Dell Networking OS Configuration Guide for the Z9100–ON System 9.8(1.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2015 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents 1 About this Guide................................................................................................. 33 Audience..............................................................................................................................................33 Conventions........................................................................................................................................ 33 Related Documents...............................................................
Upgrading Dell Networking OS.......................................................................................................... 54 Using HTTP for File Transfers............................................................................................................. 54 Using Hashes to Verify Software Images Before Installation............................................................ 55 4 Management.................................................................................................
Configuring Login Authentication for Terminal Lines..................................................................75 Setting Timeout for EXEC Privilege Mode..........................................................................................76 Using Telnet to get to Another Network Device................................................................................77 Lock CONFIGURATION Mode............................................................................................................
Configuring Match Routes.......................................................................................................... 107 Configuring Set Conditions........................................................................................................ 108 Configure a Route Map for Route Redistribution...................................................................... 109 Configure a Route Map for Route Tagging................................................................................
Configure BFD for OSPF............................................................................................................. 145 Configure BFD for OSPFv3......................................................................................................... 148 Configure BFD for IS-IS...............................................................................................................149 Configure BFD for BGP...................................................................................
Filtering on an AS-Path Attribute................................................................................................ 196 Regular Expressions as Filters..................................................................................................... 198 Redistributing Routes.................................................................................................................. 199 Enabling Additional Paths.............................................................................
Syslog Warning for Discrepancies Between Configured Extended Prefixes............................ 234 Unified Forwarding Table (UFT) Modes........................................................................................... 234 Configuring UFT Modes..............................................................................................................235 11 Control Plane Policing (CoPP)..................................................................... 236 Configure Control Plane Policing....
Applying DCB Policies in a Switch Stack..........................................................................................262 Configure a DCBx Operation........................................................................................................... 262 DCBx Operation.......................................................................................................................... 263 DCBx Port Roles.....................................................................................
DHCP MAC Source Address Validation......................................................................................304 Enabling IP+MAC Source Address Validation............................................................................304 Viewing the Number of SAV Dropped Packets..........................................................................305 Clearing the Number of SAV Dropped Packets.........................................................................
Booting Process When Optimized Boot Time Mechanism is Enabled.....................................329 Guidelines for Configuring Optimized Booting Mechanism.....................................................329 Interoperation of Applications with Fast Boot and System States..................................................330 LACP and IPv4 Routing...............................................................................................................330 LACP and IPv6 Routing.........................
19 Internet Group Management Protocol (IGMP)......................................... 352 IGMP Implementation Information.................................................................................................. 352 IGMP Protocol Overview.................................................................................................................. 352 IGMP Version 2............................................................................................................................
Configuration Task List for Physical Interfaces.......................................................................... 377 Overview of Layer Modes............................................................................................................377 Configuring Layer 2 (Data Link) Mode........................................................................................378 Configuring Layer 2 (Interface) Mode.......................................................................................
Important Points to Remember................................................................................................. 400 Enabling Link Dampening.......................................................................................................... 400 Link Bundle Monitoring.....................................................................................................................401 Using Ethernet Pause Frames for Flow Control.............................................................
Enabling ICMP Unreachable Messages............................................................................................425 UDP Helper....................................................................................................................................... 426 Configure UDP Helper................................................................................................................426 Important Points to Remember....................................................................
Configuring IPv6 RA Guard.............................................................................................................. 448 23 Intermediate System to Intermediate System.......................................... 451 IS-IS Protocol Overview....................................................................................................................451 IS-IS Addressing........................................................................................................................
Configure a LAG on ALPHA........................................................................................................ 485 25 Layer 2.............................................................................................................. 493 Manage the MAC Address Table...................................................................................................... 493 Clearing the MAC Address Table........................................................................................
Advertising TLVs................................................................................................................................ 518 Viewing the LLDP Configuration...................................................................................................... 519 Viewing Information Advertised by Adjacent LLDP Agents............................................................ 520 Configuring LLDPDU Intervals...............................................................................
Reducing Source-Active Message Flooding.............................................................................. 553 Specifying the RP Address Used in SA Messages.......................................................................553 MSDP Sample Configurations.......................................................................................................... 556 29 Multiple Spanning Tree Protocol (MSTP).................................................. 559 Protocol Overview...................
Displaying Tracked Objects..............................................................................................................593 32 Open Shortest Path First (OSPFv2 and OSPFv3).......................................595 Protocol Overview............................................................................................................................ 595 Autonomous System (AS) Areas.................................................................................................
Sample Configuration.......................................................................................................................645 34 PIM Sparse-Mode (PIM-SM)......................................................................... 647 Implementation Information............................................................................................................ 647 Protocol Overview...........................................................................................................
37 Per-VLAN Spanning Tree Plus (PVST+)...................................................... 674 Protocol Overview............................................................................................................................ 674 Implementation Information............................................................................................................ 675 Configure Per-VLAN Spanning Tree Plus........................................................................................
Configuring Weights and ECN for WRED ........................................................................................710 Global Service Pools With WRED and ECN Settings...................................................................711 Configuring WRED and ECN Attributes............................................................................................712 Guidelines for Configuring ECN for Classifying and Color-Marking Packets.................................
Configuring an EdgePort..................................................................................................................744 Configuring Fast Hellos for Link State Detection............................................................................ 745 42 Software-Defined Networking (SDN).........................................................747 43 Security............................................................................................................ 748 AAA Accounting......
44 Service Provider Bridging.............................................................................789 VLAN Stacking...................................................................................................................................789 Important Points to Remember................................................................................................. 790 Configure VLAN Stacking......................................................................................................
46 Simple Network Management Protocol (SNMP)......................................814 Protocol Overview............................................................................................................................ 814 Implementation Information............................................................................................................ 814 SNMPv3 Compliance With FIPS........................................................................................................
47 Storm Control.................................................................................................839 Configure Storm Control................................................................................................................. 839 Configuring Storm Control from INTERFACE Mode.................................................................839 Configuring Storm Control from CONFIGURATION Mode......................................................839 48 Spanning Tree Protocol (STP).
Setting Daylight Saving Time Once........................................................................................... 864 Setting Recurring Daylight Saving Time.....................................................................................865 50 Tunneling........................................................................................................ 867 Configuring a Tunnel..................................................................................................................
Configuration Notes................................................................................................................... 892 Primary and Secondary VLT Peers............................................................................................. 896 RSTP and VLT..............................................................................................................................896 VLT Bandwidth Monitoring..............................................................................
Functional Overview of VXLAN Gateway......................................................................................... 941 VXLAN Frame Format........................................................................................................................941 Components of VXLAN Frame Format...................................................................................... 942 Configuring and Controlling VXLAN from the NVP Controller GUI...............................................
Offline Diagnostics............................................................................................................................997 Important Points to Remember..................................................................................................997 Running Offline Diagnostics.......................................................................................................997 Trace Logs...........................................................................................
About this Guide 1 This guide describes the protocols and features the Dell Networking Operating System (OS) supports and provides configuration instructions and examples for implementing them. For complete information about all the CLI commands, refer to the Dell Networking OS Command Line Reference Guide. The Z9100–ON platform is available with Dell Networking OS version 9.8 (1.0) and beyond. Though this guide contains information on protocols, it is not intended to be a complete reference.
2 Configuration Fundamentals The Dell Networking Operating System (OS) command line interface (CLI) is a text-based interface you can use to configure interfaces and protocols. The CLI is largely the same for each platform except for some commands and command outputs. The CLI is structured in modes for security and management purposes. Different sets of commands are available in each mode, and you can limit user access to modes using privilege levels.
• • EXEC Privilege mode has commands to view configurations, clear counters, manage configuration files, run diagnostics, and enable or disable debug operations. The privilege level is 15, which is unrestricted. You can configure a password for this mode; refer to the Configure the Enable Password section in the Getting Started chapter.
MONITOR SESSION MULTIPLE SPANNING TREE OPENFLOW INSTANCE PVST PORT-CHANNEL FAILOVER-GROUP PREFIX-LIST PRIORITY-GROUP PROTOCOL GVRP QOS POLICY RSTP ROUTE-MAP ROUTER BGP BGP ADDRESS-FAMILY ROUTER ISIS ISIS ADDRESS-FAMILY ROUTER OSPF ROUTER OSPFV3 ROUTER RIP SPANNING TREE TRACE-LIST VLT DOMAIN VRRP UPLINK STATE GROUP GRUB Navigating CLI Modes The Dell Networking OS prompt changes to indicate the CLI mode.
CLI Command Mode Prompt Access Command AS-PATH ACL Dell(config-as-path)# ip as-path access-list 10 Gigabit Ethernet Interface Dell(conf-if-te-1/1/1)# interface (INTERFACE modes) 40 Gigabit Ethernet Interface Dell(conf-if-fo-1/1/1)# interface (INTERFACE modes) 25 Gigabit Ethernet Interface Dell(conf-if-tf-1/1/1)# interface(INTERFACE modes) 50 Gigabit Ethernet Interface Dell(conf-if-fi-1/1/1)# interface(INTERFACE modes) 100 Gigabit Ethernet Interface Dell(conf-if-hu-1/1)# interface(INTERFA
CLI Command Mode Prompt Access Command ROUTE-MAP Dell(config-route-map)# route-map ROUTER BGP Dell(conf-router_bgp)# router bgp BGP ADDRESS-FAMILY Dell(conf-router_bgp_af)# address-family {ipv4 multicast | ipv6 unicast} (for IPv4) (ROUTER BGP Mode) Dell(confrouterZ_bgpv6_af)# (for IPv6) ROUTER ISIS Dell(conf-router_isis)# router isis ISIS ADDRESS-FAMILY Dell(conf-router_isisaf_ipv6)# address-family ipv6 unicast (ROUTER ISIS Mode) ROUTER OSPF Dell(conf-router_ospf)# router ospf ROUTER OSP
CLI Command Mode Prompt Access Command PORT-CHANNEL FAILOVERGROUP Dell(conf-po-failovergrp)# port-channel failovergroup PRIORITY GROUP Dell(conf-pg)# priority-group PROTOCOL GVRP Dell(config-gvrp)# protocol gvrp QOS POLICY Dell(conf-qos-policy-outets)# qos-policy-output VLT DOMAIN Dell(conf-vlt-domain)# vlt domain VRRP Dell(conf-if-interfacetype-slot/port-vrid-vrrpgroup-id)# vrrp-group UPLINK STATE GROUP Dell(conf-uplink-stategroup-groupID)# uplink-state-group The following example s
1 1 1 1 1 1 2 3 4 5 up up up up up up up up up up 6666 6695 6753 6738 6753 up up up up up 6872 6872 6948 6902 6857 Speed in RPM Dell(conf)# Undoing Commands When you enter a command, the command line is added to the running configuration file (runningconfig). To disable a command and remove it from the running-config, enter the no command, then the original command. For example, to delete an IP address configured on an interface, use the no ip address ip-address command.
• Enter [space]? after a keyword lists all of the keywords that can follow the specified keyword. Dell(conf)#clock ? summer-time Configure summer (daylight savings) time timezone Configure time zone Dell(conf)#clock Entering and Editing Commands Notes for entering commands. • The CLI is not case-sensitive. • You can enter partial CLI keywords. – Enter the minimum number of letters to uniquely identify a command.
Short-Cut Key Combination Action Esc F Moves the cursor forward one word. Esc D Deletes all characters from the cursor to the end of the word. Command History The Dell Networking OS maintains a history of previously-entered commands for each mode. For example: • When you are in EXEC mode, the UP and DOWN arrow keys display the previously-entered EXEC mode commands. • When you are in CONFIGURATION mode, the UP or DOWN arrows keys recall the previously-entered CONFIGURATION mode commands.
Reload-Type : normal-reload [Next boot : normal-reload] The find keyword displays the output of the show command beginning from the first occurrence of specified text. The following example shows this command used in combination with the show system brief command. Example of the find Keyword Dell#show system brief | find Management 1 Management online Z9100-ON Z9100-ON 9.8(1.
3 Getting Started This chapter describes how you start configuring your system. When you power up the chassis, the system performs a power-on self test (POST) and system then loads the Dell Networking Operating System. Boot messages scroll up the terminal window during this process. No user interaction is required if the boot process proceeds without interruption. When the boot process completes, the system status LEDs remain online (green) and the console monitor displays the EXEC mode prompt.
Accessing the Console Port To access the console port, follow these steps: For the console port pinout, refer to Accessing the RJ-45 Console Port with a DB-9 Adapter. 1. Install an RJ-45 copper cable into the console port.Use a rollover (crossover) cable to connect the Z9100–ON console port to a terminal server. 2. Connect the other end of the cable to the DTE terminal server. 3.
When you connect the micro USB-B port, it becomes the primary connection and, while connected, all messages are sent to the micro USB-B port. NOTE: Before starting this procedure, be sure that you have a terminal emulation program already installed on your PC. You need to install the appropriate drivers to support the micro USB-B port. For assistance, contact http://www.dell.com/support to download the drivers. To access the micro USB-B console port, follow these steps. 1. Power on the PC. 2.
Accessing the System Remotely You can configure the system to access it remotely by Telnet or SSH. • The platform has a dedicated management port and a management routing table that is separate from the IP routing table. • You can manage all Dell Networking products in-band via the front-end data ports through interfaces assigned an IP address as well. Accessing the System Remotely Configuring the system for remote access is a three-step process, as described in the following topics: 1.
– mask: a subnet mask in /prefix-length format (/ xx). – gateway: the next hop for network traffic originating from the management port. Configuring a Username and Password To access the system remotely, configure a system username and password. To configure a system username and password, use the following command. • Configure a username and password to access the system remotely.
Configuration File Management Files can be stored on and accessed from various storage media. Rename, delete, and copy files on the system from EXEC Privilege mode. Copy Files to and from the System The command syntax for copying files is similar to UNIX. The copy command uses the format copy source-file-url destination-file-url. NOTE: For a detailed description of the copy command, refer to the Dell Networking OS Command Reference.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!! 54238335 bytes successfully copied Mounting an NFS File System This feature enables you to quickly access data on an NFS mounted file system. You can perform file operations on an NFS mounted file system using supported file commands. This feature allows an NFS mounted device to be recognized as a file system.
44250499 bytes successfully copied Dell# Dell#copy ftp://10.16.127.35 nfsmount: Source file name []: test.c User name to login remote host: mashutosh Example of Logging in to Copy from NFS Mount Dell#copy nfsmount:///test flash: Destination file name [test]: test2 ! 5592 bytes successfully copied Dell# Dell#copy nfsmount:///test.txt ftp://10.16.127.35 Destination file name [test.
copy running-config tftp://{hostip | hostname}/ filepath/filename Save the running-configuration to an SCP server. • EXEC Privilege mode copy running-config scp://{hostip | hostname}/ filepath/filename NOTE: When copying to a server, a host name can only be used if a DNS server is configured.
View Configuration Files Configuration files have three commented lines at the beginning of the file, as shown in the following example, to help you track the last time any user made a change to the file, which user made the changes, and when the file was last saved to the startup-configuration.
View Command History The command-history trace feature captures all commands entered by all users of the system with a time stamp and writes these messages to a dedicated trace log buffer. The system generates a trace message for each executed command. No password information is saved to the file. To view the command-history trace, use the show command-history command.
However, these changes are backward-compatible and do not affect existing behavior; meaning, you can still use the ip http source- interface command to communicate with a particular interface even if no VRF is configured on that interface NOTE: If the HTTP service is not VRF-aware, then it uses the global routing table to perform the look-up. To enable an HTTP client to look up the VRF table corresponding to either management VRF or any nondefault VRF, use the ip http vrf command in CONFIGURATION mode.
• flash: (Optional) Specifies the flash drive. The default is to use the flash drive. You can just enter the image file name. • hash-value: (Optional). Specify the relevant hash published on i-Support. • img-file: Enter the name of the Dell Networking software image file to validate Examples: Without Entering the Hash Value for Verification MD5 Dell# verify md5 flash://FTOS-SE-9.5.0.0.bin MD5 hash for FTOS-SE-9.5.0.0.bin: 275ceb73a4f3118e1d6bcf7d75753459 SHA256 Dell# verify sha256 flash://FTOS-SE-9.5.
Management 4 This chapter describes the different protocols or services used to manage the Dell Networking system. Configuring Privilege Levels Privilege levels restrict access to commands based on user or terminal line. There are 16 privilege levels, of which three are pre-defined. The default privilege level is 1. Level Description Level 0 Access to the system begins at EXEC mode, and EXEC mode commands are limited to enable, disable, and exit.
Moving a Command from EXEC Privilege Mode to EXEC Mode To move a command from EXEC Privilege to EXEC mode for a privilege level, use the privilege exec command from CONFIGURATION mode. In the command, specify the privilege level of the user or terminal line and specify all keywords in the command to which you want to allow access. Allowing Access to CONFIGURATION Mode Commands To allow access to CONFIGURATION mode, use the privilege exec level level configure command from CONFIGURATION mode.
CONFIGURATION mode • privilege configure level level {interface | line | route-map | router} {command-keyword ||...|| command-keyword} Allow access to a CONFIGURATION, INTERFACE, LINE, ROUTE-MAP, and/or ROUTER mode command. CONFIGURATION mode privilege {configure |interface | line | route-map | router} level level {command ||...
• Configure a privilege level for a user. CONFIGURATION mode username username privilege level Applying a Privilege Level to a Terminal Line To set a privilege level for a terminal line, use the following command. • Configure a privilege level for a user. CONFIGURATION mode username username privilege level NOTE: When you assign a privilege level between 2 and 15, access to the system begins at EXEC mode, but the prompt is hostname#, rather than hostname>.
• Displaying Audit and Security Logs • Clearing Audit Logs Enabling Audit and Security Logs You enable audit and security logs to monitor configuration changes or determine if these changes affect the operation of the system in the network. You log audit and security events to a system log server, using the logging extended command in CONFIGURATION mode. Audit Logs The audit log contains configuration events and information.
Displaying Audit and Security Logs To display audit logs, use the show logging auditlog command in Exec mode. To view these logs, you must first enable the logging extended command. Only the RBAC system administrator user role can view the audit logs. Only the RBAC security administrator and system administrator user role can view the security logs. If extended logging is disabled, you can only view system events, regardless of RBAC user role. To view security logs, use the show logging command.
Figure 2. Setting Up a Secure Connection to a Syslog Server Pre-requisites To configure a secure connection from the switch to the syslog server: 1. On the switch, enable the SSH server Dell(conf)#ip ssh server enable 2. On the syslog server, create a reverse SSH tunnel from the syslog server to FTOS switch, using following syntax: ssh -R :: user@remote_host -nNf In the following example the syslog server IP address is 10.156.166.
If you do not, the system displays an error when you attempt to enable role-based only AAA authorization. Dell(conf)# logging localhost tcp port Dell(conf)#logging 127.0.0.1 tcp 5140 Log Messages in the Internal Buffer All error messages, except those beginning with %BOOTUP (Message), are log in the internal buffer.
You can export system logs to an external server that is connected through a different VRF. Configuring a UNIX System as a Syslog Server To configure a UNIX System as a syslog server, use the following command. • Configure a UNIX system as a syslog server by adding the following lines to /etc/syslog.conf on the UNIX system and assigning write permissions to the file. – Add line on a 4.1 BSD UNIX system. local7.debugging /var/log/ftos.log – Add line on a 5.7 SunOS UNIX system. local7.
Example of Configuring Login Activity Tracking The following example enables login activity tracking. The system stores the login activity details for the last 30 days. Dell(config)#login statistics enable The following example enables login activity tracking and configures the system to store the login activity details for 12 days. Dell(config)#login statistics enable Dell(config)#login statistics time-period 12 Display Login Statistics To view the login statistics, use the show login statistics command.
User: admin Last login time: Mon Feb 16 04:40:00 2015 Last login location: Line vty0 ( 10.14.1.97 ) Unsuccessful login attempt(s) since the last successful login: 0 Unsuccessful login attempt(s) in last 11 day(s): 3 ------------------------------------------------------------------ Limit Concurrent Login Sessions Dell Networking OS enables you to limit the number of concurrent login sessions of users on VTY, auxiliary, and console lines.
Example of Clearing Existing Sessions When you try to log in, the following message appears with all your existing concurrent sessions, providing an option to close any one of the existing sessions: $ telnet 10.11.178.14 Trying 10.11.178.14... Connected to 10.11.178.14. Escape character is '^]'. Login: admin Password: Current sessions for user admin: Line Location 2 vty 0 10.14.1.97 3 vty 1 10.14.1.
• logging monitor level Specify the minimum severity level for logging to a syslog server. CONFIGURATION mode • logging trap level Specify the minimum severity level for logging to the syslog history table. CONFIGURATION mode • logging history level Specify the size of the logging buffer. CONFIGURATION mode logging buffered size • NOTE: When you decrease the buffer size, Dell Networking OS deletes all messages stored in the buffer. Increasing the buffer size does not affect messages in the buffer.
To view any changes made, use the show running-config logging command in EXEC privilege mode. Configuring a UNIX Logging Facility Level You can save system log messages with a UNIX system logging facility. To configure a UNIX logging facility level, use the following command. • Specify one of the following parameters.
logging facility user logging source-interface Loopback 0 logging 10.10.10.4 Dell# Synchronizing Log Messages You can configure Dell Networking OS to filter and consolidate the system messages for a specific line by synchronizing the message output. Only the messages with a severity at or below the set level appear. This feature works on the terminal and console connections available on the system. 1. Enter LINE mode.
– uptime: To view time since last boot. If you do not specify a parameter, Dell Networking OS configures uptime. To view the configuration, use the show running-config logging command in EXEC privilege mode. To disable time stamping on syslog messages, use the no service timestamps [log | debug] command. File Transfer Services With Dell Networking OS, you can configure the system to transfer files over the network using the file transfer protocol (FTP).
Configuring FTP Server Parameters After you enable the FTP server on the system, you can configure different parameters. To specify the system logging settings, use the following commands. • Specify the directory for users using FTP to reach the system. CONFIGURATION mode ftp-server topdir dir • The default is the internal flash directory. Specify a user name for all FTP users and configure either a plain text or encrypted password.
• ip ftp password password Enter a username to use on the FTP client. CONFIGURATION mode ip ftp username name To view the FTP configuration, use the show running-config ftp command in EXEC privilege mode, as shown in the example for Enable FTP Server. Terminal Lines You can access the system remotely and restrict access to the system by creating user profiles. Terminal lines on the system provide different means of accessing the system.
ip access-list standard myvtyacl seq 5 permit host 10.11.0.1 Dell(config-std-nacl)#line vty 0 Dell(config-line-vty)#show config line vty 0 access-class myvtyacl Dell(conf-ipv6-acl)#do show run acl ! ip access-list extended testdeny seq 10 deny ip 30.1.1.
aaa authentication login {method-list-name | default} [method-1] [method-2] [method-3] [method-4] [method-5] [method-6] 2. Apply the method list from Step 1 to a terminal line. CONFIGURATION mode login authentication {method-list-name | default} 3. If you used the line authentication method in the method list you applied to the terminal line, configure a password for the terminal line.
exec-timeout 0 0 Dell(config-line-console)# Using Telnet to get to Another Network Device To telnet to another device, use the following commands. NOTE: The device allows 120 Telnet sessions per minute, allowing the login and logout of 10 Telnet sessions, 12 times in a minute. If the system reaches this non-practical limit, the Telnet service is stopped for 10 minutes. You can use console and SSH service to access the system during downtime. • Telnet to a device with an IPv4 or IPv6 address.
Viewing the Configuration Lock Status If you attempt to enter CONFIGURATION mode when another user has locked it, you may view which user has control of CONFIGURATION mode using the show configuration lock command from EXEC Privilege mode. You can then send any user a message using the send command from EXEC Privilege mode. Alternatively, you can clear any line using the clear command from EXEC Privilege mode. If you clear a console session, the user is returned to EXEC mode.
• When you restore the units in standalone mode, the units remain in standalone mode after the restoration. • After the restore is complete, the units power cycle immediately. The following example illustrates the restore factory-defaults command to restore the factory default settings.
2.1X 5 802.1X is a port-based Network Access Control (PNAC) that provides an authentication mechanism to devices wishing to attach to a LAN or WLAN. A device connected to a port that is enabled with 802.1X is disallowed from sending or receiving packets on the network until its identity is verified (through a username and password, for example). 802.
Figure 4. EAP Frames Encapsulated in Ethernet and RADUIS The authentication process involves three devices: • The device attempting to access the network is the supplicant. The supplicant is not allowed to communicate on the network until the authenticator authorizes the port. It can only communicate with the authenticator in response to 802.1X requests. • The device with which the supplicant communicates is the authenticator. The authenticator is the gate keeper of the network.
3. The authenticator decapsulates the EAP response from the EAPOL frame, encapsulates it in a RADIUS Access-Request frame and forwards the frame to the authentication server. 4. The authentication server replies with an Access-Challenge frame. The Access-Challenge frame requests the supplicant to prove that it is who it claims to be, using a specified method (an EAPMethod). The challenge is translated and forwarded to the supplicant by the authenticator. 5.
EAP over RADIUS 802.1X uses RADIUS to shuttle EAP packets between the authenticator and the authentication server, as defined in RFC 3579. EAP messages are encapsulated in RADIUS packets as a type of attribute in Type, Length, Value (TLV) format. The Type value for EAP messages is 79. Figure 6. EAP Over RADIUS RADIUS Attributes for 802.1X Support Dell Networking systems include the following RADIUS attributes in all 802.
Important Points to Remember • Dell Networking OS supports 802.1X with EAP-MD5, EAP-OTP, EAP-TLS, EAP-TTLS, PEAPv0, PEAPv1, and MS-CHAPv2 with PEAP. • All platforms support only RADIUS as the authentication server. • If the primary RADIUS server becomes unresponsive, the authenticator begins using a secondary RADIUS server, if configured. • 802.1X is not supported on port-channels or port-channel members. Enabling 802.1X Enable 802.1X globally. Figure 7. 802.1X Enabled 1. Enable 802.1X globally.
dot1x authentication 2. Enter INTERFACE mode on an interface or a range of interfaces. INTERFACE mode interface [range] 3. Enable 802.1X on the supplicant interface only. INTERFACE mode dot1x authentication Examples of Verifying that 802.1X is Enabled Globally and on an Interface Verify that 802.1X is enabled globally and at the interface level using the show running-config | find dot1x command from EXEC Privilege mode. In the following example, the bold lines show that 802.1X is enabled.
Configuring Request Identity Re-Transmissions When the authenticator sends a Request Identity frame and the supplicant does not respond, the authenticator waits for 30 seconds and then re-transmits the frame. The amount of time that the authenticator waits before re-transmitting and the maximum number of times that the authenticator re-transmits can be configured.
Example of Configuring and Verifying Port Authentication The following example shows configuration information for a port for which the authenticator retransmits an EAP Request Identity frame: • • after 90 seconds and a maximum of 10 times for an unresponsive supplicant re-transmits an EAP Request Identity frame The bold lines show the new re-transmit interval, new quiet period, and new maximum re-transmissions.
The bold line shows the new port-control state. Dell(conf-if-Te-1/1/1)#dot1x port-control force-authorized Dell(conf-if-Te-1/1/1)#show dot1x interface TenGigabitEthernet 1/1/1 802.
Dell(conf-if-Te-1/1/1)#do show dot1x interface TenGigabitEthernet 1/1/1 802.
Port Control: Port Auth Status: Re-Authentication: Untagged VLAN id: Guest VLAN: Guest VLAN id: Auth-Fail VLAN: Auth-Fail VLAN id: Auth-Fail Max-Attempts: Tx Period: Quiet Period: ReAuth Max: Supplicant Timeout: Server Timeout: Re-Auth Interval: Max-EAP-Req: FORCE_AUTHORIZED UNAUTHORIZED Disable None Disable NONE Disable NONE NONE 90 seconds 120 seconds 10 15 seconds 15 seconds 7200 seconds 10 Auth Type: Auth PAE State: Backend State: SINGLE_HOST Initialize Initialize Enter the tasks the user should do
Figure 8. Dynamic VLAN Assignment 1. Configure 8021.x globally (refer to Enabling 802.1X) along with relevant RADIUS server configurations (refer to the illustration inDynamic VLAN Assignment with Port Authentication). 2. Make the interface a switchport so that it can be assigned to a VLAN. 3. Create the VLAN to which the interface will be assigned. 4. Connect the supplicant to the port configured for 802.1X. 5.
to be authenticated, but still need access to the network. Also, some dumb-terminals, such as network printers, do not have 802.1X capability and therefore cannot authenticate themselves. To be able to connect such devices, they must be allowed access the network without compromising network security. The Guest VLAN 802.1X extension addresses this limitation with regard to non-802.1X capable devices and the Authentication-fail VLAN 802.1X extension addresses this limitation with regard to external users.
dot1x guest-vlan 200 no shutdown Dell(conf-if-Te-1/1/1)# Dell(conf-if-Te-1/1/1)#dot1x auth-fail-vlan 100 max-attempts 5 Dell(conf-if-Te-1/1/1)#show config ! interface TenGigabitEthernet 1/1/1 switchport dot1x authentication dot1x guest-vlan 200 dot1x auth-fail-vlan 100 max-attempts 5 no shutdown Dell(conf-if-Te-1/1/1)# Example of Viewing Configured Authentication View your configuration using the show config command from INTERFACE mode, as shown in the example in Configuring a Guest VLAN or using the show d
6 Access Control List (ACL) VLAN Groups and Content Addressable Memory (CAM) This section describes the access control list (ACL) virtual local area network (VLAN) group, and content addressable memory (CAM) enhancements. Optimizing CAM Utilization During the Attachment of ACLs to VLANs To minimize the number of entries in CAM, enable and configure the ACL CAM feature. Use this feature when you apply ACLs to a VLAN (or a set of VLANs) and when you apply ACLs to a set of ports.
• The egress ACL is applied or removed from the group and the group contains VLAN members. • VLAN members are added or deleted from a VLAN, which itself is a group member. • A line card returns to the active state after going down and this line card contains a VLAN that is a member of an ACL group. • The ACL VLAN group is deleted and it contains VLAN members. The ACL manager does not notify the ACL agent in the following cases: • The ACL VLAN group is created.
space. Enable optimization using the optimized option in the ip access-group command. This option is not valid for VLAN and link aggregation group (LAG) interfaces. Configuring ACL VLAN Groups and Configuring FP Blocks for VLAN Parameters This section describes how to optimize CAM blocks by configuring ACL VLAN groups that you can attach to VLAN interfaces. It also describes how to configure FP blocks for different VLAN operations.
Group Name : HostGroup Egress IP Acl : Group5 Vlan Members : 1,1000 Dell# Configuring FP Blocks for VLAN Parameters To allocate the number of FP blocks for the various VLAN processes on the system, use the cam-aclvlan command. To reset the number of FP blocks to the default, use the no version of this command. By default, 0 groups are allocated for the ACL in VLAN contentaware processor (VCAP). ACL VLAN groups or CAM optimization is not enabled by default.
| | | | | | | | | | | | | | | | IN-V6 ACL | IN-NLB ACL | IPMAC ACL | OUT-L2 ACL | OUT-L3 ACL | OUT-V6 ACL 3 0 | IN-L2 ACL | IN-L3 ACL | IN-L3 FIB | IN-V6 ACL | IN-NLB ACL | IPMAC ACL | OUT-L2 ACL | OUT-L3 ACL | OUT-V6 ACL Codes: * - cam usage is above 90%.
| | | | | | | | | | | | | OUT-L3 ACL | OUT-V6 ACL 2 0 | IN-L3 FIB | IN-L3 ACL | IN-V6 ACL | OUT-L3 ACL | OUT-V6 ACL 3 0 | IN-L3 FIB | IN-L3 ACL | IN-V6 ACL | OUT-L3 ACL | OUT-V6 ACL Codes: * - cam usage is above 90%.
7 Access Control Lists (ACLs) This chapter describes access control lists (ACLs), prefix lists, and route-maps. At their simplest, access control lists (ACLs), prefix lists, and route-maps permit or deny traffic based on MAC and/or IP addresses. This chapter describes implementing IP ACLs, IP prefix lists and route-maps. For MAC ACLS, refer to Layer 2.
NOTE: In order for the VRF ACLs to take effect, ACLs configured in the Layer 3 CAM region must have an implicit-permit option. You can use the ip access-group command to configure VRF-aware ACLs on interfaces. Using the ip access-group command, in addition to a range of VLANs, you can also specify a range of VRFs as input for configuring ACLs on interfaces. The VRF range is from 1 to 63.
User Configurable CAM Allocation Allocate space for IPV6 ACLs by using the cam-acl command in CONFIGURATION mode. The CAM space is allotted in filter processor (FP) blocks. The total space allocated must equal 9 FP blocks. (There are 12 FP blocks, but System Flow requires three blocks that cannot be reallocated.) Enter the ipv6acl allocation as a factor of 3 (3, 6, 9). All other profile allocations can use either even or odd numbered ranges.
To allocate the number of FP blocks for ACL VLAN optimization, enter the cam-acl-vlan vlanaclopt <0-2> command. After you configure ACL VLAN CAM, reboot the switch to enable CAM allocation for ACL VLAN optimization. To display the number of FP blocks currently allocated to different ACL VLAN services, enter the show cam-acl-vlan command. To display the amount of CAM space currently used and available for Layer 2 and Layer 3 ACLs on the switch, enter the show cam-usage command.
cmap1 and are buffered in queue 7, though you intended for these packets to match positive against cmap2 and be buffered in queue 4. In cases where class-maps with overlapping ACL rules are applied to different queues, use the order keyword to specify the order in which you want to apply ACL rules. The order can range from 0 to 254.
• Configure a route map for route tagging (optional) Creating a Route Map Route maps, ACLs, and prefix lists are similar in composition because all three contain filters, but route map filters do not contain the permit and deny actions found in ACLs and prefix lists. Route map filters match certain routes and set or specific values. To create a route map, use the following command. • Create a route map and assign it a unique name. The optional permit and deny keywords are the actions of the route map.
interface TenGigabitEthernet 1/1/1 Set clauses: tag 35 level stub-area Dell# The following example shows a route map with multiple instances. The show config command displays only the configuration of the current route map instance. To view all instances of a specific route map, use the show route-map command.
Example of the match Command to Permit and Deny Routes Dell(conf)#route-map force permit 10 Dell(config-route-map)#match tag 1000 Dell(conf)#route-map force deny 20 Dell(config-route-map)#match tag 1000 Dell(conf)#route-map force deny 30 Dell(config-route-map)#match tag 1000 Configuring Match Routes To configure match criterion for a route map, use the following commands. • Match routes with the same AS-PATH numbers.
• match ip next-hop {access-list-name | prefix-list prefix-list-name} Match next-hop routes specified in a prefix list (IPv6). CONFIG-ROUTE-MAP mode • match ipv6 next-hop {access-list-name | prefix-list prefix-list-name} Match source routes specified in a prefix list (IPv4). CONFIG-ROUTE-MAP mode • match ip route-source {access-list-name | prefix-list prefix-list-name} Match source routes specified in a prefix list (IPv6).
• Specify a value for the BGP route’s LOCAL_PREF attribute. CONFIG-ROUTE-MAP mode • set local-preference value Specify a value for redistributed routes. CONFIG-ROUTE-MAP mode • set metric {+ | - | metric-value} Specify an OSPF or ISIS type for redistributed routes. CONFIG-ROUTE-MAP mode • set metric-type {external | internal | type-1 | type-2} Assign an IP address as the route’s next hop. CONFIG-ROUTE-MAP mode • set next-hop ip-address Assign an IPv6 address as the route’s next hop.
Route maps add to that redistribution capability by allowing you to match specific routes and set or change more attributes when redistributing those routes. In the following example, the redistribute command calls the route map static ospf to redistribute only certain static routes into OSPF. According to the route map static ospf, only routes that have a next hop of Tengigabitethernet interface 1/1/1 and that have a metric of 255 are redistributed into the OSPF backbone area.
match commu comm-list1 set community 1:1 1:2 1:3 set as-path prepend 1 2 3 4 5 continue 30! IP Fragment Handling Dell Networking OS supports a configurable option to explicitly deny IP fragmented packets, particularly second and subsequent packets. It extends the existing ACL command syntax with the fragments keyword for all Layer 3 rules applicable to all Layer protocols (permit/deny ip/tcp/udp/icmp). • Both standard and extended ACLs support IP fragments.
Layer 4 ACL Rules Examples The following examples show the ACL commands for Layer 4 packet filtering. Permit an ACL line with L3 information only, and the fragments keyword is present: If a packet’s L3 information matches the L3 information in the ACL line, the packet's FO is checked. • If a packet's FO > 0, the packet is permitted. • If a packet's FO = 0, the next ACL entry is processed.
Configure a Standard IP ACL To configure an ACL, use commands in IP ACCESS LIST mode and INTERFACE mode. For a complete list of all the commands related to IP ACLs, refer to the Dell Networking OS Command Line Interface Reference Guide. To set up extended ACLs, refer to Configure an Extended IP ACL. A standard IP ACL uses the source IP address as its match criterion. 1. Enter IP ACCESS LIST mode by naming a standard IP access list. CONFIGURATION mode ip access-list standard access-listname 2.
number based on the order in which the filters are configured. The software assigns filters in multiples of 5. Configuring a Standard IP ACL Filter If you are creating a standard ACL with only one or two filters, you can let Dell Networking OS assign a sequence number based on the order in which the filters are configured. The software assigns filters in multiples of five. 1. Configure a standard IP ACL and assign it a unique name. CONFIGURATION mode ip access-list standard access-list-name 2.
Configure an Extended IP ACL Extended IP ACLs filter on source and destination IP addresses, IP host addresses, TCP addresses, TCP host addresses, UDP addresses, and UDP host addresses. The traffic passes through the filter in the order of the filter’s sequence and hence you can configure the extended IP ACL by first entering IP ACCESS LIST mode, and then assigning a sequence number to the filter.
CONFIG-EXT-NACL mode seq sequence-number {deny | permit} tcp {source mask | any | host ipaddress} [count [byte]] [order] [fragments] Example of the seq Command When you create the filters with a specific sequence number, you can create the filters in any order and the filters are placed in the correct order. NOTE: When assigning sequence numbers to filters, you may have to insert a new filter. To prevent reconfiguring multiple filters, assign sequence numbers in multiples of five or another number.
Example of Viewing Filter Sequence for a Specified Extended ACL Dell(config-ext-nacl)#deny tcp host 123.55.34.0 any Dell(config-ext-nacl)#permit udp 154.44.123.34 0.0.255.255 host 34.6.0.0 Dell(config-ext-nacl)#show config ! ip access-list extended nimule seq 5 deny tcp host 123.55.34.0 any seq 10 permit udp 154.44.0.0 0.0.255.255 host 34.6.0.
Assign an IP ACL to an Interface To pass traffic through a configured IP ACL, assign that ACL to a physical interface, a port channel interface, or a VLAN. The IP ACL is applied to all traffic entering a physical or port channel interface and the traffic is either forwarded or dropped depending on the criteria and actions specified in the ACL. The same ACL may be applied to different interfaces and that changes its functionality.
ip address 10.2.1.100 255.255.255.0 ip access-group nimule in no shutdown Dell(conf-if)# To filter traffic on Telnet sessions, use only standard ACLs in the access-class command. Counting ACL Hits You can view the number of packets matching the ACL by using the count option when creating ACL entries. 1. Create an ACL that uses rules with the count option. Refer to Configure a Standard IP ACL Filter. 2. Apply the ACL as an inbound or outbound ACL on an interface. 3.
Configure Egress ACLs Egress ACLs are applied to line cards and affect the traffic leaving the system. Configuring egress ACLs onto physical interfaces protects the system infrastructure from attack — malicious and incidental — by explicitly allowing only authorized traffic. These system-wide ACLs eliminate the need to apply ACLs onto each interface and achieves the same results. By localizing target traffic, it is a simpler implementation. To restrict egress traffic, use an egress ACL.
Applying Egress Layer 3 ACLs (Control-Plane) By default, packets originated from the system are not filtered by egress ACLs. For example, if you initiate a ping session from the system and apply an egress ACL to block this type of traffic on the interface, the ACL does not affect that ping traffic. The Control Plane Egress Layer 3 ACL feature enhances IP reachability debugging by implementing control-plane ACLs for CPU-generated and CPU-forwarded traffic.
EXEC mode EXEC Privilege mode show cam-acl Dell#show cam-acl -- Chassis Cam ACL -Current Settings(in block sizes) 1 block = 256 entries L2Acl : 2 Ipv4Acl : 2 Ipv6Acl : 0 Ipv4Qos : 2 L2Qos : 1 L2PT : 0 IpMacAcl : 0 VmanQos : 0 EcfmAcl : 2 FcoeAcl : 4 ipv4pbr : 0 vrfv4Acl : 0 Openflow : 0 fedgovacl : 0 nlbclusteracl: 0 -- stack-unit 0 -Current Settings(in block sizes) 1 block = 256 entries L2Acl : 2 Ipv4Acl : 2 Ipv6Acl : 0 Ipv4Qos : 2 L2Qos : 1 L2PT : 0 IpMacAcl : 0 VmanQos : 0 EcfmAcl : 2 FcoeAcl : 4 ipv4pbr
CONFIGURATION-UDF TCAM mode show config Dell(conf-udf-tcam)#show config ! udf-tcam ipnip seq 1 key innerL3header udf-id 6 packetbase innerL3Header offset 0 length 2 Dell(conf-udf-tcam)# 7. Configure the match criteria for the packet type in which UDF offset bytes are parsed. CONFIGURATION-UDF TCAM mode match l2ethertype ipv4 ipprotocol value vlantag tagStatus Dell(conf-udf-tcam)#match l2ethertype ipv4 ipprotocol 4 vlantag any 8. View the UDF TCAM configuration.
show config Dell(config-ext-nacl)#show config ! ip access-list extended aa seq 5 permit ip any any udf-pkt-format ipnip udf-qualifier-value ipnip_val1 Dell(config-ext-nacl)# IP Prefix Lists IP prefix lists control routing policy. An IP prefix list is a series of sequential filters that contain a matching criterion (examine IP route prefix) and an action (permit or deny) to process routes.
• Configuring a prefix list • Use a prefix list for route redistribution For a complete listing of all commands related to prefix lists, refer to the Dell Networking OS Command Line Interface Reference Guide. Creating a Prefix List To create a prefix list, use the following commands. 1. Create a prefix list and assign it a unique name. You are in PREFIX LIST mode. CONFIGURATION mode ip prefix-list prefix-name 2. Create a prefix list with a sequence number and a deny or permit action.
Creating a Prefix List Without a Sequence Number To create a filter without a specified sequence number, use the following commands. 1. Create a prefix list and assign it a unique name. CONFIGURATION mode ip prefix-list prefix-name 2. Create a prefix list filter with a deny or permit action. CONFIG-NPREFIXL mode {deny | permit} ip-prefix [ge min-prefix-length] [le max-prefix-length] The optional parameters are: • ge min-prefix-length: is the minimum prefix length to be matched (0 to 32).
count: 3, range entries: 3, sequences: 5 - 10 seq 5 deny 1.102.0.0/16 le 32 (hit count: 0) seq 6 deny 2.1.0.0/16 ge 23 (hit count: 0) seq 10 permit 0.0.0.0/0 le 32 (hit count: 0) ip prefix-list filter_ospf: count: 4, range entries: 1, sequences: 5 - 10 seq 5 deny 100.100.1.0/24 (hit count: 0) seq 6 deny 200.200.1.0/24 (hit count: 0) seq 7 deny 200.200.2.0/24 (hit count: 0) seq 10 permit 0.0.0.0/0 le 32 (hit count: 0) The following example shows the show ip prefix-list summary command.
Applying a Filter to a Prefix List (OSPF) To apply a filter to routes in open shortest path first (OSPF), use the following commands. • Enter OSPF mode. CONFIGURATION mode • router ospf Apply a configured prefix list to incoming routes. You can specify an interface. If you enter the name of a non-existent prefix list, all routes are forwarded. CONFIG-ROUTER-OSPF mode • distribute-list prefix-list-name in [interface] Apply a configured prefix list to incoming routes.
Table 7. ACL Resequencing Rules Resquencing Rules Before Resequencing: seq 5 permit any host 1.1.1.1 seq 6 permit any host 1.1.1.2 seq 7 permit any host 1.1.1.3 seq 10 permit any host 1.1.1.4 Rules After Resequencing: seq 5 permit any host 1.1.1.1 seq 10 permit any host 1.1.1.2 seq 15 permit any host 1.1.1.3 seq 20 permit any host 1.1.1.4 Resequencing an ACL or Prefix List Resequencing is available for IPv4 and IPv6 ACLs, prefix lists, and MAC ACLs.
! ip access-list extended test remark 2 XYZ remark 4 this remark corresponds to permit any host 1.1.1.1 seq 4 permit ip any host 1.1.1.1 remark 6 this remark has no corresponding rule remark 8 this remark corresponds to permit ip any host 1.1.1.2 seq 8 permit ip any host 1.1.1.2 seq 10 permit ip any host 1.1.1.3 seq 12 permit ip any host 1.1.1.4 Remarks that do not have a corresponding rule are incremented as a rule. These two mechanisms allow remarks to retain their original position in the list.
Flow-Based Monitoring Support for ACLs Flow-based monitoring is supported on the platform. Flow-based monitoring conserves bandwidth by monitoring only the specified traffic instead of all traffic on the interface. It is available for Layer 2 and Layer 3 ingress traffic. You can specify traffic using standard or extended access-lists. This mechanism copies incoming packets that matches the ACL rules applied on the ingress port and forwards (mirrors) them to another port.
destination port, and the endpoint to which the packet must be forwarded when a match occurs with the ACL entry. If you configure the flow-based enable command and do not apply an ACL on the source port or the monitored port, both flow-based monitoring and port mirroring do not function. Flow-based monitoring is supported only for ingress traffic and not for egress packets. The port mirroring application maintains a database that contains all monitoring sessions (including port monitor sessions).
Example of the flow-based enable Command To view an access-list that you applied to an interface, use the show ip accounting access-list command from EXEC Privilege mode.
8 Bidirectional Forwarding Detection (BFD) BFD is a protocol that is used to rapidly detect communication failures between two adjacent systems. It is a simple and lightweight replacement for existing routing protocol link state detection mechanisms. It also provides a failure detection solution for links on which no routing protocol is used. BFD is a simple hello mechanism. Two neighboring systems running BFD establish a session using a three-way handshake.
NOTE: A session state change from Up to Down is the only state change that triggers a link state change in the routing protocol client. BFD Packet Format Control packets are encapsulated in user datagram protocol (UDP) packets. The following illustration shows the complete encapsulation of a BFD control packet inside an IPv4 packet. Figure 9. BFD in IPv4 Packet Format Field Description Diagnostic Code The reason that the last session failed. State The current local session state.
Field Description system clears the poll bit and sets the final bit in its response. The poll and final bits are used during the handshake and in Demand mode (refer to BFD Sessions). NOTE: Dell Networking OS does not currently support multi-point sessions, Demand mode, authentication, or control plane independence; these bits are always clear. Detection Multiplier The number of packets that must be missed in order to declare a session down. Length The entire length of the BFD packet.
BFD Sessions BFD must be enabled on both sides of a link in order to establish a session. The two participating systems can assume either of two roles: Active The active system initiates the BFD session. Both systems can be active for the same session. Passive The passive system does not initiate a session. It only responds to a request for session initialization from the active system.
3. The active system receives the response from the passive system and changes its session state to Up. It then sends a control packet indicating this state change. This is the third and final part of the handshake. Now the discriminator values have been exchanged and the transmit intervals have been negotiated. 4. The passive system receives the control packet and changes its state to Up. Both systems agree that a session has been established.
receives a Down status notification from the remote system, the session state on the local system changes to Init. Figure 11. Session State Changes Important Points to Remember • Dell Networking OS supports 128 sessions per stack unit at 200 minimum transmit and receive intervals with a multiplier of 3, and 64 sessions at 100 minimum transmit and receive intervals with a multiplier of 4. • Enable BFD on both ends of a link. • Demand mode, authentication, and the Echo function are not supported.
• Configure BFD for OSPFv3 • Configure BFD for IS-IS • Configure BFD for BGP • Configure BFD for VRRP • Configuring Protocol Liveness • Configure BFD for Physical Ports Configuring BFD for physical ports is supported on the C-Series and E-Series platforms only. BFD on physical ports is useful when you do not enable the routing protocol. Without BFD, if the remote system fails, the local system does not remove the connected route until the first failed attempt to send a packet.
Establishing a Session on Physical Ports To establish a session, enable BFD at the interface level on both ends of the link, as shown in the following illustration. The configuration parameters do not need to match. Figure 12. Establishing a BFD Session on Physical Ports 1. Enter interface mode. CONFIGURATION mode interface 2. Assign an IP address to the interface if one is not already assigned. INTERFACE mode ip address ip-address 3.
Remote Addr: 2.2.2.
Number of messages from IFA about port state change: 0 Number of messages communicated b/w Manager and Agent: 7 Disabling and Re-Enabling BFD BFD is enabled on all interfaces by default, though sessions are not created unless explicitly configured. If you disable BFD, all of the sessions on that interface are placed in an Administratively Down state ( the first message example), and the remote systems are notified of the session state change (the second message example).
Establishing Sessions for Static Routes Sessions are established for all neighbors that are the next hop of a static route. Figure 13. Establishing Sessions for Static Routes To establish a BFD session, use the following command. • Establish BFD sessions for all neighbors that are the next hop of a static route. CONFIGURATION mode ip route bfd Example of the show bfd neighbors Command to Verify Static Routes To verify that sessions have been created for static routes, use the show bfd neighbors command.
CONFIGURATION mode ip route bfd interval milliseconds min_rx milliseconds multiplier value role [active | passive] To view session parameters, use the show bfd neighbors detail command, as shown in the examples in Displaying BFD for BGP Information Disabling BFD for Static Routes If you disable BFD, all static route BFD sessions are torn down. A final Admin Down packet is sent to all neighbors on the remote systems, and those neighbors change to the Down state.
Establishing Sessions with OSPF Neighbors BFD sessions can be established with all OSPF neighbors at once or sessions can be established with all neighbors out of a specific interface. Sessions are only established when the OSPF adjacency is in the Full state. Figure 14. Establishing Sessions with OSPF Neighbors To establish BFD with all OSPF neighbors or with OSPF neighbors on a single interface, use the following commands. • Establish sessions with all OSPF neighbors.
ip ospf bfd all-neighbors Example of Verifying Sessions with OSPF Neighbors To view the established sessions, use the show bfd neighbors command. The bold line shows the OSPF BFD sessions. R2(conf-router_ospf)#bfd all-neighbors R2(conf-router_ospf)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr * 2.2.2.2 * 2.2.3.1 RemoteAddr Interface State Rx-int Tx-int Mult Clients 2.2.2.1 Te 2/1/1 Up 100 100 3 O 2.2.3.
• no bfd all-neighbors Disable BFD sessions with all OSPF neighbors on an interface. INTERFACE mode ip ospf bfd all-neighbors disable Configure BFD for OSPFv3 BFD for OSPFv3 provides support for IPV6. Configuring BFD for OSPFv3 is a two-step process: 1. Enable BFD globally. 2. Establish sessions with OSPFv3 neighbors.
• bfd all-neighbors interval milliseconds min_rx milliseconds multiplier value role [active | passive] Change parameters for OSPFv3 sessions on a single interface. INTERFACE mode ipv6 ospf bfd all-neighbors interval milliseconds min_rx milliseconds multiplier value role [active | passive] Disabling BFD for OSPFv3 If you disable BFD globally, all sessions are torn down and sessions on the remote system are placed in a Down state.
Establishing Sessions with IS-IS Neighbors BFD sessions can be established for all IS-IS neighbors at once or sessions can be established for all neighbors out of a specific interface. Figure 15. Establishing Sessions with IS-IS Neighbors To establish BFD with all IS-IS neighbors or with IS-IS neighbors on a single interface, use the following commands. • Establish sessions with all IS-IS neighbors. ROUTER-ISIS mode • bfd all-neighbors Establish sessions with IS-IS neighbors on a single interface.
The bold line shows that IS-IS BFD sessions are enabled. R2(conf-router_isis)#bfd all-neighbors R2(conf-router_isis)#do show bfd neighbors * - Active session role Ad Dn - Admin Down C - CLI I - ISIS O - OSPF R - Static Route (RTM) LocalAddr * 2.2.2.2 RemoteAddr Interface State Rx-int Tx-int Mult Clients 2.2.2.1 Te 2/1/1 Up 100 100 3 I Changing IS-IS Session Parameters BFD sessions are configured with default intervals and a default role.
isis bfd all-neighbors disable Configure BFD for BGP In a BGP core network, BFD provides rapid detection of communication failures in BGP fast-forwarding paths between internal BGP (iBGP) and external BGP (eBGP) peers for faster network reconvergence. BFD for BGP is supported on 1GE, 10GE, 40GE, port-channel, and VLAN interfaces. BFD for BGP does not support IPv6 and the BGP multihop feature. Prerequisites Before configuring BFD for BGP, you must first configure the following settings: 1.
The sample configuration shows alternative ways to establish a BFD session with a BGP neighbor: • By establishing BFD sessions with all neighbors discovered by BGP (the bfd all-neighbors command). • By establishing a BFD session with a specified BGP neighbor (the neighbor {ip-address | peergroup-name} bfd command) BFD packets originating from a router are assigned to the highest priority egress queue to minimize transmission delays.
neighbor {ip-address | peer-group-name} bfd NOTES: 6. • When you establish a BFD session with a specified BGP neighbor or peer group using the neighbor bfd command, the default BFD session parameters are used (interval: 100 milliseconds, min_rx: 100 milliseconds, multiplier: 3 packets, and role: active).
Displaying BFD for BGP Information You can display related information for BFD for BGP. To display information about BFD for BGP sessions on a router, use the following commands and refer to the following examples. • Verify a BFD for BGP configuration. EXEC Privilege mode show running-config bgp • Verify that a BFD for BGP session has been successfully established with a BGP neighbor. A line-byline listing of established BFD adjacencies is displayed.
The following example shows viewing BFD neighbors with full detail. The bold lines show the BFD session parameters: TX (packet transmission), RX (packet reception), and multiplier (maximum number of missed packets). R2# show bfd neighbors detail Session Discriminator: 9 Neighbor Discriminator: 10 Local Addr: 1.1.1.3 Local MAC Addr: 00:01:e8:66:da:33 Remote Addr: 1.1.1.
Protocol BGP Messages: Registration De-registration Init Up Down Admin Down : : : : : : 5 4 0 6 0 2 Interface TenGigabitEthernet 1/2/1 Protocol BGP Messages: Registration De-registration Init Up Down Admin Down : : : : : : 5 4 0 6 0 2 Interface TenGigabitEthernet 1/3/1 Protocol BGP Messages: Registration De-registration Init Up Down Admin Down : : : : : : 1 0 0 1 0 2 The following example shows viewing BFD summary information.
Last read 00:00:30, last write 00:00:30 Hold time is 180, keepalive interval is 60 seconds Received 8 messages, 0 in queue 1 opens, 0 notifications, 0 updates 7 keepalives, 0 route refresh requests Sent 9 messages, 0 in queue 2 opens, 0 notifications, 0 updates 7 keepalives, 0 route refresh requests Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Capabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_R
neighboring interface fails, the BFD agent on the line card notifies the BFD manager, which in turn notifies the VRRP protocol that a link state change occurred. Configuring BFD for VRRP is a three-step process: 1. Enable BFD globally. Refer to Enabling BFD Globally. 2. Establish VRRP BFD sessions with all VRRP-participating neighbors. 3. On the master router, establish a VRRP BFD sessions with the backup routers. Refer to Establishing Sessions with All VRRP Neighbors.
Establishing VRRP Sessions on VRRP Neighbors The master router does not care about the state of the backup router, so it does not participate in any VRRP BFD sessions. VRRP BFD sessions on the backup router cannot change to the UP state. Configure the master router to establish an individual VRRP session the backup router. To establish a session with a particular VRRP neighbor, use the following command. • Establish a session with a particular VRRP neighbor.
To change parameters for all VRRP sessions or for a particular VRRP session, use the following commands. • Change parameters for all VRRP sessions. INTERFACE mode • vrrp bfd all-neighbors interval milliseconds min_rx milliseconds multiplier value role [active | passive] Change parameters for a particular VRRP session.
Troubleshooting BFD To troubleshoot BFD, use the following commands and examples. To control packet field values or to examine the control packets in hexadecimal format, use the following command. • Examine control packet field values. CONFIGURATION mode • debug bfd detail Examine the control packets in hexadecimal format. CONFIGURATION debug bfd packet Examples of Output from the debug bfd Commands The following example shows a three-way handshake using the debug bfd detail command.
The output for the debug bfd event command is the same as the log messages that appear on the console by default.
Border Gateway Protocol IPv4 (BGPv4) 9 This chapter provides a general description of BGPv4 as it is supported in the Dell Networking Operating System (OS). BGP protocol standards are listed in the Standards Compliance chapter. BGP is an external gateway protocol that transmits interdomain routing information within and between autonomous systems (AS). The primary function of the BGP is to exchange network reachability information with other BGP systems.
Figure 18. Internal BGP BGP version 4 (BGPv4) supports classless interdomain routing and aggregate routes and AS paths. BGP is a path vector protocol — a computer network in which BGP maintains the path that updated information takes as it diffuses through the network. Updates traveling through the network and returning to the same node are easily detected and discarded.
Figure 19. BGP Routers in Full Mesh The number of BGP speakers each BGP peer must maintain increases exponentially. Network management quickly becomes impossible. Sessions and Peers When two routers communicate using the BGP protocol, a BGP session is started. The two end-points of that session are Peers. A Peer is also called a Neighbor.
Establish a Session Information exchange between peers is driven by events and timers. The focus in BGP is on the traffic routing policies. In order to make decisions in its operations with other BGP peers, a BGP process uses a simple finite state machine that consists of six states: Idle, Connect, Active, OpenSent, OpenConfirm, and Established. For each peer-to-peer session, a BGP implementation tracks which of these six states the session is in.
Route reflection divides iBGP peers into two groups: client peers and nonclient peers. A route reflector and its client peers form a route reflection cluster. Because BGP speakers announce only the best route for a given prefix, route reflector rules are applied after the router makes its best path decision. • If a route was received from a nonclient peer, reflect the route to all client peers. • If the route was received from a client peer, reflect the route to all nonclient and all client peers.
• Next Hop NOTE: There are no hard coded limits on the number of attributes that are supported in the BGP. Taking into account other constraints such as the Packet Size, maximum number of attributes are supported in BGP. Communities BGP communities are sets of routes with one or more common attributes. Communities are a way to assign common attributes to multiple routes at the same time. NOTE: Duplicate communities are not rejected.
Figure 21. BGP Best Path Selection Best Path Selection Details 1. Prefer the path with the largest WEIGHT attribute. 2. Prefer the path with the largest LOCAL_PREF attribute. 3. Prefer the path that was locally Originated via a network command, redistribute command or aggregate-address command. a. 4. Routes originated with the Originated via a network or redistribute commands are preferred over routes originated with the aggregate-address command.
c. Paths with no MED are treated as “worst” and assigned a MED of 4294967295. 7. Prefer external (EBGP) to internal (IBGP) paths or confederation EBGP paths. 8. Prefer the path with the lowest IGP metric to the BGP if next-hop is selected when synchronization is disabled and only an internal path remains. 9. Dell Networking OS deems the paths as equal and does not perform steps 9 through 11, if the following criteria is met: a.
and AS300. This is advertised to all routers within AS100, causing all BGP speakers to prefer the path through Router B. Figure 22. BGP Local Preference Multi-Exit Discriminators (MEDs) If two ASs connect in more than one place, a multi-exit discriminator (MED) can be used to assign a preference to a preferred path. MED is one of the criteria used to determine the best path, so keep in mind that other criteria may impact selection, as shown in the illustration in Best Path Selection Criteria.
Figure 23. Multi-Exit Discriminators NOTE: Configuring the set metric-type internal command in a route-map advertises the IGP cost as MED to outbound EBGP peers when redistributing routes. The configured set metric value overwrites the default IGP cost. If the outbound route-map uses MED, it overwrites IGP MED. Origin The origin indicates the origin of the prefix, or how the prefix came into BGP. There are three origin codes: IGP, EGP, INCOMPLETE.
*> 7.0.0.0/30 *> 9.2.0.0/16 10.114.8.33 10.114.8.33 0 10 0 0 18508 18508 ? 701 i AS Path The AS path is the list of all ASs that all the prefixes listed in the update have passed through. The local AS number is added by the BGP speaker when advertising to a eBGP neighbor. NOTE: Any update that contains the AS path number 0 is valid. The AS path is shown in the following example. The origin attribute is shown following the AS path information (shown in bold).
Multiprotocol BGP Multiprotocol extensions for BGP (MBGP) is defined in IETF RFC 2858. MBGP allows different types of address families to be distributed in parallel. MBGP allows information about the topology of the IP multicast-capable routers to be exchanged separately from the topology of normal IPv4 and IPv6 unicast routers. It allows a multicast routing topology different from the unicast routing topology.
• If BGP peer outbound route-map has metric configured, all other metrics are overwritten by this configuration. NOTE: When redistributing static, connected, or OSPF routes, there is no metric option. Simply assign the appropriate route-map to the redistributed route. The following table lists some examples of these rules. Table 8.
AS4 Number Representation Dell Networking OS supports multiple representations of 4-byte AS numbers: asplain, asdot+, and asdot. NOTE: The ASDOT and ASDOT+ representations are supported only with the 4-Byte AS numbers feature. If 4-Byte AS numbers are not implemented, only ASPLAIN representation is supported. ASPLAIN is the default method the system uses. With the ASPLAIN notation, a 32-bit binary AS number is translated into a decimal value.
neighbor 172.30.1.250 local-as 65057
Figure 24. Before and After AS Number Migration with Local-AS Enabled When you complete your migration, and you have reconfigured your network with the new information, disable this feature. If you use the “no prepend” option, the Local-AS does not prepend to the updates received from the eBGP peer. If you do not select “no prepend” (the default), the Local-AS is added to the first AS segment in the AS-PATH.
BGP4 Management Information Base (MIB) The FORCE10-BGP4-V2-MIB enhances support for BGP management information base (MIB) with many new simple network management protocol (SNMP) objects and notifications (traps) defined in draft-ietfidr-bgp4-mibv2-05. To see these enhancements, download the MIB from the Dell website. NOTE: For the Force10-BGP4-V2-MIB and other MIB documentation, refer to the Dell iSupport web page.
• High CPU utilization may be observed during an SNMP walk of a large BGP Loc-RIB. • To avoid SNMP timeouts with a large-scale configuration (large number of BGP neighbors and a large BGP Loc-RIB), Dell Networking recommends setting the timeout and retry count values to a relatively higher number. For example, t = 60 or r = 5. • To return all values on an snmpwalk for the f10BgpM2Peer sub-OID, use the -C c option, such as snmpwalk -v 2c -C c -c public.
NOTE: In Dell Networking OS, all newly configured neighbors and peer groups are disabled. To enable a neighbor or peer group, enter the neighbor {ip-address | peer-group-name} no shutdown command. The following table displays the default values for BGP on Dell Networking OS. Table 9. BGP Default Values Item Default BGP Neighbor Adjacency changes All BGP neighbor changes are logged.
NOTE: Sample Configurations for enabling BGP routers are found at the end of this chapter. 1. Assign an AS number and enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number • as-number: from 0 to 65535 (2 Byte) or from 1 to 4294967295 (4 Byte) or 0.1 to 65535.65535 (Dotted format). Only one AS is supported per system. NOTE: If you enter a 4-Byte AS number, 4-Byte AS support is enabled automatically. a. Enable 4-Byte support for the BGP process. NOTE: This command is OPTIONAL.
neighbor {ip-address | peer-group-name} no shutdown Examples of the show ip bgp Commands NOTE: When you change the configuration of a BGP neighbor, always reset it by entering the clear ip bgp * command in EXEC Privilege mode. To view the BGP configuration, enter show config in CONFIGURATION ROUTER BGP mode. To view the BGP status, use the show ip bgp summary command in EXEC Privilege mode.
the router ID. If you do not configure Loopback interfaces, the highest IP address of any interface is used as the router ID. To view the status of BGP neighbors, use the show ip bgp neighbors command in EXEC Privilege mode as shown in the first example. For BGP neighbor configuration information, use the show running-config bgp command in EXEC Privilege mode as shown in the second example.
No active TCP connection Dell# The following example shows verifying the BGP configuration using the show running-config bgp command.. Dell#show running-config bgp ! router bgp 65123 bgp router-id 192.168.10.2 network 10.10.21.0/24 network 10.10.32.0/24 network 100.10.92.0/24 network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list ISP1in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.
• NOTE: ASPLAIN is the default method Dell Networking OS uses and does not appear in the configuration display. Enable ASDOT AS Number representation. CONFIG-ROUTER-BGP mode • bgp asnotation asdot Enable ASDOT+ AS Number representation. CONFIG-ROUTER-BGP mode bgp asnotation asdot+ Examples of the bgp asnotation Commands The following example shows the bgp asnotation asplain command output.
Configuring Peer Groups To configure multiple BGP neighbors at one time, create and populate a BGP peer group. An advantage of peer groups is that members of a peer group inherit the configuration properties of the group and share same update policy. A maximum of 256 peer groups are allowed on the system. Create a peer group by assigning it a name, then adding members to the peer group. After you create a peer group, you can configure route policies for it.
To add an internal BGP (IBGP) neighbor, configure the as-number parameter with the same BGP asnumber configured in the router bgp as-number command. Examples of Viewing and Configuring Peer Groups After you create a peer group, you can use any of the commands beginning with the keyword neighbor to configure that peer group. When you add a peer to a peer group, it inherits all the peer group’s configured parameters.
neighbor 10.1.1.1 shutdown neighbor 10.14.8.60 remote-as 18505 neighbor 10.14.8.60 no shutdown Dell(conf-router_bgp)# To disable a peer group, use the neighbor peer-group-name shutdown command in CONFIGURATION ROUTER BGP mode. The configuration of the peer group is maintained, but it is not applied to the peer group members. When you disable a peer group, all the peers within the peer group that are in the ESTABLISHED state move to the IDLE state.
When you enable fall-over, BGP tracks IP reachability to the peer remote address and the peer local address. Whenever either address becomes unreachable (for example, no active route exists in the routing table for peer IPv6 destinations/local address), BGP brings down the session with the peer. The BGP fast fall-over feature is configured on a per-neighbor or peer-group basis and is disabled by default. To enable the BGP fast fall-over feature, use the following command.
Notification History 'Connection Reset' Sent : 5 Recv: 0 Local host: 200.200.200.200, Local port: 65519 Foreign host: 100.100.100.100, Foreign port: 179 Dell# To verify that fast fall-over is enabled on a peer-group, use the show ip bgp peer-group command (shown in bold).
CONFIG-ROUTER-BGP mode neighbor peer-group-name subnet subnet-number mask The peer group responds to OPEN messages sent on this subnet. 3. Enable the peer group. CONFIG-ROUTER-BGP mode neighbor peer-group-name no shutdown 4. Create and specify a remote peer for BGP neighbor. CONFIG-ROUTER-BGP mode neighbor peer-group-name remote-as as-number Only after the peer group responds to an OPEN message sent on the subnet does its BGP state change to ESTABLISHED.
network 192.168.10.0/24 bgp four-octet-as-support neighbor 10.10.21.1 remote-as 65123 neighbor 10.10.21.1 filter-list Laura in neighbor 10.10.21.1 no shutdown neighbor 10.10.32.3 remote-as 65123 neighbor 10.10.32.3 no shutdown neighbor 100.10.92.9 remote-as 65192 neighbor 100.10.92.9 local-as 6500 neighbor 100.10.92.9 no shutdown neighbor 192.168.10.1 remote-as 65123 neighbor 192.168.10.1 update-source Loopback 0 neighbor 192.168.10.1 no shutdown neighbor 192.168.12.2 remote-as 65123 neighbor 192.168.12.
neighbor 192.168.10.1 remote-as 65123 neighbor 192.168.10.1 update-source Loopback 0 neighbor 192.168.10.1 no shutdown neighbor 192.168.12.2 remote-as 65123 neighbor 192.168.12.2 allowas-in 9 neighbor 192.168.12.2 update-source Loopback 0 neighbor 192.168.12.2 no shutdown R2(conf-router_bgp)#R2(conf-router_bgp)# Enabling Graceful Restart Use this feature to lessen the negative effects of a BGP restart.
bgp graceful-restart [stale-path-time time-in-seconds] • The default is 360 seconds. Local router supports graceful restart as a receiver only. CONFIG-ROUTER-BGP mode bgp graceful-restart [role receiver-only] Enabling Neighbor Graceful Restart BGP graceful restart is active only when the neighbor becomes established. Otherwise, it is disabled. Graceful-restart applies to all neighbors with established adjacency.
AS-PATH ACLs use regular expressions to search AS_PATH values. AS-PATH ACLs have an “implicit deny.” This means that routes that do not meet a deny or match filter are dropped. To configure an AS-PATH ACL to filter a specific AS_PATH value, use these commands in the following sequence. 1. Assign a name to a AS-PATH ACL and enter AS-PATH ACL mode. CONFIGURATION mode ip as-path access-list as-path-name 2. Enter the parameter to match BGP AS-PATH for filtering.
0x59cd3b4 0x7128114 0x536a914 0x2ffe884 0x2ff7284 0x2ff7ec4 0x2ff8544 0x736c144 0x3b8d224 0x5eb1e44 0x5cd891c --More-- 0 0 0 0 0 0 0 0 0 0 0 2 10 3 1 99 4 3 1 10 1 9 18508 18508 18508 18508 18508 18508 18508 18508 18508 18508 18508 209 209 209 701 701 209 701 701 209 701 209 7018 15227 i 3356 13845 i 701 6347 7781 i 3561 9116 21350 i 1239 577 855 ? 3561 4755 17426 i 5743 2648 i 209 568 721 1494 i 701 2019 i 8584 16158 i 6453 4759 i Regular Expressions as Filters Regular expressions are used to filter
The following example applies access list Eagle to routes inbound from BGP peer 10.5.5.2. Access list Eagle uses a regular expression to deny routes originating in AS 32. The first lines shown in bold create the access list and filter. The second lines shown in bold are the regular expression shown as part of the access list filter.
redistribute isis [level-1 | level-1-2 | level-2] [metric value] [route-map map-name] Configure the following parameters: – level-1, level-1-2, or level-2: Assign all redistributed routes to a level. The default is level-2. – metric value: The value is from 0 to 16777215. The default is 0. • – map-name: name of a configured route map. Include specific OSPF routes in IS-IS.
IETF RFC 1997 defines the COMMUNITY attribute and the predefined communities of INTERNET, NO_EXPORT_SUBCONFED, NO_ADVERTISE, and NO_EXPORT. All BGP routes belong to the INTERNET community. In the RFC, the other communities are defined as follows: • All routes with the NO_EXPORT_SUBCONFED (0xFFFFFF03) community attribute are not sent to CONFED-EBGP or EBGP peers, but are sent to IBGP peers within CONFED-SUB-AS. • All routes with the NO_ADVERTISE (0xFFFFFF02) community attribute must not be advertised.
deny deny deny deny deny Dell# 702:667 703:667 704:666 705:666 14551:666 Configuring an IP Extended Community List To configure an IP extended community list, use these commands. 1. Create a extended community list and enter the EXTCOMMUNITY-LIST mode. CONFIGURATION mode ip extcommunity-list extcommunity-list-name 2. Two types of extended communities are supported.
Filtering Routes with Community Lists To use an IP community list or IP extended community list to filter routes, you must apply a match community filter to a route map and then apply that route map to a BGP neighbor or peer group. 1. Enter the ROUTE-MAP mode and assign a name to a route map. CONFIGURATION mode route-map map-name [permit | deny] [sequence-number] 2. Configure a match filter for all routes meeting the criteria in the IP community or IP extended community list.
To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode. If you want to remove or add a specific COMMUNITY number from a BGP path, you must create a route map with one or both of the following statements in the route map. Then apply that route map to a BGP neighbor or peer group. 1. Enter ROUTE-MAP mode and assign a name to a route map. CONFIGURATION mode route-map map-name [permit | deny] [sequence-number] 2.
To view BGP routes matching a certain community number or a pre-defined BGP community, use the show ip bgp community command in EXEC Privilege mode. Dell>show ip bgp community BGP table version is 3762622, local router ID is 10.114.8.48 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network * i 3.0.0.0/8 *>i 4.2.49.12/30 * i 4.21.132.0/23 *>i 4.24.118.16/30 *>i 4.24.145.0/30 *>i 4.24.187.12/30 *>i 4.24.202.0/30 *>i 4.25.88.
• Change the LOCAL_PREF value. CONFIG-ROUTER-BGP mode bgp default local-preference value – value: the range is from 0 to 4294967295. The default is 100. To view the BGP configuration, use the show config command in CONFIGURATION ROUTER BGP mode or the show running-config bgp command in EXEC Privilege mode. A more flexible method for manipulating the LOCAL_PREF attribute value is to use a route map. 1. Enter the ROUTE-MAP mode and assign a name to a route map.
• Sets the next hop address. CONFIG-ROUTE-MAP mode set next-hop ip-address Changing the WEIGHT Attribute To change how the WEIGHT attribute is used, enter the first command. You can also use route maps to change this and other BGP attributes. For example, you can include the second command in a route map to specify the next hop address. • Assign a weight to the neighbor connection. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} weight weight – weight: the range is from 0 to 65535.
NOTE: You can create inbound and outbound policies. Each of the commands used for filtering has in and out parameters that you must apply. In Dell Networking OS, the order of preference varies depending on whether the attributes are applied for inbound updates or outbound updates.
• out: apply the prefix list to outbound routes. As a reminder, the following are rules concerning prefix lists: • If the prefix list contains no filters, all routes are permitted. • If none of the routes match any of the filters in the prefix list, the route is denied. This action is called an implicit deny. (If you want to forward all routes that do not match the prefix list criteria, you must configure a prefix list filter to permit all routes.
Filtering BGP Routes Using AS-PATH Information To filter routes based on AS-PATH information, use these commands. 1. Create a AS-PATH ACL and assign it a name. CONFIGURATION mode ip as-path access-list as-path-name 2. Create a AS-PATH ACL filter with a deny or permit action. AS-PATH ACL mode {deny | permit} as-regular-expression 3. Return to CONFIGURATION mode. AS-PATH ACL exit 4. Enter ROUTER BGP mode. CONFIGURATION mode router bgp as-number 5.
• Assign an ID to a router reflector cluster. CONFIG-ROUTER-BGP mode bgp cluster-id cluster-id • You can have multiple clusters in an AS. Configure the local router as a route reflector and the neighbor or peer group identified is the route reflector client. CONFIG-ROUTER-BGP mode neighbor {ip-address | peer-group-name} route-reflector-client When you enable a route reflector, Dell Networking OS automatically enables route reflection to all clients.
Configuring BGP Confederations Another way to organize routers within an AS and reduce the mesh for IBGP peers is to configure BGP confederations. As with route reflectors, BGP confederations are recommended only for IBGP peering involving many IBGP peering sessions per router. Basically, when you configure BGP confederations, you break the AS into smaller sub-AS, and to those outside your network, the confederations appear as one AS.
• history entry — an entry that stores information on a downed route • dampened path — a path that is no longer advertised • penalized path — a path that is assigned a penalty To configure route flap dampening parameters, set dampening parameters using a route map, clear information on route dampening and return suppressed routes to active state, view statistics on route flapping, or change the path selection from the default mode (deterministic) to non-deterministic, use the following commands.
show ip bgp [vrf vrf-name] flap-statistics [ip-address [mask]] [filter-list as-path-name] [regexp regular-expression] – ip-address [mask]: enter the IP address and mask. – filter-list as-path-name: enter the name of an AS-PATH ACL. – regexp regular-expression: enter a regular express to match on. • By default, the path selection in Dell Networking OS is deterministic, that is, paths are compared irrespective of the order of their arrival.
Dampening enabled. 0 history paths, 0 dampened paths, 0 penalized paths Neighbor AS MsgRcvd MsgSent TblVer 10.114.8.34 18508 82883 79977 780266 10.114.8.33 18508 117265 25069 780266 Dell> InQ OutQ Up/Down State/PfxRcd 0 2 00:38:51 118904 0 20 00:38:50 102759 To view which routes are dampened (non-active), use the show ip bgp dampened-routes command in EXEC Privilege mode. Changing BGP Timers To configure BGP timers, use either or both of the following commands.
To reset a BGP connection using BGP soft reconfiguration, use the clear ip bgp command in EXEC Privilege mode at the system prompt. When you enable soft-reconfiguration for a neighbor and you execute the clear ip bgp soft in command, the update database stored in the router is replayed and updates are reevaluated. With this command, the replay and update process is triggered only if a route-refresh request is not negotiated with the peer.
Route Map Continue The BGP route map continue feature, continue [sequence-number], (in ROUTE-MAP mode) allows movement from one route-map entry to a specific route-map entry (the sequence number). If you do not specify a sequence number, the continue feature moves to the next sequence number (also known as an “implied continue”). If a match clause exists, the continue feature executes only after a successful match occurs. If there are no successful matches, continue is ignored.
• Exchange of IPv4 multicast route information occurs through the use of two new attributes called MP_REACH_NLRI and MP_UNREACH_NLRI, for feasible and withdrawn routes, respectively. • If the peer has not been activated in any AFI/SAFI, the peer remains in Idle state. Most Dell Networking OS BGP IPv4 unicast commands are extended to support the IPv4 multicast RIB using extra options to the command.
• debug ip bgp [ip-address | peer-group peer-group-name] notifications [in | out] View information about BGP updates and filter by prefix name. EXEC Privilege mode • debug ip bgp [ip-address | peer-group peer-group-name] updates [in | out] [prefix-list name] Enable soft-reconfiguration debug.
ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) For address family: IPv4 Unicast BGP table version 1395, neighbor version 1394 Prefixes accepted 1 (consume 4 bytes), 0 withdrawn by peer Prefixes advertised 0, rejected 0, 0 withdrawn from peer Connections established 3; dropped 2 Last reset 00:00:12, due to Missing well known attribute Notification History 'UPDATE error/Missing well-known attr' Sent : 1 Recv: 0 'Connection Reset' Sent : 1 Recv: 0 Last notification (len 21) sent 00:26:02 ago ffffffff ffffffff fffff
00000000 00000001 0181a1e4 0181a25c 41af9400 00000000 PDU[2] : len 19, captured 00:34:51 ago ffffffff ffffffff ffffffff ffffffff 00130400 PDU[3] : len 19, captured 00:34:51 ago ffffffff ffffffff ffffffff ffffffff 00130400 PDU[4] : len 19, captured 00:34:22 ago ffffffff ffffffff ffffffff ffffffff 00130400 [. . .] Outgoing packet capture enabled for BGP neighbor 20.20.20.
The following illustration shows the configurations described on the following examples. These configurations show how to create BGP areas using physical and virtual links. They include setting up the interfaces and peers groups with each other. Figure 25. Sample Configurations Example of Enabling BGP (Router 1) R1# conf R1(conf)#int loop 0 R1(conf-if-lo-0)#ip address 192.168.128.1/24 R1(conf-if-lo-0)#no shutdown R1(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.
R1(conf-if-te-1/31/1)#show config ! interface TengigabitEthernet 1/31/1 ip address 10.0.3.31/24 no shutdown R1(conf-if-te-1/31)#router bgp 99 R1(conf-router_bgp)#network 192.168.128.0/24 R1(conf-router_bgp)#neighbor 192.168.128.2 remote 99 R1(conf-router_bgp)#neighbor 192.168.128.2 no shut R1(conf-router_bgp)#neighbor 192.168.128.2 update-source loop 0 R1(conf-router_bgp)#neighbor 192.168.128.3 remote 100 R1(conf-router_bgp)#neighbor 192.168.128.3 no shut R1(conf-router_bgp)#neighbor 192.168.128.
Example of Enabling BGP (Router 3) R3# conf R3(conf)# R3(conf)#int loop 0 R3(conf-if-lo-0)#ip address 192.168.128.3/24 R3(conf-if-lo-0)#no shutdown R3(conf-if-lo-0)#show config ! interface Loopback 0 ip address 192.168.128.3/24 no shutdown R3(conf-if-lo-0)#int te 3/11/1 R3(conf-if-te-3/11/1)#ip address 10.0.3.33/24 R3(conf-if-te-3/11/1)#no shutdown R3(conf-if-te-3/11/1)#show config ! interface TengigabitEthernet 3/11/1 ip address 10.0.3.
neighbor 192.168.128.2 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.168.128.3 peer-group BBB neighbor 192.168.128.3 update-source Loopback 0 neighbor 192.168.128.3 no shutdown R1# R1#show ip bgp summary BGP router identifier 192.168.128.
R2(conf-router_bgp)# neighbor 192.168.128.3 no shut R2(conf-router_bgp)#show conf ! router bgp 99 network 192.168.128.0/24 neighbor AAA peer-group neighbor AAA no shutdown neighbor BBB peer-group neighbor BBB no shutdown neighbor 192.168.128.1 remote-as 99 neighbor 192.168.128.1 peer-group CCC neighbor 192.168.128.1 update-source Loopback 0 neighbor 192.168.128.1 no shutdown neighbor 192.168.128.3 remote-as 100 neighbor 192.168.128.3 peer-group BBB neighbor 192.168.128.
Received 93 messages, 0 in queue 5 opens, 0 notifications, 5 updates 83 keepalives, 0 route refresh requests Sent 99 messages, 0 in queue 5 opens, 4 notifications, 5 updates 85 keepalives, 0 route refresh requestsCapabilities received from neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Capabilities advertised to neighbor for IPv4 Unicast : MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) Update source set to Loopback 0 Peer active in peer-group outbound op
Content Addressable Memory (CAM) 10 CAM is a type of memory that stores information in the form of a lookup table. On Dell Networking systems, CAM stores Layer 2 (L2) and Layer 3 (L3) forwarding information, access-lists (ACLs), flows, and routing policies. CAM Allocation CAM Allocation for Ingress To allocate the space for regions such has L2 ingress ACL, IPV4 ingress ACL, IPV6 ingress ACL, IPV4 QoS, L2 QoS, PBR, VRF ACL, and so forth, use the cam-acl command in CONFIGURATION mode.
NOTE: When you reconfigure CAM allocation, use the nlbclusteracl number command to change the number of NLB ARP entries. The range is from 0 to 2. The default value is 0. At the default value of 0, eight NLB ARP entries are available for use. This platform supports upto 512 CAM entries. Select 1 to configure 256 entries. Select 2 to configure 512 entries.
NOTE: Selecting default resets the CAM entries to the default settings. Select l2acl to allocate the desired space for all other regions. 2. Enter the number of FP blocks for each region.
VmanQos : EtsAcl : FcoeAcl : ipv4pbr : vrfv4Acl : Openflow : fedgovacl : nlbclusteracl: 0 0 0 0 0 0 0 0 -- stack-unit 1 -Current Settings(in block sizes) 1 block = 256 entries L2Acl : 2 Ipv4Acl : 2 Ipv6Acl : 0 Ipv4Qos : 2 L2Qos : 2 L2PT : 0 IpMacAcl : 1 VmanQos : 0 EtsAcl : 0 FcoeAcl : 0 ipv4pbr : 0 vrfv4Acl : 0 Openflow : 0 fedgovacl : 0 nlbclusteracl: 0 0 0 0 0 0 0 0 0 Next Boot(in block sizes) 2 2 3 2 0 0 0 0 0 0 0 0 0 0 0 Dell# Example of Viewing CAM-ACL Settings NOTE: If you change the cam-acl sett
Ipv4Qos : L2Qos : L2PT : IpMacAcl : VmanQos : EtsAcl : FcoeAcl : ipv4pbr : vrfv4Acl : Openflow : fedgovacl : nlbclusteracl: 2 2 0 1 0 0 0 0 0 0 0 0 View CAM Usage View the amount of CAM space available, used, and remaining in each ACL partition using the show cam-usage command from EXEC Privilege mode.
| | IN-V6 ACL | 0 | 0 | | IN-NLB ACL | 0 | 0 | | | IPMAC ACL 256 | | | OUT-L2 ACL | 194 | | | OUT-L3 ACL | 164 | | | OUT-V6 ACL | 169 1 | 0 | 3 | IN-L2 ACL | 256 | | | IN-L3 ACL | 255 | | | IN-V6 ACL | 0 | | | IN-NLB ACL | 0 | | | IPMAC ACL | 256 | | | OUT-L2 ACL | 194 | | | OUT-L3 ACL | 164 | | | OUT-V6 ACL | 169 Codes: * - cam usage is above 90%.
• After installing a secondary RPM into a chassis, copy the running-configuration to the startupconfiguration. • Change to the default profile if downgrading to a Dell Networking OS version earlier than 6.3.1.1. • Use the CONFIGURATION mode commands so that the profile is change throughout the system. • Use the EXEC Privilege mode commands to match the profile of a component to the profile of the target system.
Table 12. UFT Modes —Table Size UFT Mode L2 MAC Table Size L3 Host Table Size L3 LPM Table Size Default 72K 72K 16K Scaled-l3-hosts 8K 136K 16K Scaled-l3-routes 8K 8K 128K Scaled-l2–switch 136K 8K 16K Configuring UFT Modes To configure the Unified Forwarding Table (UFT) modes, follow these steps. 1. Select a mode to initialize the maximum scalability size for L2 MAC table or L3 Host table or L3 Route table.
Control Plane Policing (CoPP) 11 Control plane policing (CoPP) uses access control list (ACL) rules and quality of service (QoS) policies to create filters for a system’s control plane. That filter prevents traffic not specifically identified as legitimate from reaching the system control plane, rate-limits, traffic to an acceptable level.
Figure 27. CoPP Implemented Versus CoPP Not Implemented Configure Control Plane Policing The system can process a maximum of 8500 packets per second (PPS). Protocols that share a single queue may experience flaps if one of the protocols receives a high rate of control traffic even though per protocol CoPP is applied. This happens because queue-based rate limiting is applied first.
queue rate limit value. You must complete queue bandwidth tuning carefully because the system cannot open up to handle any rate, including traffic coming at the line rate. CoPP policies are assigned on a per-protocol or a per-queue basis, and are assigned in CONTROLPLANE mode to each port-pipe. CoPP policies are configured by creating extended ACL rules and specifying rate-limits through QoS policies. The ACLs and QoS policies are assigned as service-policies.
CONFIGURATION mode policy-map-input name cpu-qos class-map name qos-policy name 7. Enter Control Plane mode. CONFIGURATION mode control-plane-cpuqos 8. Assign the protocol based the service policy on the control plane. Enabling this command on a portpipe automatically enables the ACL and QoS rules creates with the cpu-qos keyword. CONTROL-PLANE mode service-policy rate-limit-protocols Examples of Configuring CoPP for Different Protocols The following example shows creating the IP/IPv6/MAC extended ACL.
Dell(conf-class-map-cpuqos)#match ip access-group bgp Dell(conf-class-map-cpuqos)#exit Dell(conf)#class-map match-any class_lacp cpu-qos Dell(conf-class-map-cpuqos)#match mac access-group lacp Dell(conf-class-map-cpuqos)#exit Dell(conf)#class-map match-any class-ipv6-icmp cpu-qos Dell(conf-class-map-cpuqos)#match ipv6 access-group ipv6-icmp Dell(conf-class-map-cpuqos)#exit The following example shows matching the QoS class map to the QoS policy.
Examples of Configuring CoPP for CPU Queues The following example shows creating the QoS policy. Dell#conf Dell(conf)#qos-policy-input cpuq_1 Dell(conf-qos-policy-in)#rate-police 3000 40 peak 500 40 Dell(conf-qos-policy-in)#exit Dell(conf)#qos-policy-input cpuq_2 Dell(conf-qos-policy-in)#rate-police 5000 80 peak 600 50 Dell(conf-qos-policy-in)#exit The following example shows assigning the QoS policy to the queues.
UDP (DHCP-R) TCP (FTP) ICMP IGMP TCP (MSDP) UDP (NTP) OSPF PIM UDP (RIP) TCP (SSH) TCP (TELNET) VRRP Dell# 67 any any any any/639 any any any any any any any 67 21 any any 639/any 123 any any 520 22 23 any _ _ _ _ _ _ _ _ _ _ _ _ Q10 Q6 Q6 Q11 Q11 Q6 Q9 Q11 Q9 Q6 Q6 Q10 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ To view the queue mapping for the MAC protocols, use the show mac protocol-queue-mapping command.
Data Center Bridging (DCB) 12 Data center bridging (DCB) refers to a set of enhancements to Ethernet local area networks used in data center environments, particularly with clustering and storage area networks. Ethernet Enhancements in Data Center Bridging The following section describes DCB.
Traffic Description transport protocols (for example, TCP) for reliable data transmission with the associated cost of greater processing overhead and performance impact. Storage traffic Storage traffic based on Fibre Channel media uses the Small Computer System Interface (SCSI) protocol for data transfer. This traffic typically consists of large data packets with a payload of 2K bytes that cannot recover from frame loss.
Figure 28. Illustration of Traffic Congestion The system supports loading two DCB_Config files: • FCoE converged traffic with priority 3. In the Dell Networking OS, PFC is implemented as follows: • PFC is supported on specified 802.1p priority traffic (dot1p 0 to 7) and is configured per interface. However, only one lossless queue is supported on an interface: one for Fibre Channel over Ethernet (FCoE) converged traffic. Configure the same lossless queues on all ports.
The following figure shows how ETS allows you to allocate bandwidth when different traffic types are classed according to 802.1p priority and mapped to priority groups. Figure 29. Enhanced Transmission Selection The following table lists the traffic groupings ETS uses to select multiprotocol traffic for transmission. Table 13. ETS Traffic Groupings Traffic Groupings Description Group ID A 4-bit identifier assigned to each priority group.
• Configuration of a peer device over a DCB link. DCBx requires the link layer discovery protocol (LLDP) to provide the path to exchange DCB parameters with peer devices. Exchanged parameters are sent in organizationally specific TLVs in LLDP data units. The following LLDP TLVs are supported for DCB parameter exchange: PFC parameters PFC Configuration TLV and Application Priority Configuration TLV. ETS parameters ETS Configuration TLV and ETS Recommendation TLV.
To enable DCB, enable the FCoE configuration. NOTE: Dell Networking OS Behavior: DCB is not supported if you enable link-level flow control on one or more interfaces. For more information, refer to Ethernet Pause Frames. DCB Maps and its Attributes This topic contains the following sections that describe how to configure a DCB map, apply the configured DCB map to a port, configure PFC without a DCB map, and configure lossless queues.
Data Center Bridging: Default Configuration Before you configure PFC and ETS on a switch see the priority group setting taken into account the following default settings: DCB is enabled. PFC and ETS are globally enabled by default. The default dot1p priority-queue assignments are applied as follows: Dell(conf)#do show qos dot1p-queue-mapping Dot1p Priority : 0 1 2 3 4 5 6 7 Queue : 1 0 2 3 4 5 6 7 PFC is not applied on specific dot1p priorities.
Set the bandwidth in percentage. The percentage range is from 1 to 100% in units of 1%. Committed and peak bandwidth is in megabits per second. The range is from 0 to 40000. Committed and peak burst size is in kilobytes. Default is 50. The range is from 0 to 10000. The pfc on command enables priority-based flow control. 3. Specify the dot1p priority-to-priority group mapping for each priority. priority-pgid dot1p0_group_num dot1p1_group_num ...dot1p7_group_num Priority group range is from 0 to 7.
When you apply or remove a DCB input policy from an interface, one or two CRC errors are expected to be noticed on the ingress ports for each removal or attachment of the policy. This behavior occurs because the port is brought down when PFC is configured.
Applying a DCB Map on a Port When you apply a DCB map with PFC enabled on a switch interface, a memory buffer for PFC-enabled priority traffic is automatically allocated. The buffer size is allocated according to the number of PFCenabled priorities in the assigned map. To apply a DCB map to an Ethernet port, follow these steps: Table 14. DCB Map to an Ethernet Port Step Task Command Command Mode 1 Enter interface configuration mode on an Ethernet port.
Step Task Command Command Mode Maximum number of lossless queues supported on an Ethernet port: 2. Separate priority values with a comma. Specify a priority range with a dash, for example: pfc priority 3,5-7 1. You cannot configure PFC using the pfc priority command on an interface on which a DCB map has been applied or which is already configured for lossless queues (pfc no-drop queues command).
allocated for each priority and the pause or resume thresholds for the buffer. This method of configuration enables you to effectively manage and administer the behavior of lossless queues. Although the system contains 4 MB of space for shared buffers, a minimum guaranteed buffer is provided to all the internal and external ports in the system for both unicast and multicast traffic. This minimum guaranteed buffer reduces the total available shared buffer to 3456 KB.
The packets come in with packet-dot1p 2 alone use Q1 (as per dot1p to Queue classification – Table 2) on the egress port. • When Peer sends a PFC message for Priority 2, based on above PRIO2COS table (TABLE 2), Queue 1 is halted. • Queue 1 starts buffering the packets with Dot1p 2. This causes PG6 buffer counter to increase on the ingress, since P-dot1p 2 is mapped to PG6. • As the PG6 watermark threshold is reached, PFC generats for dot1p 2.
The SNMP support for monitoring PFC and BST counters and statistics is introduced in Dell Networking OS 9.3(0.1). The enhancement is made on F10-FPSTATS MIB with additional tables to display the PFC and BST counters and statistics. The following new tables are added in F10-FPSTATS MIB in Dell Networking OS 9.3(0.
PRIORITY to PG mapping (PRIO2PG) is on the ingress for each port. By default, all priorities are mapped to PG7. A priority for which PFC has to be generated is assigned to a PG other than PG7 (say PG6) and buffer watermark is set on PG6 so as to generate PFC. In ingress, the buffers are accounted at per PG basis and would indicate the number of the packets that has ingress this port PG but still queued up in egress pipeline. However, there is no direct mapping between the PG and Queue.
The packets that come in with packet-dot1p 2 alone will use Q1 (as per dot1p to Queue classification – Table 2) on the egress port. • When Peer sends a PFC message for Priority 2, based on above PRIO2COS table (TABLE 2), Queue 1 is halted. • Queue 1 starts buffering the packets with Dot1p 2. This causes PG6 buffer counter to increase on the ingress, since P-dot1p 2 is mapped to PG6. • As the PG6 watermark threshold is reached, PFC will be generated for dot1p 2.
Committed and peak burst size is in kilobytes. Default is 50. The range is from 0 to 10000. 3. Configure the 802.1p priorities for the traffic on which you want to apply an ETS output policy. PRIORITY-GROUP mode priority-list value The range is from 0 to 7. The default is none. Separate priority values with a comma. Specify a priority range with a dash. For example, priority-list 3,5-7. 4. Exit priority-group configuration mode. PRIORITY-GROUP mode exit 5.
• ETS TLVs are supported in DCBx versions CEE and IEEE2.5. • The DCBx port-role configurations determine the ETS operational parameters (refer to Configure a DCBx Operation). • ETS configurations received from TLVs from a peer are validated. • If there is a hardware limitation or TLV error: – DCBx operation on an ETS port goes down. – New ETS configurations are ignored and existing ETS configurations are reset to the default ETS settings.
priority groups in a DCB map must be 100% of the bandwidth on the link. You must allocate at least 1% of the total bandwidth to each priority group. • Scheduling of priority traffic: dot1p priority traffic on the switch is scheduled to the current queue mapping. dot1p priorities within the same queue must have the same traffic properties and scheduling method.
Priority group 2 Assigns traffic to one priority queue with 30% of the link bandwidth. Priority group 3 Assigns traffic to two priority queues with 50% of the link bandwidth and strictpriority scheduling.
DCBx is a prerequisite for using DCB features, such as priority-based flow control (PFC) and enhanced traffic selection (ETS), to exchange link-level configurations in a converged Ethernet environment. DCBx is also deployed in topologies that support lossless operation for FCoE traffic. In these scenarios, all network devices are DCBx-enabled (DCBx is enabled end-to-end).
– On a DCBx port in an auto-upstream role, the PFC and application priority TLVs are enabled. ETS recommend TLVs are disabled and ETS configuration TLVs are enabled. Auto-downstream The port advertises its own configuration to DCBx peers but is not willing to receive remote peer configuration. The port always accepts internally propagated configurations from a configuration source.
The default for the DCBx port role is manual. NOTE: On a DCBx port, application priority TLV advertisements are handled as follows: • The application priority TLV is transmitted only if the priorities in the advertisement match the configured PFC priorities on the port. • On auto-upstream and auto-downstream ports: – If a configuration source is elected, the ports send an application priority TLV based on the application priority TLV received on the configuration-source port.
– The switch is capable of supporting the received DCB configuration values through either a symmetric or asymmetric parameter exchange. A newly elected configuration source propagates configuration changes received from a peer to the other auto-configuration ports. Ports receiving auto-configuration information from the configuration source ignore their current settings and use the configuration source information.
DCBx Example The following figure shows how to use DCBx. The external 40GbE ports on the base module (ports 33 and 37) of two switches are used for uplinks configured as DCBx auto-upstream ports. The device is connected to third-party, top-of-rack (ToR) switches through uplinks. The ToR switches are part of a Fibre Channel storage network. The internal ports (ports 1-32) connected to the 10GbE backplane are configured as auto-downstream ports. Figure 31.
interface type slot/port 2. Enter LLDP Configuration mode to enable DCBx operation. INTERFACE mode [no] protocol lldp 3. Configure the DCBx version used on the interface, where: auto configures the port to operate using the DCBx version received from a peer. PROTOCOL LLDP mode [no] DCBx version {auto | cee | ieee-v2.5} • cee: configures the port to use CEE (Intel 1.01). • ieee-v2.5: configures the port to use IEEE 802.1Qaz (Draft 2.5). The default is Auto. 4.
[no] advertise DCBx-appln-tlv {fcoe} • fcoe: enables the advertisement of FCoE in Application Priority TLVs. The default is Application Priority TLVs are enabled to advertise FCoE. NOTE: To disable TLV transmission, use the no form of the command; for example, no advertise DCBx-appln-tlv. To verify the DCBx configuration on a port, use the show interface DCBx detail command. Configuring DCBx Globally on the Switch To globally configure the DCBx operation on a switch, follow these steps. 1.
5. Configure the Application Priority TLVs that advertise on unconfigured interfaces with a manual portrole. PROTOCOL LLDP mode [no] advertise DCBx-appln-tlv {fcoe} • fcoe: enables the advertisement of FCoE in Application Priority TLVs. The default is Application Priority TLVs are enabled and advertise FCoE. NOTE: To disable TLV transmission, use the no form of the command; for example, no advertise DCBx-appln-tlv. 6.
– auto-detect-timer: enables traces for DCBx auto-detect timers. – config-exchng: enables traces for DCBx configuration exchanges. – fail: enables traces for DCBx failures. – mgmt: enables traces for DCBx management frames. – resource: enables traces for DCBx system resource frames. – sem: enables traces for the DCBx state machine. – tlv: enables traces for DCBx TLVs. Verifying the DCB Configuration To display DCB configurations, use the following show commands. Table 20.
Examples of the show Commands The following example shows the show dot1p-queue mapping command. Dell(conf)# show qos dot1p-queue-mapping Dot1p Priority: 0 1 2 3 4 5 6 7 Queue : 0 0 0 1 2 3 3 3 The following example shows the show qos priority-groups command. Dell#show qos priority-groups priority-group ipc priority-list 4 set-pgid 2 The following example shows the output of the show qos dcb-map test command.
FCOE TLV Tx Status is disabled Local FCOE PriorityMap is 0x8 Remote FCOE PriorityMap is 0x8 0 Input TLV pkts, 1 Output TLV pkts, 0 Error pkts, 0 Pause Tx pkts, 0 Pause Rx pkts The following table describes the show interface pfc summary command fields. Table 21. show interface pfc summary Command Description Fields Description Interface Interface type with and port number. Admin mode is on; Admin is enabled PFC Admin mode is on or off with a list of the configured PFC priorities .
Fields Description PFC Link Delay Link delay (in quanta) used to pause specified priority traffic. Application Priority TLV: FCOE TLV Tx Status Status of FCoE advertisements in application priority TLVs from local DCBx port: enabled or disabled. Application Priority TLV: Local FCOE Priority Map Priority bitmap used by local DCBx port in FCoE advertisements in application priority TLVs.
7 - - Remote Parameters : ------------------Remote is disabled Local Parameters : -----------------Local is enabled TC-grp Priority# Bandwidth TSA -----------------------------------------------0 1 0,1,2 100% ETS 2 3 0 % SP 3 4,5,6,7 0 % SP 4 5 6 7 Oper status is init ETS DCBx Oper status is Down State Machine Type is Asymmetric Conf TLV Tx Status is enabled Reco TLV Tx Status is enabled 0 Input Conf TLV Pkts, 1955 Output Conf TLV Pkts, 0 Error Conf TLV Pkts 0 Input Reco TLV Pkts, 1955 Output Reco TLV Pk
2 0% ETS 3 0% ETS 4 0% ETS 5 0% ETS 6 0% ETS 7 0% ETS Priority# Bandwidth TSA 0 13% ETS 1 13% ETS 2 13% ETS 3 13% ETS 4 12% ETS 5 12% ETS 6 12% ETS 7 12% ETS Oper status is init Conf TLV Tx Status is disabled Traffic Class TLV Tx Status is disabled 0 Input Conf TLV Pkts, 0 Output Conf TLV Pkts, 0 Error Conf TLV Pkts 0T LIVnput Traffic Class TLV Pkts, 0 Output Traffic Class TLV Pkts, 0 Error Traffic Class Pkts The following example shows the show interface ets detail command.
3 4 5 6 7 0% 0% 0% 0% 0% Priority# Bandwidth 0 13% 1 13% 2 13% 3 13% 4 12% 5 12% 6 12% 7 12% Oper status is init Conf TLV Tx Status is disabled Traffic Class TLV Tx Status is disabled 0 Input Conf TLV Pkts, 0 Output Conf TLV 0 Input Traffic Class TLV Pkts, 0 Output Traffic Class TLV Pkts ETS ETS ETS ETS ETS TSA ETS ETS ETS ETS ETS ETS ETS ETS Pkts, 0 Error Conf TLV Pkts Traffic Class TLV Pkts, 0 Error The following table describes the show interface ets detail command fields. Table 22.
Field Description • Internally propagated: ETS configuration parameters were received from configuration source. ETS DCBx Oper status Operational status of ETS configuration on local port: match or mismatch. State Machine Type Type of state machine used for DCBx exchanges of ETS parameters: • • Feature: for legacy DCBx versions Asymmetric: for an IEEE version Conf TLV Tx Status Status of ETS Configuration TLV advertisements: enabled or disabled.
I-Application priority for iSCSI enabled i-Application Priority for iSCSI disabled ----------------------------------------------------------------------Interface TenGigabitEthernet 1/14/1 Remote Mac Address 00:01:e8:8a:df:a0 Port Role is Auto-Upstream DCBx Operational Status is Enabled Is Configuration Source? FALSE Local DCBx Compatibility mode is CEE Local DCBx Configured mode is CEE Peer Operating version is CEE Local DCBx TLVs Transmitted: ErPFi Local DCBx Status ----------------DCBx Operational Versio
Field Description Local DCBx Configured mode DCBx version configured on the port: CEE, IEEE v2.5, or Auto (port auto-configures to use the DCBx version received from a peer). Peer Operating version DCBx version that the peer uses to exchange DCB parameters. Local DCBx TLVs Transmitted Transmission status (enabled or disabled) of advertised DCB TLVs (see TLV code at the top of the show command output). Local DCBx Status: DCBx Operational Version DCBx version advertised in Control TLVs.
NOTE: Dell Networking does not recommend mapping all ingress traffic to a single queue when using PFC and ETS. However, Dell Networking does recommend using Ingress traffic classification using the service-class dynamic dot1p command (honor dot1p) on all DCB-enabled interfaces. If you use L2 class maps to map dot1p priority traffic to egress queues, take into account the default dot1p-queue assignments in the following table and the maximum number of two lossless queues supported on a port .
CONFIGURATION mode 7. Assign the DCB policy to the DCB buffer threshold profile on interfaces. This setting takes precedence over the default buffer-threshold setting. INTERFACE mode (conf-if-te) dcb-policy buffer-threshold buffer-threshold Sample DCB Configuration The following shows examples of using PFC and ETS to manage your data center traffic. In the following example: • Incoming SAN traffic is configured for priority-based flow control.
Figure 32. PFC and ETS Applied to LAN, IPC, and SAN Priority Traffic QoS Traffic Classification: The service-class dynamic dot1p command has been used in Global Configuration mode to map ingress dot1p frames to the queues shown in the following table. For more information, refer to QoS dot1p Traffic Classification and Queue Assignment.
dot1p Value in the Incoming Frame Priority Group Assignment 3 SAN 4 IPC 5 LAN 6 LAN 7 LAN The following describes the priority group-bandwidth assignment. Priority Group Bandwidth Assignment IPC 5% SAN 50% LAN 45% PFC and ETS Configuration Command Examples The following examples show PFC and ETS configuration commands to manage your data center traffic. 1. Enabling DCB Dell(conf)#dcb enable 2. Configure DCB map and enable PFC, and ETS 3.
Dynamic Host Configuration Protocol (DHCP) 13 DHCP is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations (hosts) based on configuration policies determined by network administrators.
Option Number and Description Subnet Mask Option 1 Specifies the client’s subnet mask. Router Option 3 Specifies the router IP addresses that may serve as the client’s default gateway. Domain Name Server Option 6 Domain Name Option 15 Specifies the domain name servers (DNSs) that are available to the client. Specifies the domain name that clients should use when resolving hostnames via DNS.
Option Number and Description Identifiers a user-defined string used by the Relay Agent to forward DHCP client packets to a specific server. L2 DHCP Snooping Option 82 User Port Stacking Option 230 Specifies IP addresses for DHCP messages received from the client that are to be monitored to build a DHCP snooping database. Set the stacking option variable to provide DHCP server stack-port detail when the DHCP offer is set. End Option 255 Signals the last option in the DHCP packet.
Figure 34. Client and Server Messaging Implementation Information The following describes DHCP implementation. • • • • • Dell Networking implements DHCP based on RFC 2131 and RFC 3046. IP source address validation is a sub-feature of DHCP Snooping; the Dell Networking OS uses access control lists (ACLs) internally to implement this feature and as such, you cannot apply ACLs to an interface which has IP source address validation.
The following table lists the key responsibilities of DHCP servers. Table 24. DHCP Server Responsibilities DHCP Server Responsibilities Description Address Storage and Management DHCP servers are the owners of the addresses used by DHCP clients.The server stores the addresses and manages their use, keeping track of which addresses have been allocated and which are still available.
• prefix-length: specifies the number of bits used for the network portion of the address you specify. The prefix-length range is from 17 to 31. 4. Display the current pool configuration. DHCP mode show config After an IP address is leased to a client, only that client may release the address. Dell Networking OS performs a IP + MAC source address validation to ensure that no client can release another clients address.
Specifying a Default Gateway The IP address of the default router should be on the same subnet as the client. To specify a default gateway, follow this step. • Specify default gateway(s) for the clients on the subnet, in order of preference. DHCP default-router address Configure a Method of Hostname Resolution Dell systems are capable of providing DHCP clients with parameters for two methods of hostname resolution—using DNS or NetBIOS WINS.
Manual bindings can be considered single-host address pools. There is no limit on the number of manual bindings, but you can only configure one manual binding per host. NOTE: Dell Networking OS does not prevent you from using a network IP as a host IP; be sure to not use a network IP as a host IP. 1. Create an address pool. DHCP mode pool name 2. Specify the client IP address. DHCP host address 3. Specify the client hardware address.
Networking OS version and a configuration file). BMP is enabled as a factory-default setting on a switch. A switch cannot operate with BMP and as a DHCP client simultaneously. To disable BMP in EXEC mode, use the stop bmp command. After BMP stops, the switch acts as a DHCP client. • Acquire a dynamic IP address from a DHCP client is for a limited period or until the client releases the address. • A DHCP server manages and assigns IP addresses to clients from an address pool stored on the server.
To manually configure a static IP address on an interface, use the ip address command. A prompt displays to release an existing dynamically acquired IP address. If you confirm, the ability to receive a DHCP server-assigned IP address is removed. To enable acquiring a dynamic IP address from a DHCP server on an interface configured with a static IP address, use the ip address dhcp command. A prompt displays to confirm the IP address reconfiguration.
DHCP Client on a Management Interface These conditions apply when you enable a management interface to operate as a DHCP client. • The management default route is added with the gateway as the router IP address received in the DHCP ACK packet. It is required to send and receive traffic to and from other subnets on the external network. The route is added irrespective when the DHCP client and server are in the same or different subnets.
• If you enable DHCP snooping globally on a switch and you enable a DHCP client on an interface, the trust port, source MAC address, and snooping table validations are not performed on the interface by DHCP snooping for packets destined to the DHCP client daemon. The following criteria determine packets destined for the DHCP client: – DHCP is enabled on the interface. – The user data protocol (UDP) destination port in the packet is 68.
• • associate client MAC addresses with a relay agent to prevent offering an IP address to a client spoofing the same MAC address on a different relay agent. assign IP addresses according to the relay agent. This prevents generating DHCP offers in response to requests from an unauthorized relay agent.
and DHCPDECLINE packets are allowed so that the DHCP snooping table can decrease in size. After the table usage falls below the maximum limit of 4000 entries, new IP address assignments are allowed. NOTE: DHCP server packets are dropped on all not trusted interfaces of a system configured for DHCP snooping. To prevent these packets from being dropped, configure ip dhcp snooping trust on the server-connected port. Enabling DHCP Snooping To enable DHCP snooping, use the following commands. 1.
Adding a Static IPV6 DHCP Snooping Binding Table To add a static entry in the snooping database, use the following command. • Add a static entry in the snooping binding table. EXEC Privilege mode ipv6 dhcp snooping binding mac address vlan-id vlan-id ipv6 ipv6-address interface interface-type | interface-number lease value Clearing the Binding Table To clear the binding table, use the following command. • Delete all of the entries in the binding table.
DHCP Binding File Details Invalid File Invalid Binding Entry Binding Entry lease expired List of Trust Ports List of DHCP Snooping Enabled Vlans List of DAI Trust ports : 0 : 0 : 0 :Te 1/4/1 :Vl 10 :Te 1/4/1 Displaying the Contents of the DHCPv6 Binding Table To display the contents of the DHCP IPv6 binding table, use the following command. • Display the contents of the binding table.
To view the number of entries in the table, use the show ip dhcp snooping binding command. This output displays the snooping binding table created using the ACK packets from the trusted port. Dell#show ip dhcp snooping binding Codes : S - Static D - Dynamic IP Address MAC Address Expires(Sec) Type VLAN Interface ================================================================ 10.1.1.251 00:00:4d:57:f2:50 172800 D Vl 10 Te 1/2/1 10.1.1.252 00:00:4d:57:e6:f6 172800 D Vl 10 Te 1/1/1 10.1.1.
NOTE: Dynamic ARP inspection (DAI) uses entries in the L2SysFlow CAM region, a sub-region of SystemFlow. One CAM entry is required for every DAI-enabled VLAN. You can enable DAI on up to 16 VLANs on a system. However, the ExaScale default CAM profile allocates only nine entries to the L2SysFlow region for DAI. You can configure 10 to 16 DAI-enabled VLANs by allocating more CAM space to the L2SysFlow region before enabling DAI. SystemFlow has 102 entries by default.
Invalid ARP Replies Dell# : 0 Bypassing the ARP Inspection You can configure a port to skip ARP inspection by defining the interface as trusted, which is useful in multi-switch environments. ARPs received on trusted ports bypass validation against the binding table. All ports are untrusted by default. To bypass the ARP inspection, use the following command. • Specify an interface as trusted so that ARPs are not validated against the binding table.
NOTE: If you enable IP source guard using the ip dhcp source-address-validation command and if there are more entries in the current DHCP snooping binding table than the available CAM space, SAV may not be applied to all entries. To ensure that SAV is applied correctly to all entries, enable the ip dhcp source-address-validation command before adding entries to the binding table. • Enable IP source address validation.
INTERFACE mode ip dhcp source-address-validation ipmac • Enable IP+MAC SAV with VLAN option. INTERFACE mode ip dhcp source-address-validation ipmac vlan vlan-id Dell Networking OS creates an ACL entry for each IP+MAC address pair and optionally with its VLAN ID in the binding table and applies it to the interface. To display the IP+MAC ACL for an interface for the entire system, use the show ip dhcp snooping source-address-validation [interface] command in EXEC Privilege mode.
14 Equal Cost Multi-Path (ECMP) This chapter describes configuring ECMP. This chapter describes configuring ECMP. ECMP for Flow-Based Affinity ECMP for flow-based affinity includes link bundle monitoring. Configuring the Hash Algorithm TeraScale has one algorithm that is used for link aggregation groups (LAGs), ECMP, and NH-ECMP, and ExaScale can use three different algorithms for each of these features. To adjust the ExaScale behavior to match TeraScale, use the following command.
Configuring the Hash Algorithm Seed Deterministic ECMP sorts ECMPs in order even though RTM provides them in a random order. However, the hash algorithm uses as a seed the lower 12 bits of the chassis MAC, which yields a different hash result for every chassis. This behavior means that for a given flow, even though the prefixes are sorted, two unrelated chassis can select different hops.
For link bundle monitoring with ECMP, to enable the link bundle monitoring feature, use the ecmpgroup command. In the following example, the ecmp-group with id 2, enabled for link bundle monitoring is user configured. This is different from the ecmp-group index 2 that is created by configuring routes and is automatically generated. These two ecmp-groups are not related in any way.
CONFIGURATION ECMP-GROUP mode interface interface 3. Enable monitoring for the bundle. CONFIGURATION ECMP-GROUP mode link-bundle-monitor enable Modifying the ECMP Group Threshold You can customize the threshold percentage for monitoring ECMP group bundles. To customize the ECMP group bundle threshold and to view the changes, use the following commands. • Modify the threshold for monitoring ECMP group bundles.
table, there is a possibility of getting into hash collision because the Host table on the device is a Hash table. In this scenario, a workaround does not exist for the user having route entries programmed in host table. When the command is issued, you are prompted with a warning message stating that the command configuration can take effect on existing prefixes only when “clear ip route *” command is used.
FCoE Transit 15 The Fibre Channel over Ethernet (FCoE) Transit feature is supported on Ethernet interfaces. When you enable the switch for FCoE transit, the switch functions as a FIP snooping bridge. NOTE: FIP snooping is not supported on Fibre Channel interfaces or in a switch stack. Fibre Channel over Ethernet FCoE provides a converged Ethernet network that allows the combination of storage-area network (SAN) and LAN traffic on a Layer 2 link by encapsulating Fibre Channel data into Ethernet frames.
requirement for point-to-point connections by creating a unique virtual link for each connection between an FCoE end-device and an FCF via a transit switch. FIP provides functionality for discovering and logging into an FCF. After discovering and logging in, FIP allows FCoE traffic to be sent and received between FCoE end-devices (ENodes) and the FCF. FIP uses its own EtherType and frame format. The following illustration shows the communication that occurs between an ENode server and an FCoE switch (FCF).
Figure 35. FIP Discovery and Login Between an ENode and an FCF FIP Snooping on Ethernet Bridges In a converged Ethernet network, intermediate Ethernet bridges can snoop on FIP packets during the login process on an FCF. Then, using ACLs, a transit bridge can permit only authorized FCoE traffic to be transmitted between an FCoE end-device and an FCF. An Ethernet bridge that provides these functions is called a FIP snooping bridge (FSB).
The following illustration shows a switch used as a FIP snooping bridge in a converged Ethernet network. The top-of-rack (ToR) switch operates as an FCF for FCoE traffic. The switch operates as a lossless FIP snooping bridge to transparently forward FCoE frames between the ENode servers and the FCF switch. Figure 36. FIP Snooping on a Dell Networking Switch The following sections describe how to configure the FIP snooping feature on a switch: • Allocate CAM resources for FCoE.
• To provide more port security on ports that are directly connected to an FCF and have links to other FIP snooping bridges, set the FCF or Bridge-to-Bridge Port modes. • To ensure that they are operationally active, check FIP snooping-enabled VLANs. • Process FIP VLAN discovery requests and responses, advertisements, solicitations, FLOGI/FDISC requests and responses, FLOGO requests and responses, keep-alive packets, and clear virtual-link messages.
• configure tagged VLAN membership on each FIP snooping port that sends and receives FCoE traffic and has links with an FCF, ENode server, or another FIP snooping bridge (use the tagged port-type slot/port command). The default VLAN membership of the port must continue to operate with untagged frames. FIP snooping is not supported on a port that is configured for non-default untagged VLAN membership.
converged network adapter (CNA) or FCF port and compatible DCB configurations are synchronized. By default, all FCoE and FIP frames are dropped unless specifically permitted by existing FIP snoopinggenerated ACLs. You can reconfigure any of the FIP snooping settings. If you disable FCoE transit, FIP and FCoE traffic are handled as normal Ethernet frames and no FIP snooping ACLs are generated.
Impact on Other Software Features When you enable FIP snooping on a switch, other software features are impacted. The following table lists the impact of FIP snooping. Table 27. Impact of Enabling FIP Snooping Impact Description MAC address learning MAC address learning is not performed on FIP and FCoE frames, which are denied by ACLs dynamically created by FIP snooping on serverfacing ports in ENode mode.
NOTE: DCB/DCBx is enabled when either of these configurations is applied. 2. Save the configuration on the switch. EXEC Privilege mode. write memory 3. Reload the switch to enable the configuration. EXEC Privilege mode. reload After the switch is reloaded, DCB/DCBx is enabled. 4. Enable the FCoE transit feature on a switch. CONFIGURATION mode. feature fip-snooping 5. Enable FIP snooping on all VLANs or on a specified VLAN. CONFIGURATION mode or VLAN INTERFACE mode. fip-snooping enable 6.
Command Output FKA advertisement period, and number of ENodes connected. clear fip-snooping database interface Clears FIP snooping information on a VLAN for a vlan vlan-id {fcoe-mac-address | enode- specified FCoE MAC address, ENode MAC address, mac-address | fcf-mac-address} or FCF MAC address, and removes the corresponding ACLs generated by FIP snooping.
Field Description VLAN VLAN ID number used by the session. FCoE MAC MAC address of the FCoE session assigned by the FCF. FC-ID Fibre Channel ID assigned by the FCF. Port WWPN Worldwide port name of the CNA port. Port WWNN Worldwide node name of the CNA port. The following example shows the show fip-snooping config command.
Table 31. show fip-snooping fcf Command Description Field Description FCF MAC MAC address of the FCF. FCF Interface Slot/port number of the interface to which the FCF is connected. VLAN VLAN ID number used by the session. FC-MAP FC-Map value advertised by the FCF. ENode Interface Slot/port number of the interface connected to the ENode. FKA_ADV_PERIOD Period of time (in milliseconds) during which FIP keep-alive advertisements are transmitted.
Number Number Number Number Number Number Number Number Number of of of of of of of of of FLOGI Rejects FDISC Accepts FDISC Rejects FLOGO Accepts FLOGO Rejects CVL FCF Discovery Timeouts VN Port Session Timeouts Session failures due to Hardware Config :0 :0 :0 :0 :0 :0 :0 :0 :0 The following example shows the show fip-snooping statistics port-channel command.
Field Description Number of ENode Keep Alives Number of FIP-snooped ENode keep-alive frames received on the interface. Number of VN Port Keep Alives Number of FIP-snooped VN port keep-alive frames received on the interface. Number of Multicast Discovery Advertisements Number of FIP-snooped multicast discovery advertisements received on the interface. Number of Unicast Discovery Advertisements Number of FIP-snooped unicast discovery advertisements received on the interface.
*1 100 0X0EFC00 1 2 17 FCoE Transit Configuration Example The following illustration shows a switch used as a FIP snooping bridge for FCoE traffic between an ENode (server blade) and an FCF (ToR switch). The ToR switch operates as an FCF and FCoE gateway. Figure 37. Configuration Example: FIP Snooping on a Switch In this example, DCBx and PFC are enabled on the FIP snooping bridge and on the FCF ToR switch.
Example of Enabling an FC-MAP Value on a VLAN Dell(conf-if-vl-10)# fip-snooping fc-map 0xOEFC01 NOTE: Configuring an FC-MAP value is only required if you do not use the default FC-MAP value (0x0EFC00).
Flex Hash and Optimized Boot-Up 16 This chapter describes the Flex Hash and fast-boot enhancements. Flex Hash Capability Overview The flex hash functionality enables you to configure a packet search key and matches packets based on the search key. When a packet matches the search key, two 16-bit hash fields are extracted from the start of the L4 header and provided as inputs (bins 2 and 3) for RTAG7 hash computation.
When load balancing RRoCE packets using flex hash is enabled, the show ip flow command is disabled. Similarly, when the show ip flow command is in use (ingress port-based load balancing is disabled), the hashing of RRoCE packets is disabled. Flex hash APIs do not mask out unwanted byte values after extraction of the data from the Layer 4 headers for the offset value. 2.
a ToR, leaf and spine unit or configuration setup. An exterior border gateway protocol (EBGP) session exists between the ToR and leaf switch units, and between the leaf and spine units or nodes. Booting Process When Optimized Boot Time Mechanism is Enabled When an S6000 switch running Dell Networking OS earlier than Release 9.3(0.0) is reloaded, the CPU and other components on the board are reset at the same time. Therefore, the control plane and the forwarding plane are impacted immediately.
9. Traffic from North-South and South-North nodes are of line rate type. 10. Traffic outage for a planned reboot is less than 30 seconds for 4000 routes of IPv4 and IPv6 traffic for all of the following traffic directions. These traffic patterns apply only to the S6000 platforms. • South-North • North-South • East-West • West-East To the south of ToR switch, 96 servers can be linked. Up to 8 Multiprocotol BGP (MP-BGP) sessions to the servers are established.
because of the peer timing out, traffic disruption occurs from that point onwards, even if the system continues to maintain valid routing information in the hardware and is capable of forwarding traffic. LACP and IPv6 Routing The following IPv6-related actions are performed during the reload phase: • The system saves all the dynamic ND cache entries to a database on the flash card.
dynamic ARP or ND database entries are not present or required to be restored. The system boot up mode will not be fast boot and actions specific to this mode will not be performed.
While the above change will ensure that at least one path to each destination gets into the FIB as quickly as possible, it does prevent additional paths from being used even if they are available. This downside has been deemed to be acceptable. RDMA Over Converged Ethernet (RoCE) Overview This functionality is supported on the platform. RDMA is a technology that a virtual machine (VM) uses to directly transfer information to the memory of another VM, thus enabling VMs to be connected to storage networks.
VLAN ID is appended to the packet and transmitted out of the interface as a tagged packet with the dot1Q value preserved. To provide lossless service for RRoCE, the QoS service policy must be configured in the ingress and egress directions on lite sub interfaces. Preserving 802.1Q VLAN Tag Value for Lite Subinterfaces This functionality is supported on the platform. All the frames in a Layer 2 VLAN are identified using a tag defined in the IEEE 802.
Force10 Resilient Ring Protocol (FRRP) 17 FRRP provides fast network convergence to Layer 2 switches interconnected in a ring topology, such as a metropolitan area network (MAN) or large campuses. FRRP is similar to what can be achieved with the spanning tree protocol (STP), though even with optimizations, STP can take up to 50 seconds to converge (depending on the size of network and node of failure) and may require 4 to 5 seconds to reconverge.
The Member VLAN is the VLAN used to transmit data as described earlier. The Control VLAN is used to perform the health checks on the ring. The Control VLAN can always pass through all ports in the ring, including the secondary port of the Master node. Ring Status The ring failure notification and the ring status checks provide two ways to ensure the ring remains up and active in the event of a switch or port failure.
Multiple FRRP Rings Up to 255 rings are allowed per system and multiple rings can be run on one system. More than the recommended number of rings may cause interface instability. You can configure multiple rings with a single switch connection; a single ring can have multiple FRRP groups; multiple rings can be connected with a common link. Member VLAN Spanning Two Rings Connected by One Switch A member VLAN can span two rings interconnected by a common switch, in a figure-eight style topology.
Figure 38. Example of Multiple Rings Connected by Single Switch Important FRRP Points FRRP provides a convergence time that can generally range between 150ms and 1500ms for Layer 2 networks. The Master node originates a high-speed frame that circulates around the ring. This frame, appropriately, sets up or breaks down the ring. • The Master node transmits ring status check frames at specified intervals. • You can run multiple physical rings on the same switch.
• STP disabled on ring interfaces. • Master node secondary port is in blocking state during Normal operation. • Ring health frames (RHF) – Hello RHF: sent at 500ms (hello interval); Only the Master node transmits and processes these. – Topology Change RHF: triggered updates; processed at all nodes. Important FRRP Concepts The following table lists some important FRRP concepts.
Concept Explanation VLAN, and Master and Transit node information must be configured for the ring to be up. • Ring-Up — Ring is up and operational. • Ring-Down — Ring is broken or not set up. Ring Health-Check The Master node generates two types of RHFs. RHFs never loop the ring because Frame (RHF) they terminate at the Master node’s secondary port. • Hello RHF (HRHF) — These frames are processed only on the Master node’s Secondary port. The Transit nodes pass the HRHF through without processing it.
• Clearing the FRRP Counters • Viewing the FRRP Configuration • Viewing the FRRP Information Creating the FRRP Group Create the FRRP group on each switch in the ring. To create the FRRP group, use the command. • Create the FRRP group with this Ring ID. CONFIGURATION mode protocol frrp ring-id Ring ID: the range is from 1 to 255. Configuring the Control VLAN Control and member VLANS are configured normally for Layer 2. Their status as control or member is determined at the FRRP group commands.
• For a 25-Gigabit Ethernet interface, enter the keyword twentyFiveGigE then the slot/port/ subport information. • For a 50-Gigabit Ethernet interface, enter the keyword fiftyGigE then the slot/port/subport information. • For a 100-Gigabit Ethernet interface, enter the keyword hundredGigE then the slot/port information. Assign the Primary and Secondary ports and the control VLAN for the ports on the ring. 3. CONFIG-FRRP mode.
To create the Members VLANs for this FRRP group, use the following commands on all of the Transit switches in the ring. 1. Create a VLAN with this ID number. CONFIGURATION mode. interface vlan vlan-id VLAN ID: the range is from 1 to 4094. 2. Tag the specified interface or range of interfaces to this VLAN. CONFIG-INT-VLAN mode. tagged interface {range} Interface: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/ subport information.
VLAN-ID, Range: VLAN IDs for the ring’s Member VLANs. 6. Enable this FRRP group on this switch. CONFIG-FRRP mode. no disable Setting the FRRP Timers To set the FRRP timers, use the following command. NOTE: Set the Dead-Interval time 3 times the Hello-Interval. • Enter the desired intervals for Hello-Interval or Dead-Interval times. CONFIG-FRRP mode. timer {hello-interval|dead-interval} milliseconds – Hello-Interval: the range is from 50 to 2000, in increments of 50 (default is 500).
• Show the state of all FRRP groups. EXEC or EXEC PRIVELEGED mode. show frrp summary Ring ID: the range is from 1 to 255. Troubleshooting FRRP To troubleshoot FRRP, use the following information. Configuration Checks • Each Control Ring must use a unique VLAN ID. • Only two interfaces on a switch can be Members of the same control VLAN. • There can be only one Master node for any FRRP group. • You can configure FRRP on Layer 2 interfaces only.
Example of R2 TRANSIT interface TenGigabitEthernet 1/14/1 no ip address switchport no shutdown ! interface TenGigabitEthernet 1/11/1 no ip address switchport no shutdown ! interface Vlan 101 no ip address tagged TenGigabitEthernet 1/14/1,11/1 no shutdown ! interface Vlan 201 no ip address tagged TenGigabitEthernet 1/14/1,11/1 no shutdown ! protocol frrp 101 interface primary TenGigabitEthernet 1/14/1 secondary TenGigabitEthernet 1/11/1 control-vlan 101 member-vlan 201 mode transit no disable Example of R3 T
18 GARP VLAN Registration Protocol (GVRP) The generic attribute registration protocol (GARP) VLAN registration protocol (GVRP), defined by the IEEE 802.1q specification, is a Layer 2 network protocol that provides for automatic VLAN configuration of switches. GVRP-compliant switches use GARP to register and de-register attribute values, such as VLAN IDs, with each other.
Configure GVRP To begin, enable GVRP. To facilitate GVRP communications, enable GVRP globally on each switch. Then, GVRP configuration is per interface on a switch-by-switch basis. Enable GVRP on each port that connects to a switch where you want GVRP information exchanged. In the following example, GVRP is configured on VLAN trunk ports. Figure 39. Global GVRP Configuration Example Basic GVRP configuration is a two-step process: 1. Enabling GVRP Globally 2.
Enabling GVRP Globally To configure GVRP globally, use the following command. • Enable GVRP for the entire switch. CONFIGURATION mode gvrp enable Example of Configuring GVRP Dell(conf)#protocol gvrp Dell(config-gvrp)#no disable Dell(config-gvrp)#show config ! protocol gvrp no disable Dell(config-gvrp)# To inspect the global configuration, use the show gvrp brief command. Enabling GVRP on a Layer 2 Interface To enable GVRP on a Layer 2 interface, use the following command.
• Forbidden Mode — Disables the port to dynamically register VLANs and to propagate VLAN information except information about VLAN 1. A port with forbidden registration type thus allows only VLAN 1 to pass through even though the PDU carries information for more VLANs. Therefore, if you do not want the interface to advertise or learn about particular VLANS, set the interface to the registration mode of FORBIDDEN.
Dell Networking OS displays this message if an attempt is made to configure an invalid GARP timer: Dell(conf)#garp timers join 300 % Error: Leave timer should be >= 3*Join timer.
Internet Group Management Protocol (IGMP) 19 Internet group management protocol (IGMP) is a Layer 3 multicast protocol that hosts use to join or leave a multicast group. Multicast is premised on identifying many hosts by a single destination IP address; hosts represented by the same IP address are a multicast group. Multicast routing protocols (such as protocol-independent multicast [PIM]) use the information in IGMP messages to discover which groups are active and to populate the multicast routing table.
Figure 40. IGMP Messages in IP Packets Join a Multicast Group There are two ways that a host may join a multicast group: it may respond to a general query from its querier or it may send an unsolicited report to its querier. Responding to an IGMP Query The following describes how a host can join a multicast group. 1. One router on a subnet is elected as the querier. The querier periodically multicasts (to all-multicastsystems address 224.0.0.1) a general query to all hosts on the subnet. 2.
response, the querier removes the group from the list associated with forwarding port and stops forwarding traffic for that group to the subnet. IGMP Version 3 Conceptually, IGMP version 3 behaves the same as version 2. However, there are differences. • Version 3 adds the ability to filter by multicast source, which helps multicast routing protocols avoid forwarding traffic to subnets where there are no interested receivers.
Figure 42. IGMP Version 3–Capable Multicast Routers Address Structure Joining and Filtering Groups and Sources The following illustration shows how multicast routers maintain the group and source information from unsolicited reports. 1. The first unsolicited report from the host indicates that it wants to receive traffic for group 224.1.1.1. 2. The host’s second report indicates that it is only interested in traffic from group 224.1.1.1, source 10.11.1.1.
Figure 43. Membership Reports: Joining and Filtering Leaving and Staying in Groups The following illustration shows how multicast routers track and refresh state changes in response to group-and-specific and general queries. 1. Host 1 sends a message indicating it is leaving group 224.1.1.1 and that the included filter for 10.11.1.1 and 10.11.1.2 are no longer necessary. 2.
Figure 44. Membership Queries: Leaving and Staying Configure IGMP Configuring IGMP is a two-step process. 1. Enable multicast routing using the ip multicast-routing command. 2. Enable a multicast routing protocol.
• Designating a Multicast Router Interface Viewing IGMP Enabled Interfaces Interfaces that are enabled with PIM-SM are automatically enabled with IGMP. To view IGMP-enabled interfaces, use the following command. • View IGMP-enabled interfaces. EXEC Privilege mode show ip igmp interface Example of the show ip igmp interface Command Dell#show ip igmp interface TenGigabitEthernet 1/10/1 Inbound IGMP access group is not set Internet address is 165.87.34.
Viewing IGMP Groups To view both learned and statically configured IGMP groups, use the following command. • View both learned and statically configured IGMP groups. EXEC Privilege mode show ip igmp groups Example of the show ip igmp groups Command Dell#show ip igmp groups Total Number of Groups: 2 IGMP Connected Group Membership Group Address Interface Reporter 225.1.1.1 TenGigabitEthernet 1/1/1 165.87.34.100 225.1.2.1 TenGigabitEthernet 1/1/1 165.87.31.
INTERFACE mode • ip igmp query-interval Adjust the maximum response time. INTERFACE mode • ip igmp query-max-resp-time Adjust the last member query interval. INTERFACE mode ip igmp last-member-query-interval Enabling IGMP Immediate-Leave If the querier does not receive a response to a group-specific or group-and-source query, it sends another (querier robustness value). Then, after no response, it removes the group from the outgoing interface for the subnet.
Configuring IGMP Snooping Configuring IGMP snooping is a one-step process. To enable, view, or disable IGMP snooping, use the following commands. There is no specific configuration needed for IGMP snooping with virtual link trunking (VLT). For information about VLT configurations, refer to Virtual Link Trunking (VLT). • Enable IGMP snooping on a switch. CONFIGURATION mode • ip igmp snooping enable View the configuration. CONFIGURATION mode • show running-config Disable snooping on a VLAN.
shutdown Dell(conf-if-vl-100)# Disabling Multicast Flooding If the switch receives a multicast packet that has an IP address of a group it has not learned (unregistered frame), the switch floods that packet out of all ports on the VLAN. When you configure the no ip igmp snooping flood command, the system drops the packets immediately. The system does not forward the frames on mrouter ports, even if they are present. Disable Layer 3 multicast (no ip multicast-routing) in order to disable multicast flooding.
Adjusting the Last Member Query Interval To adjust the last member query interval, use the following command. When the querier receives a Leave message from a receiver, it sends a group-specific query out of the ports specified in the forwarding table. If no response is received, it sends another. The amount of time that the querier waits to receive a response to the initial query before sending a second one is the last member query interval (LMQI).
management port. In this chapter, all the references to traffic indicate switch-initiated traffic and responses to switch-destined traffic with management port IP address as the source IP address. In customer deployment topologies, it might be required that the traffic for certain management applications needs to exit out of the management port only. You can use EIS to control and the traffic can exit out of any port based on the route lookup in the IP stack.
Application Name Port Number Client Server 8888 secure HTTP server port for confd application If you configure a source interface is for any EIS management application, EIS might not coexist with that interface and the behavior is undefined in such a case. You can configure the source interface for the following applications: FTP, ICMP (ping and traceroute utilities), NTP, RADIUS, TACACS, Telnet, TFTP, syslog, and SNMP traps.
• If the management port is down or route lookup fails in the management EIS routing table, packets are dropped. • For all non-management applications, traffic exits out of either front-end data port or management port based on route lookup in default routing table. • Ping and traceroute are always non-management applications and route lookup for these applications is done in the default routing table only.
• To ensure that protocol separation is done only for switch initiated traffic where the application acts as client, only the destination TCP/UDP port is compared and not the source TCP/UDP port. The source TCP/UDP port becomes a known port number when the box acts as server. • TFTP is an exception to the preceding logic. • For TFTP, data transfer is initiated on port 69, but the data transfer ports are chosen independently by the sender and receiver during initialization of the connection.
• Whenever IP address is assigned to the management port, it is stored in a global variable in the IP stack, which is used for comparison with the source IP address of the packet. • Rest of the response traffic is handled as per existing behavior by doing route lookup in the default routing table. So if the traffic is destined to the front-end port IP address, the response is sent out by doing a route lookup in the default routing table, which is an existing behavior.
Traffic type / Application type Switch initiated traffic Switch-destined traffic Transit Traffic management port is down or route lookup fails, packets are dropped Non-EIS management application Front-end default route will take higher precedence over management default route and SSH session to an unknown destination uses the front-end default route only. No change in the existing behavior.
Non-management application traffic exits out of either front-end data port or management port based on routing table. If there is a default route on both the management and front-end data port, the default for the data port is preferred route.
Behavior of Various Applications for Switch-Destined Traffic This section describes the different system behaviors that occur when traffic is terminated on the switch. Traffic has not originated from the switch and is not transiting the switch. Switch-destined traffic is applicable only for applications which act as server for the TCP session and also for ICMP-based applications like ping and traceroute. FTP, SSH, and Telnet are the applications that can function as servers for the TCP session.
VLT feature is for the front-end port only. Because this feature is specific to the management port, this feature can coexist with VLT and nothing specific needs to be done in this feature to handle VLT scenario. DHCP • If DHCP Client is enabled on the management port, a management default route is installed to the switch. • If management EIS is enabled, this default route is added to the management EIS routing table and the default routing table.
Interfaces 20 This chapter describes interface types, both physical and logical, and how to configure them with Dell Networking Operating System (OS). The system supports 10–Gigabit, 25–Gigabit, 40–Gigbit, 50–Gigabit, and 100–Gigabit QSFP 28 interfaces. NOTE: Only Dell-qualified optics are supported on these interfaces. Non-Dell optics for 40–Gigbit, 25–Gigabit, 50–Gigabit, and 100–Gigabit are set to error-disabled state.
Interface Types The following table describes different interface types. Table 37.
Hardware is DellEth, address is 4c:76:25:e5:49:42 Current address is 4c:76:25:e5:49:42 Pluggable media present, QSFP28 type is 100GBASE-CR4-1M Wavelength is 38nm Interface index is 2099716 Internet address is 10.10.10.
To determine which physical interfaces are available, use the show running-config command in EXEC mode. This command displays all physical interfaces available on the system.
Stack-unit interfaces support Layer 2 and Layer 3 traffic over the 10-Gigabit Ethernet , 25–Gigabit Ethernet, 40–Gigabit Ethernet, 50–Gigabit Ethernet, and 100–Gigabit Ethernet interfaces. These interfaces can also become part of virtual interfaces such as virtual local area networks (VLANs) or port channels. For more information about VLANs, refer to Bulk Configuration. For more information on port channels, refer to Port Channel Interfaces.
Configuring Layer 2 (Data Link) Mode Do not configure switching or Layer 2 protocols such as spanning tree protocol (STP) on an interface unless the interface has been set to Layer 2 mode. To set Layer 2 data transmissions through an individual interface, use the following command. • Enable Layer 2 data transmissions through an individual interface.
Example of Error Due to Issuing a Layer 3 Command on a Layer 2 Interface If an interface is in the incorrect layer mode for a given command, an error message is displayed (shown in bold). In the following example, the ip address command triggered an error message because the interface is in Layer 2 mode and the ip address command is a Layer 3 command only. Dell(conf-if)#show config ! interface TenGigabitEthernet 1/2/1 no ip address switchport no shutdown Dell(conf-if)#ip address 10.10.1.
ICMP redirects are not sent ICMP unreachables are not sent Egress Interface Selection (EIS) EIS allows you to isolate the management and front-end port domains by preventing switch-initiated traffic routing between the two domains. This feature provides additional security by preventing flooding attacks on front-end ports. The following protocols support EIS: DNS, FTP, NTP, RADIUS, sFlow, SNMP, SSH, Syslog, TACACS, Telnet, and TFTP. This feature does not support sFlow on stacked units.
Management Interfaces The system supports the Management Ethernet interface as well as the standard interface on any port. You can use either method to connect to the system. Configuring Management Interfaces The dedicated Management interface provides management access to the system. You can configure this interface using the CLI, but the configuration options on this interface are limited.
Example of the show interface and show ip route Commands To display the configuration for a given port, use the show interface command in EXEC Privilege mode, as shown in the following example. To display the routing table, use the show ip route command in EXEC Privilege mode.
ip address ip-address mask [secondary] – ip-address mask: enter an address in dotted-decimal format (A.B.C.D). The mask must be in slash format (/24). – secondary: the IP address is the interface’s backup IP address. You can configure up to eight secondary IP addresses. Example of a Configuration for a VLAN Participating in an OSPF Process interface Vlan 10 ip address 1.1.1.
The only configurable command in INTERFACE mode of the Null interface is the ip unreachable command. Port Channel Interfaces Port channel interfaces support link aggregation, as described in IEEE Standard 802.3ad. This section covers the following topics: • • • • Port Channel Definition and Standards Port Channel Benefits Port Channel Implementation Configuration Tasks for Port Channel Interfaces Port Channel Definition and Standards Link aggregation is defined by IEEE 802.
Each port channel must contain interfaces of the same interface type/speed. Port channels can contain a mix of 1G/10G/25G/40G/50G/100G. The interface speed that the port channel uses is determined by the first port channel member that is physically up. Dell Networking OS disables the interfaces that do not match the interface speed that the first channel member sets.
Creating a Port Channel You can create up to 128 port channels with up to 16 port members per group on the platform. To configure a port channel, use the following commands. 1. Create a port channel. CONFIGURATION mode interface port-channel id-number 2. Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown After you enable the port channel, you can place it in Layer 2 or Layer 3 mode.
channel-member interface The interface variable is the physical interface type and slot/port information. 2. Double check that the interface was added to the port channel. INTERFACE PORT-CHANNEL mode show config Examples of the show interfaces port-channel Commands To view the port channel’s status and channel members in a tabular format, use the show interfaces port-channel brief command in EXEC Privilege mode, as shown in the following example.
As soon as a physical interface is added to a port channel, the properties of the port channel determine the properties of the physical interface. The configuration and status of the port channel are also applied to the physical interfaces within the port channel. For example, if the port channel is in Layer 2 mode, you cannot add an IP address or a static MAC address to an interface that is part of that port channel.
shutdown Dell(conf-if-po-3)# Configuring the Minimum Oper Up Links in a Port Channel You can configure the minimum links in a port channel (LAG) that must be in “oper up” status to consider the port channel to be in “oper up” status. To set the “oper up” status of your links, use the following command. • Enter the number of links in a LAG that must be in “oper up” status. INTERFACE mode minimum-links number The default is 1.
Configuring VLAN Tags for Member Interfaces To configure and verify VLAN tags for individual members of a port channel, perform the following: 1. Configure VLAN membership on individual ports INTERFACE mode Dell(conf-if)#vlan tagged 2,3-4 2. Use the switchport command in INTERFACE mode to enable Layer 2 data transmissions through an individual interface INTERFACE mode Dell(conf-if)#switchport 3. Verify the manually configured VLAN membership (show interfaces switchport interface command).
• no interface portchannel channel-number Disable a port channel. shutdown When you disable a port channel, all interfaces within the port channel are operationally down also. Load Balancing Through Port Channels Dell Networking OS uses hash algorithms for distributing traffic evenly over channel members in a port channel (LAG). The hash algorithm distributes traffic among Equal Cost Multi-path (ECMP) paths and LAG members. The distribution is based on a flow, except for packet-based hashing.
Changing the Hash Algorithm The load-balance command selects the hash criteria applied to port channels. If you do not obtain even distribution with the load-balance command, you can use the hashalgorithm command to select the hash scheme for LAG, ECMP and NH-ECMP. You can rotate or shift the 12–bit Lag Hash until the desired hash is achieved. The nh-ecmp option allows you to change the hash value for recursive ECMP routes independently of non-recursive ECMP routes.
• crc32MSB — uses MSB 16 bits of computed CRC32(default) • crc-upper — uses the upper 32 bits of the hash key to compute the egress port. • dest-ip — uses destination IP address as part of the hash key. • lsb — uses the least significant bit of the hash key to compute the egress port.
Bulk Configuration Examples Use the interface range command for bulk configuration. • Create a Single-Range • Create a Multiple-Range • Exclude Duplicate Entries • Exclude a Smaller Port Range • Overlap Port Ranges • Commas • Add Ranges Create a Single-Range The following is an example of a single range.
Overlap Port Ranges The following is an example showing how the interface-range prompt extends a port range from the smallest start port number to the largest end port number when port ranges overlap. handles overlapping port ranges.
Choosing an Interface-Range Macro To use an interface-range macro, use the following command. • Selects the interfaces range to be configured using the values saved in a named interface-range macro. CONFIGURATION mode interface range macro name Example of Using a Macro to Change the Interface Range Configuration Mode The following example shows how to change to the interface-range configuration mode using the interface-range macro named “test.
Dell uptime is 1 day(s), 4 hour(s), 31 minute(s) Monitor time: 00:00:00 Refresh Intvl.
Enable the port to run the test or the test prints an error message. 2. Displays TDR test results. EXEC Privilege mode show tdr tengigabitethernet slot/port/subport Non Dell-Qualified Transceivers The system supports Dell-qualified transceivers and only some of the non Dell-qualified transceivers. If the system displays an error message similar to the following, the transceiver is not Dell-qualified. The Dell Networking OS places the interface in error-disabled (operationally down) state.
– stack-unit-number: enter the stack member unit identifier of the stack member to reset. The range is from 1 to 6 • – number: enter the port number of the 100G port to be split. The range is from 1 to 32. Split a 100G port into four 25G ports. CONFIGURATION Mode stack-unit stack-unit-number port number portmode quad speed 25G – stack-unit-number: enter the stack member unit identifier of the stack member to reset. The range is from 1 to 6 • – number: enter the port number of the 100G port to be split.
Important Points to Remember • Link dampening is not supported on VLAN interfaces. • Link dampening is disabled when the interface is configured for port monitoring. • You can apply link dampening to Layer 2 and Layer 3 interfaces. • You can configure link dampening on individual interfaces in a LAG. Enabling Link Dampening To enable link dampening, use the following command. • Enable link dampening.
Example of the clear dampening Command Dell# clear dampening interface Te 1/1/1 Dell#show interfaces dampening tengigabitethernet 1/1/1 Interface Supp Flaps Penalty Half-Life Reuse Suppress State Te 1/1/1 Up 0 0 1 2 3 Dell# Max-Sup 4 Link Dampening Support for XML View the output of the following show commands in XML by adding | display xml to the end of the command.
ecmp-group • View all LAG link bundles being monitored. show running-config ecmp-group • Enable link bundle monitoring on port channel interfaces. link-bundle-monitor enable • Configure threshold level for link bundle monitoring. link-bundle-distribution trigger-threshold Dell(conf-if-po-10)#link-bundle-monitor enable Dell(conf)#link-bundle-distribution trigger-threshold • View the link bundle monitoring status.
Changes in the flow-control values may not be reflected automatically in the show interface output. To display the change, apply the new flow-control setting, shutdown the interface using the shutdown command, enable the interface using the no shutdown command, and use the show interface command to verify the changes. Enabling Pause Frames Enable Ethernet pause frames flow control on all ports on a chassis or a line card. If not, the system may exhibit unpredictable behavior.
Table 39. Layer 2 Overhead Layer 2 Overhead Difference Between Link MTU and IP MTU Ethernet (untagged) 18 bytes VLAN Tag 22 bytes Untagged Packet with VLAN-Stack Header 22 bytes Tagged Packet with VLAN-Stack Header 26 bytes Link MTU and IP MTU considerations for port channels and VLANs are as follows. Port Channels: • All members must have the same link MTU value and the same IP MTU value.
• Verify the configuration. INTERFACE mode show config Example of the intf-type cr4 autoneg Command Dell(conf)#interface hundredGigE 1/1 Dell(conf-if-hu-1/1)#intf-type cr4 autoneg Dell(conf-if-hu-1/1)#no intf-type cr4 autoneg Dell(conf-if-hu-1/1)#show config ! interface hundredGigE 1/1 no ip address shutdown no intf-type cr4 autoneg Important Points to Remember • For 10–Gigabit Ethernet interfaces, CR4 auto-negotiation is not applicable.
shutdown no intf-type cr4 autoneg Dell(conf-if-hu-1/1)#fec enable Dell(conf-if-hu-1/1)#show config ! interface hundredGigE 1/1 no ip address shutdown no intf-type cr4 autoneg fec enable Dell(conf-if-hu-1/1)#no fec enable Dell(conf-if-hu-1/1)#show config ! interface hundredGigE 1/1 no ip address shutdown no intf-type cr4 autoneg no fec enable Dell(conf-if-hu-1/1)#fec default Dell(conf-if-hu-1/1)#show config ! interface hundredGigE 1/1 no ip address shutdown no intf-type cr4 autoneg Dell(conf-if-hu-1/1)# Impo
0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics: 356 packets, 22784 bytes, 0 underruns 356 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 356 Multicasts, 0 Broadcasts, 0 Unicasts 0 throttles, 0 discarded, 0 collisions, 0 wreddrops Rate info (interval 299 seconds): Input 00.00 Mbits/sec, 0 packets/sec, 0.00% of line-rate Output 00.00 Mbits/sec, 0 packets/sec, 0.
802.1QTagged: True Vlan membership: Vlan 2 --More-- Configuring the Interface Sampling Size Although you can enter any value between 30 and 299 seconds (the default), software polling is done once every 15 seconds. So, for example, if you enter “19”, you actually get a sample of the past 15 seconds. All LAG members inherit the rate interval configuration from the LAG. The following example shows how to configure rate interval when changing the default value.
Last clearing of "show interface" counters 1d23h45m Queueing strategy: fifo 0 packets input, 0 bytes Input 0 IP Packets, 0 Vlans 0 MPLS 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts Received 0 input symbol errors, 0 runts, 0 giants, 0 throttles 0 CRC, 0 IP Checksum, 0 overrun, 0 discarded 0 packets output, 0 bytes, 0 underruns Output 0 Multicasts, 0 Broadcasts, 0 Unicasts 0 IP Packets, 0 Vlans, 0 MPLS 0 throttles, 0 discarded Rate
– For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/ subport information. – For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port/subport information. – For a 25-Gigabit Ethernet interface, enter the keyword twentyFiveGigE then the slot/port/ subport information. – For a 50-Gigabit Ethernet interface, enter the keyword fiftyGigE then the slot/port/subport information.
Two existing exec mode CLIs are enhanced to display and store the running configuration in the compressed mode. show running-config compressed and write memory compressed The compressed configuration will group all the similar looking configuration thereby reducing the size of the configuration. For this release, the compression will be done only for interface related configuration (VLAN & physical interfaces) The following table describes how the standard and the compressed configuration differ: Table 40.
! ! interface TenGigabitEthernet 1/4/1 interface group Vlan 2 , Vlan 100 no ip address no ip address shutdown no shutdown ! ! interface TenGigabitEthernet 1/10/1 interface group Vlan 3 – 5 no ip address tagged te 1/1/1 shutdown no ip address ! shutdown interface TenGigabitEthernet 1/34/1 ! ip address 2.1.1.1/16 interface Vlan 1000 shutdown ip address 1.1.1.1/16 ! no shutdown interface Vlan 2 ! no ip address no shutdown Compressed config size – 27 lines.
shutdown ! interface Vlan 100 no ip address no shutdown ! interface Vlan 1000 ip address 1.1.1.1/16 no shutdown Uncompressed config size – 52 lines write memory compressed The write memory compressed CLI will write the operating configuration to the startup-config file in the compressed mode. In stacking scenario, it will also take care of syncing it to all the standby and member units.
IPv4 Routing 21 The Dell Networking Operating System (OS) supports various IP addressing features. This chapter describes the basics of domain name service (DNS), address resolution protocol (ARP), and routing principles and their implementation in the Dell Networking OS.
Configuration Tasks for IP Addresses The following describes the tasks associated with IP address configuration. Configuration tasks for IP addresses includes: • Assigning IP Addresses to an Interface (mandatory) • Configuring Static Routes (optional) • Configure Static Routes for the Management Interface (optional) For a complete listing of all commands related to IP addressing, refer to the Dell Networking OS Command Line Interface Reference Guide.
• ip-address mask: the IP address must be in dotted decimal format (A.B.C.D). The mask must be in slash prefix-length format (/24). • secondary: add the keyword secondary if the IP address is the interface’s backup IP address. You can configure up to eight secondary IP addresses. Example the show config Command To view the configuration, use the show config command in INTERFACE mode or use the show ip interface command in EXEC privilege mode, as shown in the second example.
S 6.1.2.5/32 S 6.1.2.6/32 S 6.1.2.7/32 S 6.1.2.8/32 S 6.1.2.9/32 S 6.1.2.10/32 S 6.1.2.11/32 S 6.1.2.12/32 S 6.1.2.13/32 S 6.1.2.14/32 S 6.1.2.15/32 S 6.1.2.16/32 S 6.1.2.17/32 S 11.1.1.0/24 Direct, Lo 0 --More-- via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.2, via 6.1.20.
unreachable messages through the ip unreachable command in Interface mode. When a ping or traceroute packet from an endpoint or a device arrives at the null 0 interface configured with a static route, it is discarded. In such cases, you can configure Internet Control Message Protocol (ICMP) unreachable messages to be sent to the transmitting device.
Enabling Directed Broadcast By default, Dell Networking OS drops directed broadcast packets destined for an interface. This default setting provides some protection against denial of service (DoS) attacks. To enable Dell Networking OS to receive directed broadcasts, use the following command. • Enable directed broadcast. INTERFACE mode ip directed-broadcast To view the configuration, use the show config command in INTERFACE mode.
f00-3 Dell> (perm, OK) - IP 192.71.23.1 To view the current configuration, use the show running-config resolve command. Specifying the Local System Domain and a List of Domains If you enter a partial domain, Dell Networking OS can search different domains to finish or fully qualify that partial domain. A fully qualified domain name (FQDN) is any name that is terminated with a period/dot. Dell Networking OS searches the host table first to resolve the partial domain.
Example of the traceroute Command The following text is example output of DNS using the traceroute command. Dell#traceroute www.force10networks.com Translating "www.force10networks.com"...domain server (10.11.0.1) [OK] Type Ctrl-C to abort. ---------------------------------------------------------------------Tracing the route to www.force10networks.com (10.11.84.18), 30 hops max, 40 byte packets ---------------------------------------------------------------------TTL Hostname Probe1 Probe2 Probe3 1 10.11.
Configuring Static ARP Entries ARP dynamically maps the MAC and IP addresses, and while most network host support dynamic mapping, you can configure an ARP entry (called a static ARP) for the ARP cache. To configure a static ARP entry, use the following command. • Configure an IP address and MAC address mapping for an interface. CONFIGURATION mode arp vrf vrf-name ip-address mac-address interface – vrf vrf-name: use the VRF option to configure a static ARP on that particular VRF.
clear arp-cache [interface | ip ip-address] [no-refresh] – ip ip-address (OPTIONAL): enter the keyword ip then the IP address of the ARP entry you wish to clear. – no-refresh (OPTIONAL): enter the keywords no-refresh to delete the ARP entry from CAM. Or to specify which dynamic ARP entries you want to delete, use this option with interface or ip ip-address. – For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/ subport information.
ARP Learning via ARP Request In Dell Networking OS versions prior to 8.3.1.0, Dell Networking OS learns via ARP requests only if the target IP specified in the packet matches the IP address of the receiving router interface. This is the case when a host is attempting to resolve the gateway address. If the target IP does not match the incoming interface, the packet is dropped. If there is an existing entry for the requesting host, it is updated. Figure 45.
• Set the number of ARP retries. CONFIGURATION mode arp retries number The default is 5. • The range is from 1 to 20. Set the exponential timer for resending unresolved ARPs. CONFIGURATION mode arp backoff-time The default is 30. • The range is from 1 to 3600. Display all ARP entries learned via gratuitous ARP.
ip unreachable To view if ICMP unreachable messages are sent on the interface, use the show config command in INTERFACE mode. If it is not listed in the show config command output, it is enabled. Only non-default information is displayed in the show config command output. UDP Helper User datagram protocol (UDP) helper allows you to direct the forwarding IP/UDP broadcast traffic by creating special broadcast addresses and rewriting the destination IP address of packets to match those addresses.
! interface Vlan 100 ip address 1.1.0.1/24 ip udp-broadcast-address 1.1.255.255 untagged TenGigabitEthernet 1/2/1 no shutdown To view the configured broadcast address for an interface, use show interfaces command. Dell#show interfaces vlan 100 Vlan 100 is up, line protocol is down Address is 00:01:e8:0d:b9:7a, Current address is 00:01:e8:0d:b9:7a Interface index is 1107787876 Internet address is 1.1.0.1/24 IP UDP-Broadcast address is 1.1.255.
3. Packet 2 is also forwarded to the ingress interface with an unchanged destination address because it does not have broadcast address configured. Figure 47. UDP Helper with Broadcast-All Addresses UDP Helper with Subnet Broadcast Addresses When the destination IP address of an incoming packet matches the subnet broadcast address of any interface, the system changes the address to the configured broadcast address and sends it to matching interface.
UDP Helper with Configured Broadcast Addresses Incoming packets with a destination IP address matching the configured broadcast address of any interface are forwarded to the matching interfaces. In the following illustration, Packet 1 has a destination IP address that matches the configured broadcast address of VLAN 100 and 101. If you enabled UDP helper and the UDP port number matches, the packet is flooded on both VLANs with an unchanged destination address. Packet 2 is sent from a host on VLAN 101.
Example Output from the debug ip dhcp Command Packet 0.0.0.0:68 -> 255.255.255.255:67 TTL 128 2005-11-05 11:59:35 %RELAY-I-PACKET, BOOTP REQUEST (Unicast) received at interface 172.21.50.193 BOOTP Request, XID = 0x9265f901, secs = 0 hwaddr = 00:02:2D:8D: 46:DC, giaddr = 0.0.0.0, hops = 2 2005-11-05 11:59:35 %RELAY-I-BOOTREQUEST, Forwarded BOOTREQUEST for 00:02:2D:8D: 46:DC to 137.138.17.6 2005-11-05 11:59:36 %RELAY-I-PACKET, BOOTP REPLY (Unicast) received at interface 194.12.129.
IPv6 Routing 22 Internet protocol version 6 (IPv6) routing is the successor to IPv4. Due to the rapid growth in internet users and IP addresses, IPv4 is reaching its maximum usage. IPv6 will eventually replace IPv4 usage to allow for the constant expansion. This chapter provides a brief description of the differences between IPv4 and IPv6, and the Dell Networking support of IPv6. This chapter is not intended to be a comprehensive description of IPv6.
• Prefix Renumbering — Useful in transparent renumbering of hosts in the network when an organization changes its service provider. NOTE: As an alternative to stateless autoconfiguration, network hosts can obtain their IPv6 addresses using the dynamic host control protocol (DHCP) servers via stateful auto-configuration. NOTE: Dell Networking OS provides the flexibility to add prefixes on Router Advertisements (RA) to advertise responses to Router Solicitations (RS).
Longest Prefix Match (LPM) Table and IPv6 /65 – /128 support Two partitions are available. • Partition I with IPv6 /65 – /128 route prefix. Doesn’t support IPv4 entries in the current release. • Partition II with IPv6 0/0 – /64 route prefix and IPv4 0/0 -0/32 route prefix entries. • Number of entries in Partition II will be reduced based on the number of entries configured in Partition I. • Partitioning will be applied well before the system initialization. This will be done using the NVRAM.
The optimized booting functionality does not use Openflow and therefore SDN support is not available. LPM partitioning might have a slight impact on the number of SDN-programmed L3 entries because the LPM space becomes reduced. IPv6 Header Fields The 40 bytes of the IPv6 header are ordered, as shown in the following illustration. Figure 50. IPv6 Header Fields Version (4 bits) The Version field always contains the number 6, referring to the packet’s IP version.
protocol (TCP) or user datagram protocol (UDP) header, the value in this field is the same as for IPv4. The Extension header is located between the IP header and the TCP or UDP header. The following lists the Next Header field values.
However, if the Destination Address is a Hop-by-Hop options header, the Extension header is examined by every forwarding router along the packet’s route. The Hop-by-Hop options header must immediately follow the IPv6 header, and is noted by the value 0 (zero) in the Next Header field. Extension headers are processed in the order in which they appear in the packet header. Hop-by-Hop Options Header The Hop-by-Hop options header contains information that is examined by every router along the packet’s path.
reduced to two colons, as long as there is only one double colon used in an address. Leading and/or trailing zeros in a group can also be omitted (as in ::1 for localhost, 1:: for network addresses and :: for unspecified addresses). All the addresses in the following list are all valid and equivalent.
ICMPv6 ICMP for IPv6 combines the roles of ICMP, IGMP and ARP in IPv4. Like IPv4, it provides functions for reporting delivery and forwarding errors, and provides a simple echo service for troubleshooting. The Dell Networking OS implementation of ICMPv6 is based on RFC 4443. Generally, ICMPv6 uses two message types: • Error reporting messages indicate when the forwarding or delivery of the packet failed at the destination or intermediate node.
IPv6 Neighbor Discovery The IPv6 neighbor discovery protocol (NDP) is a top-level protocol for neighbor discovery on an IPv6 network. In place of address resolution protocol (ARP), NDP uses “Neighbor Solicitation” and “Neighbor Advertisement” ICMPv6 messages for determining relationships between neighboring nodes. Using these messages, an IPv6 device learns the link-layer addresses for neighbors known to reside on attached links, quickly purging cached values that become invalid.
Configuring the IPv6 Recursive DNS Server You can configure up to four Recursive DNS Server (RDNSS) addresses to be distributed via IPv6 router advertisements to an IPv6 device, using the ipv6 nd dns-server ipv6-RDNSS-address {lifetime | infinite} command in INTERFACE CONFIG mode. The lifetime parameter configures the amount of time the IPv6 host can use the IPv6 RDNSS address for name resolution. The lifetime range is 0 to 4294967295 seconds.
dns-server=3000::0001, lifetime=1 sec dns-server=2000::0001, lifetime=0 sec The last 3 lines indicate that the IPv6 RDNSS information was configured correctly. dns-server=1000::0001, lifetime=1 sec dns-server=3000::0001, lifetime=1 sec dns-server=2000::0001, lifetime=0 sec If the DNS server information is not displayed, verify that the IPv6 recursive DNS server configuration was configured on the correct interface.
ipv6 nd dns-server 2000::1 0 no shutdown Secure Shell (SSH) Over an IPv6 Transport Dell Networking OS supports both inbound and outbound SSH sessions using IPv6 addressing. Inbound SSH supports accessing the system through the management interface as well as through a physical Layer 3 interface. For SSH configuration details, refer to the Security chapter in the Dell Networking OS Command Line Interface Reference Guide.
The total space allocated must equal 13. • The ipv6acl range must be a factor of 2. Show the current CAM settings. EXEC mode or EXEC Privilege mode • show cam-acl Provides information on FP groups allocated for the egress acl. CONFIGURATION mode show cam-acl-egress Allocate at least one group for L2ACL and IPv4 ACL. The total number of groups is 4.
– vrf vrf-name:(OPTIONAL) name of the VRF. – prefix: IPv6 route prefix – type {slot/port[/subport]}: interface type and slot/port[/subport] – forwarding router: forwarding router’s address – tag: route tag Enter the keyword interface then the type of interface and slot/port information: – For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/ subport information. – For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port/subport information.
• snmp-server user ipv6 • snmp-server community ipv6 • snmp-server community access-list-name ipv6 • snmp-server group ipv6 • snmp-server group access-list-name ipv6 Displaying IPv6 Information View specific IPv6 configuration with the following commands. • List the IPv6 show options.
– For a 100-Gigabit Ethernet interface, enter the keyword hundredGigE then the slot/port information. – For a Loopback interface, enter the keyword loopback then a number from 0 to 16383. – For a port channel interface, enter the keywords port-channel then a number. – For a VLAN interface, enter the keyword vlan then a number from 1 to 4094.
– To display information about Open Shortest Path First (OSPF) routes, enter ospf. – To display information about Routing Information Protocol (RIP), enter rip. – To display information about static IPv6 routes, enter static. – To display information about an IPv6 Prefix lists, enter list and the prefix-list name. Examples of the show ipv6 route Commands The following example shows the show ipv6 route summary command.
Enter the keyword interface then the type of interface and slot/port information: – For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/ subport information. – For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port/subport information. – For a 25-Gigabit Ethernet interface, enter the keyword twentyFiveGigE then the slot/port/ subport information.
3. Create the policy. POLICY LIST CONFIGURATION mode ipv6 nd ra-guard policy policy-name 4. Define the role of the device attached to the port. POLICY LIST CONFIGURATION mode device-role {host | router} Use the keyword host to set the device role as host. Use the keyword router to set the device role as router. 5. Set the hop count limit. POLICY LIST CONFIGURATION mode hop-limit {maximum | minimum limit} The hop limit range is from 0 to 254. 6. Set the managed address configuration flag.
mtu value The MTU range is from 1,280 to 11,982 bytes. 13. Set the advertised reachability time. POLICY LIST CONFIGURATION mode reachable—time value The reachability time range is from 0 to 3,600,000 milliseconds. 14. Set the advertised retransmission time. POLICY LIST CONFIGURATION mode retrans—timer value The retransmission time range is from 100 to 4,294,967,295 milliseconds. 15. Display the configurations applied on the RA guard policy mode.
Intermediate System to Intermediate System 23 The intermediate system to intermediate system (IS-IS) protocol that uses a shortest-path-first algorithm. Dell Networking supports both IPv4 and IPv6 versions of IS-IS. IS-IS Protocol Overview The IS-IS protocol, developed by the International Organization for Standardization (ISO), is an interior gateway protocol (IGP) that uses a shortest-path-first algorithm.
• • system address — the router’s MAC address. N-selector — this is always 0. The following illustration is an example of the ISO-style address to show the address format IS-IS uses. In this example, the first five bytes (47.0005.0001) are the area address. The system portion is 000c.000a. 4321 and the last byte is always 0. Figure 53. ISO Address Format Multi-Topology IS-IS Multi-topology IS-IS (MT IS-IS) allows you to create multiple IS-IS topologies on a single router with separate databases.
Interface Support MT IS-IS is supported on physical Ethernet interfaces, physical synchronous optical network technologies (SONET) interfaces, port-channel interfaces (static and dynamic using LACP), and virtual local area network (VLAN) interfaces. Adjacencies Adjacencies on point-to-point interfaces are formed as usual, where IS-IS routers do not implement MT extensions.
• The T3 timer sets the overall wait time after which the router determines that it has failed to achieve database synchronization (by setting the overload bit in its own LSP). You can base this timer on adjacency settings with the value derived from adjacent routers that are engaged in graceful restart recovery (the minimum of all the Remaining Time values advertised by the neighbors) or by setting a specific amount of time manually.
IS-IS Parameter Default Value Circuit Type Level 1 and Level 2 IS Type Level 1 and Level 2 Equal Cost Multi Paths 16 Configuration Information To use IS-IS, you must configure and enable IS-IS in two or three modes: CONFIGURATION ROUTER ISIS, CONFIGURATION INTERFACE, and ( when configuring for IPv6) ADDRESS-FAMILY mode. Commands in ROUTER ISIS mode configure IS-IS globally, while commands executed in INTERFACE mode enable and configure IS-IS features on that interface only.
To configure IS-IS globally, use the following commands. 1. Create an IS-IS routing process. CONFIGURATION mode router isis [tag] tag: (optional) identifies the name of the IS-IS process. 2. Configure an IS-IS network entity title (NET) for a routing process. ROUTER ISIS mode net network-entity-title Specify the area address and system ID for an IS-IS routing process. The last byte must be 00. For more information about configuring a NET, refer to IS-IS Addressing. 3.
• mask: The prefix length is from 0 to 128. The IPv6 address must be on the same subnet as other IS-IS neighbors, but the IP address does not need to relate to the NET address. 6. Enable IS-IS on the IPv4 interface. ROUTER ISIS mode ip router isis [tag] If you configure a tag variable, it must be the same as the tag variable assigned in step 1. 7. Enable IS-IS on the IPv6 interface.
IS-IS: IS-IS: IS-IS: IS-IS: IS-IS: IS-IS: Dell# Level-1 DR Elections : 2 Level-2 DR Elections : 2 Level-1 SPF Calculations : 29 Level-2 SPF Calculations : 29 LSP checksum errors received : 0 LSP authentication failures : 0 You can assign more NET addresses, but the System ID portion of the NET address must remain the same. Dell Networking OS supports up to six area addresses. Some address considerations are: • In order to be neighbors, configure Level 1 routers with at least one common area address.
Configuring IS-IS Graceful Restart To enable IS-IS graceful restart globally, use the following commands. Additionally, you can implement optional commands to enable the graceful restart settings. • Enable graceful restart on ISIS processes. ROUTER-ISIS mode • graceful-restart ietf Configure the time during which the graceful restart attempt is prevented. ROUTER-ISIS mode graceful-restart interval minutes The range is from 1 to 120 minutes. • The default is 5 minutes.
– adjacency: the restarting router receives the remaining time value from its peer and adjusts its T3 value so if user has configured this option. – manual: allows you to specify a fixed value that the restarting router should use. The range is from 50 to 120 seconds. The default is 30 seconds. Examples of the show isis graceful-restart detail Command NOTE: If this timer expires before the synchronization has completed, the restarting router sends the overload bit in the LSP.
Number of active level-1 adjacencies: 1 Level-2 Metric: 10, Priority: 64, Circuit ID: 0000.0000.000B.
router isis lsp-refresh-interval 902 net 47.0005.0001.000C.000A.4321.00 net 51.0005.0001.000C.000A.4321.00 Dell# Configuring the IS-IS Metric Style All IS-IS links or interfaces are associated with a cost that is used in the shortest path first (SPF) calculations. The possible cost varies depending on the metric style supported. If you configure narrow, transition, or narrow transition metric style, the cost can be a number between 0 and 63.
To view which metric types are generated and received, use the show isis protocol command in EXEC Privilege mode. The IS-IS matrixes settings are in bold. Example of Viewing IS-IS Metric Types Dell#show isis protocol IS-IS Router: System Id: EEEE.EEEE.EEEE IS-Type: level-1-2 Manual area address(es): 47.0004.004d.0001 Routing for area address(es): 21.2223.2425.2627.2829.3031.3233 47.0004.004d.
Metric Sytle Correct Value Range narrow 0 to 63 wide transition 0 to 16777215 narrow transition 0 to 63 transition 0 to 63 To view the interface’s current metric, use the show config command in INTERFACE mode or the show isis interface command in EXEC Privilege mode. Configuring the Distance of a Route To configure the distance for a route, use the following command. • Configure the distance for a route.
LSPID B233.00-00 eljefe.00-00 * eljefe.01-00 * eljefe.02-00 * Force10.00-00 LSP Seq Num 0x00000006 0x0000000D 0x00000001 0x00000001 0x00000004 LSP Checksum 0xC38A 0x51C6 0x68DF 0x2E7F 0xCDA9 LSP Holdtime 1124 1129 1122 1113 1107 ATT/P/OL 0/0/0 0/0/0 0/0/0 0/0/0 0/0/0 Dell# Controlling Routing Updates To control the source of IS-IS route information, use the following command. • Disable a specific interface from sending or receiving IS-IS routing information.
– For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/ subport information. – For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port/subport information. – For a 25-Gigabit Ethernet interface, enter the keyword twentyFiveGigE then the slot/port/ subport information. – For a 50-Gigabit Ethernet interface, enter the keyword fiftyGigE then the slot/port/subport information.
– For a 50-Gigabit Ethernet interface, enter the keyword fiftyGigE then the slot/port/subport information. – For a 100-Gigabit Ethernet interface, enter the keyword hundredGigE then the slot/port information. – For a Loopback interface, enter the keyword loopback then a number from 0 to 16383. – For a port channel interface, enter the keywords port-channel then a number. • – For a VLAN interface, enter the keyword vlan then a number from 1 to 4094.
• – map-name: enter the name of a configured route map. Include specific OSPF routes in IS-IS. ROUTER ISIS mode redistribute ospf process-id [level-1| level-1-2 | level-2] [metric value] [match external {1 | 2} | match internal] [metric-type {external | internal}] [route-map map-name] Configure the following parameters: – process-id the range is from 1 to 65535. – level-1, level-1-2, or level-2: assign all redistributed routes to a level. The default is level-2.
– metric-type: external or internal. – map-name: name of a configured route map. To view the IS-IS configuration globally (including both IPv4 and IPv6 settings), use the show runningconfig isis command in EXEC Privilege mode. To view the current IPv4 IS-IS configuration, use the show config command in ROUTER ISIS mode. To view the current IPv6 IS-IS configuration, use the show config command in ROUTER ISIS-ADDRESS FAMILY IPV6 mode.
• This setting prevents other routers from using it as an intermediate hop in their shortest path first (SPF) calculations. Remove the overload bit. ROUTER ISIS mode no set-overload-bit Example of Viewing the Overload Bit Setting When the bit is set, a 1 is placed in the OL column in the show isis database command output. The overload bit is set in both the Level-1 and Level-2 database because the IS type for the router is Level-1-2.
• – interface: Enter the type of interface and slot/port information to view IS-IS information on that interface only. View IS-IS SNP packets, include CSNPs and PSNPs. EXEC Privilege mode debug isis snp-packets [interface] To view specific information, enter the following optional parameter: • – interface: Enter the type of interface and slot/port information to view IS-IS information on that interface only. View the events that triggered IS-IS shortest path first (SPF) events for debugging purposes.
Configure Metric Values For any level (Level-1, Level-2, or Level-1-2), the value range possible in the isis metric command in INTERFACE mode changes depending on the metric style. The following describes the correct value range for the isis metric command.
Beginning Metric Style Final Metric Style Resulting IS-IS Metric Value wide narrow transition default value (10) if the original value is greater than 63. A message is sent to the console.
Table 44. Metric Value when the Metric Style Changes Multiple Times Beginning Metric Style Next Metric Style Resulting Metric Value Next Metric Style Final Metric Value wide transition truncated value wide original value is recovered wide transition transition truncated value wide transition original value is recovered wide transition truncated value narrow default value (10).
Level-1 Metric Style Level-2 Metric Style Resulting Metric Value wide transition narrow transition truncated value wide transition transition truncated value Sample Configurations The following configurations are examples for enabling IPv6 IS-IS. These examples are not comprehensive directions. They are intended to give you some guidance with typical configurations. NOTE: Only one IS-IS process can run on the router, even if both IPv4 and IPv6 routing is being used.
Figure 54. IPv6 IS-IS Sample Topography IS-IS Sample Configuration — Congruent Topology IS-IS Sample Configuration — Multi-topology IS-IS Sample Configuration — Multi-topology Transition The following is a sample configuration for enabling IPv6 IS-IS. Dell(conf-if-te-3/17/1)#show config ! interface TenGigabitEthernet 3/17/1 ip address 24.3.1.
net 34.0000.0000.AAAA.00 ! address-family ipv6 unicast multi-topology exit-address-family Dell (conf-router_isis)# Dell (conf-if-te-3/17/1)#show config ! interface TenGigabitEthernet 3/17/1 ipv6 address 24:3::1/76 ipv6 router isis no shutdown Dell (conf-if-te-3/17/1)# Dell (conf-router_isis)#show config ! router isis net 34.0000.0000.AAAA.
24 Link Aggregation Control Protocol (LACP) A link aggregation group (LAG), referred to as a port channel by the Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic. Introduction to Dynamic LAGs and LACP A link aggregation group (LAG), referred to as a port channel by Dell Networking OS, can provide both load-sharing and port redundancy across line cards. You can enable LAGs as static or dynamic.
• A dynamic LAG can be created with any type of configuration. • There is a difference between the shutdown and no interface port-channel commands: – The shutdown command on LAG “xyz” disables the LAG and retains the user commands. However, the system does not allow the channel number “xyz” to be statically created. – The no interface port-channel channel-number command deletes the specified LAG, including a dynamically created LAG.
• Configure LACP mode. LACP mode [no] port-channel number mode [active | passive | off] – number: cannot statically contain any links. • The default is LACP active. Configure port priority. LACP mode [no] lacp port-priority priority-value The range is from 1 to 65535 (the higher the number, the lower the priority). The default is 32768. LACP Configuration Tasks The following configuration tasks apply to LACP.
Configuring the LAG Interfaces as Dynamic After creating a LAG, configure the dynamic LAG interfaces. To configure the dynamic LAG interfaces, use the following command. • Configure the dynamic LAG interfaces. CONFIGURATION mode port-channel-protocol lacp Example of the port-channel-protocol lacp Command Dell(conf)#interface TenGigabitethernet 3/15/1 Dell(conf-if-te-3/15/1)#no shutdown Dell(conf-if-te-3/15/1)#port-channel-protocol lacp Dell(conf-if-te-3/15/1-lacp)#port-channel 32 mode active ...
Dell(conf-if-po-32)#end Dell# show lacp 32 Port-channel 32 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address 0001.e800.a12b Partner System ID: Priority 32768, Address 0001.e801.
Figure 55. Shared LAG State Tracking To avoid packet loss, redirect traffic through the next lowest-cost link (R3 to R4). Dell Networking OS has the ability to bring LAG 2 down if LAG 1 fails, so that traffic can be redirected. This redirection is what is meant by shared LAG state tracking. To achieve this functionality, you must group LAG 1 and LAG 2 into a single entity, called a failover group. Configuring Shared LAG State Tracking To configure shared LAG state tracking, you configure a failover group.
As shown in the following illustration, LAGs 1 and 2 are members of a failover group. LAG 1 fails and LAG 2 is brought down after the failure. This effect is logged by Message 1, in which a console message declares both LAGs down at the same time. Figure 56.
• If a LAG moves to the Down state due to this feature, its members may still be in the Up state. LACP Basic Configuration Example The screenshots in this section are based on the following example topology. Two routers are named ALPHA and BRAVO, and their hostname prompts reflect those names. Figure 57. LACP Basic Configuration Example Configure a LAG on ALPHA The following example creates a LAG on ALPHA.
Queueing strategy: fifo Input statistics: 132 packets, 163668 bytes 0 Vlans 0 64-byte pkts, 12 over 64-byte pkts, 120 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 132 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output Statistics 136 packets, 16718 bytes, 0 underruns 0 64-byte pkts, 15 over 64-byte pkts, 121 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 136 Multicasts, 0 Broadcasts, 0 Unic
Figure 59.
Figure 60.
interface TenGigabitEthernet 2/31 no ip address Summary of the LAG Configuration on Bravo Bravo(conf-if-te-3/21/1)#int port-channel 10 Bravo(conf-if-po-10)#no ip add Bravo(conf-if-po-10)#switch Bravo(conf-if-po-10)#no shut Bravo(conf-if-po-10)#show config ! interface Port-channel 10 no ip address switchport no shutdown ! Bravo(conf-if-po-10)#exit Bravo(conf)#int tengig 3/21/1 Bravo(conf)#no ip address Bravo(conf)#no switchport Bravo(conf)#shutdown Bravo(conf-if-te-3/21/1)#port-channel-protocol lacp Bravo(co
Figure 61.
Figure 62.
Figure 63. Inspecting the LAG Status Using the show lacp command The point-to-point protocol (PPP) is a connection-oriented protocol that enables layer two links over various different physical layer connections. It is supported on both synchronous and asynchronous lines, and can operate in Half-Duplex or Full-Duplex mode. It was designed to carry IP traffic but is general enough to allow any type of network layer datagram to be sent over a PPP connection.
Layer 2 25 This chapter describes the Layer 2 features supported on the device. Manage the MAC Address Table You can perform the following management tasks in the MAC address table. • Clearing the MAC Address Table • Setting the Aging Time for Dynamic Entries • Configuring a Static MAC Address • Displaying the MAC Address Table Clearing the MAC Address Table You may clear the MAC address table of dynamic entries. To clear a MAC address table, use the following command.
The range is from 10 to 1000000. Configuring a Static MAC Address A static entry is one that is not subject to aging. Enter static entries manually. To create a static MAC address entry, use the following command. • Create a static MAC address entry in the MAC address table. CONFIGURATION mode mac-address-table static Displaying the MAC Address Table To display the MAC address table, use the following command. • Display the contents of the MAC address table.
interface) before the system verifies that sufficient CAM space exists. If the CAM check fails, a message is displayed: %E90MH:5 %ACL_AGENT-2-ACL_AGENT_LIST_ERROR: Unable to apply access-list MacLimit on GigabitEthernet 4/24/1 In this case, the configuration is still present in the running-config and show output. Remove the configuration before re-applying a MAC learning limit with a lower value. Also, ensure that you can view the Syslog messages on your session.
mac learning-limit mac-address-sticky Using sticky MAC addresses allows you to associate a specific port with MAC addresses from trusted devices. If you enable sticky MAC, the specified port retains any dynamically-learned addresses and prevents them from being transferred or learned on other ports. If you configure mac-learning-limit and you enabled sticky MAC, all dynamically-learned addresses are converted to sticky MAC addresses for the selected port.
no ip address switchport mac learning-limit 1 dynamic no-station-move mac learning-limit station-move-violation log no shutdown Learning Limit Violation Actions To configure the system to take an action when the MAC learning limit is reached on an interface and a new address is received using one the following options with the mac learning-limit command, use the following commands. • Generate a system log message when the MAC learning limit is exceeded.
NOTE: When the MAC learning limit (MLL) is configured as no-station-move, the MLL will be processed as static entries internally. For static entries, the MAC address will be installed in all port-pipes, irrespective of the VLAN membership. Recovering from Learning Limit and Station Move Violations After a learning-limit or station-move violation shuts down an interface, you must manually reset it. To reset the learning limit, use the following commands.
When you use NIC teaming, consider that the server MAC address is originally learned on Port 0/1 of the switch (shown in the following) and Port 0/5 is the failover port. When the NIC fails, the system automatically sends an ARP request for the gateway or host NIC to resolve the ARP and refresh the egress interface. When the ARP is resolved, the same MAC address is learned on the same port where the ARP is resolved (in the previous example, this location is Port 0/5 of the switch).
Apply all other configurations to each interface in the redundant pair such that their configurations are identical, so that transition to the backup interface in the event of a failure is transparent to rest of the network. Figure 66. Configuring Redundant Layer 2 Pairs without Spanning Tree You configure a redundant pair by assigning a backup interface to a primary interface with the switchport backup interface command.
To ensure that existing network applications see no difference when a primary interface in a redundant pair transitions to the backup interface, be sure to apply identical configurations of other traffic parameters to each interface. If you remove an interface in a redundant link (remove the line card of a physical interface or delete a port channel with the no interface port-channel command), the redundant pair configuration is also removed.
Vl 1 00:24:55: %RPM0-P:CP %IFMGR-5-STATE_STBY_ACT: Changed interface state from standby to active: Te 3/11/2 Dell(conf-if-te-3/11/1)#do show ip int brief | find 3/11/1 TenGigabitEthernet 3/11/1 unassigned NO Manual administratively down down TenGigabitEthernet 3/11/2 unassigned YES Manual up up [output omitted] Example of Configuring Redundant Pairs on a Port-Channel Dell#show interfaces port-channel brief Codes: L - LACP Port-channel LAG Mode Status Uptime Ports 1 L2 up 00:08:33 Te 1/1/1 (Up) 2 L2 up 00:00
Figure 67. Configuring Far-End Failure Detection The report consists of several packets in SNAP format that are sent to the nearest known MAC address. In the event of a far-end failure, the device stops receiving frames and, after the specified time interval, assumes that the far-end is not available. The connecting line protocol is brought down so that upper layer protocols can detect the neighbor unavailability faster. FEFD State Changes FEFD has two operational modes, Normal and Aggressive.
4. If the FEFD enabled system is configured to use FEFD in Normal mode and neighboring echoes are not received after three intervals, (you can set each interval can be set between 3 and 300 seconds) the state changes to unknown. 5. If the FEFD system has been set to Aggressive mode and neighboring echoes are not received after three intervals, the state changes to Err-disabled.
To report interval frequency and mode adjustments, use the following commands. 1. Setup two or more connected interfaces for Layer 2 or Layer 3. INTERFACE mode ip address ip address, switchport 2. Enable the necessary ports administratively. INTERFACE mode no shutdown 3. Enable fefd globally. CONFIGURATION mode fefd-global {interval | mode} Example of the show fefd Command To display information about the state of each interface, use the show fefd command in EXEC privilege mode.
Disabling an interface shuts down all protocols working on that interface’s connected line. It does not delete your previous FEFD configuration which you can enable again at any time. To set up and activate two or more connected interfaces, use the following commands. 1. Setup two or more connected interfaces for Layer 2 or Layer 3. INTERFACE mode ip address ip address, switchport 2. Activate the necessary ports administratively. INTERFACE mode no shutdown 3.
2w1d22h: %RPM0-P:CP %IFMGR-5-INACTIVE: Changed Vlan interface state to inactive: Vl 1 2w1d22h : FEFD state on Te 4/1/1 changed from Bi-directional to Unknown Dell#debug fefd packets Dell#2w1d22h : FEFD packet sent via interface Te 1/1/1 Sender state -- Bi-directional Sender info -- Mgmt Mac(00:01:e8:14:89:25), Slot-Port-Subport(Te 1/1/1) Peer info -- Mgmt Mac (00:01:e8:14:89:25), Slot-Port-Subport(Te 4/1/1) Sender hold time -- 3 (second) 2w1d22h : FEFD packet received on interface Te 4/1/1 Sender state -- B
Link Layer Discovery Protocol (LLDP) 26 This chapter describes how to configure and use the link layer discovery protocol (LLDP). 802.1AB (LLDP) Overview LLDP — defined by IEEE 802.1AB — is a protocol that enables a local area network (LAN) device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN infrastructure devices.
Table 47. Type, Length, Value (TLV) Types Type TLV Description 0 End of LLDPDU Marks the end of an LLDPDU. 1 Chassis ID An administratively assigned name that identifies the LLDP agent. 2 Port ID An administratively assigned name that identifies a port through which TLVs are sent and received. 3 Time to Live An administratively assigned name that identifies a port through which TLVs are sent and received.
Figure 70. Organizationally Specific TLV IEEE Organizationally Specific TLVs Eight TLV types have been defined by the IEEE 802.1 and 802.3 working groups as a basic part of LLDP; the IEEE OUI is 00-80-C2. You can configure the Dell Networking system to advertise any or all of these TLVs. Table 48. Optional TLV Types Type TLV Description 4 Port description A user-defined alphanumeric string that describes the port. Dell Networking OS does not currently support this TLV.
Type TLV Description 127 Protocol Identity Indicates the protocols that the port can process. Dell Networking OS does not currently support this TLV. 127 MAC/PHY Configuration/Status Indicates the capability and current setting of the duplex status and bit rate, and whether the current settings are the result of auto-negotiation. This TLV is not available in the Dell Networking OS implementation of LLDP, but is available and mandatory (non-configurable) in the LLDP-MED implementation.
TIA Organizationally Specific TLVs The Dell Networking system is an LLDP-MED Network Connectivity Device (Device Type 4). Network connectivity devices are responsible for: • transmitting an LLDP-MED capability TLV to endpoint devices • storing the information that endpoint devices advertise The following table describes the five types of TIA-1057 Organizationally Specific TLVs. Table 49.
Type SubType TLV Description 127 6 Inventory — Firmware Revision Indicates the firmware revision of the LLDPMED device. 127 7 Inventory — Software Revision Indicates the software revision of the LLDPMED device. 127 8 Inventory — Serial Number Indicates the device serial number of the LLDP-MED device. 127 9 Inventory — Manufacturer Name Indicates the manufacturer of the LLDP-MED device. 127 10 Inventory — Model Name Indicates the model of the LLDP-MED device.
Bit Position TLV Dell Networking OS Support 3 Extended Power via MDI-PSE Yes 4 Extended Power via MDI-PD No 5 Inventory No 6–15 reserved No Table 51. LLDP-MED Device Types Value Device Type 0 Type Not Defined 1 Endpoint Class 1 2 Endpoint Class 2 3 Endpoint Class 3 4 Network Connectivity 5–255 Reserved LLDP-MED Network Policies TLV A network policy in the context of LLDP-MED is a device’s VLAN configuration and associated Layer 2 and Layer 3 configurations.
Type Application Description 2 Voice Signaling Specify this application type only if voice control packets use a separate network policy than voice data. 3 Guest Voice Specify this application type for a separate limited voice service for guest users with their own IP telephony handsets and other appliances supporting interactive voice services. 4 Guest Voice Signaling Specify this application type only if guest voice control packets use a separate network policy than voice data.
• Configuring a Time to Live • Debugging LLDP Important Points to Remember • LLDP is enabled by default. • Dell Networking systems support up to eight neighbors per interface. • Dell Networking systems support a maximum of 8000 total neighbors per system. If the number of interfaces multiplied by eight exceeds the maximum, the system does not configure more than 8000. • INTERFACE level configurations override all CONFIGURATION level configurations. • LLDP is not hitless.
Enabling LLDP LLDP is enabled by default. Enable and disable LLDP globally or per interface. If you enable LLDP globally, all UP interfaces send periodic LLDPDUs. To enable LLDP, use the following command. 1. Enter Protocol LLDP mode. CONFIGURATION or INTERFACE mode protocol lldp 2. Enable LLDP. PROTOCOL LLDP mode no disable Disabling and Undoing LLDP To disable or undo LLDP, use the following command. • Disable LLDP globally or for an interface.
protocol lldp 2. Enter LLDP management-interface mode. LLDP-MANAGEMENT-INTERFACE mode. management-interface 3. Enter the disable command. LLDP-MANAGEMENT-INTERFACE mode. To undo an LLDP management port configuration, precede the relevant command with the keyword no. Advertising TLVs You can configure the system to advertise TLVs out of all interfaces or out of specific interfaces. • If you configure the system globally, all interfaces send LLDPDUs with the specified TLVs.
Figure 73. Configuring LLDP Viewing the LLDP Configuration To view the LLDP configuration, use the following command. • Display the LLDP configuration. CONFIGURATION or INTERFACE mode show config Examples of Viewing LLDP Configurations The following example shows viewing an LLDP global configuration.
Viewing Information Advertised by Adjacent LLDP Agents To view brief information about adjacent devices or to view all the information that neighbors are advertising, use the following commands. • Display brief information about adjacent devices. • show lldp neighbors Display all of the information that neighbors are advertising.
Configuring LLDPDU Intervals LLDPDUs are transmitted periodically; the default interval is 30 seconds. To configure LLDPDU intervals, use the following command. • Configure a non-default transmit interval.
• Return to the default setting.
advertise management-tlv system-capabilities system-description no disable R1(conf-lldp)#multiplier ? <2-10> Multiplier (default=4) R1(conf-lldp)#multiplier 5 R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise dot3-tlv max-frame-size advertise management-tlv system-capabilities system-description multiplier 5 no disable R1(conf-lldp)#no multiplier R1(conf-lldp)#show config ! protocol lldp advertise dot1-tlv port-protocol-vlan-id port-vlan-id advertise d
Figure 74. The debug lldp detail Command — LLDPDU Packet Dissection Relevant Management Objects Dell Networking OS supports all IEEE 802.1AB MIB objects. The following tables list the objects associated with: • received and transmitted TLVs • the LLDP configuration on the local agent • IEEE 802.1AB Organizationally Specific TLVs • received and transmitted LLDP-MED TLVs Table 53.
MIB Object Category Basic TLV Selection LLDP Variable LLDP MIB Object Description msgTxInterval lldpMessageTxInterval Transmit Interval value. rxInfoTTL lldpRxInfoTTL Time to live for received TLVs. txInfoTTL lldpTxInfoTTL Time to live for transmitted TLVs. mibBasicTLVsTxEnable lldpPortConfigTLVsTxEnabl e Indicates which management TLVs are enabled for system ports.
Table 54.
TLV Type TLV Name TLV Variable System interface numbering Local subtype interface number OID LLDP MIB Object lldpLocManAddrIfSu btype Remote lldpRemManAddrIfS ubtype Local lldpLocManAddrIfId Remote lldpRemManAddrIfId Local lldpLocManAddrOID Remote lldpRemManAddrOI D Table 55. LLDP 802.
Table 56.
TLV Sub-Type TLV Name TLV Variable System LLDP-MED MIB Object 3 Location Data Format Local lldpXMedLocLocatio nSubtype Remote lldpXMedRemLocati onSubtype Local lldpXMedLocLocatio nInfo Remote lldpXMedRemLocati onInfo Location Identifier Location ID Data Link Layer Discovery Protocol (LLDP) 529
Microsoft Network Load Balancing 27 Network load balancing (NLB) is a clustering functionality that is implemented by Microsoft on Windows 2000 Server and Windows Server 2003 operating systems (OSs). NLB uses a distributed methodology or pattern to equally split and balance the network traffic load across a set of servers that are part of the cluster or group.
To perform load-balancing, NLB, forwards the data frame to all the servers. NLB Multicast Mode Scenario Consider a topology in which you configure four servers, S1 through S4, as a cluster or a farm. This set of servers connects to a Layer 3 switch, which connects to the end-clients. They contain a single multicast MAC address (MAC-Cluster: 03-00-5E-11-11-11). In Multicast NLB mode, configure a static ARP configuration command to associate the cluster IP address with a multicast cluster MAC address.
Enable and Disable VLAN Flooding • The older ARP entries are overwritten whenever newer NLB entries are learned. • All ARP entries, learned after you enable VLAN flooding, are deleted when you disable VLAN flooding, and RP2 triggers an ARP resolution. Disable VLAN flooding with the no ip vlan-flooding command. • When you add a port to the VLAN, the port automatically receives traffic if you enabled VLAN flooding. Old ARP entries are not deleted or updated.
mac-address-table static multicast-mac-address vlan vlan-id output-range interface Microsoft Network Load Balancing 533
Multicast Source Discovery Protocol (MSDP) 28 Multicast source discovery protocol (MSDP) is supported on Dell Networking OS. Protocol Overview MSDP is a Layer 3 protocol that connects IPv4 protocol-independent multicast-sparse mode (PIM-SM) domains. A domain in the context of MSDP is a contiguous set of routers operating PIM within a common boundary defined by an exterior gateway protocol, such as border gateway protocol (BGP).
Figure 75. Multicast Source Discovery Protocol (MSDP) RPs advertise each (S,G) in its domain in type, length, value (TLV) format. The total number of TLVs contained in the SA is indicated in the “Entry Count” field. SA messages are transmitted every 60 seconds, and immediately when a new source is detected. Figure 76.
Anycast RP Using MSDP, anycast RP provides load sharing and redundancy in PIM-SM networks. Anycast RP allows two or more rendezvous points (RPs) to share the load for source registration and the ability to act as hot backup routers for each other. Anycast RP allows you to configure two or more RPs with the same IP address on Loopback interfaces. The Anycast RP Loopback address are configured with a 32-bit mask, making it a host address.
• Accept Source-Active Messages that Fail the RFP Check • Specifying Source-Active Messages • Limiting the Source-Active Cache • Preventing MSDP from Caching a Local Source • Preventing MSDP from Caching a Remote Source • Preventing MSDP from Advertising a Local Source • Terminating a Peership • Clearing Peer Statistics • Debugging MSDP • MSDP with Anycast RP • MSDP Sample Configurations Figure 77.
Figure 78.
Figure 79.
Figure 80. Configuring MSDP Enable MSDP Enable MSDP by peering RPs in different administrative domains. 1. Enable MSDP. CONFIGURATION mode ip multicast-msdp 2. Peer PIM systems in different administrative domains.
Examples of Configuring and Viewing MSDP R3(conf)#ip multicast-msdp R3(conf)#ip msdp peer 192.168.0.1 connect-source Loopback 0 R3(conf)#do show ip msdp summary Peer Addr Description Local Addr State Source SA Up/Down To view details about a peer, use the show ip msdp peer command in EXEC privilege mode. Multicast sources in remote domains are stored on the RP in the source-active cache (SA cache).
Limiting the Source-Active Cache Set the upper limit of the number of active sources that the Dell Networking OS caches. The default active source limit is 500K messages. When the total number of active sources reaches the specified limit, subsequent active sources are dropped even if they pass the reverse path forwarding (RPF) and policy check. To limit the number of sources that SA cache stores, use the following command. • Limit the number of sources that can be stored in the SA cache.
Figure 81.
Figure 82.
Figure 83.
Figure 84. MSDP Default Peer, Scenario 4 Specifying Source-Active Messages To specify messages, use the following command. • Specify the forwarding-peer and originating-RP from which all active sources are accepted without regard for the RPF check. CONFIGURATION mode ip msdp default-peer ip-address list If you do not specify an access list, the peer accepts all sources that peer advertises. All sources from RPs that the ACL denies are subject to the normal RPF check.
Dell(conf)#ip access-list standard fifty Dell(conf)#seq 5 permit host 200.0.0.50 Dell#ip msdp sa-cache MSDP Source-Active Cache - 3 entries GroupAddr SourceAddr RPAddr LearnedFrom 229.0.50.2 24.0.50.2 200.0.0.50 10.0.50.2 229.0.50.3 24.0.50.3 200.0.0.50 10.0.50.2 229.0.50.4 24.0.50.4 200.0.0.50 10.0.50.2 Dell#ip msdp sa-cache rejected-sa MSDP Rejected SA Cache 3 rejected SAs received, cache-size 32766 UpTime GroupAddr SourceAddr RPAddr 00:33:18 229.0.50.64 24.0.50.64 200.0.1.50 00:33:18 229.0.50.65 24.0.50.
Example of Verifying the System is not Caching Local Sources When you apply this filter, the SA cache is not affected immediately. When sources that are denied by the ACL time out, they are not refreshed. Until they time out, they continue to reside in the cache. To apply the redistribute filter to entries already present in the SA cache, first clear the SA cache. You may optionally store denied sources in the rejected SA cache. R1(conf)#do show run msdp ! ip multicast-msdp ip msdp peer 192.168.0.
R3(conf)# R3(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 0.0.0.0(639) Connect Source: Lo 0 State: Listening Up/Down Time: 00:01:19 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 0/0 SAs learned from this peer: 0 SA Filtering: Input (S,G) filter: myremotefilter Output (S,G) filter: none Preventing MSDP from Advertising a Local Source To prevent MSDP from advertising a local source, use the following command.
ip msdp log-adjacency-changes Terminating a Peership MSDP uses TCP as its transport protocol. In a peering relationship, the peer with the lower IP address initiates the TCP session, while the peer with the higher IP address listens on port 639. • Terminate the TCP connection with a peer.
SA Filtering: Input (S,G) filter: myremotefilter Output (S,G) filter: none R3(conf)#do clear ip msdp peer 192.168.0.1 R3(conf)#do show ip msdp peer Peer Addr: 192.168.0.1 Local Addr: 0.0.0.0(0) Connect Source: Lo 0 State: Inactive Up/Down Time: 00:00:04 Timers: KeepAlive 30 sec, Hold time 75 sec SourceActive packet count (in/out): 0/0 SAs learned from this peer: 0 SA Filtering: Input (S,G) filter: myremotefilter Output (S,G) filter: none Debugging MSDP To debug MSDP, use the following command.
Anycast RP relieves these limitations by allowing multiple RPs per group, which can be distributed in a topologically significant manner according to the locations of the sources and receivers. 1. All the RPs serving a given group are configured with an identical anycast address. 2. Sources then register with the topologically closest RP. 3. RPs use MSDP to peer with each other using a unique address. Figure 85.
interface loopback 2. Make this address the RP for the group. CONFIGURATION mode ip pim rp-address 3. In each routing domain that has multiple RPs serving a group, create another Loopback interface on each RP serving the group with a unique IP address. CONFIGURATION mode interface loopback 4. Peer each RP with every other RP using MSDP, specifying the unique Loopback address as the connect-source. CONFIGURATION mode ip msdp peer 5.
ip address 10.11.3.1/24 no shutdown ! interface TenGigabitEthernet 1/2/1 ip address 10.11.2.1/24 no shutdown ! interface TenGigabitEthernet 1/21/1 ip pim sparse-mode ip address 10.11.1.12/24 no shutdown ! interface Loopback 0 ip pim sparse-mode ip address 192.168.0.1/32 no shutdown ! interface Loopback 1 ip address 192.168.0.11/32 no shutdown ! router ospf 1 network 10.11.2.0/24 area 0 network 10.11.1.0/24 area 0 network 10.11.3.0/24 area 0 network 192.168.0.
router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.22/32 area 0 redistribute static redistribute connected redistribute bgp 100 ! router bgp 100 redistribute ospf 1 neighbor 192.168.0.3 remote-as 200 neighbor 192.168.0.3 ebgp-multihop 255 neighbor 192.168.0.3 no shutdown ! ip multicast-msdp ip msdp peer 192.168.0.3 connect-source Loopback 1 ip msdp peer 192.168.0.11 connect-source Loopback 1 ip msdp mesh-group AS100 192.168.0.
ip route 192.168.0.22/32 10.11.0.23 ! ip pim rp-address 192.168.0.3 group-address 224.0.0.0/4 MSDP Sample Configurations The following examples show the running-configurations described in this chapter. For more information, see the illustrations in the Related Configuration Tasks section.
ip address 10.11.0.23/24 no shutdown ! interface Loopback 0 ip address 192.168.0.2/32 no shutdown ! router ospf 1 network 10.11.1.0/24 area 0 network 10.11.4.0/24 area 0 network 192.168.0.2/32 area 0 redistribute static redistribute connected redistribute bgp 100 ! router bgp 100 redistribute ospf 1 neighbor 192.168.0.3 remote-as 200 neighbor 192.168.0.3 ebgp-multihop 255 neighbor 192.168.0.3 update-source Loopback 0 neighbor 192.168.0.3 no shutdown ! ip route 192.168.0.3/32 10.11.0.
! ip route 192.168.0.2/32 10.11.0.23 ip multicast-routing ! interface TenGigabitEthernet 4/1/1 ip pim sparse-mode ip address 10.11.5.1/24 no shutdown ! interface TenGigabitEthernet 4/22/1 ip address 10.10.42.1/24 no shutdown ! interface TenGigabitEthernet 4/31/1 ip pim sparse-mode ip address 10.11.6.43/24 no shutdown ! interface Loopback 0 ip address 192.168.0.4/32 no shutdown ! router ospf 1 network 10.11.5.0/24 area 0 network 10.11.6.0/24 area 0 network 192.168.0.4/32 area 0 ! ip pim rp-address 192.168.0.
29 Multiple Spanning Tree Protocol (MSTP) Multiple spanning tree protocol (MSTP) — specified in IEEE 802.1Q-2003 — is a rapid spanning tree protocol (RSTP)-based spanning tree variation that improves per-VLAN spanning tree plus (PVST+). MSTP allows multiple spanning tree instances and allows you to map many VLANs to one spanning tree instance to reduce the total number of required instances. Protocol Overview MSTP — specified in IEEE 802.
Spanning Tree Variations The Dell Networking OS supports four variations of spanning tree, as shown in the following table. Table 57. Spanning Tree Variations Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w Multiple Spanning Tree Protocol (MSTP) 802 .
• • Enabling SNMP Traps for Root Elections and Topology Changes Configuring Spanning Trees as Hitless Enable Multiple Spanning Tree Globally MSTP is not enabled by default. To enable MSTP globally, use the following commands. When you enable MSTP, all physical, VLAN, and port-channel interfaces that are enabled and in Layer 2 mode are automatically part of the MSTI 0. • • 1. Within an MSTI, only one path from any bridge to any other bridge is enabled.
Examples of Configuring and Viewing MSTI The following examples shows the msti command. Dell(conf)#protocol spanning-tree mstp Dell(conf-mstp)#msti 1 vlan 100 Dell(conf-mstp)#msti 2 vlan 200-300 Dell(conf-mstp)#show config ! protocol spanning-tree mstp no disable MSTI 1 VLAN 100 MSTI 2 VLAN 200-300 All bridges in the MSTP region must have the same VLAN-to-instance mapping. To view which instance a VLAN is mapped to, use the show spanning-tree mst vlan command from EXEC Privilege mode.
Influencing MSTP Root Selection MSTP determines the root bridge, but you can assign one bridge a lower priority to increase the probability that it becomes the root bridge. To change the bridge priority, use the following command. • Assign a number as the bridge priority. PROTOCOL MSTP mode msti instance bridge-priority priority A lower number increases the probability that the bridge becomes the root bridge. The range is from 0 to 61440, in increments of 4096. The default is 32768.
Changing the Region Name or Revision To change the region name or revision, use the following commands. • Change the region name. PROTOCOL MSTP mode • name name Change the region revision number. PROTOCOL MSTP mode revision number Example of the name Command To view the current region name and revision, use the show spanning-tree mst configuration command from EXEC Privilege mode.
PROTOCOL MSTP mode hello-time seconds NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. The default is 2 seconds. 3. Change the max-age parameter. PROTOCOL MSTP mode max-age seconds The range is from 6 to 40. The default is 20 seconds. 4. Change the max-hops parameter. PROTOCOL MSTP mode max-hops number The range is from 1 to 40. The default is 20.
The following lists the default values for port cost by interface. Table 58. Default Values for Port Costs by Interface Port Cost Default Value 100-Mb/s Ethernet interfaces 200000 1-Gigabit Ethernet interfaces 20000 10-Gigabit Ethernet interfaces 2000 Port Channel with 100 Mb/s Ethernet interfaces 180000 Port Channel with 1-Gigabit Ethernet interfaces 18000 Port Channel with 10-Gigabit Ethernet interfaces 1800 To change the port cost or priority of an interface, use the following commands. 1.
INTERFACE mode spanning-tree mstp edge-port [bpduguard | shutdown-on-violation] Dell Networking OS Behavior: Regarding bpduguard shutdown-on-violation behavior: – If the interface to be shut down is a port channel, all the member ports are disabled in the hardware. – When you add a physical port to a port channel already in the Error Disable state, the new member port is also disabled in the hardware.
Figure 87. MSTP with Three VLANs Mapped to Two Spanning Tree Instances Router 1 Running-Configuration This example uses the following steps: 1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2. Assign Layer-2 interfaces to the MSTP topology. 3. Create VLANs mapped to MSTP instances tag interfaces to the VLANs.
no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 1/21,31/1 no shutdown Router 2 Running-Configuration This example uses the following steps: 1. Enable MSTP globally and set the region name and revision map MSTP instances to the VLANs. 2. Assign Layer-2 interfaces to the MSTP topology. 3. Create VLANs mapped to MSTP instances tag interfaces to the VLANs.
name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 ! (Step 2) interface TenGigabitEthernet 3/11/1 no ip address switchport no shutdown ! interface TenGigabitEthernet 3/21/1 no ip address switchport no shutdown ! (Step 3) interface Vlan 100 no ip address tagged TenGigabitEthernet 3/11/1,21/1 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 3/11/1,21/1 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 3/11/1,21/1 no shutdown SFTOS Example Running-Conf
(Step 3) interface vlan 100 tagged 1/0/31 tagged 1/0/32 exit interface vlan 200 tagged 1/0/31 tagged 1/0/32 exit interface vlan 300 tagged 1/0/31 tagged 1/0/32 exit Debugging and Verifying MSTP Configurations To debut and verify MSTP configuration, use the following commands. • Display BPDUs. EXEC Privilege mode • debug spanning-tree mstp bpdu Display MSTP-triggered topology change messages.
– Are there “extra” MSTP instances in the Sending or Received logs? This may mean that an additional MSTP instance was configured on one router but not the others. The following example shows the show run spanning-tree mstp command. Dell#show run spanning-tree mstp ! protocol spanning-tree mstp name Tahiti revision 123 MSTI 1 VLAN 100 MSTI 2 VLAN 200,300 The following example shows viewing the debug log of a successful MSTP configuration.
INST 2: Flags: 0x70, Reg Root: 32768:0001.e8d5.
Multicast Features 30 NOTE: Multicast routing is supported on secondary IP addresses; it is not supported on IPv6. NOTE: Multicast routing is supported across default and non-default virtual routing and forwarding (VRFs).
Protocol Ethernet Address RIP 01:00:5e:00:00:09 NTP 01:00:5e:00:01:01 VRRP 01:00:5e:00:00:12 PIM-SM 01:00:5e:00:00:0d • • • The Dell Networking OS implementation of MTRACE is in accordance with IETF draft draft-fennertraceroute-ipm. Multicast is not supported on secondary IP addresses. If you enable multicast routing, egress Layer 3 ACL is not applied to multicast data traffic. Multicast Policies The Dell Networking OS supports multicast features for IPv4.
• Limit the total number of multicast routes on the system. CONFIGURATION mode ip multicast-limit The range is from 1 to . The default is 4000. NOTE: The IN-L3-McastFib CAM partition stores multicast routes and is a separate hardware limit that exists per port-pipe. Any software-configured limit may supersede this hardware space limitation. The opposite is also true, the CAM partition might not be exhausted at the time the system-wide route limit is reached using the ip multicast-limit command.
Figure 88. Preventing a Host from Joining a Group The following table lists the location and description shown in the previous illustration. Table 59. Preventing a Host from Joining a Group — Description Location Description 1/21/1 • • • • Interface TenGigabitEthernet 1/21/1 ip pim sparse-mode ip address 10.11.12.
Location Description • • ip address 10.11.13.1/24 no shutdown 2/1/1 • • • • Interface TenGigabitEthernet 2/1/1 ip pim sparse-mode ip address 10.11.1.1/24 no shutdown 2/11/1 • • • • Interface TenGigabitEthernet 2/11/1 ip pim sparse-mode ip address 10.11.12.2/24 no shutdown 2/31/1 • • • • Interface TenGigabitEthernet 2/31/1 ip pim sparse-mode ip address 10.11.23.1/24 no shutdown 3/1/1 • • • • Interface TenGigabitEthernet 3/1/1 ip pim sparse-mode ip address 10.11.5.
Preventing a PIM Router from Forming an Adjacency To prevent a router from participating in PIM (for example, to configure stub multicast routing), use the following command. • Prevent a router from participating in PIM. INTERFACE mode ip pim neighbor-filter Setting a Threshold for Switching to the SPT The functionality to specify a threshold for switchover to the shortest path trees (SPTs) is available on the platform.
Figure 89. Preventing a Source from Transmitting to a Group The following table lists the location and description shown in the previous illustration. Table 61. Preventing a Source from Transmitting to a Group — Description Location Description 1/21/1 • • • • Interface TenGigabitEthernet 1/21/1 ip pim sparse-mode ip address 10.11.12.
Location Description • • ip address 10.11.13.1/24 no shutdown 2/1/1 • • • • Interface TenGigabitEthernet 2/1/1 ip pim sparse-mode ip address 10.11.1.1/24 no shutdown 2/11/1 • • • • Interface TenGigabitEthernet 2/11/1 ip pim sparse-mode ip address 10.11.12.2/24 no shutdown 2/31/1 • • • • Interface TenGigabitEthernet 2/31 ip pim sparse-mode ip address 10.11.23.1/24 no shutdown 3/1/1 • • • • Interface TenGigabitEthernet 3/1/1 ip pim sparse-mode ip address 10.11.5.
Preventing a PIM Router from Processing a Join To permit or deny PIM Join/Prune messages on an interface using an extended IP access list, use the following command. NOTE: Dell Networking recommends not using the ip pim join-filter command on an interface between a source and the RP router. Using this command in this scenario could cause problems with the PIM-SM source registration process resulting in excessive traffic being sent to the CPU of both the RP and PIM DR of the source.
Object Tracking 31 IPv4 or IPv6 object tracking is available on Dell Networking OS. Object tracking allows the Dell Networking OS client processes, such as virtual router redundancy protocol (VRRP), to monitor tracked objects (for example, interface or link status) and take appropriate action when the state of an object changes. NOTE: In Dell Networking OS release version 8.4.1.0, object tracking is supported only on VRRP.
Figure 90. Object Tracking Example When you configure a tracked object, such as an IPv4/IPv6 a route or interface, you specify an object number to identify the object. Optionally, you can also specify: • UP and DOWN thresholds used to report changes in a route metric. • A time delay before changes in a tracked object’s state are reported to a client. Track Layer 2 Interfaces You can create an object to track the line-protocol state of a Layer 2 interface.
Track IPv4 and IPv6 Routes You can create an object that tracks an IPv4 or IPv6 route entry in the routing table. Specify a tracked route by its IPv4 or IPv6 address and prefix-length. Optionally specify a tracked route by a virtual routing and forwarding (VRF) instance name if the route to be tracked is part of a VRF. The nexthop address is not part of the definition of the tracked object.
• The resolution value used to map static routes is not configurable. By default, Dell Networking OS assigns a metric of 0 to static routes. • The resolution value used to map router information protocol (RIP) routes is not configurable. The RIP hop-count is automatically multiplied by 16 to scale it; a RIP metric of 16 (unreachable) scales to 256, which considers the route to be DOWN.
• • Port channel: Enter port-channel number. VLAN: Enter vlan vlan-id, where valid VLAN IDs are from 1 to 4094 A line-protocol object only tracks the link-level (UP/DOWN) status of a specified interface. When the linklevel status goes down, the tracked object status is DOWN; if the link-level status is up, the tracked object status is UP. To remove object tracking on a Layer 2 interface, use the no track object-id command.
• For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port/subport information. • For a 25-Gigabit Ethernet interface, enter the keyword twentyFiveGigE then the slot/port/subport information. • For a 50-Gigabit Ethernet interface, enter the keyword fiftyGigE then the slot/port/subport information. • For a 100-Gigabit Ethernet interface, enter the keyword hundredGigE then the slot/port information.
show track object-id Examples of Configuring Object Tracking for an IPv4 or IPv6 Interface Examples of Configuring Object Tracking for an IPv4 or IPv6 Interface The following is an example of configuring object tracking for an IPv4 interface: Dell(conf)#track 101 interface tengigabitethernet 7/2/1 ip routing Dell(conf-track-101)#delay up 20 Dell(conf-track-101)#description NYC metro Dell(conf-track-101)#end Dell#show track 101 Track 101 Interface TenGigabitEthernet 7/2/1 ip routing Description: NYC metro Th
To provide a common tracking interface for different clients, route metrics are scaled in the range from 0 to 255, where 0 is connected and 255 is inaccessible. The scaled metric value communicated to a client always considers a lower value to have priority over a higher value.
The default is 0. 3. (Optional) Identify the tracked object with a text description. OBJECT TRACKING mode description text The text string can be up to 80 characters. 4. (Optional) Display the tracking configuration and the tracked object’s status.
The range of resolution values is: • 2. ISIS routes - 1 to 1000. The default is 1. • OSPF routes - 1 to 1592. The efault is 1. Configure object tracking on the metric of an IPv4 or IPv6 route. CONFIGURATION mode track object-id {ip route ip-address/prefix-len | ipv6 route ipv6-address/ prefix-len} metric threshold [vrf vrf-name] Valid object IDs are from 1 to 65535. Enter an IPv4 address in dotted decimal format. Valid IPv4 prefix lengths are from /0 to /32. Enter an IPv6 address in X:X:X:X::X format.
Example of IPv4 and IPv6 Tracking Metric Thresholds Example of IPv4 and IPv6 Tracking Metric Thresholds The following example configures object tracking on the metric threshold of an IPv4 route: Dell(conf)#track 6 ip route 2.1.1.0/24 metric threshold Dell(conf-track-6)#delay down 20 Dell(conf-track-6)#delay up 20 Dell(conf-track-6)#description track ip route metric Dell(conf-track-6)#threshold metric down 40 Dell(conf-track-6)#threshold metric up 40 Dell(conf-track-6)#exit Dell(conf)#track 10 ip route 3.1.
5 changes, last change 00:02:16 First-hop interface is TenGigabitEthernet 1/2/1 Tracked by: VRRP TenGigabitEthernet 2/30/1 IPv6 VRID 1 Track 4 Interface TenGigabitEthernet 1/4/1 ip routing IP routing is Up 3 changes, last change 00:03:30 Tracked by: Example of the show track brief Command Router# show track brief ResId State 1 Resource LastChange IP route reachability Parameter 10.16.0.
Open Shortest Path First (OSPFv2 and OSPFv3) 32 Open shortest path first (OSPFv2 for IPv4) and OSPF version 3 (OSPF for IPv6) are supported on Dell Networking OS. This chapter provides a general description of OSPFv2 (OSPF for IPv4) and OSPFv3 (OSPF for IPv6) as supported in the Dell Networking Operating System (OS). NOTE: The fundamental mechanisms of OSPF (flooding, DR election, area support, SPF calculations, and so on) are the same between OSPFv2 and OSPFv3.
Areas allow you to further organize your routers within in the AS. One or more areas are required within the AS. Areas are valuable in that they allow sub-networks to "hide" within the AS, thus minimizing the size of the routing tables on all routers. An area within the AS may not see the details of another area’s topology. AS areas are known by their area number or the router’s IP address. Figure 91. Autonomous System Areas Area Types The backbone of the network is Area 0. It is also called Area 0.0.0.
The backbone is the only area with a default area number. All other areas can have their Area ID assigned in the configuration. In the previous example, Routers A, B, C, G, H, and I are the Backbone. • A stub area (SA) does not receive external route information, except for the default route. These areas do receive information from inter-area (IA) routes. NOTE: Configure all routers within an assigned stub area as stubby, and not generate LSAs that do not apply.
Figure 92. OSPF Routing Examples Backbone Router (BR) A backbone router (BR) is part of the OSPF Backbone, Area 0. This includes all ABRs. It can also include any routers that connect only to the backbone and another ABR, but are only part of Area 0, such as Router I in the previous example. Area Border Router (ABR) Within an AS, an area border router (ABR) connects one or more areas to the backbone.
An ABR can connect to many areas in an AS, and is considered a member of each area it connects to. Autonomous System Border Router (ASBR) The autonomous system border area router (ASBR) connects to more than one AS and exchanges information with the routers in other ASs. Generally, the ASBR connects to a non-interior gate protocol (IGP) such as BGP or uses static routes.
• Type 5: LSA — These LSAs contain information imported into OSPF from other routing processes. They are flooded to all areas, except stub areas. The link-state ID of the Type 5 LSA is the external network number. • Type 7: External LSA — Routers in an NSSA do not receive external LSAs from ABRs, but are allowed to send external routing information for redistribution.
Router Priority and Cost Router priority and cost is the method the system uses to “rate” the routers. For example, if not assigned, the system selects the router with the highest priority as the DR. The second highest priority is the BDR. • Priority is a numbered rating 0 to 255. The higher the number, the higher the priority. • Cost is a numbered rating 1 to 65535. The higher the number, the greater the cost. The cost assigned reflects the cost should the router fail.
Dell Networking OS supports stub areas, totally stub (no summary) and not so stubby areas (NSSAs) and supports the following LSAs, as described earlier.
OSPFv2 supports helper-only and restarting-only roles. By default, both helper and restarting roles are enabled. OSPFv2 supports the helper-reject role globally on a router. OSPFv3 supports helper-only and restarting-only roles. The helper-only role is enabled by default. To enable the restarting role in addition to the helper-only role, configure a grace period. Reconfigure OSPFv3 graceful restart to a restarting-only role when you enable the helper-reject role on an interface.
Processing SNMP and Sending SNMP Traps Only the process in default vrf can process the SNMP requests and send SNMP traps. NOTE: SNMP gets request corresponding to the OspfNbrOption field in the OspfNbrTable returns a value of 66. RFC-2328 Compliant OSPF Flooding In OSPF, flooding is the most resource-consuming task. The flooding algorithm described in RFC 2328 requires that OSPF flood LSAs on all interfaces, as governed by LSA’s flooding scope (refer to Section 13 of the RFC.
To confirm that you enabled RFC-2328–compliant OSPF flooding, use the show ip ospf command. Dell#show ip ospf Routing Process ospf 1 with ID 2.2.2.
Adjacent with neighbor 1.1.1.1 (Backup Designated Router) Dell (conf-if-te-2/2/1)# Configuration Information The interfaces must be in Layer 3 mode (assigned an IP address) and enabled so that they can send and receive traffic. The OSPF process must know about these interfaces. To make the OSPF process aware of these interfaces, they must be assigned to OSPF areas. You must configure OSPF GLOBALLY on the system in CONFIGURATION mode.
Dell(conf)#router ospf 1 Dell(conf-router_ospf-1)#timer spf 2 5 Dell(conf-router_ospf-1)# Dell(conf-router_ospf-1)#show config ! router ospf 1 timers spf 2 5 Dell(conf-router_ospf-1)# Dell(conf-router_ospf-1)#end Dell# For a complete list of the OSPF commands, refer to the OSPF section in the Dell Networking OS Command Line Reference Guide document. Enabling OSPFv2 To enable Layer 3 routing, assign an IP address to an interface (physical or Loopback).
If you try to enter an OSPF process ID, or if you try to enable more OSPF processes than available Layer 3 interfaces, prior to assigning an IP address to an interface and setting the no shutdown command, the following message displays: Dell(conf)#router ospf 1 % Error: No router ID available. Assigning a Router ID In CONFIGURATION ROUTER OSPF mode, assign the router ID. The router ID is not required to be the router’s IP address.
• Enable OSPFv2 on an interface and assign a network address range to a specific OSPF area. CONFIG-ROUTER-OSPF-id mode network ip-address mask area area-id The IP Address Format is A.B.C.D/M. The area ID range is from 0 to 65535 or A.B.C.D/M. Enable OSPFv2 on Interfaces Enable and configure OSPFv2 on each interface (configure for Layer 3 protocol), and not shutdown. You can also assign OSPFv2 to a Loopback interface as a virtual interface.
Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 11.1.2.1, Interface address 10.2.2.1 Backup Designated Router (ID) 0.0.0.0, Interface address 0.0.0.0 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:04 Neighbor Count is 0, Adjacent neighbor count is 0 TenGigabitEthernet 1/21/1 is up, line protocol is up Internet Address 10.2.3.1/24, Area 0.0.0.0 Process ID 1, Router ID 11.1.2.
3. Enter ROUTER OSPF mode. CONFIGURATION mode router ospf process-id [vrf] Process ID is the ID assigned when configuring OSPFv2 globally. 4. Configure the area as a stub area. CONFIG-ROUTER-OSPF-id mode area area-id stub [no-summary] Use the keywords no-summary to prevent transmission into the area of summary ASBR LSAs. Area ID is the number or IP address assigned when creating the area.
– For a 50-Gigabit Ethernet interface, enter the keyword fiftyGigE then the slot/port/subport information. – For a 100-Gigabit Ethernet interface, enter the keyword hundredGigE then the slot/port information. – For a port channel interface, enter the keywords port-channel then a number. – For a VLAN interface, enter the keyword vlan then a number from 1 to 4094 (for example, passive-interface vlan 2222 ). The keyword default sets all interfaces on this OSPF process as passive.
To enable or disable fast-convergence, use the following command. • Enable OSPF fast-convergence and specify the convergence level. CONFIG-ROUTEROSPF- id mode fast-convergence {number} The parameter range is from 1 to 4. The higher the number, the faster the convergence. When disabled, the parameter is set at 0. NOTE: A higher convergence level can result in occasional loss of OSPF adjacency. Generally, convergence level 1 meets most convergence requirements.
ip ospf cost • – cost: The range is from 1 to 65535 (the default depends on the interface speed). Change the time interval the router waits before declaring a neighbor dead. CONFIG-INTERFACE mode ip ospf dead-interval seconds – seconds: the range is from 1 to 65535 (the default is 40 seconds). The dead interval must be four times the hello interval. • The dead interval must be the same on all routers in the OSPF network. Change the time interval between hello-packet transmission.
– seconds: the range is from 1 to 65535 (the default is 1 second). The transmit delay must be the same on all routers in the OSPF network. Example of Changing and Verifying the cost Parameter and Viewing Interface Status To view interface configurations, use the show config command in CONFIGURATION INTERFACE mode. To view interface status in the OSPF process, use the show ip ospf interface command in EXEC mode. The bold lines in the example show the change on the interface.
after the authentication change wait timer expires; OSPF accepts both the old as well as new authentication schemes for a time period that is equal to two times the configured authentication change wait timer. After this time period, OSPF accepts only the new authentication scheme. This transmission stops when the period ends. The default is 0 seconds. Enabling OSPFv2 Graceful Restart Graceful restart is enabled for the global OSPF process.
• Helper-only: the OSPFv2 router supports graceful-restart only as a helper router. • Restart-only: the OSPFv2 router supports graceful-restart only during unplanned restarts. By default, OSPFv2 supports both restarting and helper roles. Selecting one or the other role restricts OSPFv2 to the single selected role. To disable OSPFv2 graceful-restart after you have enabled it, use the no graceful-restart graceperiod command in CONFIG-ROUTEROSPF- id mode.
– le max-prefix-length: is the maximum prefix length to match (from 0 to 32). For configuration information about prefix lists, refer to Access Control Lists (ACLs). Applying Prefix Lists To apply prefix lists to incoming or outgoing OSPF routes, use the following commands. • Apply a configured prefix list to incoming OSPF routes. CONFIG-ROUTEROSPF-id mode • distribute-list prefix-list-name in [interface] Assign a configured prefix list to outgoing OSPF routes.
Troubleshooting OSPFv2 Use the information in this section to troubleshoot OSPFv2 operation on the switch. Be sure to check the following, as these questions represent typical issues that interrupt an OSPFv2 process. NOTE: The following tasks are not a comprehensive; they provide some examples of typical troubleshooting checks.
To view debug messages for a specific OSPF process ID, use the debug ip ospf process-id command. If you do not enter a process ID, the command applies to the first OSPF process. To view debug messages for a specific operation, enter one of the optional keywords: – event: view OSPF event messages. – packet: view OSPF packet information. – spf: view SPF information. – database-timers rate-limit: view the LSAs currently in the queue.
Figure 94. Basic Topology and CLI Commands for OSPFv2 OSPF Area 0 — Te 1/1 and 1/2 router ospf 11111 network 10.0.11.0/24 area 0 network 10.0.12.0/24 area 0 network 192.168.100.0/24 area 0 ! interface TenGigabitEthernet 1/1/1 ip address 10.1.11.1/24 no shutdown ! interface TenGigabitEthernet 1/2/1 ip address 10.2.12.2/24 no shutdown ! interface Loopback 10 ip address 192.168.100.100/24 no shutdown OSPF Area 0 — Te 3/1 and 3/2 router ospf 33333 network 192.168.100.0/24 area 0 network 10.0.13.
OSPF Area 0 — Te 2/1 and 2/2 router ospf 22222 network 192.168.100.0/24 area 0 network 10.2.21.0/24 area 0 network 10.2.22.0/24 area 0 ! interface Loopback 20 ip address 192.168.100.20/24 no shutdown ! interface TenGigabitEthernet 2/1/1 ip address 10.2.21.2/24 no shutdown ! interface TenGigabitEthernet 2/2/1 ip address 10.2.22.
Example Dell#conf Dell(conf)#ipv6 router ospf 1 Dell(conf-ipv6-router_ospf)#timer spf 2 5 Dell(conf-ipv6-router_ospf)# Dell(conf-ipv6-router_ospf)#show config ! ipv6 router ospf 1 timers spf 2 5 Dell(conf-ipv6-router_ospf)# Dell(conf-ipv6-router_ospf)#end Dell# Enabling IPv6 Unicast Routing To enable IPv6 unicast routing, use the following command. • Enable IPv6 unicast routing globally.
ipv6 ospf process-id area area-id – process-id: the process ID number assigned. – area-id: the area ID for this interface. Assigning OSPFv3 Process ID and Router ID Globally To assign, disable, or reset OSPFv3 globally, use the following commands. • Enable the OSPFv3 process globally and enter OSPFv3 mode. CONFIGURATION mode ipv6 router ospf {process ID} • The range is from 0 to 65535. Assign the router ID for this OSPFv3 process. CONF-IPV6-ROUTER-OSPF mode router-id {number} – number: the IPv4 address.
NOTE: Enter the router-id for an OSPFv3 router as an IPv4 IP address. • Disable OSPF. CONFIGURATION mode • no ipv6 router ospf process-id} Reset the OSPFv3 process. EXEC Privilege mode clear ipv6 ospf process Configuring Stub Areas To configure IPv6 stub areas, use the following command. • Configure the area as a stub area. CONF-IPV6-ROUTER-OSPF mode area area-id stub [no-summary] – no-summary: use these keywords to prevent transmission in to the area of summary ASBR LSAs.
Redistributing Routes You can add routes from other routing instances or protocols to the OSPFv3 process. With the redistribute command, you can include RIP, static, or directly connected routes in the OSPF process. Route redistribution is also supported between OSPF Routing process IDs. To add redistributing routes, use the following command. • Specify which routes are redistributed into the OSPF process.
period command. The grace period is the time that the OSPFv3 neighbors continue to advertise the restarting router as though it is fully adjacent. When you enable graceful restart (restarting role), an OSPFv3 restarting expects its OSPFv3 neighbors to help when it restarts by not advertising the broken link. When you enable the helper-reject role on an interface using the ipv6 ospf graceful-restart helper-reject command, you reconfigure OSPFv3 graceful restart to function in a restarting-only role.
EXEC Privilege mode • show ipv6 ospf database grace-lsa Display the currently configured OSPFv3 parameters for graceful restart (shown in the following example). EXEC Privilege mode show ipv6 ospf database database-summary Examples of the Graceful Restart show Commands The following example shows the show run ospf command. Dell#show run ospf ! router ospf 1 router-id 200.1.1.1 log-adjacency-changes graceful-restart grace-period 180 network 20.1.1.0/24 area 0 network 30.1.1.
Type-11 Grace LSA (Area 0) LS Age Link State ID Advertising Router LS Seq Number Checksum Length Associated Interface Restart Interval Restart Reason : : : : : : : : : 10 6.16.192.66 100.1.1.1 0x80000001 0x1DF1 36 Te 5/3/1 180 Switch to Redundant Processor OSPFv3 Authentication Using IPsec OSPFv3 uses IPsec to provide authentication for OSPFv3 packets. IPsec authentication ensures security in the transmission of OSPFv3 packets between IPsec-enabled routers.
You decide the set of IPsec protocols that are employed for authentication and encryption and the ways in which they are employed. When you correctly implement and deploy IPsec, it does not adversely affect users or hosts. AH and ESP are designed to be cryptographic algorithm-independent. OSPFv3 Authentication Using IPsec: Configuration Notes OSPFv3 authentication using IPsec is implemented according to the specifications in RFC 4552.
– Configuring IPsec Encryption for an OSPFv3 Area – Displaying OSPFv3 IPsec Security Policies Configuring IPsec Authentication on an Interface To configure, remove, or display IPsec authentication on an interface, use the following commands.
• Enable IPsec encryption for OSPFv3 packets on an IPv6-based interface. INTERFACE mode ipv6 ospf encryption {null | ipsec spi number esp encryption-algorithm [keyencryption-type] key authentication-algorithm [key-authentication-type] key} – null: causes an encryption policy configured for the area to not be inherited on the interface. – ipsec spi number: is the security policy index (SPI) value. The range is from 256 to 4294967295.
• Enable IPSec authentication for OSPFv3 packets in an area. CONF-IPV6-ROUTER-OSPF mode area-id authentication ipsec spi number {MD5 | SHA1} [key-encryption-type] key – area area-id: specifies the area for which OSPFv3 traffic is to be authenticated. For area-id, enter a number or an IPv6 prefix. – spi number: is the SPI value. The range is from 256 to 4294967295. – MD5 | SHA1: specifies the authentication type: message digest 5 (MD5) or Secure Hash Algorithm 1 (SHA-1).
– key: specifies the text string used in the encryption. All neighboring OSPFv3 routers must share the same key to decrypt information. The required lengths of a non-encrypted or encrypted key are: 3DES - 48 or 96 hex digits; DES - 16 or 32 hex digits; AES-CBC - 32 or 64 hex digits for AES-128 and 48 or 96 hex digits for AES-192. – key-encryption-type: (optional) specifies if the key is encrypted. Valid values: 0 (key is not encrypted) or 7 (key is encrypted).
– For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. Examples of the show crypto ipsec Commands In the first example, the keys are not encrypted (shown in bold). In the second and third examples, the keys are encrypted (shown in bold). The following example shows the show crypto ipsec policy command.
STATUS : ACTIVE outbound ah sas spi : 500 (0x1f4) transform : ah-md5-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE inbound esp sas outbound esp sas Interface: TenGigabitEthernet 1/2/1 Link Local address: fe80::201:e8ff:fe40:4d11 IPSecv6 policy name: OSPFv3-1-600 inbound ah sas outbound ah sas inbound esp sas spi : 600 (0x258) transform : esp-des esp-sha1-hmac in use settings : {Transport, } replay detection support : N STATUS : ACTIVE outbound esp sas spi : 600 (0x258) tr
• show virtual links • show ipv6 routes Viewing Summary Information To get general route, configuration, links status, and debug information, use the following commands. • View the summary information of the IPv6 routes. EXEC Privilege mode • show ipv6 route [vrf vrf-name] summary View the summary information for the OSPFv3 database. EXEC Privilege mode • show ipv6 ospf [vrf vrf-name] database View the configuration of OSPFv3 neighbors.
Policy-based Routing (PBR) 33 Policy-based routing (PBR) allows a switch to make routing decisions based on policies applied to an interface. Overview When a router receives a packet, the router decides where to forward the packet based on the destination address in the packet, which is used to look up an entry in a routing table. However, in some cases, there may be a need to forward the packet based on other criteria: size, source, protocol type, destination, and so on.
To enable PBR, create a redirect list. Redirect lists are defined by rules or routing policies.
seq 5 permit ip 200.200.200.200 200.200.200.200 199.199.199.199 199.199.199.199 seq 10 redirect 1.1.1.2 tcp 234.224.234.234 255.234.234.234 222.222.222.222/24 seq 40 ack, Next-hop reachable(via Te 1/4/1) Applied interfaces: Te 1/2/1 Hot-Lock PBR Ingress and egress Hot lock PBR allows you to add or delete new rules into an existing policy (already written into content address memory [CAM]) without disruption to traffic flow.
CONFIGURATION mode ip redirect-list redirect-list-name redirect-list-name: 16 characters. To delete the redirect list, use the no ip redirect-list command. The following example creates a redirect list by the name of xyz. Dell(conf)#ip redirect-list ? WORD Redirect-list name (max 16 chars) Dell(conf)#ip redirect-list xyz Create a Rule for a Redirect-list To set the rules for the redirect list, use the following command. You can enter the command multiple times and create a sequence of redirect rules.
• Destination address with mask information Example: Creating a Rule Dell(conf-redirect-list)#redirect ? A.B.C.D Forwarding router's address Dell(conf-redirect-list)#redirect 3.3.3.3 ? <0-255> An IP protocol number icmp Internet Control Message Protocol ip Any Internet Protocol tcp Transmission Control Protocol udp User Datagram Protocol Dell(conf-redirect-list)#redirect 3.3.3.3 ip ? A.B.C.D Source address any Any source host host A single source host Dell(conf-redirect-list)#redirect 3.3.3.3 ip 222.1.1.
A recursive route is a route for which the immediate next-hop address is learned dynamically through a routing protocol and acquired through a route lookup in the routing table. You can configure multiple recursive routes in a redirect list by entering multiple seq redirect commands with the same source and destination address and specify a different next-hop IP address. In this way, the recursive routes are used as different forwarding routes for dynamic failover.
In addition to supporting multiple redirect-lists in a redirect-group, multiple redirect-groups are supported on a single interface. Dell Networking OS has the capability to support multiple groups on an interface for backup purposes. Show Redirect List Configuration To view the configuration redirect list configuration, use the following commands. 1. View the redirect list configuration and the associated interfaces. EXEC mode show ip redirect-list redirect-list-name 2.
Use the show ip redirect-list (without the list name) to display all the redirect-lists configured on the device. Dell#show ip redirect-list IP redirect-list rcl0: Defined as: seq 5 permit ip 200.200.200.200 200.200.200.200 199.199.199.199 199.199.199.199 seq 10 redirect 1.1.1.2 tcp 234.224.234.234 255.234.234.234 222.222.222.
Policy-based Routing (PBR)
PIM Sparse-Mode (PIM-SM) 34 Protocol-independent multicast sparse-mode (PIM-SM) is a multicast protocol that forwards multicast traffic to a subnet only after a request using a PIM Join message; this behavior is the opposite of PIMDense mode, which forwards multicast traffic to all subnets until a request to stop. Implementation Information The following information is necessary for implementing PIM-SM.
3. If a host on the same subnet as another multicast receiver sends an IGMP report for the same multicast group, the gateway takes no action. If a router between the host and the RP receives a PIM Join message for which it already has a (*,G) entry, the interface on which the message was received is added to the outgoing interface list associated with the (*,G) entry, and the message is not (and does not need to be) forwarded towards the RP.
Configuring PIM-SM Configuring PIM-SM is a three-step process. 1. Enable multicast routing (refer to the following step). 2. Select a rendezvous point. 3. Enable PIM-SM on an interface. Enable multicast routing. CONFIGURATION mode ip multicast-routing Related Configuration Tasks The following are related PIM-SM configuration tasks.
To display PIM neighbors for each interface, use the show ip pim neighbor command EXEC Privilege mode. Dell#show ip Neighbor Address 127.87.5.5 127.87.3.5 127.87.50.5 Dell# pim neighbor Interface Uptime/Expires Te 1/11/1 Te 1/12/1 Te 2/13/1 Ver 01:44:59/00:01:16 01:45:00/00:01:16 00:03:08/00:01:37 DR Prio/Mode v2 1 / S v2 1 / DR v2 1 / S To display the PIM routing table, use the show ip pim tib command from EXEC privilege mode.
ip pim sparse-mode sg-expiry-timer seconds sg-list access-list-name The range is from 211 to 86,400 seconds. The default is 210. Example Configuring an (S,G) Expiry Time NOTE: The expiry time configuration is nullified and the default global expiry time is used if: • • an ACL is specified in the ip pim sparse-mode sg-expiry-timer command, but the ACL has not been created or is a standard ACL. if the expiry time is specified for an (S,G) entry in a deny rule.
• Use the override option to override bootstrap router updates with your static RP configuration. ip pim rp-address Examples of Viewing the Rendezvous Point (Multicast Group) Information To display the assigned RP for a group, use the show ip pim rp command from EXEC privilege mode. Dell#show ip Group 225.0.1.40 226.1.1.1 pim rp RP 165.87.50.5 165.87.50.5 To display the assigned RP for a group range (group-to-RP mapping), use the show ip pim rp mapping command in EXEC privilege mode.
• ip pim bsr-border Remove candidate RP advertisements.
PIM Source-Specific Mode (PIM-SSM) 35 PIM source-specific mode (PIM-SSM) is a multicast protocol that forwards multicast traffic from a single source to a subnet. In the other versions of protocol independent multicast (PIM), a receiver subscribes to a group only. The receiver receives traffic not just from the source in which it is interested but from all sources sending to that group.
Configure PIM-SSM Configuring PIM-SSM is a two-step process. 1. Configure PIM-SSM. 2. Enable PIM-SSM for a range of addresses. Related Configuration Tasks • Use PIM-SSM with IGMP Version 2 Hosts Enabling PIM-SSM To enable PIM-SSM, follow these steps. 1. Create an ACL that uses permit rules to specify what range of addresses should use SSM. CONFIGURATION mode ip access-list standard name 2. Enter the ip pim ssm-range command and specify the ACL you created.
• You may enter multiple ssm-map commands for different access lists. You may also enter multiple ssm-map commands for the same access list, as long as they use different source addresses. • When an extended ACL is associated with this command, Dell Networking OS displays an error message. If you apply an extended ACL before you create it, Dell Networking OS accepts the configuration, but when the ACL is later defined, Dell Networking OS ignores the ACL and the stated mapping has no effect.
Uptime 00:00:05 Expires Never Router mode INCLUDE Last reporter 10.11.4.2 Last reporter mode INCLUDE Last report received ALLOW Group source list Source address Uptime Expires 10.11.5.
36 Port Monitoring Port monitoring (also referred to as mirroring ) allows you to monitor ingress and/or egress traffic on specified ports. The mirrored traffic can be sent to a port to which a network analyzer is connected to inspect or troubleshoot the traffic. Mirroring is used for monitoring Ingress or Egress or both Ingress and Egress traffic on a specific port(s). This mirrored traffic can be sent to a port where a network sniffer can connect and monitor the traffic.
Port Monitoring Port monitoring is supported on both physical and logical interfaces, such as VLAN and port-channel interfaces. The source port (MD) with monitored traffic and the destination ports (MG) to which an analyzer can be attached must be on the same switch. You can configure up to 128 source ports in a monitoring session. Only one destination port is supported in a monitoring session. The supports multiple source-destination statements in a single monitor session.
rx ! Dell Networking OS Behavior: All monitored frames are tagged if the configured monitoring direction is egress (TX), regardless of whether the monitored port (MD) is a Layer 2 or Layer 3 port. If the MD port is a Layer 2 port, the frames are tagged with the VLAN ID of the VLAN to which the MD belongs. If the MD port is a Layer 3 port, the frames are tagged with VLAN ID 4095. If the MD port is in a Layer 3 VLAN, the frames are tagged with the respective Layer 3 VLAN ID.
Dell(conf)#monitor session 0 Dell(conf-mon-sess-0)#source po 10 dest ten 1/2/1 dir rx Dell(conf-mon-sess-0)#do show monitor session SessID Source Destination Dir Mode Source IP ------ ------------------ ---- --------0 Te 1/1/1 Te 1/2/1 rx Port N/A 0 Po 10 Te 1/2/1 rx Port N/A Dest IP -------N/A N/A Dell(conf)#monitor session 1 Dell(conf-mon-sess-1)#source vl 40 dest ten 1/3/1 dir rx Dell(conf-mon-sess-1)#flow-based enable Dell(conf-mon-sess-1)#exit Dell(conf)#do show monitor session SessID Source Destinat
Configuring Monitor Multicast Queue To configure monitor QoS multicast queue ID, use the following commands. 1. Configure monitor QoS multicast queue ID. CONFIGURATION mode monitor multicast-queue queue-id Dell(conf)#monitor multicast-queue 7 2. Verify information about monitor configurations.
Remote Port Mirroring While local port monitoring allows you to monitor traffic from one or more source ports by directing it to a destination port on the same switch/router, remote port mirroring allows you to monitor Layer 2 and Layer 3 ingress and/or egress traffic on multiple source ports on different switches and forward the mirrored traffic to multiple destination ports on different switches.
Figure 96. Remote Port Mirroring Configuring Remote Port Mirroring Remote port mirroring requires a source session (monitored ports on different source switches), a reserved tagged VLAN for transporting mirrored traffic (configured on source, intermediate, and destination switches), and a destination session (destination ports connected to analyzers on destination switches).
• The L3 interface configuration should be blocked for RPM VLAN. • The member port of the reserved VLAN should have MTU and IPMTU value as MAX+4 (to hold the VLAN tag parameter). • To associate with source session, the reserved VLAN can have at max of only 4 member ports. • To associate with destination session, the reserved VLAN can have multiple member ports.
• You can configure the same source port to be used in multiple source sessions. • You cannot configure a source port channel or source VLAN in a source session if the port channel or VLAN has a member port that is configured as a destination port in a remote-port mirroring session. • A destination port for remote port mirroring cannot be used as a source port, including the session in which the port functions as the destination port. • A destination port cannot be used in any spanning tree instance.
destination switches), and a destination session (destination ports connected to analyzers on destination switches). Table 62. Configuration Steps for RPM Step Command Purpose 1 configure terminal Enter global configuration mode. 2 monitor session type rpm The needs to be unique and not already defined in the box specifying type as 'rpm' defines a RPM session.
Dell(conf)#inte te 1/30/1 Dell(conf-if-te-1/30)#no shutdown Dell(conf-if-te-1/30)#switchport Dell(conf-if-te-1/30)#exit Dell(conf)#interface vlan 30 Dell(conf-if-vl-30)#mode remote-port-mirroring Dell(conf-if-vl-30)#tagged te 1/30/1 Dell(conf-if-vl-30)#exit Dell(conf)#interface port-channel 10 Dell(conf-if-po-10)#channel-member te 1/28/1 - 1/28/2 Dell(conf-if-po-10)#no shutdown Dell(conf-if-po-10)#exit Dell(conf)#monitor session 3 type rpm Dell(conf-mon-sess-3)#source port-channel 10 dest remote-vlan 30 dir
Dell(conf)#monitor session 1 type rpm Dell(conf-mon-sess-1)#source remote-vlan 10 dest te 1/4/1 Dell(conf-mon-sess-1)#exit Dell(conf)#monitor session 2 type rpm Dell(conf-mon-sess-2)#source remote-vlan 20 destination te 1/5/1 Dell(conf-mon-sess-2)#tagged destination te 1/5/1 Dell(conf-mon-sess-2)#exit Dell(conf)#monitor session 3 type rpm Dell(conf-mon-sess-3)#source remote-vlan 30 destination te 1/6/1 Dell(conf-mon-sess-3)#tagged destination te 1/6/1 Dell(conf-mon-sess-3)#end Dell# Dell#show monitor sessio
Encapsulated Remote Port Monitoring Encapsulated Remote Port Monitoring (ERPM) copies traffic from source ports/port-channels or source VLANs and forwards the traffic using routable GRE-encapsulated packets to the destination IP address specified in the session. Important: When configuring ERPM, follow these guidelines • The Dell Networking OS supports ERPM source session only. Encapsulated packets terminate at the destination IP address or at the analyzer.
The session number needs to be unique and not already defined. 3 source { interface | range } direction {rx | tx | both} Specify the source port or range of ports. Specify the ingress (rx), egress (tx), or both ingress and egress traffic to be monitored. You can enter mulitple source statements in an ERPM monitoring session 4 erpm source-ip dest-ip Specify the source IP address and the destination IP address to which encapsulated mirrored traffic is sent.
ERPM Behavior on a typical Dell Networking OS The Dell Networking OS is designed to support only the Encapsulation of the data received / transmitted at the specified source port (Port A). An ERPM destination session / decapsulation of the ERPM packets at the destination Switch are not supported. Figure 97.
– Start capture of ERPM packets on the Sniffer and save it to the trace file (for example : erpmwithheader.pcap). – The Header that gets attached to the packet is 38 bytes long. In case of a packet with L3 VLAN, it would be 42 bytes long. The original payload /original mirrored data starts from the 39th byte in a given ERPM packet. The first 38/42 bytes of the header needs to be ignored/ chopped off. – Some tools support options to edit the capture file.
Per-VLAN Spanning Tree Plus (PVST+) 37 Per-VLAN spanning tree plus (PVST+) is a variation of spanning tree — developed by a third party — that allows you to configure a separate spanning tree instance for each virtual local area network (VLAN). Protocol Overview PVST+ is a variation of spanning tree — developed by a third party — that allows you to configure a separate spanning tree instance for each virtual local area network (VLAN).
Table 64. Spanning Tree Variations Dell Networking OS Supports Dell Networking Term IEEE Specification Spanning Tree Protocol (STP) 802 .1d Rapid Spanning Tree Protocol (RSTP) 802 .1w Multiple Spanning Tree Protocol (MSTP) 802 .1s Per-VLAN Spanning Tree Plus (PVST+) Third Party Implementation Information • The Dell Networking OS implementation of PVST+ is based on IEEE Standard 802.1w. • The Dell Networking OS implementation of PVST+ uses IEEE 802.
PROTOCOL PVST mode no disable Disabling PVST+ To disable PVST+ globally or on an interface, use the following commands. • Disable PVST+ globally. PROTOCOL PVST mode • disable Disable PVST+ on an interface, or remove a PVST+ parameter configuration. INTERFACE mode no spanning-tree pvst Example of Viewing PVST+ Configuration To display your PVST+ configuration, use the show config command from PROTOCOL PVST mode.
Figure 99. Load Balancing with PVST+ The bridge with the bridge value for bridge priority is elected root. Because all bridges use the default priority (until configured otherwise), the lowest MAC address is used as a tie-breaker. To increase the likelihood that a bridge is selected as the STP root, assign bridges a low non-default value for bridge priority. To assign a bridge priority, use the following command. • Assign a bridge priority.
Root Bridge hello time 2, max age 20, forward delay 15 Bridge Identifier has priority 4096, Address 0001.e80d.b6d6 Configured hello time 2, max age 20, forward delay 15 We are the root of VLAN 100 Current root has priority 4096, Address 0001.e80d.b6d6 Number of topology changes 5, last change occurred 00:34:37 ago on Te 1/32/1 Port 375 (TenGigabitEthernet 1/22/1) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.375 Designated root has priority 4096, address 0001.e80d.
vlan max-age The range is from 6 to 40. The default is 20 seconds. The values for global PVST+ parameters are given in the output of the show spanning-tree pvst command. Modifying Interface PVST+ Parameters You can adjust two interface parameters (port cost and port priority) to increase or decrease the probability that a port becomes a forwarding port. • Port cost — a value that is based on the interface type. The greater the port cost, the less likely the port is selected to be a forwarding port.
The default is 128. The values for interface PVST+ parameters are given in the output of the show spanning-tree pvst command, as previously shown. Configuring an EdgePort The EdgePort feature enables interfaces to begin forwarding traffic approximately 30 seconds sooner. In this mode an interface forwards frames by default until it receives a BPDU that indicates that it should behave otherwise; it does not go through the Learning and Listening states.
spanning-tree pvst err-disable cause invalid-pvst-bpdu command. After you configure this command, if the port receives a PVST+ BPDU, the BPDU is dropped and the port remains operational. Enabling PVST+ Extend System ID In the following example, ports P1 and P2 are untagged members of different VLANs. These ports are untagged because the hub is VLAN unaware. There is no data loop in this scenario; however, you can employ PVST+ to avoid potential misconfigurations.
PVST+ Sample Configurations The following examples provide the running configurations for the topology shown in the previous illustration.
no shutdown ! protocol spanning-tree pvst no disable vlan 200 bridge-priority 4096 Example of PVST+ Configuration (R3) interface TenGigabitEthernet 3/12/1 no ip address switchport no shutdown ! interface TenGigabitEthernet 3/22/1 no ip address switchport no shutdown ! interface Vlan 100 no ip address tagged TenGigabitEthernet 3/12,22/1 no shutdown ! interface Vlan 200 no ip address tagged TenGigabitEthernet 3/12,22/1 no shutdown ! interface Vlan 300 no ip address tagged TenGigabitEthernet 3/12,22/1 no shutd
38 Quality of Service (QoS) This chapter describes how to use and configure Quality of Service service (QoS) features on the switch. Differentiated service is accomplished by classifying and queuing traffic, and assigning priorities to those queues. Table 66.
Feature Direction Configure a Scheduler to Queue Egress Specify WRED Drop Precedence Egress Create Policy Maps Ingress + Egress Create Input Policy Maps Ingress Honor DSCP Values on Ingress Packets Ingress Honoring dot1p Values on Ingress Packets Ingress Create Output Policy Maps Egress Specify an Aggregate QoS Policy Egress Create Output Policy Maps Egress Enabling QoS Rate Adjustment Enabling StrictPriority Queueing Weighted Random Early Detection Egress Create WRED Profiles Egress
Figure 101. Dell Networking QoS Architecture Implementation Information The Dell Networking QoS implementation complies with IEEE 802.1p User Priority Bits for QoS Indication.
• Setting dot1p Priorities for Incoming Traffic • Honoring dot1p Priorities on Ingress Traffic • Configuring Port-Based Rate Policing • Configuring Port-Based Rate Shaping Setting dot1p Priorities for Incoming Traffic Dell Networking OS places traffic marked with a priority in a queue based on the following table. If you set a dot1p priority for a port-channel, all port-channel members are configured with the same value. You cannot assign a dot1p value to an individual interface in a port-channel.
Example of Configuring an Interface to Honor dot1p Priorities on Ingress Traffic Dell#configure terminal Dell(conf)#interface tengigabitethernet 1/1/1 Dell(conf-if-te-1/1/1)#service-class dynamic dot1p Dell(conf-if-te-1/1/1)#end Priority-Tagged Frames on the Default VLAN Priority-tagged frames are 802.1Q tagged frames with VLAN ID 0. For VLAN classification, these packets are treated as untagged. However, the dot1p value is still honored when you configure service-class dynamic dot1p or trust dot1p.
Traffic Monitor 2: normal Out of profile yellow 0 Traffic Monitor 3: normal Out of profile yellow 0 Traffic Monitor 4: normal Out of profile yellow 0 NA peak NA red 0 NA peak NA red 0 NA peak NA red 0 Configuring Port-Based Rate Shaping Rate shaping buffers, rather than drops, traffic exceeding the specified rate until the buffer is exhausted. If any stream exceeds the configured bandwidth on a continuous basis, it can consume all of the buffer space that is allocated to the port.
Policy-Based QoS Configurations Policy-based QoS configurations consist of the components shown in the following example. Figure 102. Constructing Policy-Based QoS Configurations Classify Traffic Class maps differentiate traffic so that you can apply separate quality of service policies to different types of traffic. For both class maps, Layer 2 and Layer 3, Dell Networking OS matches packets against match criteria in the order that you configure them.
Creating a Layer 3 Class Map A Layer 3 class map differentiates ingress packets based on the DSCP value or IP precedence, and characteristics defined in an IP ACL. You can also use VLAN IDs and VRF IDs to classify the traffic using layer 3 class-maps. You may specify more than one DSCP and IP precedence value, but only one value must match to trigger a positive match for the class map. NOTE: IPv6 and IP-any class maps cannot match on ACLs or VLANs. Use step 1 or step 2 to start creating a Layer 3 class map.
The following example matches IPv6 traffic with a DSCP value of 40. Dell(conf)# class-map match-all test Dell(conf-class-map)# match ipv6 dscp 40 The following example matches IPv4 and IPv6 traffic with a precedence value of 3. Dell(conf)# class-map match-any test1 Dell(conf-class-map)#match ip-any precedence 3 Creating a Layer 2 Class Map All class maps are Layer 3 by default; however, you can create a Layer 2 class map by specifying the layer2 option with the class-map command.
numbers closer to 0) before rules with higher order numbers so that packets are matched as you intended. • Specify the order in which you want to apply ACL rules using the keyword order. order The order can range from 0 to 254. By default, all ACL rules have an order of 255. Displaying Configured Class Maps and Match Criteria To display all class-maps or a specific class map, use the following command.
----------------------------------------------------------------------20416 1 18 IP 0x0 0 0 23.64.0.5/32 0.0.0.0/0 20 2 20417 1 18 IP 0x0 0 0 0.0.0.0/0 0.0.0.0/0 0 20418 1 0 IP 0x0 0 0 23.64.0.2/32 0.0.0.0/0 10 1 20419 1 0 IP 0x0 0 0 0.0.0.0/0 0.0.0.0/0 0 20420 1 0 IP 0x0 0 0 23.64.0.3/32 0.0.0.0/0 12 1 20421 1 0 IP 0x0 0 0 0.0.0.0/0 0.0.0.0/0 0 20422 1 10 0 0x0 0 0 0.0.0.0/0 0.0.0.0/0 14 1 24511 1 0 0 0x0 0 0 0.0.0.0/0 0.0.0.0/0 0 In the previous example, the ClassAF1 does not classify traffic as intended.
• If two rate three color policer is configured along with this feature then, – x < CIR – will be marked as “Green” – CIR < x< PIR – will be marked as “Yellow” – PIR < x – will be marked as “Red” But ‘Green’ packets matching the specific match criteria for which ‘color-marking’ is configured will be over-written and marked as “Yellow”. Create a QoS Policy There are two types of QoS policies — input and output. Input QoS policies regulate Layer 3 and Layer 2 ingress traffic.
rate-police Setting a dot1p Value for Egress Packets To set a dot1p value for egress packets, use the following command. • Set a dscp or dot1p value for egress packets. QOS-POLICY-IN mode set mac-dot1p Constraints The systems supporting this feature should use only the default global dot1p to queue mapping configuration as described in Dot1p to Queue Mapping Requirement. Creating an Output QoS Policy To create an output QoS policy, use the following commands. 1. Create an output QoS policy.
Table 68. Default Bandwidth Weights Queue Default Bandwidth Percentage for 4–Queue System Default Bandwidth Percentage for 8–Queue System 0 6.67% 1% 1 13.33% 2% 2 26.67% 3% 3 53.33% 4% 4 - 5% 5 - 10% 6 - 25% 7 - 50% NOTE: Dell Networking OS supports 8 data queues in S4048, S6000, Z9100, Z9500 and 4 data queues in S3048, S4810, S4820T, S5000, and S3100 series..
traffic to the egress interface, which will either transmit or drop the packet based on configured queuing behavior. Traffic marked as red (high drop precedence) is dropped. Important Points to Remember • All DSCP values that are not specified as yellow or red are colored green (low drop precedence). • A DSCP value cannot be in both the yellow and red lists. Setting the red or yellow list with any DSCP value that is already in the other list results in an error and no update to that DSCP list is made.
Display all DSCP color maps. Dell# show qos dscp-color-map Dscp-color-map mapONE yellow 4,7 red 20,30 Dscp-color-map mapTWO yellow 16,55 Display a specific DSCP color map. Dell# show qos dscp-color-map mapTWO Dscp-color-map mapTWO yellow 16,55 Displaying a DSCP Color Policy Configuration To display the DSCP color policy configuration for one or all interfaces, use the show qos dscpcolor-policy {summary [interface] | detail {interface}} command in EXEC mode.
Honoring dot1p Values on Ingress Packets 3. Apply the input policy map to an interface. Applying a Class-Map or Input QoS Policy to a Queue To apply a class-map or input QoS policy to a queue, use the following command. • Assign an input QoS policy to a queue. POLICY-MAP-IN mode service-queue Applying an Input QoS Policy to an Input Policy Map To apply an input QoS policy to an input policy map, use the following command. • Apply an input QoS policy to an input policy map.
Honoring dot1p Values on Ingress Packets Dell Networking OS honors dot1p values on ingress packets with the Trust dot1p feature. The following table specifies the queue to which the classified traffic is sent based on the dot1p value. Table 70. Default dot1p to Queue Mapping dot1p Queue ID 0 1 1 0 2 2 3 3 4 4 5 5 6 6 7 7 The dot1p value is also honored for frames on the default VLAN. For more information, refer to PriorityTagged Frames on the Default VLAN.
Applying an Input Policy Map to an Interface To apply an input policy map to an interface, use the following command. You can apply the same policy map to multiple interfaces, and you can modify a policy map after you apply it. • You cannot apply a class-map and QoS policies to the same interface. • You cannot apply an input Layer 2 QoS policy on an interface you also configure with vlan-stack access.
Applying an Output Policy Map to an Interface To apply an output policy map to an interface, use the following command. • Apply an input policy map to an interface. INTERFACE mode service-policy output You can apply the same policy map to multiple interfaces, and you can modify a policy map after you apply it. Enabling QoS Rate Adjustment By default while rate limiting, policing, and shaping, Dell Networking OS does not include the Preamble, SFD, or the IFG fields.
• • The strict-priority supersedes bandwidth-percentage configuration. A queue with strict priority can starve other queues in the same port-pipe. • Assign strict priority to one unicast queue. CONFIGURATION mode strict-priority The range is from 1 to 3. Queue Classification Requirements for PFC Functionality Queue classification requirements for PFC functionality are mentioned below: • On untagged ports, Queue classification must be based on DSCP.
Consider that two switches A and B are connected back to back via a tagged interface. Consider the case where untagged packets arrive on switch A, if you want to generate PFC for priority 2 for DSCP range 0-7, then you must need to match the interested traffic using the class map. You should create an L3 Input Qos Policy and mark vlan dot1p as 2. You have to associate both the L3 class map and L3 Input Qos Policy to queue 1 using the policy map.
Figure 103. Packet Drop Rate for WRED You can create a custom WRED profile or use one of the five pre-defined profiles. Creating WRED Profiles To create WRED profiles, use the following commands. 1. Create a WRED profile. CONFIGURATION mode wred-profile 2. Specify the minimum and maximum threshold values. WRED mode threshold Applying a WRED Profile to Traffic After you create a WRED profile, you must specify to which traffic Dell Networking OS should apply the profile.
wred Displaying Default and Configured WRED Profiles To display the default and configured WRED profiles, use the following command. • Display default and configured WRED profiles and their threshold values. EXEC mode show qos wred-profile Displaying WRED Drop Statistics To display WRED drop statistics, use the following command. • Display the number of packets Dell Networking OS the WRED profile drops.
configurations. This command measures the size of the specified policy-map and compares it to the available CAM space in a partition for a specified port-pipe.
Specifying Policy-Based Rate Shaping in Packets Per Second Configuration of rate shaping in packets per second (pps) for QoS output policies is supported on the platform. You can configure rate shaping in pps for a QoS output policy, apart from specifying the rate shaping value in bytes. You can also configure the peak rate and the committed rate for packets in kilobits per second (Kbps) or pps.
QOS-POLICY-OUT mode Dell(config-qos-policy-out)# rate shape pps peak-rate burst-packets 2. Alternatively, configure the peak rate and peak burst size in bytes. QOS-POLICY-OUT mode Dell(config-qos-policy-out)# rate shape Kbps peak-rate burst-KB 3. Configure the committed rate and committed burst size in pps. QOS-POLICY-OUT mode Dell(config-qos-policy-out)# rate shape pps peak-rate burst-packets committed pps committed-rate burst-packets 4.
The weight factor is set to zero by default, which causes the same behavior as dropping of packets by WRED during network loads or also called instantaneous ECN marking. In a topology in which congestion of the network varies over time, you can specify a weight to enable a smooth, seamless averaging of packets to handle the sudden overload of packets based on the previous time sampling performed. You can specify the weight parameter for front-end and backplane ports separately in the range of 0 through 15.
Table 71. Scenarios of WRED and ECN Configuration Queue Configuration Service-Pool Configuration WRED Threshold Relationship Q threshold = QT, Service pool threshold = SP-T Expected Functionality WRED ECN WRED ECN 0 0 X X X WRED/ECN not applicable 1 0 0 X X Queue based WRED, 1 X Q-T < SP-T No ECN marking SP-T < Q-T SP based WRED, No ECN marking 1 1 0 X X 1 X Q-T < SP-T SP-T < Q-T Queue-based ECN marking above queue threshold.
3. Configure another WRED profile, and specify the threshold and maximum drop rate. WRED mode Dell(conf-wred) #wred—profile thresh-2 Dell(conf-wred) #threshold min 300 max 400 max-drop-rate 80 4. Create a global buffer pool that is a shared buffer pool accessed by multiple queues when the minimum guaranteed buffers for the queue are consumed.
Sample configuration to mark non-ecn packets as “yellow” with Multiple traffic class Consider the example where there are no different traffic classes that is all the packets are egressing on the default ‘queue0’. Dell Networking OS can be configured as below to mark the non-ecn packets as yellow packets.
Until Release 9.3(0.0), support is available for classifying traffic based on the 6-bit DSCP field of the IPv4 packet. As a part of this feature, the 2-bit ECN field of the IPv4 packet will also be available to be configured as one of the match qualifier. This way the entire 8-bit ToS field of the IPv4 header shall be used to classify traffic. The Dell Networking OS Release 9.3(0.0) supports the following QOS actions in the ingress policy based QOS: 1. Rate Policing 2. Queuing 3.
• Classification based on ECN and DSCP concurrently You can now use the set-color yellow keyword with the match ip access-group command to mark the color of the traffic as ‘yellow’ would be added in the ‘match ip’ sequence of the class-map configuration. By default, all packets are considered as ‘green’ (without the rate-policer and trust-diffserve configuration) and hence support would be provided to mark the packets as ‘yellow’ alone will be provided.
match ip access-group dscp_40_non_ecn set-color yellow match ip access-group dscp_40 ! class-map match-any class_dscp_50 match ip access-group dscp_50_non_ecn set-color yellow match ip access-group dscp_50 ! policy-map-input pmap_dscp_40_50 service-queue 2 class-map class_dscp_40 service-queue 3 class-map class_dscp_50 Approach with explicit ECN match qualifiers for ECN packets: ! ip access-list standard dscp_50_ecn seq 5 permit any dscp 50 ecn 1 seq 10 permit any dscp 50 ecn 2 seq 15 permit any dscp 50 ec
Dell(conf)# interface fo 1/4 INTERFACE mode Dell(conf-if-fo-1/4)# ip address 90.1.1.1/16 2. Configure a Layer 2 QoS policy with Layer 2 (Dot1p or source MAC-based) match criteria. CONFIGURATION mode Dell(conf)# policy-map-input l2p layer2 3. Apply the Layer 2 policy on a Layer 3 interface. INTERFACE mode Dell(conf-if-fo-1/4)# service-policy input l2p layer2 Managing Hardware Buffer Statistics The memory management unit (MMU) is 12.2 MB in size.
Dell(conf-if-te-1/8/1)#Service-class buffer shared-threshold-weight queue5 4 queue7 6 Enabling Buffer Statistics Tracking You can enable the tracking of statistical values of buffer spaces at a global level. The buffer statistics tracking utility operates in the max use count mode that enables the collection of maximum values of counters. To configure the buffer statistics tracking utility, perform the following step: 1.
UCAST MCAST MCAST MCAST MCAST MCAST MCAST MCAST MCAST MCAST 720 11 0 1 2 3 4 5 6 7 8 0 0 0 0 0 0 0 0 0 0 Quality of Service (QoS)
Routing Information Protocol (RIP) 39 The Routing Information Protocol (RIP) tracks distances or hop counts to nearby routers when establishing network connections and is based on a distance-vector algorithm. RIP is based on a distance-vector algorithm; it tracks distances or hop counts to nearby routers when establishing network connections. RIP protocol standards are listed in the Standards Compliance chapter. Protocol Overview RIP is the oldest interior gateway protocol.
Implementation Information Dell Networking OS supports both versions of RIP and allows you to configure one version globally and the other version on interfaces or both versions on the interfaces. The following table lists the defaults for RIP in Dell Networking OS. Table 72.
Enabling RIP Globally By default, RIP is not enabled in Dell Networking OS. To enable RIP globally, use the following commands. 1. Enter ROUTER RIP mode and enable the RIP process on Dell Networking OS. CONFIGURATION mode router rip 2. Assign an IP network address as a RIP network to exchange routing information.
192.162.2.0/24 [120/1] via 29.10.10.12, 00:01:21, Fa 1/4 192.162.2.0/24 auto-summary 192.161.1.0/24 [120/1] via 29.10.10.12, 00:00:27, Fa 1/4 192.161.1.0/24 auto-summary 192.162.3.0/24 [120/1] via 29.10.10.12, 00:01:22, Fa 1/4 192.162.3.0/24 auto-summary Dell#show ip rip database Total number of routes in RIP database: 978 160.160.0.0/16 [120/1] via 29.10.10.12, 00:00:26, Fa 1/49 160.160.0.0/16 auto-summary 2.0.0.0/8 [120/1] via 29.10.10.12, 00:01:22, Fa 1/49 2.0.0.0/8 auto-summary 4.0.0.0/8 [120/1] via 29.
Controlling RIP Routing Updates By default, RIP broadcasts routing information out all enabled interfaces, but you can configure RIP to send or to block RIP routing information, either from a specific IP address or a specific interface. To control which devices or interfaces receive routing updates, configure a direct update to one router and configure interfaces to block RIP updates from other sources. To control the source of RIP route information, use the following commands.
redistribute {connected | static} [metric metric-value] [route-map map-name] – metric-value: the range is from 0 to 16. • – map-name: the name of a configured route map. Include specific OSPF routes in RIP. ROUTER RIP mode redistribute ospf process-id [match external {1 | 2} | match internal] [metric value] [route-map map-name] Configure the following parameters: – process-id: the range is from 1 to 65535. – metric: the range is from 0 to 16. – map-name: the name of a configured route map.
To configure an interface to receive or send both versions of RIP, include 1 and 2 in the command syntax. The command syntax for sending both RIPv1 and RIPv2 and receiving only RIPv2 is shown in the following example. Dell(conf-if)#ip rip send version 1 2 Dell(conf-if)#ip rip receive version 2 The following example of the show ip protocols command confirms that both versions are sent out that interface.
Exercise caution when applying an offset command to routers on a broadcast network, as the router using the offset command is modifying RIP advertisements before sending out those advertisements. The distance command also allows you to manipulate route metrics. To assign different weights to routes so that the ones with the lower weight or administrative distance assigned are preferred, use the distance command. To set route matrixes, use the following commands.
RIP Configuration Example The examples in this section show the command sequence to configure RIPv2 on the two routers shown in the following illustration — Core 2 and Core 3. The host prompts used in the following example reflect those names. The examples are divided into the following groups of command sequences: • Configuring RIPv2 on Core 2 • Core 2 RIP Output • RIP Configuration on Core 3 • Core 3 RIP Output • RIP Configuration Summary Figure 104.
The following example shows the show ip rip database command to view the learned RIP routes on Core 2. Core2(conf-router_rip)#end 00:12:24: %RPM0-P:CP %SYS-5-CONFIG_I: Configured from console by console Core2#show ip rip database Total number of routes in RIP database: 7 10.11.30.0/24 [120/1] via 10.11.20.1, 00:00:03, TenGigabitEthernet 2/3/1 10.300.10.0/24 directly connected,TenGigabitEthernet 2/4/1 10.200.10.0/24 directly connected,TenGigabitEthernet 2/5/1 10.11.20.
Default redistribution metric is 1 Default version control: receive version 2, send version 2 Interface Recv Send TenGigabitEthernet 2/4/1 2 2 TenGigabitEthernet 2/5/1 2 2 TenGigabitEthernet 2/3/1 2 2 TenGigabitEthernet 2/11/1 2 2 Routing for Networks: 10.300.10.0 10.200.10.0 10.11.20.0 10.11.10.0 Routing Information Sources: Gateway Distance Last Update 10.11.20.
E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ----------- ------- --------------------R 10.11.10.0/24 via 10.11.20.2, Te 3/21/1 120/1 00:01:14 C 10.11.20.0/24 Direct, Te 3/21/1 0/0 00:01:53 C 10.11.30.0/24 Direct, Te 3/11/1 0/0 00:06:00 R 10.200.10.0/24 via 10.11.20.2, Te 3/21/1 120/1 00:01:14 R 10.300.10.
Remote Monitoring (RMON) 40 RMON is an industry-standard implementation that monitors network traffic by sharing network monitoring information. RMON provides both 32-bit and 64-bit monitoring facility and long-term statistics collection on Dell Networking Ethernet interfaces. RMON operates with the simple network management protocol (SNMP) and monitors all nodes on a local area network (LAN) segment. RMON monitors traffic passing through the router and segment traffic not destined for the router.
Setting the RMON Alarm To set an alarm on any MIB object, use the rmon alarm or rmon hc-alarm command in GLOBAL CONFIGURATION mode. • Set an alarm on any MIB object.
is configured with the RMON event command. Possible events include a log entry or an SNMP trap. If the 1.3.6.1.2.1.2.2.1.20.1 value changes to 0 (falling-threshold 0), the alarm is reset and can be triggered again. Dell(conf)#rmon alarm 10 1.3.6.1.2.1.2.2.1.20.1 20 delta rising-threshold 15 1 falling-threshold 0 1 owner nms1 Configuring an RMON Event To add an event in the RMON event table, use the rmon event command in GLOBAL CONFIGURATION mode. • Add an event in the RMON event table.
– owner: (Optional) specifies the name of the owner of the RMON group of statistics. – ownername: (Optional) records the name of the owner of the RMON group of statistics. The default is a null-terminated string. Example of the rmon collection statistics Command To remove a specified RMON statistics collection, use the no form of this command. The following command example enables the RMON statistics collection on the interface, with an ID value of 20 and an owner of john.
Rapid Spanning Tree Protocol (RSTP) 41 The Rapid Spanning Tree Protocol (RSTP) is a Layer 2 protocol — specified by IEEE 802.1w — that is essentially the same as spanning-tree protocol (STP) but provides faster convergence and interoperability with switches configured with STP and multiple spanning tree protocol (MSTP). Protocol Overview RSTP is a Layer 2 protocol — specified by IEEE 802.
Important Points to Remember • RSTP is disabled by default. • Dell Networking OS supports only one Rapid Spanning Tree (RST) instance. • All interfaces in virtual local area networks (VLANs) and all enabled interfaces in Layer 2 mode are automatically added to the RST topology. • Adding a group of ports to a range of VLANs sends multiple messages to the rapid spanning tree protocol (RSTP) task, avoid using the range command.
INTERFACE mode no shutdown Example of Verifying an Interface is in Layer 2 Mode and Enabled To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode. The bold lines indicate that the interface is in Layer 2 mode. Enabling Rapid Spanning Tree Protocol Globally Enable RSTP globally on all participating bridges; it is not enabled by default.
Figure 105. Rapid Spanning Tree Enabled Globally To view the interfaces participating in RSTP, use the show spanning-tree rstp command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. Dell#show spanning-tree rstp Root Identifier has priority 32768, Address 0001.e801.cbb4 Root Bridge hello time 2, max age 20, forward delay 15, max hops 0 Bridge Identifier has priority 32768, Address 0001.e801.
The port is not in the Edge port mode Port 379 (TenGigabitEthernet 2/3/1) is designated Forwarding Port path cost 20000, Port priority 128, Port Identifier 128.379 Designated root has priority 32768, address 0001.e801.cbb4 Designated bridge has priority 32768, address 0001.e801.cbb4 Designated port id is 128.
Modifying Global Parameters You can modify RSTP parameters. The root bridge sets the values for forward-delay, hello-time, and max-age and overwrites the values set on other bridges participating in the Rapid Spanning Tree group. • Forward-delay — the amount of time an interface waits in the Listening state and the Learning state before it transitions to the Forwarding state. • Hello-time — the time interval in which the bridge sends RSTP BPDUs.
NOTE: With large configurations (especially those configurations with more ports) Dell Networking recommends increasing the hello-time. The range is from 1 to 10. • The default is 2 seconds. Change the max-age parameter. PROTOCOL SPANNING TREE RSTP mode max-age seconds The range is from 6 to 40. The default is 20 seconds. To view the current values for global parameters, use the show spanning-tree rstp command from EXEC privilege mode.
To view the current values for interface parameters, use the show spanning-tree rstp command from EXEC privilege mode. Enabling SNMP Traps for Root Elections and Topology Changes To enable SNMP traps collectively, use this command. Enable SNMP traps for RSTP, MSTP, and PVST+ collectively. snmp-server enable traps xstp Influencing RSTP Root Selection RSTP determines the root bridge, but you can assign one bridge a lower priority to increase the likelihood that it is selected as the root bridge.
• When you add a physical port to a port channel already in the Error Disable state, the new member port is also disabled in the hardware. • When you remove a physical port from a port channel in the Error Disable state, the error disabled state is cleared on this physical port (the physical port is enabled in the hardware). • You can clear the Error Disabled state with any of the following methods: – Perform an shutdown command on the interface.
Example of Verifying Hello-Time Interval Dell(conf-rstp)#do show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 0001.e811.2233 Root Bridge hello time 50 ms, max age 20, forward delay 15 Bridge ID Priority 0, Address 0001.e811.2233 We are the root Configured hello time 50 ms, max age 20, forward delay 15 NOTE: The hello time is encoded in BPDUs in increments of 1/256ths of a second.
Software-Defined Networking (SDN) 42 The Dell Networking OS supports software-defined networking (SDN). For more information, see the SDN Deployment Guide.
Security 43 This chapter describes several ways to provide security to the Dell Networking system. For details about all the commands described in this chapter, refer to the Security chapter in the Dell Networking OS Command Reference Guide. AAA Accounting Accounting, authentication, and authorization (AAA) accounting is part of the AAA security model. For details about commands related to AAA security, refer to the Security chapter in the Dell Networking OS Command Reference Guide.
– exec: sends accounting information when a user has logged in to EXEC mode. – command level: sends accounting of commands executed at the specified privilege level. – suppress: Do not generate accounting records for a specific type of user. – default | name: enter the name of a list of accounting methods. – start-stop: use for more accounting information, to send a start-accounting notice at the beginning of the requested event and a stop-accounting notice at the end.
accounting exec execAcct Example of Enabling AAA Accounting with a Named Method List Dell(config-line-vty)# accounting commands 15 com15 Dell(config-line-vty)# accounting exec execAcct Monitoring AAA Accounting Dell Networking OS does not support periodic interim accounting because the periodic command can cause heavy congestion when many users are logged in to the network. No specific show command exists for TACACS+ accounting.
• • • Configuring AAA Authentication Login Methods Enabling AAA Authentication Enabling AAA Authentication - RADIUS For a complete list of all commands related to login authentication, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Configure Login Authentication for Terminal Lines You can assign up to five authentication methods to a method list. Dell Networking OS evaluates the methods in the order in which you enter them in each list.
You can create multiple method lists and assign them to different terminal lines. Enabling AAA Authentication To enable AAA authentication, use the following command. • Enable AAA authentication. CONFIGURATION mode aaa authentication enable {method-list-name | default} method1 [... method4] – default: uses the listed authentication methods that follow this argument as the default list of methods when a user logs in.
The following example shows enabling local authentication for console and remote authentication for the VTY lines. Dell(config)# aaa authentication enable mymethodlist radius tacacs Dell(config)# line vty 0 9 Dell(config-line-vty)# enable authentication mymethodlist Server-Side Configuration Using AAA authentication, the switch acts as a RADIUS or TACACS+ client to send authentication requests to a TACACS+ or RADIUS server.
AAA Authorization Dell Networking OS enables AAA new-model by default. You can set authorization to be either local or remote. Different combinations of authentication and authorization yield different results. By default, Dell Networking OS sets both to local. Privilege Levels Overview Limiting access to the system is one method of protecting the system and your network. However, at times, you might need to allow others access to the router and you can limit that access to a subset of commands.
For a complete listing of all commands related to Dell Networking OS privilege levels and passwords, refer to the Security chapter in the Dell Networking OS Command Reference Guide. Configuring a Username and Password In Dell Networking OS, you can assign a specific username to limit user access to the system. To configure a username and password, use the following command. • Assign a user name and password.
Configuring Custom Privilege Levels In addition to assigning privilege levels to the user, you can configure the privilege levels of commands so that they are visible in different privilege levels. Within Dell Networking OS, commands have certain privilege levels. With the privilege command, you can change the default level or you can reset their privilege level back to the default. • Assign the launch keyword (for example, configure) for the keyword’s command mode.
• • command: an Dell Networking OS CLI keyword (up to five keywords allowed). reset: return the command to its default privilege mode. Examples of Privilege Level Commands To view the configuration, use the show running-config command in EXEC Privilege mode. The following example shows a configuration to allow a user john to view only EXEC mode commands and all snmp-server commands.
end exit no snmp-server Dell(conf)# Exit from Configuration mode Exit from Configuration mode Reset a command Modify SNMP parameters Specifying LINE Mode Password and Privilege You can specify a password authentication of all users on different terminal lines. The user’s privilege level is the same as the privilege level assigned to the terminal line, unless a more specific privilege level is assigned to the user. To specify a password for the terminal line, use the following commands.
the RADIUS server and requests authentication of the user and password. The RADIUS server returns one of the following responses: • Access-Accept — the RADIUS server authenticates the user. • Access-Reject — the RADIUS server does not authenticate the user. If an error occurs in the transmission or reception of RADIUS packets, you can view the error by enabling the debug radius command. Transactions between the RADIUS server and the client are encrypted (the users’ passwords are not sent in plain text).
• • If an ACL is absent. If there is a very long delay for an entry, or a denied entry because of an ACL, and a message is logged. NOTE: The ACL name must be a string. Only standard ACLs in authorization (both RADIUS and TACACS) are supported. Authorization is denied in cases using Extended ACLs. Auto-Command You can configure the system through the RADIUS server to automatically execute a command when you connect to a specific line.
• Enter a text string (up to 16 characters long) as the name of the method list you wish to use with the RADIUS authentication method. CONFIGURATION mode • aaa authentication login method-list-name radius Create a method list with RADIUS and TACACS+ as authorization methods. CONFIGURATION mode aaa authorization exec {method-list-name | default} radius tacacs+ Typical order of methods: RADIUS, TACACS+, Local, None.
– key [encryption-type] key: enter 0 for plain text or 7 for encrypted text, and a string for the key. The key can be up to 42 characters long. This key must match the key configured on the RADIUS server host. If you do not configure these optional parameters, the global default values for all RADIUS host are applied. To specify multiple RADIUS server hosts, configure the radius-server host command multiple times.
– seconds: the range is from 0 to 1000. Default is 5 seconds. To view the configuration of RADIUS communication parameters, use the show running-config command in EXEC Privilege mode. Monitoring RADIUS To view information on RADIUS transactions, use the following command. • View RADIUS transactions to troubleshoot problems. EXEC Privilege mode debug radius TACACS+ Dell Networking OS supports terminal access controller access control system (TACACS+ client, including support for login authentication.
3. Enter LINE mode. CONFIGURATION mode line {aux 0 | console 0 | vty number [end-number]} 4. Assign the method-list to the terminal line. LINE mode login authentication {method-list-name | default} Example of a Failed Authentication To view the configuration, use the show config in LINE mode or the show running-config tacacs + command in EXEC Privilege mode. If authentication fails using the primary method, Dell Networking OS employs the second method (or third method, if necessary) automatically.
debug tacacs+ TACACS+ Remote Authentication The system takes the access class from the TACACS+ server. Access class is the class of service that restricts Telnet access and packet sizes. If you have configured remote authorization, the system ignores the access class you have configured for the VTY line and gets this access class information from the TACACS+ server. The system must know the username and password of the incoming user before it can fetch the access class from the server.
To view the TACACS+ configuration, use the show running-config tacacs+ command in EXEC Privilege mode. To delete a TACACS+ server host, use the no tacacs-server host {hostname | ip-address} command. freebsd2# telnet 2200:2200:2200:2200:2200::2202 Trying 2200:2200:2200:2200:2200::2202... Connected to 2200:2200:2200:2200:2200::2202. Escape character is '^]'.
EXEC Privilege mode ssh {hostname} [-l username | -p port-number | -v {1 | 2}| -c encryption cipher | -m HMAC algorithm • • hostname is the IP address or host name of the remote device. Enter an IPv4 or IPv6 address in dotted decimal format (A.B.C.D). SSH V2 is enabled by default on all the modes. Display SSH connection information.
EXEC Privilege Mode 5. On the chassis, invoke SCP. CONFIGURATION mode copy scp: flash: Example of Using SCP to Copy from an SSH Server on Another Switch The following example shows the use of SCP and SSH to copy a software image from one switch running SSH server on UDP port 99 to the local switch. Other SSH related command include: • crypto key generate : generate keys for the SSH server. • debug ip ssh : enables collecting SSH debug information.
Configuring When to Re-generate an SSH Key You can configure the time-based or volume-based rekey threshold for an SSH session. If both threshold types are configured, the session rekeys when either one of the thresholds is reached. To configure the time or volume rekey threshold at which to re-generate the SSH key during an SSH session, use the ip ssh rekey [time rekey-interval] [volume rekey-limit] command. CONFIGURATION mode.
The following example shows you how to configure a key exchange algorithm. Dell(conf)# ip ssh server hellman-group14-sha1 kex diffie-hellman-group-exchange-sha1 diffie- Configuring the HMAC Algorithm for the SSH Server To configure the HMAC algorithm for the SSH server, use the ip ssh server mac hmac-algorithm command in CONFIGURATION mode. hmac-algorithm: Enter a space-delimited list of keyed-hash message authentication code (HMAC) algorithms supported by the SSH server.
• aes192-cbc • aes256-cbc • aes128-ctr • aes192-ctr • aes256-ctr The default cipher list is 3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr Example of Configuring a Cipher List The following example shows you how to configure a cipher list. Dell(conf)#ip ssh server cipher 3des-cbc aes128-cbc aes128-ctr Secure Shell Authentication Secure Shell (SSH) is enabled by default using the SSH Password Authentication method.
3. Disable password authentication if enabled. CONFIGURATION mode no ip ssh password-authentication enable 4. Enable RSA authentication in SSH. CONFIGURATION Mode ip ssh rsa-authentication enable 5. Install User’s public key for RSA authentication in SSH. CONFIGURATION Mode ip ssh rsa-authentication my-authorized-keys flash://public_key Example of Generating RSA Keys admin@Unix_client#ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/admin/.
Examples of Creating shosts and rhosts The following example shows creating shosts. admin@Unix_client# cd /etc/ssh admin@Unix_client# ls moduli sshd_config ssh_host_dsa_key.pub ssh_host_key.pub ssh_host_rsa_key.pub ssh_config ssh_host_dsa_key ssh_host_key ssh_host_rsa_key admin@Unix_client# cat ssh_host_rsa_key.
In this case, verify that host-based authentication is set to “Yes” in the file ssh_config (root permission is required to edit this file): permission denied (host based). If the IP address in the RSA key does not match the IP address from which you attempt to log in, the following message appears. In this case, verify that the name and IP address of the client is contained in the file /etc/hosts: RSA Authentication Error. Telnet To use Telnet with SSH, first enable SSH, as previously described.
4. Enter a privilege level. You can assign line authentication on a per-VTY basis; it is a simple password authentication, using an access-class as authorization. Configure local authentication globally and configure access classes on a per-user basis. Dell Networking OS can assign different access classes to different users by username. Until users attempt to log in, Dell Networking OS does not know if they will be assigned a VTY line.
Dell(config-line-vty)#end (same applies for radius and line authentication) VTY MAC-SA Filter Support Dell Networking OS supports MAC access lists which permit or deny users based on their source MAC address. With this approach, you can implement a security policy based on the source MAC address. To apply a MAC ACL on a VTY line, use the same access-class command as IP ACLs. The following example shows how to deny incoming connections from subnet 10.0.0.0 without displaying a login prompt.
• Displaying Information About Roles Logged into the Switch • Display Role Permissions Assigned to a Command Overview of RBAC With Role-Based Access Control (RBAC), access and authorization is controlled based on a user’s role. Users are granted permissions based on their user roles, not on their individual user ID. User roles are created for job functions and through those roles they acquire the permissions to perform their associated job function. Each user can be assigned only a single role.
1. Locally define a system administrator user role. This will give you access to login with full permissions even if network connectivity to remote authentication servers is not available. 2. Configure login authentication on the console. This ensures that all users are properly identified through authentication no matter the access point. If you do not configure login the authentication on the console, the system displays an error when you attempt to enable role-based only AAA authorization. 3.
System-Defined RBAC User Roles By default, the Dell Networking OS provides 4 system defined user roles. You can create up to 8 additional user roles. NOTE: You cannot delete any system defined roles. The system defined user roles are as follows: • Network Operator (netoperator) - This user role has no privilege to modify any configuration on the switch. You can access Exec mode (monitoring) to view the current configuration and status information.
then restrict commands or add commands to that role. For more information about this topic, see Modifying Command Permissions for Roles. NOTE: You can change user role permissions on system pre-defined user roles or user-defined user roles. Important Points to Remember Consider the following when creating a user role: • Only the system administrator and user-defined roles inherited from the system administrator can create roles and user names.
myrole secadmin Exec Config Line Modifying Command Permissions for Roles You can modify (add or delete) command permissions for newly created user roles and system defined roles using the role mode { { { addrole | deleterole } role-name } | reset } command command in Configuration mode. NOTE: You cannot modify system administrator command permissions. If you add or delete command permissions using the role command, those changes only apply to the specific user role.
Example: Allow Security Administrator to Access Only 10-Gigabit Ethernet Interfaces The following example allows the security administrator (secadmin) to only access 10-Gigabit Ethernett interfaces and then shows that the secadmin, highlighted in bold, can now access Interface mode. However, the secadmin can only access 10-Gigabit Ethernet interfaces.
The following example resets only the secadmin role to its original setting. Dell(conf)#no role configure addrole secadmin protocol Example: Reset System-Defined Roles and Roles that Inherit Permissions In the following example the command protocol permissions are reset to their original setting or one or more of the system-defined roles and any roles that inherited permissions from them.
NOTE: Authentication services only validate the user ID and password combination. To determine which commands are permitted for users, configure authorization. For information about how to configure authorization for roles, see Configure AAA Authorization for Roles. To configure AAA authentication, use the aaa authentication command in CONFIGURATION mode.
line vty 0 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin line vty 1 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin line vty 2 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin line vty 3 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin line vty 4 login authentication ucraaa authorization exec ucraaa accounting commands role netadmin line vty 5 login
The format to create a Dell Network OS AV pair for privilege level is shell:priv-lvl= where number is a value between 0 and 15. Force10-avpair= ”shell:priv-lvl=15“ Example for Creating a AVP Pair for System Defined or User-Defined Role The following section shows you how to create an AV pair to allow a user to login from a network access server to have access to commands based on the user’s role.
The following example applies the accounting default method to the user role secadmin (security administrator). Dell(conf-vty-0)# accounting commands role secadmin default Displaying Active Accounting Sessions for Roles To display active accounting sessions for each user role, use the show accounting command in EXEC mode.
Displaying Role Permissions Assigned to a Command To display permissions assigned to a command, use the show role command in EXEC Privilege mode. The output displays the user role and or permission level.
Service Provider Bridging 44 Service provider bridging provides the ability to add a second VLAN ID tag in an Ethernet frame and is referred to as VLAN stacking in the Dell Networking OS. VLAN Stacking VLAN stacking, also called Q-in-Q, is defined in IEEE 802.1ad — Provider Bridges, which is an amendment to IEEE 802.1Q — Virtual Bridged Local Area Networks. It enables service providers to use 802.
Figure 106. VLAN Stacking in a Service Provider Network Important Points to Remember • Interfaces that are members of the Default VLAN and are configured as VLAN-Stack access or trunk ports do not switch untagged traffic. To switch traffic, add these interfaces to a non-default VLANStack-enabled VLAN. • Dell Networking cautions against using the same MAC address on different customer VLANs, on the same VLAN-Stack VLAN.
Configure VLAN Stacking Configuring VLAN-Stacking is a three-step process. 1. Creating Access and Trunk Ports 2. Assign access and trunk ports to a VLAN (Creating Access and Trunk Ports). 3. Enabling VLAN-Stacking for a VLAN.
no ip address switchport vlan-stack trunk no shutdown Enable VLAN-Stacking for a VLAN To enable VLAN-Stacking for a VLAN, use the following command. • Enable VLAN-Stacking for the VLAN. INTERFACE VLAN mode vlan-stack compatible Example of Viewing VLAN Stack Member Status To display the status and members of a VLAN, use the show vlan command from EXEC Privilege mode. Members of a VLAN-Stacking-enabled VLAN are marked with an M in column Q.
Example of Configuring a Trunk Port as a Hybrid Port and Adding it to Stacked VLANs In the following example, TenGigabitEthernet 1/1/1 is a trunk port that is configured as a hybrid port and then added to VLAN 100 as untagged VLAN 101 as tagged, and VLAN 103, which is a stacking VLAN.
vlan id Dell# : 603 (MT), 100(T), 101(NU) VLAN Stacking in Multi-Vendor Networks The first field in the VLAN tag is the tag protocol identifier (TPID), which is 2 bytes. In a VLAN-stacking network, after the frame is double tagged, the outer tag TPID must match the TPID of the next-hop system. While 802.1Q requires that the inner tag TPID is 0x8100, it does not require a specific value for the outer tag TPID.
Figure 107.
Figure 108.
Figure 109. Single and Double-Tag TPID Mismatch VLAN Stacking Packet Drop Precedence VLAN stacking packet-drop precedence is supported on the switch. The drop eligible indicator (DEI) bit in the S-Tag indicates to a service provider bridge which packets it should prefer to drop when congested. Enabling Drop Eligibility Enable drop eligibility globally before you can honor or mark the DEI value. When you enable drop eligibility, DEI mapping or marking takes place according to the defaults.
Table 76. Drop Eligibility Behavior Ingress Egress DEI Disabled DEI Enabled Normal Port Normal Port Retain CFI Set CFI to 0. Trunk Port Trunk Port Retain inner tag CFI Retain inner tag CFI. Retain outer tag CFI Set outer tag CFI to 0. Retain inner tag CFI Retain inner tag CFI Set outer tag CFI to 0 Set outer tag CFI to 0 Access Port Trunk Port To enable drop eligibility globally, use the following command. • Make packets eligible for dropping based on their DEI value.
Marking Egress Packets with a DEI Value On egress, you can set the DEI value according to a different mapping than ingress. For ingress information, refer to Honoring the Incoming DEI Value. To mark egress packets, use the following command. • Set the DEI value on egress according to the color currently assigned to the packet.
• Mark the S-Tag dot1p and queue the frame according to the S-Tag dot1p. For example, if frames with C-Tag dot1p values 0, 6, and 7 are mapped to an S-Tag dot1p value 0, all such frames are sent to the queue associated with the S-Tag 802.1p value 0. This option requires two different CAM entries, each in a different Layer 2 ACL FP block.
Mapping C-Tag to S-Tag dot1p Values To map C-Tag dot1p values to S-Tag dot1p values and mark the frames accordingly, use the following commands. 1. Allocate CAM space to enable queuing frames according to the C-Tag or the S-Tag. CONFIGURATION mode cam-acl l2acl number ipv4acl number ipv6acl number ipv4qos number l2qos number l2pt number ipmacacl number ecfmacl number {vman-qos | vman-qos-dualfp} number • vman-qos: mark the S-Tag dot1p and queue the frame according to the original C-Tag dot1p.
Figure 111. VLAN Stacking without L2PT You might need to transport control traffic transparently through the intermediate network to the other region. Layer 2 protocol tunneling enables BPDUs to traverse the intermediate network by identifying frames with the Bridge Group Address, rewriting the destination MAC to a user-configured non-reserved address, and forwarding the frames.
the intermediate network because only Dell Networking OS could recognize the significance of the destination MAC address and rewrite it to the original Bridge Group Address. In Dell Networking OS version 8.2.1.0 and later, the L2PT MAC address is user-configurable, so you can specify an address that non-Dell Networking systems can recognize and rewrite the address at egress edge. Figure 112. VLAN Stacking with L2PT Implementation Information • L2PT is available for STP, RSTP, MSTP, and PVST+ BPDUs.
Enabling Layer 2 Protocol Tunneling To enable Layer 2 protocol tunneling, use the following command. 1. Verify that the system is running the default CAM profile. Use this CAM profile for L2PT. EXEC Privilege mode show cam-profile 2. Enable protocol tunneling globally on the system. CONFIGURATION mode protocol-tunnel enable 3. Tunnel BPDUs the VLAN.
4. Set a maximum rate at which the RPM processes BPDUs for L2PT. VLAN STACKING mode protocol-tunnel rate-limit The default is: no rate limiting. The range is from 64 to 320 kbps. Debugging Layer 2 Protocol Tunneling To debug Layer 2 protocol tunneling, use the following command. • Display debugging information for L2PT. EXEC Privilege mode debug protocol-tunnel Provider Backbone Bridging IEEE 802.1ad—Provider Bridges amends 802.
sFlow 45 sFlow is a standard-based sampling technology embedded within switches and routers which is used to monitor network traffic. It is designed to provide traffic monitoring for high-speed networks with many switches and routers. Overview The Dell Networking Operating System (OS) supports sFlow version 5. sFlow is a standard-based sampling technology embedded within switches and routers which is used to monitor network traffic.
• If the interface states are shut down, the sampling rate is set using the global sampling rate. • If the global sampling rate is non-default, for example 256, and if the sampling rate is not configured on the interface, the sampling rate of the interface is the global non-default sampling rate, that is, 256. To avoid the back-off, either increase the global sampling rate or configure all the line card ports with the desired sampling rate even if some ports have no sFlow configured.
Examples of Verifying Extended sFlow The bold line shows that extended sflow setting is enabled for extended switch. Dell#show sflow sFlow services are enabled Egress Management Interface sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 20 Global default extended maximum header size: 128 bytes Global extended information enabled: switch 1 collectors configured Collector IP addr: 100.1.1.1, Agent IP addr: 1.1.1.
IP SA IP DA srcAS and srcPeerAS dstAS and dstPeerAS Description there is no AS information. static/ connected/IGP BGP 0 Exported src_as and src_peer_as are zero because there is no AS information for IGP. BGP static/ connected/IGP — — Exported Exported Prior to Dell Networking OS version 7.8.1.0, extended gateway data is not exported because IP DA is not learned via BGP. Version 7.8.1.
Enabling sFlow Max-Header Size Extended To configure the maximum header size of a packet to 256 bytes, use the following commands: • Set the maximum header size of a packet. CONFIGURATION mode INTERFACE mode sflow max-header-size extended By default, the maximum header size of a packet is 128 bytes. When sflow max-header-size extended is enabled, 256 bytes are copied. These bytes are useful for VxLAN, NvGRE, IPv4, and IPv6 tunneled packets. NOTE: Interface mode configuration takes priority.
sflow enable sflow max-header-size extended sFlow Show Commands Dell Networking OS includes the following sFlow display commands. • Displaying Show sFlow Globally • Displaying Show sFlow on an Interface • Displaying Show sFlow on a Line Card Displaying Show sFlow Global To view sFlow statistics, use the following command. • Display sFlow configuration information and statistics.
Displaying Show sFlow on an Interface To view sFlow information on a specific interface, use the following command. • Display sFlow configuration information and statistics on a specific interface. EXEC mode show sflow interface interface-name Examples of the sFlow show Commands The following example shows the show sflow interface command.
• Identify sFlow collectors to which sFlow datagrams are forwarded. CONFIGURATION mode sflow collector ip-address agent-addr ip-address [number [max-datagram-size number] ] | [max-datagram-size number ] The default UDP port is 6343. The default max-datagram-size is 1400. Changing the Polling Intervals The sflow polling-interval command configures the polling interval for an interface in the maximum number of seconds between successive samples of counters sent to the collector.
46 Simple Network Management Protocol (SNMP) The Simple Network Management Protocol (SNMP) is designed to manage devices on IP networks by monitoring device operation, which might require administrator intervention. NOTE: On Dell Networking routers, standard and private SNMP management information bases (MIBs) are supported, including all Get and a limited number of Set operations (such as set vlan and copy cmd).
The SNMPv3 feature also uses a FIPS-validated cryptographic module for all of its cryptographic operations when the system is configured with the fips mode enable command in Global Configuration mode. When the FIPS mode is enabled on the system, SNMPv3 operates in a FIPScompliant manner, and only the FIPS-approved algorithm options are available for SNMPv3 user configuration. When the FIPS mode is disabled on the system, all options are available for SNMPv3 user configuration.
only when users are not previously configured. This log message is provided to assist your system security auditing procedures. Configuration Task List for SNMP Configuring SNMP version 1 or version 2 requires a single step. NOTE: The configurations in this chapter use a UNIX environment with net-snmp version 5.4. This environment is only one of many RFC-compliant SNMP utilities you can use to manage your Dell Networking system using SNMP. Also, these configurations use SNMP version 2c.
Creating a Community For SNMPv1 and SNMPv2, create a community to enable the community-based security in Dell Networking OS. The management station generates requests to either retrieve or alter the value of a management object and is called the SNMP manager. A network element that processes SNMP requests is called an SNMP agent. An SNMP community is a group of SNMP agents and managers that are allowed to interact.
• snmp-server group group-name 3 noauth auth read name write name Configure an SNMPv3 view. CONFIGURATION mode snmp-server view view-name oid-tree {included | excluded} NOTE: To give a user read and write view privileges, repeat this step for each privilege type. • Configure the user with an authorization password (password privileges only). CONFIGURATION mode • snmp-server user name group-name 3 noauth auth md5 auth-password Configure an SNMP group (password privileges only).
• Read the value of a single managed object. • snmpget -v version -c community agent-ip {identifier.instance | descriptor.instance} Read the value of the managed object directly below the specified object. • snmpgetnext -v version -c community agent-ip {identifier.instance | descriptor.instance} Read the value of many objects at once. snmpwalk -v version -c community agent-ip {identifier.instance | descriptor.
Configuring Contact and Location Information using SNMP You may configure system contact and location information from the Dell Networking system or from the management station using SNMP. To configure system contact and location information from the Dell Networking system and from the management station using SNMP, use the following commands. • (From a Dell Networking system) Identify the system manager along with this person’s contact information (for example, an email address or phone number).
Subscribing to Managed Object Value Updates using SNMP By default, the Dell Networking system displays some unsolicited SNMP messages (traps) upon certain events and conditions. You can also configure the system to send the traps to a management station. Traps cannot be saved on the system. Dell Networking OS supports the following three sets of traps: • • • RFC 1157-defined traps — coldStart, warmStart, linkDown, linkUp, authenticationFailure, and egpNeighbborLoss.
snmp linkdown snmp linkup SNMP_WARM_START:Agent Initialized - SNMP WARM_START. PORT_LINKDN:changed interface state to down:%d PORT_LINKUP:changed interface state to up:%d Enabling a Subset of SNMP Traps You can enable a subset of Dell Networking enterprise-specific SNMP traps using one of the following listed command options. To enable a subset of Dell Networking enterprise-specific SNMP traps, use the following command. • Enable a subset of SNMP traps.
The following example shows the SNMP trap that is sent when connectivity to the syslog server is lost: DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (19738) 0:03:17.38 SNMPv2MIB::snmpTrapOID.0 = OID: SNMPv2SMI::enterprises.6027.3.30.1.1.1 SNMPv2-SMI::enterprises.6027.3.30.1.1 = STRING: "NOT_REACHABLE: Syslog server 10.11.226.121 (port: 9140) is not reachable" SNMPv2-SMI::enterprises. 6027.3.6.1.1.2.
MIB Object OID Object Values Description and copySrcFileName. copySrcFileLocation . 1.3.6.1.4.1.6027.3.5.1.1.1. 1.3 1 = flash Specifies the location of source file. 2 = slot0 • 3 = tftp 4 = ftp 5 = scp If copySrcFileLocation is FTP or SCP, you must specify copyServerAddress, copyUserName, and copyUserPassword. 6 = usbflash copySrcFileName copyDestFileType . 1.3.6.1.4.1.6027.3.5.1.1.1. 1.4 Path (if the file is not in the current directory) and filename. Specifies name of the file. . 1.3.6.1.
MIB Object OID Object Values Description copyServerAddress . 1.3.6.1.4.1.6027.3.5.1.1.1. 1.8 IP Address of the server. The IP address of the server. . 1.3.6.1.4.1.6027.3.5.1.1.1. 1.9 Username for the server. Username for the FTP, TFTP, or SCP server. . 1.3.6.1.4.1.6027.3.5.1.1.1. 1.10 Password for the server. copyUserName copyUserPassword • • If you specify copyServerAddress, you must also specify copyUserName and copyUserPassword.
• -c: View the community, either public or private. • -m: View the MIB files for the SNMP command. • -r: Number of retries using the option • -t: View the timeout. • -v: View the SNMP version (either 1, 2, 2d, or 3). The following examples show the snmpset command to copy a configuration. These examples assume that: • the server OS is UNIX • you are using SNMP version 2c • the community name is public • the file f10-copy-config.
copyDestFileType.7 i 2 FTOS-COPY-CONFIG-MIB::copySrcFileType.7 = INTEGER: runningConfig(3) FTOS-COPY-CONFIG-MIB::copyDestFileType.7 = INTEGER: startupConfig(2) The following example shows how to copy configuration files from a UNIX machine using OID. >snmpset -c public -v 2c 10.11.131.162 .1.3.6.1.4.1.6027.3.5.1.1.1.1.2.8 i 3 .1.3.6.1.4.1.6027.3.5.1.1.1.1.5.8 i 2 SNMPv2-SMI::enterprises.6027.3.5.1.1.1.1.2.8 = INTEGER: 3 SNMPv2-SMI::enterprises.6027.3.5.1.1.1.1.5.
Copy a Binary File to the Startup-Configuration To copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP, use the following command. • Copy a binary file from the server to the startup-configuration on the Dell Networking system via FTP. snmpset -v 2c -c public -m ./f10-copy-config.mib force10system-ip-address copySrcFileType.index i 1 copySrcFileLocation.index i 4 copySrcFileName.index s filepath/filename copyDestFileType.index i 3 copyServerAddress.
MIB Object OID Values Description 7 = unknown copyEntryRowStatus . 1.3.6.1.4.1.6027.3.5.1.1.1. 1.15 Row status Specifies the state of the copy operation. Uses CreateAndGo when you are performing the copy. The state is set to active when the copy is completed. Obtaining a Value for MIB Objects To obtain a value for any of the MIB objects, use the following command. • Get a copy-config MIB object value. snmpset -v 2c -c public -m ./f10-copy-config.mib force10system-ip-address [OID.index | mib-object.
MIB Support to Display the Available Memory Size on Flash Dell Networking provides more MIB objects to display the available memory size on flash memory. The following table lists the MIB object that contains the available memory size on flash memory. Table 82. MIB Objects for Displaying the Available Memory Size on Flash via SNMP MIB Object OID Description chStackUnitFlashUsageUtil Contains flash memory usage in percentage.
MIB Object OID Description chSysCoresStackUnitNumber Contains information that includes which stack unit or processor the core file was originated from. chSysCoresProcess Contains information that includes the process names that generated each core file. Viewing the Software Core Files Generated by the System • To view the viewing the software core files generated by the system, use the following command. snmpwalk -v2c -c public 192.168.60.120 .1.3.6.1.4.1.6027.3.10.1.2.10 enterprises.6027.3.10.1.2.
Assigning a VLAN Alias Write a character string to the dot1qVlanStaticName object to assign a name to a VLAN. Example of Assigning a VLAN Alias using SNMP [Unix system output] > snmpset -v2c -c mycommunity 10.11.131.185 . 1.3.6.1.2.1.17.7.1.4.3.1.1.1107787786 s "My VLAN" SNMPv2-SMI::mib-2.17.7.1.4.3.1.1.
00 00 00 00 00 00 00 00 00 SNMPv2-SMI::mib-2.17.7.1.4.3.1.4.1107787786 = Hex-STRING: 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Example of Adding a Tagged Port to a VLAN using SNMP In the following example, Port 0/2 is added as a tagged member of VLAN 10. >snmpset -v2c -c mycommunity 10.11.131.185 . 1.3.6.1.2.1.17.7.1.4.3.1.2.
Enabling and Disabling a Port using SNMP To enable and disable a port using SNMP, use the following commands. 1. Create an SNMP community on the Dell system. CONFIGURATION mode snmp-server community 2. From the Dell Networking system, identify the interface index of the port for which you want to change the admin status. EXEC Privilege mode show interface Or, from the management system, use the snmpwwalk command to identify the interface index. 3.
MIB Object OID MIB dot3aCurAggFdb Table .1.3.6.1.4.1.6027.3.2. 1.1.5 F10-LINKAGGREGATION -MIB Description List the learned MAC addresses of aggregated links (LAG). In the following example, R1 has one dynamic MAC address, learned off of port TenGigabitEthernet 1/21/1, which a member of the default VLAN, VLAN 1. The SNMP walk returns the values for dot1dTpFdbAddress, dot1dTpFdbPort, and dot1dTpFdbStatus. Each object comprises an OID concatenated with an instance number.
Deriving Interface Indices The Dell Networking OS assigns an interface index to each (configured and unconfigured) physical and logical interface, and displays it in the output of the show interface command.
Table 85. MIB Objects for Viewing the System Image on Flash Partitions MIB Object OID Description MIB chSysSwInPartitionAImg 1.3.6.1.4.1.6027.3.10.1.2. Vers 8.1.11 List the version string of the system image in Flash Partition A. Chassis MIB chSysSwInPartitionBImg 1.3.6.1.4.1.6027.3.10.1.2. Vers 8.1.12 List the version string of the system image in Flash Partition B.
SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.3.1.0.0.0.0.0.1.1 = INTEGER: 1 dot3aCurAggStatus SNMPv2-SMI::enterprises.6027.3.2.1.1.4.1.4.1.0.0.0.0.0.1.1 = INTEGER: 1 << Status active, 2 – status inactive Example of Viewing Changed Interface State for Monitored Ports Layer 3 LAG does not include this support. SNMP trap works for the Layer 2 / Layer 3 / default mode LAG. SNMPv2-MIB::sysUpTime.0 = Timeticks: (8500842) 23:36:48.42 SNMPv2-MIB::snmpTrapOID.0 = OID: IF-MIB::linkDown IF-MIB::ifIndex.
Storm Control 47 Storm control allows you to control unknown-unicast, muticast, and broadcast traffic on Layer 2 and Layer 3 physical interfaces. Dell Networking Operating System (OS) Behavior: Dell Networking OS supports unknown-unicast, muticast, and broadcast control for Layer 2 and Layer 3 traffic. Configure Storm Control Storm control is supported in INTERFACE mode and CONFIGURATION mode. Configuring Storm Control from INTERFACE Mode To configure storm control, use the following command.
Spanning Tree Protocol (STP) 48 The spanning tree protocol (STP) is supported on Dell Networking OS. Protocol Overview STP is a Layer 2 protocol — specified by IEEE 802.1d — that eliminates loops in a bridged topology by enabling only a single path through the network. By eliminating loops, the protocol improves scalability in a large network and allows you to implement redundant paths, which can be activated after the failure of active paths.
Important Points to Remember • • • • • STP is disabled by default. The Dell Networking OS supports only one spanning tree instance (0). For multiple instances, enable the multiple spanning tree protocol (MSTP) or per-VLAN spanning tree plus (PVST+). You may only enable one flavor of spanning tree at any one time. All ports in virtual local area networks (VLANs) and all enabled interfaces in Layer 2 mode are automatically added to the spanning tree topology at the time you enable the protocol.
To configure and enable the interfaces for Layer 2, use the following command. 1. If the interface has been assigned an IP address, remove it. INTERFACE mode no ip address 2. Place the interface in Layer 2 mode. INTERFACE switchport 3. Enable the interface. INTERFACE mode no shutdown Example of the show config Command To verify that an interface is in Layer 2 mode and enabled, use the show config command from INTERFACE mode.
Figure 114. Spanning Tree Enabled Globally To enable STP globally, use the following commands. 1. Enter PROTOCOL SPANNING TREE mode. CONFIGURATION mode protocol spanning-tree 0 2. Enable STP. PROTOCOL SPANNING TREE mode no disable Examples of Verifying Spanning Tree Information To disable STP globally for all Layer 2 interfaces, use the disable command from PROTOCOL SPANNING TREE mode. To verify that STP is enabled, use the show config command from PROTOCOL SPANNING TREE mode.
To view the spanning tree configuration and the interfaces that are participating in STP, use the show spanning-tree 0 command from EXEC privilege mode. If a physical interface is part of a port channel, only the port channel is listed in the command output. R2#show spanning-tree 0 Executing IEEE compatible Spanning Tree Protocol Bridge Identifier has priority 32768, address 0001.e826.ddb7 Configured hello time 2, max age 20, forward delay 15 Current root has priority 32768, address 0001.e80d.
spanning-tree 0 Modifying Global Parameters You can modify the spanning tree parameters. The root bridge sets the values for forward-delay, hellotime, and max-age and overwrites the values set on other bridges participating in STP. NOTE: Dell Networking recommends that only experienced network administrators change the spanning tree parameters. Poorly planned modification of the spanning tree parameters can negatively affect network performance. The following table displays the default values for STP.
PROTOCOL SPANNING TREE mode max-age seconds The range is from 6 to 40. The default is 20 seconds. To view the current values for global parameters, use the show spanning-tree 0 command from EXEC privilege mode. Refer to the second example in Enabling Spanning Tree Protocol Globally. Modifying Interface STP Parameters You can set the port cost and port priority values of interfaces in Layer 2 mode. • Port cost — a value that is based on the interface type.
CAUTION: Enable PortFast only on links connecting to an end station. PortFast can cause loops if it is enabled on an interface connected to a network. To enable PortFast on an interface, use the following command. • Enable PortFast on an interface.
• When you add a physical port to a port channel already in the Error Disable state, the new member port is also disabled in the hardware. • When you remove a physical port from a port channel in the Error Disable state, the Error Disabled state is cleared on this physical port (the physical port is enabled in the hardware). • You can clear the Error Disabled state with any of the following methods: – Perform a shutdown command on the interface.
• drops all BPDUs at the line card without generating a console message Example of Blocked BPDUs Dell(conf-if-te-1/7/1)#do show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 0001.e805.fb07 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 0001.e85d.0e90 Configured hello time 2, max age 20, forward delay 15 Interface Name PortID Prio ------------ -------Te 1/6/1 128.263 128 Te 1/7/1 128.
STP Root Guard Use the STP root guard feature in a Layer 2 network to avoid bridging loops. In STP, the switch in the network with the lowest priority (as determined by STP or set with the bridge-priority command) is selected as the root bridge. If two switches have the same priority, the switch with the lower MAC address is selected as the root. All other switches in the network use the root bridge as the reference used to calculate the shortest forwarding path.
Figure 116. STP Root Guard Prevents Bridging Loops Configuring Root Guard Enable STP root guard on a per-port or per-port-channel basis. Dell Networking OS Behavior: The following conditions apply to a port enabled with STP root guard: • Root guard is supported on any STP-enabled port or port-channel interface except when used as a stacking port.
• Enable root guard on a port or port-channel interface. INTERFACE mode or INTERFACE PORT-CHANNEL mode spanning-tree {0 | mstp | rstp | pvst} rootguard – 0: enables root guard on an STP-enabled port assigned to instance 0. – mstp: enables root guard on an MSTP-enabled port. – rstp: enables root guard on an RSTP-enabled port. – pvst: enables root guard on a PVST-enabled port.
STP Loop Guard The STP loop guard feature provides protection against Layer 2 forwarding loops (STP loops) caused by a hardware failure, such as a cable failure or an interface fault. When a cable or interface fails, a participating STP link may become unidirectional (STP requires links to be bidirectional) and an STP port does not receive BPDUs. When an STP blocking port does not receive BPDUs, it transitions to a Forwarding state. This condition can create a loop in the network.
Figure 117. STP Loop Guard Prevents Forwarding Loops Configuring Loop Guard Enable STP loop guard on a per-port or per-port channel basis. The following conditions apply to a port enabled with loop guard: • Loop guard is supported on any STP-enabled port or port-channel interface.
• You cannot enable root guard and loop guard at the same time on an STP port. For example, if you configure loop guard on a port on which root guard is already configured, the following error message is displayed: % Error: RootGuard is configured. Cannot configure LoopGuard. • Enabling Portfast BPDU guard and loop guard at the same time on a port results in a port that remains in a blocking state and prevents traffic from flowing through it.
System Time and Date 49 System time and date settings and the network time protocol (NTP) are supported on Dell Networking OS. You can set system times and dates and maintained through the NTP. They are also set through the Dell Networking Operating System (OS) command line interfaces (CLIs) and hardware settings. The Dell Networking OS supports reaching an NTP server through different VRFs. You can configure a maximum of eight logging servers across different VRFs or the same VRF.
In what may be the most common client/server model, a client sends an NTP message to one or more servers and processes the replies as received. The server interchanges addresses and ports, overwrites certain fields in the message, recalculates the checksum and returns the message immediately. Information included in the NTP message allows the client to determine the server time regarding local time and adjust the local clock accordingly.
Implementation Information Dell Networking systems can only be an NTP client. Configure the Network Time Protocol Configuring NTP is a one-step process. • Enabling NTP Related Configuration Tasks • Configuring NTP Broadcasts • Disabling NTP on an Interface • Configuring a Source IP Address for NTP Packets (optional) Enabling NTP NTP is disabled by default. To enable NTP, specify an NTP server to which the Dell Networking system synchronizes.
• Set the interface to receive NTP packets. INTERFACE mode ntp broadcast client Example of Configuring NTP Broadcasts 2w1d11h : NTP: Maximum Slew:-0.000470, Remainder = -0.496884 Disabling NTP on an Interface By default, NTP is enabled on all active interfaces. If you disable NTP on an interface, Dell Networking OS drops any NTP packets sent to that interface. To disable NTP on an interface, use the following command. • Disable NTP on the interface.
Configuring NTP Authentication NTP authentication and the corresponding trusted key provide a reliable means of exchanging NTP packets with trusted time sources. NTP authentication begins when the first NTP packet is created following the configuration of keys. NTP authentication in Dell Networking OS uses the message digest 5 (MD5) algorithm and the key is embedded in the synchronization packet that is sent to an NTP time source.
– ipv4-address : Enter an IPv4 address in dotted decimal format (A.B.C.D). – ipv6-address : Enter an IPv6 address in the format 0000:0000:0000:0000:0000:0000:0000:0000. Elision of zeros is supported. – key keyid : Configure a text string as the key exchanged between the NTP server and the client. – prefer: Enter the keyword prefer to set this NTP server as the preferred server. – version number : Enter a number as the NTP version. The range is from 1 to 4. 5. Configure the switch as NTP master.
NOTE: • Leap Indicator (sys.leap, peer.leap, pkt.leap) — This is a two-bit code warning of an impending leap second to be inserted in the NTP time scale. The bits are set before 23:59 on the day of insertion and reset after 00:00 on the following day. This causes the number of seconds (rollover interval) in the day of insertion to be increased or decreased by one.
Dell Networking OS Time and Date You can set the time and date using the Dell Networking OS CLI. Configuration Task List The following is a configuration task list for configuring the time and date settings.
– timezone-name: enter the name of the timezone. Do not use spaces. – offset: enter one of the following: * a number from 1 to 23 as the number of hours in addition to UTC for the timezone. * a minus sign (-) then a number from 1 to 23 as the number of hours.
00:00:00 pacific Sat Nov 7 2009" Setting Recurring Daylight Saving Time Set a date (and time zone) on which to convert the switch to daylight saving time on a specific day every year. If you have already set daylight saving for a one-time setting, you can set that date and time as the recurring setting with the clock summer-time time-zone recurring command. To set a recurring daylight saving time, use the following command.
Examples of the clock summer-time recurring Command The following example shows the clock summer-time recurring command.
Tunneling 50 Tunnel interfaces create a logical tunnel for IPv4 or IPv6 traffic. Tunneling supports RFC 2003, RFC 2473, and 4213. DSCP, hop-limits, flow label values, open shortest path first (OSPF) v2, and OSPFv3 are supported. Internet control message protocol (ICMP) error relay, PATH MTU transmission, and fragmented packets are not supported. Configuring a Tunnel You can configure a tunnel in IPv6 mode, IPv6IP mode, and IPIP mode.
! interface Tunnel 2 no ip address ipv6 address 2::1/64 tunnel destination 90.1.1.1 tunnel source 60.1.1.1 tunnel mode ipv6ip no shutdown The following sample configuration shows a tunnel configured in IPIP mode (IPv4 tunnel carries IPv4 and IPv6 traffic): Dell(conf)#interface tunnel 3 Dell(conf-if-tu-3)#tunnel source 5::5 Dell(conf-if-tu-3)#tunnel destination 8::9 Dell(conf-if-tu-3)#tunnel mode ipv6 Dell(conf-if-tu-3)#ip address 3.1.1.
no shutdown Configuring a Tunnel Interface You can configure the tunnel interface using the ip unnumbered and ipv6 unnumbered commands. To configure the tunnel interface to operate without a unique explicit IP or IPv6 address, select the interface from which the tunnel borrows its address. The following sample configuration shows how to use the interface tunnel configuration commands. Dell(conf-if-te-1/1/1)#show config ! interface TenGigabitEthernet 1/1/1 ip address 20.1.1.
tunnel mode ipip decapsulate-any no shutdown Configuring Tunnel source anylocal Decapsulation The tunnel source anylocal command allows a multipoint receive-only tunnel to decapsulate tunnel packets addressed to any IPv4 or IPv6 (depending on the tunnel mode) address configured on the switch that is operationally UP. The source anylocal parameters can be used for packet decapsulation instead of the ip address or interface (tunnel allow-remote command), but only on multipoint receive-only mode tunnels.
Multipoint Receive-Only Tunnels A multipoint receive-only IP tunnel decapsulates packets from remote end-points and never forwards packets on the tunnel. You can configure an additional level of security on a receive-only IP tunnel by specifying a valid prefix or range of remote peers. The operational status of a multipoint receive-only tunnel interface always remains up.
51 Upgrade Procedures To find the upgrade procedures, go to the Dell Networking OS Release Notes for your system type to see all the requirements needed to upgrade to the desired Dell Networking OS version. To upgrade your system type, follow the procedures in the Dell Networking OS Release Notes. Get Help with Upgrades Direct any questions or concerns about the Dell Networking OS upgrade procedures to the Dell Technical Support Center. You can reach Technical Support: • On the web: http://www.dell.
Virtual LANs (VLANs) 52 Virtual LANs (VLANs) are a logical broadcast domain or logical grouping of interfaces in a local area network (LAN) in which all data received is kept locally and broadcast to all members of the group. When in Layer 2 mode, VLANs move traffic at wire speed and can span multiple devices. The system supports up to 4093 port-based VLANs and one default VLAN, as specified in IEEE 802.1Q.
command places the interface in Layer 2 mode and the show vlan command in EXEC privilege mode indicates that the interface is now part of the Default VLAN (VLAN 1). By default, VLAN 1 is the Default VLAN. To change that designation, use the default vlan-id command in CONFIGURATION mode. You cannot delete the Default VLAN. NOTE: You cannot assign an IP address to the Default VLAN. To assign an IP address to a VLAN that is currently the Default VLAN, create another VLAN and assign it to be the Default VLAN.
VLANs and Port Tagging To add an interface to a VLAN, the interface must be in Layer 2 mode. After you place an interface in Layer 2 mode, the interface is automatically placed in the Default VLAN. Dell Networking OS supports IEEE 802.1Q tagging at the interface level to filter traffic. When you enable tagging, a tag header is added to the frame after the destination and source MAC addresses. That information is preserved as the frame moves through the network.
NOTE: In a VLAN, the shutdown command stops Layer 3 (routed) traffic only. Layer 2 traffic continues to pass through the VLAN. If the VLAN is not a routed VLAN (that is, configured with an IP address), the shutdown command has no affect on VLAN traffic. When you delete a VLAN (using the no interface vlan vlan-id command), any interfaces assigned to that VLAN are assigned to the Default VLAN as untagged interfaces. To create a port-based VLAN, use the following command.
INTERFACE mode tagged interface Add an Interface to Another VLAN To view just the interfaces that are in Layer 2 mode, use the show interfaces switchport command in EXEC Privilege mode or EXEC mode. The following example shows the steps to add a tagged interface (in this case, port channel 1) to VLAN 4. To view the interface’s status. Interface (po 1) is tagged and in VLAN 2 and 3, use the show vlan command. In a port-based VLAN, use the tagged command to add the interface to another VLAN.
CONFIGURATION mode interface vlan vlan-id 2. Configure an interface as untagged. INTERFACE mode untagged interface This command is available only in VLAN interfaces. Move an Untagged Interface to Another VLAN The no untagged interface command removes the untagged interface from a port-based VLAN and places the interface in the Default VLAN. You cannot use the no untagged interface command in the Default VLAN.
Assigning an IP Address to a VLAN VLANs are a Layer 2 feature. For two physical interfaces on different VLANs to communicate, you must assign an IP address to the VLANs to route traffic between the two interfaces. The shutdown command in INTERFACE mode does not affect Layer 2 traffic on the interface; the shutdown command only prevents Layer 3 traffic from traversing over the interface. NOTE: You cannot assign an IP address to the Default VLAN (VLAN 1).
INTERFACE mode 2. Configure the interface for Hybrid mode. INTERFACE mode portmode hybrid 3. Configure the interface for Switchport mode. INTERFACE mode switchport 4. Add the interface to a tagged or untagged VLAN.
VLT Proxy Gateway 53 The virtual link trucking (VLT) proxy gateway feature allows a VLT domain to locally terminate and route L3 packets that are destined to a Layer 3 (L3) end point in another VLT domain. Enable the VLT proxy gateway using the link layer discover protocol (LLDP) method or the static configuration. For more information, see the Dell Networking OS Command Line Reference Guide.
Figure 120. Sample Configuration for a VLT Proxy Gateway Guidelines for Enabling the VLT Proxy Gateway Keep the following points in mind when you enable a VLT proxy gateway: • • • • • • • Proxy gateway is supported only for VLT; for example, across a VLT domain. You must enable the VLT peer-routing command for the VLT proxy gateway to function.
• If the port-channel specified in the proxy-gateway command is not a VLT LAG, the configuration is rejected by the CLI. • You cannot change the VLT LAG to a legacy LAG when it is part of proxy-gateway. • You cannot change the link layer discovery protocol (LLDP) port channel interface to a legacy LAG when you enable a proxy gateway. • Dell Networking recommends the vlt-peer-mac transmit command only for square VLTs without diagonal links.
• LLDP uses the existing infrastructure and adds a new TLV for sending and receiving on the configured ports. • There are only a few MAC addresses for each unit transmitted. All currently active MAC addresses are carried on the newly defined TLV. • Dell Networking devices not configured with VLT proxy gateway process standard TLVs and ignore TLVs configured with VLT proxy gateway.
Figure 121. Sample Configuration for a VLT Proxy Gateway • The above figure shows a sample VLT Proxy gateway scenario. There are no diagonal links in the square VLT connection between the C and D in VLT domain 1 and C1 and D1 in the VLT domain 2. This causes sub-optimal routing with the VLT Proxy Gateway LLDP method.
address of D1, it may be dropped. This behavior is applicable only in an LLDP configuration; in a static configuration, the packet is forwarded. • Any L3 packet, when it gets an L3 hit and is routed, it has a time to live (TTL) decrement as expected. • You can disable the VLT Proxy Gateway for a particular VLAN using an "Exclude-VLAN" configuration. The configuration has to be done in both the VLT domains [C and D in VLT domain 1 and C1 and D1 in VLT domain 2].
Sample Dynamic Proxy Configuration on C switch or C1 switch Switch_C#conf Switch_C(conf)#vlt domain 1 Switch_C(conf-vlt-domain1)#proxy-gateway lldp Switch_C(conf-vlt-domain1-pxy-gw-lldp)#peer-domain-link port-channel 1....
54 Virtual Link Trunking (VLT) Virtual link trunking (VLT) allows physical links between two chassis to appear as a single virtual link to the network core or other switches such as Edge, Access, or top-of-rack (ToR). Overview VLT reduces the role of spanning tree protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distribution or core switches and supporting a loop-free topology.
Figure 122. Example of VLT Deployment VLT on Core Switches Uplinks from servers to the access layer and from access layer to the aggregation layer are bundled in LAG groups with end-to-end Layer 2 multipathing. This set up requires “horizontal” stacking at the access layer and VLT at the aggregation layer such that all the uplinks from servers to access and access to aggregation are in Active-Active Load Sharing mode.
Figure 123. Enhanced VLT VLT Terminology The following are key VLT terms. • Virtual link trunk (VLT) — The combined port channel between an attached device and the VLT peer switches. • VLT backup link — The backup link monitors the vitality of VLT peer switches. The backup link sends configurable, periodic keep alive messages between the VLT peer switches. • VLT interconnect (VLTi) — The link used to synchronize states between the VLT peer switches.
Configure Virtual Link Trunking VLT requires that you enable the feature and then configure the same VLT domain, backup link, and VLT interconnect on both peer switches. Important Points to Remember • VLT port channel interfaces must be switch ports. • If you include RSTP on the system, configure it before VLT. Refer to Configure Rapid Spanning Tree. • If you include PVST on the system, configure it before VLT. Refer to PVST Configuration.
• VLT Heartbeat is supported only on default VRFs. • In a scenario where one hundred hosts are connected to a Peer1 on a non-VLT domain and traffic flows through Peer1 to Peer2; when you move these hosts from a non-VLT domain to a VLT domain and send ARP requests to Peer1, only half of these ARP requests reach Peer1, while the remaining half reach Peer2 (because of LAG hashing).
– The VLT interconnect must consist of either 10G or 40G ports. A maximum of eight 10G or four 40G ports is supported. A combination of 10G and 40G ports is not supported. – A VLT interconnect over 1G ports is not supported. – The port channel must be in Default mode (not Switchport mode) to have VLTi recognize it. – The system automatically includes the required VLANs in VLTi. You do not need to manually select VLANs.
– In order that the chassis backup link does not share the same physical path as the interconnect trunk, Dell Networking recommends using the management ports on the chassis and traverse an out-of-band management network. The backup link can use user ports, but not the same ports the interconnect trunk uses. – The chassis backup link does not carry control plane information or data traffic. Its use is restricted to health checks only.
– For information about configuring IGMP Snooping in a VLT domain, refer to VLT and IGMP Snooping. – All system management protocols are supported on VLT ports, including SNMP, RMON, AAA, ACL, DNS, FTP, SSH, Syslog, NTP, RADIUS, SCP, TACACS+, Telnet, and LLDP. – Enable Layer 3 VLAN connectivity VLT peers by configuring a VLAN network interface for the same VLAN on both switches. – Dell Networking does not recommend enabling peer-routing if the CAM is full.
– If the primary chassis fails, the secondary chassis takes on the operational role of the primary. • The SNMP MIB reports VLT statistics. Primary and Secondary VLT Peers To prevent issues when connectivity between peers is lost, you can designate Primary and Secondary roles for VLT peers . You can elect or configure the Primary Peer. By default, the peer with the lowest MAC address is selected as the Primary Peer.
When the bandwidth usage drops below the 80% threshold, the system generates another syslog message (shown in the following message) and an SNMP trap. %STKUNIT0-M:CP %VLTMGR-6-VLT-LAG-ICL: Overall Bandwidth utilization of VLT-ICLLAG (port-channel 25) reaches below threshold.
Figure 124. PIM-Sparse Mode Support on VLT On each VLAN where the VLT peer nodes act as the first hop or last hop routers, one of the VLT peer nodes is elected as the PIM designated router. If you configured IGMP snooping along with PIM on the VLT VLANs, you must configure VLTi as the static multicast router port on both VLT peer switches. This ensures that for first hop routers, the packets from the source are redirected to the designated router (DR) if they are incorrectly hashed.
To route traffic to and from the multicast source and receiver, enable PIM on the L3 side connected to the PIM router using the ip pim sparse-mode command. Each VLT peer runs its own PIM protocol independently of other VLT peers. To ensure the PIM protocol states or multicast routing information base (MRIB) on the VLT peers are synced, if the incoming interface (IIF) and outgoing interface (OIF) are Spanned, the multicast route table is synced between the VLT peers.
• L3 routing is enabled on any new IP address / IPv6 address configured for a VLAN interface that is up. • L3 routing is enabled on any VLAN with an admin state of up. NOTE: If the CAM is full, do not enable peer-routing. NOTE: The peer routing and peer-routing-timeout is applicable for both IPv6/ IPv4. Configuring VLT Unicast To enable and configure VLT unicast, follow these steps. 1. Enable VLT on a switch, then configure a VLT domain and enter VLT-domain configuration mode.
node to choose a different VLAN or IP route to reach the PIM neighbor. This can result in issues with multicast route syncing between peers. • Both VLT peers require symmetric Layer 2 and Layer 3 configurations on both VLT peers for any spanned VLAN. • For optimal performance, configure the VLT VLAN routing metrics to prefer VLT VLAN interfaces over non-VLT VLAN interfaces.
Run RSTP on both VLT peer switches. The primary VLT peer controls the RSTP states, such as forwarding and blocking, on both the primary and secondary peers. Dell Networking recommends configuring the primary VLT peer as the RSTP primary root device and configuring the secondary VLT peer as the RSTP secondary root device. BPDUs use the MAC address of the primary VLT peer as the RSTP bridge ID in the designated bridge ID field.
Configure RSTP on VLT Peers to Prevent Forwarding Loops (VLT Peer 1) Dell_VLTpeer1(conf)#protocol spanning-tree rstp Dell_VLTpeer1(conf-rstp)#no disable Dell_VLTpeer1(conf-rstp)#bridge-priority 4096 Configure RSTP on VLT Peers to Prevent Forwarding Loops (VLT Peer 2) Dell_VLTpeer2(conf)#protocol spanning-tree rstp Dell_VLTpeer2(conf-rstp)#no disable Dell_VLTpeer2(conf-rstp)#bridge-priority 0 Configuring VLT To configure VLT, use the following procedure.
3. Add one or more port interfaces to the port channel. INTERFACE PORT-CHANNEL mode channel-member interface interface: specify one of the following interface types: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/ subport information. • For a 40-Gigabit Ethernet interface, enter the keyword fortyGigE then the slot/port/subport information. • For a 25-Gigabit Ethernet interface, enter the keyword twentyFiveGigE then the slot/port/ subport information.
peer-link port-channel id-number 4. (Optional) After you configure a VLT domain on each peer switch and connect (cable) the two VLT peers on each side of the VLT interconnect, the system elects a primary and secondary VLT peer device (see Primary and Secondary VLT Peers). To configure the primary and secondary roles before the election process, use the primary-priority command. Enter a lower value on the primary peer and a higher value on the secondary peer.
back-up destination {ip address ipv4-address/ mask | ipv6 address ipv6address/ mask} 5. Repeat Steps 1 to 4 on the VLT peer switch. To set an amount of time, in seconds, to delay the system from restoring the VLT port, use the delayrestore command at any time. For more information, refer to VLT Port Delayed Restoration. Configuring a VLT Port Delay Period To configure a VLT port delay period, use the following commands. 1. Enter VLT-domain configuration mode for a specified VLT domain.
Also, reconfigure the same MAC address on the VLT peer switch. Use this command to minimize the time required for the VLT system to synchronize the default MAC address of the VLT domain on both peer switches when one peer switch reboots. 4. (Optional) When you create a VLT domain on a switch, Dell Networking OS automatically assigns a unique unit ID (0 or 1) to each peer switch.
• 5. For a 100-Gigabit Ethernet interface, enter the keyword hundredGigE then the slot/port information. Ensure that the port channel is active. INTERFACE PORT-CHANNEL mode no shutdown 6. Associate the port channel to the corresponding port channel in the VLT peer for the VLT connection to an attached device. INTERFACE PORT-CHANNEL mode vlt-peer-lag port-channel id-number 7. Repeat Steps 1 to 6 on the VLT peer switch to configure the same port channel as part of the VLT domain. 8.
interface port-channel id-number Enter the same port-channel number configured with the peer-link port-channel command in the . 2. Add one or more port interfaces to the port channel. INTERFACE PORT-CHANNEL mode channel-member interface interface: specify one of the following interface types: • For a 10-Gigabit Ethernet interface, enter the keyword TenGigabitEthernet then the slot/port/ subport information.
7. When you create a VLT domain on a switch, Dell Networking OS automatically assigns a unique unit ID (0 or 1) to each peer switch. VLT DOMAIN CONFIGURATION mode unit-id {0 | 1} The unit IDs are used for internal system operations. To explicitly configure the default values on each peer switch, use the unit-id command. Configure a different unit ID (0 or 1) on each peer switch.
no shutdown 16. Repeat steps 1 through 15 for the VLT peer node in Domain 1. 17. Repeat steps 1 through 15 for the first VLT node in Domain 2. 18. Repeat steps 1 through 15 for the VLT peer node in Domain 2. To verify the configuration of a VLT domain, use any of the show commands described in . VLT Sample Configuration To review a sample VLT configuration setup, study these steps. 1. Configure the VLT domain with the same ID in VLT peer 1 and VLT peer 2. VLT DOMAIN mode vlt domain domain id 2.
show running-config entity 12. Verify that VLT is running. EXEC mode show vlt brief or show vlt detail 13. Verify that the VLT LAG is running in both VLT peer units. EXEC mode or EXEC Privilege mode show interfaces interface Example of Configuring VLT In the following sample VLT configuration steps, VLT peer 1 is Dell-2, VLT peer 2 is Dell-4, and the ToR is S60-1.
port-channel 2 mode active no shutdown configuring VLT peer lag in VLT Dell-2#show running-config interface port-channel 2 ! interface Port-channel 2 no ip address switchport vlt-peer-lag port-channel 2 no shutdown Dell-2#show interfaces port-channel 2 brief Codes: L - LACP Port-channel L LAG 2 Mode L2L3 Status up Uptime 03:33:14 Ports Te 1/4/1 (Up) In the ToR unit, configure LACP on the physical ports.
HeartBeat Status VLT Peer Status Version Local System MAC address Remote System MAC address Remote system version Delay-Restore timer : Up : Up : : : : Delay-Restore Abort Threshold Peer-Routing Peer-Routing-Timeout timer Multicast peer-routing timeout Dell# : 6(3) 00:01:e8:8a:e9:91 00:01:e8:8a:e9:76 6(3) 90 seconds : 60 seconds : Disabled : 0 seconds : 150 seconds Verify that the VLT LAG is up in VLT peer unit.
Configure PVST+ on VLT Peers to Prevent Forwarding Loops (VLT Peer 2) Dell_VLTpeer2(conf)#protocol spanning-tree pvst Dell_VLTpeer2(conf-pvst)#no disable Dell_VLTpeer2(conf-pvst)#vlan 1000 bridge-priority 4096 Configure both ends of the VLT interconnect trunk with identical PVST+ configurations. When you enable VLT, the show spanning-tree pvst brief command output displays VLT information.
Figure 125. eVLT Configuration Example eVLT Configuration Step Examples In Domain 1, configure the VLT domain and VLTi on Peer 1. Domain_1_Peer1#configure Domain_1_Peer1(conf)#interface port-channel 1 Domain_1_Peer1(conf-if-po-1)# channel-member TenGigabitEthernet 1/8/1-1/8/2 Domain_1_Peer1(conf)#vlt domain 1000 Domain_1_Peer1(conf-vlt-domain)# peer-link port-channel 1 Domain_1_Peer1(conf-vlt-domain)# back-up destination 10.16.130.
Configure eVLT on Peer 2. Domain_1_Peer2(conf)#interface port-channel 100 Domain_1_Peer2(conf-if-po-100)# switchport Domain_1_Peer2(conf-if-po-100)# vlt-peer-lag port-channel 100 Domain_1_Peer2(conf-if-po-100)# no shutdown Add links to the eVLT port-channel on Peer 2.
Add links to the eVLT port-channel on Peer 4.
• show vlt backup-link Display general status information about VLT domains currently configured on the switch. EXEC mode • show vlt brief Display detailed information about the VLT-domain configuration, including local and peer portchannel IDs, local VLT switch status, and number of active VLANs on each port channel.
----------------Destination: Peer HeartBeat status: HeartBeat Timer Interval: HeartBeat Timeout: UDP Port: HeartBeat Messages Sent: HeartBeat Messages Received: 10.11.200.18 Up 1 3 34998 1026 1025 Dell_VLTpeer2# show vlt backup-link VLT Backup Link ----------------Destination: Peer HeartBeat status: HeartBeat Timer Interval: HeartBeat Timeout: UDP Port: HeartBeat Messages Sent: HeartBeat Messages Received: 10.11.200.20 Up 1 3 34998 1030 1014 The following example shows the show vlt brief command.
The following example shows the show vlt role command.
The bold section displays the RSTP state of port channels in the VLT domain. Port channel 100 is used in the VLT interconnect trunk (VLTi) to connect to VLT peer2. Port channels 110, 111, and 120 are used to connect to access switches or servers (vlt). Dell_VLTpeer1# show spanning-tree rstp brief Executing IEEE compatible Spanning Tree Protocol Root ID Priority 0, Address 0001.e88a.dff8 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 4096, Address 0001.e88a.
Configure the backup link. Dell_VLTpeer1(conf)#interface ManagementEthernet 1/1 Dell_VLTpeer1(conf-if-ma-1/1)#ip address 10.11.206.23/ Dell_VLTpeer1(conf-if-ma-1/1)#no shutdown Dell_VLTpeer1(conf-if-ma-1/1)#exit Configure the VLT interconnect (VLTi).
Configure the port channel to an attached device. Dell_VLTpeer2(conf)#interface port-channel 110 Dell_VLTpeer2(conf-if-po-110)#no ip address Dell_VLTpeer2(conf-if-po-110)#switchport Dell_VLTpeer2(conf-if-po-110)#channel-member fortyGigE 1/12 Dell_VLTpeer2(conf-if-po-110)#no shutdown Dell_VLTpeer2(conf-if-po-110)#vlt-peer-lag port-channel 110 Dell_VLTpeer2(conf-if-po-110)#end Verify that the port channels used in the VLT domain are assigned to the same VLAN.
Description Behavior at Peer Up Behavior During Run Time A syslog error message and an SNMP trap are generated. A syslog error message and an SNMP trap are generated. Dell Networking OS Version mismatch A syslog error message is generated. A syslog error message is generated. Follow the correct upgrade procedure for the unit with the mismatched Dell Networking OS version.
Description Behavior at Peer Up Behavior During Run Time Action to Take VLT LAG ID is not configured on one VLT peer A syslog error message is generated. The peer with the VLT configured remains active. A syslog error message is generated. The peer with the VLT configured remains active. Verify the VLT LAG ID is configured correctly on both VLT peers. VLT LAG ID mismatch The VLT port channel is brought down. The VLT port channel is brought down. A syslog error message is generated.
You can associate either a VLT VLAN or a VLT LAG to a PVLAN. First configure the VLT interconnect (VLTi) or a VLT LAG by using the peer-link port-channel id-number command or the VLT VLAN by using the peer-link port-channel id-number peer-down-vlan vlan interface number command and the switchport command.
MAC Synchronization for VLT Nodes in a PVLAN For the MAC addresses that are learned on non-VLT ports, MAC address synchronization is performed with the other peer if the VLTi (ICL) link is part of the same VLAN as the non-VLT port. For MAC addresses that are learned on VLT ports, the VLT LAG mode of operation and the primary to secondary association of the VLT nodes is determined on both the VLT peers.
• Layer 3 communication between secondary VLANs in a private VLAN is enabled by using the ip local-proxy-arp command in INTERFACE VLAN configuration mode. • The ARP request is not received on the ICL Under such conditions, the IP stack performs the following operations: • The ARP reply is sent with the MAC address of the primary VLAN. • The ARP request packet originates on the primary VLAN for the intended destination IP address.
VLT LAG Mode Peer1 PVLAN Mode of VLT VLAN Peer2 ICL VLAN Membership Mac Synchronizatio n Peer1 Peer2 - Secondary (Isolated) - Secondary (Isolated) Yes Yes Promiscuous Trunk Primary Normal No No Promiscuous Trunk Primary Primary Yes No Access Access Secondary (Community) Secondary (Community) Yes Yes - Primary VLAN X - Primary VLAN X Yes Yes Secondary (Isolated) Secondary (Isolated) Yes Yes - Primary VLAN X - Primary VLAN X Yes Yes Secondary (Isolated) Secondary (Isol
CONFIGURATION mode interface port-channel id-number. Enter the same port-channel number configured with the peer-link port-channel command as described in Enabling VLT and Creating a VLT Domain. NOTE: To be included in the VLTi, the port channel must be in Default mode (no switchport or VLAN assigned). 2. Remove an IP address from the interface. INTERFACE PORT-CHANNEL mode no ip address 3. Add one or more port interfaces to the port channel.
INTERFACE mode no shutdown 3. Set the port in Layer 2 mode. INTERFACE mode switchport 4. Select the PVLAN mode. INTERFACE mode switchport mode private-vlan {host | promiscuous | trunk} • • • 5. host (isolated or community VLAN port) promiscuous (intra-VLAN communication port) trunk (inter-switch PVLAN hub port) Access INTERFACE VLAN mode for the VLAN to which you want to assign the PVLAN interfaces. CONFIGURATION mode interface vlan vlan-id 6. Enable the VLAN. INTERFACE VLAN mode no shutdown 7.
the show config command output, it is enabled. Only nondefault information is displayed in the show config command output. ARP proxy operation is performed on the VLT peer node IP address when the peer VLT node is down. The ARP proxy stops working either when the peer routing timer expires or when the peer VLT node goes up. Layer 3 VLT provides a higher resiliency at the Layer 3 forwarding level. VLT peer routing enables you to replace VRRP with routed VLT to route the traffic from Layer 2 access nodes.
When a VLT node detects peer up, it will not perform proxy ARP for the peer IP addresses. IP address synchronization occurs again between the VLT peers. Proxy ARP is enabled only if peer routing is enabled on both the VLT peers. If you disable peer routing by using the no peer-routingcommand in VLT DOMAIN node, a notification is sent to the VLT peer to disable the proxy ARP.
node to retain synced multicast routes or synced multicast outgoing interface (OIF), after a VLT peer node failure, through the multicast peer-routing-timeout command in VLT DOMAIN mode. Using the bootstrap router (BSR) mechanism, both the VLT nodes in a VLT domain can be configured as the candidate RP for the same group range. When an RP fails, the VLT peer automatically takes over the role of the RP. This phenomenon enables resiliency to be achieved by the PIM BSR protocol.
Dell(conf-if-po-10)#vlt-peer-lag port-channel 10 Dell(conf-if-po-10)#vlan-stack access Dell(conf-if-po-10)#no shutdown Dell#show running-config interface port-channel 10 ! interface Port-channel 10 no ip address switchport vlan-stack access vlt-peer-lag port-channel 10 no shutdown Dell# Dell(conf)#interface port-channel 20 Dell(conf-if-po-20)#switchport Dell(conf-if-po-20)#vlt-peer-lag port-channel 20 Dell(conf-if-po-20)#vlan-stack trunk Dell(conf-if-po-20)#no shutdown Dell#show running-config interface por
Sample Configuration of VLAN-Stack Over VLT (Peer 2) Configure VLT domain Dell(conf)#vlt domain 1 Dell(conf-vlt-domain)#peer-link port-channel 1 Dell(conf-vlt-domain)#back-up destination 10.16.151.115 Dell(conf-vlt-domain)#system-mac mac-address 00:00:00:11:11:11 Dell(conf-vlt-domain)#unit-id 1 Dell(conf-vlt-domain)# Dell#show running-config vlt vlt domain 1 peer-link port-channel 1 back-up destination 10.16.151.
interface Vlan 50 vlan-stack compatible member Port-channel 10,20 shutdown Dell# Verify that the Port Channels used in the VLT Domain are Assigned to the VLAN-Stack VLAN Dell#show vlan id 50 Codes: * - Default VLAN, G - GVRP VLANs, R - Remote Port Mirroring VLANs, P Primary, C - Community, I - Isolated O - Openflow Q: U - Untagged, T - Tagged x - Dot1x untagged, X - Dot1x tagged o - OpenFlow untagged, O - OpenFlow tagged G - GVRP tagged, M - Vlan-stack i - Internal untagged, I - Internal tagged, v - VLT unt
Virtual Extensible LAN (VXLAN) 55 Virtual Extensible LAN (VXLAN) is supported on Dell Networking OS. Overview The switch acts as the VXLAN gateway and performs the VXLAN Tunnel End Point (VTEP) functionality. VXLAN is a technology where in the data traffic from the virtualized servers is transparently transported over an existing legacy network. Figure 126.
Components of VXLAN network VXLAN provides a mechanism to extend an L2 network over an L3 network. In short, VXLAN is an L2 overlay scheme over an L3 network and this overlay is termed as a VXLAN segment.
VXLAN Hypervisor It is the VTEP that connects the Virtual Machines (VM) to the underlay legacy network to the physical infrastructure. Service Node(SN) It is also another VTEP, but it is fully managed by NSX. The purpose of SN is to be the central replication engine for flooded packets Legacy TOR It is a TOR switch, which performs routing or switching decisions. Functional Overview of VXLAN Gateway The following section is the functional overview of VXLAN Gateway: 1.
Figure 127. VXLAN Frame Format Components of VXLAN Frame Format Some of the important fields of the VXLAN frame format are described below: Outer Ethernet Header: Outer IP Header: Outer UDP Header: 942 The Outer Ethernet Header consists of the following components: • Destination Address: Generally, it is a first hop router's MAC address when the VTEP is on a different address. • Source Address : It is the source MAC address of the router that routes the packet.
VXLAN Header : Frame Check Sequence (FCS): • VXLAN Flags : Reserved bits set to zero except bit 3, the first bit, which is set to 1 for a valid VNI • VNI: The 24-bit field that is the VXLAN Network Identifier • Reserved: A set of fields, 24 bits and 8 bits, that are reserved and set to zero . Note that the original Ethernet frame's FCS is not included, but new FCS is generated on the outer Ethernet frame.
Figure 130. Create Transport Connector 2. Create Service Node To create service node, the required fields are the IP address and SSL certificate of the server. The Service node is responsible for broadcast/unknown unicast/multicast traffic replication. The following is the snapshot of the user interface for the creation of service node: Figure 131. Create Service Node 3. Create VXLAN Gateway To create a VXLAN L2 Gateway, the IP address of the Gateway is mandatory.
You can create a logical network by creating a logical switch. The logical network acts as the forwarding domain for workloads on the physical as well as virtual infrastructure. Figure 133. Create Logical Switch 5. Create Logical Switch Port A logical switch port provides a logical connection point for a VM interface (VIF) and a L2 gateway connection to an external network. It binds the virtual access ports in the GW to logical network (VXLAN) and VLAN. Figure 134.
You must configure feature VXLAN to configure vxlan-instance. 2. vxlan-instance CONFIGURATION mode vxlan-instance instance ID The platform supports only the instance ID 1 in the initial release. 3. controller VxLAN INSTANCE mode controller controller IDip address port port-number tcp|ptcp|pssl|ssl The port number range is from 1 to 6632. The default port number is 6632. The default connection type is ssl. 4. gateway-ip VxLAN INSTANCE mode gateway-ip IP address 5.
The following example shows the show vxlan vxlan-instance physical-locator command. Dell#show vxlan vxlan-instance 1 physical-locator Instance : 1 Tunnel : count 1 36.1.1.1 : vxlan_over_ipv4 (up) The following example shows the show vxlan vxlan-instance unicast-mac-local command. The following example shows the show vxlan vxlan-instance unicast-mac-remote command. Dell# show vxlan vxlan-instance <1> unicast-mac-remote Total Local Mac Count: 1 VNI MAC TUNNEL 4656 00:00:01:00:00:01 36.1.1.
Rx Bytes : 1317 Tx Packets : 13 Tx Bytes : 1321 The following example shows the show vxlan vxlan-instance physical-locator command. Dell#show vxlan vxlan-instance 1 physical-locator Instance : 1 Tunnel : count 1 36.1.1.1 : vxlan_over_ipv4 (up) The following example shows the show vxlan vxlan-instance unicast-mac-local command.
Virtual Routing and Forwarding (VRF) 56 Virtual Routing and Forwarding (VRF) allows a physical router to partition itself into multiple Virtual Routers (VRs). The control and data plane are isolated in each VR so that traffic does NOT flow across VRs.Virtual Routing and Forwarding (VRF) allows multiple instances of a routing table to co-exist within the same router at the same time. VRF Overview VRF improves functionality by allowing network paths to be segmented without using multiple devices.
Figure 135. VRF Network Example VRF Configuration Notes Although there is no restriction on the number of VLANs that can be assigned to a VRF instance, the total number of routes supported in VRF is limited by the size of the IPv4 CAM. VRF is implemented in a network device by using Forwarding Information Bases (FIBs). A network device may have the ability to configure different virtual routers, where entries in the FIB that belong to one VRF cannot be accessed by another VRF on the same device.
Dell Networking OS uses both the VRF name and VRF ID to manage VRF instances. The VRF name and VRF ID number are assigned using the ip vrf command. The VRF ID is displayed in show ip vrf command output. The VRF ID is not exchanged between routers. VRF IDs are local to a router. VRF supports some routing protocols only on the default VRF (default-vrf) instance. Table 1 displays the software features supported in VRF and whether they are supported on all VRF instances or only the default VRF. Table 90.
Feature/Capability Support Status for Default VRF Support Status for Non-default VRF NOTE: ACLs supported on all VRF VLAN ports. IPv4 ACLs are supported on nondefault-VRFs also. IPv6 ACLs are supported on defaultVRF only. PBR supported on default-VRF only. QoS not supported on VLANs.
DHCP DHCP requests are not forwarded across VRF instances. The DHCP client and server must be on the same VRF instance. VRF Configuration The VRF configuration tasks are: 1. Enabling VRF in Configuration Mode 2. Creating a Non-Default VRF 3. Assign an Interface to a VRF You can also: • View VRF Instance Information • Connect an OSPF Process to a VRF Instance • Configure VRRP on a VRF Load VRF CAM VRF is enabled by default on the switch.
NOTE: You can configure an IP address or subnet on a physical or VLAN interface that overlaps the same IP address or subnet configured on another interface only if the interfaces are assigned to different VRFs. If two interfaces are assigned to the same VRF, you cannot configure overlapping IP subnets or the same IP address on them. Table 93. Assigning an Interface to a VRF Task Command Syntax Command Mode Assign an interface to a VRF instance.
Table 95. View VRF Instance Information Task Command Syntax Display the interfaces assigned to show ip vrf [vrf-name] a VRF instance. To display information on all VRF instances (including the default VRF 0), do not enter a value for vrf-name. Command Mode EXEC Assigning an OSPF Process to a VRF Instance OSPF routes are supported on all VRF instances. Refer toOpen Shortest Path First (OSPFv2) for complete OSPF configuration information. Assign an OSPF process to a VRF instance .
Task Command Syntax Configure the VRRP group and virtual IP address vrrp-group 10 virtual-address 10.1.1.100 show config ----------------------------! interface TenGigabitEthernet 1/13/1 ip vrf forwarding vrf1 ip address 10.1.1.1/24 ! vrrp-group 10 virtual-address 10.1.1.100 no shutdown View VRRP command output for the VRF vrf1 show vrrp vrf vrf1 -----------------TenGigabitEthernet 1/13/1, IPv4 VRID: 10, Version: 2, Net: 10.1.1.1 VRF: 2 vrf1 State: Master, Priority: 100, Master: 10.1.1.
• ipv6 nd prefix — Configure IPv6 Routing Prefix Advertisement • ipv6 nd ra-guard — Configure IPv6 ra-guard • ipv6 nd ra-lifetime — Set IPv6 Router Advertisement Lifetime • ipv6 nd reachable-time — Set advertised reachability time • ipv6 nd retrans-timer — Set NS retransmit interval used and advertised in RA • ipv6 nd suppress-ra — Suppress IPv6 Router Advertisements • ipv6 ad — IPv6 Address Detection • ipv6 ad autoconfig — IPv6 stateless auto-configuration • ipv6 address
Figure 136.
Figure 137. Setup VRF Interfaces The following example relates to the configuration shown in the above illustrations. Router 1 ip vrf blue 1 ! ip vrf orange 2 ! ip vrf green 3 ! interface TenGigabitEthernet 3/1/1 no ip address switchport no shutdown ! interface TenGigabitEthernet 1/1/1 ip vrf forwarding blue ip address 10.0.0.
ip address 20.0.0.1/24 no shutdown ! interface TenGigabitEthernet 1/3/1 ip vrf forwarding green ip address 30.0.0.1/24 no shutdown ! interface Vlan 128 ip vrf forwarding blue ip address 1.0.0.1/24 tagged TenGigabitEthernet 3/1/1 no shutdown ! interface Vlan 192 ip vrf forwarding orange ip address 2.0.0.1/24 tagged TenGigabitEthernet 3/1/1 no shutdown ! interface Vlan 256 ip vrf forwarding green ip address 3.0.0.1/24 tagged TenGigabitEthernet 3/1/1 no shutdown ! router ospf 1 vrf blue router-id 1.0.0.
ip address 31.0.0.1/24 no shutdown ! interface Vlan 128 ip vrf forwarding blue ip address 1.0.0.2/24 tagged TenGigabitEthernet 3/1/1 no shutdown interface Vlan 192 ip vrf forwarding orange ip address 2.0.0.2/24 tagged TenGigabitEthernet 3/1/1 no shutdown ! interface Vlan 256 ip vrf forwarding green ip address 3.0.0.2/24 tagged TenGigabitEthernet 3/1/1 no shutdown ! router ospf 1 vrf blue router-id 1.0.0.2 network 11.0.0.0/24 area 0 network 1.0.0.
Codes: C - connected, S - static, R - RIP, B - BGP, IN - internal BGP, EX - external BGP,LO - Locally Originated, O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, IA - IS-IS inter area, * - candidate default, > - non-active route, + - summary route Gateway of last resort is not set Change Destination --------------------C 1.0.0.0/24 C 10.0.0.
0/0 00:09:45 S 31.0.0.0/24 via 3.0.0.2, Vl 256 1/0 00:09:06 ================================================================================ ====== The following shows the output of the show commands on Router 2. Router 2 Route Leaking VRFs Static routes can be used to redistribute routes between non-default to default/non-default VRF and vice-versa. You can configure route leaking between two VRFs using the following command: ip route vrf x.x.x.x s.s.s.s nh.nh.nh.nh vrf default.
destinations or target VRFs then import these IPv4 or IPv6 routes using the ip route-import tag or the ipv6 route-import tag command respectively. NOTE: In Dell Networking OS, you can configure at most one route-export per VRF as only one set of routes can be exposed for leaking. However, you can configure multiple route-import targets because a VRF can accept routes from multiple VRFs.
A non-default VRF named VRF-red is created and the interface is assigned to this VRF. 4. Configure the import target in VRF-red. ip route-import 1:1 5. Configure the export target in VRF-red. ip route-export 2:2 6. Configure VRF-blue. ip vrf vrf-blue interface-type slot/port[/subport] ip vrf forwarding VRF-blue ip address ip—address mask A non-default VRF named VRF-blue is created and the interface 1/12 is assigned to it. 7. Configure the import target in VRF-blue. ip route-import 1:1 8.
Show routing tables of all the VRFs (without any route-export and route-import tags being configured) Dell# show ip route vrf VRF-Red O 11.1.1.1/32 via 111.1.1.1 110/0 C 111.1.1.0/24 Direct, Te 1/11/1 0/0 00:00:10 22:39:59 Dell# show ip route vrf VRF-Blue O 22.2.2.2/32 via 122.2.2.2 110/0 00:00:11 C 122.2.2.0/24 Direct, Te 1/12/1 0/0 Dell# show ip route vrf VRF-Green O 33.3.3.3/32 via 133.3.3.3 00:00:11 C 133.3.3.
C 144.4.4.0/24 Direct, Te 1/4/1 0/0 00:32:36 Important Points to Remember • If the target VRF conatins the same prefix as either the sourced or Leaked route from some other VRF, then route Leaking for that particular prefix fails and the following error-log is thrown. SYSLOG (“Duplicate prefix found %s in the target VRF %d”, address, import_vrf_id) with The type/level is EVT_LOGWARNING. • The source routes always take precedence over leaked routes.
ip vrf vrf-red interface-type slot/port[/subport] ip vrf forwarding VRF-red ip address ip—address mask A non-default VRF named VRF-red is created and the interface is assigned to this VRF. 2. Define a route-map export_ospfbgp_protocol. Dell(config)route-map export_ospfbgp_protocol permit 10 3. Define the matching criteria for the exported routes.
! this action exports only the OSPF and BGP routes to other VRFs ! ip vrf vrf-Blue ip route-export 2:2 ip route-import 1:1 import_ospf_protocol !this action accepts only OSPF routes from VRF-red even though both OSPF as well as BGP routes are shared The show VRF commands displays the following output: Dell# show ip route vrf VRF-Blue C 122.2.2.0/24 Direct, Te 1/22/1 0/0 O 22.2.2.2/32 via 122.2.2.2 110/0 00:00:11 O 44.4.4.4/32 22:39:61 via vrf-red:144.4.4.
Virtual Router Redundancy Protocol (VRRP) 57 Virtual router redundancy protocol (VRRP) is designed to eliminate a single point of failure in a statically routed network. VRRP Overview VRRP is designed to eliminate a single point of failure in a statically routed network. VRRP specifies a MASTER router that owns the next hop IP and MAC address for end stations on a local area network (LAN).
Figure 138. Basic VRRP Configuration VRRP Benefits With VRRP configured on a network, end-station connectivity to the network is not subject to a single point-of-failure. End-station connections to the network are redundant and are not dependent on internal gateway protocol (IGP) protocols to converge or update routing tables. VRRP Implementation Within a single VRRP group, up to 12 virtual IP addresses are supported.
decreases based on the dynamics of the network, the advertisement intervals may increase or decrease accordingly. CAUTION: Increasing the advertisement interval increases the VRRP Master dead interval, resulting in an increased failover time for Master/Backup election. Take caution when increasing the advertisement interval, as the increased dead interval may cause packets to be dropped during that switch-over time. Table 101.
• Create a virtual router for that interface with a VRID. INTERFACE mode vrrp-group vrid The VRID range is from 1 to 255. • NOTE: The interface must already have a primary IP address defined and be enabled, as shown in the second example. Delete a VRRP group. INTERFACE mode no vrrp-group vrid Examples of Configuring and Verifying VRRP The following examples how to configure VRRP.
To migrate an IPv4 VRRP group from VRRPv2 to VRRPv3: 1. Set the switches with the lowest priority to “both”. 2. Set the switch with the highest priority to version to 3. 3. Set all the switches from both to version 3. NOTE: Do not run VRRP version 2 and version 3 in the same group for an extended period of time Example: Migrating an IPv4 VRRP Group from VRRPv2 to VRRPv3 NOTE: Carefully following this procedure, otherwise you might introduce dual master switches issues.
Configuring a Virtual IP Address To configure a virtual IP address, use the following commands. 1. Configure a VRRP group. INTERFACE mode vrrp-group vrrp-id The VRID range is from 1 to 255. 2. Configure virtual IP addresses for this VRID. INTERFACE -VRID mode virtual-address ip-address1 [...ip-address12] The range is up to 12 addresses. Examples of the Configuring and Verifying a Virtual IP Address The following example shows how to configure a virtual IP address.
State: Master, Priority: 100, Master: 10.10.2.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 27, Gratuitous ARP sent: 2 Virtual MAC address: 00:00:5e:00:01:6f Virtual IP address: 10.10.2.2 10.10.2.3 Authentication: When the VRRP process completes its initialization, the State field contains either Master or Backup.
Configuring VRRP Authentication Simple authentication of VRRP packets ensures that only trusted routers participate in VRRP processes. When you enable authentication, Dell Networking OS includes the password in its VRRP transmission. The receiving router uses that password to verify the transmission. NOTE: You must configure all virtual routers in the VRRP group the same: you must enable authentication with the same password or authentication is disabled. NOTE: Authentication for VRRPv3 is not supported.
Examples of Disabling Preempt Re-enable preempt by entering the preempt command. When you enable preempt, it does not display in the show commands, because it is a default setting. The following example shows how to disable preempt using the no preempt command. Dell(conf-if-te-1/1/1)#vrrp-group 111 Dell(conf-if-te-1/1/1-vrid-111)#no preempt Dell(conf-if-te-1/1/1-vrid-111)# The following example shows how to verify preempt is disabled using the show conf command.
INTERFACE-VRID mode advertise-interval centisecs centisecs The range is from 25 to 4075 centisecs in units of 25 centisecs. The default is 100 centisecs. Examples of the advertise-interval Command The following example shows how to change the advertise interval using the advertise-interval command.
• For a 50-Gigabit Ethernet interface, enter the keyword fiftyGigE then the slot/port/subport information. • For a 100-Gigabit Ethernet interface, enter the keyword hundredGigE then the slot/port information. • For a port channel interface, enter the keywords port-channel then a number. • For a VLAN interface, enter the keyword vlan then a number from 1 to 4094. For a virtual group, you can also track the status of a configured object (the track object-id command) by entering its object number.
The following example shows how to verify tracking using the show conf command. Dell(conf-if-te-1/1/1-vrid-111)#show conf ! vrrp-group 111 advertise-interval 10 authentication-type simple 7 387a7f2df5969da4 no preempt priority 255 track TenGigabitEthernet 1/2/1 virtual-address 10.10.10.1 virtual-address 10.10.10.2 virtual-address 10.10.10.3 virtual-address 10.10.10.10 The following example shows verifying the tracking status.
vrrp-ipv6-group 1 track 2 priority-cost 20 track 3 priority-cost 30 virtual-address 2007::1 virtual-address fe80::1 no shutdown Setting VRRP Initialization Delay When configured, VRRP is enabled immediately upon system reload or boot. You can delay VRRP initialization to allow the IGP and EGP protocols to be enabled prior to selecting the VRRP Master. This delay ensures that VRRP initializes with no errors or conflicts. You can configure the delay for up to 15 minutes, after which VRRP enables normally.
Sample Configurations Before you set up VRRP, review the following sample configurations. VRRP for an IPv4 Configuration The following configuration shows how to enable IPv4 VRRP. This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. To support your own IP addresses, interfaces, names, and so on, be sure that you make the necessary changes.
Examples of Configuring VRRP for IPv4 and IPv6 The following example shows configuring VRRP for IPv4 Router 2. R2(conf)#interface tengigabitethernet 2/31/1 R2(conf-if-te-2/31/1)#ip address 10.1.1.1/24 R2(conf-if-te-2/31/1)#vrrp-group 99 R2(conf-if-te-2/31/1-vrid-99)#priority 200 R2(conf-if-te-2/31/1-vrid-99)#virtual 10.1.1.3 R2(conf-if-te-2/31/1-vrid-99)#no shut R2(conf-if-te-2/31/1)#show conf ! interface TenGigabitEthernet 2/31/1 ip address 10.1.1.1/24 ! vrrp-group 99 priority 200 virtual-address 10.1.1.
Figure 140. VRRP for an IPv6 Configuration NOTE: In a VRRP or VRRPv3 group, if two routers come up with the same priority and another router already has MASTER status, the router with master status continues to be MASTER even if one of two routers has a higher IP or IPv6 address. The following example shows configuring VRRP for IPv6 Router 2 and Router 3. Configure a virtual link local (fe80) address for each VRRPv3 group created for an interface.
Although R2 and R3 have the same default, priority (100), R2 is elected master in the VRRPv3 group because the TenGigabitethernet 1/1/1 interface has a higher IPv6 address than the TenGigabitethernet 1/2/1 interface on R3.
Virtual MAC address: 00:00:5e:00:02:0a VRRP in a VRF Configuration The following example shows how to enable VRRP operation in a VRF virtualized network for the following scenarios. • Multiple VRFs on physical interfaces running VRRP. • Multiple VRFs on VLAN interfaces running VRRP. To view a VRRP in a VRF configuration, use the show commands. VRRP in a VRF: Non-VLAN Scenario The following example shows how to enable VRRP in a non-VLAN.
Figure 141. VRRP in a VRF: Non-VLAN Example Example of Configuring VRRP in a VRF on Switch-1 (Non-VLAN) Switch-1 S1(conf)#ip vrf default-vrf 0 ! S1(conf)#ip vrf VRF-1 1 ! S1(conf)#ip vrf VRF-2 2 ! S1(conf)#ip vrf VRF-3 3 ! S1(conf)#interface TenGigabitEthernet 1/1/1 S1(conf-if-te-1/1/1)#ip vrf forwarding VRF-1 S1(conf-if-te-1/1/1)#ip address 10.10.1.5/24 S1(conf-if-te-1/1/1)#vrrp-group 11 % Info: The VRID used by the VRRP group 11 in VRF 1 will be 177.
S1(conf)#interface TenGigabitEthernet 1/3/1 S1(conf-if-te-1/3/1)#ip vrf forwarding VRF-3 S1(conf-if-te-1/3/1)#ip address 20.1.1.5/24 S1(conf-if-te-1/3/1)#vrrp-group 15 % Info: The VRID used by the VRRP group 15 in VRF 3 will be 243. S1(conf-if-te-1/3/1-vrid-105)#priority 255 S1(conf-if-te-1/3/1-vrid-105)#virtual-address 20.1.1.5 S1(conf-if-te-1/3/1)#no shutdown Dell#show vrrp tengigabitethernet 2/8/1 -----------------TenGigabitEthernet 2/8/1, IPv4 VRID: 1, Version: 2, Net: 10.1.1.
VLAN Scenario In another scenario, to connect to the LAN, VRF-1, VRF-2, and VRF-3 use a single physical interface with multiple tagged VLANs (instead of separate physical interfaces). In this case, you configure three VLANs: VLAN-100, VLAN-200, and VLAN-300. Each VLAN is a member of one VRF. A physical interface ( tengigabitethernet 1/1/1) attaches to the LAN and is configured as a tagged interface in VLAN-100, VLAN-200, and VLAN-300. The rest of this example is similar to the non-VLAN scenario.
Vlan 400, IPv4 VRID: 1, Version: 2, Net: 10.1.1.1 VRF: 1 vrf1 State: Master, Priority: 100, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 278, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:01 Virtual IP address: 10.1.1.100 Authentication: (none) Dell#show vrrp vrf vrf2 port-channel 1 -----------------Port-channel 1, IPv4 VRID: 1, Version: 2, Net: 10.1.1.1 VRF: 2 vrf2 State: Master, Priority: 100, Master: 10.1.1.
S2(conf-if-vl-300)#no shutdown Dell#show vrrp vrf vrf1 vlan 400 -----------------Vlan 400, IPv4 VRID: 1, Version: 2, Net: 10.1.1.1 VRF: 1 vrf1 State: Master, Priority: 100, Master: 10.1.1.1 (local) Hold Down: 0 sec, Preempt: TRUE, AdvInt: 1 sec Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 278, Gratuitous ARP sent: 1 Virtual MAC address: 00:00:5e:00:01:01 Virtual IP address: 10.1.1.100 Authentication: (none) Vlan 400, IPv4 VRID: 10, Version: 2, Net: 20.1.1.2 VRF: 1 vrf1 State: Backup, Priority: 90, Master: 20.1.
Figure 142. VRRP for IPv6 Topology NOTE: This example does not contain comprehensive directions and is intended to provide guidance for only a typical VRRP configuration. You can copy and paste from the example to your CLI. Be sure you make the necessary changes to support your own IP addresses, interfaces, names, and so on.
NOTE: You must configure a virtual link local (fe80) address for each VRRPv3 group created for an interface. The VRRPv3 group becomes active as soon as you configure the link local address. Afterwards, you can configure the group’s virtual IPv6 address. R2(conf-if-te-1/1/1-vrid-10)#virtual-address fe80::10 NOTE: The virtual IPv6 address you configure should be the same as the IPv6 subnet to which the interface belongs.
Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept Mode: FALSE, Master AdvInt: 100 centisec Adv rcvd: 11, Bad pkts rcvd: 0, Adv sent: 0 Virtual MAC address: 00:00:5e:00:02:0a Virtual IP address: 1::10 fe80::10 Dell#show vrrp tengigabitethernet 1/1/1 TenGigabitEthernet 1/1/1, IPv6 VRID: 255, Version: 3, Net: fe80::201:e8ff:fe8a:fd76 VRF: 0 default State: Backup, Priority: 90, Master: fe80::201:e8ff:fe8a:e9ed Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept Mode: FALSE, Master
Adv rcvd: 0, Bad pkts rcvd: 0, Adv sent: 443 Virtual MAC address: 00:00:5e:00:02:ff Virtual IP address: 10:1:1::255 fe80::255 Dell#show vrrp vrf vrf2 port-channel 1 Port-channel 1, IPv6 VRID: 255, Version: 3, Net: fe80::201:e8ff:fe8a:fd76 VRF: 2 vrf2 State: Backup, Priority: 90, Master: fe80::201:e8ff:fe8a:e9ed Hold Down: 0 centisec, Preempt: TRUE, AdvInt: 100 centisec Accept Mode: FALSE, Master AdvInt: 100 centisec Adv rcvd: 548, Bad pkts rcvd: 0, Adv sent: 0 Virtual MAC address: 00:00:5e:00:02:ff Virtual
Debugging and Diagnostics 58 This chapter describes debugging and diagnostics for the device. Offline Diagnostics The offline diagnostics test suite is useful for isolating faults and debugging hardware. The diagnostics tests are grouped into three levels: • Level 0 — Level 0 diagnostics check for the presence of various components and perform essential path verifications. In addition, Level 0 diagnostics verify the identification registers of the components on the board.
After the system goes offline, you must reload or run the online stack-unit stack-unit-number command for the normal operation. 2. Confirm the offline status. EXEC Privilege mode show system brief 3. Start diagnostics on the unit. diag stack-unit stack-unit-number When the tests are complete, the system displays the following message and automatically reboots the unit. Dell#00:09:42 : Diagnostic test results are stored on file: flash:/ TestReport-SU-0.txt Diags completed...
Auto Save on Crash or Rollover Exception information for MASTER or standby units is stored in the flash:/TRACE_LOG_DIR directory. This directory contains files that save trace information when there has been a task crash or timeout. • On a MASTER unit, you can reach the TRACE_LOG_DIR files by FTP or by using the show file command from the flash://TRACE_LOG_DIR directory.
Recognize an Overtemperature Condition An overtemperature condition occurs, for one of two reasons: the card genuinely is too hot or a sensor has malfunctioned. Inspect cards adjacent to the one reporting the condition to discover the cause. • If directly adjacent cards are not normal temperature, suspect a genuine overheating condition. • If directly adjacent cards are normal temperature, suspect a faulty sensor. When the system detects a genuine over-temperature condition, it powers off the card.
This message indicates that the specified card is not receiving enough power. In response, the system first shuts down Power over Ethernet (PoE). If the under-voltage condition persists, line cards are shut down, then the RPMs. Troubleshoot an Under-Voltage Condition To troubleshoot an under-voltage condition, check that the correct number of power supplies are installed and their Status light emitting diodes (LEDs) are lit.
Buffer Tuning Buffer tuning allows you to modify the way your switch allocates buffers from its available memory and helps prevent packet drops during a temporary burst of traffic. The application-specific integrated circuit (ASICs) implement the key functions of queuing, feature lookups, and forwarding lookups in hardware.
• Oversubscription ratio = 10 • Dynamic Cell Limit Per port = 59040/29 = 2036 cells Figure 143. Buffer Tuning Points Deciding to Tune Buffers Dell Networking recommends exercising caution when configuring any non-default buffer settings, as tuning can significantly affect system performance. The default values work for most cases. As a guideline, consider tuning buffers if traffic is bursty (and coming from several interfaces). In this case: • Reduce the dedicated buffer on all queues/interfaces.
• buffer-profile csf csqueue Change the dedicated buffers on a physical 1G interface. BUFFER PROFILE mode • buffer dedicated Change the maximum number of dynamic buffers an interface can request. BUFFER PROFILE mode • buffer dynamic Change the number of packet-pointers per queue. BUFFER PROFILE mode • buffer packet-pointers Apply the buffer profile to a line card. CONFIGURATION mode • buffer fp-uplink linecard Apply the buffer profile to a CSF to FP link.
The following example shows viewing the buffer profile allocations. The following example shows viewing the default buffer profile on an interface. The following example shows viewing the default buffer profile on a linecard. Using a Pre-Defined Buffer Profile Dell Networking OS provides two pre-defined buffer profiles, one for single-queue (for example, nonquality-of-service [QoS]) applications, and one for four-queue (for example, QoS) applications.
• • • • • • • • • • • • • • • • show hardware stack-unit stack-unit-number cpu data-plane statistics show hardware stack-unit stack-unit-number cpu party-bus statistics show hardware stack-unit stack-unit-number drops unit unit-number show hardware stack-unit stack-unit-number unit unit-number {counters | details | port-stats [detail] | register | ipmc-replication | table-dump} show hardware {ip | ipv6 | mac} {eg-acl | in-acl} stack-unit stack-unitnumber port-set 0 pipeline 0-3 show hardware ip qos stack-u
HOL DROPS on COS3 HOL DROPS on COS4 HOL DROPS on COS5 HOL DROPS on COS6 HOL DROPS on COS7 HOL DROPS on COS8 HOL DROPS on COS9 HOL DROPS on COS10 HOL DROPS on COS11 HOL DROPS on COS12 HOL DROPS on COS13 HOL DROPS on COS14 HOL DROPS on COS15 HOL DROPS on COS16 HOL DROPS on COS17 HOL DROPS on COS18 HOL DROPS on COS19 TxPurge CellErr Aged Drops --- Egress MAC counters--Egress FCS Drops --- Egress FORWARD PROCESSOR IPv4 L3UC Aged & Drops TTL Threshold Drops INVALID VLAN CNTR Drops L2MC Drops PKT Drops of ANY Con
rxPkt(COS3 ) :0 rxPkt(COS4 ) :0 rxPkt(COS5 ) :0 rxPkt(COS6 ) :0 rxPkt(COS7 ) :0 rxPkt(COS8 ) :773 rxPkt(COS9 ) :0 rxPkt(COS10) :0 rxPkt(COS11) :0 rxPkt(UNIT0) :773 transmitted :12698 txRequested :12698 noTxDesc :0 txError :0 txReqTooLarge :0 txInternalError :0 txDatapathErr :0 txPkt(COS0 ) :0 txPkt(COS1 ) :0 txPkt(COS2 ) :0 txPkt(COS3 ) :0 txPkt(COS4 ) :0 txPkt(COS5 ) :0 txPkt(COS6 ) :0 txPkt(COS7 ) :0 txPkt(COS8 ) :0 txPkt(COS9 ) :0 txPkt(COS10) :0 txPkt(COS11) :0 txPkt(UNIT0) :0 Example of Viewing Party B
RX RX RX RX - 1519 1519 2048 4096 to to to to 1522 2047 4095 9216 Byte Byte Byte Byte Good VLAN Frame Counter Frame Counter Frame Counter Frame Counter 0 0 0 0 Example of Displaying Counter Information for a Specific Interface Dell#show hardware counters interface hundredGigE 1/1 unit: 0 port: 50 (interface Hu 1/1) Description Value RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX RX TX TX TX TX TX - IPV
TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX TX - 1024 to 1518 Byte Frame Counter 1519 to 1522 Byte Good VLAN Frame Counter 1519 to 2047 Byte Frame Counter 2048 to 4095 Byte Frame Counter 4096 to 9216 Byte Frame Counter Good Packet Counter Packet/Frame Counter Unicast Frame Counter Multicast Frame Counter Broadcast Frame Counter Byte Counter Control Frame Counter Pause Control Frame Counter Oversized Frame Counter Jabber Counter VLAN Tag
Mini Core Dumps Dell Networking OS supports mini core dumps on the application and kernel crashes. Application and kernel mini core dumps are always enabled. The mini core dumps contain the stack space and some other minimal information that you can use to debug a crash. These files are small files and are written into flash until space is exhausted. When the flash is full, the write process is stopped. A mini core dump contains critical information in the event of a crash.
f10lp_sysdlp_150910053509.acore.gz 24 -rwx 1810601 Sep 10 2015 f10lp_sysdlp_150910053812.acore.gz 25 -rwx 1800256 Sep 10 2015 f10lp_sysdlp_150910085554.acore.gz 26 -rwx 1798111 Sep 10 2015 f10lp_sysdlp_150910085858.acore.gz 27 -rwx 1887496 Sep 23 2015 f10lp_sysdlp_150923052924.acore.gz 28 -rwx 1913790 Sep 23 2015 f10lp_sysdlp_150923063451.acore.
CONFIGURATION mode tcpdump cp [capture-duration time | filter expression | max-file-count value | packet-count value | snap-length value | write-to path] Debugging and Diagnostics 1013
Standards Compliance 59 This chapter describes standards compliance for Dell Networking products. NOTE: Unless noted, when a standard cited here is listed as supported by the Dell Networking OS, the system also supports predecessor standards. One way to search for predecessor standards is to use the http://tools.ietf.org/ website. Click “Browse and search IETF documents,” enter an RFC number, and inspect the top of the resulting document for obsolescence citations to related RFCs.
SFF-8431 SFP+ Direct Attach Cable (10GSFP+Cu) MTU 9,252 bytes RFC and I-D Compliance Dell Networking OS supports the following standards. The standards are grouped by related protocol. The columns showing support by platform indicate which version of Dell Networking OS first supports the standard. General Internet Protocols The following table lists the Dell Networking OS support per platform for general internet protocols. Table 104.
RFC# Full Name Z-Series S-Series bfd base-0 3 General IPv4 Protocols The following table lists the Dell Networking OS support per platform for general IPv4 protocols. Table 105. General IPv4 Protocols R Full Name F C # Z-Series S-Series 7 Internet 9 Protocol 1 7.6.1 7 Internet 9 Control 2 Message Protocol 7.6.1 8 An Ethernet 2 Address 6 Resolution Protocol 7.6.1 1 0 2 7 Using ARP to Implement Transparent Subnet Gateways 7.6.
R Full Name F C # Z-Series S-Series 1 3 0 5 Network Time Protocol (Version 3) Specification, Implementatio n and Analysis 7.6.1 1 5 1 9 Classless InterDomain Routing (CIDR): an Address Assignment and Aggregation Strategy 7.6.1 1 5 4 2 Clarifications and Extensions for the Bootstrap Protocol 7.6.1 1 Requirements 8 for IP Version 4 1 Routers 2 7.6.1 2 Dynamic Host 1 Configuration 3 Protocol 1 7.6.1 2 3 3 8 Virtual Router Redundancy Protocol (VRRP) 7.6.
R Full Name F C # Z-Series S-Series 6 Address 9 Allocation 3 1 2 8 Protection Against a Variant of the Tiny Fragment Attack 7.6.1 General IPv6 Protocols The following table lists the Dell Networking OS support per platform for general IPv6 protocols. Table 106. General IPv6 Protocols RF Full Name C# Z-Series S-Series 18 DNS 86 Extensions to support IP version 6 7.8.1 19 81 (Pa rtia l) 7.8.1 Path MTU Discovery for IP version 6 24 Internet 60 Protocol, Version 6 (IPv6) Specificatio n 7.8.
RF Full Name C# Z-Series S-Series 26 IPv6 75 Jumbogra ms 7.8.1 27 11 IPv6 Router Alert Option 8.3.12.0 35 87 IPv6 Global Unicast Address Format 7.8.1 40 IPv6 07 Scoped Address Architectur e 8.3.12.0 42 Internet 91 Protocol Version 6 (IPv6) Addressing Architectur e 7.8.1 44 Internet 43 Control Message Protocol (ICMPv6) for the IPv6 Specificatio n 7.8.1 48 Neighbor 61 Discovery for IPv6 8.3.12.0 48 IPv6 62 Stateless Address Autoconfig uration 8.3.12.0 51 75 8.3.12.
Border Gateway Protocol (BGP) The following table lists the Dell Networking OS support per platform for BGP protocols. Table 107. Border Gateway Protocol (BGP) RFC# Full Name S-Series/Z-Series 1997 BGP ComAmtturnibituitees 7.8.1 2385 Protection of BGP Sessions via the TCP MD5 Signature Option 7.8.1 2439 BGP Route Flap Damping 7.8.
RFC# Full Name S-Series/Z-Series 3623 Graceful OSPF Restart 7.8.1 4222 Prioritized Treatment of Specific OSPF 7.6.1 Version 2 Packets and Congestion Avoidance Intermediate System to Intermediate System (IS-IS) The following table lists the Dell Networking OS support per platform for IS-IS protocol. Table 109.
Routing Information Protocol (RIP) The following table lists the Dell Networking OS support per platform for RIP protocol. Table 110. Routing Information Protocol (RIP) RFC# Full Name S-Series 1058 Routing Information Protocol 7.8.1 2453 RIP Version 7.8.1 4191 Default Router Preferences and More- 8.3.12.0 Specific Routes Multicast The following table lists the Dell Networking OS support per platform for Multicast protocol. Table 111.
Network Management The following table lists the Dell Networking OS support per platform for network management protocol. Table 112. Network Management RFC# Full Name 1155 Structure and 7.6.1 Identification of Management Information for TCP/IP-based Internets 1156 Management Information 7.6.1 Base for Network Management of TCP/IPbased internets 1157 A Simple Network Management Protocol (SNMP) 7.6.1 1212 Concise MIB Definitions 7.6.1 1215 A Convention for Defining 7.6.
RFC# Full Name S4810 2013 SNMPv2 Management Information Base for the User Datagram Protocol using SMIv2 7.6.1 2024 Definitions of Managed Objects for Data Link Switching using SMIv2 7.6.1 2096 IP Forwarding Table MIB 7.6.1 2558 Definitions of Managed Objects for the Synchronous Optical Network/Synchronous Digital Hierarchy (SONET/ SDH) Interface Type 2570 Introduction and Applicability Statements for Internet Standard Management Framework 2571 An Architecture for 7.6.
RFC# Full Name S4810 2578 Structure of Management 7.6.1 Information Version 2 (SMIv2) 2579 Textual Conventions for SMIv2 2580 Conformance Statements 7.6.1 for SMIv2 2618 RADIUS Authentication Client MIB, except the following four counters: S4820T Z-Series 9.5.(0.0) 9.5.(0.0) 7.6.1 7.6.1 radiusAuthClientInvalidSer verAddresses radiusAuthClientMalforme dAccessResponses radiusAuthClientUnknown Types radiusAuthClientPacketsD ropped 2698 A Two Rate Three Color Marker 9.5.(0.
RFC# Full Name S4810 S4820T Z-Series 2865 Remote Authentication Dial In User Service (RADIUS) 7.6.1 3273 Remote Network 7.6.1 Monitoring Management Information Base for High Capacity Networks (64 bits): Ethernet Statistics High-Capacity Table, Ethernet History HighCapacity Table 3416 Version 2 of the Protocol 7.6.1 Operations for the Simple Network Management Protocol (SNMP) 3418 Management Information 7.6.
RFC# Full Name S4810 5060 Protocol Independent Multicast MIB 7.8.1 ANSI/TIA-1057 The LLDP Management Information Base extension module for TIA-TR41.4 Media Endpoint Discovery information 7.7.1 draft-grant-tacacs -02 The TACACS+ Protocol 7.6.1 draft-ietf-idr-bgp4 -mib-06 Definitions of Managed Objects for the Fourth Version of the Border Gateway Protocol (BGP-4) using SMIv2 7.8.
RFC# Full Name S4810 S4820T Z-Series 9.2.(0.0) 9.2.(0.0) discovery information. (LLDP DOT1 MIB and LLDP DOT3 MIB) IEEE 802.1AB The LLDP Management Information Base extension module for IEEE 802.3 organizationally defined discovery information. (LLDP DOT1 MIB and LLDP DOT3 MIB) 7.7.1 ruzin-mstp-mib-0 2 (Traps) Definitions of Managed Objects for Bridges with Multiple Spanning Tree Protocol 7.6.1 sFlow.org sFlow Version 5 7.7.1 sFlow.org sFlow Version 5 MIB 7.7.
RFC# Full Name S4810 FORCE10LINKAGG-MIB Force10 Enterprise Link Aggregation MIB 7.6.1 FORCE10CHASSIS-MIB Force10 E-Series Enterprise Chassis MIB FORCE10-COPYCONFIG-MIB Force10 File Copy MIB (supporting SNMP SET operation) S4820T Z-Series 7.7.1 FORCE10-MONMIB Force10 Monitoring MIB 7.6.1 FORCE10PRODUCTS-MIB Force10 Product Object Identifier MIB 7.6.1 FORCE10-SSCHASSIS-MIB Force10 S-Series Enterprise Chassis MIB 7.6.1 FORCE10-SMI Force10 Structure of 7.6.
