OS10 Enterprise Edition User Guide Release 10.4.2.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2018 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Getting Started............................................................................................................................................ 24 Supported Hardware....................................................................................................................................................... 24 Download OS10 image and license................................................................................................................................
alias (multi-line).......................................................................................................................................................... 58 batch............................................................................................................................................................................58 boot........................................................................................................................................................
Fibre Channel interfaces................................................................................................................................................. 86 Management interface ...................................................................................................................................................88 VLAN interfaces.........................................................................................................................................................
mtu..............................................................................................................................................................................115 port-group.................................................................................................................................................................. 116 scale-profile vlan........................................................................................................................................
feature fc npg........................................................................................................................................................... 148 show npg devices.....................................................................................................................................................149 F_Port and NPG commands.........................................................................................................................................
Modes........................................................................................................................................................................ 175 Configuration.............................................................................................................................................................175 Interfaces......................................................................................................................................................
Enable RPVST+........................................................................................................................................................240 Select root bridge.................................................................................................................................................... 240 Root assignment......................................................................................................................................................
BFD commands........................................................................................................................................................ 315 Border Gateway Protocol.............................................................................................................................................. 321 Sessions and peers..................................................................................................................................................
Assign interface IP address.................................................................................................................................... 388 Configure static routing.......................................................................................................................................... 389 Address Resolution Protocol..................................................................................................................................
Virtual Router Redundancy Protocol...........................................................................................................................499 Configuration........................................................................................................................................................... 500 Create virtual router.................................................................................................................................................
show mac address-table virtual-network............................................................................................................. 536 Example: VXLAN with static VTEP............................................................................................................................. 537 VTEP 1 Leaf Switch.................................................................................................................................................538 VTEP 2 Leaf Switch..............
System Clock commands....................................................................................................................................... 607 System banners............................................................................................................................................................. 608 Login banner.............................................................................................................................................................
Action types............................................................................................................................................................. 662 Counters................................................................................................................................................................... 663 OpenFlow protocol.................................................................................................................................................
Route-maps.....................................................................................................................................................................701 Match routes.................................................................................................................................................................. 702 Set conditions............................................................................................................................................
ipv6 prefix-list description....................................................................................................................................... 727 ipv6 prefix-list permit...............................................................................................................................................728 ipv6 prefix-list seq deny..........................................................................................................................................
show ip community-list........................................................................................................................................... 760 show ip extcommunity-list.......................................................................................................................................761 show ip prefix-list......................................................................................................................................................
Buffer management.......................................................................................................................................................790 Configure ingress buffer.......................................................................................................................................... 791 Configure egress buffer...........................................................................................................................................
service-policy............................................................................................................................................................ 812 set cos........................................................................................................................................................................813 set dscp......................................................................................................................................................
Migrate VMs across data centers................................................................................................................................ 841 View VLT information.................................................................................................................................................... 845 VLT commands...............................................................................................................................................................
ETS commands........................................................................................................................................................883 Data center bridging eXchange .................................................................................................................................. 884 DCBX configuration notes...................................................................................................................................... 884 Configure DCBX .
Port adapters and modules.....................................................................................................................................938 Test network connectivity...................................................................................................................................... 938 View diagnostics......................................................................................................................................................
1 Getting Started Dell EMC Networking OS10 Enterprise Edition is a network operating system (OS) supporting multiple architectures and environments. The networking world is moving from a monolithic stack to a pick-your-own-world. The OS10 solution allows disaggregation of the network functionality.
NOTE: Starting from release 10.4.2.1, OS10 supports the S5148F-ON platform. • S5232F-ON, S5248F-ON, S5296F-ON • S6010-ON • Z9100-ON • Z9264F-ON Download OS10 image and license OS10 Enterprise Edition may come factory-loaded and is available for download from the Dell Digital Locker (DDL). A factory-loaded OS10 image includes a perpetual license. An OS10 image that you download has a 120-day trial license and requires a perpetual license to run beyond the trial period.
4 Enter the device service tag you purchased the OS10 Enterprise Edition for in the Bind to: and Re-enter ID: fields. This step binds the software entitlement to the service tag of the switch. 5 Select how to receive the license key — by email or downloaded to your local device. 6 Click Submit to download the License.zip file. 7 Select the Available Downloads tab. 8 Select the OS10 Enterprise Edition release to download, then click Download. 9 Read the Dell End User License Agreement.
For an ONIE-enabled switch, navigate to the ONIE boot menu. An ONIE-enabled switch boots up with pre-loaded diagnostics (DIAGs) and ONIE software. +--------------------------------------------------------+ |*ONIE: Install OS | | ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | ONIE: Diag ONIE | +--------------------------------------------------------+ • Install OS — Boots to the ONIE prompt and installs an OS10 image using the Automatic Discovery process.
ONIE: Starting ONIE Service Discovery Info: Fetching tftp://10.10.10.2/onie-installer-x86_64-dellemc_s4148fe_c2338 ... Info: Fetching tftp://10.10.10.2/onie-installer-dellemc_s4148fe_c2338 ... Info: Fetching tftp://10.10.10.2/onie-installer-x86_64-bcm ... Info: Fetching tftp://10.10.10.2/onie-installer-x86_64 ... Info: Fetching tftp://10.10.10.2/onie-installer ... ONIE: Executing installer: tftp://10.10.10.2/onie-installer ... ... ... Press or to enter setup. Welcome to GRUB! GNU GRUB version 2.
Install manually using USB drive You can manually install the OS10 software image using a USB device. Verify that the USB device supports a FAT or EXT2 file system. For instructions to format a USB device in FAT or EXT2 format, see the accompanying Windows documentation for FAT formatting or Linux documentation for FAT or EXT2 formatting. 1 Plug the USB storage device into the USB storage port on the switch. 2 Power up the switch to automatically boot using the ONIE: Rescue option.
Install OS10 license If OS10 is factory-loaded on your switch, you do not need to install an OS10 license. If you download OS10 on a trial basis, OS10 comes with a 120-day trial license. To continue with uninterrupted use, purchase and install a perpetual license to avoid the OS10 device rebooting every 72 hours. After you install OS10 and log in, install the license to run OS10 Enterprise Edition beyond the trial period. For more information, see Download OS10 image and license.
2 Check the log on the remote server to find out why the FTP or TFTP file transfer failed. 3 Ping the remote server from the switch — use the ping and traceroute commands to test network connectivity. Check the following if ping fails: • If the remote server is reachable through the management route, check if the management route is configured correctly. • If the remote server is reachable through a front-panel port, check if the static or dynamic route is present.
• In the ZTD provisioning script, enter the URL locations of an OS10 image, CLI batch file, and/or post-ZTD script. Enter at least one URL, otherwise the ZTD fails and exits to CLI configuration mode. ZTD guidelines • You can store the ZTD provisioning script, OS10 image, CLI batch file, and post-ZTD script on the same server, including the DHCP server. • Write the ZTD provisioning script in bash. • Write the post-ZTD script in bash or Python.
When ZTD is enabled, the CLI configuration is locked. If you enter a CLI command, the error message configuration is locked displays. To configure the switch, disable ZTD by entering the ztd cancel command. OS10# configure terminal % Error: ZTD is in progress(configuration is locked). OS10# ztd cancel ZTD DHCP server configuration For ZTD operation, configure a DHCP server in the network by adding the required ZTD options; for example: option domain-name "example.org"; option domain-name-servers ns1.
#################################################################### # # # Example OS10 ZTD Provisioning Script # # #################################################################### ########## UPDATE THE BELOW CONFIG VARIABLES ACCORDINGLY ########### ########## ATLEAST ONE OF THEM SHOULD BE FILLED #################### IMG_FILE=”http://50.0.0.1/OS10.bin” CLI_CONFIG_FILE="http://50.0.0.1/cli_config" POST_SCRIPT_FILE="http://50.0.0.1/no_post_script.
Post-ZTD script As a general guideline, use a post-ZTD script to perform any additional functions required to configure and operate the switch. In the ZTD provisioning script, specify the post-ZTD script path for the POST_SCRIPT_FILE variable. You can use a script to notify an orchestration server that the ZTD configuration is complete. The server can then configure additional settings on the switch.
Reason : ZTD process completed successfully at Mon Jul 16 19:31:57 2018 ----------------------------------OS10# show ztd-status ----------------------------------ZTD Status : disabled ZTD State : failed Protocol State : idle Reason : ZTD process failed to download post script file ----------------------------------- Supported Releases • ZTD Status — Current operational status: enabled or disabled.
2 Enter admin for both the default user name and password to log into OS10. You are automatically placed in EXEC mode. OS10# Remote access Linux shell ssh linuxadmin@ip-address password: linuxadmin Configure Management IP address To remotely access OS10, assign an IP address to the management port. The management interface is used for out-of-band (OOB) management purposes. 1 Configure the management interface from CONFIGURATION mode.
• managementethernet — Configures the Management port as the interface for the route, and associates the route with the Management interface. Configure management route OS10(config)# management route 10.10.20.0/24 10.1.1.1 OS10(config)# management route 172.16.0.0/16 managementethernet Configure user name and password To set up remote access to OS10, create a new user name and password after you configure the management port and default route. The user role is a mandatory entry.
CLI Basics The OS10 CLI is the software interface you use to access a device running the software — from the console or through a network connection. The CLI is an OS10-specific command shell that runs on top of a Linux-based OS kernel. By leveraging industry-standard tools and utilities, the CLI provides a powerful set of commands that you can use to monitor and configure devices running OS10.
• • All sessions in Transaction-Based Configuration mode update the same candidate configuration. When you enter the commit command on any session in Transaction-Based Configuration mode or you make configuration changes on any session in NonTransaction-Based mode, you also commit the changes made to the candidate configuration in all other sessions running in the transaction-based configuration mode. This implies that inconsistent configuration changes may be applied to the running configuration.
From CONFIGURATION mode, you can also configure L2 and L3 protocols with a specific protocol-configuration mode, such as SpanningTree Protocol (STP) or Border Gateway Protocol (BGP). Command help To view a list of valid commands for any CLI mode, enter ?. 1 Enter ? to view the commands available in EXEC mode.
end errdisable eula-consent evpn exec-timeout exit fcoe feature hardware hash-algorithm help host-description hostname interface ip ipv6 iscsi lacp line link-bundle-utilization lldp load-balancing logging login mac management monitor no ntp nve openflow password-attributes policy-map qos-map radius-server parameters rest route-map router scale-profile sflow snmp-server spanning-tree support-assist system tacacs-server parameters track trust uplink-state-group username userrole virtual-network vlt-domain vrr
alias bfd boot candidate-configuration class-map clock command-history control-plane copy-file crypto diag diff discovered-expanders dot1x environment errdisable eula-consent evpn exec-timeout fcoe file fips hardware hash-algorithm hosts image interface inventory ip ipv6 iscsi lacp license link-bundle-utilization bundle lldp load-balance logging login mac monitor network-policy ntp nve parser-tree policy-map port-channel processes qos queuing route-map running-configuration sessions sflow snmp spanning-tree
• • • • version Show the software version on the system virtual-network Virtual-network info vlan Vlan status and configuration vlt Show VLT domain info vrrp VRRP group status ztd-status Show ztd status Enter show command-history from EXEC mode to view trace messages for each executed command.
5 up NORMAL 1 10627 up Candidate configuration When you enter OS10 configuration commands in Transaction-Based Configuration mode, changes do not take effect immediately and are stored in the candidate configuration. The configuration changes become active only after you commit the changes using the commit command. Changes in the candidate configuration are validated and applied to the running configuration.
parser-tree policy-map port-channel processes qos queuing route-map running-configuration sessions sflow snmp spanning-tree startup-configuration storm-control support-assist switch-operating-mode system tech-support terminal trace track uplink-state-group uptime users the session id version virtual-network vlan vlt vrrp ztd-status Show parser tree Show policy-map information LAG status and configuration Show processes statistics Show ingress or egress QoS configuration Show egress QoS counters Show route
interface breakout 1/1/27 map 40g-1x interface breakout 1/1/28 map 40g-1x interface breakout 1/1/29 map 40g-1x interface breakout 1/1/30 map 40g-1x interface breakout 1/1/31 map 40g-1x interface breakout 1/1/32 map 40g-1x ipv6 forwarding enable username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/VKx8SloIhp4NoGZs0I/ UNwh8WVuxwfd9q4pWIgNs5BKH. role sysadmin aaa authentication local snmp-server contact http://www.dell.
UNwh8WVuxwfd9q4pWIgNs5BKH. role sysadmin aaa authentication local snmp-server contact http://www.dell.
Save configuration changes manually OS10# start transaction OS10# configure terminal OS10(config)# OS10(config)# interface ethernet 1/1/1 OS10(config-if-eth1/1/1)# no shutdown OS10(config-if-eth1/1/1)# do commit Copy running configuration The running configuration contains the current OS10 system configuration and consists of a series of OS10 commands. Copy the running configuration to a remote server or local directory as a backup or for viewing and editing.
Back up startup file to server OS10# copy config://startup.xml scp://userid:password@hostip/backup-9-28.xml Restore startup file from server OS10# copy scp://admin:admin@hostip/backup-9-28.xml config://startup.xml OS10# reload Reload system image Reboot the system manually using the reload command in EXEC mode. You are prompted to confirm the operation. OS10# reload System configuration has been modified.
Alias command The alias command allows you to create shortcuts for commonly used or long commands. You can also execute long commands along with their parameters. The alias supports the following modes: • Persistent mode — The alias is persistent and is used in other sessions. The aliases created in Configuration mode are persistent. • Non-persistent mode — The alias is used only within the current session. After you close the session, the alias is removed from the switch.
Eth 1/1/26 up 40G A 1 Eth 1/1/27 up 40G A 1 Eth 1/1/28 up 40G A 1 Eth 1/1/29 up 40G A 1 Eth 1/1/30 up 40G A 1 Eth 1/1/31 up 40G A 1 Eth 1/1/32 up 40G A 1 -------------------------------------------------------------------------------View alias output for goint OS10(config)# goint 1/1/1 OS10(conf-if-eth1/1/1)# View alias information OS10# show alias Name ---govlt goint shconfig showint shver Type ---Config Config Local Local Local Number of config aliases : 2 Number of local aliases : 3 View alias informat
You cannot use the exiting CLI keywords as alias names. The alias name is case-sensitive and can have a maximum of 20 characters. • Create a multi-line alias in the CONFIGURATION mode. The switch enters the ALIAS mode. alias alias-name • Enter the commands to be executed prefixed by the line n command in ALIAS mode. Enter the commands in double quotes and use $n to enter input parameters.
line 2 "no shutdown" line 3 "show configuration" line 4 exit View alias information OS10# show alias Name ---mTest Type ---Config Number of config aliases : 1 Number of local aliases : 0 View alias information brief. Displays the first 10 characters of each line of each alias. OS10# show alias brief Name Type ------mTest Config Value ----line 1 "interface ..." line 2 "no shutdow..." line 3 "show confi...
OS10# dir home Directory contents for Date (modified) --------------------2017-02-15T19:25:35Z b.cmd ... folder: home Size (bytes) -----------77 Name ------ • Execute the batch file using the batch /home/username/filename command in EXEC mode. OS10# batch /home/admin/b.cmd Jun 26 18:29:12 OS10 dn_l3_core_services[723]: Node.1-Unit.1:PRI:notice [os10:trap], %Dell EMC (OS10) %log-notice:IP_ADDRESS_ADD: IP Address add is successful. IP 172.17.4.
remote-as 104 no shutdown admin@OS10:/opt/dell/os10/bin$ User admin logged out at session 16 SSH commands You can execute commands remotely using a secure shell (SSH) session. This is supported only for show commands. • Enter the show command along with SSH. $ ssh admin@ip-address show-command $ ssh admin@10.11.98.39 "show version" admin@10.11.98.39's password: Dell EMC Networking OS10-Enterprise Copyright (c) 1999-2018 by Dell Inc. All Rights Reserved. OS Version: 10.4.2.0 Build Version: 10.4.2.0.
alias Creates a command alias. Syntax Parameters alias alias-name alias-value • alias-name — Enter the name of the alias. A maximum of 20 characters. • alias-value — Enter the command to be executed within double quotes. Enter the $ followed by either numbers ranging from 1 to 9 or with an asterisk (*) and enter the parameters while executing the commands using the alias. Use asterisk (*) to represent any number of parameters.
Eth 1/1/31 up 40G A 1 Eth 1/1/32 up 40G A 1 -------------------------------------------------------------------------------In this example, when you enter goint 1/1/1, note that the text on the CLI changes to interface ethernet 1/1/1. OS10(config)# alias goint "interface ethernet $1" OS10(config)# goint 1/1/1 OS10(conf-if-eth1/1/1)# Supported Releases 10.3.0E or later alias (multi-line) Creates a mulit-line command alias.
Example batch /home/admin/b.cmd Jun 26 18:29:12 OS10 dn_l3_core_services[723]: Node.1-Unit.1:PRI:notice [os10:trap], %Dell EMC (OS10) %log-notice:IP_ADDRESS_ADD: IP Address add is successful. IP 172.17.4.1/24 in VRF:default added successfully Supported Releases 10.2.0E or later boot Configures which OS10 image to use the next time the system boots up. Syntax Parameters boot system [active | standby] • active — Reset the running partition as the next boot partition.
configure Enters CONFIGURATION mode from EXEC mode. Syntax configure {terminal} Parameters terminal — Enters CONFIGURATION mode from EXEC mode. Default Not configured Command Mode EXEC Usage Information Enter conf t for auto-completion. Example OS10# configure terminal OS10(config)# Supported Releases 10.2.0E or later copy Copies the current running configuration to the startup configuration and transfers files between an OS10 switch and a remote device.
OS10# copy coredump://core.netconfd-pro.2017-02-15_19-05-09.gz scp:// os10user:os10passwd@10.11.222.1:/home/os10/core.netconfd-pro.2017-02 -15_19-05-09.gz Example (copy startup configuration) OS10# dir config Directory contents for Date (modified) --------------------2017-02-15T20:38:12Z startup.xml folder: config Size (bytes) Name ------------ -----------54525 OS10# copy config://startup.xml scp://os10user:os10passwd@10.11.222.1:/home/ os10/backup.
delete Removes or deletes the startup configuration file. Syntax delete [config://filepath | coredump://filepath | home://filepath | image:// filepath | startup-configuration | supportbundle://filepath | usb://filepath] Parameters • config://filepath — (Optional) Delete from the configuration directory. • coredump://filepath — (Optional) Delete from the coredump directory. • home://filepath — (Optional) Delete from the home directory.
Supported Releases 10.4.0E(R1) or later dir Displays files stored in available directories. Syntax Parameters dir {config | coredump | home | image | supportbundle | usb} • config — (Optional) Folder containing configuration files. • coredump — (Optional) Folder containing coredump files. • home — (Optional) Folder containing files in user's home directory. • image — (Optional) Folder containing image files. • supportbundle — (Optional) Folder containing support bundle files.
do Executes most commands from all CONFIGURATION modes without returning to EXEC mode. Syntax do command Parameters command — Enter an EXEC-level command. Default Not configured Command Mode INTERFACE Usage Information None Example OS10(config)# interface ethernet 1/1/7 OS10(conf-if-eth1/1/7)# no shutdown OS10(conf-if-eth1/1/7)# do show running-configuration ... ! interface ethernet1/1/7 no shutdown ! ... Supported Releases 10.2.
Default Not configured Command Mode All Usage Information None Example OS10(conf-if-eth1/1/1)# exit OS10(config)# Supported Releases 10.2.0E or later license Installs a license file from a local or remote location. Syntax Parameters license install [ftp: | http: | localfs: | scp: | sftp: | tftp: | usb:] filepath • ftp: — (Optional) Install from the remote file system (ftp://userid:passwd@hostip/filepath). • http[s]: — (Optional) Install from the remote file system (http://hostip/filepath).
Command Mode ALIAS Usage Information The no version of this command removes the line number and the corresponding command from the multi-line alias. Example OS10(config)# alias mTest OS10(config-alias-mTest)# line 1 "interface $1 $2" OS10(config-alias-mTest)# line 2 "no shutdown" OS10(config-alias-mTest)# line 3 "show configuration" Supported Releases 10.4.
Example (IPv4) OS10(config)# management route 10.10.20.0/24 10.1.1.1 OS10(config)# management route 172.16.0.0/16 managementethernet Example (IPv6) OS10(config)# management route 10::/64 10::1 Supported Releases 10.2.2E or later move Moves or renames a file on the configuration or home system directories. Syntax Parameters move [config: | home: | usb:] • config: — Move from the configuration directory (config://filepath). • home: — Move from the home directory (home://filepath).
Example OS10# no alias goint Supported Releases 10.2.0E or later reload Reloads the software and reboots the ONIE-enabled device. Syntax reload Parameters None Default Not configured Command Mode EXEC Usage Information Example NOTE: Use caution while using this command as it reloads the OS10 image and reboots the device. OS10# reload Proceed to reboot the system? [confirm yes/no]:y Supported Releases 10.2.
shconfig showint shver Local Local Local line 2 "no shutdow..." line 3 "show confi..." default 1 "ethernet" default 2 "1/1/1" "show runni..." "show inter..." "show versi...
Standby Build Date/Time: Next-Boot: Supported Releases 2017-01-25T06:36:22Z active[A] 10.2.0E or later show candidate-configuration Displays the current candidate configuration file.
Command Mode EXEC Usage Information None Example OS10# show candidate-configuration ! Version 10.2.9999E ! Last configuration change at Apr 11 10:36:43 2017 ! username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/ VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH. aaa authentication local snmp-server contact http://www.dell.com/support snmp-server location "United States" logging monitor disable ip route 0.0.0.0/0 10.11.58.
Supported Releases 10.2.0E or later show environment Displays information about environmental system components, such as temperature, fan, and voltage.
1 1 Supported Releases S6010-ON-FANTRAY-4 S6010-ON-FANTRAY-5 0N7MH8 0N7MH8 X01 X01 04-04--04-05--- 10.2.0E or later show ip management-route Displays the IPv4 routes used to access the Management port. Syntax Parameters show ip management-route [all | connected | summary] • all — (Optional) Display the IPv4 routes that the Management port uses. • connected — (Optional) Display only routes directly connected to the Management port.
2001:34::0/64 2001:68::0/64 Supported Releases ManagementEthernet 1/1 2001:34::16 Connected Active 10.2.2E or later show license status Displays license status information. Syntax show license status Parameters None Default Not configured Command Mode EXEC Usage Information Use this command to view the show license status command to verify the current license for running OS10, its duration, and the service tag of the switch to which it is assigned.
• community-list — (Optional) Current operating community-list configuration. • compressed — (Optional) Current operating configuration in compressed format. • control-plane — (Optional) Current operating control-plane configuration. • dot1x — (Optional) Current operating dot1x configuration. • extcommunity-list — (Optional) Current operating extcommunity-list configuration. • interface — (Optional) Current operating interface configuration.
interface ethernet1/1/4 switchport access vlan 1 no shutdown ! interface ethernet1/1/5 switchport access vlan 1 no shutdown ! interface ethernet1/1/6 switchport access vlan 1 no shutdown --more-Example (compressed) OS10# show running-configuration compressed username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/ VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH. aaa authentication local snmp-server contact http://www.dell.
! interface ethernet1/1/1 switchport access vlan no shutdown ! interface ethernet1/1/2 switchport access vlan no shutdown ! interface ethernet1/1/3 switchport access vlan no shutdown ! interface ethernet1/1/4 switchport access vlan no shutdown ! interface ethernet1/1/5 switchport access vlan no shutdown ! --more-Example (compressed) 1 1 1 1 1 OS10# show startup-configuration compressed username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/ VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgN
Default Not configured Command Mode EXEC Usage Information None Example OS10# show system Node Id MAC Number of MACs Up Time : : : : 1 00:0c:29:00:a5:d2 256 07:44:26 -- Unit 1 -Status Down Reason System Location LED Required Type Current Type Hardware Revision Software Version Physical Ports : : : : : : : : up unknown off S4048-ON S4048-ON 10.4.
Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Example (brief) 1/1/21 1/1/22 1/1/23 1/1/24 1/1/25 1/1/26 1/1/27 1/1/28 1/1/29 1/1/30 1/1/31 1/1/32 Yes Yes Yes Yes Yes Yes Yes Yes No No No No BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 OS10# show system brief Node Id MAC : 1 : 34:17:18:19:20:21 -- Unit -Unit Status ReqType CurType Version -----------------------------------------------------
Architecture: x86_64 Up Time: 3 days 00:28:58 Supported Releases 10.2.0E or later start Activates Transaction-Based Configuration mode for the active session. Syntax start transaction Parameters transaction - Enables the transaction-based configuration. Default Not configured Command Mode EXEC Usage Information Use this command to save changes to the candidate configuration before applying configuration changes to the running configuration.
Default Not configured Command Mode CONFIGURATION Usage Information The system ID displays in the stack LED on the switch front panel. Example OS10(config)# system identifier 1 Supported Releases 10.3.0E or later terminal Sets the number of lines to display on the terminal and enables logging. Syntax Parameters terminal {length lines | monitor} • length lines — Enter the number of lines to display on the terminal, from 0 to 512, default 24. • monitor — Enables logging on the terminal.
– -s source_address — (Optional) Enter an alternative source address of one of the interfaces. By default, the address of the outgoing interface is used. – -q nqueries — (Optional) Enter the number of probe packets per hop. The default is 3. – -N squeries — (Optional) Enter the number of probe packets sent out simultaneously to accelerate traceroute. The default is 16. – -t tos — (Optional) For IPv4, enter the type of service (ToS) and precedence values to use. 16 sets a low delay; 8 sets a high throughput.
Example OS10# unlock Supported Releases 10.2.0E or later write Copies the current running configuration to the startup configuration file. Syntax write {memory} Parameters memory — Copy the current running configuration to the startup configuration. Default Not configured Command Mode EXEC Usage Information This command has the same effect as the copy running-configuration startup-configuration command.
2 Interfaces You can configure and monitor physical interfaces (Ethernet), port-channels, and virtual local area networks (VLANs) in Layer 2 (L2) or Layer 3 (L3) modes. Table 1.
Figure 1. S4148U-ON unified port groups To enable Ethernet interfaces in a unified port group: 1 Configure a unified port group in CONFIGURATION mode. Enter 1/1 for node/slot. The port-group range depends on the switch. port-group node/slot/port-group 2 Activate the unified port group for Ethernet operation in PORT-GROUP mode. To activate a unified port group in Fibre Channel mode, see Fibre Channel interfaces. The available options depend on the switch.
By default, native VLAN of a port is the default VLAN ID of the switch. You can change the native VLAN using the switchport access vlan vlan-id command. A Trunk interface carries VLAN traffic that is tagged using 802.1q encapsulation. If an Access interface receives a packet with an 802.1q tag in the header that is different from the Access VLAN ID, it drops the packet. By default, a trunk interface carries only untagged traffic on the Access VLAN. You must manually configure other VLANs for tagged traffic.
On a S4148U-ON switch, FC interfaces are available in all port groups. The activated FC interfaces depend on the currently configured port profile. For more information, see S4148U-ON port profiles. Figure 2. S4148U-ON unified port groups 1 Configure a unified port group in CONFIGURATION mode. Enter 1/1 for node/slot. The port-group range depends on the switch. port-group node/slot/port-group 2 Activate the unified port group for FC operation in PORT-GROUP mode.
Pluggable media present, QSFP+ type is QSFP+ 4x(16GBASE FC SW) Wavelength is 850 Receive power reading is 0.
Configure VLAN OS10(config)# interface vlan 10 OS10(conf-if-vl-10)# ip address 1.1.1.2/24 You cannot simultaneously use egress rate shaping and ingress rate policing on the same VLAN. User-configured default VLAN By default, VLAN1 serves as the default VLAN for switching untagged L2 traffic on OS10 ports in Trunk or Access mode. The default VLAN is used for untagged protocol traffic sent and received between switches, such as STPs.
Loopback interfaces A Loopback interface is a virtual interface where the software emulates an interface. Because a Loopback interface is not associated to physical hardware entities, the Loopback interface status is not affected by hardware status changes. Packets routed to a Loopback interface process locally to the OS10 device. Because this interface is not a physical interface, to provide protocol stability you can configure routing protocols on this interface.
Create port-channel You can create a maximum of 128 port-channels, with up to 32 port members per group. Configure a port-channel similarly to a physical interface, enable or configure protocols, or ACLs to a port channel. After you enable the port-channel, place it in L2 or L3 mode. To place the port-channel in L2 mode or configure an IP address to place the port-channel in L3 mode, use the switchport command. • Create a port-channel in CONFIGURATION mode.
OS10(config)# interface ethernet 1/1/2 OS10(conf-if-eth1/1/2)# channel-group 100 mode active Minimum links Configure minimum links in a port-channel LAG that must be in oper up status to consider the port-channel to be in oper up status. • Enter the number of links in a LAG that must be in oper up status in PORT-CHANNEL mode, from 1 to 32, default 1.
For packets without an L3 header, OS10 automatically uses the load-balancing mac—selection destination-mac command for hash algorithms by default. When you configure an IP and MAC hashing scheme at the same time, the MAC hashing scheme takes precedence over the IP hashing scheme. • Select one or more methods of load balancing and replace the default IP 4-tuple method of balancing traffic over a port-channel in CONFIGURATION mode.
You can configure a default VLAN only if the interface range being configured consists of only VLAN ports. When a configuration in one of the VLAN ports fails, all the VLAN ports in the interface range are affected. Create an interface range allowing other commands to be applied to that interface range using the interface range command.
• Management IPv4/IPv6 static routes • System hostname • Unified Forwarding Table (UFT) mode • ECMP maximum paths You must manually reconfigure other settings on a switch after you apply a new port profile and reload the switch. NOTE: After you change the switch-port profile, do not immediately back up and restore the startup file without using the write memory command and reloading the switch using the reload command. Otherwise, the new profile does not take effect.
1GE mode: 1GE is supported only on SFP+ ports; 1GE is not supported on QSFP+ and QSFP28 ports 25-26. Breakout interfaces: Use the interface breakout command in Configuration mode to configure 4x10G, 4x25G, and 2x50G breakout interfaces. To view the ports that belong to each port group, use the show port-group command. S4148U-ON port profiles S4148U-ON port profiles determine the available front-panel unified and Ethernet ports and supported breakout interfaces.
*profile-1 and profile-2 activate the same port mode capability on unified and Ethernet ports. The difference is that in profile-1, by default SFP+ unified ports 1-24 come up in Fibre Channel mode with 2x16GFC breakouts per port group. In profile-2, by default SFP+ unified ports 1-24 come up in Ethernet 10GE mode. profile-1 allows you to connect FC devices for plug-and-play; profile-2 is designed for a standard Ethernet-based data network.
• 100g-1x — Reset a QSFP28 port to 100G speed. To configure an Ethernet breakout interface, use the interface ethernet node/slot/port:subport command in CONFIGURATION mode. Each breakout interface operates at the configured speed. Use the no version of the interface breakout command to reset a port to its default speed: 40G or 100G. To configure breakout interfaces on a unified port, use the mode {Eth | FC} command in Port-Group Configuration mode.
Eth Eth Eth Eth Eth Eth 1/1/2 1/1/25:1 1/1/25:2 1/1/25:3 1/1/25:4 1/1/29 down down down down down down 0 0 0 0 0 0 auto auto auto auto auto auto A A A A A A 1 1 1 1 1 1 - Forward error correction Forward error correction (FEC) enhances data reliability. FEC modes supported in OS10: • CL74-FC — Supports 25G • CL91-RS — Supports 100G • CL108-RS — Supports 25G • off — Disables FEC NOTE: OS10 does not support FEC on 10G and 40G.
Energy-efficient Ethernet Energy-efficient Ethernet (EEE) reduces power consumption of physical layer devices (PHYs) during idle periods. EEE allows Dell EMC Networking devices to conform to green computing standards. An Ethernet link consumes power when a link is idle. EEE allows Ethernet links to use Regular Power mode only during data transmission. EEE is enabled on devices that support LOW POWER IDLE (LPI) mode. Such devices save power by entering LPI mode during periods when no data is transmitting.
View EEE status/statistics You can view the EEE status or statistics for a specified interface, or all interfaces, using the show commands. View EEE status for a specified interface OS10# show interface ethernet 1/1/48 eee Port EEE Status Speed Duplex --------------------------------------------Eth 1/1/48 on up 1000M View EEE status on all interfaces OS10# show interface eee Port EEE Status Speed Duplex --------------------------------------------Eth 1/1/1 off up 1000M ...
clear counters interface eee Clears all EEE counters. Syntax clear counters interface eee Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# clear counters interface eee Clear all eee counters [confirm yes/no]:yes Supported Releases 10.3.0E or later clear counters interface ethernet eee Clears EEE counters on a specified Ethernet interface.
show interface eee Displays the EEE status for all interfaces. Syntax show interface eee Parameters None Default Not configured Command Mode EXEC Example OS10# show interface eee Port EEE Status Speed Duplex --------------------------------------------Eth 1/1/1 off up 1000M ... Eth 1/1/47 on up 1000M Eth 1/1/48 on up 1000M Eth 1/1/49 n/a Eth 1/1/50 n/a Eth 1/1/51 n/a Eth 1/1/52 n/a Supported Releases 10.3.0E or later show interface eee statistics Displays EEE statistics for all interfaces.
Default Not configured Command Mode EXEC Example OS10# show interface ethernet 1/1/48 eee Port EEE Status Speed Duplex --------------------------------------------Eth 1/1/48 on up 1000M Supported Releases 10.3.0E or later show interface ethernet eee statistics Displays EEE statistics for a specified interface. Syntax show interface ethernet node/slot/port[:subport] eee statistics Parameters node/slot/port[:subport]—Enter the interface information.
Pluggable media present, QSFP+ type is QSFP+ 40GBASE CR4 Wavelength is 64 Receive power reading is 0.
Time since last interface status change: 02:46:35 --more-View specific interface information OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# show configuration ! interface ethernet1/1/1 ip address 1.1.1.1/24 no switchport no shutdown View candidate configuration OS10(conf-if-eth1/1/1)# show configuration candidate ! interface ethernet1/1/1 ip address 1.1.1.1/24 no switchport no shutdown View running configuration OS10# show running-configuration Current Configuration ...
Ethernet 1/1/21 Ethernet 1/1/22 Ethernet 1/1/23 Ethernet 1/1/24 Ethernet 1/1/25 Ethernet 1/1/26 Ethernet 1/1/27 Ethernet 1/1/28 Ethernet 1/1/29 Ethernet 1/1/30 Ethernet 1/1/31 Ethernet 1/1/32 Management 1/1/1 Vlan 1 Vlan 10 Vlan 20 Vlan 30 unassigned unassigned unassigned unassigned unassigned unassigned unassigned unassigned unassigned unassigned unassigned unassigned 10.16.153.
Example OS10(config)# interface ethernet 1/1/2:1 OS10(conf-if-eth1/1/2:1)# channel-group 20 mode active Supported Releases 10.3.0E or later default vlan-id Reconfigures the VLAN ID of the default VLAN. Syntax default vlan-id vlan-id Parameters vlan-id — Enter the default VLAN ID number, from 1 to 4093. Default VLAN1 Command Mode CONFIGURATION Usage Information By default, VLAN1 serves as the default VLAN for switching untagged L2 traffic on OS10 ports in Trunk or Access mode.
Command Mode Usage Information INTERFACE • To use special characters as a part of the description string, enclose the string in double quotes. • Spaces between characters are not preserved after entering this command unless you enclose the entire description in quotation marks; for example, “text description”. • Enter a text string after the description command to overwrite any previously configured text string.
Example OS10(config)# feature auto-breakout Supported releases 10.4.0E(R1) or later fec Configures Forward Error Correction on 25G and 100G interfaces. Syntax fec {CL74-FC | CL91-RS | CL108-RS | off} Parameters Defaults • CL74-FC — Supports 25G • CL91-RS — Supports 100G • CL108-RS — Supports 25G • off — Disables FEC • For 25G interfaces: off • For 100G interfaces: CL91-RS Command Mode CONFIGURATION Usage Information The no version of this command resets the value to the default.
• To configure breakout interfaces on a unified port, use the mode {Eth | FC} command in Port-Group Configuration mode. Example OS10(config)# interface breakout 1/1/41 map 10g-4x Supported Releases 10.2.2E or later interface ethernet Configures a physical Ethernet interface. Syntax interface ethernet node/slot/port:subport Parameters node/slot/port:subport — Enter the Ethernet interface information.
Usage Information You cannot delete a Management port. To assign an IP address to the Management port, use the ip address command. Example OS10(config)# interface mgmt 1/1/1 OS10(conf-if-ma-1/1/1)# Supported Releases 10.2.0E or later interface null Configures a null interface on the switch. Syntax interface null number Parameters number — Enter the interface number to set as null (0). Default 0 Command Mode CONFIGURATION Usage Information You cannot delete the Null interface.
Parameters • node/slot/port[:subport]-node/slot/port[:subport] — Enter a range of Ethernet interfaces. • IDnumber-IDnumber — Enter a range of port-channel numbers, from 1 to 128. • vlanID-vlanID — Enter a range VLAN ID numbers, from 1 to 4093. Default Not configured Command Mode CONFIGURATION Usage Information Enter up to six comma-separated interface ranges without spaces between commas. When creating an interface range, interfaces are not sorted and appear in the order entered.
Parameters value — Enter the percentage of port-channel bandwidth that triggers traffic monitoring on port-channel members, from 0 to 100. Default Disabled Command Mode CONFIGURATION Usage Information None Example OS10(config)# link-bundle-utilization trigger-threshold 10 Supported Releases 10.2.
Command Mode Usage Information Example PORT-GROUP • The mode {FC | Eth} command configures a port group to operate at line rate and guarantees no traffic loss. • To configure oversubscription on a FC interface, use the speed command. • To configure breakout interfaces on an Ethernet port, use the interface breakout command. • To view the currently active ports and subports, use the show interfaces status command.
Usage Information To return to the default MTU value, use the no mtu command. If an IP packet includes a L2 header, the IP MTU must be at least 32 bytes smaller than the L2 MTU. • Port-channels – All members must have the same link MTU value and the same IP MTU value. – The port channel link MTU and IP MTU must be less than or equal to the link MTU and IP MTU values you configure on the channel members.
Parameters None Defaults Not configured Command Mode CONFIGURATION Usage Information Use the VLAN scale profile when you scale the number of VLANs so that the switch consumes less memory. Enable the scale profile before you configure VLANs on the switch. The scale profile globally applies L2 mode on all VLANs you create and disables L3 transmission. The no version of the command disables L2 VLAN scaling. To enable L3 routing traffic on a VLAN, use the mode L3 command.
0 packets, 0 octets 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts, 0 Unicasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output statistics: 0 packets, 0 octets 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts, 0 Unicasts 0 throttles, 0 discarded, 0 Collisions, 0 wreddrops Rate Info(inte
1/1/4 1/1/5 1/1/6 1/1/7 1/1/8 1/1/9 1/1/10 1/1/11 1/1/12 1/1/13 1/1/14 1/1/15 1/1/16 1/1/17 1/1/18 ...
Example (Interface) OS10(conf-range-eth1/1/10-1/1/11,1/1/13,1/1/14)# do show port-channel summary Flags: D - Down U - member up but inactive P - member up and active U - Up (port-channel) Group Port-Channel Type Protocol Member Ports 22 port-channel22 (U) Eth STATIC 1/1/10(P) 1/1/11(P) 1/1/12(P) 1/1/13(P) 1/1/14(P) 1/1/15(P) 1/1/16(P) 1/1/17(P) 1/1/18(P) 1/1/19(P) 23 port-channel23 (D) Eth STATIC OS10(config)# interface range e1/1/12-1/1/13,1/1/15,1/1/17-1/1/18 OS10(conf-range-eth1/1/12-1/1/13,1/1/15,1/1/1
port-group1/1/11 port-group1/1/12 port-group1/1/13 port-group1/1/14 port-group1/1/15 port-group1/1/16 Supported Releases Eth Eth Eth Eth Eth Eth 100g-2x 100g-2x 100g-1x 100g-1x 100g-1x 100g-1x 37 39 41 42 43 44 38 40 - 10.3.1E or later show switch-port-profile Displays the current and default port profile on a switch. Syntax Parameters show switch-port-profile node/slot • node/slot — Enter the switch information. For a standalone switch, enter 1/1.
NUM Status Description Q Ports 1 down Supported Releases 10.2.0E or later shutdown Disables an interface. Syntax shutdown Parameters None Default Disabled Command Mode INTERFACE Usage Information This command marks a physical interface as unavailable for traffic. Disabling a VLAN or a port-channel causes different behavior. When you disable a VLAN, the L3 functions within that VLAN are disabled, and L2 traffic continues to flow.
Example OS10(conf-if-fc-1/1/2)# speed 16 Supported Releases 10.3.1E or later speed (Management) Configures the transmission speed of the Management interface. Syntax speed {10 | 100 | 1000 | auto} Parameters Set the Management port speed to: • 10 — 10M • 100 — 100M • 1000 — 1000M • auto — Set the port to auto-negotiate speed with a connected device. Defaults Auto Command Mode INTERFACE Usage Information The speed command is supported only on Management and Fibre Channel interfaces.
– profile-3 — SFP+ 10G ports (5-24 and 31-50), QSFP+ 40G ports (27-28), and QSFP28 ports with 40G and 100G capability (25-26 and 29-30) are enabled. QSFP+ ports support 40GE and 4x10G breakouts. QSFP28 ports support 100GE and 4x25G breakouts with QSFP28 transceivers, and 40GE and 4x10G breakouts with QSFP+ transceivers. – profile-4 — SFP+ 10G ports (5-24 and 31-50), QSFP+ 40G ports (27-28), and QSFP28 ports with 40G and 100G capability (25-26 and 29-30) are enabled.
Usage Information ◦ QSFP28 unified ports operate in Ethernet 100GE mode by default, and support 2x50G, 4x25G, and 4x10G breakouts. QSFP28 ports support 4x16GFC breakouts in FC mode. ◦ SFP+ Ethernet ports operate at 10GE. • Setting a port group in 2x16GFC mode activates odd-numbered interfaces 1 and 3. A port group in 1x32GFC mode activates only interface 1. • To display the current port profile on a switch, use the show switch-port-profile command.
switchport mode Places an interface in L2 Access or Trunk mode. Syntax switchport mode {access | trunk} Parameters • access — Enables L2 switching of untagged frames on a single VLAN. • trunk — Enables L2 switching of untagged frames on the access VLAN, and of tagged frames on the VLANs specified with the switchport trunk allowed vlan command.
3 Fibre Channel OS10 switches with Fibre Channel (FC) ports operate in one of the following modes: Direct attach (F_Port), NPIV Proxy Gateway (NPG), or FIP Snooping Bridge (FSB). In the FSB mode, you cannot use the FC ports. F_Port Fibre Channel fabric port (F_Port) is the switch port that connects the FC fabric to a node. S4148U-ON switches support F_Port. Enable Fibre Channel F_Port mode globally using the feature fc domain-ID domain-ID command in CONFIGURATION mode.
Terminology ENode End Node or FCoE node FC Fibre Channel FC ID A 3-byte address used by FC to identify the end points FC Map A 3-byte prefix configured per VLAN, used to frame FCoE MAC address FCF Fibre Channel Forwarder FCoE Fibre Channel over Ethernet FCoE MAC Unique MAC address used to identify an FCoE session. This is a combination of FC ID and FC Map.
6 (Optional) Add a name to the vfabric using the name vfabric-name command. 7 Apply the vfabric to FC interfaces using the vfabric fabric-ID command in FC INTERFACE mode.
fibrechannel1/1/30:3 ========================================== To configure a vfabric in NPG mode: 1 Configure a vfabric using the vfabric fabric-ID command in CONFIGURATION mode. The switch enters vfabric CONFIGURATION mode. 2 Associate a VLAN ID to the vfabric with the vlan vlan-ID command. 3 Add FCoE parameters with the fcoe {fcmap fc-map | fcf-priority fcf-priority-value | fka-adv-period adv-period | vlan-priority vlan-priority-value | keep-alive} command.
Fibre Channel zoning Fibre Channel (FC) zoning partitions a FC fabric into subsets to restrict unnecessary interactions, improve security, and manage the fabric more effectively. Create zones and add members to the zone. Identify a member by an FC alias, world wide name (WWN), or FC ID. A zone can have a maximum of 255 unique members. Create zonesets and add the zones to a zoneset. A switch can have multiple zonesets, but you can activate only one zoneset at a time in a fabric.
50:00:d3:10:00:ec:f9:1b 50:00:d3:10:00:ec:f9:05 50:00:d3:10:00:ec:f9:1f 20:35:78:2b:cb:6f:65:57 View FC zoneset configuration OS10(conf-fc-zoneset-set)# show configuration ! fc zoneset set member hba1 member hba2 OS10# show fc zoneset active vFabric id: 100 Active Zoneset: set ZoneName ZoneMember ================================================ hba2 *20:01:00:0e:1e:e8:e4:99 20:35:78:2b:cb:6f:65:57 50:00:d3:10:00:ec:f9:05 50:00:d3:10:00:ec:f9:1b 50:00:d3:10:00:ec:f9:1f hba1 *10:00:00:90:fa:b8:22:19 *21:00:0
Pinning FCoE traffic to a specific port of a portchannel You can isolate FIP and FCoE traffic by configuring a pinned port at the FCoE LAG. FCoE LAG is the port-channel used for FIP and FCoE traffic in the intermediate switches between server and storage devices. VLT provides Active/Active LAN connectivity on converged links by forwarding traffic in multiple paths to multiple upstream devices without STP blocking any of the uplinks.
Fibre Channel
Sample FSB configuration on VLT network 1 Enable the FIP snooping feature globally. OS10(config)# feature fip-snooping 2 Create the FCoE VLAN. OS10(config)#interface vlan 1001 OS10(conf-if-vl-1001)# fip-snooping enable 3 Configure the VLTi interface. OS10(config)# interface ethernet 1/1/27 OS10(conf-if-eth1/1/27)# no shutdown OS10(conf-if-eth1/1/27)# no switchport 4 Configure the VLT. OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.151.
OS10(conf-if-eth1/1/2)# service-policy input type network-qos PFC OS10(conf-if-eth1/1/2)# priority-flow-control mode on OS10(config)# interface OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# ethernet 1/1/3 description downlink_port_channel_member1 no shutdown channel-group 20 mode active fcoe-pinned-port no switchport service-policy input type network-qos PFC priority-flow-control mode o
FCoE sessions: Enode MAC Enode Interface FCF MAC FCF interface VLAN FCoE MAC FC-ID PORT WWPN PORT WWNN -------------------------------------------------------------------------------------------------------------------------------------------------------f4:e9:d4:a4:7d:c3 Po20(Eth 1/1/3) 14:18:77:20:78:e0 Po 10(Eth 1/1/1) 1001 0e:fc:00:01:00:00 01:34:02 20:01:f4:e9:d4:a4:7d:c3 20:00:f4:e9:d4:a4:7d:c3 Pinned port status: OS10# show fcoe pinned-port Interface pinned-port FCoE Status ----------------- ---------
10 Apply the PFC configuration on the downlink interfaces. Include the interfaces to the port-channel and configure one of the interfaces as pinned-port.
OS10(config-pmap-c-nqos)# pause OS10(config-pmap-c-nqos)# pfc-cos 3 5 Create uplink and downlink port-channels, and configure the FCF facing port.
--------------------------------------------------------f4:e9:d4:a4:7d:c3 Po20(Eth 1/1/3) 14:18:77:20:78:e0 Po 10(Eth 1/1/1) 1001 0e:fc:00:01:00:00 01:34:02 20:01:f4:e9:d4:a4:7d:c3 20:00:f4:e9:d4:a4:7d:c3 Pinned port status: OS10# show fcoe pinned-port Interface pinned-port FCoE Status ----------------- ---------------- ----------------Po 10 Eth 1/1/1 Up Po 20 Eth 1/1/3 Up Sample FC Switch configuration on non-VLT network 1 Enable the F_PORT mode.
View configuration Name server entries: OS10# show fc ns switch brief Total number of devices = 2 Intf# Domain port-channel10(Eth 1/1/9) 1 20:00:f4:e9:d4:a4:7d:c3 fibrechannel1/1/26 1 0e FC-ID 01:00:00 Enode-WWPN 20:01:f4:e9:d4:a4:7d:c3 Enode-WWNN 01:68:00 21:00:00:24:ff:7c:ae:0e 21:00:00:24:ff:7c:ae: Zoneset details: vFabric id: 1 Active Zoneset: zonesetA ZoneName ZoneMember =========================================================== zoneA *20:01:f4:e9:d4:a4:7d:c3 *21:00:00:24:ff:7c:ae:0e Pinned por
fc zone Creates an FC zone and adds members to the zone. An FC zone can have a maximum of 255 unique members. Syntax fc zone zone-name Parameters zone-name — Enter a name for the zone. Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes the FC zone. To delete an FC zone, first remove it from the FC zoneset.
Usage Information The no version of this command disables the F_Port. You can disable the F_Port only when vfabric and zoning configurations are not available. Before disabling the F_Port, remove the vfabric and zoning configurations. You can enable only one of the following at a time: F_Port, NPG, or FSB. Example OS10(config)# feature fc domain-id 100 Supported Releases 10.3.1E or later member (alias) Add members to existing FC aliases.
member (zoneset) Adds zones to an existing zoneset. Syntax member zone-name Parameters zone-name — Enter an existing zone name. Defaults Not configured Command Mode Zoneset CONFIGURATION Usage Information The no version of this command removes the zone from the zoneset. Example OS10(config)# fc zoneset set OS10(conf-fc-zoneset-set)# member hba1 Supported Releases 10.3.1E or later show fc alias Displays the details of a FC alias and its members.
Example OS10# show fc interface-area-id mapping Intf Name FC-ID Status ================================================== ethernet1/1/40 0a:02:00 Active Supported Releases 10.4.1.0 or later show fc ns switch Displays the details of the FC NS switch parameters.
Example OS10# show fc zone Zone Name Zone Member ================================================= hba1 21:00:00:24:ff:7b:f5:c8 10:00:00:90:fa:b8:22:19 21:00:00:24:ff:7f:ce:ee 21:00:00:24:ff:7f:ce:ef hba2 20:01:00:0e:1e:e8:e4:99 50:00:d3:10:00:ec:f9:1b 50:00:d3:10:00:ec:f9:05 50:00:d3:10:00:ec:f9:1f 20:35:78:2b:cb:6f:65:57 Example (with zone name) OS10# show fc zone hba1 Supported Releases 10.3.
*21:00:00:24:ff:7b:f5:c8 21:00:00:24:ff:7f:ce:ee 21:00:00:24:ff:7f:ce:ef Example (active zoneset) OS10# show fc zoneset active vFabric id: 100 Active Zoneset: set ZoneName ZoneMember =========================================================== hba2 20:01:00:0e:1e:e8:e4:99 20:35:78:2b:cb:6f:65:57 50:00:d3:10:00:ec:f9:05 50:00:d3:10:00:ec:f9:1b 50:00:d3:10:00:ec:f9:1f hba1 Example (with zoneset name) *10:00:00:90:fa:b8:22:19 *21:00:00:24:ff:7b:f5:c8 21:00:00:24:ff:7f:ce:ee 21:00:00:24:ff:7f:ce:ef OS10# sh
zoneset activate Activates an existing zoneset. You can activate only one zoneset in a vfabric. Syntax zoneset activate zoneset-name Parameters zoneset-name — Enter an existing zoneset name. Defaults Not configured Command Mode Vfabric CONFIGURATION Usage Information After you disable an active zoneset, the zone default-zone permit command configuration takes effect. Based on this configuration, the default zone allows or denies access between all the logged-in FC nodes of the vfabric.
Command Mode CONFIGURATION Usage Information You can enable only one of the following at a time: F_Port, NPG, or FSB. The no version of this command disables NPG mode. Example OS10(config)# feature fc npg Supported Releases 10.4.0E(R1) or later show npg devices Displays the NPG devices connected to the switch. Syntax show npg devices [brief] Parameters None Default Not configured Command Mode EXEC Usage Information Use the brief option to display minimum details.
Parameters • vfabric-ID — Enter the vfabric ID. • fibrechannel — Enter the fibre channel interface name. Default Not configured Command Mode EXEC Usage Information None Example OS10# clear fc statistics vfabric 100 OS10# clear fc statistics interface fibrechannel1/1/25 Supported Releases 10.4.1.0 or later fcoe Adds FCoE parameters to the vfabric.
Parameters vfabric-name — Enter a name for the vfabric. Defaults Not configured Command Mode Vfabric CONFIGURATION Usage Information The no version of this command removes the vfabric name.. Example OS10(config)# vfabric 100 OS10(conf-vfabric-100)# name test_vfab Supported Releases 10.3.1E or later show fc statistics Displays the FC statistics. Syntax Parameters show fc statistics {vfabric vfabric-ID | interface fibrechannel} • vfabric-ID — Enter the vfabric ID.
Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show fc switch Switch Mode : FPORT Switch WWN : 10:00:14:18:77:20:8d:cf Supported Releases 10.3.1E or later show running-config vfabric Displays the running configuration for the vfabric.
========================================== Domain ID 4 ========================================== Switch Zoning Parameters ========================================== Default Zone Mode: Deny Active ZoneSet: zoneset5 ========================================= Members fibrechannel1/1/25 port-channel10(Eth 1/1/9) Supported Releases 10.3.1E or later vfabric Configures a vfabric. Syntax vfabric fabric-ID Parameters fabric-ID — Enter the fabric ID, from 1 to 255.
Supported Releases 10.3.1E or later vlan Associates an existing VLAN ID to the vfabric to carry traffic. Syntax vlan vlan-ID Parameters vlan-ID — Enter an existing VLAN ID. Defaults Not configured Command Mode Vfabric CONFIGURATION Usage Information Create the VLAN ID before associating it to the vfabric. Do not use spanned VLAN as vfabric VLAN. The no version of this command removes the VLAN ID from the vfabric.
fip-snooping enable Enables FIP snooping on a specified VLAN. Syntax fip-snooping enable Parameters None Defaults Disabled Command Mode VLAN INTERFACE Usage Information Enable FIP snooping on a VLAN only after enabling the FIP snooping feature globally using the feature fipsnooping command. OS10 supports FIP snooping on a maximum of 12 VLANs. The no version of this command disables FIP snooping on the VLAN.
Usage Information By default, the port mode of an interface is set to ENode. Use this command to change the port mode to FCF. Set the port mode to FCF only after enabling the FIP snooping feature. The no version of this command resets the port mode to ENode. Example OS10(config)# interface ethernet 1/1/32 OS10(conf-if-eth1/1/32)# fip-snooping port-mode fcf Supported Releases 10.4.0E(R1) or later FCoE commands The following commands are supported on all the three modes: F_Port, NPG, and FSB.
Supported Releases 10.4.0E(R1) or later fcoe-pinned-port Marks a port as a pinned port in the port-channel. This configuration is supported on FSB, Ethernet LAG in NPG, and F_Port mode. It is not supported on a VLTi LAG. Syntax fcoe-pinned-port Parameters node/slot/port[:subport]—Enter the interface type details. Defaults Disabled Command Mode Port-channel INTERFACE Usage Information You can configure only single port per port-channel.
Usage Information You can configure only one PFC priority at a time. The no version of this command returns the configuration to default value. Example OS10(config)# fcoe priority-bits 0x08 Supported Releases 10.4.0E(R3) or later lldp tlv-select dcbxp-appln fcoe Enables FCoE application TLV for an interface. Syntax lldp tlv-select dcbxp-appln fcoe Parameter None Default Enabled Command Mode INTERFACE Usage Information The default priority value advertised in FCoE application TLV is 3.
show fcoe fcf Displays details of the FCFs connected to the switch. Syntax show fcoe [fcf-mac-address] Parameters fcf-mac-address — (Optional) Enter the MAC address of the FCF. This option displays details of the specified FCF.
Parameters vlan-id — (Optional) Enter the VLAN ID. This option displays the sessions established on the specified VLAN. Default Not configured Command Mode EXEC Usage Information None Example Enode MAC FCoE MAC aa:bb:cc:00:00:00 0e:fc:00:01:00:01 aa:bb:cc:00:00:00 0e:fc:00:01:00:02 Supported Releases 10.4.
show fcoe system Displays system information related to the FCoE. Syntax show fcoe system Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show fcoe system Mode: FIP Snooping Bridge FCOE VLAN List (Operational) FCFs Enodes Sessions Supported Releases : : : : 1, 100 1 2 17 10.4.0E(R1) or later show fcoe vlan Displays details of FIP-snooping VLANs.
4 Layer 2 802.1X Verifies device credentials before sending or receiving packets using the Extensible Authentication Protocol (EAP), see 802.1X Commands. Link Aggregation Control Protocol (LACP) Exchanges information between two systems and automatically establishes a link aggregation group (LAG) between the systems, see LACP Commands.
NOTE: OS10 supports only RADIUS as the back-end authentication server. The authentication process involves three devices: • Supplicant — The device attempting to access the network performs the role of supplicant. Regular traffic from this device does not reach the network until the port associated to the device is authorized. Before that, the supplicant can only exchange 802.1x messages (EAPOL frames) with the authenticator.
6 If the identity information the supplicant provides is valid, the authentication server sends an Access Accept frame that specify the network privileges. The authenticator changes the port state to authorize and forwards an EAP Success frame. If the identity information is invalid, the server sends an Access Reject frame. If the port state remains unauthorized, the authenticator forwards an EAP Failure frame. EAP over RADIUS 802.
Enable 802.1X 1 Enable 802.1X globally in CONFIGURATION mode. dot1x system-auth-control 2 Enter an interface or a range of interfaces in INTERFACE mode. interface range 3 Enable 802.1X on the supplicant interface only in INTERFACE mode. dot1x port-control auto Configure and verify 802.
Identity retransmissions If the authenticator sends a Request Identity frame but the supplicant does not respond, the authenticator waits 30 seconds and then retransmits the frame. There are several reasons why the supplicant might fail to respond — the supplicant maybe booting when the request arrived, there may be a physical layer problem, and so on.
Failure quiet period If the supplicant fails the authentication process, the authenticator sends another Request Identity frame after 30 seconds by default. The quiet period is a transmit interval time after a failed authentication. The Request Identity Retransmit interval is for an unresponsive supplicant. You can configure the interval for a maximum of 10 times for an unresponsive supplicant.
force-authorized (default) This is an authorized state. A device connected to this port does not use the authentication process but can communicate on the network. Placing the port in this state is the same as disabling 802.1X on the port. forceauthorized is the default mode. force-unauthorized This is an unauthorized state. A device connected to a port does not use the authentication process but is not allowed to communicate on the network.
Configure and verify reauthentication time period OS10(config)# interface range ethernet 1/1/7-1/1/8 OS10(conf-range-eth1/1/7-1/1/8)# dot1x re-authentication OS10(conf-range-eth1/1/7-1/1/8)# dot1x timeout re-authperiod 3600 OS10(conf-range-eth1/1/7-1/1/8)# show dot1x interface ethernet 1/1/7 802.
Port Auth Status: Re-Authentication: Tx Period: Quiet Period: Supplicant Timeout: Server Timeout: Re-Auth Interval: Max-EAP-Req: Host Mode: Auth PAE State: Backend State: UNAUTHORIZED Enable 120 seconds 120 seconds 45 seconds 60 seconds 3600 seconds 5 MULTI_HOST Initialize Initialize View interface running configuration OS10(conf-range-eth1/1/7-1/1/8)# do show running-configuration interface ...
dot1x max-req Changes the maximum number of requests that the device sends to a supplicant before restarting 802.1X authentication. Syntax dot1x max-req retry-count Parameters max-req retry-count — Enter the retry count for the request sent to the supplicant before restarting 802.1X reauthentication, from 1 to 10. Default 2 Command Mode INTERFACE Usage Information The no version of this command resets the value to the default.
Example OS10(conf-range-eth1/1/7-1/1/8)# dot1x re-authentication Supported Releases 10.2.0E or later dot1x timeout quiet-period Sets the number of seconds that the device remains in the quiet state following a failed authentication exchange with a supplicant. Syntax dot1x timeout quiet-period seconds Parameters quiet period seconds — Enter the number of seconds for the 802.1X quiet period timeout, from 1 to 65535.
Supported Releases 10.2.0E or later dot1x timeout supp-timeout Sets the number of seconds that the device waits for the supplicant to respond to an EAP request frame before the device retransmits the frame. Syntax dot1x timeout supp-timeout seconds Parameters supp-timeout seconds — Enter the number of seconds for the 802.1X supplicant timeout, from 1 to 65535. Default 30 seconds Command Mode INTERFACE Usage Information The no version of this command resets the value to the default.
Supported Releases 10.2.0E or later show dot1x interface Displays 802.1X configuration information. Syntax show dot1x interface ethernet node/slot/port[:subport] Parameters ethernet node/slot/port[:subport] — Enter the Ethernet interface information. Command Mode EXEC Usage Information Use this command to view the dot1x interface configuration for a specific interface. Example OS10# show dot1x interface 802.
LACP functions by constantly exchanging custom MAC PDUs across LAN Ethernet links. The protocol only exchanges packets between ports you configure as LACP-capable. Modes A LAG includes three configuration modes — on, active, and passive. On Sets the Channeling mode to Static. The interface acts as a member of the static LAG. Active Sets the interface in the Active Negotiating state. LACP runs on any link configured in this mode.
interface ethernet1/1/8 lacp port-priority 4096 lacp rate fast no shutdown ! ... Interfaces Create a LAG and then add LAG member interfaces. By default, all interfaces are in no shutdown and switchport modes. 1 Create a LAG in CONFIGURATION mode. interface port-channel port-channel number 2 Enter INTERFACE mode. interface ethernet node/slot/port[:subport] 3 Set the channel group mode to Active in INTERFACE mode.
Actor Admin: State BCFHJKNO Key 20 Priority 32768 Oper: State BDEGIKNO Key 20 Priority 32768 Partner Admin: State BCEGIKNP Key 0 Priority 0 Oper: State BDEGIKNO Key 10 Priority 32768 Port ethernet1/1/16 is Enabled, LACP is enabled and mode is lacp Actor Admin: State BCFHJKNO Key 20 Priority 32768 Oper: State BDEGIKNO Key 20 Priority 32768 Partner Admin: State BCEGIKNP Key 0 Priority 0 Oper: State BDEGIKNO Key 10 Priority 32768 Sample configuration This sample topology is based on two routers — Alpha and Br
A - Active LACP, B - Passive LACP, C - Short Timeout, D - Long Timeout E - Aggregatable Link, F - Individual Link, G - IN_SYNC, H - OUT_OF_SYNC, I - Collection enabled, J - Collection disabled, K - Distribution enabled, L - Distribution disabled, M - Partner Defaulted, N - Partner Non-defaulted, O - Receiver is in expired state, P - Receiver is not in expired state Port ethernet1/1/49 is Enabled, LACP is enabled and mode is lacp Actor Admin: State BCFHJKNO Key 1 Priority 32768 Oper: State BDEGIKNO Key 1 Pri
Lag MTU is 1500 ,IP MTU bytes Linespeed AUTO Members in this channel ethernet1/1/29 ethernet1/1/30 ethernet1/1/31 ARP type: ARPA Arp timeout: 240 Last clearing of "show interface" counters : Queuing strategy :fifo Input statistics: 1388 packets, 135026 octets 666 64-byte pkts,1 over 64-byte pkts, 721 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 1388 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 1387 discarded Output statistics: 2121444503 p
Illegal packetse rcvd: 0 Local Port: MAC Address=74:e6:e2:f5:b5:80 System Identifier=32768,32768 Port Identifier=32768,32768 Operational key=1 LACP_Activity=passive LACP_Timeout=Long Timeout(30s) Synchronization=IN_SYNC Collecting=true Distributing=true Partner information refresh timeout=Long Timeout(90s) Actor Admin State=BCFHJKNO Actor Oper State=BDEGIKNO Neighbor: 276 MAC Address=00:00:00:00:00:00 System Identifier=,00:00:00:00:00:00 Port Identifier=0,14:18:77:7a:2d:00 Operational key=1 LACP_Activity=pa
• OS10 switches cannot be a PXE client irrespective of whether it acts as a VLT peer or ToR switch. • If you are configuring LACP fallback in a VLT domain, configure lacp fallback commands in both the VLT peers. • If you do not enable LACP fallback in one of the VLT peers, or configure different time-out values in the peers, then the switch might behave differently.
In the above scenario, LACP fallback works as follows: 1 The ToR/server boots up. 2 The switch detects the link that is up and checks fallback enabled status. If fallback is enabled, the device waits for the time-out period for any LACP BPDUs. If there are no LACP BPDUs received within the time period, then the LAG enters into fallback mode and adds the first operationally UP port to the port-channel instead of placing it in an inactive state. 3 Now the ToR/server has one port up and active.
In the above scenario, LACP fallback works as follows: 1 The ToR/server boots up. 2 One of the VLT peers takes care of controlling the LACP fallback mode. All events are sent to the controlling VLT peer for deciding the port that should be brought up and then the decision is passed on to peer devices. 3 The controlling VLT peer can decide to bring up one of the ports in either the local port-channel or in the peer VLT port-channel.
• on — Enter so that the interface is not part of a dynamic LAG but acts as a static LAG member. • passive — Enter to only enable LACP if it detects a device. The interface is in the Passive Negotiation state when the port responds to the LACP packets that it receives but does not initiate negotiation until it detects a device. Default Not configured Command Mode INTERFACE Usage Information When you delete the last physical interface from a port-channel, the port-channel remains.
Usage Information The no version of this command disables LACP fallback mode. Example OS10# configure terminal OS10(config)# interface port-channel 1 OS10(conf-if-po-1)# lacp fallback enable Supported Releases 10.3.2E(R3) or later lacp fallback preemption Enables or disables LACP fallback port preemption. Syntax Parameters lacp fallback preemption {enable | disable} • enable—Enables preemption on the port-channel. • disable—Disables preemption on the port-channel.
Example OS10# configure terminal OS10(config)# interface port-channel 1 OS10(conf-if-po-1)# lacp fallback timeout 20 Supported Releases 10.3.2E(R3) or later lacp max-bundle Configures the maximum number of active members allowed in a port-channel. Syntax lacp max-bundle max-bundle-number Parameters max-bundle-number — Enter the maximum bundle size (1 to 32). Default 32 Command Mode INTERFACE Usage Information The no version of this command resets the maximum bundle size to the default value.
Command Mode INTERFACE Usage Information Change the LACP timer rate to modify the duration of the LACP timeout. The no version of this command resets the rate to the default value. Example OS10(conf-range-eth1/1/7-1/1/8)# lacp rate fast Supported Releases 10.2.0E or later lacp system-priority Sets the system priority of the device for LACP. Parameters priority — Enter the priority value for physical interfaces (0 to 65535).
Ethernet1/13 --more-Supported Releases 492 485 0 0 0 0 0 10.2.0E or later show lacp interface Displays information about specific LACP interfaces. Syntax show lacp interface ethernet node/slot/port Parameters node/slot/port — Enter the interface information. Default Not configured Command Mode EXEC Usage Information The LACP_activity field displays if you configure the link in Active or Passive port-channel mode.
show lacp neighbor Displays information about LACP neighbors. Syntax Parameters show lacp neighbor [interface port-channel channel-number] • interface port-channel — (Optional) Enter the interface port-channel. • channel-number — (Optional) Enter the port-channel number for the LACP neighbor (1 to 128). Default Not configured Command Mode EXEC Usage Information All channel groups display if you do not enter the channel-number parameter.
Actor Admin: State BCFHJKNO Key 1 Priority 32768 Oper: State BDEGIKNO Key 1 Priority 32768 Partner Admin: State BCEGIKNP Key 0 Priority 0 Oper: State BDEGIKMO Key 1 Priority 32768 Supported Releases 10.2.0E or later show lacp system-identifier Displays the LACP system identifier for a device.
tlv segment LAN devices transmit LLDPDUs, which encapsulate TLVs, to neighboring LAN devices. LLDP is a one-way protocol and LAN devices (LLDP agents) transmit and/or receive advertisements but they cannot solicit and do not respond to advertisements. There are three mandatory TLVs followed by zero or more optional TLVs and the end of the LLDPDU TLV.
Organizationally-specific TLVs There are eight TLV types defined by the 802.1 and 802.3 working groups as a basic part of LLDP. Configure OS10 to advertise any or all of these TLVs. Optional TLVs 4 — Port description User-defined alphanumeric string that describes the port. 5 — System name User-defined alphanumeric string that identifies the system. 6 — System description Detailed description of all components of the system. 7 — System capabilities Determines the capabilities of the system.
iDRAC Organizationally-specific TLVs These are the sub-types used in iDRAC custom TLVs. 1 — Originator Indicates the iDRAC string that is used as originator. This string enables external switches to easily identify iDRAC LLDP PDUs. 2 — Port type Following are the applicable port types: • 1 — iDRAC Port (dedicated). • 2 — NIC Port. • 3 — iDRAC and NIC Port (shared). 3 — Port FQDD Port number that uniquely identifies a NIC port within a server. 4 — Server service tag Service tag ID of the server.
2 — Role 3 — IP address Following are the applicable roles: • LEAF • SPINE • UNKNOWN Indicates the IPv6 address of the originator. 4 — Virtual IP Virtual IP address of the master node. The Isilon nodes can also use this IPv6 address when needed. address of the fabric 5 — MAC address of the physical interface MAC address used by the OS10 switches for ND.
• 127/4 — Extended power-via-MDI Emergency call services ELIN Power requirements, priority, and power status. LLDP-MED capabilities TLV The LLDP-MED capabilities TLV communicates the types of TLVs that the endpoint device and network-connectivity device support. The value of the LLDP-MED capabilities field in the TLV is a 2–octet bitmap. Each bit represents an LLDP-MED capability. LLDP-MED is enabled by default on an interface.
LLDP-MED network policies TLV include: • VLAN ID • VLAN tagged or untagged status • L2 priority • DSCP value An integer represents the application type the Type integer shown in the following table, which indicates a device function where a unique network policy is defined. An individual LLDP-MED network policy TLV generates for each application type that you use with OS10 commands, see Advertise LLDP-MED TLVs.
Configure LLDP-MED network policy for voice applications OS10(config)# OS10(config)# OS10(config)# OS10(config)# OS10(config)# dscp 1 lldp lldp lldp lldp lldp med med med med med network-policy network-policy network-policy network-policy network-policy 10 10 app 10 app voice 1 app voice vlan 10 vlan-type tag 1 app voice-signaling vlan 10 vlan-type tag priority 2 Packet timer values LLDPDUs transmitt periodically. You can configure LLDP packet timer values for LLPDU transmission.
6 Disable LLDP globally in CONFIGURATION mode.
Advertise TLVs Configure the system to advertise TLVs from all interfaces or specific interfaces. If you configure an interface, only the interface sends LLDPDUs with the specified TLVs. 1 Enable basic TLVs attributes to transmit and receive LLDP packets in INTERFACE mode. lldp tlv-select basic-tlv {port-description | system-name | system-description | systemcapabilities | management-address} 2 Enable dot3 TLVs to transmit and receive LLDP packets in INTERFACE mode.
Configure advertise LLDP-MED network policies OS10(conf-if-eth1/1/5)# lldp-med network-policy add 1 Fast start repeat count Fast start repeat count enables a network-connectivity device to advertise itself at a faster rate for a limited amount of time. The fast start timer starts when a network-connectivity device receives the first LLDP frame from a newly detected endpoint.
Total Total Total Total Total Frames In : 0 Frames Received In Error : 0 Frames Discarded : 0 TLVS Unrecognized : 0 TLVs Discarded : 0 View LLDP interface traffic OS10# show lldp traffic interface ethernet 1/1/1 LLDP Traffic Statistics: Total Frames Out : 0 Total Entries Aged : 0 Total Frames In : 0 Total Frames Received In Error : 0 Total Frames Discarded : 0 Total TLVS Unrecognized : 0 Total TLVs Discarded : 0 LLDP MED Traffic Statistics: Total Med Frames Out : Total Med Frames In : Total Med Frames Dis
MAC PHY Configuration: Auto-neg supported: 1 Auto-neg enabled: 1 Auto-neg advertised capabilities: 10BASE-T half duplex mode, 10BASE-T full duplex mode, 100BASE-TX half duplex mode, 100BASE-TX full duplex mode MED Capabilities: Supported: LLDP-MED Capabilities, Network Policy, Location Identification, Extended Power via MDI - PSE, Extended Power via MDI - PD, Inventory Management Current: LLDP-MED Capabilities, Network Policy, Location Identification, Extended Power via MDI - PD, Inventory Management Device
Configure TTL OS10(config)# lldp holdtime-multiplier 2 Return multiplier value OS10(config)# no lldp holdtime-multiplier LLDP commands clear lldp counters Clears LLDP and LLDP-MED transmit, receive, and discard statistics from all physical interfaces. Syntax clear lldp counters Parameters None Default Not configured Command Mode EXEC Usage Information The counter default value resets to zero for all physical interfaces. Example OS10# clear lldp counters Supported Releases 10.2.
Usage Information This command enables LLDP globally for all Ethernet PHY interfaces, except on those interfaces where you manually disable LLDP. The no version of this command disables LLDP globally irrespective of whether you manually disable LLDP on an interface. Example OS10(config)# lldp enable Supported Releases 10.3.1E or later lldp holdtime-multiplier Configures the multiplier value for the hold time in seconds.
Command Mode INTERFACE Usage Information LLDP-MED communicates the types of TLVs that the endpoint device and network-connectivity device support. Use the no lldp med or lldp med disable command to disable LLDP-MED on a specific interface. Example OS10(conf-if-eth1/1/1)# lldp med disable Supported Releases 10.2.0E or later lldp med network-policy Manually defines an LLDP-MED network policy.
Parameters • add — Attach the network policy to an interface. • remove — Remove the network policy from an interface. • number — Enter a network policy index number, from 1 to 32. Default Not configured Command Mode INTERFACE Usage Information Attach only one network policy for per interface. Example OS10(conf-if-eth1/1/5)# lldp med network-policy add 1 Supported Release 10.2.0E or later lldp med tlv-select Configures the LLDP-MED TLV type to transmit or receive.
lldp reinit Configures the delay time in seconds for LLDP to initialize on any interface. Syntax lldp reinit seconds Parameters seconds — Enter the delay timer value in seconds, from 1 to 10. Default 2 seconds Command Mode CONFIGURATION Usage Information The no version of this command resets the value to the default. Example OS10(config)# lldp reinit 5 Supported Releases 10.2.0E or later lldp timer Configures the rate in seconds at which LLDP packets send to the peers.
Example OS10(conf-if-eth1/1/3)# lldp tlv-select basic-tlv system-name Supported Releases 10.2.0E or later lldp tlv-select dot1tlv Enables or disables the dot.1 TLVs to transmit in LLDP packets. Syntax lldp tlv-select dot1tlv { port-vlan-id | link-aggregation} Parameters • port-vlan-id — Enter the port VLAN ID. • link-aggregation — Enable the link aggregation TLV.
Default Not configured Command Mode INTERFACE Usage Information The no version of this command disables the transmission of LLDP packets on a specific interface. Example OS10(conf-if-eth1/1/9)# lldp transmit Supported Releases 10.2.0E or later show lldp interface Displays the LLDP information advertised from a specific interface.
show lldp errors Displays the LLDP errors related to memory allocation failures, queue overflows, and table overflows. Syntax show lldp errors Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# Total Total Total Supported Release 10.2.0E or later show lldp errors Memory Allocation Failures: 0 Input Queue Overflows: 0 Table Overflows: 0 show lldp med Displays the LLDP MED information for all the interfaces.
ethernet1/1/24 ethernet1/1/25 ethernet1/1/26 ethernet1/1/27 ethernet1/1/28 ethernet1/1/29 ethernet1/1/30 ethernet1/1/31 ethernet1/1/32 Supported Releases | | | | | | | | | Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| No| No| No| No| No| No| No| No| No| No| No| No| No| No| No| No| No| No| No No No No No No No No No 10.2.0E or later show lldp neighbors Displays the status of the LLDP neighbor system information.
Extended Power via MDI - PSE, Extended Power via MDI - PD, Inventory Management Current: LLDP-MED Capabilities, Network Policy, Location Identification, Extended Power via MDI - PD, Inventory Management Device Class: Endpoint Class 3 Network Policy: Application: voice, Tag: Tagged, Vlan: 50, L2 Priority: 6, DSCP Value: 46 Inventory Management: H/W Revision : 12.1.1 F/W Revision : 10.1.9750B S/W Revision : 10.1.
show lldp tlv-select interface Displays the TLVs enabled for an interface. Syntax show lldp tlv-select interface ethernet node/slot/port[:subport] Parameters ethernet node/slot/port[:subport] — Enter the Ethernet interface information, from 1 to 253.
LLDP MED Traffic Statistics: Total Med Frames Out : Total Med Frames In : Total Med Frames Discarded : Total Med TLVS Discarded : Total Med Capability TLVS Discarded: Total Med Policy TLVS Discarded : Total Med Inventory TLVS Discarded : Supported Releases 2 1 0 0 0 0 0 10.2.0E or later show nework-policy profile Displays the network policy profiles. Syntax show network-policy profile [profile number] Parameters profile number — (Optional) Enter the network policy profile number, from 1 to 32.
Static MAC Address You manually configure a static MAC address entry. A static entry is not subject to aging. • Create a static MAC address entry in the MAC address table in CONFIGURATION mode. mac-address-table static nn:nn:nn:nn:nn vlan vlan-id interface [ethernet node/slot/ port[:subport] | port-channel channel-number] Set Static MAC Address OS10(config)# mac address-table static 34:17:eb:f2:ab:c6 vlan 10 interface ethernet 1/1/5 MAC Address Table OS10 maintains a list of MAC address table entries.
– all — (Optional) Clear all dynamic entries. – address mac_address — (Optional) Clear a MAC address entry. – vlan vlan-id — (Optional) Clear a MAC address table entry from a VLAN number, from 1 to 4093. – ethernet node/slot/port[:subport] — (Optional) Clear an Ethernet interface entry. – port—channel number — (Optional) Clear a port-channel number, from 1 to 128.
Command Mode CONFIGURATION Usage Information Set the aging timer to zero (0) to disable MAC address aging for all dynamic entries. The aging time counts from the last time that the device detected the MAC address. Example OS10(config)# mac address-table aging-time 3600 Supported Releases 10.2.0E or later mac address-table static Configures a static entry for the L2 MAC address table.
– port-channel channel-number — Displays MAC address table information for a port-channel interface, from 1 to 128. • static — (Optional) Displays static MAC address table entries only. • vlan vlan-id — (Optional) Displays VLAN information only, from 1 to 4093. Default Not configured Command Mode EXEC Usage Information The network device maintains static MAC address entries saved in the startup configuration file, and reboots and deletes dynamic entries.
Configuring MST is a four-step process: 1 Enable MST, if the current running spanning tree protocol (STP) version is not MST. 2 (Optional) Map the VLANs to different instances to achieve load balancing. 3 Ensure the same region name is configured in all the bridges running MST. 4 (Optional) Configure the revision number. Configure MSTP When you enable MST globally, all L2 physical, port-channel, and VLAN interfaces automatically assign to MSTI zero (0).
Create instances You can create multiple MSTP instances and map VLANs. A single MSTI provides no more benefit than RSTP. To take full advantage of the MSTP, create multiple MSTIs and map VLANs to them. 1 Enter an instance number in CONFIGURATION mode. spanning tree mst configuration 2 Enter the MST instance number in MULTIPLE-SPANNING-TREE mode, from 0 to 63. instance instance-number 3 Enter the VLAN and IDs to participate in the MST instance in MULTIPLE-SPANNING-TREE mode, from 1 to 4096.
ethernet1/1/17 128.324 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.324 ethernet1/1/18 128.328 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.328 ethernet1/1/19 128.332 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.332 ethernet1/1/20 128.336 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.336 ethernet1/1/21 128.340 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.340 ethernet1/1/22 128.344 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.344 ethernet1/1/23 128.348 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.
Non-Dell EMC hardware OS10 supports only one MST region. For a bridge to be in the same MST region as another, the three unique name, revision, and VLAN-toinstance-mapping attributes must match. The default values for the name and revision number match on all Dell EMC hardware. If you have non-Dell EMC hardware that participates in MST, ensure these values match on all devices. A region is a combination of three unique attributes: • Name — A mnemonic string you assign to the region.
4 Change the max-hops parameter in CONFIGURATION mode, from 1 to 40, default 20.
Boundary: Yes, Bpdu-filter: Disable, Bpdu-Guard: Disable, Shutdown-on-Bpdu-Guard-violation: No Root-Guard: Disable, Loop-Guard: Disable Bpdus (MRecords) Sent: 69, Received: 0 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ---------------------------------------------------------------------ethernet1/1/7 0.284 0 1 FWD 0 32768 90b1.1cf4.9b8a 0.
Root guard Avoids bridging loops and preserves the root bridge position during network transitions. STP selects the root bridge with the lowest priority value. During network transitions, another bridge with a lower priority may attempt to become the root bridge and cause unpredictable network behavior. To avoid such an attempt and preserve the position of the root bridge, configure the spanning-tree guard root command. Root guard is enabled on ports that are designated ports.
Name PortID Prio Cost Sts Cost Bridge ID PortID -------------------------------------------------------------------------ethernet1/1/4 128.272 128 500 BLK 500 32769 90b1.1cf4.a911 128.
disabled, the port remains shut down indefinitely. You must manually bring up the port using the shutdown and no shutdown commands. The no version of the command disables the recovery option.
Supported Releases 10.4.2.0 or later errdisable recovery cause bpduguard Enables to recover the ports shut down due to BPDU Guard violation. Syntax errdisable recovery cause bpduguard Parameters None Default Disabled Command Mode CONFIGURATION Usage Information This command applies only to STP-enabled ports. The command takes effect only when BPDU guard is configured on a port and errdisable detect cause bpduguardis enabled on the port.
instance Configures MST instances and one or multiple VLANs mapped to the MST instance. Syntax Parameters instance instance-number {vlan vlan-range} • instance — Enter an MST instance value, from 0 to 63. • vlan range — Enter a VLAN range value, from 1 to 4093. Default Not configured Command Mode MULTIPLE-SPANNING-TREE Usage Information By default, all VLANs map to MST instance zero (0) unless you are using the vlan range command to map the VLANs to a non-zero instance.
Example OS10(conf-mst)# revision 10 Supported Releases 10.2.0E or later spanning-tree bpdufilter Enables or disables BPDU filtering on an interface. Syntax spanning-tree bpdufilter {enable | disable} Parameters • enable — Enables the BPDU filter on an interface. • disable — Disables the BPDU filter on an interface. Default Disabled Command Mode INTERFACE Usage Information Use the enable parameter to enable BPDU filtering.
Command Mode CONFIGURATION INTERFACE Example OS10(config)# interface ethernet 1/1/4 OS10(config-if-eth1/1/4)# spanning-tree disable Supported Releases 10.3.0E or later spanning-tree guard Enables or disables loop guard or root guard on an interface. Syntax Parameters spanning-tree guard {loop | root | none} • loop — Enables loop guard on an interface. • root — Enables root guard on an interface. • none — Sets the guard mode to none.
spanning-tree mst Configures an MST instance and determines root and bridge priorities. Syntax spanning-tree mst instance number priority | root {primary | secondary} Parameters • instance number — Enter an MST instance number, from 0 to 63. • priority priority value — Set a bridge priority value in increments of 4096, from 0 to 61440. Valid priority values are: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440. All other values are rejected.
Usage Information The cost value is based on the interface type. The greater the cost value, the less likely the port is selected to be a forwarding port. The priority influences the likelihood that a port is selected to be a forwarding port if several ports have the same cost value. Example OS10(conf-if-eth1/1/1)# spanning-tree msti 1 priority 0 OS10(conf-if-eth1/1/1)# spanning-tree msti 1 cost 3 Supported Releases 10.2.
Command Mode CONFIGURATION Usage Information Forces a bridge that supports MST to operate in a STP-compatible mode. Example OS10(config)# spanning-tree mst force-version Supported Releases 10.2.0E or later spanning-tree mst forward-time Configures a time interval for the interface to wait in the Blocking state or the Learning state before moving to the Forwarding state.
Command Mode CONFIGURATION Usage Information The no version of this command removes the threshold value. Example OS10(config)# spanning-tree mst 10 mac-flush-threshold 255 Supported Releases 10.4.0E(R1) or later spanning-tree mst max-age Configures the time period the bridge maintains configuration information before refreshing the information by recomputing the MST topology. Syntax max-age seconds Parameters seconds — Enter a maximum age value in seconds, from 6 to 40.
Command Mode INTERFACE Usage Information When you configure an EdgePort on a device running STP, the port immediately transitions to the Forwarding state. Only configured ports connected to end hosts act as EdgePorts. Example OS10(config)# spanning-tree port type edge Supported Releases 10.2.0E or later show errdisable Displays information on errdisable configurations and port recovery status.
Usage Information Enable MSTl before using this command. Example OS10# show spanning-tree mst configuration Region Name: asia Revision: 0 MSTI VID 0 1,7-4093 1 2 2 3 3 4 4 5 5 6 Supported Releases 10.2.0E or later show spanning-tree msti Displays MST instance information. Syntax Parameters show spanning-tree msti [instance-number [brief | guard | interface interface]] • instance-number — (Optional) Displays MST instance information (0 to 63).
ethernet1/1/4 ethernet1/1/5 ethernet1/1/6 ethernet1/1/7 ethernet1/1/8 ethernet1/1/9 Disb Disb Disb Disb Disb Disb 128.144 128.148 128.152 128.156 128.160 128.
By default, each VLAN instance is assigned default bridge priority 32768. For example, all three instances have the same forwarding topology. Traffic load balancing is not achievable with this kind of priority assignment. To achieve load balancing, you must assign each instance a different priority, as shown in Load Balancing with RPVST+. Load balance and root selection All VLANs use the same forwarding topology — R2 is elected as the root and all 10G Ethernet ports have the same cost.
Enable RPVST+ By default, RPVST+ is enabled and creates an instance only after you add the first member port to a VLAN. To participate in RPVST+, portchannel or physical interfaces must be a member of a VLAN. Add all physical and port-channel interfaces to the default VLAN (VLAN1). • Enable Rapid-PVST+ mode in CONFIGURATION mode.
Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID --------------------------------------------------------------------ethernet1/1/5 128.276 128 500 FWD 0 4097 90b1.1cf4.a523 128.276 ethernet1/1/6 128.280 128 500 FWD 0 4097 90b1.1cf4.a523 128.280 Interface Name Role PortID Prio Cost Sts Cost Link-type Edge -------------------------------------------------------------ethernet1/1/5 Desg 128.276 128 500 FWD 0 AUTO No ethernet1/1/6 Desg 128.
ethernet1/1/10 ethernet1/1/11 Disb Disb 128.296 128.300 128 128 200000000 FWD 200000000 FWD 0 0 AUTO AUTO No No Root assignment RPVST+ assigns the root bridge according to the lowest bridge ID. Assign one bridge as the root bridge and the other as a secondary root bridge. • Configure the device as the root or secondary root in CONFIGURATION mode. spanning-tree vlan vlan-id root {primary | secondary} – vlan-id — Enter the VLAN ID number, from 1 to 4093.
• You cannot enable root guard and loop guard at the same time on an STP port. The loop guard configuration overwrites an existing root guard configuration and vice versa. • Enabling BPDU guard and loop guard at the same time on a port results in a port that remains in the Blocking state and prevents traffic from flowing through it.
– ethernet node/slot/port[:subport] — Deletes the spanning-tree counters from a physical port. – port-channel number — Deletes the spanning-tree counters for a port-channel interface, from 1 to 128. Default Not configured Command Mode EXEC Usage Information Clear all STP counters on the device per the Ethernet interface or port-channel. Example OS10# clear spanning-tree counters interface port-channel 10 Supported Releases 10.2.
Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ---------------------------------------------------------------------------ethernet1/1/1 128.260 128 200000000 FWD 0 32769 0000.0000.0000 128.260 ethernet1/1/2 128.264 128 200000000 FWD 0 32769 0000.0000.0000 128.264 ethernet1/1/3 128.268 128 200000000 FWD 0 32769 0000.0000.0000 128.268 ethernet1/1/4 128.272 128 200000000 FWD 0 32769 0000.0000.0000 128.272 ethernet1/1/5 128.
spanning-tree disable Disables Spanning-Tree mode configured with the spanning-tree mode command globally on the switch or on specified interfaces. Syntax spanning-tree disable Parameters None Default Not configured. Usage Information The no version of this command re-enables STP and applies the currently configured spanning-tree settings. Command Mode CONFIGURATION INTERFACE Example OS10(config)# interface ethernet 1/1/4 OS10(config-if-eth1/1/4)# spanning-tree disable Supported Releases 10.3.
Command Mode CONFIGURATION Usage Information All STP instances stop in the previous STP mode, and restart in the new mode. You can also change to RSTP/MST mode. Example (RSTP) OS10(config)# spanning-tree mode rstp Example (MST) OS10(config)# spanning-tree mode mst Supported Releases 10.2.0E or later spanning-tree port Sets the port type as the EdgePort.
Supported Releases 10.2.0E or later spanning-tree vlan disable Disables spanning tree on a specified VLAN. Syntax spanning-tree vlan vlan-id disable Parameters vlan-id — Enter the VLAN ID number, from 1 to 4093. Default Enabled Command Mode CONFIGURATION Usage Information The no version of this command enables spanning tree on the specified VLAN. Example OS10(config)# spanning-tree vlan 100 disable Supported Releases 10.4.
Supported Releases 10.2.0E or later spanning-tree vlan hello-time Sets the time interval between generation and transmission of RPVST BPDUs. Syntax Parameters spanning-tree vlan vlan-id hello-time seconds • vlan-id — Enter the VLAN ID number, from 1 to 4093. • seconds — Enter a hello-time interval value in seconds, from 1 to 10.
Example OS10(config)# spanning-tree vlan 10 max-age 10 Supported Releases 10.2.0E or later spanning-tree vlan priority Sets the priority value for RPVST+. Syntax spanning-tree vlan vlan-id priority priority value Parameters priority priority value — Enter a bridge-priority value in increments of 4096, from 0 to 61440. Valid priority values are: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440. All other values are rejected.
Command Mode CONFIGURATION Usage Information None Example OS10(config)# spanning-tree vlan 1 root primary Supported Releases 10.2.0E or later Rapid Spanning-Tree Protocol Rapid Spanning-Tree Protocol (RSTP) is similar to STP, but provides faster convergence and interoperability with devices configured with STP and MSTP. RSTP is disabled by default. All enabled interfaces in L2 mode automatically add to the RSTP topology.
View all port participating in RSTP OS10# show spanning-tree Spanning tree enabled protocol rstp with force-version rstp Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 3417.4455.667f Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 90b1.1cf4.
NOTE: Dell EMC recommends that only experienced network administrators change the RSTP group parameters. Poorly planned modification of the RSTP parameters can negatively affect network performance. Forward-time 15 seconds — Amount of time an interface waits in the Listening state and Learning state before it transitions to the Forwarding state. Hello-time 2 seconds — Time interval in which the bridge sends RSTP BPDUs.
Port cost Value based on the interface type. The previous table lists the default values. The greater the port cost, the less likely the port is selected as a forwarding port. Port priority Influences the likelihood a port is selected to be a forwarding port in case several ports have the same port cost. • Change the port cost of an interface in INTERFACE mode, from 1 to 200000000. spanning-tree rstp cost cost • Change the port priority of an interface in INTERFACE mode, from 0 to 240, default 128.
ethernet1/1/6:3 ethernet1/1/6:4 Root Altr 128.282 128 128.283 128 2000 FWD 0 2000 BLK 0 AUTO AUTO No No EdgePort forward traffic EdgePort allows the interface to forward traffic approximately 30 seconds sooner as it skips the Blocking and Learning states. The spanning-tree bpduguard enable command causes the interface hardware to shut down when it receives a BPDU. CAUTION: Configure EdgePort only on links connecting to an end station.
spanning-tree guard loop command. After BPDUs are received, the port moves out of the LoopInconsistent or blocking state and transitions to an appropriate state determined by STP. Enabling loop guard on a per port basis enables it on all VLANs configured on the port. If you disable loop guard on a port, it is moved to the Listening state. If you enable BPDU Filter and BPDU Guard on the same port, the BPDU Filter configuration takes precedence. Root Guard and Loop Guard are mutually exclusive.
Boundary: NO bpdu filter : bpdu guard : bpduguard shutdown-onviolation :disable RootGuard: disable LoopGuard enable Bpdus (MRecords) sent 7, received 20 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ------------------------------------------------------------------------ethernet1/1/4 128.272 128 500 FWD 0 32769 90b1.1cf4.9d3b 128.
Command Mode EXEC Usage Information None Example OS10# show spanning-tree active Spanning tree enabled protocol rstp with force-version rstp Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 90b1.1cf4.9b8a Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 90b1.1cf4.
spanning-tree bpdufilter Enables or disables BPDU filtering on an interface. Syntax Parameters spanning-tree bpdufilter {enable | disable} • enable — Enables the BPDU filter on an interface. • disable — Disables the BPDU filter on an interface. Default Disabled Command Mode INTERFACE Usage Information Use the enable parameter to enable BPDU filtering. Example OS10(conf-if-eth1/1/4)# spanning-tree bpdufilter enable Supported Releases 10.2.
Example OS10(config)# interface ethernet 1/1/4 OS10(config-if-eth1/1/4)# spanning-tree disable Supported Releases 10.3.0E or later spanning-tree guard Enables or disables loop guard or root guard on an interface. Syntax spanning-tree guard {loop | root | none} Parameters • loop — Enables loop guard on an interface. • root — Enables root guard on an interface. • none — Sets the guard mode to none.
spanning-tree port Sets the port type as the EdgePort. Syntax spanning-tree port type edge Parameters None Default Not configured Command Mode INTERFACE Usage Information When you configure an EdgePort on a device running STP, the port immediately transitions to the Forwarding state. Only configured ports connected to end hosts act as EdgePorts. Example OS10(config)# spanning-tree port type edge Supported Releases 10.2.
spanning-tree rstp hello-time Sets the time interval between generation and transmission of RSTP BPDUs. Syntax spanning-tree rstp hello-time seconds Parameters seconds — Enter a hello-time interval value in seconds, from 1 to 10. Default 2 seconds Command Mode CONFIGURATION Usage Information Dell EMC recommends increasing the hello-time for large configurations, especially configurations with multiple ports. Example OS10(config)# spanning-tree rstp hello-time 5 Supported Releases 10.2.
spanning-tree rstp Sets the priority value for RSTP. Syntax spanning-tree rspt priority priority value Parameters priority priority value — Enter a bridge-priority value in increments of 4096, from 0 to 61440. Valid priority values are: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440. All other values are rejected.
Codes: * - Default VLAN, G-GVRP VLANs, R-Remote Port Mirroring VLANs, P-Primary, C-Community, IIsolated Q: A-Access (Untagged), T-Tagged x-Dot1x untagged, X-Dot1x tagged G-GVRP tagged, M-Vlan-stack, H-VSN tagged i-Internal untagged, I-Internal tagged, v-VLT untagged, V-VLT tagged NUM Status Description Q Ports * 1 up A Eth1/1/1-1/1/54 Create or remove VLANs You can create VLANs and add physical interfaces or port-channel LAG interfaces to the VLAN as tagged or untagged members.
View configured VLANs OS10(config)# do show interface vlan Vlan 1 is up, line protocol is up Address is , Current address is Interface index is 69208865 Internet address is not set MTU 1532 bytes LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 240 Last clearing of "show interface" counters Queueing strategy: fifo Time since last interface status change: Vlan 200 is up, line protocol is up Address is , Current address is Interface index is 69209064 Internet address is not set MTU 1532 b
Show running configuration OS10# show running-configuration ... ! interface ethernet1/1/5 ... switchport access vlan 604 no shutdown ! interface vlan1 no shutdown ... Trunk mode A trunk port can be a member of multiple VLANs set up on an interface. A trunk port transmits traffic for all VLANs. To transmit traffic on a trunk port with multiple VLANs, OS10 uses tagging or the 802.1q encapsulation method. 1 Configure a port in INTERFACE mode.
1 Create a VLAN in CONFIGURATION mode, from 1 to 4093. interface vlan vlan-id 2 Assign an IP address and mask to the VLAN in INTERFACE-VLAN mode. ip address ip-address/prefix-length [secondary] • ip-address/prefix—length — Enter the IP address in dotted-decimal A.B.C.D/x format. • secondary — Enter the interface backup IP address. Assign IP address to VLAN OS10(config)# interface vlan 200 OS10(conf-if-vl-200)# ip address 10.1.15.
View VLAN configuration OS10# show vlan Codes: * - Default VLAN, G-GVRP VLANs, R-Remote Port Mirroring VLANs, P-Primary, C-Community, IIsolated Q: A-Access (Untagged), T-Tagged x-Dot1x untagged, X-Dot1x tagged G-GVRP tagged, M-Vlan-stack, H-VSN tagged i-Internal untagged, I-Internal tagged, v-VLT untagged, V-VLT tagged NUM Status Description Q Ports * 1 up A Eth1/1/1-1/1/32 A Po40 200 up T Eth1/1/3:2 T Po40 A Eth1/1/31 320 up T Eth1/1/25:4 1/1/32 T Po40 A Eth1/1/3:1 View interface VLAN configuration OS10# s
VLAN commands description (VLAN) Adds a description to the selected VLAN. Syntax description description Parameters description — Enter a text string to identify the VLAN. A maximum of 80 characters. Default Not configured Command Mode INTERFACE-VLAN Usage Information None Example OS10(conf-if-vlan)# description vlan3 Supported Releases 10.2.0E or later interface vlan Creates a VLAN interface. Syntax interface vlan vlan-id Parameters vlan-id — Enter the VLAN ID number, from 1 to 4093.
* Supported Releases NUM 1 Status Active 2101 Active 2102 Active Description Q A A T T T Ports Eth1/1/15 Po100 Eth1/1/1,1/1/3 Po100 Eth1/1/1,1/1/3 10.2.0E or later Port monitoring Port monitoring monitors ingress or egress traffic of one port to another for analysis. A monitoring port (MG) or destination port, is the port where the monitored traffic is sent for analysis. A monitored port (MD) or source port is the source interface that is monitored for traffic analysis.
---------------------------------------------------------------------1 ethernet1/1/7 ethernet1/1/1 rx N/A N/A N/A N/A true Is UP Remote port monitoring Remote port monitoring monitors ingress and/or egress traffic on multiple source ports of multiple devices and forwards the monitored traffic to multiple destination ports on different remote devices. Remote port monitoring helps network administrators monitor and analyze traffic to troubleshoot network problems.
Reserved L2 VLAN • • • MAC address learning in the reserved VLAN is automatically disabled. There is no restriction on the VLAN IDs used for the reserved remote monitoring VLAN. Valid VLAN IDs are from 2 to 4093. The default VLAN ID is not supported.
--------------------------------------------------------------1 vlan10 vlan 100 rx N/A N/A N/A N/A true Is UP Encapsulated remote port monitoring You can also have the monitored traffic transmitted over an L3 network to a remote analyzer. The encapsulated remote port monitoring (ERPM) session mirrors traffic from the source ports, LAGs or source VLANs and forwards the traffic using routable GRE-encapsulated packets to the destination IP address specified in the session.
Configure source port, source and destination IP addresses, and protocol type OS10(conf-mon-erpm-source-10)# OS10(conf-mon-erpm-source-10)# OS10(conf-mon-erpm-source-10)# OS10(conf-mon-erpm-source-10)# OS10(conf-mon-erpm-source-10)# source interface ethernet 1/1/2 source-ip 1.1.1.1 destination-ip 3.3.3.3 gre-protocol 35006 ip ttl 16 ip dscp 63 no shut View configured ERPM session OS10(conf-mon-erpm-source-6)# do show monitor session all S.
OS10# show mac access-lists in Ingress MAC access-list mac1 Active on interfaces : ethernet1/1/9 seq 10 deny any any capture session 1 count (0 packets) Remote port monitoring on VLT In a network, devices you configure with peer VLT nodes are considered as a single device. You can apply remote port monitoring (RPM) on the VLT devices in a network. In a failover case, the monitored traffic reaches the packet analyzer connected to the top-of-rack (ToR) through the VLT interconnect link.
Scenario Recommendation member) ! Mirror a VLAN with VLTi LAG as a member to any orphan port on the same VLT device. The packet analyzer connects to the local VLT device through the orphan port. The recommended configuration on the VLT device: 1 Create an L2 ACL for the local session and attach it to the VLTi LAG interface.
Port monitoring commands description Configures a description for the port monitoring session. The monitoring session can be: local, RPM, or ERPM. Syntax description string Parameters string — Enter a description of the monitoring session. A maximum of 255 characters. Default Not configured Command Mode MONITOR-SESSION Usage Information The no version of this command removes the description text.
flow-based Enables flow-based monitoring. The monitoring session can be: local, RPM, or ERPM. Syntax flow-based enable Parameters None Default Disabled Command Mode MONITOR-SESSION Usage Information The no version of this command disables the flow-based monitoring. Example OS10(conf-mon-local-1)# flow-based enable OS10(conf-mon-rpm-source-2)# flow-based enable OS10(conf-mon-erpm-source-3)# flow-based enable Supported Releases 10.2.
Default local Command Mode CONFIGURATION Usage Information The no version of this command removes the monitor session. Example OS10(config)# monitor session 1 OS10(conf-mon-local-1)# Example (RPM) OS10(config)# monitor session 5 type rpm-source OS10(conf-mon-rpm-source-5)# Example (ERPM) OS10(config)# monitor session 10 type erpm-source OS10(conf-mon-erpm-source-10)# Supported Releases 10.2.0E or later show monitor session Displays information about a monitoring session.
Default Disabled Command Mode MONITOR-SESSION Usage Information The no version of this command enables the monitoring session. Example OS10(config)# monitor session 1 OS10(conf-mon-local-1)# no shut OS10(config)# monitor session 5 type rpm-source OS10(conf-mon-rpm-source-5)# no shut OS10(config)# monitor session 10 type erpm-source OS10(conf-mon-erpm-source-10)# no shut Supported Releases 10.2.0E or later source Configures a source for port monitoring.
Parameters • source ip-address — Enter the source IP address. • destination ip-address — Enter the destination IP address. • protocol-value — Enter the GRE protocol value, from 1 to 65535, default: 35006. Default Not configured Command Mode MONITOR-SESSION Usage Information None Example OS10(config)# monitor session 10 OS10(conf-mon-erpm-source-10)# source-ip 10.16.132.181 destination-ip 172.16.10.11 gre-protocol 35006 Supported Releases 10.4.
5 Layer 3 Bidirectional Provides rapid failure detection in links with adjacent routers (see BFD commands). forwarding detection (BFD) Border Gateway Protocol (BGP) Provides an external gateway protocol that transmits inter-domain routing information within and between autonomous systems (see BGP Commands). Equal Cost MultiPath (ECMP) Provides next-hop packet forwarding to a single destination over multiple best paths (see ECMP Commands).
Configure management VRF OS10(config)# ip vrf management OS10(conf-vrf)# interface management You can enable various services in both management or default VRF instances. The services supported in the management and default VRF instances are: Table 3.
Application Management VRF Default VRF Non default VRF VRRP Yes Yes Yes Configure a static route for a management VRF instance • Configure a static route that directs traffic to the management interface. CONFIGURATION management route ip-address mask managementethernet or management route ipv6-address prefixlength managementethernet You can also configure the management route to direct traffic to a physical interface. For example: management route 10.1.1.
3 Assign the interface to a non-default VRF. INTERFACE CONFIGURATION ip vrf forwarding vrf-test Before assigning an interface to a VRF instance, ensure that no IP address is configured on the interface. 4 Assign an IPv4 address to the interface. INTERFACE CONFIGURATION ip address 10.1.1.1/24 5 Assign an IPv6 address to the interface. INTERFACE CONFIGURATION ipv6 address 1::1/64 You can also auto configure an IPv6 address using the ipv6 address autoconfig command.
Assign an interface back to the default VRF instance Table 4. Configurations to be removed CONFIGURATION MODE COMMAND IP address — In interface configuration mode, undo the IP address configuration. INTERFACE CONFIGURATION OS10(conf-if-eth1/1/10:1)#no ip address ipv4-address or no ipv6 address ipv6– address Port — In interface configuration mode, INTERFACE CONFIGURATION remove the interface association corresponding to the VRF instance that you want to delete.
• Delete a non-default VRF instance using the following command: CONFIGURATION no ip vrf vrf-name NOTE: You cannot delete the default VRF instance. Configure a static route for a non-default VRF instance • Configure a static route in a non-default VRF instance. Static routes contain IP addresses of the next-hop neighbors that are reachable through the non-default VRF. These IP addresses could also belong to the interfaces that are part of the non-default VRF instance.
Figure 3. Setup VRF Interfaces Router 1 ip vrf blue ! ip vrf orange ! ip vrf green ! interface ethernet 1/1/1 no ip address no switchport no shutdown ! interface ethernet1/1/2 no shutdown no switchport ip vrf forwarding blue ip address 20.0.0.1/24 ! interface ethernet1/1/3 no shutdown no switchport ip vrf forwarding orange ip address 30.0.0.
no shutdown no switchport ip vrf forwarding green ip address 40.0.0.1/24 ! interface vlan128 mode L3 no shutdown ip vrf forwarding blue ip address 1.0.0.1/24 ! interface vlan192 mode L3 no shutdown ip vrf forwarding orange ip address 2.0.0.1/24 ! ! interface vlan256 mode L3 no shutdown ip vrf forwarding green ip address 3.0.0.1/24 ! ip route vrf green 30.0.0.0/24 3.0.0.
interface vlan256 mode L3 no shutdown ip vrf forwarding green ip address 3.0.0.1/24 ! ip route vrf green 31.0.0.0/24 3.0.0.
Vlan128 default Mgmt1/1/1 Vlan1,24-25,200 green Eth1/1/7 Vlan256 orange Eth1/1/6 Vlan192 OS10# show ip route vrf blue Codes: C - connected S - static B - BGP, IN - internal BGP, EX - external BGP O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, * - candidate default, + - summary route, > - non-active route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change -------------------
Static route leaking Route leaking enables routes that are configured in a default or non-default VRF instance to be made available to another VRF instance. You can leak routes from a source VRF instance to a destination VRF instance. The routes need to be leaked in both source as well as destination VRFs in order to achieve end-to-end traffic flow. If there are any connected routes in the same subnet as statically leaked routes. then the connected routes take precedence.
ip route vrf src-vrf-name route nexthop-interface OS10(config)#interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ip vrf forwarding VRF1 OS10(conf-if-eth1/1/1)# ip address 120.0.0.1/24 OS10(config)#interface ethernet 1/1/2 OS10(conf-if-eth1/1/1)# ip vrf forwarding VRF2 OS10(conf-if-eth1/1/1)# ip address 140.0.0.1/24 OS10(config)#ip route vrf VRF1 140.0.0.0/24 interface ethernet 1/1/2 OS10(config)#ip route vrf VRF2 120.0.0.
After you configure the source IP address in a leaked VRF, if ping is initiated without -I option, then the source IP address will be that of loopback interface. VRF commands interface management Adds a management interface to the management VRF instance. Syntax interface management Parameters None Default Not configured Command Mode VRF CONFIGURATION Usage Information The no version of this command removes the management interface from the management VRF instance.
ip domain-name vrf Configures a domain name for the management VRF instance or any non-default VRF instance that you create. Syntax Parameters ip domain—name vrf {management | vrf-name} domain-name • management—Enter the keyword management to configure a domain name for the management VRF instance. • vrf-name—Enter the name of the non-default VRF instance to configure a domain name for that VRF instance. • domain-name—Enter the domain name.
• vrf vrf-name — Enter the keyword vrf followed by the name of the VRF to configure an FTP client on that non-default VRF instance. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the management VRF instance configuration from the FTP client. Example OS10(config)# ip ftp vrf management OS10(config)# ip ftp vrf vrf-blue Supported Releases 10.4.
Example OS10(config)# ip http vrf management OS10(config)# ip http vrf vrf-blue Supported Releases 10.4.0E(R1) or later ip name-server vrf Configures a DNS name server for the management VRF instance or a non-default VRF instance. Syntax Parameters ip name-server vrf {management | vrf-name} • management—Enter the keyword management to configure a DNS name server for the management VRF instance.
ip sftp vrf Configures an SFTP client for the management or non-default VRF instance. Syntax ip sftp vrf {management | vrf vrf-name} Parameters • management — Enter the keyword management to configure an SFTP client for a management VRF instance. • vrf vrf-name — Enter the keyword vrf followed by the name of the VRF to configure an SFTP client for that non-default VRF instance.
Usage Information Enter the ip vrf management command only in non-transaction-based configuration mode. Do not use transaction-based mode. The no version of this command removes the management VRF instance configuration. Example OS10(config)# ip vrf management OS10(conf-vrf)# Supported Releases 10.4.0E(R1) or later show hosts vrf Displays the host table in the management or non-default VRF instance.
Vlan1 management OS10# show ip vrf management VRF-Name Interfaces management Supported Releases 10.4.0E(R1) or later update-source-ip Configures a source IP interface for any leaked route in a VRF instance. Syntax update-source-ip interface interface-id To undo this configuration, use the no update-source-ip command. Parameters • interface interface-id — Enter the loopback interface identifier. The range is from 0 to 16383.
BFD session states To establish a BFD session between two routers, enable BFD on both sides of the link. BFD routers can operate in both active and passive roles. • The active router starts the BFD session. Both routers can be active in the same session. • The passive router does not start a session. It only responds to a request for session initialization from the active router. A BFD session can occur in Asynchronous and Demand modes. However, OS10 BFD supports only Asynchronous mode.
BFD three-way handshake A BFD session requires a three-way handshake between neighboring routers. In the following example, the handshake assumes: • • • One router is active, and the other router is passive. This is the first session established on this link. The default session state on both ports is Down. 1 The active system sends a steady stream of control packets to indicate that its session state is Down until the passive system responds.
• OS10 supports: – 64 BFD sessions at 100 minimum transmit and receive intervals with a multiplier of 4 – 100 BFD sessions at 200 minimum transmit and receive intervals with a multiplier of 3 • OS10 does not support Demand mode, authentication, and Echo function. • OS10 does not support BFD on multi-hop and virtual links. • OS10 supports protocol liveness only for routing protocols. • OS10 BFD supports only the BGP routing protocol.
BFD for BGP example In this BFD for BGP configuration example, Router 1 and Router 2 use eBGP in a transit network to interconnect AS1 and AS2. The eBGP routers exchange information with each other and with iBGP routers to maintain connectivity and accessibility within each autonomous system. When you configure a BFD session with a BGP neighbor, you can: • Establish a BFD session with a specified BGP neighbor using the neighbor ip-address and bfd commands.
BFD for BGP is supported only on directly connected BGP neighbors and in both BGP IPv4 and IPV6 networks. A maximum of 100 simultaneous BFD sessions are supported. If each BFD for BGP neighbor receives a BFD control packet within the configured BFD interval for failure detection, the BFD session remains up and BGP maintains its adjacencies.
Enter a BGP template with neighborhood name in ROUTER-BGP mode. Configure BFD sessions with all neighbors which inherit the template in ROUTER-TEMPLATE mode. For more information on how to use BGP templates, see Peer templates. The global BFD session parameters configured in Step 1 are used. template template-name bfd no shutdown 4 Verify the BFD for BGP configuration in EXEC mode.
Verify BFD for BGP OS10(config-router-bgp-101)# show ip bgp summary BGP router identifier 30.1.1.2 local AS number 101 Global BFD is enabled Neighbor AS MsgRcvd MsgSent Up/Down State/Pfx 20.1.1.1 101 781 777 11:16:13 0 30.1.1.1 101 787 779 11:15:35 0 OS10(config-router-bgp-101)# show ip bgp neighbors BGP neighbor is 20.1.1.1, remote AS 101, local AS 101 internal link BGP version 4, remote router ID 30.1.1.
Enable BFD Globally To enable BFD globally: Enable BFD globally. bfd enable CONFIGURATION Mode Establishing BFD sessions with OSPFv2 neighbors You can establish BFD sessions with all OSPF neighbors at one go. Alternatively, you can also establish BFD sessions with OSPF neighbors corresponding to a single OSPF interface.
ip vrf forwarding vrf1 INTERFACE CONFIGURATION Mode 4 Assign an IP address to the VRF. ip address ip-address VRF CONFIGURATION Mode 5 Attach the interface to an OSPF area. ip ospf ospf-instance area area-address VRF CONFIGURATION Mode 6 Establish BFD session with OSPFv2 neighbors in a single OSPF interface in a non-default VRF instance. ip ospf bfd all-neoghbors VRF CONFIGURATION Mode 7 Enter ROUTER-OSPF mode in a non-default VRF instance.
To change parameters for all OSPFv2 sessions or for OSPF sessions on a single interface, use the following commands: 1 Change parameters for OSPF sessions. bfd all-neighbors interval milliseconds min_rx milliseconds multiplier value role [active | passive] ROUTER-OSPF Mode 2 Change parameters for all OSPF sessions on an interface.
bfd all-neighbors ROUTER-OSPFv3 Mode 4 Enter INTERFAC E CONFIGURATION mode. interface interface-name CONFIGURATION Mode 5 Establish BFD sessions with OSPFv3 neighbors corresponding to a single OSPF interface.
NOTE: By default, OSPF uses the following BFD parameters for it's neighbors: min_tx = 200 msec, min_rx = 200 msec, multiplier = 3, role = active. If BFD is configured under interface context, that will be given high priority. To change parameters for all OSPFv3 sessions or for OSPF sessions on a single interface, use the following commands: 1 Change parameters for OSPF sessions.
3 Configure BFD for static route using the ip route bfd command Establishing BFD Sessions for IPv4 Static Routes Sessions are established for all neighbors that are the next hop of a static route. To establish a BFD session, use the following command. Establish BFD sessions for all neighbors that are the next hop of a static route.
CONFIGURATION Mode Establishing BFD Sessions for IPv6 Static Routes To establish a BFD session for IPv6 static routes, use the following command. Establish BFD sessions for all neighbors that are the next hop of a static route. ipv6 route bfd [interval interval min_rx min_rx multiplier value role {active | passive}] CONFIGURATION Mode NOTE: By default, OSPF uses the following BFD parameters for it's neighbors: min_tx = 200 msec, min_rx = 200 msec, multiplier = 3, role = active.
CONFIGURATION Mode BFD commands bfd Enables BFD sessions with specified neighbors. Syntax bfd Parameters None Default Not configured Command Mode ROUTER-NEIGHBOR ROUTER-TEMPLATE Usage Information Example • Use the bfd command to configure BFD sessions with a specified neighbor or neighbors which inherit a BGP template. Use the neighbor {ip-address | ipv6-address} command in ROUTER-BGP mode to specify the neighbor.
Default • multiplier number — Enter the maximum number of consecutive packets that must not be received from a BFD peer before the session state changes to Down, from 3 to 50. • role {active | passive} — Enter active if the router initiates BFD sessions. Both BFD peers can be active at the same time. Enter passive if the router does not initiate BFD sessions, and only responds to a request from an active BFD to initialize a session.
Default BFD is disabled. Command Mode CONFIGURATION Usage Information Before you configure BFD for static routing or a routing protocol, enable BFD globally on each router in a BFD session. To globally disable BFD on all interfaces, enter the no bfd enable command. Example OS10(config)# bfd enable Supported releases 10.4.1.0 or later bfd interval Configures parameters for all BFD sessions on the switch.
Parameters Default • disable — Disables the BFD session on an interface alone. • interval milliseconds — Enter the time interval for sending control packets to BFD peers, from 100 to 1000. Dell EMC recommends using more than 100 milliseconds. • min_rx milliseconds — Enter the maximum waiting time for receiving control packets from BFD peers, from 100 to 1000. Dell EMC recommends using more than 100 milliseconds.
The maximum waiting time for receiving control packets from BFD peers is 200 milliseconds. The number of consecutive packets that must be received from a BFD peer is 3. The BFD role is active Command Mode Usage Information CONFIG-INTERFACE • This command can be used to enable or disable BFD for an interface associated with OSPFv3. Interface level BFD configuration takes precedent over the OSPF global level BFD configuration.
Supported releases 10.4.2E or later ipv6 route bfd Enables or disables BFD on IPv6 static routes. Syntax ipv6 route bfd [vrf vrf-name] [interval millisec min_rx min_rx multiplier role {active | passive}] To disable BFD on a IPv6 static route, use the no ipv6 route bfd command. Parameters Default • vrf vrf-name — Enter the keyword VRF followed by the name of the VRF to configure static route in that VRF.
Example OS10# show bfd neighbors * - Active session role ---------------------------------------------------------------------------LocalAddr RemoteAddr Interface State Rx-int Tx-int Mult VRF Clients ---------------------------------------------------------------------------* 150.150.1.2 150.150.1.1 vlan10 up 1000 1000 5 default bgp OS10# show bfd neighbors detail Session Discriminator: 1 Neighbor Discriminator: 2 Local Addr: 150.150.1.2 Local MAC Addr: 90:b1:1c:f4:ab:fd Remote Addr: 150.150.1.
Multihomed AS Maintains connections to more than one other AS. This group allows the AS to remain connected to the Internet if a complete failure occurs to one of their connections. This type of AS does not allow traffic from one AS to pass through on its way to another AS. Stub AS Connected to only one AS. Transit AS Provides connections through itself to separate networks. For example, Router 1 uses Router 2—the transit AS, to connect to Router 4.
Idle BGP initializes all resources, refuses all inbound BGP connection attempts, and starts a TCP connection to the peer. Connect Router waits for the TCP connection to complete and transitions to the OpenSent state if successful. If that transition is not successful, BGP resets the ConnectRetry timer and transitions to the Active state when the timer expires. Active Router resets the ConnectRetry timer to zero and returns to the Connect state.
2 Router C receives the advertisement but does not advertise it to any peer because its only other peer is Router D (an IBGP peer) and Router D has already learned it through IBGP from Router B. 3 Router D does not advertise the route to Router C because Router C is a nonclient peer. The route advertisement came from Router B which is also a nonclient peer. 4 Router D does reflect the advertisement to Routers E and G because they are client peers of Router D.
2 Prefer the path that is locally originated using the network command, redistribute command, or aggregate-address command. Routes originated using a network or redistribute command are preferred over routes that originate with the aggregate-address command. 3 (Optional) If you configure the bgp bestpath as-path ignore command, skip this step because AS_PATH is not considered.
Multiexit discriminators If two autonomous systems connect in more than one place, use a multiexit discriminator (MED) to assign a preference to a preferred path. MED is one of the criteria used to determine best path—other criteria may also impact selection. One AS assigns the MED a value. Other AS uses that value to decide the preferred path. Assume that the MED is the only attribute applied and there are two connections between AS 100 and AS 200. Each connection is a BGP session.
The question mark (?) indicates an origin code of INCOMPLETE, and the lower case letter (i) indicates an origin code of IGP. Origin configuration OS10# show ip bgp BGP local RIB : Routes to be Added , Replaced , Withdrawn BGP local router ID is 30.1.1.
If you configure the bgp bestpath as-path ignore command and the bestpath as-path multipath-relax command at the same time, an error message displays—only enable one command at a time. More path support More path (Add-Path) reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing paths with new ones. By default, a BGP speaker advertises only the best path to its peers for a given address prefix.
4-Byte AS numbers OS10 supports 4-byte AS number configurations by default. The 4-byte support is advertised as a new BGP capability - 4-BYTE-AS, in the OPEN message. A BGP speaker that advertises 4-Byte-AS capability to a peer, and receives the same from that peer must encode AS numbers as 4-octet entities in all messages. If the AS number of the peer is different, the 4-byte speaker brings up the neighbor session using a reserved 2-byte ASN, 23456 called AS_TRANS.
The Local-AS does not prepend the updates with the AS number received from the EBGP peer if you use the no prepend command. If you do not select no prepend, the default, the Local-AS adds to the first AS segment in the AS-PATH. If you use an inbound route-map to prepend the AS-PATH to the update from the peer, the Local-AS adds first. If Router B has an inbound route-map applied on Router C to prepend 65001 65002 to the AS-PATH, these events take place on Router B: • Receive and validate the update.
neighbors or peers. After a connection establishes, the neighbors exchange full BGP routing tables with incremental updates afterward. Neighbors also exchange the KEEPALIVE messages to maintain the connection. You can classify BGP neighbor routers or peers as internal or external. Connect EBGP peers directly, unless you enable EBGP multihop — IBGP peers do not need direct connection. The IP address of an EBGP neighbor is usually the IP address of the interface directly connected to the router.
View BGP neighbors OS10# show ip bgp neighbors BGP neighbor is 5.1.1.1, remote AS 1, internal link BGP version 4, remote router ID 6.1.1.
Configure BGP OS10# configure terminal OS10(config)# router bgp 100 OS10(config-router-bgp-100)# vrf blue OS10(config-router-vrf)# neighbor 5.1.1.1 OS10(config-router-neighbor)# remote-as 1 OS10(config-router-neighbor)# description n1_abcd OS10(config-router-neighbor)# exit OS10(config-router-vrf)# template t1 OS10(config-router-template)# description peer_template_1_abcd Configure Dual Stack OS10 supports dual stack for BGPv4 and BGPv6.
IPv4: OS10(config-router-bgp-100)# address-family ipv4 unicast OS10(configure-router-bgpv4-af)# IPv6: OS10(config-router-bgp-100)# address-family ipv6 unicast OS10(configure-router-bgpv6-af)# 3 Change the administrative distance for BGP. IPv4: OS10(configure-router-bgpv4-af)# distance bgp 21 200 200 IPv6: OS10(configure-router-bgpv6-af)# distance bgp 21 201 250 The example below provides the configuration for non-default VRF.
8 Assign a peer-template with a peer-group name from which to inherit to the neighbor in ROUTER-NEIGHBOR mode. inherit template template-name 9 Enable the neighbor in ROUTER-BGP mode. no shutdown When you add a peer to a peer group, it inherits all the peer group configured parameters. When you disable a peer group, all the peers within the peer template that are in the Established state move to the Idle state.
100.5.1.1 100.6.1.1 64802 64802 376 376 325 327 04:28:25 04:26:17 1251 1251 View running configuration OS10# show running-configuration bgp ! router bgp 64601 bestpath as-path multipath-relax bestpath med missing-as-worst non-deterministic-med router-id 100.0.0.8 ! template leaf_v4 description peer_template_1_abcd ! address-family ipv4 unicast distribute-list leaf_v4_in in distribute-list leaf_v4_out out route-map set_aspath_prepend in ! neighbor 100.5.1.
8 Enable the neighbor in ROUTER-BGP mode. neighbor ip-address 9 Enable the peer-group in ROUTER-NEIGHBOR mode. no shutdown When you add a peer to a peer group, it inherits all the peer group configured parameters. When you disable a peer group, all the peers within the peer template that are in the Established state move to the Idle state.
OS10(config-router-neighbor)# remote-as 100 OS10(config-router-neighbor)# fall-over OS10(config-router-neighbor)# no shutdown Verify neighbor fall-over on neighbor OS10(config-router-neighbor)# do show ip bgp neighbors 3.1.1.1 BGP neighbor is 3.1.1.1, remote AS 100, local AS 100 internal link BGP version 4, remote router ID 3.3.3.
no shutdown ! template bgppg fall-over remote-as 102 ! Configure password You can enable message digest 5 (MD5) authentication with a password on the TCP connection between two BGP neighbors. Configure the same password on both BGP peers. When you configure MD5 authentication between two BGP peers, each segment of the TCP connection is verified and the MD5 digest is checked on every segment sent on the TCP connection. Configuring a password for a neighbor establishes a new connection.
router bgp 10 ! template pass password 9 f785498c228f365898c0efdc2f476b4b27c47d972c3cd8cd9b91f518c14ee42d ! neighbor 11.1.1.2 inherit template pass password 9 01320afb39f49134882b0a9814fe6e8e228f616f60a35958844775314c00f0e5 remote-as 10 no shutdown Peer 2 in ROUTER-NEIGHBOR mode OS10# configure terminal OS10(config)# interface ethernet 1/1/5 OS10(conf-if-eth1/1/5)# no switchport ip OS10(conf-if-eth1/1/5)# ip address 11.1.1.2/24 OS10(conf-if-eth1/1/5)# router bgp 20 OS10(config-router-bgp-20)# neighbor 11.1.
View fast external fallover configuration OS10(config)# do show running-configuration bgp ! router bgp 300 ! neighbor 3.1.1.1 remote-as 100 no shutdown ! neighbor 3::1 remote-as 100 no shutdown ! address-family ipv6 unicast activate OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# show configuration ! interface ethernet1/1/1 ip address 3.1.1.
OS10(conf-if-eth1/1/1)# OS10(config-router-bgp-neighbor-af)# Apr 27 01:39:03 OS10 dn_sm[2065]: Node.1-Unit.1:PRI:alert [os10:event], %Dell EMC (OS10) %BGP_NBR_BKWD_STATE_CHG: Backward state change occurred Hold Time expired for Nbr:3.1.1.3 VRF:default Apr 27 01:39:03 OS10 dn_sm[2065]: Node.1-Unit.
4 Enter a template name to assign to the peer-groups in ROUTER-BGP mode. A maximum of 16 characters. template template-name 5 Enter a local-as number for the peer in ROUTER-TEMPLATE mode. local-as as number [no prepend] 6 Add a remote AS in ROUTER-TEMPLATE mode (1 to 65535 for 2 bytes, 1 to 4294967295 for 4 bytes). remote-as as-number Allow external routes from neighbor OS10(config)# router bgp 10 OS10(conf-router-bgp-10)# neighbor 32.1.1.
Show IP BGP OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 172:16:1::2 OS10(config-router-neighbor)# remote-as 100 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# address-family ipv6 unicast OS10(config-router-bgp-neighbor-af)# activate OS10(config-router-bgp-neighbor-af)# allowas-in 1 OS10(config-router-bgp-neighbor-af)# end OS10# show running-configuration bgp ! router bgp 100 ! neighbor 172:16:1::2 remote-as 100 no shutdown ! address-family ipv6 unicast activat
3 Enter Address Family mode in ROUTER-NEIGHBOR mode. address-family {[ipv4 | ipv6] [unicast]) 4 Allow the specified neighbor to send or receive multiple path advertisements in ROUTER-BGP mode. The count parameter controls the number of paths that are advertised — not the number of paths received. add-path [both | received | send] count Enable additional paths OS10(config)# router bgp 102 OS10(conf-router-bgp-102)# neighbor 32.1.1.
6 Enter the peer group to apply the route map configuration in ROUTER-BGP mode. template template-name 7 Apply the route map to the peer group’s incoming or outgoing routes in CONFIG-ROUTER-TEMPLATE-AF mode. route-map map-name {in | out} Configure and view local preference attribute OS10(config)# route-map bgproutemap 1 OS10(conf-route-map)# set local-preference 500 OS10(conf-route-map)# exit OS10(config)# router bgp 10 OS10(conf-router-bgp-10)# neighbor 10.1.1.
Enable multipath You can have one path to a destination by default, and enable multipath to allow up to 64 parallel paths to a destination. The show ip bgp network command includes multipath information for that network. • Enable multiple parallel paths in ROUTER-BGP mode. maximum-paths {ebgp | ibgp} number Enable multipath OS10(config)# router bgp 10 OS10(conf-router-bgp-10)# maximum-paths ebgp 10 Route-map filters Filtering routes allows you to implement BGP policies.
Configure clusters of routers where one router is a concentration router and the others are clients who receive their updates from the concentration router. 1 Assign an ID to a router reflector cluster in ROUTER-BGP mode. You can have multiple clusters in an AS. cluster-id cluster-id 2 Assign a neighbor to the router reflector cluster in ROUTER-BGP mode. neighbor {ip-address} 3 Configure the neighbor as a route-reflector client in ROUTER-NEIGHBOR mode, then return to ROUTER-BGP mode.
! neighbor 32.1.1.2 remote-as 104 no shutdown ! address-family ipv4 unicast Confederations Another way to organize routers within an AS and reduce the mesh for IBGP peers is to configure BGP confederations. As with route reflectors, Dell EMC recommends BGP confederations only for IBGP peering involving many IBGP peering sessions per router. When you configure BGP confederations, you break the AS into smaller sub-ASs. To devices outside your network, the confederations appear as one AS.
Route dampening When EBGP routes become unavailable, they “flap” and the router issues both WITHDRAWN and UPDATE notices. A flap occurs when a route is withdrawn, readvertised after being withdrawn, or has an attribute change. The constant router reaction to the WITHDRAWN and UPDATE notices causes instability in the BGP process. To minimize this instability, configure penalties (a numeric value) for routes that flap.
View dampened paths OS10# show ip bgp dampened-paths BGP local router ID is 80.1.1.1 Status codes: s suppressed, S stale, d dampened, h history, * valid, > best Origin codes: i - IGP, e - EGP, ? - incomplete Network From Reuse Path d* 3.1.2.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.3.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.4.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.5.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.6.0/24 80.1.1.
1 Enable soft-reconfiguration for the BGP neighbor and BGP template in ROUTER-BGP mode. BGP stores all the updates that the neighbor receives but does not reset the peer-session. Entering this command starts the storage of updates, which is required to do inbound soft reconfiguration. neighbor {ip-address} soft-reconfiguration inbound 2 Enter Address Family mode in ROUTER-NEIGHBOR mode. address-family {[ipv4 | ipv6] [unicast]} 3 Configure soft-configuration for the neighbors belonging to the template.
• receive — Receive multiple paths from the peer. • send path count — Enter the number of multiple paths to send multiple to the peer, from 2 to 64. Default Not configured Command Mode ROUTER-BGP-NEIGHBOR-AF Usage Information Advertising multiple paths to peers for the same address prefix without replacing the existing path with a new one reduces convergence times. The no version of this command disables the multiple path advertisements for the same destination.
Usage Information The time interval applies to all peer group members of the template in ROUTER-TEMPLATE mode. The no version of this command resets the advertisement-interval value to the default. Example OS10(conf-router-neighbor)# advertisement-interval 50 Supported Releases 10.3.0E or later advertisement-start Delays initiating the OPEN message for the specified time.
allowas-in Configures the number of times the local AS number can appear in the BGP AS_PATH path attribute before the switch rejects the route. Syntax allowas-in as-number Parameters as-number—Enter the number of occurrences for a local AS number, from 1 to 10. Default Disabled Command Mode ROUTER-BPG-TEMPLATE-AF Usage Information Use this command to enable the BGP speaker to accept a route with the local AS number in updates received from a peer for the specified number of times.
Parameters • asdot — Specify the AS number notation in asdot format. • asdot+ — Specify the AS number notation in asdot+ format. • asplain — Specify the AS number notation in asplain format. Defaults asplain Command Modes ROUTER-BGP Usage Information NOTE: To configure these settings for a non-default VRF instance, first enter the ROUTER-CONFIGVRF sub mode using the following commands: 1 Enter the ROUTER BGP mode using the router bgp as-number command.
Parameters • confed — Compare MED among BGP confederation paths. • missing-as-worst — Treat missing MED as the least preferred path. Default Disabled Command Mode ROUTER-BGP Usage Information Before you apply this command, use the always-compare-med command. The no version of this command resets the MED comparison influence.
• IPv4–address — Enter an IPv4 address to clear a BGP neighbor configuration. • IPv6–address — Enter an IPv6 address to clear a BGP neighbor configuration. • * — Clears all BGP sessions. Default Not configured Command Mode EXEC Usage Information None. Example OS10# clear ip bgp 1.1.15.4 Supported Releases 10.3.0E or later clear ip bgp * Resets BGP sessions. The soft parameter, BGP soft reconfiguration, clears policies without resetting the TCP connection.
Usage Information None Example OS10# clear ip bgp dampening 1.1.15.5 Supported Releases 10.3.0E or later clear ip bgp flap-statistics Clears all or specific IPv4 or IPv6 flap counts of prefixes. Syntax Parameters clear ip bgp [vrf vrf-name] [ipv4–address | ipv6–address] flap-statistics [ipv4–prefix | ipv6–prefix] • vrf vrf-name — (OPTIONAL) Enter vrf then the name of the VRF to clear flap statistics information.
confederation Configures an identifier for a BGP confederation. Syntax confederation {identifier as-num | peers as-number} Parameters • identifier as-num —Enter an AS number, from 0 to 65535 for 2 bytes, 1 to 4294967295 for 4 bytes, or 0.1 to 65535.65535 for dotted format. • peers as-number—Enter an AS number for peers in the BGP confederation, from 1 to 4294967295.
NOTE: To configure these settings for a non default VRF instance, you must first enter the ROUTERCONFIG-VRF sub mode using the following commands: 1 Enter the ROUTER BGP mode using the router bgp as-number command. 2 From the ROUTER BGP mode, enter the ROUTER BGP VRF mode using the vrf vrf-name command. Example OS10(conf-router-bgp-2)# client-to-client reflection Supported Releases 10.2.0E or later cluster-id Assigns a cluster ID to a BGP cluster with multiple route reflectors.
• suppress-limit — (Optional) Enter a suppress-limit value, which compares to the flapping route’s penalty value. If the penalty value is greater than the suppress value, the flapping route is no longer advertised, from 1 to 20000. • max-suppress-time — (Optional) Enter the maximum number of minutes a route is suppressed, from 1 to 255. • route-map-name — (Optional) Enter the name of the route-map.
Usage Information Assigns a metric for locally-originated routes such as redistributed routes. After you redistribute routes in BGP, use this command to reset the metric value — the new metric does not immediately take effect. The new metric takes effect only after you disable and re-enable route redistribution for a specified protocol.
Command Modes • CONFIG-ROUTER-BGP-ADDRESS-FAMILY • CONFIG-ROUTER-BGP-VRF-ADDRESS-FAMILY Usage Information This command is used to configure administrative distance for eBGP route, iBGP route, and local BGP route. Administrative distance indicates the reliability of the route; the lower the administrative distance, the more reliable the route is. Routes that are assigned an administrative distance of 255 are not installed in the routing table. Routes from confederations are treated as iBGP routes.
Supported Releases 10.4.1.0 or later bgp default local-preference Changes the default local preference value for routes exchanged between internal BGP peers. Syntax default local-preference number Parameters number — Enter a number to assign to routes as the degree of preference for those routes. When routes compare, the route with the higher degree of preference or the local preference value is most preferred, from 1 to 4294967295.
BGP ensures that the first AS of the first AS segment is always the AS of the peer, otherwise the update drops and the counter increments. The no version of this command turns off the default. NOTE: To configure these settings for a non default VRF instance, you must first enter the ROUTERCONFIG-VRF sub mode using the following commands: 1 Enter the ROUTER BGP mode using the router bgp as-number command. 2 From the ROUTER BGP mode, enter the ROUTER BGP VRF mode using the vrf vrf-name command.
Example OS10(conf-router-bgp-10)# fast-external-fallover Supported Releases 10.3.0E or later inherit template Configures a peer group template name that the neighbors use to inherit peer-group configuration. Syntax inherit template template-name Parameters template-name — Enter a template name. A maximum of 16 characters.
Usage Information Facilitates the BGP network migration operation and allows you to maintain existing AS numbers. The no version of this command resets the value to the default. Example (Neighbor) OS10(conf-router-bgp-10)# neighbor lunar OS10(conf-router-neighbor)# local-as 20 Example (Template) OS10(conf-router-bgp-10)# template solar OS10(conf-router-template)# local-as 20 Supported Releases 10.3.0E or later log-neighbor-changes Enables logging for changes in neighbor status.
NOTE: To configure these settings for a non default VRF instance, you must first enter the ROUTERCONFIG-VRF sub mode using the following commands: 1 Enter the ROUTER BGP mode using the router bgp as-number command. 2 From the ROUTER BGP mode, enter the ROUTER BGP VRF mode using the vrf vrf-name command. Example (EBGP) OS10(conf-router-bgp-2)# maximum-paths ebgp 2 maxpaths Example (IBGP) OS10(conf-router-bgp-2)# maximum-paths ibgp 4 maxpaths Supported Releases 10.3.
NOTE: To configure these settings for a non default VRF instance, you must first enter the ROUTERCONFIG-VRF sub mode using the following commands: 1 Enter the ROUTER BGP mode using the router bgp as-number command. 2 From the ROUTER BGP mode, enter the ROUTER BGP VRF mode using the vrf vrf-name command. Example OS10(conf-router-bgp-2)# neighbor 32.1.0.0 OS10(conf-router-neighbor)# Supported Releases 10.3.0E or later next-hop-self Disables the next-hop calculation for a neighbor.
Supported Releases 10.2.0E or later outbound-optimization Enables outbound optimization for IBGP peer-group members. Syntax outbound-optimization Parameters None Default Not configured Command Mode ROUTER-BGP Usage Information Enable or disable outbound optimization dynamically to reset all neighbor sessions. When you enable outbound optimization, all peers receive the same update packets.
redistribute Redistributes connected, static, and OSPF routes in BGP. Syntax redistribute {connected [route-map map name] | ospf process-id | static [routemap map name ]} Parameters • connected — Enter to redistribute routes from physically connected interfaces. • route-map map name — (Optional) Enter the name of a configured route-map. • ospf process-id — Enter a number for the OSPF process (1 to 65535). • static — Enter to redistribute manually configured routes.
Example OS10(config)# router bgp 300 OS10(config-router-bgp-300)# template ebgppg OS10(config-router-template)# remote-as 100 Supported Releases 10.4.1.0 or later remove-private-as Removes private AS numbers from receiving outgoing updates.
route-reflector-client Configures a neighbor as a member of a route-reflector cluster. Syntax route-reflector-client Parameters None Default Not configured Command Mode ROUTER-TEMPLATE Usage Information The device configures as a route reflector, and the BGP neighbors configure as clients in the route-reflector cluster. The no version of this command removes all clients of a route reflector—the router no longer functions as a route reflector.
NOTE: To configure these settings for a non default VRF instance, you must first enter the ROUTERCONFIG-VRF sub mode using the following commands: 1 Enter the ROUTER BGP mode using the router bgp as-number command. 2 From the ROUTER BGP mode, enter the ROUTER BGP VRF mode using the vrf vrf-name command. Example OS10(conf-router-bgp-10)# router-id 10.10.10.40 Supported Releases 10.3.0E or later send-community Sends a community attribute to a BGP neighbor or peer group.
show ip bgp Displays information that BGP neighbors exchange. Syntax show ip bgp [vrf vrf-name] ip-address/mask Parameters • vrf vrf-name — (OPTIONAL) Enter vrf and then the name of the VRF to view route information corresponding to that VRF. • ip-address/mask — Enter the IP address and mask in A.B.C.D/x format. Default Not configured Command Mode EXEC Usage Information None Example OS10# show ip bgp 1.1.1.0/24 BGP routing table entry for 1.1.1.
d* 3.1.3.0/24 80.1.1.2 d* 3.1.4.0/24 80.1.1.2 d* 3.1.5.0/24 80.1.1.2 d* 3.1.6.0/24 80.1.1.2 Total number of prefixes: 5 Supported Releases 00:00:12 00:00:12 00:00:12 00:00:12 800 800 800 800 9 9 9 9 8 8 8 8 i i i i 10.3.0E or later show ip bgp flap-statistics Displays BGP flap statistics on BGP routes.
• denied-routes — (Optional) Displays the configured denied routes. Default Not configured Command Mode EXEC Usage Information This command displays locally advertised BGPv4 routes configured using the network command. These routes show as r for redistributed/network-learned routes. Example OS10# show ip bgp ipv4 unicast summary BGP router identifier 80.1.1.1 local AS number 102 Neighbor AS MsgRcvd MsgSent Up/Down State/Pfx 80.1.1.2 800 8 4 00:01:10 5 Supported Releases 10.3.
• dampened-routes—Displays the suppressed routes received from a neighbor • flap-statistics—Displays the route's flap statistics received from a neighbor • received-routes—Displays the routes received from a neighbor • routes—Displays routes learned from a neighbor Default Not configured Command Mode EXEC Usage Information • BGP neighbor — Displays the BGP neighbor address and its AS number.
For address family: IPv4 Unicast Next hop set to self Allow local AS number 0 times in AS-PATH attribute For address family: IPv6 Unicast Next hop set to self Allow local AS number 0 times in AS-PATH attribute Local host: 80.1.1.1, Local port: 57812 Foreign host: 80.1.1.2, Foreign port: 179 Example advertised- OS10# show ip bgp ipv6 unicast neighbors 192:168:1::2 advertised-routes BGP local router ID is 100.1.1.
*>55:0:0:2::/64 172:16:1::2 *>55:0:0:3::/64 172:16:1::2 *>55:0:0:4::/64 172:16:1::2 *>55:0:0:5::/64 172:16:1::2 *>55:0:0:6::/64 172:16:1::2 *>55:0:0:7::/64 172:16:1::2 *>55:0:0:8::/64 172:16:1::2 *>55:0:0:9::/64 172:16:1::2 Total number of prefixes: 10 OS10# Supported Releases 44 44 44 44 44 44 44 44 55 55 55 55 55 55 55 55 0 0 0 0 0 0 0 0 i i i i i i i i 10.3.0E or later show ip bgp peer-group Displays information on BGP peers in a peer-group.
show ip bgp summary Displays the status of all BGP connections. Syntax show ip bgp [vrf vrf-name] summary Parameters vrf vrf-name — (OPTIONAL) Enter vrf then the name of the VRF to view the status of all BGP connections corresponding to that VRF. Default Not configured Command Mode EXEC Usage Information • Neighbor—Displays the BGP neighbor address. • AS—Displays the AS number of the neighbor • MsgRcvd—Displays the number of BGP messages that the neighbor received.
E2 - OSPF external type 2, * - candidate default, + - summary route, > - non-active route Gateway of last resort is not set Destination Gateway Dist/Metric La ---------------------------------------------------------------------------------------C 10.1.1.0/24 via 10.1.1.1 ethernet1/1/17 0/0 0 B IN 100.1.1.0/24 via 10.1.1.2 200/0 0 B IN 101.1.1.0/24 via 10.1.1.2 200/0 0 B IN 102.1.1.0/24 via 10.1.1.2 200/0 0 B IN 103.1.1.0/24 via 10.1.1.2 200/0 0 B IN 104.1.1.0/24 via 10.1.1.2 200/0 0 Supported Releases 10.
template Creates a peer-group template to assign it to BGP neighbors. Syntax template template-name Parameters template-name — Enter a peer-group template name. A maximum of 16 characters. Default Not configured Command Mode CONFIG-ROUTER-BGP Usage Information Members of a peer-group template inherit the configuration properties of the template and share the same update policy. The no version of this command removes a peer-template configuration.
Parameters None Default None Command Mode ROUTER-BGP Usage Information This mode allows you to apply BGP configurations to non-default VRFs. Example OS10(config)#router bgp 100 OS10(config-router-bgp-100)# OS10(config-router-bgp-100)#vrf vrf_test1 OS10(config-router-bgp-100-vrf)# Supported Releases 10.3.0E or later weight Assigns a default weight for routes from the neighbor interfaces. Syntax weight number Parameters number—Enter a number as the weight for routes, from 1 to 4294967295.
Load-Balancing Configuration For LAG and ECMP: ---------------------------------------------IPV4 Load Balancing : Enabled IPV6 Load Balancing : Enabled MAC Load Balancing : Enabled TCP-UDP Load Balancing : Enabled Ingress Port Load Balancing : Disabled IPV4 FIELDS : source-ip destination-ip protocol vlan-id l4-destination-port l4-source-port IPV6 FIELDS : source-ip destination-ip protocol vlan-id l4-destination-port l4-source-port MAC FIELDS : source-mac destination-mac ethertype vlan-id TCP-UDP FIELDS: l4-
Usage Information The no version of this command disables the configuration. Example OS10(config)# link-bundle-trigger-threshold 80 Supported Releases 10.2.0E or later load-balancing Distributes or load balances incoming traffic using the default parameters in the hash algorithm.
Example (Ingress) OS10(config)# load-balancing ingress-port enable Example (IP Selection) OS10(config)# load-balancing ip-selection destination-ip source-ip Supported Releases 10.2.0E or later show hash-algorithm Displays hash-algorithm information. Syntax show hash-algorithm Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show hash-algorithm EcmpAlgo - crc LabAlgo - crc Supported Releases 10.3.
• ip-address mask—Enter the IP address in dotted decimal format—A.B.C.D. and mask in slash prefix-length format (/24). • secondary—Enter a secondary backup IP address for the interface. Assign interface IP address to interface OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# ethernet 1/1/1 no shutdown no switchport ip address 10.10.1.
View configured static routes OS10# show ip route static Codes: C - connected S - static B - BGP, IN - internal BGP, EX - external BGP O - OSPF,IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, > - non-active route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change -----------------------------------------------------------------S 200.200.200.0/24 via 10.1.1.
clear ip arp Clears the dynamic ARP entries from a specific interface or optionally delete (no-refresh) ARP entries from the content addressable memory (CAM). Syntax Parameters clear ip arp [vrf vrf-name] [interface interface | ip ip-address] [no-refresh] • vrf vrf-name — Enter vrf then the name of the VRF to clear ARP entries corresponding to that VRF. • interface interface— (Optional) Specify an interface type: – ethernet — Physical interface. – port-channel — Port-channel identifier.
ip address Configure the IP address to an interface. Syntax ip address ip–address/mask Parameters ip–address/mask — Enter the IP address. Defaults None Command Mode INTERFACE Usage Information The no version of this command removes the IP address set for the interface. Example OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ip address 10.1.1.0/24 Supported Releases 10.3.0E or later ip address dhcp Enables DHCP client operations on the interface.
ip route Assigns a static route on the network device. Syntax Parameters ip route [dst-vrf vrf-name] ip-prefix mask {next-hop | interface interface-type [route-preference]} • dst-vrf vrf-name — (Optional) Enter vrf and then the name of the VRF to configure a static route corresponding to that VRF. Use this VRF option after the ip route keyword to configure a static route on that specific VRF. • ip-prefix — Enter the IP prefix in dotted decimal A.B.C.D format.
Example (IP Address) OS10# show ip arp 192.168.2.2 Protocol Address Hardware Interface Interface VLAN ------------------------------------------------------------------Internet 192.168.2.2 00:01:e8:8b:3c:01 ethernet1/1/6 Example (Static) OS10# show ip arp summary Total Entries Static Entries Dynamic Entries ------------------------------------------------3994 0 3994 OS10# show ip arp 100.1.2.
Example OS10# show ip route Codes: C - connected S - static B - BGP, IN - internal BGP, EX - external BGP O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, > - non-active route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change -----------------------------------------------------------------C 10.1.1.0/24 via 10.1.1.1 vlan100 0/0 01:16:56 B EX 10.1.2.0/24 via 10.1.2.
Link local IPv6 address: fe80::eef4:bbff:fefb:fa30/64 Global IPv6 address: 2020::1/64 ...
To enable stateless autoconfiguration of an IPv6 global address and set the interface to Host mode, use the ipv6 address autoconfig command. The router receives network prefixes in IPv6 router advertisements (RAs). An interface ID appends to the prefix. In Host mode, IPv6 forwarding is disabled. The no ipv6 address autoconfig command disables IPv6 global address autoconfiguration, and sets the interface to Router mode with IPv6 forwarding enabled.
Prefix renumbering Transparent renumbering of hosts in the network when an organization changes its service provider. IPv6 provides the flexibility to add prefixes on RAs in response to a router solicitation (RS). By default, RA response messages are sent when an RS message is received. The system manipulation of IPv6 stateless autoconfiguration supports the router side only. Neighbor Discovery (ND) messages advertise so the neighbor can use the information to auto-configure its address.
3 Configure the IPv6 prefixes that are advertised by IPv6 neighbor discovery in Interface mode. ipv6 nd prefix {ipv6-prefix | default} [no-advertise] [no-autoconfig] [no-rtr-address] [off-link] [lifetime {valid-lifetime seconds | infinite} {preferred-lifetime seconds | infinite}] • ipv6-prefix — Enter an IPv6 prefix in x:x::y/mask format to include the prefix in RA mesages. Include prefixes that are not already in the subnets configured on the interface.
Disable duplicate address discovery OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ipv6 nd dad disable Disable IPv6 for duplicate link-local address OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ipv6 nd dad disable-ipv6-on-dad-failure Static IPv6 routing To define an explicit route between two IPv6 networking devices, configure a static route on an interface.
Enable IPv6 hop-by-hop options forwarding OS10(config)# interface ethernet 1/1/8 OS10(conf-if-eth1/1/8)# ipv6 hop-by-hop View IPv6 information To view IPv6 configuration information, use the show ipv6 route command. To view IPv6 address information, use the show address ipv6 command.
– For a VLAN interface, enter vlan then a number from 1 to 4093. Defaults None. Command Mode EXEC Usage Information The no version of this command resets the value to the default. Example Supported Releases 10.4.1.0 or later or later clear ipv6 route Clears routes from the IPv6 routing table. Syntax clear ipv6 route [vrf vrf-name] {* | A::B/mask} Parameters • vrf vrf-name — (Optional) Enter vrf then the name of the VRF to clear the IPv6 routes corresponding to that VRF.
Example OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ipv6 address 2111:dddd:0eee::22/64 Supported Releases 10.3.0E or later ipv6 address autoconfig Acquires global IPv6 addresses by using the network prefix obtained from RAs.
Defaults None Command Mode INTERFACE Usage Information Use this command to disable and re-enable IPv6 forwarding on an interface for security purposes or to recover from a duplicate address discovery (DAD) failure. The no version of this command disables IPv6 forwarding. Example OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# Supported Releases 10.3.
Supported Releases 10.4.0E(R1) or later ipv6 hop-by-hop Enables and disables processing hop-by-hop options in IPv6 packet headers. Syntax ipv6 hop-by-hop Parameters None Defaults Hop-by-hop header options in an IPv6 packet do not process on an interface. Command Mode INTERFACE Usage Information • Use this command to enable local processing of IPv6 packets with hop-by-hop options in conformance with the RFC 8200, IPv6 Specification.
ipv6 nd hop-limit Sets the hop limit advertised in RA messages and included in IPv6 data packets sent by the router. Syntax ipv6 nd hop-limit hops Parameters • hop-limit hops — Enter the maximum number of hops allowed for RA messages, from 0 to 255. Defaults 64 hops Command Mode INTERFACE Usage Information The configured hop limit is advertised in RA messages and included in IPv6 data packets sent by the router. 0 indicates that no hop limit is specified by the router.
Supported Releases 10.4.0E(R1) or later ipv6 nd mtu Sets the maximum transmission unit (MTU) used on a local link in RA messages. Syntax Parameters ipv6 nd mtu number • mtu number — Enter the MTU size in bytes, from 1280 to 65535. Defaults 1500 bytes Command Mode INTERFACE Usage Information The no version of this command restores the default MTU value advertised in RA messages. Example OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# ipv6 nd mtu 2500 Supported Releases 10.4.
• no-rtr-address — (Optional) Sets AdvRouterAddr to Off for the prefix in the radvd.conf file. The Off setting tells hosts to not use the advertising router's address for on-link determination. By default, AdvRouterAddr is On. • off-link — (Optional) Sets AdvOnLink to Off for the prefix in the radvd.conf file. The Off setting tells hosts to not use this prefix for on-link determination. By default, AdvOnLink is On.
Example OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# ipv6 nd max-ra-interval 300 Supported Releases 10.4.0E(R1) or later ipv6 nd reachable-time Sets the advertised time the router sees a neighbor to be up after it receives a reachability confirmation. Syntax Parameters ipv6 nd reachable-time milliseconds • reachable-time milliseconds — Enter the reachable time in milliseconds, from 0 to 3600000.
Usage Information • Using ICMPv6 RA messages, the Neighbor Discovery Protocol (NDP) advertises the IPv6 addresses of IPv6enabled interfaces and learns of any address changes in IPv6 neighbors. Before you enable sending RA messages, the switch must be in Router mode with IPv6 forwarding enabled and stateless autoconfiguration disabled no ipv6 address autoconfig command. • The no version command disables RA messages.
Usage Information • By default, when no matching entry for an IPv6 route is found in the IPv6 routing table, the packet drops and no error message is sent. Use this command to enable sending an IPv6 destination unreachable error message to the source without dropping the packet. • The no version of this command disables generating unreachable destination messages. Example OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# ipv6 unreachables Supported Releases 10.4.
Parameters • vrf vrf-name — (Optional) Enter vrf then the name of the VRF to display IPv6 routes corresponding to that VRF. If you do not specify this option, routes corresponding to the default VRF display. • all—(Optional) Displays all routes including nonactive routes. • bgp—(Optional) Displays BGP route information. • connected—(Optional) Displays only the directly connected routes. • static—(Optional) Displays all static routes.
show ipv6 interface brief Displays IPv6 interface information. Syntax show ipv6 interface brief Parameters brief — Displays a brief summary of IPv6 interface information. Defaults None Command Mode EXEC Usage Information Use the do show ipv6 interface brief command to view IPv6 interface information in other modes.
• (Optional) The fast leave option allows the IGMP snooping switch to remove an interface from the multicast group immediately on receiving the leave message. Enable fast leave with the ip igmp snooping fast-leave command in VLAN INTERFACE mode. • (Optional) Configure the time interval for sending IGMP general queries with the ip igmp snooping query-interval query-interval-time command in VLAN INTERFACE mode.
IGMP snooping commands ip igmp snooping Enables IGMP snooping on the specified VLAN interface. Syntax ip igmp snooping Parameters None Default Depends on the global configuration. Command Mode VLAN INTERFACE Usage Information When you enable IGMP snooping globally, the configuration applies to all VLAN interfaces. You can disable IGMP snooping on specified VLAN interfaces. The no version of this command disables IGMP snooping on the specified VLAN interface.
Example OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# ip igmp snooping fast-leave Supported Releases 10.4.1.0 or later ip igmp snooping last-member-query-interval Configures the time interval between group-specific IGMP query messages. Syntax ip igmp snooping last-member-query-interval query-interval-time Parameters query-interval-time—Enter the query time interval in milliseconds, ranging from 100 to 65535.
Supported Releases 10.4.0E(R1) or later ip igmp snooping query-interval Configures time interval for sending IGMP general queries. Syntax ip igmp snooping query-interval query-interval-time Parameters query-interval-time—Enter the interval time in seconds, ranging from 2 to 18000. Default 60 seconds Command Mode VLAN INTERFACE Usage Information The no version of this command resets the query interval to the default value.
show ip igmp snooping groups Displays IGMP snooping group membership details. Syntax show ip igmp snooping groups [vlan vlan-id [ip-address]] Parameters • vlan-id—(Optional) Enter the VLAN ID, from 1 to 4093. • ip-address—(Optional) Enter the IP address of the multicast group. Default Not configured Command Mode EXEC Usage Information None Example OS10# show ip igmp snooping groups Total Number of Groups: 480 IGMP Connected Group Membership Group Address Interface Mode 225.1.0.
225.1.0.8 vlan3031 IGMPv2-Compat Member-ports :port-channel51,ethernet1/1/51:1,ethernet1/1/52:1 225.1.0.9 vlan3031 IGMPv2-Compat Member-ports :port-channel51,ethernet1/1/51:1,ethernet1/1/52:1 225.1.0.10 vlan3031 IGMPv2-Compat --more-Example (with VLAN OS10# show ip igmp snooping groups vlan 3031 225.1.0.0 IGMP Connected Group Membership and multicast IP Group Address Interface Mode address) 225.1.0.
101.41.0.21 Member Port port-channel51 ethernet1/1/51:1 ethernet1/1/52:1 Mode Include Include Include Uptime 1d:20:26:07 1d:20:26:05 1d:20:26:08 Expires 00:01:41 00:01:46 00:01:46 Interface vlan3041 Group 232.11.0.1 Source List 101.41.0.21 Member Port Mode port-channel51 Include ethernet1/1/51:1 Include ethernet1/1/52:1 Include Uptime 1d:20:26:07 1d:20:26:05 1d:20:26:08 Expires 00:01:41 00:01:46 00:01:46 Uptime 1d:20:26:07 Expires 00:01:41 Interface vlan3041 Group 232.11.0.2 Source List 101.41.0.
IGMP Snooping max response time is 10 seconds IGMP snooping fast-leave is disabled on this interface IGMP snooping querier is enabled on this interface Vlan3033 is up, line protocol is up IGMP version is 3 --more-<
Example (with VLAN) OS10# show ip igmp snooping mrouter vlan 3031 Interface Router Ports vlan3031 port-channel31 Supported Releases 10.4.0E(R1) or later Multicast Listener Discovery Protocol IPv6 networks use Multicast Listener Discovery (MLD) Protocol to manage multicast groups. OS10 supports MLDv1and MLDv2 to manage the multicast group memberships on IPv6 networks.
Group Address Interface Mode Expires ff02::2 vlan3531 Exclude 00:01:38 ff0e:225:1:: vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::1 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::2 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::3 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::4 vlan3531 MLD
Usage Information When you enable MLD snooping globally, the configuration is applied to all the VLAN interfaces. You can disable the MLD snooping on specified VLAN interfaces. The no version of this command disables the MLD snooping on the specified VLAN interface. Example OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# no ipv6 mld snooping Supported Releases 10.4.1.0 or later ipv6 mld snooping enable Enables MLD snooping globally.
Command Mode VLAN INTERFACE Usage Information The no version of this command resets the last member query interval time to the default value. Example OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# ipv6 mld snooping last-member-query-interval 2500 Supported Releases 10.4.1.0 or later ipv6 mld snooping mrouter Configures the specified VLAN member port as a multicast router interface.
Example OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# ipv6 mld snooping query-interval 120 Supported Releases 10.4.1.0 or later ipv6 mld query-max-resp-time Configures the maximum time for responding to a query advertised in MLD queries. Syntax ipv6 mld snooping query-max-resp-time query-response-time Parameters query-response-time—Enter the query response time in seconds, ranging from 1 to 25.
Example OS10# show ipv6 mld snooping groups Total Number of Groups: 280 MLD Connected Group Membership Group Address Interface Mode Expires ff02::2 vlan3531 Exclude 00:01:38 ff0e:225:1:: vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::1 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::2 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::3 vlan3531 MLD
show ipv6 mld snooping groups detail Displays the MLD source information along with detailed member port information. Syntax show ipv6 mld snooping groups [vlan vlan-id] [group ipv6-address] detail Parameters • vlan-id—(Optional) Enter the VLAN ID, ranging from 1 to 4093. • ipv6-address—(Optional) Enter the IPv6 address of the multicast group.
Member Port port-channel31 ethernet1/1/51:1 ethernet1/1/52:1 --more-- Mode Include Include Include Uptime 2d:11:50:17 2d:11:50:36 2d:11:50:36 Expires 00:01:29 00:01:25 00:01:38 Example (with VLAN OS10# show ipv6 mld snooping groups vlan 3041 ff3e:232:b:: detail Interface vlan3041 and multicast IP Group ff3e:232:b:: address) Source List 2001:101:29::1b Member Port Mode Uptime Expires port-channel31 Include 2d:11:50:53 00:02:01 ethernet1/1/51:1 Include 2d:11:51:11 00:02:01 ethernet1/1/52:1 Include 2d:11:5
Supported Releases 10.4.1.0 or later Open shortest path first OSPF routing is a link-state routing protocol that allows sending link-state advertisements (LSAs) to all other routers within the same autonomous system (AS) area. OSPF LSAs include information about attached interfaces, metrics used, and other attributes. OSPF routers accumulate link-state information, and use the shortest path first (SPF) algorithm to calculate the shortest path to each node.
The backbone is the only area with a default area number. You configure all other areas Area ID. If you configure two nonbackbone areas, you must enable the B bit in OSPF. Routers, A, B, C, G, H, and I are the backbone, see Autonomous system areas. • • • A stub area (SA) does not receive external route information, except for the default route. These areas do receive information from interarea (IA) routes.
Backbone router A backbone router (BR) is part of the OSPF Backbone, Area 0, and includes all ABRs. The BR includes routers connected only to the backbone and another ABR, but are only part of Area 0—shown as Router I in the example. Area border router Within an AS, an area border router (ABR) connects one or more areas to the backbone. The ABR keeps a copy of the link-state database for every area it connects to. It may keep multiple copies of the link state database.
Inter-Area-Router LSA (OSPFv3) Type 5—ASExternal LSA LSAs contain information imported into OSPF from other routing processes. Type 5 LSAs flood to all areas except stub areas. The link-state ID of the Type 5 LSA is the external network number. Type 7—NSSAExternal LSA (OSPFv2), LSA (OSPFv3) Routers in an NSSA do not receive external LSAs from ABRs but send external routing information for redistribution.
OSPF route limit OS10 supports up to 16,000 OSPF routes. Within this range, the only restriction is on intra-area routes that scale only up to 1000 routes. Other OSPF routes can scale up to 16 K. Shortest path first throttling Use shortest path first (SPF) throttling to delay SPF calculations during periods of network instability. In an OSPF network, a topology change event triggers an SPF calculation that is performed after a start time.
Enable SPF throttling (OSPFv3) OS10(config)# router ospfv3 10 OS10(config-router-ospf-10)# timers spf 2000 3000 4000 View OSPFv2 SPF throttling OS10(config-router-ospf-100)# do show ip ospf Routing Process ospf 100 with ID 12.1.1.
5 Assign an IP address to the interface in INTERFACE mode. ip address ip-address/mask 6 Enable OSPFv2 on an interface in INTERFACE mode. ip ospf process-id area area-id • process-id—Enter the OSPFv2 process ID for a specific OSPF process, from 1 to 65535. • area-id—Enter the OSPFv2 area ID as an IP address (A.B.C.D) or number, from 1 to 65535.
OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# no ip ip ip switchport vrf forwarding vrf-blue address 11.1.1.1/24 ospf 100 area 0.0.0.0 Assign router identifier For managing and troubleshooting purposes, you can assign a router ID for the OSPFv2 process. Use the router’s IP address as the router ID.
Area (10.10.5.1) Number of interface in this area is 0 SPF algorithm executed 1 times Area ranges are OS10# show running-configuration ospf ! router ospf 10 area 10.10.5.1 stub Passive interfaces A passive interface does not send or receive routing information. Configuring an interface as a passive interface suppresses both receiving and sending routing updates.
Configure fast convergence OS10(config)# router ospf 65535 OS10(conf-router-ospf-65535)# fast-converge 1 View fast convergence OS10(conf-router-ospf-65535)# do show ip ospf Routing Process ospf 65535 with ID 99.99.99.
7 Change the wait period between link state update packets sent out the interface in INTERFACE mode, from 1 to 3600. The default wait period is 1. The transmit delay must be the same on all routers in the OSPF network.
View default route configuration OS10(config-router-ospf-10)# show configuration ! router ospf 10 default-information originate always Summary address You can configure a summary address for an ASBR to advertise one external route as an aggregate, for all redistributed routes that are covered by specified address range. • Configure the summary address in ROUTER-OSPF mode.
View text authentication OS10(conf-if-eth1/1/1)# show configuration ! interface ethernet1/1/1 ip address 10.10.10.2/24 no switchport no shutdown ip ospf 100 area 0.0.0.0 ip ospf authentication-key sample Configure MD5 authentication OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ip ospf message-digest-key 2 md5 sample12345 View MD5 authentication OS10(conf-if-eth1/1/1)# show configuration ! interface ethernet1/1/1 ip address 10.10.10.2/24 no switchport no shutdown ip ospf 100 area 0.0.0.
router ospf 100 log-adjacency-changes OSPFv2 commands area default-cost Sets the metric for the summary default route generated by the ABR and sends it to the stub area. Syntax Parameters area area-id default-cost cost • area-id — Enter the OSPF area in dotted decimal A.B.C.D format or enter a number, from 0 to 65535. • cost — Enter a cost for the stub area’s advertised external route metric, from 0 to 65535.
• ip-address — (Optional) Enter an IP address/mask in dotted decimal format. • no-advertise — (Optional) Set the status to Do Not Advertise. The Type 3 summary-LSA is suppressed and the component networks remain hidden from other areas. Default Not configured Command Mode ROUTER-OSPF Usage Information The no version of this command disables the route summarizations. Example OS10(conf-router-ospf-10)# area 0 range 10.1.1.4/8 no-advertise Supported Releases 10.2.
clear ip ospf process Clears all OSPF routing tables. Syntax Parameters clear ip ospf {instance-number} [vrf vrf-name] process • instance-number — Enter an OSPF instance number, from 1 to 65535. • vrf vrf-name — Enter the keyword vrf followed by the name of the VRF to reset the OSPF process configured in that VRF. Default Not configured Command Mode EXEC Usage Information This command clears all entries in the OSPF routing table.
Supported Releases 10.3.0E or later default-metric Assigns a metric value to redistributed routes for the OSPF process. Syntax default-metric number Parameters number — Enter a default-metric value, from 1 to 16777214. Default Not configured Command Mode ROUTER-OSPF Usage Information The no version of this command disables the default-metric configuration. Example OS10(conf-router-ospf-10)# default-metric 2000 Supported Releases 10.2.
ip ospf area Attaches an interface to an OSPF area. Syntax Parameters ip ospf process-id area area-id • process-id — Set an OSPF process ID for a specific OSPF process, from 1 to 65535. • area area-id — Enter the OSPF area ID in dotted decimal A.B.C.D format or enter an area ID number, from 1 to 65535. Default Not configured Command Mode INTERFACE Usage Information The no version of this command removes an interface from an OSPF area.
Supported Releases 10.2.0E or later ip ospf dead-interval Sets the time interval since the last hello-packet was received from a router. After the interval elapses, the neighboring routers declare the router dead. Syntax ip ospf dead-interval seconds Parameters seconds — Enter the dead interval value in seconds, from 1 to 65535. Default 40 seconds Command Mode INTERFACE Usage Information The dead interval is four times the default hello-interval by default.
Supported Releases 10.3.0E or later ip ospf mtu-ignore Enables OSPF MTU mismatch detection on receipt of DBD packets. Syntax ip ospf mtu-ignore Parameters None Default Not configured Command Mode INTERFACE Usage Information When neighbors exchange DBD packets, the OSPF process checks if the neighbors are using the same MTU on a common interface. If the receiving MTU in the DBD packet is higher than the IP MTU configured on the incoming interface, OSPF adjacency does not establish.
ip ospf priority Sets the priority of the interface to determine the DR for the OSPF network. Syntax ip ospf priority number Parameters number — Enter a router priority number, from 0 to 255. Default 1 Command Mode INTERFACE Usage Information When two routers attached to a network attempt to become the DR, the one with the higher router priority takes precedence. The no version of this command resets the value to the default.
log-adjacency-changes Enables logging of syslog messages regarding changes in the OSPF adjacency state. Syntax log-adjacency-changes Parameters None Default Disabled Command Mode ROUTER-OSPF Usage Information The no version of this command resets the value to the default. Example OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# log-adjacency-changes Supported Releases 10.2.
redistribute Redistributes information from another routing protocol or routing instance to the OSPFv2 process. Syntax redistribute {bgp as-number| connected | static} [route-map map-name] Parameters • as-number — Enter an autonomous number to redistribute BGP routing information throughout the OSPF instance, from 1 to 4294967295. • connected — Enter the information from the connected active routes on interfaces to redistribute.
• vrf vrf-name — Enter the keyword vrf followed by the name of the VRF to configure an OSPF instance in that VRF. Default Not configured Command Mode CONFIGURATION Usage Information Assign an IP address to an interface before using this command. The no version of this command deletes an OSPF instance. Example OS10(config)# router ospf 10 vrf vrf-test Supported Releases 10.2.0E or later show ip ospf Displays OSPF instance configuration information.
Usage Information You can isolate problems with external routes. External OSPF routes are calculated by adding the LSA cost to the cost of reaching the ASBR router. If an external route does not have the correct cost, this command determines if the path to the originating router is correct. ASBRs that are not in directly connected areas display. You can determine if an ASBR is in a directly connected area by the flags. For ASBRs in a directly connected area, E flags are set.
Summary Network (Area 0.0.0.0) Supported Releases 10.2.0E or later show ip ospf database asbr-summary Displays information about AS boundary LSAs. Syntax Parameters show ip ospf [process-id] database asbr-summary • process-id—(Optional) Displays the AS boundary LSA information for a specified OSPF process ID. If you do not enter a process ID, this applies only to the first OSPF process.
Parameters • process-id—(Optional) Displays AS external Type 5 LSA information for a specified OSPF process ID. If you do not enter a process ID, this command applies only to the first OSPF process. • vrf vrf-name — (Optional) Displays AS external (Type 5) LSA information for a specified OSPF Process ID corresponding to a VRF. Default Not configured Command Mode EXEC Usage Information Example • LS Age — Displays the LS age.
Default Not configured Command Mode EXEC Usage Information Example • LS Age—Displays the LS age. • Options—Displays optional capabilities. • LS Type—Displays the LS type. • Link State ID—Identifies the router ID. • Advertising Router—Identifies the advertising router’s ID. • LS Seq Number—Identifies the LS sequence number. This identifies old or duplicate LSAs. • Checksum—Displays the Fletcher checksum of an LSA’s complete contents. • Length—Displays the LSA length in bytes.
• Example Advertising Router — Identifies the advertising router’s ID. • LS Seq Number — Identifies the LS sequence number. This identifies old or duplicate LSAs. • Checksum — Displays the Fletcher checksum of an LSA’s complete contents. • Length — Displays the LSA length in bytes. • Network Mask—Identifies the network mask implemented on the area. • TOS—Displays the ToS options. The only option available is zero. • Metric—Displays the LSA metric.
Checksum: 0xB0F6 Length: 36 Network Mask: /24 Metric Type: 2 TOS: 0 Metric: 20 Forward Address: 0.0.0.0 External Route Tag: 0 LS age: 65 Options: (No TOS-Capability, No DC, No Type 7/5 translation) LS type: NSSA External Link State ID: 14.1.1.0 Advertising Router: 2.2.2.2 LS Seq Number: 0x80000001 Checksum: 0xA303 Length: 36 Network Mask: /24 Metric Type: 2 TOS: 0 Metric: 20 Forward Address: 0.0.0.0 External Route Tag: 0 Supported Releases 10.2.
LS type: Type-10 Area Local Opaque Link State ID: 8.1.1.2 Advertising Router: 2.2.2.2 LS Seq Number: 0x80000008 Checksum: 0x83B8 Length: 28 Opaque Type: 8 Opaque ID: 65794 !! ! Supported Releases 10.2.0E or later show ip ospf database opaque-as Displays information about the opaque-as Type 11 LSAs. Syntax show ip ospf [process-id] opaque—as Parameters process-id — (Optional) Displays opaque-as Type 11 LSA information for a specified OSPF process ID.
show ip ospf database opaque-link Displays information about the opaque-link Type 9 LSA. Syntax Parameters show ip ospf [process-id] [vrf vrf-name] database opaque-link • process-id — (Optional) Displays the opaque-link Type 9 LSA information for an OSPF process ID. If you do not enter a process ID, this command applies only to the first OSPF process. • vrf vrf-name — (Optional) Displays the opaque-link Type 9 LSA information for an OSPF process ID corresponding to a VRF.
Default Not configured Command Mode EXEC Usage Information Output: Example • LS age—Displays the LS age. • Options—Displays optional capabilities. • LS Type—Displays the LS type. • Link State ID—Identifies the router ID. • Advertising Router—Identifies the advertising router’s ID. • LS Seq Number—Identifies the LS sequence number. This identifies old or duplicate LSAs. • Checksum—Displays the Fletcher checksum of an LSA’s complete contents. • Length—Displays the LSA length in bytes.
Parameters • process-id—(Optional) Displays LSA information for a specific OSPF process ID. If you do not enter a process ID, this command applies only to the first OSPF process. • vrf vrf-name — (Optional) Displays LSA information for a specified OSPF process ID corresponding to a VRF. Default Not configured Command Mode EXEC Usage Information Example • LS Age—Displays the LS age. • Options—Displays the optional capabilities available on the router. • LS Type—Displays the LS type.
– vlan — Enter the VLAN interface number, from 1 to 4093. Default Not configured Command Mode EXEC Example OS10# show ip ospf 10 interface ethernet1/1/1 is up, line protocol is up Internet Address 110.1.1.1/24, Area 0.0.0.0 Process ID 10, Router ID 1.1.1.1, Network Type broadcast, Cost: 10 Transmit Delay is 1 sec, State WAIT, Priority 1 BFD enabled(Interface level) Interval 300 Min_rx 300 Multiplier 3 Role Active Designated Router (ID) , Interface address 0.0.0.
– port-channel number — Enter the port-channel interface number, from 1 to 128. – vlan vlan-id — Enter the VLAN ID number, from 1 to 4093. Default Not configured Command Mode EXEC Usage Information This command displays OSPFv2 traffic statistics for a specified instance or interface, or for all OSPFv2 instances and interfaces.
112.112.112.1 112.112.112.2 Supported Releases -/B/-/ -/B/-/ 2 2 110.1.1.2 110.1.1.2 Vl 3050 Vl 3050 0 0 10.2.0E or later summary-address Configures a summary address for an ASBR to advertise one external route as an aggregate for all redistributed routes covered by a specified address range. Syntax summary-address ip-address/mask [not-advertise | tag tag-value] Parameters • ip-address/mask—Enter the IP address to summarize along with the mask.
Default • max-wait — Sets the maximum wait time between two SPF calculations in milliseconds, from 1 to 600000; default 10000. • start-time — 1000 milliseconds • hold-time — 10000 milliseconds • max-wait — 10000 milliseconds Command Mode ROUTER-OSPF Usage Information By default, SPF timers are disabled in an OSPF instance. Use SPF throttling to delay SPF calculations during periods of network instability. In an OSPF network, a topology change event triggers an SPF calculation after a start time.
• max-interval — 5000 milliseconds Command Mode ROUTER-OSPF Usage Information The no version of this command removes the LSA transmit timer. Example OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# timers throttle lsa all 100 300 1000 Supported Releases 10.2.0E or later OSPFv3 OSPFv3 is an IPv6 link-state routing protocol that supports IPv6 unicast address families (AFs). OSPFv3 is disabled by default. You must configure at least one interface, either physical or Loopback.
3 Enter the interface information to configure the interface for OSPFv3 in INTERFACE mode. interface ethernet node/slot/port[:subport] 4 Enable the interface in INTERFACE mode. no shutdown 5 Disable the default switchport configuration and remove it from an interface or a LAG port in INTERFACE mode. no switchport 6 Associate the interface with the non-default VRF instance that you created earlier. ip vrf forwarding vrf-name 7 Enable the OSPFv3 on an interface.
1 Enable OSPFv3 routing and enter ROUTER-OSPFv3 mode, from 1 to 65535. router ospfv3 instance number 2 Configure an area as a stub area in ROUTER-OSPFv3 mode. area area-id stub [no-summary] • area-id — Enter the OSPFv3 area ID as an IP address in A.B.C.D format or number, from 1 to 65535. • no-summary — (Optional) Enter to prevent an ABR from sending summary LSAs into the stub area. Configure Stub Area OS10(config)# router ospfv3 10 OS10(conf-router-ospf-10)# area 10.10.5.
Although the passive interface does not send or receive routing updates, the network on that interface is included in OSPF updates sent through other interfaces. You can remove an interface from passive interfaces using the no ipv6 ospf passive command. 1 Enter an interface type in INTERFACE mode. interface ethernet node/slot/port[:subport] 2 Configure the interface as a passive interface in INTERFACE mode.
Designated Router on this network is 2.2.2.2 Backup Designated router on this network is 10.0.0.2 (local) Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 2.2.2.2(Designated Router) Default route You can generate an external default route and distribute the default information to the OSPFv3 routing domain. • Generate the default route, using the default-information originate [always] command in ROUTER-OSPFv3 mode.
You cannot use an IPsec MD5 or SHA-1 authentication type and the null setting at same time on an interface. These settings are mutually exclusive. • Enable IPsec authentication for OSPFv3 packets in Interface mode. ipv6 ospf authentication {null | ipsec spi number {MD5 | SHA1} key} – null — Prevent an authentication policy configured for the area to be inherited on the interface. Only use this parameter if you configure IPsec area authentication.
OS10(conf-if-eth1/1/1)# show configuration ! interface ethernet1/1/1 ipv6 ospf encryption ipsec spi 500 esp des 1234567812345678 md5 12345678123456781234567812345678 no switchport no shutdown ipv6 address 1::1/64 Configure IPsec authentication for OSPFv3 area Prerequisite: Before you enable IPsec authentication for an OSPFv3 area, enable OSPFv3 globally on the router. • Enable IPsec authentication for OSPFv3 packets in an area in Router-OSPFv3 mode.
Configure IPsec encryption for OSPFv3 area OS10(config-router-ospfv3-100)# area 1 encryption ipsec spi 401 esp des 1234567812345678 md5 12345678123456781234567812345678 OS10(config-router-ospfv3-100)# show configuration ! router ospfv3 100 area 0.0.0.1 encryption ipsec spi 401 esp des 1234567812345678 md5 12345678123456781234567812345678 Troubleshoot OSPFv3 You can troubleshoot OSPFv3 operations and check questions for typical issues that interrupt a process.
• md5 — Enable MD5 authentication. • sha1 — Enable SHA1 authentication. • key — Enter the text string used in the authentication type. Default OSPFv3 area authentication is not configured. Command Mode ROUTER-OSPFv3 Usage Information • Before you enable IPsec authentication for an OSPFv3 area, you must enable OSPFv3 globally on each router. • All OSPFv3 routers in the area must share the same authentication key to exchange information. Only a nonencrypted key is supported.
area stub Defines an area as the OSPF stub area. Syntax Parameters area area-id stub [no-summary] • area-id—Set the OSPFv3 area ID as an IP address in A.B.C.D format or number, from 1 to 65535. • no-summary—(Optional) Prevents an ABR from sending summary LAs into the stub area. Default Not configured Command Mode ROUTER-OSPFv3 Usage Information The no version of this command deletes a stub area. Example OS10(config)# router ospfv3 10 OS10(conf-router-ospfv3-10)# area 10.10.1.
Supported Releases 10.3.0E or later clear ipv6 ospf statistics Clears OSPFv3 traffic statistics. Syntax clear ipv6 ospf [instance-number] [vrf vrf-name] statistics Parameters • instance-number — (Optional) Enter an OSPFv3 instance number, from 1 to 65535. • vrf vrf-name — (Optional) Enter the keyword vrf followed by the name of the VRF to clear OSPFv3 statistics in that VRF.
Example OS10(config)# interface vlan 10 OS10(conf-if-vl-10)# ipv6 ospf 10 area 1 Supported Releases 10.3.0E or later ipv6 ospf authentication Configures OSPFv3 authentication on an IPv6 interface. Syntax Parameters ipv6 ospf authentication {null | ipsec spi number {MD5 | SHA1} key} • null — Prevents area authentication from being inherited on the interface. • ipsec spi number — Enter a unique security policy index number, from 256 to 4294967295. • md5 — Enable MD5 authentication.
Example OS10(config)# interface vlan 10 OS10(conf-if-vl-10)# ipv6 ospf cost 10 Supported Releases 10.3.0E or later ipv6 ospf dead-interval Sets the time interval since the last hello-packet was received from a router. After the interval elapses, the neighboring routers declare the router dead. Syntax ipv6 ospf dead-interval seconds Parameters seconds — Enter the dead interval value in seconds, from 1 to 65535.
• Example All neighboring OSPFv3 routers must share the same authentication key to exchange information. Only a nonencrypted key is supported. For MD5 authentication, the non-encrypted key must be 32 plain hex digits. For SHA1 authentication, the non-encrypted key must be 40 hex digits. An encrypted key is not supported.
Default Not configured Command Mode INTERFACE Usage Information You must configure the interface before setting the interface to passive mode. The no version of the this command disables Passive interface configuration. Example OS10(config)# interface ethernet 1/1/6 OS10(conf-if-eth1/1/6)# ipv6 ospf passive Supported Releases 10.3.0E or later ipv6 ospf priority Sets the priority of the interface to determine the DR for the OSPFv3 network.
Usage Information The no version of this command resets the value to the default. Example OS10(config)# router ospfv3 OS10(config-router-ospfv3-100)# maximum-paths 1 Supported Releases 10.3.0E or later redistribute Redistributes information from another routing protocol or routing instance to the OSPFv3 process.
router ospfv3 Enters Router OSPFv3 mode and configures an OSPFv3 instance. Syntax router ospfv3 instance-number [vrf vrf-name] Parameters • instance-number—Enter a router OSPFv3 instance number, from 1 to 65535. • vrf vrf-name — Enter the keyword vrf followed by the name of the VRF to configure an OSPFv3 instance in that VRF. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes an OSPFv3 instance.
show ipv6 ospf database Displays all LSA information. You must enable OSPFv3 to generate output. Syntax Parameters show ipv6 ospf process-id [vrf vrf-name] database • process-id — Enter the OSPFv3 process ID to view a specific process. If you do not enter a process ID, the command applies to all the configured OSPFv3 processes. • vrf vrf-name — Enter the keyword vrf followed by the name of the VRF to display LSA information for that VRF.
show ipv6 ospf interface Displays the configured OSPFv3 interfaces. You must enable OSPFv3 to display the output. Syntax show ipv6 ospf interface interface [vrf vrf-name] Parameters • interface — (Optional) Enter the interface information: – ethernet — Physical interface, from 1 to 48. – port-channel — Port-channel interface, from 1 to 128. – vlan — VLAN interface, from 1 to 4093.
------------------------------------------------------------------2.2.2.2 1 Full/DR 00:00:30 5 ethernet1/1/1 Supported Releases 10.3.0E or later show ipv6 ospf statistics Displays OSPFv3 traffic statistics. Syntax Parameters show ipv6 ospf [instance-number] statistics [interface interface] • instance-number — (Optional) Enter an OSPFv3 instance number, from 1 to 65535.
Default • hold-time — Sets the additional hold time between two SPF calculations in milliseconds, from 1 to 600000; default 10000. • max-wait — Sets the maximum wait time between two SPF calculations in milliseconds, from 1 to 600000; default 10000. • start-time — 1000 milliseconds • hold-time — 10000 milliseconds • max-wait — 10000 milliseconds Command Mode ROUTER-OSPFv3 Usage Information OSPFv2 and OSPFv3 support SPF throttling. By default, SPF timers are disabled in an OSPF instance.
Figure 4. Object tracking Interface tracking You can create an object that tracks the line-protocol state of an L2 interface, and monitors its operational up or down status. You can configure up to 500 objects. Each object is assigned a unique ID. When the link-level status goes down, the tracked resource status is also considered Down. If the link-level status goes up, the tracked resource status is also considered Up.
• mgmt — Management interface 1 Configure object tracking in CONFIGURATION mode, from 1 to 500. track object-id 2 (Optional) Enter interface object tracking on the line-protocol state of an L2 interface in OBJECT TRACKING mode. interface interface line-protocol 3 (Optional) Configure the time delay used before communicating a change to the status of a tracked interface in OBJECT TRACKING mode, from 0 to 80 seconds; default 0.
1 changes, Last change 2017-04-26T06:45:31Z OS10 (conf-track-2)# Configure IPv6 host tracking OS10 (conf-track-2)# track 3 OS10 (conf-track-3)# ipv6 20::20 reachability OS10 (conf-track-3)# delay up 20 OS10 (conf-track-3)# do show track 3 IP Host 20::20 reachability Reachability is DOWN 1 changes, Last change 2017-04-26T06:47:04Z OS10 (conf-track-3)# Set tracking delays You can configure an optional Up or Down timer for each tracked object.
View interface object tracking information OS10# show track interface TrackID Resource Parameter Status LastChange --------------------------------------------------------------------------------1 line-protocol ethernet1/1/1 DOWN 2017-02-03T08:41:25Z1 OS10# show track ip TrackID Resource Parameter Status LastChange --------------------------------------------------------------------------------2 ipv4-reachablity 1.1.1.
• mgmt — Enter the Management interface. Defaults Not configured Command Mode CONFIGURATION Usage Information None Example OS10(conf-track-100)# interface ethernet line-protocol Supported Releases 10.3.0E or later ip reachability Configures an object to track a specific next-hop host's reachability. Syntax ip host-ip-address reachability Parameters host-ip-address — Enter the IPv4 host address.
Command Mode CONFIGURATION Usage Information Set the interval to 0 to disable the refresh. Example OS10(conf-track-100)# reachability-refresh 600 Supported Releases 10.3.0E or later show track Displays tracked object information. Syntax show track [brief] [object-id] [interface] [ip | ipv6] Parameters • brief — (Optional) Displays brief tracked object information. • object-id — (Optional) Displays tracked object information for a specific object ID.
Policy-based routing PBR provides a mechanism to redirect IPv4 and IPv6 data packets based on the policies defined to override the switch’s forwarding decisions based on the routing table. Policy-based route-maps A route-map is an ordered set of rules that controls the redistribution of IP routes into a protocol domain. When you enable PBR on an interface, all IPv4 or IPv6 data packets process based on the policies that you define in the route-maps.
Apply match and set parameters to IPv4 route-map OS10(conf-route-map)# route-map map1 OS10(conf-route-map)# match ip address acl5 OS10(conf-route-map)# set ip next-hop 10.10.10.10 Apply match and set parameters to IPv6 route-map OS10(conf-route-map)# route-map map1 OS10(conf-route-map)# match ipv6 address acl8 OS10(conf-route-map)# set ipv6 next-hop 20::20 Assign route-map to interface You can assign a route-map to an interface for IPv4 or IPv6 policy-based routing to an interface.
Policy routing matches: 84 packets PBR commands clear route-map pbr-statistics Clears all PBR counters. Syntax clear route-map [map-name] pbr-statistics Parameters map-name—Enter the name of a configured route-map. A maximum of 140 characters. Defaults None Command Mode EXEC Usage Information None Example OS10# clear route-map map1 pbr-statistics Supported Releases 10.3.0E or later match address Matches the access-list to the route-map.
Supported Releases 10.3.0E or later route-map pbr-statistics Enables counters for PBR statistics. Syntax route-map [map-name] pbr-statistics Parameters map-name—Enter the name of a configured route-map. A maximum of 140 characters. Defaults Not configured Command Mode CONFIGURATION Usage Information None Example OS10(config)# route-map map1 pbr-statistics Supported Releases 10.3.0E or later set next-hop Sets an IPv4 or IPv6 next-hop address for policy-based routing.
show policy Displays policy information. Syntax show {ip | ipv6} policy [map-name] Parameters map-name — (Optional) Enter the name of a configured route map. A maximum of 140 characters. Defaults None Command Mode EXEC Usage Information None Example OS10# show ip policy map-name Supported Releases 10.3.0E or later show route-map pbr-statistics Displays the current PBR statistics.
Configuration VRRP specifies a master, or active, router that owns the next-hop IP and MAC address for end stations on a LAN. The master router is chosen from the virtual routers by an election process and forwards packets sent to the next-hop IP address. If the master router fails, VRRP begins the election process to choose a new master router which continues routing traffic. VRRP packets transmit with the virtual router MAC address as the source MAC address.
Create virtual router VRRP uses the VRID to identify each virtual router configured. Before using VRRP, you must configure the interface with the primary IP address and enable it. • Create a virtual router for the interface with the VRRP identifier in INTERFACE mode, from 1 to 255. vrrp-group vrrp-id • Delete a VRRP group in INTERFACE mode.
Virtual IP addresses Virtual routers contain virtual IP addresses configured for that VRRP group (VRID). A VRRP group does not transmit VRRP packets until you assign the virtual IP address to the VRRP group. To activate a VRRP group on an interface, configure at least one virtual IP address for a VRRP group. The virtual IP address is the IP address of the virtual router and does not require an IP address mask. You can configure up to 10 virtual IP addresses on a single VRRP group (VRID).
interface ethernet1/1/3 switchport access vlan 1 no shutdown ! interface ethernet1/1/4 switchport access vlan 1 --more-View VRRP information When the VRRP process completes initialization, the State field contains either master or backup. OS10# show vrrp brief Interface Group Priority Preemption State Master-addr Virtual addr(s) ---------------------------------------------------------------------------ethernet1/1/1 IPv4 10 100 true master 10.1.1.8 10.1.1.
6 Configure a VRRP group. vrrp-group group-id INTERFACE CONFIGURATION Mode 7 Configure virtual IP address for the VRRP ID. virtual-address ip-address INTERFACE VRRP Mode OS10(config)# ip vrf vrf-test OS10(config-vrf)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# no switchport OS10(conf-if-eth1/1/1)# ip vrf forwarding vrf-test OS10(conf-if-eth1/1/1)# ip address 10.1.1.1/24 OS10(conf-if-eth1/1/1)# vrrp-group 10 OS10(conf-eth1/1/1-vrid-10)# virtual-address 10.1.1.
Authentication Simple authentication of VRRP packets ensures that only trusted routers participate in VRRP processes. When you enable authentication, OS10 includes the password in its VRRP transmission. The receiving router uses that password to verify the transmission. You must configure all virtual routers in the VRRP group with the same password. You must enable authentication with the same password or authentication is disabled. Authentication for VRRPv3 is not supported.
UNwh8WVuxwfd9q4pWIgNs5BKH. aaa authentication system:local ! interface ethernet1/1/5 ip address 1.1.1.1/16 no switchport no shutdown ! vrrp-group 254 priority 125 virtual-address 1.1.1.3 no preempt ! Advertisement interval By default, the master router transmits a VRRP advertisement to all members of the VRRP group every one second, indicating it is operational and is the master router.
switchport access vlan 1 no shutdown Interface/object tracking You can monitor the state of any interface according to the virtual group. OS10 supports a maximum of 10 track groups and each track group can track only one interface. If the tracked interface goes down, the VRRP group’s priority decreases by a default value of 10 — also known as cost. If the tracked interface’s state goes up, the VRRP group’s priority increases by the priority cost.
! interface ethernet1/1/2 switchport access vlan 1 no shutdown ! interface ethernet1/1/3 switchport access vlan 1 no shutdown ! interface ethernet1/1/4 switchport access vlan 1 no shutdown ! interface ethernet1/1/5 switchport access vlan 1 no shutdown ! interface ethernet1/1/6 switchport access vlan 1 no shutdown ! ..... .....
authentication-type Enables authentication of VRRP data exchanges. Syntax authentication-type simple-text password Parameters simple-text password — Enter a simple text password. Default Disabled Command Mode INTERFACE-VRRP Usage Information With authentication enabled, OS10 ensures that only trusted routers participate in routing in an autonomous network. The no version of this command disables authentication of VRRP data exchanges.
Example OS10(conf-eth1/1/5-vrid-254)# priority 200 Supported Releases 10.2.0E or later show vrrp Displays VRRP group information. Syntax show vrrp [vrf vrf-name] {brief | vrrp-id | ipv6 group-id} Parameters • vrf vrf-name — Displays the VRRP group information corresponding to the specified VRF. • brief — Displays the configuration information for all VRRP instances in the system. • vrrp-id — Enter a VRRP group ID number to view the VRRP IPv4 group operational status information, from 1 to 255.
Command Mode INTERFACE-VRRP Usage Information If you disable the interface, the cost value subtracts from the priority value and forces a new master election. This election process is applicable when the priority value is lower than the priority value in the backup virtual router. The no version of this command resets the value to the default. Example OS10(conf-eth1/1/5-vrid-254)# track 400 Example (Priority Cost) OS10(conf-eth1/1/5-vrid-254)# track 400 priority-cost 20 Supported Releases 10.2.
Example OS10(conf-eth1/1/5-vrid-254)# virtual address 10.1.1.15 Supported Releases 10.2.0E or later vrrp delay reload Sets the delay time for VRRP initialization after a system reboot. Syntax vrrp delay reload seconds Parameters seconds — Enter the number of seconds for the VRRP reload time, from 0 to 900. Default 0 Command Mode CONFIGURATION Usage Information VRRP delay reload time of zero seconds indicates no delays. This command configuration applies to all the VRRP configured interfaces.
Usage Information The VRRP group only becomes active and sends VRRP packets when you configure a virtual IP address. When you delete the virtual address, the VRRP group stops sending VRRP packets. The no version of this command removes the vrrp-ipv6–group configuration. Example OS10(conf-if-eth1/1/7)# vrrp-ipv6-group 250 Supported Releases 10.2.0E or later vrrp version Sets the VRRP version for the IPv4 group. Syntax Parameters vrrp version {2 | 3} • 2 — Set to VRRP version 2.
6 VXLAN A virtual extensible LAN (VXLAN) extends Layer 2 server connectivity over an underlying Layer 3 transport network in a virtualized data center. A virtualized data center consists of virtual machines (VMs) in a multi-tenant environment. OS10 supports VXLAN as described in RFC 7348. VXLAN provides a Layer 2 overlay mechanism on an existing Layer 3 network by encapsulating the Layer 2 frames in Layer 3 packets.
Virtual extensible LAN (VXLAN) A type of network virtualization overlay that encapsulates a tenant's payload into IP UDP packets for transport across the IP underlay network. VXLAN network identifier (VNI) A 24-bit ID number that identifies a tenant segment and is transmitted in a VXLAN encapsulated packet. VXLAN tunnel endpoint (VTEP) A switch with connected end hosts that are assigned to virtual networks, and the virtual networks are mapped to VXLAN segments.
Configure VXLAN To extend a L2 tenant segment using VXLAN, follow these configuration steps on each VTEP switch: 1 Configure the source IP address used in encapsulated VXLAN packets. 2 Configure a virtual network and assign a VXLAN VNI. 3 Configure VLAN-tagged access ports. 4 Configure untagged access ports. 5 (Optional) Enable routing for hosts on different virtual networks. 6 Advertise the local VXLAN source IP address to remote VTEPs. 7 (Optional) Configure VLT.
After you configure the remote VTEP, when the IP routing path to the remote VTEP IP address in the underlay IP network is known, the virtual network is enabled to send and receive VXLAN-encapsulated traffic from and to downstream servers and hosts. All broadcast, multicast, and unknown unicast (BUM) traffic received on access interfaces is replicated and sent to all configured remote VTEPs. Each packet contains the VXLAN VNI in its header.
Add untagged access ports to the VXLAN overlay network using either a switch-scoped VLAN or port-scoped VLAN. Only one method is supported. • To use a switch-scoped VLAN to add untagged member ports to a virtual network: a Assign a VLAN to a virtual network in VLAN Interface mode. interface vlan vlan-id virtual-network vn-id exit b Configure port interfaces as access members of the VLAN in Interface mode.
VXLAN virtual network VTEP Virtual-network IP address Anycast gateway IP address VNI 11 VTEP 1 10.10.1.201 10.10.1.254 VTEP 2 10.10.1.202 10.10.1.254 VTEP 3 10.10.1.203 10.10.1.254 VTEP 1 10.20.1.201 10.20.1.254 VTEP 2 10.20.1.202 10.20.1.254 VTEP 3 10.20.1.203 10.20.1.254 VTEP 1 10.30.1.201 10.30.1.254 VTEP 2 10.30.1.202 10.30.1.254 VTEP 3 10.30.1.203 10.30.1.
Configure VLT (Optional) To use VXLAN in a VLT domain, configure the VLT domain — including the VLT Interconnect (VLTi) interfaces, backup heartbeat, and VLT MAC address — as described in Virtual link trunking. Required VLT VXLAN configuration: • The IP address of the VTEP source loopback interface must be same on the VLT peers.
View VXLAN virtual-network VLAN OS10# show show virtual-network vlan 100 Vlan Virtual-network Interface 100 1000 ethernet1/1/1,ethernet1/1/2 100 5000 ethernet1/1/2 View VXLAN virtual-network VLANs OS10# show vlans Codes: * - Default VLAN, M - Management VLAN, R - Remote Port Mirroring VLANs, @ – Attached to Virtual Network Q: A - Access (Untagged), T - Tagged NUM * 1 @ 100 @ 101 200 Status Description Q Ports up A Eth1/1/1-1/1/48 up T Eth1/1/2,Eth1/1/3 A Eth1/1/1 up T port-channel5 up T Eth1/1/11-1/1/15 V
The show ip arp and show ipv6 neighbors outputs display information about IPv4 and IPv6 neighbors learned in VXLAN virtual networks configured on the switch. OS10# show ip arp Address Hardware address Interface Egress Interface ---------------------------------------------------------------100.0.0.1 00:89:05:03:34:90 ethernet1/1/6 ethernet1/1/6 101.0.0.2 00:c5:05:02:12:91 vlan12 ethernet1/1/5 101.0.0.5 00:c5:05:02:12:94 vlan12 ethernet1/1/9 102.0.0.3 00:c5:05:02:12:92 port-channel2 port-channel2 105.0.0.
Command Description interface ethernet node/slot/port:subport: Displays only MAC addresses learned on the specified interface. interface port-channel number: Displays only MAC addresses learned on the specified port channel. show mac address-table extended [address macaddress | interface {ethernet node/slot/ port:subport | port-channel number} | static | dynamic] Displays MAC addresses learned on all VLANs and VXLANs (default).
Command Description show mac address-table count extended [interface ethernet node/slot/port:subport | port-channel number]} Displays the number of MAC addresses learned on all VLANs and VXLAN virtual networks. interface ethernet node/slot/port:subport: Displays the number of MAC addresses learned from VLANs and VXLANs on the specified interface. port-channel number: Displays the number of MAC addresses learned from VLANs and VXLANs on the specified port channel. Clear VXLAN MAC addresses Table 6.
vlan vlan-id Assign tagged traffic on the specified VLAN to a virtual network. Default Not configured Command mode VIRTUAL-NETWORK Usage information Use the member-interface command to assign traffic on the same VLAN or interface to different virtual networks. The no version of this command removes the configured value.
show nve remote-vtep Displays information about remote VXLAN tunnel endpoints. Syntax show nve remote-vtep [ip-address | summary] Parameters ip-address Display detailed information about a specified remote VTEP. summary Display summary information about remote VTEP. Default Display detailed information about remote VTEPs. Command mode EXEC Usage information Use the show nve remote-vtep command to display the IP address, operational state, and configured VXLANs for each remote VTEP.
show nve vxlan-vni Displays information about the VXLAN virtual networks on the switch. Syntax show nve vxlan-vni Parameters None Default Not configured Command mode EXEC Usage information Use the show nve vxlan-vni command to display information about configured VXLAN virtual networks. Each VXLAN virtual network is identified by its virtual-network ID. Example OS10# show nve vxlan-vni VNI Virtual-Network Source-IP Remote-VTEPs -----------------------------------------------------10000 1 1.1.1.
show virtual-network counters Displays packet statistics for virtual networks. Syntax show virtual-network [vn-id] counters Parameters vn-id Enter a virtual-network ID (1 to 65535). Default Not configured Command mode EXEC Usage information Use the show virtual-network counters command to monitor the packet throughput on virtual networks, including VXLANs. Use the clear virtual-network counters command to clear virtual-network counters.
To clear VXLAN packet counters on a member port or VLAN members of a virtual network, enter the clear virtual-network interface {ethernet node/slot/port:subport | port-channel number} [vlan vlan-id] counters command. Example OS10# show virtual-network interface 1/1/3 vlan 100 counters Virtual-Network Input (Packets/Bytes) Output (Packets/Bytes) 2000 457/3570 277/13709 Supported releases 10.4.2.
Example OS10# show show virtual-network 100 Vlan Virtual-network Interface 100 1000 ethernet1/1/1,ethernet1/1/2 100 5000 ethernet1/1/2 Supported releases 10.4.2.0 or later show vlan (virtual network) Displays the VLANs assigned to virtual networks. Syntax show vlan Parameters None Default Not configured Command mode EXEC Usage information Use the show vlan command to display the VLAN port interfaces that transmit VXLAN packets over a virtual network.
Enter the source-interface loopback number command in VXLAN-VNI mode to override a previously configured value and reconfigure the source IP address. Examples OS10(config-nve)# source-interface loopback 1 Supported releases 10.4.2.0 or later virtual-network Creates a virtual network for VXLAN tunneling. Syntax Parameters virtual-network vn-id vn-id Enter the virtual-network ID (1 to 65535).
Parameters vni Enter the VXLAN ID for a virtual network (1-16,777,215). Default Not configured Command mode VIRTUAL-NETWORK Usage information The vxlan-vni associates a VXLAN ID number with a virtual network. The no version of this command removes the configured ID. Example OS10(conf-vn-100)# vxlan-vni 100 OS10(config-vn-vxlan-vni)# Supported releases 10.4.2.0 or later VXLAN MAC commands clear mac address-table dynamic nve remote-vtep Clears all MAC addresses learned from a remote VTEP.
interface port-channel number Clear all MAC addresses learned on the specified port channel. virtualnetwork vn-id Clear all MAC addresses learned on the specified virtual network (1 to 65535). local Clear only locally-learned MAC addresses. vn-id Clear learned MAC addresses on the specified virtual network (1 to 65535). vn-id local Clear locally learned MAC addresses on the specified virtual network (1 to 65535).
Supported releases 10.4.2.0 or later show mac address-table count nve Displays the number of MAC addresses learned on a VXLAN virtual network or from a remote VXLAN tunnel endpoint. Syntax show mac address-table count nve {vxlan-vni vni | remote-vtep ip-address} Parameters vxlan-vni vni Display MAC addresses learned on the specified VXLAN virtual network (1-16,777,215). remote-vtep ip-address Display MAC addresses learned from the specified remote VTEP.
interface port-channel number Display the number of MAC addresses learned on the specified port channel. vn-id Display the number of MAC addresses learned on the specified virtual network (1-65535). Default Not configured Command mode EXEC Usage information Use the show mac address-table count virtual-network command to display the number of MAC address entries learned on virtual networks in the MAC address table.
10000 10000 10000 10000 20000 20000 20000 20000 Supported releases 4000 100 100 300 300 300 aa:bb:cc:dd:f0:03 00:00:00:00:00:11 00:00:00:00:00:44 00:00:00:00:00:55 00:00:00:00:00:77 00:00:00:00:00:22 00:00:00:00:00:33 00:00:00:00:00:66 00:00:00:00:00:88 static dynamic dynamic dynamic dynamic dynamic dynamic dynamic dynamic port-channel1000 ethernet1/1/31:1 port-channel1000 port-channel10 VxLAN(32.1.1.1) port-channel100 port-channel1000 port-channel10 VxLAN(32.1.1.1) 10.4.2.
static Display only static MAC addresses. dynamic Display only dynamic MAC addresses. address macaddress Display only information about the specified MAC address. Enter the MAC address in EEEE.EEEE.EEEE format. interface ethernet node/ slot/ port[:subport] Display only MAC addresses learned on the specified interface. interface port-channel number Display only MAC addresses learned on the specified port channel.
Figure 6. VXLAN use case VTEP 1 Leaf Switch 1. Configure the underlay OSPF protocol Do not configure the same IP address for the router ID and the source loopback interface in Step 2. OS10(config)# router ospf 1 OS10(config-router-ospf-1)# router-id 21.1.1.1 OS10(config-router-ospf-1)# exit 2. Configure a loopback interface OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 31.1.1.1/32 OS10(conf-if-lo-0)# ip ospf 1 area 0.0.0.
3. Configure the loopback interface as the VXLAN source tunnel interface OOS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 4. Configure a VXLAN virtual network with a static VTEP OS10(config)# virtual-network 10000 OS10(config-vn)# vxlan-vni 100 OS10(config-vn-vxlan-vni-100)# remote-vtep 32.1.1.1 OS10(config-vn-vxlan-vni-100)# exit OS10(config-vn)# exit 5.
Configure dedicated L3 underlay path to reach VLT Peer in case of network failure OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 41.1.1.1/24 OS10(config-if-vl-4000)# ip ospf 1 area 0.0.0.
Configure anycast gateway IP address OOS10(config-if-vn)# ip virtual-router address 10.1.0.100 VTEP 2 Leaf Switch 1. Configure the underlay OSPF protocol Do not configure the same router ID on other VTEP switches. OS10(config)# router ospf 1 OS10(config-router-ospf-1)# router-id 22.1.1.1 OS10(config-router-ospf-1)# exit 2. Configure a loopback interface The source-interface IP address must be same as the source-interface IP address on the VLT peer.
OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# no shutdown channel-group 20 mode active no switchport exit 7. Configure upstream network-facing ports OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# ethernet1/1/1 no shutdown no switchport mtu 1650 ip address 13.1.1.1/24 ip ospf 1 area 0.0.0.
OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# downstream ethernet1/1/1-1/1/2 upstream port-channel10 upstream port-channel20 exit 9.
6.
OS10(config-if-vl-4000)# ip ospf 1 area 0.0.0.
VTEP 4 Leaf Switch 1. Configure the underlay OSPF protocol Do not configure the same IP address for the router ID and the source loopback interface in Step 2. OS10(config)# router ospf 1 OS10(config-router-ospf-1)# router-id 24.1.1.1 OS10(config-router-ospf-1)# exit 2. Configure a loopback interface OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 32.1.1.1/32 OS10(conf-if-lo-0)# ip ospf 1 area 0.0.0.0 OS10(conf-if-lo-0)# exit 3.
7. Add access ports to VXLAN virtual network OS10(config)# virtual-network 10000 OS10(config-vn)# member-interface port-channel 10 vlan-tag 200 OS10(config-vn)# member-interface port-channel 20 untagged OS10(config-vn)# exit 8. Configure upstream network-facing ports OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# ethernet1/1/1 no shutdown no switchport mtu 1650 ip address 17.1.1.
OS10(conf-vlt-1)# peer-routing OS10(conf-vlt-1)# vlt-mac bb:aa:dd:cc:ff:ee OS10(conf-vlt-1)# exit Configure UFD with uplink VLT ports and downlink network ports OS10(config)# uplink-state-group OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# 1 enable downstream ethernet1/1/1-1/1/2 upstream port-channel10 upstream port-channel20 exit 10.
2. Configure the underlay OSPF protocol OS10(config)# router ospf 1 OS10(config-router-ospf-1)# router-id 25.1.1.1 OS10(config-router-ospf-1)# exit Spine Switch 2 1. Configure downstream ports on underlay links to leaf switches OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# ethernet1/1/1 no shutdown no switchport ip address 12.1.1.2/24 ip ospf 1 area 0.0.0.
BGP EVPN compared to static VXLAN OS10 supports two types of VXLAN NVO overlay networks: • Static VXLAN • BGP EVPN Static VXLAN and BGP EVPN for VXLAN are configured and operate in the same ways: • The overlay and underlay networks are manually configured. • Each virtual network and VNI are manually configured. • Access port membership in a virtual network is manually configured. • Underlay reachability to VTEP peers is provisioned or learned using existing routing protocols.
Figure 7. BGP EVPN topology Leaf nodes The leaf nodes are typically top-of-rack (TOR) switches in a data center network. They act as the VXLAN tunnel endpoints and perform VXLAN encapsulation and decapsulation. The leaf nodes also participate in the MP-BGP EVPN to support control plane and data plane functions. The control plane functions include: • • • Initiate and maintain route adjacencies using any routing protocol in the underlay network. Advertise locally learned routes to all MP-BGP EVPN peers.
The control plane functions include: • Initiate BGP peering with all neighbor leaf nodes. • Advertise BGP routes to all BGP peers. • In the underlay network, initiate and maintain the routing adjacencies with all leaf and spine nodes. The data plane functions include: • Perform only the underlay route processing based on the outer header in VXLAN encapsulated packets. • Does not perform VXLAN encapsulation or decapsulation.
• For a 2-byte ASN, the RT type is set to 0200 (Type 0 in RFC 4364). The RT value is encoded in the format described in section 5.1.2.1 of RFC 8365: 2-octet-ASN: 4-octet-number, where the following values are used in the 4-octet-number field: – Type: 1 – D-ID: 0 – Service-ID: VNI • For a 4-byte ASN, OS10 can auto-configure RTs for both 2-byte and 4-byte ASNs. The RT type is set to 0202 (Type 2 in RFC 4364).
g Assign the BGP neighbor to an autonomous system in ROUTER-BGP-NEIGHBOR mode. remote-as as-number h Enable the peer session with the BGP neighbor in ROUTER-BGP-NEIGHBOR mode. no shutdown i Return to ROUTER-BGP mode. exit For each BGP peer session in the overlay network: 2 a Configure the BGP peer using its loopback IP address on the VTEP in ROUTER-BGP mode. neighbor loopback-ip-address b Assign the BGP neighbor loopback address to the autonomous system in ROUTER-BGP-NEIGHBOR mode.
– rd auto automatically generates the Route Distinguisher. 4 Configure the Route Target values in EVPN EVI mode. route-target {auto | value [asn4] {import | export | both}} Where: – route-target auto auto-configures an import and export value for EVPN routes. – route-target value [asn4]{import | export | both} configures an import or export value for EVPN routes in the format 2-octet-ASN:4-octet-number or 4-octet-ASN:2-octet-number. ◦ The 2-octet ASN number is 1 to 65535.
Connections established 2; dropped 0 Last reset never Prefixes ignored due to: Martian address 0, Our own AS in AS-PATH 0 Invalid Nexthop 0, Invalid AS-PATH length 0 Wellknown community 0, Locally originated 0 Local host: 110.111.180.195, Local port: 43081 Foreign host: 110.111.170.102, Foreign port: 179 Display BGP L2VPN EVPN address family OS10# show ip bgp l2vpn evpn BGP local RIB : Routes to be Added , Replaced , Withdrawn BGP local router ID is 110.111.170.
Supported Releases 10.2.0E or later address-family l2vpn evpn Configures the L2 VPN EVPN address family for VXLAN host-based routing to a BGP neighbor. Syntax address-family l2vpn evpn Parameters None Default Not configured Command mode ROUTER-NEIGHBOR Usage information To use BGP EVPN service in a VXLAN, you must configure and enable the L2VPN EVPN address family on a VTEP to support host-based routing to each BGP neighbor.
Command Mode ROUTER-BGP-NEIGHBOR-AF Usage Information This command helps detect routing loops, based on the AS path before it starts advertising routes. To configure a neighbor to accept routes use the neighbor allowas-in command. The no version of this command disables sender-side loop detection for that neighbor. Example (IPv4) OS10(conf-router-bgp-102)# neighbor 3.3.3.
BGP version 4, remote router ID 3.3.3.
– The RD auto-configures as Type 1 from the overlay network source IP address and the auto-generated EVI index. – The RT auto-configures as Type 2 from the 4-byte AS and the 2-byte EVI (Type encoded as 0x0202). Example OS10(config)# evpn OS10(config-evpn)# auto-evi Supported releases 10.4.2.0 or later evi Creates an EVPN instance (EVI) in EVPN mode. Syntax evi id Parameters id Enter the EVPN instance ID (1 to 65535).
rd Configures the Route Distinguisher (RD) value used in EVPN routes. Syntax Parameters rd {A.B.C.D:[1-65535] | auto} A.B.C.D: [1-65535] Manually configure the route distinguisher with a 4-octet IPv4 address followed by a 2octet-number. (1-65535). auto Configure the route distinguisher to be automatically generated. Default Not configured Command mode EVPN-EVI Usage information A route distinguisher (RD) maintains the uniqueness of an EVPN route between different EVPN instances.
Example OS10(config)# evpn OS10(config-evpn)# evi OS10(config-evpn-evi)# OS10(config-evpn-evi)# OS10(config-evpn-evi)# Supported releases 10 vni 10000 rd 111.111.111.111:65535 route-target 1:3 both 10.4.2.0 or later show evpn evi Displays BGP EVPN routes for host MAC addresses. Syntax show evpn evi [id] Parameters id — (Optional) Enter the EVPN instance ID (1 to 65535).
Total MAC Entries : Local MAC Address Count : Remote MAC Address Count : 2 5 OS10# show evpn mac evi 811 count EVI 811 MAC Entries : Local MAC Address Count : Remote MAC Address Count : 1 2 OS10# show evpn mac evi 811 next-hop 80.80.1.8 count EVI 811 next-hop 80.80.1.8 MAC Entries : Remote MAC Address Count : 2 Supported releases 10.4.2.0 or later show evpn vxlan-vni Displays the VXLAN overlay network for EVPN instances.
Example: VXLAN with BGP EVPN This VXLAN with BGP EVPN example uses a typical Clos leaf-spine topology with VXLAN tunnel endpoints (VTEPs). Individual switch configuration shows how to set up an end-to-end VXLAN. eBGP is used for exchanging IP routes in the IP underlay network, and EVPN routes in the VXLAN overlay network. All spine nodes are in one autonomous system — AS 65001. All leaf nodes are in another autonomous system — AS 65002.
VTEP 1 Leaf Switch 1. Configure a loopback interface OS10(config)# interface loopback0 OS10(conf-if-lo-0)# ip address 1.1.1.1/32 OS10(conf-if-lo-0)# exit 2. Configure the loopback interface as the VXLAN source tunnel interface OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 3.
5. Configure a VXLAN virtual network with a remote tunnel endpoint OS10(config)# virtual-network 10000 OS10(config-vn)# vxlan-vni 100 OS10(config-vn-vxlan-vni-100)# exit OS10(config-vn)# exit 6. Assign VLAN member interfaces to a virtual network Use a switch-scoped VLAN-to-VNI mapping: OS10(config)# interface vlan100 OS10(config-if-vl-100)# virtual-network 10000 OS10(config-if-vl-100)# exit 7.
OS10(config-router-bgp-65002)# neighbor 13.1.1.2 OS10(config-router-neighbor)# remote-as 65001 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# allowas-in 1 OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# exit OS10(config-router-bgp-65002)# neighbor 14.1.1.
8. Configure upstream network-facing ports OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(config)# interface OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# ethernet1/1/1 no shutdown no switchport mtu 1650 ip address 13.1.1.1/24 exit ethernet1/1/2 no shutdown no switchport mtu 1650 ip address 14.1.1.1/24 exit 9.
OS10(config-router-neighbor)# send-community extended OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# no activate OS10(config-router-neighbor)# address-family l2vpn evpn OS10(config-router-bgp-neighbor-af)# activate OS10(config-router-bgp-neighbor-af)# allowas-in 1 OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# exit OS10(config-router-bgp-65002)# neighbor 22.22.22.
OS10(conf-if-eth1/1/2)# ip address 16.1.1.1/24 OS10(conf-if-eth1/1/2)# exit 11. Configure EVPN Manually configure the EVPN instance. Configure the Route Distinguisher, and Route Target using auto-EVI mode: OS10(config)# evpn OS10(config-evpn)# evi 10000 OS10(config-evpn-evi-10000)# OS10(config-evpn-evi-10000)# OS10(config-evpn-evi-10000)# OS10(config-evpn-evi-10000)# OS10(config-evpn)# exit vni 100 rd auto route-target auto exit VTEP 4 Leaf Switch 1.
OS10(config-router-bgp-65002)# neighbor 22.22.22.
Spine Switch 1 1.
4. Configure eBGP for the EVPN address family OS10(config)# router bgp 65001 OS10(config-router-bgp-65001)# neighbor 1.1.1.
OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(config)# interface OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# no switchport ip address 14.1.1.2/24 exit ethernet1/1/3 no shutdown no switchport ip address 16.1.1.2/24 exit ethernet1/1/4 no shutdown no switchport ip address 18.1.1.2/24 exit 2.
OS10(config-router-bgp-neighbor-af)# no sender-side-loop-detection OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# exit OS10(config-router-bgp-65001)# neighbor 2.2.2.
7 UFT modes A switch in a Layer 2 (L2) network may require a larger MAC address table size, while a switch in a Layer 3 (L3) network may require a larger routing table size. Unified forwarding table (UFT) offers the flexibility to configure internal L2/L3 forwarding table sizes. OS10 supports several UFT modes for the forwarding tables. By default, OS10 selects a UFT mode that provides a reasonable size for all tables.
Table 11. UFT Modes — Table Size for Z9100-ON UFT Mode L2 MAC Table Size L3 Host Table Size L3 Routes Table Size Scaled-l2–switch 139264 8192 16384 Scaled-l3–hosts 8192 139264 16384 Scaled-l3–routes 8192 8192 131072 Default 73728 73728 16384 Table 12.
• Disable UFT mode in CONFIGURATION mode.
UFT commands hardware forwarding-table mode Selects a mode to initialize the maximum scalability size. The available options are: scaled L2 MAC address table, scaled L3 routes table, or scaled L3 hosts table. Syntax Parameters hardware forwarding-table mode {scaled-l2 | scaled-l3-routes | scaled-l3-hosts} • scaled-l2 —Enter the L2 MAC address table size. • scaled-l3-routes — Enter the L3 routes table size. • scaled-l3-hosts — Enter the L3 hosts table size.
show hardware forwarding-table mode Displays the current hardware forwarding table mode, and the mode after the next boot. Syntax show hardware forwarding-table mode Parameters None Defaults None Command Mode EXEC Usage Information None Example OS10# show hardware forwarding-table mode Current Settings Mode default-mode L2 MAC Entries : 163840 L3 Host Entries : 147456 L3 Route Entries : 16384 Supported Releases Next-boot Settings scaled-l3-hosts 98304 212992 98304 10.3.
Example OS10# show hardware l3 Current Settings IPv6 Extended Prefix Entries: 2048 Supported Releases Next-boot Settings 2048 10.4.1.
8 System management Dynamic Host Configuration Protocol Provides information to dynamically assign IP addresses and other configuration parameters to network hosts based on policies, see DHCP commands. Network Time Protocol Provides information to synchronize timekeeping between time servers and clients, see NTP commands.
Configuration parameters are options in the DHCP packet in type, length, value (TLV) format. To limit the number of parameters that servers must provide, hosts enter the parameters that they require and the server sends only those parameters. DHCP uses the User Datagram Protocol (UDP) as its transport protocol. Figure 10. DHCP Packet Format The table shows common options using DHCP packet formats.
DHCP server The Dynamic Host Configuration Protocol (DHCP) server provides network configuration parameters to DHCP clients on request. A DHCP server dynamically allocates four required IP parameters to each computer on the virtual local area network (VLAN) — the IP address, network mask, default gateway, and name server address. DHCP IP address allocation works on a client/server model where the server assigns the client reusable IP information from an address pool.
Address lease time Use the lease {days [hours] [minutes] | infinite} command to configure an address lease time (default 24 hours). OS10(config)# ip dhcp server OS10(conf-dhcp)# pool Dell OS10(conf-dhcp-Dell)# lease 36 Default gateway Ensure the IP address of the default router is on the same subnet as the client. 1 Enable DHCP server-assigned dynamic addresses on an interface in CONFIGURATION mode. ip dhcp server 2 Create an IP address pool and provide a name in DHCP mode.
NetBIOS WINS address resolution DHCP clients can be one of four types of NetBIOS nodes — broadcast, peer-to-peer, mixed, or hybrid. Dell EMC recommends using hybrid as the NetBIOS node type. 1 Enable DHCP server-assigned dynamic addresses on an interface in DHCP mode. ip dhcp server 2 Create an IP address pool and enter the pool name in DHCP mode. pool name 3 Enter the NetBIOS WINS name servers in order of preference that are available to DHCP clients in DHCP mode.
With a fixed host configuration, also known as manual binding, you must configure a network pool with a matching subnet. The static hostto-MAC address mapping pool inherits the network mask from the network pool with subnet configuration, which includes the host’s address range. Consider the following example: OS10# show running-configuration interface ethernet 1/1/2 ! interface ethernet1/1/2 no shutdown no switchport ip address 100.1.1.
This option secures all DHCP traffic that goes through a DHCP relay agent, and ensures that communication between the DHCP relay agent and the DHCP server is not compromised. The DHCP relay agent inserts Option 82 before forwarding DHCP packets to the DHCP server. The DHCP server includes Option 82 back in its response to the relay agent. The relay agent uses this information to forward a reply out the interface on which the request was received rather than flooding it on the entire VLAN.
aaa authentication system:local ip domain-name dell.com ip domain-list f10.com ip name-server 1.1.1.1 2::2 ip host dell-f10.com 10.10.10.10 snmp-server community public read-only snmp-server contact http://www.dell.com/support/ snmp-server location United States debug radius false DHCP commands default-router address Assigns a default gateway to clients based on the IP address pool. Syntax Parameters default-router address [address2...
dns-server address Assigns a DNS server to clients based on the address pool. Syntax dns-server address [address2...address8] Parameters • address — Enter the DNS server IP address that services clients on the subnet in A.B.C.D or A::B format. • address2...address8 — (Optional) Enter up to eight DNS server addresses, in order of preference. Default Not configured Command Mode DHCP-POOL Usage Information None Example OS10(conf-dhcp-Dell)# dns-server 192.168.1.1 Supported Releases 10.2.
host Assigns a host to a single IPv4 or IPv6 address pool for manual configurations. Syntax host A.B.C.D/A::B Parameters A.B.C.D/A::B — Enter the host IP address in A.B.C.D or A::B format. Default Not configured Command Mode DHCP-POOL Usage Information The host address is the IP address used by the client machine for DHCP. Example OS10(conf-dhcp-Dell)# host 20.1.1.100 Supported Releases 10.2.0E or later ip dhcp server Enters DHCP mode.
Supported Releases 10.2.0E or later ipv6 helper-address Configure the DHCPv6 server address. Forwards UDP broadcasts received from IPv6 clients to the DHCPv6 server. You can configure multiple helper addresses per interface by repeating the same command for each DHCPv6 server address. Syntax ipv6 helper-address ipv6-address [vrf vrf-name] Parameters • vrf vrf-name — (Optional) Enter the keyword vrf and then the name of the VRF through which the host address can be reached.
netbios-name-server address Configures a NetBIOS WINS server which is available to DHCP clients. Syntax netbios-name-server ip-address [address2...address8] Parameters ip-address — Enter the address of the NetBIOS WINS server. address2...address8 — (Optional) Enter additional server addresses. Default Not configured Command Mode DHCP-POOL Usage Information Configure up to eight NetBIOS WINS servers available to a Microsoft DHCP client, in order of preference.
Usage Information Use this command to configure a range of IPv4 or IPv6 addresses. Example OS10(config-dhcp-Dell)# network 20.1.1.1/24 Supported Releases 10.2.0E or later pool Creates an IP address pool name. Syntax pool pool-name Parameters pool-name — Enter the DHCP server pool name. Default Not configured Command Mode CONFIGURATION Usage Information Use this command to create an IP address pool name. Example OS10(conf-dhcp)# pool Dell OS10(conf-dhcp-Dell)# Supported Releases 10.2.
Default Not configured Command Mode EXEC Usage Information Use this command to view the DHCP binding table. Example OS10# show ip dhcp binding IP Address Hardware address Lease expiration Hostname +----------------------------------------------------11.1.1.254 00:00:12:12:12:12 Jan 27 2016 06:23:45 Total Number of Entries in the Table = 1 Supported Releases 10.2.0E or later DNS commands OS10 supports the configuration of a DNS host and domain parameters.
Usage Information This domain appends to incomplete DNS requests. The no version of this command returns the value to the default. Example OS10(config)# ip domain-name jay dell.com Supported Releases 10.2.0E or later ip host Configures mapping between the host name server and the IP address. Syntax ip host [vrf vrf-name] [host-name] address Parameters • vrf vrf-name — (Optional) Enter vrf and then the name of the VRF to configure the name server to IP address mapping for that VRF.
show hosts Displays the host table and DNS configuration. Syntax show hosts [vrf vrf-name] Parameters vrf vrf-name — Enter vrf then the name of the VRF to display DNS host information corresponding to that VRF. Default Not configured Command Mode EXEC Usage Information None Example OS10# show hosts Default Domain Name : dell.com Domain List : abc.com Name Servers : 1.1.1.
Network Time Protocol Network Time Protocol (NTP) synchronizes timekeeping among a set of distributed time servers and clients. The protocol coordinates time distribution in a large, diverse network. NTP clients synchronize with NTP servers that provide accurate time measurement. NTP clients choose from several NTP servers to determine which offers the best available source of time and the most reliable transmission of information. To get the correct time, OS10 synchronizes with a time-serving host.
Enable NTP NTP is disabled by default. To enable NTP, configure an NTP server where the system synchronizes. To configure multiple servers, enter the command multiple times. Multiple servers may impact CPU resources. • Enter the IP address of the NTP server where the system synchronizes in CONFIGURATION mode.
Source IP address Configure one interface IP address to include in all NTP packets. The source address of NTP packets is the interface IP address the system uses to reach the network by default. • Configure a source IP address for NTP packets in CONFIGURATION mode. ntp source interface – ethernet — Enter the keyword and node/slot/port information. – port-channel — Enter the keyword and number. – vlan — Enter the keyword and VLAN number, from 1 to 4093.
Configure NTP OS10(config)# OS10(config)# OS10(config)# OS10(config)# OS10(config)# ntp ntp ntp ntp ntp authenticate trusted-key 345 authentication-key 345 mdf 0 5A60910FED211F02 server 1.1.1.1 key 345 master 7 View NTP configuration OS10(config)# do show running-configuration ! ntp authenticate ntp authentication-key 345 mdf 0 5A60910FED211F02 ntp server 1.1.1.1 key 345 ntp trusted-key 345 ntp master 7 ...
Usage Information The authentication number must be the same as the number parameter configured in the ntp trusted-key command. Use the ntp authenticate command to enable NTP authentication. Example OS10(config)# ntp authentication-key 1200 md5 0 dell Supported Releases 10.2.0E or later ntp broadcast client Configures the interface to receive NTP broadcasts from an NTP server.
Usage Information The no version of this command disables NTP for the management VRF instance. Example OS10(config)# ntp enable vrf management OS10(config)# ntp enable vrf vrf-blue Supported Releases 10.4.0E(R1) or later ntp master Configures an NTP master server. Syntax ntp master stratum Parameters stratum — Enter the stratum number to identify the NTP server hierarchy, from 2 to 10.
Parameters interface — Set the interface type: • ethernet node/slot/port[:subport] — Enter the Ethernet interface information. • port-channel id-number — Enter the port-channel number, from 1 to 128. • vlan vlan-id — Enter the VLAN number, from 1 to 4093. • loopback loopback-id — Enter the Loopback interface number, from 0 to 16383. • mgmt node/slot/port — Enter the Management port interface information.
– # — Almost synchronized to this peer. – + — Peer was selected for possible synchronization. – - — Peer is a candidate for selection. – ~ — Peer is statically configured. Example • remote — Remote IP address of the NTP peer. • ref clock — IP address of the remote peer’s reference clock. • st — Peer stratum, the number of hops away from the external time source. 16 means that the NTP peer cannot reach the time source. • when — Last time the device received an NTP packet.
broadcastdelay: authdelay: 0.000000 s 0.000000 s OS10# show ntp status system peer: system peer mode: leap indicator: stratum: precision: root distance: root dispersion: reference ID: reference time: system flags: jitter: stability: broadcastdelay: authdelay: OS10# Supported Releases vrf management 1.1.1.2 client 00 4 -23 0.00027 s 0.94948 s [1.1.1.2] ddc78084.f17ea38b ntp kernel stats 0.000000 s 0.000 ppm 0.000000 s 0.000000 s Tue, Nov 28 2017 6:28:20.943 10.2.
System Clock commands clock set Sets the system time. Syntax Parameters clock set time year-month-day time Enter time in the format hour:minute:second, where hour is 1 to 24; minute is 1 to 60; second is 1 to 60. For example, enter 5:15 PM as 17:15:00. year-month-day Enter year-month-day in the format YYYY-MM-DD, where YYYY is a four-digit year, such as 2016; MM is a month from 1 to 12; DD is a day from 1 to 31.
Parameters None Default Not configured Command Mode EXEC Usage Information The universal time coordinated (UTC) value is the number of hours that your time zone is later or earlier than UTC/ Greenwich mean time. Example OS10# show clock 2017-01-25T11:00:31.68-08:00 Supported Releases 10.2.1E or later System banners You can configure a system login and message of the day (MOTD) text banners. The system login banner displays before you log in.
Configure MOTD banner OS10(config)# banner motd % DellEMC S4148U-ON Today's tip: Press tab or spacebar for command completion. Have a nice day! % To delete a MOTD banner and reset it to the Dell EMC default MOTD banner, enter the no banner motd command. To disable MOTD banner display after login, enter the banner motd disable command. System banner commands banner login Configures a login banner that displays before you log in to the system.
... delimiter Parameters • delimiter — Enter a single delimiter character or the key combination ^C to specify the start and end of the text banner. • banner-text — Enter a maximum of 4096 characters. There is no limit on the number of lines. Default The Dell EMC default MOTD banner is displayed after you log in. Command Mode CONFIGURATION Usage Information • To enter a MOTD banner text, use the interactive mode. Enter the command with the delimiter character and press Enter.
User session management commands exec-timeout Configure timeout in seconds for all the user sessions. Syntax exec-timeout timeout-value Parameters timeout-value — Enter the timeout value in seconds, from 0 to 3600. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command disables the timeout. Example OS10(config)# exec-timeout 300 OS10(config)# Supported Releases 10.3.1E or later kill-session Terminate a user session.
3 4 6 *7 OS10# Supported Releases snmp_user snmp_user admin admin 114 57 17 10 0 0 0 0 0 0 0 0 0 0 4 0 2017-07-10T23:58:39Z 2017-07-10T23:58:40Z 2017-07-12T03:55:18Z 2017-07-12T04:42:55Z 10.3.1E or later Telnet server To allow Telnet TCP/IP connections to an OS10 switch, enable the Telnet server. The OS10 Telnet server uses the Debian telnetd package. By default, the Telnet server is disabled.
ip telnet server vrf Configures the Telnet server for the management or non-default VRF instance. Syntax Parameters ip telnet server vrf {management | vrf vrf-name} • management — Configures the management VRF used to reach the Telnet server. • vrf vrf-name — Enter the keyword vrf followed by the name of the VRF to configure the non-default VRF instance used to reach the Telnet server. Default The Telnet server is reachable on the default VRF.
values for Dell-group-name are sysadmin, secadmin, netadmin, and netoperator. Use the VSA Dell-group-name values when you create users on a Radius or TACACS+ server. For detailed information about how to configure vendor-specific attributes on a RADIUS or TACACS+ server, refer to the respective RADIUS or TACACS+ server documentation.
Create password rules OS10(config)# password-attributes min-length 7 character-restriction upper 4 numeric 2 Display password rules OS10(config)# do show running-configuration password-attributes password-attributes min-length 7 character-restriction upper 4 numeric 2 Role-based access control RBAC provides control for access and authorization. Users are granted permissions based on defined roles — not on their individual system user ID.
RADIUS authentication To configure a RADIUS server for authentication, enter the server's IP address or host name, and the key used to authenticate the OS10 switch on a RADIUS host. You can enter the authentication key in plain text or encrypted format. You can change the user datagram protocol (UDP) port number on the server. • Configure a RADIUS authentication server in CONFIGURATION mode. By default, a RADIUS server uses UDP port 1812.
TACACS+ authentication Configure a TACACS+ authentication server by entering the server's IP address or host name. You must also enter a text string for the key used to authenticate the OS10 switch on a TACACS+ host. The TCP port entry is optional. TACACS+ provides greater data security by encrypting the entire protocol portion in a packet sent from the switch to an authentication server. RADIUS encrypts only passwords. • Configure a TACACS+ authentication server in CONFIGURATION mode.
◦ sysadmin — Full access to all commands in the system, exclusive access to commands that manipulate the file system, and access to the system shell. A system administrator can create user IDs and user roles. ◦ secadmin — Full access to configuration commands that set security policy and system access, such as password strength, AAA authorization, and cryptographic keys. A security administrator can display security information, such as cryptographic keys, login statistics, and log information.
• An Ed25519 key using 256 bits NOTE: RSA1 and DSA keys are not supported on the OS10 SSH server. An SSH client must exchange the same public key to establish a secure SSH connection to the OS10 switch. If necessary, you can regenerate the keys used by the SSH server with a customized bit size. You cannot change the default size of the Ed25519 key. The crypto key generate command is available only to the sysadmin and secadmin roles. 1 Regenerate keys for the SSH server in EXEC mode.
Enable AAA accounting To record information about all user-entered commands, use the AAA accounting feature — not supported for RADIUS accounting. AAA accounting records login and command information in OS10 sessions on console connections using the console option and remote connections using the default option, such as Telnet and SSH.
– limit number — Sets the maximum number of concurrent login sessions allowed for a user ID, from 1 to 12; default 10. When you configure the maximum number of allowed concurrent login sessions, take into account that: • Each remote VTY connection counts as one login session. • All login sessions from a terminal emulator on an attached console count as one session.
aaa accounting Enables AAA accounting. Syntax aaa accounting commands all {console | default} {start-stop | stop-only | none} [logging] [group tacacs+] Parameters • commands all — Record all user-entered commands. This option is not supported for RADIUS accounting. • console — Record all user authentication and logins or all user-entered commands in OS10 sessions on console connections.
aaa authentication login default group radius local aaa authentication login console local OS10(config)# no aaa authentication login default OS10(config)# do show running-configuration aaa aaa authentication login default local aaa authentication login console local Supported Releases 10.4.1.0 or later aaa re-authenticate enable Requires user re-authentication after a change in the authentication method or server.
Example OS10# crypto ssh-key generate rsa 4096 Host key already exists. Overwrite [confirm yes/no]:yes Generated 4096-bit RSA key OS10# Supported Releases 10.4.1.0 or later ip access-class Filters connections based on an IPv4 access list in virtual terminal line. Syntax ip access-class access-list-name Parameters access-list-name—Enter the access list name. Default Not configured Command Mode LINE VTY CONFIGURATION Usage Information The no version of this command removes the filter.
Example OS10(config)# ip ssh server challenge-response-authentication Supported Releases 10.3.0E or later ip ssh server cipher Configure the list of cipher algorithms in the SSH server. Syntax ip ssh server cipher cipher-list Parameters cipher-list — Enter the list of cipher algorithms separated by space.
Usage Information The no version of this command disables the SSH server. Example OS10(config)# ip ssh server enable Supported Releases 10.3.0E or later ip ssh server hostbased-authentication Enable host-based authentication in an SSH server. Syntax ip ssh server hostbased-authentication Parameters None Default Disabled Command Mode CONFIGURATION Usage Information The no version of this command disables the host-based authentication.
Example OS10(config)# ip ssh server kex curve25519-sha256 diffie-hellman-group1-sha1 Supported Releases 10.3.0E or later ip ssh server mac Configure the list of hash message authentication code (HMAC) algorithms in the SSH server. Syntax ip ssh server mac hmac-algorithm Parameters hmac-algorithm — Enter the list of HMAC algorithms separated by space.
ip ssh server password-authentication Enable password authentication in an SSH server. Syntax ip ssh server password-authentication Parameters None Default Enabled Command Mode CONFIGURATION Usage Information The no version of this command disables the password authentication. Example OS10(config)# ip ssh server password-authentication Supported Releases 10.3.0E or later ip ssh server port Configure the SSH server listening port.
ip ssh server vrf Configures an SSH server for the management or non-default VRF instance. Syntax Parameters ip ssh server vrf {management | vrf vrf-name} • management — Configures the management VRF instance to reach the SSH server. • vrf vrf-name — Enter the keyword vrf followed by the name of the VRF to configure that non-default VRF instance tp reach the SSH server. Default Not configured Command Mode CONFIGURATION Usage Information By default, the SSH server is enabled.
• All login sessions from a terminal emulator on an attached console count as one session. The no version of the command disables the configured number of allowed login sessions. Example OS10(config)# login concurrent-session limit 7 Supported Releases 10.4.1.0 or later login-statistics enable Enables the display of login statistics to users.
Command Mode Usage Information EXEC • By default, the password you configure with the username password command must be at least nine alphanumeric characters. • Use this command to increase password strength. When you enter the command, at least one parameter is required. When you enter the character-restriction parameter, at least one option is required. • To reset parameters to their default values, enter the no password-attributes command.
• authentication-key — Enter an authentication in plain text. A maximum of 42 characters. It is not necessary to enter 0 before the key. • auth-port port-number — (Optional) Enter the UDP port number used on the server for authentication, from 0 to 65535, default 1812. Default Not configured Command Mode CONFIGURATION Usage Information The authentication key must match the key configured on the RADIUS server. You cannot enter spaces in the key.
radius-server vrf Configures the RADIUS server for the management or non-default VRF instance. Syntax Parameters radius-server vrf {management | vrf vrf-name} • management — Enter the keyword management to configure the RADIUS server for the management VRF instance. • vrf vrf-name — Enter the keyword vrf followed by the name of the VRF to configure the RADIUS server for that non-default VRF instance.
show ip ssh Displays the SSH server information. Syntax show ip ssh Parameters None Default Not configured Command Mode EXEC Usage Information Use this command to view information about the established SSH sessions. Example OS10# show ip ssh SSH Server: Enabled -------------------------------------------------SSH Server Ciphers: chacha20-poly1305@openssh.com,aes128-ctr, aes192-ctr,aes256-ctr, aes128-gcm@openssh.com,aes256-gcm@openssh.com SSH Server MACs: umac-64-etm@openssh.
Role User Change -------- ----admin False netadmin False mltest False #Fail since last Login ----0 0 0 During Timeframe #Fail #Success -------------1 13 0 5 0 1 Last Login Date/Time -----------------2017-11-02T16:02:44Z 2017-11-02T15:59:04Z 2017-11-01T15:42:07Z Location ---------in (00:00) 1001:10:16:210::4001 OS10# show login-statistics user mltest User : mltest Role changed since last login : False Failures since last login : 0 Time-frame in days : 25 Failures in time period : 0 Successes in time per
• key 9 authentication-key — Enter an authentication key in encrypted format. . A maximum of 128 characters. • authentication-key — Enter an authentication in plain text. . A maximum of 42 characters. It is not necessary to enter 0 before the key. • key authentication-key — Enter a text string for the encryption key used to authenticate the switch on the TACACS+ server. A maximum of 42 characters.
– netadmin — Full access to configuration commands that manage traffic flowing through the switch, such as routes, interfaces, and ACLs. A network administrator cannot access configuration commands for security features or view security information. – netoperator — Access to EXEC mode to view the current configuration. A network operator cannot modify any configuration setting on a switch. Default Command Mode Usage Information • User name and password entries are in clear text.
username user10 password $6$rounds=656000$G10VRFTJB291ekwo $iTGf0zd4bTUcBBpIVsbr6oStnUZMydN5lDs4WE6G3XHEtWbcKrGTeAo1wEF0cenEgRRPzi3SMmYyzAHCCC8wS0 role sysadmin username user10 sshkey abcd Supported Releases 10.4.1.0 or later username sshkey filename Enables SSH password-less login for remote clients using multiple public keys. A remote client is not prompted to enter a password.
• name inherit — Enter the name of the TACACS+ user role that inherits permissions from an OS10 user role; 32 characters maximum. • existing-role-name — Assign the permissions associated with an OS10 user role: – sysadmin — Full access to all commands in the system, exclusive access to commands that manipulate the file system, and access to the system shell. A system administrator can create user IDs and user roles.
You specify the SNMP security model and level when you configure SNMP groups and users. Each security model corresponds to an SNMP version that provides different security levels: • SNMPv1 provides no user authentication or privacy protection (encryption). SNMP messages are sent in plain text. • SNMPv2c provides no user authentication or encryption. SNMP messages are sent in plain text.
Configure SNMP To set up communication with SNMP agents in your network: • Configure the read-only, read-write, and notify access for SNMP groups. • Configure groups with SNMP views for specified SNMP versions (security models). • Assign users to groups and configure SNMPv3-specific authentication and encryption settings, and optionally, localized security keys and ACL-based access.
The oid-tree value specifies the OID in the MIB tree hierarchy at which a view starts. Enter included or excluded to include or exclude the rest of the sub-tree MIB contents in the view. If necessary, re-enter the command to exclude tree entries in the included content. snmp-server view view-name oid-tree [included | excluded] Configure read-only view OS10(config)# snmp-server view readonly 1.3.6.1.2.1.31.1.1.1.6 included Configure read-write view OS10(config)# snmp-server view rwView 1.3.6.1.2.1.31.1.1.1.
version security level notifyview readview writeview : : : : : 3 priv alltraps readview writeview Configure SNMP users Configure user access to the SNMP agent on the switch using group membership. Assign each user to a group and configure SNMPv3specific authentication and encryption settings, and optionally, localized security keys and ACL-based access. Re-enter the command multiple times to configure SNMP security settings for all users.
show snmp community Displays the SNMP communities configured on the switch. Syntax show snmp community Parameters None Defaults None Command Mode EXEC Usage Information To configure an SNMP community, use the snmp-server community command. Example OS10# show snmp community Community : public Access : read-only Community Access ACL Supported Releases : dellOS10 : read-write : dellacl 10.4.2.
Defaults None Command Mode EXEC Usage Information To configure an SNMP group, use the snmp-server group command. Example OS10# show snmp group groupname version notifyview readview : : : : v2group 2c GetsSets readview groupname version security level notifyview readview writeview : : : : : : v3group 3 priv alltraps readview writeview Supported Releases 10.4.2.
OID excluded Supported Releases : 1.3.6.5 : True 10.4.2.0 or later snmp-server community Configures an SNMP user community. Syntax snmp-server community name {ro | rw} [acl acl-name] Parameters • community name — Set the community name string to act as a password for SNMPv1 and SNMPv2c access. A maximum of 20 alphanumeric characters. • ro — Set read-only access for the SNMP community. • rw — Set read-write access for the SNMP community.
snmp-server enable traps Enables SNMP traps on a switch. Syntax Parameters snmp-server enable traps [notification-type] [notification-option] • notification-type notification-option — Enter an SNMP notification type, and optionally, a notification option for the type. Table 16. Notification types and options Notification type Notification option entity — Enable entity change traps. None envmon — Enable SNMP environmental monitor traps. – fan — Enable fan traps.
snmp-server engineID Configures the local and remote SNMP engine IDs. Syntax snmp-server engineID [local engineID] [remote ip-address {[udp-port portnumber] remote-engineID}] Parameters • local engineID — Enter the engine ID that identifies the local SNMP agent on the switch as an octet colon-separated number. A maximum of 27 characters. • remote ip-address — Enter the IPv4 or IPv6 address of a remote SNMP device that accesses the local SNMP agent.
• v3 security-level — SNMPv3 provides optional user authentication and encryption for SNMP messages, configured with the snmp-server user command. • security-level — (SNMPv3 only) Configure the security level for SNMPv3 users: – auth — Authenticate users in SNMP messages. – noauth — Do not authenticate users or encrypt SNMP messages; send messages in plain text. – priv — Authenticate users and encrypt/decrypt SNMP messages.
◦ auth-password — Enter a text string used to generate the authentication key that identifies the user. A maximum of 32 alphanumeric characters. For an encrypted password, enter the encrypted string instead of plain text. – priv — (SNMPv3 only) Configure encryption for SNMPv3 messages sent to the host: ◦ aes — Encrypt messages using an AES 128-bit algorithm. ◦ des — Encrypt messages using a DES 56-bit algorithm.
snmp-server user Authorizes a user to access the SNMP agent and receive SNMP messages. Syntax Parameters snmp-server user user-name group-name security-model [[noauth | auth {md5 | sha} auth-password] [priv {des | aes} priv-password]] [localized] [access aclname] [remote ip-address udp-port port-number]] • user-name — Enter the name of the user. A maximum of 32 alphanumeric characters. • group-name — Enter the name of the group to which the user belongs. A maximum of 32 alphanumeric characters.
an encrypted cypher-text password. In either case, the password stores in the configuration in an encrypted form and displays as encrypted in the show running-config snmp output. A localized authentication or privacy key is more complex and provides greater privacy protection. To display the localized authentication and privacy keys in an SNMPv3 user configuration, use the show runningconfiguration snmp command. To limit user access to the SNMP agent on the switch, enter an access acl-name value.
Parameters None Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command disables the SNMP agent from receiving the SNMP traps. Example OS10(config)# snmp-server vrf management Supported Releases 10.4.1.0 or later OS10 image upgrade The image download command simply downloads the software image — it does not install the software on your device. The image install command installs the downloaded image to the standby partition.
Architecture: x86_64 Up Time: 3 days 00:28:58 Boot system partition Set the boot partition to active or standby for subsequent boot cycles. Boot OS10 from standby to load the image on the standby partition, or boot from active to load the currently running image. 1 Display current boot information in EXEC mode. show boot detail 2 Configure the boot system in EXEC mode. boot system [active | standby] • active — Resets the running partition as the subsequent boot partition.
Command Mode EXEC Usage Information Use this command to configure the location of the OS10 image used to reload the software at boot time. Use the show boot command to view the configured next boot image. This command applies immediately and does not require the commit command. Example OS10# boot system standby Supported Releases 10.2.0E or later image cancel Cancels an active image download.
• scp://userid:passwd@hostip:/filepath — Enter the path to copy from the remote SCP file system. • sftp://userid:passwd@hostip:/filepath — Enter the path to copy from the remote SFTP file system. • tftp://hostip:/filepath — Enter the path to copy from the remote TFTP file system. • usb://filepath — Enter the path to copy from the USB file system. Default Not configured Command Mode EXEC Usage Information Use the show image status command to view the progress.
show boot Displays boot partition-related information. Syntax show boot [detail] Parameters detail — (Optional) Enter to display detailed information. Default Not configured Command Mode EXEC Usage Information Use the boot system command to set the boot partition for the next reboot.
Installation State: idle ----------------------------------------------State Detail: No install information available Task Start: 0000-00-00T00:00:00Z Task End: 0000-00-00T00:00:00Z Supported Releases 10.2.0E or later show version Displays software version information. Syntax show version Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show version Dell EMC Networking OS10-Enterprise Copyright (c) 1999-2018 by Dell Inc. All Rights Reserved.
9 OpenFlow Switches implement the control plane and data plane in the same hardware. Software-defined network (SDN) decouples the software (control plane) from the hardware (data plane). A centralized SDN controller handles the control plane traffic and hardware configuration for data plane flows. The SDN controller is the "brain" of an SDN.
NOTE: Do not use the no openflow or no mode openflow-only command. OS10# delete startup-configuration OS10# reload OpenFlow logical switch instance In OpenFlow-only mode, you can configure only one logical switch instance. After you enable OpenFlow mode, create a logical switch instance. The logical switch instance is disabled by default. When the logical switch instance is enabled, the OpenFlow application starts the connection with the configured controller.
Port types Support (Required) ANY Supported (Optional) LOCAL Not supported (Optional) NORMAL Not supported (Optional) FLOOD Not supported Flow table An OpenFlow flow table consists of flow entries. Each flow table entry contains the following fields: Table 18.
Action set An action set associates with each packet. Table 20. Supported action sets Action set Support copy TTL inwards Not supported pop Not supported push-MPLS Not supported push-VLAN Not supported copy TTL outwards Not supported decrement TTL Not supported set Supported (selective fields) qos Not supported group Not supported output Supported Action types An action type associates with each packet. Table 21.
Counters Counters are used for statistical purposes. Table 22.
Required/Optional Counter Bits Support Optional Packet count 64 Not supported Optional Byte count 64 Not supported Required Duration (seconds) 32 Not supported Optional Duration (nanoseconds) 32 Not supported Optional Packet count 64 Not supported Optional Byte count 64 Not supported Optional Flow count 32 Not supported Optional Input packet count 64 Not supported Optional Input byte count 64 Not supported Required Duration (seconds) 32 Not supported Optional Dur
Table 24. Supported asynchronous types Asynchronous types Supported/Not supported Packet-in Supported Flow-removed Supported Port-status Supported Error Supported Symmetric Table 25. Supported symmetric types Symmetric types Supported/Not supported Hello Supported Echo Supported Experimenter Not supported Connection setup TCP Table 26.
Flow table modification messages Supported/Not supported OFPFC_MODIFY_STRICT=2 Supported OFPFC_DELETE=3 Supported OFCPC_DELETE_STRICT=4 Supported Message types Table 28.
Message Type Meters and rate limiters configuration messages Message Support OFPT_SET_ASYNC=28 Not supported OFPT_METER_MOD=29 Not supported Flow match fields Table 29.
Flow match fields Supported/Not supported OFPXMT_OFB_ARP_OP = 21 Not supported OFPXMT_OFB_ARP_SPA = 22 Not supported OFPXMT_OFB_ARP_TPA = 23 Not supported OFPXMT_OFB_ARP_SHA = 24 Not supported OFPXMT_OFB_ARP_THA = 25 Not supported OFPXMT_OFB_IPV6_SRC = 26 Not supported OFPXMT_OFB_IPV6_DST = 27 Not supported OFPXMT_OFB_IPV6_FLABEL = 28 Not supported OFPXMT_OFB_ICMPV6_TYPE = 29 Not supported OFPXMT_OFB_ICMPV6_CODE = 30 Not supported OFPXMT_OFB_IPV6_ND_TARGET = 31 Not supported OFPXMT_O
Action structures Supported/Not supported OFPAT_PUSH_VLAN = 17 Not supported OFPAT_POP_VLAN = 18 Not supported OFPAT_PUSH_MPLS = 19 Not supported OFPAT_POP_MPLS = 20 Not supported OFPAT_SET_QUEUE = 21 Not supported OFPAT_GROUP = 22 Not supported OFPAT_SET_NW_TTL = 23 Not supported OFPAT_DEC_NW_TTL = 24 Not supported OFPAT_SET_FIELD = 25 Supported OFPAT_PUSH_PBB = 26 Not supported OFPAT_POP_PBB = 27 Not supported Capabilities supported by the data path Table 31.
Message type description Individual flow statistics Request/Reply Body • The reply body is struct ofp_desc • The request body is struct ofp_flow_stats_request The reply body is an array of struct ofp_flow_stats • Aggregate flow statistics • • Flow table statistics Port statistics • • The request body is empty The reply body is an array of struct ofp_table_stats • The request body is struct ofp_port_stats_request The reply body is an array of struct ofp_port_stats • Queue statistics for a port
Message type description Request/Reply Body • Table features • • Port description • • Message Support The reply body is struct ofp_meter_features OFPMP_TABLE_FEATURES = The request body is empty or 12 contains an array of struct ofp_table_features that includes the controller's desired view of the switch.
Property type Supported/Not supported OFPTFPT_APPLY_ACTIONS_MISS = 7 Not supported OFPTFPT_MATCH = 8 Supported OFPTFPT_WILDCARDS = 10 Supported OFPTFPT_WRITE_SETFIELD = 12 Supported OFPTFPT_WRITE_SETFIELD_MISS = 13 Not supported OFPTFPT_APPLY_SETFIELD = 14 Supported OFPTFPT_APPLY_SETFIELD_MISS = 15 Not supported Group configuration Table 35.
Flow-removed reasons Table 38. Supported reasons Flow-removed reasons Supported/Not supported OFPRR_IDLE_TIMEOUT = 0 Supported OFPRR_HARD_TIMEOUT = 1 Supported OFPRR_DELETE = 2 Supported OFPRR_GROUP_DELETE = 3 Not supported Error types from switch to controller Table 39.
Error types Supported/Not supported OFPBRC_BAD_TYPE = 1 Supported OFPBRC_BAD_MULTIPART = 2 Not supported OFPBRC_BAD_EXPERIMENTER = 3 Not supported OFPBRC_BAD_EXP_TYPE = 4 Not supported OFPBRC_EPERM = 5 Not supported OFPBRC_BAD_LEN = 6 Supported OFPBRC_BUFFER_EMPTY = 7 Not supported OFPBRC_BUFFER_UNKNOWN = 8 Not supported OFPBRC_BAD_TABLE_ID = 9 Supported OFPBRC_IS_SLAVE = 10 Not supported OFPBRC_BAD_PORT = 11 Supported OFPBRC_BAD_PACKET = 12 Not supported OFPBRC_MULTIPART_BUFFER_OV
Error types Supported/Not supported OFPBAC_BAD_SET_TYPE = 13 Not supported OFPBAC_BAD_SET_LEN = 14 Not supported OFPBAC_BAD_SET_ARGUMENT = 15 Supported Bad instruction code OFPBIC_UNKNOWN_INST = 0 Not supported OFPBIC_UNSUP_INST = 1 Not supported OFPBIC_BAD_TABLE_ID = 2 Not supported OFPBIC_UNSUP_METADATA = 3 Not supported OFPBIC_UNSUP_METADATA_MASK = 4 Not supported OFPBIC_BAD_EXPERIMENTER = 5 Not supported OFPBIC_BAD_EXP_TYPE = 6 Not supported OFPBIC_BAD_LEN = 7 Not supported OFPBI
Error types Supported/Not supported OFPFMFC_UNKNOWN = 0 Supported OFPFMFC_TABLE_FULL = 1 Supported OFPFMFC_BAD_TABLE_ID = 2 Supported OFPFMFC_OVERLAP = 3 Supported OFPFMFC_EPERM = 4 Not supported OFPFMFC_BAD_TIMEOUT = 5 Not supported OFPFMFC_BAD_COMMAND = 6 Supported OFPFMFC_BAD_FLAGS = 7 Not supported Group modification failed code OFPGMFC_GROUP_EXISTS = 0 Not supported OFPGMFC_INVALID_GROUP = 1 Not supported OFPGMFC_WEIGHT_UNSUPPORTED = 2 Not supported OFPGMFC_OUT_OF_GROUPS = 3 No
Error types Supported/Not supported OFPPMFC_BAD_CONFIG = 2 Not supported OFPPMFC_BAD_ADVERTISE = 3 Not supported OFPPMFC_EPERM = 4 Not supported Table modification failed code OFPTMFC_BAD_TABLE = 0 Supported OFPTMFC_BAD_CONFIG = 1 Not supported OFPTMFC_EPERM = 2 Not supported Queue operation failed code OFPQOFC_BAD_PORT = 0 Supported OFPQOFC_BAD_QUEUE = 1 Not supported OFPQOFC_EPERM = 2 Not supported Switch configuration failed code OFPSCFC_BAD_FLAGS = 0 Not supported OFPSCFC_BAD_LEN =
OpenFlow use cases OS10 OpenFlow protocol support allows the flexibility of using vendor-neutral applications and to use applications that you create. For example, the OS10 OpenFlow implementation supports L2 applications similar to the ones found in the following websites: • https://github.com/osrg/ryu/tree/master/ryu/app (only L2 applications are supported) • https://github.com/osrg/ryu/tree/master/ryu/app NOTE: OS10 supports applications based on OpenFlow versions 1.0 and 1.3.
2 b 4 Configure the logical switch instance, of-switch-1. OS10# configure terminal OS10 (config)# openflow OS10 (config-openflow)# switch of-switch-1 Option 2; for in-band management: 1 Configure one of the front-panel ports as the management port. OS10# configure terminal OS10 (config)# openflow OS10 (config-openflow)# in-band-mgmt interface ethernet 1/1/1 OS10 (config-openflow)# 2 Configure an IPv4 address on the front-panel management port.
where server-ip refers to the server where you have stored the certificates, and username and password refers to the credentials you need to access the server with the certificates. 3 Perform the steps described in the Configure OpenFlow protocol on the switch topic to configure OpenFlow. OpenFlow commands controller Configures an OpenFlow controller that the logical switch instance connects to.
dpid-mac-address Specifies the MAC address bits of the datapath ID (DPID) of the logical switch instance. Syntax dpid-mac-address MAC-address Parameters MAC-address—48-bit MAC address in hexadecimal notation, nn:nn:nn:nn:nn:nn Default MAC address Command Mode OPENFLOW SWITCH CONFIGURATION Usage Information The controller uses the DPID to identify the logical switch instance. The DPID is a 64-bit number that is sent to the controller in the features_reply message.
OS10 (config-openflow)# in-band-mgmt interface ethernet 1/1/1 OS10 (config-openflow)# no shutdown Supported Releases 10.4.1 or later max-backoff Configures the time interval, in seconds, that the logical switch instance waits after requesting a connection with the OpenFlow controller. Syntax max-backoff interval Parameters interval—Enter the amount of time, in seconds, that the logical switch instance waits after it attempts to establish a connection with the OpenFlow controller, from 1 to 65,535.
openflow Enters OPENFLOW configuration mode. Syntax openflow Parameters None Default None Command Mode CONFIGURATION Usage Information All OpenFlow configurations are performed in this mode. The no form of this command prompts a switch reload. If you enter yes, the system deletes all OpenFlow configurations and the switch returns to the normal mode after the reload. Example OS10# configure terminal OS10(config)# openflow OS10 (config-openflow)# Supported Releases 10.4.
• negotiate—Enter the keyword to negotiate versions 1.0 or 1.3 with the controller. The highest of the supported versions is selected. • 1.0—Specify the logical switch instance OpenFlow protocol version as 1.0. • 1.3—Specify the logical switch instance OpenFlow protocol version as 1.3. Default negotiate Command Mode OPENFLOW SWITCH CONFIGURATION Usage Information Example NOTE: Only use this command should be run when the logical switch instance is disabled.
The no form of this command disables rate limiting on the controller connection. NOTE: This command is a software rate limiting command and applies only to the OpenFlow channel connection between the controller and the logical switch instance. This command is not related to the switch's data-plane rate limits. Example The following example configures a logical switch instance, of-switch-1, with an OpenFlow controller at a rate of 1000 PPS and packet bursts of 300 packets.
show openflow flows Displays OpenFlow flows for a specific logical switch instance. Syntax show openflow switch logical-switch-name flows Parameters logical-switch-name—Enter the logical switch instance name to view flow information.
Interface Name of-port ID TYPE ethernet1/1/1 1 COPPER ethernet1/1/2 5 COPPER ethernet1/1/3:1 9 FIBER ethernet1/1/3:2 10 FIBER ethernet1/1/3:3 11 FIBER ethernet1/1/3:4 12 FIBER ethernet1/1/4 13 COPPER ethernet1/1/5:1 17 FIBER ethernet1/1/5:2 18 FIBER ethernet1/1/5:3 19 FIBER ethernet1/1/5:4 20 FIBER ethernet1/1/6 21 NONE ethernet1/1/7 25 NONE ethernet1/1/8 29 COPPER ethernet1/1/9 33 NONE ethernet1/1/10 37 NONE ethernet1/1/11 41 COPPER ethernet1/1/12 45 COPPER ethernet1/1/13 49 NONE ethernet1/1/14 53 NONE eth
NONE ethernet1/1/29 NONE ethernet1/1/30 NONE ethernet1/1/31 NONE ethernet1/1/32 NONE Supported Releases 113 PORT_UP(CLI) LINK_DOWN 0MB FD NO 117 PORT_UP(CLI) LINK_DOWN 0MB FD NO 121 PORT_UP(CLI) LINK_DOWN 0MB FD NO 125 PORT_UP(CLI) LINK_DOWN 0MB FD NO 10.4.1 or later show openflow switch Displays OpenFlow parameters for the switch instance.
Command Mode EXEC Usage Information None Example OS10# show openflow switch of-switch-1 controllers Logical switch name: of-switch-1 Total Controllers: 1 Controller: 1 Target: 10.16.208.150:6633 Protocol: TCP Connected: NO Role: Equal Last_error: Network is unreachable State: BACKOFF sec_since_disconnect: 0 Supported Releases 10.4.1 or later switch Creates a logical switch instance or modifies an existing logical switch instance.
NOTE: • The ntp subcommand under the interface command is not applicable when the switch is in OpenFlow mode. • The ip and ipv6 subcommands under the interface command are applicable only when you configure the interface as the management port using the in-band-mgmt command. • The ip and ipv6 commands must be used only in In-Band mode (using the in-band-mgmt command). Table 40.
Mode Available CLI commands radius-server rest scale-profile support-assist system tacacs-server trust username userrole EXEC All commands The following debug commands are not available: • debug iscsi • debug radius • debug tacacs+ LAG INTERFACE CONFIGURATION LAG is not supported. LOOPBACK INTERFACE CONFIGURATION Loopback interface is not supported. INTERFACE CONFIGURATION description end exit ip mtu negotiation ntp show shutdown VLAN INTERFACE CONFIGURATION VLAN is not supported.
10 Access Control Lists OS10 uses two types of access policies — hardware-based ACLs and software-based route-maps. Use an ACL to filter traffic and drop or forward matching packets. To redistribute routes that match configured criteria, use a route-map. ACLs ACLs are a filter containing criterion to match; for example, examine internet protocol (IP), transmission control protocol (TCP), or user datagram protocol (UDP) packets, and an action to take such as forwarding or dropping packets at the NPU.
• Source and destination UDP port number For ACL, TCP, and UDP filters, match criteria on specific TCP or UDP ports. For ACL TCP filters, you can also match criteria on established TCP sessions. When creating an ACL, the sequence of the filters is important. You can assign sequence numbers to the filters as you enter them or OS10 can assign numbers in the order you create the filters. The sequence numbers display in the show running-configuration and show ip access-lists [in | out] command output.
To configure control-plane ACLs, use the existing ACL template and create the appropriate rules to permit or deny traffic as needed, similar to creating an access list for VTY ACLs. However, when you apply this control-plane ACL, you must apply it in CONTROL-PLANE mode instead of VTY mode. For example: OS10# configure terminal OS10(config)# control-plane OS10(config-control-plane)# ip access-group acl_name in where acl_name is the name of the control-plane ACL, a maximum of 140 characters.
IP fragments ACL When a packet exceeds the maximum packet size, the packet is fragmented into a number of smaller packets that contain portions of the contents of the original packet. This packet flow begins with an initial packet that contains all of the L3 and Layer 4 (L4) header information contained in the original packet, and is followed by a number of packets that contain only the L3 header information.
Permit all packets from host OS10(config)# ip access-list ABC OS10(conf-ipv4-acl)# permit tcp host 10.1.1.1 any eq 24 OS10(conf-ipv4-acl)# deny ip any any fragment Permit only first fragments and non-fragmented packets from host OS10(config)# ip access-list ABC OS10(conf-ipv4-acl)# permit tcp host 10.1.1.1 any eq 24 OS10(conf-ipv4-acl)# permit tcp host 10.1.1.
Assign sequence number to filter OS10(config)# ip access-list acl1 OS10(conf-ipv4-acl)# seq 5 deny tcp any any capture session 1 count View ACLs and packets processed through ACL OS10# show ip access-lists in Ingress IP access-list acl1 Active on interfaces : ethernet1/1/5 seq 5 permit ip any any count (10000 packets) Delete ACL rule Before release 10.4.2, deleting ACL rules required a sequence number. After release 10.4.
Table 41. L2 and L3 targeted traffic L2 ACL / L3 ACL Targeted traffic Deny / Deny L3 ACL denies Deny / Permit L3 ACL permits Permit / Deny L3 ACL denies Permit / Permit L3 ACL permits Assign and apply ACL filters To filter an Ethernet interface, a port-channel interface, or a VLAN, assign an IP ACL filter to a physical interface. The IP ACL applies to all traffic entering a physical or port-channel interface.
• Apply the ACL as an inbound or outbound ACL on an interface in CONFIGURATION mode, and view the number of packets matching the ACL. show ip access-list {in | out} Ingress ACL filters To create an ingress ACL filter, use the ip access-group command in EXEC mode. To configure ingress, use the in keyword. Apply rules to the ACL with the ip access-list acl-name command. To view the access-list, use the show access-lists command. 1 Apply an ingress access-list on the interface in INTERFACE mode.
ethernet1/1/29 seq 10 deny ip any any fragment count (100 packets) Clear access-list counters Clear IPv4, IPv6, or MAC access-list counters for a specific access-list or all lists. The counter counts the number of packets that match each permit or deny statement in an access-list. To get a more recent count of packets matching an access-list, clear the counters to start at zero. If you do not configure an access-list name, all IP access-list counters clear.
Route-maps Route-maps are a series of commands that contain a matching criterion and action. They change the packets meeting the matching criterion. ACLs and prefix-lists can only drop or forward the packet or traffic while route-maps process routes for route redistribution. For example, use a route-map to filter only specific routes and to add a metric. • Route-maps also have an implicit deny.
View route-map configuration OS10(conf-router-bgp-neighbor-af)# do show route-map route-map test1, deny, sequence 10 Match clauses: ip address prefix-list p1 Set clauses: route-map test2, permit, sequence 10 Match clauses: ip address prefix-list p1 Set clauses: route-map test3, deny, sequence 10 Match clauses: ip address prefix-list p2 Set clauses: route-map test4, permit, sequence 10 Match clauses: ip address prefix-list p2 Set clauses: Match routes Configure match criterion for a route-map.
• Enter an ORIGIN attribute in ROUTE-MAP mode. set origin {egp | igp | incomplete} • Enter a tag value for the redistributed routes in ROUTE-MAP mode, from 0 to 4294967295. set tag tag-value • Enter a value as the route’s weight in ROUTE-MAP mode, from 0 to 65535. set weight value Check set conditions OS10(config)# route-map ip permit 1 OS10(conf-route-map)# match metric 2567 Continue clause Only BGP route-maps support the continue clause.
If you configure the flow-based enable command and do not apply an ACL on the source port or the monitored port, both flow-based monitoring and port mirroring do not function. Flow-based monitoring is supported only for ingress traffic. The show monitor session session-id command displays output that indicates if a particular session is enabled for flowmonitoring. View flow-based monitoring OS10# show monitor session 1 S.
View monitor sessions OS10(conf-if-eth1/1/1)# show monitor session all S.Id Source Destination Dir SrcIP DstIP DSCP TTL State Reason ---------------------------------------------------------------------------1 ethernet1/1/1 ethernet1/1/4 both N/A N/A N/A N/A true Is UP ACL table profiles Ternary content-addressable memory (TCAM) space used for ACL rules is a limited ASIC hardware resource. The ACL table profiles feature allows you to manage the TCAM space depending on the feature that you deploy.
Application Group Stage Feature(s) Default number of pools Minimum number of Maximum number of pools required pools supported ACL, IPV6-EGRUSER-ACL You can create a user-defined ACL table profile that defines the application groups you need and the number of hardware pools you wish to allocate for those application groups. This profile-based approach assumes that not all features are used at the same time. You can even allocate all the ACL hardware pools to ingress application group 1, or app-group-1.
3 Apply the newly-created ACL table profile to the switch. OS10(config)# hardware acl-table-profile V4-USER-SCALE The system prompts you to save and reload the switch. 4 Save the configuration and reload the switch for the changes to take effect. OS10# write memory OS10# reload After the switch reloads, the user-defined profile that you created earlier replaces the default ACL table profile. 5 Verify the configuration changes using the show acl-table-profile command.
Service Pools -----------------------------------------------------------------------------------------------------App Allocated pools App group Configured rules Used rows Free rows Max rows -----------------------------------------------------------------------------------------------------USER_L2_ACL Shared:1 G3 1 2 1022 1024 USER_IPV4_ACL Shared:1 G2 2 3 1021 1024 USER_IPV6_ACL Shared:2 G4 1 2 510 512 PBR_V6 Shared:2 G10 1 1 511 512 SYSTEM_FLOW Shared:2 G0 49 49 975 1024 ISCSI_SNOOPING Shared:1 G8 12 12
• On S52xx-ON, Z91xx-ON, Z92xx-ON platforms, the number of Configured Rules listed under Service Pools for each of the features is the number of ACLs multiplied by the number of ports on which they are applied. This number is cumulative. You can view the Used rows and Free rows that indicate the actual amount of space that is utilized and available in the hardware. ACL commands acl-table-profile Creates a user-defined ACL table profile.
clear ip access-list counters Clears ACL counters for a specific access-list. Syntax clear ip access-list counters [access-list-name] Parameters access-list-name — (Optional) Enter the name of the IP access-list to clear counters. A maximum of 140 characters. Default Not configured Command Mode EXEC Usage Information If you do not enter an access-list name, all IPv6 access-list counters clear. The counter counts the number of packets that match each permit or deny statement in an access-list.
Usage Information If you do not enter an access-list name, all MAC access-list counters clear. The counter counts the number of packets that match each permit or deny statement in an access list. To get a more recent count of packets matching an access list, clear the counters to start at zero. To view access-list information, use the show access-lists command. Example OS10# clear mac access-list counters Supported Releases 10.2.
• icmp — (Optional) Enter the ICMP address to deny. • ipv6 — (Optional) Enter the IPv6 address to deny. • tcp — (Optional) Enter the TCP address to deny. • udp — (Optional) Enter the UDP address to deny. • A::B — Enter the IPv6 address in dotted decimal format. • A::B/x — Enter the number of bits to match to the IPv6 address. • any — (Optional) Enter so that all routes are subject to the filter: – capture — (Optional) Capture packets the filter processes.
deny icmp Configures a filter to drop all or specific Internet Control Message Protocol (ICMP) messages. Syntax Parameters deny icmp [A.B.C.D | A.B.C.D/x | any | host ip-address] [[A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | dscp value | fragment] • A.B.C.D — Enter the IP address in hexadecimal format separated by colons. • A.B.C.D/x — Enter the number of bits to match to the IP address. • any — (Optional) Set all routes subject to the filter.
deny ip Configures a filter to drop all or specific packets from an IPv4 address. Syntax deny ip [A.B.C.D | A.B.C.D/x | any | host ip-address] [[A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | dscp value | fragment] Parameters • A.B.C.D — Enter the IPv4 address in dotted decimal format. • A.B.C.D/x — Enter the number of bits to match to the dotted decimal address. • any — (Optional) Set all routes which are subject to the filter: – capture — (Optional) Capture packets the filter processes.
Supported Releases 10.2.0E or later deny tcp Configures a filter that drops Transmission Control Protocol (TCP) packets meeting the filter criteria. Syntax Parameters deny tcp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | dscp value | fragment] • A.B.C.D — Enter the IPv4 address in A.B.C.D format. • A.B.C.D/x — Enter the number of bits to match in A.B.C.D/x format.
Parameters • A::B — Enter the IPv6 address in hexadecimal format separated by colons. • A::B/x — Enter the number of bits to match to the IPv6 address. • any — (Optional) Set all routes which are subject to the filter: – capture — (Optional) Capture packets the filter processes. – dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63. – fragment — (Optional) Use ACLs to control packet fragments.
– gt — Greater than – lt — Lesser than – neq — Not equal to – range — Range of ports, including the specified port numbers. • host ip-address — (Optional) Enter the IPv4 address to use a host address only. Default Not configured Command Mode IPV4-ACL Usage Information The no version of this command removes the filter. Example OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# deny udp any any capture session 1 Supported Releases 10.2.
Example OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# deny udp any any capture session 1 Supported Releases 10.2.0E or later description Configures an ACL description. Syntax description text Parameters text — Enter the description text string. A maximum of 80 characters. Default Disabled Command Modes IPV4-ACL, IPV6-ACL, MAC-ACL Usage Information The no version of this command deletes the ACL description.
| |ISCSI_COS | | 10 | --------------------------------------------------------------Command Mode CONFIG Usage Information After you run this command, enter the write memory and reload commands to save the changes and to reboot the switch. The no form of this command removes the user-defined profile and applies the default ACL table profile to the switch. Again, you must run the write memory and reload commands for the changes to take effect.
Default By default, the ingress app-group-1 in the ACL table profile has one pool count allocated to it. You can choose to increase this pool count, if needed, from 2 to 5. If you do not explicitly configure ingress app-group-1, the system by default allocates one pool to it. From the pool space allocated to ingress app-group-1, the system reserves space for 64 ACL entries for system-flow and 8 ACL entries for VLT features. You cannot override the default reservations for system-flow and VLT features.
m ax 100 IPV6-USER-ACL max 0 OS10(config-acl-table-profile)# ingress app-group-4 pool-count 1 OS10(config-acl-table-profile)# exit Supported Releases 10.4.2.1 and later ip access-group Configures an IPv4 access group. Syntax Parameters ip access-group access-list-name {in | out} • access-list-name — Enter the name of an IPv4 access list. A maximum of 140 characters. • in — Apply the ACL to incoming traffic. • out — Apply the ACL to outgoing traffic.
ip as-path access-list Create an AS-path ACL filter for BGP routes using a regular expression. Syntax ip as-path access-list name {deny | permit} regexp-string Parameters • name — Enter an access list name. • deny | permit — Reject or accept a matching route. • regexp-string — Enter a regular expression string to match an AS-path route attribute. Defaults Not configured Command Mode CONFIGURATION Usage Information You can specify an access-list filter on inbound and outbound BGP routes.
Supported Release 10.3.0E or later ip community–list standard permit Creates a standard community list for BGP to permit access. Syntax Parameters ip community-list standard name permit {aa:nn | no-advertise | local-as | noexport | internet} • name — Enter the name of the standard community list used to identify one more deny groups of communities.
ip extcommunity-list standard permit Creates an extended community list for BGP to permit access. Syntax ip extcommunity-list standard name permit {4byteas-generic | rt | soo} Parameters • name — Enter the name of the community list used to identify one or more permit groups of extended communities. • rt — Enter the route target. • soo — Enter the route origin or site-of-origin.
• le — Enter to indicate the network address is less than or equal to the range specified. • prefix-len — Enter the prefix length. Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the specified prefix-list. Example OS10(config)# ip prefix-list denyprefix deny 10.10.10.2/16 le 30 Supported Release 10.3.0E or later ip prefix-list permit Creates a prefix-list to permit route filtering from a specified network address.
Usage Information The no version of this command removes the specified prefix list. Example OS10(config)# ip prefix-list seqprefix seq 65535 deny 10.10.10.1/16 ge 10 Supported Release 10.3.0E or later ip prefix-list seq permit Configures a filter to permit route filtering from a specified prefix list. Syntax ipv6 prefix-list [name] seq num permit A::B/x [ge | le} prefix-len Parameters • name — Enter the name of the prefix list. • num — Enter the sequence list number. • A.B.C.
Example (Controlplane ACL) OS10# configure terminal OS10(config)# control-plane OS10(config-control-plane)# ipv6 access-group aaa-cp-acl in Supported Releases 10.2.0E or later; 10.4.1 or later (control-plane ACL) ipv6 access-list Creates an IP access list to filter based on an IPv6 address. Syntax ipv6 access-list access-list-name Parameters access-list-name — Enter the name of an IPv6 access list. A maximum of 140 characters.
• description — Enter the description for the named prefix-list. Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the specified prefix list. Example OS10(config)# ipv6 prefix-list TEST description TEST_LIST Supported Release 10.3.0E or later ipv6 prefix-list permit Creates a prefix-list to permit route filtering from a specified IPv6 network address.
Example OS10(config)# ipv6 prefix-list TEST seq 65535 deny AB20::1/128 ge 10 Supported Release 10.3.0E or later ipv6 prefix-list seq permit Configures a filter to permit route filtering from a specified prefix-list. Syntax Parameters ipv6 prefix-list [name] seq num permit A::B/x [ge | le} prefix-len • name — (Optional) Enter the name of the IPv6 prefix-list. • num — Enter the sequence number of the specified IPv6 prefix list. • A::B/x — Enter the IPv6 address and mask in /prefix format (/x).
Example (Controlplane ACL) OS10# configure terminal OS10(config)# control-plane OS10(config-control-plane)# mac access-group maclist in Supported Releases 10.2.0E or later; 10.4.1 or later (control-plane ACL) mac access-list Creates a MAC access list to filter based on a MAC address. Syntax mac access-list access-list-name Parameters access-list-name — Enter the name of a MAC access list. A maximum of 140 characters.
Example OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# permit udp any any capture session 1 Supported Releases 10.2.0E or later permit (IPv6) Configures a filter to allow packets with a specific IPv6 address.
– cos — (Optional) Enter the CoS value, from 0 to 7. – vlan — (Optional) Enter the VLAN number, from 1 to 4093. Default Not configured Command Mode MAC-ACL Usage Information The no version of this command removes the filter. Example OS10(config)# mac access-list macacl OS10(conf-mac-acl)# permit 00:00:00:00:11:11 00:00:11:11:11:11 any cos 7 OS10(conf-mac-acl)# permit 00:00:00:00:11:11 00:00:11:11:11:11 any vlan 2 Supported Releases 10.2.
– dscp value — (Optional) Permit a packet based on the DSCP values, from 0 to 63. – fragment — (Optional) Use ACLs to control packet fragments. • host ipv6-address — (Optional) Enter the IPv6 address to use a host address only. Default Not configured Command Mode IPV6-ACL Usage Information The no version of this command removes the filter. Example OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# permit icmp any any capture session 1 Supported Releases 10.2.
– dscp value — (Optional) Enter to deny a packet based on the DSCP values, from 0 to 63. – fragment — (Optional) Enter to use ACLs to control packet fragments. • host ipv6–address — Enter the IPv6 address to use a host address only. Default Not configured Command Mode IPV6-ACL Usage Information The no version of this command removes the filter. Example OS10(conf-ipv6-acl)# permit ipv6 any any count capture session 1 Supported Releases 10.2.
Usage Information The no version of this command removes the filter. Example OS10(conf-ipv4-acl)# permit tcp any any capture session 1 Supported Releases 10.2.0E or later permit tcp (IPv6) Configures a filter to permit TCP packets meeting the filter criteria.
– lt — (Optional) Permit packets which are less than. – gt — (Optional) Permit packets which are greater than. – neq — (Optional) Permit packets which are not equal to. – range — (Optional) Permit packets with a specific source and destination address. – ack — (Optional) Set the bit as acknowledgement. – fin — (Optional) Set the bit as finish—no more data from sender. – psh — (Optional) Set the bit as push. – rst — (Optional) Set the bit as reset. – syn — (Optional) Set the bit as synchronize.
– gt — Greater than – lt — Lesser than – neq — Not equal to – range — Range of ports, including the specified port numbers. • host ipv6-address — (Optional) Enter the keyword and the IPv6 address to use a host address only. Default Not configured Command Mode IPV6-ACL Usage Information The no version of this command removes the filter. Example OS10(conf-ipv6-acl)# permit udp any any capture session 1 count Supported Releases 10.2.0E or later remark Specifies an ACL entry description.
– dscp value — (Optional) Permit a packet based on the DSCP values, from 0 to 63. – fragment — (Optional) Use ACLs to control packet fragments. • host ip-address — (Optional) Enter the IPv4 address to use a host address only. Default Not configured Command Mode IPV4-ACL Usage Information The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number.
seq deny (MAC) Assigns a sequence number to a deny filter in a MAC access list while creating the filter. Syntax Parameters seq sequence-number deny {nn:nn:nn:nn:nn:nn [00:00:00:00:00:00] | any} {nn:nn:nn:nn:nn:nn [00:00:00:00:00:00] | any} [protocol-number | capture | cos | vlan] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • nn:nn:nn:nn:nn:nn — Enter the source MAC address.
Default Not configured Command Mode IPV4-ACL Usage Information The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. Example OS10(config)# ip access-list egress OS10(conf-ipv4-acl)# seq 5 deny icmp any any capture session 1 Supported Releases 10.2.0E or later seq deny icmp (IPv6) Assigns a sequence number to deny ICMP messages while creating the filter.
• any — (Optional) Set all routes which are subject to the filter: – capture — (Optional) Capture packets the filter processes. – dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63. – fragment — (Optional) Use ACLs to control packet fragments. • host ip-address — (Optional) Enter the IPv4 address to use a host address only.
seq deny tcp Assigns a filter to deny TCP packets while creating the filter. Syntax seq sequence-number deny tcp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [operator] ] [ack | fin | psh | rst | syn | urg] [capture | dscp value | fragment] Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A.B.C.D — Enter the IPv4 address in dotted decimal format. • A.B.
seq deny tcp (IPv6) Assigns a filter to deny TCP packets while creating the filter. Syntax Parameters seq sequence-number deny tcp [A::B | A::B/x | any | host ipv6-address [operator]] [A::B | A:B/x | any | host ipv6-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | dscp value | fragment] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A::B — Enter the IPv6 address in hexadecimal format separated by colons.
seq deny udp Assigns a filter to deny UDP packets while creating the filter. Syntax seq sequence-number deny udp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [operator] ] [ack | fin | psh | rst | syn | urg] [capture | dscp value | fragment] Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A.B.C.D — Enter the IPv4 address in dotted decimal format. • A.B.
seq deny udp (IPv6) Assigns a filter to deny UDP packets while creating the filter. Syntax Parameters seq sequence-number deny udp [A::B | A::B/x | any | host ipv6-address [operator]] [A::B | A:B/x | any | host ipv6-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | dscp value | fragment] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A::B — Enter the IPv6 address in hexadecimal format separated by colons.
seq permit Assigns a sequence number to permit packets while creating the filter. Syntax seq sequence-number permit [protocol-number A.B.C.D | A.B.C.D/x | any | host ip-address] [A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | dscp value| fragment]] Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • protocol-number — (Optional) Enter the protocol number, from 0 to 255. • A.B.C.
Default Not configured Command Mode IPV6-ACL Usage Information The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. Example OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# seq 10 permit ipv6 any any capture session 1 Supported Releases 10.2.0E or later seq permit (MAC) Assigns a sequence number to permit MAC addresses while creating a filter.
Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A.B.C.D — Enter the IPv4 address in dotted decimal format. • A.B.C.D/x — Enter the number of bits that must match the dotted decimal address. • any — (Optional) Set all routes are which subject to the filter: – capture — (Optional) Capture packets the filter processes. – dscp value — (Optional) Permit a packet based on the DSCP values, from 0 to 63.
seq permit ip Assigns a sequence number to allow packets while creating the filter. Syntax Parameters seq sequence-number permit ip [A.B.C.D | A.B.C.D/x | any | host ip-address] [A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | dscp value| fragment] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A.B.C.D — Enter the IPv4 address in dotted decimal format. • A.B.C.
Usage Information The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. Example OS10(config)# ipv6 access-list egress OS10(conf-ipv6-acl)# seq 5 permit ipv6 any any capture session 1 Supported Releases 10.2.0E or later seq permit tcp Assigns a sequence number to allow TCP packets while creating the filter. Syntax seq sequence-number permit tcp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.
seq permit tcp (IPv6) Assigns a sequence number to allow TCP IPv6 packets while creating the filter. Syntax Parameters seq sequence-number permit tcp [A::B | A::B/x | any | host ipv6-address [operator]] [A::B | A:B/x | any | host ipv6-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | dscp value| fragment] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214.
seq permit udp Assigns a sequence number to allow UDP packets while creating the filter. Syntax seq sequence-number permit udp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [operator] ] [ack | fin | psh | rst | syn | urg] [capture | dscp value | fragment] Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A.B.C.
seq permit udp (IPv6) Assigns a sequence number to allow UDP IPv6 packets while creating a filter. Syntax Parameters seq sequence-number permit udp [A::B | A::B/x | any | host ipv6-address [operator]] [A::B | A:B/x | any | host ipv6-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | dscp value | fragment] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214.
Parameters • ip — View IP access group information. • mac — View MAC access group information. • ipv6 — View IPv6 access group information. • access-group name — Enter the name of the access group.
Example (MAC In) OS10# show mac access-lists in Ingress MAC access list aaa Active on interfaces : ethernet1/1/1 ethernet1/1/2 seq 10 permit any any seq 20 permit 11:11:11:11:11:11 22:22:22:22:22:22 any monitor Example (MAC Out) OS10# show mac access-lists out Egress MAC access list aaa Active on interfaces : ethernet1/1/1 ethernet1/1/2 seq 10 permit any any seq 20 permit 11:11:11:11:11:11 22:22:22:22:22:22 any monitor Example (IP In) OS10# show ip access-lists in Ingress IP access list aaaa Active on in
Example (IPv6 In Control-plane ACL) OS10# show ipv6 access-lists in Ingress IPV6 access-list aaa-cp-acl Active on interfaces : control-plane data seq 10 permit ipv6 any any control-plane mgmt seq 10 permit ipv6 any any Example (MAC In Control-plane ACL) OS10# show mac access-lists in Ingress MAC access-list mac-cp1 Active on interfaces : control-plane data seq 10 deny any any count (159 packets) Supported Releases 10.2.0E or later; 10.4.
Supported Releases 10.4.2.1 and later show acl-table-usage detail Displays the ingress and egress ACL tables, the features that are used, and their space utilizations. Syntax show acl-table-usage detail Parameters None Default None Command Mode EXEC Usage Information The hardware pool displays the ingress application groups (pools), the features mapped to each of these groups, and the amou space available in each of the pools.
3 USER_IPV4_ACL 0 512 512 4 USER_IPV4_ACL 0 512 512 5 FREE 0 512 512 6 USER_IPV6_ACL 0 512 512 7 USER_IPV6_ACL 0 512 512 8 USER_IPV6_ACL 0 512 512 9 USER_L2_ACL 0 512 512 10 USER_L2_ACL 0 512 512 11 FREE 0 512 512 ---------------------------------------------------------------------------------------Service Pools ---------------------------------------------------------------------------------------App Allocated pools App group Configured rules Used rows Free r ----------------------------------------------
---------------------------------------------------------------------------------------Pool ID App(s) Used rows Free r ---------------------------------------------------------------------------------------0 FREE 0 256 256 1 FREE 0 256 256 2 FREE 0 256 256 3 FREE 0 256 256 ---------------------------------------------------------------------------------------Service Pools ---------------------------------------------------------------------------------------App Allocated pools App group Configured rules Use
Service Pools ---------------------------------------------------------------------------------------App Allocated pools App group Configured rules Used rows Free r ---------------------------------------------------------------------------------------USER_L2_ACL_EGRESS Shared:1 G1 1 2 254 256 USER_IPV4_EGRESS Shared:1 G0 1 2 254 256 USER_IPV6_EGRESS Shared:2 G2 1 2 254 Supported Releases 10.4.2 and later show ip as-path-access-list Displays the configured AS path access lists.
show ip extcommunity-list Displays the configured IP external community lists in alphabetic order. Syntax show ip extcommunity-list [name] Parameters name — (Optional) Enter the name of the extended IP external community list. A maximum of 140 characters. Defaults None Command Mode EXEC Usage Information None Example OS10# show ip extcommunity-list Standard Extended Community List hello permit RT:1:1 deny SOO:1:4 Supported Releases 10.3.
continue Configures the next sequence of the route map. Syntax continue seq-number Parameters seq-number — Enter the next sequence number, from 1 to 65535. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes a match. Example OS10(config)# route-map bgp OS10(conf-route-map)# continue 65535 Supported Releases 10.3.0E or later match as-path Configures a filter to match routes that have a certain AS path in their BGP paths.
Supported Releases 10.3.0E or later match extcommunity Configures a filter to match routes that have a certain EXTCOMMUNITY attribute in their BGP path. Syntax Parameters match extcommunity extcommunity-list-name [exact-match] • extcommunity-list-name — Enter the name of a configured extcommunity list. • exact-match — (Optional) Select only those routes with the specified extcommunity list name.
• access-list-name — Enter the name of the configured access list. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes a match. Example OS10(config)# route-map bgp OS10(conf-route-map)# match ip address Supported Releases prefix-list test10 10.3.0E or later match ip next-hop Configures a filter to match based on the next-hop IP addresses specified in IP prefix lists.
match ipv6 next-hop Configures a filter to match based on the next-hop IPv6 addresses specified in IP prefix lists. Syntax match ipv6 next-hop prefix-list prefix-list Parameters prefix-list — Enter the name of the configured prefix list. A maximum of 140 characters. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes the match.
Supported Releases 10.3.0E or later match route-type Configures a filter to match routes based on how the route is defined. Syntax match route-type {{external {type-1 | type-2} | internal | local } Parameters • external — Match only on external OSPF routes. Enter the keyword then one of the following: – type–1 — Match only on OSPF Type 1 routes. – type–2 — Match only on OSPF Type 2 routes. • • internal — Match only on routes generated within OSPF areas.
• sequence-number — (Optional) Enter the number to identify the route-map for editing and sequencing number from 1 to 65535. The default is 10. • permit — (Optional) Set the route-map default as permit. • deny — (Optional) Set the route default as deny. Default Not configured Command Mode CONFIGURATION Usage Information NOTE: Exercise caution when you delete route-maps — if you do not enter a sequence number, all route-maps with the same map-name are deleted.
the insertion set community command . To add communities in a community list to the COMMUNITY attribute in a BGP route, use the set comm-list add command. Example OS10(config)# route-map bgp OS10(conf-route-map)# set comm-list comlist1 delete Supported Releases 10.3.0E or later set community Sets the community attribute in BGP updates. Syntax set community {none | community-number} Parameters • none — Enter to remove the community attribute from routes meeting the route map criteria.
set extcomm-list delete Remove communities in the specified list from the EXTCOMMUNITY attribute in a matching inbound or outbound BGP route. Syntax set extcomm-list extcommunity-list-name delete Parameter extcommunity-list-name — Enter the name of an established extcommunity list. A maximum of 140 characters. Defaults None Command Mode ROUTE-MAP Usage Information To add communities in an extcommunity list to the EXTCOMMUNITY attribute in a BGP route, use the set extcomm-list add command.
Command Mode ROUTE-MAP Usage Information This command changes the LOCAL_PREF attribute for routes meeting the route map criteria. To change the LOCAL_PREF for all routes, use the bgp default local-preference command. The no version of this command removes the LOCAL_PREF attribute. Example OS10(conf-route-map)# set local-preference 200 Supported Releases 10.2.0E or later set metric Set a metric value for a routing protocol.
Affects BGP behavior only in outbound route maps and has no effect on other types of route maps. If the route map contains both a set metric-type and a set metric clause, the set metric clause takes precedence. If you enter the internal metric type in a BGP outbound route map, BGP sets the MED of the advertised routes to the IGP cost of the next hop of the advertised route. If the cost of the next hop changes, BGP is not forced to readvertise the route.
• incomplete — Enter to not advertise to peers. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes the set clause from a route map. Example OS10(conf-route-map)# set origin egp Supported Releases 10.2.0E or later set tag Sets a tag for redistributed routes. Syntax set tag tag-value Parameters tag-value — Enter a tag number for the route to redistribute, from 0 to 4294967295.
Command Mode EXEC Usage Information None Example OS10# show route-map route-map abc, permit, sequence 10 Match clauses: ip address (access-lists): hello as-path abc community hello metric 2 origin egp route-type external type-1 tag 10 Set clauses: metric-type type-1 origin igp tag 100 Supported Releases 10.3.
11 Quality of service Quality of service (QoS) reserves network resources for highly critical application traffic with precedence over less critical application traffic. QoS prioritizes different types of traffic and ensures quality of service. You can control the following traffic flow parameters: Delay, Bandwidth, Jitter, and Drop. Different QoS features control the traffic flow parameters, as the traffic traverses a network device from ingress to egress interfaces.
Configuring QoS is a three-step process: 1 2 Create class-maps to classify the traffic flows. The following are the different types of class-maps: • qos (default)—Classifies ingress data traffic. • queuing —Classifies egress queues. • control-plane—Classifies control-plane traffic. • network-qos—Classifies traffic-class IDs for ingress buffer configurations. • application —Classifies application-type traffic. The reserved policy-map policy-iscsi defines the actions for class-iscsi traffic.
• Apply queuing policies in the output direction on physical interfaces or in System-Qos mode. • Apply a application type policy-map in System-Qos mode. When you apply a policy on a system, the policy is effective on all the ports in the system. However, the interface-level policy takes precedence over the system-level policy. Ingress traffic classification Ingress traffic can either be data or control traffic.
2 Define the set of dot1p values mapped to traffic-class, the qos-group ID. OS10(config-tmap-dot1p-map)# qos-group 3 dot1p 0-4 OS10(config-tmap-dot1p-map)# qos-group 5 dot1p 5-7 3 Verify the map entries. OS10# show qos maps type trust-map-dot1p dot1p-trust-map DOT1P Priority to Traffic-Class Map : dot1p-trust-map Traffic-Class DOT1P Priority ------------------------------- 4 3 0-4 5 5-7 Apply the map on a specific interface or on system-qos, global level.
DSCP values TC id Color 24-27 3 G 28-31 3 Y 32-35 4 G 36-39 4 Y 40-43 5 G 44-47 5 Y 48-51 6 G 52-55 6 Y 56-59 7 G 60-62 7 Y 63 7 R User–defined DCSP trust map Override the default mapping by creating a user-defined DSCP trust map. All the unspecified DSCP entries mapp to the default traffic class ID 0. Configure user–defined DSCP trust map 1 Create a DSCP trust map.
1 Create a default DSCP trust map. OS10(config)# trust dscp-map default OS10(config-tmap-dscp-map)# 2 Apply the map on a specific interface or on system-qos global level. • Interface level OS10(conf-if-eth1/1/1)# trust-map dscp default • System-qos level OS10(config-sys-qos)# trust-map dscp default ACL based classification Classify the ingress traffic by matching the packet fields using ACL entries. Classify the traffic flows based on QoS-specific fields or generic fields, using IP or MAC ACLs.
• Pre-defined IP access-list OS10(config-cmap-qos)# match ip access-group name ip-acl-1 • Pre-defined IPv6 access-list OS10(config-cmap-qos)#match ipv6 access-group name ACLv6 • Pre-defined MAC access-list OS10(config-cmap-qos)# match mac access-group name mac-acl-1 3 Create a qos-type policy-map to refer the classes to. OS10(config)# policy-map cos-policy 4 Refer the class-maps in the policy-map and define the required action for the flows.
Control-plane policing Control-plane policing (CoPP) increases security on the system by protecting the route processor from unnecessary traffic and giving priority to important control plane and management traffic. CoPP uses a dedicated control plane configuration through the QoS CLIs to set rate-limiting capabilities for control plane packets.
By default, CoPP traffic towards the CPU is classified into different queues as shown below. Table 46. CoPP: Protocol mappings to queues - prior to release 10.4.2 Queue Protocol 0 IPv6 1 — 2 IGMP 3 VLT, NDS 4 ICMPv6, ICMPv4 5 ARP Request, ICMPV6-RS-NS, ISCSI snooping, ISCSI-COS 6 ICMPv6-RA-NA, SSH, TELNET, TACACS, NTP, FTP 7 RSTP,PVST, MSTP,LACP 8 Dot1X,LLDP, FCOE-FPORT 9 BGPv4, OSPFv6 10 DHCPv6, DHCPv4, VRRP 11 OSPF Hello, OpenFlow Table 47.
Queue Protocols Minimum rate limit Maximum rate (in pps) limit (in pps) Minimum guaranteed buffer (in bytes) Static shared limit (in bytes) 10 LACP 600 1000 1664 48880 11 STP, RSTP, MSTP 400 400 1664 48880 12 DOT1X, LLDP 500 500 1664 48880 13 IPv6 OSPF 600 1000 1664 48880 14 IPv4 OSPF 600 1000 1664 48880 15 BGP 600 1000 1664 48880 16 IPv4 DHCP, IPv6 DHCP 500 500 1664 48880 17 VRRP 600 1000 1664 48880 18 BFD 700 700 1664 48880 19 Remote CPS 700 10
Create QoS policy for CoPP OS10(config)# class-map type control-plane copp OS10(conf-cmap-control-plane)# exit OS10(config)# policy-map type control-plane copp1 OS10(conf-pmap-control-plane)# class copp OS10(conf-pmap-c)# set qos-group 2 OS10(conf-pmap-c)# police cir 100 pir 100 View policy-map OS10(conf-pmap-c)# do show policy-map Service-policy(control-plane) input: copp1 Class-map (control-plane): copp set qos-group 2 police cir 100 bc 100 pir 100 be 100 Assign service-policy Rate controlling the traffi
Protocols 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 600 1000 400 600 500 500 500 500 500 600 600 400 500 600 600 600 500 600 700 700 ISCSI IGMP MLD VLT NDS IPV6_ICMP IPV4_ICMP ICMPV6_RS ICMPV6_NS ICMPV6_RA ARP_REQ SERVICEABILITY ARP_RESP SSH TELNET TACACS NTP FTP FCOE LACP RSTP PVST MSTP DOT1X LLDP IPV6_OSPF IPV4_OSPF OSPF_HELLO BGP IPV6_DHCP IPV4_DHCP VRRP BFD OPEN_FLOW REMOTE CPS View CoPP statistics OS10# show control-plane statistics Queue Packets 0 26 1 0 2 0 3 0 4 36 5 36 6 919 7 67 8 0 9 0
Table 48. Default mapping of traffic class ID to queue Traffic class ID Queue ID 0 0 1 1 2 2 3 3 4 4 5 5 6 6 7 7 User–defined QoS map You can override the default mapping by creating a QoS map. Configure user–defined QoS map 1 Create a QoS map. OS10(config)# qos-map traffic-class tc-q-map 2 Define the set of traffic class values mapped to a queue. OS10(config-qos-map)# queue 3 qos-group 0-3 3 Verify the map entries.
• When traffic arrives at a rate less than the committed rate, the color is green. • When traffic propagates at an average rate greater than or equal to the committed rate and less than peak-rate, the color is yellow. • When the traffic rate is above the configured peak-rate, the traffic drops to guarantee a bandwidth limit for an ingress traffic flow. Peak rate is the maximum rate for traffic arriving or leaving an interface under normal traffic conditions.
2 Create a QoS type policy-map to color the traffic flow. OS10(config)# policy-map ect-color OS10(config-pmap-qos)# class cmap-dscp-3-ect OS10(config-pmap-c-qos)# set qos-group 3 OS10(config-pmap-c-qos)# set color yellow Modify packet fields You can modify the value of CoS or DSCP fields. 1 Create a QoS type class-map to match a traffic flow. OS10(config)# class-map cmap-dscp-3 OS10(config-cmap-qos)# match ip dscp 3 2 Modify the policy-map to update the DSCP field.
4 Create a queuing type policy-map and configure a policy-map name in CONFIGURATION mode. policy-map type queuing policy-map-name 5 Configure a queuing class in POLICY-MAP mode. class class-name 6 Assign a bandwidth percent, from 1 to 100 to nonpriority queues in POLICY-MAP-CLASS-MAP mode.
1 Define a policy-map and create a policy-map name CONFIGURATION mode. policy-map type queuing policy-map-name 2 Create a QoS class and configure a name for the policy-map in POLICY-MAP mode. class class-map-name 3 Set the scheduler as strict priority in POLICY-MAP-CLASS-MAP mode. priority Apply policy-map 1 Apply the policy-map to the interface in INTERFACE mode or all interfaces in SYSTEM-QOS mode.
– Lossless pool (PFC) • Egress buffer pools: – Lossy pool (default) – Lossless pool (PFC) – CPU pool (CPU control traffic) For example, when all ports are allocated as reserved buffers from the lossy (default) pool, the remaining buffers in the lossy pool are shared across all ports, except the CPU port. When you enable priority flow control (PFC) on the ports, all the PFC-enabled queues and priority-groups use the buffers from the lossless pool. OS10 dedicates a separate buffer pool for CPU traffic.
Table 51. Default settings for PFC Speed 10G 25G 40G 50G 100G Default reserved buffer for S4000, S4048–ON, S6010–ON 9KB NA 9KB NA NA Default reserved buffer for S41xx, Z9100–ON 9KB 9KB 18KB 18KB 36KB Default Xoff threshold 36KB 45KB 75KB 91KB 142KB Default Xon threshold 9KB 9KB 9KB 9KB 9KB Default dynamic share buffer threshold (alpha value) 9KB 9KB 9KB 9KB 9KB NOTE: The supported speed varies for different platforms.
• Explicit congestion notification (ECN)—This is an extension of WRED. Instead of dropping the packets when the average queue length crosses the minimum threshold values, ECN marks the Congestion Experienced (CE) bit of the ECN field in a packet as ECNcapable traffic (ECT). 1 Configure a WRED profile in CONFIGURATION mode. OS10(config)# wred wred_prof_1 2 Configure WRED threshold parameters for different colors in WRED CONFIGURATION mode.
11 Enable ECN globally. OS10(config-sys-qos)#random-detect ecn After you enable ECN globally, ECN marks the CE bit of the ECN field in a packet as ECT. In the S4200–ON Series platform, configure separate thresholds for ECN capable traffic (ECT). If you enable ECN, ECT is marked based on the configured ECN threshold and non-ECT drops based on the WRED thresholds. Storm control Traffic storms created by packet flooding or other reasons may degrade the performance of the network.
3 Create a VLAN. In this example, we use VLAN 55 to switch the RoCE traffic. You can configure any value from 1 to 4093. OS10 (config)# interface vlan 55 4 Create a network-qos type class-map for priority flow control (PFC). OS10 (config)# class-map type network-qos pfcdot1p3 OS10 (config)# match qos-group 3 5 Create queuing-type class-maps for enhanced transmission selection (ETS).
bandwidth Assigns a percentage of weight to the queue. Syntax bandwidth percent value Parameters percent value — Enter the percentage assignment of bandwidth to the queue, from 1 to 100. Default Not configured Command Mode POLICY-MAP QUEUE Usage Information If you configure this command, you cannot use the priority command for the class. Example OS10(conf-pmap-que)# bandwidth percent 70 Supported Releases 10.2.0E or later class Creates a QoS class for a type of policy-map.
Defaults • qos — Enter a qos type class-map. • queuing — Enter a queueing type class-map. • control-plane — Enter a control-plane type class-map. • match-all — Determines how packets are evaluated when multiple match criteria exist. Enter the keyword to determine that all packets must meet the match criteria to be assigned to a class. • match-any — Determines how packets are evaluated when multiple match criteria exist.
Example OS10# clear qos statistics Supported Releases 10.2.0E or later clear qos statistics type Clears all queue counters for control-plane, qos, and queueing. Syntax clear qos statistics type {{qos | queuing | control-plane} [interface ethernet node/slot/port[:subport]]} Parameters • qos — Clears qos type statistics. • queuing — Clears queueing type statistics. • control-plane — Clears control-plane type statistics.
control-plane-buffer-size Configures the buffer size for the CPU pool. Syntax control-plane-buffer-size size-of-buffer-pool Parameters size-of-buffer-pool — Enter the buffer size in KB, from 620 KB to 900 KB. Default None Command Mode SYSTEM-QOS Usage Information This command configures the buffer size of the CPU pool. The system allocates a buffer size for CPU pool from the total system buffer.
match Configures match criteria for the QoS policy. Syntax match {cos cos-number | ip [access-group name name | dscp dscp-value | precedence value] | ipv6 [access-group name name [set dscp dscp-value]] | mac access-group acl-name | not [ip | cos] vlan vlan-id} [set dscp dscp-value] Parameters • cos cos—number — Enter a queue number for the CoS match criteria, from 0 to 7. • ip — Enter the IPv4 match criteria. • access-group name name — (Optional) Enter the IPv4 access-group name.
Example OS10(conf-cmap-qos)# match cos 3 Supported Releases 10.2.0E or later match dscp Configures a DSCP value as a match criteria for a class-map. Syntax Parameters match [not] {ip | ipv6 | ip-any } dscp [dscp-list | dscp-list] • not — (Optional) Enter to cancel a previously applied match criteria. • ip — Enter to use IPv4 as the match protocol. • ipv6 — Enter to use IPv6 as the match protocol. • ip-any — Enter to use both IPv4 and IPv6 as the match protocol.
match queue Configures a match criteria for a queue. Syntax match queue queue-number Parameters queue-number — Enter a queue number, from 0 to 7. Default Not configured Command Mode CLASS-MAP Usage Information You can configure this command only when the class-map type is queuing. You cannot enter two match statements with the same filter-type. If you enter two match statements with the same filter-type, the second statement overwrites the first statement.
pause Enables a pause based on buffer limits for the port to start or stop communication to the peer. Syntax Parameters pause [buffer-size size pause-threshold xoff-size resume-threshold xon-size] • buffer-size size — (Optional) Enter the ingress buffer size used as a guaranteed buffer in KB, . – Default values for PFC: 10G, 25G–183KB, 40G–375KB, 100G–446KB – Default values for LLFC: 10G,25G–207.5KB, 40G,100G–300.
NOTE: The range 0-7 is invalid. All other ranges, including 0-6 and 1-7 are valid. Default Not configured Command Mode POLICY-MAP-CLASS-MAP Usage Information To configure link-level flow-control, do not configure pfc-cos for the matched class for this policy. Add the policy-map with the pfc-cos configuration to system-qos to service an input to enable priority flow-control behavior on all ports, based on a per-port Priority Flow-Control Enable mode.
Example OS10(conf-sys-qos)# pfc-shared-buffer-size 2000 Supported Releases 10.3.0E or later pfc-shared-headroom-buffer-size Configures the shared headroom size for absorbing the packets after pause frames generate.
Example OS10(conf-pmap-c-qos)# police cir 5 bc 30 pir 20 be 40 Supported Releases 10.2.0E or later policy-map Enters QoS POLICY-MAP mode and creates or modifies a QoS policy-map. Syntax policy-map policy-map-name [type {qos | queuing | control-plane | application | network-qos }] Parameters • policy-map-name — Enter a class name for the policy-map. A maximum of 32 characters. • type — Enter the policy-map type. – qos — Create a qos policy-map type. – queuing — Create a queueing policy-map type.
priority-flow-control mode Enables or disables Priority Flow-Control mode on an interface. Syntax Parameters priority-flow-control mode [on] • on — (Optional) Enables Priority Flow-Control mode. Default Disabled Command Mode INTERFACE Usage Information Before enabling priority flow-control on a interface, verify a matching network-qos type policy is configured with the pfc-cos value for an interface.
• dscp values — (Optional) Enter either single, comma-delimited, or a hyphenated range of DSCP values, from 0 to 63. Default 0 Command Mode TRUST-MAP Usage Information If the trust map does not define DSCP values to any traffic class, those flows map to the default traffic class 0. If some of the DSCP values are already mapped to an existing traffic class, you will see an error. The no version of this command returns the value to the default.
OS10(conf-cmap-nqos-c)# pause buffer-size 45 pause-threshold 30 resumethreshold 10 OS10(conf-cmap-nqos-c)# queue-limit 150 Example (queue) OS10(config)# policy-map type queuing pmap1 OS10(config-pmap-queuing)# class cmap1 OS10(config-pmap-c-que)# queue-limit queue-len 100 OS10(config-pmap-c-que)# queue-limit thresh-mode static 50 Supported Releases 10.3.0E or later queue bandwidth Configures a bandwidth for a given queue on interface.
random-detect (interface) Assigns a WRED profile to the specified interface. Syntax random-detect wred-profile Parameters wred-profile — Enter the name of an existing WRED profile. Default Not configured Command Mode INTERFACE Usage Information The no version of this command removes the WRED profile from the interface. Example OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# random-detect test_wred Supported Releases 10.4.
Command Mode WRED CONFIGURATION Usage Information The no version of this command removes the WRED profile. Example OS10(config)# wred test_wred OS10(config-wred)# random-detect color green minimum-threshold 100 maximumthreshold 300 drop-probability 40 Supported Releases 10.4.0E(R1) or later random-detect ecn Enables explicit congestion notification (ECN) for the WRED profile.
Parameters • pool-value — Enter the pool value, from 0 to 1. • wred-profile-name — Enter the name of an existing WRED profile. Default Not configured Command Mode SYSTEM-QOS Usage Information The no version of this command removes the WRED profile from the interface. Example OS10(config)# system qos OS10(config-sys-qos)# random-detect pool 0 test_wred Supported Releases 10.4.
maps. When you configure interface-level policies and system-level policies, the interface-level policy takes precedence over the system-level policy. Example OS10(conf-if-eth1/1/7)# service-policy input type qos p1 Supported Releases 10.2.0E or later set cos Sets a cost of service (CoS) value to mark L2 802.1p (dot1p) packets. Syntax set cos cos-value Parameters cos-value — Enter a CoS value, from 0 to 7.
Usage Information This command supports only the qos or control-plane ingress policy type. When the class-map type is control-plane, the qos-group corresponds to CPU queues 0 to 11. When the class-map type is qos, the qosgroup corresponds to data queues 0 to 7. Example OS10(conf-pmap-c-qos)# set qos-group 7 Supported Releases 10.2.0E or later shape Shapes the outgoing traffic rate.
Usage Information This command displays all class-maps of qos, queuing, network-qos, or control-plane type. The class-map-name parameter displays all details of a configured class-map name. Example OS10# show class-map type qos c1 Class-map (qos): c1 (match-all) Match(not): ip-any dscp 10 Supported Releases 10.2.0E or later show control-plane buffers Displays the pool type, reserved buffer size, and the maximum threshold value for each of the CPU queues.
Usage Information None Example OS10# show control-plane buffer-stats Queue TX TX Used reserved Used shared pckts bytes buffers buffers ---------------------------------------------------------------------------0 0 0 0 0 1 0 0 0 0 2 0 0 0 0 3 0 0 0 0 4 0 0 0 0 5 0 0 0 0 6 0 0 0 0 7 1 68 0 0 8 0 0 0 0 9 0 0 0 0 10 0 0 0 0 11 34 2312 0 0 12 36 6084 0 0 13 0 0 0 0 14 0 0 0 0 15 0 0 0 0 16 0 0 0 0 17 0 0 0 0 18 0 0 0 0 19 0 0 0 0 Supported Releases 10.4.
18 19 Supported Releases 700 700 BFD OPEN_FLOW REMOTE CPS 10.2.0E or later show control-plane statistics Displays counters of all the CPU queue statistics.
OperStatus: On PFC Priorites: 0,4,7 Total Rx PFC Frames: 300 Total Tx PFC Frames: 200 Cos Rx Tx ----------------------0 0 0 1 0 0 2 0 0 3 300 200 4 0 0 5 0 0 6 0 0 7 0 0 Supported Releases 10.3.0E or later show qos interface Displays the QoS configuration applied to a specific interface. Syntax show qos interface ethernet node/slot/port[:subport] Parameters node/slot/port[:subport] — Enter the Ethernet interface information.
Command Mode EXEC Usage Information None Example OS10# show policy-map Service-policy(qos) input: p1 Class-map (qos): c1 set qos-group 1 Service-policy(qos) input: p2 Class-map (qos): c2 set qos-group 2 Supported Releases 10.2.0E or later show qos control-plane Displays the QoS configuration applied to the control-plane. Syntax show qos control-plane Parameters None Default Not configured Command Mode EXEC Usage Information Monitors statistics for the control-plane and troubleshoots CoPP.
7 OS10# Supported Releases lossy 1792 dynamic 8 10.3.0E or later show egress buffer-stats interface Displays the buffers statistics for the egress interface. Syntax show egress buffer-stats interface [interface node/slot/port[:subport]] Parameters • interface — (Optional) Enter the interface type. • node/slot/port[:subport] — (Optional) Enter the port information.
0 1 2 3 4 5 6 7 Supported Releases 145152 - - - 98304 - - 89088 - 10.3.0E or later show ingress buffer-stats interface Displays the buffers statistics for the ingress interface. Syntax Parameters show ingress buffer-stats interface [interface node/slot/port[:subport]] • interface — (Optional) Enter the interface type. • node/slot/port[:subport] — (Optional) Enter the port information.
Usage Information Use this command to view all queuing counters. WRED counters are available only at the port level. Example OS10# show queuing statistics interface ethernet 1/1/1 Interface ethernet1/1/1 (All queues) Description Packets Bytes Output 0 0 Dropped 0 0 Green Drop 0 0 Yellow Drop 0 0 Red drop 0 0 Example (Queue) OS10# show queuing statistics interface ethernet 1/1/1 queue 3 Interface ethernet1/1/1 Queue 3 Description Packets Bytes Output 0 0 Dropped 0 0 Supported Releases 10.2.
Total shared lossless buffers Total used shared lossless buffers Total lossy buffers Total shared lossy buffers Total used shared lossy buffers - 0 11567 11192 0 The following command is supported on Z9100-ON and Z9264F-ON platforms.
Total shared lossy buffers Total used shared lossy buffers MMU 3 Total lossy buffers Total shared lossy buffers Total used shared lossy buffers Supported Releases - 8484 - 0 - 10597 - 8484 - 0 10.3.0E or later show qos maps Displays the active system trust map. Syntax show qos maps type {tc-queue | trust-map-dot1p | trust-map dscp} trust-map-name Parameters • dot1p — Enter to view the dot1p trust map. • dscp — Enter to view the DSCP trust map.
Traffic-Class DOT1P Priority ------------------------------0 2 1 3 2 4 3 5 4 6 5 7 6 1 DSCP Priority to Traffic-Class Map : dscp-trustmap1 Traffic-Class DSCP Priority ------------------------------0 8-15 2 16-23 1 0-7 Default Dot1p Priority to Traffic-Class Map Traffic-Class DOT1P Priority ------------------------------0 1 1 0 2 2 3 3 4 4 5 5 6 6 7 7 Default Dscp Priority to Traffic-Class Map Traffic-Class DSCP Priority ------------------------------0 0-7 1 8-15 2 16-23 3 24-31 4 32-39 5 40-47 6 48-55 7 56-
show qos wred-profile Displays the details of WRED profile configuration. Syntax show qos wred—profile [wred-profile-name] Parameters wred-profile-name — (Optional) Enter the Ethernet interface information.
Usage Information None Example OS10(config)# system qos OS10(config-sys-qos)# Supported Releases 10.2.0E or later trust-map Configures trust map on an interface or on system QoS. Syntax Parameters trust—map {dot1p | dscp} {default | trust-map-name} • dot1p — Apply dot1p trust map. • dscp — Apply dscp trust map. • default — Apply default dot1p or dscp trust map. • trust-map-name — Enter the name of trust map.
Example OS10(config)# trust dot1p-map map1 OS10(config-tmap-dot1p-map)# qos-group 4 dot1p 5 Supported Releases 10.3.0E or later trust dscp-map Creates user-defined trust map for DSCP flows. Syntax trust dscp-map map-name Parameters map-name — Enter the name of the DSCP trust map. A maximum of 32 characters. Default Not configured Command Mode CONFIGURATION Usage Information default-dscp-trust is a reserved trust-map name. If you enable trust, traffic obeys this trust map.
• default— Applies a default trust map. Default Disabled Command Mode SYSTEM-QOS INTERFACE Usage Information Use the show qos maps type [tc-queue | trust-map-dot1p | trust-map-dscp] [string] command to view the current trust mapping. You must change the trust map only during no traffic flow. Verify the correct policy maps are applied. The no version of this command returns the value to the default.
12 Virtual Link Trunking Virtual Link Trunking (VLT) is a Layer 2 (L2) aggregate protocol between end devices such as servers connected to different network devices. VLT reduces the role of Spanning Tree Protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distributions or core switches.
L3 VLAN connectivity Enable L3 VLAN connectivity, VLANs assigned with an IP address, on VLT peers by configuring a VLAN interface for the same VLAN on both devices. Optimized forwarding with VRRP To ensure the same behavior on both sides of the VLT nodes, VRRP requires state information coordination. VRRP Active-Active mode optimizes L3 forwarding over VLT. By default, VRRP Active-Active mode is enabled on all the VLAN interfaces.
VLT interconnect A VLT interconnect (VLTi) synchronizes states between VLT peers. OS10 automatically adds VLTi ports to VLANs spanned across VLT peers and does not add VLTi ports to VLANs configured on only one peer. • VLAN ID 4094 is reserved as an internal control VLAN for the VLT domain, and it is not user configurable. • The VLTi synchronizes L2 and L3 control-plane information across the two nodes.
RSTP configuration RSTP prevents loops during the VLT startup phase. If required, configure RSTP in the network, before you configure VLT on peer switches. • Enable RSTP on each peer node in CONFIGURATION mode.
View RPVST+ information on VLT OS10# show spanning-tree virtual-interface VFP(VirtualFabricPort) of vlan 100 is Designated Blocking Edge port: No (default) Link type: point-to-point (auto) Boundary: No, Bpdu-filter: Disable, Bpdu-Guard: Disable, Shutdown-on-Bpdu-Guard-violation: No Root-Guard: Disable, Loop-Guard: Disable Bpdus (MRecords) Sent: 7, Received: 9 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ---------------------------------------------------------------------------------
VLTi configuration Before you configure VLTi on peer interfaces, remove each interface from L2 mode with the no switchport command. For more information, see VLT interconnect. 1 Enter the VLT domain ID to enter from CONFIGURATION mode. vlt-domain domain-id 2 Configure one or a hyphen-separated range of VLT peer interfaces to become a member of the VLTi in INTERFACE mode.
Delay restore timer When a VLT node boots up, restoration of VLT port status is deferred for a certain amount of time to enable VLT peers to complete the control data information exchange. If the peer VLT device was up at the time the VLTi link failed, the system allows a delay in bringing up of VLT ports after reload or peer-link restoration between the VLT peer switches.. When both the VLT peers are up and running, and if VLTi fails, the secondary peer brings down the VLT ports.
When VLT backup link is enabled, the secondary VLT peer 2 identifies the node liveliness through the backup link. If the primary is up, the secondary peer brings down the VLT LAG ports. Now the traffic from Host1 reaches VLT peer 1 and then reaches the destination, that is Host2. In this case the traffic is unicasted instead of flooding, as shown in the following illustration.
Prevention of loops during VLTi failure When VLTi is down, STP may fail to detect any loops in the system, which creates data loop in an L2 network. In the following illustration, STP is running in all the three switches. In the steady state, VLT peer 1 is elected as the root bridge. When VLTi is down, both the VLT nodes become primary. In this state, VLT peer 2 sends STP BPDU to TOR assuming that TOR sends BPDU to VLT peer 1.
When VLT backup link is enabled, the secondary VLT peer identifies the node liveliness of primary through the backup link. If the primary VLT peer is alive, the secondary VLT peer brings down the VLT LAG ports. In this scenario, the STP opens up the orphan port and there is no loop in the system as shown in the following illustration. Configure VLT port-channel A VLT port-channel links an attached device and VLT peer switches, also known as a virtual link trunk.
3 Repeat the steps on the VLT peer. Configure VLT LAG — peer 1 OS10(config)# interface port-channel 10 OS10(conf-if-po-10)# vlt-port-channel 1 Configure VLT LAG — peer 2 OS10(config)# interface port-channel 20 OS10(conf-if-po-20)# vlt-port-channel 1 VLT unicast routing VLT unicast routing enables optimized routing where packets destined for the L3 endpoint of the VLT peer are locally routed. IPv4 and IPv6 support VLT unicast routing. To enable VLT unicast routing, both VLT peers must be in L3 mode.
3 Repeat the steps on the VLT peer. Configure VRRP active-active mode — peer 1 OS10(conf-if-vl-10)# vrrp mode active-active Configure VRRP active-active mode — peer 2 OS10(conf-if-vl-10)# vrrp mode active-active View VRRP configuration OS10# show running-configuration interface vlan 10 ! interface vlan10 no shutdown vrrp mode active-active OS10# Migrate VMs across data centers OS10 switches support movement of virtual machines (VMs) across data centers using VRRP Active-Active mode.
• Server racks, Rack 1 and Rack 2, are part of data centers DC1 and DC2, respectively. • Rack 1 is connected to devices A1 and B1 in L2 network segment. • Rack 2 is connected to devices A2 and B2 in L2 network segment. • A VLT LAG is present between A1 and B1 as well as A2 and B2. • A1 and B1 connect to core routers, C1 and D1 with VLT routing enabled. • A2 and B2 connect to core routers, C2 and D2, with VLT routing enabled. • The data centers are connected through a direct link or eVLT.
• Configure VLT port channel for VLAN 100: C1(config)# interface port-channel 10 C1(conf-if-po-10)# vlt-port-channel 10 C1(conf-if-po-10)# switchport mode trunk C1(conf-if-po-10)# switchport trunk allowed vlan 100 C1(conf-if-po-10)# exit • Add members to port channel 10: C1(config)# interface ethernet 1/1/3 C1(conf-if-eth1/1/3)# channel-group 10 C1(conf-if-eth1/1/3)# exit C1(config)# interface ethernet 1/1/4 C1(conf-if-eth1/1/4)# channel-group 10 C1(conf-if-eth1/1/4)# exit • Configure OSPF on L3 side o
D1(conf-if-po-20)# switchport trunk allowed vlan 200 D1(conf-if-po-20)# exit • Add members to port channel 20: D1(config)# interface ethernet 1/1/5 D1(conf-if-eth1/1/5)# channel-group 20 D1(conf-if-eth1/1/5)# exit D1(config)# interface ethernet 1/1/6 D1(conf-if-eth1/1/6)# channel-group 20 D1(conf-if-eth1/1/6)# exit Sample configuration of C2: • Configure VRRP on L2 links between core routers: C2(config)# interface vlan 100 C2(conf-if-vl-100)# ip address 10.10.100.
• Add members to port channel 10: D2(config)# interface ethernet 1/1/3 D2(conf-if-eth1/1/3)# channel-group 10 D2(conf-if-eth1/1/3)# exit D2(config)# interface ethernet 1/1/4 D2(conf-if-eth1/1/4)# channel-group 10 D2(conf-if-eth1/1/4)# exit • Configure OSPF on L3 side of core router: D2(config)# router ospf 100 D2(conf-router-ospf-100)# exit D2(config)# interface vlan 200 D2(conf-if-vl-200)# ip ospf 100 area 0.0.0.
2 OS10# 34:17:eb:3a:c2:80 up fda5:74c8:b79e:1::2 View VLT role * indicates the local peer OS10# show vlt 1 role VLT Unit ID Role -----------------------* 1 primary 2 secondary View VLT mismatch — no mismatch OS10# show vlt 1 mismatch Peer-routing mismatch: No mismatch VLAN mismatch: No mismatch VLT VLAN mismatch: No mismatch View VLT mismatch — mismatch in VLT configuration OS10# show vlt 1 mismatch peer-routing Peer-routing mismatch: VLT Unit ID Peer-routing ----------------------------* 1 Enabled 2 Di
* 1 port-channel1 down 2 0 2 port-channel1 down 2 0 VLT port channel ID : 2 VLT Unit ID Port-Channel Status Configured ports Active ports ---------------------------------------------------------------------* 1 port-channel2 down 1 0 2 port-channel2 down 1 0 VLT port channel ID : 3 VLT Unit ID Port-Channel Status Configured ports Active ports ---------------------------------------------------------------------2 port-channel3 down 1 0 View VLT running configuration OS10# show running-configuration vlt ! vlt
delay-restore Configures a time interval to delay VLT ports bring up after reload or peer-link restoration between the VLT peer switches. Syntax delay-restore seconds Parameters seconds — Enter a delay time, in seconds, to delay bringing up VLT ports after the VLTi device is reloaded, from 1 to 1200. Default 90 seconds Command Mode VLT-DOMAIN Usage Information Use this command to delay the system from bringing up the VLT port for a brief period to allow L3 routing protocols to converge.
Usage Information The no version of this command disables L3 routing. Example OS10(conf-vlt-1)# peer-routing Supported Releases 10.2.0E or later peer-routing-timeout Configures the delay after which peer routing disables when the peer is not available. This command supports both IPv6 and IPv4. Syntax peer-routing-timeout value Parameters value — Enter the timeout value in seconds, from 0 to 65535.
Example OS10(conf-vlt-1)#primary-priority 2 Supported Releases 10.4.1.0 or later show spanning-tree virtual-interface Displays STP and RPVST+ information specific to VLT. Syntax show spanning-tree virtual-interface [detail] Parameters detail—(Optional) Displays detailed output.
Edge port: No (default) Link Type: Point-to-Point BPDU Sent: 101, Received: 21 Supported Releases 10.3.0E or later show vlt Displays information on a VLT domain. Syntax show vlt id Parameter id — Enter a VLT domain ID, from 1 to 255.
Heartbeat interval Heartbeat timeout Supported Releases : 1 : 3 10.3.1E or later show vlt mac-inconsistency Displays inconsistencies in dynamic MAC addresses learnt between VLT peers across spanned-vlans. Syntax show vlt mac-inconsistency Parameters None Default Not configured Command Mode EXEC Usage Information Use this command to check for a mismatch of MAC address table entries between VLT peers.
• virtual-network — Display mismatches in virtual network configurations between VLT peers. Default Not configured Command Mode EXEC Usage Information The * in the mismatch output indicates a local node entry.
* 1 2 1 2 Example (mismatch — Virtual Network (VN) name not available in the peer) OS10# show vlt all mismatch virtual-network Virtual Network Name Mismatch: VLT Unit ID Mismatch Virtual Network List ---------------------------------------------------------------------------1 10,104 * 2 - Example (mismatch of VLTi and VLAN) OS10# show vlt all mismatch virtual-network Virtual Network: 100 VLT Unit ID Configured VLTi-Vlans ---------------------------------------------------------------------------1 101 *
-----------------------* 1 primary 2 secondary Supported Releases 10.2.0E or later show vlt vlt-port-detail Displays detailed status information about VLT ports. Syntax show vlt id vlt-port-detail Parameters id — Enter a VLT domain ID, from 1 to 255. Default Not configured Command Mode EXEC Usage Information The * in the mismatch output indicates a local node entry.
vlt-port-channel Configures the ID used to map interfaces on VLT peers into a single VLT port-channel. Syntax vlt-port-channel vlt-lag-id Parameters vlt-lag-id — Enter a VLT port-channel ID, from 1 to 1024. Default Not configured Command Mode PORT-CHANNEL INTERFACE Usage Information Assign the same VLT port-channel ID to interfaces on VLT peers to create a VLT port-channel. The no version of this command removes the VLT port-channel ID configuration.
Command Mode VLAN INTERFACE Usage Information This command is applicable only for VLAN interfaces. In a non-VLT network, the backup VRRP gateway forwards L3 traffic. If you want to use VRRP groups on VLANs without VLT topology, disable the Active-Active functionality, to ensure that only the active VRRP gateway forwards L3 traffic. The no version of this command disables the configuration. Example OS10(conf-if-vl-10)# vrrp mode active-active Supported Releases 10.2.
13 Uplink Failure Detection Uplink failure detection (UFD) indicates the loss of upstream connectivity to servers connected to the switch. A switch provides upstream connectivity for devices, such as servers. If the switch loses upstream connectivity, the downstream devices also lose connectivity. However, the downstream devices do not generally receive an indication that the upstream connectivity was lost because connectivity to the switch is still operational. To solve this issue, use UFD.
Configure uplink failure detection Consider the following before configuring an uplink-state group: • You can assign a physical port or a port channel to an uplink-state group. • You can assign an interface to only one uplink-state group at a time. • You can designate the uplink-state group as either an upstream or downstream interface, but not both. • You can configure multiple uplink-state groups and operate them concurrently.
• If you do not assign upstream interfaces to an uplink-state group, the downstream interfaces are not disabled. Configuration: 1 Create an uplink-state group in CONFIGURATION mode. uplink-state-group group-id 2 Configure the upstream and downstream interfaces in UPLINK-STATE-GROUP mode. upstream {interface-type | interface-range[ track-vlt-status ] | VLTi} downstream {interface-type | interface-range} 3 (Optional) Disable uplink-state group tracking in UPLINK-STATE-GROUP mode.
Upstream Interfaces : eth1/1/35(Up) *po10(V:Up, ^P:Dwn) VLTi(NA) Downstream Interfaces : eth1/1/2(Up) *po20(V: Up,P: Up) OS10#show uplink-state-group 2 detail (Up): Interface up (Dwn): Interface down (Dis): Interface disabled (NA): Not Available *: VLT port-channel, V: VLT status, P: Peer Operational status ^: Tracking status Uplink State Group : 1 Name: iscsi_group, Status: Enabled, Up Upstream Interfaces : eth1/1/36(Up) *po30(^V:Up, P:Dwn) VLTi(Up) Downstream Interfaces : eth1/1/4(Up) *po20(V: Up,P: Up) O
Event VLT action on primary node VLT action on secondary node UFD action Reboot of VLT secondary peer No action After reboot, runs the delay restore timer. Both the upstream and downstream VLT portchannel remains disabled until the timer expires. UFD error-disables the downstream VLT port-channel as the upstream VLT portchannel is operationally down. After the timer expires, UFD receives operationally up of upstream VLT port-channel and sends clear errordisable of downstream VLT port-channel to IFM.
In the following example, the upstream member is part of VLT port-channel and the downstream member is an orphan port. The uplinkstate group includes the VLT port-channel, VLT node, and the downstream port. The configuration is symmetric on both the VLT nodes. In the following example, the downstream member is part of VLT port-channel and the upstream member is an orphan port. The uplinkstate group includes the VLT port-channel, VLT node, and the upstream port.
OS10 does not support adding a VLTi link member to the uplink-state group. You can add the VLTi link as upstream member to an uplinkstate group using the upstream VLTi command. If the VLTi link is not available in the system, OS10 allows adding the VLTi link as an upstream member. In this case, UFD starts tracking the operational status of the VLTi link when the link is available. Until the VLTi link is available, the show uplink-state-group details command displays the status of the link as NA.
clear ufd-disable Overrides the uplink-state group configuration and brings up the downstream interfaces. Syntax Parameters clear ufd-disable {interface interface-type | uplink-state-group group-id} • interface-type — Enter the interface type. • group-id — Enter the uplink state group ID, from 1 to 32. Default None Command Mode EXEC Usage Information This command manually brings up a disabled downstream interface that is in an UFD-disabled error state.
Command Mode UPLINK-STATE-GROUP Usage Information You cannot assign an interface that is already a member of an uplink-state group to another group. The no version of this command removes the interface from the uplink-state group. Example OS10(config)# uplink-state-group 1 OS10(conf-uplink-state-group-1)# downstream ethernet 1/1/1 Supported Releases 10.4.0E(R3) or later downstream auto-recover Enables auto-recovery of the disabled downstream interfaces.
Parameters None Default Disabled Command Mode UPLINK-STATE-GROUP Usage Information The no version of this command disables tracking of an uplink-state group. Example OS10(config)# uplink-state-group 1 OS10(conf-uplink-state-group-1)# enable Supported Releases 10.4.0E(R3) or later name Configures a descriptive name for the uplink-state group. Syntax name string Parameters string — Enter a description for the uplink-state group. A maximum of 32 characters.
show uplink-state-group Displays the configured uplink-state status. Syntax show uplink-state-group [group-id] [detail] Parameters • group-id — Enter the uplink group ID. The status of the specified group ID displays. • detail — Displays detailed information on the status of the uplink-state groups.
Available *: VLT port-channel, V: VLT status, P: Peer Operational status ^: Tracking status Uplink State Group : 1 Name: iscsi_group, Status: Enabled, Up Upstream Interfaces : eth1/1/36(Up) *po30(^V:Up, P:Dwn) VLTi(Up) Downstream Interfaces : eth1/1/4(Up) *po20(V: Up,P: Up) Supported Releases 10.4.0E(R3) or later uplink-state-group Creates an uplink-state group and enables upstream link tracking.
Supported Releases 870 10.4.
14 Converged data center services OS10 supports converged data center services, including IEEE 802.1 data center bridging (DCB) extensions to classic Ethernet. DCB provides I/O consolidation in a data center network. Each network device carries multiple traffic classes while ensuring lossless delivery of storage traffic with best-effort for local area network (LAN) traffic and latency-sensitive scheduling of service traffic. • 802.1Qbb — Priority flow control • 802.
PFC configuration notes • PFC is supported for 802.1p, dot1p priority traffic, from 0 to 7. FCoE traffic traditionally uses dot1p priority 3 — iSCSI storage traffic uses dot1p priority 4. • Configure PFC for ingress traffic by using network-qos class and policy maps, see Quality of Service. PFC-enabled traffic queues are treated as lossless queues. Configure the same network-qos policy map on all PFC-enabled ports.
Decide if you want to use the default 802.1p priority-to-traffic class (qos-group) mapping or configure a new map. By default, the qos class-trust class map is applies to ingress traffic. The class-trust class instructs OS10 interfaces to honor dot1p or differentiated services code point (DSCP) traffic. Dot1p Priority : 0 Traffic Class : 1 • 1 0 2 2 3 3 4 4 5 5 6 6 7 7 Apply the default trust map specifying that dot1p values are trusted in SYSTEM-QOS or INTERFACE mode.
Configure PFC PFC provides a pause mechanism based on the 802.1p priorities in ingress traffic. PFC prevents frame loss due to network congestion. Configure PFC lossless buffers, and enable pause frames for dot1p traffic on a per-interface basis. Repeat the PFC configuration on each PFC-enabled interface. PFC is disabled by default. Decide if you want to use the default dot1p-priority-to-traffic class mapping and the default traffic-class-to-queue mapping.
1 Apply the PFC service policy on an ingress interface or interface range in INTERFACE mode. interface ethernet node/slot/port:[subport] service-policy input type network-qos policy—map-name interface range ethernet node/slot/port:[subport]-node/slot/port[:subport] service-policy input type network-qos policy—map-name 2 Enable PFC without DCBX for FCoE and iSCSI traffic in INTERFACE mode. priority-flow-control mode on Configure PFC PFC is enabled on traffic classes with dot1p 3 and 4 traffic.
View PFC ingress buffer configuration OS10# show qos ingress buffers interface ethernet 1/1/1 Interface : ethernet1/1/1 Speed : 0 Priority-grp Reserved Shared-buffer Shared-buffer XOFF no buffer-size mode threshold threshol threshold --------------------------------------------------------------------------------------------------------------------------0 1 2 3 4 5 6 7 9360 static - 12779520 View PFC system buffer configuration OS10# show qos system ingress buffer All values are in kb Total buffers Total
4 5 6 7 0 0 0 0 0 0 0 0 0 0 0 0 PFC commands pause Configures the ingress buffer and pause frame settings used for PFC traffic classes. Syntax Parameters Defaults pause [buffer-size kilobytes pause-threshold kilobytes resume-threshold kilobytes] • buffer-size kilobytes — Enter the reserved (guaranteed) ingress-buffer size in kilobytes for PFC dot1p traffic, from 0 to 7787.
pfc-cos Configures the matching dot1p values used to send PFC pause frames. Syntax pfc-cos dot1p-priority Parameters dot1p-priority — Enter a single dot1p priority value for a PFC traffic class, from 1 to 7, a hyphen-separated range, or multiple dot1p values separated by commas.
priority-flow-control Enables PFC on ingress interfaces. Syntax priority-flow-control {mode on} Parameter mode on — Enable PFC for FCoE and iSCSI traffic on an interface without enabling DCBX. Default Disabled Command Mode INTERFACE Usage Information Before you enable PFC, apply a network-qos policy-class map with the specific PFC dot1p priority values to the interface.
Parameters None Default Not configured Command Mode EXEC Usage Information Use the details option to display PFC statistics on received/transmitted frames for each dot1p CoS value. Use the clear qos statistics interface ethernet 1/1/1 command to delete PFC statistics and restart the counter.
ETS configuration notes • ETS is supported on Layer2 (L2) 802.1p priority (dot1p 0 to 7) and Layer 3 (L3) DSCP (0 to 63) traffic. FCoE traffic uses dot1p priority 3 — iSCSI storage traffic uses dot1p priority 4. • Apply these maps and policies on interfaces: – Trust maps — OS10 interfaces do not honor the L2 and L3 priority fields in ingress traffic by default. Create a trust map to honor dot1p and DSCP classes of lossless traffic.
5 Create a queuing policy map in CONFIGURATION mode. Enter POLICY-CLASS-MAP mode and configure the percentage of bandwidth allocated to each traffic class-queue mapping. The sum of all DWRR-allocated bandwidth across ETS queues must be 100%, not including the strict priority queue. Otherwise, QoS automatically adjusts bandwidth percentages so that ETS queues always receive 100% bandwidth. The remaining non-ETS queues receive 1% bandwidth each.
OS10(config-pmap-queuing)# bandwidth percent 30 OS10(config-pmap-queuing)# exit OS10(config)# policy-map type queuing p2 OS10(config-pmap-queuing)# class c2 OS10(config-pmap-queuing)# bandwidth percent 70 OS10(config-pmap-queuing)# exit OS10(config)# system qos OS10(config-sys-qos)# trust-map dot1p dot1p_map1 OS10(config-sys-qos)# trust-map dscp dscp_map1 OS10(config-sys-qos)# qos-map traffic-class tc-q-map1 OS10(config-sys-qos)# ets mode on OS10(config-sys-qos)# service-policy input type qos pclass1 OS10(c
Data center bridging eXchange DCBX allows a switch to automatically discover and set up DCBX-enabled peers configured with compatible settings. In a converged data center network, DCBX provides plug-and-play capability for server, storage, and networking devices in an end-to-end solution. DCBX uses link layer discovery protocol (LLDP) to mediate automatic negotiation and device settings exchange, such as PFC and ETS.
• A DCBX-enabled port operates in a manual role by default. The port operates only with user-configured settings and does not autoconfigure with DCB settings received from a DCBX peer. When you enable DCBX, the port advertises its PFC and ETS configurations to peer devices but does not accept external, or propagate internal, DCB configurations. • DCBX detects misconfiguration on a peer device when DCB features are not compatibly configured with the local switch.
----------------DCBX Operational Version is 0 DCBX Max Version Supported is 0 Sequence Number: 14 Acknowledgment Number: 5 Protocol State: In-Sync Peer DCBX Status ----------------DCBX Operational Version is 0 DCBX Max Version Supported is 255 Sequence Number: 5 Acknowledgment Number: 14 220 Input PFC TLV pkts, 350 Output PFC TLV pkts, 0 Error PFC pkts 220 Input PG TLV Pkts, 396 Output PG TLV Pkts, 0 Error PG TLV Pkts 71 Input Appln Priority TLV pkts, 80 Output Appln Priority TLV pkts, 0 Error Appln Priorit
7 15 0% 0% SP SP Remote Parameters : ------------------Remote is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3 70% ETS 1 4,5,6,7 30% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP 15 0% SP Remote Willing Status is disabled Local Parameters : ------------------Local is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3 70% ETS 1 4,5,6,7 30% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP 15 0% SP Oper s
compatible settings. If you disable DCBX globally on a switch, you can re-enable it to ensure consistent operation of peers in a converged data center network. Example OS10(config)# dcbx Supported Releases 10.3.0E or later enable dcbx tlv-select Configures the DCB TLVs advertised by a DCBX-enabled port. Syntax dcbx tlv-select {[ets-conf] [ets-reco] [pfc]} Parameters • ets-conf — Advertise ETS configuration TLVs. • ets-reco — Advertise ETS recommendation TLVs. • pfc — Advertise PFC TLVs.
lldp tlv-select dcbxp Enables and disables DCBX on a port interface. Syntax lldp tlv-select dcbxp Parameters None Default Enabled interface level; disabled global level Command Mode INTERFACE Usage Information DCBX must be enabled at both the global and interface levels. Enable DCBX globally using the dcbx enable command to activate the exchange of DCBX TLV messages with PFC, ETS, and iSCSI configurations.
Peer Operating version is IEEEv2.
State Machine Type is Asymmetric Conf TLV Tx Status is enabled Reco TLV Tx Status is enabled 5 Input Conf TLV Pkts, 2 Output Conf TLV Pkts, 0 Error Conf TLV Pkts 5 Input Reco TLV Pkts, 2 Output Reco TLV Pkts, 0 Error Reco TLV Pkts Example (PFC detail) OS10# show lldp dcbx interface ethernet 1/1/15 pfc detail Interface ethernet1/1/15 Admin mode is on Admin is enabled, Priority list is 4,5,6,7 Remote is enabled, Priority list is 4,5,6,7 Remote Willing Status is disabled Local is enabled, Priority list is 4,5
In an iSCSI session, a switch connects CNA servers (iSCSI initiators) to a storage array (iSCSI targets) in a SAN or TCP/IP network. iSCSI optimization running on the switch uses dot1p priority-queue assignments to ensure that iSCSI traffic receives priority treatment. iSCSI configuration notes • Enable iSCSI optimization so the switch auto-detects and auto-configures Dell EMC EqualLogic storage arrays directly connected to an interface.
1 Configure an interface or interface range to detect a connected storage device. interface ethernet node/slot/port:[subport] 2 Enable the interface to support a storage device that is directly connected to the port and not automatically detected by iSCSI. Use this command for storage devices that do not support LLDP. The switch auto-detects and auto-configures Dell EMC EqualLogic storage arrays directly connected to an interface when you enable iSCSI optimization.
OS10(config)# OS10(config)# OS10(config)# OS10(config)# iscsi iscsi iscsi iscsi session-monitoring enable aging time 15 priority-bits 0x20 enable View iSCSI optimization OS10# show iscsi iSCSI Auto configuration is Enabled iSCSI session monitoring is Enabled iSCSI COS qos-group 4 remark dot1p 4 Session aging time 15 Maximum number of connections is 100 Port IP Address -----------------------3260 860 3261 10.1.1.
• If the iSCSI login request is received on a non-VLT interface, followed by a response from a VLT interface, the connection is associated with the VLT LAG interface and the information about the session synchronizes with the VLT peer. • When a VLT interconnect comes up, information about iSCSI sessions learnt on the VLT LAG exchanges between the VLT-peers. iSCSI commands iscsi aging Sets the aging time for monitored iSCSI sessions.
iscsi priority-bits Resets the priority bitmap advertised in iSCSI application TLVs. Syntax iscsi priority-bits {priority-bitmap} Parameter priority-bitmap — Enter a bitmap value for the dot1p priority advertised for iSCSI traffic in iSCSI application TLVs (0x1 to 0xff). Default 0x10 (dot1p 4) Command Mode CONFIGURATION Usage Information iSCSI traffic uses dot1p priority 4 in frame headers by default. Use this command to reconfigure the dot1p-priority bits advertised in iSCSI application TLVs.
Usage Information To configure the aging timeout in iSCSI monitoring sessions use the iscsi aging time command. To configure the TCP ports that listen for connected storage devices in iSCSI monitoring sessions use the iscsi target port command. The no version of this command disables iSCSI session monitoring. NOTE: When you enable iSCSI session monitoring, you can monitor a maximum of 100 connections. Example OS10(config)# iscsi session-monitoring enable Supported Releases 10.3.
show iscsi Displays currently configured iSCSI settings. Syntax show iscsi Parameters None Command Mode EXEC Usage Information This command output displays global iSCSI configuration settings. To view target and initiator information use the show iscsi session command.
IP Address TCP Port IP Address TCP Port ID ---------------------------------------------------------10.10.10.210 54835 10.10.10.40 3260 1 Supported Releases 10.3.0E or later show iscsi storage-devices Displays information about the storage arrays directly attached to OS10 ports. Syntax show iscsi storage-devices Parameters None Command Mode EXEC Usage Information The command output displays the storage device connected to each switch port and whether iSCSI automatically detects it.
2. PFC configuration (global) PFC is enabled on traffic classes with dot1p 4, 5, 6, and 7 traffic. All the traffic classes use the default PFC pause settings for shared buffer size and pause frames in ingress queue processing in the network-qos policy map. The pclass policy map honors (trusts) all dot1p ingress traffic. The reserved class-trust class map is configured by default. Trust does not modify ingress values in output flows.
OS10(config)# qos-map OS10(config-qos-map)# OS10(config-qos-map)# OS10(config-qos-map)# traffic-class tmap2 queue 0 qos-group 0 queue 1 qos-group 1 exit OS10(config)# class-map type queuing cmap1 OS10(config-cmap-queuing)# match queue 0 OS10(config-cmap-queuing)# exit OS10(config)# class-map type queuing cmap2 OS10(config-cmap-queuing)# match queue 1 OS10(config-cmap-queuing)# exit OS10(config)# policy-map type queuing pmap1 OS10(config-pmap-queuing)# class cmap1 OS10(config-pmap-c-que)# bandwidth percent
Port Role is Manual DCBX Operational Status is Enabled Is Configuration Source? FALSE Local DCBX Compatibility mode is IEEEv2.5 Local DCBX Configured mode is AUTO Peer Operating version is IEEEv2.
0 1 2 3 4 5 6 7 0,1,2,3, 4,5,6,7 30% 70% 0% 0% 0% 0% 0% 0% ETS ETS SP SP SP SP SP SP Remote Willing Status is disabled Local Parameters : ------------------Local is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3, 30% ETS 1 4,5,6,7 70% ETS 2 0% ETS 3 0% ETS 4 0% ETS 5 0% ETS 6 0% ETS 7 0% ETS Oper status is init ETS DCBX Oper status is Up State Machine Type is Asymmetric Conf TLV Tx Status is enabled Reco TLV Tx Status is enabled 2 Input Conf TLV Pkts, 27
After you enable iSCSI optimization, the iSCSI application priority TLV parameters are added in the show command output to verify a PFC configuration.
Peer DCBX Status ----------------DCBX Operational Version is 0 DCBX Max Version Supported is 0 Sequence Number: 1 Acknowledgment Number: 2 3 Input PFC TLV pkts, 3 Output PFC TLV pkts, 0 Error PFC pkts 3 Input PG TLV Pkts, 3 Output PG TLV Pkts, 0 Error PG TLV Pkts 3 Input Appln Priority TLV pkts, 3 Output Appln Priority TLV pkts, 0 Error Appln Priority TLV Pkts Total Total Total Total 0 DCBX DCBX DCBX DCBX Frames transmitted 3 Frames received 3 Frame errors 0 Frames unrecognized OS10(conf-if-eth1/1/53)# d
15 sFlow sFlow is a standard-based sampling technology embedded within switches and routers that monitors network traffic. It provides traffic monitoring for high-speed networks with many switches and routers.
• Disable sFlow in CONFIGURATION mode.
Collector configuration Configure the IPv4 or IPv6 address for the sFlow collector. You must enter a valid and reachable IPv4 or IPv6 address. You can configure a maximum of two sFlow collectors. If you specify two collectors, the samples are sent to both. The agent IP address must be the same for both the collectors.
sflow enable ! Sample-rate configuration Sampling rate is the number of packets skipped before the sample is taken. If the sampling rate is 4096, one sample generates for every 4096 packets observed. • • • Set the sampling rate in CONFIGURATION mode, from 4096 to 65535. The default is 32768. sflow sample-rate sampling-size Disable packet sampling in CONFIGURATION mode. no sflow sample-rate View the sampling rate in EXEC mode.
OS10(config)# sflow source-interface port-channel 1 OS10(config)# sflow source-interface loopback 1 OS10(config)# sflow source-interface vlan 10 View sFlow running configuration OS10# sflow sflow sflow sflow show running-configuration sflow enable all-interfaces source-interface vlan10 collector 5.1.1.1 agent-addr 4.1.1.1 6343 collector 6.1.1.1 agent-addr 4.1.1.1 6343 OS10(config)#show running-configuration interface vlan ! interface vlan1 no shutdown ! interface vlan10 no shutdown ip address 10.1.1.
• View the sFlow running configuration in EXEC mode. OS10# show running-configuration sflow sflow enable sflow max-header-size 80 sflow polling-interval 30 sflow sample-rate 4096 sflow collector 10.16.150.1 agent-addr 10.16.132.67 6767 sflow collector 10.16.153.176 agent-addr 3.3.3.3 6666 ! interface ethernet1/1/1 sflow enable ! sFlow commands sflow collector Configures an sFlow collector IP address where sFlow datagrams forward. You can configure a maximum of two collectors.
Usage Information The no version of this command to disables sFlow. Example (interface) OS10(config)# sflow enable OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# sflow enable Example (interface range) OS10(config)# sflow enable OS10(config)# interface range ethernet 1/1/1-1/1/10 OS10(conf-range-eth1/1/1-1/1/10)# sflow enable Example (portchannel) OS10(config)# sflow enable OS10(config)# interface range port-channel 1-10 OS10(conf-range-po-1-10)# sflow enable Supported Releases 10.3.
sflow sample-rate Configures the sampling rate. Syntax sflow sample-rate value Parameter value — Enter the packet sample rate, from 4096 to 65535. The default is 32768. Default 32768 Command Mode CONFIGURATION Usage Information Sampling rate is the number of packets skipped before the sample is taken. For example, if the sampling rate is 4096, one sample generates for every 4096 packets observed. The no version of the command resets the sampling rate to the default value.
show sflow Displays the current sFlow configuration for all interfaces or by a specific interface type. Syntax show sflow [interface type] Parameter interface type — (Optional) Enter either ethernet or port-channel for the interface type. Command Mode EXEC Usage Information OS10 does not support statistics for UDP packets dropped and samples received from the hardware.
16 RESTCONF API RESTCONF is a representational state transfer (REST)-like protocol that uses HTTPS connections. Use the OS10 RESTCONF API to set up the configuration parameters on OS10 switches using JavaScript Object Notation (JSON)-structured messages. Use any programming language to create and send JSON messages. The examples in this chapter use curl. The OS10 RESTCONF implementation complies with RFC 8040. You can use the RESTCONF API to configure and monitor an OS10 switch.
3 (Optional) Limit the ciphers that the switch uses in a RESTCONF HTTPS session to encrypt and decrypt data in CONFIGURATION mode. By default, all cipher suites installed on OS10 are supported. Separate multiple entries with a blank space. Valid cipher-suite values are: • dhe-rsa-with-aes-128-gcm-SHA256 • dhe-rsa-with-aes-256-gcm-SHA384 • ecdhe-rsa-with-aes-128-gcm-SHA256 • ecdhe-rsa-with-aes-256-gcm-SHA384 rest https cipher-suite 4 Enable RESTCONF API in CONFIGURATION mode.
• ecdhe-rsa-with-aes-256-gcm-SHA384 Default All cipher suites installed with OS10 are supported. Command Mode CONFIGURATION Usage Information • Use the rest https cipher-suite command to restrict the ciphers that a RESTCONF HTTPS session uses. • The no version of the command removes the cipher list and restores the default value. Example OS10(config)# rest https cipher-suite dhe-rsa-with-aes-128-gcm-SHA256 dhe-rsa-with-aes-256-gcm-SHA384 ecdhe-rsa-with-aes-256-gcm-SHA384 Supported Releases 10.
RESTCONF API tasks Using the RESTCONF API, you can provision OS10 switches using HTTPS requests. The examples in this section show how to access the OS10 RESTCONF API using curl commands. curl is a Linux shell command that generates HTTPS requests and is executed on an external server. curl Commands curl command options include: • -X specifies the HTTPS request type; for example, POST , PATCH, or GET. • -u specifies the user name and password to use for server authentication.
To display values for the type and name parameters in the curl command, display the XML structure of the interface vlan 20 configuration command: OS10(config)# do debug cli netconf OS10(config)# interface vlan 10 Request: PAGE 920"https://10.11.86.113/restconf/data/sys-config/system-priority" -d '{"system-priority":65535}' Configure port priority RESTCONF endpoint /restconf/data/interfaces/interface/ethernet1/1/1 JSON content { } Parameters Example "interface": [{ "name": "ethernet1/1/1", "lacp-config": { "actor-port-priority": 4096 } }] • ethernet-interface — Enter the physical Ethernet interface in the format ethernetnode/slot/ port. • name string — Enter ethernetnode/slot/port to configure the port interface for LACP.
Display configuration RESTCONF endpoint /restconf/data/sys-config JSON content None Example curl -X GET -k -u admin:admin -H "accept:application/json" "https://10.11.86.
Example curl -X POST -k -u admin:admin -H "accept:application/json" -H "Content-Type:application/json" "https://10.11.86.113/restconf/data/global-params" -d '{"tx-interval":60}' Configure LLDPDU hold time RESTCONF endpoint /restconf/data/global-params JSON content { } Parameters Example • "txhold-multiplier": 2 txhold-multiplier int — Enter the time that an LLDP peer device holds LLDP packets before discarding them, from 2 to 10 seconds; default 4.
} Parameters Example }] "name": "ethernet1/1/1", "lldp": [{ "dot3-tlvs": [{ "mac-phy-config-enable": "true", "max-frame-size-enable": "true" }] }] • ethernet-interface — Enter the physical Ethernet interface in the format ethernetnode/slot/ port. • name string — Enter ethernetnode/slot/port to identify the interface that sends LLDPDUs with specified TLVs.
-d '{"interface":[{"name":"ethernet1/1/1", "lldp-med-cfg": [{"policy-id":1}]}]}' Disable TLV advertisement RESTCONF endpoint /restconf/data/interfaces/interface/ethernet1/1/1 JSON content { "interface": [{ "name": "ethernet1/1/1", "lldp": [{ "basic-tlvs": [{ "sys-name-enable": "false" }], "dot3-tlvs": [{ "mac-phy-config-enable": "false", "max-frame-size-enable": "false", "linkagg-enable": "false" }] }] }] } Parameters Example • ethernet-interface — Enter the physical Ethernet interface in the format
Example curl -X DELETE -k -u admin:admin -H "accept: application/json" -H "Content-Type: application/json" https://10.11.86.113/restconf/data/dell-lldp-med:sys-config/media-policy/10 Remove configured LLDP packet timer — Reset to default RESTCONF endpoint /restconf/data/global-params/tx-interval JSON content None Example curl -X DELETE -k -u admin:admin -H "accept:application/json" -H "Content-Type:application/json" "https://10.11.86.
} Parameters Example }] "type": "iana-if-type:ieee8023adLag", "name": "port-channel10", "enabled": "true" • port-channelid-number — Enter port-channelid-number, where port-channel id-number is from 1 to 128. • type string — Enter iana-if-type:ieee8023adLag for a port-channel interface. • name string — Enter port-channelid-number. • enabled bool — Enter true(no shutdown) to enable the port channel; enter false (shutdown) to disable the port channel.
} Parameters Example }] "member-ports": [{ "name": "ethernet1/1/5", "lacp-mode": "ACTIVE" }] • port-channelid-number — Enter port-channelid-number, where id-number is from 1 to 128. • name string — Enter port-channelid-number. • lag-mode bool — Enter DYNAMIC for a dynamically configured port channel; enter STATIC for a statically configured port channel. • ethernet-interface — Enter the physical Ethernet interface in the format ethernetnode/slot/ port. • lacp-mode mode — Enter LACP actor mode.
}] } Parameters Example • port-channelid-number — Enter port-channelid-number, where id-number is from 1 to 128. • name string — Enter port-channelid-number. • primary-addr A.B.C.D/prefix-length — Enter the port-channel IP address and mask. curl -X PATCH -k -u admin:admin -H "accept: application/json" -H "Content-Type: application/json" "https://10.11.86.113/restconf/data/interfaces/interface/port-channel10" -d '{"interface": [{"name":"port-channel10", "dell-ip:ipv4": {"address":{"primary-addr":"1.
JSON content Parameters Example None • port-channelid-number — Enter port-channelid-number, where id-number is from 1 to 128. curl -X GET -k -u admin:admin -H "accept:application/json" "https://10.11.86.113/restconf/data/interfaces/interface/port-channel10" Delete a port-channel configuration RESTCONF endpoint /restconf/data/interfaces/interface/port-channel10 JSON content None Parameters Example • port-channel id-number — Enter port-channelid-number, where id-number is from 1 to 128.
Example • description string — Enter a text string to describe the VLAN, using a maximum of 80 alphanumeric characters. • name string — Enter vlan vlan-id, where vlan-id is from 1 to 4093. curl -X POST –u admin:admin –k "https://10.11.86.
Parameters Example • ethernet-interface — Enter the physical Ethernet interface in the format ethernetnode/slot/ port. • name string — Enter vlan vlan-id, where vlan-id is from 1 to 4093. • enabled bool — Enter true to enable the VLAN; enter false to disable the VLAN. • mode string — Enter a text value for the port mode. For Access mode, enter MODE_L2; for Trunk mode, enter MODE_L2HYBRID; for L3 mode, enter MODE_L2DISABLED. curl -X PATCH -u admin:admin -k "https://10.11.86.
Parameters Example • interface vlan-id — Enter the VLAN ID, from 1 to 4093. curl -X GET -u admin:admin -k "https://10.11.86.113/restconf/data/interfaces/interface/vlan20" -H "accept: application/json" Delete a VLAN configuration RESTCONF endpoint /restconf/data/interfaces/interface/vlan10 JSON content None Parameters Example • interface vlan-id — Enter the VLAN ID, from 1 to 4093. curl -X DELETE -u admin:admin -k "https://10.11.86.
Parameters Example • ethernet-interface — Enter the physical Ethernet interface in the format ethernetnode/slot/ port. • name string — Enter ethernetnode/slot/port to identify the VLTi port on each peer. • enabled bool — Enter true (no shutdown) to enable the VLTi port; enter false (shutdown) to disable the VLTi port. • dell-interface:mode string — Enter MODE_L2DISABLED to disable L2 switching (switchport mode) on the VLTi port.
Example curl -X POST -k -u admin:admin -H "accept: application/json" -H "Content-Type: application/json" “https://10.11.86.
17 Troubleshoot OS10 Critical workloads and applications require constant availability. Dell EMC Networking offers tools to help you monitor and troubleshoot problems before they happen.
* 1 1 1 1 1 1 1 S6010-ON S6010-ON-PWR-2-AC S6010-ON-FANTRAY-1 S6010-ON-FANTRAY-2 S6010-ON-FANTRAY-3 S6010-ON-FANTRAY-4 S6010-ON-FANTRAY-5 01YRKK 0AIBCD 0N7MH8 0N7MH8 0N7MH8 0N7MH8 0N7MH8 X01 A00 X01 X01 X01 X01 X01 CN-01YRKK-28298-712-0068 TW-012345-DELTA-XXX-ABCD 04-01--04-02--04-03--04-04--04-05--- 3601XC2 Boot partition and image Display system boot partition and image information. • View all boot information in EXEC mode. show boot • View boot details in EXEC mode.
30452 admin 1 root 2 root 3 root 5 root 7 root 8 root 10 root 11 root 12 root 13 root 14 root 15 root 16 root 17 root 19 root 20 root 21 root 22 root 23 root 24 root 25 root --more-- 20 20 20 20 0 20 20 20 20 20 rt rt rt rt 20 0 0 20 0 20 0 25 0 0 0 0 -20 0 0 0 0 0 0 0 0 0 0 -20 -20 0 -20 0 -20 5 22076 112100 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2524 5840 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2100 3032 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 R S S S S R S S S S S S S S S S S S S S S S 6.1 0.0 0.
Capture packets from Ethernet interface $ tcpdump -i e101-003-0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on e101-003-0, link-type EN10MB (Ethernet), capture size 262144 bytes 01:39:22.457185 IP 3.3.3.1 > 3.3.3.4: ICMP echo request, id 5320, seq 26, length 64 01:39:22.457281 IP 3.3.3.1 > 3.3.3.
When you execute a traceroute, the output shows the path a packet takes from your device to the destination IP address. It also lists all intermediate hops (routers) that the packet traverses to reach its destination, including the total number of hops traversed. Check IPv4 connectivity OS10# ping 172.31.1.255 Type Ctrl-C to abort. Sending 5, 100-byte ICMP Echos to 172.31.1.255, timeout is 2 seconds: Reply to request 1 from 172.31.1.208 0 ms Reply to request 1 from 172.31.1.
1 3ffe:501:ffff:100:201:e8ff:fe00:4c8b 000.000 ms 000.000 ms 000.000 ms View diagnostics View system diagnostic information using show commands. Use the show hash-algorithm command to view the current hash algorithms configured for link aggregation group (LAG) and electronic commerce messaging protocol (ECMP).
System Location LED Required Type Current Type Hardware Revision Software Version Physical Ports BIOS System CPLD Master CPLD Slave CPLD : : : : : : : : : : off S4048 S4048 10.3.9999E(X) 48x10GbE, 6x40GbE 3.21.0.
Parameters • node-id | node-id/unit-id — Enter the system ID. • on | off — Set the system LED to be on or off. Default Not configured Command Mode EXEC Usage Information Use this command to change the location LED for the specified system ID. Example OS10# location-led system 1 on OS10# location-led system 1 off Supported Releases 10.3.0E or later ping Tests network connectivity to an IPv4 device.
• -M pmtudisc_option — (Optional) Enter the path MTU (PMTU) discovery strategy: – do prevents fragmentation, including local. – want performs PMTU discovery and fragments large packets locally. – dont does not set the Don’t Fragment (DF) flag. • -p pattern — (Optional) Enter a maximum of 16 pad bytes to fill out the packet you send to diagnose datarelated problems in the network; for example, -p ff fills the sent packet with all 1’s.
nodeinfo_option] [-p pattern] [-Q tclass] [-s packetsize] [-S sndbuf] [-t ttl] [-T timestamp_option] [-w deadline] [-W timeout] destination Parameters • vrf management — (Optional) Pings an IPv6 address in the management VRF instance. • vrf vrf-name — (Optional) Pings an IPv6 address in a specified VRF instance. • -a — (Optional) Audible ping. • -A — (Optional) Adaptive ping.
• -w deadline — (Optional) Enter the time-out value in seconds before the ping exits regardless of how many packets are sent or received. • -W timeout — (Optional) Enter the time to wait for a response in seconds. This setting affects the time-out only if there is no response, otherwise ping waits for two round-trip times (RTTs). • hop1 ... (Optional) Enter the IPv6 addresses of the pre-specified hops for the ping packet to take.
Standby Build Date/Time: Next-Boot: Supported Releases 2016-10-03T23:11:14Z active[B] 10.2.0E or later show diag Displays diagnostic information for port adapters and modules. Syntax show diag Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show diag 00:00.0 Host bridge: Intel Corporation Atom processor C2000 SoC Transaction Router (rev 02) 00:01.0 PCI bridge: Intel Corporation Atom processor C2000 PCIe Root Port 1 (rev 02) 00:02.
Usage Information None Example OS10# show environment Unit State Temperature ------------------------------------1 up 43 Thermal sensors Unit Sensor-Id Sensor-name Temperature -----------------------------------------------------------------------------1 1 CPU On-Board temp sensor 32 1 2 Switch board temp sensor 28 1 3 System Inlet Ambient-1 temp sensor 27 1 4 System Inlet Ambient-2 temp sensor 25 1 5 System Inlet Ambient-3 temp sensor 26 1 6 Switch board 2 temp sensor 31 1 7 Switch board 3 temp sensor 4
1 1 1 1 1 1 Supported Releases S6010-ON-PWR-2-AC S6010-ON-FANTRAY-1 S6010-ON-FANTRAY-2 S6010-ON-FANTRAY-3 S6010-ON-FANTRAY-4 S6010-ON-FANTRAY-5 0AIBCD 0N7MH8 0N7MH8 0N7MH8 0N7MH8 0N7MH8 A00 X01 X01 X01 X01 X01 TW-012345-DELTA-XXX-ABCD 04-01--04-02--04-03--04-04--04-05--- 10.2.0E or later show processes View process CPU utilization information. Syntax show processes node-id node-id-number [pid process-id] Parameters • node-id-number — Enter the Node ID number as 1.
1019 root OS10# Supported Releases 20 0 1829416 256080 73508 S 6.6 6.4 1212:36 base_nas 10.3.0E or later show system Displays system information. Syntax Parameters show system [brief | node-id] • brief — View an abbreviated list of the system information. • node-id — View the node ID number.
Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Example (brief) 1/1/2 1/1/3 1/1/4 1/1/5 1/1/6 1/1/7 1/1/8 1/1/9 1/1/10 1/1/11 1/1/12 1/1/13 1/1/14 1/1/15 1/1/16 1/1/17 1/1/18 1/1/19 1/1/20 1/1/21 1/1/22 1/1/23 1/1/24 1/1/25 1/1/26 1/1/27 1/1/28 1/1/29 1/1/30 1/1/31 1/1/32 Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No No BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAK
traceroute Displays the routes that packets take to travel to an IP address. Syntax Parameters traceroute [vrf {management | vrf-name}] host [-46dFITnreAUDV] [-f first_ttl] [-g gate,...] [-i device] [-m max_ttl] [-N squeries] [-p port] [-t tos] [-l flow_label] [-w waittime] [-q nqueries] [-s src_addr] [-z sendwait] [-fwmark=num] host [packetlen] • vrf management— (Optional) Traces the route to an IP address in the management VRF instance.
3 10.11.27.254 (10.11.27.254) 2.233 ms 2.207 ms 2.391 ms 4 Host65.hbms.com (63.80.56.65) 3.583 ms 3.776 ms 3.757 ms 5 host33.30.198.65 (65.198.30.33) 3.758 ms 4.286 ms 4.221 ms 6 3.GigabitEthernet3-3.GW3.SCL2.ALTER.NET (152.179.99.173) 4.428 ms 2.593 ms 3.243 ms 7 0.xe-7-0-1.XL3.SJC7.ALTER.NET (152.63.48.254) 3.915 ms 3.603 ms 3.790 ms 8 TenGigE0-4-0-5.GW6.SJC7.ALTER.NET (152.63.49.254) 11.781 ms 10.600 ms 9.402 ms 9 23.73.112.54 (23.73.112.54) 3.606 ms 3.542 ms 3.
Primary BIOS Version 3.36.0.1-2 SMF Version: MSS 1.2.2, FPGA 0.1 Last POR=0x11, Reset Cause=0x55 Restore factory defaults To restore your system factory defaults, reboot the system to ONIE: Uninstall OS mode. CAUTION: Restoring factory defaults erases any installed operating system and requires a long time to erase storage. If it is not possible to restore your factory defaults with the installed OS, reboot the system from the Grub menu and select ONIE: Rescue.
SupportAssist By default, SupportAssist is enabled. SupportAssist sends troubleshooting data securely to Dell EMC Technical Support. SupportAssist does not support automated email notification at the time of hardware fault alert, automatic case creation, automatic part dispatch, or reports. To disable SupportAssist, use the eula-consent support-assist reject command. SupportAssist Process Configure SupportAssist SupportAssist starts by default.
Configure SupportAssist OS10(config)# support-assist OS10(conf-support-assist)# contact-company name Eureka OS10(conf-support-assist-Eureka)# exit OS10(conf-support-assist)# server url http://eureka.com:701 OS10(conf-support-assist)# do support-assist-activity full-transfer start-now Remove SupportAssist schedule OS10# no support-assist activity full-transfer schedule Show EULA license OS10# show support-assist eula I accept the terms of the license agreement.
Configure SupportAssist company OS10(conf-support-assist)# contact-company name Eureka OS10(conf-support-assist-Eureka)# address city San Jose state California Country America zipcode 95123 OS10(conf-support-assist-Eureka)# street-address "123 Main Street" "Bldg 999" OS10(conf-support-assist-Eureka)# territory sales Set contact information Configure contact details in SupportAssist Company mode. You can set the name, email addresses, phone, method, and time zone.
Set default activity schedule OS10(conf-support-assist)# no support-assist-activity full-transfer schedule View status View the SupportAssist configuration status, details, and EULA information using the show commands. 1 View the SupportAssist activity in EXEC mode. show support-assist status 2 View the EULA license agreement in EXEC mode.
but is not limited to configuration information, user supplied contact information, names of data volumes, IP addresses, access control lists, diagnostics & performance information, network configuration information, host/server configuration & performance information and related data ("Collected Data") and transmits this information to Dell. By downloading SupportAssist and agreeing to be bound by these terms and the Dell end user license agreement, available at: www.dell.
Default Not configured Command Mode SUPPORT-ASSIST Usage Information You can enter only one contact-company. Use double quotes to enclose additional contact information. The no version of this command removes the configuration. Example OS10(conf-support-assist)# contact-company name Eureka OS10(conf-support-assist-Eureka)# Supported Releases 10.2.0E or later contact-person Configures the contact name for an individual.
Parameters • support-assist — Enter to accept or reject the EULA for the service. • accept — Enter to accept the EULA-consent. • reject — Enter to reject EULA-consent. Default Not configured Command Mode CONFIGURATION Usage Information If you reject the end-user license agreement, you cannot access Configuration mode. If there is an existing SupportAssist configuration, the configuration is not removed and the feature is disabled.
Example OS10(conf-support-assist)# proxy-server ip 10.1.1.5 port 701 Supported Releases 10.2.0E or later server url Configures the domain or IP address of the remote SupportAssist server. Syntax server url server-url-string Parameters server-url-string — Enter the domain or IP address of the remote SupportAssist server. To include a space, enter a space within double quotes. Default https://stor.g3.ph.dell.
these terms. You agree that the provision of SupportAssist may involve international transfers of data from you to Dell, Inc. and/or to Dell, Inc.'s affiliates, subcontractors or business partners. When making such transfers, Dell, Inc. shall ensure appropriate protection is in place to safeguard the Collected Data being transferred in connection with SupportAssist. If you are downloading SupportAssist on behalf of a company or other legal entity, you are further certifying to Dell, Inc.
event-notification success full-transfer success Supported Releases Sep 12,2016 20:51:51 Sep 12,2016 20:30:28 Sep 12,2016 20:51:51 Sep 12,2016 20:30:52 10.2.0E or later source-interface Configures the interface used to connect to the SupportAssist server. Syntax source-interface interface Parameters interface: • ethernet node/slot/port[:subport] — Enter a physical Ethernet interface. • loopback number — Enter a Loopback interface, from 0 to 16383.
Parameters • start-now — Schedules the transfer to start immediately. • hourly minute — Schedule an hourly task, from 0 to 59. • daily — Schedule a daily task: – hour number — Enter the keyword and number of hours to schedule the daily task, from 0 to 23. – min number — Enter the keyword and number of minutes to schedule the daily task, from 0 to 59. • weekly — Schedule a weekly task: – day-of-week number — Enter the keyword and number for the day of the week to schedule the task, from 0 to 6.
To send Dell EMC Technical Support troubleshooting details about the Linux system configuration and OS10 diagnostics, generate an sosreport tar file. 1 Generate the tar file in EXEC mode. generate support-bundle 2 Verify the generated file in EXEC mode. dir supportbundle 3 Send the support bundle using FTP/SFTP/SCP/TFTP in EXEC mode. copy supportbundle://sosreport-filename.tar.gz tftp://server-address/path Use the delete supportbundle://sosreport-filename.tar.
Usage Information To send the tar file to Dell EMC Technical Support, use the dir supportbundle and copy supportbundle://sosreport-OS10-file-number.tar.gz tftp://server-address/path commands. Example OS10# generate support-bundle Example (Enable Options) OS10# generate support-bundle enable-all-plugin-options Supported Releases 10.2.0E or later System monitoring Monitor OS10 using system alarms and log information.
• Enter the minimum severity level for logging to terminal lines in CONFIGURATION mode. logging monitor severity • Enter which server to use for syslog messages with the hostname or IP address in CONFIGURATION mode. logging server {hostname/ip-address severity} Disable system logging You can use the no version of any logging command to disable system logging. • Disable console logging and reset the minimum logging severity to the default in CONFIGURATION mode.
Jun 1 05:02:10 %Node.1-Unit.
Link-bundle utilization calculates the total bandwidth of all links divided by the total bytes-per-second of all links. If you enable monitoring, the utilization calculation performs when the utilization of the link-bundle (not a link within a bundle) exceeds 60%. Configure Threshold level for link-bundle monitoring OS10(config)# link-bundle-trigger-threshold 10 View link-bundle monitoring threshold configuration OS10(config)# do show running-configuration link-bundle-trigger-threshold 10 ! ...
0 1 Supported Releases major major EQM_MORE_PSU_FAULT EQM_FAN_AIRFLOW_MISMATCH 10.2.0E or later show alarms details Displays details about active alarms. Syntax show alarms details Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show alarms details Active-alarm details - 0 ------------------------------------------Index: 0 Sequence Number: 1 Severity: critical Type: 1081367 Source: Node.1-Unit.
Usage Information None Example OS10# show alarms history Index ----0 1 2 Severity -------minor major minor Name -----------------------EQM_THERMAL_MINOR_CROSSE EQM_THERMAL_MAJOR_CROSSE EQM_THERMAL_MINOR_CROSSE Raise-time -------------Sep 20 0:8:24 Sep 20 0:16:28 Sep 20 0:15:39 Source -----Node.1-Unit.1 Node.1-Unit.1 Node.1-Unit.
Parameters severity — Set the alarm severity: • critical — Critical alarm severity. • major — Major alarm severity. • minor — Minor alarm severity. • warning — Warning alarm severity. Default Not configured Command Mode EXEC Usage Information None Example (Warning) OS10# show alarms severity warning Active-alarm details - 1 ------------------------------------------Index: 1 Sequence Number: 5 Severity: warning Type: 1081364 Source: Node.1-Unit.
Active-alarm Summary ----------------------Total-count: 6 Critical-count: 0 Major-count: 2 Minor-count: 2 Warning-count: 2 ----------------------Supported Releases 10.2.0E or later Logging commands clear logging Clears messages in the logging buffer. Syntax clear logging log-file Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# clear logging log-file Proceed to clear the log file [confirm yes/no(default)]: Supported Releases 10.2.
Usage Information To set the severity to the default level, use the no logging console severity command. The default severity level is log-notice. Example OS10(config)# logging console disable Example (Enable) OS10(config)# logging console enable Example (Severity) OS10(config)# logging console severity log-warning Supported Releases 10.2.0E or later logging enable Enables system logging.
Example OS10(config)# logging log-file disable Example (Enable) OS10(config)# logging log-file enable Example (Severity) OS10(config)# logging log-file severity log-notice Supported Releases 10.2.0E or later logging monitor Set the minimum severity level for logging to the terminal lines. Syntax logging monitor severity severity-level Parameters severity-level — Set the minimum logging severity level: • log-emerg — Set the system as unusable. • log-alert — Set to immediate action is needed.
– log-crit — Critical conditions. – log-err — Error conditions. – log-warning — Warning conditions. – log-notice — Normal but significant conditions, the default. – log-info — Informational messages. – log-debug — Debug messages. Defaults • tcp port-number — (Optional) Send syslog messages over TCP to a specified port on a remote logging server, from 1 to 65535. • udp port-number — (Optional) Send syslog messages over UDP to a specified port on a remote logging server, from 1 to 65535; default 514.
dn_ifm dn_ppm dn_l2_services dn_dot1x dn_l3_core_serv dn_policy dn_qos dn_switch_res_m dn_ospfv3 dn_lacp dn_i3 dn_supportassis --More-Supported Releases 10.2.0E or later show trace Displays trace messages. Syntax show trace [number-lines] Parameters number-lines — (Optional) Enter the number of lines to include in log messages, from 1 to 65535. Default Enabled Command Mode EXEC Usage Information The output from this command is the /var/log/syslog file.
May 23 17:10:08 OS10 base_nas: [NETLINK:NHEVENT]:ds_api_linux_neigh.c:nl_to_nei --More-Supported Releases 10.2.0E or later Log into OS10 device Linux shell access is available for troubleshooting and diagnostic purposes only. Use linuxadmin for both the default user name and password. For security reasons, you must change the default linuxadmin password during the first login from the Linux shell. Use the username CLI command to change the password.
• • • • • • • Configuration contains information about how to enter CONFIGURATION mode, how to modify the candidate configuration, and so on. Security contains information about how to add users, troubleshoot RADIUS, how to view current DHCP information, and so on. Layer 2 contains information about how to configure routing information including 802.1X, LACP, LLDP, MAC, and so on. Layer 3 contains information about how to troubleshoot BCP, ECMP, OSPF, and so on.
Use the show running-configuration command to view changes that you have made to the running-configuration file.
How can I view a list of all system devices? Use the show inventory command to view a complete list. How can I view the software version? Use the show version command to view the currently running software version. Access control lists How do I setup filters to deny or permit packets from an IPv4 or IPv6 address? Use the deny or permit commands to create ACL filters.
• % Error: Not enough buffers are available, to enable pause for all pfc-cos values in the policymap for this interface • % Warning: Not enough buffers are available, for lossy traffic. Expect lossy traffic drops, else reconfigure the pause buffers Monitoring How can I check if SupportAssist is enabled? Use the show support-assist status command to view current configuration information. How can I view a list of alarms? Use the show alarms details to view a list of all system alarms.
18 Support resources The Dell EMC Support site provides a range of documents and tools to assist you with effectively using Dell EMC devices. Through the support site you can obtain technical information regarding Dell EMC products, access software upgrades and patches, download available management software, and manage your open cases. The Dell EMC support site provides integrated, secure access to these services. To access the Dell EMC Support site, go to www.dell.com/support/.