Dell EMC SmartFabric OS10 User Guide Release 10.5.0 06 2020 Rev.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2020- 2020 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents Chapter 1: Change history........................................................................................................... 28 Chapter 2: Getting Started with Dell EMC SmartFabric OS10.......................................................31 Switch with factory-installed OS10.............................................................................................................................. 32 Log in .................................................................................
end...................................................................................................................................................................................74 exit...................................................................................................................................................................................74 hostname.....................................................................................................................................
ZTD DHCP server configuration....................................................................................................................................111 ZTD provisioning script.................................................................................................................................................... 111 ZTD CLI batch file.........................................................................................................................................................
show show show show show show show show smartfabric smartfabric smartfabric smartfabric smartfabric smartfabric smartfabric smartfabric nodes........................................................................................................................................... 138 personality..................................................................................................................................139 uplinks.........................................................................
Automatic address allocation................................................................................................................................. 205 Hostname resolution.................................................................................................................................................207 Manual binding entries.............................................................................................................................................
Default MTU Configuration.......................................................................................................................................... 279 Interface commands.......................................................................................................................................................280 channel-group............................................................................................................................................................
Chapter 11: PowerEdge MX Ethernet I/O modules..................................................................... 309 Operating modes.............................................................................................................................................................309 Changing operating modes.............................................................................................................................................311 Restrictions....................................
member (zoneset).....................................................................................................................................................372 show fc alias............................................................................................................................................................... 372 show fc interface-area-id mapping.......................................................................................................................
EAP over RADIUS..................................................................................................................................................... 398 Configure 802.1X.......................................................................................................................................................398 Enable 802.1X.............................................................................................................................................................
VLAN Scaling.............................................................................................................................................................. 512 VLAN commands........................................................................................................................................................513 Port monitoring.........................................................................................................................................................
Neighbor fall-over..................................................................................................................................................... 585 Configure password..................................................................................................................................................587 Fast external fallover...............................................................................................................................................
Router priority............................................................................................................................................................685 Shortest path first throttling................................................................................................................................. 685 OSPFv2.......................................................................................................................................................................
Query interval............................................................................................................................................................. 776 Last member query interval.................................................................................................................................... 776 Maximum response time..........................................................................................................................................
hardware overlay-routing-profile.......................................................................................................................... 889 interface virtual-network........................................................................................................................................ 889 ip virtual-router address..........................................................................................................................................
Chapter 17: UFT modes............................................................................................................ 1000 Configure UFT modes...................................................................................................................................................1001 IPv6 extended prefix routes................................................................................................................................. 1002 UFT commands................................
Cluster security........................................................................................................................................................1060 X.509v3 commands.................................................................................................................................................1061 Example: Configure RADIUS over TLS with X.509v3 certificates.............................................................. 1072 Chapter 19: OpenFlow.........................
Ingress ACL filters.......................................................................................................................................................... 1112 Egress ACL filters........................................................................................................................................................... 1112 VTY ACLs..................................................................................................................................................
ipv6 prefix-list seq permit...................................................................................................................................... 1136 mac access-group.................................................................................................................................................... 1137 mac access-list..........................................................................................................................................................
match interface........................................................................................................................................................ 1169 match ip address...................................................................................................................................................... 1170 match ip next-hop....................................................................................................................................................
QoS commands..............................................................................................................................................................1220 bandwidth..................................................................................................................................................................1220 buffer-statistics-tracking......................................................................................................................................
show control-plane info.......................................................................................................................................... 1241 show control-plane statistics................................................................................................................................1242 show hardware deep-buffer-mode.....................................................................................................................
peer-routing.............................................................................................................................................................. 1286 peer-routing-timeout.............................................................................................................................................. 1286 primary-priority........................................................................................................................................................
iSCSI synchronization on VLT.............................................................................................................................. 1337 iSCSI commands...................................................................................................................................................... 1338 Converged network DCB example............................................................................................................................ 1342 Chapter 25: sFlow......
View XML structure of CLI commands.............................................................................................................. 1379 RESTCONF API Examples.....................................................................................................................................1380 Chapter 28: Troubleshoot Dell EMC SmartFabric OS10.............................................................1382 Diagnostic tools.......................................................................
Chapter 29: Support resources................................................................................................
1 Change history The following table provides an overview of the changes to this guide from a previous OS10 release to the 10.5.0 release. For more information about the new features, see the respective sections. Table 1. New in 10.5.0.7 Revision Date Feature Description A06 2020-06-26 Default MTU Configuration Configures a custom MTU value to all the interfaces that do not have a user configured MTU.
Table 5. New in 10.5.0.1 Revision Date Feature Description A01 2019–09-17 MX Ethernet IO modules replacement in SmartFabric Replace an Ethernet I/O module (IOM) that is part of a SmartFabric.
Table 6. New in 10.5.0.0 Revision 30 Date Change history Feature Description Port to port pipe and MMU mapping Recommendation for using interfaces from same port pipes for ingress and egress for optimal performance. Configure openflow Configure multiple controllers for OpenFlow on both IPv4 and IPv6 networks.
2 Getting Started with Dell EMC SmartFabric OS10 Dell EMC SmartFabric OS10 is a network operating system (NOS) supporting multiple architectures and environments. The SmartFabric OS10 solution allows multi-layered disaggregation of network functionality. SmartFabric OS10 bundles industrystandard management, monitoring, and Layer 2 and Layer 3 networking stacks over CLI, SNMP, and REST interfaces. Users can choose their own third-party networking, monitoring, management, and orchestration applications.
Switch with factory-installed OS10 A switch may come with OS10 Enterprise Edition factory-loaded. OS10 upgrades are available for download from the Dell Digital Locker (DDL). A factory-loaded OS10 image includes a perpetual license. On ● ● ● a factory-installed OS10 switch, you can perform these tasks after logging in: Check the OS10 version. Upgrade the OS10 image. Re-install the license. If OS10 is pre-installed on a switch, zero-touch deployment (ZTD) is enabled by default.
Check OS10 version Dell EMC recommends that you upgrade a factory-loaded OS10 to the latest OS10 version. ● To check the current version of the OS10 image, use the show version command. ● To check the OS10 versions available for download, follow the procedure in OS10 upgrade->Download OS10 for upgrade. Check OS10 version OS10# show version Dell EMC Networking OS10 Enterprise Copyright (c) 1999-2019 by Dell Inc. All Rights Reserved. OS Version: 10.5.0.0 Build Version: 10.5.0.
Install OS10 upgrade After you download and unpack a new OS10 binary image as described in Download OS10 image for upgrade, follow these steps: NOTE: During the OS10 image upgrade process in a VLT setup, when the VLT peers are running different software versions, make no configuration changes on a VLT peer. Ensure that both nodes are upgraded to the same version before you make any configuration change.
Active SW Version: Active SW Build Version: Active Kernel Version: Active Build Date/Time: Standby Partition: Standby SW Version: Standby SW Build Version: Standby Build Date/Time: Next-Boot: 10.5.0.0 10.5.0.270 Linux 4.9.168 2019-07-29T23:35:01Z A 10.5.0EX 10.5.0EX.252 2019-07-27T17:31:55Z active[B] 9. Reload the new software image in the standby partition in EXEC mode. OS10# reload 10.
6. Install the OS10 standby image using the image install file-url command in EXEC mode, where filename is the name of the image file downloaded in Step 3 with the image download command; for example: OS10# image install image://OS10EE.bin NOTE: OS10 has two images: A and B. One image is active, which is the current running version and used as the running software at the next system reload. The other image remains standby, used for software upgrades.
Architecture: x86_64 Up Time: 04:40:37 Install firmware upgrade You may need to upgrade the firmware components on an OS10 switch without upgrading the OS10 image. To upgrade firmware components in a separate operation: 1. Download the OS10 firmware file from a server using the image download server-filepath/firmware-filename command in EXEC mode; for example: OS10# image download http://10.11.8.184/tftpboot/users/regr//neteng/okelani/files /new/onie-firmware-x86_64-dellemc_s5200_c3538-r0.3.40.5.1-9.bin 2.
Usage Information The image cancel command cancels a file download from a server, such as an OS10 binary image or firmware upgrade, that is in progress. After an image download completes, the command has no effect. The command also removes any pending firmware upgrades on the switch. Example Supported Releases OS10# image cancel 10.2.0E or later image copy Copies the entire image in the active partition to the standby partition, a mirror image.
When using the scp and sftp options, always enter an absolute file path instead of a path relative to the home directory of the user account; for example: image download sftp://dellos10:password@10.1.1.1/home/dellos10/images/ PKGS_OS10EE-10.4.3.bin Example Supported Releases OS10# image download sftp://dellos10:adminTo%40%20@10.1.1.1/home/ dellos10/images/PKGS_OS10-Enterprise-10.4.0E.55-installer-x86_64.bin 10.2.
---------------------------------------------------------------------------------Node-id 1 Flash Boot [B] 10.5.0.0 [A] 10.5.0.0 [B] activ Example (Detail) Supported Releases OS10# show boot detail Current system image information detail: ========================================== Type: Node-id 1 Boot Type: Flash Boot Active Partition: B Active SW Version: 10.5.0.0 Active SW Build Version: 10.5.0.270 Active Kernel Version: Linux 4.9.
Date --- ------------------------------------------------------------------ --------------------Past Firmware Upgrade(s) ==================================== Name Version Result --------------------------------------------------------- ---------------------------onie-firmware-x86_64-dellemc_s5200_c3538-r0.3.40.5.1-6. 3.40.5.1-6 Success onie-updater 3.40.1.1-5 Fail onie-updater-x86_64-dellemc_s5200_c3538-r0.3.40.1.1-6 3.40.1.1-6 Fail Supported Releases 10.5.
Command Mode EXEC Usage Information None Example Supported Releases OS10# show version Dell EMC Networking OS10 Enterprise Copyright (c) 1999-2019 by Dell Inc. All Rights Reserved. OS Version: 10.5.0.0 Build Version: 10.5.0.270 Build Time: 2019-07-29T23:35:01+0000 System Type: S4148F-ON Architecture: x86_64 Up Time: 1 day 00:54:13 10.2.0E or later Check OS10 license To check the status of the pre-installed OS10 license, use the show license status command.
Switch without OS installed If your Dell EMC ONIE-enabled switch does not have a default OS installed, you can download an OS10 software image from the Dell Digital Locker and install it using ONIE. Also, install OS10 on a Dell EMC ONIE device when: ● You convert a switch from OS9 or any third-party OS. ● You receive a replacement device from Dell EMC return material authorization (RMA).
Download OS10 image If you purchase the OS10 Enterprise Edition image with an after point-of-sale order, your OS10 purchase allows you to download software images posted within the first 90 days of ownership. After the order is complete, you receive an email notification with a software entitlement ID, order number, and link to the DDL. To extend the software-entitled download period, you must have a Dell EMC ProSupport or ProSupport Plus contract on your hardware.
For an ONIE-enabled switch, go to the ONIE boot menu. An ONIE-enabled switch boots up with pre-loaded diagnostics (DIAGs) and ONIE software. +--------------------------------------------------------+ |*ONIE: Install OS | | ONIE: Rescue | | ONIE: Uninstall OS | | ONIE: Update ONIE | | ONIE: Embed ONIE | | ONIE: Diag ONIE | +--------------------------------------------------------+ ● Install OS — Boots to the ONIE prompt and installs an OS10 image using the Automatic Discovery process.
Info: eth1: Checking link... down. ONIE: eth1: link down. Skipping configuration. ONIE: Failed to configure eth1 interface ONIE: Starting ONIE Service Discovery Info: Fetching tftp://10.10.10.2/onie-installer-x86_64-dellemc_s4148fe_c2338 ... Info: Fetching tftp://10.10.10.2/onie-installer-dellemc_s4148fe_c2338 ... Info: Fetching tftp://10.10.10.2/onie-installer-x86_64-bcm ... Info: Fetching tftp://10.10.10.2/onie-installer-x86_64 ... Info: Fetching tftp://10.10.10.2/onie-installer ...
The OS10 installer image creates several partitions, including OS10-A and OS10-B. After installation completes, the switch automatically reboots and loads OS10 from OS10-A, which becomes the active partition by default. OS10-B becomes the standby partition. Install manually using a USB drive You can manually install the OS10 software image using a USB device. Verify that the USB device supports a FAT or EXT2 file system.
jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. OS10# configure terminal % Error: ZTD is in progress(configuration is locked). OS10# ztd cancel OS10# configure terminal OS10(config)# username admin password alpha404! role sysadmin OS10(config)# exit OS10# write memory Install OS10 license If OS10 is factory-loaded on your switch, you do not need to install an OS10 license as it is pre-loaded with a perpetual license.
Install license — SCP OS10# license install scp://user:userpwd@10.1.1.10/0A900Q2-NOSEnterprise-License.xml License installation success. Install license — localfs Follow these steps to install a license from a local file directory: 1. Copy the license file from the FTP server location to the home directory on the system. OS10# copy ftp://admin:admin@10.11.95.101//home/admin/LADF/0A900Q2-NOSEnterpriseLicense.XML home://7B900Q2-NOSEnterprise-License.XML 2.
---------------Software : OS10-Enterprise Version : 10.5.0.0 License Type : PERPETUAL License Duration: Unlimited License Status : Active License location: /mnt/license/9531XC2.lic --------------------------------------------------------Troubleshoot license installation failure An error message displays if the installation fails. License installation failed 1. Verify the installation path to the local or remote license location. 2.
MX7000 Feb 2020 Solution Update Instructions Following MX7000 components have new versions: Table 8. MX7000 Components Component Version iDRAC with Lifecycle Controller 4.11.11.11 Dell EMC Server BIOS PowerEdge MX740c 2.5.4 Dell EMC Server BIOS PowerEdge MX840c 2.5.4 Qlogic 26XX series Fibre Channel adapters 15.05.12 Qlogic 27XX series Fibre Channel adapters 15.05.12 Qlogic 41xxx series adapters 15.05.14 Mellanox ConnectX-4 Lx Ethernet Adapter Firmware 14.25.80.
g. Once the DUP is uploaded, click Next and select the Compliance checkbox. Click Finish to start the update on all the Compute devices. h. Allow the job to complete before proceeding to Step 2. 3. Repeat Step 1 instructions to update components " Qlogic 4. Update component "OpenManage Enterprise Modular" . 26XX series Fibre Channel adapters ", "Qlogic 27XX series a.
Sample output from a Chassis-group Member: MX9116N-A1# show smartfabric cluster --------------------------------------------------------CLUSTER DOMAIN ID : 159 VIP : fde1:53ba:e9a0:de14:0:5eff:fe00:1159 ROLE : BACKUP SERVICE-TAG : MXWV011 MASTER-IPV4 : 100.69.101.
SKYMX02 MX9116N-A2# A1 iii. It is highly recommended to upgrade all the networking switches (MX9116n and MX5108n) in the MSM Chassis group to 10.5.0.5. During the upgrade process, it is not recommended to make any configuration changes in the chassis-group. iv. For upgrading the networking switch from 10.4.0E (R3S or R4S), refer to the Upgrade and Downgrade section in the existing SmartFabric Release Notes for additional instructions. v. For upgrading the networking switches from 10.5.0.x to 10.5.0.
Table 11. Command Description Command Description OS10# image download fileurl Download the new software image. For example: OS10# image download ftp:// userid:passwd@ho stip:/filepath NOTE: Some Windows unzip applications insert extra carriage returns (CR) or line feeds (LF) when they extract the contents of a .tar file, which may corrupt the downloaded OS10 binary image. Turn off this option if you use a Windows-based tool to untar an OS10 binary file. iv.
Table 15. Command Description Command Description OS10# boot system standby Change the next boot partition to standby. viii. (Optional) Check if the next boot partition has changed to standby in the EXEC mode. Table 16. Command Description Command Description OS10# show boot detail Check whether the next boot partition has changed. ix. Reload the new software image in the EXEC mode. Table 17. Command Description Command Description OS10# reload Reload the new software. x.
STATUS as ONLINE in the command output after reloading. Table 19. Command Description Command MX9116N-A2# show smartfabric cluster member Servicetag IP Address Description Display the status of the cluster members.
Table 19. Command Description Command Description MX9116N-A2# xii. After completing the above step, upgrade the next Networking I/O Module. xiii. After all Fabric Switching Engines are updated, all solution components (compute, chassis, and fabric switching engine) in this entire process will be updated. Power cycle the MX7000 chassis after updating all applicable solution components.
1. (Optional) Ensure that the DHCP client is disabled on the Management interface in INTERFACE mode. no ip address dhcp 2. Configure a management route for the Management port in CONFIGURATION mode. Repeat the command to configure multiple routes. management route {ipv4-address/mask | ipv6-address/prefix-length} {forwarding-router-address | managementethernet} ● ipv4-address/mask — Enter an IPv4 network address in dotted-decimal format (A.B.C.D), then a subnet mask in /prefix-length format (/x).
NOTE: To change a system administrator password, re-enter the command for the administrator username with a new password.
3 CLI Basics The OS10 CLI is the software interface you use to access a device running the software — from the console or through a network connection. The CLI is an OS10-specific command shell that runs on top of a Linux-based OS kernel. By leveraging industry-standard tools and utilities, the CLI provides a powerful set of commands that you can use to monitor and configure devices running OS10.
Changing the configuration mode of the current session to the Transaction-Based Configuration mode does not affect the configuration mode of other CLI sessions. ● After you explicitly enter the commit command to save changes to the candidate configuration, the session switches back to the default behavior of automatically saving the configuration changes to the running configuration.
Check device status Use show commands to check the status of a device and monitor activities. Refer Related Videos section for more information. ● Enter show ? from EXEC mode to view a list of commands to monitor a device; for example: OS10# show ? acl-table-usage alarms alias bfd boot candidate-configuration class-map clock ...
-- Fan Status -FanTray Status AirFlow Fan Speed(rpm) Status ---------------------------------------------------------------1 up NORMAL 1 13195 up 2 up NORMAL 1 13151 up 3 up NORMAL 1 13239 up 4 up NORMAL 1 13239 up Related Videos Check Device Status Command help To view a list of valid commands in any CLI mode, enter ?; for example: OS10# ? alarm alias batch boot clear clock commit configure copy crypto ...
Candidate configuration When you use OS10 configuration commands in Transaction-based configuration mode, changes do not take effect immediately and are stored in the candidate configuration. The configuration changes become active only after you commit the changes using the commit command. Changes in the candidate configuration are validated and applied to the running configuration. The candidate configuration allows you to avoid introducing errors during an OS10 configuration session.
To display only interface-related configurations in the candidate configuration, use the show candidate-configuration compressed and show running-configuration compressed commands. These views display only the configuration commands for VLAN and physical interfaces. OS10# show candidate-configuration compressed interface breakout 1/1/1 map 40g-1x interface breakout 1/1/2 map 40g-1x interface breakout 1/1/3 map 40g-1x interface breakout 1/1/4 map 40g-1x ...
Prevent configuration changes You can prevent configuration changes that are made on the switch in sessions other than the current CLI session using the lock command. To prevent and allow configuration changes in other sessions, use the lock and unlock commands in EXEC mode. When you enter the lock command, users in other active CLI sessions cannot make configuration changes.
reload the switch for the profile settings to take effect. If the backup startup file contains the default switch-port profile, you can simply copy the startup configuration file from the server and reload the switch. Copy file to startup configuration OS10# copy {config://filepath | home://filepath | ftp://userid:passwd@hostip/filepath | scp://userid:passwd@hostip/filepath | sftp://userid:passwd@hostip/filepath | tftp://hostip/filepath} config://startup.xml Back up startup file OS10# copy config://startup.
● ● ● ● display-xml — Displays output in XML format. except — Displays only text that does not match a pattern. find — Searches for the first occurrence of a pattern and displays all further configurations. grep — Displays only the text that matches a specified pattern. Special characters in regular expressions, such as ^ (matches the beginning of a text string), $ (matches the end of a string), and .. (matches any character in the string) are supported. ● no-more — Does not paginate output.
configure Enters CONFIGURATION mode from EXEC mode. Syntax configure {terminal} Parameters terminal — Enters CONFIGURATION mode from EXEC mode. Default Not configured Command Mode EXEC Usage Information Enter conf t for auto-completion. Example Supported Releases OS10# configure terminal OS10(config)# 10.2.0E or later copy Copies the current running configuration to the startup configuration and transfers files between an OS10 switch and a remote device.
When using the scp and sftp options, always enter an absolute file path instead of a path relative to the home directory of the user account; for example: copy config://startup.xml scp://dellos10:password@10.1.1.1/home/dellos10/ backup.xml Use the copy command with the severity-profile option to download or upload severity profiles from a remote location.
delete Removes or deletes a file, including the startup configuration file. Syntax delete [config://filepath | coredump://filepath | home://filepath | image://filepath | startup-configuration | severity-profile profile-name | supportbundle://filepath | usb://filepath] Parameters ● ● ● ● ● ● ● ● Default Not configured Command Mode EXEC Usage Information Use this command to remove a regular file, software image, or startup configuration.
Usage Information Example Example (config) The dir command requires at least one parameter. Use the dir config command to display configuration files. OS10# dir config coredump home image severity-profile supportbundle Folder Folder Folder Folder Folder Folder OS10# dir config Directory contents for Date (modified) --------------------2017-04-26T15:23:46Z containing containing containing containing containing containing folder: config Size (bytes) Name ------------ ----------26704 startup.
OS10(conf-if-eth1/1/7)# do show running-configuration ... ! interface ethernet1/1/7 no shutdown ! ... Supported Releases 10.2.0E or later end Returns to EXEC mode from any other command mode. Syntax end Parameters None Default Not configured Command Mode All Usage Information Use the end command to return to EXEC mode to verify currently configured settings with show commands. Example Supported Releases OS10(config)# end OS10# 10.2.0E or later exit Returns to the next higher command mode.
Usage Information The host name is used in the OS10 command-line prompt. The MX7000 series switch, not the Dell EMC SmartFabric OS10, automatically sets the default hostname using a module-slot format. To calculate the hostname, the switch takes into account the module that is currently plugged into the MX7000 chassis and the slot in the chassis where the module is inserted. The module can be either MX9116n or MX5108n.
lock Locks the candidate configuration and prevents any configuration changes on any other CLI sessions, either in Transaction or Non-Transaction-Based Configuration mode. Syntax lock Parameters None Default Not configured Command Mode EXEC Usage Information The lock command fails if there are uncommitted changes in the candidate configuration. Example Supported Releases OS10# lock 10.2.0E or later management route Configures an IPv4/IPv6 static route the Management port uses.
● usb: — Move from the USB file system (usb://filepath). Default Not configured Command Mode EXEC Usage Information Use the dir config command to view the directory contents. Example OS10# move config://startup.xml config://startup-backup.xml Example (dir) OS10# dir config Directory contents for Date (modified) --------------------2017-04-26T15:23:46Z Supported Releases folder: config Size (bytes) Name ------------ ----------26704 startup.xml 10.2.
● -A — (Optional) Adaptive ping. An inter-packet interval adapts to the round-trip time so that one (or more, if you set the preload option) unanswered probe is present in the network. The minimum interval is 200 msec for a non-super user, which corresponds to Flood mode on a network with a low round-trip time. ● -b — (Optional) Pings a broadcast address. ● -B — (Optional) Does not allow ping to change the source address of probes. The source address is bound to the address used when the ping starts.
If the destination IP address is active, replies are sent back from the server including the IP address, number of bytes sent, lapse time in milliseconds, and TTL, which is the number of hops back from the source to the destination. When you use the -I option and enter an IP address, OS10 considers it as the source address. If you use an interface name instead of the IP address, OS10 considers it as the egress interface.
○ For a port-channel interface, enter port-channelchannel-id; for example, port-channel. ● -l preload — (Optional) Enter the number of packets that ping sends before waiting for a reply. Only a super-user may preload more than three. ● -L — (Optional) Suppress the Loopback of multicast packets for a multicast target address. ● -m mark — (Optional) Tags the packets sent to ping a remote device. Use this option with policy routing.
reload Reloads the software and reboots the ONIE-enabled device. Syntax reload Parameters None Default Not configured Command Mode EXEC Usage Information Example NOTE: Use caution while using this command as it reloads the OS10 image and reboots the device. OS10# reload Proceed to reboot the system? [confirm yes/no]:y Supported Releases 10.2.0E or later show boot Displays detailed information about the boot image.
show candidate-configuration Displays the current candidate configuration file.
● ● ● ● ● ● ● ● ● ● tacacs-server — (Optional) Current operating TACACS server configuration. telemetry — (Optional) Current operating telemetry configuration. trust-map — (Optional) Current operating trust-map configuration. uplink-state-group — (Optional) Current operating Uplink State Group configuration. users — (Optional) Current operating users configuration. userrole — (Optional) Current operating user role configuration. virtual-network — (Optional) Current operating virtual network configuration.
interface vlan 1 no shutdown ! interface mgmt1/1/1 ip address 10.11.58.145/8 no shutdown ipv6 enable ipv6 address autoconfig ! support-assist ! policy-map type application policy-iscsi ! class-map type application class-iscsi Supported Releases 10.2.0E or later show environment Displays information about environmental system components, such as temperature, fan, and voltage.
Usage Information None Example OS10# show inventory Product Description Software version Product Base Product Serial Number Product Part Number : S4148F-ON : S4148F-ON 48x10GbE, 2x40GbE QSFP+, 4x100GbE QSFP28 Interfa : 10.5.0.
Default Not configured Command Mode EXEC Usage Information Use this command to view the IPv6 static and connected routes configured for the Management port. Use the management route command to configure an IPv4 or IPv6 management route. Example OS10# show ipv6 management-route Destination ----------2001:34::0/64 2001:68::0/64 Supported Releases Gateway ------ManagementEthernet 1/1 2001:34::16 State ----Connected Active 10.2.2E or later show license status Displays license status information.
| ip dhcp snooping | lacp | line | lldp | logging | management-route | mld | monitor | ntp | nve | ospf | ospfv3 | password-attributes | pim | policymap | prefix-list | privilege | qos-map | radius-server | route | route-map | sflow | smartfabric | snmp | spanning-tree | support-assist | system-qos | tacacs-server | telemetry | trust-map | uplink-state-group | userrole | users | virtual-network | vlt | vrf | wred-profile] Parameters ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●
● ● ● ● ● ● ● ● trust-map — (Optional) Current operating trust-map configuration. uplink-state-group — (Optional) Current operating Uplink State Group configuration. users — (Optional) Current operating users configuration. userrole — (Optional) Current operating user role configuration. virtual-network — (Optional) Current operating virtual network configuration. vlt — (Optional) Current operating VLT domain configuration. vrf — (Optional) Current operating VRF configuration.
interface vlan 1 no shutdown ! interface mgmt1/1/1 ip address 10.11.58.145/8 no shutdown ipv6 enable ipv6 address autoconfig ! support-assist ! policy-map type application policy-iscsi ! class-map type application class-iscsi Supported Releases 10.2.0E or later show startup-configuration Displays the contents of the startup configuration file. Syntax show startup-configuration [compressed] Parameters compressed — (Optional) View a compressed version of the startup configuration file.
password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/ VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH. aaa authentication local snmp-server contact http://www.dell.com/support snmp-server location "United States" ip route 0.0.0.0/0 10.11.58.1 ! interface range ethernet 1/1/1-1/1/32 switchport access vlan 1 no shutdown ! interface vlan 1 no shutdown ! interface mgmt1/1/1 ip address 10.11.58.
-- Power Supplies -PSU-ID Status Type AirFlow Fan Speed(rpm) Status ---------------------------------------------------------------1 up AC NORMAL 1 13312 up 2 fail -- Fan Status -FanTray Status AirFlow Fan Speed(rpm) Status ---------------------------------------------------------------1 up NORMAL 1 13195 up Example (nodeid) 2 up NORMAL 1 13151 up 3 up NORMAL 1 13239 up 4 up NORMAL 1 13239 up OS10# show system node-id 1 fanout-configured Interface Breakout capable Breakout state ------
Supported Releases 3 up NORMAL 1 13239 up 4 up NORMAL 1 13239 up 10.2.0E or later show version Displays software version information. Syntax show version Parameters None Default Not configured Command Mode EXEC Usage Information None Example Supported Releases OS10# show version Dell EMC Networking OS10 Enterprise Copyright (c) 1999-2019 by Dell Inc. All Rights Reserved. OS Version: 10.5.0.0 Build Version: 10.5.0.
Parameters command — Enter the Linux command to execute. Default Not configured Command Mode EXEC Usage Information Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0(R3S). Also supported in SmartFabric mode starting in release 10.5.0. Example Supported Releases OS10# system bash admin@OS10:~$ pwd /config/home/admin admin@OS10:~$ exit OS10# 10.2.0E or later system-cli disable Disables the system command.
system identifier Sets a non-default unit ID in a non-stacking configuration. Syntax system identifier system-id Parameters system-id — Enter the system ID, from 1 to 9. Default Not configured Command Mode CONFIGURATION Usage Information The system ID displays in the stack LED on the switch front panel. Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0(R3S). Also supported in SmartFabric mode starting in release 10.5.0.
○ For ICMP tracing, enter the initial ICMP sequence value, incremented by each probe. ○ For TCP tracing, enter the constant destination port to connect. ○ -P protocol — (Optional) Use a raw packet of the specified protocol for traceroute. The default protocol is 253 (RFC 3692). ○ -s source_address — (Optional) Enter an alternative source address of one of the interfaces. By default, the address of the outgoing interface is used. ○ -q nqueries — (Optional) Enter the number of probe packets per hop.
Command Mode EXEC Usage Information None Example Supported Releases OS10# unlock 10.2.0E or later username password role Creates an authentication entry based on a user name and password, and assigns a role to the user. Syntax username username password password role role [priv-lvl privilege-level] Parameters ● username username—Enter a text string. A maximum of 32 alphanumeric characters; one character minimum. ● password password—Enter a text string.
Example Supported Releases OS10(config)# username user05 password newpwd404 role sysadmin priv-lvl 10 10.2.0E or later write Copies the current running configuration to the startup configuration file. Syntax write {memory} Parameters memory — Copy the current running configuration to the startup configuration. Default Not configured Command Mode EXEC Usage Information This command has the same effect as the copy running-configuration startupconfiguration command.
4 Advanced CLI tasks Command alias Provides information to create shortcuts for commonly used commands, see Command alias. Batch mode Provides information to run a batch file to execute multiple commands, see Batch mode. Linux shell commands Provides information to run commands from the Linux shell, see Linux shell commands. OS9 commands Provides information to enter configuration commands using an OS9 command syntax, see Using OS9 commands.
View alias output for goint OS10(config)# goint 1/1/1 OS10(conf-if-eth1/1/1)# View alias information OS10# show alias Name ---govlt goint shconfig showint shver Type ---Config Config Local Local Local Number of config aliases : 2 Number of local aliases : 3 View alias information brief. Displays the first 10 characters of the alias value. OS10# show alias brief Name Type ------govlt Config goint Config shconfig Local showint Local shver Local Value ----"vlt-domain..." "interface ..." "show runni...
● (Optional) You can enter the default values to use for the parameters defined as $n in ALIAS mode. default n input-value ● (Optional) Enter a description for the multi-line alias in ALIAS mode. description string ● Use the no form of the command to delete an alias in CONFIGURATION mode. no alias alias-name You can modify an existing multi-line alias by entering the corresponding ALIAS mode.
Number of config aliases : 1 Number of local aliases : 0 View alias information brief. Displays the first 10 characters of each line of each alias. OS10# show alias brief Name Type ------mTest Config Value ----line 1 "interface ..." line 2 "no shutdow..." line 3 "show confi..." default 1 "ethernet" default 2 "1/1/1" Number of config aliases : 1 Number of local aliases : 0 View alias detail. Displays the entire alias value.
Eth 1/1/3 up 40G A 1 Eth 1/1/4 up 40G A 1 Eth 1/1/5 up 40G A 1 Eth 1/1/6 up 40G A 1 Eth 1/1/7 up 40G A 1 Eth 1/1/8 up 40G A 1 Eth 1/1/9 up 40G A 1 Eth 1/1/10 up 40G A 1 Eth 1/1/11 up 40G A 1 Eth 1/1/12 up 40G A 1 Eth 1/1/13 up 40G A 1 Eth 1/1/14 up 40G A 1 Eth 1/1/15 up 40G A 1 Eth 1/1/16 up 40G A 1 Eth 1/1/17 up 40G A 1 Eth 1/1/18 up 40G A 1 Eth 1/1/19 up 40G A 1 Eth 1/1/20 up 40G A 1 Eth 1/1/21 up 40G A 1 Eth 1/1/22 up 40G A 1 Eth 1/1/23 up 40G A 1 Eth 1/1/24 up 40G A 1 Eth 1/1/25 up 40G A 1 Eth 1/1/26 up
default (alias) Configures default values for input parameters in a multi-line alias. Syntax default n value Parameters ● n — Enter the number of the argument, from 1 to 9. ● value — Enter the value for the input parameter. Default Not configured Command Mode ALIAS Usage Information To use special characters in the input parameter value, enclose the string in double quotation marks ("). The no version of this command removes the default value.
Example Supported Releases OS10(config)# alias mTest OS10(config-alias-mTest)# line 1 "interface $1 $2" OS10(config-alias-mTest)# line 2 "no shutdown" OS10(config-alias-mTest)# line 3 "show configuration" 10.4.0E(R1) or later show alias Displays configured alias commands available in both Persistent and Non-Persistent modes. Syntax show alias [brief | detail] Parameters ● brief — Displays brief information of the aliases. ● detail — Displays detailed information of the aliases.
shver Local "show version" Number of config aliases : 3 Number of local aliases : 3 Supported Releases 10.3.0E or later Batch mode To execute a sequence of multiple commands, create and run a batch file. A batch file is an unformatted text file that contains two or more commands. Store the batch file in the home directory. Use the vi editor or any other editor to create the batch file, then use the batch command to run the file.
Default Not configured Command Mode EXEC Usage Information Use this command to create a batch command file on a remote machine. Copy the command file to the home directory on your switch. This command executes commands in batch mode. OS10 automatically commits all commands in a batch file; you do not have to enter the commit command. To display the files stored in the home directory, enter dir home. To view the files stored in the home directory, use the dir home command.
remote-as 104 no shutdown admin@OS10:/opt/dell/os10/bin$ User admin logged out at session 16 ● Use the ifconfig -a command to display the interface configuration. The Linux kernel port numbers that correspond to front-panel port, port-channel, and VLAN interfaces are displayed. Port-channel interfaces are in boportchannelnumber format. VLAN interfaces are in brvlan-id format. In this example, e101-001-0 identifies port 1/1/1.
Using OS9 commands To enter configuration commands using an OS9 command syntax, use the feature config-os9-style command in CONFIGURATION mode and log out of the session. If you do not log out of the OS10 session, configuration changes made with OS9 command syntaxes do not take effect. After you log in again, you can enter OS9 commands, but only in the new session.
5 Dell EMC SmartFabric OS10 zero-touch deployment Zero-touch deployment (ZTD) allows OS10 users to automate switch deployment: ● Upgrade an existing OS10 image. ● Execute a CLI batch file to configure the switch. ● Execute a post-ZTD script to perform additional functions. ZTD is enabled by default when you boot up a switch with a factory-installed OS10 for the first time or when you perform an ONIE: OS Install from the ONIE boot menu.
ZTD guidelines ● You can store the ZTD provisioning script, OS10 image, CLI batch file, and post-ZTD script on the same server, including the DHCP server. ● Write the ZTD provisioning script in bash. ● Write the post-ZTD script in bash or Python. Enter #!/bin/bash or #!/usr/bin/python as the first line in the script. The default python interpreter in OS10 is 2.7. Use only common Linux commands, such as curl, and common Python language constructs.
ZTD DHCP server configuration For ZTD operation, configure a DHCP server in the network by adding the required ZTD options; for example: option domain-name "example.org"; option domain-name-servers ns1.example.org, ns2.example.org; option ztd-provision-url code 240 = text; default-lease-time 600; max-lease-time 7200; subnet 50.0.0.0 netmask 255.255.0.0 { range 50.0.0.10 50.0.0.254; option routers rtr-239-0-1.example.org, rtr-239-0-2.example.
POST_SCRIPT_FILE="http://50.0.0.1/no_post_script.py" ################### DO NOT MODIFY THE LINES BELOW ####################### sudo os10_ztd_start.sh "$IMG_FILE" "$CLI_CONFIG_FILE" "$POST_SCRIPT_FILE" ######################## **END** ############################### ZTD CLI batch file Create a CLI batch file that ZTD downloads and executes to configure a switch. The ZTD CLI batch file consists of two sections: PRE-CONFIG and POST-CONFIG.
Post-ZTD script As a general guideline, use a post-ZTD script to perform any additional functions required to configure and operate the switch. In the ZTD provisioning script, specify the post-ZTD script path for the POST_SCRIPT_FILE variable. You can use a script to notify an orchestration server that the ZTD configuration is complete. The server can then configure additional settings on the switch.
19:31:57 2018 ----------------------------------OS10# show ztd-status ----------------------------------ZTD Status : disabled ZTD State : failed Protocol State : idle Reason : ZTD process failed to download post script file ----------------------------------● ZTD Status — Current operational status: enabled or disabled. ● ZTD State — Current ZTD state: initialized, in-progress, successfully completed, failed, or canceled while in progress.
6 Dell EMC SmartFabric OS10 provisioning OS10 supports automated switch provisioning — configuration and monitoring — using: ● RESTCONF API — REST-like protocol that uses HTTPS connections. Use the OS10 RESTCONF API to set up the configuration parameters on OS10 switches with JavaScript Object Notation (JSON)-structured messages. You can use any programming language to create and send JSON messages; see RESTCONF API.
Ansible inventory file The inventory file contains the list of hosts on which you want to run commands. Ansible can run tasks on multiple hosts at the same time. Ansible playbooks use /etc/ansible/hosts as the default inventory file. To specify a different inventory file, use the -i filepath command as an option when you run an Ansible playbook. Ansible playbook file Using playbooks, Ansible can configure multiple devices. Playbooks are human-readable scripts that are expressed in YAML format.
After you install Ansible, verify the version by entering: $ ansible --version 2. Download and install Dell EMC Networking Ansible roles from the Ansible Galaxy web page; for example: $ ansible-galaxy install dell-networking.dellos-users $ ansible-galaxy install dell-networking.dellos-logging $ ansible-galaxy install dell-networking.dellos-ntp 3. Create a directory to store inventory and playbook files; for example: $ mkdir AnsibleOS10 4. Navigate to the directory and create an inventory file.
state: present dellos_users: - username: u1 password: Test@1347 role: sysadmin privilege: 0 state: present dellos_ntp: server: - ip: 3.3.3.3 The dellos_cfg_generate parameter creates a local copy of the configuration commands applied to the remote switch on the Ansible controller node, and saves the commands in the directory defined in the build_dir path. 8. Create a playbook file. $ vim playbook.yaml - hosts: OS10switch-1 OS10switch-2 connection: network_cli roles: - dell-networking.
7 SmartFabric Services SmartFabric Services (SFS) is an application suite that provides network fabric automation and API-based programmability. A network fabric consists of physical resources, such as servers, switches, logical resources-networks, templates, and uplinks. SFS, which is an OS10 feature, has different personalities that can be used in multiple architectures and environments.
SFS, used in leaf and spine network, creates a fully integrated solution between the fabric and a hyperconverged domain infrastructure such as VxRail. SmartFabric Services for PowerEdge MX SFS is a capability of Dell EMC Networking OS10 Enterprise Edition running on Ethernet switches (IOMs) that are designed for the PowerEdge MX 7000 platform. In the SFS mode, the IOMs operate as a simple Layer 2 input output aggregation device, which enables complete interoperability with network equipment vendors.
In MX platform, SFS provides: ● A single pane of glass to monitor and manage the lifecycle operations on the IOMs. ● APIs to manage VLT fabric, data uplinks, storage uplinks, and server templates for the entire fabric. In a Dell EMC PowerEdge MX7000 infrastructure, the MX9116n fabric engine and MX5108n Ethernet switch support SFS. SmartFabric Services for leaf and spine SFS discovers the OS10 switches and builds a L2 or L3 network fabric using industry-standard L2 and L3 protocols.
The Out-of-band (OOB) management network is an isolated network for remote management of servers, switches, and storage devices using the respective management ports. An S3048-ON installed in each rack provides 1GE connectivity to the management network. The OOB management ports on each spine and leaf switch are connected to the S3048-ON switches. For the S3048-ON management switches, all ports are in L2 and in the default VLAN.
NOTE: You are not allowed to use these VLANs for general use. ● Cluster control VLAN 4000 — SFS automatically configures VLAN 4000 on all the switches in a fabric, and uses the network for all internal fabric operations. When SFS detects an ISL, it assigns the ISL to the tagged member of this VLAN. This VLAN is PVST enabled with root bridge that is forced on one of a spine switch. ● IP-peer VLAN 4001 to 4079 — SFS automatically configures the leaf and spine network using eBGP as the routing protocol.
General purpose networks General purpose networks are L2 VLAN networks in VxRail and L2 VXLAN networks in L3 fabric. For L3 fabric, SmartFabric services automatically creates a virtual network corresponding to a network. This virtual network has one-to-one mapping with the network, which means for each VLAN, there exists a virtual network with VNI same as the VLAN ID. VXLAN networks VXLAN network extends L2 connectivity over an underlay L3 connected network.
Layer 3 VXLAN network is a VXLAN type of network that contains a list of IP addresses and an anycast IP address. Optionally, DHCP relay addresses can also be specified. Layer 3 VXLAN network can be configured over a leaf node. Layer 3 VXLAN network can be attached to an uplink. Each VLTi uplink interface contains an IP address that is allocated from the list of IP addresses that are configured on the layer 3 VXLAN network.
Statically onboarded server ● STP is disabled on the attached ports. ● The bonding can be auto or LACP. ● All types of networks can be attached to these ports. Static onboarding for nonintegrated devices SmartFabric services support onboarding server on assigned ports instead of LLDP based discovery mechanism. SFS extent the server profile and server interface profile for you to provide onboarded interface. ● All existing bonding modes is supported on statically onboarded server.
Enable SmartFabric Services on the switches To create a L3 network fabric in a leaf and spine topology, enable the SFS in all the switches. After you enable SFS, a network fabric is created automatically with the default fabric settings. To enable the SFS: ● Designate a role for the switch: Leaf or spine ● Configure VLT interfaces for the leaf switches. To enable the SmartFabric Services in a switch from the OS10 CLI, use the smartfabric l3fabric enable command.
● Onboard a server. ● Create a Jump host. ● Edit default fabric settings. For more information, see Configure SFS initial setup.
1. Home page has links to wizards to: ● Update Default Fabric, Switch Names and Descriptions ● Create Uplink for External Network Connectivity ● Breakout Switch Ports ● Configure Jump Host ● Update Network Configuration ● Onboard a Server onto the Fabric ● Edit Default Fabric Settings ● Restore 2. Leaf and spine topology view—Displays the L3 fabric design that is created after enabling SFS.
NOTE: To form a LAG on the leaf switches, select an interface or interfaces that are of the same speed. 6. Associate the networks with the selected interfaces: ● Add multiple tagged networks or a single untagged network, or both. ● Add the network from the displayed list or create a general purpose network using the ADD NETWORK. 7. Select Yes or No to integrate the networks that are created automatically in the fabric through vCenter, on this uplink. 8. Click FINISH.
7. Define a routing policy to associate with the uplink based on the external network connectivity setup. ● Static Route — A route policy template that contains a network prefix and the next hop IP address. ● eBGP — A routing policy template that contains BGP peer IP address and the remote AS number. NOTE: You cannot associate a L3 Routed network with more than one uplink or server profile. You can view and delete a routing profile from the Routing Profiles tab.
4. Associate an interface of the leaf switch to onboard the server: a. Select the NIC bonding. b. Select if it is a static onboarding. If it is a static onboarding, assign an interface of the leaf switch, and click NEXT. 5. Associate the networks to the server interface profile from the list or create a network or virtual network according to the network connectivity. ● ADD NETWORK — A template to create a general-purpose, L3 VLAN, VXLAN, and L3 Routed networks.
Configuring FEC using MSM You can configure FEC on interfaces from MSM when the switch is in Fabric mode. MSM sends the FEC value that is to be configured for the interface and this value is configured for the interface. This configuration is not retained across breakout modes. Configuration of FEC from MSM for IOM in full-switch mode is not supported. The FEC configuration from MSM is supported for 25, 50, and 100G speeds and for uplink ports only in Smartfabric mode.
Parameters role — Enter the role of the switch in Layer 3 fabric: ● LEAF — Specify the role as LEAF for top of rack switches and specify the VLTi ports that interconnect the leaf switches. ● SPINE — Specify the role as SPINE for the switch that connects the leaf switches. ● SUPER-SPINE — Specify the role as SUPER-SPINE to set the node's role as SUPER-SPINE.
take effect Supported Releases 10.5.0.3 or later show smartfabric cluster Displays the basic cluster information of the switch or IOM, where the command is executed. Syntax show smartfabric cluster Parameters None Default None Command Mode EXEC Usage Information This command is supported in both Full Switch and SmartFabric modes. Example (IOM) Supported on the MX9116n and MX5108n switches starting in release 10.5.0.1. Also available on SFSsupported OS10 switches starting in release 10.5.0.3.
show smartfabric cluster member Displays cluster member information such as service tag, IP address, status, role, type of each switch or IOM and chassis model, and service tag of the chassis where the switch belongs to. Syntax show smartfabric cluster member Parameters None Default None Command Mode EXEC Usage Information Content display varies depending on the switch role.
Example (IOM) Example (VxRail) Supported Releases MX9116N-A1# show smartfabric details ---------------------------------------------------------Name : A1-A2 Description : ID : fc6c9051-f499-4816-a54a-25ef6fef2e33 DesignType : 2xMX9116n_Fabric_Switching_Engines_in_same_chassis Validation Status: VALID VLTi Status : VALID Placement Status : VALID Nodes : 3GB1XC2, 9A2HEM3 ---------------------------------------------------------OS10# show smartfabric details -------------------------------------------------
VLAN 1 GENERAL_PURPOSE SILVER 4bb446a3-702c-4a0f-abdd-07dd0c14775a v1 GENERAL_PURPOSE BRONZE 9f2bed94-9148-46d8-9df6-3b606c83a472 Example (VxRail) Supported Releases 1 500 OS10# show smartfabric networks Name Type QosPriority NetworkId Vlan -------------------------------------------Client_Control_Network VXLAN IRON Client_Control_Network 3939 Client_Management_Network VXLAN IRON Client_Management_Network 4091 10.5.0.
show smartfabric personality Displays the personality of the node. Syntax show smartfabric personality Parameters None Default None Command Mode EXEC Usage Information The output varies depending on the role of the switch. This command is supported in both Full Swtich and SmartFabric modes. Supported on the MX9116n and MX5108n switches starting in release 10.5.0.1. Also available on SFSsupported OS10 switches starting in release 10.5.0.3.
This command is supported both in Full Switch and SmartFabric modes. Supported on the MX9116n and MX5108n switches starting in release 10.5.0.1. Also available on SFSsupported OS10 switches starting in release 10.5.0.3. For supported platforms, see SmartFabric Services for leaf and spine.
------------------------------------------------------------------------------------------------------------------Name : L3Uplink Description : Uplink On L3 Network600 ID : L3RUplink-600 Media Type : ETHERNET Native Vlan : 0 Untagged-network : Network600 Networks : Configured-Interfaces : AZY1234:ethernet1/1/21:2 ---------------------------------------------------------Supported Releases 10.5.0.
MessageID : Description : Unable to validate the SmartFabric because the VLTi cable for link ICL-2_REVERSE is not connected as per fabric design 2xMX5108n_Ethernet_Switches_in_same_chassis. EEMI : NFAB0012 Category : FABRIC_ERROR Subcategory : ISL_ERROR Severity : SEVERITY_1 Recommended Action:Make sure that the VLTi cables are connected to the correct ports as per the selected fabric design.
Parameters server-id — Enter a discovered server ID information. Default None Command Mode EXEC Usage Information Use this command to view all discovered server interfaces for each server. Example Supported Releases This command is supported in both Full Switch and SmartFabric modes. MX9116N-B1# show smartfabric discovered-server discovered-serverinterface 00FWX 20 Nic-Id : Switch-Interface -----------------------------------------------------NIC.Mezzanine.1A-1-1 3GB1XC2:ethernet1/1/1 NIC.
show smartfabric configured-server configured-server-interface Displays all the configured server interface profile information such as server ID, port ID, onboarded interface, whether the server is discovered, configured, and onboarded, fabric ID, native VLAN, and network profiles associated with the server interface profile and bandwidth partition configured for the server interface profile.
8 SmartFabric Director SmartFabric Director manages the switches in a data center with or without any virtual infrastructure. SmartFabric Director provides a single view of operating, managing, and troubleshooting of physical and virtual networks. SmartFabric Director features ● ● ● ● ● ● ● Define, build, and maintain a Layer 2 or Layer 3 leaf-spine data center fabric (underlay).
Set security profile to gNMI agent Before establishing a connection to the gNMI client in SmartFabric director, set a valid application-specific security profile for the gNMI agent. Also, configure an FQDN or an IP address for entry to the SmartFabric director server; assign client and CA certificates. A user role in SmartFabric director with Super Admin privileges can be used to access the agent. The security profile that is assigned to the gNMI agent must be pre-configured on the switch.
Table 21. Openconfig device Sensor group name YANG container oc-device ● openconfig-platform/components/component ● openconfig-network-instance/network-instances/network-instance Table 22. Openconfig system Sensor group name YANG container oc-system ● openconfig-system/system ● openconfig-platform/components/component Table 23. Openconfig environment Sensor group name YANG container oc-environment openconfig-platform/components/component Table 24.
Table 31. Openconfig STP Sensor group name YANG container oc-stp openconfig-spanning-tree/stp Table 32. Vendor UFD Sensor group name YANG container oc-vendor-ufd ufd/uplink-state-group-stats/ufd-groups Table 33. Vendor VXLAN Sensor group name YANG container oc-vendorvxlan vxlan/vxlan-state/remote-endpoint/stats Table 34. Openconfig VLAN Sensor group name YANG container oc-vlan openconfig-interfaces/interfaces/interface Table 35.
Table 37. activate API API Name Description activate Activates the newly installed OS10 image. Activation is a two stage process. In the first stage, the boot partition is set to standby for subsequent boot cycles. In the second stage, a system reload is issued to boot the newly installed OS10 image from the standby partition. The activate-image operation requires a system reload. As a result, the current services are affected. Table 38.
Example Supported releases OS10(config)# switch-operating-mode Full-Switch 10.4.3.0 or later gnmi-security-profile Set the security profile for the gNMI agent. Syntax gnmi-security-profile profile-name Parameters profile-name — Enter the name of the security profile to be associated with the gNMI agent. Default Not configured Command mode CONFIGURATION Usage information Before establishing a connection to the gNMI agent, set a valid application-specific security profile for the gNMI agent.
Examples Supported releases OS10# show sfd status Controller IP Port Status ----------------------------------------------------------------------------10.14.8.102 8443 active OS10# 10.5.0.
9 System management System banners Provides information to configure a system login and message of the day (MOTD) text banners, see System banners. User session management Provides information to manage the active user sessions, see User session management. Telnet server Provides information to set up Telnet TCP/IP connections on the switch, see Telnet server. To set up secure, encrypted the secure shell (SSH) connections to the switch, see SSH server.
DellEMC S4148U-ON login Enter your username and password % To delete a login banner and reset it to the Dell EMC default banner, use the no banner login command. To disable the configured login banner, use the banner login disable command. Message of the day banner Configure a message of the day (MOTD) banner that displays after you log in. Enter any single delimiter character to start and end the MOTD banner.
Usage Information Example Supported Releases ● To enter a multiline banner text, use the interactive mode. Enter the command with the delimiter character and press Enter. Then enter each line and press Enter. Complete the banner configuration by entering a line that contains only the delimiter character. ● To delete a login banner and reset it to the Dell EMC default banner, use the no banner login command. To disable the configured login banner, use the banner login disable command.
Clear user session OS10# kill-session 3 View active user sessions OS10# show sessions Current session's operation mode: Non-transaction Session-ID User In-rpcs In-bad-rpcs Out-rpc-err Out-notify Login-time Lock -----------------------------------------------------------------------------------------3 snmp_user 114 0 0 0 2017-07-10T23:58:39Z 4 snmp_user 57 0 0 0 2017-07-10T23:58:40Z 6 admin 17 0 0 4 2017-07-12T03:55:18Z *7 admin 10 0 0 0 2017-07-12T04:42:55Z OS10# The asterisk (*) in the Session-ID column in
show sessions Displays the active management sessions. Syntax show sessions Parameters None Default Not configured Command Mode EXEC Usage Information Use this command to view information about the active user management sessions.
Telnet commands ip telnet server enable Enables Telnet TCP/IP connections to an OS10 switch. Syntax ip telnet server enable Parameters None Default Disabled Command Mode CONFIGURATION Usage Information By default, the Telnet server is disabled. When you enable the Telnet server, use the IP address configured on the management or any front-panel port to connect to an OS10 switch. After you reload the switch, the Telnet server configuration is maintained.
OS10 supports standard and private SNMP MIBs, including all get requests. MIBs are hierarchically structured and use object identifiers to access managed objects. For a list of MIBs supported in the OS10 version running on a switch, see the OS10 Release Notes for the release. OS10 supports different security models and levels in SNMP communication between SNMP managers and agents. Each security model refers to an SNMP version used in SNMP messages.
Table 40. Standards MIBs Module Standard SNMP-MPD-MIB RFC 3412 SNMP-NOTIFICATION-MIB RFC 3413 SNMP-TARGET-MIB RFC 3413 SNMP-USER-BASED-SM-MIB RFC 3414 SNMP-VIEW-BASED-ACM-MIB RFC 3415 SNMPv2-MIB RFC 3418 TCP-MIB RFC 4022 UDP-MIB RFC 4113 Table 41.
SNMP views In OS10, you configure views for each security model and level in an SNMP user group. Each type of view specifies the object ID (OID) in the MIB tree hierarchy at which the view starts. You can also specify whether the rest of the MIB tree structure is included or excluded from the view. ● A read view provides read-only access to the specified OID tree. ● A write view provides read-write access to the specified OID tree.
The oid-tree value specifies the OID in the MIB tree hierarchy at which a view starts. Enter included or excluded to include or exclude the rest of the sub-tree MIB contents in the view. If necessary, re-enter the command to exclude tree entries in the included content. snmp-server view view-name oid-tree [included | excluded] Configure read-only view OS10(config)# snmp-server view readonly 1.3.6.1.2.1.31.1.1.1.6 included Configure read-write view OS10(config)# snmp-server view rwView 1.3.6.1.2.1.31.1.1.1.
readview writeview : readview : writeview Configure SNMP users Configure user access to the SNMP agent on the switch using group membership. Assign each user to a group and configure SNMPv3-specific authentication and encryption settings, and optionally, localized security keys and ACL-based access. Reenter the command multiple times to configure SNMP security settings for all users.
● libcrypt-des-perl ● libdigest-hmac-perl ● libcrypt-rijndael-perl Use the following command to generate the localized keys that you can use when configuring a user: snmpkey {md5 | sha} authpassword engineID [des | 3des | aes] privpassword where authpassword is the password that you specify for the authentication protocol, engineID is the local engineID, and privpassword is the password that you specify for the privacy protocol. Use the show snmp engineID local command to view the local engineID.
Configure SNMP v3 informs OS10(config)# snmp-server group Group3 3 priv notify NOTIFY OS10(config)# snmp-server engineID remote 10.1.1.1 0x80000232334abc34d OS10(config)# snmp-server user rem-user Group3 remote 10.1.1.1 udp-port 162 3 auth md5 testpasswd priv des testprivpasswd OS10(config)# snmp-server host 10.11.5.1 informs version 3 priv rem-user SNMP commands show snmp community Displays the SNMP communities configured on the switch.
show snmp group Displays the SNMP groups configured on the switch, including SNMP views and security models. Syntax show snmp group Parameters None Defaults None Command Mode EXEC Usage Information To configure an SNMP group, use the snmp-server group command.
Usage Information Example Supported Releases Use the show snmp view command to verify the OID starting point for SNMP views in MIB trees. To configure an SNMP view, use the snmp-server view command. OS10# show snmp view view name OID excluded : readview : 1.3.6.5 : True 10.4.2.0 or later snmp-server community Configures an SNMP user community.
snmp-server enable traps Enables SNMP traps on a switch. Syntax snmp-server enable traps [notification-type] [notification-option] Parameters ● notification-type notification-option — Enter an SNMP notification type, and optionally, a notification option for the type. Table 42. Notification types and options Notification type Notification option entity — Enable entity change traps. None envmon — Enable SNMP environmental monitor traps. ○ fan — Enable fan traps.
Parameters ● local engineID — Enter the engine ID that identifies the local SNMP agent on the switch as an octet colon-separated number. A maximum of 27 characters. ● remote ip-address — Enter the IPv4 or IPv6 address of a remote SNMP device that accesses the local SNMP agent. ● udp-port port-number — Enter the UDP port number on the remote device, from 0 to 65535. ● remote-engineID — Enter the engine ID that identifies the SNMP agent on a remote device, 0x then by a hexadecimal string).
● notify view-name — (Optional) Enter the name of a notification view. A maximum of 32 characters maximum. Defaults Not configured Command Mode CONFIGURATION Usage Information Use this command to set up the access privileges for a group of SNMP users. Configure the security level for receiving SNMP messages. Specify read-only, read-write, and/or notification access to the SNMP agent. To configure an SNMPv3 user's authentication and privacy settings, use the snmp-server user command.
● dom | entity | envmon | lldp | snmp — Enter one or more types of traps and notifications to send to the SNMP host — digital optical monitor, entity change, environment monitor, or LLDP state change traps, or SNMP-type notifications. Defaults Not configured Command Mode CONFIGURATION Usage Information The local SNMP agent sends SNMP notifications, traps, and informs to SNMP managers configured as host receivers. You can configure multiple host receivers.
● group-name — Enter the name of the group to which the user belongs. A maximum of 32 alphanumeric characters. ● security-model — Enter an SNMP version that sets the security level for SNMP messages: ○ 1 — SNMPv1 provides no user authentication or privacy protection. SNMP messages are sent in plain text. ○ 2c — SNMPv2c provides no user authentication or privacy protection. SNMP messages are sent in plain text. ○ 3 — SNMPv3 provides optional user authentication and encryption for SNMP messages.
Example (Remote user) Supported Releases OS10(config)# snmp-server user n3user ngroup remote 172.31.1.3 udp-port 5009 3 auth md5 authpasswd 10.4.2.0 or later snmp-server view Configures an SNMPv3 view. Syntax snmp-server view view-name oid-tree [included | excluded] Parameters ● view-name — Enter the name of a read-only, read-write, or notify view. A maximum of 32 characters. ● oid-tree — Enter the SNMP object ID at which the view starts in 12-octet dotted-decimal format.
OS10(config)# OS10(config)# OS10(config)# OS10(config)# OS10(config)# OS10(config)# OS10(config)# Local default snmp-server engineID local test snmp-server group sngroup 2c notify notofy_view snmp-server group snv3group 3 noauth read read_view snmp-server user snuser sngroup 3 auth sha a2FubmFuX3Rlc3Q= snmp-server view readview 1.3.6.1.2.1.2.2 included snmp-server view snview .
Configure system time and date ● Enter the time and date in EXEC mode. clock set time year-month-day ○ time — Enter the time in the format hour:minute:second, where hour is 1 to 24; minute is 1 to 60; second is 1 to 60. For example, enter 5:15 PM as 17:15:00. ○ year-month-day — Enter the date in the format YYYY-MM-DD, where YYYY is a four-digit year, such as 2016; MM is a month from 1 to 12; DD is a day from 1 to 31. ● Enter the time zone in CONFIGURATION mode.
Table 43.
Table 43.
Table 43.
Table 43.
Table 43.
Table 43.
Table 43.
Table 43.
Table 43.
Table 43.
Table 43.
Table 43.
Table 43.
Table 43.
Table 43.
Table 43.
Default Not configured Command Mode EXEC Usage Information Use this command to reset the system time if the system clock is out of synch with the NTP time. The hardware-based real-clock time (RTC) resets to the new time. The new system clock setting applies immediately. Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0E(R3S). Also supported in SmartFabric mode starting in release 10.5.0.1. Example Supported Releases OS10# clock set 18:30:10 2017-01-25 10.2.
Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0E(R3S). Also supported in SmartFabric mode starting in release 10.5.0.1. Example Supported Releases OS10# show clock 2017-01-25T11:00:31.68-08:00 10.2.1E or later show clock timezone Displays the time zone that is configured in the system.
NOTE: OS10 supports both NTP server and client roles. Enable NTP NTP is disabled by default. To enable NTP, configure an NTP server where the system synchronizes. To configure multiple servers, enter the command multiple times. Multiple servers may impact CPU resources. ● Enter the IP address of the NTP server where the system synchronizes in CONFIGURATION mode.
10.16.150.185 10.16.151.123 16 1024 0 0.00000 0.000000 3.99217 OS10# show ntp associations remote local st poll reach delay offset disp ======================================================================= 10.16.150.185 10.16.151.123 16 1024 0 0.00000 0.000000 3.99217 Broadcasts Receive broadcasts of time information and set interfaces within the system to receive NTP information through broadcast. NTP is enabled on all active interfaces by default.
1. Enable NTP authentication in CONFIGURATION mode. ntp authenticate 2. Set an authentication key number and key in CONFIGURATION mode, from 1 to 65535. ntp authentication-key number hash-algorithm {0|9} key ● The number must match in the ntp trusted-key command. ● The supported hash-algorithms include md5, sha1, and sha2-256. ● The 0 specifies an unencrypted authentication key and 1 specifies an encrypted authentication key. ● The key is an encrypted string. 3.
To create this sample NTP configuration: 1. Configure the NTP server: a. Create a nondefault VRF instance and assign an interface to the VRF. OS10(conf-vrf)# exit OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(config)# interface OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(config)# ethernet 1/1/1 no switchport ip vrf forwarding red ip address 10.0.0.
OS10(conf-if-eth1/1/1)# exit OS10(config)# b. Configure the NTP server IP address on the NTP client. OS10(config)# ntp server 10.0.0.1 OS10(config)# do show running-configuration ntp ntp server 10.0.0.1 OS10(config)# c. Configure NTP in the VRF Red instance. OS10(config)# ntp enable vrf red “% Warning: NTP server/client will be disabled in default VRF and enabled on a red VRF” Do you wish to continue? (y/n): y OS10(config)# do show running-configuration ntp ntp server 10.0.0.
root delay: root dispersion: reference ID: reference time: system jitter: clock jitter: clock wander: broadcast delay: symm. auth. delay: OS10# 0.991 1015.099 10.0.0.1 dbc7b087.5d47aaa6 0.000000 0.462 0.003 -50.000 0.000 Sat, Nov 5 2016 1:12:39.364 5. Verify that the NTP server (10.0.0.1) is connected to the NTP master (11.0.0.2) running in VRF Red.
ntp authentication-key Configures the authentication key for trusted time sources. Syntax ntp authentication-key number {md5 | sha1 | sha2-256} {0 | 9} key Parameters ● ● ● ● ● ● ● Default 0 Command Mode CONFIGURATION Usage Information The authentication number must be the same as the number parameter configured in the ntp trusted-key command. Use the ntp authenticate command to enable NTP authentication. The supported values for md5, sha1, and sha2-256 are 0 and 9.
Example Supported Releases OS10(conf-if-eth1/1/7)# ntp disable 10.2.0E or later ntp enable vrf Enables NTP for the management or nondefault VRF instance. Syntax ntp enable vrf {management | vrf-name} Parameters ● management—Enter the keyword to enable NTP for the management VRF instance. ● vrf-name—Enter the keyword then the name of the VRF to enable NTP for that nondefault VRF instance.
Default Not configured Command Mode CONFIGURATION Usage Information You can configure multiple time-serving hosts. From these time-serving hosts, the system chooses one NTP host to synchronize with. To determine which server to select, use the show ntp associations command. Dell EMC recommends limiting the number of hosts you configure, as many polls to the NTP hosts can impact network performance. Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0E(R3S).
Supported Releases 10.2.0E or later show ntp associations Displays the NTP master and peers. Syntax show ntp associations [vrf {management | vrf-name}] Parameters ● management—Enter the keyword to display NTP information corresponding to the management VRF instance. ● vrf-name—Enter the keyword then the name of the VRF to display NTP information corresponding to that nondefault VRF instance.
Parameters ● status—(Optional) View the NTP status. ● management—(Optional) Enter the keywords to display NTP information corresponding to the management VRF. ● vrf-name—(Optional) Enter the keyword then the name of the VRF to display NTP information corresponding to that nondefault VRF. Default Not configured Command Mode EXEC Usage Information Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0E(R3S).
Dynamic Host Configuration Protocol Dynamic Host Configuration Protocol (DHCP) is an application layer protocol that dynamically assigns IP addresses and other configuration parameters to network end-stations, also known as hosts, based on configuration policies network administrators determine. DHCP server Network device offering configuration parameters to the client. DHCP client Network device requesting configuration parameters from the server.
DHCP Option Description ● ● ● ● ● ● 3 — DHCPREQUEST 4 — DHCPDECLINE 5 — DHCPACK 6 — DHCPNACK 7 — DHCPRELEASE 8 — DHCPINFORM Parameter request list 55 — A list of parameters that a DHCP client requires from the DHCP server.
3. Enter the subnet from which the DHCP server may assign addresses in DHCP POOL mode. The network option specifies the subnet address. The prefix-length option specifies the number of bits used for the network portion of the address, from 18 to 31. network network/prefix-length 4. Enter a range of IP addresses from the subnet specified above, which the DHCP server uses to assign addresses in DHCP mode.
Change default gateway name OS10(config)# ip dhcp server OS10(conf-dhcp)# pool Dell OS10(conf-dhcp-Dell)# default-router 20.1.1.1 Enable the DHCP server Use the ip dhcp server command to enable DHCP server-assigned dynamic addresses on an interface in CONFIGURATION mode. The DHCP server is disabled by default.
Configure NetBIOS WINS address resolution OS10(config)# ip dhcp OS10(conf-dhcp)# pool OS10(conf-dhcp-Dell)# OS10(conf-dhcp-Dell)# server Dell netbios-name-server 192.168.10.5 netbios-node-type Hybrid Manual binding entries Address binding is a mapping between the IP address and the media access control (MAC) address of a client. The DHCP server assigns the client an available IP address automatically and then creates an entry in the binding table. You can also manually create an entry for a client.
hardware-address 00:0c:29:ee:4c:f4 ! pool hostnetwork lease infinite network 100.1.1.0/24 ! pool host2 host 20.1.1.34 hardware-address 00:0c:29:aa:22:f4 View DHCP Information Use the show ip dhcp binding command to view the DHCP binding table entries. OS10# show ip dhcp binding IP Address Hardware address Lease expiration Hostname +-------------------------------------------------------------------------11.1.1.
DHCP snooping DHCP snooping is a layer 2 security feature that helps networking devices to monitor DHCP messages and block untrusted or rogue DHCP servers. When you enable DHCP snooping on a switch, it begins monitoring transactions between trusted DHCP servers and DHCP clients and uses the information to build the DHCP snooping binding table. You configure interfaces that connect to DHCP servers as trusted interfaces. All other interfaces are untrusted by default.
DHCP snooping with DHCP relay In the following topology, the DHCP snooping switch is the DHCP relay agent for DHCP clients on VLAN 100. The DHCP server is reachable on VLAN 200 through eth 1/1/2. The switch forwards the client DHCP messages to the trusted DHCP server. The switch processes DHCP packets from the DHCP server before forwarding them to DHCP clients. As the rogue server is connected to the switch to the eth 1/1/3 interface which is untrusted, the switch drops DHCP packets from that interface.
DHCP snooping in a VLT environment OS10 supports DHCP snooping in a VLT environment. DHCP snooping switches in a VLT topology synchronize DHCP snooping binding information between them. The system interprets the VLTi link between VLT peers as trusted interfaces. To configure DHCP snooping in a VLT environment: ● Enable DHCP snooping on both VLT peers. ● Configure the VLT port-channel interfaces facing the DHCP server as trusted interfaces.
Enable and configure DHCP snooping globally 1. Enable DHCP snooping globally in CONFIGURATION mode. ip dhcp snooping 2. Specify physical or port-channel interfaces that have connections towards DHCP servers as trusted in INTERFACE mode. ip dhcp snooping trust Add static DHCP snooping entry in the binding table ● Add a static DHCP snooping entry in the binding table in CONFIGURATION mode.
● Remove a static DHCP snooping entry from the binding table in CONFIGURATION mode. no ip dhcp snooping binding mac mac-address vlan vlan-id interface [ethernet slot/ port/sub-port | port-channel port-channel-id] Example for removing static DHCP snooping entry in the binding table OS10(config)# no ip dhcp snooping binding mac 00:04:96:70:8a:12 vlan 100 ip 100.1.1.
DHCP server OS10(config)# interface ethernet 1/1/1 S10(conf-if-eth1/1/1)# no shutdown OS10(conf-if-eth1/1/1)# no switchport OS10(conf-if-eth1/1/1)# ip address 10.1.1.1/24 OS10(conf-if-eth1/1/1)# exit OS10(config)# ip dhcp server OS10(config-dhcp)# no disable OS10(config-dhcp)# pool dell_server1 OS10(config-dhcp-dell_server1)# lease 0 1 0 OS10(config-dhcp-dell_server1)# network 10.1.1.0/24 OS10(config-dhcp-dell_server1)# range 10.1.1.2 10.1.1.
DHCP snooping switch as a relay agent This example uses a simple topology with a DHCP snooping switch configured as a DHCP relay agent. A DHCP server and a DHCP client are connected to the snooping switch through different VLANs. A rogue DHCP server attempts to pose as a legitimate DHCP server. With a configuration similar to the following, the DHCP snooping switch drops packets from the rogue DHCP server which is connected to an untrusted interface.
DHCP server OS10# configure terminal OS10(config)# ip dhcp server OS10(config-dhcp)# no disable OS10(config-dhcp)# pool dell_1 OS10(config-dhcp-dell_1)# network 10.1.1.0/24 OS10(config-dhcp-dell_1)# range 10.1.1.2 10.1.1.250 OS10(config-dhcp-dell_1)# exit OS10(config-dhcp)# pool dell_2 OS10(config-dhcp-dell_2)# network 10.2.1.
● Enable DHCP snooping globally. OS10(config)# ip dhcp snooping VLAN configuration ● Create a VLAN. OS10# configure terminal OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# no shutdown VLT configuration 1. Create a VLT domain and configure VLTi. OS10(config)# interface range ethernet 1/1/4-1/1/5 OS10(conf-range-eth1/1/4-1/1/5)# no switchport OS10(conf-range-eth1/1/4-1/1/5)# exit OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# discovery-interface ethernet 1/1/4-1/1/5 2. Configure a VLT MAC address.
● Create a VLAN. OS10# configure terminal OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# no shutdown VLT configuration 1. Create a VLT domain and configure VLTi. OS10(config)# interface range ethernet 1/1/4-1/1/5 OS10(conf-range-eth1/1/4-1/1/5)# no switchport OS10(conf-range-eth1/1/4-1/1/5)# exit OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# discovery-interface ethernet 1/1/4-1/1/5 2. Configure a VLT MAC address. OS10(conf-vlt-1)# vlt-mac 12:5e:23:f4:23:54 3.
The following output shows that the DHCP snooping switches (VLT peers) snooped DHCP messages. The interface column displays the local VLT port channel number. OS10# show ip dhcp snooping binding Number of entries : 1 Codes : S - Static D - Dynamic IPv4 Address MAC Address Expires(Sec) Type Interface VLAN ======================================================================================= 10.1.1.
● Create another VLAN and assign an IP address to it which can communicate with the DHCP server. OS10# configure terminal OS10(config)# interface vlan 200 OS10(conf-if-vl-200)# no shutdown OS10(conf-if-vl-200)# ip address 10.2.1.1/24 OS10(conf-if-vl-200)# exit ● Configure SW 1 as the DHCP relay agent for the clients in the VM. The IP address that you specify here is the IP address of the DHCP server OS10# configure terminal OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# ip helper-address 10.2.1.
● Enable DHCP snooping globally. OS10(config)# ip dhcp snooping VLAN configuration ● Create a VLAN and assign an IP address to it which acts as the gateway for the VMs. OS10# configure terminal OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# no shutdown OS10(conf-if-vl-100)# ip address OS10(conf-if-vl-100)# ip address 10.1.1.2/24 OS10(conf-if-vl-100)# exit ● Create another VLAN and assign an IP address to it which can communicate with the DHCP server.
OS10(conf-if-po-20)# exit OS10(config)# interface ethernet 1/1/1,1/1/6 OS10(conf-if-eth1/1/1,1/1/6)# no shutdown OS10(conf-if-eth1/1/1,1/1/6)# channel-group 20 ( Optional) Peer routing configuration ● Configure peer routing. OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# peer-routing DHCP server VLAN configuration OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# exit OS10(config)# interface vlan 200 OS10(conf-if-vl-200)# ip address 10.2.1.
DAI violation logging You can configure the system to log DAI validation failures corresponding to ARP packets. DAI violations are logged at the console if it is enabled. DAI violation logging is disabled by default. If you configure an interface as trusted, the switch interprets ARP packets that ingress the interface from hosts as legitimate packets. By default, all interfaces are in DAI untrusted state. For DAI to work, enable the DHCP snooping feature on the switch. DAI is disabled by default.
Address Hardware Address Interface VLAN -------------------------------------------------------------------10.2.1.1 00:40:50:00:00:00 port-channel100 vlan3001 10.1.1.13 00:2a:10:01:00:00 port-channel100 vlan3001 10.1.1.62 00:2a:10:01:00:01 port-channel100 vlan3001 View DAI statistics You can view valid and invalid ARP requests that the switch has received and replies that the switch has sent.
Source IP and MAC address validation This feature filters IP traffic, based on both source IP and source MAC addresses and permits traffic only from clients found in the DHCP snooping binding table. The switch compares the following in the packet to the DHCP snooping binding table: ● ● ● ● Source MAC address Source IP address The VLAN to which the client is connected The interface (physical or port channel) to which the client is connected If there is a match, the switch forwards the packet.
1. Enter a domain name corresponding to a non-default VRF instance in the CONFIGURATION mode. ip domain-name vrf vrf-name server-name 2. Add names to complete unqualified hostnames corresponding to a non-default VRF instance. ip domain-list vrf vrf-name name Configure the local system domain name and list OS10(config)# OS10(config)# OS10(config)# OS10(config)# OS10(config)# OS10(config)# ip ip ip ip ip ip domain-name domain-list domain-list domain-list domain-list domain-list ntengg.
command returns the value to the default. The client-facing and server-facing interfaces must be in the same VRF. Example (IPv4) Supported Releases OS10(config)# interface eth 1/1/22 OS10(conf-if-eth1/1/22)# ip helper-address 20.1.1.1 vrf blue 10.2.0E or later ipv6 helper-address Configures a DHCPv6 server address.
disable Disables the DHCP server. Syntax disable Parameters None Default Disabled Command Mode DHCP Usage Information The no version of this command enables the DHCP server. Example Supported Releases OS10(conf-dhcp)# no disable 10.2.0E or later domain-name Configures the name of the domain where the device is located. Syntax domain-name domain-name Parameters domain-name — Enter the name of the domain with a maximum of 32 characters.
hardware-address Configures the client's hardware address for manual configurations. Syntax hardware-address nn:nn:nn:nn:nn:nn Parameters nn:nn:nn:nn:nn:nn — Enter the 48-bit hardware address. Default Not configured Command Mode DHCP-POOL Usage Information The client hardware address is the MAC address of the client machine used for manual address binding. Example Supported Releases OS10(conf-dhcp-static)# hardware-address 00:01:e8:8c:4d:0a 10.2.
lease Configures a lease time for the IP addresses in a pool. Syntax lease {infinite | days [hours] [minutes]} Parameters ● ● ● ● Default 24 hours Command Mode DHCP-POOL Usage Information The no version of this command removes the lease configuration. Example Example (Infinite) Supported Releases infinite — Enter the keyword to configure a lease that never expires. days — Enter the number of lease days, from 0 to 31. hours — Enter the number of lease hours, from 0 to 23.
Usage Information Example Supported Releases The no version of this command resets the value to the default. OS10(conf-dhcp-Dell)# netbios-node-type h-node 10.2.0E or later network Configures a range of IPv4 or IPv6 addresses in the address pool. Syntax network address/mask Parameters address/mask — Enter a range of IP addresses and subnet mask in A.B.C.D/x or A::B/x format.
Usage Information Example Supported Releases Use the range command to configure a range of IP addresses that the OS10 switch, acting as the DHCP server, can assign to DHCP clients. The no version of this command requires only the first IP address to remove the range configuration. OS10(config)# OS10(config)# ip dhcp server OS10(config-dhcp)# pool pool1 OS10(config-dhcp-pool1)# network 192.168.10.0/24 OS10(config-dhcp-pool1)# range 192.168.10.2 192.168.10.8 10.4.
arp inspection-trust Configures a port as trusted so that ARP frames are not validated against the DAI database. Syntax arp inspection-trust Parameters None Defaults All interfaces are untrusted Command Mode INTERFACE Usage Information NOTE: Dell EMC Networking recommends configuring the arp inspection-trust command on the DHCP snooping trusted interfaces when DAI is enabled for a VLAN. This command is accessible to users with sysadmin and secadmin roles.
clear ip dhcp snooping binding Clears the dynamic entries in the DHCP snooping binding table. Syntax clear ip dhcp snooping binding [mac mac-address] [vlan vlan-id] [interface {ethernetslot/port/sub-port> | port-channel port-channel-id}] Parameters ● mac mac-address—Enter the MAC address of the host to which the server is leasing the IP address. ● vlan vlan-id—Enter the VLAN ID. The range is from 1 to 4093. ● interface type—Enter the interface type information.
ip dhcp snooping (interface) Enables DHCP snooping on a VLAN. Syntax ip dhcp snooping Parameters None Defaults Enabled if enabled globally Command Mode INTERFACE VLAN Usage Information When you enable this feature, the switch begins to monitor all transactions between DHCP servers and DHCP clients and use the information to build the DHCP snooping binding table.
ip dhcp snooping trust Configures an interface as trusted in a DHCP snooping enabled VLAN. Syntax ip dhcp snooping trust Parameters None Defaults Untrusted Command Mode INTERFACE Usage Information This command configures a physical or port channel interface as trusted. By default all physical and port channel interfaces in the DHCP snooping enabled VLAN are untrusted. You can configure a DHCP server-facing physical or port channel interface as trusted.
-----------------------------------------------------------------------55.2.1.1 00:40:50:00:00:00 port-channel100 vlan3001 200.1.1.134 00:2a:10:01:00:00 port-channel100 vlan3001 200.1.1.62 00:2a:10:01:00:01 port-channel100 vlan3001 Supported Releases 10.5.0 or later show ip arp inspection statistics Displays valid and invalid ARP requests and reply statistics. Syntax show ip arp inspection statistics [vlan vlan-id] Parameters ● vlan vlan-id—Enter the VLAN ID. The range is from 1 to 4093.
Command Mode EXEC Usage Information The dynamically learned entries are displayed as D and statically configured entries are displayed as S. Example OS10# show ip dhcp snooping binding Codes : S - Static D – Dynamic IPv4 Address MAC Address Expires(Sec) Type Interface VLAN ========================================================================= 10.1.1.22 11:22:11:22:11:22 120331 S ethernet1/1/4 100 10.1.1.44 11:22:11:22:11:23 120331 S port-channel100 200 10.1.1.
Usage Information Example Supported Releases This domain appends to incomplete DNS requests. The no version of this command returns the value to the default. OS10(config)# ip domain-name vrf jay dell.com 10.2.0E or later ip host Configures mapping between the hostname server and the IP address. Syntax ip host [vrf vrf-name] [host-name] address Parameters ● vrf vrf-name — (Optional) Enter vrf and then the name of the VRF to configure the name server to IP address mapping for that VRF.
show hosts Displays the host table and DNS configuration. Syntax show hosts [vrf vrf-name] Parameters vrf vrf-name — Enter vrf then the name of the VRF to display DNS host information corresponding to that VRF. Default Not configured Command Mode EXEC Usage Information None Example Supported Releases OS10# show hosts Default Domain Name : dell.com Domain List : abc.com Name Servers : 1.1.1.
10 Interfaces You can configure and monitor physical interfaces (Ethernet), port-channels, and virtual local area networks (VLANs) in Layer 2 (L2) or Layer 3 (L3) modes. Table 44.
Figure 1. S4148U-ON unified port groups MX9116n Fabric Switching Engine On the MX9116n Fabric Switching Engine module: ● QSFP28-DD port groups 1 to 12 operate only in Ethernet mode. For more information, see Double-density QSFP28 interfaces on page 311. ● QSFP28 port groups 13 and 14 operate in Ethernet 1x100GE mode by default. ● Unified port groups 15 and 16 operate in Ethernet 1x100GE mode by default, and support Fibre Channel and other Ethernet modes.
OS10(conf-pg-1/1/13)# exit OS10(config)# interface ethernet 1/1/41:1 OS10(conf-if-eth1/1/41:1)# View Ethernet unified port interface OS10(config)# interface ethernet 1/1/41 OS10(conf-if-eth1/1/41:1)# show configuration ! interface ethernet1/1/41:1 no shutdown Z9264F-ON port-group profiles On the Z9264F-ON switch, the port-group profiles determine the available front-panel Ethernet ports and supported breakout interfaces. QSFP28 ports operate only in Ethernet mode.
2. Configure the restricted profile in PORT-GROUP mode. This command applies only to the odd-numbered port within the port group, and disables the even-numbered port in the port group. profile restricted 3. Configure the port mode for the odd numbered port within the port group. port node/slot/port mode Eth port-mode ● 100g-1x — Reset a port to 100GE mode. ● 40g-1x — Set a port to 40GE mode for use with a QSFP+ 40GE transceiver. ● 25g-4x — Split a port into four 25GE interfaces.
Table 45.
Table 46.
Table 47.
The following shows the supported port groups and breakout modes on the S5296F-ON switch: OS10# show port-group Port-group port-group1/1/1 port-group1/1/2 port-group1/1/3 port-group1/1/4 port-group1/1/5 port-group1/1/6 port-group1/1/7 port-group1/1/8 port-group1/1/9 port-group1/1/10 port-group1/1/11 port-group1/1/12 port-group1/1/13 port-group1/1/14 port-group1/1/15 port-group1/1/16 port-group1/1/17 port-group1/1/18 port-group1/1/19 port-group1/1/20 port-group1/1/21 port-group1/1/22 port-group1/1/23 port-gr
Table 48.
Table 48. Port groups and breakout modes on the S5296F-ON switch Port Group Ports Supported breakout modes ● ● ● ● 50g-2x 40g-1x 25g-4x 10g-4x Port-group1/1/29 101 ● ● ● ● ● 100g-1x 50g-2x 40g-1x 25g-4x 10g-4x Port-group1/1/30 102 ● ● ● ● ● 100g-1x 50g-2x 40g-1x 25g-4x 10g-4x Port-group1/1/31 103 ● ● ● ● ● 100g-1x 50g-2x 40g-1x 25g-4x 10g-4x Port-group1/1/32 104 ● ● ● ● ● 100g-1x 50g-2x 40g-1x 25g-4x 10g-4x To configure breakout modes: 1. Configure a port group in CONFIGURATION mode.
The following shows converting a port group from 25g-4x mode to 10g-4x mode: OS10# configure terminal OS10(config)# port-group 1/1/1 OS10(conf-pg-1/1/1)# mode Eth 10g-4x OS10(conf-pg-1/1/1)# exit OS10(config)# interface ethernet 1/1/1:1 OS10(conf-if-eth1/1/1:1)# speed 1000 Set speed to 1000 Mbps 10000 Set speed to 10000 Mbps auto Automatic Settings (default) OS10(conf-if-eth1/1/1:1)# speed 1000 L2 mode configuration Each physical Ethernet interface uses a unique MAC address.
2. Configure L3 routing in INTERFACE mode. Add secondary to configure backup IP addresses. ip address address [secondary] 3. Enable the interface for L3 traffic transmission in INTERFACE mode. no shutdown L3 interface configuration OS10(config)# interface OS10(conf-if-eth1/1/9)# OS10(conf-if-eth1/1/9)# OS10(conf-if-eth1/1/9)# ethernet 1/1/9 no switchport ip address 10.10.1.92/24 no shutdown View L3 configuration error OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ip address 1.1.1.
2. Activate the unified port group for FC operation in PORT-GROUP mode. The available FC modes depend on the switch. mode fc {32g-4x | 32g-2x | 32g-1x | 16g-4x} ● ● ● ● 16g-4x — Split a unified port group 32g-1x — Split a unified port group 32g-2x — Split a unified port group 32g-4x — Split a unified port group 25G. 3. Return to CONFIGURATION mode. into into into into four 16 GFC interfaces. one 32 GFC interface. A 1x-32G interface has a rate limit of 28G. two 32 GFC interfaces. four 32 GFC interfaces.
33 frames, 2344 bytes 0 class 2 frames, 33 class 3 frames 0 BB credit 0, 0 oversize frames 6356027325 total errors Rate Info: Input 116 bytes/sec, 1 frames/sec, 0% of line rate Output 78 bytes/sec, 1 frames/sec, 0% of line rate Time since last interface status change: 00:00:24 Configuring wavelength You can configure optical transmission wavelength values for SPF+ optics. This configuration enables you to fine tune the laser wavelengths and frequencies up to two decimal places in the nanometer scale.
OS10(conf-if-ma-1/1/1)# ip address 10.1.1.10/24 OS10(conf-if-ma-1/1/1)# no shutdown Management interface For management connectivity, use the management VLAN. VLAN 4020 is the default management VLAN and is enabled by default. The mgmt1/1/1 port is part of VLAN 4020. You cannot configure gateway addresses, IP addresses, and proxy ARPs on the management interface. VLAN interfaces VLANs are logical interfaces and are, by default, in L2 mode. Physical interfaces and port-channels can be members of VLANs.
OS10(config)# do show vlan Codes: * - Default VLAN, M - Management VLAN, R - Remote Port Mirroring VLANs Q: A - Access (Untagged), T - Tagged NUM Status Description Q Ports 1 down * 10 up A Eth1/1/1-1/1/25,1/1/29,1/1/31-1/1/54 VLAN scale profile When you scale the number of VLANs on a switch, use the VLAN scale profile. VLAN scale profile consumes less memory. Enable the scale profile before you configure VLANs on the switch.
● Enter the Loopback interface number to view the configuration in EXEC mode. show interface loopback number ● Enter the Loopback interface number to delete a Loopback interface in CONFIGURATION mode. no interface loopback number View Loopback interface OS10# show interface loopback 4 Loopback 4 is up, line protocol is up Hardware is unknown. Interface index is 102863300 Internet address is 120.120.120.
Create port-channel OS10(config)# interface port-channel 10 Add port member When you add an interface to a port-channel: ● The administrative status applies to the port-channel. ● The port-channel configuration is applied to the member interfaces. ● A port-channel operates in either L2 (default) or L3 mode. To place a port-channel in L2 mode, use the switchport mode command. To place a port-channel in L3 mode and remove L2 configuration before you configure an IP address, use the no switchport command.
For the port channel to go down operationally on both sides when the minimum links criteria is not met, you must configure minimum links on both sides of the port channel. Enter the number of links in a LAG that must be in oper up status in PORT-CHANNEL mode, from 1 to 32, default 1.
● Select one or more methods of load balancing and replace the default IP 4-tuple method of balancing traffic over a port-channel in CONFIGURATION mode. OS10(config)# load-balancing ingress-port Ingress port configurations tcp-udp-selection TCP-UDP port for load-balancing configurations ip-selection IPV4 load-balancing configurations ipv6-selection IPV6 load-balancing configurations mac-selection MAC load-balancing configurations ○ ingress-port [enable] — Enables the ingress port configuration.
View the configuration OS10(conf-range-eth1/1/1-1/1/5)# show configuration ! interface ethernet1/1/1 no shutdown switchport access vlan 1 ! interface ethernet1/1/2 no shutdown switchport access vlan 1 ! interface ethernet1/1/3 no shutdown switchport access vlan 1 ! interface ethernet1/1/4 no shutdown switchport access vlan 1 ! interface ethernet1/1/5 no shutdown switchport access vlan 1 Configure range of VLANs OS10(config)# interface range vlan 1-100 OS10(conf-range-vl-1-100)# Configure range of port chann
NOTE: After you change the switch-port profile, do not immediately back up and restore the startup file without using the write memory command and reloading the switch using the reload command. Otherwise, the new profile does not take effect.
1GE mode: 1GE is supported only on SFP+ ports; 1GE is not supported on QSFP+ and QSFP28 ports 25-26. Breakout interfaces: Use the interface breakout command in Configuration mode to configure 4x10G, 4x25G, and 2x50G breakout interfaces. To view the ports that belong to each port group, use the show port-group command. S4148U-ON port profiles S4148U-ON port profiles determine the available front-panel unified and Ethernet ports and supported breakout interfaces.
● QSFP28 ports in 2x16GFC mode support 32GFC oversubscription. SFP+ port groups in 2x16GFC mode do not support 32GFC oversubscription. 2x16GFC mode activates subports 1 and 3. ● QSFP28 ports in 4x16GFC mode support 32GFC oversubscription. Breakout interfaces: ● To configure breakout interfaces on a unified port, use the mode {FC | Eth} command in Port-Group Configuration mode. The mode {FC | Eth} command configures a unified port to operate at line rate and guarantees no traffic loss.
! interface ethernet1/1/50 no shutdown switchport access vlan 1 flowcontrol receive on OS10(conf-if-eth1/1/50)# do show interface ethernet 1/1/50 Ethernet 1/1/50 is up, line protocol is up Hardware is Eth, address is e4:f0:04:3e:2d:86 Current address is e4:f0:04:3e:2d:86 Pluggable media present, QSFP28 type is QSFP28 100GBASE-CR4-2.
Breakout auto-configuration You can globally enable front-panel Ethernet ports to automatically detect SFP pluggable media in a QSFP+ or QSFP28 port. The port autoconfigures breakout interfaces for media type and speed. For example, if you plug a 40G direct attach cable (DAC) with 4x10G far-side transceivers into a QSFP28 port, the port autoconfigures in 10g-4x Interface-breakout mode. RJ-45 ports and ports that are members of a port group do not support breakout auto-configuration.
1. From CONFIGURATION mode, enter INTERFACE mode and view the currently configured settings. interface {ethernet | fibrechannel} node/slot/port[:subport] show config 2. Return to CONFIGURATION mode. exit 3. Reset an interface to its default configuration in CONFIGURATION mode. Enter multiple interfaces in a comma-separated string or a port range using the default interface range command. default interface {ethernet | fibrechannel} node/slot/port[:subport] 4.
interface fibrechannel1/1/1 shutdown Forward error correction Forward error correction (FEC) enhances data reliability. FEC modes supported in OS10: ● ● ● ● CL74-FC — Supports 25G and 50G CL91-RS — Supports 100G CL108-RS — Supports 25G and 50G off — Disables FEC NOTE: OS10 does not support FEC on 10G and 40G. By default, FEC is enabled in SmartFabric Services mode.
An Ethernet link consumes power when a link is idle. EEE allows Ethernet links to use Regular Power mode only during data transmission. EEE is enabled on devices that support LOW POWER IDLE (LPI) mode. Such devices save power by entering LPI mode during periods when no data is transmitting. In LPI mode, systems on both ends of the link saves power by shutting down certain services. EEE transitions into and out of LPI mode transparently to upper-layer protocols and applications.
View EEE status for a specified interface OS10# show interface ethernet 1/1/48 eee Port EEE Status Speed Duplex --------------------------------------------Eth 1/1/48 on up 1000M View EEE status on all interfaces OS10# show interface eee Port EEE Status Speed Duplex --------------------------------------------Eth 1/1/1 off up 1000M ...
Example Supported Releases OS10# clear counters interface eee Clear all eee counters [confirm yes/no]:yes 10.3.0E or later clear counters interface ethernet eee Clears EEE counters on a specified Ethernet interface. Syntax clear counters interface ethernet node/slot/port[:subport] eee Parameters node/slot/port[:subport]—Enter the interface information.
Example OS10# show interface eee Port EEE Status Speed Duplex --------------------------------------------Eth 1/1/1 off up 1000M ... Eth 1/1/47 on up 1000M Eth 1/1/48 on up 1000M Eth 1/1/49 n/a Eth 1/1/50 n/a Eth 1/1/51 n/a Eth 1/1/52 n/a Supported Releases 10.3.0E or later show interface eee statistics Displays EEE statistics for all interfaces.
show interface ethernet eee statistics Displays EEE statistics for a specified interface. Syntax show interface ethernet node/slot/port[:subport] eee statistics Parameters node/slot/port[:subport]—Enter the interface information.
0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts, 0 Unicasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output statistics: 0 packets, 0 octets 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts, 0 Unicasts 0 throttles, 0 discarded, 0 Collisions, 0 wred drops Rate Info(interval 30 seconds): Input 0 Mbits/sec, 0 packets/sec, 0% of line rate Output 0
View running configuration OS10# show running-configuration Current Configuration ... ! interface ethernet1/1/1 no ip address shutdown ! interface ethernet1/1/2 no ip address shutdown ! interface ethernet1/1/3 no ip address shutdown ! interface ethernet1/1/4 no ip address shutdown ...
1 10 20 22 23 24 25 26 27 28 29 30 Inactive Inactive Inactive Inactive Active Inactive Inactive Inactive Inactive Inactive Inactive Inactive A Eth1/1/1,1/1/6-1/1/32 A Eth1/1/2 Digital optical monitoring The digital optical monitoring (DOM) feature monitors the digital optical media for temperature, voltage, bias, transmission power (Tx), and reception power (Rx). This feature also generates event logs, alarms, and traps for any fluctuations, when configured thresholds are reached.
Table 49. DOM Alarms Alarm Category Alarm Name Traps Generated? Severity Level Power reception (Rx) Rx high Y Major Rx high warning N Minor Rx low Y Major Rx low warning N Minor You can enable or disable the DOM feature, configure traps, and view the DOM status. Enable DOM and DOM traps To generate DOM alarms, do the following. 1. Enable DOM. OS10(config)# dom enable 2. Enable DOM traps.
INTEGER: 1 iso.3.6.1.4.1.674.11000.5000.100.4.1.3.2.2 = STRING: "SET media 1/1/21 high threshold crossed, 82.00:78.00" 2018-08-21 17:38:18 [UDP: [10.11.56.49]:48521->[10.11.86.108]:162]: iso.3.6.1.2.1.1.3.0 = Timeticks: (1) 0:00:00.01 iso.3.6.1.6.3.1.1.4.1.0 = OID: iso.3.6.1.4.1.674.11000.5000.100.4.1.3.1.19 iso.3.6.1.4.1.674.11000.5000.100.4.1.3.2.3 = INTEGER: 1 iso.3.6.1.4.1.674.11000.5000.100.4.1.3.2.1 = INTEGER: 1081397 iso.3.6.1.4.1.674.11000.5000.100.4.1.3.2.4 = INTEGER: 1 iso.3.6.1.4.1.
0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts, 0 Unicasts 0 throttles, 0 discarded, 0 Collisions, wred drops Rate Info(interval seconds): Input 0 Mbits/sec, 0 packets/sec, 0% of line rate Output 0 Mbits/sec, 0 packets/sec, 0% of line rate Time since last interface status change: 20:45:25 OS10# configure terminal OS10(config)# default mtu 9000 OS10(config)# Interface commands channel-group Assigns an interface to a port-channel group.
The default interface command removes all software settings and all L3, VLAN, and port-channel configurations on a physical interface. You must manually remove configured links to the interface from other software features; for example, if you configure an Ethernet interface as a discovery interface in a VLT domain. Enter multiple interfaces in a comma-separated string or a port range using the default interface range command. There is no undo for this command. The no version of the command has no effect.
ip address 192.28.43.1/31 ipv6 address 2000:28:43::28:43:1/127 ! interface ethernet1/1/4 no shutdown no switchport ip address 192.41.43.1/31 ipv6 address 2000:41:43::41:43:1/127 OS10(conf-range-eth1/1/1-1/1/4)# exit OS10(config)# default interface range ethernet 1/1/1,1/1/2-1/1/4 Proceed to cleanup interface range config? [confirm yes/no]:yes Mar 5 22:21:12 OS10 dn_l3_core_services[590]: Node.1-Unit.1:PRI:notice [os10:trap], %Dell EMC (OS10) %log-notice:IP_ADDRESS_DEL: IP Address delete is successful.
Command Mode CONFIGURATION Usage Information By default, VLAN1 serves as the default VLAN for switching untagged L2 traffic on OS10 ports in Trunk or Access mode. If you use VLAN1 for network-specific data traffic, reconfigure the VLAN ID of the default VLAN. The command reconfigures the access VLAN ID, the default VLAN, of all ports in Switchport Acess mode. Ensure that the VLAN ID exists before configuring it as the default VLAN.
duplex Configures Duplex mode on the Management port. Syntax duplex {full | half | auto} Parameters ● full — Set the physical interface to transmit in both directions. ● half — Set the physical interface to transmit in only one direction. ● auto — Set the port to auto-negotiate speed with a connected device. Defaults Not configured Command Mode CONFIGURATION Usage Information You can only use this command on the Management port.
Example OS10# configure terminal OS10(config)# snmp-server enable traps dom temperature OS10# configure terminal OS10(config)# no snmp-server enable traps dom temperature Supported Releases 10.4.3.0 or later feature auto-breakout Enables front-panel Ethernet ports to automatically detect SFP media and autoconfigure breakout interfaces.
interface breakout Splits a front-panel Ethernet port into multiple breakout interfaces. Syntax interface breakout node/slot/port map {100g-1x | 50g-2x |40g-1x | 25g-4x | 10g-4x | 25g-4x} Parameters ● ● ● ● ● ● Default Not configured Command Mode CONFIGURATION Usage Information ● Each breakout interface operates at the configured speed; for example, 10G, 25G, or 50G. ● The no interface breakout node/slot/port command resets a port to its default speed: 40G or 100G.
Parameters id — Enter the Loopback interface ID number, from 0 to 16383. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes the Loopback interface. Example Supported Releases OS10(config)# interface loopback 100 OS10(conf-if-lo-100)# 10.2.0E or later interface mgmt Configures the Management port. Syntax interface mgmt node/slot/port Parameters node/slot/port — Enter the physical port interface information for the Management interface.
Parameters channel-id — Enter the port-channel ID number, from 1 to 128. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes the interface. Example Supported Releases OS10(config)# interface port-channel 10 OS10(conf-if-po-10)# 10.2.0E or later interface range Configures a range of Ethernet, port-channel, or VLAN interfaces for bulk configuration. Syntax interface range {ethernet node/slot/port[:subport]-node/slot/ port[:subport],[...
Usage Information FTP, TFTP, MAC ACLs, and SNMP operations are not supported. IP ACLs are supported on VLANs only. The no version of this command deletes the interface. NOTE: In SmartFabric Services mode, creation of VLAN is disabled. Example Supported Releases OS10(config)# interface vlan 10 OS10(conf-if-vl-10)# 10.2.0E or later link-bundle-utilization Configures link-bundle utilization.
MX9116n Fabric Switching Engine: ● ● ● ● QSFP28-DD port groups 1 to 9 operate in 8x25GE fabric-expander mode (FEM). QSFP28-DD port groups 10 to 12 operate in 2x100GE mode. QSFP28 port groups 13 and 14 operate in 1x100GE mode. Unified port groups 15 and 16 operate in ethernet 1x100GE mode. Command Mode PORT-GROUP Usage Information ● The mode {FC | Eth} command configures a port group to operate at line rate and guarantees no traffic loss.
Usage Information To return to the default MTU value, use the no mtu command. If an IP packet includes a L2 header, the IP MTU must be at least 32 bytes smaller than the L2 MTU. ● Port-channels ○ All members must have the same link MTU value and the same IP MTU value. ○ The port channel link MTU and IP MTU must be less than or equal to the link MTU and IP MTU values you configure on the channel members.
interface ethernet1/1/50 no shutdown switchport access vlan 1 negotiation on flowcontrol receive on OS10(conf-if-eth1/1/50)# negotiation auto OS10(conf-if-eth1/1/50)# show configuration ! interface ethernet1/1/50 no shutdown switchport access vlan 1 flowcontrol receive on OS10(conf-if-eth1/1/50)# OS10(conf-if-eth1/1/50)# negotiation on OS10(conf-if-eth1/1/50)# show configuration ! interface ethernet1/1/50 no shutdown switchport access vlan 1 negotiation on flowcontrol receive on OS10(conf-if-eth1/1/50)# no
● On the S4148U-ON platform, ensure that you use the same breakout mode as you have configured on the peer interface. For example, if you have explicitly configured the interface on the peer device as 10g-4x, use the same configuration on your switch. Example Supported releases OS10(config)# port-group 1/1/2 OS10(conf-pg-1/1/2)# profile restricted OS10(conf-pg-1/1/2)# port 1/1/3 mode Eth 25g-4x OS10(conf-pg-1/1/2)# exit OS10(config)# interface ethernet 1/1/3:2 OS10(conf-if-eth1/1/3:2)# 10.4.3.
Default Unrestricted Command mode PORT-GROUP Usage information Enter the profile command to configure breakout interfaces. Use the port command to specify the speed. The Z9264F-ON switch has a total of 64 physical ports and can support a maximum of 128 logical ports. To view the ports that belong to a port group, use the show port-group command. Example Supported releases OS10(config)# port-group 1/1/2 OS10(conf-pg-1/1/2)# profile restricted 10.4.3.
Virtualtag service-tag Slot-Id -------------------------------------------------------------------------403RPK2 MX7116n Fabric 1 SKY003Q A2 1/1/2 71 Expander Module Supported Releases 10.4.0E(R3S) or later show interface Displays interface information. Syntax show interface [type] Parameters interface type — Enter the interface type: ● phy-eth node/slot/port[:subport] — Display information about physical ports connected to the interface. ● status — Display interface status.
0 throttles, 0 discarded, 0 Collisions, 0 wreddrops Rate Info(interval 299 seconds): Input 0 Mbits/sec, 0 packets/sec, 0% of line rate Output 0 Mbits/sec, 0 packets/sec, 0% of line rate Time since last interface status change: 3 weeks 1 day 20:30:38 --more-Example (port channel) OS10# show interface port-channel 1 Port-channel 1 is up, line protocol is down Address is 90:b1:1c:f4:a5:8c, Current address is 90:b1:1c:f4:a5:8c Interface index is 85886081 Internet address is not set Mode of IPv4 Address Assignm
Usage Information Example None. OS10# show interface phy-eth 1/1/14 transceiver | grep "Tunable wavelength" SFP1/1/14 Tunable wavelength= 1530.000nm Supported Releases 10.4.2E or later show inventory media Displays installed media in switch ports. Syntax show inventory media Parameters None Command Mode EXEC Usage Information Use the show inventory media command to verify the media type inserted in a port.
1/1/5 1/1/6 1/1/7 1/1/8 1/1/9 1/1/10 1/1/11 1/1/12 1/1/13 1/1/14 1/1/15 1/1/16 Example: MX5108n Ethernet switch Supported Releases FIXED FIXED FIXED FIXED FIXED FIXED FIXED FIXED FIXED FIXED FIXED FIXED INTERNAL INTERNAL INTERNAL INTERNAL INTERNAL INTERNAL INTERNAL INTERNAL INTERNAL INTERNAL INTERNAL INTERNAL OS10# show inventory media ---------------------------------------------------------System Inventory Media ---------------------------------------------------------Node/Slot/Port Category Media Ser
Usage Information Example None OS10(conf-if-eth1/1/4)# do show port-channel summary Flags: D - Down I - member up but inactive P - member up and active U - Up (port-channel) Group Port-Channel Type Protocol Member Ports 22 port-channel22 (U) Eth STATIC 1/1/2(D) 1/1/3(P) 23 port-channel23 (D) Eth DYNAMIC 1/1/4(I) Example (Interface) OS10(conf-range-eth1/1/10-1/1/11,1/1/13,1/1/14)# do show port-channel summary Flags: D - Down U - member up but inactive P - member up and active U - Up (port-channel) Group
Example: MX9116n Fabric Engine Example: Z9264F-ON Supported Releases OS10(config)# show Port-group port-group1/1/1 port-group1/1/2 port-group1/1/3 port-group1/1/4 port-group1/1/5 port-group1/1/6 port-group1/1/7 port-group1/1/8 port-group1/1/9 port-group1/1/10 port-group1/1/11 port-group1/1/12 port-group1/1/13 port-group1/1/14 port-group1/1/15 port-group1/1/16 port-group Mode Eth 25g-8x Eth 25g-8x Eth 25g-8x Eth 25g-8x Eth 25g-8x Eth 25g-8x Eth 25g-8x Eth 25g-8x Eth 25g-8x Eth 100g-2x Eth 100g-2x Eth 100
profile-3 profile-4 profile-5 profile-6 Supported Releases 10.3.1E or later show system Displays the status of the DOM feature, whether it is enabled or disabled.
Example OS10# show unit-provision Node ID | Unit ID | Provision Name | Discovered Name | State | --------+---------+----------------+-----------------+-------| 1 | 71 | | | | 1 | 72 | | | | 1 | 73 | | | | 1 | 74 | | | | 1 | 75 | | | | 1 | 76 | | | | 1 | 77 | | | | 1 | 78 | 403RPK2 | 403RPK2 | up | 1 | 79 | | | | 1 | 80 | | | | 1 | 81 | | | | 1 | 82 | | | | Supported Releases 10.4.0E(R3S) or later show vlan Displays the current VLAN configuration.
Example Supported Releases OS10(config)# interface ethernet 1/1/7 OS10(conf-if-eth1/1/7)# no shutdown 10.2.0E or later speed (Fibre Channel) Configures the transmission speed of a Fibre Channel interface. Syntax speed {8 | 16 | 32 | auto} Parameters Set the speed of a Fibre Channel interface to: ● 8 — 8GFC ● 16 — 16GFC ● 32 — 32GFC ● auto — Set the port speed to the speed of the installed media.
Supported Releases 10.3.0E or later switch-port-profile Configures a port profile on the switch. The port profile determines the available front-panel ports and breakout modes. Syntax switch-port-profile node/unit profile Parameters ● node/unit — Enter switch information. For a standalone switch, enter 1/1. ● profile — Enter the name of a platform-specific profile.
○ profile-2 — SFP+ unified ports (1-24), QSFP28 unified ports (25-26 and 29-30), QSFP+ Ethernet ports (27-28), and SFP+ Ethernet ports (31-54) are enabled. ■ SFP+ unified ports operate in Ethernet 10GE mode by default. SFP+ unified port groups support 4x8GFC and 2x16GFC breakouts (ports 1 and 3) in FC mode. ■ QSFP28 unified ports 25 and 29 operate in Ethernet 100GE mode by default, and support 40GE with QSFP+ transceivers and 4x10G breakouts.
Default VLAN 1 Command Mode INTERFACE Usage Information This command enables L2 switching for untagged traffic and assigns a port interface to default VLAN1. Use this command to change the assignment of the access VLAN that carries untagged traffic. You must create the VLAN before you can assign an access interface to it. The no version of this command resets access VLAN membership on a L2 access or trunk port to VLAN 1.
Example OS10(conf-if-eth1/1/2)# switchport trunk allowed vlan 1000 OS10(conf-if-eth1/1/2)# no switchport trunk allowed vlan 1000 Supported Releases 10.2.0E or later unit-provision Provisions the unit ID of a Fabric Expander attached to an MX9116n Fabric Switching Engine in Full Switch mode. Syntax unit-provision node/unit-id provision_name Parameters ● node/unit-id — Enter 1 for node with an unassigned unit ID displayed in the show unitprovision output.
default mtu Configures the default MTU at system level. Syntax default mtu Parameters None Defaults 1532 Command Mode CONFIGURATION Usage Information The interface-level MTU may be different from the system-level MTU. The no version of this command resets the MTU value to the default value. Example OS10# default mtu 9216 OS10# no default mtu Supported Releases 10.3.1E or later show default mtu Display the default MTU at system level.
11 PowerEdge MX Ethernet I/O modules The Dell EMC PowerEdge MX7000 supports the following Ethernet modules: MX9116n Fabric Switching Engine, MX7116n Fabric Expander Module, and MX5108n Ethernet Switch. For detailed information, see the Dell EMC PowerEdge MX7000 documentation. ● The MX9116n Fabric Switching Engine is a scalable L2/L3 switch designed that provides high-bandwidth, low-latency 25GE networking; for example, in private cloud and software-defined storage (SDS) networks.
● View the physical topology. ● Use power control. SmartFabric mode In SmartFabric mode, the PowerEdge MX switches operate as Layer 2 I/O aggregation devices. The OpenManage Enterprise Modular interface supports most switch configuration settings. Use SmartFabric mode to configure your switch. SmartFabric mode supports all OS10 show commands and the following subset of CLI configuration commands: Other CLI configuration commands are not available. ● clock — Configure clock parameters.
Changing operating modes To switch an MX9116n Fabric Switching Engine or MX5108n Ethernet Switch between Full Switch and SmartFabric modes, use the OpenManage Enterprise - Modular interface to create a new fabric. Full Switch to SmartFabric mode All Full Switch CLI configuration changes are deleted except for the subset of supported configuration commands that you can also enter and save in SmartFabric mode (see Operating modes).
QSFP28-DD Ethernet interfaces support Fabric Expander mode (FEM) and native Ethernet mode. ● In FEM mode, an 8x25GE interface connects only to an attached Fabric Expander using supported cables. ● In native Ethernet mode, an interface connects to an upstream switch, rack server, or other Ethernet device. By default, QSFP28-DD port groups 1 to 9 are configured in FEM mode with 8x25GE breakout interfaces enabled.
Configure QSFP28-DD interface OS10(config)# port-group 1/1/7 OS10(conf-pg-1/1/7)# mode Eth 25g-8x OS10(conf-pg-1/1/7)# exit OS10(config)# interface ethernet 1/1/29:4 OS10(conf-if-eth-1/1/29:4)# View QSFP28-DD interface OS10(config)# interface ethernet 1/1/29:4 OS10(conf-if-eth1/1/29:4)# show configuration ! interface ethernet1/1/29:4 no shutdown View QSFP28-DD port groups and default modes OS10# show port-group Port-group Mode port-group1/1/1 Eth 25g-8x port-group1/1/2 Eth 25g-8x port-group1/1/3 Eth 25g-8x
Virtual ports A virtual port is a logical OS10 port that connects to a downstream server and has no physical hardware location on the switch. Virtual ports are created when an MX9116n Fabric Switching Engine onboards an MX7116n Fabric Expander Module. The onboarding process consists of discovery and configuration. Fabric Expander discovery A Fabric Expander functions as an unmanaged Ethernet repeater with sixteen 25GE server-facing ports and two QSFP28-DD uplink ports.
3. Configure the unit ID for the service tag (provision name) of the Fabric Expander in CONFIGURATION mode. OS10(config)# unit-provision node/unit-id provision_name ● node/unit-id — Enter 1 for node with an unassigned unit ID from the show unit-provision output. ● provision_name — Enter the service tag of the Fabric Expander from the Service-tag field in the show discovered-expanders output. 4. Verify the discovered Fabric Expander and its virtual slot ID in EXEC mode.
5. Verify the virtual ports on the Fabric Expander that are up and connected to servers in CONFIGURATION mode. Unit IDs 71 to 82 are used as virtual slot numbers 1/71 to 1/82 on the Fabric Expander. OS10# show interface status 6. Configure a Fabric Expander virtual port to transmit server traffic in CONFIGURATION mode. OS10# interface ethernet node/virtual-slot/port ● node is 1 for a Fabric Expander. ● virtual-slot is the unit ID number assigned to the Fabric Expander, from 71 to 82.
For information about how to configure QSFP28-DD port groups 1 to 12 to operate in Ethernet mode, see Double-density QSFP28 interfaces. For information about how to configure unified port groups 15 and 16 to operate in Ethernet or Fibre Channel mode, see Unified port groups. Figure 6. MX9116n Fabric Switching Engine — QSFP28 port groups 1. To configure a QSFP28 port-group interface, enter PORT-GROUP mode from CONFIGURATION mode. Enter 1/1 for node/ slot. The QSFP28 port-group range is 13 to 14.
View QSFP28 breakout interfaces OS10# show interface status --------------------------------------------------------------------------Port Description Status Speed Duplex Mode Vlan Tagged-Vlans --------------------------------------------------------------------------... Eth 1/1/41:1 down 0 auto A 1 Eth 1/1/41:2 down 0 auto A 1 Eth 1/1/41:3 down 0 auto A 1 Eth 1/1/41:4 down 0 auto A 1 Eth 1/1/42:1 down 0 auto A 1 Eth 1/1/42:2 down 0 auto A 1 Eth 1/1/42:3 down 0 auto A 1 Eth 1/1/42:4 down 0 auto A 1 ...
1/1/4 1/1/5 1/1/6 1/1/7 1/1/8 ...
2. Verify the firmware version and configure the IOM settings, see Verify and configure IOM settings. 3. Connect the cables to the new IOM, see Connect the cables to the new IOM. Replace an IOM in SmartFabric To replace an IOM that is part of a SmartFabric: 1. 2. 3. 4. Physically remove the faulty IOM and insert the new IOM, see Remove and replace the IOM. Verify the firmware version and configure the IOM settings, see Verify and configure IOM settings.
If the command is run on a member, the system displays only the details of the master IOM. The system displays information such as service tag and IPv6 address of the master. If the command is run in a master, the system displays the details of all the IOMs in the chassis deployment. Log in to the master IOM using the displayed IPv6 address before using the module replacement command. For more information about how to log in to the master IOM from the member, see Log in to the master IOM from the member.
2. Log in to the master IOM using the IPv6 address displayed in the IOM. admin@MX9116N-A1:~$ ssh admin@ Output example when you log in to the master IOM from the member IOM: admin@OS10:~$ ssh admin@fde1:53ba:e9a0:cccc:3417:ebff:fe2c:ca84 Debian GNU/Linux 9 Dell EMC Networking Operating System (OS10) admin@fde1:53ba:e9a0:cccc:3417:ebff:fe2c:ca84's password: Linux OS10 4.9.110 #1 SMP Debian 4.9.
Password: % Total % Received % Xferd 100 100 100 142 89 53 Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 646 384 --:--:-- --:--:-- --:--:-- 649 Node replacement work-flow is initiated, the node JDB1XC2 will reboot into Fabric mode. After successful authentication, the system initiates the module replacement workflow and the new IOM reboots and is placed in the SmartFabric Services mode.
12 Fibre Channel OS10 switches with Fibre Channel (FC) ports operate in one of the following modes: Direct attach (F_Port), NPIV Proxy Gateway (NPG). In the FSB mode, you cannot use the FC ports. F_Port Fibre Channel fabric port (F_Port) is the switch port that connects the FC fabric to a host. S4148U-ON, MX9116n, and MX7116n switches support F_Port. Enable Fibre Channel F_Port mode globally using the feature fc domain-ID domain-ID command in CONFIGURATION mode.
Fibre Channel over Ethernet Fibre Channel over Ethernet (FCoE) encapsulates Fibre channel frames over Ethernet networks. FCoE Initialization protocol (FIP) establishes Fibre channel connectivity with Ethernet ports. FIP snooping bridge (FSB) implements security characteristics to admit valid FCoE traffic in the Ethernet networks. FIP and FCoE provide FC emulation over Ethernet links.
Configure FIP snooping bridge OS10(config)# feature fip-snooping OS10(config)# interface ethernet 1/1/32 OS10(conf-if-eth1/1/32)# fip-snooping port-mode fcf OS10(conf-if-eth1/1/32)# exit OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# fip-snooping enable OS10(conf-if-vl-100)# fip-snooping fc-map 0xEFC64 OS10(conf-if-vl-100)# exit OS10(config)# fcoe max-sessions-per-enodemac 64 View FIP snooping configuration details OS10# show fcoe statistics interface vlan 100 Number of Vlan Requests :0 Number of Vl
----------------d4:ae:52:1b:e3:cd ---------------- ---- ---- -------ethernet1/1/54 100 1 5 Terminology ENode End Node or FCoE node FC Fibre Channel FC ID A 3-byte address used by FC to identify the end points FC Map A 3-byte prefix configured per VLAN, used to frame FCoE MAC address FCF Fibre Channel Forwarder FCoE Fibre Channel over Ethernet FCoE MAC Unique MAC address used to identify an FCoE session. This is a combination of FC ID and FC Map.
OS10(config)# interface fibrechannel 1/1/1 OS10(conf-if-fc1/1/1)# vfabric 100 View vfabric configuration OS10(conf-vfabric-100)# show configuration ! vfabric 100 name 100 vlan 1023 fcoe fcmap 0xEFC64 zoneset activate set zone default-zone permit OS10# show vfabric Fabric Name 100 Fabric Type FPORT Fabric Id 100 Vlan Id 1023 FC-MAP 0xEFC64 Config-State ACTIVE Oper-State UP ========================================== Switch Config Parameters ========================================== Domain ID 100 ============
Configure vfabric in NPG mode OS10(config)# vfabric 10 OS10(conf-vfabric-10)# name 10 OS10(conf-vfabric-10)# vlan 100 OS10(conf-vfabric-10)# fcoe fcmap 0x0efc01 OS10(conf-vfabric-10)# fcoe fcf-priority 128 OS10(conf-vfabric-10)# fcoe fka-adv-period 8 OS10(conf-vfabric-10)# fcoe vlan-priority 3 OS10(conf-vfabric-10)# exit OS10(config)# interface ethernet 1/1/31 OS10(conf-if-eth1/1/31)# vfabric 10 View vfabric configuration OS10(conf-vfabric-10)# show configuration ! vfabric 10 name 10 vlan 100 fcoe fcmap 0xE
5. Create a zoneset using the fc zoneset zoneset-name command in CONFIGURATION mode. The switch enters Zoneset CONFIGURATION mode. 6. Add the existing zones to the zoneset with the member zone-name command in Zoneset CONFIGURATION mode. 7. Activate the zoneset using the zoneset activate zoneset-name command in vfabric CONFIGURATION mode. The members in the zoneset become active. 8.
50:00:d3:10:00:ec:f9:1b 50:00:d3:10:00:ec:f9:1f hba1 *10:00:00:90:fa:b8:22:19 *21:00:00:24:ff:7b:f5:c8 OS10# show fc zoneset set ZoneSetName ZoneName ZoneMember ========================================================== set hba1 21:00:00:24:ff:7b:f5:c8 10:00:00:90:fa:b8:22:19 21:00:00:24:ff:7f:ce:ee 21:00:00:24:ff:7f:ce:ef hba2 20:01:00:0e:1e:e8:e4:99 50:00:d3:10:00:ec:f9:1b 50:00:d3:10:00:ec:f9:05 50:00:d3:10:00:ec:f9:1f 20:35:78:2b:cb:6f:65:57 F_Port on Ethernet OS10 supports configuring F_Port mode o
through both the pinned port and other ports in the port-channel, based on LAG hashing. Dell EMC recommends to use pinned port if there are more than one port in FCoE LAG. In a VLT network, the server has two unique FCoE sessions to SAN fabric and the traffic flows based on pinned port configuration. If there is only one port in the port-channel, there is no need for a pinned port. NOTE: The pinned port configuration is supported on FSB, Ethernet downlink port-channel of NPG, and F_Port mode.
Sample FSB configuration on VLT network 1. Enable the FIP snooping feature globally. OS10(config)# feature fip-snooping 2. Create the FCoE VLAN. OS10(config)#interface vlan 1001 OS10(conf-if-vl-1001)# fip-snooping enable 3. Configure the VLTi interface. OS10(config)# interface ethernet 1/1/27 OS10(conf-if-eth1/1/27)# no shutdown OS10(conf-if-eth1/1/27)# no switchport 4. Configure the VLT. OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.151.
OS10(config)# policy-map type network-qos PFC OS10(config-pmap-network-qos)# class fcoematch OS10(config-pmap-c-nqos)# pause OS10(config-pmap-c-nqos)# pfc-cos 3 7. Create uplink and downlink port-channels, and configure the FCF facing port.
Version : 2.0 Local System MAC address : 50:9a:4c:d3:cf:70 Primary priority : 32768 VLT MAC address : 50:9a:4c:d3:cf:70 IP address : fda5:74c8:b79e:1::2 Delay-Restore timer : 90 seconds Peer-Routing : Disabled Peer-Routing-Timeout timer : 0 seconds VLTi Link Status port-channel1000 : up VLT Peer Unit ID System MAC Address Status IP Address Version ---------------------------------------------------------------------------------1 50:9a:4c:d3:e2:f0 up fda5:74c8:b79e:1::1 2.
2. Create the FC zones. OS10(config)# fc zone zoneA OS10(config-fc-zone-zoneA)# member wwn 10:00:00:90:fa:b8:22:19 <> OS10(config-fc-zone-zoneA)# member wwn 21:00:00:24:ff:7b:f5:c8 <> 3. Create the FC zoneset. OS10(config)# fc zoneset zonesetA OS10(conf-fc-zoneset-zonesetA)# member zoneA 4. Create the vfabric VLAN. OS10(config)# interface vlan 1001 5. Create vfabric and activate the FC zoneset.
OS10(conf-if-eth1/1/10)# OS10(conf-if-eth1/1/10)# OS10(conf-if-eth1/1/10)# OS10(conf-if-eth1/1/10)# OS10(conf-if-eth1/1/10)# no shutdown channel-group 10 mode active no switchport service-policy input type network-qos PFC priority-flow-control mode on View configuration Name server entries: OS10# show fc ns switch brief Total number of devices = 2 Intf# Domain port-channel10(Eth 1/1/9) 1 20:00:f4:e9:d4:a4:7d:c3 fibrechannel1/1/26 1 21:00:00:24:ff:7c:ae:0e FC-ID 01:00:00 Enode-WWPN 20:01:f4:e9:d4:a4:7d:c
OS10(conf-if-po-10)# switchport trunk allowed vlan 1001,10 OS10(conf-if-po-10)# fip-snooping port-mode fcf OS10(config)# interface port-channel 20 OS10(conf-if-po-20)# no shutdown OS10(conf-if-po-20)# switchport mode trunk OS10(conf-if-po-20)# switchport access vlan 1 OS10(conf-if-po-20)# switchport trunk allowed vlan 1001,10 6. Apply the PFC configuration on downlink and uplink interfaces. In addition, include the interfaces to the port-channel and configure one of the interfaces as pinned-port.
Pinned port status: OS10# show fcoe pinned-port Interface pinned-port FCoE Status ----------------- ---------------- ----------------Po 10 Eth 1/1/1 Up Po 20 Eth 1/1/3 Up Sample FC Switch configuration on non-VLT network 1. Enable the F_PORT mode. OS10(config)# feature fc domain-id 1 2. Create the FC zones.
OS10(conf-if-eth1/1/9)# service-policy input type network-qos PFC OS10(conf-if-eth1/1/9)# priority-flow-control mode on OS10(config)# interface ethernet 1/1/10 OS10(conf-if-eth1/1/10)# no shutdown OS10(conf-if-eth1/1/10)# channel-group 10 mode active OS10(conf-if-eth1/1/10)# no switchport OS10(conf-if-eth1/1/10)# service-policy input type network-qos PFC OS10(conf-if-eth1/1/10)# priority-flow-control mode on View configuration Name server entries: OS10# show fc ns switch brief Total number of devices = 2 In
NOTE: Port-pinning is not supported on ENodes connected to an FSB switch that is in FCF-transit mode. You cannot view the ENodes or session information using the show commands. Clear virtual link frames When an FSB clears an FCoE session for some reason, the other devices in the network, such as the ENode, FCF, and transit switches, are not informed and considers the session to be intact. FSB drops the FCoE data corresponding to the cleared session.
b. Enable DCBX. L2switch(config)# dcbx enable c. Create a VLAN for FCoE traffic to pass through. L2switch(config)# interface vlan 777 d. Create class-maps. L2switch(config)# class-map type network-qos c3 L2switch(config-cmap-nqos)# match qos-group 3 L2switch(config)# class-map type queuing q0 L2switch(config-cmap-queuing)# match queue 0 L2switch(config-cmap-queuing)# exit L2switch(config)# class-map type queuing q3 L2switch(config-cmap-queuing)# match queue 3 L2switch(config-cmap-queuing)# exit e.
a. Disable flow control on the interfaces connected to CNA1, L2 switch, and FSB2. FSB1(config)# interface ethernet 1/1/31 FSB1(conf-if-eth1/1/31)# no flowcontrol receive FSB1(conf-if-eth1/1/31)# no flowcontrol transmit FSB1(config)# interface ethernet 1/1/5 FSB1(conf-if-eth1/1/5)# no flowcontrol receive FSB1(conf-if-eth1/1/5)# no flowcontrol transmit FSB1(config)# interface ethernet 1/1/2 FSB1(conf-if-eth1/1/2)# no flowcontrol receive FSB1(conf-if-eth1/1/2)# no flowcontrol transmit b.
i.
e. Create class-maps. FSB2(config)# class-map type network-qos c3 FSB2(config-cmap-nqos)# match qos-group 3 FSB2(config)# class-map type queuing q0 FSB2(config-cmap-queuing)# match queue 0 FSB2(config-cmap-queuing)# exit FSB2(config)# class-map type queuing q3 FSB2(config-cmap-queuing)# match queue 3 FSB2(config-cmap-queuing)# exit f. Create policy-maps.
4. Configure the FCF. The following configuration assumes that the FCF is in F-Port mode. a. Disable flow control on the interface connected to FSB2. FCF(config)# interface ethernet 1/1/13 FCF(conf-if-eth1/1/13)# no flowcontrol receive FCF(conf-if-eth1/1/13)# no flowcontrol transmit b. Enable Fiber Channel F-Port mode globally. FCF(config)# feature fc domain-id 2 c. Create zones.
j. Apply vfabric on FSB2 and target connected interfaces. FCF(config)# interface ethernet 1/1/13 FCF(conf-if-eth1/1/13)# no shutdown FCF(conf-if-eth1/1/13)# switchport access vlan 1 FCF(conf-if-eth1/1/13)# vfabric 2 FCF(config)# interface fibrechannel 1/1/3 FCF(conf-if-fc1/1/3)# description target_connected_port FCF(conf-if-fc1/1/3)# no shutdown FCF(conf-if-fc1/1/3)# vfabric 2 k. Apply QoS configurations on the interface connected to FSB2.
-------------------------------------------------------------------------------------------------------------32:03:cf:45:00:00 Eth 1/1/31 14:18:77:20:86:ce Eth 1/1/2 777 0e:fc:00:05:00:05 05:00:05 33:00:55:2c:cf:55:00:00 23:00:55:2c:cf:55:00:00 f4:e9:d4:f9:fc:40 Eth 1/1/5 14:18:77:20:86:ce Eth 1/1/2 777 0e:fc:00:02:01:00 02:01:00 20:01:f4:e9:d4:a4:7d:c3 20:00:f4:e9:d4:a4:7d:c3 ● To verify the name server entries on the FCF, use the show fc ns switch brief command.
● VLT is configured between FSB1 and FSB2, and requires port-pinning for VLT port channels configured between access FSBs and core FSBs. The port modes are: ○ Directly-connected CNA ports—ENode ○ Ports connected to FSB3 and FSB4—FCF ● VLT is configured between FSB3 and FSB4, and requires port-pinning for VLT port channels configured between access and core FSBs.
4. Create class-maps. FSB1(config)# class-map type network-qos c3 FSB1(config-cmap-nqos)# match qos-group 3 FSB1(config)# class-map type queuing q0 FSB1(config-cmap-queuing)# match queue 0 FSB1(config-cmap-queuing)# exit FSB1(config)# class-map type queuing q3 FSB1(config-cmap-queuing)# match queue 3 FSB1(config-cmap-queuing)# exit 5. Create policy-maps.
FSB1(conf-if-eth1/1/31)# switchport access vlan 1 FSB1(conf-if-eth1/1/31)# switchport trunk allowed vlan 1001 FSB1(config)# interface port-channel 10 FSB1(conf-if-po-10)# switchport mode trunk FSB1(conf-if-po-10)# switchport access vlan 1 FSB1(conf-if-po-10)# switchport trunk allowed vlan 1001-1002 11. Apply QoS configurations on the interfaces connected to FSB2 and CNA-1. Configure the interface connected to FSB2 as pinned-port.
FSB2(config-cmap-queuing)# match queue 3 FSB2(config-cmap-queuing)# exit 5. Create policy-maps. FSB2(config)# policy-map type network-qos nqpolicy FSB2(config-pmap-network-qos)# class c3 FSB2(config-pmap-c-nqos)# pause FSB2(config-pmap-c-nqos)# pfc-cos 3 FSB2(config)# policy-map type queuing ets_policy FSB2(config-pmap-queuing)# class q0 FSB2(config-pmap-c-que)# bandwidth percent 30 FSB2(config-pmap-c-que)# class q3 FSB2(config-pmap-c-que)# bandwidth percent 70 6. Create a qos-map.
11. Apply QoS configurations on the interfaces connected to FSB4 and CNA-2. Configure the interface connected to FSB4 as pinned-port.
FSB3(config-pmap-c-nqos)# pause FSB3(config-pmap-c-nqos)# pfc-cos 3 FSB3(config)# policy-map type queuing ets_policy FSB3(config-pmap-queuing)# class q0 FSB3(config-pmap-c-que)# bandwidth percent 30 FSB3(config-pmap-c-que)# class q3 FSB3(config-pmap-c-que)# bandwidth percent 70 6. Create a qos-map. FSB3(config)# qos-map traffic-class tc-q-map1 FSB3(config-qos-map)# queue 3 qos-group 3 FSB3(config-qos-map)# queue 0 qos-group 0-2,4-7 7. Configure port channel.
FSB3(conf-if-eth1/1/45)# qos-map traffic-class tc-q-map1 FSB3(conf-if-eth1/1/45)# service-policy input type network-qos nqpolicy FSB3(conf-if-eth1/1/45)# service-policy output type queuing ets_policy FSB3(config)# interface ethernet 1/1/36 FSB3(conf-if-eth1/1/36)# flowcontrol receive off FSB3(conf-if-eth1/1/36)# priority-flow-control mode on FSB3(conf-if-eth1/1/36)# ets mode on FSB3(conf-if-eth1/1/36)# trust-map dot1p default FSB3(conf-if-eth1/1/36)# qos-map traffic-class tc-q-map1 FSB3(conf-if-eth1/1/36)#
FSB4(config-pmap-c-que)# class q3 FSB4(config-pmap-c-que)# bandwidth percent 70 6. Create a qos-map. FSB4(config)# qos-map traffic-class tc-q-map1 FSB4(config-qos-map)# queue 3 qos-group 3 FSB4(config-qos-map)# queue 0 qos-group 0-2,4-7 7. Configure port channel. FSB4(config)# interface port-channel 10 FSB4(conf-if-po-10)# no shutdown FSB4(conf-if-po-10)# vlt-port-channel 1 8. Configure VLTi interface member links.
FCF1 configuration 1. Enable Fiber Channel F-Port mode globally. FCF1(config)# feature fc domain-id 2 2. Create zones. FCF1(config)# fc zone zoneA FCF1(config-fc-zone-zoneA)# member wwn 23:05:22:11:0d:64:67:11 FCF1(config-fc-zone-zoneA)# member wwn 50:00:d3:10:00:ec:f9:00 3. Create zoneset. FCF1(config)# fc zoneset zonesetA FCF1(conf-fc-zoneset-setA)# member zoneA 4. Create a vfabric VLAN. FCF1(config)# interface vlan 1001 5. Create vfabric and activate the zoneset.
FCF1(conf-if-eth1/1/45)# FCF1(conf-if-eth1/1/45)# FCF1(conf-if-eth1/1/45)# FCF1(conf-if-eth1/1/45)# FCF1(conf-if-eth1/1/45)# ets mode on trust-map dot1p default qos-map traffic-class tc-q-map1 service-policy input type network-qos nqpolicy service-policy output type queuing ets_policy 11. Apply vfabric on the interfaces connected to FSB3 and the target.
FCF2(config-pmap-c-nqos)# pause FCF2(config-pmap-c-nqos)# pfc-cos 3 FCF2(config)# policy-map type queuing ets_policy FCF2(config-pmap-queuing)# class q0 FCF2(config-pmap-c-que)# bandwidth percent 30 FCF2(config-pmap-c-que)# class q3 FCF2(config-pmap-c-que)# bandwidth percent 70 9. Create a qos-map. FCF2(config)# qos-map traffic-class tc-q-map1 FCF2(config-qos-map)# queue 3 qos-group 3 FCF2(config-qos-map)# queue 0 qos-group 0-2,4-7 10. Apply QoS configurations on the interface connected to FSB4.
Enodes Sessions : 1 : 1 FSB2 FSB2# show fcoe sessions Enode MAC Enode Interface FCF MAC FCF interface VLAN FCoE MAC FC-ID PORT WWPN PORT WWNN -----------------------------------------------------------------------------------------------------------------------------------------------00:0e:1e:f1:f1:84 Eth 1/1/1 14:18:77:20:80:ce Po 10(Eth 1/1/44:1)1002 0e:fc:00:02:01:00 02:01:00 20:01:00:0e:1e:f1:f1:84 20:00:00:0e:1e:f1:f1:84 FSB2# show fcoe fcf FCF MAC FCF Interface VLAN FC-MAP FKA_ADV_PERIOD No.
00:0e:1e:f1:f1:84 0e:fc:00:02:01:00 Po 10(Eth 1/1/37) 14:18:77:20:80:ce Eth 1/1/42 02:01:00 20:01:00:0e:1e:f1:f1:84 20:00:00:0e:1e:f1:f1:84 1002 FSB4# show fcoe fcf FCF MAC FCF Interface VLAN FC-MAP FKA_ADV_PERIOD No.
● Before you disable the F_Port and NPG features, delete the mode-specific configurations. When you disable FSB, the system automatically removes the configurations. ● If you connect a storage device (target) to the IOM Fibrechannel port and if the port is operationally UP, then the storage device will induce a port flap until you configure the FC DirectAttach uplink (vfabric) configuration on this port.
4. Apply the vFabric configuration on the interface that connects to CNA 1. OS10(config)# interface ethernet 1/1/50 OS10(conf‐if‐eth1/1/50)# vfabric 2 5. Enable DCBX globally. OS10(config)# dcbx enable 6. Create a class map and policy map. OS10(config)# class‐map type network‐qos cmap1 OS10(config‐cmap‐nqos)# match qos‐group 3 OS10(config)# policy‐map type network‐qos pmap1 OS10(config‐pmap‐network‐qos)# class cmap1 OS10(config‐pmap‐c‐nqos)# pause OS10(config‐pmap‐c‐nqos)# pfc‐cos 3 7.
6. Create a class map and policy map. OS10(config)# class‐map type network‐qos cmap1 OS10(config‐cmap‐nqos)# match qos‐group 3 OS10(config)# policy‐map type network‐qos pmap1 OS10(config‐pmap‐network‐qos)# class cmap1 OS10(config‐pmap‐c‐nqos)# pause OS10(config‐pmap‐c‐nqos)# pfc‐cos 3 7. Disable LLFC on the interface that connects to CNA 2. OS10(config)# interface ethernet 1/1/1 OS10(conf‐if‐eth1/1/1)# no flowcontrol receive 8. Enable PFC mode on the interface that connects to CNA 2.
System log messages are received when the system closes a session for rebalancing. The log message provides the Fabric id, VLAN Id, FCoE MAC and the reason for termination. Load balancing after system reboot After reboot, upstream FC connections to the end-devices become operational first and carry more sessions than the other upstream FC connections to SAN. This requires load balancing.
Create VLAN OS10(config)# interface vlan 100 Create vFabric OS10(config)# vfabric 100 OS10(conf-vfabric-100)# vlan 100 OS10(conf-vfabric-100)# name NPG_Fabric OS10(conf-vfabric-100)# fcoe fcmap 0efc01 OS10(conf-vfabric-100)# exit Apply vFabric and FC port-mode configuration on the interface that connects to FC end point (HBA) OS10(config)# interface range fibrechannel 1/1/9,1/1/10 OS10(conf-range-fc1/1/9,1/1/10)# vfabric 100 OS10(conf-range-fc1/1/9,1/1/10)# fc port-mode F OS10(conf-range-fc1/1/9,1/1/10)# no
Apply vFabric configuration on the interface that connects to FCoE end points (CNA) OS10(config)# interface range ethernet 1/1/54,1/1/55 OS10(conf-range-eth1/1/54,1/1/55)# vfabric 100 OS10(conf-range-eth1/1/54,1/1/55)# no shut OS10(conf-range-eth1/1/54,1/1/55)# exit Apply vFabric configuration on the FC upstream interfaces OS10(config)# interface range fibrechannel 1/1/1,1/1/2 OS10(conf-range-fc1/1/1,1/1/2)# vfabric 100 OS10(conf-range-fc1/1/1,1/1/2)# no shut OS10(conf-range-fc1/1/1,1/1/2)# exit Apply FCoE
You can use manual rebalancing when you: Add new FC uplink to a balanced system Consider a topology with the following structure: ● NPG switch with two FC uplinks (fc 1/1/1 and fc 1/1/2) of the same speed (16G) ● Ports connecting to both FCoE and FC end points (eth 1/1/54, eth 1/1/55, fc 1/1/9 and fc 1/1/10) All the end points (servers) are logged in to the storage through the NPG switch. One FLOGI session is associated with each server.
Receive Fabric Discovery Request (FDISC) from an end point Consider the NPG switch with: ● two FC uplinks (fc 1/1/1 and fc 1/1/2) of different speed (8 G and 16 G) ● two ports (eth 1/1/54, eth 1/1/55) connecting the FCoE end points Each end point has one session that is associated with it. The NPG switch maps one session to each FC uplink to balance the system. Consider the end point connected to eth 1/1/55 establishes four more Fabric Discovery Sessions (FDISC).
fc alias Creates an FC alias. After creating the alias, add members to the FC alias. An FC alias can have a maximum of 255 unique members. Syntax fc alias alias-name Parameters alias-name — Enter a name for the FC alias. Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes the FC alias. To delete an FC alias, first remove it from the FC zone. Supported on the MX9116n switch in Full Switch mode starting in release 10.4.1.0.
Usage Information Example Supported Releases The no version of this command removes the FC zoneset. Supported on the MX9116n switch in Full Switch mode starting in release 10.4.1.0. Also supported in SmartFabric mode starting in release 10.5.0.1. OS10(config)# fc zoneset set OS10(conf-fc-zoneset-set)# member hba1 10.3.1E or later feature fc Enables the F_Port globally. Syntax feature fc domain-id domain-id Parameters domain-id — Enter the domain ID of the F_Port, from 1 to 239.
member (zone) Adds members to existing zones. Identify a member by an FC alias, a world wide name (WWN), or an FC ID. Syntax member {alias-name alias-name | wwn wwn-ID | fc-id fc-id} Parameters ● alias-name — Enter the FC alias name. ● wwn-ID — Enter the WWN name. ● fc-id — Enter the FC ID name. Defaults Not configured Command Mode Zone CONFIGURATION Usage Information Supported on the MX9116n switch in Full Switch mode starting in release 10.4.0E(R3S).
Example OS10# show fc alias Alias Name Alias Member ============================================== test 21:00:00:24:ff:7b:f5:c9 20:25:78:2b:cb:6f:65:57 OS10# Supported Releases 10.3.1E or later show fc interface-area-id mapping Displays the FC ID to interface mapping details.
Registered with NameServer Registered for SCN Example (brief) Supported Releases Yes No OS10# show fc ns switch brief Total number of devices = 1 Intf# Domain Enode-WWNN port-channel10(Eth 1/1/9) 4 20:00:00:90:fa:b8:22:18 FC-ID 04:00:00 Enode-WWPN 10:00:00:90:fa:b8:22:18 10.3.1E or later show fc zone Displays the FC zones and the zone members. Syntax show fc zone [zone-name] Parameters zone-name — Enter the FC zone name.
Command Mode EXEC Usage Information None Example OS10# show fc zoneset ZoneSetName ZoneName ZoneMember ========================================================= set hba1 21:00:00:24:ff:7b:f5:c8 10:00:00:90:fa:b8:22:19 21:00:00:24:ff:7f:ce:ee 21:00:00:24:ff:7f:ce:ef hba2 20:01:00:0e:1e:e8:e4:99 50:00:d3:10:00:ec:f9:1b 50:00:d3:10:00:ec:f9:05 50:00:d3:10:00:ec:f9:1f 20:35:78:2b:cb:6f:65:57 vFabric id: 100 Active Zoneset: set ZoneName ZoneMember ============================================== hba2 20:01:
zone default-zone permit Enables access between all logged-in FC nodes of the vfabric in the absence of an active zoneset configuration. Syntax zone default-zone permit Parameters None Defaults Not configured Command Mode Vfabric CONFIGURATION Usage Information A default zone advertises a maximum of 255 members in the registered state change notification (RSCN) message. The no version of this command disables access between the FC nodes in the absence of an active zoneset.
Usage Information Example Supported Releases Configure the port mode when the port is in Shut mode and when NPG mode is enabled. The no version of this command returns the port mode to default. OS10(config)# interface fibrechannel 1/1/1 OS10(conf-if-fc1/1/1)# fc port-mode F 10.4.1.0 or later feature fc npg Enables the NPG mode globally.
Po 10(Eth 1/1/9) LOGGED_IN Supported Releases 20:01:d4:ae:52:1a:ee:54 1001 Fc 1/1/25 10 10.4.0E(R1) or later F_Port and NPG commands The following commands are supported on both F_Port and NPG modes: clear fc statistics Clears FC statistics for specified vfabric or fibre channel interface. Syntax clear fc statistics [vfabric vfabric-ID | interface fibrechannel] Parameters ● vfabric-ID — Enter the vfabric ID. ● fibrechannel — Enter the fibre channel interface name.
OS10(conf-vfabric-10)# fcoe fka-adv-period 8 OS10(conf-vfabric-10)# fcoe vlan-priority 3 Supported Releases 10.3.1E or later fcoe delay fcf-adv Delay the Multicast Discovery Advertisement from FCFs to be sent to Enodes. Syntax fcoe delay fcf-adv timeout Parameters timeout - Timeout range specified in seconds. Range is 1 to 30 seconds.
The 'dry-run' option displays the current state of the system, sessions cleared, and the system state after the load b is done without actually doing it. You can use the "brief" option (both in dry run and actual run) to view only the sess redistribution information. This command is supported in the NPG mode. The following table list the fields and description displayed in this command: Table 54.
4 12 16 24 1 ------------------------------------------------------------------OS10#re-balance npg sessions vfabric 100 dry-run brief Fabric Id 100 Session Displacements: Total No. of Node(s) : 4 No. of Node(s) displaced : 4 ---------------------------------------------------------------------------------Node WWPN From Uplink Intf To Uplink Intf No.
Usage Information Displays the details of FC upstream interfaces in all the available or specified vFabrics along with the FC Id and BB C This command is supported in NPG mode. The following table lists the fields and descriptions displayed in the output: Table 55. Fields and Descriptions Fields Description Uplink Intf The name of the FC uplink interface.
VFabric Id : 300 Uplink Speed Intf FC Id BB Credit (Gbps) FLOGI FDISC Total Re-distrib ---------------------------------------------------------------------------------Fc 1/1/13 01:00:03 2 8 3 3 6 0 Fc 1/1/14 01:00:04 4 16 1 6 7 5 OS10#show npg uplink-interfaces fcf-info VFabric Id : 200 FAD Timeout Left : 10 second(s) FCF Availability Status : No Uplink Duplicate Intf Upstream Fabric-Name Error Reason FC-Id(s) ----------------------------------------------------------------Fc 1/1/11 10:01:d4:ae:52:1a:ee:50
Table 56.
Number of FLOGO Accepts Number of FLOGO Rejects Example (interface) Supported Releases : 0 : 0 OS10# show fc statistics interface fibrechannel1/1/25:1 Number of FLOGI : 1 Number of FDISC : 0 Number of FLOGO : 0 Number of FLOGI Accepts : 1 Number of FLOGI Rejects : 0 Number of FDISC Accepts : 0 Number of FDISC Rejects : 0 Number of FLOGO Accepts : 0 Number of FLOGO Rejects : 0 10.3.1E or later show fc switch Displays FC switch parameters.
show vfabric Displays vfabric details.
vfabric (interface) Applies an existing vfabric to an Ethernet or FC interface. Syntax vfabric fabric-ID Parameters fabric-ID — Enter the fabric ID, from 1 to 255. Defaults Not configured Command Mode INTERFACE Usage Information The no version of this command removes the vfabric from the interface. Example OS10(config)# interface fibrechannel 1/1/1 OS10(conf-if-fc1/1/1)# vfabric 100 OS10(config)# interface ethernet 1/1/10 OS10(conf-if-eth1/1/10)# vfabric 200 Supported Releases 10.3.
Usage Information You can enable only one of the following at a time: F_Port, NPG, or FSB. You can include the with-cvl option to send a Clear Virtual Link (CVL) frame from the FCF to the ENode. This option helps the system to recover automatically if an FCoE session drops. If FIP snooping is already enabled, you can enter the feature fip-snooping with-cvl command to enable CVL. You do not have to explicitly disable FIP snooping to enable CVL.
fip-snooping port-mode Sets FIP snooping port mode for interfaces. Syntax fip-snooping port-mode {enode | enode-transit | fcf | fcf-transit} Parameters enode | enode-transit | fcf | fcf-transit—Enter the keyword to set FIP snooping port mode. Defaults ENode port mode Command Mode INTERFACE Usage Information OS10 supports this configuration only on a switch running FSB mode, and on Ethernet and port-channel interfaces. You cannot configure FIP snooping port mode on a port channel member.
clear fcoe statistics Clears FCoE statistics for specified interface. Syntax clear fcoe statistics [interface interface-type] Parameters interface-type — (Optional) Enter the interface type. The interface may be ethernet, VLAN, or port-channel. Default Not configured Command Mode EXEC Usage Information If you do not specify the interface interface-type information, the command clears the statistics for all the interfaces and VLANs.
maximum number of FCoE sessions per ENode to be 64 using the fcoe max-sessions-per-enodemac 64 command. Example Supported Releases OS10(config)# fcoe max-sessions-per-enodemac 64 10.4.0E(R1) or later fcoe priority-bits Configures the priority bits for FCoE application TLVs. Syntax fcoe priority-bits priority-value Parameter priority-value — Enter PFC priority value advertised in FCoE application TLV. You can enter one of the following values: 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, or 0x80.
Parameters enode-mac-address — (Optional) Enter the MAC address of ENode. This option displays details pertaining to the specified ENode. Default Not configured Command Mode EXEC Usage Information None Example Supported Releases OS10# show fcoe enode Enode MAC Enode Interface VLAN FCFs Sessions ----------------- ---------------- ---- ---- -------d4:ae:52:1b:e3:cd Po 20(Eth 1/1/3) 1001 1 1 10.4.0E(R1) or later show fcoe fcf Displays details of the FCFs connected to the switch.
54:7f:ee:37:34:40 ~ Supported Releases 200 0e:fc:01 4000 0 10.4.0E(R1) or later show fcoe pinned-port Displays the port-channel, the corresponding pinned-port configuration, and the port status if the FCoE sessions are formed. Syntax show fcoe pinned-port [port-channel port-channel-id] Parameters port-channel-id—Enter the port-channel ID to display the corresponding configuration.
show fcoe statistics Displays the statistical details of the FCoE control plane. Syntax show fcoe statistics [interface interface-type] Parameters interface-type — (Optional) Enter the type of interface. This option displays statistics of the specified interface.
show fcoe vlan Displays details of FIP-snooping VLANs. Syntax show fcoe vlan Parameters None Default Not configured Command Mode EXEC Usage Information None Example Supported Releases OS10# show fcoe vlan * = Default VLAN VLAN FC-MAP FCFs Enodes ---- ------ ---- -----*1 100 0X0EFC00 1 2 Sessions -------17 10.4.
13 Layer 2 802.1X Verifies device credentials before sending or receiving packets using the Extensible Authentication Protocol (EAP), see 802.1X Commands. Link Aggregation Control Protocol (LACP) Exchanges information between two systems and automatically establishes a link aggregation group (LAG) between the systems, see LACP Commands.
The authentication process involves three devices: ● Supplicant — The device attempting to access the network performs the role of supplicant. Regular traffic from this device does not reach the network until the port associated to the device is authorized. Before that, the supplicant can only exchange 802.1x messages (EAPOL frames) with the authenticator.
EAP over RADIUS 802.1X uses RADIUS to transfer EAP packets between the authenticator and the authentication server. EAP messages are encapsulated in RADIUS packets as an attribute of type, length, value (TLV) format — the type value for EAP messages is 79. Configure 802.1X You can configure and enable 802.1X on a port in a single process. OS10 supports 802.1X with EAP-MD5. All platforms support RADIUS as the authentication server.
Enable 802.1X 1. Enable 802.1X globally in CONFIGURATION mode. dot1x system-auth-control 2. Enter an interface or a range of interfaces in CONFIGURATION mode. interface range 3. Enable 802.1X on the supplicant interface only in INTERFACE mode. dot1x port-control auto Configure and verify 802.
Identity retransmissions If the authenticator sends a Request Identity frame but the supplicant does not respond, the authenticator waits 30 seconds and then retransmits the frame. There are several reasons why the supplicant might fail to respond — the supplicant maybe booting when the request arrived, there may be a physical layer problem, and so on. 1.
The Request Identity Retransmit interval is for an unresponsive supplicant. You can configure the interval for a maximum of 10 times for an unresponsive supplicant. 1. Configure the amount of time that the authenticator waits to retransmit a Request Identity frame after a failed authentication in INTERFACE mode from 1 to 65535, default 60 seconds.
● Place a port in the auto, force-authorized (default), or force-unauthorized state in INTERFACE mode. dot1x port-control {auto | force-authorized | force-unauthorized} Configure and verify force-authorized state OS10(conf-range-eth1/1/7-1/1/8)# dot1x port-control force-authorized OS10(conf-range-eth1/1/7-1/1/8)# do show dot1x interface ethernet 1/1/7 802.
Tx Period: Quiet Period: Supplicant Timeout: Server Timeout: Re-Auth Interval: Max-EAP-Req: Host Mode: Auth PAE State: Backend State: 120 seconds 120 seconds 30 seconds 30 seconds 3600 seconds 5 MULTI_HOST Initialize Initialize View interface running configuration OS10(conf-range-eth1/1/7-1/1/8)# do show running-configuration interface ...
View interface running configuration OS10(conf-range-eth1/1/7-1/1/8)# do show running-configuration interface ...
Example Supported Releases OS10(conf-range-eth1/1/7-1/1/8)# dot1x max-req 4 10.2.0E or later dot1x port-control Controls the 802.1X authentication performed on the interface. Syntax dot1x port-control {force-authorized | force-unauthorized | auto} Parameters ● force-authorized — Disables 802.1X authentication on the interface and allows all traffic on the interface without authentication.
Usage Information Example Supported Releases The no version of this command resets the value to the default. OS10(conf-range-eth1/1/7-1/1/8)# dot1x timeout quiet-period 120 10.2.0E or later dot1x timeout re-authperiod Sets the number of seconds between re-authentication attempts. Syntax dot1x timeout re-authperiod seconds Parameters re-authperiod seconds — Enter the number of seconds for the 802.1X re-authentication timeout, from 1 to 65535.
Usage Information Example Supported Releases The no version of this command resets the value to the default. OS10(conf-range-eth1/1/7-1/1/8)# dot1x timeout supp-timeout 45 10.2.0E or later dot1x timeout tx-period Sets the number of seconds that the device waits for a response to an EAP-request/identity frame from the supplicant before retransmitting the request. Syntax dot1x timeout tx-period seconds Parameters tx-period seconds — Enter the number of seconds for the 802.
Usage Information Example Example (when dot1x is not enabled globally) Supported Releases Use this command to view the dot1x interface configuration for a specific interface. OS10# show dot1x interface 802.1x information on ethernet1/1/1 ------------------------------------Dot1x Status: Enable 802.1x information on ethernet1/1/2 ------------------------------------Dot1x Status: Enable 802.1x information on ethernet1/1/3 ------------------------------------Dot1x Status: Enable 802.
FEFD helps detect far-end failure when the following problems occur: ● Only one side receives packets although the physical layer (L1) of the link is up on both sides. ● Transceivers are not connected to the correct ports. FEFD states FEFD comprises the following four states: ● Idle—FEFD is disabled. ● Unknown—Shown when FEFD is enabled and changes to bi-directional after successful handshake with the peer. Also shown if the peer goes down in normal mode.
Table 57. FEFD state changes Local event (User intervention ) Configured FEFD mode Local state Local admin (Show display) State (Result) (Result) Local line protocol Remote state Status (Show display) (Result) Remote admin state Remote line protocol status (Result) Shutdown(us Normal er configuration) Admin Shutdown Down Down Line protocol is down. Up Down Shutdown(us Aggressive er configuration) Admin Shutdown Down Down Line protocol is down.
● Configure FEFD Aggressive mode globally using the fefd-global mode aggressive command in CONFIGURATION mode. OS10(Config)# fefd-global mode aggressive 2. (Optional) Configure the FEFD interval using the fefd-global interval command in CONFIGURATION mode and enter the interval in seconds. The range is from 3 to 255 seconds. OS10(Config)# fefd-global interval 20 3. (Optional) Disable FEFD on a specific interface if required using the fefd disable command in INTERFACE mode.
eth1/1/4 eth1/1/5 eth1/1/6 eth1/1/7 NA NA NA NA NA NA NA NA Idle Idle Idle Idle (Not (Not (Not (Not running) running) running) running) The following is a sample output of FEFD information for an interface: rt-maa-s4248FBL-3# show fefd ethernet 1/1/1 FEFD is globally 'ON', interval is 15 seconds, mode is Normal. INTERFACE MODE INTERVAL STATE ============================================================ eth1/1/1 NA NA Idle (Not running) FEFD Commands debug fefd Enables debugging of FEFD.
To unconfigure FEFD on an interface, use either the no fefd command or the no fefd mode command. To return to the default FEFD interval, use the no fefd interval command. Example OS10(conf-if-eth1/1/9)# fefd OS10(conf-if-eth1/1/9)# fefd mode aggressive OS10(conf-if-eth1/1/9)# fefd mode interval 10 Supported Releases 10.4.3.0 or later fefd-global Configures FEFD globally.
Usage Information Example If you do not enter the interface name, this command resets the error-disabled state of all interfaces because FEFD is set to Aggressive mode. OS10# fefd reset OS10# fefd reset ethernet 1/1/2 Supported Releases 10.4.3.0 or later show fefd Displays FEFD information globally or for a specific interface. Syntax show fefd [interface] Parameters ● (Optional) interface—Enter the interface information.
Link Aggregation Control Protocol Group Ethernet interfaces to form a single link layer interface called a LAG or port channel. Aggregating multiple links between physical interfaces creates a single logical LAG, which balances traffic across the member links within an aggregated Ethernet bundle and increases the uplink bandwidth. If one member link fails, the LAG continues to carry traffic over the remaining links. For information about LAG load balancing and hashing, see Load balancing.
Configure LACP OS10(config)# lacp system-priority 65535 OS10(config)# interface range ethernet 1/1/7-1/1/8 OS10(conf-range-eth1/1/7-1/1/8)# lacp port-priority 4096 OS10(conf-range-eth1/1/7-1/1/8)# lacp rate fast Verify LACP configuration OS10(conf-range-eth1/1/7-1/1/8)# do show running-configuration ... ! interface ethernet1/1/7 lacp port-priority 4096 lacp rate fast no shutdown ! interface ethernet1/1/8 lacp port-priority 4096 lacp rate fast no shutdown ! ...
Configure LACP timeout OS10(conf-if-eth1/1/29)# lacp rate fast View port status OS10# show lacp port-channel Port-channel 41 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address e4:f0:04:fe:9f:e1 Partner System ID: Priority 4096, Address de:11:de:11:de:11 Actor Admin Key 41, Oper Key 41, Partner Oper Key 41 Fallback: Not configured, Fallback port preemption: Configured, Fallback timeout: 15 seconds Fallback Port Elected: LACP LAG ID 41 is an aggregatable link A - Active LACP, B - Passive LA
OS10(conf-if-eth1/1/29)# OS10(conf-if-eth1/1/29)# OS10(conf-if-eth1/1/29)# OS10(conf-if-eth1/1/30)# OS10(conf-if-eth1/1/30)# OS10(conf-if-eth1/1/30)# OS10(conf-if-eth1/1/31)# OS10(conf-if-eth1/1/31)# no switchport channel-group 1 mode active interface ethernet 1/1/30 no switchport channel-group 1 mode active interface ethernet 1/1/31 no switchport channel-group 1 mode active Alpha verify LAG port configuration OS10# show lacp port-channel Port-channel 41 admin up, oper up, mode lacp Actor System ID: Prior
227562 64-byte pkts, 9344941 over 64-byte pkts, 1772495308 over 127-byte pkts 3544631784 over 255-byte pkts, 7088975548 over 511-byte pkts, 5.
42975359 64-byte pkts, 148695530 over 64-byte pkts, 36673423689 over 127-byte pkts 73342977260 over 255-byte pkts, 146685062757 over 511-byte pkts, 1.
You can set the timer using the lacp fallback timeout timer-value command. The LACP fallback feature adds a member port to LACP port channel if it does not receive LACP PDUs from the peer for a particular period. The server uses the fallback port to finalize the PXE-boot process. When the server starts with the operating system, the process completes the LACP handshake and the fallback port reunites the other members. The member port becomes active and sends packets to the PXE server.
LACP fallback in non-VLT network In a non-VLT network, LACP fallback enables rebooting of ToR or server that is connected to the switch through normal LACP. The other end of the switch is connected to a DHCP/PXE server, as shown in the following figure: In the above scenario, LACP fallback works as follows: 1. The ToR/server boots 2. The switch detects the link that is up and checks fallback enabled status. If fallback is enabled, the device waits for the time-out period for any LACP BPDUs.
In the above scenario, LACP fallback works as follows: 1. The ToR/server boots 2. One of the VLT peers takes care of controlling the LACP fallback mode. All events are sent to the controlling VLT peer for deciding the port that should be brought up and then the decision is passed on to peer device. 3. The controlling VLT peer can decide to bring up one of the ports in either the local port channel or in the peer VLT port channel. 4.
Usage Information Example Supported Releases When you delete the last physical interface from a port channel, the port channel remains. Configure these attributes on an individual member port. If you configure a member port with an incompatible attribute, OS10 suspends that port in the port channel. The member ports in a port channel must have the same setting for link speed capability and duplex capability. The no version of this command removes the interface from the port channel.
lacp fallback preemption Enables or disables LACP fallback port preemption. Syntax lacp fallback preemption {enable | disable} Parameters ● enable—Enables preemption on the port channel. ● disable—Disables preemption on the port channel. Default Enabled Command Mode Port-channel INTERFACE Usage Information When you enable preemption, the fallback port election preempts the already elected fallback port and elects a new fallback port.
Parameters max-bundle-number — Enter the maximum bundle size (1 to 32). Default 32 Command Mode INTERFACE Usage Information The no version of this command resets the maximum bundle size to the default value. Example Supported Releases OS10(conf-if-po-10)# lacp max-bundle 10 10.2.0E or later Lacp port-priority Sets the priority for the physical interfaces for LACP. Syntax lacp port-priority priority Parameters priority — Enter the priority for the physical interfaces (0 to 65535).
Default 32768 Command Mode CONFIGURATION Usage Information Each device that runs LACP has an LACP system priority value. LACP uses the system priority with the MAC address to form the system ID and also during negotiation with other systems. The system ID is unique for each device. The no version of this command resets the system priority to the default value. Example Supported Releases OS10(config)# lacp system-priority 32768 10.2.
Example OS10# show lacp interface ethernet 1/1/129 Invalid Port id, Max.
Partner Oper Key: 1 Partner Oper State:aggregation synchronization collecting distributing defaulted expired Supported Releases 10.2.0E or later show lacp port channel Displays information about LACP port channels. Syntax show lacp port-channel [interface port-channel channel-number] Parameters ● interface port channel — (Optional) Enter the interface port-channel. ● channel-number — (Optional) Enter the port channel number for the LACP neighbor (1 to 128).
Supported Releases 10.2.0E or later Link Layer Discovery Protocol Dell EMC SmartFabric OS10 supports: ● Link Layer Discovery protocol (LLDP) ● Link Layer Discovery Protocol — Media Endpoint Discovery (LLDP-MED) LLDP is a one-way protocol that enables network devices on a local area network (LAN) to discover and advertise its capabilities to adjacent LAN devices. LLDP devices advertise its capabilities in the form of LLDP data units (LLDPDUs).
Mandatory TLVs OS10 supports the three mandatory TLVs. These mandatory TLVs are at the beginning of the LLDPDU in the following order: ● Chassis ID TLV ● Port ID TLV ● Time-to-live TLV Table 58. Mandatory TLVs Mandatory TLVs Type Description Chassis ID 1 Identifies the chassis. Port ID 2 Identifies a port through which the LAN device transmits LLDPDUs. Time-to-live 3 Number of seconds that the received information in this LLDPDU is valid. End of LLDPDU 0 Marks the end of an LLDPDU.
Organizationally specific TLVs Table 60. 802.1x organizationally specific TLVs (Type – 127, OUI – 00-80-C2) TLV Subtype Description Link aggregation 7 ● Indicates whether the link associated with the port on which the LLDPDU is transmitted is aggregated. ● Provides the aggregated port identifier. Port VLAN ID 1 Untagged VLAN to which a port belongs. Protocol identity 4 Not supported. VLAN name 3 Allows an IEEE 802.
Custom TLVs iDRAC organizationally specific TLVs Table 64. iDRAC organizationally specific TLVs; Subtypes used in iDRAC custom TLVs (Type – 127, OUI – 0xF8-0xB1-0x56) TLV Subtype Description Originator 1 Indicates the iDRAC string that is used as the originator. This string enables external switches to identify iDRAC LLDPDUs. Port type 2 Following are the applicable port types: 1. iDRAC port (dedicated) 2. NIC port 3.
Table 65. Isilon-related TLVs (Type – 127, OUI – 0xF8-0xB1-0x56) TLV Subtype Description address for the specific fabric instance. The RA prefix is different for each fabric. Fabric ID 3 Indicates the ID of the fabric the LLDPDU is originating from. Isilon-related TLVs – Subtypes used in LLDP custom TLVs that are transacted by the OS10 switches Originator 1 Indicates the OS10 string that is used as the originator. The string enables the OS10 switches to identify LLDPDUs.
● To enable LLDP globally: Enable LLDP globally in CONFIGURATION mode. OS10(config)# lldp enable ● To enable LLDP on an interface: When you enable LLDP globally, it is enabled on all interfaces. You can enable or disable LLDP on individual interfaces to both transmit and receive LLDP information. Also, you can configure an interface to only transmit or receive LLDP information. Enable LLDP in INTERFACE mode.
Time to live TTL or hold time is the amount of time, in seconds, that a receiving system waits to hold the information before discarding it. The formula to calculate the hold time = LLDP timer value x holdtime-multiplier value. The no version of this command resets the value to the default. For example, LLDP timer transmit interval is set to 30 seconds and the holdtime-multiplier is set to 4, the TTL is 120 seconds (30 x 4). The default TTL of 120 seconds.
2. Enable the vlan-name option in INTERFACE mode. lldp tlv-select dot1-tlv vlan-name 3. Enter INTERFACE VLAN mode from CONFIGURATION mode. interface vlan 1 4. Specify a name for VLAN 1 in INTERFACE VLAN mode. vlan-name vlan1 Transmit the VLAN names of a specific set of VLANs When you configure the interface to send the names of specific VLANs using lldp vlan-name-tlv allowed vlan command, the interface can transmit a maximum of eight VLAN names.
OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# switchport mode trunk OS10(conf-if-eth1/1/1)# switchport trunk allowed vlan 2-10 OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)#lldp vlan-name-tlv allowed vlan 2,3,4,5,6,7,8,9,10 The interface transmits the name of the default VLAN even if the default VLAN ID is not explicitly configured. The interface transmits the first eight VLAN names and excludes the names of VLAN 9 and VLAN 10.
LLDP PDU Truncated(Too many TLV's): false VLAN Name(s): VLAN NAME --------------------1 vlan1 2 vlan2 4 vlan4 5 vlan5 6 vlan6 7 vlan7 8 vlan8 9 vlan9 Maximum size of LLDP PDU: 1500 Current LLDP PDU Size: 386 LLDP PDU Truncated(Too many TLV's): false LLDP MED Capabilities: Supported: LLDP-MED Capabilities, Network Policy, Inventory Management Current: LLDP-MED Capabilities, Network Policy LLDP MED Device Type: Network connectivity Disable and reenable LLDP TLVs By default, the interfaces advertise all LLDP
Disable LLDP TLVs OS10(config)# interface mgmt 1/1/1 OS10(conf-if-ma-1/1/1)# no lldp tlv-select basic-tlv system-name system-description OS10(conf-if-ma-1/1/1)# no lldp tlv-select dot1tlv port-vlan-id To advertise LLDP TLVs from the management ports, use the following commands: Enable LLDP TLVs OS10(config)# interface mgmt 1/1/1 OS10(conf-if-ma-1/1/1)# lldp tlv-select basic-tlv system-name system-description OS10(conf-if-ma-1/1/1)# lldp tlv-select dot1tlv port-vlan-id Advertise management address TLVs in a
Sample configuration on R1: Enable the list of LLDP TLVs needs to be advertised from R1.
Total Total Total Total Total Total Entries Aged Frames In Frames Received In Error Frames Discarded TLVS Unrecognized TLVs Discarded : : : : : : 0 0 0 0 0 0 LLDP MED Traffic Statistics: Total Med Frames Out : Total Med Frames In : Total Med Frames Discarded : Total Med TLVS Discarded : Total Med Capability TLVS Discarded: Total Med Policy TLVS Discarded : Total Med Inventory TLVS Discarded : 0 0 0 0 0 0 0 View LLDP neighbor advertisements ● View brief information about the LLDP neighbors learned by t
Auto-neg enabled: 1 Auto-neg advertised capabilities: 10BASE-T half duplex mode, 10BASE-T full duplex mode, 100BASE-TX half duplex mode, 100BASE-TX full duplex mode MED Capabilities: Supported: LLDP-MED Capabilities, Network Policy, Location Identification, Extended Power via MDI - PSE, Extended Power via MDI - PD, Inventory Management Current: LLDP-MED Capabilities, Network Policy, Location Identification, Extended Power via MDI - PD, Inventory Management Device Class: Endpoint Class 3 Network Policy: Appl
Table 66. LLDP-MED organizationally specific TLVs (Type – 127) TLV Subtype Description ● VLAN ID ● L2 priority ● DSCP value Local identification 3 Physical location of the device expressed in one of three formats: ● Coordinate-based LCI ● Civic address LCI ● Emergency call services ELIN Extended power-via-MDI 4 ● Power requirements ● Priority ● Power status NOTE: Only Rx function is supported for location identification and extended power via MDI TLVs.
LLED-MED network policies TLVs A network policy in the context of LLDP-MED is a VLAN configuration of a device and associated L2 and L3 configurations. LLDP-MED network policies TLV include: ● ● ● ● VLAN ID VLAN tagged or untagged status L2 priority DSCP value You can configure a LLDP-MED network policy to generate an individual network policy TLV for each application type. For more information, see Define network policies.
Disable and reenable LLDP-MED By default, LLDP-MED is enabled on all interfaces except on the management interface. Disable LLDP-MED ● Disable LLDP-MED on an interface, use the lldp med disable command in INTERFACE mode. OS10(conf-if-eth1/1/1)# lldp med disable Enable LLDP-MED When LLDP-MED is disabled, you can reenable LLDP-MED on an interface. ● Enable LLDP-MED on an interface, use lldp med enable command in INTERFACE mode.
Change the fast start repeat count Fast start repeat enables a network-connectivity device to advertise itself at a faster rate for a limited amount of time. The fast start timer starts when a network-connectivity device receives the first LLDP frame from a newly detected endpoint. The LLDP-MED fast start repeat count specifies the number of LLDP packets that are sent during the LLDP-MED fast start period. By default, the device sends three packets per interval.
lldp enable Enables or disables LLDP globally. Syntax lldp enable Parameters None Default Enabled Command Mode CONFIGURATION Usage Information This command enables LLDP globally for all Ethernet PHY interfaces, except on those interfaces where you manually disable LLDP. The no version of this command disables LLDP globally irrespective of whether you manually disable LLDP on an interface. Example Supported Releases OS10(config)# lldp enable 10.3.
lldp med Enables or disables LLDP-MED on an interface. Syntax lldp med {enable | disable} Parameters ● enable — Enable LLDP-MED on the interface. ● disable — Disable LLDP-MED on the interface. Default Enabled with network-policy TLV Command Mode INTERFACE Usage Information LLDP-MED communicates the types of TLVs that the endpoint device and network-connectivity device support. Use the no lldp med or lldp med disable command to disable LLDP-MED on a specific interface.
lldp med network-policy (Interface) Attaches or deletes an LLDP-MED network policy to or from an interface. Syntax lldp med network-policy {add | remove} number Parameters ● add — Attach the network policy to an interface. ● remove — Remove the network policy from an interface. ● number — Enter a network policy index number, from 1 to 32. Default Not configured Command Mode INTERFACE Usage Information Attach only one network policy for per interface.
Supported Releases 10.4.3.0 or later lldp receive Enables or disables the LLDP packet reception on a specific interface. Syntax lldp receive Parameters None Default Not configured Command Mode INTERFACE Usage Information Enable LLDP globally on the system before using the lldp receive command. The no version of this command disables the reception of LLDP packets. Example Supported Releases OS10(conf-if-eth1/1/3)# lldp receive 10.2.
lldp tlv-select basic-tlv Enables or disables TLV attributes to transmit and receive LLDP packets. Syntax lldp tlv-select basic-tlv {port-description | system-name | systemdescription | system-capabilities | management-address [ipv4 | ipv6]} Parameters ● ● ● ● ● ● ● Default Enabled Command Mode INTERFACE Usage Information The no form of the command disables TLV attribute transmission and reception in LLDP packets.
● link-aggregation — Enable the link aggregation TLV. ● vlan-name — Configure dot1 TLVs to send and receive the names of VLANs in LLDP frames. Default Enabled. vlan-name is disabled. Command Mode INTERFACE Usage Information The link-aggregation parameter advertises link aggregation as a dot1 TLV in the LLDPDUs. The vlan-name parameter advertises the names of VLANs in LLDP frames. The no version of this command disables TLV transmissions.
lldp vlan-name-tlv allowed vlan Specifies a single or multiple VLANs' names to transmit in LLDPDUs. Syntax lldp vlan-name-tlv allowed vlan vlan-id Parameters vlan-id—Specify a single VLAN or multiple VLANs. Default Disabled Command Mode INTERFACE Usage Information This command specifies VLANs' names to transmit in LLDPDUs along with the configured default VLAN. If you do not use this command, the interface sends the name of the default VLAN if a name is configured.
System Name: 0075 Capabilities: Router, Bridge, Repeater System description: Dell EMC Networking OS10 Enterprise. Copyright (c) 1999-2019 by Dell Inc. All Rights Reserved. System Description: OS10 Enterprise. OS Version: 10.4.9999EX.
show lldp med Displays the LLDP MED information for all the interfaces. Syntax show lldp med Parameters None Default Not configured Command Mode EXEC Usage Information Use the show lldp interface command to view MED information for a specific interface.
Usage Information Example Example (Detail) This command status information includes local port ID, remote hostname, remote port ID, remote VLAN names, and remote node ID.
Example Supported Releases OS10# show lldp timers LLDP Timers: Holdtime in seconds: 120 Reinit-time in seconds: 6 Transmit interval in seconds: 30 10.2.0E or later show lldp tlv-select interface Displays the TLVs enabled for an interface. Syntax show lldp tlv-select interface ethernet node/slot/port[:subport] Parameters ethernet node/slot/port[:subport] — Enter the Ethernet interface information, from 1 to 253.
Example (Interface) OS10# show lldp traffic interface ethernet 1/1/2 LLDP Traffic Statistics: Total Frames Out : 45 Total Entries Aged : 1 Total Frames In : 33 Total Frames Received In Error : 0 Total Frames Discarded : 0 Total TLVS Unrecognized : 0 Total TLVs Discarded : 0 LLDP MED Traffic Statistics: Total Med Frames Out : Total Med Frames In : Total Med Frames Discarded : Total Med TLVS Discarded : Total Med Capability TLVS Discarded: Total Med Policy TLVS Discarded : Total Med Inventory TLVS Discarded
● Enter an aging time (in seconds) in CONFIGURATION mode, from 0 to 1000000, default 1800. mac address-table aging-time seconds Configure Aging Time OS10(config)# mac address-table aging-time 900 Disable Aging Time OS10(config)# mac address-table aging-time 0 Static MAC Address You manually configure a static MAC address entry. A static entry is not subject to aging. ● Create a static MAC address entry in the MAC address table in CONFIGURATION mode.
View MAC Address Table Count OS10# show mac address-table count MAC Entries for all vlans : Dynamic Address Count : Static Address (User-defined) Count : Total MAC Addresses in Use: 4 1 5 Clear MAC Address Table You can clear dynamic address entries that in the MAC address table maintains. ● Clear the MAC address table of dynamic entries in EXEC mode.
Supported Releases 10.2.0E or later mac address-table aging-time Configures the aging time for entries in the L2 address table. Syntax mac address-table aging-time seconds Parameters seconds — Enter the aging time for MAC table entries in seconds, from 0 to 1000000. Default 1800 seconds Command Mode CONFIGURATION Usage Information Set the aging timer to zero (0) to disable MAC address aging for all dynamic entries. The aging time counts from the last time that the device detected the MAC address.
● ● ● ● aging-time — (Optional) Displays MAC address table aging-time information. count — (Optional) Displays the number of dynamic and static MAC address entries. dynamic — (Optional) Displays dynamic MAC address table entries only. interface — Set the interface type: ○ ethernet node/slot/port[:subport] — Displays MAC address table information for a physical interface. ○ port-channel channel-number — Displays MAC address table information for a portchannel interface, from 1 to 128.
Supported STP modes The following variants of spanning-tree protocols are used in OS10 to provide a loop free layer 2 topology: ● Rapid Spanning Tree protocol can be seen as an evolution of the 802.1D standard. Primarily RSTP is created to address the slow convergence nature of STP protocol (802.1D). ● Multiple Spanning Tree protocol (MSTP) defined in IEEE standard (802.
places the port in an inconsistent state if the port receives superior BPDU. Root guard is enabled only on designated ports. The root guard configuration applies to all VLANs configured on the port. Loop guard Prevents L2 forwarding loops caused by a cable or interface hardware failure. When a hardware failure occurs, a participating spanning-tree link becomes unidirectional and the port stops receiving BPDUs.
Boundary: No, Bpdu-filter: Enable, Bpdu-Guard: Disable, Shutdown-on-Bpdu-Guardviolation: No Root-Guard: Disable, Loop-Guard: Disable Bpdus (MRecords) Sent: 6, Received: 6410 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID -----------------------------------------------------------------------------------------ethernet1/1/7 128.56 128 500 FWD 500 32769 90b1.1cf4.a625 128.
Recover from BPDU guard violations 1. When there is BPDU guard violation on a port, OS10 either shuts down the port or moves it to BLOCKED state. Use the following command in CONFIGURATION mode to shutdown the port. The no version of the command moves the port to BLOCKED state. errdisable detect cause bpduguard 2. In CONFIGURATION mode, use the following command to recover the ports from shutting down due to the detection of a BPDU Guard violation.
When you configure the MAC flush timer to a non-zero value and the threshold to zero, the system invokes instance-based flush once and starts the timer. When the timer expires, the system invokes an instance-based flush again. The show spanning-tree {brief | details | active} command displays the following information: Flush Interval 200 centi-sec, Flush Invocations 32 Flush Indication threshold 2 By default, this feature is enabled for RSTP, Rapid-PVST and MSTP.
This cmd allows the protocol to do dynamic cost calculation whenever the channel-members are added or deleted. By default, this dynamic path cost calculation is enabled. When dynamic path cost is disabled , protocol calculate the path cost when the port channel is coming up for the first time after creation or whenever dynamic path cost calculation is enabled and then disabled by management or when the user adds/ removes member port to/from the port channel.
OS10 supports auto edge feature . If the port does not receive BPDU for the hello-time + one second interval then it places the port into auto edge mode. If the edge port receives any BPDU, it looses the edge port property. ● Enable EdgePort on an interface in INTERFACE mode.
debug spanning-tree Enables STP to debug and display protocol information. Syntax debug spanning-tree {all | bpdu [tx | rx] | events} Parameters ● all — Debugs all spanning-tree operations. ● bpdu — Enter transmit (tx) or receive (rx) to enable the debug direction. ● events — Debugs STP events. Default Not configured Command Mode EXEC Usage Information None Example Supported Releases OS10# debug spanning-tree bpdu rx 10.5.
When the recovery option is enabled, the port is brought up after the recovery timer expires. When the recovery option is disabled, the port is shut down indefinitely. You must manually bring up the port using the shutdown and no shutdown commands. The no version of the command disables the recovery option. Example Supported Releases OS10(config)# errdisable recovery cause bpduguard 10.4.2.
spanning-tree bpdufilter Enables or disables BPDU filtering on an interface. Syntax spanning-tree bpdufilter {enable | disable} Parameters ● enable — Enables the BPDU filter on an interface. ● disable — Disables the BPDU filter on an interface. Default Disabled Command Mode INTERFACE Usage Information Use the enable parameter to enable BPDU filtering. Example Supported Releases OS10(conf-if-eth1/1/4)# spanning-tree bpdufilter enable 10.2.
spanning-tree guard Enables or disables loop guard or root guard on an interface. Syntax spanning-tree guard {loop | root | none} Parameters ● loop — Enables loop guard on an interface. ● root — Enables root guard on an interface. ● none — Sets the guard mode to none. Default Not configured Usage Information Root guard and loop guard configurations are mutually exclusive. Configuring one overwrites the other from the active configuration.
timer is set to a non-zero value, instance-based flushing occurs based on the MAC flush threshold value. The no version of this command resets the flush-interval timer to the default value. Example OS10(config)# spanning-tree mac-flush-timer 500 OS10(config)# no spanning-tree mac-flush-timer Supported Releases 10.4.3.0 or later spanning-tree mode rstp Enables an STP type: RSTP. Syntax spanning-tree mode rstp Parameters ● rstp — Sets STP mode to RSTP.
Usage Information Example None OS10# show errdisable detect Error-Disable Cause Detect Status ----------------------------------------------bpduguard Enabled OS10# show errdisable recovery Error-Disable Recovery Timer Interval: 300 seconds Error-Disable Reason Recovery Status --------------------------------------------------bpduguard Enabled Recovery Time left Interface Errdisable Cause (seconds) --------------------------------------------------------------------ethernet 1/1/1:1 bpduguard 273 ethernet 1
Rapid per-VLAN spanning-tree Rapid per-VLAN spanning-tree (Rapid-PVST) is used to create a single topology per VLAN. Rapid-PVST is enabled by default; it provides faster convergence than STP and runs on the default VLAN (VLAN 1). Configuring Rapid-PVST is a four-step process: 1. 2. 3. 4. Ensure the interfaces are in L2 mode. Place the interfaces in VLANs. By default, switchport interfaces are members of the default (VLAN1). Enable Rapid-PVST.
To achieve Rapid-PVST load balancing, assign a different priority on each bridge. Enable Rapid-PVST By default, Rapid-PVST is enabled and creates an instance during VLAN creation. To participate in Rapid-PVST, port-channel or physical interfaces must be a member of a VLAN. ● Enable Rapid-PVST mode in CONFIGURATION mode.
---ethernet1/1/5 No ethernet1/1/6 No ethernet1/1/7 No ethernet1/1/8 No ethernet1/1/9 No ethernet1/1/10 No ethernet1/1/25 No ethernet1/1/26 No ethernet1/1/27 No ethernet1/1/28 No Altr 128.40 128 500 BLK 500 AUTO Altr 128.48 128 500 BLK 500 AUTO Desg 128.56 128 500 FWD 500 AUTO Altr 128.64 128 500 BLK 500 AUTO Altr 128.72 128 500 BLK 500 AUTO Altr 128.80 128 500 BLK 500 AUTO Desg 128.200 128 500 FWD 500 AUTO Root 128.208 128 500 FWD 0 AUTO Altr 128.
VLAN 1 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 4097, Address 90b1.1cf4.a523 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 4097, Address 90b1.1cf4.a523 We are the root of VLAN 1 Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID --------------------------------------------------------------------------------ethernet1/1/1 128.260 128 200000000 FWD 0 32769 0000.0000.0000 128.
● Configure the device as the root or secondary root in CONFIGURATION mode. spanning-tree vlan vlan-id root {primary | secondary} ○ vlan-id — Enter the VLAN ID number, from 1 to 4093. ○ primary — Enter the bridge as primary or root bridge. The primary bridge value is 24576. ○ secondary — Enter the bridge as the secondary root bridge. The secondary bridge value is 28672.
Bridge ID Priority 32769, Address 90b1.1cf4.a523 We are the root of VLAN 1 Configured hello time 2, max age 20, forward delay 15 Rapid-PVST commands show spanning-tree vlan Displays Rapid-PVST status and configuration information by VLAN ID. Syntax show spanning-tree vlan vlan-id Parameters vlan vlan-id — Enter the VLAN ID number, from 1 to 4093.
● Port-channel with two 10 Gigabit Ethernet = 1000 ● Port-channel with two 100 Mbps Ethernet = 100000 Command Mode INTERFACE Usage Information The media speed of a LAN interface determines the STP port path cost default value. Example Supported Releases OS10(conf-if-eth1/1/4)# spanning-tree vlan 10 cost 1000 10.2.0E or later spanning-tree vlan disable Disables spanning tree on a specified VLAN. Syntax spanning-tree vlan vlan-id disable Parameters vlan-id — Enter the VLAN ID number, from 1 to 4093.
Command Mode CONFIGURATION Usage Information Forces a bridge that supports Rapid-PVST to operate in an STP-compatible mode. Example Supported Releases OS10(config)# spanning-tree rpvst force-version stp 10.2.0E or later spanning-tree vlan hello-time Sets the time interval between generation and transmission of Rapid-PVST BPDUs. Syntax spanning-tree vlan vlan-id hello-time seconds Parameters ● vlan-id — Enter the VLAN ID number, from 1 to 4093.
Parameters max-age seconds — Enter a maximum age value in seconds, from 6 to 40. Default 20 seconds Command Mode CONFIGURATION Usage Information None Example Supported Releases OS10(config)# spanning-tree vlan 10 max-age 10 10.2.0E or later spanning-tree vlan priority Sets the priority value for Rapid-PVST. Syntax spanning-tree vlan vlan-id priority priority value Parameters priority priority value — Enter a bridge-priority value in increments of 4096, from 0 to 61440.
● root — Designate the bridge as the primary or secondary root. ● primary — Designate the bridge as the primary or root bridge. ● secondary — Designate the bridge as the secondary or secondary root bridge. Default Not configured Command Mode CONFIGURATION Usage Information None Example Supported Releases OS10(config)# spanning-tree vlan 1 root primary 10.2.
View all port participating in RSTP OS10# show spanning-tree Spanning tree enabled protocol rstp with force-version rstp Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 3417.4455.667f Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 90b1.1cf4.
Interface Name Role PortID Prio Cost Sts Cost Link-type Edge ------------------------------------------------------------------------ethernet1/1/1 Disb 128.260 128 200000000 BLK 0 AUTO No ethernet1/1/2 Disb 128.264 128 200000000 BLK 0 AUTO No ethernet1/1/3 Disb 128.268 128 200000000 BLK 0 AUTO No ethernet1/1/4 Disb 128.272 128 200000000 BLK 0 AUTO No ethernet1/1/5:1 Disb 128.
Interface Name Role PortID Prio Cost Sts Cost Link-type Edge ---------------------------------------------------------ethernet1/1/1 Altr 128.244 128 500 BLK 0 AUTO No ethernet1/1/2 Altr 128.248 128 500 BLK 0 AUTO No ethernet1/1/3 Root 128.252 128 500 FWD 0 AUTO No ethernet1/1/4 Altr 128.256 128 500 BLK 0 AUTO No Interface parameters Set the port cost and port priority values on interfaces in L2 mode. Port cost Value based on the interface type. The previous table lists the default values.
Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 3417.4455.667f Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 36864, Address 90b1.1cf4.a523 Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ---------------------------------------------------------------------ethernet1/1/6:3 128.282 128 2000 FWD 0 32768 3417.4455.667f 128.152 ethernet1/1/6:4 128.283 128 2000 BLK 0 32768 3417.
ethernet1/1/1 ethernet1/1/2 ethernet1/1/3 ethernet1/1/4 Supported Releases Altr Altr Root Altr 128.244 128.248 128.252 128.256 128 128 128 128 500 500 500 500 BLK BLK FWD BLK 0 0 0 0 AUTO AUTO AUTO AUTO No No No No 10.2.0E or later spanning-tree mode rstp Enables an STP type: RSTP. Syntax spanning-tree mode rstp Parameters ● rstp — Sets STP mode to RSTP.
Example Supported Releases OS10(config)# spanning-tree rstp forward-time 16 10.2.0E or later spanning-tree rstp hello-time Sets the time interval between generation and transmission of RSTP BPDUs. Syntax spanning-tree rstp hello-time seconds Parameters seconds — Enter a hello-time interval value in seconds, from 1 to 10.
Usage Information Example Supported Releases None OS10(config)# spanning-tree rstp max-age 10 10.2.0E or later spanning-tree rstp priority Sets the priority value for RSTP. Syntax spanning-tree rspt priority priority value Parameters priority priority value — Enter a bridge-priority value in increments of 4096, from 0 to 61440. Valid priority values are: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440. All other values are rejected.
3. Ensure the same region name is configured in all the bridges running MST. 4. (Optional) Configure the revision number. The revision number is the same on all the bridges. Configure MSTP When you enable MST globally, all switch ports, port-channels, and VLAN interfaces get automatically assigned to MSTI zero (0). In a MSTI, only one path is enabled for forwarding. ● Enable MST in CONFIGURATION mode.
OS10(conf-mst)# instance 2 vlan 11-20 OS10(conf-mst)# instance 3 vlan 21-30 View VLAN instance mapping OS10# show spanning-tree mst configuration Region Name: Dell Revision: 100 MSTI VID 0 1,31-4093 1 2-10 2 11-20 3 21-30 View port forwarding/discarding state os10# show spanning-tree msti 0 brief Spanning tree enabled protocol msti with force-version mst MSTI 0 VLANs mapped 1-3999,4091-4093 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 90b1.1cf4.
ethernet1/1/14 128.112 128 200000000 BLK 0 32768 90b1.1cf4.a625 128.112 ethernet1/1/15 128.120 128 200000000 BLK 0 32768 90b1.1cf4.a625 128.120 ethernet1/1/16 128.128 128 200000000 BLK 0 32768 90b1.1cf4.a625 128.128 ethernet1/1/17 128.136 128 200000000 BLK 0 32768 90b1.1cf4.a625 128.136 ethernet1/1/18 128.144 128 200000000 BLK 0 32768 90b1.1cf4.a625 128.144 ethernet1/1/19 128.152 128 200000000 BLK 0 32768 90b1.1cf4.a625 128.152 ethernet1/1/20 128.160 128 200000000 BLK 0 32768 90b1.1cf4.a625 128.
ethernet1/1/10 AUTO No ethernet1/1/11 AUTO No ethernet1/1/12 AUTO No ethernet1/1/13 AUTO No ethernet1/1/14 AUTO No ethernet1/1/15 AUTO No ethernet1/1/16 AUTO No ethernet1/1/17 AUTO No ethernet1/1/18 AUTO No ethernet1/1/19 AUTO No ethernet1/1/20 AUTO No ethernet1/1/21 AUTO No ethernet1/1/22 AUTO No ethernet1/1/23 AUTO No ethernet1/1/24 AUTO No ethernet1/1/25 AUTO No ethernet1/1/26 AUTO No ethernet1/1/27 AUTO No ethernet1/1/28 AUTO No ethernet1/1/29 AUTO No ethernet1/1/30 AUTO No ethernet1/1/31 AUTO No ethern
Root Bridge hello time 2, max age 20, forward delay 15, max hops 20 Bridge ID Priority 32768, Address 90b1.1cf4.a523 Configured hello time 2, max age 20, forward delay 15, max hops 20 CIST regional root ID Priority 32768, Address 90b1.1cf4.a523 CIST external path cost 500 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID --------------------------------------------------------------------------ethernet1/1/5 128.276 128 500 FWD 0 32768 3417.4455.667f 128.146 ethernet1/1/6 128.
NOTE: Dell EMC recommends that only experienced network administrators change MST parameters. Poorly planned modification of MST parameters can negatively affect network performance. 1. Change the forward-time parameter in CONFIGURATION mode, from 4 to 30, default 15. spanning-tree mst forward-time seconds 2. Change the hello-time parameter in CONFIGURATION mode, from 1 to 10, default 2. Dell EMC recommends increasing the hello-time for large configurations, especially configurations with more ports.
● Port-channel with 10-Gigabit Ethernet interfaces — 1800 1. Change the port cost of an interface in INTERFACE mode, from 1 to 200000000. spanning-tree msti number cost 1 2. Change the port priority of an interface in INTERFACE mode, from 0 to 240 in increments of 16, default 128.
Example Supported Releases OS10(conf-mst)# name my-mst-region 10.2.0E or later revision Configures a revision number for the MSTP configuration. Syntax revision number Parameters number — Enter a revision number for the MSTP configuration, from 0 to 65535. Default 0 Command Mode MULTIPLE-SPANNING-TREE Usage Information To have a bridge in the same MST region as another, the default values for the revision number must match on all Dell EMC hardware devices.
Parameters ● msti instance — Enter the MST instance number, from 0 to 63. For Z9332F-ON platform, enter a MST instance value from 0 to 61. ● cost cost — (Optional) Enter a port cost value, from 1 to 200000000.
Example Supported Releases OS10(config)# spanning-tree mst 10 disable 10.4.0E(R1) or later spanning-tree mst force-version Configures a forced version of STP to transmit BPDUs. Syntax spanning-tree mst force-version {stp | rstp} Parameters ● stp — Forces the version for the BPDUs transmitted by MST to STP. ● rstp — Forces the version for the BPDUs transmitted by MST to RSTP.
Example Supported Releases OS10(config)# spanning-tree mst hello-time 5 10.2.0E or later spanning-tree mst mac-flush-threshold Configures the mac-flush threshold value for a specific instance. Syntax spanning-tree mst instance-number mac-flush-threshold threshold-value Parameters ● instance-number—Enter the instance number, from 0 to 4094. ● threshold-value—Enter the threshold value for the number of flushes, from 0 to 65535. The default value is 5.
Usage Information Example Supported Releases A device receiving BPDUs waits until the max-hops value expires before discarding it. When a device receives the BPDUs, it decrements the received value of the remaining hops and uses the resulting value as remaining-hops in the BPDUs. If the remaining MSTP 1333 hops reach zero, the device discards the BPDU and ages out any information that it holds for the port. The command configuration applies to all common IST (CIST) in the MST region.
Example (Brief) Example (Interface) Example (Guard) Example (virtualinterface) 506 Layer 2 OS10# show spanning-tree msti 0 brief Spanning tree enabled protocol msti with force-version mst MSTI 0 VLANs mapped 1-99,101-199,301-4093 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 90b1.1cf4.9b8a Root Bridge hello time 2, max age 20, forward delay 15, max hops 20 Bridge ID Priority 32768, Address 90b1.1cf4.
Command History 10.2.0E or later Virtual LANs VLANs segment a single flat L2 broadcast domain into multiple logical L2 networks. Each VLAN is uniquely identified by a VLAN ID or tag consisting of 12 bits in the Ethernet frame. VLAN IDs range from 1 to 4093 and provide a total of 4093 logical networks. You can assign ports on a single physical device to one or more VLANs creating multiple logical instances on a single physical device.
Create or remove VLANs You can create VLANs and add physical interfaces or port-channel LAG interfaces to the VLAN as tagged or untagged members. You can add an Ethernet interface as a trunk port or as an access port, but it cannot be added as both at the same time.
Last clearing of "show interface" counters Queueing strategy: fifo Time since last interface status change: Vlan 200 is up, line protocol is up Address is , Current address is Interface index is 69209064 Internet address is not set MTU 1532 bytes LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 240 Last clearing of "show interface" counters Queueing strategy: fifo Time since last interface status change: Vlan 320 is up, line protocol is up Address is , Current address is Interface index
Trunk mode A trunk port can be a member of multiple VLANs set up on an interface. A trunk port transmits traffic for all VLANs. To transmit traffic on a trunk port with multiple VLANs, OS10 uses tagging or the 802.1q encapsulation method. 1. Configure a port in INTERFACE mode. interface ethernet node/slot/port[:subport] 2. Change Switchport mode to Trunk mode in INTERFACE mode. switchport mode trunk 3. Enter the allowed VLANs on the trunk port in INTERFACE mode.
Assign IP address to VLAN OS10(config)# interface vlan 200 OS10(conf-if-vl-200)# ip address 10.1.15.
* i-Internal untagged, I-Internal tagged, v-VLT untagged, V-VLT tagged NUM Status Description Q Ports 1 up A Eth1/1/1-1/1/32 A Po40 200 up T Eth1/1/3:2 T Po40 A Eth1/1/31 320 up T Eth1/1/25:4 1/1/32 T Po40 A Eth1/1/3:1 View interface VLAN configuration OS10# show interface vlan Vlan 1 is up, line protocol is up Address is , Current address is Interface index is 69208865 Internet address is not set MTU 1532 bytes LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 240 Last clearing of "sh
VLAN ACLs get exhausted. If the VLAN ACL creation fails, it results in VLAN creation failure. As a result, there cannot be more than 256 VLANs in Fabric mode. When a VLAN is created with the uplink ports, a traffic class such as gold, silver, or platinum is assigned to the traffic on the VLAN. On receiving the configuration from GUI through DNV, the Fabric agent creates a classmap of type qos with the name CM which matches the same .
NOTE: In SmartFabric Services mode, creation of VLAN is disabled. Example Supported Releases OS10(config)# interface vlan 10 OS10(conf-if-vl-10)# 10.2.0E or later show vlan Displays VLAN configurations. Syntax show vlan vlan-id Parameters vlan-id — (Optional) Enter a VLAN ID number, from 1 to 4093. Default Not configured Command Mode EXEC Usage Information Use this command to view VLAN configuration information for a specific VLAN ID.
Configure local monitoring session 1. Verify that the intended monitoring port has no configuration other than no shutdown and no switchport. show running-configuration 2. Create a monitoring session in CONFIGURATION mode. monitor session session-id [local] 3. Enter the source and direction of the monitored traffic in MONITOR-SESSION mode. source interface interface-type {both | rx | tx} 4. Enter the destination of traffic in MONITOR-SESSION mode.
Session and VLAN requirements RPM requires the following: ● Source session, such as monitored ports on different source devices. ● Reserved tagged VLAN for transporting monitored traffic configured on source, intermediate, and destination devices. ● Destination session, where destination ports connect to analyzers on destination devices. Configure any network device with source and destination ports.
Restrictions ● When you use a source VLAN, enable flow-based monitoring using the flow-based enable command. ● In a source VLAN, only received (rx) traffic is monitored. ● If the port channel or VLAN has a member port configured as a destination port in a remote port monitoring session, you cannot configure a source port channel or source VLAN in a source session.
● ● ● ● ● ● ● ● ● ● ● ● ● The destination IP address must be on a remote L3 node that supports standard GRE decapsulation. If the destination IP address is not reachable, the session goes down. OS10 does not support an ERPM destination session and decapsulation of ERPM packets at the destination switch. You can configure a maximum of four ERPM sessions with a maximum of 128 source ports in each session.
------------------------------------------------------------------------------------------------6 ethernet1/1/2 remote-ip both port 1.1.1.1 3.3.3.3 63 16 35006 true Is UP View running configuration of monitor session OS10# show running-configuration monitor ! monitor session 10 type erpm-source source-ip 1.1.1.1 destination-ip 3.3.3.3 source interface ethernet1/1/2 no shut Flow-based monitoring Flow-based monitoring conserves bandwidth by inspecting only specified traffic instead of all interface traffic.
Remote port monitoring on VLT In a network, devices you configure with peer VLT nodes are considered as a single device. You can apply remote port monitoring (RPM) on the VLT devices in a network. In a failover case, the monitored traffic reaches the packet analyzer connected to the top-of-rack (ToR) through the VLT interconnect link. NOTE: ● In VLT devices configured with RPM, when the VLT link is down, the monitored packets might drop for some time.
Table 70. RPM on VLT scenarios Scenario Recommendation seq 10 permit any any capture session 10 ! interface ethernet 1/1/1 no shutdown switchport access vlan 1 mac access-group local in ! 2. Create a flow-based local session on the VLT device to monitor the VLTi LAG interface member (Ethernet 1/1/1) as source.
Port monitoring commands description Configures a description for the port monitoring session. The monitoring session can be: local, RPM, or ERPM. Syntax description string Parameters string—Enter a description of the monitoring session. A maximum of 255 characters. Default Not configured Command Mode MONITOR-SESSION Usage Information The no version of this command removes the description text.
Default Disabled Command Mode MONITOR-SESSION Usage Information The no version of this command disables the flow-based monitoring. Example OS10(conf-mon-local-1)# flow-based enable OS10(conf-mon-rpm-source-2)# flow-based enable OS10(conf-mon-erpm-source-3)# flow-based enable Supported Releases 10.2.0E or later ip Configures the IP time-to-live (TTL) value and the differentiated services code point (DSCP) value for the ERPM traffic.
Example (RPM) Example (ERPM) Supported Releases OS10(config)# monitor session 5 type rpm-source OS10(conf-mon-rpm-source-5)# OS10(config)# monitor session 10 type erpm-source OS10(conf-mon-erpm-source-10)# 10.2.0E or later show monitor session Displays information about a monitoring session. Syntax show monitor session {session-id | all} Parameters ● session-id—Enter the session ID number, from 1 to 18. ● all—View all monitoring sessions.
Example OS10(config)# monitor session 1 OS10(conf-mon-local-1)# no shut OS10(config)# monitor session 5 type rpm-source OS10(conf-mon-rpm-source-5)# no shut OS10(config)# monitor session 10 type erpm-source OS10(conf-mon-erpm-source-10)# no shut Supported Releases 10.2.0E or later source Configures a source for port monitoring. The monitoring session can be: local, RPM, or ERPM.
Command Mode MONITOR-SESSION Usage Information Example Supported Releases 526 Layer 2 OS10(config)# monitor session 10 OS10(conf-mon-erpm-source-10)# source-ip 10.16.132.181 destination-ip 172.16.10.11 gre-protocol 35006 10.4.
14 Layer 3 Bidirectional forwarding detection (BFD) Provides rapid failure detection in links with adjacent routers (see BFD commands). Border Gateway Protocol (BGP) Provides an external gateway protocol that transmits inter-domain routing information within and between autonomous systems (see BGP Commands). Equal Cost Multi- Provides next-hop packet forwarding to a single destination over multiple best paths (see ECMP Path (ECMP) Commands).
You can enable various services in both management or default VRF instances. The services that are supported in the management and default VRF instances are: Table 71.
Or management route ipv6-address prefix-length managementethernet You can also configure the management route to direct traffic to a physical interface. For example: management route 10.1.1.0/24 managementethernet Or management route 2::/64 managementethernet Configure non-default VRF instances In addition to a management VRF instance and default VRF, OS10 also supports non-default VRF instances. You can create a maximum of 512 non-default VRF instances.
Assigning a loopback interface to a non-default VRF instance After creating a non-default VRF instance you can associate a loopback interface to the VRF instance that you created. To assign a loopback interface to a non-default VRF, perform the following steps: 1. Enter the loopback interface that you want to assign to a non-default VRF instance. CONFIGURATION interface loopback 5 2. Assign the interface to a non-default VRF.
1. Enter the management VRF instance. CONFIGURATION ip vrf management 2. Remove the IPv4 address associated with the interface. INTERFACE CONFIGURATION no ip address 3. Remove the IPv6 address associated with the interface. INTERFACE CONFIGURATION no ipv6 address 4. Assign the management interface back to the default VRF instance.
Figure 7. Setup VRF Interfaces Router 1 ip vrf blue ! ip vrf orange ! ip vrf green ! interface ethernet 1/1/1 no shutdown switchport mode trunk switchport access vlan 1 switchport trunk allowed vlan 128,192,256 flowcontrol receive off ! interface ethernet1/1/2 no shutdown no switchport ip vrf forwarding blue ip address 20.0.0.
no switchport ip vrf forwarding orange ip address 30.0.0.1/24 ! interface ethernet1/1/4 no shutdown no switchport ip vrf forwarding green ip address 40.0.0.1/24 ! interface vlan128 mode L3 no shutdown ip vrf forwarding blue ip address 1.0.0.1/24 ! interface vlan192 mode L3 no shutdown ip vrf forwarding orange ip address 2.0.0.1/24 ! ! interface vlan256 mode L3 no shutdown ip vrf forwarding green ip address 3.0.0.1/24 ! ip route vrf green 31.0.0.0/24 3.0.0.
ip vrf forwarding orange ip address 2.0.0.2/24 ! interface vlan256 mode L3 no shutdown ip vrf forwarding green ip address 3.0.0.2/24 ! ip route vrf green 30.0.0.0/24 3.0.0.
Router 2 show command output OS10# show ip vrf VRF-Name blue Interfaces Eth1/1/5 Vlan128 default Mgmt1/1/1 Vlan1,24-25,200 green Eth1/1/7 Vlan256 orange Eth1/1/6 Vlan192 OS10# show ip route vrf blue Codes: C - connected S - static B - BGP, IN - internal BGP, EX - external BGP O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, * - candidate default, + - summary route, > - non-active route Gateway of las
Static route leaking Route leaking enables routes that are configured in a default or non-default VRF instance to be made available to another VRF instance. You can leak routes from a source VRF instance to a destination VRF instance. The routes need to be leaked in both source and destination VRFs to achieve end-to-end traffic flow. If there are any connected routes in the same subnet as statically leaked routes, then the connected routes take precedence.
OS10(config)# do show ip route vrf VRF1 Codes: C - connected S - static B - BGP, IN - internal BGP, EX - external BGP O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, * - candidate default, + - summary route, > - non-active route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change --------------------------------------------------------------------------------------------------C 120
CONFIGURATION ip vrf destination-vrf-name ip route-import 1:1 The routes that you exported from the source VRF instance are now available in the destination VRF instance. Route leaking using route maps You can leak routes in one VRF instance to another VRF instance using route maps. To leak routes in one VRF instance using route maps: 1. Enter the VRF from which you want to leak routes using route targets. CONFIGURATION ip vrf source-vrf-name ip vrf VRF-A 2. Configure the IP prefix.
ip route-import route-target ip route-import 1:1 OS10(config)#interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ip vrf forwarding VRF1 OS10(conf-if-eth1/1/1)# ip address 120.0.0.1/24 OS10(config)#interface ethernet 1/1/2 OS10(conf-if-eth1/1/2)# ip vrf forwarding VRF2 OS10(conf-if-eth1/1/2)# ip address 140.0.0.1/24 OS10(config)#ip route vrf VRF1 160.0.0.0/24 120.0.0.
2. Configure loopback interfaces. Assign the loopback interfaces as source interfaces for the VRF. VTEP1(config)# interface loopback 2 VTEP1(conf-if-lo-2)# ip vrf forwarding GREEN VTEP1(conf-if-lo-2)# ip address 51.1.1.1/32 VTEP1(conf-if-lo-2)# exit VTEP1(config)# interface loopback 3 VTEP1(conf-if-lo-3)# ip vrf forwarding RED VTEP1(conf-if-lo-3)# ip address 52.1.1.
Example: Route leaking between VRFs with symmetric IRB routing With symmetric IRB routing, the virtual networks to which the hosts are connected might be disjoint or stretched virtual networks. A disjoint virtual network does not span across VTEPs whereas a stretched virtual network spans across VTEPs. In this example, the virtual networks are disjoint. ● ● ● ● VTEP1 has virtual network 10 configured in tenant VRF GREEN. VTEP2 has virtual network 20 configured in tenant VRF RED.
VTEP1(config)# ip vrf RED VTEP1(conf-vrf)# update-source-ip loopback 3 VTEP1(conf-vrf)# exit 3. Leak the client-connected networks to the tenant VRF to which the client is connected. VTEP1(config)# ip route vrf RED 10.1.1.0/24 interface virtual-network 10 VTEP1(config)# ip route vrf RED 51.1.1.2/32 interface loopback 2 4. Advertise the client network-leaked routes through EVPN type-5 routes to the server-connected VRF.
VRF commands interface management Adds a management interface to the management VRF instance. Syntax interface management Parameters None Default Not configured Command Mode VRF CONFIGURATION Usage Information The no version of this command removes the management interface from the management VRF instance. Example Supported Releases OS10(config)# ip vrf management OS10(conf-vrf)# interface management 10.4.
Command Mode CONFIGURATION Usage Information The no version of this command removes the domain name from the management or non-default VRF instance. Example Supported Releases OS10(config)# ip domain-name vrf management dell.com or OS10(config)# ip domain-name vrf blue dell.com 10.4.0E(R1) or later ip vrf Create a non-default VRF instance. Syntax ip vrf vrf-name Parameters ● vrf-name—Enter the name of the non-default VRF that you want to create.
ip host vrf Configures a hostname for the management VRF instance or a non-default VRF instance and maps the hostname to an IPv4 or IPv6 address. Syntax ip host vrf {management | vrf-name} hostname {IP-address | Ipv6–address} Parameters ● management—Enter the keyword management to configure a hostname for the management VRF instance. ● vrf-name—Enter the name of the non-default VRF instance to configure a hostname for that VRF instance. ● hostname—Enter the hostname.
Command Mode CONFIGURATION Usage Information The no version of this command removes the name server from the management or non-default VRF instance. Example Supported Releases OS10(config)# ip name-server vrf management or OS10(config)# ip name-server vrf blue 10.4.0E(R1) or later ip route-import Imports an IPv4 route into a VRF instance from another VRF instance.
ipv6 route-import Imports an IPv6 route into a VRF instance from another VRF instance. Syntax [no] ipv6 route-import route-target Parameters ● route-target—Enter the route-target of the VRF instance. Default Not configured Command Mode VRF CONFIG Usage Information You can import IPv6 routes corresponding only to a nondefault or a default VRF instance. You cannot import IPv6 routes that belong to a management VRF instance into another VRF instance.
Example Supported Releases OS10(config)# ip scp vrf management OS10(config)# ip scp vrf vrf-blue 10.4.0E(R1) or later ip sftp vrf Configures an SFTP client for the management or non-default VRF instance. Syntax ip sftp vrf {management | vrf vrf-name} Parameters ● management — Enter the keyword to configure an SFTP client for a management VRF instance. ● vrf vrf-name — Enter the keyword then the name of the VRF to configure an SFTP client for that non-default VRF instance.
Usage Information Example Supported Releases Enter the ip vrf management command only in non-transaction-based configuration mode. Do not use transaction-based mode. The no version of this command removes the management VRF instance configuration. OS10(config)# ip vrf management OS10(conf-vrf)# 10.4.0E(R1) or later show hosts vrf Displays the host table in the management or non-default VRF instance.
Eth1/1/1-1/1/2 Vlan1 management OS10# show ip vrf management VRF-Name Interfaces management Supported Releases 10.4.0E(R1) or later update-source-ip Configures a source IP interface for any leaked route in a VRF instance. Syntax update-source-ip interface interface-id To undo this configuration, use the no update-source-ip command. Parameters ● interface interface-id — Enter the loopback interface identifier. The range is from 0 to 16383.
● The active router starts the BFD session. Both routers can be active in the same session. ● The passive router does not start a session. It only responds to a request for session initialization from the active router. A BFD session can occur in Asynchronous and Demand modes. However, OS10 BFD supports only Asynchronous mode. ● In Asynchronous mode, both systems send periodic control messages at a specified interval to indicate that their session status is Up.
2. When the passive system receives a control packet, it changes its session state to Init and sends a response to indicate its state change. The response includes its session ID in the My Discriminator field and the session ID of the remote system in the Your Discriminator field. 3. The active system receives the response from the passive system and changes its session state to Up. It then sends a control packet to indicate this state change. Discriminator values exchange, and transmit intervals negotiate.
Configure BFD globally Before you configure BFD for static routing or a routing protocol, configure BFD globally on each router, including the global BFD session settings. BFD is disabled by default. 1. Configure the global BFD session parameters in CONFIGURATION mode. bfd interval milliseconds min_rx milliseconds multiplier number role {active | passive} ● interval milliseconds — Enter the time interval for sending control packets to BFD peers, from 100 to 1000. The default is 200.
BFD for BGP example In this BFD for BGP configuration example, Router 1 and Router 2 use eBGP in a transit network to interconnect AS1 and AS2. The eBGP routers exchange information with each other and with iBGP routers to maintain connectivity and accessibility within each autonomous system. When you configure a BFD session with a BGP neighbor, you can: ● Establish a BFD session with a specified BGP neighbor using the neighbor ip-address and bfd commands.
the detection interval, the router informs any clients of the BFD session, and other routing protocols, about the failure. It then depends on the routing protocol that uses the BGP link to determine the appropriate response to the failure condition. The normal response is to terminate the peering session for the routing protocol and reconverge by bypassing the failed neighboring router. A log message generates whenever BFD detects a failure condition.
BFD for BGP all-neighbors configuration OS10(conf)# bfd interval 200 min_rx 200 multiplier 6 role active OS10(conf)# bfd enable OS10(conf)# router bgp 4 OS10(config-router-bgp-4)# bfd all-neighbors interval 200 min_rx 200 multiplier 6 role active BFD for BGP single-neighbor configuration OS10(conf)# bfd interval 200 min_rx 200 multiplier 6 role active OS10(conf)# bfd enable OS10(conf)# router bgp 1 OS10(config-router-bgp-1)# neighbor 150.150.1.
30.1.1.1 101 787 779 11:15:35 0 OS10(config-router-bgp-101)# show ip bgp neighbors BGP neighbor is 20.1.1.1, remote AS 101, local AS 101 internal link BGP version 4, remote router ID 30.1.1.
Establishing BFD sessions with OSPFv2 neighbors You can establish BFD sessions with all OSPF neighbors at one go. Alternatively, you can also establish BFD sessions with OSPF neighbors corresponding to a single OSPF interface. To establish BFD sessions with OSPFv2 neighbors: 1. Enable BFD globally bfd enable CONFIGURATION Mode 2. Enter ROUTER-OSPF mode router ospf ospf-instance CONFIGURATION Mode 3. Establish sessions with all OSPFv2 neighbors. bfd all-neighbors ROUTER-OSPF Mode 4.
bfd all-neighbors OS10# show running-configuration ospf ! interface vlan200 no shutdown ip vrf forwarding red ip address 20.1.1.1/24 ip ospf 200 area 0.0.0.0 ip ospf bfd all-neighbors disable ! interface vlan300 no shutdown ip vrf forwarding red ip address 30.1.1.1/24 ip ospf 200 area 0.0.0.0 ! router ospf 200 vrf red bfd all-neighbors log-adjacency-changes router-id 2.3.3.1 ! In this example OSPF is enabled in non-default VRF red.
ip ospf bfd all-neighbors disable INTERFACE CONFIGURATION Mode To re-enable BFD, disabled the interface alone using the following commands: ● no ip ospf bfd all-neighbors command ● ip ospf bfd all-neighbors Configure BFD for OSPFv3 BFD for OSPFv3 provides support for IPv6: 1. Enable BFD Globally. 2. Establish sessions with OSPFv3 neighbors. Establishing BFD sessions with OSPFv3 neighbors To establish BFD sessions with OSPFv3 neighbors: 1. Enable BFD globally bfd enable CONFIGURATION Mode 2.
VRF CONFIGURATION Mode 6. Establish BFD session with OSPFv3 neighbors in a single OSPF interface in a non-default VRF instance. ipv6 ospf bfd all-neoghbors VRF CONFIGURATION Mode 7. Enter ROUTER-OSPF mode in a non-default VRF instance. router ospf ospf-instance vrf vrf-name CONFIGURATION Mode 8. Establish BFD sessions with all OSPFv2 instances in a non-default VRF. bfd all-neighbors Changing OSPFv3 session parameters Configure BFD sessions with default intervals and a default role.
When you configure BFD, next-hop reachability depends on the BFD state of the BFD session corresponding to the specified next hop. If the BFD session of the configured next hop is down, the static route is not installed in the RIB. The BFD session must be up for the static route. You must configure BFD on both the peers pointing to its neighbor as the next hop. There is no dependency on the configuration order of the static route and BFD configuration.
NOTE: By default, OSPF uses the following BFD parameters for its neighbors: min_tx = 200 msec, min_rx = 200 msec, multiplier = 3, role = active. Disabling BFD for IPv4 Static Routes If you disable BFD, all static route BFD sessions are torn down. A final Admin Down packet is sent to all neighbors on the remote systems, and those neighbors change to the Down state. To disable BFD for IPv4 static routes, use the following command. Disable BFD for static routes.
Disabling BFD for IPv6 Static Routes To disable BFD for IPv6 static routes, use the following command. Disable BFD for static routes. no ipv6 route bfd CONFIGURATION Mode BFD commands bfd Enables BFD sessions with specified neighbors. Syntax bfd Parameters None Default Not configured Command Mode ROUTER-NEIGHBOR ROUTER-TEMPLATE Usage Information Example ● Use the bfd command to configure BFD sessions with a specified neighbor or neighbors which inherit a BGP template.
● multiplier number — Enter the maximum number of consecutive packets that must not be received from a BFD peer before the session state changes to Down; from 3 to 50. ● role {active | passive} — Enter active if the router initiates BFD sessions. Both BFD peers can be active at the same time. Enter passive if the router does not initiate BFD sessions, and only responds to a request from an active BFD to initialize a session.
Usage Information Example Supported releases Before you configure BFD for static routing or a routing protocol, enable BFD globally on each router in a BFD session. To globally disable BFD on all interfaces, enter the no bfd enable command. OS10(config)# bfd enable 10.4.1.0 or later bfd interval Configures parameters for all BFD sessions on the switch.
● role {active | passive} — Enter active if the router initiates BFD sessions. Both BFD peers can be active at the same time. Enter passive if the router does not initiate BFD sessions, and only responds to a request from an active BFD to initialize a session. Default The time interval for sending control packets to BFD peers is 200 milliseconds. The maximum waiting time for receiving control packets from BFD peers is 200 milliseconds.
ip route bfd Enables or disables BFD on static routes. Syntax ip route[vrf vrf-name] bfd [interval interval min_rx wait-time multiplier number role {active | passive}] Parameters ● vrf vrf-name — Enter vrf and then the name of the VRF to configure static route in that VRF. ● interval milliseconds — Enter the time interval for sending control packets to BFD peers; from 100 to 1000. Dell EMC recommends using more than 100 milliseconds.
Command Mode CONFIG Usage Information ● Use this command to enable or disable BFD for all the configured IPv6 static routes for the specified VRF. If you do not specify a VRF name, the command is applicable for the default VRF. The no version of this command disables BFD on an IPv6 static route. Example Supported releases OS10(config)# ipv6 route bfd interval 250 min_rx 250 multiplier 4 role active 10.4.
TX: 200ms, RX: 200ms, Multiplier: 49 Role: active VRF: default Client Registered: bgp Uptime: 01:58:09 Statistics: Number of packets received from neighbor: 7138 Number of packets sent to neighbor: 7138 Supported releases 10.4.1.0 or later Border Gateway Protocol Border Gateway Protocol (BGP) is an interautonomous system routing protocol that transmits interdomain routing information within and between autonomous systems (AS). BGP exchanges network reachability information with other BGP systems.
BGP uses a path-vector protocol that maintains dynamically updated path information. Path information updates which return to the originating node are detected and discarded. BGP does not use a traditional Internal Gateway Protocol (IGP) matrix but makes routing decisions based on path, network policies, and/or rule sets. Full-mesh topology In an AS, a BGP network must be in full mesh for routes received from an internal BGP peer to send to another IBGP peer.
● FF00::/8 FE80::/16 ● ::0002-::FFFF- all prefixes Route reflectors Route reflectors (RRs) reorganize the IBGP core into a hierarchy and allow route advertisement rules. Route reflection divides IBGP peers into two groups — client peers and nonclient peers. ● If a route is received from a nonclient peer, it reflects the route to all client peers ● If a route is received from a client peer, it reflects the route to all nonclient and client peers An RR and its client peers form a route reflection cluster.
Attributes Routes learned using BGP have associated properties that are used to determine the best route to a destination when multiple paths exist to a particular destination. These properties are called BGP attributes which influence route selection for designing robust networks. There are no hard coded limits on the number of supported BGP attributes.
8. If you enable the bgp bestpath router-id ignore command and: ● If the Router-ID is the same for multiple paths because the routes were received from the same route—skip this step. ● If the Router-ID is not the same for multiple paths, prefer the path that was first received as the Best Path. The path selection algorithm returns without performing any of the checks detailed. 9. Prefer the external path originated from the BGP router with the lowest router ID.
One AS assigns the MED a value. Other AS uses that value to decide the preferred path. Assume that the MED is the only attribute applied and there are two connections between AS 100 and AS 200. Each connection is a BGP session. AS 200 sets the MED for its Link 1 exit point to 100 and the MED for its Link 2 exit point to 50. This sets up a path preference through Link 2. The MEDs advertise to AS 100 routers so they know which is the preferred path. MEDs are nontransitive attributes.
Best path selection Best path selection selects the best route out of all paths available for each destination, and records each selected route in the IP routing table for traffic forwarding. Only valid routes are considered for best path selection. BGP compares all paths, in the order in which they arrive, and selects the best paths. Paths for active routes are grouped in ascending order according to their neighboring external AS number.
Advertise cost As the default process for redistributed routes, OS10 supports IGP cost as MED. Both autosummarization and synchronization are disabled by default. BGPv4 and BGPv6 support ● Deterministic MED, default ● A path with a missing MED is treated as worst path and assigned an 0xffffffff MED value. ● Delayed configuration at system boot—OS10 reads the entire configuration file BEFORE sending messages to start BGP peer sessions.
The Local-AS does not prepend the updates with the AS number received from the EBGP peer if you use the no prepend command. If you do not select no prepend, the default, the Local-AS adds to the first AS segment in the AS-PATH. If you use an inbound route-map to prepend the AS-PATH to the update from the peer, the Local-AS adds first. If Router B has an inbound route-map applied on Router C to prepend 65001 65002 to the AS-PATH, these events take place on Router B: ● Receive and validate the update.
● In the ROUTER BGP mode, enter the router-id ip-address command. Where in, ip-address is the IP address corresponding to a configured L3 interface (physical, loopback, or LAG). BGP is disabled by default. The system supports one AS number — you must assign an AS number to your device. To establish BGP sessions and route traffic, configure at least one BGP neighbor or peer. In BGP, routers with an established TCP connection are called neighbors or peers.
For the router ID, the system selects the first configured IP address or a random number. To view the status of BGP neighbors, use the show ip bgp neighbors command. For BGP neighbor configuration information, use the show running-config bgp command. The example shows two neighbors — one is an external BGP neighbor; and the other is an internal BGP neighbor. The first line of the output for each neighbor displays the AS number and states if the link is external or internal.
5. Enable the BGP neighbor in ROUTER-NEIGHBOR mode. no shutdown 6. (Optional) Add a description text for the neighbor in ROUTER-NEIGHBOR mode. description text To reset the configuration when you change the configuration of a BGP neighbor, use the clear ip bgp * command. To view the BGP status, use the show ip bgp summary command. Configure BGP OS10# configure terminal OS10(config)# router bgp 100 OS10(config-router-bgp-100)# vrf blue OS10(config-router-vrf)# neighbor 5.1.1.
1. Enable BGP and assign the AS number in CONFIGURATION mode, from 0.1 to 65535.65535 or 1 to 4294967295. OS10# configure terminal OS10(config)# router bgp 100 2. Use one of the following commands to enter the respective ADDRESS-FAMILY mode from ROUTER-BGP mode: IPv4: address-family ipv4 unicast IPv6: address-family ipv6 unicast 3. Change the administrative distance for BGP from the respective ADDRESS-FAMILY mode.
6. Add a neighbor as a remote AS in ROUTER-TEMPLATE mode, from 1 to 65535 for 2 bytes, 1 to 4294967295 | 0.1 to 65535.65535 for 4 byte, or 0.1 to 65535.65535, in dotted format. neighbor ip-address 7. (Optional) Add a remote neighbor, and enter the AS number in ROUTER-TEMPLATE mode. remote-as as-number ● To add an EBGP neighbor, configure the as-number parameter with a number different from the BGP as-number configured in the router bgp as-number command.
100.5.1.1 100.6.1.1 64802 64802 376 376 325 327 04:28:25 04:26:17 1251 1251 View running configuration OS10# show running-configuration bgp ! router bgp 64601 bestpath as-path multipath-relax bestpath med missing-as-worst non-deterministic-med router-id 100.0.0.8 ! template leaf_v4 description peer_template_1_abcd ! address-family ipv4 unicast distribute-list leaf_v4_in in distribute-list leaf_v4_out out route-map set_aspath_prepend in ! neighbor 100.5.1.
6. (Optional) Add a text description for the template in ROUTER-TEMPLATE mode. description text 7. Assign a peer-template with a peer-group name from which to inherit to the neighbor in ROUTER-NEIGHBOR mode. inherit template template-name 8. Enable the neighbor in ROUTER-BGP mode. neighbor ip-address 9. Enable the peer-group in ROUTER-NEIGHBOR mode.
OS10(config-router-neighbor)# fall-over OS10(config-router-neighbor)# no shutdown Verify neighbor fall-over on neighbor OS10(config-router-neighbor)# do show ip bgp neighbors 3.1.1.1 BGP neighbor is 3.1.1.1, remote AS 100, local AS 100 internal link BGP version 4, remote router ID 3.3.3.
! remote-as 102 Configure password You can enable message digest 5 (MD5) authentication with a password on the TCP connection between two BGP neighbors. Configure the same password on both BGP peers. When you configure MD5 authentication between two BGP peers, each segment of the TCP connection is verified and the MD5 digest is checked on every segment sent on the TCP connection. Configuring a password for a neighbor establishes a new connection.
remote-as 10 no shutdown Peer 2 in ROUTER-NEIGHBOR mode OS10# configure terminal OS10(config)# interface ethernet 1/1/5 OS10(conf-if-eth1/1/5)# no switchport ip OS10(conf-if-eth1/1/5)# ip address 11.1.1.2/24 OS10(conf-if-eth1/1/5)# router bgp 20 OS10(config-router-bgp-20)# neighbor 11.1.1.
! address-family ipv6 unicast activate OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# show configuration ! interface ethernet1/1/1 ip address 3.1.1.3/24 no switchport no shutdown ipv6 address 3::3/64 OS10(conf-if-eth1/1/1)# shutdown OS10(conf-if-eth1/1/1)# do show ip bgp summary BGP router identifier 11.11.11.11 local AS number 300 Neighbor AS Up/Down State/Pfx 3.1.1.
When a BGP neighbor connection with authentication rejects a passive peer-template, the system prevents another passive peer-template on the same subnet from connecting with the BGP neighbor. To work around this constraint, change the BGP configuration or change the order of the peer template configuration. You can restrict the number of passive sessions the neighbor accepts using the limit command. 1.
Allow external routes from neighbor OS10(config)# router bgp 10 OS10(conf-router-bgp-10)# neighbor 32.1.1.2 OS10(conf-router-neighbor)# local-as 50 OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-10)# template bgppg1 OS10(conf-router-template)# fall-over OS10(conf-router-template)# local-as 400 OS10(conf-router-template)# remote-as 102 Local AS number disabled OS10(config)# router bgp 102 OS10(conf-router-bgp-102)# neighbor 32.1.1.
OS10(config-router-bgp-neighbor-af)# activate OS10(config-router-bgp-neighbor-af)# allowas-in 1 OS10(config-router-bgp-neighbor-af)# end OS10# show running-configuration bgp ! router bgp 100 ! neighbor 172:16:1::2 remote-as 100 no shutdown ! address-family ipv6 unicast activate allowas-in 1 OS10# show ip bgp BGP local RIB : Routes to be Added , Replaced , Withdrawn BGP local router ID is 100.1.1.
3. Enter Address Family mode in ROUTER-NEIGHBOR mode. address-family {[ipv4 | ipv6] [unicast]) 4. Allow the specified neighbor to send or receive multiple path advertisements in ROUTER-BGP mode. The count parameter controls the number of paths that are advertised — not the number of paths received. add-path [both | received | send] count Enable additional paths OS10(config)# router bgp 102 OS10(conf-router-bgp-102)# neighbor 32.1.1.
4. Enter the neighbor to apply the route map configuration in ROUTER-BGP mode. neighbor {ip-address} 5. Apply the route map to the neighbor’s incoming or outgoing routes in ROUTER-BGP-NEIGHBOR-AF mode. route-map map-name {in | out) 6. Enter the peer group to apply the route map configuration in ROUTER-BGP mode. template template-name 7. Apply the route map to the peer group’s incoming or outgoing routes in CONFIG-ROUTER-TEMPLATE-AF mode.
5. Set a weight value for the route in ROUTER-TEMPLATE mode. weight weight Modify weight attribute OS10(config)# router bgp 10 OS10(config-router-bgp-10)# neighbor OS10(config-router-neighbor)# weight OS10(config-router-neighbor)# exit OS10(config-router-bgp-10)# template OS10(config-router-template)# weight 10.1.1.4 400 zanzibar 200 Enable multipath You can have one path to a destination by default, and enable multipath to allow up to 64 parallel paths to a destination.
Filter BGP route OS10(config)# router bgp 102 OS10(conf-router-bgp-102)# neighbor 40.1.1.2 OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-bgp-neighbor-af)# route-map metro in OS10(conf-router-bgp-neighbor-af)# exit OS10(conf-router-bgp-102)# template ebgp OS10(conf-router-template)# address-family ipv4 unicast OS10(conf-router-bgp-template-af)# route-map metro in Route reflector clusters BGP route reflectors are intended for ASs with a large mesh.
2. Enter Address Family mode in ROUTER-BGP mode. address-family {[ipv4 | ipv6] [unicast]} 3. Aggregate address in ROUTER-BGPv4-AF mode. aggregate-address ip-address/mask Configure aggregate routes OS10(config)# router bgp 105 OS10(conf-router-bgp-105)# address-family ipv4 unicast OS10(conf-router-bgpv4-af)# aggregate-address 3.3.0.
OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-65501)# end OS10# show running-configuration bgp ! router bgp 65501 confederation identifier 100 confederation peers 65502 65503 65504 ! neighbor 1.1.1.2 remote-as 65502 no shutdown ! neighbor 2.1.1.2 remote-as 65503 no shutdown ! neighbor 3.1.1.2 remote-as 65504 no shutdown Route dampening When EBGP routes become unavailable, they “flap” and the router issues both WITHDRAWN and UPDATE notices.
Configure values to reuse or restart route OS10(config)# router bgp 102 OS10(conf-router-bgp-102)# address-family ipv4 unicast OS10(conf-router-bgpv4-af)# dampening 2 2000 3000 10 View dampened (nonactive) routes OS10# show ip bgp flap-statistics BGP local router ID is 13.176.123.
Neighbor soft-reconfiguration BGP soft-reconfiguration allows for fast route changes. Changing routing policies requires a reset of BGP sessions or the TCP connection, for the policies to take effect. Resets cause undue interruption to traffic due to the hard reset of the BGP cache, and the time it takes to reestablish the session. BGP soft-reconfiguration allows for policies to apply to a session without clearing the BGP session.
Configuration on BR BR has BGP configured which forms BGP neighbor adjacency with Core 1. interface Loopback0 ip address 192.168.100.1/24 ! interface ethernet1/1/1 no shutdown no switchport ip address 10.10.9.1 ! router bgp 20 network 192.168.100.0 neighbor 10.10.9.2 remote-as 20 address-family ipv4 unicast Configuration on Core 1 Core 1 has both OSPF and BGP configured. Core 1 has OSPF neighbor adjacency with Core 2 and BGP neighbor adjacency with BR.
ip address 10.10.30.3/24 ip router ospf 10 area 0.0.0.0 no shutdown ! ! router ospf 10 router-id 3.3.3.3 Sample IPv6 configuration The following sample topology has two switches, Core 1 and Core 2, that are connected to each other and share routes using OSPF. A border router BR is connected to Core 1 and shares routes using BGP. Core 1 redistributes the routes that are learned by iBGP to OSPF and shares to other routers. This network uses IPv6 addressing.
! router ospfv3 10 router-id 3.3.3.3 Example - BGP in a VLT topology The following spine-leaf VLT topology runs BGP for Layer 3 communication. Spine 1 configuration 1. Configure a VLAN interface on which the BGP session has to be formed with VLT peers. Spine1(config)# interface vlan101 Spine1(conf-if-vl-101)# ip address 10.0.1.1/29 Spine1(conf-if-vl-101)# mtu 9216 Spine1(conf-if-vl-101)# exit 2. Configure port channel interfaces between Spine and VLT peers. Add it as part of the created VLAN.
Spine1(conf-if-eth1/1/1)# Spine1(conf-if-eth1/1/1)# Spine1(config)# interface Spine1(conf-if-eth1/1/2)# Spine1(conf-if-eth1/1/2)# channel-group 1 mode active exit ethernet1/1/2 channel-group 1 mode active exit 3. Configure eBGP neighbor with VLT peer1 and VLT peer2. Spine1(config)# router bgp 65101 Spine1(config-router-bgp-65101)# router-id 10.1.1.1 Spine1(config-router-bgp-65101)# neighbor 10.0.1.
Leaf1(conf-if-po-3)# mtu 9216 Leaf1(conf-if-po-3)# switchport mode trunk Leaf1(conf-if-po-3)# switchport trunk allowed vlan 301 Leaf1(conf-if-po-3)# vlt-port-channel 3 Leaf1(conf-if-po-3)# exit Leaf1(config)# interface ethernet1/1/6 Leaf1(conf-if-eth1/1/6)# channel-group 3 mode active Leaf1(conf-if-eth1/1/6)# exit 5. Configure the eBGP neighbor with Spine 1 and iBGP neighbor with ToR 1 and ToR 2. Leaf1(config)# router bgp 65201 Leaf1(config-router-bgp-65201)# router-id 10.2.1.
Leaf2(conf-if-eth1/1/1)# channel-group 1 mode active Leaf2(conf-if-eth1/1/1)# exit 4. Configure VLT port-channels with ToR 1 and ToR 2.
3. Configure the host facing VLAN and add host connected interfaces to it. ToR1(config)# interface vlan2001 ToR1(conf-if-vl-2001)# ip address 172.16.1.1/24 ToR1(conf-if-vl-2001)# mtu 9216 ToR1(conf-if-vl-2001)# exit ToR1(config)# interface ethernet1/1/3 ToR1(conf-if-eth1/1/3)# mtu 9216 ToR1(conf-if-eth1/1/3)# switchport mode trunk ToR1(conf-if-eth1/1/3)# switchport trunk allowed vlan 2001 ToR1(conf-if-eth1/1/3)# exit 4. Configure the iBGP neighbor with VLT peers and advertise the host subnet.
ToR2(config-router-neighbor)# no shutdown ToR2(config-router-neighbor)# exit ToR2(config-router-bgp-65201)# neighbor 10.0.2.2 ToR2(config-router-neighbor)# remote-as 65201 ToR2(config-router-neighbor)# no shutdown ToR2(config-router-neighbor)# exit Example - Three-tier CLOS topology with eBGP This section provides a sample three-tier topology with external BGP. Spine 1 configuration 1. Configure an IP address on leaf-facing interfaces.
Spine1(config)# interface Spine1(conf-if-eth1/1/4)# Spine1(conf-if-eth1/1/4)# Spine1(conf-if-eth1/1/4)# Spine1(conf-if-eth1/1/4)# Spine1(conf-if-eth1/1/4)# ethernet1/1/4 description Spine1-Leaf4 no switchport mtu 9216 ip address 10.1.2.2/31 exit 2. Configure BGP neighbors. This example uses passive peering which simplifies neighbor configuration. Spine1(config)# router bgp 65101 Spine1(config-router-bgp-65101)# router-id 10.0.0.
Leaf1(conf-if-eth1/1/2)# Leaf1(conf-if-eth1/1/2)# Leaf1(conf-if-eth1/1/2)# Leaf1(conf-if-eth1/1/2)# Leaf1(conf-if-eth1/1/2)# description Leaf1-Spine2 no switchport mtu 9216 ip address 10.2.1.1/31 exit 2. Configure an IP address on ToR facing interfaces. Leaf1(config)# interface Leaf1(conf-if-eth1/1/1)# Leaf1(conf-if-eth1/1/1)# Leaf1(conf-if-eth1/1/1)# Leaf1(conf-if-eth1/1/1)# Leaf1(conf-if-eth1/1/1)# ethernet1/1/3 description Leaf1-ToR1 no switchport mtu 9216 ip address 10.3.1.0/31 exit 3.
Leaf2(config-router-neighbor)# no shutdown Leaf2(config-router-neighbor)# exit Leaf 3 configuration 1. Configure an IP address on spine-facing interfaces.
3. Configure BGP neighbors. Leaf4(config)# router bgp 65202 Leaf4(config-router-bgp-65202)# router-id 10.0.1.4 Leaf4(config-router-bgp-65202)# neighbor 10.1.2.2 Leaf4(config-router-neighbor)# remote-as 65101 Leaf4(config-router-neighbor)# no shutdown Leaf4(config-router-neighbor)# exit Leaf4(config-router-bgp-65202)# neighbor 10.2.2.2 Leaf4(config-router-neighbor)# remote-as 65101 Leaf4(config-router-neighbor)# no shutdown Leaf4(config-router-neighbor)# exit Leaf4(config-router-bgp-65202)# neighbor 10.6.1.
ToR2(conf-if-eth1/1/1)# ToR2(config)# interface ToR2(conf-if-eth1/1/2)# ToR2(conf-if-eth1/1/2)# ToR2(conf-if-eth1/1/2)# ToR2(conf-if-eth1/1/2)# ToR2(conf-if-eth1/1/2)# exit ethernet1/1/2 description ToR2-Leaf4 no switchport mtu 9216 ip address 10.6.1.1/31 exit 2. Configure a VLAN interface and a VLAN member for end devices. ToR2(config)# interface vlan 2001 ToR2(conf-if-vl-2001)# ip address 172.16.2.
Example Supported Releases OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-bgp-neighbor-af)# activate 10.2.0E or later add-path Allows the system to advertise multiple paths for the same destination without replacing previous paths with new ones. Syntax add-path {both path count | receive | send path count} Parameters ● both path count — Enter the number of paths to advertise to the peer, from 2 to 64. ● receive — Receive multiple paths from the peer.
advertisement-interval Sets the minimum time interval for advertisement between the BGP neighbors or within a BGP peer group. Syntax advertisement-interval seconds Parameters seconds—Enter the time interval value in seconds between BGP advertisements, from 1 to 600. Default EBGP 30 seconds, IBGP 5 seconds Command Mode ROUTER-NEIGHBOR Usage Information The time interval applies to all peer group members of the template in ROUTER-TEMPLATE mode.
not add the as-set parameter to the aggregate because the aggregate flaps to track changes in the AS_PATH. The no version of this command disables the aggregate-address configuration. Example Supported Releases OS10(conf-router-bgpv4-af)# aggregate-address 6.1.0.0/16 summary-only 10.3.0E or later allowas-in Configures the number of times the local AS number can appear in the BGP AS_PATH path attribute before the switch rejects the route.
Supported Releases 10.2.0E or later as-notation Changes the AS number notation format and requires four-octet-assupport. Syntax as-format {asdot | asdot+ | asplain} Parameters ● asdot — Specify the AS number notation in asdot format. ● asdot+ — Specify the AS number notation in asdot+ format. ● asplain — Specify the AS number notation in asplain format.
bestpath med Changes the best path MED attributes during MED comparison for path selection. Syntax bestpath med {confed | missing-as-worst} Parameters ● confed — Compare MED among BGP confederation paths. ● missing-as-worst — Treat missing MED as the least preferred path. Default Disabled Command Mode ROUTER-BGP Usage Information Before you apply this command, use the always-compare-med command. The no version of this command resets the MED comparison influence.
Parameters ● vrf vrf-name — (OPTIONAL) Enter vrf then the name of the VRF to clear IPv4 or IPv6 BGP neighbor sessions corresponding to that VRF. ● IPv4–address — Enter an IPv4 address to clear a BGP neighbor configuration. ● IPv6–address — Enter an IPv6 address to clear a BGP neighbor configuration. ● * — Clears all BGP sessions. ● soft — Configures and activates policies without resetting the BGP TCP session. Default Not configured Command Mode EXEC Usage Information None.
Supported Releases 10.3.0E or later clear ip bgp flap-statistics Clears all or specific IPv4 or IPv6 flap counts of prefixes. Syntax clear ip bgp [vrf vrf-name] [ipv4–address | ipv6–address] flap-statistics [ipv4–prefix | ipv6–prefix] Parameters ● vrf vrf-name — (OPTIONAL) Enter vrf then the name of the VRF to clear flap statistics information. ● ipv4–address — (Optional) Enter an IPv4 address to clear the flap counts of the prefixes learned from the given peer.
confederation Configures an identifier for a BGP confederation. Syntax confederation {identifier as-num | peers as-number} Parameters ● identifier as-num —Enter an AS number, from 0 to 65535 for 2 bytes, 1 to 4294967295 for 4 bytes, or 0.1 to 65535.65535 for dotted format. ● peers as-number—Enter an AS number for peers in the BGP confederation, from 1 to 4294967295.
cluster-id Assigns a cluster ID to a BGP cluster with multiple route reflectors. Syntax cluster-id {number | ip-address} Parameters ● number—Enter a route reflector cluster ID as a 32-bit number, from 1 to 4294967295. ● ip-address—Enter an IP address as the route-reflector cluster ID. Default Router ID Command Mode ROUTER-BGP Usage Information If a cluster contains only one route reflector, the cluster ID is the route reflector’s router ID.
Supported Releases 10.3.0E or later debug ip bgp Enables Border Gateway Protocol (BGP) debugging and displays messages related to processing of BGP. Syntax debug ip bgp Parameters None Defaults None Command Modes EXEC Usage Information Example Supported Releases The debug ip bgp command does not display the logs on the console. they are saved in the journal log. The no debug ip bgp command stops displaying messages related to processing of BGP. OS10# debug ip bgp OS10 legacy command.
Usage Information Example (IPv4) Example (IPv6) Supported Releases Assigns a metric for locally-originated routes such as redistributed routes. After you redistribute routes in BGP, use this command to reset the metric value — the new metric does not immediately take effect. The new metric takes effect only after you disable and re-enable route redistribution for a specified protocol.
the more reliable the route is. Routes that are assigned an administrative distance of 255 are not installed in the routing table. Routes from confederations are treated as iBGP routes.
Parameters number — Enter a number to assign to routes as the degree of preference for those routes. When routes compare, the route with the higher degree of preference or the local preference value is most preferred, from 1 to 4294967295. Default 100 Command Mode ROUTER-BGP Usage Information All routers apply this command setting within the AS. The no version of this command deletes local preference value. Example Supported Releases OS10(conf-router-bgp-1)# default local-preference 200 10.3.
Supported Releases 10.3.0E or later fall-over Enables or disables BGP session fast fall-over for BGP neighbors. Syntax fall-over Parameters None Default Disabled Command Mode ROUTER-NEIGHBOR Usage Information Configure the BGP fast fall-over on a per-neighbor or peer-group basis. When you enable this command on a template, it simultaneously enables on all peers that inherit the peer group template.
● receiver-only — Local router supports graceful restart as a receiver only Defaults Disabled Command Mode ROUTER BGP Usage Information When you enable graceful restart on a node, its BGP neighbor acts as a helper by not dropping the sessions and maintaining the route information so that the traffic is not disturbed. The no version of this command disables graceful-restart helper mode.
local-as Configures a local AS number for a peer. Syntax local-as as-number [no-prepend] Parameters ● as-number—Enter the local AS number, from 1 to 4294967295. ● no-prepend—(Optional) Enter so that local AS values are not prepended to the AS_PATH attribute. Default Disabled Command Mode ROUTER-NEIGHBOR or ROUTER-TEMPLATE Usage Information Facilitates the BGP network migration operation and allows you to maintain existing AS numbers. The no version of this command resets the value to the default.
Parameters ● ebgp—Enable multipath support for external BGP routes. ● ibgp—Enable multipath support for internal BGP routes. ● number—Enter the number of parallel paths, from 1 to 64. Default 64 paths Command Mode ROUTER-BGP Usage Information Dell EMC recommends not using multipath and add path simultaneously in a route reflector. To recompute the best path, use the clear ip bgp * command.
Default Not configured Command Mode CONFIG-ROUTER-BGP Usage Information Create a remote peer with the BGP neighbor. Always enter the IP address of a BGP peer with this command. NOTE: To configure these settings for a nondefault VRF instance, you must first enter the ROUTERCONFIG-VRF sub mode using the following commands: 1. Enter the ROUTER BGP mode using the router bgp as-number command. 2. From the ROUTER BGP mode, enter the ROUTER BGP VRF mode using the vrf vrf-name command.
non-deterministic-med Compares paths in the order they arrive. Syntax non-deterministic-med Parameters None Default Disabled Command Mode ROUTER-BGP Usage Information Paths compare in the order they arrive. OS10 uses this method to choose different best paths from a set of paths, depending on the order they are received from the neighbors. MED may or may not be compared between adjacent paths.
password Configures a password for message digest 5 (MD5) authentication on the TCP connection between two neighbors. Syntax password {9 encrypted password-string| password-string} Parameters ● 9 encrypted password-string—Enter 9 then the encrypted password. ● password-string—Enter a password for authentication. A maximum of 128 characters. Default Disabled Command Mode ROUTER-NEIGHBOR ROUTER-TEMPLATE Usage Information You can enter the password either as plain text or in encrypted format.
Example (OSPF — IPv6) Supported Releases OS10(conf-router-bgp-102)# address-family ipv6 unicast OS10(conf-router-bgpv6-af)# redistribute ospf 1 10.2.0E or later remote-as Adds a remote AS to the specified BGP neighbor or peer group. Syntax remote-as as-number Parameters as-number — Specify AS number ranging from 1 to 65535 for 2 byte or 1 to 4294967295 for 4 byte.
● out— attaches the route-map as the outbound policy Defaults None Command Modes ROUTER-BGP-TEMPLATE-AF Usage Information Example The no version of this command deletes the route-map. OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-bgp-neighbor-af)# route-map bgproutemap in OS10(conf-router-template)# address-family ipv4 unicast OS10(conf-router-bgp-template-af)# route-map bgproutemap in Supported Releases 10.4.1.
router-id Assigns a user-given ID to a BGP router. Syntax router-id ip-address Parameters ip-address — Enter an IP address in dotted decimal format. Default First configured IP address or random number Command Mode ROUTER-BGP Usage Information Change the router ID of a BGP router to reset peer-sessions. The no version of this command resets the value to the default. By default, OS10 sets a loopback IP address as the router ID.
Usage Information Example (IPv4) Example (IPv6) Supported Releases This command helps detect routing loops, based on the AS path before it starts advertising routes. To configure a neighbor to accept routes use the neighbor allowas-in command. The no version of this command disables sender-side loop detection for that neighbor. OS10(conf-router-bgp-102)# neighbor 3.3.3.
Command Mode EXEC Usage Information ● vrf vrf-name — (OPTIONAL) Enter vrf and then the name of the VRF to view routes that are affected by a specific community list corresponding to that VRF. ● Network — Displays the network ID where the route is dampened. ● From — Displays the IP address of the neighbor advertising the dampened route. ● Reuse — Displays the HH:MM:SS until the dampened route is available. ● Path — Lists all AS the dampened route that is passed through to reach the destination network.
show ip bgp ipv4 unicast Displays route information for BGP IPv4 routes. Syntax show ip bgp [vrf vrf-name] ipv4 unicast [summary | neighbors [ip-address] [advertised-routes | dampened-paths | flap-statistics | denied-routes | routes]]] Parameters ● vrf vrf-name — (OPTIONAL) Enter vrf then the name of the VRF to view IPv4 unicast summary information corresponding to that VRF. ● summary — Displays IPv4 unicast summary information. ● neighbors — Displays information about neighbors.
Example OS10# show BGP router Neighbor 80.1.1.2 ip bgp ipv6 unicast summary identifier 80.1.1.1 local AS number 102 AS MsgRcvd MsgSent Up/Down State/Pfx 800 8 4 00:01:10 5 OS10# show ip bgp ipv6 unicast neighbors interface ethernet 1/1/1 advertised-routes BGP local router ID is 40.1.1.
● received-routes—Displays the routes that are received from a neighbor. ● routes—Displays routes learned from a neighbor Default Not configured Command Mode EXEC Usage Information ● BGP neighbor — Displays the BGP neighbor address and its AS number. The last phrase in the line indicates whether the link between the BGP router and its neighbor is an external or internal one. If they are located in the same AS, the link is internal; otherwise the link is external.
For address family: IPv4 Unicast Default originate configured Allow local AS number 4 times in AS-PATH attribute Route map for incoming advertisements is filter_pg_ipv4_routes_in Route map for outgoing advertisements is filter_ipv4_routes_out Prefixes ignored due to: Martian address 0, Our own AS in AS-PATH 0 Invalid Nexthop 0, Invalid AS-PATH length 0 Wellknown community 0, Locally originated 0 Local host: 2.2.2.1, Local port: 179 Foreign host: 2.2.2.
D 55::/64 172:16:1::2 D 55:0:0:1::/64 172:16:1::2 D 55:0:0:2::/64 172:16:1::2 Total number of prefixes: 3 OS10# Example routes Supported Releases 0 0 0 0 0 0 100 200 300 400i 100 200 300 400i 100 200 300 400i OS10# show ip bgp ipv6 unicast neighbors 172:16:1::2 routes BGP local router ID is 100.1.1.
Example (Summary) Supported Releases OS10# show ip bgp peer-group ebgp summary BGP router identifier 32.1.1.1 local AS number 6 Neighbor AS MsgRcvd MsgSent Up/Down State/Pfx 17.1.1.2 7 7 6 00:01:54 5 10.2.0E or later show ip bgp summary Displays the status of all BGP connections. Syntax show ip bgp [vrf vrf-name] summary Parameters vrf vrf-name — (OPTIONAL) Enter vrf then the name of the VRF to view the status of all BGP connections corresponding to that VRF.
Usage Information Example This command displays information about IPv4 BGP routing table entries.
Default Not configured Command Modes ROUTER-BGP-NEIGHBOR-AF Usage Information Example (IPv4) Example (IPv6) Supported Releases This command is not supported on a peer-group level. To enable soft-reconfiguration for peers in a peergroup, you must enable this command at a per-peer level. With soft-reconfiguration inbound, all updates that are received from this neighbor are stored unmodified, regardless of the inbound policy.
Example Supported Releases OS10(conf-router-bgp)# timers 30 90 10.3.0E or later update-source Enables using Loopback interfaces for TCP connections to stabilize BGP sessions. Syntax update—source loopback interface-id Parameters loopback interface-id — Specify a Loopback interface ID, from 0 to 16383.
Usage Information Example Supported Releases The path with the highest weight value is preferred in the best-path selection process. The no version of this command resets the value to the default. OS10(conf-router-bgp-neighbor)# weight 4096 10.3.0E or later Equal cost multi-path ECMP is a routing technique where next-hop packet forwarding to a single destination occurs over multiple best paths. When you enable ECMP, OS10 uses a hash algorithm to determine the next-hop.
IPV6 FIELDS : source-ip destination-ip protocol vlan-id l4-destination-port l4-sourceport MAC FIELDS : source-mac destination-mac ethertype vlan-id TCP-UDP FIELDS: l4-destination-port l4-source-port Resilient hashing To increase bandwidth and for load balancing, traffic distributes across the next hops of an ECMP group or member ports of a port channel. OS10 uses a hash algorithm to determine a hash key.
Examples Normal traffic flow without resilient hashing Traffic flow with resilient hashing enabled When you enable resilient hashing for ECMP groups, the flow-map table is created with 64 paths (the OS10 default maximum number of ECMP paths) and traffic is equally distributed. In the following example, traffic 1 maps to next hop 'A'; traffic 2 maps to next hop 'C'; and traffic 3 maps to next hop 'B.
Member link is added However, when a new member link is added, resilient hashing completes minimal remapping for better load balancing, as shown: Important notes ● Resilient hashing on port channels applies only for unicast traffic. ● For resilient hashing on ECMP groups, the ECMP path must be in multiples of 64. Before you enable resilient hashing, ensure that the maximum ECMP path is set to a multiple of 64. You can configure this value using the ip ecmp-group maximum-paths command.
Maximum ECMP groups and paths The maximum number of ECMP groups supported on the switch depends on the maximum ECMP paths configured on the switch. To view the maximum number of ECMP groups and paths, use the show ip ecmp-group details command. OS10# show ip ecmp-group details Maximum Number of ECMP Groups : 256 Maximum ECMP Path per Group : 64 Next boot configured Maximum ECMP Path per Group : 64 The default value for the maximum number of ECMP paths per group is 64.
● ● ● ● ● ● ● ● ● ● ● ● ● lag—Enables the LAG hash configuration for Layer 2 (L2) only. seed—Changes the hash algorithm seed value to get a better hash value. seed-value—Enter a hash algorithm seed value, from 0 to 4294967295. crc—Enables the cyclic redundancy check (CRC) polynomial for hash computation.
Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command disables the configuration. Example Supported Releases OS10(config)# link-bundle-utilization trigger-threshold 80 10.2.0E or later load-balancing Distributes or load balances incoming traffic using the default parameters in the hash algorithm.
Example (IP Selection) Supported Releases OS10(config)# load-balancing ip-selection destination-ip source-ip 10.2.0E or later show enhanced-hashing resilient-hashing Displays the status of the enhanced-hashing command. Syntax show enhanced-hashing resilient-hashing {lag | ecmp} Parameters lag | ecmp—Enter the keyword to view enhanced-hashing for a port channel or ECMP group.
Command Mode EXEC Usage Information None Example Supported Releases OS10# show ip ecmp-group details Maximum Number of ECMP Groups : 256 Maximum ECMP Path per Group : 64 Next boot configured Maximum ECMP Path per Group : 64 10.4.3.0 or later show load-balance Displays the global traffic load-balance configuration.
1. Enter the interface type information to assign an IP address in CONFIGURATION mode. interface interface ● ethernet—Physical interface ● port-channel—Port-channel ID number ● vlan—VLAN ID number ● loopback—Loopback interface ID ● mgmt—Management interface 2. Enable the interface in INTERFACE mode. no shutdown 3. Remove the interface from the default VLAN in INTERFACE mode. no switchport 4. Configure a primary IP address and mask on the interface in INTERFACE mode.
Configure static routing You can configure a manual or static route for open shortest path first (OSPF). ● Configure a static route in CONFIGURATION mode. ip route ip-prefix/mask {next-hop | interface interface [route-preference]} ○ ○ ○ ○ ○ ip-prefix—IPv4 address in dotted decimal in A.B.C.D format. mask—Mask in slash prefix-length format (/X). next-hop—Next-hop IP address in dotted decimal in A.B.C.D format.
Configure static ARP entries OS10(config)# interface ethernet 1/1/6 OS10(conf-if-eth1/1/6)# ip arp 10.1.1.5 08:00:20:b7:bd:32 View ARP entries OS10# show ip arp interface ethernet 1/1/6 Address Hardware address Interface Egress Interface -------------------------------------------------------------10.1.1.
Default Not configured Command Mode EXEC Usage Information This command does not remove the static routes from the routing table. Example Supported Releases OS10# clear ipv6 route 10.1.1.0/24 10.3.0E or later ip address Configure the IP address to an interface. Syntax ip address ip–address/mask Parameters ip–address/mask — Enter the IP address. Defaults None Command Mode INTERFACE Usage Information The no version of this command removes the IP address set for the interface.
Usage Information Example Supported Releases Do not use Class D (multicast) or Class E (reserved) IP addresses. Zero MAC addresses (00:00:00:00:00:00) are invalid. The no version of this command disables the IP ARP configuration. OS10(conf-if-eth1/1/6)# ip arp 10.1.1.5 08:00:20:b7:bd:32 10.2.0E or later ip arp gratuitous Enables an interface to receive or send gratuitous ARP requests and updates.
Parameters ● vrf vrf-name — (Optional) Enter vrf and then the name of the VRF to configure a static route corresponding to that VRF. Use this VRF option after the ip route keyword to configure a static route on that specific VRF. ● dest-ip-prefix — Enter the destination IP prefix in dotted decimal A.B.C.D format. ● mask — Enter the mask in slash prefix-length /x format. ● next-hop — Enter the next-hop IP address in dotted decimal A.B.C.D format.
------------------------------------------------------3994 0 3994 OS10# show ip arp 192.168.2.2 Address Hardware address Interface Egress Interface -------------------------------------------------------------------192.168.2.2 90:b1:1c:f4:a6:e6 ethernet1/1/49:1 ethernet1/1/49:1 OS10# show ip arp Address Hardware address Interface Egress Interface --------------------------------------------------------------------------192.168.2.2 90:b1:1c:f4:a6:e6 ethernet1/1/49:1 ethernet1/1/49:1 193.168.2.
O B IN 10.1.3.0/24 10.1.4.0/24 via 10.1.3.1 vlan102 via 10.1.4.
Display IPv6 status OS10# show interface ethernet 1/1/20 Ethernet 1/1/20 is up, line protocol is up Hardware is Dell EMC Eth, address is ec:f4:bb:fb:fa:30 Current address is ec:f4:bb:fb:fa:30 Pluggable media present, QSFP+ type is QSFP+ 40GBASE CR 1.0M Wavelength is 850 Receive power reading is 0.0 Interface index is 17305562 Internet address is 20.20.20.
When an OS10 switch boots up, an IPv6 unicast link-local address automatically assigns to an interface using stateless configuration. A link-local address allows IPv6 devices on a local link to communicate without requiring a globally unique address. IPv6 reserves the address block FE80::/10 for link-local unicast addressing. Global addresses To enable stateless autoconfiguration of an IPv6 global address and set the interface to Host mode, use the ipv6 address autoconfig command.
Duplicate address detection An IPv6 host node checks whether that address is used anywhere on the network using this mechanism before configuring its IPv6 address. Prefix renumbering Transparent renumbering of hosts in the network when an organization changes its service provider. IPv6 provides the flexibility to add prefixes on RAs in response to a router solicitation (RS). By default, RA response messages are sent when an RS message is received.
[off-link] [lifetime {valid-lifetime seconds | infinite} {preferred-lifetime seconds | infinite}] ● ipv6-prefix — Enter an IPv6 prefix in x:x::y/mask format to include the prefix in RA mesages. Include prefixes that are not already in the subnets configured on the interface. ● default — Configure the prefix parameters advertised in all subnets configured on the interface. ● no-advertise — (Optional) Do not advertise the specified prefix. By default, all prefixes in configured subnets are advertised.
Disable IPv6 for duplicate link-local address OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ipv6 nd dad disable-ipv6-on-dad-failure Static IPv6 routing To define an explicit route between two IPv6 networking devices, configure a static route on an interface. Static routing is useful for smaller networks with only one path to an outside network, or to provide security for certain traffic types in a larger network.
View IPv6 information To view IPv6 configuration information, use the show ipv6 route command. To view IPv6 address information, use the show address ipv6 command.
Supported Releases 10.4.1.0 or later or later clear ipv6 route Clears routes from the IPv6 routing table. Syntax clear ipv6 route [vrf vrf-name] {* | A::B/mask} Parameters ● vrf vrf-name — (Optional) Enter vrf then the name of the VRF to clear the IPv6 routes corresponding to that VRF. ● *— Clears all routes and refreshes the IPv6 routing table. Traffic flow for all the routes in the switch is affected. ● A::B/mask — Removes the IPv6 route and refreshes the IPv6 routing table.
Parameters None Defaults Disabled except on the management interface Command Mode INTERFACE Usage Information ● This command sets an interface in Host mode to perform IPv6 stateless auto-configuration by discovering prefixes on local links, and adding an EUI-64 based interface identifier to generate each IPv6 address. The command disables IPv6 forwarding. Addresses are configured depending on the prefixes received in RA messages.
Supported Releases 10.3.0E or later ipv6 address eui-64 Configures a global IPv6 address on an interface by entering only the network prefix and length. Syntax ipv6 address ipv6-prefix/prefix-length eui-64 Parameters ipv6-prefix — Enter an IPv6 prefix in x:x::y/mask format. Defaults None Command Mode INTERFACE Usage Information Use this command to manually configure an IPv6 address in addition to the link-local address generated with stateless autoconfiguration.
Usage Information Example: Disable hop-byhop option processing Supported Releases ● Use this command to enable local processing of IPv6 packets with hop-by-hop options in conformance with the RFC 8200, IPv6 Specification. ● The no version of this command disables IPv6 processing of hop-by-hop header options. OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# no ipv6 hop-by-hop 10.4.0E(R1) or later ipv6 nd dad Disables or re-enables IPv6 duplicate address discovery (DAD).
Supported Releases 10.4.0E(R1) or later ipv6 nd managed-config-flag Sends RA messages that tell hosts to use stateful address autoconfiguration, such as DHCPv6, to obtain IPv6 addresses. Syntax ipv6 nd managed-config-flag Parameters None Defaults Not configured Command Mode INTERFACE Usage Information The no version of this command disables the managed-config-flag option in RA messages.
Supported Releases 10.4.0E(R1) or later ipv6 nd other-config-flag Sends RA messages that tell hosts to use stateful autoconfiguration to obtain nonaddress-related information. Syntax ipv6 nd other-config-flag Parameters None Defaults Not configured Command Mode INTERFACE Usage Information The no version of this command disables the other-config-flag option in RA messages. Example Supported Releases OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# ipv6 nd other-config-flag 10.4.
● If you configure a prefix with valid or preferred lifetime values, the ipv6 nd prefix default no autoconfig command does not apply the default prefix values. ● On-link determination is used to forward IPv6 packets to a destination IPv6 address.
Supported Releases 10.4.0E(R1) or later ipv6 nd retrans-timer Sets the time between retransmitting neighbor solicitation messages. Syntax ipv6 nd retrans-timer seconds Parameters ● retrans-timer seconds — Enter the retransmission time interval in milliseconds, from 100 to 4292967295. Defaults Not configured Command Mode INTERFACE Usage Information The no version of this command disables the configured retransmission timer.
● route-preference — (Optional) Enter a route-preference range, from 1 to 255. Default Not configured Command Mode CONFIGURATION Usage Information When the interface fails, the system withdraws the route. The route reinstalls when the interface comes back up. When a recursive resolution breaks, the system withdraws the route. The route reinstalls when the recursive resolution is satisfied.
Defaults None. Command Mode EXEC Usage Information The no version of this command resets the value to the default. Example Supported Releases OS10# show ipv6 neighbors IPv6 Address Hardware Address State Interface VLAN ----------------------------------------------------------------1001:db8:a1::2 00:c5:05:02:12:91 REACH ethernet1/1/5 12 1001:db8:a1::f 00:f5:50:02:54:75 REACH port-channel5 12 200::2 00:c5:05:02:12:91 STALE ethernet1/1/10 400::f 00:f5:50:02:54:75 REACH port-channel20 10.4.1.
-----------------------------------------------------------------C 2001:db86::/32 via 2001:db86:fff::1 ethernet1/1/1 0/0 00:03:24 Example (Summary) Supported Releases OS10# show ipv6 route summary Route Source Active Routes Ospf 0 Bgp 0 Connected 0 Static 0 Ospf Inter-area 0 NSSA External-1 0 NSSA External-2 0 Ospf External-1 0 Ospf External-2 0 Bgp Internal 0 Bgp External 0 Ospf Intra-area 0 Total 0 Non-Active Routes 0 0 0 0 0 0 0 0 0 0 0 0 0 10.2.
Autonomous system areas OSPF operates in a hierarchy. The largest entity within the hierarchy is the autonomous system (AS). The AS is a collection of networks under a common administration that share a common routing strategy. OSPF is an intra-AS, Interior Gateway Routing Protocol (IGRP) that receives routes from and sends routes to other AS. You can divide an AS into several areas, which are groups of contiguous networks and attached hosts administratively grouped.
Router types Router types are attributes of the OSPF process—multiple OSPF processes may run on the same router. A router connected to more than one area, receiving routing from a BGP process connected to another AS, acts as both an area border router and an autonomous system border router. Each router has a unique ID, written in decimal A.B.C.D format. You do not have to associate the router ID with a valid IP address.
Designated router Maintains a complete topology table of the network and sends updates to the other routers via multicast. All routers in an area form a slave/master relationship with the DR. Every time a router sends an update, the router sends it to the DR and BDR. The DR sends the update to all other routers in the area. Backup designated router Router that takes over if the DR fails. Each router exchanges information with the DR and BDR. The DR and BDR relay information to other routers.
4 Virtual link neighboring router ID Router priority Router priority determines the designated router for the network. The default router priority is 1. When two routers attach to a network, both attempt to become the DR. The router with the higher router priority takes precedence. If there is a tie, the router with the higher router ID takes precedence. A router with a router priority set to zero cannot become the DR or BDR.
● max-wait — Configure the maximum amount of hold time that can delay an SPF calculation, from 1 to 600000 milliseconds; default 10000. Enable SPF throttling (OSPFv2) OS10(config)# router ospf 100 OS10(config-router-ospf-100)# timers spf 1200 2300 3400 Enable SPF throttling (OSPFv3) OS10(config)# router ospfv3 10 OS10(config-router-ospf-10)# timers spf 2000 3000 4000 View OSPFv2 SPF throttling OS10(config-router-ospf-100)# do show ip ospf Routing Process ospf 100 with ID 12.1.1.
3. Enable the interface in INTERFACE mode. no shutdown 4. Disable the default switchport configuration and remove it from an interface or a LAG port in INTERFACE mode. no switchport 5. Assign an IP address to the interface in INTERFACE mode. ip address ip-address/mask 6. Enable OSPFv2 on an interface in INTERFACE mode. ip ospf process-id area area-id ● process-id—Enter the OSPFv2 process ID for a specific OSPF process, from 1 to 65535. ● area-id—Enter the OSPFv2 area ID as an IP address (A.B.C.
7. Assign an IP address to the interface. ip address ip-address/mask 8. Enable OSPFv2 on the interface. ip ospf process-id area area-id ● process-id—Enter the OSPFv2 process ID for a specific OSPF process, from 1 to 65535. ● area-id—Enter the OSPFv2 area ID as an IP address (A.B.C.D) or number, from 1 to 65535.
Stub areas Type 5 LSAs are not flooded into stub areas. The ABR advertises a default route into the stub area where it is attached. Stub area routers use the default route to reach external destinations. 1. Enable OSPF routing and enter ROUTER-OSPF mode, from 1 to 65535. router ospf instance number 2. Configure an area as a stub area in ROUTER-OSPF mode. area area-id stub [no-summary] ● area-id—Enter the OSPF area ID as an IP address in A.B.C.D format or number, from 1 to 65535.
View passive interfaces OS10# show running-configuration !!! !! interface ethernet1/1/6 ip address 10.10.10.1/24 no switchport no shutdown ip ospf 100 area 0.0.0.0 ip ospf passive !! ! You can disable a passive interface using the no ip ospf passive command. Fast convergence Fast convergence sets the minimum origination and arrival LSA parameters to zero (0), allowing rapid route calculation. A higher convergence level can result in occasional loss of OSPF adjacency.
Disable fast convergence OS10(conf-router-ospf-65535)# no fast-converge Interface parameters To avoid routing errors, interface parameter values must be consistent across all interfaces. For example, set the same time interval for the hello packets on all routers in the OSPF network to prevent misconfiguration of OSPF neighbors. 1. To change the OSPFv2 parameters in CONFIGURATION mode, enter the interface. interface interface-name 2.
Redistribute routes Add routes from other routing instances or protocols to the OSPFv2 process and include BGP, static, or connected routes in the OSPFv2 process. Do not route IBGP routes to OSPFv2 unless there are route-maps associated with the OSPFv2 redistribution.
View summary address OS10(config-router-ospf-100)# show configuration ! router ospf 100 summary-address 10.0.0.0/8 not-advertise Graceful restart When a networking device restarts, the adjacent neighbors and peers detect the condition. During a graceful restart, the restarting device and neighbors continue to forward the packets without interrupting network performance. The neighbors that help in the restart process are called helper routers.
ip ospf 100 area 0.0.0.0 ip ospf message-digest-key 2 md5 sample12345 Troubleshoot OSPFv2 You can troubleshoot OSPFv2 operations, and check questions for typical issues that interrupt a process.
OSPFv2 commands area default-cost Sets the metric for the summary default route generated by the ABR and sends it to the stub area. Syntax area area-id default-cost cost Parameters ● area-id — Enter the OSPF area in dotted decimal A.B.C.D format or enter a number, from 0 to 65535. ● cost — Enter a cost for the stub area’s advertised external route metric, from 0 to 65535. Default Cost is 1 Command Mode ROUTER-OSPF Usage Information The cost is also referred as reference-bandwidth or bandwidth.
Usage Information Example Supported Releases The no version of this command disables the route summarizations. OS10(conf-router-ospf-10)# area 0 range 10.1.1.4/8 no-advertise 10.2.0E or later area stub Defines an area as the OSPF stub area. Syntax area area-id stub [no-summary] Parameters ● area-id—Set the OSPF area ID as an IP address in A.B.C.D format or number, from 1 to 65535. ● no-summary—(Optional) Prevents an ABR from sending summary LAs into the stub area.
Command Mode EXEC Usage Information This command clears all entries in the OSPF routing table. Example Supported Releases OS10# clear ip ospf 3 vrf vrf-test process 10.2.0E or later clear ip ospf statistics Clears OSPF traffic statistics. Syntax clear ip ospf [instance-number] [vrf vrf-name] statistics Parameters ● instance-number — (Optional) Enter an OSPF instance number, from 1 to 65535.
Usage Information Example Supported Releases The no version of this command disables the distribution of default route. OS10(config)# router ospf 10 OS10(config-router-ospf-10)# default-information originate always 10.3.0E or later default-metric Assigns a metric value to redistributed routes for the OSPF process. Syntax default-metric number Parameters number — Enter a default-metric value, from 1 to 16777214.
Usage Information Example Supported Releases The no version of this command disables Helper mode. OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# graceful-restart role helper-only 10.3.0E or later ip ospf area Attaches an interface to an OSPF area. Syntax ip ospf process-id area area-id Parameters ● process-id — Set an OSPF process ID for a specific OSPF process, from 1 to 65535. ● area area-id — Enter the OSPF area ID in dotted decimal A.B.C.
Usage Information Example Supported Releases if not configured, interface cost is based on the auto-cost command. This command configures OSPF over multiple vendors to ensure that all routers use the same cost. If you manually configure the cost, the calculated cost based on the reference bandwidth does not apply to the interface. The no version of this command removes the IP OSPF cost configuration. OS10(config)# interface vlan 10 OS10(conf-if-vl-1)# ip ospf cost 10 10.2.
Defaults Not configured Command Mode INTERFACE Usage Information All neighboring routers in the same network must use the same key value to exchange OSPF information. The no version of this command deletes the authentication key. Example Supported Releases OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ip ospf message-digest-key 2 md5 sample12345 10.3.
ip ospf passive Configures an interface as a passive interface and suppresses both receiving and sending routing updates to the passive interface. Syntax ip ospf passive Parameters None Default Not configured Command Mode INTERFACE Usage Information You must configure the interface before setting the interface to Passive mode. The no version of the this command disables the passive interface configuration.
ip ospf transmit-delay Sets the estimated time required to send a link state update packet on the interface. Syntax ip ospf transmit-delay seconds Parameters seconds — Set the time in seconds required to send a link-state update, from 1 to 3600. Default 1 second Command Mode INTERFACE Usage Information When you set the ip ospf transmit-delay value, take into account the transmission and propagation delays for the interface. The no version of this command resets the value to the default.
maximum-paths Enables forwarding of packets over multiple paths. Syntax maximum—paths number Parameters number —Enter the number of paths for OSPF, from 1 to 128. Default 64 Command Mode ROUTER-OSPF Usage Information The no version of this command resets the value to the default. Example Supported Releases OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# maximum-paths 1 10.2.
Example Supported Releases OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# router-id 10.10.1.5 10.2.0E or later router ospf Enters Router OSPF mode and configures an OSPF instance. Syntax router ospf instance-number [vrf vrf-name] Parameters ● instance-number—Enter a router OSPF instance number, from 1 to 65535. ● vrf vrf-name — Enter the keyword vrf followed by the name of the VRF to configure an OSPF instance in that VRF.
show ip ospf asbr Displays all the ASBR visible to OSPF. Syntax show ip ospf [process-id] [vrf vrf-name] asbr Parameters ● process-id—(Optional) Displays information based on the process ID. ● vrf vrf-name — (Optional) Displays the ASBR router visible to the OSPF process configured in the specified VRF. Default Not configured Command Mode EXEC Usage Information You can isolate problems with external routes.
Link ID 110.1.1.2 111.1.1.1 111.2.1.1 112.1.1.1 112.2.1.1 ADV Router 112.2.1.1 111.2.1.1 111.2.1.1 112.2.1.1 112.2.1.1 Age 1287 1458 1458 1372 1372 Seq# 0x80000008 0x80000008 0x80000008 0x80000008 0x80000008 Checksum 0xd2b1 0x1b8f 0x198f 0x287c 0x267c Summary Network (Area 0.0.0.0) Supported Releases 10.2.0E or later show ip ospf database asbr-summary Displays information about AS boundary LSAs.
show ip ospf database external Displays information about the AS external Type 5 LSAs. Syntax show ip ospf [process-id] [vrf vrf-name] database external Parameters ● process-id—(Optional) Displays AS external Type 5 LSA information for a specified OSPF process ID. If you do not enter a process ID, this command applies only to the first OSPF process. ● vrf vrf-name — (Optional) Displays AS external (Type 5) LSA information for a specified OSPF Process ID corresponding to a VRF.
Usage Information ● ● ● ● ● ● ● ● ● ● ● Example LS Age—Displays the LS age. Options—Displays optional capabilities. LS Type—Displays the LS type. Link State ID—Identifies the router ID. Advertising Router—Identifies the advertising router’s ID. LS Seq Number—Identifies the LS sequence number. This identifies old or duplicate LSAs. Checksum—Displays the Fletcher checksum of an LSA’s complete contents. Length—Displays the LSA length in bytes.
Example OS10# show ip ospf database nssa external OSPF Router with ID (2.2.2.2) (Process ID 100) NSSA External (Area 0.0.0.1) LS age: 98 Options: (No TOS-Capability, No DC, No Type 7/5 translation) LS type: NSSA External Link State ID: 0.0.0.0 Advertising Router: 1.1.1.1 LS Seq Number: 0x80000001 Checksum: 0x430C Length: 36 Network Mask: /0 Metric Type: 1 TOS: 0 Metric: 16777215 Forward Address: 0.0.0.
LS Seq Number: 0x80000001 Checksum: 0xA303 Length: 36 Network Mask: /24 Metric Type: 2 TOS: 0 Metric: 20 Forward Address: 0.0.0.0 External Route Tag: 0 Supported Releases 10.2.0E or later show ip ospf database opaque-area Displays information about the opaque-area Type 10 LSA. Syntax show ip ospf [process-id] [vrf vrf-name] database opaque-area Parameters ● process-id — (Optional) Displays the opaque-area Type 10 information for an OSPF process ID.
show ip ospf database opaque-as Displays information about the opaque-as Type 11 LSAs. Syntax show ip ospf [process-id] opaque—as Parameters process-id — (Optional) Displays opaque-as Type 11 LSA information for a specified OSPF process ID. If you do not enter a process ID, this command applies only to the first OSPF process. Default Not configured Command Mode EXEC Usage Information ● ● ● ● ● ● ● ● ● ● Example LS Age — Displays the LS age.
● ● ● ● ● Example LS Seq Number — Identifies the LS sequence number. This identifies old or duplicate LSAs. Checksum — Displays the Fletcher checksum of an LSA’s complete contents. Length — Displays the LSA length in bytes. Opaque Type — Identifies the Opaque type field, the first 8 bits of the LS ID. Opaque ID — Identifies the Opaque type-specific ID, the remaining 24 bits of the LS ID. OS10# show ip ospf 100 database opaque-link OSPF Router with ID (1.1.1.
LS Seq Number: 0x8000000d Checksum: 0x9bf2 Length: 60 AS Boundary Router Number of Links: 3 Link connected to: a Transit Network (Link ID) Designated Router address: 110.1.1.2 (Link Data) Router Interface address: 110.1.1.1 Number of TOS metric: 0 TOS 0 Metric: 1 Link connected to: a Transit Network (Link ID) Designated Router address: 111.1.1.1 (Link Data) Router Interface address: 111.1.1.
Checksum: 0x4a67 Length: 28 Network Mask: /24 TOS: 0 Metric: 0 Supported Releases 10.2.0E or later show ip ospf interface Displays the configured OSPF interfaces. You must enable OSPF to display output. Syntax show ip ospf interface [process-id] [vrf vrf-name] interface or show ip ospf [process-id] [vrf vrf-name] interface [interface] Parameters ● process-id — (Optional) Displays information for an OSPF process ID. If you do not enter a process ID, this command applies only to the first OSPF process.
111.1.1.0 111.2.1.0 Supported Releases 1 1 0.0.0.0 0.0.0.0 vlan3051 vlan3053 0.0.0.0 0.0.0.0 intra-area intra-area 10.2.0E or later show ip ospf statistics Displays OSPF traffic statistics. Syntax ● show ip ospf [instance-number] [vrf vrf-name] statistics [interface interface] Parameters ● instance-number — (Optional) Enter an OSPF instance number, from 1 to 65535.
show ip ospf topology Displays routers that directly connect to OSPF areas. Syntax show ip ospf [process-id] [vrf vrf-name] topology Parameters ● process-id — (Optional) Displays OSPF process information. If you do not enter a process ID, this applies only to the first OSPF process. ● vrf vrf-name — (Optional) Displays the routers in the directly connected OSPF areas in the configured VRF.
Command Mode ROUTER-OSPF Usage Information Setting the LSA arrival time between receiving the LSA repeatedly ensures that the system gets enough time to accept the LSA. The no version of this command resets the value to the default. Example Supported Releases OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# timers lsa arrival 2000 10.2.0E or later timers spf Enables shortest path first (SPF) throttling to delay an SPF calculation when a topology change occurs.
timers throttle lsa all Configures the LSA transmit intervals. Syntax timers lsa all [start-interval | hold-interval | max-interval] Parameters ● start-interval — Sets the minimum interval between initial sending and re-sending the same LSA in milliseconds, from 0 to 600,000. ● hold-interval — Sets the next interval to send the same LSA in milliseconds. This is the time between sending the same LSA after the start-interval is attempted, from 1 to 600,000.
Enable OSPFv3 OS10(config)# router ospfv3 100 OS10(config-router-ospfv3-100)# exit OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# no shutdown OS10(conf-if-eth1/1/1)# no switchport OS10(conf-if-eth1/1/1)# ipv6 ospfv3 300 area 0.0.0.0 Enable OSPFv3 in a non-default VRF instance 1. Create the non-default VRF instance in which you want to enable OSPFv3: ip vrf vrf-name CONFIGURATION Mode 2.
Assign Router ID You can assign a router ID for the OSPFv3 process. Configure an arbitrary value in the IP address format for each router. Each router ID must be unique. Use the fixed router ID for the active OSPFv3 router process. Changing the router ID brings down the existing OSPFv3 adjacency. The new router ID becomes effective immediately. ● Assign the router ID for the OSPFv3 process in ROUTER-OSPFv3 mode.
ADV Router Age Seq# Fragment ID Link count Bits ------------------------------------------------------------------199.205.134.103 32 0x80000002 0 1 202.254.156.15 33 0x80000002 0 1 B Net Link States (Area 0.0.0.2) ADV Router Age Seq# Link ID Rtr count ---------------------------------------------------------202.254.156.15 38 0x80000001 12 2 Inter Area Prefix Link States (Area 0.0.0.2) ADV Router Age Seq# Prefix ----------------------------------------------------------------202.254.156.
Interface OSPFv3 Parameters To avoid routing errors, interface parameter values must be consistent across all interfaces. For example, set the same time interval for the hello packets on all routers in the OSPF network to prevent misconfiguration of OSPF neighbors. 1. Enter the interface to change the OSPFv3 parameters in CONFIGURATION mode. interface interface-name 2. Change the cost associated with OSPFv3 traffic on the interface in INTERFACE mode, from 1 to 65535.
Configure default route OS10(config)# router ospfv3 100 OS10(config-router-ospf-100)# default-information originate always View default route configuration OS10(config-router-ospf-100)# show configuration ! router ospfv3 100 default-information originate always OSPFv3 IPsec authentication and encryption Unlike OSPFv2, OSPFv3 does not have authentication fields in its protocol header to provide security.
To delete an IPsec authentication policy, use the no ipv6 ospf authentication ipsec spi number or no ipv6 ospf authentication null command.
○ ○ ○ ○ ipsec spi number — Enter a unique security policy index (SPI) value, from 256 to 4294967295. md5 — Enable message digest 5 (MD5) authentication. sha1 — Enable secure hash algorithm 1 (SHA1) authentication. key — Enter the text string used in the authentication type. All OSPFv3 routers in the area share the key to exchange information. Only a non-encrypted key is supported. For MD5 authentication, the non-encrypted key must be 32 plain hex digits.
● ● ● ● ● ● Are adjacencies established correctly? Are the interfaces configured for L3 correctly? Is the router in the correct area type? Are the OSPF routes included in the OSPF database? Are the OSPF routes included in the routing table in addition to the OSPF database? Are you able to ping the link-local IPv6 address of adjacent router interface? Troubleshooting OSPFv3 with show Commands ● View a summary of all OSPF process IDs enabled in EXEC mode.
Supported Releases 10.4.0E(R1) or later area encryption Configures encryption for an OSPFv3 area. Syntax area area-id encryption ipsec spi number esp encryption-type key authentication-type key Parameters ● area area-id — Enter an area ID as a number or IPv6 prefix. ● ipsec spi number — Enter a unique security policy index number, from 256 to 4294967295. ● esp encryption-type — Enter the encryption algorithm used with ESP (3DES, DES, AES-CBC, or NULL).
Supported Releases 10.3.0E or later auto-cost reference-bandwidth Calculates default metrics for the interface based on the configured auto-cost reference bandwidth value. Syntax auto-cost reference-bandwidth value Parameters value — Enter the reference bandwidth value to calculate the OSPFv3 interface cost in megabits per second, from 1 to 4294967.
Example Supported Releases OS10# clear ipv6 ospf 100 statistics 10.4.0E(R1) or later debug ip ospfv3 Enables Open Shortest Path First version 3(OSPFv3) debugging and displays messages related to processing of OSPFv3. Syntax debug ip ospfv3 Parameters None Defaults None Command Mode EXEC Usage Information The no debug ip ospfv3 command stops displaying messages related to processing of OSPFv3 Example Supported Releases debug ip ospfv3 OS10 legacy command.
Example OS10(config)# interface vlan 10 OS10(conf-if-vl-10)# ipv6 ospf 10 area 1 Supported Releases 10.3.0E or later ipv6 ospf authentication Configures OSPFv3 authentication on an IPv6 interface. Syntax ipv6 ospf authentication {null | ipsec spi number {MD5 | SHA1} key} Parameters ● ● ● ● ● Default IPv6 OSPF authentication is not configured on an interface.
ipv6 ospf dead-interval Sets the time interval since the last hello-packet was received from a router. After the interval elapses, the neighboring routers declare the router dead. Syntax ipv6 ospf dead-interval seconds Parameters seconds — Enter the dead interval value in seconds, from 1 to 65535. Default 40 seconds Command Mode INTERFACE Usage Information The dead interval is four times the default hello-interval by default. The no version of this command resets the value to the default.
ipv6 ospf hello-interval Sets the time interval between hello packets sent on an interface. Syntax ipv6 ospf hello-interval seconds Parameters seconds — Enter the hello-interval value in seconds, from 1 to 65535. Default 10 seconds Command Mode INTERFACE Usage Information All routers in a network must have the same hello time interval between the hello packets. The no version of the this command resets the value to the default.
Example Supported Releases OS10(config)# interface ethernet 1/1/6 OS10(conf-if-eth1/1/6)# ipv6 ospf passive 10.3.0E or later ipv6 ospf priority Sets the priority of the interface to determine the DR for the OSPFv3 network. Syntax ipv6 ospf priority number Parameters number — Enter a router priority number, from 0 to 255. Default 1 Command Mode INTERFACE Usage Information When two routers attached to a network attempt to become the DR, the one with the higher router priority takes precedence.
Example Supported Releases OS10(config)# router ospfv3 OS10(config-router-ospfv3-100)# maximum-paths 1 10.3.0E or later redistribute Redistributes information from another routing protocol or routing instance to the OSPFv3 process. Syntax redistribute {bgp as-number | connected | static} [route-map route-map name] Parameters ● as-number — Enter an autonomous number to redistribute BGP routing information throughout the OSPFv3 instance, from 1 to 4294967295.
router ospfv3 Enters Router OSPFv3 mode and configures an OSPFv3 instance. Syntax router ospfv3 instance-number [vrf vrf-name] Parameters ● instance-number—Enter a router OSPFv3 instance number, from 1 to 65535. ● vrf vrf-name — Enter the keyword vrf followed by the name of the VRF to configure an OSPFv3 instance in that VRF. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes an OSPFv3 instance.
show ipv6 ospf database Displays all LSA information. You must enable OSPFv3 to generate output. Syntax show ipv6 ospf process-id [vrf vrf-name] database Parameters ● process-id — Enter the OSPFv3 process ID to view a specific process. If you do not enter a process ID, the command applies to all the configured OSPFv3 processes. ● vrf vrf-name — Enter the keyword vrf followed by the name of the VRF to display LSA information for that VRF.
○ port-channel — Port-channel interface, from 1 to 128. ○ vlan — VLAN interface, from 1 to 4093. ● vrf vrf-name — (Optional) Enter the keyword vrf followed by the name of the VRF to display the configured OSPFv3 enabled interfaces in that VRF. Default Not configured Command Mode EXEC Example Supported Releases OS10# show ipv6 ospf interface ethernet1/1/1 is up, line protocol is up Link Local Address fe80::20c:29ff:fe0a:d59/64, Interface ID 5 Area 0.0.0.0, Process ID 200, Instance ID 0, Router ID 10.0.
○ port-channel number — Enter the port-channel interface number, from 1 to 128. ○ vlan vlan-id — Enter the VLAN ID number, from 1 to 4093. Default Not configured Command Mode EXEC Usage Information This command displays OSPFv3 traffic statistics for a specified instance or interface, or for all OSPFv3 instances and interfaces.
If you do not specify a start-time, hold-time, or max-wait value, the default values are used. The no version of this command removes the configured SPF timers and disables SPF throttling in an OSPF instance. Example OS10(config)# router ospfv3 100 OS10(config-router-ospfv3-100)# timers spf 1345 2324 9234 OS10(config-router-ospfv3-100)# do show ipv6 ospf Routing Process ospfv3 100 with ID 129.240.244.
Figure 10. Object tracking Interface tracking You can create an object that tracks the line-protocol state of an L2 interface, and monitors its operational up or down status. You can configure up to 500 objects. Each object is assigned a unique ID. When the link-level status goes down, the tracked resource status is also considered Down. If the link-level status goes up, the tracked resource status is also considered Up.
2. (Optional) Enter interface object tracking on the line-protocol state of an L2 interface in OBJECT TRACKING mode. interface interface line-protocol 3. (Optional) Configure the time delay used before communicating a change to the status of a tracked interface in OBJECT TRACKING mode, from 0 to 80 seconds; default 0. delay [up seconds] [down seconds] 4. (Optional) View the tracked object information in EXEC mode. show track object-id 5. (Optional) View all interface object information in EXEC mode.
OS10 (conf-track-2)# do show track 2 IP Host 1.1.1.
View interface object tracking information OS10# show track interface TrackID Resource Parameter Status LastChange --------------------------------------------------------------------------------1 line-protocol ethernet1/1/1 DOWN 2017-02-03T08:41:25Z1 OS10# show track ip TrackID Resource Parameter Status LastChange --------------------------------------------------------------------------------2 ipv4-reachablity 1.1.1.
● loopback — Enter the Loopback interface identifier. ● mgmt — Enter the Management interface. Defaults Not configured Command Mode CONFIGURATION Usage Information None Example Supported Releases OS10(conf-track-100)# interface ethernet line-protocol 10.3.0E or later ip reachability Configures an object to track a specific next-hop host's reachability. Syntax ip host-ip-address reachability Parameters host-ip-address — Enter the IPv4 host address.
Defaults 0 seconds Command Mode CONFIGURATION Usage Information Set the interval to 0 to disable the refresh. Example Supported Releases OS10(conf-track-100)# reachability-refresh 600 10.3.0E or later show track Displays tracked object information. Syntax show track [brief] [object-id] [interface] [ip | ipv6] Parameters ● ● ● ● ● Defaults None Command Mode CONFIGURATION Usage Information None Example (Brief) Supported Releases brief — (Optional) Displays brief tracked object information.
Policy-based routing PBR provides a mechanism to redirect IPv4 and IPv6 data packets based on the policies defined to override the switch’s forwarding decisions based on the routing table. Policy-based route-maps A route-map is an ordered set of rules that controls the redistribution of IP routes into a protocol domain. When you enable PBR on an interface, all IPv4 or IPv6 data packets process based on the policies that you define in the route-maps.
Apply match and set parameters to IPv6 route-map OS10(conf-route-map)# route-map map1 OS10(conf-route-map)# match ipv6 address acl8 OS10(conf-route-map)# set ipv6 next-hop 20::20 Assign route-map to interface You can assign a route-map to an interface for IPv4 or IPv6 policy-based routing to an interface. ● Assign the IPv4 or IPv6 policy-based route-map to an interface in INTERFACE mode.
Policy-based routing per VRF Configure PBR per VRF instance for both IPv4 and IPv6 traffic flows. Policy-based routing (PBR) enables packets with certain match criteria, such as packets from specific source and destination addresses, to be re-directed to a different next-hop. You can also use PBR to re-direct packets arriving on a VRF instance to a next-hop that is reachable through a different VRF instance.
SW1 VLAN configuration ● Create a VLAN and assign an IP address to it which acts as the gateway for the hosts in the VM. OS10# configure terminal OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# no shutdown OS10(conf-if-vl-100)# ip address 10.1.1.1/24 OS10(conf-if-vl-100)# exit ● Create another VLAN, and assign an IP address to it. OS10# configure terminal OS10(config)# interface vlan 200 OS10(conf-if-vl-200)# no shutdown OS10(conf-if-vl-200)# ip address 10.2.1.
3. Specify the management IP address of the VLT peer as a backup link. OS10(conf-vlt-1)# backup destination 10.10.10.2 4. Configure VLT port channels.
VLT configuration 1. Create a VLT domain, and configure VLTi. OS10(config)# interface range ethernet 1/1/4-1/1/5 OS10(conf-range-eth1/1/4-1/1/5)# no switchport OS10(conf-range-eth1/1/4-1/1/5)# exit OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# discovery-interface ethernet 1/1/4-1/1/5 2. Configure a VLT MAC address. OS10(conf-vlt-1)# vlt-mac 12:5e:23:f4:23:54 3. Specify the management IP address of the VLT peer as a backup link. OS10(conf-vlt-1)# backup destination 10.10.10.1 4. Configure VLT port channels.
Using the following PBR configuration, you can re-direct traffic ingresssing to VRF RED to a destination that is reachable through the next-hop IP address 2.2.2.2 in VRF BLUE: 1. Create a route-map. OS10(config)# route-map test 2. Enter the IP address to match the specified access list. OS10(config-route-map)# match ip 4.4.4.4 acl1 3. Set the next-hop address to 2.2.2.2, which is reachable through VRF BLUE. OS10(config-route-map)# OS10(config-route-map)# set ip vrf BLUE next-hop 2.2.2.
ip ip-address reachablility vrf vrf-name OS10(conf-track-200)# OS10(conf-track-200)# ip 1.1.1.1 reachability vrf red OS10(conf-track-200)#exit 3. Configure the route-map. route-map route-map-name OS10(config-route-map)# OS10(config-route-map)# match ip address acl1 4. Set the track ID configured in step 1 to the route-map. set ip vrf vrf-name nexy-hop next-hop-address track-id track-id-number OS10(config-route-map)# set ip vrf red next-hop 1.1.1.1 track-id 200 5.
seq 30 permit tcp 10.99.0.0/16 10.0.0.0/8 eq 21 seq 40 permit icmp 10.99.0.0/16 10.0.0.0/8 ● Create a route-map to block specific traffic from PBR processing. route-map TEST-RM deny 5 match ip address TEST-ACL-DENY ● Create a route-map to permit traffic for PBR processing. route-map TEST-RM permit 10 match ip address TEST-ACL set ip next-hop 10.0.40.235 ● Apply the policy to the previously created interface.
PBR commands clear route-map pbr-statistics Clears all PBR counters. Syntax clear route-map [map-name] pbr-statistics Parameters map-name—Enter the name of a configured route-map. A maximum of 140 characters. Defaults None Command Mode EXEC Usage Information None Example Supported Releases OS10# clear route-map map1 pbr-statistics 10.3.0E or later match address Matches the access-list to the route-map. Syntax match {ip | ipv6} address [name] Parameters name—Enter the name of an access-list.
route-map pbr-statistics Enables counters for PBR statistics. Syntax route-map [map-name] pbr-statistics Parameters map-name—Enter the name of a configured route-map. A maximum of 140 characters. Defaults Not configured Command Mode CONFIGURATION Usage Information None Example Supported Releases OS10(config)# route-map map1 pbr-statistics 10.3.0E or later set next-hop Sets an IPv4 or IPv6 next-hop address for policy-based routing.
Command Mode ROUTE-MAP Usage Information You must configure next-hop IP address tracking and PBR next-hop with the same VRF instance. For next-hop reachability in the same VRF instance, you must configure both PBR per VRF and object tracking. Missing either the next-hop IP address tracking or PBR next-hop configuration in a VRF instance results in an erroneous configuration. However, the system does not display an error message indicating problems in the configuration.
VRRP: ● Provides a virtual default routing platform ● Provides load balancing ● Supports multiple logical IP subnets on a single LAN segment ● Enables simple traffic routing without the single point of failure of a static default route ● Avoids issues with dynamic routing and discovery protocols ● Takes over a failed default router: ○ Within a few seconds ○ With a minimum of VRRP traffic ○ Without any interaction from hosts NOTE: The default behavior of VRRP is active-active.
Router B receives and forwards packets on interface ethernet 1/1/5. Until Router A resumes operation, VRRP allows Router B to provide uninterrupted service to the users on the LAN segment accessing the Internet. When the interface that Router A uses to provide gateway services (ethernet 1/1/7) goes down, Router B does not take over automatically. For Router B to become the master router, you must configure interface tracking.
Set backup switches to VRRPv3 OS10_backup_switch1(config)# vrrp version 3 OS10_backup_switch2(config)# vrrp version 3 Virtual IP addresses Virtual routers contain virtual IP addresses configured for that VRRP group (VRID). A VRRP group does not transmit VRRP packets until you assign the virtual IP address to the VRRP group. To activate a VRRP group on an interface, configure at least one virtual IP address for a VRRP group.
interface ethernet1/1/3 switchport access vlan 1 no shutdown ! interface ethernet1/1/4 switchport access vlan 1 --more-View VRRP information When the VRRP process completes initialization, the State field contains either master or backup. OS10# show vrrp brief Interface Group Priority Preemption State Master-addr Virtual addr(s) ---------------------------------------------------------------------------ethernet1/1/1 IPv4 10 100 true master 10.1.1.8 10.1.1.
INTERFACE VRRP Mode OS10(config)# ip vrf vrf-test OS10(config-vrf)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# no switchport OS10(conf-if-eth1/1/1)# ip vrf forwarding vrf-test OS10(conf-if-eth1/1/1)# ip address 10.1.1.1/24 OS10(conf-if-eth1/1/1)# vrrp-group 10 OS10(conf-eth1/1/1-vrid-10)# virtual-address 10.1.1.8 Before removing an interface from a VRF, delete the configured VRRP groups from the interface associated with the VRF.
2. Configure a simple text password in INTERFACE-VRRP mode. authentication-type simple—text text simple—text text — Enter the keyword and a simple text password. NOTE: The system does not support a simple text password that begins with the ! or # character. Ensure that the password does not begin with either of these characters.
! no preempt Advertisement interval By default, the master router transmits a VRRP advertisement to all members of the VRRP group every one second, indicating it is operational and is the master router. If the VRRP group misses three consecutive advertisements, the election process begins and the backup virtual router with the highest priority transitions to master.
The lowered priority of the VRRP group may trigger an election. As the master/backup VRRP routers are selected based on the VRRP group’s priority, tracking features ensure that the best VRRP router is the master for that group. The priority cost of the tracking group must be less than the configured priority of the VRRP group. If you configure the VRRP group as the owner router with a priority 255, tracking for that group is disabled, regardless of the state of the tracked interfaces.
! ..... ..... interface vlan1 no shutdown ! interface mgmt1/1/1 no shutdown ! support-assist ! track 10 interface ethernet1/1/7 line-protocol To associate a track object with a VRRP group, use the track command inside VRRP GROUP CONFIGURATION mode. VRRP commands advertise-interval Sets the time interval between VRRP advertisements. Syntax advertise-interval [seconds | centisecs centisecs] Parameters ● seconds — Set the advertise interval in seconds, from 1 to 255.
preempt Permits or preempts a backup router with a higher priority value to become the master router. Syntax preempt Parameters None Default Enabled Command Mode INTERFACE-VRRP Usage Information VRRP uses preempt to determine what happens after a VRRP backup router becomes the master. With preempt enabled by default, VRRP switches to a backup if that backup router comes online with a priority higher than the new master router. If you disable preempt, VRRP switches only if the master fails.
Example (Brief) Example (IPv6) Supported Releases OS10 # show vrrp brief Interface Group Priority Preemption State Master-addr Virtual addr(s) --------------------------------------------------------------------ethernet1/1/1 1 200 true master-state 10.1.1.1 10.1.1.
Usage Information Assign an object tracking unique ID number before tracking the interface. Use the line-protocol parameter to track for interface operational status information. The no version of this command resets the value to the default. Example Supported Releases OS10(config)# track 10 OS10(conf-track-10)# interface ethernet 1/1/5 line-protocol 10.2.0E or later virtual-address Configures up to 10 virtual router IP addresses in the VRRP group.
Parameters vrrp-id — Enter a VRRP group identification number, from 1 to 255. Default Not configured Command Mode INTERFACE-VRRP Usage Information The VRRP group only becomes active and sends VRRP packets when you configure a virtual IP address. When you delete the virtual address, the VRRP group stops sending VRRP packets. The no version of this command removes the vrrp-group configuration.
15 Multicast Multicast is a technique that allows networking devices to send data to a group of interested receivers in a single transmission. For instance, this technique is widely used for streaming videos. Multicast allows you to more efficiently use network resources, specifically for bandwidth-consuming services such as audio and video transmission.
Unknown multicast flood control The unknown multicast flood control feature enables the system to forward unknown multicast packets only to a multicast router (mrouter). When you enable multicast snooping, OS10 forwards multicast frames, whose destination is already learned, to their intended recipients. When the system receives multicast frames whose destination is not known, it floods the frames for all ports on the specific VLAN. All hosts that receive these multicast frames must process them.
Enable multicast flood control Multicast flood control is enabled on OS10 by default. If it is disabled, use the following procedure to enable multicast flood control: 1. Configure IGMP snooping. To know how to configure IGMP snooping, see the IGMP snooping section. 2. Configure MLD snooping. To know how to configure MLD snooping, see the MLD Snooping section. 3. Enable the multicast flood control feature.
For multicast flood restrict to be effective on a VLAN, IGMP snooping and MLD snooping must be enabled at both global and VLAN levels. To disable multicast snooping flood control, use the no multicast snooping flood-restrict command. Example Supported Releases OS10(config)# multicast snooping flood-restrict 10.4.3.0 or later Internet Group Management Protocol Internet Group Management Protocol (IGMP) is a communications protocol that establishes multicast group memberships using IPv4 networks.
Supported IGMP versions IGMP has three versions. Version 3 obsoletes and is backwards-compatible with version 2; version 2 obsoletes version 1. OS10 supports the following IGMP versions: ● Router—IGMP versions 2 and 3. The default is version 3. ● Host—IGMP versions 1, 2, and 3. In IGMP version 2, the host expresses interest in a particular group membership (*, G).
IGMP immediate leave reduces leave latency by enabling a router to immediately delete the group membership on an interface after receiving a leave message. Immediate leave does not send group-specific or group-and-source queries before deleting the entry. To configure IGMP immediate leave: OS10# configure terminal OS10# interface vlan14 OS10(conf-if-vl-14)# ip igmp immediate-leave Select an IGMP version OS10 enables IGMP version 3 by default.
To view IGMP groups: OS10# show ip igmp groups Total Number of Groups: 100 IGMP Connected Group Membership Group Address Interface Mode 225.1.1.1 vlan121 IGMPv2-Compat 225.1.1.2 vlan121 IGMPv2-Compat 225.1.1.3 vlan121 IGMPv2-Compat 225.1.1.4 vlan121 IGMPv2-Compat 225.1.1.5 vlan121 IGMPv2-Compat 225.1.1.6 vlan121 IGMPv2-Compat 225.1.1.7 vlan121 IGMPv2-Compat 225.1.1.8 vlan121 IGMPv2-Compat 225.1.1.9 vlan121 IGMPv2-Compat 225.1.1.10 vlan121 IGMPv2-Compat 225.1.1.11 vlan121 IGMPv2-Compat 225.1.1.
● (Optional) Configure the time interval for sending IGMP general queries with the ip igmp snooping query-interval query-interval-time command in VLAN INTERFACE mode. ● (Optional) Configure the maximum time for responding to a query advertised in IGMP queries using the ip igmp snooping query-max-resp-time query-response-time command in VLAN INTERFACE mode.
IGMP commands clear ip igmp groups Clears entries from the group cache table. Syntax clear ip igmp [vrf vrf-name] groups Parameters vrf vrf-name—Enter the keyword vrf, then the name of the VRF. Default None Command Mode EXEC Usage Information None Example Supported Releases OS10# clear ip igmp groups 10.4.3.0 or later ip igmp immediate-leave Enables IGMP immediate leave.
Example Supported Releases OS10# configure terminal OS10# interface vlan11 OS10(conf-if-vl-11)# ip igmp last-member-query-interval 200 10.4.3.0 or later ip igmp query-interval Changes the frequency of IGMP general queries sent by the querier. Syntax ip igmp query-interval seconds Parameters seconds—Enter the amount of time in seconds to configure the time interval for IGMP general queries. The range is from 1 to 18000.
Usage Information Example Supported Releases The no version of this command disables IGMP snooping. OS10(config)# ip igmp snooping enable 10.4.0E(R1) or later ip igmp snooping Enables IGMP snooping on the specified VLAN interface. Syntax ip igmp snooping Parameters None Default Depends on the global configuration. Command Mode VLAN INTERFACE Usage Information When you enable IGMP snooping globally, the configuration applies to all VLAN interfaces.
Usage Information Example Supported Releases The no version of this command resets the last member query interval time to the default value. OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# ip igmp snooping last-member-query-interval 2500 10.4.1.0 or later ip igmp snooping mrouter Configures multicast router port on the specified VLAN interface. Syntax ip igmp snooping mrouter interface interface—type Parameters interface—type—Enter the interface type details.
Usage Information The no version of this command resets the query interval to the default value. Example Supported Releases OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# ip igmp snooping query-interval 120 10.4.1.0 or later ip igmp snooping query-max-resp-time Configures the maximum time for responding to a query advertised in IGMP queries.
Default None Command Mode EXEC Usage Information The show ip igmp groups command displays the IGMP database, configured entries for all groups on all interfaces, all groups on specific interfaces, or specific groups on specific interfaces. This command displays the following: ● Group address—Lists the multicast address for the IGMP group. ● Interface—Lists the interface type, slot, and port number. ● Mode—Displays the IGMP version used.
IGMP querying router is 2.1.1.1 Vlan121 is up, line protocol is up Internet address is 121.1.1.2 IGMP is enabled on interface IGMP version is 3 IGMP query interval is 60 seconds IGMP querier timeout is 130 seconds IGMP last member query response interval is 1000 ms IGMP max response time is 10 seconds IGMP immediate-leave is disabled on this interface IGMP joins count: 100 IGMP querying router is 121.1.1.2 Supported Releases 10.4.3.
00:01:26 Member-ports :port-channel51,ethernet1/1/51:1,ethernet1/1/52:1 225.1.0.10 vlan3031 IGMPv2-Compat 00:01:26 --more-<
Member Port port-channel51 ethernet1/1/51:1 ethernet1/1/52:1 Mode Include Include Include Uptime 1d:20:26:07 1d:20:26:05 1d:20:26:08 Expires 00:01:41 00:01:46 00:01:46 Uptime 1d:20:26:07 Expires 00:01:41 OS10# show ip igmp snooping groups vlan 3041 detail Interface vlan3041 Group 232.11.0.0 Source List 101.41.0.
Example OS10# show ip igmp snooping interface Vlan3031 is up, line protocol is up IGMP version is 3 IGMP snooping is enabled on interface IGMP snooping query interval is 60 seconds IGMP snooping querier timeout is 130 seconds IGMP snooping last member query response interval is 1000 ms IGMP Snooping max response time is 10 seconds IGMP snooping fast-leave is disabled on this interface IGMP snooping querier is enabled on this interface Vlan3032 is up, line protocol is up IGMP version is 3 IGMP snooping is e
IGMP snooping fast-leave is disabled on this interface IGMP snooping querier is enabled on this interface Multicast snooping flood-restrict is enabled on this interface Supported Releases 10.4.0E(R1) or laterUpdated the command to display the multicast flood restrict status on 10.4.3.0 or later show ip igmp snooping mrouter Displays the multicast router ports details. Syntax show ip igmp snooping mrouter [vlan vlan-id] Parameters vlan-id—(Optional) Enter the VLAN ID, from 1 to 4093.
MLD snooping MLD snooping enables switches to use the information in MLD packets and generate a forwarding table that associates ports with multicast groups. When switches receive multicast frames, they forward them to their intended receivers. OS10 supports MLD snooping on VLAN interfaces. Effective with OS10 release 10.4.3.0, MLD snooping is enabled by default. Configure MLD snooping ● Enable MLD snooping globally with the ipv6 mld snooping enable command in the CONFIGURATION mode.
ff0e:225:1::4 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::5 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff02::2 vlan3532 Exclude 00:01:47 ff0e:225:2:: vlan3532 MLDv1-Compat 00:01:56 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:2::1 vlan3532 MLDv1-Compat 00:01:56 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:2::2 vlan3532 MLDv1-Compat 00:01:56 Member-ports :port
Example Supported Releases OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# no ipv6 mld snooping 10.4.1.0 or later ipv6 mld snooping enable Enables MLD snooping globally. Syntax ipv6 mld snooping enable Parameters None Default Enabled Command Mode CONFIGURATION Usage Information The no version of this command disables the MLD snooping. Example Supported Releases OS10(config)# ipv6 mld snooping enable 10.4.1.
Example Supported Releases OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# ipv6 mld snooping last-member-query-interval 2500 10.4.1.0 or later ipv6 mld snooping mrouter Configures the specified VLAN member port as a multicast router interface. Syntax ipv6 mld snooping mrouter interface interface—type Parameters interface—type—Enter the interface type details. The interface should be a member of the VLAN.
Example Supported Releases OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# ipv6 mld snooping query-interval 120 10.4.1.0 or later ipv6 mld query-max-resp-time Configures the maximum time for responding to a query advertised in MLD queries. Syntax ipv6 mld snooping query-max-resp-time query-response-time Parameters query-response-time—Enter the query response time in seconds, ranging from 1 to 25.
Example Example (with VLAN) Example (with VLAN and multicast IP address) Supported Releases 796 Multicast OS10# show ipv6 mld snooping groups Total Number of Groups: 280 MLD Connected Group Membership Group Address Interface Mode Expires ff02::2 vlan3531 Exclude 00:01:38 ff0e:225:1:: vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::1 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::2 vlan3531 MLDv
show ipv6 mld snooping groups detail Displays the MLD source information along with detailed member port information. Syntax show ipv6 mld snooping groups [vlan vlan-id] [group ipv6-address] detail Parameters ● vlan-id—(Optional) Enter the VLAN ID, ranging from 1 to 4093. ● ipv6-address—(Optional) Enter the IPv6 address of the multicast group.
Example (with VLAN and multicast IP address) Supported Releases OS10# show ipv6 mld snooping groups vlan 3041 ff3e:232:b:: detail Interface vlan3041 Group ff3e:232:b:: Source List 2001:101:29::1b Member Port Mode Uptime Expires port-channel31 Include 2d:11:50:53 00:02:01 ethernet1/1/51:1 Include 2d:11:51:11 00:02:01 ethernet1/1/52:1 Include 2d:11:51:12 00:01:52 10.4.1.0 or later show ipv6 mld snooping interface Displays the details of MLD snooping interfaces.
Usage Information None Example Supported Releases OS10# show ipv6 mld snooping mrouter vlan 11 Interface Router Ports Vlan 11 ethernet 1/1/32 10.4.1.0 or later Protocol Independent Multicast Protocol independent multicast (PIM) is a group of multicast routing protocols that provides one-to-many and many-to-many transmission of information. PIM uses routing information from other routing protocols and does not depend on any specific unicast routing protocol.
● RFC 4601 for PIM-SM ● RFC 3569 for PIM-SSM PIM-SM PIM sparse mode (PIM-SM) is a multicast routing protocol for networks with receivers that are sparsely distributed. Receivers have to explicitly send a join message to join particular groups or sources. PIM join and prune messages are used to join and leave multicast distribution trees. PIM-SM uses shared trees with the root node being the rendezvous point (RP). All multicast sources use the RP to route the traffic to the receiver.
Configure PIM-SSM To configure a group range for PIM-SSM: NOTE: The IP range, 232.0.0.0/8 is reserved for SSM. You do not have to explicitly configure this range. 1. Create an ACL rule to specify the range of addresses that should use SSM. OS10# configure terminal OS10(config)# ip access-list ssm-1 OS10(config-ipv4-acl)# permit ip any 236.0.0.0/8 OS10(config-ipv4-acl)# exit 2. Enable PIM-SSM for the range of addresses using the ip pim ssm-range command.
NOTE: If you have enabled the override option, configuring static RP without using the override option does not remove the override configuration. You must delete the static RP configuration using the override option and then reconfigure static RP again. To view the RP for a multicast group, use the show ip pim rp command. OS10# show ip pim rp Group RP --------------------------------225.1.1.1 171.1.1.1 225.1.1.2 171.1.1.1 225.1.1.3 171.1.1.1 225.1.1.4 171.1.1.1 225.1.1.5 171.1.1.1 225.1.1.6 171.1.1.
○ Enable multicast routing globally and establish PIM neighborship between routers. Ensure that the unicast routing table is populated. ○ Ensure that the candidate RP can reach all the nodes in your network. ○ (Optional) Configure an ACL with source as any and destination as a valid multicast group address. If you do not configure an ACL, the router advertises itself as the RP for the entire multicast range, which is 224.0.0.0/4.
dissociate the ACL from the candidate RP, or to reset the candidate RP to the default values, you must use the no ip pim rp-candidate command and reconfigure the candidate RP. To view the candidate RP, candidate BSR, and elected BSR: OS10# show ip pim bsr-router This system is the Bootstrap Router (v2) BSR address: 10.1.1.8 BSR Priority: 255, Hash mask length: 31 Next bootstrap message in 00:00:20 This system is a candidate BSR Candidate BSR address: 10.1.1.
PIM commands clear ip pim tib Clears PIM tree information from the PIM database. Syntax clear ip pim [vrf vrf-name] tib Parameters vrf vrf-name—Enter the keyword vrf, then the name of the VRF.
● ● ● ● ● loopback-interface-number—Enter a value from 0 to 16383 vlan-number—Enter a value from 1 to 4093 port-channel-number—Enter a value from 1 to 128 length—Enter a value from 0 to 32 priority-value—Enter a value from 0 to 255 Default ● Hash mask length is 30. ● Priority is 64. Command Mode CONFIGURATION Usage Information The system advertises the IP address of the specified interface as the BSR IP address in BSR messages.
Default 130 s Command Mode CONFIGURATION Usage Information The no form of the command resets the BSR timeout to its default value. Example Supported Releases OS10# configure terminal OS10(config)# ip pim vrf red bsr-timeout 140 10.5.0 or later ip pim dr-priority Changes the designated router (DR) priority for the interface. Syntax ip pim dr-priority priority-value Parameters priority-value—Enter a number from 0 to 4294967295.
ip pim rp-address Configures a static PIM RP address for a group. Syntax ip pim [vrf vrf-name] rp-address address {group-address group-address mask} [override] Parameters ● vrf vrf-name—Enter the keyword vrf, then the name of the VRF. ● rp-address address—Enter the keyword address, then the RP address in dotted-decimal format (A.B.C.D). ● group-address group-address mask—Enter the keyword group-address, then the groupaddress mask in dotted-decimal format (/xx) to assign the group address to the RP.
If you specify an access list, the C-RP advertises only the group range that the access list permits. The no form of the command removes the router from being a C-RP. You must specify the parameters with the no form of this command. Example Supported Releases OS10# configure terminal OS10(config)# ip pim vrf red rp-candidate loopback 10 priority 11 acl rp-grp 10.5.0 or later ip pim rp-candidate-timers Configures the time interval between periodic candidate RP advertisements.
● The interface is in Layer 3 mode. PIM-SM is enabled only on a Layer 3 interface. Before configuring PIM on the interface, use the no switchport command to change the interface from Layer 2 to Layer 3 mode. Use the no form of the command to disable PIM sparse mode. Example OS10# configure terminal OS10(config)# interface vlan 2 OS10(conf-if-vl-2)# ip address 1.1.1.2/24 OS10(conf-if-vl-2)# ip pim sparse-mode Supported Releases 10.4.3.
show ip pim bsr-router Displays information about the bootstrap router. Syntax show ip pim [vrf vrf-name] bsr-router Parameters vrf vrf-name—Enter the keyword vrf, then the name of the VRF. Default None Command Mode EXEC Usage Information None Example OS10# show ip pim bsr-router PIMv2 Bootstrap information BSR address: 101.0.0.1 BSR Priority: 199, Hash mask length: 31 Expires: 00:00:24 This system is a candidate BSR Candidate BSR address: 104.0.0.
show ip pim mcache Displays routes that are synchronized from VLT peer and local route information. Syntax show ip pim [vrf vrf-name] mcache [group-address [source-address]] [vlt] Parameters ● vrf vrf-name—Enter the keyword vrf, then the name of the VRF. ● group-address—Enter the multicast group address in dotted-decimal format (A.B.C.D). ● source-address—Enter the multicast source address in dotted-decimal format (A.B.C.D).
Example Supported Releases OS10# show ip pim neighbor Neighbor Address Interface Uptime/Expires Ver DR Priority/Mode ------------------------------------------------------------------------------2.1.1.1 vlan103 13:05:58/00:01:19 v2 1 / S 3.1.1.1 vlan105 13:05:58/00:01:17 v2 1 / S 10.4.3.0 or later show ip pim rp Displays brief information about all multicast group to RP mappings.
show ip pim ssm-range Displays the non-default groups added using the SSM range feature. Syntax show ip pim [vrf vrf-name] ssm-range Parameters vrf vrf-name—Enter the keyword vrf, then the name of the VRF. Default None Command Mode EXEC Usage Information None Example Supported Releases OS10# show ip pim ssm-range Group Address / MaskLen 224.1.1.1 / 32 10.4.3.0 or later show ip pim summary Displays PIM summary.
VLT Multicast summary: 0(*,G) synced entries in MFC 281(S,G) synced entries in MFC 0(S,G,Rpt) synced entries in MFC Supported Releases 10.4.3.0 or later show ip pim tib Displays the PIM tree information base (TIB). Syntax show ip pim [vrf vrf-name] tib [group-address [source-address]] Parameters ● vrf vrf-name—Enter the keyword vrf, then the name of the VRF. ● group-address—Enter the group address in dotted-decimal format (A.B.C.D). ● source-address—Enter the source address in dotted-decimal format (A.
show ip rpf Displays reverse path forwarding (RPF) information. Syntax show ip rpf [vrf vrf-name] [summary] Parameters ● vrf vrf-name—Enter the keyword vrf, then the name of the VRF. ● summary—RPF summary. Default None Command Mode EXEC Usage Information PIM uses unicast routing to check the multicast source reachability. PIM examines the distance of each route. The route with the shortest distance is the one that PIM selects for reachability.
Sample configuration in FHR node: FHR# configure terminal FHR(config)# FHR(config)# ip multicast-routing FHR(config)# interface ethernet 1/1/31 FHR(conf-if-eth1/1/31)# no switchport FHR(conf-if-eth1/1/31)# ip address 3.3.3.2/24 FHR(conf-if-eth1/1/31)# ip pim sparse-mode FHR(conf-if-eth1/1/31)# ip ospf 1 area 0 FHR(conf-if-eth1/1/31)# exit FHR(config)# FHR(config)# interface ethernet 1/1/17 FHR(conf-if-eth1/1/17)# FHR(conf-if-eth1/1/17)# no switchport FHR(conf-if-eth1/1/17)# ip address 2.2.2.
RP(config)# interface ethernet 1/1/43 RP(conf-if-eth1/1/43)# no switchport RP(conf-if-eth1/1/43)# ip address 1.1.1.2/24 RP(conf-if-eth1/1/43)# ip pim sparse-mode RP(conf-if-eth1/1/43)# ip ospf 1 area 0 RP(conf-if-eth1/1/43)# exit RP(config)# RP(config)# interface loopback 0 RP(conf-if-lo-0)# ip address 192.168.1.25/32 RP(conf-if-lo-0)# ip ospf 1 area 0 RP(conf-if-lo-0)# exit RP(config)# ip pim rp-address 192.168.1.25 group-address 224.0.0.
LHR# configure terminal LHR(config)# router ospf 1 LHR(config-router-ospf-1)# end The show ip pim interface command displays the PIM-enabled interfaces in LHR. LHR# show ip pim interface Address Interface Ver/Mode Nbr Count Query Intvl DR Prio DR ---------------------------------------------------------------------------2.2.2.1 ethernet1/1/1 v2/S 1 30 1 2.2.2.2 1.1.1.1 ethernet1/1/26:1 v2/S 1 30 1 1.1.1.2 15.1.1.1 vlan2001 v2/S 0 30 1 15.1.1.
Outgoing interface list: (22.1.1.10, 224.1.1.1), uptime 00:02:58, expires 00:03:06, flags: P Incoming interface: ethernet1/1/31, RPF neighbor 3.3.3.2 Outgoing interface list: IGMP and PIM states in LHR node The show ip igmp groups command output displays the IGMP database. LHR# show ip igmp groups Total Number of Groups: 1 IGMP Connected Group Membership Group Address Interface Expires Last Reporter 224.1.1.1 vlan2001 00:01:59 15.1.1.
To enable PIM-SSM, perform the following configurations on R1 and R2: Sample configuration on R1: R1# configure terminal R1(config)# ip vrf red R1(conf-vrf)# end R1# configure terminal R1(config)# interface port-channel 11 R1(conf-if-po-11)# no switchport R1(conf-if-po-11)# ip vrf forwarding red R1(conf-if-po-11)# end R1# configure terminal R1(config)# interface ethernet 1/1/6 R1(conf-if-eth1/1/6)# no ip vrf forwarding R1(conf-if-eth1/1/6)# no switchport R1(conf-if-eth1/1/6)# channel-group 11 R1(conf-if-eth
Sample configuration on R2: R2# configure terminal R2(config)# ip vrf red R2(conf-vrf)# end R2# configure terminal R2(config)# interface vlan 2001 R2(conf-if-vl-2001)# ip vrf forwarding red R2(conf-if-vl-2001)# end R2# configure terminal R2(config)# interface ethernet 1/1/40:1 R2(conf-if-eth1/1/40:1)# no ip vrf forwarding R2(conf-if-eth1/1/40:1)# switchport mode trunk R2(conf-if-eth1/1/40:1)# switchport trunk allowed vlan 2001 R2(conf-if-eth1/1/40:1)# end R2# configure terminal R2(config)# interface port-ch
R2# configure terminal R2(config)# ip access-list test R2(config-ipv4-acl)# permit ip any 224.1.1.0/24 R2(config-ipv4-acl)# exit R2(config)# ip pim vrf red ssm-range test R2(config)# end Verify the configuration To verify the configuration, use the following show commands on R1: The show ip pim vrf red neighbor command displays the PIM neighbor of R1 and the interface through which the neighbor is reached.
Incoming interface: port-channel11, RPF neighbor 193.1.1.1 Outgoing interface list: vlan2001 Forward/Sparse 00:00:06/Never The show ip pim vrf red neighbor command displays the PIM neighbor of R2 and the interface through which the neighbor is reached. R2# show ip pim vrf red neighbor Neighbor Address Interface Uptime/Expires Ver DR Priority / Mode ------------------------------------------------------------------------193.1.1.
Multicast VRF sample configuration This section describes how to configure IPv4 multicast in a non-default VRF instance using the topology shown in the following illustration. Perform the following configuration on each of the nodes, R1, R2, R3, and R4.
R1(conf-if-eth1/1/6)# R1(conf-if-eth1/1/6)# R1(conf-if-eth1/1/6)# R1(conf-if-eth1/1/6)# no ip vrf forwarding no switchport channel-group 11 end R1# configure terminal R1(config)# interface ethernet 1/1/7 R1(conf-if-eth1/1/7)# no switchport R1(conf-if-eth1/1/7)# interface ethernet 1/1/7 R1(conf-if-eth1/1/7)# ip vrf forwarding red R1(conf-if-eth1/1/7)# ip address 201.1.1.
R2(conf-vrf)# end R2# configure terminal R2(config)# interface vlan 1001 R2(conf-if-vl-1001)# ip vrf forwarding red R2(conf-if-vl-1001)# end R2# configure terminal R2(config)# interface ethernet 1/1/21:4 R2(conf-if-eth1/1/21:4)# switchport mode trunk R2(conf-if-eth1/1/21:4)# switchport trunk allowed vlan 1001 R2(conf-if-eth1/1/21:4)# end R2# configure terminal R2(config)# interface ethernet 1/1/12:1 R2(conf-if-eth1/1/12:1)# no switchport R2(conf-if-eth1/1/12:1)# ip vrf forwarding red R2(conf-if-eth1/1/12:1)
R3(conf-if-eth1/1/12)# switchport trunk allowed vlan 1001 R3(conf-if-eth1/1/12)# end R3# configure terminal R3(config)# interface port-channel 12 R3(conf-if-po-12)# no switchport R3(conf-if-po-12)# ip vrf forwarding red R3(conf-if-po-12)# end R3# configure terminal R3(config)# interface ethernet 1/1/5 R3(conf-if-eth1/1/5)# no ip vrf forwarding R3(conf-if-eth1/1/5)# no switchport R3(conf-if-eth1/1/5)# channel-group 12 R3(conf-if-eth1/1/5)# end R3# configure terminal R3(config)# interface vlan 1001 R3(conf-if
R3(config)# ip pim vrf red rp-address 182.190.168.224 group-address 224.0.0.
R4(conf-if-po-12)# end R4# configure terminal R4(config)# interface Lo0 R4(conf-if-lo-0)# ip vrf forwarding red R4(conf-if-lo-0)# ip address 4.4.4.
--------------------------------224.1.1.1 182.190.168.224 R1# show ip pim vrf red rp mapping Group(s) : 224.0.0.0/4, Static RP : 182.190.168.224, v2 R1# show ip pim vrf red mcache PIM Multicast Routing Cache Table (201.1.1.1, 224.1.1.1) Incoming interface : ethernet1/1/7 Outgoing interface list : port-channel11 Rendezvous point (R3) R3# show ip pim vrf red neighbor Neighbor Address Interface Uptime/Expires Ver DR Priority / Mode ---------------------------------------------------------------------------192.
--------------------------------224.1.1.1 182.190.168.224 R3# show ip pim vrf red tib PIM Multicast Routing Table Flags: S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register Flag, T - SPT-bit set, J - Join SPT, K - Ack-Pending state Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (*, 224.1.1.1), uptime 00:04:41, expires 00:00:00, RP 182.190.168.224, flags: S Incoming interface: Null, RPF neighbor 0.0.0.
(*, 224.1.1.1), uptime 00:05:44, expires 00:00:15, RP 182.190.168.224, flags: SCJ Incoming interface: port-channel12, RPF neighbor 194.1.1.1 Outgoing interface list: vlan2001 Forward/Sparse 00:05:44/Never (201.1.1.1, 224.1.1.1), uptime 00:02:58, expires 00:00:31, flags: CT Incoming interface: port-channel11, RPF neighbor 193.1.1.1 Outgoing interface list: vlan2001 Forward/Sparse 00:02:58/Never R4# show ip pim vrf red mcache PIM Multicast Routing Cache Table (*, 224.1.1.
● Provides traffic resiliency in the event of a VLT node failure. The traffic is forwarded until the PIM protocol reconverges and builds a new tree. IGMP message synchronization VLT nodes use the VLTi link to synchronize IGMP messages across their peers. Any IGMP join message that is received on one of the VLT nodes synchronizes with the peer node. Therefore, the IGMP tables are identical in a VLT domain.
Sample configuration on core: core# configure terminal core(config)# ip multicast-routing core(config)# ip pim rp-address 103.0.0.3 group-address 224.0.0.0/4 core(config)# router ospf 100 core(config-router-ospf-100)# exit core(config)# interface ethernet 1/1/32:1 core(conf-if-eth1/1/32:1)# no shutdown core(conf-if-eth1/1/32:1)# no switchport core(conf-if-eth1/1/32:1)# ip address 16.0.0.
12.0.0.1 12.0.0.2 vlan12 vlan12 00:01:06/00:01:43 00:01:03/00:01:42 v2 v2 10 10 / S / S PIM states in core The output of the show ip pim tib command. core# show ip pim tib PIM Multicast Routing Table Flags: S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register Flag, T - SPT-bit set, J - Join SPT, K - Ack-Pending state Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (*, 225.1.1.1), uptime 00:04:16, expires 00:00:00, RP 103.0.0.
AG1(config)# interface ethernet 1/1/32:1 AG1(conf-if-eth1/1/32:1)# no shutdown AG1(conf-if-eth1/1/32:1)# no switchport AG1(conf-if-eth1/1/32:1)# ip address 16.0.0.1/24 AG1(conf-if-eth1/1/32:1)# flowcontrol receive off AG1(conf-if-eth1/1/32:1)# ip pim sparse-mode AG1(conf-if-eth1/1/32:1)# ip ospf 100 area 0.0.0.0 AG1(conf-if-eth1/1/32:1)# exit AG1(config)# interface vlan 11 AG1(conf-if-vlan-11)# no shutdown AG1(conf-if-vlan-11)# ip address 11.0.0.
The show ip igmp groups command output displays the IGMP database. AG1# show ip igmp groups Total Number of Groups: 1 IGMP Connected Group Membership Group Address Interface Expires Last Reporter 225.1.1.1 vlan11 00:01:53 0.0.0.0 Mode Uptime Exclude 00:01:55 The show ip pim tib command output displays the PIM tree information base (TIB).
The show ip pim mcache command displays the multicast route entries. AG1# show ip pim mcache PIM Multicast Routing Cache Table (*, 225.1.1.1) Incoming interface : vlan12 Outgoing interface list : vlan11 (16.0.0.10, 225.1.1.1) Incoming interface : vlan12 Outgoing interface list : vlan11 The show ip pim mcache vlt command displays multicast route entries. AG1# show ip pim mcache vlt PIM Multicast Routing Cache Table Flags: S - Synced (*, 225.1.1.
AG2(conf-if-vlan-12)# ip ospf 100 area 0.0.0.0 AG2(conf-if-vlan-12)# exit AG2(config)# interface vlan 13 AG2(conf-if-vlan-13)# no shutdown AG2(conf-if-vlan-13)# ip address 13.0.0.2/24 AG2(conf-if-vlan-13)# ip pim sparse-mode AG2(conf-if-vlan-13)# ip pim dr-priority 1000 AG2(conf-if-vlan-13)# ip ospf 100 area 0.0.0.0 AG2(conf-if-vlan-13)# ip ospf cost 4000 AG2(conf-if-vlan-13)# exit AG2(config)# interface loopback 102 AG2(conf-if-lo-102)# no shutdown AG2(conf-if-lo-102)# ip address 102.0.0.
Outgoing interface list: vlan11 Forward/Sparse 00:02:15/Never The show ip pim mcache command output displays multicast route entries. AG2# show ip pim mcache PIM Multicast Routing Cache Table (*, 225.1.1.1) Incoming interface : vlan12 Outgoing interface list : vlan11 AG2# show ip pim mcache vlt PIM Multicast Routing Cache Table Flags: S - Synced (*, 225.1.1.
Sample configuration on TOR: TOR# configure terminal TOR(config)# ip igmp snooping enable TOR(config)# interface vlan 11 TOR(conf-if-vlan-11)# no shutdown TOR(conf-if-vlan-11)# exit TOR(config)# interface port-channel 11 TOR(conf-if-po-11)# no shutdown TOR(conf-if-po-11)# switchport mode trunk TOR(conf-if-po-11)# switchport access vlan 1 TOR(conf-if-po-11)# switchport trunk allowed vlan 11 TOR(conf-if-po-11)# exit TOR(config)# interface ethernet 1/1/32:1 TOR(conf-if-eth1/1/32:1)# no shutdown TOR(conf-if-eth
● ● ● ● CR1, CR2, AG1, AG2, AG3, and AG4 are multicast routers. CR1 and CR2 are the BSR and RP nodes. TR1 and TR2 are IGMP-enabled L2 nodes. OSPFv2 is the unicast routing protocol. CR1 switch 1. Configure RSTP. CR1(config)# spanning-tree disable 2. Configure the VLT domain.
CR1(conf-vlt-128)# CR1(conf-vlt-128)# CR1(conf-vlt-128)# CR1(conf-vlt-128)# CR1(conf-vlt-128)# backup destination 10.222.208.160 discovery-interface ethernet1/1/27:2 peer-routing primary-priority 1 vlt-mac 9a:00:00:aa:aa:aa 3. Configure a port channel interface towards AG1 and AG2.
● VLAN 1001 towards AG1 and AG2 CR1(config)# interface vlan 1001 CR1(conf-if-vl-1001)# ip address 10.1.2.5/24 CR1(conf-if-vl-1001)# ip ospf 1 area 0.0.0.0 CR1(conf-if-vl-1001)# ip pim sparse-mode CR1(conf-if-vl-1001)# ip igmp snooping mrouter interface port-channel11 ● VLAN 1101 towards AG3 CR1(config)# interface vlan 1101 CR1(conf-if-vl-1101)# ip address 10.1.3.5/24 CR1(conf-if-vl-1101)# ip ospf 1 area 0.0.0.
3. Configure a port channel interface towards AG1 and AG2. CR2(config)# interface port-channel 11 CR2(config)# interface ethernet 1/1/1:1 CR2(conf-if-eth1/1/1:1)# channel-group 11 mode active CR2(config)# interface ethernet 1/1/9:1 CR2(conf-if-eth1/1/9:1)# channel-group 11 mode active CR2(config)# interface port-channel 11 CR2(conf-if-po-11)# vlt-port-channel 11 4. Configure a port channel interface towards AG3.
CR2(conf-if-vl-1001)# ip pim sparse-mode CR2(conf-if-vl-1001)# ip igmp snooping mrouter interface port-channel11 ● VLAN 1151 towards AG3 CR2(config)# interface vlan 1151 CR2(conf-if-vl-1151)# ip address 10.110.1.5/24 CR2(conf-if-vl-1151)# ip ospf 1 area 0.0.0.0 CR2(conf-if-vl-1151)# ip pim sparse-mode CR2(conf-if-vl-1151)# ip ospf cost 65535 CR2(conf-if-vl-1151)#ip igmp snooping mrouter interface port-channel22 ● VLAN 1251 towards AG4 CR2(config)# interface vlan 1251 CR2(conf-if-vl-1251)# ip address 10.192.
AG1(conf-if-eth1/1/1:1)# channel-group 11 mode active AG1(config)# interface ethernet 1/1/3:1 AG1(conf-if-eth1/1/3:1)# channel-group 11 mode active AG1(config)# interface port-channel 11 AG1(conf-if-po-11)# vlt-port-channel 11 AG1(conf-if-po-11)# spanning-tree disable 4. Configure a port channel interface towards AG3 and AG4.
10. Configure the interfaces as VLAN trunk ports and specify the allowed VLANs.
AG2(config)# interface ethernet 1/1/17:1 AG2(conf-if-eth1/1/17:1)# channel-group 41 mode active 6. Configure Loopback interface and enable PIM-SM. AG2(config)# interface loopback 1 AG2(conf-if-lo-1)# ip address 10.1.100.2/32 AG2(conf-if-lo-1)# ip pim sparse-mode 7. Enable multicast routing on the default VRF. AG2(config)# ip multicast-routing 8. Configure OSPF for unicast routing.
AG3 switch 1. Configure RSTP. AG3(config)# spanning-tree mode rstp AG3(config)# spanning-tree rstp priority 8192 2. Configure the VLT domain. AG3(config)# interface ethernet 1/1/25:1 AG3(conf-if-eth1/1/25:1)# no switchport AG3(config)#vlt-domain 1 AG3(conf-vlt-255)# backup destination 10.222.208.39 AG3(conf-vlt-255)# discovery-interface ethernet1/1/25:1 AG3(conf-vlt-255)# peer-routing AG3(conf-vlt-255)# primary-priority 1 AG3(conf-vlt-255)# vlt-mac f0:ce:10:f0:ce:10 3.
AG3(conf-if-vl-1101)# ip pim sparse-mode AG3(conf-if-vl-1101)# ip igmp snooping mrouter interface port-channel21 ● VLAN 1151 towards CR2 AG3(config)# interface vlan 1151 AG3(conf-if-vl-1151)# ip address 10.110.1.3/24 AG3(conf-if-vl-1151)# ip ospf 1 area 0.0.0.0 AG3(conf-if-vl-1151)# ip pim sparse-mode AG3(conf-if-vl-1151)# ip igmp snooping mrouter interface port-channel22 ● VLAN 1301 towards AG1 and AG2 AG3(config)# interface vlan 1301 AG3(conf-if-vl-1301)# ip address 10.112.1.
AG4(conf-vlt-255)# peer-routing AG4(conf-vlt-255)# primary-priority 65535 AG4(conf-vlt-255)# vlt-mac f0:ce:10:f0:ce:10 3. Configure a port channel interface towards CR1. AG4(config)# interface port-channel 31 AG4(config)# interface ethernet 1/1/1:1 AG4(conf-if-eth1/1/1:1)# channel-group 31 mode active 4. Configure a port channel interface towards CR2. AG4(config)# interface port-channel 32 AG4(config)# interface ethernet 1/1/4:1 AG4(conf-if-eth1/1/4:1)# channel-group 32 mode active 5.
AG4(conf-if-vl-1301)# ip pim sparse-mode AG4(conf-if-vl-1301)# ip igmp snooping mrouter interface port-channel1 ● VLAN 2001 towards TR2 AG4(config)# interface vlan 2001 AG4(conf-if-vl-2001)# ip address 192.168.1.4/24 AG4(conf-if-vl-2001)# ip pim sparse-mode AG4(conf-if-vl-2001)# ip igmp snooping mrouter interface port-channel1 10. Configure the interfaces as VLAN trunk ports and specify the allowed VLANs.
TR1(conf-if-eth1/1/31)# switchport trunk allowed vlan 2001 TR1(conf-if-eth1/1/31)# spanning-tree port type edge TR1(config)# interface ethernet 1/1/32 TR1(conf-if-eth1/1/32)# switchport mode trunk TR1(conf-if-eth1/1/32)# switchport trunk allowed vlan 2001 TR1(conf-if-eth1/1/32)# spanning-tree port type edge TR2 switch 1. Configure RSTP. TR2(config)# spanning-tree mode rstp 2. Configure a port channel interface towards AG3.
The show ip pim neighbor command displays the PIM neighbor of the node and the interface to reach the neighbor. CR1# show ip pim neighbor Neighbor Address Interface Uptime/Expires Ver DR Priority / Mode ------------------------------------------------------------------------------------10.1.1.6 vlan100 00:24:19/00:01:25 v2 4294967295 / DR S 10.1.3.3 vlan1101 00:20:28/00:01:18 v2 1 / S 10.1.4.4 vlan1201 00:18:21/00:01:24 v2 1 / S 10.1.2.1 vlan1001 00:22:12/00:01:36 v2 1 / S 10.1.2.
(172.16.1.201, 225.1.0.0), uptime 01:24:45, expires 00:02:46, flags: CTP Incoming interface: vlan100, RPF neighbor 0.0.0.0 Outgoing interface list: The show ip pim mcache command displays the multicast route entries. CR1# show ip pim mcache PIM Multicast Routing Cache Table (192.168.1.201, 225.1.0.0) Incoming interface : vlan1001 Outgoing interface list : vlan1 (192.168.1.202, 225.1.0.0) Incoming interface : vlan1001 Outgoing interface list : vlan1 (172.16.1.201, 225.1.0.
--------------------------------225.1.0.0 10.1.100.6 CR1# show ip pim rp mapping Group(s) : 225.0.0.0/8 RP : 10.1.100.5, v2 Info source: 10.1.100.5, via bootstrap, priority 100 expires: 00:00:56 Group(s) : 225.0.0.0/8 RP : 10.1.100.6, v2 Info source: 10.1.100.5, via bootstrap, priority 100 expires: 00:01:07 The show ip igmp snooping groups command displays the IGMP database. CR1# show ip igmp snooping groups Total Number of Groups: 320 CR1# show ip igmp snooping groups vlan 1 225.1.0.
6 active PIM neighbor TIB Summary: 20/20 (*,G) entries in PIM-TIB/MFC 39/39 (S,G) entries in PIM-TIB/MFC 39/0 (S,G,Rpt) entries in PIM-TIB/MFC 2 RP 3 sources 16 Register states Message Summary: 208/885 Joins/Prunes sent/received 60/0 Candidate-RP advertisements sent/received 310/405 BSR messages sent/received 205 Null Register messages received 268/181 Register-stop messages sent/received Data path event summary: 11 last-hop switchover messages received 28/28 pim-assert messages sent/received 186/79 registe
Incoming interface : vlan1001 Outgoing interface list : vlan1 (192.168.1.202, 225.1.0.0) Incoming interface : vlan1001 Outgoing interface list : vlan1 (172.16.1.201, 225.1.0.0) Incoming interface : vlan1 Outgoing interface list : vlan1001 vlan1251 The show ip pim mcache vlt command displays the multicast route entries synchronized between the VLT peers. CR2# show ip pim mcache vlt PIM Multicast Routing Cache Table Flags: S - Synced (192.168.1.201, 225.1.0.
The show ip igmp snooping groups command displays the IGMP database. CR2# show ip igmp snooping groups Total Number of Groups: 320 CR2# show ip igmp snooping groups vlan 1 225.1.0.0 detail Interface vlan1 Group 225.1.0.0 Source List -Member Port Mode Uptime Expires port-channel1000 IGMPv2-Compat 01:57:20 00:01:39 ethernet1/1/28:4 IGMPv2-Compat 01:57:31 00:01:39 AG1 The show ip pim interface command displays the PIM-enabled interfaces on the node.
0 Null Register messages received 0/459 Register-stop messages sent/received Data path event summary: 20 last-hop switchover messages received 23/159 pim-assert messages sent/received 499/0 register messages sent/received VLT Multicast summary: 0(*,G) synced entries in MFC 0(S,G) synced entries in MFC 0(S,G,Rpt) synced entries in MFC The show ip pim tib command displays the PIM tree information base (TIB).
(192.168.1.201, 225.1.0.0) Incoming interface : vlan2001 Outgoing interface list : vlan1001 vlan2002 vlan2003 vlan2004 vlan2005 (192.168.1.202, 225.1.0.0) Incoming interface : vlan2001 Outgoing interface list : vlan1001 vlan2002 vlan2003 vlan2004 vlan2005 (172.16.1.201, 225.1.0.0) Incoming interface : vlan1001 Outgoing interface list : vlan2002 vlan2003 vlan2004 vlan2005 The show ip pim mcache vlt command displays the multicast route entries synchronized between the VLT peers.
BSR address: 10.1.100.5 BSR Priority: 199, Hash mask length: 31 Expires: 00:00:23 The show ip pim rp mapping command displays information about all multicast group-to-RP mappings. AG1# show ip pim rp Group RP --------------------------------225.1.0.0 10.1.100.6 AG1# show ip pim rp mapping Group(s) : 225.0.0.0/8 RP : 10.1.100.5, v2 Info source: 10.1.100.5, via bootstrap, priority 100 expires: 00:00:45 Group(s) : 225.0.0.0/8 RP : 10.1.100.6, v2 Info source: 10.1.100.
The show ip pim summary command displays the PIM summary.
The show ip pim mcache command displays the multicast route entries. AG2# show ip pim mcache PIM Multicast Routing Cache Table (*, 225.1.0.0) Incoming interface : vlan1001 Outgoing interface list : vlan2002 vlan2003 vlan2004 vlan2005 (192.168.1.201, 225.1.0.0) Incoming interface : vlan2001 Outgoing interface list : vlan1001 vlan2002 vlan2003 vlan2004 vlan2005 (192.168.1.202, 225.1.0.0) Incoming interface : vlan2001 Outgoing interface list : vlan1001 vlan2002 vlan2003 vlan2004 vlan2005 (172.16.1.201, 225.1.
Incoming interface : vlan1001 Outgoing interface list : vlan2002 (S) vlan2003 (S) vlan2004 (S) vlan2005 (S) The show ip pim bsr-router command displays information about the BSR. AG2# show ip pim bsr-router PIMv2 Bootstrap information BSR address: 10.1.100.5 BSR Priority: 199, Hash mask length: 31 Expires: 00:00:26 The show ip pim rp mapping command displays information about all multicast group-to-RP mappings. AG2# show ip pim rp Group RP --------------------------------225.1.0.0 10.1.100.
-----------------------------------------------------------------------------------------------------------10.112.1.1 vlan1301 00:22:45/00:01:24 v2 1 / S 10.112.1.2 vlan1301 00:20:24/00:01:20 v2 1 / S 10.112.1.4 vlan1301 00:21:09/00:01:20 v2 1 / DR S 192.168.1.4 vlan2001 00:22:47/00:01:22 v2 4294967295 / DR S 192.168.1.3 vlan2001 00:20:22/00:01:22 v2 4294967290 / S 192.168.1.1 vlan2001 00:21:07/00:01:23 v2 1 / S 10.110.1.5 vlan1151 00:22:58/00:01:16 v2 1 / DR S 10.1.3.
(192.168.1.201, 225.1.0.0), uptime 01:26:40, expires 00:00:52, flags: CTP Incoming interface: vlan2001, RPF neighbor 0.0.0.0 Outgoing interface list: (192.168.1.202, 225.1.0.0), uptime 01:26:40, expires 00:00:52, flags: CTP Incoming interface: vlan2001, RPF neighbor 0.0.0.0 Outgoing interface list: The show ip pim mcache command displays the multicast route entries. AG3# show ip pim mcache PIM Multicast Routing Cache Table (192.168.1.201, 225.1.0.
AG4 The show ip pim interface command displays the PIM-enabled interfaces on the node. AG4# show ip pim interface Address Interface Ver/Mode Nbr Count Query Intvl DR Prio DR -----------------------------------------------------------------------------10.1.4.4 vlan1201 v2/S 1 30 1 10.1.4.5 10.112.1.4 vlan1301 v2/S 3 30 1 10.112.1.4 192.168.1.1 vlan2001 v2/S 3 30 1 192.168.1.4 10.192.168.4 vlan1251 v2/S 1 30 1 10.192.168.
PIM Multicast Routing Table Flags: S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register Flag, T - SPT-bit set, J - Join SPT, K - Ack-Pending state Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (*, 225.1.0.0), uptime 01:40:17, expires 00:00:58, RP 10.1.100.6, flags: SCJ Incoming interface: vlan1251, RPF neighbor 10.192.168.
--------------------------------225.1.0.0 10.1.100.6 AG4# show ip pim rp mapping Group(s) : 225.0.0.0/8 RP : 10.1.100.5, v2 Info source: 10.1.100.5, via bootstrap, priority 100 expires: 00:01:02 Group(s) : 225.0.0.0/8 RP : 10.1.100.6, v2 Info source: 10.1.100.5, via bootstrap, priority 100 expires: 00:00:43 The show ip igmp snooping groups command displays the IGMP database. AG4# show ip igmp snooping groups Total Number of Groups: 1600 AG4# show ip igmp snooping groups vlan 2001 225.1.0.
225.1.0.2 vlan2001 IGMPv2-Compat 00:01:36 Member-ports :ethernet1/1/21,ethernet1/1/22 <> VLT multicast routing commands show vlt inconsistency ip mcache Displays information about mismatched IIF routes between the local and peer VLT nodes. Syntax show vlt inconsistency ip mcache [vrf vrf-name] Parameters vrf vrf-name—(Optional) Enter the keyword then the name of the VRF to display information about mismatched IIF routes corresponding to that non-default VRF.
Supported Releases 874 Multicast 10.5.
16 VXLAN A virtual extensible LAN (VXLAN) extends Layer 2 (L2) server connectivity over an underlying Layer 3 (L3) transport network in a virtualized data center. A virtualized data center consists of virtual machines (VMs) in a multi-tenant environment. OS10 supports VXLAN as described in RFC 7348. VXLAN provides a L2 overlay mechanism on an existing L3 network by encapsulating the L2 frames in L3 packets.
Bridge domain A L2 domain that receives packets from member interfaces and forwards or floods them to other member interfaces based on the destination MAC address of the packet. OS10 supports two types of bridge domains: simple VLAN and virtual network. ● Simple VLAN: A bridge domain a VLAN ID represents. Traffic on all member ports is assigned with the same VLAN ID. ● Virtual network: A bridge domain a virtual network ID (VNID) represents.
6. Advertise the local VXLAN source IP address to remote VTEPs. 7. (Optional) Configure VLT. Configure source IP address on VTEP When you configure a switch as a VXLAN tunnel endpoint (VTEP), configure a Loopback interface, whose IP address is used as the source IP address in encapsulated packet headers. Only a Loopback interface assigned to a network virtualization edge (NVE) instance is used as a source VXLAN interface.
All broadcast, multicast, and unknown unicast (BUM) traffic received on access interfaces replicate and are sent to all configured remote VTEPs. Each packet contains the VXLAN VNI in its header. By default, MAC learning from a remote VTEP is enabled and unknown unicast packets flood to all remote VTEPs. To configure additional remote VTEPs, re-enter the remote-vtep ip-address command. 4. Return to VIRTUAL-NETWORK mode. exit 5. Return to CONFIGURATION mode.
Configure untagged access ports Add untagged access ports to the VXLAN overlay network using either a switch-scoped VLAN or port-scoped VLAN. Only one method is supported. ● To use a switch-scoped VLAN to add untagged member ports to a virtual network: 1. Assign a VLAN to a virtual network in VLAN Interface mode. interface vlan vlan-id virtual-network vn-id exit 2. Configure port interfaces as access members of the VLAN in Interface mode.
To support multiple tenants when each tenant has its own L2 segments, configure a different IP VRF for each tenant. All tenants share the same VXLAN underlay IP fabric in the default VRF. 1. Create a non-default VRF instance for overlay routing in Configuration mode. For multi-tenancy, create a VRF instance for each tenant. ip vrf tenant-vrf-name exit 2. Configure the anycast gateway MAC address all VTEPs use in all VXLAN virtual networks in Configuration mode.
● Internet Group Management Protocol (IGMP) and Protocol-Independent Multicast (PIM) are not supported on a virtualnetwork interface. ● IP routing of incoming VXLAN encapsulated traffic in the overlay after VXLAN termination is not supported. The following tables show how to use anycast gateway IP and MAC addresses in a data center with three virtual networks and multiple VTEPs: ● Globally configure an anycast MAC address for all VTEPs in all virtual networks.
OS10(config)# interface loopback 1 OS10(config-if-lo-1)# ip ospf 100 area 0.0.0.0 Each VTEP switch in the underlay IP network learns the IP address of the VXLAN source interface. If a remote VTEP switch is not reachable, its status displays as DOWN in the show nve remote-vtep output. 2. Configure the MTU value on L3 underlay network-facing interfaces in Interface mode to be at least 50 bytes higher than the MTU on the server-facing links to allow for VXLAN encapsulation. The range is from 1312 to 9216.
Each overlay ARP entry requires a routing next-hop in the hardware to bind a destination tenant VM IP address to the corresponding tenant VM MAC address and VNI. Each virtual-network interface assigned to an IP subnet requires a routing interface in the hardware. OS10 supports preset profiles to re-allocate the number of resources reserved for overlay ARP entries. The number of entries reserved for each preset mode differs according to OS10 switch. Table 77.
● View the currently configured overlay routing profile; for example, in the S5200-ON series: show hardware overlay-routing-profile mode Overlay Setting Mode Next-hop Entries Current default-overlay-routing 8192 Next-boot default-overlay-routing 8192 Underlay Next-hop Entries 57344 57344 Overlay L3 RIF Entries 2048 2048 Underlay L3 RIF Entries 14336 14336 DHCP relay on VTEPs Dynamic Host Configuration Protocol (DHCP) clients on hosts in the overlay communicate with a DHCP server using a DHCP relay on th
View the VXLAN virtual-network port OS10# show virtual-network interface ethernet 1/1/1 Interface Vlan Virtual-network ethernet1/1/1 100 1000 ethernet1/1/1 200 2000 ethernet1/1/1 300 3000 View the VXLAN virtual-network VLAN OS10# show virtual-network vlan 100 Vlan Virtual-network Interface 100 1000 ethernet1/1/1,ethernet1/1/2 100 5000 ethernet1/1/2 View the VXLAN virtual-network VLANs OS10# show vlan Codes: * - Default VLAN, M - Management VLAN, R - Remote Port Mirroring VLANs, @ – Attached to Virtual Netwo
-----------------------------------------------------101 101 44.44.44.44 11.11.11.11,22.22.22.22,33.33.33.33 102 102 44.44.44.44 11.11.11.11,22.22.22.22,33.33.33.33 103 103 44.44.44.44 11.11.11.11,22.22.22.22,33.33.33.33 104 104 44.44.44.44 11.11.11.11,22.22.22.22,33.33.33.33 View VXLAN routing between virtual networks The show ip arp vrf and show ipv6 neighbors vrf command output displays information about IPv4 and IPv6 neighbors learned in a non-default VRF on the switch.
NOTE: The existing show mac address-table and clear mac-address table commands do not display and clear MAC addresses in a virtual-network bridge domain even when access ports in a switch-scoped VLAN are assigned to a VXLAN virtual network. Display VXLAN MAC addresses Table 78.
Table 78. Display VXLAN MAC addresses Command Description interface ethernet node/slot/port:subport: Displays the number of MAC addresses learned on the specified interface. interface port-channel number: Displays the number of MAC addresses learned on the specified port channel. vn-id: Displays the number of MAC addresses learned on the specified virtual network.
VXLAN commands hardware overlay-routing-profile Configures the number of reserved ARP table entries for VXLAN overlay routing.
Example Supported releases OS10(config)# interface virtual-network 10000 OS10(config-if-vn-10000)# ip vrf forwarding tenant1 OS10(config-if-vn-10000)# ip address 10.1.0.1/16 OS10(config-if-vn-10000)# no shutdown 10.4.3.0 or later ip virtual-router address Configures an anycast gateway IP address for a VXLAN virtual network or a VLAN interface. Syntax ip virtual-router address ipv4–address Parameters address ipv4–address—Enter the IP address of the anycast L3 gateway.
Starting from release 10.5.2, you can use this command to configure anycast MAC address all switches use in VLAN. The no version of the command removes the specified virtual MAC address. Example Supported releases OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 10.4.3.0 or later ipv6 virtual-router address Configures an anycast gateway IPv6 address to a VLAN interface.
Usage information Example Supported releases Use this command to assign traffic on the same VLAN or interface to different virtual networks. The no version of this command removes the configured value. OS10(config)# virtual-network 10000 OS10(config-vn)# member-interface port-channel 10 vlan-tag 200 OS10(config-vn)# member-interface port-channel 20 untagged 10.4.2.0 or later nve Enters network virtualization edge (NVE) configuration mode to configure the source VXLAN tunnel endpoint.
Parameters all View the number of tenant entries available in each hardware partition for overlay routing profiles. Default Not configured Command mode EXEC Usage information On S4100-ON series, S5200-ON series, S4048T-ON, S4248-ON, and S6010-ON switches, L3 VXLAN overlay routing requires reserved hardware resources. The number of reserved table entries in a profile varies according to the OS10 switch.
show nve remote-vtep Displays information about remote VXLAN tunnel endpoints. Syntax show nve remote-vtep [ip-address | summary | counters] Parameters ip-address Display detailed information about a specified remote VTEP. summary Display summary information about remote VTEPs. counters Display statistics on remote VTEP traffic. Default Not configured Command mode EXEC Usage information Use this command to display the IP address, operational state, and configured VXLANs for each remote VTEP.
Parameters None Default Not configured Command mode EXEC Usage information Use this command to display information about configured VXLAN virtual networks. Each VXLAN virtual network is identified by its virtual-network ID. Example Supported releases OS10# show nve vxlan-vni VNI Virtual-Network Source-IP Remote-VTEPs -----------------------------------------------------10000 1 1.1.1.1 2.2.2.2 200 2 1.1.1.1 2.2.2.2 300 300 1.1.1.1 2.2.2.2 10.4.2.
Example Supported releases OS10# show virtual-network counters Virtual-Network Input (Packets/Bytes) 1000 857/8570 2000 457/3570 Output (Packets/Bytes) 257/23709 277/13709 10.4.2.0 or later show virtual-network interface counters Displays packet statistics for a member port, port channel, or VLAN in VXLAN virtual networks.
Command mode EXEC Usage information Use this command to verify the VXLAN VLANs where an Ethernet port connected to downstream servers is a member. Example Supported releases OS10# show virtual-network interface ethernet 1/1/1 Interface Vlan Virtual-network ethernet1/1/1 100 1000 ethernet1/1/1 200 2000 ethernet1/1/1 300 3000 10.4.2.0 or later show virtual-network vlan Displays the VXLAN virtual networks where a VLAN is assigned.
Supported releases 10.4.2.0 or later source-interface loopback Configures a dedicated Loopback interface as the source VTEP. Syntax source-interface loopback number Parameters loopback number Enter the Loopback interface used as the source interface of a VXLAN virtual tunnel, from 0 to 16383.
Default Not configured Command mode CONFIGURATION Usage information The untagged VLAN ID is used internally for all untagged member interfaces that belong to virtual networks. You cannot use the reserved untagged VLAN ID for a simple VLAN bridge or for tagged traffic on member interfaces of virtual networks. The no version of this command removes the configured value. Example Supported releases OS10(config)# virtual-network untagged-vlan 10 10.4.2.
clear mac address-table dynamic virtual-network Clears MAC addresses learned on all or a specified VXLAN virtual network. Syntax clear mac address-table dynamic virtual-network [interface {ethernet node/ slot/port:subport | port-channel number} | local | vn-id [address macaddress | local]] Parameters interface ethernet node/slot/ port[:subport ] Clear all MAC addresses learned on the specified interface. interface port-channel number Clear all MAC addresses learned on the specified port channel.
Usage information Example Supported releases Use this command to display the number of MAC address entries learned on all VLANs and VXLAN virtual networks. OS10# show mac address-table count extended MAC Entries for all vlans : Dynamic Address Count : 10 Static Address (User-defined) Count : 2 Total MAC Addresses in Use: 12 10.4.2.0 or later show mac address-table count nve Displays the number of MAC addresses learned on a VXLAN virtual network or from a remote VXLAN tunnel endpoint.
interface ethernet node/slot/ port[:subport ] Display the number of MAC addresses learned on the specified interface. interface port-channel number Display the number of MAC addresses learned on the specified port channel. vn-id Display the number of MAC addresses learned on the specified virtual network, from 1 to 65535. Default Not configured Command mode EXEC Usage information Use this command to display the number of MAC address entries learned on virtual networks in the MAC address table.
10000 10000 10000 10000 20000 20000 20000 20000 Supported releases 1 500 4000 100 100 300 300 300 aa:bb:cc:dd:f0:03 aa:bb:cc:dd:f0:03 aa:bb:cc:dd:f0:03 00:00:00:00:00:11 00:00:00:00:00:44 00:00:00:00:00:55 00:00:00:00:00:77 00:00:00:00:00:22 00:00:00:00:00:33 00:00:00:00:00:66 00:00:00:00:00:88 static static static dynamic dynamic dynamic dynamic dynamic dynamic dynamic dynamic port-channel1000 port-channel1000 port-channel1000 ethernet1/1/31:1 port-channel1000 port-channel10 VxLAN(32.1.1.
dynamic Display only dynamic MAC addresses. address macaddress Display only information about the specified MAC address. Enter the MAC address in EEEE.EEEE.EEEE format. interface ethernet node/slot/ port[:subport ] Display only MAC addresses learned on the specified interface. interface port-channel number Display only MAC addresses learned on the specified port channel.
Figure 12. Static VXLAN use case VTEP 1 Leaf Switch 1. Configure the underlay OSPF protocol Do not configure the same IP address for the router ID and the source loopback interface in Step 2. OS10(config)# router ospf 1 OS10(config-router-ospf-1)# router-id 172.16.0.1 OS10(config-router-ospf-1)# exit 2. Configure a Loopback interface OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.1.1/32 OS10(conf-if-lo-0)# ip ospf 1 area 0.0.0.
3. Configure the Loopback interface as the VXLAN source tunnel interface OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 4.
OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# no switchport mtu 1650 ip address 172.16.2.0/31 ip ospf 1 area 0.0.0.0 exit 8. Configure VLT Configure a dedicated L3 underlay path to reach the VLT Peer in case of network failure OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.1/30 OS10(config-if-vl-4000)# ip ospf 1 area 0.0.0.
OS10(config-if-vn-10000)# ip address 10.1.0.231/16 OS10(config-if-vn-10000)# ip virtual-router address 10.1.0.100 OS10(config-if-vn-10000)# no shutdown OS10(config-if-vn-10000)# exit OS10(config)# interface virtual-network 20000 OS10(config-if-vn-20000)# ip vrf forwarding tenant1 OS10(config-if-vn-20000)# ip address 10.2.0.231/16 OS10(config-if-vn-20000)# ip virtual-router address 10.2.0.100 OS10(config-if-vn-20000)# no shutdown OS10(config-if-vn-20000)# exit VTEP 2 Leaf Switch 1.
OS10(conf-if-po-10)# switchport access vlan 200 OS10(conf-if-po-10)# exit OS10(config)# interface OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# ethernet1/1/5 no shutdown channel-group 10 mode active no switchport exit OS10(config)# interface port-channel20 OS10(conf-if-po-20)# no shutdown OS10(conf-if-po-20)# switchport mode access OS10(conf-if-po-20)# switchport access vlan 200 OS10(conf-if-po-20)# exit OS10(config)# interface OS10(conf-if-eth1/1/6)# OS10
Configure a VLT domain OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.150.
4. Configure VXLAN virtual networks with a static VTEP OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vxlan-vni 10000 OS10(config-vn-vxlan-vni)# remote-vtep OS10(config-vn-vxlan-vni-remote-vtep)# OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# vxlan-vni 20000 OS10(config-vn-vxlan-vni)# remote-vtep OS10(config-vn-vxlan-vni-remote-vtep)# OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 192.168.1.1 exit 192.168.1.
OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# no switchport mtu 1650 ip address 172.18.2.0/31 ip ospf 1 area 0.0.0.0 exit 9.
Configure an anycast L3 gateway OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 Configure routing with an anycast gateway IP address for each virtual network OS10(config)# interface virtual-network 10000 OS10(config-if-vn-10000)# ip vrf forwarding tenant1 OS10(config-if-vn-10000)# ip address 10.1.0.233/16 OS10(config-if-vn-10000)# ip virtual-router address 10.1.0.
OS10(conf-if-po-10)# no switchport access vlan OS10(conf-if-po-10)# exit OS10(config)# interface OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# ethernet1/1/5 no shutdown channel-group 10 mode active no switchport exit OS10(config)# interface port-channel20 OS10(conf-if-po-20)# no shutdown OS10(conf-if-po-20)# switchport mode trunk OS10(conf-if-po-20)# no switchport access vlan OS10(conf-if-po-20)# exit OS10(config)# interface OS10(conf-if-eth1/1/6)# OS10(co
OS10(conf-if-po-10)# exit OS10(config)# interface port-channel20 OS10(conf-if-po-20)# vlt port-channel 20 OS10(conf-if-po-20)# exit Configure VLTi member links OS10(config)# interface OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# ethernet1/1/3 no shutdown no switchport exit OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# ethernet1/1/4 no shutdown no switchport exit Configure a VLT domain OS10(config)# vlt-domain 1 OS10(conf-vlt-1)
OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# no switchport ip address 172.16.1.1/31 ip ospf 1 area 0.0.0.0 exit OS10(config)# interface OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# ethernet1/1/2 no shutdown no switchport ip address 172.17.1.1/31 ip ospf 1 area 0.0.0.
BGP EVPN for VXLAN Ethernet Virtual Private Network (EVPN) is a control plane for VXLAN that reduces flooding in the network and resolves scalability concerns. EVPN uses MP-BGP to exchange information between VTEPs. EVPN was introduced in RFC 7432 and is based on BGP MPLS-based VPNs. RFC 8365 describes VXLAN-based EVPN. The MP-BGP EVPN control plane provides protocol-based remote VTEP discovery, and MAC and ARP learning. This configuration reduces flooding related to L2 unknown unicast traffic.
Figure 13. BGP EVPN topology Leaf nodes Leaf nodes are typically top-of-rack (ToR) switches in a data center network. They act as the VXLAN tunnel endpoints and perform VXLAN encapsulation and decapsulation. Leaf nodes also participate in the MP-BGP EVPN to support control plane and data plane functions. Control plane functions include: ● Initiate and maintain route adjacencies using any routing protocol in the underlay network. ● Advertise locally learned routes to all MP-BGP EVPN peers.
The BGP EVPN running on each VTEP listens to the exchange of route information in the local overlay, encodes the learned routes as BGP EVPN routes, and injects them into BGP to advertise to the peers. Tunnel endpoints advertise as Type 3 EVPN routes. MAC/IP addresses advertise as Type 2 EVPN routes. EVPN instance An EVPN instance (EVI) spans across the VTEPs that participate in an Ethernet VPN. Each virtual-network tenant segment, that is advertised using EVPN, must associate with an EVI.
1. Configure BGP to advertise EVPN routes. EVPN requires that you establish MP-BGP sessions between leaf and spine nodes in the underlay network. On each spine and leaf node, configure at least two BGP peering sessions: ● A directly connected BGP peer in the underlay network to advertise VTEP and Loopback IP addresses using the IPv4 unicast address family. ● A BGP peer in the overlay network to advertise overlay information using the EVPN address family.
f. Configure the L2 VPN EVPN address family for VXLAN host-based routing to the BGP peer in ROUTER-BGP-NEIGHBOR mode. address-family l2vpn evpn g. Enable the exchange of L2VPN EVPN addresses with the BGP peer in ROUTER-BGP-NEIGHBOR mode. activate h. Return to ROUTER-BGP mode. exit i. Enter IPv4 address-family configuration mode from ROUTER-BGP mode. address-family ipv4 unicast j. Disable the exchange of IPv4 addresses with BGP peers in ROUTER-BGP mode. no activate k. Return to ROUTER-BGP-NEIGHBOR mode.
b. Manually create an EVPN instance in EVPN mode. The range is from 1 to 65535. evi id c. Configure the Route Distinguisher in EVPN EVI mode. rd {A.B.C.D:[1-65535] | auto} Where: ○ rd A.B.C.D:[1-65535] configures the RD with a 4-octet IPv4 address then a 2-octet-number. ○ rd auto automatically generates the RD. d. Configure the RT values in EVPN EVI mode. route-target {auto | value [asn4] {import | export | both}} Where: ○ route-target auto auto-configures an import and export value for EVPN routes.
ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) 4_OCTET_AS(65) MP_L2VPN_EVPN Capabilities advertised to neighbor for IPv4 Unicast: MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) 4_OCTET_AS(65) MP_L2VPN_EVPN Prefixes accepted 1, Prefixes advertised 1 Connections established 2; dropped 0 Last reset never Prefixes ignored due to: Martian address 0, Our own AS in AS-PATH 0 Invalid Nexthop 0, Invalid AS-PATH length 0 Wellknown community 0, Locally originated 0 Local host: 110.111.180.
To enable efficient traffic forwarding on a VTEP, OS10 supports distributed gateway routing. A distributed gateway allows multiple VTEPs to act as the gateway router for a tenant subnet. The VTEP that is located nearest to a host acts as its gateway router. To 1. 2. 3. enable L3 gateway/IRB functionality for BGP EVPN, configure a VXLAN overlay network and enable routing on a switch: Create a non-default VRF instance for overlay routing. For multi-tenancy, create a VRF instance for each tenant.
Figure 14. BGP EVPN in VLT domain VXLAN BGP commands activate (l2vpn evpn) Enables the exchange of L2 VPN EVPN address family information with a BGP neighbor or peer group. Syntax activate Parameters None Default Not configured Command Mode ROUTER-BGP-NEIGHBOR-AF Usage Information Use this command to exchange L2 VPN EVPN address information for VXLAN host-based routing with a BGP neighbor. The IPv4 unicast address family is enabled by default.
Example Supported Releases OS10(conf-router-neighbor)# address-family l2vpn evpn unicast OS10(conf-router-bgp-neighbor-af)# activate 10.2.0E or later address-family l2vpn evpn Configures the L2 VPN EVPN address family for VXLAN host-based routing to a BGP neighbor.
sender-side-loop-detection Enables the sender-side loop detection process for a BGP neighbor. Syntax sender-side-loop-detection Parameters None Default Enabled Command Mode ROUTER-BGP-NEIGHBOR-AF Usage Information This command helps detect routing loops, based on the AS path before it starts advertising routes. To configure a neighbor to accept routes use the neighbor allowas-in command. The no version of this command disables sender-side loop detection for that neighbor.
[3]:[0]:[32]:[110.111.170.107]/152 0 100 101 ? OS10# show BGP router Neighbor State/Pfx 3.3.3.3 4.4.4.4 5.5.5.5 6.6.6.6 110.111.170.107 0 100 ip bgp l2vpn evpn summary identifier 2.2.2.2 local AS number 4294967295 AS MsgRcvd MsgSent Up/Down 4294967295 4294967295 4294967295 4294967295 2831 2364 4947 2413 9130 9586 8399 7310 05:57:27 05:56:43 01:10:39 05:51:56 504 504 11514 504 OS10# show ip bgp l2vpn evpn neighbors BGP neighbor is 3.3.3.
Usage information Example Supported releases In deployments running BGP with 2-byte or 4-byte autonomous systems, auto-EVI automatically creates EVPN instances when you create a virtual network on a VTEP in the overlay network. In auto-EVI mode, the RD and RT values automatically generate: ● For a 2-byte autonomous system: ○ The RD auto-configures as Type 1 from the overlay network source IP address and the autogenerated EVI index.
Supported releases 10.4.2.0 or later rd Configures the Route Distinguisher (RD) value that EVPN routes use. Syntax rd {A.B.C.D:[1-65535] | auto} Parameters A.B.C.D: [1-65535] Manually configure the RD with a 4-octet IPv4 address, then a 2-octet-number from 1 to 65535. auto Configure the RD to automatically generate. Default Not configured Command mode EVPN-EVI and EVPN-VRF Usage information A RD maintains the uniqueness of an EVPN route between different EVPN instances.
Configure a route target in a tenant VRF used for EVPN symmetric IRB traffic. In EVPN-VRF command mode, the manual route-target configuration should be unique across VRFs. Example OS10(config)# evpn OS10(config-evpn)# evi OS10(config-evpn-evi)# OS10(config-evpn-evi)# OS10(config-evpn-evi)# 10 vni 10000 rd 111.111.111.111:65535 route-target 1:3 both OS10(config)# evpn OS10(config-evpn)# vrf vrf-blue OS10(config-evpn-vrf-vrf-blue)# route-target auto Supported releases 10.4.2.
Examples OS10# show evpn mac Type -(lcl): Local (rmt): remote EVI 50 Mac-Address 00:00:00:aa:aa:aa Type rmt Seq-No 0 Interface/Next-Hop 55.1.1.3 OS10# show evpn mac count Total MAC Entries : Local MAC Address Count : Remote MAC Address Count : 2 5 OS10# show evpn mac evi 811 count EVI 811 MAC Entries : Local MAC Address Count : Remote MAC Address Count : 1 2 OS10# show evpn mac evi 811 next-hop 80.80.1.8 count EVI 811 next-hop 80.80.1.
103 103 103 103 104 104 104 104 105 105 105 105 106 106 106 106 14:18:77:25:4e:84 14:18:77:25:4e:84 14:18:77:25:6f:84 14:18:77:25:6f:84 14:18:77:25:4d:b9 14:18:77:25:4d:b9 14:18:77:25:6e:b9 14:18:77:25:6e:b9 14:18:77:25:4d:b9 14:18:77:25:4d:b9 14:18:77:25:6e:b9 14:18:77:25:6e:b9 14:18:77:25:4e:84 14:18:77:25:4e:84 14:18:77:25:6f:84 14:18:77:25:6f:84 rmt rmt lcl lcl rmt rmt lcl lcl rmt rmt lcl lcl rmt rmt lcl lcl 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 13.13.13.1 2001:13::13:1 13.13.13.2 2001:13::13:2 14.14.14.
102 103 104 106 105 101 Supported releases 102 103 104 106 105 101 102 103 104 106 105 101 blue default blue default blue default 10.4.3.0 or later show evpn vxlan-vni Displays the VXLAN overlay network for EVPN instances. Syntax show evpn vxlan-vni [vni] Parameters vni — (Optional) Enter the VXLAN virtual-network ID, from 1 to 16,777,215. Default Not configured Command mode EXEC Usage information Use this command to verify the VXLAN virtual network and bridge domain used by an EVPN instance.
Figure 15. VXLAN BGP EVPN use case VTEP 1 Leaf Switch 1. Configure a Loopback interface for the VXLAN underlay using same IP address as the VLT peer OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.1.1/32 OS10(conf-if-lo-0)# exit 2.
3. Configure VXLAN virtual networks OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vxlan-vni 10000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# vxlan-vni 20000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 4.
OS10(config-router-bgp-100)# address-family ipv4 unicast OS10(config-router-bgp-af)# redistribute connected OS10(config-router-bgp-af)# exit 8. Configure eBGP for the IPv4 point-to-point peering OS10(config-router-bgp-100)# neighbor 172.16.1.
12. Configure VLT Configure a dedicated L3 underlay path to reach the VLT Peer in case of a network failure OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.
Configure routing on the virtual networks OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network 10000 ip vrf forwarding tenant1 ip address 10.1.0.231/16 ip virtual-router address 10.1.0.
OS10(conf-if-eth1/1/5)# exit OS10(config)# interface port-channel20 OS10(conf-if-po-20)# no shutdown OS10(conf-if-po-20)# switchport mode trunk OS10(conf-if-po-20)# switchport access vlan 200 OS10(conf-if-po-20)# exit OS10(config)# interface OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# ethernet1/1/6 no shutdown channel-group 20 mode active no switchport exit 6.
OS10(config-router-neighbor)# update-source loopback1 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# no activate OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# address-family l2vpn evpn OS10(config-router-bgp-neighbor-af)# activate OS10(config-router-bgp-neighbor-af)# allowas-in 1 OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# neighbor
OS10(conf-vlt-1)# vlt-mac aa:bb:cc:dd:ee:ff OS10(conf-vlt-1)# exit Configure UFD with uplink VLT ports and downlink network ports OS10(config)# uplink-state-group OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# 1 enable downstream ethernet1/1/1-1/1/2 upstream port-channel10 upstream port-channel20 exit Configure iBGP IPv4 peering between VLT peers OS10(config)# router bgp 100 OS10(config-ro
OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# vxlan-vni 20000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 4. Configure unused VLAN ID for untagged membership OS10(config)# virtual-network untagged-vlan 1000 5.
OS10(configure-router-bgp-af)# redistribute connected OS10(configure-router-bgp-af)# exit 9. Configure eBGP for the IPv4 point-to-point peering OS10(config-router-bgp-100)# neighbor 172.18.1.1 OS10(config-router-neighbor)# remote-as 101 OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# allowas-in 1 OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# neighbor 172.18.2.
OS10(config-evpn-evi-10000)# route-target auto OS10(config-evpn-evi-10000)# exit OS10(config-evpn)# evi 20000 OS10(config-evpn-evi-20000)# OS10(config-evpn-evi-20000)# OS10(config-evpn-evi-20000)# OS10(config-evpn-evi-20000)# OS10(config-evpn)# exit vni 20000 rd auto route-target auto exit 13.
Configure iBGP IPv4 peering between VLT peers OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 172.16.250.11 OS10(config-router-neighbor)# remote-as 100 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 14.
5.
OS10(config-router-neighbor)# remote-as 101 OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# allowas-in 1 OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 10. Configure a Loopback interface for BGP EVPN peering different from the VLT peer IP address OS10(config)# interface loopback1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 172.19.0.
Configure a VLTi VLAN for the virtual network OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vlti-vlan 100 OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(conf-vn-20000)# vlti-vlan 200 OS10(conf-vn-20000)# exit Configure a dedicated L3 underlay path to reach the VLT Peer in case of a network failure OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.
Create a tenant VRF OS10(config)# ip vrf tenant1 OS10(conf-vrf)# exit Configure an anycast gateway MAC address OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 Configure routing on the virtual networks OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network 10000 ip vrf forwarding tenant1 ip address 10.1.0.234/16 ip virtual-router address 10.1.0.
OS10(conf-router-bgp-101)# neighbor 172.17.1.0 OS10(conf-router-neighbor)# remote-as 100 OS10(conf-router-neighbor)# no shutdown OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-neighbor-af)# no sender-side-loop-detection OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-101)# neighbor 172.18.1.
OS10(conf-router-neighbor)# address-family l2vpn evpn OS10(conf-router-neighbor-af)# no sender-side-loop-detection OS10(conf-router-neighbor-af)# activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-bgp-101)# neighbor 172.19.0.
OS10(conf-router-bgp-101)# neighbor 172.18.2.0 OS10(conf-router-neighbor)# remote-as 100 OS10(conf-router-neighbor)# no shutdown OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-neighbor-af)# no sender-side-loop-detection OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-101)# neighbor 172.19.2.
OS10(conf-router-neighbor)# remote-as 100 OS10(conf-router-neighbor)# send-community extended OS10(conf-router-neighbor)# update-source loopback1 OS10(conf-router-neighbor)# no shutdown OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-neighbor-af)# no activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# address-family l2vpn evpn OS10(conf-router-neighbor-af)# no sender-side-loop-detection OS10(conf-router-neighbor-af)# activate OS10(conf-router-neighbor-af)# exit
64 bytes from 10.2.0.10: icmp_seq=4 ttl=63 time=0.944 ms 64 bytes from 10.2.0.10: icmp_seq=5 ttl=63 time=0.806 ms --- 10.2.0.10 ping statistics --5 packets transmitted, 5 received, 0% packet loss, time 4078ms rtt min/avg/max/mdev = 0.806/0.851/0.944/0.051 ms root@HOST-A:~# 5. Check connectivity between host A and host C root@HOST-A:~# ping 10.1.0.20 -c 5 PING 10.1.0.20 (10.1.0.20) 56(84) bytes of 64 bytes from 10.1.0.20: icmp_seq=1 ttl=64 64 bytes from 10.1.0.20: icmp_seq=2 ttl=64 64 bytes from 10.1.0.
Figure 16. VXLAN BGP EVPN with multiple AS VTEP 1 Leaf Switch 1. Configure a Loopback interface for the VXLAN underlay using same IP address as the VLT peer OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.1.1/32 OS10(conf-if-lo-0)# exit 2.
3. Configure VXLAN virtual networks OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vxlan-vni 10000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# vxlan-vni 20000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 4.
OS10(config-router-bgp-99)# address-family ipv4 unicast OS10(config-router-bgp-af)# redistribute connected OS10(config-router-bgp-af)# exit 8. Configure eBGP for the IPv4 point-to-point peering OS10(config-router-bgp-99)# neighbor 172.16.1.1 OS10(config-router-neighbor)# remote-as 101 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-99)# neighbor 172.16.2.
OS10(config-evpn-evi-20000)# route-target 100:20000 import OS10(config-evpn-evi-20000)#exit OS10(config-evpn)# 12. Configure VLT Configure a dedicated L3 underlay path to reach the VLT Peer in case of a network failure OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.
Configure an anycast gateway MAC address OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 Configure routing on the virtual networks OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network10000 ip vrf forwarding tenant1 ip address 10.1.0.231/16 ip virtual-router address 10.1.0.
OS10(config)# interface OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# ethernet1/1/5 no shutdown channel-group 10 mode active no switchport exit OS10(config)# interface port-channel20 OS10(conf-if-po-20)# no shutdown OS10(conf-if-po-20)# switchport mode trunk OS10(conf-if-po-20)# switchport access vlan 200 OS10(conf-if-po-20)# exit OS10(config)# interface OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# ethern
OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# no activate OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# address-family l2vpn evpn OS10(config-router-bgp-neighbor-af)# activate OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# exit OS10(config-router-bgp-99)# neighbor 172.202.0.
OS10(conf-if-eth1/1/4)# no switchport OS10(conf-if-eth1/1/4)# exit Configure the VLT domain OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.150.
2. Configure the Loopback interface as the VXLAN source tunnel interface OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 3. Configure VXLAN virtual networks OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vxlan-vni 10000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# vxlan-vni 20000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 4.
OS10(conf-if-eth1/1/1)# mtu 1650 OS10(conf-if-eth1/1/2)# ip address 172.18.2.0/31 OS10(conf-if-eth1/1/2)# exit 8. Configure eBGP OS10(config)# router bgp 100 OS10(config-router-bgp-100)# router-id 172.18.0.1 OS10(config-router-bgp-100)# address-family ipv4 unicast OS10(configure-router-bgp-af)# redistribute connected OS10(configure-router-bgp-af)# exit 9. Configure eBGP for the IPv4 point-to-point peering OS10(config-router-bgp-100)# neighbor 172.18.1.
OS10(config-evpn-evi-10000)# rd 192.168.2.1:10000 OS10(config-evpn-evi-10000)# route-target 99:10000 import OS10(config-evpn-evi-10000)# route-target 100:10000 both OS10(config-evpn-evi-10000)#exit OS10(config-evpn)# evi 20000 OS10(config-evpn-evi-20000)# vni 20000 OS10(config-evpn-evi-20000)# rd 192.168.2.1:20000 OS10(config-evpn-evi-20000)# route-target 99:20000 import OS10(config-evpn-evi-20000)# route-target 100:20000 both OS10(config-evpn-evi-20000)#exit OS10(config-evpn)# 13.
Configure iBGP IPv4 peering between VLT peers OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 172.16.250.11 OS10(config-router-neighbor)# remote-as 100 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 14.
5.
OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 10. Configure a Loopback interface for BGP EVPN peering different from the VLT peer IP address OS10(config)# interface loopback1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 172.19.0.1/32 OS10(conf-if-lo-1)# exit 11. Configure BGP EVPN peering OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 172.201.0.
OS10(conf-vn-20000)# vlti-vlan 200 OS10(conf-vn-20000)# exit Configure a dedicated L3 underlay path to reach the VLT Peer in case of a network failure OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.
Configure routing on the virtual networks OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network10000 ip vrf forwarding tenant1 ip address 10.1.0.234/16 ip virtual-router address 10.1.0.
OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-101)# exit 4. Configure a Loopback interface for BGP EVPN peering OS10(config)# interface loopback1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 172.201.0.1/32 OS10(conf-if-lo-1)# exit 5. Configure BGP EVPN peer sessions OS10(config)# router bgp 101 OS10(conf-router-bgp-101)# neighbor 172.16.0.
Spine Switch 2 1.
OS10(conf-router-neighbor)# update-source loopback1 OS10(conf-router-neighbor)# no shutdown OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-neighbor-af)# no activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# address-family l2vpn evpn OS10(conf-router-neighbor-af)# activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-bgp-102)# neighbor 172.17.0.
2. Verify EVPN configurations and EVPN parameters LEAF1# show evpn evi EVI : 10000, State : up Bridge-Domain : Route-Distinguisher : Route-Targets : Inclusive Multicast : IRB : EVI : 20000, State : up Bridge-Domain : Route-Distinguisher : Route-Targets : Inclusive Multicast : IRB : LEAF1# Virtual-Network 10000, VNI 10000 1:192.168.1.1:10000 0:99:10000 both, 0:100:10000 import 192.168.2.1 Enabled(tenant1) Virtual-Network 20000, VNI 20000 1:192.168.1.1:20000 0:99:10000 both, 0:100:10000 import 192.168.2.
rtt min/avg/max/mdev = 0.640/0.669/0.707/0.041 ms root@HOST-A:~# NOTE: Follow Steps 1 to 6 to check ping connectivity between combinations of other hosts, and between hosts through different virtual-network IP addresses. Example: VXLAN BGP EVPN — Centralized L3 gateway The following VXLAN with BGP EVPN example uses a centralized Layer 3 gateway to perform virtual-network routing. It is based on the sample configuration in Example: VXLAN BGP EVPN — Multiple AS topology.
Figure 17. VXLAN BGP EVPN with centralized L3 gateway NOTE: This centralized L3 gateway example for VXLAN BGP EVPN uses the same configuration steps as in Example: VXLAN BGP EVPN — Multiple AS topology. Configure each spine and leaf switch as in the Multiple AS topology example, except: ● Because VTEPs 1 and 2 operate only in Layer 2 VXLAN mode, do not configure IP switching in the overlay network.
Create a tenant VRF OS10(config)# ip vrf tenant1 OS10(conf-vrf)# exit Configure an anycast gateway MAC address OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 Configure routing on the virtual networks OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network10000 ip vrf forwarding tenant1 ip address 10.1.0.233/16 ip virtual-router address 10.1.0.
S4048T-ON, S6010-ON, and the S4100-ON series, routing after decapsulation is performed only between virtual networks. You can connect an egress virtual network to a VLAN in an external router, which connects to the external network. In the following example, VLT domain 1 is a VLT VTEP. VLT domain 2 is the border leaf VLT VTEP pair. All virtual networks in the data center network are configured in all VTEPs with virtual-network IP and anycast IP gateway addresses.
Figure 18. VXLAN BGP EVPN with border leaf gateway NOTE: This border leaf gateway example for VXLAN BGP EVPN uses the same configuration steps as in Example: VXLAN BGP EVPN — Multiple AS topology. Configure each spine and leaf switch as in the Multiple AS topology example and add the following additional configuration steps on each VTEP. VTEP 1 Leaf Switch 14. Configure a dedicated VXLAN virtual network.
15. Configure routing on the virtual network. OS10(config)# interface virtual-network 500 OS10(conf-if-vn-10000)# ip vrf forwarding tenant1 OS10(conf-if-vn-10000)# ip address 10.5.0.231/16 16. Configure a static route for outbound traffic sent to the anycast MAC address of the dedicated virtual network. OS10(config)#ip route 0.0.0.0/0 10.5.0.100 VTEP 2 Leaf Switch 14. Configure a dedicated VXLAN virtual network.
18. Configure a static route for outbound traffic sent to VLAN 200. OS10(config)#ip route 0.0.0.0/0 10.10.0.3 VTEP 4 Leaf Switch 14. Configure a dedicated VXLAN virtual network. OS10(config)# virtual-network 500 OS10(config-vn-500)# vxlan-vni 500 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit 15. Configure an anycast gateway MAC address on the boder leaf VTEP. This MAC address must be different from the anycast gateway MAC address configured on non-border-leaf VTEPs.
The NSX controller communicates with an OS10 VTEP using the OVSDB management protocol over a Secure Sockets Layer (SSL) connection. Establishing the communication between the controller and VTEP involves generating the SSL certificate at a VTEP and copying the certificate to the NSX controller. After SSL authentication, a secure connection over SSL is established between the controller and the VTEP. The VTEP then receives and processes the configuration data from the controller.
● Only one mode of VxLAN provisioning is supported at a time: NSX controller-based, static VXLAN, or BGP EVPN. ● An OS10 switch does not send VXLAN access port statistics to the NSX controller. ● Controller-provisioned VXLAN is not supported on VTEPs configured as peers in a VLT domain. Only VTEPs in standalone mode are supported. Specify the controller reachability information In OS10 VTEP, the controller configuration command initializes a connection to an OVSDB-based controller.
4. Assign the interface to the controller. OS10(config-if-eth1/1/1)# nve-controller To view the controller information and the ports the controller manages, use the show nve controller command. OS10# show nve controller Management IP Gateway IP Max Backoff Configured Controller Controller Cluster IP 10.16.140.173 10.16.140.171 10.16.140.172 Port 6640 6640 6640 : : : : 10.16.140.29/16 55.55.5.5 1000 10.16.140.
NOTE: In controller-provisioned VXLAN, the VTEP establishes a BFD session with the service nodes using the controllerprovided parameters instead of the parameters configured at the VTEP. If BFD is not enabled in the VTEP, the VTEP uses IP reachability information to monitor connectivity to the service node. To view established sessions, use the show bfd neighbors command.
0pDXiqS3uJwGmfxlhvmFio8EeHM/Z79DkBRD6FUMwacAnb3yCIKZH50AWq7qRmmG NZOgYUT+8oaj5tO/hEQfDYuv32E5z4d3FhiBJMFT86T4YvpJYyJkiKmaQWInkthL V3VxEMXI5vJQclMhwYbKfPB4hh3+qdS5o+uVco76CVrcWi7rO3XmsBkbnQIDAQAB MA0GCSqGSIb3DQEBDQUAA4IBAQATuFVD20GcHD8zdpYf0YaP4b6TuonUzF0jwoV+ Qr9b4kOjEBGuoPdevX3AeV/dvAa2Q6o1iOBM5z74NgHizhr067pFP841Nv7DAVb7 cPHHSSTTSeeJjIVMh0kv0KkVefsYuI4r1jqJxu0GZgBinqehXxVKlceouLvwbhb1 MFYXN3lcE2AXR746q1VIc6stNkxf3nrlOpSDz3P4VOnbAnIrY+SvUVmAT0tdrowH 99y2AzoAxUHOdWsH8EjCFch7VilmCVVhyghXdfyl6lv/F6vMRwjc343Bp
3. Create a logical switch. You can create a logical network that acts as the forwarding domain for virtualized and nonvirtualized server workloads on the physical and virtual infrastructure. The following steps configure the logical switch for NSX controller management. a. Click Logical Switches from the left navigation pane. b. Click the green + icon under Logical Switches. The New Logical Switch dialog window opens. c. Enter a name and select Unicast as the replicate mode and click OK 4.
5. (Optional) Enable or disable BFD globally. The following steps enable or disable BFD configuration in the controller. a. Click Service Definitions from the left navigation pane. b. Click the Hardware Devices tab. c. Click the Edit button in the BFD Configuration. d. Check or clear the Enable BFD check box and provide the Probe interval, in milliseconds, if required. After you configure a VMware NSX controller on a server VM, connect to the controller from the VXLAN gateway switch.
To configure an NSX controller-provisioned VXLAN: ● Configure the controller and the interfaces to be managed by the controller, in the OS10 VTEPs ● Configure the NSX controller in VMware vCenter. For more information about configuring the NSX controller using the GUI, see the Configure and control VXLAN from the VMware vCenter. You must configure an OS10 VTEP with the controller configuration so that the VTEP can communicate with the NSX controller.
OS10(config-nve-ovsdb)# max-backoff 10000 OS10(config-nve-ovsdb)# exit 5. Assign interfaces to be managed by the controller. OS10(config)# interface ethernet 1/1/54:3 OS10(config-if-eth1/1/54:3)# switchport mode trunk OS10(config-if-eth1/1/54:3)# no switchport access vlan OS10(config-if-eth1/1/54:3)# nve-controller 6. (Optional) Enable BFD. OS10(config)# bfd enable VTEP 2 1. Configure the OSPF protocol in the underlay.
Gateway IP Max Backoff Configured Controller Controller Cluster IP 10.16.140.182 10.16.140.183 10.16.140.181 : 200.0.0.1 : 10000 : 10.16.140.181:6640 ssl (connected) Port 6640 6640 6640 Protocol ssl ssl ssl Connected true true true State ACTIVE ACTIVE ACTIVE Max-Backoff 10000 10000 10000 NVE Controller Ports ethernet1/1/54:3 To display the VNID, port members, source interface, and remote VTEPs of the VXLAN, use the show virtual-network command.
NVE Controller Ports ethernet1/1/25:3 To display the VNID, port members, source interface, and remote VTEPs of the VXLAN, use the show virtual-network command. OS10# show virtual-network Codes: DP - MAC-learn Dataplane, CP - MAC-learn Controlplane, UUD - Unknown-Unicast-Drop Virtual Network: 0 Members: Virtual Network: 6000 Members: VLAN 20: ethernet1/1/25:3 VxLAN Virtual Network Identifier: 6000 Source Interface: loopback1(202.0.0.1) Remote-VTEPs (flood-list): 13.0.0.
Example Supported releases OS10(config)# nve OS10(config-nve)# controller ovsdb 10.4.3.0 or later ip port ssl Configures the OVSDB controller reachability information such as IP address, port number, and the connection type of session, in the switch. Syntax ip ip-address port port-number ssl Parameters ● ip-address — Specify the IP address of the OVSDB controller to connect with. ● port-number — Specify the port number through which the connection to the OVSDB controller is made.
nve-controller Assigns the interfaces to be managed by the controller. Syntax nve-controller Parameters None Default None Command mode INTERFACE Usage information The interface must be in Switchport Trunk mode when adding the interface to the controller. If the interface is not in the Switchport Trunk mode, the system displays the following error message: % Error: Interface ethernet1/1/1, must be in switchport trunk for controller mode.
Management IP Gateway IP Max Backoff Configured Controller Controller Cluster IP Max-Backoff 10.16.140.173 10.16.140.171 10.16.140.172 : : : : 10.16.140.29/16 55.55.5.5 1000 10.16.140.172:6640 ssl (connected) Port Protocol Connected State 6640 6640 6640 ssl ssl ssl true false true ACTIVE BACKOFF ACTIVE NVE Controller Ports ethernet1/1/1:1 ethernet1/1/15 Supported releases 10.4.3.0 or later show nve controller ssl-certificate Displays the SSL certificate generated in the system.
Parameters None Default None Command mode EXEC Usage information When you specify the VNID, the output displays details about the service nodes available for the VNID. Example (without VNID) OS10# show nve replicators Codes: * - Active Replicator BFD Status:Enabled Replicators State ----------------------2.2.2.3 Up 2.2.2.
show ovsdb-tables mac-remote-ucast Displays information about remote MAC address entries including each MAC address, IP address, local switch name, and VNID. Syntax show ovsdb-tables mac-remote-ucast Parameters None Default None Command mode EXEC Usage information This command is available only for netadmin, sysadmin, and secadmin roles.
Parameters None Default None Command mode EXEC Usage information This command is available only for netadmin, sysadmin, and secadmin roles. Example OS10# show ovsdb-tables tunnel Count : 2 Tunnel table _uuid bfd_config_local bfd_params bfd_config_remote bfd_status local remote ------------------------------------ -----------------------------------------------------------------------8025d953-acf5-4091-9fa2-75d41953b397 {bfd_dst_ip="55.55.5.5", bfd_dst_mac="00:23:20:00:00:01"} {bfd_dst_ip="2.2.2.
17 UFT modes A switch in a Layer 2 (L2) network may require a larger MAC address table size, while a switch in a Layer 3 (L3) network may require a larger routing table size. Unified forwarding table (UFT) offers the flexibility to configure internal L2/L3 forwarding table sizes. OS10 supports several UFT modes for the forwarding tables. By default, OS10 selects a UFT mode that provides a reasonable size for all tables.
Table 85. UFT Modes — Table Size for Z9264F-ON UFT Mode L2 MAC Table Size L3 Host Table Size L3 Routes Table Size Scaled-l2–switch 270336 8192 32768 Scaled-l3–hosts 8192 270336 32768 Scaled-l3–routes 8192 8192 262144 Default 139264 139264 32768 Table 86.
L3 Host Entries L3 Route Entries : : 147456 32768 212992 98304 View UFT information for all modes OS10# show hardware forwarding-table mode all Mode default scaled-l2 scaled-l3-routes L2 MAC Entries 163840 294912 32768 L3 Host Entries 147456 16384 16384 L3 Route Entries 32768 32768 131072 scaled-l3-hosts 98304 212992 98304 IPv6 extended prefix routes IPv6 addresses that contain prefix routes with mask between /64 to /128 are called as IPv6 extended prefix routes.
Syntax hardware forwarding-table mode {scaled-l2 | scaled-l3-routes | scaled-l3hosts} Parameters ● scaled-l2 —Enter the L2 MAC address table size. ● scaled-l3-routes — Enter the L3 routes table size. ● scaled-l3-hosts — Enter the L3 hosts table size. Defaults The default parameters vary according to the platform. See UFT modes on page 1000. Command Mode CONFIGURATION Usage Information Configure the sizes of internal L2 and L3 forwarding tables for your requirements of the network environment.
L2 MAC Entries L3 Host Entries L3 Route Entries Supported Releases : : : 163840 147456 32768 98304 212992 98304 10.3.0E or later show hardware forwarding-table mode all Displays table sizes for the hardware forwarding table modes.
18 Security Dell EMC SmartFabric OS10 provides various security features for the switch and also to the network.
Create user and assign role OS10(config)# username smith password silver403! role sysadmin View users OS10# show users Index ----1 2 Line ---ttyS pts/0 User -----root admin Role -----root sysadmin Application -----------bash bash Idle --->24h 1.1s Login-Time --------------------2018-05-23 T23:05:03Z 2018-05-30 T20:04:27Z Location ------------console 10.14.1.214[ssh] Unknown user role When a RADIUS or TACACS+ server authenticates a user, it may return an unknown user role, or the role may be missing.
○ lockout-period minutes — Sets the amount of time that a user ID is prevented from accessing the system after exceeding the maximum number of failed login attempts, from 0 to 43,200; default 0. When a user is locked out due to exceeding the maximum number of failed login attempts, other users can still access the switch. By default, lockout-period minutes is 0; no lockout period is configured. Failed login attempts do not lock out a user.
Simple password check By default, OS10 uses a strong password check when you configure user name passwords with the username username password password role role [priv-lvl privilege-level] command. To turn off the strong password check and configure simpler passwords with no restrictions, use the service simplepassword command. To disable the simple password check and return to the default strong password check, use the no service simplepassword command. ● Enter the command in CONFIGURATION mode.
%Error: Password it does not contain enough DIFFERENT characters. OS10(config)# service simple-password OS10(config)# username admin2 password 4newhire4 role sysadmin OS10(config)# enable password 0 4newhire4 priv-lvl 5 Re-enable strong password check OS10(config)# no service simple-password Obscure passwords To obscure passwords in show command output so that text characters do not display, use the service obscurepassword command.
Privilege levels inherit the commands supported on all lower levels. After logging in with a user role, a user has access to commands assigned to his privilege level and lower levels. For users assigned to the sysadmin, netadmin, and secadmin roles, you cannot configure a privilege level lower than 2. You can configure netoperator users with privilege levels 0 or 1. After you assign commands to privilege levels, assign the privilege level to users with the username command.
OS10(config)# privilege configure priv-lvl 12 "interface ethernet" OS10(config)# privilege interface priv-lvl 12 "ip address" OS10(config)# username delluser password $6$Yij02Phe2n6whp7b$ladskj0HowijIlkajg981 role secadmin priv-lvl 12 The following example shows the privilege level of the current user: OS10# show privilege Current privilege level is 15.
User configuration commands disable Lowers the privilege level. Syntax disable privilege-level Parameters ● privilege-level—Enter the privilege level, from 0 to 15. Defaults 1 Command Mode Privileged EXEC Usage Information If you do not specify a privilege level, the system assigns level 1. Example OS10# disable OS10# disable 6 Supported Releases 10.4.3.0 or later enable Enables a specific privilege level.
○ 0 — Use an unencrypted password. ○ sha-256 — Use a SHA-256 encrypted password. ○ sha-512 — Use a SHA-512 encrypted password. ● priv-lvl privilege-level — Enter a privilege number from 1 to 15. Defaults Not configured Command Mode CONFIGURATION Usage Information To increase the required password strength, create stronger password rules using the passwordattributes command. The no version of this command removes a privilege-level password.
Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0E(R3S). Also supported in SmartFabric mode starting in release 10.5.0.1. Example Supported Releases OS10(config)# password-attributes min-length 6 character-restriction upper 2 lower 2 numeric 2 10.4.0E(R1) or later password-attributes max-retry lockout-period Configures a maximum number of consecutive failed login attempts and the lockout period for the user ID.
Usage Information For users assigned to sysadmin, netadmin, and secadmin roles, you cannot configure a privilege level less than 2. If a command that you associate with a privilege level has a space, enter the command in double quotes ("). If a command does not have a space or if it has keywords separated by a hyphen, double quotes are not required. The no version of this command removes a command from a privilege level.
Parameters None Default Not configured Command Mode EXEC Usage Information Updated the command to display the privilege levels of all users on OS10 version . Example OS10# show users Index Line Privilege ----- -------------1 pts/0 2 pts/1 Supported Releases User Role ----- ----- Application Idle Login-Time Location ----------- ---- ----------- -------- admin sysadmin bash netad netadmin bash >24h 2018-09-08 T06:51:37Z 10.14.1.91 [ssh] 15 >24h 2018-09-08 T06:54:33Z 10.14.1.91 [ssh] 10 10.
Supported Releases 10.4.3.0 or later service obscure-password Obscures passwords in show command output. Syntax service obscure-password Parameters None Default Not configured Command Mode CONFIGURATION Usage Information Use service obscure-password command so that the text characters of passwords are not displayed in show command output. The command obscures the passwords that you configure for user names, NTP, BGP, SNMP, RADIUS servers, and TACACS+ servers.
○ sysadmin — Full access to all commands in the system, exclusive access to commands that manipulate the file system, and access to the system shell. A system administrator can create user IDs and user roles. ○ secadmin — Full access to configuration commands that set security policy and system access, such as password strength, AAA authorization, and cryptographic keys. A security administrator can display security information, such as cryptographic keys, login statistics, and log information.
● The default privilege levels are level 1 for netoperator, and level 15 for sysadmin, secadmin, and netadmin. Command Mode CONFIGURATION Usage Information By default, the password must be at least nine alphanumeric characters. Only the following special characters are supported: ! # % & ' ( ) ; < = > [ ] * + - . / : ^ _ Enter the password in clear text. It is converted to SHA-512 format in the running configuration. For backward compatibility with OS10 releases 10.3.
● Configure the AAA authentication method in CONFIGURATION mode. aaa authentication login {console | default} {local | group radius | group tacacs+} ○ console—Configure authentication methods for console logins. ○ default—Configure authentication methods for nonconsole such as SSH and Telnet logins. ○ local—Use the local username, password, and role entries configured with the username password role command. ○ group radius—Configure RADIUS servers using the radius-server host command.
Type = string. Valid values for Dell-group-name are sysadmin, secadmin, netadmin, and netoperator. Use the VSA Dell-group-name values when you create users on a Radius or TACACS+ server. For detailed information about how to configure vendor-specific attributes on a RADIUS or TACACS+ server, see the respective RADIUS or TACACS+ server documentation.
● Configure the number of times OS10 retransmits a RADIUS authentication request in CONFIGURATION mode, from 0 to 100 retries; the default is 3. radius-server retransmit retries ● Configure the timeout period used to wait for an authentication response from a RADIUS server in CONFIGURATION mode, from 0 to 1000 seconds; the default is 5.
RADIUS over TLS authentication Traditional RADIUS-based user authentication runs over UDP and uses the MD5 message-digest algorithm for secure communications. To provide enhanced security in RADIUS user authentication exchanges, RFC 6614 defines the RADIUS over Transport Layer Security (TLS) protocol.
Configure a global timeout setting allowed on TACACS+ servers. By default, OS10 times out after five seconds. No source interface is configured. The default VRF instance is used to contact TACACS+ servers. NOTE: You cannot configure both a nondefault VRF instance and a source interface at the same time for TACACS+ authentication. NOTE: A TACACS+ server configured with a host name is not supported on a nondefault VRF.
● Enable AAA accounting in CONFIGURATION mode. aaa accounting commands all {console | default} {start-stop | stop-only | none} [logging] [group tacacs+] The no version of this command disables AAA accounting. AAA commands aaa accounting Enables AAA accounting. Syntax aaa accounting exec commands all {console | default} {start-stop | stoponly | none} [logging] [group tacacs+] Parameters ● exec — Record user authentication events. ● commands all — Record all user-entered commands.
Default Local authentication Command Mode CONFIGURATION Usage Information NOTE: If you configure multiple authentication methods on Dell EMC PowerEdge MX7000 Ethernet modules such as MX9116n Fabric Switching Engine and MX5108n Ethernet Switch, operating in SmartFabric mode, you must configure local authentication as the first method in the list. Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.1.0. Also supported in SmartFabric mode starting in release 10.5.0.
● ● ● ● loopback number — Enter a Loopback interface, from 0 to 16383. mgmt 1/1/1 — Enter the management interface. port-channel channel-id — Enter a port-channel ID, from 1 to 28. vlan vlan-id — Enter a VLAN ID, from 1 to 4093. Default Not configured. Command Mode CONFIGURATION Usage Information By default, no source interface is configured. OS10 selects the source IP address as the IP address of the interface from which a packet is sent to the RADIUS server.
Default Not configured Command Mode CONFIGURATION Usage Information The authentication key must match the key configured on the RADIUS server. You cannot enter spaces in the key. The show running-configuration output displays both unencrypted and encrypted keys in encrypted format. Configure global settings for the timeout and retransmit attempts allowed on RADIUS servers using the radius-server retransmit and radius-server timeout commands.
Supported Releases 10.4.3.0 or later radius-server retransmit Configures the number of authentication attempts allowed on RADIUS servers. Syntax radius-server retransmit retries Parameters retries — Enter the number of retry attempts, from 0 to 10. Default An OS10 switch retransmits a RADIUS authentication request three times. Command Mode CONFIGURATION Usage Information Use this command to globally configure the number of retransmit attempts allowed for authentication requests on RADIUS servers.
Usage Information Use this command to associate RADIUS servers with a VRF. If you do not configure a VRF on the RADIUS server list, the servers are on the default VRF. RADIUS server lists and VRFs have one-to-one mapping. The no version of this command removes the RADIUS server from the management VRF instance. Example Supported Releases OS10(config)# radius-server vrf management OS10(config)# radius-server vrf blue 10.4.
The no version of this command resets the TACACS+ server timeout to the default. Example Supported Releases OS10(config)# tacacs-server timeout 360 10.4.0E(R2) or later tacacs-server vrf Creates an association between a TACACS server group and a VRF and source interface. Syntax tacacs-server vrf {management | vrf-name} Parameters ● management — Enter the keyword to associate TACACS servers to the management VRF instance. This option restricts the TACACS server association to the management VRF only.
● Configure the SSH login timeout using the ip ssh server login-grace-time seconds command, from 0 to 300; default 60. To reset the default SSH prompt timer, use the no ip ssh server login-grace-time command. ● Configure the maximum number of authentication attempts using the ip ssh server max-auth-tries number command, from 0 to 10; default 6. To reset the default, use the no ip ssh server max-auth-tries command.
Example Supported Releases OS10# crypto ssh-key generate rsa 4096 Host key already exists. Overwrite [confirm yes/no]:yes Generated 4096-bit RSA key OS10# 10.4.1.0 or later ip ssh server challenge-response-authentication Enables challenge response authentication in the SSH server.
Usage Information Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0E(R3S). Also supported in SmartFabric mode starting in release 10.5.0.1. The no version of this command removes the configuration. Example Supported Releases OS10(config)# ip ssh server cipher 3des-cbc aes128-cbc 10.3.0E or later ip ssh server enable Enables the SSH server.
● ● ● ● ● ● ● ● ● curve25519-sha256@libssh.
● ● ● ● ● ● ● umac-64@openssh.com umac-128@openssh.com hmac-sha1-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com umac-64-etm@openssh.com umac-128-etm@openssh.com Command Mode CONFIGURATION Usage Information Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0E(R3S). Also supported in SmartFabric mode starting in release 10.5.0.1. The no version of this command removes the configuration.
ip ssh server pubkey-authentication Enables public key authentication for the SSH server. Syntax ip ssh server pubkey-authentication Parameters None Default Enabled Command Mode CONFIGURATION Usage Information Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0E(R3S). Also supported in SmartFabric mode starting in release 10.5.0.1. The no version of this command disables the public key authentication.
Example Supported Releases OS10# show crypto ssh-key rsa ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCogJtArA0fHJkFpioGaAcp+vrDQFC3l3XFHtd 41wXY9kM0Ar+37yRsDul8vKodqSDiGLRuPjFTcVjvDdSKWblJRsybkmA6nuHJIyPOScDepLlicM IOxDhXEE92VRAmGuLI2AoeVYcH+IneWXhwQOkOFLtpxfnsiQY65CfS4aGoHOHWSfX3wI7boEDRD uvZ8gzRxTuM16Qr+RxBLJ7/OzkjNIN1/8Ok+8aJtCoJKbcYaduMjmhVNrNUW5TUXoCnp1XNRpkJ zgS7Lt47yi86rqrTCAQW4eSYJIJs4+4ql9b4MF2D3499Ofn8uS82Mjtj0Nl01lbTbP3gsF4YYdB WaFqp root@OS10 10.4.1.
Default The default SSH public keys are an RSA key generated using 2048 bits, an ECDSA key with 256 bits, and an Ed2559 key with 256 bits. Command Mode CONFIGURATION Usage Information To configure multiple public keys for SSH password-less login of a specific user, use the username username sshkey filename command. The no form of the command removes the public key configuration of a specified user. Remote client system stores the public key of a user in the ~/.ssh/id_rsa.pub file.
The no version of the command removes the SSH password-less configuration for the specified user name. Example OS10(config)# username user10 sshkey filename /test_file.txt OS10(config)# do show running-configuration users username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD 7/VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH.
Limit concurrent login session commands login concurrent-session limit Configures the maximum number of concurrent login sessions allowed for a user ID. Syntax login concurrent-session limit number Parameters limit number — Enter the limit of concurrent login sessions, from 1 to 12.
VTY commands line vty Enters virtual terminal line mode to access the virtual terminal (VTY). Syntax line vty Parameters None Default Not configured Command Mode CONFIGURATION Usage Information None Example Supported Releases OS10(config)# line vty OS10(config-line-vty)# 10.4.0E(R1) or later ip access-class Filters connections in a virtual terminal line using an IPv4 access list. Syntax ip access-class access-list-name Parameters access-list-name — Enter the access list name.
Enable login statistics To monitor system security, allow users to view their own login statistics when they sign in to the system. A large number of login failures or an unusual login location may indicate a system hacker. Enable the display of login information after a user successfully logs in; for example: OS10 login: admin Password: Last login: Thu Nov 2 16:02:44 UTC 2017 on ttyS1 Linux OS10 3.16.43 #2 SMP Debian 3.16.43-2+deb8u5 x86_64 ...
● all — Displays login statistics for all system users. Default Not configured Command Mode EXEC Usage Information Only the sysadmin and secadmin roles can access this command. The show output displays login information for system users, including the number of successful and failed logins, role changes, and the last time a user logged in.
Clear audit log ● Clear all events in the audit log in CONFIGURATION mode. clear logging audit Example OS10(config)# logging audit enable OS10(config)# exit OS10# show logging audit 4 <14>1 2019-02-14T13:15:06.283337+00:00 OS10 audispd - - - Node.1-Unit.1:PRI [audit], Dell EMC (OS10) node=OS10 type=USER_END msg=audit(1550150106.277:597): pid=7908 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:session_close acct="admin" exe="/bin/su" hostname=? addr=? terminal=??? res=success' <110>1 2019-02-14T13:15:16.
● number — Display the specified number of audit log entries users, from 1 to 65535. Default Display 24 entries starting with the oldest events. Command Mode EXEC Usage Information Only the sysadmin and secadmin roles can display the audit log. Enter reverse to display entries starting with the most recent events. You can change the number of entries displayed. Audit log records do not display on the console as they occur. They are saved in the audit log and forwarded to any configured Syslog servers.
Restrict SNMP access To filter SNMP requests on the switch, assign access lists to an SNMP community. Both IPv4 and IPv6 access lists are supported. 1. Create access lists with permit or deny filters; for example: OS10(config)# ip access-list snmp-read-only-acl OS10(config-ipv4-acl)# permit ip 172.16.0.0 255.255.0.0 any OS10(config-ipv4-acl)# exit OS10(config)# 2. Apply ACLs to an SNMP community in CONFIGURATION mode.
Parameters ● username - Enter the username to disable bootloader protection. Default Disabled Command Mode EXEC Usage Information You can disable bootloader protection for each individual user. Example Supported Releases OS10# boot protect disable username root 10.4.3.0 or later boot protect enable username password Allows you to enable bootloader protection.
X.509v3 certificates OS10 supports X.509v3 certificates to secure communications between the switch and a host, such as a RADIUS server. Both the switch and the server exchange a public key in a signed X.509v3 certificate issued by a certificate authority (CA) to authenticate each other. The certificate authority uses its private key to sign the switch and host certificates. The information in the certificate allows both devices to prove ownership and the validity of a public key.
Public key infrastructure To use X.509v3 certificates for secure communication and user authentication on OS10 switches in a network, a public key infrastructure (PKI) with a certificate authority (CA) is required. The CA signs certificates that prove the trustworthiness of network devices. When an organization wants to assure customers that the connection to their network is secure, it may pay a commercial Certificate Authority, such as VeriSign or DigiCert, to sign a certificate for their domain.
Example: Download and install CA certificate OS10# copy scp:///tftpuser@10.11.178.103:/tftpboot/certs/Dell_rootCA1.pem home:// Dell_rootCA1.pem password: OS10# crypto ca-cert install home://Dell_rootCA1.pem Processing certificate ... Installed Root CA certificate CommonName = Dell_rootCA1 IssuerName = Dell_rootCA1 Display CA server certificate OS10# show crypto ca-certs -------------------------------------| Locally installed certificates | -------------------------------------Dell_rootCA1.
b0:42:95 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 75:22:3F:BE:99:B7:FA:A1:5B:1D:68:0B:E9:5E:21:7D:83:62:AC:DB X509v3 Authority Key Identifier: keyid:75:22:3F:BE:99:B7:FA:A1:5B:1D:68:0B:E9:5E:21:7D:83:62:AC:DB X509v3 Basic Constraints: critical CA:TRUE X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign Signature Algorithm: sha256WithRSAEncryption 8e:0c:50:18:5f:db:cc:80:5c:6e:ce:43:29:32:2e:0b:70:96: db:e8:23:c9:15:a2:99:72:d6:01:c9:61:8e:ed:8d:f8:4d:2
1. Configure the URL for a certificate distribution point in EXEC mode. crypto cdp add cdp-name cdp-url Verify the CDPs accessed by the switch in EXEC mode. show crypto cdp [cdp-name] To delete an installed CDP, use the crypto cdp delete cdp-name command. 2. Install CRLs that have been downloaded from CDPs in EXEC mode. crypto crl install crl-path [crl-filename] Display a list of the CRLs installed on the switch in EXEC mode.
The switch presents its own host certificate to clients that require authentication, such as Syslog and RADIUS servers over TLS and HTTPS connections. The certificate is digitally signed with the private key of the OS10 switch. OS10 supports multiple host certificates so that you can use different certificates with different applications. For more information, see Security profiles. To 1. 2. 3.
1. Use the copy command to download an X.509v3 certificate signed by a CA server to the local home directory using a secure method, such as HTTPS, SCP, or SFTP. 2. Use the crypto cert install command to install the certificate and the private key generated with the CSR. ● Install a trusted certificate and key file in EXEC mode.
Display trusted certificates OS10# show crypto cert -------------------------------------| Installed non-FIPS certificates | -------------------------------------Dell_host1_CA1.pem -------------------------------------| Installed FIPS certificates | -------------------------------------OS10# show crypto cert Dell_host1_CA1.
Self-signed certificates Administrators may prefer to not set up a Certificate Authority and implement a certificate trust model in the network, but still want to use the privacy features provided by the Transport Layer Security (TLS) protocol. In this case, self-signed certificates can be used. A self-signed certificate is not signed by a CA. The switch presents itself as a trusted device in its certificate.
NOTE: You determine if the certificate-key pair is generated as FIPS-compliant. Do not use FIPS-compliant certificate-key pairs outside of FIPS mode. ○ If you enter fips after using the key-file private option in the crypto cert generate request command, a FIPS-compliant private key is stored in a hidden location in the internal file system that is not visible to users. If the certificate installation is successful, the file name of the self-signed certificate and its common name are displayed.
Security profiles To use independent sets of security credentials for different OS10 applications, you can configure multiple security profiles and assign them to OS10 applications. A security profile consists of a certificate and private key pair. For example, you can maintain different security profiles for RADIUS over TLS authentication and SmartFabric services. You can assign a security profile to an application when you configure the profile.
OS10# show running-configuration radius-server radius-server host radius-server-2.test.com tls security-profile radius-prof key 9 2b9799adc767c0efe8987a694969b1384c541414ba18a44cd9b25fc00ff180e9 Cluster security When you enable VLT or a fabric automation application, switches that participate in the cluster use secure channels to communicate with each other. The secure channels are enabled only when you enable the VLT or fabric cluster configuration on a switch. OS10 installs a default X.
Processing certificate ... Host certificate installed successfully. 3. Configure an X.509v3 security profile. OS10# show crypto cert ------------------------------------| Installed non-FIPS certificates | ------------------------------------s4048-001 ------------------------------------| Installed FIPS certificates | ------------------------------------OS10# config terminal OS10(config)# crypto security-profile secure-cluster OS10(config-sec-profile)# certificate s4048-001 OS10(config-sec-profile)# exit 4.
Usage information Example Supported releases When you enable VLT or a fabric automation application, switches that participate in the cluster use secure channels to communicate with each other. OS10 installs a default X.509v3 certificate-key pair to establish secure channels between the peer devices in a cluster. If untrusted devices access the management or data ports on the switch, replace the default certificate-key pair with a custom X.
Example Supported releases OS10# crypto ca-cert install home://GeoTrust_Universal_CA.crt Processing certificate ... Installed Root CA certificate CommonName = GeoTrust Universal CA IssuerName = GeoTrust Universal CA 10.4.3.0 or later crypto cdp add Installs a certificate distribution point (CDP) on the switch. Syntax crypto cdp add cdp-name cdp-url Parameters ● cdp-name — Enter a CDP name. ● cdp-name — Enter the HTTP URL used to reach the CDP.
Default Not configured Command mode EXEC Usage information When you delete the system's certificate, you also delete the private key. Do not delete a host certificate that is used in a security profile. To display the currently installed host certificate and associated key, use the show crypto cert command. NOTE: A FIPS-compliant and non-FIPS certificate may have the same file name. To delete a FIPScompliant certificate, you must enter the fips parameter in the command.
● altname altname — Enter an alternate name for the organization; for example, using the IP address such as altname IP:192.168.1.100. Default Not configured Command mode EXEC Usage information Generate a CSR when you want a CA to sign a host certificate. Generate a self-signed certificate if you do not set up a CA and implement a certificate trust model in your network.
install the key from a local hidden location. After the certificate is successfully installed, the private key is deleted from the specified key-path location and copied to the hidden location. ● password passphrase — (Optional) Enter the password used to decrypt the private key if it was generated using a password. ● fips — (Optional) Install the certificate-key pair as FIPS-compliant. Enter fips to install a certificate-key pair that a FIPS-aware application, such as RADIUS over TLS, uses.
Parameters ● crl-path — Enter the path to the directory where the CRL is downloaded. ● crl-filename — (Optional) Enter the CRL filename that you copied to the switch. Default Not configured Command Mode EXEC Usage Information Before you use the crypto crl install command, copy a CRL to the home:// or usb:// directory. If you do not enter a CRL filename in the command, you can copy and paste it when prompted. Use the show crypto crl command to view the CRLs that are already installed on the switch.
crypto security-profile Creates an application-specific security profile. Syntax crypto security-profile profile-name Parameters profile-name — Enter the name of the security profile; a maximum of 32 characters. Default Not configured Command mode CONFIGURATION Usage information Create a security profile for a specific application on the switch, such as RADIUS over TLS. A security profile associates a certificate and private key pair using the certificate command.
Example OS10(config)# crypto security-profile profile-1 OS10(config-sec-profile)# revocation-check OS10(config)# crypto security-profile profile-1 OS10(config-sec-profile)# no revocation-check Supported releases 10.5.0 or later show crypto ca-certs Displays all CA certificates installed on the switch. Syntax show crypto ca-certs [filename] Parameters filename — (Optional) Enter the text filename of a CA certificate as shown in the show crypto ca-certs output.
4f:f4:f5:fc:3a:17:dc:f8:8c:48:e5:aa:03:84:d7: 20:7b:55:2e:73:63:85:1c:97:a1:bb:96:95:a1:d3: ae:0c:7a:ae:02:3c:2c:07:b6:9b:c5:97:69:fa:88: bd:ec:8b:88:b3:90:e3:dc:aa:98:15:c6:91:99:a4: Supported releases 10.4.3.0 or later show crypto cdp Displays a list of configured certificate distribution points (CDPs). Syntax show crypto cdp [cdp-name] Parameters ● cdp-name — (Optional) Display more detailed information by entering the CDP name displayed in show crypto cdp output.
Dell_host1_CA1.pem -------------------------------------| Installed FIPS certificates | -------------------------------------OS10# show crypto cert Dell_host1_CA1.
Command Mode EXEC Usage Information Use the show crypto crl command to verify the CRLs installed on the switch. In the show output: ● Manually installed CRLs are installed using the crypto crl install command. ● Downloaded CRLs are automatically installed from a configured CDP or when you install a CA certificate with a specified CDP. Example OS10# show crypto crl -------------------------------------| Manually installed CRLs | -------------------------------------COMODO_Certification_Authority.0.crl.
2. Generate a CSR, copy the CSR to a CA server, download the signed certificate, and install the host certificate. OS10# crypto cert generate request cert-file home://s4048-001-csr.pem key-file home://tsr6-key.pem cname "Top of Rack 6" altname "IP:10.0.0.6 DNS:tor6.dell.com" email admin@dell.com organization "Dell EMC" orgunit Networking locality "santa Clara" state California country US length 1024 Processing certificate ... Successfully created CSR file /home/admin/tor6-csr.
19 OpenFlow Switches implement the control plane and data plane in the same hardware. Software-defined network (SDN) decouples the software (control plane) from the hardware (data plane). A centralized SDN controller handles the control plane traffic and hardware configuration for data plane flows. The SDN controller is the "brain" of an SDN.
OpenFlow logical switch instance In OpenFlow-only mode, you can configure only one logical switch instance. After you enable OpenFlow mode, create a logical switch instance. The logical switch instance is disabled by default. When the logical switch instance is enabled, the OpenFlow application starts the connection with the configured controller. When you create an OpenFlow logical switch instance, all the physical interfaces are automatically added to it.
Table 90. Supported fields Fields Support match_fields Supported priority Supported counters Supported instructions Supported timeouts Supported cookie Not supported Group table Not supported Meter table Not supported Instructions Each flow entry contains a set of instructions that execute when a packet matches the entry. Table 91.
Table 92. Supported action sets Action set Support qos Not supported group Not supported output Supported Action types An action type associates with each packet. Table 93.
Table 94.
OpenFlow protocol The OpenFlow protocol supports three message types, each with multiple subtypes: ● Controller-to-switch ● Asynchronous ● Symmetric Controller-to-switch Table 95. Supported controller-to-switch types Controller-to-switch types Supported/Not supported Feature request Supported Configuration get Supported Configuration set Supported Modify-state Supported Read-state Supported Packet-out Supported Barrier Supported Role-request Supported Asynchronous Table 96.
Table 98. Supported modes Modes Supported/Not supported Number of logical switches One Supported controllers REST APIs on ● RYU ● ONOS Flow table modification messages Table 99. Supported messages Flow table modification messages Supported/Not supported OFPFC_ADD=0 Supported OFPFC_MODIFY=1 Supported OFPFC_MODIFY_STRICT=2 Supported OFPFC_DELETE=3 Supported OFCPC_DELETE_STRICT=4 Supported Message types Table 100.
Table 100.
Table 101.
Table 102.
Table 104.
Table 104. Supported message types Message type description Request/Reply Body Message Support an array of struct ofp_table_features that includes the controller's desired view of the switch.
Table 106. Supported properties Property type Supported/Not supported OFPTFPT_APPLY_SETFIELD = 14 Supported OFPTFPT_APPLY_SETFIELD_MISS = 15 Not supported Group configuration Table 107. Supported configurations Group configuration Supported/Not supported OFPGFC_SELECT_WEIGHT = 1 << 0 Not supported OFPGFC_SELECT_LIVENESS = 1 << 1 Not supported OFPGFC_CHAINING = 1 << 2 Not supported OFPGFC_CHAINING_CHECKS = 1 << 3 Not supported Controller roles Table 108.
Table 110. Supported reasons Flow-removed reasons Supported/Not supported OFPRR_GROUP_DELETE = 3 Not supported Error types from switch to controller Table 111.
Table 111.
Table 111.
Table 111.
Table 111.
Configure OpenFlow When you convert the switch from Normal mode to OpenFlow mode, the switch retains the management, interface, and AAA settings. NOTE: Ensure IP connectivity between the switch and the controller. The following lists the minimum configuration you need to establish a connection between the OpenFlow controller and a logical switch instance: 1. Enter the OPENFLOW configuration mode. OS10# configure terminal OS10 (config)# openflow OS10 (config-openflow)# 2. Enable the OpenFlow-only mode.
4. Configure one or more OpenFlow controllers with either IPv4 or IPv6 addresses to establish a connection with the logical switch instance. You can configure up to eight OpenFlow controllers.
OpenFlow commands controller Configures an OpenFlow controller that the logical switch instance connects to. Syntax controller {ipv4 ipv4-address| ipv6 ipv6-address [port port-number] [security {none|tls}] Parameters ● ipv4 ipv4-address—Enter ipv4, then the IP address of the controller. ● ipv6 ipv6-address—Enter ipv6, then the IPv6 address of the controller. ● port port-number—Enter the keyword, then the port number, from 1 to 65,535. The default port is 6653.
OS10 OS10 OS10 OS10 Supported Releases (config-openflow-switch)# (config-openflow-switch)# (config-openflow-switch)# (config-openflow-switch)# controller controller controller controller ipv4 ipv4 ipv6 ipv6 10.1.23.12 port 6633 10.1.99.121 port 6633 2025::1 port 6633 2025::12 port 6633 10.4.1.0 or later dpid-mac-address Specifies the MAC address bits of the datapath ID (DPID) of the logical switch instance.
OS10 (config-openflow)# in-band-mgmt interface ethernet 1/1/1 OS10 (config-openflow)# no shutdown Supported Releases 10.4.1.0 or later max-backoff Configures the time interval, in seconds, that the logical switch instance waits after requesting a connection with the OpenFlow controller. Syntax max-backoff interval Parameters interval—Enter the amount of time, in seconds, that the logical switch instance waits after it attempts to establish a connection with the OpenFlow controller, from 1 to 65,535.
openflow Enters OPENFLOW configuration mode. Syntax openflow Parameters None Default None Command Mode CONFIGURATION Usage Information All OpenFlow configurations are performed in this mode. The no form of this command prompts a switch reload. If you enter yes, the system deletes all OpenFlow configurations and the switch returns to the normal mode after the reload. Example OS10# configure terminal OS10(config)# openflow OS10 (config-openflow)# Supported Releases 10.4.1.
Usage Information NOTE: Only use this command should be run when the logical switch instance is disabled. Use the shutdown command to disable the logical switch instance. After you run this command, enter the no shutdown command to enable the logical switch instance again. ● When you specify, negotiate, the switch negotiates versions 1.0 and 1.3 and selects the highest of the versions supported by the controller. The negotiation is based on the hello handshake described in the OpenFlow Specification 1.3.
Supported Releases 10.4.1.0 or later show openflow Displays general OpenFlow switch and the logical switch instance information. Syntax show openflow Parameters None Default None Command Mode EXEC Usage Information None Example OS10# show openflow Manufacturer : DELL Hardware Description : Software Description : Dell Networking OS10-Premium, Dell Networking Application Software Version: 10.4.
Total flows: 1 Flow: 0 Table ID: 0, Table: Ingress ACL TCAM table Flow ID: 0 Priority: 32768, Cookie: 0 Hard Timeout: 0, Idle Timeout: 0 Packets: 0, Bytes: 0 Match Parameters: In Port: ethernet1/1/1 EType: 0x800 SMAC: 00:0b:c4:a8:22:b0/ff:ff:ff:ff:ff:ff DMAC: 00:0b:c4:a8:22:b1/ff:ff:ff:ff:ff:ff VLAN id: 2/4095 VLAN PCP: 1 IP DSCP: 4 IP ECN: 1 IP Proto: 1 Src Ip: 10.0.0.1/255.255.255.255 Dst Ip: 20.0.0.1/255.255.255.
ethernet1/1/5:4 FIBER ethernet1/1/6 NONE ethernet1/1/7 NONE ethernet1/1/8 COPPER ethernet1/1/9 NONE ethernet1/1/10 NONE ethernet1/1/11 COPPER ethernet1/1/12 COPPER ethernet1/1/13 NONE ethernet1/1/14 NONE ethernet1/1/15 NONE ethernet1/1/16 NONE ethernet1/1/17 NONE ethernet1/1/18 NONE ethernet1/1/19 NONE ethernet1/1/20 NONE ethernet1/1/21 NONE ethernet1/1/22 NONE ethernet1/1/23 NONE ethernet1/1/24 NONE ethernet1/1/25 COPPER ethernet1/1/26 COPPER ethernet1/1/27 NONE ethernet1/1/28 NONE ethernet1/1/29 NONE ethe
Command Mode EXEC Usage Information None Example OS10# show openflow switch Logical switch name: of-switch-1 Internal switch instance ID: 0 Config state: true Signal Version: negotiate Data plane: secure Max backoff (sec): 8 Probe Interval (sec): 5 DPID: 90:b1:1c:f4:a5:23 Switch Name : of-switch-1 Number of buffers: 0 Number of tables: 1 Table ID: 0 Table name: Ingress ACL TCAM table Max entries: 1000 Active entries: 0 Lookup count: 0 Matched count: 0 Controllers: 10.16.208.
Supported Releases 10.4.1.0 or later switch Creates a logical switch instance or modifies an existing logical switch instance. Syntax switch logical-switch-name Parameters logical-switch-name—Enter the name of the logical switch instance that you want to create or modify, a maximum of 15 characters. OS10 supports only one instance of the logical switch. Default None Command Mode OPENFLOW CONFIGURATION Usage Information You must configure a controller for the logical switch instance.
Table 112.
Table 112. Modes and CLI commands Mode Available CLI commands ● debug tacacs+ LAG INTERFACE CONFIGURATION LAG is not supported. LOOPBACK INTERFACE CONFIGURATION Loopback interface is not supported. INTERFACE CONFIGURATION description end exit ip mtu negotiation ntp show shutdown VLAN INTERFACE CONFIGURATION VLAN is not supported.
20 Access Control Lists OS10 uses two types of access policies — hardware-based ACLs and software-based route-maps. Use an ACL to filter traffic and drop or forward matching packets. To redistribute routes that match configured criteria, use a route-map. ACLs ACLs are a filter containing criterion to match; for example, examine internet protocol (IP), transmission control protocol (TCP), or user datagram protocol (UDP) packets, and an action to take such as forwarding or dropping packets at the NPU.
Destination MAC packet address MAC address range—address-mask in 3x4 dotted hexadecimal notation, and any to denote that the rule matches all destination addresses. Packet protocol Set by its EtherType field contents and assigned protocol number for all protocols. VLAN ID Set in the packet header Class of service Present in the packet header IPv4/IPv6 and MAC ACLs apply separately for inbound and outbound packets.
○ IP_PROTOCOL—TCP, UDP, and so on ○ L4_DST_PORT—Destination port ● MAC qualifiers: ○ OUT_PORT—Egress CPU port ○ SRC_MAC—Source MAC address ○ DST_MAC—Destination MAC address ○ ETHER_TYPE—Ethertype ○ OUTER_VLAN_ID—VLAN ID ○ IP_TYPE—IP type ○ OUTER_VLAN_PRI—DOT1P value IP fragment handling OS10 supports a configurable option to explicitly deny IP-fragmented packets, particularly for the second and subsequent packets.
Permit ACL with L3 information only If a packet’s L3 information matches the information in the ACL, the packet's fragment offset (FO) is checked: ● If a packet's FO > 0, the packet is permitted ● If a packet's FO = 0, the next ACL entry processes Deny ACL with L3 information only If a packet's L3 information does not match the L3 information in the ACL, the packet's FO is checked: ● If a packet's FO > 0, the packet is denied ● If a packet's FO = 0, the next ACL line processes Permit all packets from host
● Configure a deny or permit filter to examine IP packets in IPV4-ACL mode. {deny | permit} {source mask | any | host ip-address} [count [byte]] [fragments] ● Configure a deny or permit filter to examine TCP packets in IPV4-ACL mode. {deny | permit} tcp {source mask] | any | host ip-address}} [count [byte]] [fragments] ● Configure a deny or permit filter to examine UDP packets in IPV4-ACL mode.
● Egress L2 ACL NOTE: In ingress ACLs, L2 has a higher priority than L3 and in egress ACLs, L3 has a higher priority than L2. Table 113. L2 and L3 targeted traffic L2 ACL / L3 ACL Targeted traffic Deny / Deny L3 ACL denies Deny / Permit L3 ACL permits Permit / Deny L3 ACL denies Permit / Permit L3 ACL permits Assign and apply ACL filters To filter an Ethernet interface, a port-channel interface, or a VLAN, assign an IP ACL filter to the corresponding interface.
● Create an ACL that uses rules with the count option, see Assign sequence number to filter. ● Apply the ACL as an inbound or outbound ACL on an interface in CONFIGURATION mode, and view the number of packets matching the ACL. show ip access-list {in | out} Ingress ACL filters To create an ingress ACL filter, use the ip access-group command in EXEC mode. To configure ingress, use the in keyword. Apply rules to the ACL with the ip access-list acl-name command.
Apply rules to ACL filter OS10(config)# interface ethernet 1/1/29 OS10(conf-if-eth1/1/29)# ip access-group egress out OS10(conf-if-eth1/1/29)# exit OS10(config)# ip access-list egress OS10(conf-ipv4-acl)# seq 10 deny ip any any count fragment View IP ACL filter configuration OS10# show ip access-lists out Egress IP access-list abcd Active on interfaces : ethernet1/1/29 seq 10 deny ip any any fragment count (100 packets) VTY ACLs To limit Telnet and SSH connections to the switch, apply access lists on a vir
For example, in 112.24.0.0/16, the first 16 bits of the address 112.24.0.0 match all addresses between 112.24.0.0 to 112.24.255.255. Use permit or deny filters for specific routes with the le (less or equal) and ge (greater or equal) parameters, where x.x.x.x/x represents a route prefix: ● To deny only /8 prefixes, enter deny x.x.x.x/x ge 8 le 8 ● To permit routes with the mask greater than /8 but less than /12, enter permit x.x.x.x/x ge 8 le 12 ● To deny routes with a mask less than /24, enter deny x.x.x.
○ If a route matches a prefix-list set to ○ If a route matches a prefix-list set to ● For a route map with the deny action: ○ If a route matches a prefix-list set to ○ If a route matches a prefix-list set to deny, the route is denied permit, the route is permitted and any set of actions apply deny, the route is denied permit, the route is permitted and any set of actions apply View both IP prefix-list and route-map configuration OS10(conf-router-bgp-neighbor-af)# do show ip prefix-list ip prefix-list p1:
Set conditions There is no limit to the number of set commands per route map, but keep the number of set filters in a route-map low. The set commands do not require a corresponding match command. ● Enter the IP address in A.B.C.D format of the next-hop for a BGP route update in ROUTE-MAP mode. set ip next-hop address ● Enter an IPv6 address in A::B format of the next-hop for a BGP route update in ROUTE-MAP mode.
When a packet arrives at a monitored port, the packet validates against the configured ACL rules. If the packet matches an ACL rule, the system examines the corresponding flow processor and performs the action specified for that port. If the mirroring action is set in the flow processor entry, the port details are sent to the destination port. Flow-based mirroring Flow-based mirroring is a mirroring session in which traffic matches specified policies that mirrors to a destination port.
4. Apply the ACL to the monitored port in INTERFACE mode. ip access-group access-list Enable flow-based monitoring OS10(config)# monitor session 1 type local OS10(conf-mon-local-1)# flow-based enable OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# seq 5 permit icmp any any capture session OS10(conf-ipv4-acl)# seq 10 permit ip 102.1.1.
3 USER_L2_ACL 2 1022 1024 4 USER_IPV6_ACL 2 510 512 5 USER_IPV6_ACL 2 510 512 6 FCOE 55 457 512 7 FCOE 55 457 512 8 ISCSI_SNOOPING 12 500 512 9 FREE 0 512 512 10 PBR_V6 1 511 512 11 PBR_V6 1 511 512 -----------------------------------------------------------------------------------------------------Service Pools -----------------------------------------------------------------------------------------------------App Allocated pools App group Configured rules Used rows Free rows Max rows ---------------------
254 256 Known behavior ● On the S4200-ON platform, the show acl-table-usage detail command output lists several hardware pools as available (FREE), but you will see an "ACL CAM table full" warning log when the system creates a new service pool. The system will not be able to create any new service pools. The existing groups, however, can continue to grow up to the maximum available pool space.
ACL commands clear ip access-list counters Clears ACL counters for a specific access-list. Syntax clear ip access-list counters [access-list-name] Parameters access-list-name — (Optional) Enter the name of the IP access-list to clear counters. A maximum of 140 characters. Default Not configured Command Mode EXEC Usage Information If you do not enter an access-list name, all IPv6 access-list counters clear.
count of packets matching an access list, clear the counters to start at zero. To view access-list information, use the show access-lists command. Example Supported Releases OS10# clear mac access-list counters 10.2.0E or later deny Configures a filter to drop packets with a specific IP address. Syntax deny [protocol-number | icmp | ip | tcp | udp] [A.B.C.D | A.B.C.D/x | any | host ip-address] [A.B.C.D | A.B.C.
● ● ● ● ● ● ● ● ● ● ● ● tcp — (Optional) Enter the TCP address to deny. udp — (Optional) Enter the UDP address to deny. A::B — Enter the IPv6 address in dotted decimal format. A::B/x — Enter the number of bits to match to the IPv6 address. any — (Optional) Enter the keyword any to specify any source or destination IP address. host ipv6-address — (Optional) Enter the keyword and the IPv6 address to use a host address only. capture — (Optional) Capture packets the filter processes.
deny icmp Configures a filter to drop all or specific Internet Control Message Protocol (ICMP) messages. Syntax deny icmp [A.B.C.D | A.B.C.D/x | any | host ip-address] [[A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | count | dscp value | fragment | log] Parameters ● ● ● ● ● ● ● ● ● ● Default Not configured Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes; when you use the count byte options, only bytes increment.
Supported Releases 10.2.0E or later deny ip Configures a filter to drop all or specific packets from an IPv4 address. Syntax deny ip [A.B.C.D | A.B.C.D/x | any | host ip-address] [[A.B.C.D | A.B.C.D/x | any | host ip-address] [capture |count [byte] | dscp value | fragment] Parameters ● A.B.C.D — Enter the IPv4 address in dotted decimal format. ● A.B.C.D/x — Enter the number of bits to match to the dotted decimal address.
Example Supported Releases OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# deny ipv6 any any capture session 1 10.2.0E or later deny tcp Configures a filter that drops Transmission Control Protocol (TCP) packets meeting the filter criteria. Syntax deny tcp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.
deny tcp (IPv6) Configures a filter that drops TCP IPv6 packets meeting the filter criteria. Syntax deny tcp [A::B | A::B/x | any | host ipv6-address [operator]] [A::B | A:B/x | any | host ipv6-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | count | dscp value | fragment | log] Parameters ● ● ● ● ● ● ● ● ● ● ● Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you use the count byte options, only bytes increment.
● ● ● ● ● ● count — (Optional) Count packets the filter processes. byte — (Optional) Count bytes the filter processes. dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63. fragment — (Optional) Use ACLs to control packet fragments. log — (Optional) Enables ACL logging. Information about packets that match an ACL rule are logged. operator — (Optional) Enter a logical operator to match the packets on the specified port number.
○ range — Range of ports, including the specified port numbers. Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you use the count byte options, only bytes increment. The no version of this command removes the filter. Example Supported Releases OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# deny udp any any capture session 1 10.2.0E or later description Configures an ACL description.
ip access-list Creates an IP access list to filter based on an IP address. Syntax ip access-list access-list-name Parameters access-list-name — Enter the name of an IPv4 access list. A maximum of 140 characters. Default Not configured Command Mode CONFIGURATION Usage Information None Example Supported Releases OS10(config)# ip access-list acl1 10.2.0E or later ip as-path access-list Create an AS-path ACL filter for BGP routes using a regular expression.
● local-AS — BGP does not advertise this route to external peers. ● no-export — BGP does not advertise this route outside a BGP confederation boundary. ● internet — BGP does not advertise this route to an Internet community. Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the community list. Example Supported Release OS10(config)# ip community-list standard STD_LIST deny local-AS 10.3.
Usage Information Example Supported Release The no version of this command removes the extended community list. OS10(config)# ip extcommunity-list standard STD_LIST deny 4byteasgeneric transitive 1.65534:40 10.3.0E or later ip extcommunity-list standard permit Creates an extended community list for BGP to permit access.
● ● ● ● A.B.C.D/x — (Optional) Enter the source network address and mask in /prefix format (/x). ge — Enter to indicate the network address is greater than or equal to the range specified. le — Enter to indicate the network address is less than or equal to the range specified. prefix-len — Enter the prefix length. Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the specified prefix-list.
Example Supported Release OS10(config)# ip prefix-list seqprefix seq 65535 deny 10.10.10.1/16 ge 10 10.3.0E or later ip prefix-list seq permit Configures a filter to permit route filtering from a specified prefix list. Syntax ipv6 prefix-list [name] seq num permit A::B/x [ge | le} prefix-len Parameters ● ● ● ● ● ● Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the specified prefix list.
ipv6 access-list Creates an IP access list to filter based on an IPv6 address. Syntax ipv6 access-list access-list-name Parameters access-list-name — Enter the name of an IPv6 access list. A maximum of 140 characters. Default Not configured Command Mode CONFIGURATION Usage Information None Example Supported Release OS10(config)# ipv6 access-list acl6 10.2.0E or later ipv6 prefix-list deny Creates a prefix list to deny route filtering from a specified IPv6 network address.
Supported Release 10.3.0E or later ipv6 prefix-list permit Creates a prefix-list to permit route filtering from a specified IPv6 network address. Syntax ipv6 prefix-list prefix-list-name permit {A::B/x [ge | le] prefix-len} Parameters ● ● ● ● ● Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the specified prefix-list. Example Supported Release prefix-list-name — Enter the IPv6 prefix-list name.
● ● ● ● A::B/x — Enter the IPv6 address and mask in /prefix format (/x). ge — Enter to indicate the network address is greater than or equal to the range specified. le — Enter to indicate the network address is less than or equal to the range specified. prefix-len — Enter the prefix length. Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the specified prefix-list.
Example Supported Releases OS10(config)# mac access-list maclist 10.2.0E or later permit Configures a filter to allow packets with a specific IPv4 address. Syntax permit [protocol-number | icmp | ip | tcp | udp] [A.B.C.D | A.B.C.D/x | any | host ip-address] [A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | count | dscp value | fragment | log] Parameters ● protocol-number — (Optional) Enter the protocol number identified in the IP header, from 0 to 255.
● ● ● ● ● ● ● ● ● A::B/x — Enter the number of bits that must match the IPv6 address. any — (Optional) Enter the keyword any to specify any source or destination IP address. host ip-address — (Optional) Enter the IPv6 address to use a host address only. capture — (Optional) Capture packets the filter processes. count — (Optional) Count packets the filter processes. byte — (Optional) Count bytes the filter processes. dscp value — (Optional) Permit a packet based on the DSCP values, from 0 to 63.
permit icmp Configures a filter to permit all or specific ICMP messages. Syntax permit icmp [A.B.C.D | A.B.C.D/x | any | host ip-address] [[A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | count | dscp value | fragment | log] Parameters ● ● ● ● ● ● ● ● ● ● Default Not configured Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter.
Supported Releases 10.2.0E or later permit ip Configures a filter to permit all or specific packets from an IPv4 address. Syntax permit ip [A.B.C.D | A.B.C.D/x | any | host ip-address] [[A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | count | dscp value | fragment | log] Parameters ● ● ● ● ● ● ● ● ● ● Default Not configured Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment.
Example Supported Releases OS10(conf-ipv6-acl)# permit ipv6 any any count capture session 1 10.2.0E or later permit tcp Configures a filter to permit TCP packets meeting the filter criteria. Syntax permit tcp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [operator] ] [ack | fin | psh | rst | syn | urg] [capture | count | dscp value | fragment | log] Parameters ● A.B.C.D — Enter the IPv4 address in dotted decimal format. ● A.B.C.
permit tcp (IPv6) Configures a filter to permit TCP packets meeting the filter criteria. Syntax permit tcp [A::B | A::B/x | any | host ipv6-address [eq | lt | gt | neq | range]] [A::B | A:B/x | any | host ipv6-address [eq | lt | gt | neq | range]] [ack | fin | psh | rst | syn | urg] [capture | count | dscp value | fragment | log] Parameters ● A::B — Enter the IPv6 address in hexadecimal format separated by colons. ● A::B/x — Enter the number of bits that must match the IPv6 address.
● log — (Optional) Enables ACL logging. Information about packets that match an ACL rule are logged. ● operator — (Optional) Enter a logical operator to match the packets on the specified port number. The following options are available: ○ eq — (Optional) Permit packets which are equal to. ○ lt — (Optional) Permit packets which are less than. ○ gt — (Optional) Permit packets which are greater than. ○ neq — (Optional) Permit packets which are not equal to.
Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter. Example Supported Releases OS10(conf-ipv6-acl)# permit udp any any capture session 1 count 10.2.0E or later remark Specifies an ACL entry description. Syntax remark description Parameters description — Enter a description. A maximum of 80 charaters.
Usage Information Example Supported Releases OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# seq 10 deny tcp any any capture session 1 log 10.2.0E or later seq deny (IPv6) Assigns a sequence number to deny IPv6 addresses while creating the filter.
Parameters ● sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. ● nn:nn:nn:nn:nn:nn — Enter the source MAC address. ● 00:00:00:00:00:00 — (Optional) Enter which bits in the MAC address must match. If you do not enter a mask, a mask of 00:00:00:00:00:00 applies. ● any — (Optional) Set all routes which are subject to the filter: ○ protocol-number — Protocol number identified in the MAC header, from 600 to ffff.
Example Supported Releases OS10(config)# ip access-list egress OS10(conf-ipv4-acl)# seq 5 deny icmp any any capture session 1 log 10.2.0E or later seq deny icmp (IPv6) Assigns a sequence number to deny ICMP messages while creating the filter.
● dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63. ● fragment — (Optional) Use ACLs to control packet fragments. ● log — (Optional) Enables ACL logging. Information about packets that match an ACL rule are logged. Default Not configured Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment.
| fin | psh | rst | syn | urg] [capture | count | dscp value | fragment | log] Parameters ● sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. ● A.B.C.D — Enter the IPv4 address in dotted decimal format. ● A.B.C.D/x — Enter the number of bits that must match the dotted decimal address. ● any — (Optional) Enter the keyword any to specify any source or destination IP address.
● ● ● ● ● ● ● ● ● ● ● ● fin — (Optional) Set the bit as finish—no more data from sender. psh — (Optional) Set the bit as push. rst — (Optional) Set the bit as reset. syn — (Optional) Set the bit as synchronize. urg — (Optional) Set the bit set as urgent. capture — (Optional) Capture packets the filter processes. count — (Optional) Count packets the filter processes. byte — (Optional) Count bytes the filter processes. dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63.
● ● ● ● dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63. fragment — (Optional) Use ACLs to control packet fragments. log — (Optional) Enables ACL logging. Information about packets that match an ACL rule are logged. operator — (Optional) Enter a logical operator to match the packets on the specified port number.
○ range — Range of ports, including the specified port numbers. Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. Example Supported Releases OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# seq 10 deny udp any any capture session 1 log 10.2.
Parameters ● sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. ● protocol-number — (Optional) Enter the protocol number, from 0 to 255. ● A::B — Enter the IPv6 address in hexadecimal format separated by colons. ● A::B/x — Enter the number of bits that must match the IPv6 address. ● any — (Optional) Enter the keyword any to specify any source or destination IP address.
Example Supported Releases OS10(config)# mac access-list macacl OS10(conf-mac-acl)# seq 10 permit 00:00:00:00:11:11 00:00:11:11:11:11 any cos 7 OS10(conf-mac-acl)# seq 20 permit 00:00:00:00:11:11 00:00:11:11:11:11 any vlan 2 10.2.0E or later seq permit icmp Assigns a sequence number to allow ICMP messages while creating the filter Syntax seq sequence-number permit icmp [A.B.C.D | A.B.C.D/x | any | host ipaddress] [A.B.C.D | A.B.C.
● ● ● ● ● ● capture — (Optional) Capture packets the filter processes. count — (Optional) Count packets the filter processes. byte — (Optional) Count bytes the filter processes. dscp value — (Optional) Permit a packet based on the DSCP values, from 0 to 63. fragment — (Optional) Use ACLs to control packet fragments. log — (Optional) Enables ACL logging. Information about packets that match an ACL rule are logged.
seq permit ipv6 Assigns a sequence number to allow packets while creating the filter. Syntax seq sequence-number permit ipv6 [A::B | A::B/x | any | host ipv6-address] [A::B | A:B/x | any | host ipv6-address] [capture | count | dscp value | fragment | log] Parameters ● sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. ● A::B — Enter the IPv6 address in hexadecimal format separated by colons.
● ● ● ● ● ● ● ● ● ● psh — (Optional) Set the bit as push. rst — (Optional) Set the bit as reset. syn — (Optional) Set the bit as synchronize. urg — (Optional) Set the bit set as urgent. capture — (Optional) Capture packets the filter processes. count — (Optional) Count packets the filter processes. byte — (Optional) Count bytes the filter processes. dscp value — (Optional) Permit a packet based on the DSCP values, from 0 to 63. fragment — (Optional) Use ACLs to control packet fragments.
● log — (Optional) Enables ACL logging. Information about packets that match an ACL rule are logged. Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number.
Example Supported Releases OS10(config)# ip access-list egress OS10(conf-ipv4-acl)# seq 5 permit udp any any capture session 1 log 10.2.0E or later seq permit udp (IPv6) Assigns a sequence number to allow UDP IPv6 packets while creating a filter.
show access-group Displays IP, MAC, or IPv6 access-group information. Syntax show {ip | mac | ipv6} access-group name Parameters ● ● ● ● Default Not configured Command Mode EXEC Usage Information None Example (IP) ip — View IP access group information. mac — View MAC access group information. ipv6 — View IPv6 access group information. access-group name — Enter the name of the access group.
Usage Information Example (MAC In) Example (MAC Out) Example (IP In) Example (IP Out) Example (IPv6 In) Example (IPv6 Out) Example (IP In - Control-plane ACL) 1162 None OS10# show mac access-lists in Ingress MAC access list aaa Active on interfaces : ethernet1/1/1 ethernet1/1/2 seq 10 permit any any seq 20 permit 11:11:11:11:11:11 22:22:22:22:22:22 any monitor count bytes (0 bytes) OS10# show mac access-lists out Egress MAC access list aaa Active on interfaces : ethernet1/1/1 ethernet1/1/2 seq 10 p
Active on interfaces : control-plane data seq 10 permit ip any any control-plane mgmt seq 10 permit ip any any Example (IPv6 In - Control-plane ACL) Example (MAC In - Control-plane ACL) Supported Releases OS10# show ipv6 access-lists in Ingress IPV6 access-list aaa-cp-acl Active on interfaces : control-plane data seq 10 permit ipv6 any any control-plane mgmt seq 10 permit ipv6 any any OS10# show mac access-lists in Ingress MAC access-list mac-cp1 Active on interfaces : control-plane data seq 10 deny any
---------------------------------------------------------------------------------USER_L2_ACL Shared:2 G9 1 2 USER_IPV4_ACL Shared:2 G3 1 2 USER_IPV6_ACL Shared:3 G6 1 2 SYSTEM_FLOW Shared:3 G0 49 49 ---------------------------------------------------------------------------------Ingress ACL utilization - Pipe 1 Hardware Pools --------------------------------------------------------------------Pool ID App(s) Used rows Free rows Max rows ---------------------------------------------------------
7 USER_IPV6_ACL 0 512 512 8 USER_IPV6_ACL 0 512 512 9 USER_L2_ACL 0 512 512 10 USER_L2_ACL 0 512 512 11 FREE 0 512 512 ---------------------------------------------------------------------------------Service Pools ---------------------------------------------------------------------------------App Allocated pools App group Configured rules Used rows ---------------------------------------------------------------------------------SYSTEM_FLOW Shared:3 G0 49 49 ------------------------------------------------
FCOE Shared:2 G6 55 55 ---------------------------------------------------------------------------------Egress ACL utilization Hardware Pools ------------------------------------------------------------------Pool ID App(s) Used rows Free rows Max rows ------------------------------------------------------------------0 USER_IPV4_EGRESS 2 254 256 1 USER_L2_ACL_EGRESS 2 254 256 2 USER_IPV6_EGRESS 2 254 256 3 USER_IPV6_EGRESS 2 254 256 -----------------------------------------------------------------------
Example Supported Releases OS10# show ip community-list Standard Community List hello deny local-AS permit no-export deny 1:1 10.3.0E or later show ip extcommunity-list Displays the configured IP external community lists in alphabetic order. Syntax show ip extcommunity-list [name] Parameters name — (Optional) Enter the name of the extended IP external community list. A maximum of 140 characters.
show logging access-list Displays the ACL logging threshold and interval configuration. Syntax show logging access-list Parameters None Default None Command Mode EXEC Usage Information None Example Supported Releases OS10# show logging access-list ACL Logging Threshold : 10 Interval : 5 10.4.3.0 or later Route-map commands continue Configures the next sequence of the route map. Syntax continue seq-number Parameters seq-number — Enter the next sequence number, from 1 to 65535.
Supported Releases 10.3.0E or later match community Configures a filter to match routes that have a certain COMMUNITY attribute in their BGP path. Syntax match community community-list-name [exact-match] Parameters ● community-list-name — Enter the name of a configured community list. ● exact-match — (Optional) Select only those routes with the specified community list name.
Command Mode ROUTE-MAP Usage Information The no version of this command deletes the match. Example Supported Releases OS10(conf-route-map)# match interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# 10.2.0E or later match ip address Configures a filter to match routes based on IP addresses specified in IP prefix lists. Syntax match ip address {prefix-list prefix-list-name | access-list-name} Parameters ● prefix-list-name — Enter the name of the configured prefix list. A maximum of 140 characters.
Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes the match. Example Supported Releases OS10(config)# route-map bgp OS10(conf-route-map)# match ipv6 address test100 10.3.0E or later match ipv6 next-hop Configures a filter to match based on the next-hop IPv6 addresses specified in IP prefix lists. Syntax match ipv6 next-hop prefix-list prefix-list Parameters prefix-list — Enter the name of the configured prefix list.
Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes the match. Example Supported Releases OS10(config)# route-map bgp OS10(conf-route-map)# match origin egp 10.3.0E or later match route-type Configures a filter to match routes based on how the route is defined. Syntax match route-type {{external {type-1 | type-2} | internal | local } Parameters ● external — Match only on external OSPF routes.
route-map Enables a route-map statement and configures its action and sequence number. Syntax route-map map-name [permit | deny | sequence-number] Parameters ● map-name — Enter the name of the route-map. A maximum of 140 characters. ● sequence-number — (Optional) Enter the number to identify the route-map for editing and sequencing number from 1 to 65535. The default is 10. ● permit — (Optional) Set the route-map default as permit. ● deny — (Optional) Set the route default as deny.
Usage Information Example Supported Releases Configure the community list you use in the set comm-list delete command so that each filter contains only one community. For example, the filter deny 100:12 is acceptable, but the filter deny 120:13 140:33 results in an error. If you configure the set comm-list delete command and the set community command in the same route map sequence, the deletion set comm-list delete command processes before the insertion set community command .
set extcomm-list delete Remove communities in the specified list from the EXTCOMMUNITY attribute in a matching inbound or outbound BGP route. Syntax set extcomm-list extcommunity-list-name delete Parameter extcommunity-list-name — Enter the name of an established extcommunity list. A maximum of 140 characters. Defaults None Command Mode ROUTE-MAP Usage Information To add communities in an extcommunity list to the EXTCOMMUNITY attribute in a BGP route, use the set extcomm-list add command.
Supported Releases 10.2.0E or later set metric Set a metric value for a routing protocol. Syntax set metric [+ | -] metric-value Parameters ● + — (Optional) Add a metric value to the redistributed routes. ● - — (Optional) Subtract a metric value from the redistributed routes. ● metric-value — Enter a new metric value, from 0 to 4294967295. Default Not configured Command Mode ROUTE-MAP Usage Information To establish an absolute metric, do not enter a plus or minus sign before the metric value.
Example Supported Releases OS10(conf-route-map)# set metric-type internal 10.2.0E or later set next-hop Sets an IPv4 or IPv6 address as the next-hop. Syntax set {ip | ipv6} next-hop ip-address Parameters ip-address — Enter the IPv4 or IPv6 address for the next-hop. Default Not configured Command Mode ROUTE-MAP Usage Information If you apply a route-map with the set next-hop command in ROUTER-BGP mode, it takes precedence over the next-hop-self command used in ROUTER-NEIGHBOR mode.
Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes the set clause from a route map. Example Supported Releases OS10(conf-route-map)# set tag 23 10.2.0E or later set weight Set the BGP weight for the routing table. Syntax set weight weight Parameters weight — Enter a number as the weight the route uses to meet the route map specification, from 0 to 65535. Default Default router-originated is 32768 — all other routes are 0.
21 Quality of service Quality of service (QoS) reserves network resources for highly critical application traffic with precedence over less critical application traffic. QoS prioritizes different types of traffic and ensures quality of service. You can control the following traffic flow parameters: Delay, Bandwidth, Jitter, and Drop. Different QoS features control the traffic flow parameters, as the traffic traverses a network device from ingress to egress interfaces.
Configuring QoS is a three-step process: 1. Create class-maps to classify the traffic flows. The following are the different types of class-maps: ● qos (default)—Classifies ingress data traffic. ● queuing —Classifies egress queues. ● control-plane—Classifies control-plane traffic. ● network-qos—Classifies traffic-class IDs for ingress buffer configurations. ● application —Classifies application-type traffic. The reserved policy-map policy-iscsi defines the actions for class-iscsi traffic. 2.
Ingress traffic classification Ingress traffic can either be data or control traffic. OS10 groups network traffic into different traffic classes, from class 0 to 7 based on various parameters. Grouping traffic into different classes helps to identify and prioritize traffic as it goes through the switch. NOTE: Traffic class is also called as QoS group. By default, OS10 does not classify data traffic. OS10 assigns the default traffic class ID 0 to all data traffic.
2. Define the set of dot1p values mapped to traffic-class, the qos-group ID. OS10(config-tmap-dot1p-map)# qos-group 3 dot1p 0-4 OS10(config-tmap-dot1p-map)# qos-group 5 dot1p 5-7 3. Verify the map entries. OS10# show qos maps type trust-map-dot1p example-dot1p-trustmap-name DOT1P Priority to Traffic-Class Map : example-dot1p-trustmap-name Traffic-Class DOT1P Priority ------------------------------3 0-4 5 5-7 4. Apply the map on a specific interface or on system-qos, global level.
Table 115. Default DSCP trust map DSCP values Traffic class ID Color 32-35 4 G 36-39 4 Y 40-43 5 G 44-47 5 Y 48-51 6 G 52-55 6 Y 56-59 7 G 60-62 7 Y 63 7 R NOTE: You cannot modify the default DSCP trust map. User–defined DCSP trust map You can override the default mapping by creating a user-defined DSCP trust map. All the unspecified DSCP entries map to the default traffic class ID 0 and color G. Configure user–defined DSCP trust map 1. Create a DSCP trust map.
● System-qos level OS10(config-sys-qos)# trust-map dscp example-dscp-trustmap-name ACL-based classification Classify the ingress traffic by matching the packet fields using ACL entries. Classify the traffic flows based on QoS-specific fields or generic fields, using IP or MAC ACLs. Create a class-map template to match the fields. OS10 allows matching any of the fields or all the fields based on the match type you configure in the class-map. Use the access-group match filter to match MAC or IP ACLs.
1. Create a user defined dscp or dot1p trust-map. OS10(config)# trust dscp-map userdef-dscp OS10(config-tmap-dscp-map)# qos-group 3 dscp 15 OS10(config-tmap-dscp-map)# qos-group 5 dscp 30 2. Apply user-defined trust map to an interface or in system QoS. OS10(conf-if-eth1/1/1)# trust-map dscp userdef-dscp or OS10(config)# system qos OS10(config-sys-qos)# trust-map dscp userdef-dscp 3. Create a class-map and attach it to a policy where trust is configured. This example uses 802.
○ ICMPv6-RS-NS is mapped to queue 5 ○ iSCSI is mapped to queue 0 The rate limit configuration in CoPP policy before upgrade is automatically remapped to queues 6, 5, and 0 respectively after upgrade. For example, in release 10.4.1, the following policy configuration is applied on queue 5, which in 10.4.1 is mapped to ARP_REQ, ICMPV6_RS, ICMPV6_NS, and ISCSI protocols: policy-map type control-plane test ! class test set qos-group 5 police cir 300 pir 300 After upgrade to release 10.4.
The following table lists the CoPP protocol mappings to queues, and default rate limits and buffer sizes on the S4148FE-ON platform. The number of control-plane queues is dependent on the hardware platform. Table 117. CoPP: Protocol mappings to queues, and default rate limits and buffer sizes - from release 10.4.
Configure control-plane policing Rate-limiting the protocol CPU queues requires configuring control-plane type QoS policies. ● Create QoS policies, class maps and policy maps, for the desired CPU-bound queue. ● Associate the QoS policy with a particular rate-limit. ● Assign the QoS service policy to control plane queues. By default, the peak information rate (pir) and committed information rate (cir) values are in packets per second (pps) for control plane.
2. Define aninput type service-policy and configure a name for the service policy in CONTROL-PLANE mode.
View CoPP statistics OS10# show control-plane statistics Queue Packets Dropped Bytes 0 26 1 0 2 0 3 0 4 36 5 36 6 919 7 67 8 0 9 0 10 0 11 80662 12 2779 13 0 14 1265 15 422 16 0 17 0 18 0 19 0 Bytes Dropped Packets 1768 0 0 0 3816 3096 58816 4288 0 0 0 5539376 462189 0 108790 36075 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Egress traffic classification Egress traffic is classified into different queues based on the traffic-class ID marked on the traffic flow.
2. Define the set of traffic class values mapped to a queue. OS10(config-qos-map)# queue 3 qos-group 0-3 3. Verify the map entries. OS10# show qos maps type tc-queue Traffic-Class to Queue Map: tc-q-map Queue Traffic-Class -------------------------3 0-3 4. Apply the map on a specific interface or on a system-QoS global level.
3. Apply the QoS type policy-map to an interface. OS10(config)# interface ethernet 1/1/14 OS10(conf-if-eth1/1/14)# service-policy input type qos example-interface-policer Flow rate policing controls the rate of flow of traffic. Configure flow rate policing 1. Create a QoS type class-map to match the traffic flow. OS10(config)# class-map example-cmap-cos3 OS10(config-cmap-qos)# match cos 3 2.
2. Create a QoS type policy-map to color the traffic flow. OS10(config)# policy-map type qos example-pmap-ect-color OS10(config-pmap-qos)# class example-cmap-dscp-3-ect OS10(config-pmap-c-qos)# set qos-group 3 OS10(config-pmap-c-qos)# set color yellow Modify packet fields You can modify the value of CoS or DSCP fields. 1. Create a QoS type class-map to match a traffic flow. OS10(config)# class-map cmap-dscp-3 OS10(config-cmap-qos)# match ip dscp 3 2. Modify the policy-map to update the DSCP field.
1. Create a queuing type class-map and configure a name for the class-map in CONFIGURATION mode. class-map type queuing example-que-cmap-name 2. Apply the match criteria for the queue in CLASS-MAP mode. match queue queue-number 3. Return to CONFIGURATION mode. exit 4. Create a queuing type policy-map and configure a policy-map name in CONFIGURATION mode. policy-map type queuing example-que-pmap-name 5. Configure a queuing class in POLICY-MAP mode. class example-que-cmap-name 6.
1. Define a policy-map and create a policy-map name CONFIGURATION mode. policy-map type queuing policy-map-name 2. Create a queuing class and configure a name for the policy-map in POLICY-MAP mode. class class-map-name 3. Set the scheduler as strict priority in POLICY-MAP-CLASS-MAP mode. priority Apply policy-map 1. Apply the policy-map to the interface in INTERFACE mode or all interfaces in SYSTEM-QOS mode. system qos OR interface ethernet node/slot/port[:subport] 2.
● ● ● ● ● ● ● Start frame delimiter—1 byte Destination MAC address—6 bytes Source MAC address—6 bytes Ethernet type/length—2 bytes Payload—variable Cyclic redundancy check—4 bytes Inter-frame gap—variable The rate adjustment feature is disabled by default. To enable rate adjustment, use the qos-rate-adjust value_of_rate_adjust command. For example: qos-rate-adjust 8 If you have configured WDRR and shaping on a particular queue, the queue can become congested.
For example, when all ports are allocated as reserved buffers from the lossy (default) pool, the remaining buffers in the lossy pool are shared across all ports, except the CPU port. When you enable priority flow control (PFC) on the ports, all the PFC-enabled queues and priority-groups use the buffers from the lossless pool. You must use the network QoS policy type to configure PFC on the ports. OS10 dedicates a separate buffer pool for CPU traffic.
NOTE: The supported speed varies for different platforms. After the reserved buffers are used, each LLFC starts consuming shared buffers from the lossless pool with the alpha value determining the threshold except for the S4200-ON series platform. The following table lists the priority flow control (PFC) buffer settings per PFC priority group: Table 122.
Deep Buffer mode NOTE: This feature is supported only on the S4200-ON series. OS10 provides the flexibility to configure the buffer mode based on your system requirements. The S4200-ON series switch comes with a default deep buffer size of 4.63 GB. You can use the hardware deep-buffermode command to enhance the deep buffer size to 6.24 GB. For information about how to configure deep buffer mode, see Configure Deep Buffer mode.
The configuration shows how to enable Deep Buffer mode in a switch. OS10# configure terminal OS10(config)# hardware deep-buffer-mode % Warning: Deep buffer mode configuration will be applied only after a save and reload. OS10(config)# exit OS10# write memory OS10# reload Proceed to reboot the system? [confirm yes/no]: Y To view Deep Buffer mode status, use the show hardware deep-buffer-mode command. The show command output displays the status of Deep Buffer mode in the current boot and the next boot.
2. Configure WRED threshold parameters for different colors in WRED CONFIGURATION mode. OS10(config-wred)# random-detect color yellow minimum-threshold 100 maximum-threshold 300 drop-probability 40 3. Configure the exponential weight value for the WRED profile in WRED CONFIGURATION mode. OS10(config-wred)# random-detect weight 4 4. Enable ECN. OS10(config-wred)# random-detect ecn 5. Enable WRED/ECN on a queue.
8. Assign a WRED profile to the specified queue. OS10(config-pmap-c-que)#random-detect example-wred-prof-1 9. Exit CLASS MAP and POLICY MAP modes. OS10(config-pmap-c-que)#exit OS10(config-pmap-queuing)#exit 10. Enter SYSTEM QOS mode. OS10(config)#configure system-qos 11. Enable ECN globally. OS10(config-sys-qos)#random-detect ecn After you enable ECN globally, ECN marks the CE bit of the ECN field in a packet as ECT.
● Use the trust-map or policy-map CLI commands to configure dot1p and DSCP traffic-class markings. For RoCEv2, classification is based only on DSCP. ● Use the qos-map CLI command to apply the traffic class to queues. ● Use the network-type policy-map to classify any of the priority values as lossless and fine-tune the respective buffer value depending on traffic congestion. ● Adjust the ECN threshold based on the traffic pattern.
OS10 OS10 OS10 OS10 (config-pmap-c-que)# bandwidth percent 30 (config-pmap-c-que)# exit (config-pmap-queuing)# class Q3 (config-pmap-c-que)# bandwidth percent 70 Bandwidth and ECN configuration for RoCEv2 with ECN queue association: OS10 OS10 OS10 OS10 (config)# class-map type queuing Q0 (config-cmap-queuing)# match queue 0 (config)# class-map type queuing Q3 (config-cmap-queuing)# match queue 3 OS10(config)# wred wred_ecn OS10(config-wred)# random-detect OS10(config-wred)# random-detect 2000 drop-proba
h. Enable PFC on the interface. OS10 (conf-if-eth1/1/1)# priority-flow-control mode on ● For RoCEv2: a. Enter INTERFACE mode and enter the no shutdown command. OS10# configure terminal OS10 (config)# interface ethernet 1/1/1 OS10 (conf-if-eth1/1/1)# no shutdown b. Apply the network-qos type policy-map to the interface. OS10 (conf-if-eth1/1/1)# service-policy input type network-qos policy_pfcdot1p3 c. Apply the queuing policy to egress traffic on the interface.
● To view qos map details such as dot1p or DSCP to traffic class mapping and traffic class to queue mapping, use the show qos maps command: OS10# show qos maps RoCE for VXLAN over VLT OS10 supports RoCE for VXLAN in a VLT setup. Configuring RoCE with VXLAN is similar to configuring RoCE without VXLAN. When you configure VXLAN and span that across a VLT topology, apply the configuration on all interfaces across the VLT topology where you want to support RoCE.
OS10(conf-if-vl-3000)# exit OS10(config)# interface vlan 200 OS10(conf-if-vl-200)# exit OS10(config)# interface loopback 1 OS10(conf-if-lo-1)# ip address 1.1.1.1/32 OS10(conf-if-lo-1)# exit OS10(config)# router ospf 1 OS10(config-router-ospf-1)# router-id 8.8.8.
LLFC configuration — SW1 Instead of PFC, you can configure LLFC as follows: OS10(config)# configure terminal OS10(config)# class-map type network-qos llfc OS10(config-cmap-nqos)# match qos-group 0-7 OS10(config-cmap-nqos)# exit OS10(config)# policy-map type network-qos llfc OS10(config-pmap-network-qos)# class llfc OS10(config-pmap-c-nqos)# pause buffer-size 100 pause-threshold 50 resume-threshold 10 OS10(config-pmap-c-nqos)# end OS10# OS10# configure terminal OS10(config)# interface range ethernet 1/1/1,1/
OS10(conf-if-po-2)# vlt-port-channel 20 OS10(conf-if-po-2)# no shutdown OS10(conf-if-po-2)# exit OS10(config)# interface range ethernet 1/1/20 OS10(conf-range-eth1/1/20)# channel-group 2 mode active OS10(conf-range-eth1/1/20)# exit VXLAN configuration — VLT peer 1 OS10(config)# configure terminal OS10(config)# interface vlan 3000 OS10(conf-if-vl-3000)# ip address 5.5.5.
OS10(config-pmap-c-nqos)# pause OS10(config-pmap-c-nqos)# pfc-cos 5 OS10(config-pmap-c-nqos)# end OS10# configure terminal OS10(config)# interface range ethernet 1/1/1,1/1/20,1/1/11,1/1/12 OS10(conf-range-eth1/1/1,1/1/20,1/1/11,1/1/12)# flowcontrol receive off OS10(conf-range-eth1/1/1,1/1/20,1/1/11,1/1/12)# priority-flow-control mode on OS10(conf-range-eth1/1/1,1/1/20,1/1/11,1/1/12)# ets mode on OS10(conf-range-eth1/1/1,1/1/20,1/1/11,1/1/12)# service-policy input type network-qos p5 OS10(conf-range-eth1/1/1
OS10(conf-range-eth1/1/11,1/1/12)# no switchport mode OS10(conf-range-eth1/1/11,1/1/12)# no switchport OS10(conf-range-eth1/1/11,1/1/12)# no negotiation OS10(conf-range-eth1/1/11,1/1/12)# exit OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# discovery-interface ethernet 1/1/11 OS10(conf-vlt-1)# discovery-interface ethernet 1/1/12 OS10(conf-vlt-1)# vlt-mac aa:bb:cc:dd:ee:ff OS10(conf-vlt-1)# end OS10# OS10# configure terminal OS10(config)# interface port-channel 2 OS10(conf-if-po-2)# vlt-port-channel 20 OS10(con
OS10(config-tmap-dot1p-map)# qos-group 7 dot1p 7 OS10(config-tmap-dot1p-map)# end OS10# configure terminal OS10(config)# class-map type network-qos c5 OS10(config-cmap-nqos)# match qos-group 5 OS10(config-cmap-nqos)# exit OS10(config)# policy-map type network-qos p5 OS10(config-pmap-network-qos)# class c5 OS10(config-pmap-c-nqos)# pause OS10(config-pmap-c-nqos)# pfc-cos 5 OS10(config-pmap-c-nqos)# end OS10# configure terminal OS10(config)# interface range ethernet 1/1/1,1/1/20,1/1/11,1/1/12 OS10(conf-range-
Enable DCBx — VLT peer 2 OS10# configure terminal OS10(config)# dcbx enable Configuration on ToR device System configuration — ToR device NOS# configure terminal NOS(config)# interface vlan 200 NOS(conf-if-vl-200)# no shutdown NOS(conf-if-vl-200)# exit NOS(config)# interface port-channel 2 NOS(conf-if-po-2)# no shutdown NOS(conf-if-po-2)# exit NOS(config)# interface range ethernet 1/1/1,1/1/2 NOS(conf-range-eth1/1/1,1/1/2)# channel-group 2 mode active NOS(conf-range-eth1/1/1,1/1/2)# end NOS# NOS# configure
NOS(config-pmap-network-qos)# class llfc NOS(config-pmap-c-nqos)# pause buffer-size 100 pause-threshold 50 resume-threshold 10 NOS(config-pmap-c-nqos)# end NOS# configure terminal NOS(config)# interface range ethernet 1/1/1,1/1/2,1/1/3 NOS(conf-range-eth1/1/1,1/1/2,1/1/3)# flowcontrol transmit on NOS(conf-range-eth1/1/1,1/1/2,1/1/3)# flowcontrol receive on NOS(conf-range-eth1/1/1,1/1/2,1/1/3)# service-policy input type network-qos llfc NOS(conf-range-eth1/1/1,1/1/2,1/1/3)# end WRED/ECN configuration — ToR d
You can choose to reset the peak buffer utilization value and determine a new peak buffer utilization value. Use the clear qos statistics type buffer-statistics-tracking command to clear the tracked value and to refresh this counter. BST tracks peak buffer utilization over a period of time. At any given point in time, the peak buffer usage from the past is displayed.
Eth 1/1/12 1 2, 3 0, 2 up Eth 1/1/13 2 2, 3 1, 3 down Eth 1/1/14 2 2, 3 1, 3 down Eth 1/1/15 2 2, 3 1, 3 down Eth 1/1/16 2 2, 3 1, 3 down Eth 1/1/17 3 0, 1 1, 3 down Eth 1/1/18 3 0, 1 1, 3 down Eth 1/1/19 3 0, 1 1, 3 down Eth 1/1/20 3 0, 1 1, 3 down Eth 1/1/21 0 0, 1 0, 2 down Eth 1/1/22 0 0, 1 0, 2 down Eth 1/1/23 0 0, 1 0, 2 down Eth 1/1/24 0 0, 1 0, 2 down Eth 1/1/25 3 0, 1 1, 3 up Eth 1/1/26 3 0, 1 1, 3 down Eth 1/1/27 3 0, 1
Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth 1/1/5:3 1/1/5:4 1/1/7:1 1/1/7:2 1/1/7:3 1/1/7:4 1/1/9:1 1/1/9:2 1/1/9:3 1/1/9:4 1/1/11:1 1/1/11:2 1/1/11:3 1/1/11:4 1/1/13:1 1/1/13:2 1/1/13:3 1/1/13:4 1/1/15 1/1/16 1/1/17:1 1/1/19:1 1/1/19:2 1/1/19:3 1/1/19:4 1/1/21:1
Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth 1/1/51:3 1/1/51:4 1/1/53 1/1/54 1/1/55 1/1/56 1/1/57:1 1/1/57:2 1/1/57:3 1/1/57:4 1/1/59 1/1/60 1/1/61 1/1/62 1/1/63 1/1/64 1/1/65 1/1/66 3 3 3 3 3 3 2 2 2 2 2 2 2 2 3 3 2 1 0, 0, 0, 0, 0, 0, 2, 2, 2, 2, 2, 2, 2, 2, 0, 0, 2, 2, 1 1 1 1 1 1 3 3 3 3 3 3 3 3 1 1 3 3 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 2 down down down down down down down down down down down down down down down down
Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth 1/1/22:2 1/1/22:3 1/1/22:4 1/1/23:1 1/1/23:2 1/1/23:3 1/1/23:4 1/1/24:1 1/1/24:2 1/1/24:3 1/1/24:4 1/1/25:1 1/1/25:2 1/1/25:3 1/1/25:4 1/1/26:1 1/1/26:2 1/1/26:3 1/1/26:4 1/1/27:1 1/1/27:2 1/1/27:3 1/1/27:4 1/1/28:1 1/1
View information for a single interface: OS10# show qos port-map details interface ethernet 1/1/1 --------------------------------------------------------------------------Interface Port Pipe Ingress MMU Egress MMU Oper Status --------------------------------------------------------------------------Eth 1/1/1 3 0, 1 1, 3 down QoS commands bandwidth Assigns a percentage of weight to the queue.
Default Not configured Command Mode POLICY-MAP-QUEUEING POLICY-MAP-QOS POLICY-MAP-NQOS POLICY-MAP-CP POLICY-MAP-APPLICATION Usage Information If you define a class-map under a policy-map, the qos, queuing, or control-plane type is the same as the policy-map. You must create this map in advance. The only exception to this rule is when the policy-map type is trust, where the class type must be qos. Example Supported Releases OS10(conf-pmap-qos)# class c1 10.2.
Usage Information None Example Supported Releases OS10# clear qos statistics 10.2.0E or later clear qos statistics type Clears all queue counters, including PFC, for control-plane, qos, and queueing. Syntax clear qos statistics type {{qos | queuing | control-plane | bufferstatistics-tracking} [interface ethernet node/slot/port[:subport]]} Parameters ● ● ● ● qos—Clears qos type statistics. queuing—Clears queueing type statistics. control-plane—Clears control-plane type statistics.
Example (classmap) OS10(config)# class-map type control-plane c1 OS10(config-cmap-control-plane)# Example (policymap) Supported Releases OS10(config)# policy-map type control-plane p1 OS10(config-pmap-control-plane)# 10.2.0E or later control-plane-buffer-size Configures the buffer size for the CPU pool. Syntax control-plane-buffer-size size-of-buffer-pool Parameters size-of-buffer-pool—Enter the buffer size in KB, from 620 KB to 900 KB.
hardware deep-buffer-mode Configures Deep Buffer mode. Syntax hardware deep-buffer-mode Parameters None Defaults Disabled Command Modes CONFIGURATION Usage Information Applicable only for the S4200-ON series switches. Deep Buffer mode configuration takes effect only after you save it in the startup configuration and reboot the switch. The no version of this command disables Deep Buffer mode. Example Supported Releases OS10(config)# hardware deep-buffer-mode 10.4.3.
Example 1 Supported Releases OS10(conf-cmap-qos)# match ip access-group name ag1 OS10(config-cmap-qos)# match ipv6 access-group name ACLv6 10.2.0E or later match cos Matches a cost of service (CoS) value to L2 dot1p packets. Syntax match [not] cos cos-value Parameters ● cos-value — Enter a CoS value, from 0 to 7. ● not — Enter not to cancel the match criteria. Default Not configured Command Modes CLASS-MAP Usage Information You cannot have two match statements with the same filter-type.
Parameters ● ● ● ● ● Default Not configured Command Mode CLASS-MAP Usage Information You cannot enter two match statements with the same filter-type. If you enter two match statements with the same filter-type, the second statement overwrites the first statement. Example Supported Releases not — Enter to cancel a previously applied match precedence rule. ip — Enter to use IPv4 as the match precedence rule. ipv6 — Enter to use IPv6 as the match precedence rule.
mtu Calculates the buffer size allocation for matched flows. Syntax mtu size Parameters size — Enter the size of the buffer (1500 to 9216). Default 9216 Command Mode POLICY-MAP-CLASS-MAP Usage Information The no version of this command returns the value to the default. Example Supported Releases OS10(conf-pmap-nqos-c)# mtu 2500 10.3.0E or later pause Enables a pause based on buffer limits for the port to start or stop communication to the peer.
pfc-cos Configures priority flow-control for cost of service (CoS). Syntax pfc-cos cos-value Parameters cos-value — Enter a single, comma-delimited, or hyphenated range of CoS values for priority flowcontrol to enable, from 0 to 7. NOTE: The range 0-7 is invalid. All other ranges, including 0-6 and 1-7 are valid. Default Not configured Command Mode POLICY-MAP-CLASS-MAP Usage Information To configure link-level flow-control, do not configure pfc-cos for the matched class for this policy.
Default 832 KB Command Mode SYSTEM-QOS Usage Information The no version of this command returns the value to the default. Example Supported Releases OS10(conf-sys-qos)# pfc-shared-buffer-size 2000 10.3.0E or later pfc-shared-headroom-buffer-size Configures the shared headroom size for absorbing the packets after pause frames generate.
Example Supported Releases OS10(conf-pmap-c-qos)# police cir 5 bc 30 pir 20 be 40 10.2.0E or later policy-map Enters QoS POLICY-MAP mode and creates or modifies a QoS policy-map. Syntax policy-map policy-map-name [type {qos | queuing | control-plane | application | network-qos }] Parameters ● policy-map-name — Enter a class name for the policy-map. A maximum of 32 characters. ● type — Enter the policy-map type. ○ qos — Create a qos policy-map type. ○ queuing — Create a queueing policy-map type.
Parameters ● on — (Optional) Enables Priority Flow-Control mode. Default Disabled Command Mode INTERFACE Usage Information Before enabling priority flow-control on a interface, verify a matching network-qos type policy is configured with the pfc-cos value for an interface. Use this command to disable priority flow-control if you are not using a network-qos type policy for an interface. The no version of this command returns the value to the default.
qos-map traffic-class Creates a user-defined trust map for queue mapping. Syntax qos-map traffic-class map-name Parameters map-name — Enter the name of the queue trust map. A maximum of 32 characters. Default Not configured Command Mode CONFIGURATION Usage Information If applied on the interface or system level, the traffic class routes all traffic to the mapped queue. The no version of this command returns the value to the default.
○ 3 = 1/16 ○ 4 = 1/8 ○ 5 = 1/4 ○ 6 = 1/2 ○ 7=1 ○ 8=2 ○ 9=4 ○ 10 = 8 ● static thresh-value — (Optional) Enter the static shared buffer threshold value in Bytes, from 1 to 65535. Default Not configured Command Mode POLICY-MAP-CLASS-MAP Usage Information Use the queue-len value parameter to set the minimum guaranteed queue length for a queue. The no version of this command returns the value to the default.
Default 0 Command Mode TRUST-MAP Usage Information If the trust map does not define traffic class values to a queue, those flows map to the default queue 0. If some of the traffic class values are already mapped to an existing queue, you see an error. The no version of this command returns the value to the default. Example Supported Releases OS10(conf-tmap-tc-queue-qos)# queue 2 qos-group 5 10.3.
random-detect (queue) Assigns a WRED profile to the specified queue. Syntax random-detect wred-profile-name Parameters wred-profile-name — Enter the name of an existing WRED profile. Default Not configured Command Mode PMAP-C-QUE Usage Information The no version of this command removes the WRED profile from the queue. Example Supported Releases OS10(config)# policy-map type queuing p1 OS10(config-pmap-queuing)# class c1 OS10(config-pmap-c-que)# random-detect test_wred 10.4.
Example Supported Releases OS10(config)# wred test_wred OS10(config-wred)# random-detect ecn 10.4.0E(R1) or later random-detect ecn Enables ECN for the system globally. Syntax random-detect ecn Default Not configured Command Mode SYSTEM QOS Usage Information The no version of this command disables ECN globally. NOTE: This command enables ECN globally and is supported only on the S4200–ON Series platform. In the SYSTEM QOS mode, this command is not available on other platforms.
Usage Information The no version of this command removes the weight factor from the WRED profile. Example Supported Releases OS10(config)# wred test_wred OS10(config-wred)# random-detect weight 10 10.4.0E(R1) or later service-policy Configures the input and output service policies.
set dscp Sets the drop precedence for incoming packets based on their DSCP value and color map profile. Syntax set dscp dscp-value [color {red | yellow}] Parameters ● ● ● ● Default Not configured Command Mode POLICY-MAP-CLASS-MAP Usage Information This command supports only QoS ingress policy type. Packets marked as color yellow deliver to the egress queue, then the egress queue transmits the packets with the available bandwidth. If bandwidth is not available, the packets drop.
Command Mode POLICY-MAP-CLASS-MAP Usage Information This command only supports the ingress QoS policy type. You must enter both the minimum and maximum values. If you enter the rate value in pps, the burst provided is in packets. If you enter the rate in kbps or mbps, the burst is provided in kb. If you enter the minimum rate in pps, you must also enter the maximum rate in pps. Example Supported Releases OS10(conf-pmap-c-que)# shape min kbps 11 max kbps 44 10.2.
Supported Releases 3 lossy 9216 static 48880 4 lossy 1664 static 20800 5 lossy 1664 static 48880 6 lossy 1664 static 48880 7 lossy 1664 static 48880 8 lossy 1664 static 48880 9 lossy 9216 static 48880 10 lossy 1664 static 48880 11 lossy 1664 static 48880 12 lossy 1664 static 48880 13 lossy 9216 static 48880 14 lossy 1664 static 48880 15 lossy 9216 static 48880 16 lossy 1664 static 48880 17 lossy 1664 static 48880 18 lossy 1664 st
Supported Releases 2 0 0 0 0 3 0 0 0 0 4 0 0 0 0 5 0 0 0 0 6 3 204 0 0 7 6 408 0 0 8 0 0 0 0 9 0 0 0 0 10 0 0 0 0 11 0 0 0 0 12 0 0 0 0 13 0 0 0 0 14 0 0 0 0 15 0 0 0 0 16 0 0 0 0 17 0 0 0 0 18 0 0 0 0 19 0 0 0 0 20 0 0 0 0 21 0 0 0 0 22 0 0 0 0 10.4.2 and later show control-plane info Displays control-plane queue mapping and rate limits.
4 500 1000 5 500 1000 ICMPV6_NS ICMPV6_RA ICMPV6_NA 6 500 1000 SERVICEABILITY 7 500 1000 8 500 500 NTP FTP 9 600 600 10 600 1000 11 400 400 12 500 500 13 600 1000 14 600 1000 15 600 1000 16 500 500 17 600 1000 18 700 700 19 700 1000 CPS 20 300 300 21 100 100 22 300 300 Supported Releases IPV6_ICMP IPV4_ICMP ICMPV6_RS ARP_REQ ARP_RESP SSH TELNET TACACS FCOE LACP RSTP PVST MSTP DOT1X LLDP IPV6_OSPF IPV4_OSPF OSPF_HELLO BGP IPV6_DHCP IPV4_DHCP VRRP BFD OPEN_FLOW REMOTE MCAST DATA ACL LOGGING MCAST KNOWN DATA
Supported Releases 10.2.0E or later show hardware deep-buffer-mode Displays the status of Deep buffer mode in the current and next boot of the switch. Syntax show hardware deep-buffer-mode Parameters None Defaults Not configured Command Modes EXEC Usage Information Applicable only for the S4200-ON series switches.
ethernet1/1/14 Admin Mode: On Operstatus: On PFC Priorites: 0,4,7 Total Rx PFC Frames: 300 Total Tx PFC Frames: 200 Cos Rx Tx ----------------------0 0 0 1 0 0 2 0 0 3 300 200 4 0 0 5 0 0 6 0 0 7 0 0 Supported Releases 10.3.0E or later show qos interface Displays the QoS configuration applied to a specific interface. Syntax show qos interface ethernet node/slot/port[:subport] Parameters node/slot/port[:subport] — Enter the Ethernet interface information.
Usage Information Example Supported Releases None OS10# show policy-map Service-policy(qos) input: p1 Class-map (qos): c1 set qos-group 1 Service-policy(qos) input: p2 Class-map (qos): c2 set qos-group 2 10.2.0E or later show qos control-plane Displays the QoS configuration applied to the control-plane. Syntax show qos control-plane Parameters None Default Not configured Command Mode EXEC Usage Information Monitors statistics for the control-plane and troubleshoots CoPP.
show qos egress buffer-statistics-tracking Displays egress queue-level peak buffer usage count in bytes for queues on a given interface. Syntax show qos egress buffer-statistics-tracking interface ethernet [node/slot/port] [[mcast | ucast] queue {all | [0-7]}] [detail] Parameters ● node/slot/port—Enter the port information. ● [[mcast | ucast] queue {all | [0-7]}]—Enter the mcast or ucast keyword to view the egress queue peak buffer utilization for multicast or unicast queues respectively.
Example Supported Releases OS10# show qos egress buffer-stats interface ethernet 1/1/1 Interface : ethernet1/1/1 Speed : 0 Queue TX TX Used reserved Used shared pckts bytes buffers buffers -----------------------------------------------------0 0 0 0 0 1 0 0 0 0 2 0 0 0 0 3 0 0 0 0 4 0 0 0 0 5 0 0 0 0 6 0 0 0 0 7 0 0 0 0 OS10# 10.3.0E or later show qos headroom-pool buffer-statistics-tracking Displays headroom-pool level peak buffer usage count in bytes.
----------------------------------------------------------------------PG# PRIORITIES qos ALLOTED (Kb) group Reserved Shared buffer XOFF XON shared buffer id buffers MODE threshold threshold threshold ----------------------------------------------------------------------0 4 4 35 DYNAMIC 9 9 8 1 3 3 35 DYNAMIC 9 9 8 2 0 STATIC 0 0 0 3 0 STATIC 0 0 0 4 0 STATIC 0 0 0 5 0 STATIC 0 0 0 6 0 STATIC 0 0 0 7 0-2,5-7 8 STATIC 0 0 0 Supported Releases 10.3.
Supported Releases 10.4.3.0 or later show qos ingress buffer-stats interface Displays the buffers statistics for the ingress interface. Syntax show qos ingress buffer-stats interface [interface node/slot/ port[:subport]] [detail] Parameters ● interface — (Optional) Enter the interface type. ● node/slot/port[:subport] — (Optional) Enter the port information.
2 6 3 7 OS10# show qos maps type trust-map-dot1p dot1p-trustmap1 DOT1P Priority to Traffic-Class Map : dot1p-trustmap1 Traffic-Class DOT1P Priority ------------------------------0 2 1 3 2 4 3 5 4 6 5 7 6 1 OS10# show qos maps type trust-map-dscp dscp-trustmap1 DSCP Priority to Traffic-Class Map : dscp-trustmap1 Traffic-Class DSCP Priority ------------------------------0 8-15 2 16-23 1 0-7 OS10# show qos maps Traffic-Class to Queue Map: queue-map1 Queue Traffic-Class -------------------------1 5 2 6 3 7 DOT1
1 2 3 4 5 6 7 OS10# Example (dscp) 1 2 3 4 5 6 7 OS10# show qos trust-map dscp new-dscp-map new-dscp-map qos-group Dscp Id ------------------0 0-7 1 8-15 2 16-23 3 24-31 4 32-39 5 40-47 6 48-55 7 56-63 Supported Releases 10.3.0E or later show qos maps (Z9332F-ON) Displays the QoS maps configuration of the dot1p-to-traffic class, DSCP-to-traffic class, and traffic-class to queue mapping in the device.
Parameters interface interface-type — (Optional) Enter the keyword interface and the interface type. Default Not configured Command Mode EXEC Usage Information On the Z9100–ON, Z9264F–ON, and MX9116n platforms, interfaces are shared across port pipes and port pipes are shared across Memory Management Units (MMUs). As interfaces span port pipes, Dell EMC Networking recommends using interfaces from same port pipes for both ingress and egress for optimal performance.
Eth 1/1/26 3 0, 1 1, 3 down Eth 1/1/27 3 0, 1 1, 3 down Eth 1/1/28 3 0, 1 1, 3 down Eth 1/1/29 0 0, 1 0, 2 down Eth 1/1/30 0 0, 1 0, 2 down Eth 1/1/31 0 0, 1 0, 2 down Eth 1/1/32 0 0, 1 0, 2 down Eth 1/1/33 1 2, 3 0, 2 up Eth 1/1/34 2 2, 3 1, 3 up View information for a single interface: OS10# show qos port-map details interface ethernet 1/1/1 --------------------------------------------------------------------------Interface Port Pipe Ingress MMU Egress MMU
Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth 1/1/21:2 1/1/21:3 1/1/21:4 1/1/23 1/1/24 1/1/25:1 1/1/25:2 1/1/25:3 1/1/25:4 1/1/27:1 1/1/27:2 1/1/27:3 1/1/27:4 1/1/29:1 1/1/29:2 1/1/29:3 1/1/29:4 1/1/31 1/1/32 1/1/33 1/1/34 1/1/35:1 1/1/35:2 1/1/35:3 1/1/35:4 1/1/37:1 1/1/37:2 1/1/37:3 1/1/37:4 1/
Interface Port Pipe Ingress MMU Egress MMU Oper Status --------------------------------------------------------------------------Eth 1/1/1:1 0 0, 1 0, 2 up MX9116n fabric engine: OS10# show qos port-map details --------------------------------------------------------------------------Interface Port Pipe Ingress MMU Egress MMU Oper Status --------------------------------------------------------------------------Eth 1/1/1 3 0, 1 1, 3 down Eth 1/1/2 3 0, 1 1, 3 down Eth 1/1/3 3 0, 1 1, 3 down Eth 1/1/4 3 0, 1
Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth 1/1/28:1 1/1/28:2 1/1/28:3 1/1/28:4 1/1/29:1 1/1/29:2 1/1/29:3 1/1/29:4 1/1/30:1 1/1/30:2 1/1/30:3 1/1/30:4 1/1/31:1 1/1/31:2 1/1/31:3 1/1/31:4 1/1/32:1 1/1/32:2 1/1/32:3 1/1/32:4 1/1/33:1 1/1/33:2 1/1/33:3 1/1/33:4 1/1/34:1 1/1/34:2 1/1/34:3 1/1/34:4 1/1/35 1/1/36 1/1/37 1/1/38 1/1/39 1/1/40 1/1/41:1 1/1/41:2
Parameters None Default Not configured Command Mode EXEC Usage Information Not applicable for the S4200-ON series switches. Example OS10# show qos-rate-adjust QoS Rate adjust configured for Policer and Shaper (in bytes) : 10 Supported Releases 10.4.3.0 or later show qos service-pool buffer-statistics-tracking Displays service-pool level peak buffer usage count in bytes.
show qos system buffers Displays the system buffer configurations and utilization. Syntax show qos system {ingress | egress} buffers [detail] Parameters detail — Displays system buffers per MMU level in platforms that support multiple MMU instances such as the Z9100-ON, Z9264F-ON, and MX9116n.
The following command is supported on platforms such as the Z9100-ON, Z9264F-ON, and MX9116n: OS10# show qos system egress buffer detail All values are in kb Total buffers Total lossless buffers Total shared lossless buffers Total used shared lossless buffers Total lossy buffers Total shared lossy buffers Total used shared lossy buffers MMU 0 Total lossy buffers Total shared lossy buffers Total used shared lossy buffers MMU 1 Total lossy buffers Total shared lossy buffers Total used shared lossy buffers MMU
-------------|-----------------------|---------------------|--------------------|--------|-----| profile2 | | | | | On| |-----------------------|---------------------|--------------------|--------|-----| Color Blind ECN Thd| 100 1000 100 | -------------|-----------------------|---------------------|--------------------|--------|-----| Supported Releases show queuing statistics Displays QoS queuing statistics information.
Example (queue) Supported Releases OS10# show queuing statistics interface ethernet 1/1/1 queue 3 Interface ethernet1/1/1 Queue Packets Bytes Dropped-Packets Dropped-Bytes 3 0 0 0 0 10.2.0E or later system qos Enters SYSTEM-QOS mode to configure system-level QoS configurations. Syntax system qos Parameters None Default Not configured Command Mode CONFIGURATION Usage Information None Example Supported Releases OS10(config)# system qos OS10(config-sys-qos)# 10.2.
Usage Information If you enable trust, traffic obeys this trust map. default-dscp-trust is a reserved trust-map name. The no version of this command returns the value to the default. Example Supported Releases OS10(config)# trust dscp-map dscp-trust1 10.3.0E or later trust-map Configures trust map on an interface or on a system QoS. Syntax trust—map {dot1p | dscp} {default | trust-map-name} Parameters ● ● ● ● Default Disabled Command Mode INTERFACE dot1p — Apply dot1p trust map.
Example Supported Releases OS10(config)# wred test_wred OS10(config-wred)# 10.4.
22 Virtual Link Trunking Virtual Link Trunking (VLT) is a Layer 2 aggregation protocol used between an end device such as a server and two or more connected network devices. VLT helps to aggregate ports terminating on multiple switches. OS10 currently supports VLT port channel terminations on two different switches. VLT: ● ● ● ● ● ● ● ● ● Provides node-level redundancy by using the same port channel terminating on multiple upstream nodes.
Optimized forwarding with VRRP To ensure the same behavior on both sides of the VLT nodes, VRRP requires state information coordination. VRRP Active-Active mode optimizes L3 forwarding over VLT. By default, VRRP ActiveActive mode is enabled on all the VLAN interfaces. VRRP Active-Active mode enables each peer to locally forward L3 packets, resulting in reduced traffic flow between peers over the VLTi link. Spanning-Tree Protocol VLT ports support RSTP, RPVST+, and MSTP.
● If the primary peer fails, the secondary peer takes the primary role. If the primary peer (with the lower priority) later comes back online, it is assigned the secondary role (there is no preemption). ● In a VLT domain, the peer network devices must run the same OS10 software version. NOTE: A temporary exception is allowed during the upgrade process. See the Dell EMC SmartFabric OS 10.5.0.x Release Notes for more information. ● Configure the same VLT domain ID on peer devices.
The following shows a scenario where VLT Peer A is being reloaded or going down: Until LACP convergence happens, the server continues to forward traffic to VLT Peer A resulting in traffic loss for a longer time interval.
These PDUs notify the server to direct the traffic to VLT Peer B hence minimizing traffic loss. Configure VLT Verify that both VLT peer devices are running the same operating system version. For VRRP operation, configure VRRP groups and L3 routing on each VLT peer. Configure the following settings on each VLT peer device separately: 1. To prevent loops in a VLT domain, Dell EMC Networking recommends enabling STP globally using the spanning-tree mode command.
NOTE: If a VLT peer is reloaded, it automatically becomes the secondary peer regardless of the VLT primary-priority setting. 4. Configure VLTi interfaces with the no switchport command. 5. Configure the VLTi interfaces on each peer using the discovery-interface command. After you configure both sides of the VLTi, the primary and secondary roles in the VLT domain are automatically assigned if primary priority is not configured. NOTE: Dell EMC recommends that you disable flow-control on discovery interfaces.
RPVST+ configuration Configure RPVST+ on both the VLT peers. This creates an RPVST+ instance for every VLAN configured in the system. With RPVST+ configured on both VLT nodes, OS10 supports a maximum of 60 VLANs. The RPVST+ instances in the primary VLT peer control the VLT port channels on both the primary and secondary peers. NOTE: RPVST+ is the default STP mode running on the switch. Use the following command only if you have another variant of the STP running on the switch.
RSTP configuration ● Enable RSTP on each peer node in CONFIGURATION mode.
instance instance-number vlan from-vlan-id — to-vlan-id 4. Configure the MST revision number, from 0 to 65535. MULTIPLE-SPANNING-TREE revision revision-number 5. Configure the MST region name. MULTIPLE-SPANNING-TREE name name-string The following example shows that both VLT nodes are configured with the same MST VLAN-to-instance mapping.
Number of transitions to forwarding state: 1 Edge port: No (default) Link Type: Point-to-Point BPDU Sent: 2714, Received: 1234 Port 2001 (VLT-LAG -1(vlt-portid-1)) of MSTI 0 is designated Forwarding Port path cost 200000, Port priority 128, Port Identifier 128.2001 Designated root priority: 32768, address: 34:17:44:55:66:7f Designated bridge priority: 32768, address: 90:b1:1c:f4:a5:23 Designated port ID: 128.
Peer 2 OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# no switchport OS10(conf-if-eth1/1/1)# exit OS10(config)# interface ethernet 1/1/2 OS10(conf-if-eth1/1/2)# no switchport OS10(conf-if-eth1/1/2)# exit OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# discovery-interface ethernet1/1/1-1/1/2 Configure the VLT MAC address You can manually configure the VLT MAC address. Configure the same VLT MAC address on both the VLT peer switches to avoid any unpredictable behavior during a VLT failover.
Configure the VLT backup link using the backup destination {ip-address | ipv6 ipv6–address} [vrf management] [interval interval-time]. The interval range is from 1 to 30 seconds. The default interval is 30 seconds. Irrespective of the interval that is configured, when the VLTi link fails, the system checks for the heartbeat connection without waiting for the timed intervals, thus allowing faster convergence.
For example, as shown, after the VLTi is down, VLT peer1 learns the MAC address of Host 2: VLT Peer 2 is not synchronized with the MAC address of Host 2 because the VLTi link is down. When traffic from Host 1 is sent to VLT Peer 2, VLT Peer 2 floods the traffic. When the VLT backup link is enabled, the secondary VLT Peer 2 identifies the node liveliness through the backup link. If the primary is up, the secondary peer brings down VLT port channels.
Role of VLT backup link in the prevention of loops during VLTi failure When the VLTi is down, STP may fail to detect any loops in the system. This failure creates a data loop in an L2 network. As shown, STP is running in all three switches: In the steady state, VLT Peer 1 is elected as the root bridge. When the VLTi is down, both the VLT nodes become primary. In this state, VLT Peer 2 sends STP BPDU to TOR assuming that TOR sends BPDU to VLT Peer 1.
When the VLT backup link is enabled, the secondary VLT peer identifies the node liveliness of primary through the backup link. If the primary VLT peer is up, the secondary VLT peer brings down the VLT port channels. In this scenario, the STP opens up the orphan port and there is no loop in the system, as shown: Configure a VLT port channel A VLT port channel, also known as a virtual link trunk, links an attached device and VLT peer switches. OS10 supports a maximum of 128 VLT port channels per node. 1.
Configure VLT port channel — peer 1 OS10(config)# interface port-channel 20 OS10(conf-if-po-20)# vlt-port-channel 20 Configure VLT port channel — peer 2 OS10(config)# interface port-channel 20 OS10(conf-if-po-20)# vlt-port-channel 20 Configure VLT peer routing VLT peer routing enables optimized routing where packets destined for the L3 endpoint of the VLT peer are locally routed. VLT supports unicast routing of both IPv4 and IPv6 traffic. To enable VLT unicast routing, both VLT peers must be in L3 mode.
Migrate VMs across data centers with eVLT OS10 switches support movement of virtual machines (VMs) across data centers using VRRP Active-Active mode. Configure symmetric VRRP with the same VRRP group ID and virtual IP in VLANs stretched or spanned across data centers. VMs use the VRRP Virtual IP address of the VLAN as Gateway IP. As the VLAN configurations are symmetric across data centers, you can move the VMs from one data center to another.
● Configure VRRP on L2 links between core routers: C1(config)# interface vlan 100 C1(conf-if-vl-100)# ip address 10.10.100.1/24 C1(conf-if-vl-100)# vrrp-group 10 C1(conf-vlan100-vrid-10)# priority 250 C1(conf-vlan100-vrid-10)# virtual-address 10.10.100.
D1(config)# interface ethernet 1/1/4 D1(conf-if-eth1/1/4)# channel-group 10 D1(conf-if-eth1/1/4)# exit ● Configure OSPF on L3 side of core router: D1(config)# router ospf 100 D1(config-router-ospf-100)# redistribute connected D1(conf-router-ospf-100)# exit D1(config)# interface vlan 200 D1(conf-if-vl-200)# ip ospf 100 area 0.0.0.
● Add members to port channel 20: C2(config)# interface C2(conf-if-eth1/1/5)# C2(conf-if-eth1/1/5)# C2(config)# interface C2(conf-if-eth1/1/6)# C2(conf-if-eth1/1/6)# ethernet 1/1/5 channel-group 20 exit ethernet 1/1/6 channel-group 20 exit Sample configuration of D2: ● Configure VRRP on L2 links between core routers: D2(config)# interface vlan 100 D2(conf-if-vl-100)# ip address 10.10.100.4/24 D2(conf-if-vl-100)# vrrp-group 10 D2(conf-vlan100-vrid-10)# virtual-address 10.10.100.
View VLT information To monitor the operation or verify the configuration of a VLT domain, use a VLT show command on primary and secondary peers. ● View detailed information about the VLT domain configuration in EXEC mode, including VLTi status, local and peer MAC addresses, peer-routing status, and VLT peer parameters. show vlt domain-id ● View the role of the local and remote VLT peer in EXEC mode. show vlt domain-id role ● View any mismatches in the VLT configuration in EXEC mode.
delay-restore Configures a time interval to delay bringing up the VLT ports after reload or peer-link restoration between the VLT peer switches. Syntax delay-restore seconds Parameters seconds — Enter a delay time, in seconds, to delay bringing up VLT ports after the VLTi link is detected, from 1 to 1200.
peer-routing Enables optimized routing where packets destined for the L3 endpoint of the VLT peer are locally routed. Syntax peer-routing Parameters None Default Disabled Command Mode VLT-DOMAIN Usage Information The no version of this command disables peer routing. Example Supported Releases OS10(conf-vlt-1)# peer-routing 10.2.0E or later peer-routing-timeout Configures the delay after which, the system disables peer routing when the peer is not available.
● If the heartbeat is up and the VLTi link goes down between the VLT peers, both the VLT peers retain their primary and secondary roles. However, the VLT port channel on the secondary VLT peer shuts down. NOTE: When you configure a priority for VLT peers using this command, the configuration does not take effect immediately. The primary priority configuration comes into effect the next time election is triggered. Example Supported Releases OS10(conf-vlt-1)#primary-priority 2 10.4.1.
Root-Guard: Disable, Loop-Guard: Disable Bpdus (MRecords) Sent: 11, Received: 7 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID --------------------------------------------------------------------------------------------VFP(VirtualFabricPort) 0.1 0 1 FWD 0 32768 0078.7614.6062 0.
Example (MSTP information on VLT) OS10# show spanning-tree virtual-interface detail Port 1 (VFP(VirtualFabricPort)) of MSTI 0 is designated Forwarding Port path cost 0, Port priority 128, Port Identifier 128.1 Designated root priority: 32768, address: 34:17:44:55:66:7f Designated bridge priority: 32768, address: 90:b1:1c:f4:a5:23 Designated port ID: 128.
VLT Delay-Restore timer : 90 seconds Remaining time : 60 seconds Delay-Restore Orphan-Port enabled interfaces Eth1/1/10-1/1/15,1/1/17,1/1/20 : Po10-15,17,20 Delay-Restore Orphan-Port Ignore VLTi Fail enabled interfaces : Eth1/1/12-1/1/14,1/1/20 Po10-12,Po17 WHEN DELAY-RESTORE TIMER HAS EXPIRED/NOT-RUNNING: OS10# show vlt 1 delay-restore-orphan-port VLT Delay-Restore timer : 90 seconds Delay-Restore Orphan-Port enabled interfaces : Eth1/1/8 Eth1/1/10 Po1 Po4 Delay-Restore Orphan-Port Ignore VLTi F
show vlt mac-inconsistency Displays inconsistencies in dynamic MAC addresses learned between VLT peers across spanned-VLANs. Syntax show vlt mac-inconsistency Parameters None Default Not configured Command Mode EXEC Usage Information Use this command to check for a mismatch of MAC address table entries between VLT peers. Use this command only when you observe network convergence issues. To verify VLT configuration mismatch issues on peer switches, use the show vlt domain-name mismatch command.
Usage Information The * in the mismatch output indicates a local node entry. The show vlt mismatch dhcp-relay command displays the mismatch in the global ip dhcp-relay informationoption command. The show vlt mismatch dhcp-relay command displays the presence or absence of interface level ip dhcp-relay information-option configurations.
Example (mismatch — Virtual Network (VN) name not available in the peer) Example (mismatch of VLTi and VLAN) Example (mismatch of VN mode) Example (mismatch of port and VLAN list) OS10# show vlt all mismatch virtual-network Virtual Network Name Mismatch: VLT Unit ID Mismatch Virtual Network List ---------------------------------------------------------------------------1 10,104 * 2 OS10# show vlt all mismatch virtual-network Virtual Network: 100 VLT Unit ID Configured VLTi-Vlans -------------------------
Virtual-network: 10 VLT Unit ID Anycast-IP ------------------------------------1 10.16.128.25 * 2 10.16.128.20 Virtual-network: 20 VLT Unit ID Anycast-IP ------------------------------------1 10.16.128.26 * 2 10.16.128.30 Example (Anycast IP addresses not configured on one of the virtual networks on both peers) show vlt 1 mismatch virtual-network Interface virtual-network Anycast-IP mismatch: Virtual-network: 10 VLT Unit ID Anycast-IP ------------------------------------1 10.16.128.
Example (mismatch VLAN anycast IP) OS10(conf-if-po-20)# show vlt 1 mismatch vlan-anycast VLAN anycast ip Mismatch: VLAN: 3000 VLT Unit ID Anycast-IPs ---------------------------------------------------------------------------* 1 100.101.102.100 2 Not configured VLAN: 2000 VLT Unit ID Anycast-IPs ---------------------------------------------------------------------------* 1 64::100, 64.6.7.88 2 100::100, 100.101.102.
Example Supported Releases OS10# show vlt 1 role VLT Unit ID Role -----------------------* 1 primary 2 secondary 10.2.0E or later show vlt vlt-port-detail Displays detailed status information about the VLT ports. Syntax show vlt id vlt-port-detail Parameters id — Enter a VLT domain ID, from 1 to 255. Default Not configured Command Mode EXEC Usage Information The * in the mismatch output indicates a local mismatch.
vlt-port-channel Configures the ID used to map interfaces on VLT peers into a single VLT port-channel. Syntax vlt-port-channel vlt-port-channel-id Parameters vlt-port-channel-id — Enter a VLT port-channel ID, from 1 to 128. Default Not configured Command Mode PORT-CHANNEL INTERFACE Usage Information Assign the same VLT port-channel ID to interfaces on VLT peers to create a VLT port-channel. The no version of this command removes the VLT port-channel ID configuration.
In a non-VLT network, the backup VRRP gateway forwards L3 traffic. If you want to use VRRP groups on VLANs without VLT topology, disable the Active-Active functionality, to ensure that only the active VRRP gateway forwards L3 traffic. The no version of this command disables the configuration. Example Supported Releases 1298 OS10(conf-if-vl-10)# vrrp mode active-active 10.2.
23 Uplink Failure Detection Uplink failure detection (UFD) indicates the loss of upstream connectivity to servers connected to the switch. A switch provides upstream connectivity for devices, such as servers. If the switch loses upstream connectivity, the downstream devices also lose connectivity. However, the downstream devices do not generally receive an indication that the upstream connectivity was lost because connectivity to the switch is still operational. To solve this issue, use UFD.
Configure uplink failure detection Consider the following before configuring an uplink-state group: ● ● ● ● ● ● ● An uplink-state group is considered to be operationally up if it has at least one upstream interface in the Link-Up state. An uplink-state group is considered to be operationally down if it has no upstream interfaces in the Link-Up state. You can assign a physical port or a port channel to an uplink-state group. You can assign an interface to only one uplink-state group at a time.
● If you disable an uplink-state group, the downstream interfaces are not disabled, regardless of the state of the upstream interfaces. ● If you do not assign upstream interfaces to an uplink-state group, the downstream interfaces are not disabled. Configuration: 1. Create an uplink-state group in CONFIGURATION mode. uplink-state-group group-id 2. Configure the upstream and downstream interfaces in UPLINK-STATE-GROUP mode.
Eth 1/1/5(Dwn) Eth 1/1/9:2(Dwn) Eth 1/1/9:3(Dwn) OS10#show uplink-state-group 1 detail (Up): Interface up (Dwn): Interface down (Dis): Interface disabled (NA): Not Available *: VLT port-channel, V: VLT status, P: Peer Operational status ^: Tracking status Uplink State Group : 1 Name: iscsi_group, Status: Enabled, Up Upstream Interfaces : eth1/1/35(Up) *po10(V:Up, ^P:Dwn) VLTi(NA) Downstream Interfaces : eth1/1/2(Up) *po20(V: Up,P: Up) OS10#show uplink-state-group 2 detail (Up): Interface up (Dwn): Interfa
Table 125. UFD on VLT network Event VLT action on primary node VLT action on secondary node UFD action VLTi Link is operationally up with heartbeat up No action VLT module sends VLT portchannel enable request to Interface Manager (IFM) for both uplink and downlink. UFD receives operationally up of upstream VLT portchannel and sends clear errordisable of downstream VLT port-channel to IFM. Reboot of VLT secondary peer No action After reboot, runs the delay restore timer.
Sample configurations of UFD on VLT The following examples show some of the uplink-state groups on VLT. In the following illustration, both the upstream and downstream members are part of VLT port-channels. The uplink-state group includes both the VLT port-channels as members. In the following example, the upstream member is part of VLT port-channel and the downstream member is an orphan port. The uplink-state group includes the VLT port-channel, VLT node, and the downstream port.
OS10 does not support adding a VLTi link member to the uplink-state group. You can add the VLTi link as upstream member to an uplink-state group using the upstream VLTi command. If the VLTi link is not available in the system, OS10 allows adding the VLTi link as an upstream member. In this case, UFD starts tracking the operational status of the VLTi link when the link is available. Until the VLTi link is available, the show uplink-state-group details command displays the status of the link as NA.
UFD commands clear ufd-disable Overrides the uplink-state group configuration and brings up the downstream interfaces. Syntax clear ufd-disable {interface interface-type | uplink-state-group group-id} Parameters ● interface-type — Enter the interface type. ● group-id — Enter the uplink state group ID, from 1 to 32. Default None Command Mode EXEC Usage Information This command manually brings up a disabled downstream interface that is in an UFD-disabled error state.
Example Supported Releases OS10(config)# uplink-state-group 1 OS10(conf-uplink-state-group-1)# downstream ethernet 1/1/1 10.4.0E(R3) or later downstream auto-recover Enables auto-recovery of the disabled downstream interfaces. Syntax downstream auto-recover Parameters None Default Enabled Command Mode UPLINK-STATE-GROUP Usage Information The no version of this command disables the auto-recovery of downstream interfaces.
Example Supported Releases OS10(config)# uplink-state-group 1 OS10(conf-uplink-state-group-1)# enable 10.4.0E(R3) or later name Configures a descriptive name for the uplink-state group. Syntax name string Parameters string — Enter a description for the uplink-state group. A maximum of 32 characters. Default Not configured Command Mode UPLINK-STATE-GROUP Usage Information The no version of this command removes the descriptive name.
Command Mode EXEC Usage Information None Example OS10# show uplink-state-group Uplink State Group: 9, Status: Enabled,down OS10# show uplink-state-group 9 Uplink State Group: 9, Status: Enabled,down OS10# Example (detail) OS10# show uplink-state-group detail (Up): Interface up (Dwn): Interface down Uplink State Group : Defer Time : Upstream Interfaces : Downstream Interfaces: Eth 1/1/4(Dwn) 1/1/9:3(Dwn) (Dis): Interface disabled 1 Status : Enabled,up Name : UFDGROUP1 10 second(s) Eth 1/1/7:1(Up)
uplink-state-group Creates an uplink-state group and enables upstream link tracking. Syntax uplink-state-group group-id Parameters group-id — Enter a unique ID for the uplink-state group, from 1 to 32. Default None Command Mode CONFIGURATION Usage Information The no version of this command removes the uplink-state group. Example Supported Releases OS10(config)# uplink-state-group 1 10.4.
24 Converged data center services OS10 supports converged data center services, including IEEE 802.1 data center bridging (DCB) extensions to classic Ethernet. DCB provides I/O consolidation in a data center network. Each network device carries multiple traffic classes while ensuring lossless delivery of storage traffic with best-effort for local area network (LAN) traffic and latency-sensitive scheduling of service traffic. ● 802.1Qbb — Priority flow control ● 802.
PFC configuration notes ● PFC is supported for 802.1p, dot1p priority traffic, from 0 to 7. FCoE traffic traditionally uses dot1p priority 3 — iSCSI storage traffic uses dot1p priority 4. ● Configure PFC for ingress traffic by using network-qos class and policy maps. For more information, see Quality of service. PFC-enabled traffic queues are treated as lossless queues. Configure the same network-qos policy map on all PFC-enabled ports.
number and the dot1p value must be the same. A qos-group number is used only internally to classify ingress traffic classes. trust dot1p-map dot1p-map-name qos-group {0-7} dot1p {0-7} exit 2. Apply the trust dot1p-map policy to ingress traffic in SYSTEM-QOS or INTERFACE mode. trust-map dot1p trust-policy—map-name Configure traffic-class-queue mapping NOTE: Z9332F-ON has different configurations for queue mapping. For more information, see Configure traffic-class to queue mapping for Z9332F-ON.
3-5 2 6-7 3 4 5 6 7 1 2 2 3 4 5 6 7 Multicast Unicast Multicast Unicast Unicast Unicast Unicast Unicast The following is the default TC-to-Queue Mapping format: Default Traffic-Class to Queue Map Traffic-Class Queue number Type ---------------------------------------0 0 Both 1 1 Both 2 2 Both 3 3 Both 4 4 Both 5 5 Both 6 6 Both 7 7 Both View the interface PFC configuration OS10# show interface ethernet 1/1/1 priority-flow-control details ethernet1/1/1 Admin Mode : true Operstatus: true PFC Priorities: 4
corresponds to traffic class 1. Enter a single value, a hyphen-separated range, or multiple qos-group values separated by commas in CLASS-MAP mode. class—map type network-qos class—map-name match qos-group {1-7} exit 2. (Optional) Repeat Step 1 to configure additional PFC traffic-class class-maps. Configure pause and ingress buffers for PFC traffic For the default ingress queue settings and the default dot1p priority-queue mapping, see PFC configuration notes. 1.
OS10(config)# class-map type network-qos cc1 OS10(config-cmap-nqos)# match qos-group 3 OS10(config-cmap-nqos)# exit OS10(config)# class-map type network-qos cc2 OS10(config-cmap-nqos)# match qos-group 4 OS10(config-cmap-nqos)# exit OS10(config)# policy-map type network-qos pp1 OS10(config-pmap-network-qos)# class cc1 OS10(config-pmap-c-nqos)# pause buffer-size 30 pause-threshold 20 resume-threshold 10 OS10(config-pmap-c-nqos)#pfc-cos 3 OS10(config-pmap-c-nqos)#exit OS10(config-pmap-network-qos)# class cc2 O
7 9360 static 12779520 - - View PFC system buffer configuration OS10# show qos system ingress buffer All values are in kb Total buffers Total lossless buffers Maximum lossless buffers Total shared lossless buffers Total used shared lossless buffers Total lossy buffers Total shared lossy buffers Total used shared lossy buffers - 12187 0 5512 0 11567 11192 0 OS10# show qos system egress buffer All values are in kb Total buffers - 12187 Total lossless buffers - 0 Total shared lossless buffers - 0 Tota
Defaults The default ingress-buffer size reserved for PFC traffic classes, and the pause and resume thresholds vary according to the interface type. The default egress buffer that is reserved for PFC traffic classes is 0 on all interface types. Table 126.
pfc-shared-buffer-size Configures the number of shared buffers available for PFC-enabled traffic on the switch. Syntax pfc-shared-buffer-size kilobytes Parameter kilobytes — Enter the total amount of shared buffers available to PFC-enabled dot1p traffic in kilobytes, from 0 to 7787. Default 832KB Command Mode SYSTEM-QOS Usage Information By default, the lossy ingress buffer handles all ingress traffic.
Command Mode POLICY-CLASS NETWORK-QOS Usage Information To tune the amount of shared buffers available for the static limit of PFC traffic-class queues on the switch, use the pfc-shared-buffer-size command. The current amount of available shared buffers determines the dynamic queue-limit. Example Supported Releases OS10(config)# policy-map type network-qos pp1 OS10(conf-pmap-network-qos)# class cc1 OS10(conf-pmap-c-nqos)# queue-limit thresh-mode static 1024 10.3.
ETS configuration notes ● ETS is supported on Layer2 (L2) 802.1p priority (dot1p 0 to 7) and Layer 3 (L3) DSCP (0 to 63) traffic. FCoE traffic uses dot1p priority 3 — iSCSI storage traffic uses dot1p priority 4. ● Apply these maps and policies on interfaces: ○ Trust maps — OS10 interfaces do not honor the L2 and L3 priority fields in ingress traffic by default. Create a trust map to honor dot1p and DSCP classes of lossless traffic. A trust map does not change ingress dot1p and DSCP values in egress flows.
2. Configure a QoS map with trusted traffic-class (qos-group) to lossless-queue mapping in CONFIGURATION mode. Assign one or more qos-groups, from 0 to 7, to a specified queue in QOS-MAP mode. Enter multiple qos-group values in a hyphenated range or separated by commas. Enter multiple queue qos-group entries, if necessary. qos-map traffic-class queue-map-name queue {0-7} qos-group {0-7} exit 3. Apply the default trust map specifying that dot1p and dscp values are trusted in SYSTEM-QOS or INTERFACE mode.
Configure ETS OS10(config)# trust dot1p-map dot1p_map1 OS10(config-trust-dot1pmap)# qos-group 0 dot1p 0-3 OS10(config-trust-dot1pmap)# qos-group 1 dot1p 4-7 OS10(config-trust-dot1pmap)# exit OS10(config)# trust dscp-map dscp_map1 OS10(config-trust-dscpmap)# qos-group 0 dscp 0-31 OS10(config-trust-dscpmap)# qos-group 1 dscp 32-63 OS10(config-trust-dscpmap)# exit OS10(config)# qos-map traffic-class tc-q-map1 OS10(config-qos-tcmap)# queue 0 qos-group 0 OS10(config-qos-tcmap)# queue 1 qos-group 1 OS10(config-qo
ETS commands ets mode on Enables ETS on an interface. Syntax ets mode on Parameter None Default Disabled Command Mode INTERFACE Usage Information Enable ETS on all switch interfaces in SYSTEM-QOS mode or on an interface or interface range in INTERFACE mode. The no version of this command disables ETS. Example Supported Releases OS10(config-sys-qos)# ets mode on 10.3.
DCBX configuration notes ● DCBX is a prerequisite for using DCB features, such as PFC and ETS, to exchange link-level configurations in a converged network. ● DCBX, when deployed in topologies, enables lossless operation for FCoE or iSCSI traffic. In these scenarios, all network devices in the topology must have DCBX-enabled. ● DCBX uses LLDP to advertise and automatically negotiate the administrative state and PFC or ETS configuration with directly connected DCB peers.
● OS10 supports DCBX versions CEE and IEEE2.5. ● If ETS and PFC are enabled, DCBX advertises ETS configuration, ETS recommendation, and PFC configuration. When you configure application-specific parameters such as FCoE or iSCSI to be advertised, DCBX advertises the respective Application Priority TLVs. ● A DCBX-enabled port operates only in a manual role. In this mode, the port operates only with user-configured settings and does not autoconfigure with DCB settings that are received from a DCBX peer.
Interface ethernet1/1/3 Port Role is Manual DCBX Operational Status is Disabled Reason: Port Shutdown Is Configuration Source? FALSE Local DCBX Compatibility mode is AUTO Local DCBX Configured mode is AUTO Peer Operating version is Not Detected Local DCBX TLVs Transmitted: erpfi 0 Input PFC TLV pkts, 0 Output PFC TLV pkts, 0 Error PFC 0 Input ETS Conf TLV Pkts, 0 Output ETS Conf TLV Pkts, 0 0 Input ETS Reco TLV pkts, 0 Output ETS Reco TLV pkts, 0 0 Input Appln Priority TLV pkts, 0 Output Appln Priority Prio
Priority TLV Pkts Total Total Total Total DCBX DCBX DCBX DCBX Frames transmitted 0 Frames received 0 Frame errors 0 Frames unrecognized 0
Local ISCSI PriorityMap is 0x10 Remote ISCSI PriorityMap is 0x10 220 Input TLV pkts, 350 Output TLV pkts, 0 Error pkts 71 Input Appln Priority TLV pkts, 80 Output Appln Priority TLV pkts, 0 Error Appln Priority TLV Pkts View DCBX ETS TLV status OS10# show lldp dcbx interface ethernet 1/1/15 ets detail Interface ethernet1/1/15 Max Supported PG is 8 Number of Traffic Classes is 8 Admin mode is on Admin Parameters : -----------------Admin is enabled PG-grp Priority# Bandwidth TSA ------------------------------
DCBX commands dcbx enable Enables DCBX globally on all interfaces. Syntax dcbx enable Parameters None Default Disabled Command Mode CONFIGURATION Usage Information DCBX is disabled at a global level and enabled at an interface level by default. For DCBX to be operational, DCBX must be enabled at both the global and interface levels. Enable DCBX globally using the dcbx enable command to activate the exchange of DCBX TLV messages with PFC, ETS, and iSCSI configurations.
Command Mode INTERFACE Usage Information In Auto mode, a DCBX-enabled port detects an incompatible DCBX version on a peer device port and automatically reconfigures a compatible version on the local port. The no version of this command disables the DCBX version. Example Supported Releases OS10(conf-if-eth1/1/2)# dcbx version cee 10.3.0E or later lldp tlv-select dcbxp Enables and disables DCBX on a port interface.
enabled disabled -----------------------------------------------------------------------Interface ethernet1/1/1 Port Role is Manual DCBX Operational Status is Disabled Reason: Port Shutdown Is Configuration Source? FALSE Local DCBX Compatibility mode is AUTO Local DCBX Configured mode is AUTO Peer Operating version is Not Detected Local DCBX TLVs Transmitted: erpfi 0 Input PFC TLV pkts, 0 Output PFC TLV pkts, 0 Error PFC pkts 0 Input ETS Conf TLV Pkts, 0 Output ETS Conf TLV Pkts, 0 Error ETS Conf TLV Pkts 0
Example (interface) OS10# show lldp dcbx interface ethernet 1/1/15 E-ETS Configuration TLV enabled e-ETS Configuration TLV disabled R-ETS Recommendation TLV enabled r-ETS Recommendation TLV disabled P-PFC Configuration TLV enabled p-PFC Configuration TLV disabled F-Application priority for FCOE f-Application Priority for FCOE enabled disabled I-Application priority for iSCSI i-Application Priority for iSCSI enabled disabled --------------------------------------------------------------------Interface ether
PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3 70% ETS 1 4,5,6,7 30% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP Oper status is init ETS DCBX Oper status is Up State Machine Type is Asymmetric Conf TLV Tx Status is enabled Reco TLV Tx Status is enabled 5 Input Conf TLV Pkts, 2 Output Conf TLV Pkts, 0 Error Conf TLV Pkts 5 Input Reco TLV Pkts, 2 Output Reco TLV Pkts, 0 Error Reco TLV Pkts Example (PFC detail) OS10# show lldp dcbx interface ethernet 1/1/15 pfc
In an iSCSI session, a switch connects CNA servers (iSCSI initiators) to a storage array (iSCSI targets) in a SAN or TCP/IP network. iSCSI optimization running on the switch uses dot1p priority-queue assignments to ensure that iSCSI traffic receives priority treatment. iSCSI configuration notes ● Enable iSCSI optimization so the switch autodetects and autoconfigures Dell EMC EqualLogic storage arrays that are directly connected to an interface.
1. Configure an interface or interface range to detect a connected storage device. interface ethernet node/slot/port:[subport] interface range ethernet node/slot/port:[subport]-node/slot/port[:subport] 2. Enable the interface to support a storage device that is directly connected to the port and not automatically detected by iSCSI. Use this command for storage devices that do not support LLDP.
OS10(config)# iscsi target port 3261 ip-address 10.1.1.
● If the iSCSI session does not receive control packets but receives data packets on the VLT LAG. This happens when you enable iSCSI session monitoring after the iSCSI session starts. The information learned about iSCSI sessions on VLT LAGs synchronizes with the VLT peers.
iscsi priority-bits Resets the priority bitmap that is advertised in iSCSI application TLVs. Syntax iscsi priority-bits {priority-bitmap} Parameter priority-bitmap — Enter a bitmap value for the dot1p priority advertised for iSCSI traffic in iSCSI application TLVs (0x1 to 0xff). Default 0x10 (dot1p 4) Command Mode CONFIGURATION Usage Information iSCSI traffic uses dot1p priority 4 in frame headers by default.
Supported Releases 10.3.0E or later iscsi target port Configures the TCP ports that are used to monitor iSCSI sessions with target storage devices. Syntax iscsi target port tcp-port1 [tcp-port2, ..., tcp-port16] [ip-address ipaddress] Parameters ● tcp-port — Enter one or more TCP port numbers, from 0 to 65535. Separate TCP port numbers with a comma. ● ip-address ip-address — (Optional) Enter the IP address in A.B.C.D format of a storage array whose iSCSI traffic is monitored on the TCP port.
Example Supported Releases OS10# show iscsi iSCSI Auto configuration is Enabled iSCSI session monitoring is Enabled iSCSI COS qos-group 4 remark dot1p 4 Session aging time 15 Maximum number of connections is 256 Port IP Address -----------------------3260 860 3261 10.1.1.1 10.3.0E or later show iscsi session Displays information about active iSCSI sessions. Syntax show iscsi session [detailed] Parameter detailed — Displays a detailed version of the active iSCSI sessions.
Command Mode EXEC Usage Information The command output displays the storage device connected to each switch port and whether iSCSI automatically detects it. Example Supported Releases OS10# show iscsi storage-devices Interface Name Storage Device Name Auto Detected Status ----------------------------------------------------------ethernet1/1/23 EQL-MEM true 10.3.
OS10(config-pmap-c-nqos)# pause OS10(config-pmap-c-nqos)# pfc-cos 4 OS10(config-pmap-c-nqos)# exit OS10(config-pmap-network-qos)# class test5 OS10(config-pmap-c-nqos)# pause OS10(config-pmap-c-nqos)# pfc-cos 5 OS10(config-pmap-c-nqos)# exit OS10(config-pmap-network-qos)# class test6 OS10(config-pmap-c-nqos)# pause OS10(config-pmap-c-nqos)# pfc-cos 6 OS10(config-pmap-c-nqos)# exit OS10(config-pmap-network-qos)# class test7 OS10(config-pmap-c-nqos)# pause OS10(config-pmap-c-nqos)# pfc-cos 7 OS10(config-pmap-c
OS10(conf-if-eth1/1/53)# OS10(conf-if-eth1/1/53)# OS10(conf-if-eth1/1/53)# OS10(conf-if-eth1/1/53)# OS10(conf-if-eth1/1/53)# qos-map traffic-class tmap2 trust-map dot1p default service-policy output type queuing pmap1 ets mode on end OS10(config)# system qos OS10(config-sys-qos)# trust-map dot1p tmap1 OS10(config-sys-qos)# qos-map traffic-class tmap2 OS10(config-sys-qos)# trust-map dot1p default OS10(config-sys-qos)# service-policy output type queuing pmap1 OS10(config-sys-qos)# ets mode on 6.
ISCSI TLV Tx Status is enabled Local ISCSI PriorityMap is 0x10 Remote ISCSI PriorityMap is 0x10 4 Input TLV pkts, 3 Output TLV pkts, 0 Error pkts 4 Input Appln Priority TLV pkts, 3 Output Appln Priority TLV pkts, 0 Error Appln Priority TLV Pkts 9.
This example accepts the default settings for aging time and TCP ports that are used in monitored iSCSi sessions. A Compellant storage array is connected to the port. The policy-iscsi policy map sets the CoS dot1p priority that is used for iSCSI traffic to 6 globally on the switch. By default, iSCSI traffic uses priority 4. The iscsi priority-bits 0x40 command sets the advertised dot1p priority that is used by iSCSI traffic in application TLVs to 6. Hexadecimal 0x40 is binary 0 1 0 0 0 0 0 0.
OS10(conf-if-eth1/1/53)# do show lldp dcbx interface ethernet 1/1/53 E-ETS Configuration TLV enabled e-ETS Configuration TLV disabled R-ETS Recommendation TLV enabled r-ETS Recommendation TLV disabled P-PFC Configuration TLV enabled p-PFC Configuration TLV disabled F-Application priority for FCOE enabled f-Application Priority for FCOE disabled I-Application priority for iSCSI enabled i-Application Priority for iSCSI disabled ----------------------------------------------------------------------------------
Local DCBX TLVs Transmitted: ERPfI 13 Input PFC TLV pkts, 4 Output PFC TLV pkts, 0 Error PFC pkts 3 Input ETS Conf TLV Pkts, 26 Output ETS Conf TLV Pkts, 0 Error ETS Conf TLV Pkts 3 Input ETS Reco TLV pkts, 26 Output ETS Reco TLV pkts, 0 Error ETS Reco TLV Pkts Total Total Total Total 1348 DCBX DCBX DCBX DCBX Frames transmitted 0 Frames received 0 Frame errors 0 Frames unrecognized 0 Converged data center services
25 sFlow sFlow is a standard-based sampling technology embedded within switches and routers that monitors network traffic. It provides traffic monitoring for high-speed networks with many switches and routers.
● Disable sFlow in CONFIGURATION mode.
sflow enable ! Collector configuration Configure the IPv4 or IPv6 address for the sFlow collector. When you configure the collector, enter a valid and reachable IPv4 or IPv6 address. You can configure a maximum of two sFlow collectors. If you specify two collectors, samples are sent to both. The agent IP address must be the same for both the collectors.
0 UDP packets exported 0 UDP packets dropped 0 sFlow samples collected Polling-interval configuration The polling interval for an interface is the number of seconds between successive samples of counters sent to the collector. You can configure the duration for polled interface statistics. Unless there is a specific deployment need to configure a lower polling interval value, configure the polling interval to the maximum value.
● Disable packet sampling in CONFIGURATION mode. no sflow sample-rate ● View the sampling rate in EXEC mode.
OS10(config)# sflow source-interface vlan 10 View sFlow running configuration OS10# sflow sflow sflow sflow show running-configuration sflow enable all-interfaces source-interface vlan10 collector 5.1.1.1 agent-addr 4.1.1.1 6343 collector 6.1.1.1 agent-addr 4.1.1.1 6343 OS10(config)#show running-configuration interface vlan ! interface vlan1 no shutdown ! interface vlan10 no shutdown ip address 10.1.1.
sflow max-header-size 80 sflow polling-interval 30 sflow sample-rate 4096 sflow collector 10.16.150.1 agent-addr 10.16.132.67 6767 max-datagram-size 800 sflow collector 10.16.153.176 agent-addr 3.3.3.3 6666 ! interface ethernet1/1/1 sflow enable ! sFlow commands sflow collector Configures an sFlow collector IP address where sFlow datagrams are forwarded. You can configure a maximum of two collectors.
Usage Information Example (interface) Example (interface range) Example (portchannel) Supported Releases The no version of this command to disables sFlow. OS10(config)# sflow enable OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# sflow enable OS10(config)# sflow enable OS10(config)# interface range ethernet 1/1/1-1/1/10 OS10(conf-range-eth1/1/1-1/1/10)# sflow enable OS10(config)# sflow enable OS10(config)# interface range port-channel 1-10 OS10(conf-range-po-1-10)# sflow enable 10.3.
sflow sample-rate Configures the sampling rate. Syntax sflow sample-rate value Parameter value — Enter the packet sample rate, from 4096 to 65535. The default is 32768. Default 32768 Command Mode CONFIGURATION Usage Information Sampling rate is the number of packets skipped before the sample is taken. For example, if the sampling rate is 4096, one sample generates for every 4096 packets observed. The no version of the command resets the sampling rate to the default value.
Parameter interface type — (Optional) Enter either ethernet or port-channel for the interface type. Command Mode EXEC Usage Information OS10 does not support statistics for UDP packets dropped and samples received from the hardware.
26 Telemetry Network health relies on performance monitoring and data collection for analysis and troubleshooting. Network data is often collected with SNMP and CLI commands using the pull mode. In pull mode, a management device sends a get request and pulls data from a client. As the number of objects in the network and the metrics grow, traditional methods limit network scaling and efficiency. Using multiple management systems further limits network scaling.
Table 128. BGP peers YANG Container Minimum sampling interval (milliseconds) infra-bgp/peer-state/peer-status 0 Buffer statistics Table 129. Buffer statistics YANG Container Minimum sampling interval (milliseconds) base-qos/queue-stat 15000 base-qos/priority-group-stat 15000 base-qos/buffer-pool-stat 15000 base-qos/buffer-pool 15000 Device information Table 130.
System statistics Table 134. System statistics YANG Container Minimum sampling interval (milliseconds) system-status/current-status 15000 Configure telemetry NOTE: To set up a streaming telemetry collector, download and use the OS10 telemetry .proto files from the Dell EMC Support site. To enable the streaming of telemetry data to destinations in a subscription profile: 1. Enable telemetry on the switch. 2. Configure a destination group. 3.
1. Enter the destination group name in TELEMETRY mode. A maximum of 32 characters. OS10(conf-telemetry)# destination-group group-name 2. Enter the IPv4 or IPv6 address and transport-service port number in DESTINATION-GROUP mode. Only one destination is supported in the 10.4.3.0 release. You can enter a fully qualified domain name (FQDN) for ip-address. The destination domain name resolves to an IP address — see System domain name and list. OS10(conf-telemetry-dg-dest)# destination ip-address port-number 3.
View telemetry configuration Use the following show commands to display telemetry configuration. OS10# show telemetry Telemetry Status : enabled -- Telemetry Destination Groups -Group : dest1 Destination : 10.11.56.
View destination group OS10# show telemetry destination-group Telemetry Status : enabled -- Telemetry Destination Groups -Group : dest1 Destination : 10.11.56.
Encoding : gpb Transport : grpc TLS : disabled Source Interface : ethernet1/1/1 Active : true Reason : Connection summary: One or more active connections The connection 10.11.56.204:40001 is in connected state Verify telemetry in running configuration OS10# show running-configuration telemetry ! telemetry enable ! destination-group dest1 destination 10.11.56.
Default Telemetry is disabled on the switch. Command mode CONFIGURATION Usage information Enable and disable streaming telemetry in Telemetry mode. Example Supported releases OS10(config)# telemetry OS10(conf-telemetry)# 10.4.3.0 or later enable Enables telemetry on the switch. Syntax enable Parameters None Default Telemetry is disabled. Command mode TELEMETRY Usage information Enter the no enable command to disable telemetry. Example Supported releases OS10(conf-telemetry)# enable 10.4.
● domain-name — Enter the fully qualified domain name of the destination device. A maximum of 32 characters. ● port-number — Enter the transport-service port number to which telemetry data is sent on the destination device. Default Not configured Command mode DESTINATION-GROUP Usage information When you associate a destination group with a subscription, telemetry data is sent to the IP address and port specified by the destination command. In the 10.4.3.0 release, only one destination is supported.
Supported releases 10.4.3.0 or later sensor-group (subscription-profile) Assigns a sensor group with sampling interval to a subscription profile for streaming telemetry. Syntax sensor-group {bgp | bgp-peer | buffer | device | environment | interface | lag | system | oc-bfd} group-name sampling-interval Parameters ● ● ● ● ● ● ● ● ● bgp — Enter bgp to assign a BGP statistics sensor group to the subscription profile.
Parameters format — Enter the gpb (Google protocol buffer) encoding format in which data is streamed. Default None Command mode SUBSCRIPTION-PROFILE Usage information The no version of the command removes the configured encoding format from a subscription profile. Example Supported releases OS10(conf-telemetry)# subscription-profile subscription-1 OS10(conf-telemetry-sp-subscription-1)# encoding gpb 10.4.3.
Usage information Example Supported releases The telemetry agent uses the source interface to derive the VRF instance and IP address used to communicate with destination devices. For gRPC transport, source interface configuration is optional. The no version of the command removes the configured source interface from a subscription profile. OS10(conf-telemetry)# subscription-profile subscription-1 OS10(conf-telemetry-sp-subscription-1)# source-interface ethernet 1/1/1 10.4.3.
Sensor Path : openconfig-bgp/bgp/neighbors/neighbor Sensor Path : openconfig-bgp/bgp/rib/afi-safis/afi-safi Group : oc-buffer Sensor Path : openconfig-qos/qos/interfaces/interface Group : oc-device Sensor Path : openconfig-platform/components/component Sensor Path : openconfig-network-instance/network-instances/ networkinstance Group : oc-environment Sensor Path : openconfig-platform/components/component Group : oc-interface Sensor Path : openconfig-interfaces/interfaces/interface Group : oc-lacp Sensor Pat
Sensor Path : base-pas/temp_threshold Sensor Path : base-pas/media Sensor Path : base-pas/media-channel Group : interface Sensor Path : if/interfaces-state/interface/statistics Sensor Path : dell-base-if-cmn/if/interfaces-state/interface Group : lag Sensor Path : dell-base-if-cmn/if/interfaces Group : system Sensor Path : system-status/current-status Group : oc-bfd Sensor Path : openconfig-bfd/bfd Group : oc-bgp Sensor Path : openconfig-bgp/bgp/neighbors/neighbor Sensor Path : openconfig-bgp/bgp/rib/afi-saf
Active : true Reason : Connection summary: One or more active connections The connection 10.11.56.
OS10(conf-telemetry-sp-subscription-1)# source-interface ethernet 1/1/1 OS10(conf-telemetry-sp-subscription-1)# end OS10# show telemetry Telemetry Status : enabled -- Telemetry Destination Groups -Group : dest1 Destination : 10.11.56.
Group : oc-vlan Sensor Path : openconfig-interfaces/interfaces/interface Group : oc-vrrp Sensor Path : openconfig-interfaces/interfaces/interface/subinterfaces/subinterface -- Telemetry Subscription Profiles -Name : subscription-1 Destination Groups(s) : dest1 Sensor-group Sample-interval ----------------------------------bgp 300000 bgp-peer 0 buffer 15000 device 300000 environment 300000 interface 180000 lag 0 system 300000 Encoding : gpb Transport : grpc TLS : disabled Source Interface : ethernet1/1/1 Act
27 RESTCONF API RESTCONF is a representational state transfer (REST)-like protocol that uses HTTPS connections. Use the OS10 RESTCONF API to set up the configuration parameters on OS10 switches using JavaScript Object Notation (JSON)-structured messages. Use any programming language to create and send JSON messages. The examples in this chapter use curl. The OS10 RESTCONF implementation complies with RFC 8040. You can use the RESTCONF API to configure and monitor an OS10 switch.
● ecdhe-rsa-with-aes-256-gcm-SHA384 rest https cipher-suite 4. Enable RESTCONF API in CONFIGURATION mode. rest api restconf RESTCONF API configuration OS10(config)# rest https server-certificate name OS10.dell.
Example Supported Releases OS10(config)# rest https cipher-suite dhe-rsa-with-aes-128-gcm-SHA256 dhe-rsa-with-aes-256-gcm-SHA384 ecdhe-rsa-with-aes-256-gcm-SHA384 10.4.1.0 or later rest https server-certificate Creates the SSL self-signed server certificate a RESTCONF HTTPS connection uses. Syntax rest https server-certificate name hostname Parameters name hostname — Enter the IP address or domain name of the OS10 switch. Default The OS10 switch domain name is used as the hostname.
curl Commands curl command options include: ● -X specifies the HTTPS request type; for example, POST , PATCH, or GET. ● -u specifies the user name and password to use for server authentication. ● -k specifies a text file to read curl arguments from. The command line arguments found in the text file will be used as if they were provided on the command line. Use the IP address or URL of the OS10 switch when you access the OS10 RESTCONF API from a remote orchestration system.
To display values for the type and name parameters in the curl command, display the XML structure of the interface vlan 20 configuration command: OS10(config)# do debug cli netconf OS10(config)# interface vlan 10 Request: PAGE 1381Interface Configure a loopback interface RESTCONF endpoint JSON content /restconf/data/interfaces { } Parameters "interface": [{ "type": "iana-if-type:softwareLoopback", "enabled": true, "description":"loopback interface", "name":"loopback1"}] ● type string —Enter iana-if-type:softwareLoopback for a loopback interface. ● enabled bool— Enter true to enable the interface; enter false to disable. ● description string — Enter a text string to describe the interface. A maximum of 80 alphanumeric characters.
28 Troubleshoot Dell EMC SmartFabric OS10 Critical workloads and applications require constant availability. Dell EMC Networking offers tools to help you monitor and troubleshoot problems before they happen.
* 1 S4148F-ON 985 006 10 1 S4148F-ON-PWR-1-AC 1 S4148F-ON-FANTRAY-1 1 S4148F-ON-FANTRAY-2 1 S4148F-ON-FANTRAY-3 1 S4148F-ON-FANTRAY-4 09H9MN X01 TW-09H9MN-28298-713-0026 06FKHH 0N7MH8 0N7MH8 0N7MH8 0N7MH8 A00 X01 X01 X01 X01 CN-06FKHH-28298-6B5-03NY TW-0N7MH8-28298-713-0101 TW-0N7MH8-28298-713-0102 TW-0N7MH8-28298-713-0103 TW-0N7MH8-28298-713-0104 9531XC2 198 Boot partition and image Display system boot partition and image information. ● View all boot information in EXEC mode.
1 root 2 root 3 root 5 root 7 root 8 root 10 root 11 root 12 root 13 root 14 root 15 root 16 root 17 root 19 root 20 root 21 root 22 root 23 root 24 root 25 root --more-- 20 20 20 0 20 20 20 20 20 rt rt rt rt 20 0 0 20 0 20 0 25 0 0 0 -20 0 0 0 0 0 0 0 0 0 0 -20 -20 0 -20 0 -20 5 112100 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 5840 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3032 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 S S S S R S S S S S S S S S S S S S S S S 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.
Capture packets from Ethernet interface $ tcpdump -i e101-003-0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on e101-003-0, link-type EN10MB (Ethernet), capture size 262144 bytes 01:39:22.457185 IP 3.3.3.1 > 3.3.3.4: ICMP echo request, id 5320, seq 26, length 64 01:39:22.457281 IP 3.3.3.1 > 3.3.3.
When you execute a traceroute, the output shows the path a packet takes from your device to the destination IP address. It also lists all intermediate hops (routers) that the packet traverses to reach its destination, including the total number of hops traversed. Check IPv4 connectivity OS10# ping 172.31.1.255 Type Ctrl-C to abort. Sending 5, 100-byte ICMP Echos to 172.31.1.255, timeout is 2 seconds: Reply to request 1 from 172.31.1.208 0 ms Reply to request 1 from 172.31.1.
1 3ffe:501:ffff:100:201:e8ff:fe00:4c8b 000.000 ms 000.000 ms 000.000 ms View solution ID Dell EMC networking switches that are part of a larger solution require a solution identifier (ID). To view the solution ID including the product base, product serial number, and product part number, use the following show commands: View inventory OS10# show inventory Product : S6000-ON Description : S6000-ON 32x40GbE QSFP+ Interface Module Software version : 10.4.
Software version : 10.4.9999EX Product Base : ECS Gen3 Product Serial Number : APM001123456789 Product Part Number : 900-590-001 ----------------------------------------------------------------<
Node Id MAC Number of MACs Up Time : : : : 1 14:18:77:15:c3:e8 256 1 day 00:48:58 -- Unit 1 -Status System Identifier Down Reason Digital Optical Monitoring System Location LED Required Type Current Type Hardware Revision Software Version Physical Ports BIOS System CPLD Master CPLD Slave CPLD : : : : : : : : : : up 1 unknown disable off S4148F S4148F X01 10.5.0.0 48x10GbE, 2x40GbE, 4x100GbE : 3.33.0.0-3 : 0.4 : 0.10 : 0.
location-led system Changes the location LED of the system. Syntax location-led system {node-id | node-id/unit-id} {on | off} Parameters ● node-id | node-id/unit-id — Enter the system ID. ● on | off — Set the system LED to be on or off. Default Not configured Command Mode EXEC Usage Information Use this command to change the location LED for the specified system ID. Example Supported Releases OS10# location-led system 1 on OS10# location-led system 1 off 10.3.
show diag Displays diagnostic information for port adapters and modules. Syntax show diag Parameters None Default Not configured Command Mode EXEC Usage Information None Example Supported Releases OS10# show diag 00:00.0 Host bridge: Intel Corporation Atom processor C2000 SoC Transaction Router (rev 02) 00:01.0 PCI bridge: Intel Corporation Atom processor C2000 PCIe Root Port 1 (rev 02) 00:02.0 PCI bridge: Intel Corporation Atom processor C2000 PCIe Root Port 2 (rev 02) 00:03.
Thermal sensors Unit Sensor-Id Sensor-name Temperature -----------------------------------------------------------------------------1 1 CPU On-Board temp sensor 32 1 2 Switch board temp sensor 28 1 3 System Inlet Ambient-1 temp sensor 27 1 4 System Inlet Ambient-2 temp sensor 25 1 5 System Inlet Ambient-3 temp sensor 26 1 6 Switch board 2 temp sensor 31 1 7 Switch board 3 temp sensor 41 1 8 NPU temp sensor 43 Supported Releases 10.2.0E or later show hash-algorithm Displays hash algorithm information.
1 1 Supported Releases S4148F-ON-FANTRAY-3 S4148F-ON-FANTRAY-4 0N7MH8 0N7MH8 X01 X01 TW-0N7MH8-28298-713-0103 TW-0N7MH8-28298-713-0104 10.2.0E or later show processes View process CPU utilization information. Syntax show processes node-id node-id-number [pid process-id] Parameters ● node-id-number — Enter the Node ID number as 1. ● process-id — (Optional) Enter the process ID number, from 1 to 2147483647.
21 root kdevtmpfs 22 root 23 root khungtaskd 24 root writeback 25 root --more-- 20 0 0 0 0 S 0.0 0.0 0:00.00 0 -20 20 0 0 0 0 0 0 S 0 S 0.0 0.0 0.0 0.0 0:00.00 netns 0:00.41 0 -20 0 0 0 S 0.0 0.0 0:00.00 0 0 0 S 0.0 0.0 0:00.00 ksmd 25 5 OS10# show processes node-id 1 pid 1019 top - 09:21:58 up 5 days, 8 min, 2 users, load average: 0.18, 0.30, 0.31 Tasks: 1 total, 0 running, 1 sleeping, 0 stopped, 0 zombie %Cpu(s): 9.7 us, 3.9 sy, 0.3 ni, 85.8 id, 0.0 wa, 0.0 hi, 0.3 si, 0.
PSU-ID Status Type AirFlow Fan Speed(rpm) Status ---------------------------------------------------------------1 up AC NORMAL 1 13312 up 2 fail -- Fan Status -FanTray Status AirFlow Fan Speed(rpm) Status ---------------------------------------------------------------1 up NORMAL 1 13195 up Example (nodeid) 2 up NORMAL 1 13151 up 3 up NORMAL 1 13239 up 4 up NORMAL 1 13239 up OS10# show system node-id 1 fanout-configured Interface Breakout capable Breakout state -------------------------
4 Supported Releases up NORMAL 1 13239 up 10.2.0E or later traceroute Displays the routes that packets take to travel to an IP address. Syntax traceroute [vrf {management | vrf-name}] host [-46dFITnreAUDV] [-f first_ttl] [-g gate,...
3 10.11.27.254 (10.11.27.254) 2.233 ms 2.207 ms 2.391 ms 4 Host65.hbms.com (63.80.56.65) 3.583 ms 3.776 ms 3.757 ms 5 host33.30.198.65 (65.198.30.33) 3.758 ms 4.286 ms 4.221 ms 6 3.GigabitEthernet3-3.GW3.SCL2.ALTER.NET (152.179.99.173) 4.428 ms 2.593 ms 3.243 ms 7 0.xe-7-0-1.XL3.SJC7.ALTER.NET (152.63.48.254) 3.915 ms 3.603 ms 3.790 ms 8 TenGigE0-4-0-5.GW6.SJC7.ALTER.NET (152.63.49.254) 11.781 ms 10.600 ms 9.402 ms 9 23.73.112.54 (23.73.112.54) 3.606 ms 3.542 ms 3.
6. At the root prompt, enter usermod -s /bin/bash linuxadmin to enable the linuxadmin user. root@OS10: /# usermod -s /bin/bash linuxadmin 7. Verify the linuxadmin password status by entering the passwd -S linuxadmin command. If the password is locked, L is displayed following linuxadmin in the command output. Unlock the password by entering the passwd -u linuxadmin command.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Dell EMC Network Operating System (OS10) *-* *-* Copyright (c) 1999-2018 by Dell Inc. All Rights Reserved. *-* *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*This product is protected by U.S. and international copyright and intellectual property laws. Dell EMC and the Dell EMC logo are trademarks of Dell Inc.
s4048t-1# configure terminal s4048t-1(config)# 9. Configure the recovered password for the user name using the username password role command in CONFIGURATION mode; for example: s4048t-1(config)# username admin password admin12345 role sysadmin Restore factory defaults To restore your system factory defaults, reboot the system to ONIE: Uninstall OS mode. CAUTION: Restoring factory defaults erases any installed operating system and requires a long time to erase storage.
SupportAssist The SupportAssist feature monitors the devices in your network that run the Dell EMC Networking Operating System. This feature offers an extra layer of service to your IT support capabilities by: ● Identifying issues and helping you resolve them quickly. ● Proactively monitoring the network and minimizing the risk of downtime. SupportAssist periodically collects information about configuration, inventory, logs, and so on, from the network devices.
2. Accept the EULA. OS10(config)# eula-consent support-assist accept 3. Enter SupportAssist mode from CONFIGURATION mode. OS10(config)# support-assist OS10(conf-support-assist)# 4. (Required) Specify the SupportAssist server URL or IP address in SUPPORT-ASSIST mode, and specify your Dell Digital Locker (DDL) credentials to access the SupportAssist server. This account must have entitlements to the OS10 switch in DDL. You can enter default to specify the SupportAssist server URL (https://esrs3.emc.com).
Configure SupportAssist company OS10(conf-support-assist)# contact-company name ExampleCompanyName OS10(conf-support-assist-ExampleCompanyName)# address city San Jose state California country USA zipcode 95125 OS10(conf-support-assist-ExampleCompanyName)# street-address "123 Example Street" "Bldg 999" OS10(conf-support-assist-ExampleCompanyName)# territory Sales Set contact information Configure contact details in SUPPORT-ASSIST mode.
○ hourly min number—Enter the time to schedule an hourly task, from 0 to 59. ○ daily hour number min number—Enter the time to schedule a daily task, from 0 to 23 hours and 0 to 59 minutes. ○ weekly day-of—week number hour number min number—Enter the time to schedule a weekly task, from 0 to 6 days, 0 to 23 hours, and 0 to 59 minutes. ○ monthly day number hour number min number—Enter the time to schedule a monthly task, from 1 to 31 days, 0 to 23 hours, and 0 to 59 minutes.
16:15:19 event-notification 16:04:39 keep-alive 17:30:03 Success 2019-06-13 16:04:35 2019-06-13 Success 2019-06-13 18:00:00 2019-06-13 Server Status : Last KeepAlive Status Last KeepAlive Successful Last KeepAlive Failed at Last MFT Status : Last MFT Successful at : Last MFT Failed at : : Failed at : 2019-06-13 17:30:03 : 2019-06-13 18:00:03 Success 2019-06-13 16:15:19 Never View EULA license OS10# show support-assist eula SUPPORTASSIST ENTERPRISE - SOFTWARE TERMS *** IMPORTANT INFORMATION - PLEASE
Table 137.
Table 137.
Table 137.
Table 137.
Table 137.
Table 137.
Table 137. Country names and codes Country name Country code Uruguay URY Uzbekistan UZB Vanuatu VUT Venezuela, Bolivarian Republic of VEN Viet Nam VNM Virgin Islands, British VGB Virgin Islands, U.S. VIR Wallis and Futuna WLF Western Sahara ESH Yemen YEM Zambia ZMB Zimbabwe ZWE SupportAssist commands eula-consent Accepts or rejects the SupportAssist end-user license agreement (EULA).
show eula-consent support-assist Displays the status of the SupportAssist End User License Agreement, whether it is accepted or rejected. Syntax show eula-consent support-assist Parameters None Default Rejected Command Mode EXEC Usage Information Use this command to view the status of the SupportAssist EULA. Example Supported Releases Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0E(R3S). Also supported in SmartFabric mode starting in release 10.5.0.
○ min number—Enter the keyword and specify the minute to schedule the task, 0–59. ● monthly—Schedules a monthly task: ○ day number—Enter the keyword and number for the day of the month to schedule the task, 1–31. ○ hour number—Enter the keyword and specify the hour to schedule the task, 0–23. ○ min number—Enter the keyword and specify the minute to schedule the task, 0–59. ● yearly—Schedules a yearly task: ○ month number—Enter the keyword and specify the month in which to schedule the task, 1–12.
Examples OS10(conf-support-assist)# activity event-notification enable OS10(conf-support-assist)# activity full-transfer enable Supported Releases 10.2.0E or later contact-company Configures the company contact information. Syntax contact-company name company-name Parameters company-name—Enter the contact company name. Default Not configured Command Mode SUPPORT-ASSIST Usage Information You can enter only one contact company.
show configuration Displays the SupportAssist configuration currently running on the device. Syntax show configuration Parameters None Default Not configured Command Mode SUPPORT-ASSIST Usage Information Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0(R3S). Also supported in SmartFabric mode starting in release 10.5.0. Example Supported Releases OS10(conf-support-assist)# show configuration ! support-assist server url https://esrs3stg.emc.
phone primary 0001234567 alternate 1234567890 preferred-method email Supported Releases 10.2.0E or later show support-assist eula Displays the EULA for SupportAssist. Syntax show support-assist eula Parameters None Default None Command Mode EXEC Usage Information Use this command to view the EULA for SupportAssist. Example Supported Releases Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0(R3S).
City State Country Zipcode Territory Contact-person Primary email Alternate email Primary phone Alternate phone Contact method Server(configured) : : : : : : : : : : : : SanJose California USA 95123 West Firstname Lastname youremail@example.com emailid@example.
Examples OS10(conf-support-assist)# source-interface ethernet 1/1/4 OS10(conf-support-assist)# source-interface loopback 1 OS10(conf-support-assist)# source-interface mgmt 1/1/1 OS10(conf-support-assist)# source-interface port-channel 10 OS10(conf-support-assist)# source-interface vlan 100 Supported Releases 10.4.0E(R1) or later SupportAssist company commands address Configures the company address.
The no version of this command removes the configuration. Example Supported Releases OS10(conf-support-assist-ExampleCompanyName)# contact-person first Firstname last Lastname 10.2.0E or later street-address Configures the street address of the company. Syntax street-address {line-1} [line-2] [line-3] Parameters line-1 line-2 line-3 — Enter the address of the company, from 1 to 3 lines. Enclose the text within double quotes. Insert a space after each line of text.
Parameters email-id—Enter the email address of the contact person. Default Not configured Command Mode SUPPORT-ASSIST Usage Information Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0(R3S). Also supported in SmartFabric mode starting in release 10.5.0. The no version of this command removes the configuration. Example Supported Releases OS10(conf-support-assist-ExampleCompanyName-FirstnameLastname)# emailaddress primary youremail@example.
Examples OS10(conf-support-assist-ExampleCompanyName-FirstnameLastname)# preferred-method email OS10(conf-support-assist-ExampleCompanyName-FirstnameLastname)# preferred-method phone OS10(conf-support-assist-ExampleCompanyName-FirstnameLastname)# preferred-method no-contact Supported Releases 10.2.0E or later Support bundle The Support Bundle is based on the sosreport tool.
Support bundle generation failure Apr 19 17:0:14: %Node.1-Unit.1:PRI:OS10 %log-notice:SUPPORT_BUNDLE_FAILURE: Failure in generate support-bundle execution:All Plugin options disabled Apr 19 17:0:14: %Node.1-Unit.1:PRI:OS10 %log-notice:SUPPORT_BUNDLE_FAILURE: Failure in generate support-bundle execution:All Plugin options enabled generate support-bundle Generates an sosreport tar file that collects configuration and diagnostic information on Linux systems.
All stateful events of severity level CRITICAL, MAJOR, MINOR, or WARNING trigger alarms. However, you can customize the severity of events or turn off event notification using Severity profiles. Triggered alarms are in one of these states: ● Active—Alarm is raised and is currently active. ● Acknowledged—Alarm is raised; the user is aware of the situation and acknowledged the alarm. This alarm does not impact the overall health of the system or the system LED.
2019-03-27T15:24:06Z 2019-04-01T11:22:33Z 46741 456 default.xml custom.xml 2. Copy one of the available severity profiles to a remote host. OS10# copy severity-profile://default.xml scp://username:password@a.b.c.d/dir-path/ mySevProf.xml 3. Modify the .xml file with changes as required. NOTE: When you modify the xml file, you must select one of the following severities: ● CRITICAL ● MAJOR ● MINOR ● WARNING ● INFORMATIONAL If you want OS10 to generate the event, set the Enable flag to true.
● ● ● ● ● ● ● log-crit—Critical conditions log-err—Error conditions log-warning—Warning conditions log-notice—Normal, but significant conditions (default) log-info—Informational messages log-debug—Debug messages Enter the minimum severity level for logging to the console in CONFIGURATION mode. logging console severity ● Enter the minimum severity level for logging to the system log file in CONFIGURATION mode.
● X.509v3 PKI certificates are configured on a certification authority (CA) and installed on the switch. Both the switch and syslog server exchange a public key in a signed X.509v3 certificate to authenticate each other. For more information, see X.509v3 certificates. ● You configure a security profile for system logging as described in Security profiles. Configure system logging over TLS 1. Copy an X.
If you reconfigure the certificate assigned to a crypto security profile, Syslog TLS servers are automatically updated to use new certificate-key pair. If you delete a certificate from a configured crypto security profile, system logging over TLS fails. A host certificate is required for the protocol exchange with an external device. 4. Configure a remote TLS server to receive system messages in CONFIGURATION mode.
The show logging command accepts the following parameters: ● log-file — Provides a detailed log including both software and hardware saved to a file. ● process-names — Provides a list of all processes currently running which can be filtered based on the process-name. View logging log-file OS10# show logging log-file Jun 1 05:01:46 %Node.1-Unit.1:PRI:OS10 %log-notice:ETL_SERVICE_UP: ETL service is up Jun 1 05:02:06 %Node.1-Unit.
-------------------------------------------Thermal sensors Unit Sensor-Id Sensor-name Temperature --------------------------------------------------------1 1 T2 temp sensor 28 1 2 system-NIC temp sensor 25 1 3 Ambient temp sensor 24 1 4 NPU temp sensor 40 --------------------------------------------------------- Link-bundle monitoring Monitoring link aggregation group (LAG) bundles allows the traffic distribution amounts in a link to look for unfair distribution at any given time.
event severity-profile Configures a severity profile to change the severity of events, or turn off event notifications. Syntax event severity-profile {default | profile-name} Parameters profile-name—Name of the custom severity profile, a maximum of 64 characters. The file extension, .xml is optional. Default Default.xml Command Mode EXEC Usage Information Configures a severity profile to change the characteristics of events.
Command Mode EXEC Usage Information None Example show alarms acknowledged Sq No Severity Name Timestamp Source ------------------------------------------------------------------- -------------100071 warning EQM_FAN_FAULT_MINOR Tue Jul 23 13:53:47 2019 /psu/1/fan/1 100072 critical EQM_FAN_FAULT_MAJOR Tue Jul 23 13:53:47 2019 /psu/1 Supported Releases 10.2.0E or later show alarms details Displays details about active alarms.
Acknowledged: true ------------------------------------------Supported Releases 10.2.0E or later show alarms sequence Displays information corresponding to the active alarm based on the sequence number that you specify. Syntax show alarms sequence sequence-number Parameters ● sequence-number — Enter the sequence number corresponding to the active alarm. Default None Command Mode EXEC Usage Information Use the show alarms command to view all active alarms.
Name: Description: Raise-time: Ack-time: New: State: Example (Critical) EQM_THERMAL_WARN_CROSSED Sat 10-06-2018 0:1:5 Sun 10-07-2018 20:39:47 true raised OS10# show alarms severity critical Active-alarm details - 0 ------------------------------------------Sequence Number: 1 Severity: critical Type: 1081367 Source: Node.1-Unit.
Supported Releases 10.2.0E or later show event history Displays the history of all events with the latest at the top of the output. Syntax show event history [summary] [reverse] [severity severity-name] [details] [sequence sequence-number] Parameters ● summary—Displays a summary of the event history. ● reverse—Displays a summary of the event history from the beginning, with the oldest event listed at the top of the output.
Example (details) Example (summary) OS10# show event history details Event History Details - 2 ------------------------------------------Sequence Number: 2 Severity: informational Name: IFM_ASTATE_UP Description: Dummy Event Timestamp: Fri May 03 18:13:07 2019 Source: State: stateless ------------------------------------------Event History Details - 1 ------------------------------------------Sequence Number: 1 Severity: informational Name: IFM_ASTATE_UP Description: Dummy Event Timestamp: Fri May 03 18:1
Logging commands clear logging Clears messages in the logging buffer. Syntax clear logging log-file Parameters None Default Not configured Command Mode EXEC Usage Information Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0E(R3S). Also supported in SmartFabric mode starting in release 10.5.0.1. Example OS10# clear logging log-file Proceed to clear the log file [confirm yes/no(default)]: Supported Releases 10.2.
logging enable Enables system logging. Syntax logging enable Parameters None Default Enabled Command Mode CONFIGURATION Usage Information Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0E(R3S). Also supported in SmartFabric mode starting in release 10.5.0.1. The no version of this command disables all logging. Example Supported Releases OS10(config)# logging enable 10.2.
logging monitor Set the minimum severity level for logging to the terminal lines. Syntax logging monitor severity severity-level Parameters severity-level — Set the minimum logging severity level: ● log-emerg — Set the system as unusable. ● log-alert — Set to immediate action is needed. ● log-crit — Set to critical conditions. ● log-err — Set to error conditions. ● log-warning — Set to warning conditions. ● log-notice — Set to normal but significant conditions, the default.
● tcp | udp | tls port-number — (Optional) Send syslog messages using TCP, UDP, or TLS transport to a specified port on a remote logging server, from 1 to 65535. ● severity-level — (Optional) Set the logging threshold severity: ○ log-emerg — System is unusable. ○ log-alert — Immediate action is needed.
Example (Process-Names) Supported Releases OS10# show logging process-names dn_pas_svc dn_system_mgmt_ dn_env_tmpctl dn_pm dn_eth_drv dn_etl dn_eqa dn_alm dn_eqm dn_issu dn_swupgrade dn_ifm dn_ppm dn_l2_services dn_dot1x dn_l3_core_serv dn_policy dn_qos dn_switch_res_m dn_ospfv3 dn_lacp dn_i3 dn_supportassis --More-10.2.0E or later show trace Displays trace messages.
be conv erted to SAI types (func:2359312) May 23 17:10:04 OS10 base_nas: [NDI:NDI-SAI], NDI (23 59344) May 23 17:10:04 OS10 base_nas: [NDI:NDI-SAI], NDI (23 59345) May 23 17:10:04 OS10 base_nas: [NDI:NDI-SAI], NDI (23 59346) May 23 17:10:04 OS10 base_nas: [NDI:NDI-SAI], NDI (23 59319) May 23 17:10:08 OS10 base_nas: [NETLINK:NHEVENT]:ds_api_linux_neigh.c:nl_to_nei --More-Supported Releases Invalid operation type for Invalid operation type for Invalid operation type for Invalid operation type for 10.2.
To log in to OS10 and access the command-line interface, enter su — admin at the Linux shell prompt, then admin as the password. linuxadmin@OS10:~$ su - admin Password: admin OS10# Frequently asked questions This section contains answers to frequently asked questions for ONIE-enabled devices. ● Installation contains information about how to enter ONIE: Install mode after a reboot, find information about your specific switch, how to log into the OS10 shell, and so on.
Configuration How do I enter CONFIGURATION mode? Use the configure terminal command to change from EXEC mode to CONFIGURATION mode. I made changes to the running configuration file but the updates are not showing. How do I view my changes? Use the show running-configuration command to view changes that you have made to the running-configuration file.
Access control lists How do I setup filters to deny or permit packets from an IPv4 or IPv6 address? Use the deny or permit commands to create ACL filters. How do I clear access-list counters? Use the clear ip access-list counters, clear ipv6 access-list counters, or clear mac access-list counters commands. How do I setup filters to automatically assign sequencer numbers for specific addresses? Use the seq deny or seq permit commands for specific packet filtering.
29 Support resources The Dell EMC Support site provides a range of documents and tools to assist you with effectively using Dell EMC devices. Through the support site you can obtain technical information regarding Dell EMC products, access software upgrades and patches, download available management software, and manage your open cases. The Dell EMC support site provides integrated, secure access to these services. To access the Dell EMC Support site, go to www.dell.com/support/.