2 2005-11-05 11:59:35 %RELAY-I-BOOTREQUEST, Forwarded BOOTREQUEST for 00:02:2D:8D:46:DC to 137.138.17.6 2005-11-05 11:59:36 %RELAY-I-PACKET, BOOTP REPLY (Unicast) received at interface 194.12.129.
420 | IPv4 Routing www.dell.com | support.dell.
22 IPv6 Routing IPv6 Routing is supported on the following platforms: s z Note: The IPv6 basic commands are supported on all platforms. However, not all features are supported on all platforms, or for all releases. To determine the FTOS version supporting which features and platforms refer toTable 22-2 IPv6 (Internet protocol version 6) is the successor to IPv4. Due to the extremely rapid growth in internet users and IP addresses, IPv4 is reaching its maximum usage.
www.dell.com | support.dell.com • • Header Format Simplification Improved Support for Options and Extensions Extended Address Space The address format is extended from 32 bits to 128 bits. This not only provides room for all anticipated needs, it allows for the use of a hierarchical address space structure to optimize global addressing.
• • • • • • Flow Label (20 bits) Payload Length (16 bits) Next Header (8 bits) Hop Limit (8 bits) Source Address (128 bits) Destination Address (128 bits) IPv6 provides for extension headers. Extension headers are used only if necessary. There can be no extension headers, one extension header or more than one extension header in an IPv6 packet. Extension headers are defined in the Next Header field of the preceding IPv6 header.
www.dell.com | support.dell.com Flow Label (20 bits) The Flow Label field identifies packets requiring special treatment in order to manage real-time data traffic. The sending router can label sequences of IPv6 packets so that forwarding routers can process packets within the same flow without needing to reprocess each packet’s header separately. Note: All packets in the flow must have the same source and destination addresses.
Hop Limit (8 bits) The Hop Limit field shows the number of hops remaining for packet processing. In IPv4, this is known as the Time to Live (TTL) field and uses seconds rather than hops. Each time the packet moves through a forwarding router, this field decrements by 1. If a router receives a packet with a Hop Limit of 1, it decrements it to 0 (zero). The router discards the packet and sends an ICMPv6 message back to the sending router indicating that the Hop Limit was exceeded in transit.
www.dell.com | support.dell.com The Hop-by-Hop Options header contains: • Next Header (1 byte) This field identifies the type of header following the Hop-by-Hop Options header and uses the same values shown in Table 22-1. • Header Extension Length (1 byte) This field identifies the length of the Hop-by-Hop Options header in 8-byte units, but does not include the first 8 bytes. Consequently, if the header is less than 8 bytes, the value is 0 (zero).
• • 2001:0db8::1428:57ab 2001:db8::1428:57ab IPv6 networks are written using classless inter-domain routing (CIDR) notation. An IPv6 network (or subnet) is a contiguous group of IPv6 addresses the size of which must be a power of two; the initial bits of addresses, which are identical for all hosts in the network, are called the network's prefix. A network is denoted by the first address in the network and the size in bits of the prefix (in decimal), separated with a slash.
www.dell.com | support.dell.com Table 22-2 lists the FTOS Version in which an IPv6 feature became available for each platform. The sections following the table give some greater detail about the feature. Specific platform support for each feature or functionality is designated by the s z symbols. Table 22-2. FTOS and IPv6 Feature Support Feature and/or Functionality Basic IPv6 Commands FTOS Release Introduction Documentation and Chapter Location S-Series S4810 S6000 7.8.1 8.3.11 8.3.
Table 22-2. FTOS and IPv6 Feature Support (continued) IS-IS for IPv6 support for redistribution N/A 8.3.10 8.3.11 Intermediate System to Intermediate System in the FTOS Configuration Guide IPv6 IS-IS in the FTOS Command Line Interface Reference Guide ISIS for IPv6 N/A support for distribute lists and administrative distance 8.3.10 8.3.
www.dell.com | support.dell.com Table 22-2. FTOS and IPv6 Feature Support (continued) PIM-SSM for IPv6 8.4.2 N/A N/A SSH over an IPv6 Transport in this chapter IPv6 PIM in the FTOS Command Line Interface Reference Guide MLDv1/v2 8.4.2 N/A N/A SSH over an IPv6 Transport in this chapter Multicast IPv6 in the FTOS Command Line Interface Reference Guide MLDv1 Snooping 8.4.
Path MTU Discovery IPv6 MTU Discovery is supported on the platforms s z Path maximum transmission unit (MTU) defines the largest packet size that can traverse a transmission path without suffering fragmentation. Path MTU for IPv6 uses ICMPv6 Type-2 messages to discover the largest MTU along the path from source to destination and avoid the need to fragment the packet. The recommended MTU for IPv6 is 1280.
www.dell.com | support.dell.com Neighbor discovery protocol (NDP) is a top-level protocol for neighbor discovery on an IPv6 network. In lieu of ARP, NDP uses Neighbor Solicitation and Neighbor Advertisement ICMPv6 messages for determining relationships between neighboring nodes. Using these messages, an IPv6 device learns the link-layer addresses for neighbors known to reside on attached links, quickly purging cached values that become invalid.
SSH over an IPv6 Transport IPv6 SSH is supported on the platforms s z FTOS supports both inbound and outbound secure shell sessions using IPv6 addressing. Inbound SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface.
www.dell.com | support.dell.com Save the new CAM settings to the startup-config (write-mem or copy run start) then reload the system for the new settings to take effect. Command Syntax Command Mode Purpose cam-acl { ipv6acl } CONFIGURATION Allocate space for IPV6 ACLs. Enter the CAM profile name then the amount to be allotted. When not selecting the default option, you must enter all of the profiles listed and a range for each. The total space allocated must equal 13.
Use the ipv6 route command to configure IPv6 static routes. Note: After you configure a static IPv6 route (ipv6 route command) and configure the forwarding router’s address (specified in the ipv6 route command) on a neighbor’s interface, the IPv6 neighbor is not displayed in the show ipv6 route command output.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing earlier in this chapter. SNMP over IPv6 SNMP is supported on the platforms s z Simple network management protocol (SNMP) over IPv6 transport so that an IPv6 host can perform SNMP queries and receive SNMP notifications from a device running FTOS IPv6.
Show an IPv6 Interface View the IPv6 configuration for a specific interface with the following command. Command Syntax Command Mode Purpose show ipv6 interface type {slot/ EXEC Show the currently running configuration for the specified interface Enter the keyword interface followed by the type of interface and slot/port information: • For all brief summary of IPv6 status and configuration, enter the keyword brief. • For all IPv6 configured interfaces, enter the keyword configured.
www.dell.com | support.dell.
Figure 22-5.
www.dell.com | support.dell.com Show the Running-Configuration for an Interface View the configuration for any interface with the following command.
Command Syntax Command Mode Purpose clear ipv6 route {* | ipv6 address EXEC Clear (refresh) all or a specific routes from the IPv6 routing table. * : all routes ipv6 address : x:x:x:x::x mask : prefix length 0-128 prefix-length} IPv6 addresses are normally written as eight groups of four hexadecimal digits, where each group is separated by a colon (:). Omitting zeros is accepted as described in Addressing earlier in this chapter.
442 | IPv6 Routing www.dell.com | support.dell.
23 iSCSI Optimization iSCSI optimization is supported on the platform . This chapter describes how to configure internet small computer system interface (iSCSI) optimization, which enables quality-of-service (QoS) treatment for iSCSI traffic.
www.dell.com | support.dell.com • 444 • iSCSI QoS—A user-configured iSCSI class of service (CoS) profile is applied to all iSCSI traffic. Classifier rules are used to direct the iSCSI data traffic to queues that can be given preferential QoS treatment over other data passing through the switch. Preferential treatment helps to avoid session interruptions during times of congestion that would otherwise cause iSCSI packets to be dropped. iSCSI DCBX TLVs are supported.
Monitoring iSCSI Traffic Flows The switch snoops iSCSI session-establishment and termination packets by installing classifier rules that trap iSCSI protocol packets to the CPU for examination. Devices that initiate iSCSI sessions usually use well-known TCP ports 3260 or 860 to contact targets. When you enable iSCSI optimization, by default the switch identifies IP packets to or from these ports as iSCSI traffic.
www.dell.com | support.dell.com Detection and Autoconfiguration for Dell EqualLogic Arrays The iSCSI optimization feature includes auto-provisioning support with the ability to detect directly connected Dell EqualLogic storage arrays and automatically reconfigure the switch to enhance storage traffic flows. The S6000 Switch uses the link layer discovery protocol (LLDP) to discover Dell EqualLogic devices on the network. LLDP is enabled by default.
• • • Jumbo frame size is set to 12000 for all interfaces on all ports and port-channels, if it is not already enabled. Spanning-tree portfast is enabled on the interface identified by LLDP if the port is in L2 mode. Unicast storm control is disabled on the interface identified by LLDP.
www.dell.com | support.dell.com Default iSCSI Optimization Values Table 23-1 shows the default values for the iSCSI optimization feature. Table 23-1. iSCSI Optimization: Default Parameters Parameter Default Value iSCSI Optimization global setting Enabled iSCSI CoS mode (802.1p priority queue mapping) Enabled: dot1p priority 4 without remark setting iSCSI CoS Packet classification iSCSI packets are classified by VLAN instead of by DSCP values.
Step Task Command Command Mode Configure the iSCSI target ports and optionally the IP addresses on which iSCSI communication will be monitored, where: • tcp-port-n is the TCP port number or a list of TCP port numbers on which the iSCSI target listens to requests. You can configure up to 16 target TCP ports on the switch in one command or multiple commands. Default: 860, 3260. Separate port numbers with a comma. • ip-address specifies the IP address of the iSCSI target.
www.dell.com | support.dell.com Step Task Command Command Mode 7 (Optional) Enter interface configuration mode to configure the auto-detection of Compellent disk arrays. interface port-type slot/port CONFIGURATION 8 (Optional) Configures the autodetection of Compellent arrays on a port. Default: Compellent disk arrays are not detected.
Figure 23-3. show iscsi sessions Command Example FTOS# show iscsi sessions Session 0: ----------------------------------------------------------------------------------------Target: iqn.2001-05.com.equallogic:0-8a0906-0e70c2002-10a0018426a48c94-iom010 Initiator: iqn.1991-05.com.microsoft:win-x9l8v27yajg ISID: 400001370000 Session 1: ----------------------------------------------------------------------------------------Target: iqn.2001-05.com.
452 | iSCSI Optimization www.dell.com | support.dell.
24 Intermediate System to Intermediate System Intermediate System to Intermediate System is supported on the following platforms: z IS-IS is supported on the FTOS 9.0.2.0. with FTOS 8.3.10.0. It is supported on the platform with Intermediate System to Intermediate System (IS-IS) protocol is an interior gateway protocol (IGP) that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS, as it is detailed in this chapter.
www.dell.com | support.dell.com routing information directly with external routers located outside of the routing domains. Level 1-2 systems manage both inter-area and intra-area traffic by maintaining two separate link databases; one for Level 1 routes and one for Level 2 routes. A Level 1-2 router does not advertise Level 2 routes to a Level 1 router. To establish adjacencies, each IS-IS router sends different Protocol Data Units (PDU).
Multi-Topology IS-IS FTOS 7.8.1.0 and later support Multi-Topology Routing IS-IS. S-Series platform supports Multi-Topology IS-IS with FTOS 8.3.10.0 and later. Multi-Topology IS-IS (MT IS-IS) allows you to create multiple IS-IS topologies on a single router with separate databases. This feature is used to place a virtual physical topology into logical routing domains, which can each support different routing and security policies.
www.dell.com | support.dell.com Adjacencies Adjacencies on point-to-point interfaces are formed as usual, where IS-IS routers do not implement Multi-Topology (MT) extensions. If a local router does not participate in certain MTs, it will not advertise those MT IDs in its IIHs and so will not include that neighbor within its LSPs. If an MT ID is not detected in the remote side's IIHs, the local router does not include that neighbor within its LSPs.
Table 24-1 displays the default values for IS-IS. Table 24-1.
www.dell.com | support.dell.com • • Set the overload bit Debug IS-IS Enable IS-IS By default, IS-IS is not enabled. The system supports one instance of IS-IS. To enable IS-IS globally, create an IS-IS routing process and assign a NET address. To exchange protocol information with neighbors, enable IS-IS on an interface, instead of on a network as with other routing protocols. In IS-IS, neighbors form adjacencies only when they are same IS type.
Step Task Command Syntax Command Mode 5 Enter an IPv6 Address. ipv6 address : x:x:x:x::x mask : prefix length 0-128 The IPv6 address must be on the same subnet as other IS-IS neighbors, but the IP address does not need to relate to the NET address. ipv6 address ipv6-address mask INTERFACE 6 Enable IS-IS on the IPv4 interface. If you configure a tag variable, it must be the same as the tag variable assigned in step 1. ip router isis [tag] ROUTER ISIS 7 Enable IS-IS on the IPv6 interface.
www.dell.com | support.dell.com Figure 24-3.
Configure Multi-Topology IS-IS (MT IS-IS) Step 1 Task Command Syntax Command Mode Enable Multi-Topology IS-IS for IPv6. Enter the transition keyword to allow an IS-IS IPv6 user to continue to use single-topology mode while upgrading to multi-topology mode.After every router has been configured with the transition keyword, and all the routers are in MT IS-IS IPv6 mode users can remove the transition keyword on each router.
www.dell.com | support.dell.com Configure Multi-Topology IS-IS (MT IS-IS) Step 1 Task Command Syntax Command Mode Enable Multi-Topology IS-IS for IPv6. Enter the transition keyword to allow an IS-IS IPv6 user to continue to use single-topology mode while upgrading to multi-topology mode.After every router has been configured with the transition keyword, and all the routers are in MT IS-IS IPv6 mode users can remove the transition keyword on each router.
Command Syntax Command Mode Purpose graceful-restart restart-wait seconds ROUTER-ISIS Enable the Graceful Restart maximum wait time before a restarting peer comes up. Be sure to set the t3 timer to adjacency on the restarting router when implementing this command.
www.dell.com | support.dell.com Figure 24-4.
Change LSP attributes IS-IS routers flood Link State PDUs (LSPs) to exchange routing information. LSP attributes include the generation interval, maximum transmission unit (MTU) or size, and the refresh interval. You can modify the LSP attribute defaults, but it is not necessary. To change the defaults, use any or all of the following commands in ROUTER ISIS mode: Command Syntax Command Mode Purpose lsp-gen-interval [level-1 | level-2] seconds ROUTER ISIS Set interval between LSP generation.
www.dell.com | support.dell.com By default, FTOS generates and receives narrow metric values. Metrics or costs higher than 63 are not supported. To accept or generate routes with a higher metric, you must change the metric style of the IS-IS process. For example, if metric is configured as narrow, and an LSP with wide metrics is received, the route is not installed. FTOS supports the following IS-IS metric styles: Table 24-2.
Figure 24-7. Command Example: show isis protocol FTOS#show isis protocol IS-IS Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223.2425.2627.2829.3031.3233 47.0004.004d.
www.dell.com | support.dell.com Table 24-3. Correct Value Range for the isis metric command Metric Style Correct Value Range narrow transition 0 to 63 transition 0 to 63 Configuring the distance of a route Configure the distance for a route using the distance command from ROUTER ISIS mode.
Figure 24-8. Command Example: show isis database FTOS#show isis database IS-IS Level-1 Link State Database LSPID LSP Seq Num B233.00-00 0x00000003 eljefe.00-00 * 0x00000009 eljefe.01-00 * 0x00000001 eljefe.02-00 * 0x00000001 Force10.00-00 0x00000002 IS-IS Level-2 Link State Database LSPID LSP Seq Num B233.00-00 0x00000006 eljefe.00-00 * 0x0000000D eljefe.01-00 * 0x00000001 eljefe.02-00 * 0x00000001 Force10.
www.dell.com | support.dell.com IPv4 routes Use the following commands in ROUTER ISIS mode to apply prefix lists to incoming or outgoing IPv4 routes. Note: These commands apply to IPv4 IS-IS only. Use the ADDRESS-FAMILY IPV6 mode shown later to apply prefix lists to IPv6 routes Command Syntax Command Mode Purpose distribute-list prefix-list-name in [interface] ROUTER ISIS Apply a configured prefix list to all incoming IPv4 IS-IS routes. Enter the type of interface and slot/port information.
Command Syntax Command Mode Purpose distribute-list prefix-list-name in [interface] ROUTER ISIS-AF IPV6 Apply a configured prefix list to all incoming IPv6 IS-IS routes. Enter the type of interface and slot/port information: • For the Loopback interface, enter the keyword loopback followed by a number from 0 to 16383. • For a port channel, enter the keyword port-channel followed by a number from 1 to 255.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose redistribute {bgp as-number | connected | rip | static} [level-1 level-1-2 | level-2] [metric metric-value] [metric-type {external | internal}] [route-map map-name] ROUTER ISIS Include BGP, directly connected, RIP, or user-configured (static) routes in IS-IS. Configure the following parameters: • level-1, level-1-2, or level-2: Assign all redistributed routes to a level. Default is level-2. • metric range: 0 to 16777215. Default is 0.
Command Syntax Command Mode Purpose redistribute ospf process-id [level-1| level-1-2 | level-2] [metric value] [match external {1 | 2} | match internal] [metric-type {external | internal}] [route-map map-name] ROUTER ISIS Include specific OSPF routes in IS-IS. Configure the following parameters: • process-id range: 1 to 65535 • level-1, level-1-2, or level-2: Assign all redistributed routes to a level. Default is level-2. • metric range: 0 to 16777215. Default is 0.
www.dell.com | support.dell.com Set the overload bit Another use for the overload bit is to prevent other routers from using this router as an intermediate hop in their shortest path first (SPF) calculations. For example, if the IS-IS routing database is out of memory and cannot accept new LSPs, FTOS sets the overload bit and IS-IS traffic continues to transit the system. Use this command the following command in ROUTER ISIS mode to set the overload bit manually.
Command Syntax Command Mode Purpose debug isis adj-packets [interface] EXEC Privilege View information on all adjacency-related activity (for example, hello packets that are sent and received). To view specific information, enter one of the following optional parameters: • interface: Enter the type of interface and slot/port information to view IS-IS information on that interface only. debug isis local-updates [interface] EXEC Privilege View information about IS-IS local update packets.
www.dell.com | support.dell.
In the following scenarios, the IS-type is either Level-1 or Level-2 or Level-1-2 and the metric style changes. Table 24-5. Metric Value when Metric Style Changes Beginning metric style Final metric style Resulting IS-IS metric value wide narrow default value (10) if the original value is greater than 63. A message is sent to the console. wide transition truncated value1 (the truncated value appears in the LSP only.
www.dell.com | support.dell.com 1 a truncated value is a value that is higher than 63, but set back to 63 because the higher value is not supported. Moving to transition and then to another metric style produces different results (Table 24-6). Table 24-6.
Table 24-7. Metric Value with Different Levels Configured with Different Metric Styles (continued) Level-1 metric style Level-2 metric style Resulting isis metric value wide transition narrow transition truncated value wide transition transition truncated value Sample Configuration The following configurations are examples for enabling IPv6 IS-IS. These are not comprehensive directions. They are intended to give you a some guidance with typical configurations.
www.dell.com | support.dell.com Figure 24-10. IS-IS Sample Configuration - Congruent Topology FTOS(conf-if-te-3/17)#show config ! interface TenGigabitEthernet 3/17 ip address 24.3.1.1/24 ipv6 address 24:3::1/76 ip router isis ipv6 router isis no shutdown FTOS (conf-if-te-3/17)# FTOS (conf-router_isis)#show config ! router isis metric-style wide level-1 metric-style wide level-2 net 34.0000.0000.AAAA.00 FTOS (conf-router_isis)# Figure 24-11.
Figure 24-13.
www.dell.com | support.dell.
25 Link Aggregation Control Protocol (LACP) Link Aggregation Control Protocol (LACP) is supported on the following platforms: s z The major sections in the chapter are: • • • • • Introduction to Dynamic LAGs and LACP LACP Configuration Tasks Shared LAG State Tracking If a LAG moves to the down state due to this feature, its members may still be in the up state.
www.dell.com | support.dell.com Important Points to Remember • LACP enables you to add members to a port channel (LAG) as long as it has no static members. Conversely, if the LAG already contains a statically defined member (channel-member command), the port-channel mode command is not permitted. • A static LAG cannot be created if a dynamic LAG using the selected number already exists.
LACP Configuration Commands If aggregated ports are configured with compatible LACP modes (Off, Active, Passive), LACP can automatically link them, as defined in IEEE 802.3, Section 43. The following commands configure LACP: Command Syntax Command Mode Purpose [no] lacp system-priority priority-value CONFIGURATION Configure the system priority.
www.dell.com | support.dell.com The LAG is in the default VLAN. To place the LAG into a non-default VLAN, use the tagged command on the LAG (Figure 25-2): Figure 25-2. Placing a LAG into a Non-default VLAN FTOS(conf)#interface vlan 10 FTOS(conf-if-vl-10)#tagged port-channel 32 Configure the LAG interfaces as dynamic After creating a LAG, configure the dynamic LAG interfaces. Figure 25-3 shows ports 3/15, 3/16, 4/15, and 4/16 added to LAG 32 in LACP mode with the command port-channel-protocol lacp.
To configure the LACP long timeout (Figure 196): Step 1 Task Command Syntax Command Mode Set the LACP timeout value to 30 seconds. lacp long-timeout CONFIG-INT-PO Figure 25-4. Invoking the LACP Long Timeout FTOS(conf)# interface port-channel 32 FTOS(conf-if-po-32)#no shutdown FTOS(conf-if-po-32)#switchport FTOS(conf-if-po-32)#lacp long-timeout FTOS(conf-if-po-32)#end FTOS# show lacp 32 Port-channel 32 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e800.
www.dell.com | support.dell.com In Figure 25-5, line-rate traffic from R1 destined for R4 follows the lowest-cost route via R2, as shown. Traffic is equally distributed between LAGs 1 and 2. If LAG 1 fails, all traffic from R1 to R4 flows across LAG 2 only. This condition over-subscribes the link, and packets are dropped. Figure 25-5.
Figure 25-7. Viewing Shared LAG State Tracking in the Running-configuration R2#show running-config po-failover-group ! port-channel failover-group group 1 port-channel 1 port-channel 2 In Figure 25-8, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down upon the failure. This effect is logged by Message 1, in which a console message declares both LAGs down at the same time. Figure 25-8.
www.dell.com | support.dell.com Note: The set of console messages shown in Message 1 appear only if Shared LAG State Tracking is configured on that router (the feature can be configured on one or both sides of a link). For example, in Figure 25-8, if Shared LAG State Tracking is configured on R2 only, then no messages appear on R4 regarding the state of LAGs in a failover group. Important Points about Shared LAG State Tracking • • • • • This feature is available for static and dynamic LAGs.
Configuring a LAG on ALPHA Figure 25-11. Creating a LAG on ALPHA Alpha(conf)#interface port-channel 10 Alpha(conf-if-po-10)#no ip address Alpha(conf-if-po-10)#switchport Alpha(conf-if-po-10)#no shutdown Alpha(conf-if-po-10)#show config ! interface Port-channel 10 no ip address switchport no shutdown ! Alpha(conf-if-po-10)# Figure 25-12.
www.dell.com | support.dell.com Figure 25-13. 492 Inspecting Configuration of LAG 10 on ALPHA Indicates the MAC address assigned to the LAG. This does NOT match any of the physical interface MAC addresses.
Figure 25-14. Using the show lacp Command to Verify LAG 10 Status on ALPHA Alpha#sho lacp 10 Port-channel 10 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e806.953e Partner System ID: Priority 32768, Address 0001.e809.
www.dell.com | support.dell.com Summary of the configuration on ALPHA Figure 25-15.
Summary of the configuration on BRAVO Figure 25-16.
www.dell.com | support.dell.com Figure 25-17. 496 Using the show interface Command to Inspect a LAG Port on BRAVO Shows the status of this nterface. Also shows it is part of LAG 10. Bravo#show int gig 3/21 GigabitEthernet 3/21 is up, line protocol is up Port is part of Port-channel 10 Hardware is Force10Eth, address is 00:01:e8:09:c3:82 Current address is 00:01:e8:09:c3:82 Shows that this is a Layer 2 port.
Figure 25-18. Using the show interfaces port-channel Command to Inspect LAG 10 Indicates the MAC address assigned to the LAG. This does NOT match any of the physical interface MAC addresses.
www.dell.com | support.dell.com Figure 25-19. Using the show lacp Command to Inspect LAG Status FTOS#show lacp 10 Port-channel 10 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e809.c24a Partner System ID: Priority 32768, Address 0001.e806.
26 Layer 2 Layer 2 features are supported on the following platforms: s z This chapter describes the following Layer 2 features: • • • • • • Managing the MAC Address Table MAC Learning Limit NIC Teaming Configuring Redundant Pairs Configuring Redundant Pairs Far-end Failure Detection Managing the MAC Address Table FTOS provides the following management activities for the MAC address table: • • • • Clear the MAC Address Table Set the Aging Time for Dynamic Entries Configure a Static MAC Address Display
www.dell.com | support.dell.com Set the Aging Time for Dynamic Entries Learned MAC addresses are entered in the table as dynamic entries, which means that they are subject to aging. For any dynamic entry, if no packet arrives on the switch with the MAC address as the source or destination address within the timer period, the address is removed from the table. The default aging time is 1800 seconds. Task Command Syntax Command Mode Disable MAC address aging for all dynamic entries.
• • • • • • • • mac learning-limit dynamic mac learning-limit mac-address-sticky mac learning-limit station-move mac learning-limit no-station-move Learning Limit Violation Actions Station Move Violation Actions Recovering from Learning Limit and Station Move Violations NIC Teaming MAC Address Learning Limit is a method of port security on Layer 2 port-channel and physical interfaces, and VLANs. It enables you to set an upper limit on the number of MAC addresses that learned on an interface/VLAN.
www.dell.com | support.dell.com mac learning-limit dynamic The MAC address table is stored on the Layer 2 FIB region of the CAM. On the S-Series the Layer 2 FIB region allocates space for static MAC address entries and dynamic MAC address entries. When MAC Learning Limit is enabled, entries created on this port are static by default. When you configure the dynamic option, learned MAC addresses are stored in the dynamic region and are subject to aging.
mac learning-limit no-station-move The no-station-move option, also known as “sticky MAC,” provides additional port security by preventing a station move. When this option is configured, the first entry in the table is maintained instead of creating a new entry on the new interface. no-station-move is the default behavior. Entries created before this option is set are not affected.
www.dell.com | support.dell.com no-station-move is the default behavior (Refer to mac learning-limit no-station-move on page 503). You can configure the system to take an action if a station move occurs using one the following options with the mac learning-limit command:. Task Command Syntax Command Mode Generate a system log message indicating a station move. station-move-violation log INTERFACE Shut down the first port to learn the MAC address.
NIC Teaming NIC teaming is a feature that allows multiple network interface cards in a server to be represented by one MAC address and one IP address in order to provide transparent redundancy, balancing, and to fully utilize network adapter resources. Figure 26-1 shows a topology where two NICs have been teamed together. In this case, if the primary NIC fails, traffic switches to the secondary NIC, since they are represented by the same set of addresses. Figure 26-1.
www.dell.com | support.dell.com Figure 26-2. Configuring mac-address-table station-move refresh-arp Command X MAC: A:B:C:D A:B IP: 1.1.1.
Figure 26-3. Configuring Redundant Layer 2 Pairs without Spanning Tree Redundant links create a switching loop. Without STP broadcast storms occurs.
www.dell.com | support.dell.com Important Points about Configuring Redundant Pairs • You may not configure any interface to be a backup for more than one interface, no interface can have more than one backup, and a backup interface may not have a backup interface. Neither the active nor the backup interface may be a member of a LAG. The active and standby do not have to be of the same type (1G, 10G, etc).
Far-end Failure Detection Z Far-end Failure Detection is supported on platforms: Far-end Failure Detection (FEFD) is a protocol that senses remote data link errors in a network. It responds by sending a unidirectional report that triggers an echoed response after a specified time interval. FEFD can be enabled globally or locally on an interface basis. Disabling the global FEFD configuration does not disable the interface configuration. Figure 26-5.
www.dell.com | support.dell.com FEFD state changes FEFD has two operational modes, Normal and Aggressive. When Normal mode is enabled on an interface an a far-end failure is detected, no intervention is required to reset the interface to bring it back to an FEFD operational state.When Aggressive mode is enabled on an interface in the same state, manual intervention is required to reset the interface.
Configuring FEFD You can configure FEFD for all interfaces from CONFIGURATION mode, or on individual interfaces from INTERFACE mode. Enable FEFD Globally To enable FEFD globally on all interfaces enter the command fefd-global in CONFIGURATION mode. Report interval frequency and mode adjustments can be made by supplementing this command as well.
www.dell.com | support.dell.com To disable FEFD protocol on one interface, enter the command fefd disable in INTERFACE mode. Disabling an interface will shut down all protocols working on that interface’s connected line, and will not delete your previous FEFD configuration which can be enabled again at any time.
Figure 26-9.
514 | Layer 2 www.dell.com | support.dell.
27 Link Layer Discovery Protocol (LLDP) Link Layer Discovery Protocol (LLDP) is supported only on the following platforms: s z This chapter contains the following sections: • • • 802.1AB (LLDP) Overview TIA-1057 (LLDP-MED) Overview Configuring LLDP 802.1AB (LLDP) Overview Link Layer Discovery Protocol (LLDP)—defined by IEEE 802.1AB—is a protocol that enables a LAN device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN infrastructure devices.
www.dell.com | support.dell.com Figure 27-1. Type, Length, Value (TLV) Segment TLV Header TLV Type (1-127) TLV Length Value 9 bits 7 bits 0-511 octets Chassis ID Sub-type Chassis ID fnC0057mp 1- 255 octets 1 octet TLVs are encapsulated in a frame called an LLDP Data Unit (LLDPDU) (Figure 27-2), which is transmitted from one LLDP-enabled device to its LLDP-enabled neighbors. LLDP is a one-way protocol.
Optional TLVs FTOS supports the following optional TLVs: • • • Management TLVs IEEE 802.1 and 802.3 Organizationally Specific TLVs TIA-1057 Organizationally Specific TLVs Management TLVs A Management TLV is an Optional TLVs sub-type. This kind of TLV contains essential management information about the sender. The five types are described in Table 27-2. Organizationally Specific TLVs Organizationally specific TLVs can be defined by a professional organization or a vendor.
www.dell.com | support.dell.com IEEE Organizationally Specific TLVs Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups (Table 27-2) as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Networkingsystem to advertise any or all of these TLVs. Table 27-2. Optional TLV Types Type TLV Description Optional TLVs 4 Port description A user-defined alphanumeric string that describes the port. FTOS does not currently support this TLV.
TIA-1057 (LLDP-MED) Overview Link Layer Discovery Protocol—Media Endpoint Discovery (LLDP-MED)—as defined by ANSI/ TIA-1057— provides additional organizationally specific TLVs so that endpoint devices and network connectivity devices can advertise their characteristics and configuration information; the OUI for the Telecommunications Industry Association (TIA) is 00-12-BB.
www.dell.com | support.dell.com Table 27-3.
Figure 27-4. TLV Type (127) LLDP-MED Capabilities TLV TLV Length (7) Organizationally Organizationally Unique ID Defined Sub-type (00-12-BB) (1) LLDP-MED Capabilites (00000000 00001111) LLDP-MED Device Type (4) fnC0053mp 7 bits Table 27-4.
www.dell.com | support.dell.com The application type is a represented by an integer (the Type integer in Table 27-6), which indicates a device function for which a unique network policy is defined. An individual LLDP-MED Network Policy TLV is generated for each application type that you specify with the FTOS CLI (Advertising TLVs on page 525).
Extended Power via MDI TLV The Extended Power via MDI TLV enables advanced PoE management between LLDP-MED endpoints and network connectivity devices. Advertise the Extended Power via MDI on all ports that are connected to an 802.3af powered, LLDP-MED endpoint device. • • • • Power Type—there are two possible power types: Power Sourcing Entity (PSE) or Power Device (PD). The Dell Networking system is a PSE, which corresponds to a value of 0, based on the TIA-1057 specification.
www.dell.com | support.dell.com Important Points to Remember • • • • • LLDP is disabled by default. Dell Networking systems support up to 8 neighbors per interface. Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by 8 exceeds the maximum, the system will not configure more than 8000. INTERFACE level configurations override all CONFIGURATION level configurations. LLDP is not hitless.
Enabling LLDP LLDP is disabled by default. LLDP can be enabled and disabled globally or per interface. If LLDP is enabled globally, all up interfaces send periodic LLDPDUs. To enable LLDP: Step Task Command Command Mode 1 Enter Protocol LLDP mode. protocol lldp CONFIGURATION or INTERFACE 2 Enable LLDP. no disable PROTOCOL LLDP Disabling and Undoing LLDP • • Disable LLDP globally or for an interface using the command disable.
www.dell.com | support.dell.com Step 2 Task Command Command Mode Advertise one or more TLVs. Include the keyword for each TLV you want to advertise. • For management TLVs: system-capabilities, system-description • For 802.1 TLVs: port-protocol-vlan-id, port-vlan-id, vlan-name • For 802.
Figure 27-9. Viewing LLDP Global Configurations R1(conf)#protocol lldp R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description hello 10 no disable R1(conf-lldp)# Figure 27-10.
www.dell.com | support.dell.com Figure 27-12.
Configuring Transmit and Receive Mode Once LLDP is enabled, Dell Networking systems transmit and receive LLDPDUs by default. You can configure the system—at CONFIGURATION level or INTERFACE level—to transmit only by executing the command mode tx, or receive only by executing the command mode rx. Return to the default with the no mode command (Figure 27-14). Figure 27-14.
www.dell.com | support.dell.com Figure 27-15.
Figure 27-17. Relevant Management Objects FTOS supports all IEEE 802.1AB MIB objects. • • • • Table 27-7 lists the objects associated with received and transmitted TLVs. Table 27-8 lists the objects associated with the LLDP configuration on the local agent. Table 27-9 lists the objects associated with IEEE 802.1AB Organizationally Specific TLVs. Table 27-10 lists the objects associated with received and transmitted LLDP-MED TLVs.
www.dell.com | support.dell.com Table 27-7.
Table 27-8.
www.dell.com | support.dell.com Table 27-9. LLDP 802.1 Organizationally Specific TLV MIB Objects TLV Type TLV Name TLV Variable System LLDP MIB Object 127 Port-VLAN ID PVID Local lldpXdot1LocPortVlanId Remote lldpXdot1RemPortVlanId 127 Port and Protocol VLAN ID port and protocol VLAN supported Local port and protocol VLAN enabled PPVID 127 VLAN Name VID VLAN name length VLAN name Table 27-10.
Table 27-10.
www.dell.com | support.dell.com Table 27-10.
28 Multicast Source Discovery Protocol (MSDP) Multicast Source Discovery Protocol (MSDP) is supported on the following platforms: z. Protocol Overview Multicast Source Discovery Protocol (MSDP) is a Layer 3 protocol that connects IPv4 PIM-SM domains. A domain in the context of MSDP is contiguous set of routers operating PIM within a common boundary defined by an exterior gateway protocol, such as BGP. Each RP peers with every other RP via TCP.
Multicast Source Discovery Protocol + + P 3 MPC IG Receiver OS PF + PI M PC 2 Source MP IG 4/1 AS Y Area 0 R4 4/31 2/1 + PI M AS X Area 0 OS PF www.dell.com | support.dell.com Figure 28-1. BGP R2 2/11 3/21 3/41 R3 P Pe MSD 1/21 1/2 R1 ersh ip RP RP1 1/1 PC 1 Receiver RPs advertise each (S,G) in its domain in Type, Length, Value (TLV) format. The total number of TLVs contained in the SA is indicated in the “Entry Count” field.
evenly spaced around the network, an equal number of sources register with each RP. Consequently, all the RPs in the network share the process of registering the sources equally. Since a source may register with one RP and receivers may join to a different RP, a method is needed for the RPs to exchange information about active sources. This information exchange is done with MSDP. With Anycast RP, all the RPs are configured to be MSDP peers of each other.
www.dell.com | support.dell.
interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown interface GigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown interface GigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown interface GigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown 1/1 1/21 PC 1 : 10.11.3.2/24 R1 1/2 interface Loopback 0 ip address 192.168.0.2/32 no shutdown interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.0.
Multicast Source Discovery Protocol (MSDP) router ospf 1 network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 192.168.0.1/32 area 0 network 10.11.3.0/24 area 0 R1 1/2 PC 1 1/1 1/21 R2 2/11 2/1 PC 2 2/31 R3 3/21 OS PF 3/41 router bgp 200 redistribute ospf 1 neighbor 192.168.0.2 remote-as 100 neighbor 192.168.0.2 ebgp-multihop 255 neighbor 192.168.0.2 update-source Loopback 0 neighbor 192.168.0.2 no shutdown router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.
M PI P GM +I R1 1/2 RP1 PC 2 Receiver: 239.0.0.1 1/1 1/21 ip pim rp-address 192.168.0.1 group-address 224.0.0.0/4 ip multicast routing AS 100 R2 2/31 R3 3/41 4/31 R4 AS 200 ip pim rp-address 192.168.0.3 group-address 224.0.0.0/4 ip multicast-routing ip pim rp-address 192.168.0.3 group-address 224.0.0.0/4 ip multicast-routing 4/1 P GM + I PC 3 Receiver: 239.0.0.1 RP2 3/21 M PI ip pim rp-address 192.168.0.1 group-address 224.0.0.
Multicast Source Discovery Protocol (MSDP) R1_E600(conf)#do show ip msdp sa-cache MSDP Source-Active Cache - 1 entries GroupAddr SourceAddr RPAddr LearnedFrom Expire UpTime 239.0.0.1 10.11.4.2 192.168.0.1 local 95 16:49:25 (10.11.4.2, 239.0.0.1), uptime 1d16h, expires 00:03:12, flags: CTA Incoming interface: GigabitEthernet 1/21, RPF neighbor 10.11.1.21 Outgoing interface list: GigabitEthernet 1/1 Forward/Sparse 22:26:37/Never (*, 239.0.0.1), uptime 22:26:37, expires 00:00:00, RP 192.168.0.
Enable MSDP Enable MSDP by peering RPs in different administrative domains. Step Task Command Syntax Command Mode 1 Enable MSDP. ip multicast-msdp CONFIGURATION 2 PeerPIM systems in different administrative domains. ip msdp peer connect-source CONFIGURATION Figure 28-7. Configuring an MSDP Peer R3_E600(conf)#ip multicast-msdp R3_E600(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3_E600(conf)#do show ip msdp summary Peer Addr 192.168.0.1 Local Addr 192.168.0.
www.dell.com | support.dell.com • • RPs can transmit SA messages periodically to prevent SA storms, and only sources that are in the cache are advertised in the SA to prevent transmitting multiple copies of the same source information. View the Source-active Cache Task Command Syntax Command Mode View the SA cache. show ip msdp sa-cache EXEC Privilege Figure 28-9.
• • the peer RP is unreachable, or because of an SA message format error. Task Command Syntax Command Mode Cache rejected sources. ip msdp cache-rejected-sa CONFIGURATION Accept Source-active Messages that fail the RFP Check A default peer is a peer from which active sources are accepted even though they fail the RFP check. • • • • In Scenario 1 of Figure 28-10, all MSPD peers are up.
MSDP Default Peer Scenario 1 Scenario 2 RP5 RP4 RP5 RP4 (S5, G5) (S4, G4) (S3, G3) (S2, G2) (S5, G5) MSDP Peership MSDP Peership (S4, G4) (S2, G2) RP3 RP2 (S3, G3) RP2 Pe er RP3 sh ip il Fa www.dell.com | support.dell.com Figure 28-10.
Task Command Syntax Command Mode Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the the RPF check. If you do not specify an access list, the peer accepts all sources advertised by that peer. All sources from RPs denied by the ACL are subjected to the normal RPF check. ip msdp default-peer ip-address list CONFIGURATION Figure 28-11. Accepting Source-active Messages with FTOS(conf)#ip msdp peer 10.0.50.
www.dell.com | support.dell.com Prevent MSDP from Caching a Local Source You can prevent MSDP from caching an active source based on source and/or group. Since the source is not cached, it is not advertised to remote RPs. Task Command Syntax Command Mode OPTIONAL: Cache sources that are denied by the redistribute list in the rejected SA cache. ip msdp cache-rejected-sa CONFIGURATION Prevent the system from caching local SA entries based on source and group using an extended ACL.
Prevent MSDP from Caching a Remote Source Task Command Syntax Command Mode OPTIONAL: Cache sources that are denied by the SA filter in the rejected SA cache. ip msdp cache-rejected-sa CONFIGURATION Prevent the system from caching remote sources learned from a specific peer based on source and group. ip msdp sa-filter list out peer list ext-acl CONFIGURATION In Figure 28-14, R1 is advertising source 10.11.4.2. It is already in the SA cache of R3 when an ingress SA filter is applied to R3.
www.dell.com | support.dell.com Prevent MSDP from Advertising a Local Source Task Command Syntax Command Mode Prevent an RP from advertising a source in the SA cache. ip msdp sa-filter list in peer list ext-acl CONFIGURATION In Figure 28-14, R1 stops advertising source 10.11.4.2. Since it is already in the SA cache of R3, the entry remains there until it expires. Figure 28-14.
Log Changes in Peership States Task Command Syntax Command Mode Log peership state changes. ip msdp log-adjacency-changes CONFIGURATION Terminate a Peership MSDP uses TCP as its transport protocol. In a peering relationship, the peer with the lower IP address initiates the TCP session, while the peer with the higher IP address listens on port 639. Task Command Syntax Command Mode Terminate the TCP connection with a peer.
www.dell.com | support.dell.com Clear Peer Statistics Task Command Syntax Command Mode Reset the TCP connection to the peer and clear all peer statistics. clear ip msdp peer peer-address CONFIGURATION Figure 28-16. Clearing Peer Statistics R3_E600(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 192.168.0.
Use undebug all to disable all debugging. Figure 28-17. Debugging MSDP R1_E600(conf)#do debug ip msdp All MSDP debugging has been turned on R1_E600(conf)#03:16:08 : MSDP-0: Peer 03:16:09 : MSDP-0: Peer 192.168.0.3, 03:16:27 : MSDP-0: Peer 192.168.0.3, 03:16:38 : MSDP-0: Peer 192.168.0.3, 03:16:39 : MSDP-0: Peer 192.168.0.3, 03:17:09 : MSDP-0: Peer 192.168.0.3, 03:17:10 : MSDP-0: Peer 192.168.0.3, 03:17:27 : MSDP-0: Peer 192.168.0.3, Input (S,G) filter: none Output (S,G) filter: none 192.168.0.
MSDP with Anycast RP (10.11.4.2, 239.0.0.1), uptime 00:00:52, expires 00:03:20, flags: FTA Incoming interface: GigabitEthernet 2/1, RPF neighbor 0.0.0.0 Outgoing interface list: GigabitEthernet 2/11 Forward/Sparse 00:00:50/00:02:40 GigabitEthernet 2/31 Forward/Sparse 00:00:50/00:02:40 PI M AS X Area 0 + + MP IG PC 3 Receiver OS PF + PI M PC 2 Source MP IG 4/1 R4 4/31 + 2/1 OS PF www.dell.com | support.dell.com Figure 28-18. BGP (*, 239.0.0.1), uptime 00:00:23, expires 00:00:00, RP 192.
Reducing Source-active Message Flooding RPs flood source-active messages to all of their peers away from the RP. When multiple RPs exist within a domain, the RPs forward received active source information back to the originating RP, which violates the RFP rule. You can prevent this unnecessary flooding by creating a mesh-group. A mesh in this context is a topology in which each RP in a set of RPs has a peership with all other RPs in the set.
www.dell.com | support.dell.com Figure 28-19. 558 R1 Configuration for MSDP with Anycast RP ip multicast-routing ! interface TengigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown ! interface TengigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface TengigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! interface Loopback 1 ip address 192.168.0.
Figure 28-20. R2 Configuration for MSDP with Anycast RP ip multicast-routing ! interface TengigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.1/24 no shutdown ! interface TengigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.1.21/24 no shutdown ! interface TengigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.0.23/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! interface Loopback 1 ip address 192.168.0.
www.dell.com | support.dell.com Figure 28-21. R3 Configuration for MSDP with Anycast RP ip multicast-routing ! interface TengigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown interface TengigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown ! router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.
Figure 28-22. MSDP Sample Configuration: R1 Running-config ip multicast-routing ! interface TengigabitEthernet 1/1 ip pim sparse-mode ip address 10.11.3.1/24 no shutdown ! interface TengigabitEthernet 1/2 ip address 10.11.2.1/24 no shutdown ! interface TengigabitEthernet 1/21 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! router ospf 1 network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 192.168.0.
www.dell.com | support.dell.com Figure 28-23. 562 MSDP Sample Configuration: R2 Running-config ip multicast-routing ! interface TengigabitEthernet 2/1 ip pim sparse-mode ip address 10.11.4.1/24 no shutdown ! interface TengigabitEthernet 2/11 ip pim sparse-mode ip address 10.11.1.21/24 no shutdown ! interface TengigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.0.23/24 no shutdown ! interface Loopback 0 ip address 192.168.0.2/32 no shutdown ! router ospf 1 network 10.11.1.0/24 area 0 network 10.
Figure 28-24. MSDP Sample Configuration: R3 Running-config ip multicast-routing ! interface TengigabitEthernet 3/21 ip pim sparse-mode ip address 10.11.0.32/24 no shutdown ! interface TengigabitEthernet 3/41 ip pim sparse-mode ip address 10.11.6.34/24 no shutdown ! interface ManagementEthernet 0/0 ip address 10.11.80.3/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.3/32 no shutdown ! router ospf 1 network 10.11.6.0/24 area 0 network 192.168.0.
www.dell.com | support.dell.com Figure 28-25. 564 MSDP Sample Configuration: R4 Running-config ip multicast-routing ! interface TengigabitEthernet 4/1 ip pim sparse-mode ip address 10.11.5.1/24 no shutdown ! interface TengigabitEthernet 4/22 ip address 10.10.42.1/24 no shutdown ! interface TengigabitEthernet 4/31 ip pim sparse-mode ip address 10.11.6.43/24 no shutdown ! interface Loopback 0 ip address 192.168.0.4/32 no shutdown ! router ospf 1 network 10.11.5.0/24 area 0 network 10.11.6.
29 Multiple Spanning Tree Protocol (MSTP) Multiple Spanning Tree Protocol (MSTP) is supported on the following platforms: s z Protocol Overview Multiple Spanning Tree Protocol (MSTP)—specified in IEEE 802.1Q-2003—is an RSTP-based spanning tree variation that improves on PVST+. MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances. In contrast, PVST+ allows a spanning tree instance for each VLAN.
www.dell.com | support.dell.com FTOS supports three other variations of Spanning Tree, as shown in Table 44. Table 29-1. FTOS Supported Spanning Tree Protocols Dell Force10Term IEEE Specification Spanning Tree Protocol 802.1d Rapid Spanning Tree Protocol 802.1w Multiple Spanning Tree Protocol 802.1s Per-VLAN Spanning Tree Plus Third Party Implementation Information • • • • • The FTOS MSTP implementation is based on IEEE 802.
• Enable SNMP traps for RSTP, MSTP, and PVST+ collectively using the command snmp-server enable traps xstp. Enable Multiple Spanning Tree Globally MSTP is not enabled by default. To enable MSTP: Step Task Command Syntax Command Mode 1 Enter PROTOCOL MSTP mode. protocol spanning-tree mstp CONFIGURATION 2 Enable MSTP. no disable PROTOCOL MSTP Verify that MSTP is enabled using the show config command from PROTOCOL MSTP mode, as shown in Figure 29-2. Figure 29-2.
www.dell.com | support.dell.com Create an MSTI using the command msti from PROTOCOL MSTP mode. Specify the keyword vlan followed by the VLANs that you want to participate in the MSTI, as shown in Figure 29-3. Figure 29-3.
Influence MSTP Root Selection MSTP determines the root bridge, but you can assign one bridge a lower priority to increase the probability that it will become the root bridge. To change the bridge priority: Task Command Syntax Command Mode Assign a number as the bridge priority. A lower number increases the probability that the bridge becomes the root bridge.
www.dell.com | support.dell.com To change the region name or revision: Task Command Syntax Command Mode Change the region name. name name PROTOCOL MSTP Change the region revision number. • Range: 0 to 65535 • Default: 0 revision number PROTOCOL MSTP View the current region name and revision using the command show spanning-tree mst configuration from EXEC Privilege mode, as shown in Figure 29-6. Figure 29-6.
Task Command Syntax Command Mode Change the hello-time parameter. hello-time seconds PROTOCOL MSTP Change the max-age parameter. Range: 6 to 40 Default: 20 seconds max-age seconds PROTOCOL MSTP Change the max-hops parameter. Range: 1 to 40 Default: 20 max-hops number PROTOCOL MSTP Note: With large configurations (especially those with more ports) Dell Force10 recommends that you increase the hello-time.
www.dell.com | support.dell.com Table 29-2. MSTP Default Port Cost Values Port Cost Default Value 10-Tengigabit Ethernet interfaces 2000 Port Channel with 100 Mb/s Ethernet interfaces 180000 Port Channel with 1-Tengigabit Ethernet interfaces 18000 Port Channel with 10-Tengigabit Ethernet interfaces 1800 To change the port cost or priority of an interface: Task Command Syntax Command Mode Change the port cost of an interface. Range: 0 to 200000 Default: Refer to Table 29-2.
Verify that EdgePort is enabled on a port using the command show config from the INTERFACE mode, as shown in Figure 29-8. FTOS Behavior: Regarding bpduguard shutdown-on-violation behavior: 1If the interface to be shutdown is a port channel then all the member ports are disabled in the hardware. 2When a physical port is added to a port channel already in error disable state, the new member port will also be disabled in the hardware.
www.dell.com | support.dell.com Figure 29-9. MSTP with Three VLANs Mapped to Two Spanning Tree Instances root R1 R2 1/2 Forwarding 2/1 2/3 Blocking 1/3 3/1 3/2 R3 Figure 29-10.
Figure 29-11.
www.dell.com | support.dell.com Figure 29-12.
Figure 29-13.
www.dell.com | support.dell.com Figure 29-14. Displaying BPDUs and Events FTOS#debug spanning-tree mstp bpdu 1w1d17h : MSTP: Sending BPDU on Te 1/31 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x68 CIST Root Bridge Id: 32768:0001.e806.953e, Ext Path Cost: 20000 Regional Bridge Id: 32768:0001.e809.c24a, CIST Port Id: 128:384 Msg Age: 2, Max Age: 20, Hello: 2, Fwd Delay: 15, Ver1 Len: 0, Ver3 Len: 96 Name: my-mstp-region, Rev: 0, Int Root Path Cost: 20000 Rem Hops: 19, Bridge Id: 32768:0001.e80d.
Figure 29-15. Sample Output for show running-configuration spanning-tree mstp command FTOS#show run spanning-tree mstp ! protocol spanning-tree mstp name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 Figure 29-16. Displaying BPDUs and Events - Debug Log of Successful MSTP Configuration FTOS#debug spanning-tree mstp bpdu MSTP debug bpdu is ON FTOS# 4w0d4h : MSTP: Sending BPDU on Te 2/21 : ProtId: 0, Ver: 3, Bpdu Type: MSTP, Flags 0x6e CIST Root Bridge Id: 32768:0001.e806.
www.dell.com | support.dell.
30 Multicast Features Multicast Features are supported on the following platforms: s z This chapter contains the following sections: • • • • Enable IP Multicast Multicast with ECMP Multicast Policies Permit or deny PIM Join/Prune messages on an interface using an extended IP access list. Use the command ip pim join-filter to prevent the PIM SM router from creating state based on multicast source and/or group.
www.dell.com | support.dell.com Multicast with ECMP Dell Networking multicast uses Equal-cost Multi-path (ECMP) routing to load-balance multiple streams across equal cost links. When creating the shared-tree Protocol Independent Multicast (PIM) uses routes from all configured routing protocols to select the best route to the rendezvous point (RP). If there are multiple, equal-cost paths, the PIM selects the route with the least number of currently running multicast streams.
• • IPv4 Multicast Policies Permit or deny PIM Join/Prune messages on an interface using an extended IP access list. Use the command ip pim join-filter to prevent the PIM SM router from creating state based on multicast source and/or group.
www.dell.com | support.dell.com Note: The multicast host table is used to store multicast routes and is a separate hardware limit that is exists per port-pipe. Any software-configured limit might be superseded by this hardware space limitation. The opposite is also true, the CAM partition might not be exhausted at the time the system-wide route limit set by the ip multicast-limit is reached.
ip igmp snooping enable interface Vlan 400 ip pim sparse-mode ip address 10.11.4.1/24 untagged GigabitEthernet 1/2 ip igmp access-group igmpjoinfilR2G2 no shutdown (*, 239.0.0.1), uptime 00:00:06, expires 00:00:00, RP 10.11.12.2, flags: SCJ Incoming interface: GigabitEthernet 1/21, RPF neighbor 10.11.12.2 Outgoing interface list: Vlan 400 Forward/Sparse 00:00:06/Never interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.23.1/24 no shutdown RP 2/1 R1 3/21 3/1 Source 1 10.11.5.
www.dell.com | support.dell.com Rate Limit IGMP Join Requests If you expect a burst of IGMP Joins, protect the IGMP process from overload by limiting that rate at which new groups can be joined using the command ip igmp group-join-limit from INTERFACE mode. Hosts whose IGMP requests are denied will use the retry mechanism built-in to IGMP so that they’re membership is delayed rather than permanently denied.
(10.11.5.2, 239.0.0.2), uptime 00:00:33, expires 00:03:07, flags: CT Incoming interface: GigabitEthernet 1/31, RPF neighbor 10.11.13.2 Outgoing interface list: Vlan 300 Forward/Sparse 00:00:40/Never (*, 239.0.0.2), uptime 00:00:40, expires 00:00:00, RP 10.11.12.2, flags: SCJ Incoming interface: GigabitEthernet 1/21, RPF neighbor 10.11.12.2 Outgoing interface list: Vlan 300 Forward/Sparse 00:00:40/Never (10.11.5.2, 239.0.0.
www.dell.com | support.dell.com Prevent a PIM Router from Processing a Join 588 Permit or deny PIM Join/Prune messages on an interface using an extended IP access list. Use the command ip pim join-filter to prevent the PIM SM router from creating state based on multicast source and/ or group.
31 Open Shortest Path First (OSPFv2) Open Shortest Path First (OSPFv2) is supported on the following platforms: z.
www.dell.com | support.dell.com Autonomous System (AS) Areas OSPF operate in a type of hierarchy. The largest entity within the hierarchy is the autonomous system (AS), which is a collection of networks under a common administration that share a common routing strategy. OSPF is an intra-AS (interior gateway) routing protocol, although it is capable of receiving routes from and sending routes to other ASs.
Area Types The Backbone of the network is Area 0. It is also called Area 0.0.0.0 and is the core of any Autonomous System (AS). All other areas must connect to Area 0. Areas can be defined in such a way that the backbone is not contiguous. In this case, backbone connectivity must be restored through virtual links. Virtual links are configured between any backbone routers that share a link to a non-backbone area and function as if they were direct links.
www.dell.com | support.dell.com Figure 31-2 gives some examples of the different router designations. Figure 31-2.
Area Border Router (ABR) Within an AS, an Area Border (ABR) connects one or more areas to the Backbone. The ABR keeps a copy of the link-state database for every area it connects to, so it may keep multiple copies of the link state database. An Area Border Router (ABR) takes information it has learned on one of its attached areas and can summarize it before sending it out on other areas it is connected to. An ABR can connect to many areas in an AS, and is considered a member of each area it connects to.
www.dell.com | support.dell.com Link-State Advertisements (LSAs) A Link-State Advertisement (LSA) communicates the router's local routing topology to all other local routers in the same area. The LSA types supported by Dell Networking are defined as follows: • • • • • • • Type 1 - Router LSA • The router lists links to other routers or networks in the same area. Type 1 LSAs are flooded across their own area only. The Link-State ID of the Type 1 LSA is the originating router ID.
• 4: virtual link neighboring router ID LSA throttling LSA throttling provides configurable interval timers to improve OSPF convergence times. The default OSPF static timers (5 seconds for transmission, 1 second for acceptance) ensure sufficient time for sending and resending LSAs and for system acceptance of arriving LSAs. However, some networks may require reduced intervals for LSA transmission and acceptance. The throttling timers allow for this improved convergence times.
www.dell.com | support.dell.com Figure 31-3. Priority and Costs Example Implementing OSPF with FTOS FTOS supports up to 10,000 OSPF routes. Within that 10,000 up to 8,000 routes can be designated as external and up to 2,000 designated as inter/intra area routes. FTOS version 7.8.1.0 and later support multiple OSPF processes (OSPF MP). The Z-Series supports up to 3 OSPF processes simultaneously. The S-Series supports up to 16 processes simultaneously.
• • NSSA External (type 7) Opaque Link-local (type 9) Fast Convergence (OSPFv2, IPv4 only) Fast Convergence allows you to define the speeds at which LSAs are originated and accepted, and reduce OSPFv2 end-to-end convergence time. FTOS enables you to accept and originate LSAa as soon as they are available to speed up route information propagation. Note that the faster the convergence, the more frequent the route calculations and updates.
www.dell.com | support.dell.com By default, FTOS implements an enhanced flooding procedure which dynamically and intelligently detects when to optimize flooding. Wherever possible, the OSPF task attempts to reduce flooding overhead by selectively flooding on a subset of the interfaces between two routers. If RFC 2328 flooding behavior is required, enable it by using the command flood-2328 in ROUTER OSPF mode. When enabled, this command configures FTOS to flood LSAs on all interfaces.
OSPF Adjacency with Cisco Routers To establish an OSPF adjacency between Dell Networkingand Cisco routers, the hello interval and dead interval must be the same on both routers. In FTOS the OSPF dead interval value is, by default, set to 40 seconds, and is independent of the OSPF hello interval. Configuring a hello interval does not change the dead interval in FTOS. In contrast, the OSPF dead interval on a Cisco router is, by default, four times as long as the hello interval.
www.dell.com | support.dell.com Configuration Task List for OSPFv2 (OSPF for IPv4) Open Shortest Path First version 2 (OSPF for IPv4) is supported on platforms s z 1. Configure a physical interface. Assign an IP address, physical or loopback, to the interface to enable Layer 3 routing. 2. Enable OSPF globally. Assign network area and neighbors. 3. Add interfaces or configure other attributes.
Step Command Syntax Command Mode Usage If using a Loopback interface, refer to Loopback Interfaces on page 372. 2 no shutdown CONFIG-INTERFACE Enable the interface. Return to CONFIGURATION mode to enable the OSPF process. The OSPF Process ID is the identifying number assigned to the OSPF process, and the Router ID is the IP address associated with the OSPF process. . Command Syntax Command Mode Usage router ospf process-id [vrf {vrf name}] CONFIGURATION Enable the OSPFv2 process globally.
www.dell.com | support.dell.com Figure 31-8. Command Example: show ip ospf process-id FTOS#show ip ospf 55555 Routing Process ospf 55555 with ID 10.10.10.10 Supports only single TOS (TOS0) routes SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Number of area in this router is 0, normal 0 stub 0 nssa 0 FTOS# Enable Multi-Process OSPF Multi-Process OSPF allows multiple OSPFv2 processes on a single router. The S-Series supports up to 4 OSPFv2 processes.
If you try to enable more OSPF processes than available Layer 3 interfaces you will see the following message. Message 4 C300(conf)#router ospf 1 % Error: No router ID available. In CONFIGURATION ROUTER OSPF mode, assign the Router ID. The Router ID is not required to be the router’s IP address. Dell Networkingrecommends using the IP address as the Router ID for easier management and troubleshooting.
www.dell.com | support.dell.com Enable OSPFv2 on interfaces Each interface must have OSPFv2 enabled on it. It must be configured for Layer 3 protocol, and not be shutdown. OSPFv2 can also be assigned to a loopback interface as a virtual interface. OSPF functions and features, such as MD5 Authentication, Grace Period, Authentication Wait Time, etc, are assigned on a per interface basis. Note: If using features like MD5 Authentication, ensure all the neighboring routers are also configured for MD5.
Figure 31-10. Command Example: show ip ospf process-id interface FTOS>show ip ospf 1 interface TengigabitEthernet 12/17 is up, line protocol is up Internet Address 10.2.2.1/24, Area 0.0.0.0 Process ID 1, Router ID 11.1.2.1, Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 11.1.2.1, Interface address 10.2.2.1 Backup Designated Router (ID) 0.0.0.0, Interface address 0.0.0.
www.dell.com | support.dell.com Configure stub areas OSPF supports different types of LSAs to help reduce the amount of router processing within the areas. Type 5 LSAs are not flooded into stub areas; the Area Border Router (ABR) advertises a default route into the stub area to which it is attached. Stub area routers use the default route to reach external destinations To ensure connectivity in your OSPFv2 network, never configure the backbone area as a stub area.
Configure LSA throttling timers Configured LSA timers replace the standard transmit and acce4patnce times for LSAs. The LSA throttling timers are configured in milliseconds, with the interval time increasing exponentially until a maximum time has been reached. If the maximum time is reached, the system, the system continues to transmit at the max-interval. If the system is stable for twice the maximum interval time, the system reverts to the start-interval timer and the cycle begins again.
www.dell.com | support.dell.com Use the following command in the ROUTER OSPF mode to suppress the interface’s participation on an OSPF interface. This command stops the router from sending updates on that interface. Command Syntax Command Mode Usage passive-interface {default | interface} CONFIG-ROUTEROSPF-id Specify whether all or some of the interfaces will be passive. Default enabled passive interfaces on ALL interfaces in the OSPF process.
Figure 31-13. Command Example: show ip ospf process-id interface FTOS#show ip ospf 34 int TengigabitEthernet 0/0 is up, line protocol is down Internet Address 10.1.2.100/24, Area 1.1.1.1 Process ID 34, Router ID 10.1.2.100, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DOWN, Priority 1 Designated Router (ID) 10.1.2.100, Interface address 0.0.0.0 Backup Designated Router (ID) 0.0.0.0, Interface address 0.0.0.
www.dell.com | support.dell.com Figure 31-14 shows the convergence settings when fast-convergence is enabled and Figure 31-15 shows settings when fast-convergence is disabled. These displays appear with the show ip ospf command. Figure 31-14. Command Example: show ip ospf process-id (fast-convergence enabled) FTOS(conf-router_ospf-1)#fast-converge 2 FTOS(conf-router_ospf-1)#ex FTOS(conf)#ex FTOS#show ip ospf 1 Routing Process ospf 1 with ID 192.168.67.
Command Syntax Command Mode Usage ip ospf hello-interval seconds CONFIG-INTERFACE Change the time interval between hello-packet transmission. Seconds range: from 1 to 65535 (default is 10 seconds). The hello interval must be the same on all routers in the OSPF network. ip ospf message-digest-key keyid md5 key CONFIG-INTERFACE Use the MD5 algorithm to produce a message digest or key, which is sent instead of the key.
www.dell.com | support.dell.com Figure 31-16. Changing the OSPF Cost Value on an Interface FTOS(conf-if)#ip ospf cost 45 FTOS(conf-if)#show config ! interface TengigabitEthernet 0/0 ip address 10.1.2.100 255.255.255.0 no shutdown ip ospf cost 45 FTOS(conf-if)#end FTOS#show ip ospf 34 interface The change is made on the interface and it is reflected in the OSPF configuration TengigabitEthernet 0/0 is up, line protocol is up Internet Address 10.1.2.100/24, Area 2.2.2.2 Process ID 34, Router ID 10.1.2.
Filter routes To filter routes, use prefix lists. OSPF applies prefix lists to incoming or outgoing routes. Incoming routes must meet the conditions of the prefix lists, and if they do not, OSPF does not add the route to the routing table. Configure the prefix list in CONFIGURATION PREFIX LIST mode prior to assigning it to the OSPF process. Command Syntax Command Mode Usage ip prefix-list prefix-name CONFIGURATION Create a prefix list and assign it a unique name. You are in PREFIX LIST mode.
www.dell.com | support.dell.com Use the following command in CONFIGURATION- ROUTER-OSPF mode to redistribute routes: Command Syntax Command Mode Usage redistribute {bgp | connected | isis | rip | static} [metric metric-value | metric-type type-value] [route-map map-name] [tag tag-value] CONFIG-ROUTEROSPF-id Specify which routes will be redistributed into OSPF process.
• • • show neighbors show virtual links show routes Use the show running-config ospf command to see the state of all the enabled OSPFv2 processes. Command Syntax Command Mode Usage show running-config ospf EXEC Privilege View the summary of all OSPF process IDs enables on the router. Figure 31-18. Command Example: show running-config ospf FTOS#show run ospf ! router ospf 3 ! router ospf 4 router-id 4.4.4.4 network 4.4.4.
www.dell.com | support.dell.com Use the following command in EXEC Privilege mode to view the OSPFv2 configuration for LSA throttling: Command Syntax Command Mode Usage show ip ospf timers rate-limit EXEC Privilege View the LSAs currently in the queue.
OSPF AREA 0 GI 2/1 GI 1/1 GI 2/2 GI 1/2 GI 3/1 router ospf 11111 network 10.0.11.0/24 area 0 network 10.0.12.0/24 area 0 network 192.168.100.0/24 area 0 ! interface TengigabitEthernet 1/1 ip address 10.1.11.1/24 no shutdown ! interface TengigabitEthernet 1/2 ip address 10.2.12.2/24 no shutdown ! interface Loopback 10 ip address 192.168.100.100/24 no shutdown GI 3/2 router ospf 33333 network 192.168.100.0/24 area 0 network 10.0.13.0/24 area 0 network 10.0.23.
www.dell.com | support.dell.
32 PIM Sparse-Mode (PIM-SM) PIM Sparse-Mode (PIM-SM) is supported on the following platforms: s z PIM-Sparse Mode (PIM-SM) is a multicast protocol that forwards multicast traffic to a subnet only upon request using a PIM Join message; this behavior is the opposite of PIM-Dense Mode, which forwards multicast traffic to all subnets until a request to stop. Implementation Information • • • • • The Dell Force10 implementation of PIM-SM is based on the IETF Internet Draft draft-ietf-pim-sm-v2-new-05.
www.dell.com | support.dell.com 1. Upon receiving an IGMP Join message, the receiver gateway router (last-hop DR) creates a (*,G) entry in its multicast routing table for the requested group. The interface on which the join message was received becomes the outgoing interface associated with the (*,G) entry. 2. The last-hop DR sends a PIM Join message to the RP.
4. There are two paths, then, between the receiver and the source, a direct SPT and an RPT. One router will receive a multicast packet on two interfaces from the same source in this case; this router prunes the shared tree by sending a PIM Prune message to the RP that tells all routers between the source and the RP to remove the outgoing interface from the (*,G) entry, and tells the RP to prune its SPT to the source with a Prune message.
www.dell.com | support.dell.com Enable PIM-SM You must enable PIM-SM on each participating interface: Step 1 2 Task Command Command Mode Enable multicast routing on the system. ip multicast-routing CONFIGURATION Enable PIM-Sparse Mode ip pim sparse-mode INTERFACE Display which interfaces are enabled with PIM-SM using the command show ip pim interface from EXEC Privilege mode, as shown in Figure 32-1. Figure 32-1.
Figure 32-3. Viewing the PIM Multicast Routing Table FTOS#show ip pim tib PIM Multicast Routing Table Flags: D - Dense, S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register flag, T - SPT-bit set, J - Join SPT, Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (*, 192.1.2.1), uptime 00:29:36, expires 00:03:26, RP 10.87.2.6, flags: SCJ Incoming interface: TengigabitEthernet 4/12, RPF neighbor 10.87.3.
www.dell.com | support.dell.com Step 3 Task Command Syntax Command Mode Set the expiry time for a specific (S,G) entry (Figure 32-4). Range 211-86400 seconds Default: 210 ip pim sparse-mode sg-expiry-timer seconds sg-list access-list-name CONFIGURATION Note: The expiry time configuration is nullified, and the default global expiry time is used if: • • an ACL is specified for an in the ip pim sparse-mode sg-expiry-timer command, but the ACL has not been created or is a standard ACL.
Override Bootstrap Router Updates PIM-SM routers need to know the address of the RP for each group for which they have (*,G) entry. This address is obtained automatically through the bootstrap router (BSR) mechanism or a static RP configuration. If you have configured a static RP for a group, use the option override with the command ip pim rp-address to override bootstrap router updates with your static RP configuration.
www.dell.com | support.dell.com Create Multicast Boundaries and Domains A PIM domain is a contiguous set of routers that all implement PIM and are configured to operate within a common boundary defined by PIM Multicast Border Routers (PMBRs). PMBRs connect each PIM domain to the rest of the internet. Create multicast boundaries and domains by filtering inbound and outbound Bootstrap Router (BSR) messages per interface, use the ip pim bsr-border command.
Debugging PIM Use any of the commands in EXEC Privilege mode to enable PIM debugging. Command Syntax Command Mode Purpose debug ip pim [bsr |events | group |interface | packet | register | state| timer] EXEC Privilege View all information on PIM, including pim events, pim register, pim states, pim bsr and pim timers. FTOS displays debug messages on the console. To view which debugging commands are enabled, use the show debugging command in EXEC Privilege mode.
628 | PIM Sparse-Mode (PIM-SM) www.dell.com | support.dell.
33 PIM Source-Specific Mode (PIM-SSM) PIM Source-Specific Mode (PIM-SSM) is supported on the following platforms: s z PIM-Source-Specific Mode (PIM-SSM) is a multicast protocol that forwards multicast traffic from a single source to a subnet. In the other versions of Protocol Independent Multicast (PIM), a receiver subscribes to a group only. The receiver receives traffic not just from the source in which it is interested but from all sources sending to that group.
630 | PIM Source-Specific Mode (PIM-SSM) (10.11.5.2, 239.0.0.2), uptime 00:00:36, expires 00:03:14, flags: CT Incoming interface: GigabitEthernet 1/31, RPF neighbor 10.11.13.2 Outgoing interface list: Vlan 300 Forward/Sparse 00:02:12/Never interface Vlan 400 ip pim sparse-mode ip address 10.11.4.1/24 untagged GigabitEthernet 1/2 ip igmp version 3 no shutdown interface GigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.23.1/24 no shutdown RP 2/1 R1 3/21 3/1 Source 1 10.11.5.
Implementation Information • • • The Dell Networking implementation of PIM-SSM is based on RFC 3569. S-Series supports a maximum of 31 PIM interfaces and 2K multicast entries including (*,G), and (S,G) entries. There is no limit on the number of PIM neighbors S-Series can have. FTOS reduces the number of control messages sent between multicast routers by bundling Join and Prune requests in the same message. Important Points to Remember • • • The default SSM range is 232/8 always.
www.dell.com | support.dell.com Display address ranges in the PIM-SSM range using the command show ip pim ssm-range from EXEC Privilege mode. Figure 33-2. Enabling PIM-SSM R1(conf)#do show run pim ! ip pim rp-address 10.11.12.2 group-address 224.0.0.0/4 ip pim ssm-range ssm R1(conf)#do show run acl ! ip access-list standard ssm seq 5 permit host 239.0.0.2 R1(conf)#do show ip pim ssm-range Group Address / MaskLen 239.0.0.
interface Vlan 400 ip pim sparse-mode ip address 10.11.4.1/24 untagged GigabitEthernet 1/2 ip igmp version 3 no shutdown ip igmp snooping enable (10.11.5.2, 239.0.0.2), uptime 00:00:33, expires 00:00:00, flags: CJ Incoming interface: GigabitEthernet 1/31, RPF neighbor 10.11.13.2 Outgoing interface list: Vlan 300 Forward/Sparse 00:00:33/Never (10.11.5.2, 239.0.0.1), uptime 00:01:50, expires 00:03:28, flags: CT Incoming interface: GigabitEthernet 1/31, RPF neighbor 10.11.13.
www.dell.com | support.dell.com Figure 33-4. Configuring PIM-SSM with IGMPv2 R1(conf)#do show run pim ! ip pim rp-address 10.11.12.2 group-address 224.0.0.0/4 ip pim ssm-range ssm R1(conf)#do show run acl ! ip access-list standard map seq 5 permit host 239.0.0.2 ! ip access-list standard ssm seq 5 permit host 239.0.0.2 R1(conf)#ip igmp ssm-map map 10.11.5.2 R1(conf)#do show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Mode 239.0.0.
34 Port Monitoring Port Monitoring is supported on the following platforms: s z Port Monitoring, also known as Port Mirroring, is a feature that copies all incoming or outgoing packets on one port and forwards (mirrors) them to another port. The source port is the monitored port (MD) and the destination port is the monitoring port (MG). Port Monitoring functionality is different between platforms, but the behavior is the same, with highlighted exceptions.
www.dell.com | support.dell.com Table 34-1 lists the maximum number of monitoring sessions per system. For the S-Series, the total number of sessions is derived by consuming a unique destination port in each session, in each port-pipe. Table 34-1.
Figure 34-1. Number of Monitoring Ports on the S-Series FTOS#show mon session SessionID Source Destination Direction Mode ----------------------------------0 Te 0/13 Te 0/1 rx interface 10 Te 0/14 Te 0/2 rx interface 20 Te 0/15 Te 0/3 rx interface 30 Te 0/16 Te 0/37 rx interface FTOS(conf)#mon ses 300 FTOS(conf-mon-sess-300)#source te 0/17 destination te 0/4 direction tx % Error: Exceeding max MG ports for this MD port pipe.
www.dell.com | support.dell.com Figure 34-3.
FTOS Behavior: The S-Series continue to mirror outgoing traffic even after an MD participating in Spanning Tree Protocol transitions from the forwarding to blocking. Configuring Port Monitoring To configure port monitoring: Step Task Command Syntax Command Mode 1 Verify that the intended monitoring port has no configuration other than no shutdown, as shown in Figure 34-5.
www.dell.com | support.dell.com Figure 34-6.
35 Private VLANs FTOS 7.8.1.0 adds a Private VLAN (PVLAN) feature for the S-Series: s z For syntax details on the commands discussed in this chapter, refer to the Private VLANs Commands chapter in the FTOS Command Reference.
www.dell.com | support.dell.com Private VLAN Concepts The VLAN types in a private VLAN (PVLAN) include: Community VLAN — A community VLAN is a type of secondary VLAN in a primary VLAN: • • • Ports in a community VLAN can communicate with each other. Ports in a community VLAN can communicate with all promiscuous ports in the primary VLAN. A community VLAN can only contain ports configured as host.
Each of the port types can be any type of physical Ethernet port, including port channels (LAGs). For details on port channels, refer to Port Channel Interfaces on page 373 in Chapter 20, Interfaces. For an introduction to VLANs, refer to Chapter 26, Layer 2. Private VLAN Commands The commands dedicated to supporting the Private VLANs feature are: Table 35-1. Private VLAN Commands Task Command Syntax Command Mode Enable/disable Layer 3 communication between secondary VLANs.
www.dell.com | support.dell.com Private VLAN Configuration Task List The following sections contain the procedures that configure a private VLAN: • • • • Creating PVLAN ports Creating a Primary VLAN Creating a Community VLAN Creating an Isolated VLAN Creating PVLAN ports Private VLAN ports are those that will be assigned to the private VLAN (PVLAN). Step Command Syntax Command Mode Purpose interface interface CONFIGURATION Access the INTERFACE mode for the port that you want to assign to a PVLAN.
Creating a Primary VLAN A primary VLAN is a port-based VLAN that is specifically enabled as a primary VLAN to contain the promiscuous ports and PVLAN trunk ports for the private VLAN. A primary VLAN also contains a mapping to secondary VLANs, which are comprised of community VLANs and isolated VLANs. Step Command Syntax Command Mode Purpose 1 interface vlan vlan-id CONFIGURATION Access the INTERFACE VLAN mode for the VLAN to which you want to assign the PVLAN interfaces.
www.dell.com | support.dell.com Creating a Community VLAN A community VLAN is a secondary VLAN of the primary VLAN in a private VLAN. The ports in a community VLAN can talk to each other and with the promiscuous ports in the primary VLAN. Step Command Syntax Command Mode Purpose 1 interface vlan vlan-id CONFIGURATION Access the INTERFACE VLAN mode for the VLAN that you want to make a community VLAN. 2 no shutdown INTERFACE VLAN Enable the VLAN.
Figure 35-2.
www.dell.com | support.dell.com The result is that: • • • • The ports in community VLAN 4001 can communicate directly with each other and with promiscuous ports. The ports in community VLAN 4002 can communicate directly with each other and with promiscuous ports The ports in isolated VLAN 4003 can only communicate with the promiscuous ports in the primary VLAN 4000.
• show vlan private-vlan mapping: Display the primary-secondary VLAN mapping. Refer to the example output from the S50V, above, in Figure 35-6. Two show commands revised to display PVLAN data are: • show arp • show vlan: Refer to revised output in Figure 35-7. • Figure 35-4. show vlan private-vlan Example Output from C300 c300-1#show vlan private-vlan Primary Secondary Type Active ------- --------- --------- -----4000 Primary Yes 4001 Community Yes 4002 Community Yes 4003 Isolated Yes Figure 35-5.
www.dell.com | support.dell.com Figure 35-8.
36 Per-VLAN Spanning Tree Plus (PVST+) Per-VLAN Spanning Tree Plus (PVST+) is supported on the following platforms: s z Protocol Overview Per-VLAN Spanning Tree Plus (PVST+) is a variation of Spanning Tree—developed by a third party— that allows you to configure a separate Spanning Tree instance for each VLAN. For more information on Spanning Tree, refer to Chapter 46, Spanning Tree Protocol (STP). Figure 36-1.
www.dell.com | support.dell.com FTOS supports three other variations of Spanning Tree, as shown in Table 36-1. Table 36-1. FTOS Supported Spanning Tree Protocols Dell NetworkingTerm IEEE Specification Spanning Tree Protocol (STP) 802.1d Rapid Spanning Tree Protocol (RSTP) 802.1w Multiple Spanning Tree Protocol (MSTP) 802.1s Per-VLAN Spanning Tree Plus (PVST+) Third Party Implementation Information • • • The FTOS implementation of PVST+ is based on IEEE Standard 802.1d.
Enable PVST+ When you enable PVST+, FTOS instantiates STP on each active VLAN. To enable PVST+ globally: Step Task Command Syntax Command Mode 1 Enter PVST context. protocol spanning-tree pvst PROTOCOL PVST 2 Enable PVST+. no disable PROTOCOL PVST Disable PVST+ Task Command Syntax Command Mode Disable PVST+ globally. disable PROTOCOL PVST Disable PVST+ on an interface, or remove a PVST+ parameter configuration.
Load Balancing with PVST+ STI 2 root STI 1: VLAN 100 STI 2: VLAN 200 STI 3: VLAN 300 R2 vlan 100 bridge-priority 4096 2/32 Blocking 3/22 X R3 STI 3 root vlan 100 bridge-priority 4096 3/12 2/12 Forwarding www.dell.com | support.dell.com Figure 36-3. 1/22 X X 1/32 STI 1 root R1 vlan 100 bridge-priority 4096 The bridge with the bridge value for bridge priority is elected root.
Figure 36-4. Display the PVST+ Forwarding Topology FTOS_E600(conf)#do show spanning-tree pvst vlan 100 VLAN 100 Root Identifier has priority 4096, Address 0001.e80d.b6d6 Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 4096, Address 0001.e80d.b6d6 Configured hello time 2, max age 20, forward delay 15 We are the root of VLAN 100 Current root has priority 4096, Address 0001.e80d.
www.dell.com | support.dell.com Task Command Syntax Command Mode Change the max-age parameter. Range: 6 to 40 Default: 20 seconds vlan max-age PROTOCOL PVST The values for global PVST+ parameters are given in the output of the command show spanning-tree pvst, as shown in Figure 36-4. Modify Interface PVST+ Parameters You can adjust two interface parameters to increase or decrease the probability that a port becomes a forwarding port: • • Port cost is a value that is based on the interface type.
Task Command Syntax Command Mode Change the port priority of an interface. Range: 0 to 240, in increments of 16 Default: 128 spanning-tree pvst vlan priority INTERFACE The values for interface PVST+ parameters are given in the output of the command show spanning-tree pvst, as shown in Figure 36-4. Configure an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner.
www.dell.com | support.dell.com FTOS Behavior: Regarding bpduguard shutdown-on-violation behavior: 1If the interface to be shutdown is a port channel then all the member ports are disabled in the hardware. 2When a physical port is added to a port channel already in error disable state, the new member port will also be disabled in the hardware.
Figure 36-5. PVST+ with Extend System ID Dell Force10 System VLAN unaware Hub P1 untagged in VLAN 10 X P2 untagged in VLAN 20 moves to blocking unless Extended System ID is enabled Task Command Syntax Command Mode Augment the Bridge ID with the VLAN ID. extend system-id PROTOCOL PVST FTOS(conf-pvst)#do show spanning-tree pvst vlan 5 brief VLAN 5 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32773, Address 0001.e832.
www.dell.com | support.dell.com Figure 36-6.
Figure 36-7.
www.dell.com | support.dell.
37 Quality of Service (QoS) Quality of Service (QoS) is supported on the following platforms: s z Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 37-1.
www.dell.com | support.dell.com Table 37-1.
Implementation Information Dell Networking’s QoS implementation complies with IEEE 802.1p User Priority Bits for QoS Indication. It also implements these Internet Engineering Task Force (IETF) documents: • • • • RFC 2474, Definition of the Differentiated Services Field (DS Field) in the IPv4 Headers RFC 2475, An Architecture for Differentiated Services RFC 2597, Assured Forwarding PHB Group RFC 2598, An Expedited Forwarding PHB You cannot configure port-based and policy-based QoS on the same interface.
www.dell.com | support.dell.com • • • • Set dot1p Priorities for Incoming Traffic Honor dot1p Priorities on Ingress Traffic Configure Port-based Rate Policing Configure Port-based Rate Shaping Set dot1p Priorities for Incoming Traffic Change the priority of incoming traffic on the interface using the dot1p-priority command from INTERFACE mode, as shown in Figure 37-2. FTOS places traffic marked with a priority in a queue based on Table 37-2.
On the S-Series you can configure service-class dynamic dot1p from CONFIGURATION mode, which applies the configuration to all interfaces. An INTERFACE mode service-class dynamic dot1p entry supersedes any CONFIGURATION entries. For more information, refer to Mapping dot1p values to service queues. Note: You cannot configure service-policy input and service-class dynamic dot1p on the same interface. Figure 37-3.
www.dell.com | support.dell.com Configure Port-based Rate Shaping Configure Port-based Rate Shaping is supported only on the platforms s FTOS Behavior: On the S-Series, rate shaping is effectively rate limiting because of its smaller buffer size. On the S4810, rate shaping on tagged ports is slightly greater than the configured rate and rate shaping on untagged ports is slightly less than the configured rate.
Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to each class. For both class maps, Layer 2 and Layer 3, FTOS matches packets against match criteria in the order that you configure them. Create a Layer 3 class map A Layer 3 class map differentiates ingress packets based on differentiated services code point (DSCP) value or IP precedence, and characteristics defined in an IP ACL.
www.dell.com | support.dell.com 2. After you create a class-map, FTOS places you in CLASS MAP mode. From this mode, specify your match criteria using the match ip command, as shown in Figure 37-7. Match-any class maps allow up to five ACLs, and match-all class-maps allow only one ACL. 3. After you specify your match criteria, link the class-map to a queue using the service-queue command from POLICY MAP mode, as shown in Figure 37-7. Figure 37-7.
In cases such as these, where class-maps with overlapping ACL rules are applied to different queues, use the order keyword to specify the order in which you want to apply ACL rules, as shown in Figure 37-7. The order can range from 0 to 254. FTOS writes to the CAM ACL rules with lower order numbers (order numbers closer to 0) before rules with higher order numbers so that packets are matched as you intended. By default, all ACL rules have an order of 254.
www.dell.com | support.dell.com Input QoS policies regulate Layer 3 and Layer 2 ingress traffic. The regulation mechanisms for input QoS policies are rate policing and setting priority values. There are two types of input QoS policies: Layer 3 and Layer 2. • • Layer 2 QoS input policies allow you to rate police and set a DSCP or dot1p value. Layer 3 QoS input policies allow you to rate police and set a DSCP value. Output QoS policies regulate egress traffic.
Scheduler Strict Policy-based Strict-priority Queueing configuration is done through scheduler strict. It is applied to Qos-policy-output. When scheduler strict is applied to multiple Queues, high queue number takes precedence. Configure policy-based rate shaping Rate shape egress traffic using the rate-shape command from QOS-POLICY-OUT mode. Allocate bandwidth to queue The S-Series schedule packets for egress based on deficit round robin (DRR). This strategy offer a guaranteed data rate.
www.dell.com | support.dell.com 1. Create a Layer 3 input policy map using the policy-map-input command from CONFIGURATION mode. Create a Layer 2 input policy map by specifying the keyword layer2 with the policy-map-input command. 2. After you create an input policy map, do one or more of the following: • • • Apply a class-map and/or input QoS policy to a queue Honor DSCP values on ingress packets Honoring dot1p values on ingress packets 3. Apply the input policy map to an interface.
Table 37-4.
www.dell.com | support.dell.com You can also change the default dot1p to queue mapping using the service-class dot1p-mapping CLI from global CONFIGURATION mode. Mapping dot1p values to service queues Mapping dot1p values to service queues is available only on the platforms: s z On the S-Series, all traffic is by default mapped to the same queue, Queue 0.
• Apply an output policy map to an interface 3. Apply the policy map to an interface. Refer to page 61. Apply an output QoS policy to a queue Apply an output QoS policy to queues using the service-queue command from INTERFACE mode. Specify an aggregate QoS policy Specify an aggregate QoS policy using the policy-aggregate command from POLICY-MAP-OUT mode. Apply an output policy map to an interface Apply an input policy map to an interface using the command service-policy output from INTERFACE mode.
www.dell.com | support.dell.com Strict-priority Queueing You can assign strict-priority to one unicast queue, using the strict-priority command from CONFIGURATION mode. Strict-priority means that FTOS dequeues all packets from the assigned queue before servicing any other queues. Policy-based Per queue rate shaping does not take effect on the queue configured with strict-priority unicast .
You can create a custom WRED profile or use on of the five pre-defined profiles. Table 37-6. Pre-defined WRED Profiles (S4810) Default Profile Minimum Name Threshold Maximum Threshold Maximum Drop Rate wred_drop 0 0 100 wred_teng_y 467 4671 100 wred_teng_g 467 4671 50 wred_fortyg_y 467 4671 50 wred_fortyg_g 467 4671 25 Create WRED Profiles To create a WRED profile: 1. Create a WRED profile using the wred command from CONFIGURATION mode. 2. The wred command places you in WRED mode.
www.dell.com | support.dell.com FTOS assigns a color (also called drop precedence)—red, yellow, or green—to each packet based on it DSCP value before queuing it. DSCP is a 6 bit field. Dell Networking uses the first three bits (LSB) of this field (DP) to determine the drop precedence. DP values of 110 and 100 map to yellow, and all other values map to green. If you do not configure FTOS to honor DSCP values on ingress (Honor DSCP values on ingress packets) see all traffic defaults to green drop precedence.
Pre-calculating Available QoS CAM Space Pre-calculating Available QoS CAM Space is supported on the platforms: s z Before FTOS version 7.3.1 there was no way to measure the number of CAM entries a policy-map would consume (the number of CAM entries that a rule uses is not predictable). Therefore, it was possible to apply to an interface a policy-map that requires more entries than are available.
www.dell.com | support.dell.com • 682 Exception — indicates that the number of CAM entries required to write the policy-map to the CAM is greater than the number of available CAM entries, and therefore the policy-map cannot be applied to an interface in the specified port-pipe. Figure 37-11.
38 Routing Information Protocol (RIP) Routing Information Protocol (RIP) is supported on the following platforms: s z RIP is supported on the S-Series following the release of FTOS version 7.8.1.0. Routing Information Protocol (RIP) is based on a distance-vector algorithm, it tracks distances or hop counts to nearby routers when establishing network connections.
www.dell.com | support.dell.com RIP must receive regular routing updates to maintain a correct routing table. Response messages containing a router’s full routing table are transmitted every 30 seconds. If a router does not send an update within a certain amount of time, the hop count to that route is changed to unreachable (a route hop metric of 16 hops). Another timer sets the amount of time before the unreachable routes are removed from the routing table.
Configuration Task List for RIP • • • • • • • • • Enable RIP globally on page 685 (mandatory) Configure RIP on interfaces on page 686 (optional) Control RIP routing updates on page 687 (optional) Set send and receive version on page 688 (optional) Generate a default route on page 690 (optional) Control route metrics on page 691 (optional) Summarize routes on page 690 (optional) Control route metrics on page 691 Debug RIP on page 691 For a complete listing of all commands related to RIP, refer to the FTOS
www.dell.com | support.dell.com When the RIP process has learned the RIP routes, use the show ip rip database command in the EXEC mode to view those routes (Figure 385). Figure 38-2. show ip rip database Command Example (Partial) FTOS#show ip rip database Total number of routes in RIP database: 978 160.160.0.0/16 [120/1] via 29.10.10.12, 00:00:26, Fa 160.160.0.0/16 auto-summary 2.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 2.0.0.0/8 auto-summary 4.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 4.0.0.
Control RIP routing updates By default, RIP broadcasts routing information out all enabled interfaces, but you can configure RIP to send or to block RIP routing information, either from a specific IP address or a specific interface. To control which devices or interfaces receive routing updates, you must configure a direct update to one router and configure interfaces to block RIP updates from other sources.
www.dell.com | support.dell.com To add routes from other routing instances or protocols, use any of the following commands in the ROUTER RIP mode: Command Syntax Command Mode Purpose redistribute {connected | static} [metric metric-value] [route-map map-name] ROUTER RIP Include directly connected or user-configured (static) routes in RIP. • metric range: 0 to 16 • map-name: name of a configured route map.
Figure 38-3 shows an example of the RIP configuration after the ROUTER RIP mode version command is set to RIPv2. When the ROUTER RIP mode version command is set, the interface (TengigabitEthernet 0/ 0) participating in the RIP process is also set to send and receive RIPv2. Figure 38-3.
www.dell.com | support.dell.com Figure 38-5.
If you must perform routing between discontiguous subnets, disable automatic summarization. With automatic route summarization disabled, subnets are advertised. The command autosummary requires no other configuration commands. To disable automatic route summarization, in the ROUTER RIP mode, enter no autosummary. Note: If the ip split-horizon command is enabled on an interface, then the system does not advertise the summarized address.
www.dell.com | support.dell.com To enable RIP debugging, use the following command in the EXEC privilege mode: Command Syntax Command Mode Purpose debug ip rip [interface | database | events | trigger] EXEC privilege Enable debugging of RIP. Figure 38-6 shows the confirmation when the debug function is enabled. Figure 38-6. debug ip rip Command Example FTOS#debug ip rip RIP protocol debug is ON FTOS# To disable RIP, use the no debug ip rip command.
Configuring RIPv2 on Core 2 Figure 38-8. Configuring RIPv2 on Core 2 Core2(conf-if-te-2/31)# Core2(conf-if-te-2/31)#router rip Core2(conf-router_rip)#ver 2 Core2(conf-router_rip)#network 10.200.10.0 Core2(conf-router_rip)#network 10.300.10.0 Core2(conf-router_rip)#network 10.11.10.0 Core2(conf-router_rip)#network 10.11.20.0 Core2(conf-router_rip)#show config ! router rip network 10.0.0.
www.dell.com | support.dell.com Figure 38-10.
RIP Configuration on Core 3 Figure 38-12. RIP Configuration on Core 3 Core3(conf-if-te-3/21)#router rip Core3(conf-router_rip)#version 2 Core3(conf-router_rip)#network 192.168.1.0 Core3(conf-router_rip)#network 192.168.2.0 Core3(conf-router_rip)#network 10.11.30.0 Core3(conf-router_rip)#network 10.11.20.0 Core3(conf-router_rip)#show config ! router rip network 10.0.0.0 network 192.168.1.0 network 192.168.2.
www.dell.com | support.dell.com Figure 38-14.
RIP Configuration Summary Figure 38-16. Summary of Core 2 RIP Configuration Using Output of show run Command ! interface TengigabitEthernet 2/11 ip address 10.11.10.1/24 no shutdown ! interface TengigabitEthernet 2/31 ip address 10.11.20.2/24 no shutdown ! interface TengigabitEthernet 2/41 ip address 10.200.10.1/24 no shutdown ! interface TengigabitEthernet 2/42 ip address 10.250.10.1/24 no shutdown router rip version 2 10.200.10.0 10.300.10.0 10.11.10.0 10.11.20.0 Figure 38-17.
www.dell.com | support.dell.
39 Remote Monitoring (RMON) Remote Monitoring (RMON) is supported on the following platforms: s z This chapter describes the Remote Monitoring (RMON): • • Implementation Fault Recovery Remote Monitoring (RMON) is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell NetworkingEthernet Interfaces.
www.dell.com | support.dell.com Fault Recovery RMON provides the following fault recovery functions: Interface Down—When an RMON-enabled interface goes down, monitoring continues. However, all data values are registered as 0xFFFFFFFF (32 bits) or ixFFFFFFFFFFFFFFFF (64 bits). When the interface comes back up, RMON monitoring processes resumes. Note: A Network Management System (NMS) should be ready to interpret a down interface and plot the interface performance graph accordingly.
Set rmon alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode.
www.dell.com | support.dell.com Figure 39-1. rmon alarm Command Example FTOS(conf)#rmon alarm 10 1.3.6.1.2.1.2.2.1.20.1 20 delta rising-threshold 15 1 falling-threshold 0 owner nms1 Alarm Number MIB Variable Monitor Interval Counter Value Limit Triggered Event The above example configures RMON alarm number 10. The alarm monitors the MIB variable 1.3.6.1.2.1.2.2.1.20.1 (ifEntry.ifOutErrors) once every 20 seconds until the alarm is disabled, and checks the rise or fall of the variable.
Figure 39-2. rmon event Command Example FTOS(conf)#rmon event 1 log trap eventtrap description “High ifOutErrors” owner nms1 The above configuration example creates RMON event number 1, with the description “High ifOutErrors”, and generates a log entry when the event is triggered by an alarm. The user nms1 owns the row that is created in the event table by this command. This configuration also generates an SNMP trap when the event is triggered using the SNMP community string “eventtrap”.
www.dell.com | support.dell.com Configure RMON collection history To enable the RMON MIB history group of statistics collection on an interface, use the rmon collection history command in interface configuration mode. To remove a specified RMON history group of statistics collection, use the no form of this command.
40 Rapid Spanning Tree Protocol (RSTP) Rapid Spanning Tree Protocol (RSTP) is supported on the following platforms: s z Protocol Overview Rapid Spanning Tree Protocol (RSTP) is a Layer 2 protocol—specified by IEEE 802.1w—that is essentially the same as Spanning-Tree Protocol (STP) but provides faster convergence and interoperability with switches configured with STP and MSTP. FTOS supports three other variations of Spanning Tree, as shown in Table 40-1. Table 40-1.
www.dell.com | support.dell.com • • • • • • • • • Modify Global Parameters Modify Interface Parameters Configure an EdgePort Preventing Network Disruptions with BPDU Guard Influence RSTP Root Selection Enable SNMP traps for RSTP, MSTP, and PVST+ collectively using the command snmp-server enable traps xstp. SNMP Traps for Root Elections and Topology Changes Fast Hellos for Link State Detection Flush MAC Addresses after a Topology Change Important Points to Remember • • • • RSTP is disabled by default.
Figure 40-1.
www.dell.com | support.dell.com Enable Rapid Spanning Tree Protocol Globally Rapid Spanning Tree Protocol must be enabled globally on all participating bridges; it is not enabled by default. To enable Rapid Spanning Tree globally for all Layer 2 interfaces: Step Task Command Syntax Command Mode 1 Enter the PROTOCOL SPANNING TREE RSTP mode. protocol spanning-tree rstp CONFIGURATION 2 Enable Rapid Spanning Tree.
Figure 40-4. Rapid Spanning Tree Enabled Globally root R1 R2 1/3 Forwarding 2/1 1/4 Blocking 2/2 1/1 1/2 3/1 3/2 3/3 2/3 2/4 3/4 R3 Port 684 (GigabitEthernet 4/43) is alternate Discarding Port path cost 20000, Port priority 128, Port Identifier 128.684 Designated root has priority 32768, address 0001.e801.cbb4 Designated bridge has priority 32768, address 0001.e801.cbb4 Designated port id is 128.
www.dell.com | support.dell.com Figure 40-5. show spanning-tree rstp Command Example FTOS#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15, max hops 0 Bridge Identifier has priority 32768, Address 0001.e801.cbb4 Configured hello time 2, max age 20, forward delay 15, max hops 0 We are the root Current root has priority 32768, Address 0001.e801.
Figure 40-6. show spanning-tree rstp brief Command Example R3#show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 0001.e80f.1dad Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ---------- -------- ---- ------- --- ------- -------------------- -------Te 3/1 128.
www.dell.com | support.dell.com Table 40-2 displays the default values for RSTP. Table 40-2.
To change the port cost or priority of an interface, use the following commands: Task Command Syntax Command Mode Change the port cost of an interface. Range: 0 to 65535 Default: Refer to Table 40-2. spanning-tree rstp cost cost INTERFACE Change the port priority of an interface. Range: 0 to 15 Default: 128 spanning-tree rstp priority priority-value INTERFACE View the current values for interface parameters using the show spanning-tree rstp command from EXEC privilege mode. Refer to Figure 40-5.
www.dell.com | support.dell.com FTOS Behavior: Regarding bpduguard shutdown-on-violation behavior: 1If the interface to be shutdown is a port channel then all the member ports are disabled in the hardware. 2When a physical port is added to a port channel already in error disable state, the new member port will also be disabled in the hardware.
Figure 40-8. bridge-priority Command Example FTOS(conf-rstp)#bridge-priority 4096 04:27:59: %RPM0-P:RP2 %SPANMGR-5-STP_ROOT_CHANGE: RSTP root changed. My Bridge ID: 4096:0001.e80b.88bd Old Root: 32768:0001.e801.cbb4 New Root: 4096:0001.e80b.88bd Old root bridge ID New root bridge ID SNMP Traps for Root Elections and Topology Changes Enable SNMP traps for RSTP, MSTP, and PVST+ collectively using the command snmp-server enable traps xstp.
www.dell.com | support.dell.
41 Security Security features are supported on the following platforms: s z This chapter discusses several ways to provide access security to the Dell Networking system. Platform-specific features are identified by the s icons (as shown below).
www.dell.com | support.dell.
Suppress AAA Accounting for null username sessions When AAA Accounting is activated, the FTOS software issues accounting records for all users on the system, including users whose username string, because of protocol translation, is NULL. An example of this is a user who comes in on a line where the AAA Authentication login method-list none command is applied.
www.dell.com | support.dell.com No specific show command exists for TACACS+ accounting. To obtain accounting records displaying information about users currently logged in, perform the following task in Privileged EXEC mode: Command Syntax Command Mode Purpose show accounting EXEC Privileged Step through all active sessions and print all the accounting records for the actively accounted functions. Figure 41-1.
Configure login authentication for terminal lines You can assign up to five authentication methods to a method list. FTOS evaluates the methods in the order in which you enter them in each list. If the first method list does not respond or returns an error, FTOS applies the next method list until the user either passes or fails the authentication. If the user fails a method list, FTOS does not apply the next method list.
www.dell.com | support.dell.com To view the configuration, use the show config command in the LINE mode or the show running-config in the EXEC Privilege mode. Note: Dell Networking recommends that you use the none method only as a backup. This method does not authenticate users. The none and enable methods do not work with SSH. You can create multiple method lists and assign them to different terminal lines.
To get enable authentication from the RADIUS server, and use TACACS as a backup, issue the following commands: FTOS(config)# aaa authentication enable default radius tacacs Radius and TACACS server has to be properly setup for this. FTOS(config)# radius-server host x.x.x.x key FTOS(config)# tacacs-server host x.x.x.
www.dell.com | support.dell.com • • • Privilege level 1—is the default level for the EXEC mode. At this level, you can interact with the router, for example, view some show commands and Telnet and ping to test connectivity, but you cannot configure the router. This level is often called the “user” level. One of the commands available in Privilege level 1 is the enable command, which you can use to enter a specific privilege level. Privilege level 0—contains only the end, enable and disable commands.
To configure a username and password, use the following command in the CONFIGURATION mode: Command Syntax Command Mode Purpose username name [access-class access-list-name] [nopassword | password [encryption-type] password | secret [encryption-type] password] [privilege level] CONFIGURATION Assign a user name and password. Configure the optional and required parameters: • name: Enter a text string up to 63 characters long. • access-class access-list-name: Enter the name of a configured IP ACL.
www.dell.com | support.dell.com Configure custom privilege levels In addition to assigning privilege levels to the user, you can configure the privilege levels of commands so that they are visible in different privilege levels. Within FTOS, commands have certain privilege levels. With the privilege command, the default level can be changed or you can reset their privilege level back to the default.
Step 3 Command Syntax Command Mode Purpose privilege mode {level level command | reset command} CONFIGURATION Configure level and commands for a mode or reset a command’s level. Configure the following required and optional parameters: • mode: Enter a keyword for the modes (exec, configure, interface, line, route-map, router) • level level range: 0 to 15. Levels 0, 1 and 15 are pre-configured. Levels 2 to 14 are available for custom configuration.
www.dell.com | support.dell.com Figure 41-3. User john’s Login and the List of Available Commands apollo% telnet 172.31.1.53 Trying 172.31.1.53... Connected to 172.31.1.53. Escape character is '^]'.
Enable and disabling privilege levels Enter the enable or enable privilege-level command in the EXEC Privilege mode to set a user’s security level. If you do not enter a privilege level, FTOS sets it to 15 by default. To move to a lower privilege level, enter the command disable followed by the level-number you wish to set for the user in the EXEC Privilege mode. If you enter disable without a level-number, your security level is 1.
www.dell.com | support.dell.com Step Task 6 Enter the following commands at the Grub command line prompt. Note: You must type the commands; pasted commands are not accepted. grub> set stconfigignore=true grub> save_env stconfigignore grub> reboot 7 The S6000 system boots up with factory default configuration. The default FTOS> system prompt displays when the system boots. 8 Copy the startup-config into the running-config.
RADIUS exec-authorization stores a user-shell profile and that is applied during user login. You may name the relevant named-lists with either a unique name or the default name. When authorization is enabled by the RADIUS server, the server returns the following information to the client: • • • • Idle time ACL configuration information Auto-command Privilege level After gaining authorization for the first time, you may configure these attributes.
www.dell.com | support.dell.com Set access to privilege levels through RADIUS Through the RADIUS server, you can use the command privilege level to configure a privilege level for the user to enter into when they connect to a session.This value is configured on the client system. Configuration Task List for RADIUS To authenticate users using RADIUS, at least one RADIUS server must be specified so that the system can communicate with and configure RADIUS as one of your authentication methods.
Apply the method list to terminal lines To enable RADIUS AAA login authentication for a method list, you must apply it to a terminal line. To configure a terminal line for RADIUS authentication and authorization, enter the following commands: Command Syntax Command Mode Purpose line {aux 0 | console 0 | vty number [end-number]} CONFIGURATION Enter the LINE mode. login authentication {method-list-name | default} LINE Enable AAA login authentication for the specified RADIUS method list.
www.dell.com | support.dell.com To view the RADIUS configuration, use the show running-config radius command in the EXEC Privilege mode. To delete a RADIUS server host, use the no radius-server host {hostname | ip-address} command. Set global communication parameters for all RADIUS server hosts You can configure global communication parameters (auth-port, key, retransmit, and timeout parameters) and specific host communication parameters on the same system.
Monitor RADIUS To view information on RADIUS transactions, use the following command in the EXEC Privilege mode: Command Syntax Command Mode Purpose debug radius EXEC Privilege View RADIUS transactions to troubleshoot problems. TACACS+ FTOS supports Terminal Access Controller Access Control System (TACACS+ client, including support for login authentication.
www.dell.com | support.dell.com To select TACACS as the login authentication method, use these commands in the following sequence in the CONFIGURATION mode: Step Command Syntax Command Mode Purpose 1 tacacs-server host {ip-address | host} CONFIGURATION Configure a TACACS+ server host. Enter the IP address or host name of the TACACS+ server. Use this command multiple times to configure multiple TACACS+ server hosts. 2 aaa authentication login {method-list-name | default} tacacs+ [...
Figure 41-4.
www.dell.com | support.dell.com Figure 41-5 demonstrates how to configure the access-class from a TACACS+ server. This causes the configured access-class on the VTY line to be ignored. If you have configured a deny10 ACL on the TACACS+ server, FTOS downloads it and applies it. If the user is found to be coming from the 10.0.0.0 subnet, FTOS also immediately closes the Telnet connection. Note, that no matter where the user is coming from, they see the login prompt. Figure 41-5.
To delete a TACACS+ server host, use the no tacacs-server host {hostname | ip-address} command. freebsd2# telnet 2200:2200:2200:2200:2200::2202 Trying 2200:2200:2200:2200:2200::2202... Connected to 2200:2200:2200:2200:2200::2202. Escape character is '^]'. Login: admin Password: FTOS# FTOS# Command Authorization The AAA command authorization feature configures FTOS to send each configuration command to a TACACS server for authorization before it is added to the running configuration.
www.dell.com | support.dell.com SCP is a remote file copy program that works with SSH and is supported by FTOS. Note: The Windows-based WinSCP client software is not supported for secure copying between a PC and an FTOS-based system. Unix-based SCP client software is supported.
To disable SSH server functions, enter no ip ssh server enable. Using SCP with SSH to copy a software image To use Secure Copy (SCP) to copy a software image through an SSH connection from one switch to another, use the following procedure: Step Task Command Syntax Command Mode 1 On Chassis One, set the SSH port number (port 22 by default). ip ssh server port number CONFIGURATION 2 On Chassis One, enable SSH. ip ssh server enable CONFIGURATION 3 On Chassis Two, invoke SCP.
www.dell.com | support.dell.com • • • • show crypto: Display the public part of the SSH host-keys. show ip ssh client-pub-keys: Display the client public keys used in host-based authentication. show ip ssh rsa-authentication: Display the authorized-keys for the RSA authentication. ssh-peer-stack-unit: Open an SSH connection to the peer stack-unit. Secure Shell Authentication Secure Shell (SSH) is disabled by default. Enable it using the command ip ssh server enable.
RSA Authentication of SSH The following procedure authenticates an SSH client based on an RSA key using RSA authentication. This method uses SSH version 2: Step 1 Task Command Syntax Command Mode On the SSH client (Unix machine), generate an RSA key, as shown in Figure 41-9. Figure 41-9. Generating RSA Keys admin@Unix_client#ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/admin/.ssh/id_rsa): /home/admin/.ssh/id_rsa already exists.
www.dell.com | support.dell.com To configure host-based authentication: Step Task Command Syntax 1 Configure RSA Authentication. Refer to RSA Authentication of SSH, above. 2 Create shosts by copying the public RSA key to the to the file shosts in the diretory .ssh, and write the IP address of the host to the file. Figure 41-10. Command Mode cp /etc/ssh/ssh_host_rsa_key.pub /.ssh/shosts Creating shosts admin@Unix_client# cd /etc/ssh admin@Unix_client# ls moduli sshd_config ssh_host_dsa_key.
Figure 41-12. Client-based SSH Authentication FTOS#ssh 10.16.127.201 ? -l User name option -p SSH server port option (default 22) -v SSH protocol version Troubleshooting SSH • You may not bind id_rsa.pub to RSA authentication while logged in via the console. In this case, Message 2 appears. Message 2 RSA Authentication Error %Error: No username set for this term. • Host-based authentication must be enabled on the server (Dell Networking system) and the client (Unix machine).
www.dell.com | support.dell.com VTY Line and Access-Class Configuration Various methods are available to restrict VTY access in FTOS. These depend on which authentication scheme you use — line, local, or remote: Table 41-1. VTY Access Authentication Method Username VTY access-class access-class support? support? Remote authorization support? Line YES NO NO Local NO YES NO TACACS+ YES NO YES (with FTOS 5.2.1.0 and later) RADIUS YES NO YES (with FTOS 6.1.1.
Figure 41-13. Example Access-Class Configuration Using Local Database FTOS(conf)#user gooduser password abc privilege 10 access-class permitall FTOS(conf)#user baduser password abc privilege 10 access-class denyall FTOS(conf)# FTOS(conf)#aaa authentication login localmethod local FTOS(conf)# FTOS(conf)#line vty 0 9 FTOS(config-line-vty)#login authentication localmethod FTOS(config-line-vty)#end Note: Also refer to the section Chapter 6, Access Control Lists (ACLs).
www.dell.com | support.dell.com To apply a MAC ACL on a VTY line, use the same access-class command as IP ACLs (Figure 41-15). Figure 41-15 shows how to deny incoming connections from subnet 10.0.0.0 without displaying a login prompt. 748 Figure 41-15.
42 Service Provider Bridging Service Provider Bridging is supported on the following platforms: s z This chapter contains the following major sections: • • • • • VLAN Stacking VLAN Stacking Packet Drop Precedence Dynamic Mode CoS for VLAN Stacking Layer 2 Protocol Tunneling Provider Backbone Bridging VLAN Stacking VLAN Stacking is supported on platforms: s z VLAN Stacking, also called Q-in-Q, is defined in IEEE 802.1ad—Provider Bridges, which is an amendment to IEEE 802.
VLAN Stacking in a Service Provider Network TPID (0x9100) PCP VID (VLAN 300) DEI PCP TPID (0x8100) CFI (0) VID (VLAN Red) AN 1 00 tagged 100 AN 0 10 VL VL www.dell.com | support.dell.com Figure 42-1.
Create Access and Trunk Ports An access port is a port on the service provider edge that directly connects to the customer. An access port may belong to only one service provider VLAN. A trunk port is a port on a service provider bridge that connects to another service provider bridge and is a member of multiple service provider VLANs. Physical ports and port-channels can be access or trunk ports.
www.dell.com | support.dell.com Display the status and members of a VLAN using the show vlan command from EXEC Privilege mode. Members of a VLAN-Stacking-enabled VLAN are marked with an M in column Q. Figure 42-3.
FTOS Options for Trunk Ports 802.1ad trunk ports may also be tagged members of a VLAN so that it can carry single and double-tagged traffic. You can enable trunk ports to carry untagged, single-tagged, and double-tagged VLAN traffic by making the trunk port a hybrid port. Step Task Command Syntax Command Mode 1 Configure a trunk port to carry untagged, single-tagged, and double-tagged traffic by making it a hybrid port. Note: Note: On the S-Series, a trunk port can be added to an 802.
www.dell.com | support.dell.com Debug VLAN Stacking To debug the internal state and membership of a VLAN and its ports, use the debug member command, as shown in Figure 42-5. The port notations in Figure 42-5 are as follows: • • • • • MT — stacked trunk MU — stacked access port T— 802.1Q trunk port U— 802.1Q access port NU— Native VLAN (untagged) Figure 42-5.
You can configure the first eight bits of the TPID using the command vlan-stack protocol-type. The TPID on the S-Series systems is global. Ingress frames that do not match the system TPID are treated as untagged. This rule applies for both the outer tag TPID of a double-tagged frame and the TPID of a single-tagged frame.
Single and Double-tag First-byte TPID Match on S-Series VLA NB LUE DEFAULT VLAN www.dell.com | support.dell.com Figure 42-7. TPID 0x8181 R2-C-Series w/ FTOS <8.2.1.0 ED TPID: 0x8181 VLAN R PURPLE VLAN GREEN, VLAN EN GRE VLAN UE DEFAULT VLAN N BL R3-C-Series w/ FTOS >=8.2.1.0 VL VLA TPID: 0x8181 AN PU R1-C-Series w/ FTOS <8.2.1.
Table 42-1 details the outcome of matched and mismatched TPIDs in a VLAN-stacking network with the S-Series. Table 42-1. S-Series Behaviors for Mis-matched TPID Network Position Incoming Packet TPID System TPID Match Type Pre-8.2.1.0 8.2.1.
www.dell.com | support.dell.com Enable Drop Eligibility You must enable Drop Eligibility globally before you can honor or mark the DEI value. Task Command Syntax Command Mode Make packets eligible for dropping based on their DEI value. By default, packets are colored green, and DEI is marked 0 on egress. dei enable CONFIGURATION When Drop Eligibility is enabled, DEI mapping or marking takes place according to the defaults. In this case, the CFI is affected according to Table 42-2. Table 42-2.
Task Command Syntax Command Mode FTOS#show interface dei-honor Default Drop precedence: Green Interface CFI/DEI Drop precedence ------------------------------------------------------------Te 0/1 0 Green Te 0/1 1 Yellow Te 8/9 1 Red Te 8/40 0 Yellow Mark Egress Packets with a DEI Value On egress, you can set the DEI value according to a different mapping than ingress (Refer to Honor the Incoming DEI Value).
www.dell.com | support.dell.com Figure 42-9. Statically and Dynamically Assigned dot1p for VLAN Stacking Untagged S-Tag with statically-assigned dot1p S-Tag DATA 0x0800 SA DA DATA 100 1 C-Tag C-Tag 3 0x0800 0x8100 SA DA 3 100 0x8100 C-Tagged 400 0x9100 SA DA 0x9100 SA DA S-Tag 4 400 S-Tag with mapped dot1p When configuring Dynamic Mode CoS, you have two options: a mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p.
FTOS Behavior: For Option A above, when there is a conflict between the queue selected by Dynamic Mode CoS (vlan-stack dot1p-mapping) and a QoS configuration, the queue selected by Dynamic Mode CoS takes precedence. However, rate policing for the queue is determined by QoS configuration.
www.dell.com | support.dell.com To map C-Tag dot1p values to S-Tag dot1p values and mark the frames accordingly: Step Task Command Syntax Command Mode 1 Allocate CAM space to enable queuing frames according to the C-Tag or the S-Tag. vman-qos: mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p. This method requires half as many CAM entries as vman-qos-dual-fp. vman-qos-dual-fp: mark the S-Tag dot1p and queue the frame according to the S-Tag dot1p.
VLAN Stacking without L2PT SPANNI NG TR Figure 42-10. INTE RN E ETWORK EN RE SPAN NIN G T no spanning-tree T ING TREE ANN SP CE PROVIDER w/ I V R SE EE EE TR Building B no spanning-tree X BPDU w/ destination MAC address: 01-80-C2-00-00-00 Building A You might need to transport control traffic transparently through the intermediate network to the other region.
SPANNI NG TR VLAN Stacking with L2PT E RE INTE RN E T no spanning-tree NETWORK SPAN NIN G www.dell.com | support.dell.com Figure 42-11.
Enable Layer 2 Protocol Tunneling Step Task Command Syntax Command Mode 1 Verify that the system is running the default CAM profile; you must use this CAM profile for L2PT. show cam-profile EXEC Privilege 2 Enable protocol tunneling globally on the system. protocol-tunnel enable CONFIGURATION 3 Tunnel BPDUs the VLAN. protocol-tunnel stp INTERFACE VLAN Specify a Destination MAC Address for BPDUs By default, FTOS uses a Dell Networking-unique MAC address for tunneling BPDUs.
www.dell.com | support.dell.com Debug Layer 2 Protocol Tunneling Task Command Syntax Command Mode Display debugging information for L2PT. debug protocol-tunnel EXEC Privilege Provider Backbone Bridging Provider Backbone Bridging is supported only on platforms: s z IEEE 802.1ad—Provider Bridges amends 802.1Q—Virtual Bridged Local Area Networks so that service providers can use 802.
43 sFlow Configuring sFlow is supported on the following platforms: • • • • • • • • s z Enable and Disable sFlow sFlow Show Commands Polling Intervals Polling Intervals Back-off Mechanism Back-off Mechanism sFlow on LAG ports Extended sFlow Overview The Dell Networking operating system (FTOS) supports sFlow version 5. sFlow is a standard-based sampling technology embedded within switches and routers which is used to monitor network traffic.
www.dell.com | support.dell.com Figure 43-1. sFlow Traffic Monitoring System sFlow Collector Switch/Router sFlow Datagrams sFlow Agent Poll Interface Counters Interface Counters Flow Samples Switch ASIC Implementation Information Dell Networking’s sFlow is designed so that the hardware sampling rate is per line card port-pipe and is decided based upon all the ports in that port-pipe.
• • • • • • • • FTOS exports all sFlow packets to the Collector. A small sampling rate can equate to a large number of exported packets. A backoff mechanism automatically is applied to reduce this amount. Some sampled packets may be dropped when the exported packet rate is high and the backoff mechanism is about to or is starting to take effect. The dropEvent counter, in the sFlow packet, is always be zero. In sFlow datagram.
www.dell.com | support.dell.com • Show sFlow on a Line Card Show sFlow Globally To view sFlow statistics, use the following command : Command Syntax Command Mode Purpose show sflow EXEC Display sFlow configuration information and statistics. Figure 43-2 is a sample output from the show sflow command: Figure 43-2.
The configuration, shown in Figure 43-2, also displays in the running configuration (Figure 43-4): Figure 43-4.
www.dell.com | support.dell.com . Command Syntax Command Mode Usage sflow polling-interval interval value CONFIGURATION or INTERFACE Change the global default counter polling interval. interval value—in seconds. Range: 15 to 86400 seconds Default: 20 seconds Back-off Mechanism If you set the sampling rate for an interface is set to a very low value, the CPU can get overloaded with flow samples under high-traffic conditions.
44 Simple Network Management Protocol (SNMP) Simple Network Management Protocol (SNMP) is supported on the following platforms: s z Protocol Overview Network management stations use Simple Network Management Protocol (SNMP) to retrieve or alter management data from network elements. A datum of management information is called a managed object; the value of a managed object can be static or variable. Network elements store managed objects in a database called a Management Information Base (MIB).
www.dell.com | support.dell.com Configure Simple Network Management Protocol Note: The configurations in this chapter use a Unix environment with net-snmp version 5.4. This is only one of many RFC-compliant SNMP utilities you can use to manage your Dell Networkingsystem using SNMP. Also, these configurations use SNMP version 2c. Configuring SNMP requires only a single step: 1. Create a community. Refer to page 774.
To create an SNMP community: Task Command Command Mode Choose a name for the community. snmp-server community name {ro | rw} CONFIGURATION Message 1 SNMP Enabled 22:31:23: %STKUNIT0-M:CP %SNMP-6-SNMP_WARM_START: Agent Initialized - SNMP WARM_START View your SNMP configuration, using the command show running-config snmp from EXEC Privilege mode, as shown in Figure 44-1. Figure 44-1.
www.dell.com | support.dell.com Task Command Read the value of many objects at once, as shown in Figure 44-4. snmpwalk -v version -c community agent-ip {identifier.instance | descriptor.instance} Figure 44-4. Reading the Value of Many Managed Objects at Once > snmpwalk -v 2c -c mycommunity 10.11.131.161 .1.3.6.1.2.1.1 SNMPv2-MIB::sysDescr.0 = STRING: Dell Force10 Networks Real Time Operating System Software Dell Force10 Operating System Version: 1.0 Dell Force10 Application Software Version: E_MAIN4.
To configure system contact and location information from the Dell Networking system: Task Command Command Mode Identify the system manager along with this person’s contact information (e.g E-mail address or phone number). You may use up to 55 characters. Default: None snmp-server contact text CONFIGURATION Identify the physical location of the system. For example, San Jose, 350 Holger Way, 1st floor lab, rack A1-1. You may use up to 55 characters.
www.dell.com | support.dell.com To configure the system to send SNMP notifications: Step Task Command Command Mode 1 Configure the Dell Networking system send notifications to an SNMP server. snmp-server host ip-address CONFIGURATION 2 Specify which traps the Dell Networking system sends to the trap receiver. • Enable all Dell Networking enterpriseSpecific and RFC-defined traps using the command snmp-server enable traps from CONFIGURATION mode.
Table 44-2.
www.dell.com | support.dell.com Table 44-2.
Table 44-3. MIB Objects for Copying Configuration Files via SNMP MIB Object OID Object Values Description copyDestFileType .1.3.6.1.4.1.6027.3.5.1.1.1.5 1 = FTOS file 2 = running-config 3 = startup-config Specifies the type of file to copy to. • If the copySourceFileType is running-config or startup-config, the default copyDestFileLocation is flash. • If the copyDestFileType is a binary the copyDestFileLocation and copyDestFileName must be specified. copyDestFileLocation .1.3.6.1.4.1.6027.3.5.1.
www.dell.com | support.dell.com Step Task Command Syntax Command Mode Note: You can use the entire OID rather than the object name. Use the form: OID.index i object-value, as shown in Figure 44-6. Message 2 snmpset Index Value Error Error in packet. Reason: notWritable (that object does not support modification) Failed object: FORCE10-COPY-CONFIG-MIB::copySrcFileType.101 Table 44-4 shows examples of using the command snmpset to copy a configuration.
Table 44-4. Copying Configuration Files via SNMP (continued) Task Copy the startup-config to the running-config using the following command from a Unix machine: snmpset -c private -v 2c force10system-ip-address copySrcFileType.index i 3 copyDestFileType.index i 2 Figure 44-8. Copying Configuration Files via SNMP using Object-Name Syntax > snmpset -c public -v 2c -m ./f10-copy-config.mib 10.11.131.162 copySrcFileType.7 i 3 copyDestFileType.7 i 2 FORCE10-COPY-CONFIG-MIB::copySrcFileType.
www.dell.com | support.dell.com Table 44-4. Copying Configuration Files via SNMP (continued) Task Figure 44-11. Copying Configuration Files via SNMP and TFTP to a Remote Server .snmpset -v 2c -c private -m ./f10-copy-config.mib 10.10.10.10 copySrcFileType.4 i 3 copyDestFileType.4 i 1 copyDestFileLocation.4 i 3 copyDestFileName.
To obtain a value for any of the MIB Objects in Table 44-5: Step Task 1 Get a copy-config MIB object value. snmpset -v 2c -c public -m ./f10-copy-config.mib force10system-ip-address [OID.index | mib-object.index • index is the index value used in the snmpset command used to complete the copy operation. Note: You can use the entire OID rather than the object name. Use the form: OID.index, as shown in Figure 44-13.
www.dell.com | support.dell.com Figure 44-15. Creating a VLAN using SNMP > snmpset -v2c -c mycommunity 123.45.6.78 .1.3.6.1.2.1.17.7.1.4.3.1.5.10 i 4 SNMPv2-SMI::mib-2.17.7.1.4.3.1.5.10 = INTEGER: 4 Assign a VLAN Alias Write a character string to the dot1qVlanStaticName object to assign a name to a VLAN, as shown in Figure 44-16. Figure 44-16. Assign a VLAN Alias using SNMP [Unix system output] > snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.1.
To display the ports in a VLAN, send an snmpget request for the object dot1qStaticEgressPorts using the interface index as the instance number, as shown for an S-Series in Figure 44-18. Figure 44-18. Display the Ports in a VLAN in SNMP > snmpget -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.2.1107787786 SNMPv2-SMI::mib-2.17.7.1.4.3.1.2.
www.dell.com | support.dell.com The value 40 is in the first set of 7 hex pairs, indicating that these ports are in Stack Unit 0. The hex value 40 is 0100 0000 in binary. As described above, the left-most position in the string represents Port 1. The next position from the left represents Port 2 and has a value of 1, indicating that Port 0/2 is in VLAN 10. The remaining positions are 0, so those ports are not in the VLAN.
Figure 44-21. Adding Tagged Ports to a VLAN using SNMP >snmpset -v2c -c mycommunity 10.11.131.185 .1.3.6.1.2.1.17.7.1.4.3.1.2.1107787786 x "40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" .1.3.6.1.2.1.17.7.1.4.3.1.4.
www.dell.com | support.dell.com Enable and Disable a Port using SNMP Step Task Command Syntax Command Mode 1 Create an SNMP community on the Dell Networking system. snmp-server community CONFIGURATION 2 From the Dell Networking system, identify the interface index of the port for which you want to change the admin status. Or, from the management system, use the snmpwwalk command to identify the interface index.
The value of dot1dTpFdbPort is the port number of the port off which the system learns the MAC address. In this case, of TenGigabitEthernet 1/21, the manager returns the integer 118.
www.dell.com | support.dell.com Figure 44-24. Display the Interface Index Number FTOS#show interface te 1/21 TenGigabitEthernet 1/21 is up, line protocol is up Hardware is Force10Eth, address is 00:01:e8:0d:b7:4e Current address is 00:01:e8:0d:b7:4e Interface index is 72925242 [output omitted] FTOS#show stack-unit all | grep 1 The interface index is a binary number with bits that indicate the slot number, port number, interface type, and card type of the interface.
For interface indexing, slot and port numbering begins with the binary one. If the Dell Networking system begins slot and port numbering from 0, then the binary 1 represents slot and port 0. For example, the index number in Figure 44-26 gives the binary 2 for the slot number, though interface TenGigabitEthernet 1/21 belongs to Slot 1. This is because the port for this example is on an E-Series which begins numbering slots from 0.
www.dell.com | support.dell.
45 Storm Control z Storm Control for Multicast is supported on the following platforms: s Storm Control is supported on the following platforms: s z The storm control feature enables you to control unknown-unicast and broadcast traffic on Layer 2 and Layer 3 physical interfaces. FTOS Behavior: On the S-Series, FTOS supports broadcast control (command storm-control broadcast) for Layer 2 and Layer 3 traffic.
www.dell.com | support.dell.com Configure storm control from CONFIGURATION mode 796 Configure storm control from CONFIGURATION mode using the command storm control. From CONFIGURATION mode you can configure storm control for ingress and egress traffic. Do not apply per-VLAN QoS on an interface that has storm-control enabled (either on an interface or globally).
46 Spanning Tree Protocol (STP) Spanning Tree Protocol (STP) is supported on the following platforms: s z Protocol Overview Spanning Tree Protocol (STP) is a Layer 2 protocol—specified by IEEE 802.1d—that eliminates loops in a bridged topology by enabling only a single path through the network. By eliminating loops, the protocol improves scalability in a large network and enables you to implement redundant paths, which can be activated upon the failure of active paths.
www.dell.com | support.dell.com Related Configuration Tasks • • • • • • • • • Adding an Interface to the Spanning Tree Group Removing an Interface from the Spanning Tree Group Modifying Global Parameters Modifying Interface STP Parameters Enabling PortFast Preventing Network Disruptions with BPDU Guard STP Root Selection SNMP Traps for Root Elections and Topology Changes Enable SNMP traps for RSTP, MSTP, and PVST+ collectively using the command snmp-server enable traps xstp.
Figure 46-1.
www.dell.com | support.dell.com Enabling Spanning Tree Protocol Globally Spanning Tree Protocol must be enabled globally; it is not enabled by default. To enable Spanning Tree globally for all Layer 2 interfaces: Step Task Command Syntax Command Mode 1 Enter the PROTOCOL SPANNING TREE mode. protocol spanning-tree 0 CONFIGURATION 2 Enable Spanning Tree.
Figure 46-4. Spanning Tree Enabled Globally root R1 R2 1/3 Forwarding 2/1 1/4 Blocking 2/2 1/1 1/2 3/1 3/2 3/3 3/4 R3 2/3 2/4 Port 290 (GigabitEthernet 2/4) is Blocking Port path cost 4, Port priority 8, Port Identifier 8.290 Designated root has priority 32768, address 0001.e80d.2462 Designated bridge has priority 32768, address 0001.e80d.2462 Designated port id is 8.
www.dell.com | support.dell.com Confirm that a port is participating in Spanning Tree using the show spanning-tree 0 brief command from EXEC privilege mode. Figure 46-6. show spanning-tree brief Command Example FTOS#show spanning-tree 0 brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e80d.2462 We are the root of the spanning tree Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 0001.e80d.
Modifying Global Parameters You can modify Spanning Tree parameters. The root bridge sets the values for forward-delay, hello-time, and max-age and overwrites the values set on other bridges participating in Spanning Tree. Note: Dell Networking recommends that only experienced network administrators change the Spanning Tree parameters. Poorly planned modification of the Spanning Tree parameters can negatively impact network performance. Table 46-2 displays the default values for Spanning Tree. Table 46-2.
www.dell.com | support.dell.com View the current values for global parameters using the show spanning-tree 0 command from EXEC privilege mode. Refer to Figure 46-5. Modifying Interface STP Parameters You can set the port cost and port priority values of interfaces in Layer 2 mode. • • Port cost is a value that is based on the interface type. The greater the port cost, the less likely the port will be selected to be a forwarding port.
To enable PortFast on an interface: Task Command Syntax Command Mode Enable PortFast on an interface. spanning-tree stp-id portfast [bpduguard | [shutdown-on-violation]] INTERFACE Verify that PortFast is enabled on a port using the show spanning-tree command from the EXEC privilege mode or the show config command from INTERFACE mode; Dell Networking recommends using the show config command, as shown in Figure 46-7. Figure 46-7.
www.dell.com | support.dell.com Note: Note that unless the shutdown-on-violation option is enabled, spanning-tree only drops packets after a BPDU violation; the physical interface remains up, as shown below. FTOS(conf-if-te-0/7)#do show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e805.fb07 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 0001.e85d.
Figure 46-8. Enabling BPDU Guard FTOS(conf-if-gi-3/41)# spanning-tree 0 portfast bpduguard shutdown-on-violation FTOS(conf-if-gi-3/41)#show config ! interface GigabitEthernet 3/41 no ip address switchport spanning-tree 0 portfast bpduguard shutdown-on-violation no shutdown 3/41 Hub Switch with Spanning Tree Enabled FTOS Behavior: BPDU Guard and BPDU filtering (Refer to Removing an Interface from the Spanning Tree Group on page 802) both block BPDUs, but are two separate features.
www.dell.com | support.dell.com View only the root information using the show spanning-tree root command (Refer to Figure 46-9) from EXEC privilege mode. Figure 46-9. FTOS#show spanning-tree 0 root Root ID Priority 32768, Address 0001.e80d.
47 System Time and Date System Time and Date settings and NTP are supported on the following platforms: s z System times and dates can be set and maintained through the Network Time Protocol (NTP). They are also set through FTOS CLIs and hardware settings.
www.dell.com | support.dell.com • • • Clock offset represents the amount to adjust the local clock to bring it into correspondence with the reference clock. Roundtrip delay provides the capability to launch a message to arrive at the reference clock at a specified time. Dispersion represents the maximum error of the local clock relative to the reference clock.
Figure 47-1. NTP Fields Source Port (123) Destination Port (123) Length NTP Packet Payload Checksum Range: +32 to -32 Status Leap Indicator Code: 00: No Warning 01: +1 second 10: -1 second 11: reserved Type Precision Est. Error Est.
www.dell.com | support.dell.com Enable NTP NTP is disabled by default. To enable it, specify an NTP server to which the Dell Networking system will synchronize. Enter the command multiple times to specify multiple servers. You may specify an unlimited number of servers at the expense of CPU resources. Task Command Command Mode Specify the NTP server to which the Dell Networking system will synchronize.
Set the Hardware Clock with the Time Derived from NTP Task Command Command Mode Periodically update the system hardware clock with the time value derived from NTP. ntp update-calendar CONFIGURATION Figure 47-4.
www.dell.com | support.dell.com Configure a source IP address for NTP packets By default, the source address of NTP packets is the IP address of the interface used to reach the network. You can configure one interface’s IP address to be included in all NTP packets.
Step Command Syntax Command Mode Purpose 2 ntp authentication-key number md5 [encryption-type] key CONFIGURATION Set an authentication key. Configure the following parameters: number: Range 1 to 4294967295. This number must be the same as the number in the ntp trusted-key command. key: Enter a text string. This text string is encrypted. Encryption-type: Enter 0 for plain text or7 for encrypted text. 3 ntp trusted-key number CONFIGURATION Define a trusted key.
www.dell.com | support.dell.com Command Syntax Command Mode Purpose ntp server ip-address [key keyid] [prefer] [version number] CONFIGURATION Configure an NTP server. Configure the IP address of a server and the following optional parameters: • key keyid: Configure a text string as the key exchanged between the NTP server and client. • prefer: Enter the keyword to set this NTP server as the preferred server. • version number: Enter a number 1 to 3 as the NTP version.
• • • • • • • • Root Delay (sys.rootdelay, peer.rootdelay, pkt.rootdelay): This is a signed fixed-point number indicating the total roundtrip delay to the primary reference source at the root of the synchronization subnet, in seconds. Note that this variable can take on both positive and negative values, depending on clock precision and skew. Root Dispersion (sys.rootdispersion, peer.rootdispersion, pkt.
www.dell.com | support.dell.com Set the time and date for the switch hardware clock Command Syntax Command Mode Purpose calendar set time month day year EXEC Privilege Set the hardware clock to the current time and date. time: Enter the time in hours:minutes:seconds. For the hour variable, use the 24-hour format, for example, 17:15:00 is 5:15 pm. month: Enter the name of one of the 12 months in English. You can enter the name of a day to change the order of the display to time day month year.
The software clock runs only when the software is up. The clock restarts, based on the hardware clock, when the switch reboots. Command Syntax Command Mode Purpose clock set time month day year EXEC Privilege Set the system software clock to the current time and date. time: Enter the time in hours:minutes:seconds. For the hour variable, use the 24-hour format, for example, 17:15:00 is 5:15 pm. month: Enter the name of one of the 12 months in English.
www.dell.com | support.dell.com 820 Command Syntax Command Mode Purpose FTOS#conf FTOS(conf)#clock timezone Pacific -8 FTOS(conf)#01:40:19: %RPM0-P:CP %CLOCK-6-TIME CHANGE: Timezone configuration changed from "UTC 0 hrs 0 mins" to "Pacific -8 hrs 0 mins" FTOS# Set daylight saving time FTOS supports setting the system to daylight saving time once or on a recurring basis every year.
Set Daylight Saving Time Once Set a date (and time zone) on which to convert the switch to daylight saving time on a one-time basis. Command Syntax clock summer-time time-zone date start-month start-day start-year start-time end-month end-day end-year end-time [offset] Command Mode Purpose CONFIGURATION Set the clock to the appropriate timezone and daylight saving time. time-zone: Enter the three-letter name for the time zone. This name is displayed in the show clock output.
www.dell.com | support.dell.
Command Syntax Command Mode Purpose start-year: Enter a four-digit number as the year. Range: 1993 to 2035 start-time: Enter the time in hours:minutes. For the hour variable, use the 24-hour format, example, 17:15 is 5:15 pm. end-week: If you entered a start-week, Enter the one of the following as the week that daylight saving ends: • week-number: enter a number from 1-4 as the number of the week to end daylight saving time.
www.dell.com | support.dell.
48 Upgrade Procedures Find the upgrade procedures Go to the FTOS Release Notes for your system type to see all the requirements to upgrade to the desired FTOS version. Follow the procedures in the FTOS Release Notes for the software version you wish to upgrade to. Get Help with upgrades Direct any questions or concerns about FTOS Upgrade Procedures to Dell Networking’s Technical Support Center. You can reach Technical Support: • • • On the Web: http://support.dell.
826 | Upgrade Procedures www.dell.com | support.dell.
49 Virtual LANs (VLAN) Virtual LANs (VLAN) are supported on the following platforms: s z This section contains the following subsections: • • • • • Default VLAN Port-Based VLANs VLANs and Port Tagging Configuration Task List for VLANs Enable Null VLAN as the Default VLAN Virtual LANs, or VLANs, are a logical broadcast domain or logical grouping of interfaces in a LAN in which all data received is kept locally and broadcast to all members of the group.
www.dell.com | support.dell.com Table 49-1 displays the defaults for VLANs in FTOS. Table 49-1. VLAN Defaults on FTOS Feature Default Spanning Tree group ID All VLANs are part of Spanning Tree group 0 Mode Layer 2 (no IP address is assigned) Default VLAN ID VLAN 1 Default VLAN When interfaces are configured for Layer 2 mode, they are automatically placed in the Default VLAN as untagged interfaces. Only untagged interfaces can belong to the Default VLAN.
Untagged interfaces must be part of a VLAN. To remove an untagged interface from the Default VLAN, you must create another VLAN and place the interface into that VLAN. Alternatively, enter the no switchport command, and FTOS removes the interface from the Default VLAN. A tagged interface requires an additional step to remove it from Layer 2 mode. Since tagged interfaces can belong to multiple VLANs, you must remove the tagged interface from all VLANs, using the no tagged interface command.
www.dell.com | support.dell.com • Tag Control Information (TCI) includes the VLAN ID (2 bytes total). The VLAN ID can have 4,096 values, but 2 are reserved. Note: The insertion of the tag header into the Ethernet frame increases the size of the frame to more than the 1518 bytes specified in the IEEE 802.3 standard. Some devices that are not compliant with IEEE 802.3 may not support the larger frame size.
Figure 49-3. show vlan Command Example FTOS#show vlan Codes: * - Default VLAN, G - GVRP VLANs * NUM 1 2 3 4 5 6 Status Inactive Active Active Active Active Active Q U U U T U U U Ports So 9/4-11 Gi 0/1,18 Gi 0/2,19 Gi 0/3,20 Po 1 Gi 0/12 So 9/0 FTOS# A VLAN is active only if the VLAN contains interfaces and those interfaces are operationally up. In Figure 49-3, VLAN 1 is inactive because it contains the interfaces that are not active.
www.dell.com | support.dell.com To tag frames leaving an interface in Layer 2 mode, you must assign that interface to a port-based VLAN to tag it with that VLAN ID. To tag interfaces, use these commands in the following sequence: Step Command Syntax Command Mode Purpose 1 interface vlan vlan-id CONFIGURATION Access the INTERFACE VLAN mode of the VLAN to which you want to assign the interface. tagged interface INTERFACE Enable an interface to include the IEEE 802.1Q tag header.
Use the untagged command to move untagged interfaces from the Default VLAN to another VLAN: Step 1 2 Command Syntax Command Mode Purpose interface vlan vlan-id CONFIGURATION Access the INTERFACE VLAN mode of the VLAN to which you want to assign the interface. untagged interface INTERFACE Configure an interface as untagged. This command is available only in VLAN interfaces.
www.dell.com | support.dell.com Assign an IP address to a VLAN VLANs are a Layer 2 feature. For two physical interfaces on different VLANs to communicate, you must assign an IP address to the VLANs to route traffic between the two interfaces. The shutdown command in INTERFACE mode does not affect Layer 2 traffic on the interface; the shutdown command only prevents Layer 3 traffic from traversing over the interface. Note: An IP address cannot be assigned to the Default VLAN, which, by default, is VLAN 1.
Step Task Command Command Mode 2 Configure the interface for hybrid mode. portmode hybrid INTERFACE 3 Configure the interface for switchport mode. switchport INTERFACE 4 Add the interface to a tagged or untagged VLAN. [tagged | untagged] VLAN INTERFACE Note: An existing switchport or port channel interface cannot be configured for Native VLAN. Interfaces must have no other Layer 2 or Layer 3 configurations when entering the command portmode hybrid or a message like Message 1 is displayed.
836 | Virtual LANs (VLAN) www.dell.com | support.dell.
50 Virtual Link Trunking (VLT) Virtual Link Trunking (VLT) is supported on the following platforms: z Overview Virtual link trunking (VLT) allows physical links between two chassis to appear as a single virtual link to the network core. VLT reduces the role of Spanning Tree protocols by allowing LAG terminations on two separate distribution or core switches, and by supporting a loop free topology.
www.dell.com | support.dell.com Figure 50-1. Virtual Link Trunking Out-of-Band Management Network Backup Link S4810 Backup Link S4810 Chassis VLT Domain Chassis Interconnect Trunk Virtual Link Trunk Switch or Server that supports LACP (802.1ad) VLT peer devices have independent management planes. A chassis interconnect trunk between the VLT chassis maintains synchronization of L2/L3 control planes across the two VLT peers. The chassis interconnect trunk uses 10GE or 40GE user ports on the chassis.
Enhanced VLT An enhanced VLT (eVLT) configuration creates a port channel between two VLT domains by allowing two different VLT domains connected by a standard LACP LAG to form a loop-free Layer 2 topology in the aggregation layer. This configuration supports a maximum of four (4) nodes per eVLT domain, increasing the number of available ports and allowing for dual redundancy of the VLT.
www.dell.com | support.dell.com VLT domain - This domain includes both VLT peer devices, the VLT interconnect, and all of the port channels in the VLT connected to the attached devices. It is also associated to the configuration mode that must be used to assign VLT global parameters. VLT peer device - One of a pair of devices that are connected with the special port channel known as the VLT interconnect (VLTi).
• • VLT domain: • A VLT domain supports two chassis members, which appear as a single logical device to network access devices connected to VLT ports through a port channel. • A VLT domain consists of the two core chassis, the interconnect trunk, backup link, and the LAG members connected to attached devices. The domain ID can be from 1 to 1000. • Each VLT domain has a a unique MAC address that is created automatically by VLT or user-configured. • ARP tables are synchronized between the VLT peer nodes.
www.dell.com | support.dell.com • • • • • • MAC addresses for VLANs configured across VLT peer chassis are synchronized over the VLT interconnect on an egress port such as a VLT LAG. MAC addresses are the same on both VLT peer nodes. ARP entries configured across the VLTi are the same on both VLT peer nodes.
• Virtual link trunks (VLTs) between access devices and VLT peer switches: • To connect servers and access switches with VLT peer switches, you use a VLT port channel (refer to Figure 50-1). Up to 48 port-channels are supported; up to 8 member links are supported in each port channel between the VLT domain and an access device. • The ID number of the port channel that connects an access device and a VLT switch is automatically generated by the discovery protocol running between VLT peers.
www.dell.com | support.dell.com • • • • • 844 | Layer 3 VLAN connectivity VLT peers is enabled by configuring a VLAN network interface for the same VLAN on both switches. • IGMP snooping is supported over VLT ports. The multicast forwarding state is synchronized on both VLT peer switches. The IGMP snooping process on a VLT peer shares the learned group information with the other VLT peer over the chassis interconnect trunk.
• the network. In either case, upon recovery of the peer link or reestablishment of message forwarding across the interconnect trunk, the two VLT peers resynchronize any MAC addresses learned while communication was interrupted, and the VLT system continues normal data forwarding. • If the primary chassis is rebooted, the secondary chassis takes on the operational role of the primary. When operation of the original, primary chassis is restored, it takes on the operational role of the secondary chassis.
www.dell.com | support.dell.com When the bandwidth usage drops below the 80% threshold, the system generates another syslog message (Message 2) and an SNMP trap. Message 2 Excessive VLTi Bandwidth Usage Drops Below Threshold Value Error %STKUNIT0-M:CP %VLTMGR-6-VLT-LAG-ICL: Overall Bandwidth utilization of VLT-ICL-LAG (port-channel 25) reaches below threshold.
PIM-Sparse Mode Support on VLT The Designated Router functionality of the PIM Sparse-Mode multicast protocol is supported on VLT peer switches for multicast sources and receivers that are connected to VLT ports. The VLT peer switches can act as a last-hop router for IGMP receivers and as a first-hop router for multicast sources. On each VLAN where the VLT peer nodes act as the first hop or last hop routers, one of the VLT peer nodes will be elected as the PIM Designated Router.
www.dell.com | support.dell.com If the VLT node elected as the designated router fails, traffic loss will occur until another VLT node is elected the designated router. RSTP Configuration The RSTP Spanning Tree protocol is supported in a VLT domain. Before you configure VLT on peer switches, you must configure the Rapid Spanning Tree Protocol (RSTP) in the network if it will be included in your configuration. RSTP is required for initial loop prevention during the VLT startup phase.
Sample RSTP Configuration Using Figure 50-1 as a sample VLT topology, the primary VLT switch will send BPDUs to an access device (switch or server) with its own RSTP bridge ID. BPDUs generated by an RSTP-enabled access device are only processed by the primary VLT switch. The secondary VLT switch tunnels the BPDUs that it receives to the primary VLT switch over the VLT interconnect.
www.dell.com | support.dell.com 5. Connect the peer switches in a VLT domain to an attached access device (switch or server). Configure a VLT interconnect Step 1 Task Command Syntax Command Mode Configure the port channel to be used for the VLT interconnect on a VLT switch and enter interface configuration mode. Enter the same port-channel number configured with the peer-link port-channel command.
Use the delay-restore command at any time to set an amount of time, in seconds, to delay the system from restoring the VLT port. Refer to VLT Port Delayed Restoration for more information. Configure a VLT port delay period Step Task Command Syntax Command Mode 1 Enter VLT-domain configuration mode for a specified VLT domain. Range of domain IDs: 1 to 1000.
www.dell.com | support.dell.com (Optional) Reconfigure default VLT settings Step 4 Task Command Syntax Command Mode (Optional) When you create a VLT domain on a switch, the FTOS software automatically assigns a unique unit ID (0 or 1) to each peer switch. The unit IDs are used for internal system operations. Use the unit-id command to explicitly configure the default values on each peer switch. You must configure a different unit ID (0 or 1) on each peer switch.
Use the peer-down-vlan parameter to configure the VLAN where a VLT peer will forward received packets over the VLTi from an adjacent VLT peer that is down. When a VLT peer with BMP reboots, untagged DHCP discover packets are sent to the peer over the VLTi. Using this configuration ensures the DHCP discover packets are forwarded to the VLAN that has the DHCP server.
www.dell.com | support.dell.com (Optional) Configure Enhanced VLT (eVLT) Step Task Command Syntax Command Mode 5 Configure the IP address of the management interface on the remote VLT peer to be used as the endpoint of the VLT backup link for sending out-of-band hello messages. You can optionally specify the time interval used to send hello messages. Range: 1 to 5 seconds.
(Optional) Configure Enhanced VLT (eVLT) Step 11 Task Command Syntax Command Mode Ensure that the port channel is active. no shutdown INTERFACE PORT-CHANNEL interface range CONFIGURATION Add links to the eVLT port. 12 Configure a range of interfaces to bulk configure. {port-channel id} 13 Enable LACP on the LAN port. port-channel-protocol lacp INTERFACE 14 Configure the LACP port channel mode. port-channel number mode [active] INTERFACE 15 Ensure that the interface is active.
www.dell.com | support.dell.com Task Command Syntax Command Mode 5. show interfaces interface EXEC EXEC Privilege Configure the peer 1 management ip/ interface ip for which connectivity is present in VLT peer 1. Configure the VLT links between VLT peer 1 and VLT peer 2 to the top of rack unit. 6. Configure the static LAG/LACP between ports connected from VLT peer 1 and VLT peer 2 to the top of rack unit. show running-config entity EXEC Privilege 7.
1. Configure the peer 2 management ip/ interface ip for which connectivity is present in VLT peer 1. 2. Configure the peer 1 management ip/ interface ip for which connectivity is present in VLT peer 2. s4810-2#show running-config vlt ! vlt domain 5 peer-link port-channel 1 back-up destination 10.11.206.58 s4810-2# s4810-2#show interfaces managementethernet 0/0 Internet address is 10.11.206.43/16 s4810-4#show running-config vlt ! vlt domain 5 peer-link port-channel 1 back-up destination 10.11.206.
www.dell.com | support.dell.
FTOS(conf)#show vlt brief VLT Domain Brief -----------------Domain ID: Role: Role Priority: ICL Link Status: HeartBeat Status: VLT Peer Status: Version: Local System MAC address: Remote System MAC address: Remote system version: Delay-Restore timer: 10 Primary 32768 Up Not Established Up 5(1) 00:01:e8:8b:14:3c 00:01:e8:8b:15:20 5 (1) 90 seconds FTOS#FTOS(conf-if-vl-100)#show vlt detail Local LAG Id Peer LAG Id Local Status Peer Status ------------ ----------- ------------ -----------10 10 UP UP Active VL
www.dell.com | support.dell.com eVLT Configuration Example The following example demonstrates the steps to configure enhanced VLT (eVLT) in a network. In this example there are two domains being configured. Domain 1 consists of Peer 1 and Peer 2; Domain 2 consists of Peer 3 and Peer 4 as shown below. In Domain 1, configure Peer 1 first, then configure Peer 2. When that is complete, perform the same steps for the peer nodes in Domain 2. The interface used in this example is TenGigabitEthernet.
Domain_1_Peer1(conf-if-range-te-0/16-17)#port-channel 100 mode active Domain_1_Peer1(conf-if-range-te-0/16-17)#no shutdown Next, configure the VLT domain and VLTi on Peer 2: Domain_1_Peer2#configure Domain_1_Peer2(conf)#interface port-channel 1 Domain_1_Peer2(conf-if-po-1)#channel-member TenGigabitEthernet 0/8-9 Domain_1_Peer2#no shutdown Domain_1_Peer2(conf)#vlt domain 1000 Domain_1_Peer2(conf-vlt-domain)#peer-link port-channel 1 Domain_1_Peer2(conf-vlt-domain)#back-up destination 10.16.130.
www.dell.com | support.dell.com Domain_2_Peer4(conf)#vlt domain 1000 Domain_2_Peer4(conf-vlt-domain)#peer-link port-channel 1 Domain_2_Peer4(conf-vlt-domain)#back-up destination 10.18.130.
VLT_Peer2(conf)#end Verifying a VLT Configuration To monitor the operation or verify the configuration of a VLT domain, enter any of the following show commands on the primary and secondary VLT switches: Show Command Syntax Description show vlt backup-link Command Mode: EXEC Displays information on backup link operation (refer to Figure 50-4). show vlt brief Command Mode: EXEC Displays general status information about VLT domains currently configured on the switch (refer to Figure 50-5).
www.dell.com | support.dell.com FTOS#VLTpeer2#show vlt backup-link VLT Backup Link ----------------Destination: Peer HeartBeat status: HeartBeat Timer Interval: HeartBeat Timeout: UDP Port: HeartBeat Messages Sent: HeartBeat Messages Received: 10.11.200.20 Up 1 3 34998 1030 1014 Figure 50-5.
Figure 50-8. show running-config vlt Command Output on VLT peer switches FTOS#VLTpeer1#show running-config vlt ! vlt domain 30 peer-link port-channel 60 back-up destination 10.11.200.18 FTOS#VLTpeer2#show running-config vlt ! vlt domain 30 peer-link port-channel 60 back-up destination 10.11.200.20 Figure 50-9.
www.dell.com | support.dell.com Figure 50-10. Configuring Virtual Link Trunking (VLT Peer 1) FTOS_VLTpeer1(conf)#vlt domain 999 FTOS_VLTpeer1(conf-vlt-domain)#peer-link port-channel 100 FTOS_VLTpeer1(conf-vlt-domain)#back-up destination 10.11.206.35 FTOS_VLTpeer1(conf-vlt-domain)#exit Enable VLT FTOS_VLTpeer1(conf)#interface ManagementEthernet 0/0 FTOS_VLTpeer1(conf-if-ma-0/0)#ip address 10.11.206.
Figure 50-11. Configuring Virtual Link Trunking (VLT Peer 2) FTOS_VLTpeer2(conf)#vlt domain 999 FTOS_VLTpeer2(conf-vlt-domain)#peer-link port-channel 100 FTOS_VLTpeer2(conf-vlt-domain)#back-up destination 10.11.206.23 FTOS_VLTpeer2(conf-vlt-domain)#exit Enable VLT FTOS_VLTpeer2(conf)#interface ManagementEthernet 0/0 FTOS_VLTpeer2(conf-if-ma-0/0)#ip address 10.11.206.
www.dell.com | support.dell.com 868 Troubleshooting VLT Use the following information to help troubleshoot different VLT issues that may occur. Note: For information on VLT failure mode timing and its impact, contact your Dell Networking representative. | Behavior During Run Time Description Behavior at Peer Up Bandwidth monitoring A syslog error message and an SNMP trap is generated when the VLTi bandwidth usage goes above the 80% threshold and when it drops below 80%.
Behavior During Run Time Description Behavior at Peer Up Unit ID mismatch The VLT peer does not boot up. The VLTi is forced to a down state. The VLT domain will not be formed. The VLTi will be in a down state. A syslog error message is generated. Version ID mismatch A syslog error message and A syslog error message and an SNMP trap are generated. an SNMP trap are generated. VLT LAG ID is not configured on one VLT peer A syslog error message is generated.
www.dell.com | support.dell.
51 Virtual Router Redundancy Protocol (VRRP) Virtual Router Redundancy Protocol (VRRP) is supported on the following platforms: s . z This chapter covers the following information: • • • • • VRRP Overview VRRP Benefits VRRP Implementation VRRP Configuration Sample Configurations VRRP Overview Virtual Router Redundancy Protocol (VRRP) is designed to eliminate a single point of failure in a statically routed network.
www.dell.com | support.dell.com Figure 51-1 shows a typical network configuration using VRRP. Instead of configuring the hosts on the network 10.10.10.0 with the IP address of either Router A or Router B as their default router; their default router is the IP Address configured on the virtual router. When any host on the LAN segment wants to access the Internet, it sends packets to the IP address of the virtual router. In Figure 51-1 below, Router A is configured as the MASTER router.
For more detailed information on VRRP, refer to RFC 2338, Virtual Router Redundancy Protocol. VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End-station connections to the network are redundant and they are not dependent on IGP protocols to converge or update routing tables. VRRP Implementation S-Series supports a total of 120 VRRP groups on a switch with FTOS or a total of 20 VRRP groups when using SFTOS.
www.dell.com | support.dell.com Table 51-1. Recommended VRRP Advertise Intervals Recommended Advertise Interval Total VRRP Groups S-Series Groups/Interface Z-Serie S-Serie Z-Serie s s s Between 1000 and 1200 7 seconds 7 seconds 100 100 Between 1200 and 1500 8 seconds 8 seconds 120 120 Note: The 1500 VRRP groups are supported in FTOS Release 6.3.1.0 and later.
Create a Virtual Router To enable VRRP, you must create a Virtual Router. In FTOS, a VRRP Group is identified by the Virtual Router Identifier (VRID). To enable a Virtual Router, use the following command in the INTERFACE mode. To delete a VRRP group, use the no vrrp-group vrid command in the INTERFACE mode. Task Command Syntax Command Mode Create a virtual router for that interface with a VRID.
www.dell.com | support.dell.com The following rules apply to virtual IP addresses: • The virtual IP addresses must be in the same subnet as the primary or secondary IP addresses configured on the interface. Though a single VRRP group can contain virtual IP addresses belonging to multiple IP subnets configured on the interface, Dell Networking recommends you configure virtual IP addresses belonging to the same IP subnet for any one VRRP group.
Figure 51-5. Command Example Display: show config for the Interface FTOS(conf-if-te-1/1)#show conf ! interface TengigabitEthernet 1/1 ip address 10.10.10.1/24 ! vrrp-group 111 priority 255 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.3 ! vrrp-group 222 no shutdown FTOS(conf-if-te-1/1)# Note that the Primary IP address and the Virtual IP addresses are on the same subnet Figure 51-6 shows the same VRRP group configured on multiple interfaces on different subnets.
www.dell.com | support.dell.com Set VRRP Group (Virtual Router) Priority Setting a Virtual Router priority to 255 ensures that router is the “owner” virtual router for the VRRP group. VRRP elects the MASTER router by choosing the router with the highest priority. THe default priority for a Virtual Router is 100. The higher the number, the higher the priority. If the MASTER router fails, VRRP begins the election process to choose a new MASTER router based on the next-highest priority.
Configure VRRP Authentication Simple authentication of VRRP packets ensures that only trusted routers participate in VRRP processes. When authentication is enabled, FTOS includes the password in its VRRP transmission, and the receiving router uses that password to verify the transmission. Note: All virtual routers in the VRRP group must be configured the same: authentication must be enabled with the same password or authentication is disabled.
www.dell.com | support.dell.com Prevent the BACKUP router with the higher priority from becoming the MASTER router by disabling preempt. Note: All virtual routers in the VRRP group must be configured the same: all configured with preempt enabled or configured with preempt disabled. Since preempt is enabled by default, disable the preempt function with the following command in the VRRP mode. Re-enable preempt by entering the preempt command.
Change that advertisement interval with the following command in the VRRP mode: Task Command Syntax Command Mode Change the advertisement interval setting. advertise-interval seconds Range: 1-255 seconds Default: 1 second INTERFACE-VRID Figure 51-13. Command Example: advertise-interval FTOS(conf-if-te-1/1)#vrrp-group 111 FTOS(conf-if-te-1/1-vrid-111)#advertise-interval 10 FTOS(conf-if-te-1/1-vrid-111)# Figure 51-14.
www.dell.com | support.dell.com The sum of all the costs for all tracked interfaces must be less than or equal to the configured priority of the VRRP group. Figure 51-15. Command Example: track FTOS(conf-if-te-1/1)#vrrp-group 111 FTOS(conf-if-te-1/1-vrid-111)#track Tengigabitethernet 1/2 FTOS(conf-if-te-1/1-vrid-111)# Figure 51-16.
Task Command Syntax Command Mode Set the delay time for VRRP initialization on an individual interface. This is the gap between an interface coming up and being operational, and VRRP enabling. vrrp delay minimum seconds Seconds range: 0-900 Default: 0 INTERFACE Set the delay time for VRRP initialization on all the interfaces in the system configured for VRRP. This is the gap between system boot up completion and VRRP enabling.
www.dell.com | support.dell.com Figure 51-17. Configure VRRP Router 2 R2(conf)#int te 2/31 R2(conf-if-te-2/31)#ip address 10.1.1.3/24 R2(conf-if-te-2/31)#no shut R2(conf-if-te-2/31)#vrrp-group 99 R2(conf-if-te-2/31-vrid-99)#virtual 10.1.1.3 R2(conf-if-te-2/31-vrid-99)#no shut R2(conf-if-te-2/31)#show conf ! interface TengigabitEthernet 2/31 ip address 10.1.1.1/24 ! vrrp-group 99 virtual-address 10.1.1.
Figure 51-18. VRRP Topography Illustration State Master: R2 was the first interface configured with VRRP Virtual MAC is automatically assigned and is the same on both Routers State Backup: R3 was the second interface configured with VRRP R2#show vrrp -----------------GigabitEthernet 2/31, VRID: 99, Net: 10.1.1.3 10.1.1.1 State: Master, Priority: 100, Master: 10.1.1.3 10.1.1.
www.dell.com | support.dell.
A Standards Compliance This appendix contains the following sections: • • • IEEE Compliance RFC and I-D Compliance MIB Location Note: Unless noted, when a standard cited here is listed as supported by FTOS, FTOS also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website. Click on “Browse and search IETF documents”, enter an RFC number, and inspect the top of the resulting document for obsolescence citations to related RFCs.
www.dell.com | support.dell.com • • • Force10 — PVST+ SFF-8431 — SFP+ Direct Attach Cable (10GSFP+Cu) MTU — 9,252 bytes RFC and I-D Compliance The following standards are supported by FTOS, and are grouped by related protocol. The columns showing support by platform indicate which version of FTOS first supports the standard. General Internet Protocols RFC# Full Name FTOS support in S-Series 768 User Datagram Protocol 7.6.1 793 Transmission Control Protocol 7.6.
General IPv4 Protocols 792 Internet Control Message Protocol 7.6.1 826 An Ethernet Address Resolution Protocol 7.6.1 1027 Using ARP to Implement Transparent Subnet Gateways 7.6.1 1035 DOMAIN NAMES - IMPLEMENTATION AND SPECIFICATION (client) 7.6.1 1042 A Standard for the Transmission of IP Datagrams over IEEE 802 Networks 7.6.1 1191 Path MTU Discovery 7.6.1 1305 Network Time Protocol (Version 3) Specification, Implementation and Analysis 7.6.
www.dell.com | support.dell.com General IPv6 Protocols 3587 IPv6 Global Unicast Address Format 7.8.1 4291 Internet Protocol Version 6 (IPv6) Addressing Architecture 7.8.1 Border Gateway Protocol (BGP) RFC# Full Name FTOS support in S-Series 1997 BGP Communities Attribute 7.8.1 2385 Protection of BGP Sessions via the TCP MD5 Signature Option 7.8.1 2439 BGP Route Flap Damping 7.8.
Open Shortest Path First (OSPF) 2370 The OSPF Opaque LSA Option 7.6.1 2740 OSPF for IPv6 3623 Graceful OSPF Restart 7.8.1 4222 Prioritized Treatment of Specific OSPF Version 2 Packets and Congestion Avoidance 7.6.
www.dell.com | support.dell.com Routing Information Protocol (RIP) FTOS support, per platform RFC# Full Name S-Series 1058 Routing Information Protocol 7.8.1 2453 RIP Version 2 7.8.
Multicast RFC# Full Name FTOS support in S-Series 1112 Host Extensions for IP Multicasting 7.8.1 2236 Internet Group Management Protocol, Version 7.8.1 2 2710 Multicast Listener Discovery (MLD) for IPv6 3376 Internet Group Management Protocol, Version 7.8.
www.dell.com | support.dell.com Network Management (continued) 894 | FTOS support in S-Series RFC# Full Name 1724 RIP Version 2 MIB Extension 1850 OSPF Version 2 Management Information Base 7.6.1 1901 Introduction to Community-based SNMPv2 7.6.1 2011 SNMPv2 Management Information Base for the Internet Protocol using SMIv2 7.6.1 2012 SNMPv2 Management Information Base for the Transmission Control Protocol using SMIv2 7.6.
Network Management (continued) FTOS support in S-Series RFC# Full Name 2618 RADIUS Authentication Client MIB, except the following four counters: radiusAuthClientInvalidServerAddresses radiusAuthClientMalformedAccessResponses radiusAuthClientUnknownTypes radiusAuthClientPacketsDropped 7.6.1 2665 Definitions of Managed Objects for the Ethernet-like Interface Types 7.6.1 2674 Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering and Virtual LAN Extensions 7.6.
www.dell.com | support.dell.com Network Management (continued) RFC# Full Name ANSI/TIA-1057 The LLDP Management Information Base extension module for TIA-TR41.4 Media Endpoint Discovery information 7.7.1 draft-grant-tacac The TACACS+ Protocol s-02 7.6.1 draft-ietf-idr-bg Definitions of Managed Objects for the Fourth 7.8.
Network Management (continued) RFC# Full Name FTOS support in S-Series FORCE10-IF-E Dell NetworkingEnterprise IF Extension MIB 7.6.1 XTENSION-MI (extends the Interfaces portion of the MIB-2 B (RFC 1213) by providing proprietary SNMP OIDs for other counters displayed in the "show interfaces" output) FORCE10-LIN KAGG-MIB Dell Networking Enterprise Link Aggregation MIB FORCE10-COP Dell Networking File Copy MIB (supporting Y-CONFIG-MI SNMP SET operation) B 7.6.1 7.7.
898 | Standards Compliance www.dell.com | support.dell.
