Dell EMC SmartFabric OS10 User Guide Release 10.5.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2019 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Change history........................................................................................................................... 28 2 Getting Started.......................................................................................................................... 31 Switch with factory-installed OS10....................................................................................................................................31 Log in .........................................
hostname........................................................................................................................................................................ 64 license..............................................................................................................................................................................64 lock................................................................................................................................................
ZTD CLI batch file..............................................................................................................................................................100 Post-ZTD script................................................................................................................................................................. 100 ZTD commands...........................................................................................................................................
Support for SmartFabric Director....................................................................................................................................125 gRPC Network Management Interface agent............................................................................................................... 125 Lifecycle Management using SmartFabric Director...................................................................................................... 127 SmartFabric Director commands......
10 Interfaces............................................................................................................................... 216 Ethernet interfaces............................................................................................................................................................216 Unified port groups............................................................................................................................................................
fec..................................................................................................................................................................................257 interface breakout....................................................................................................................................................... 258 interface ethernet.......................................................................................................................................
Replace an IOM in SmartFabric.................................................................................................................................290 12 Fibre Channel..........................................................................................................................294 Fibre Channel over Ethernet........................................................................................................................................... 295 Configure FIP snooping...............
vfabric (interface)....................................................................................................................................................... 345 vlan................................................................................................................................................................................ 346 FIP-snooping commands...................................................................................................................................
Basic TLVs....................................................................................................................................................................388 Organizationally specific TLVs................................................................................................................................... 388 Media endpoint discovery..........................................................................................................................................
14 Layer 3................................................................................................................................... 474 Virtual routing and forwarding......................................................................................................................................... 474 Configure management VRF......................................................................................................................................
Weight attribute.......................................................................................................................................................... 535 Enable multipath.......................................................................................................................................................... 536 Route-map filters.................................................................................................................................................
Access-list to match route-map................................................................................................................................669 Set address to match route-map.............................................................................................................................. 670 Assign route-map to interface................................................................................................................................... 670 View PBR information....
PIM terminology........................................................................................................................................................... 721 Standards compliance..................................................................................................................................................721 PIM-SM.................................................................................................................................................................
show virtual-network...................................................................................................................................................813 show virtual-network counters.................................................................................................................................. 813 show virtual-network interface counters..................................................................................................................
AAA authentication............................................................................................................................................................ 921 User re-authentication......................................................................................................................................................922 Password strength............................................................................................................................................
line vty...........................................................................................................................................................................947 logging audit enable.....................................................................................................................................................948 login concurrent-session limit..............................................................................................................................
Flow table..................................................................................................................................................................... 989 Group table.................................................................................................................................................................. 990 Meter table...............................................................................................................................................
ACL flow-based monitoring............................................................................................................................................1028 Enable flow-based monitoring........................................................................................................................................1029 View ACL table utilization report...................................................................................................................................
permit tcp................................................................................................................................................................... 1053 permit tcp (IPv6)....................................................................................................................................................... 1053 permit udp.....................................................................................................................................................
set comm-list add...................................................................................................................................................... 1083 set comm-list delete.................................................................................................................................................. 1084 set community..........................................................................................................................................................
hardware deep-buffer-mode.....................................................................................................................................1132 match........................................................................................................................................................................... 1132 match cos..............................................................................................................................................................
show qos headroom-pool buffer-statistics-tracking............................................................................................. 1154 show qos ingress buffers interface.......................................................................................................................... 1155 show qos ingress buffer-statistics-tracking........................................................................................................... 1155 show qos ingress buffer-stats interface.......
show vlt vlt-port-detail.............................................................................................................................................. 1199 vlt-domain...................................................................................................................................................................1200 vlt-port-channel..................................................................................................................................................
Source interface configuration....................................................................................................................................... 1251 View sFlow information...................................................................................................................................................1252 sFlow commands.........................................................................................................................................................
Packet analysis............................................................................................................................................................1281 Port adapters and modules.......................................................................................................................................1282 Test network connectivity........................................................................................................................................
1 Change history The following table provides an overview of the changes to this guide from a previous OS10 release to 10.5.0.3 release. For more information about the new features, see the respective sections. Table 1. New in 10.5.0.3 Revision Date Feature Description A03 2019–12-06 Enable SmartFabric Services on the switches Enable or disable SmartFabric Services in an OS10 switch using OS10 CLI.
Revision Date Feature Description Untagged VLANs support in SmartFabric Services mode Use any untagged VLAN In SmartFabric Services mode for FCoE uplinks and FCoE supported server ports, which are part of the FCoE VLAN. Lifecycle Management using SmartFabric Director The gNMI agent processes image upgrade or downgrade requests from the SmartFabric Director server. The server sends these requests to the gNMI agent using Google Network Operating Interface (gNOI) API calls.
Revision 30 Date Change history Feature Description SupportAssist New updates to SupportAssist for enterprise systems. System clock Configure daylight savings time configuration. System logging over TLS Encrypt logged system messages sent to a syslog server using the Transport Layer Security (TLS) protocol. VLAN name TLVs Configure OS10 to advertise TLVs with the names of VLANs in LLDP PDUs.
2 Getting Started Dell EMC SmartFabric OS10 is a network operating system (NOS) supporting multiple architectures and environments. The SmartFabric OS10 solution allows multi-layered disaggregation of network functionality. SmartFabric OS10 bundles industry-standard management, monitoring, and Layer 2 and Layer 3 networking stacks over CLI, SNMP, and REST interfaces. Users can choose their own third-party networking, monitoring, management, and orchestration applications.
On a factory-installed OS10 switch, you can perform these tasks after logging in: • • • Check the OS10 version. Upgrade the OS10 image. Re-install the license. If OS10 is pre-installed on a switch, zero-touch deployment (ZTD) is enabled by default. You can configure ZTD to install a new OS10 image. For more information about how to automate switch deployment, see Zero-touch deployment.
• To check the OS10 versions available for download, follow the procedure in OS10 upgrade->Download OS10 for upgrade. Check OS10 version OS10# show version Dell EMC Networking OS10 Enterprise Copyright (c) 1999-2019 by Dell Inc. All Rights Reserved. OS Version: 10.5.0.0 Build Version: 10.5.0.
NOTE: On an MX-Series I/O module, install OS10 upgrades in downloaded DUP files by following the instructions in the Dell EMC SmartFabric OS10 Release Notes—Release 10.5.0. 1. (Optional) Back up the current running configuration to the startup configuration in EXEC mode. OS10# copy running-configuration startup-configuration 2. Back up the startup configuration (startup.xml) in EXEC mode. OS10# copy config://startup.xml config://backup_filepath 3.
Standby Build Date/Time: Next-Boot: 2019-07-27T17:31:55Z active[B] 9. Reload the new software image in the standby partition in EXEC mode. OS10# reload 10. Use the show version command in EXEC mode to verify that the downloaded OS10 image is installed as the current running version. The running OS10 image is in the active partition. OS10# show version Dell EMC Networking OS10 Enterprise Copyright (c) 1999-2019 by Dell Inc. All Rights Reserved. OS Version: 10.5.0.0 Build Version: 10.5.0.
image cancel Cancels an image or firmware file download that is in progress. Syntax image cancel Parameters None Default Not configured Command Mode EXEC Usage Information The image cancel command cancels a file download from a server, such as an OS10 binary image or firmware upgrade, that is in progress. After an image download completes, the command has no effect. The command also removes any pending firmware upgrades on the switch. Example Supported Releases OS10# image cancel 10.2.
Use the show image status command to view the download progress. When using the scp and sftp options, always enter an absolute file path instead of a path relative to the home directory of the user account; for example: image download sftp://dellos10:password@10.1.1.1/home/dellos10/images/ PKGS_OS10EE-10.4.3.bin Example Supported Releases OS10# image download sftp://dellos10:adminTo%40%20@10.1.1.1/home/dellos10/ images/PKGS_OS10-Enterprise-10.4.0E.55-installer-x86_64.bin 10.2.
Example (Detail) Supported Releases OS10# show boot detail Current system image information detail: ========================================== Type: Node-id 1 Boot Type: Flash Boot Active Partition: B Active SW Version: 10.5.0.0 Active SW Build Version: 10.5.0.270 Active Kernel Version: Linux 4.9.168 Active Build Date/Time: 2019-07-29T23:35:01Z Standby Partition: A Standby SW Version: 10.5.0EX Standby SW Build Version: 10.5.0EX.252 Standby Build Date/Time: 2019-07-27T17:31:55Z Next-Boot: active[B] 10.2.
Name Version Result --------------------------------------------------------- ---------------------------onie-firmware-x86_64-dellemc_s5200_c3538-r0.3.40.5.1-6. 3.40.5.1-6 Success onie-updater 3.40.1.1-5 Fail onie-updater-x86_64-dellemc_s5200_c3538-r0.3.40.1.1-6 3.40.1.1-6 Fail Supported Releases 10.5.0 or later show image status Displays image transfer and installation information.
OS Version: 10.5.0.0 Build Version: 10.5.0.270 Build Time: 2019-07-29T23:35:01+0000 System Type: S4148F-ON Architecture: x86_64 Up Time: 1 day 00:54:13 Supported Releases 10.2.0E or later Check OS10 license To check the status of the pre-installed OS10 license, use the show license status command. A factory-installed OS10 image runs with a perpetual license. A perpetual license allows you to run OS10 beyond the 120-day trial period.
An OS10 image that you download has a 120-day trial license and requires a perpetual license to run beyond the trial period. For more information, see the Setup Guide that is shipped with your device and the following FAQs: • • Frequently asked Questions My Account FAQs To install an OS10 image and extend the OS10 license beyond the trial period on a Dell EMC ONIE switch with no OS installed: 1.
download the DUP files to upgrade OS10 on an MX9116n and MX5108n switch, see the Dell EMC SmartFabric OS10 Release Notes—Release 10.5.0. 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. Sign into DDL using your account credentials. Locate your entitlement ID and order number that is sent by email, and then select the product name. On the Product page, the Assigned To field on the Product tab is blank. Click Key Available for Download.
• • • • • Rescue — Boots to the ONIE prompt and enables manual installation of an OS10 image or ONIE update. Uninstall OS — Deletes the contents of all disk partitions, including the OS10 configuration, except ONIE and diagnostics. Update ONIE — Installs a new ONIE version. Embed ONIE — Formats the disk and installs ONIE. EDA DIAG — Runs the system diagnostics.
Welcome to GRUB! GNU GRUB version 2.02~beta2+e4a1fe391 OS10-B EDA-DIAG ONIE Booting `OS10-A' Loading OS10 ... [ 3.883826] kvm: already loaded the other module [ 3.967628] dummy-irq: no IRQ given. Use irq=N [ 3.973212] mic_init not running on X100 ret -19 [ 3.980168] esas2r: driver will not be loaded because no ATTO esas2r devices were found [ 4.021676] mtdoops: mtd device (mtddev=name/number) must be supplied [ 5.092316] i8042: No controller found [ 5.
4. Create a USB mount location on the system. $ mkdir /mnt/media 5. Identify the path to the USB drive. $ fdisk -l 6. Mount the USB media plugged in the USB port on the device. $ mount -t vfat usb-drive-path /mnt/media 7. Install the software from the USB, where /mnt/media specifies the path where the USB partition is mounted. $ onie-nos-install /mnt/media/image_file The ONIE auto-discovery process discovers the image file at the specified USB path, loads the software image, and reboots the switch.
Install OS10 license If OS10 is factory-loaded on your switch, you do not need to install an OS10 license. If you download OS10 on a trial basis, OS10 comes with a 120-day trial license. To continue with uninterrupted use, purchase and install a perpetual license to avoid the OS10 device rebooting every 72 hours after 120 days. After you install OS10 and log in, install the perpetual license to run OS10 Enterprise Edition beyond the trial period. The OS10 license is installed in the /mnt/license directory.
Task Start: Task End: Transfer Progress: Transfer Bytes: File Size: Transfer Rate: 2019-02-15T00:46:35Z 2019-02-15T00:46:36Z 100 % 3795 bytes 3795 bytes 8 kbps 3. Verify that the license is present in the home directory of your system. OS10# dir home Directory contents for folder: home Date (modified) Size (bytes) Name --------------------- ------------ ----------------------2019-02-15T00:47:25Z 3795 0A900Q2-NOSEnterprise-License.XML 4.
• • If the remote server is reachable through a front-panel port, check if the static or dynamic route is present. If the ping is successful and the FTP or TFTP log on to a remote server does not register a response, check if there is a firewall in the transfer path that is blocking the transfer protocol. 4. Install the server with the license file on the same subnet as the switch. 5. Check if the server is up and running.
3. Configure an IPv4 or IPv6 address on the Management interface in INTERFACE mode. ip address A.B.C.D/mask ipv6 address A:B/prefix-length 4. Enable the Management interface in INTERFACE mode. no shutdown Configure Management interface OS10(config)# interface OS10(conf-if-ma-1/1/1)# OS10(conf-if-ma-1/1/1)# OS10(conf-if-ma-1/1/1)# mgmt 1/1/1 no ip address dhcp ip address 10.1.1.
• Create a user name and password in CONFIGURATION mode. username username password password role role • • • username username — Enter a text string. A maximum of 32 alphanumeric characters; 1 character minimum. password password — Enter a text string. A maximum of 32 alphanumeric characters; 9 characters minimum. role role — Enter a user role: • • • • sysadmin — Full access to all commands in the system, exclusive access to commands that manipulate the file system, and access to the system shell.
3 CLI Basics The OS10 CLI is the software interface you use to access a device running the software — from the console or through a network connection. The CLI is an OS10-specific command shell that runs on top of a Linux-based OS kernel. By leveraging industry-standard tools and utilities, the CLI provides a powerful set of commands that you can use to monitor and configure devices running OS10.
• After you explicitly enter the commit command to save changes to the candidate configuration, the session switches back to the default behavior of automatically saving the configuration changes to the running configuration. When a session terminates while in the Transaction-Based Configuration mode, and you have not entered the commit command, the changes are maintained in the candidate configuration.
• Enter show ? from EXEC mode to view a list of commands to monitor a device; for example: OS10# show ? acl-table-usage alarms alias bfd boot candidate-configuration class-map clock ...
2 up NORMAL 1 13151 up 3 up NORMAL 1 13239 up 4 up NORMAL 1 13239 up Command help To view a list of valid commands in any CLI mode, enter ?; for example: OS10# ? alarm alias batch boot clear clock commit configure copy crypto ... ping ping6 reload show start support-assist-activity system terminal traceroute unlock validate write ztd OS10(config)# ? aaa alias banner bfd class-map clock control-plane crypto dcbx default dot1x ...
To check differences between the running configuration and the candidate configuration, use the show diff candidateconfiguration running-configuration command. For example, before entering Transaction mode, you can check that no new configuration commands are entered. If the show command does not return output, the candidate-configuration and running-configuration files are the same.
ipv6 forwarding enable username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/ VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH. role sysadmin aaa authentication local snmp-server contact http://www.dell.
When you enter the lock command, users in other active CLI sessions cannot make configuration changes. When you close the CLI session in which you entered the lock command, configuration changes are automatically allowed in all other sessions. OS10# lock OS10# unlock Copy running configuration The running configuration contains the current OS10 system configuration and consists of a series of OS10 commands.
Back up startup file OS10# copy config://startup.xml config://backup-9-28.xml Restore startup file from backup OS10# copy config://backup-9-28.xml config://startup.xml OS10# reload System configuration has been modified. Save? [yes/no]:no Back up startup file to server OS10# copy config://startup.xml scp://userid:password@hostip/backup-9-28.xml Restore startup file from server OS10# copy scp://admin:admin@hostip/backup-9-28.xml config://startup.xml OS10# reload System configuration has been modified.
Display all output OS10# show running-configuration | no-more Common OS10 commands boot Configures the OS10 image to use the next time the system boots up. Syntax boot system [active | standby] Parameters • • Default Not configured Command Mode EXEC active — Reset the running partition as the next boot partition. standby — Set the standby partition as the next boot partition. Usage Information Use this command to configure the OS10 image that is reloaded at boot time.
Example Supported Releases OS10# configure terminal OS10(config)# 10.2.0E or later copy Copies the current running configuration to the startup configuration and transfers files between an OS10 switch and a remote device.
Example: Copy startup configuration OS10# dir config Directory contents for Date (modified) --------------------2017-02-15T20:38:12Z startup.xml folder: config Size (bytes) Name ------------ -----------54525 OS10# copy config://startup.xml scp://os10user:os10passwd@10.11.222.1/home/os10/ backup.xml Example: Retrieve backed-up configuration OS10# copy scp://os10user:os10passwd@10.11.222.1/home/os10/backup.xml home:// config.
• When the config partition has low disk space, a syslog message displays: SYS_STAT_LOW_DISK_SPACE: Warning! Configuration directory has 0.0% free. Please delete unnecessary files from home directory. When you see this error, delete unwanted files from the home directory or you may encounter degraded system performance. Example OS10# delete startup-configuration OS10# delete severity-profile://mySevProf.xml Supported Releases 10.2.0E or later dir Displays files stored in available directories.
discard Discards changes made to the candidate configuration file. Syntax discard Parameters None Default Not configured Command Mode EXEC Usage Information None Example Supported Releases OS10# discard 10.2.0E or later do Executes most commands from all CONFIGURATION modes without returning to EXEC mode. Syntax do command Parameters command — Enter an EXEC-level command.
exit Returns to the next higher command mode. Syntax exit Parameters None Default Not configured Command Mode All Usage Information None Example Supported Releases OS10(conf-if-eth1/1/1)# exit OS10(config)# 10.2.0E or later hostname Sets the system host name. Syntax hostname name Parameters name — Enter the host name of the switch, a maximum of 64 characters. Default OS10 Command Mode CONFIGURATION Usage Information The host name is used in the OS10 command-line prompt.
• • • • • localfs: — (Optional) Install from the local file system (localfs://filepath). scp: — (Optional) Request from the remote file system (scp://userid:passwd@hostip/filepath). sftp: — (Optional) Request from the remote file system (sftp://userid:passwd@hostip/ filepath). tftp: — (Optional) Request from the remote file system (tftp://hostip/filepath). usb: — (Optional) Request from the USB file system (usb://filepath).
Usage Information Management routes are separate from IP routes and are only used to manage the switch through the Management port. To display the currently configured IPv4 and IPv6 management routes, use the show ip management-route and show ipv6 management-route commands. Example (IPv4) OS10(config)# management route 10.10.20.0/24 10.1.1.1 OS10(config)# management route 172.16.0.0/16 managementethernet Example (IPv6) Supported Releases OS10(config)# management route 10::/64 10::1 10.2.
Supported Releases 10.2.0E or later ping Tests network connectivity to an IPv4 device. Syntax ping [vrf {management | vrf-name}] [-4] [-aAbBdDfhLnOqrRUvV] [-c count] [-i interval] [-I interface] [-m mark] [-M pmtudisc_option] [-l preload] [-p pattern] [-Q tos] [-s packetsize] [-S sndbuf] [-t ttl] [-T timestamp_option] [w deadline] [-W timeout] [hop1 ...
• • • • • • • -T timestamp option — (Optional) Set special IP timestamp options. Valid values for timestamp option — tsonly (only timestamps), tsandaddr (timestamps and addresses), or tsprespec host1 [host2 [host3 [host4]]] (timestamp pre-specified hops). -v — (Optional) Verbose output. -V — (Optional) Display the version and exit. -w deadline — (Optional) Enter the time-out value in seconds before the ping exits regardless of how many packets send or receive.
• • • • • • • • • • • • • • • • • • • • • • • • -B — (Optional) Does not allow ping to change the source address of probes. The source address is bound to the address used when the ping starts. -c count — (Optional) Stops the ping after sending the specified number of ECHO_REQUEST packets until the timeout expires. -d — (Optional) Sets the SO_DEBUG option on the socket being used. -D — (Optional) Prints the timestamp before each line.
With the -I option, if you ping a reachable IP address using the IP address of a loopback interface as the source interface, the ping succeeds. However, if you ping a reachable IP address using the name of the loopback interface as the source interface, the ping fails. This is because the system considers the loopback interface as the egress interface. Example Supported Releases OS10# ping6 20::1 PING 20::1(20::1) 56 data bytes 64 bytes from 20::1: icmp_seq=1 ttl=64 time=2.
========================================== Type: Node-id 1 Boot Type: Flash Boot Active Partition: B Active SW Version: 10.5.0.0 Active SW Build Version: 10.5.0.270 Active Kernel Version: Linux 4.9.168 Active Build Date/Time: 2019-07-29T23:35:01Z Standby Partition: A Standby SW Version: 10.5.0EX Standby SW Build Version: 10.5.0EX.252 Standby Build Date/Time: 2019-07-27T17:31:55Z Next-Boot: active[B] Supported Releases 10.2.
Default Not configured Command Mode EXEC Usage Information None Example Example (compressed) OS10# show candidate-configuration ! Version 10.2.9999E ! Last configuration change at Apr 11 10:36:43 2017 ! username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/ VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH. aaa authentication local snmp-server contact http://www.dell.com/support snmp-server location "United States" logging monitor disable ip route 0.0.0.0/0 10.11.58.
Supported Releases 10.2.0E or later show environment Displays information about environmental system components, such as temperature, fan, and voltage.
Supported Releases 10.2.0E or later show ip management-route Displays the IPv4 routes used to access the Management port. Syntax show ip management-route [all | connected | summary] Parameters • • • • all — (Optional) Display the IPv4 routes that the Management port uses. connected — (Optional) Display only routes directly connected to the Management port. summary — (Optional) Display the number of active and non-active management routes and their remote destinations.
show license status Displays license status information. Syntax show license status Parameters None Default Not configured Command Mode EXEC Usage Information Use the show license status command to verify the current license for running OS10, its duration, and the service tag assigned to the switch.
• • • • • • • • • • • • • • • • • • • • • virtual-network vn-id — (Optional) Current virtual network configuration. ip dhcp snooping — (Optional) Current operating DHCP snooping information. lacp — (Optional) Current operating LACP configuration. lldp — (Optional) Current operating LLDP configuration. logging — (Optional) Current operating logging configuration. monitor — (Optional) Current operating monitor session configuration. ospf — (Optional) Current operating OSPF configuration.
Example (compressed) OS10# show running-configuration compressed username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/ VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH. aaa authentication local snmp-server contact http://www.dell.com/support snmp-server location "United States" logging monitor disable ip route 0.0.0.0/0 10.11.58.1 ! interface range ethernet 1/1/1-1/1/32 switchport access vlan 1 no shutdown ! interface vlan 1 no shutdown ! interface mgmt1/1/1 ip address 10.11.58.
! interface ethernet1/1/5 switchport access vlan 1 no shutdown ! --more-Example (compressed) OS10# show startup-configuration compressed username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/ VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH. aaa authentication local snmp-server contact http://www.dell.com/support snmp-server location "United States" ip route 0.0.0.0/0 10.11.58.
Current Type Hardware Revision Software Version Physical Ports BIOS System CPLD Master CPLD Slave CPLD : : : : S4148F X01 10.5.0.0 48x10GbE, 2x40GbE, 4x100GbE : 3.33.0.0-3 : 0.4 : 0.10 : 0.
-- Fan Status -FanTray Status AirFlow Fan Speed(rpm) Status ---------------------------------------------------------------1 up NORMAL 1 13195 up Supported Releases 2 up NORMAL 1 13151 up 3 up NORMAL 1 13239 up 4 up NORMAL 1 13239 up 10.2.0E or later show version Displays software version information.
system Executes a Linux command from within OS10. Syntax system command Parameters command — Enter the Linux command to execute. Default Not configured Command Mode EXEC Usage Information Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0(R3S). Also supported in SmartFabric mode starting in release 10.5.0. Example Supported Releases OS10# system bash admin@OS10:~$ pwd /config/home/admin admin@OS10:~$ exit OS10# 10.2.
Supported Releases 10.4.3.0 or later system identifier Sets a non-default unit ID in a non-stacking configuration. Syntax system identifier system-id Parameters system-id — Enter the system ID, from 1 to 9. Default Not configured Command Mode CONFIGURATION Usage Information The system ID displays in the stack LED on the switch front panel. Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0(R3S). Also supported in SmartFabric mode starting in release 10.5.
• -p port — (Optional) Enter a destination port: • • • • • • • • • • • • • • • For UDP tracing, enter the destination port base that traceroute uses. The destination port number is incremented by each probe. For ICMP tracing, enter the initial ICMP sequence value, incremented by each probe. For TCP tracing, enter the constant destination port to connect. -P protocol — (Optional) Use a raw packet of the specified protocol for traceroute. The default protocol is 253 (RFC 3692).
Default Not configured Command Mode EXEC Usage Information None Example Supported Releases OS10# unlock 10.2.0E or later username password role Creates an authentication entry based on a user name and password, and assigns a role to the user. Syntax username username password password role role [priv-lvl privilege-level] Parameters • • • username username—Enter a text string. A maximum of 32 alphanumeric characters; one character minimum. password password—Enter a text string.
Supported Releases 10.2.0E or later write Copies the current running configuration to the startup configuration file. Syntax write {memory} Parameters memory — Copy the current running configuration to the startup configuration. Default Not configured Command Mode EXEC Usage Information This command has the same effect as the copy running-configuration startup-configuration command. The running configuration is not saved to a local configuration file other than the startup configuration.
4 Advanced CLI tasks Command alias Provides information to create shortcuts for commonly used commands, see Command alias. Batch mode Provides information to run a batch file to execute multiple commands, see Batch mode. Linux shell commands Provides information to run commands from the Linux shell, see Linux shell commands. OS9 commands Provides information to enter configuration commands using an OS9 command syntax, see Using OS9 commands.
View alias information OS10# show alias Name ---govlt goint shconfig showint shver Type ---Config Config Local Local Local Number of config aliases : 2 Number of local aliases : 3 View alias information brief. Displays the first 10 characters of the alias value. OS10# show alias brief Name Type ------govlt Config goint Config shconfig Local showint Local shver Local Value ----"vlt-domain..." "interface ..." "show runni..." "show inter..." "show versi...
• Use the no form of the command to delete an alias in CONFIGURATION mode. no alias alias-name You can modify an existing multi-line alias by entering the corresponding ALIAS mode.
View alias information brief. Displays the first 10 characters of each line of each alias. OS10# show alias brief Name Type ------mTest Config Value ----line 1 "interface ..." line 2 "no shutdow..." line 3 "show confi..." default 1 "ethernet" default 2 "1/1/1" Number of config aliases : 1 Number of local aliases : 0 View alias detail. Displays the entire alias value.
Eth 1/1/8 up 40G A 1 Eth 1/1/9 up 40G A 1 Eth 1/1/10 up 40G A 1 Eth 1/1/11 up 40G A 1 Eth 1/1/12 up 40G A 1 Eth 1/1/13 up 40G A 1 Eth 1/1/14 up 40G A 1 Eth 1/1/15 up 40G A 1 Eth 1/1/16 up 40G A 1 Eth 1/1/17 up 40G A 1 Eth 1/1/18 up 40G A 1 Eth 1/1/19 up 40G A 1 Eth 1/1/20 up 40G A 1 Eth 1/1/21 up 40G A 1 Eth 1/1/22 up 40G A 1 Eth 1/1/23 up 40G A 1 Eth 1/1/24 up 40G A 1 Eth 1/1/25 up 40G A 1 Eth 1/1/26 up 40G A 1 Eth 1/1/27 up 40G A 1 Eth 1/1/28 up 40G A 1 Eth 1/1/29 up 40G A 1 Eth 1/1/30 up 40G A 1 Eth 1/1/
default (alias) Configures default values for input parameters in a multi-line alias. Syntax default n value Parameters • • Default Not configured Command Mode ALIAS n — Enter the number of the argument, from 1 to 9. value — Enter the value for the input parameter. Usage Information To use special characters in the input parameter value, enclose the string in double quotation marks ("). The no version of this command removes the default value.
Example Supported Releases OS10(config)# alias mTest OS10(config-alias-mTest)# line 1 "interface $1 $2" OS10(config-alias-mTest)# line 2 "no shutdown" OS10(config-alias-mTest)# line 3 "show configuration" 10.4.0E(R1) or later show alias Displays configured alias commands available in both Persistent and Non-Persistent modes. Syntax show alias [brief | detail] Parameters • • Default None Command Mode EXEC brief — Displays brief information of the aliases.
Number of config aliases : 3 Number of local aliases : 3 Supported Releases 10.3.0E or later Batch mode To execute a sequence of multiple commands, create and run a batch file. A batch file is an unformatted text file that contains two or more commands. Store the batch file in the home directory. Use the vi editor or any other editor to create the batch file, then use the batch command to run the file. To run a series of commands in batch mode (non-interactive processing), use the batch command.
Usage Information Use this command to create a batch command file on a remote machine. Copy the command file to the home directory on your switch. This command executes commands in batch mode. OS10 automatically commits all commands in a batch file; you do not have to enter the commit command. To display the files stored in the home directory, enter dir home. To view the files stored in the home directory, use the dir home command. Example Supported Releases batch /home/admin/b.
• Use the ifconfig -a command to display the interface configuration. The Linux kernel port numbers that correspond to frontpanel port, port-channel, and VLAN interfaces are displayed. Port-channel interfaces are in boportchannel-number format. VLAN interfaces are in brvlan-id format. In this example, e101-001-0 identifies port 1/1/1.
For example, to use OS9 commands to configure VLAN 11 on Ethernet port 1/1/15: OS10(config)# feature config-os9-style OS10(config)# interface vlan 11 OS10(conf-if-vl-11)# tagged ethernet 1/1/15 OS10(conf-if-vl-11)# show configuration ! interface vlan11 no shutdown tagged ethernet 1/1/15 To disable OS9 configuration-style mode, use the no feature config-os9-style command. feature config-os9-style Enables the command-line interface to accept OS9 command syntaxes.
5 Zero-touch deployment Zero-touch deployment (ZTD) allows OS10 users to automate switch deployment: • • • Upgrade an existing OS10 image. Execute a CLI batch file to configure the switch. Execute a post-ZTD script to perform additional functions. ZTD is enabled by default when you boot up a switch with a factory-installed OS10 for the first time or when you perform an ONIE: OS Install from the ONIE boot menu.
• Write the post-ZTD script in bash or Python. Enter #!/bin/bash or #!/usr/bin/python as the first line in the script. The default python interpreter in OS10 is 2.7. Use only common Linux commands, such as curl, and common Python language constructs. OS10 only provides a limited set of Linux packages and Python libraries. ZTD is disabled by default on automatically provisioned switch fabrics, such as Isilon backend, PowerEdge MX, and VxRail.
ZTD DHCP server configuration For ZTD operation, configure a DHCP server in the network by adding the required ZTD options; for example: option domain-name "example.org"; option domain-name-servers ns1.example.org, ns2.example.org; option ztd-provision-url code 240 = text; default-lease-time 600; max-lease-time 7200; subnet 50.0.0.0 netmask 255.255.0.0 { range 50.0.0.10 50.0.0.254; option routers rtr-239-0-1.example.org, rtr-239-0-2.example.
POST_SCRIPT_FILE="http://50.0.0.1/no_post_script.py" ################### DO NOT MODIFY THE LINES BELOW ####################### sudo os10_ztd_start.sh "$IMG_FILE" "$CLI_CONFIG_FILE" "$POST_SCRIPT_FILE" ######################## **END** ############################### ZTD CLI batch file Create a CLI batch file that ZTD downloads and executes to configure a switch. The ZTD CLI batch file consists of two sections: PRECONFIG and POST-CONFIG.
For example, during the ZTD phase, you can configure only a management VLAN and IP address, then allow an Ansible orchestration server to perform complete switch configuration. Here is a sample curl script that is included in the post-ZTD script to contact an Ansible server: /usr/bin/curl -H "Content-Type:application/json" -k -X POST --data '{"host_config_key":"'7d07e79ebdc8f7c292e495daac0fe16b'"}' -u admin:admin https://10.16.134.
• • • Supported Releases ZTD State — Current ZTD state: initialized, in-progress, successfully completed, failed, or canceled while in progress. Protocol State — Current state of ZTD protocol: initialized, idle while waiting to enable or complete ZTD process, waiting for DHCP post-hook callback, downloading files, installing image, executing pre-config or post-config CLI commands, or executing post-ZTD script file. Reason — Description of a successful or failed ZTD process. 10.4.1.
6 OS10 provisioning OS10 supports automated switch provisioning — configuration and monitoring — using: • • • • RESTCONF API — REST-like protocol that uses HTTPS connections. Use the OS10 RESTCONF API to set up the configuration parameters on OS10 switches with JavaScript Object Notation (JSON)-structured messages. You can use any programming language to create and send JSON messages; see RESTCONF API.
Ansible playbooks use /etc/ansible/hosts as the default inventory file. To specify a different inventory file, use the -i filepath command as an option when you run an Ansible playbook. Ansible playbook file Using playbooks, Ansible can configure multiple devices. Playbooks are human-readable scripts that are expressed in YAML format. An Ansible playbook takes inventory and playbook files as arguments and maps the group of hosts in the inventory files to the tasks listed in the playbook file.
2. Download and install Dell EMC Networking Ansible roles from the Ansible Galaxy web page; for example: $ ansible-galaxy install dell-networking.dellos-users $ ansible-galaxy install dell-networking.dellos-logging $ ansible-galaxy install dell-networking.dellos-ntp 3. Create a directory to store inventory and playbook files; for example: $ mkdir AnsibleOS10 4. Navigate to the directory and create an inventory file. $ cd AnsibleOS10/ $ vim inventory.yaml 5.
state: present dellos_ntp: server: - ip: 3.3.3.3 The dellos_cfg_generate parameter creates a local copy of the configuration commands applied to the remote switch on the Ansible controller node, and saves the commands in the directory defined in the build_dir path. 8. Create a playbook file. $ vim playbook.yaml - hosts: OS10switch-1 OS10switch-2 connection: network_cli roles: - dell-networking.dellos-logging - dell-networking.dellos-users - dell-networking.
7 SmartFabric Services SmartFabric Services (SFS) is an application suite that provides network fabric automation and API-based programmability. A network fabric consists of physical resources, such as servers, switches, logical resources-networks, templates, and uplinks. SFS, which is an OS10 feature, has different personalities that can be used in multiple architectures and environments.
SFS, used in leaf and spine network, creates a fully integrated solution between the fabric and a hyperconverged domain infrastructure such as VxRail. SmartFabric Services for PowerEdge MX SFS is a capability of Dell EMC Networking OS10 Enterprise Edition running on Ethernet switches (IOMs) that are designed for the PowerEdge MX 7000 platform. In the SFS mode, the IOMs operate as a simple Layer 2 input output aggregation device, which enables complete interoperability with network equipment vendors.
In MX platform, SFS provides: • • A single pane of glass to monitor and manage the lifecycle operations on the IOMs. APIs to manage VLT fabric, data uplinks, storage uplinks, and server templates for the entire fabric. In a Dell EMC PowerEdge MX7000 infrastructure, the MX9116n fabric engine and MX5108n Ethernet switch support SFS. For more information about the SmartFabric for the PowerEdge MX platform , see PowerEdge MX Ethernet I/O modules.
• • • • • S4248FB-ON, S4248FBL-ON S5232F-ON, S5248F-ON, S5296F-ON S5212F–ON, S5224F–ON Z9100-ON Z9264F-ON OS10 supported version SFS for leaf and spine is available with OS10 release 10.5.0.0. Out-of-band management network for switches The Out-of-band (OOB) management network is an isolated network for remote management of servers, switches, and storage devices using the respective management ports. An S3048-ON installed in each rack provides 1GE connectivity to the management network.
Internal networks for building a fabric The VLANs in the range from 4000 to 4094 are reserved for SFS internal use. • • • • Cluster control VLAN: VLAN 4000 is used for internal clustering purpose. When SFS detects an ISL, it assigns the ISL to the tagged member of this VLAN. This VLAN is PVST enabled with root bridge that is forced on one of a spine switch. IP-peer VLAN: The VLAN range is from 4001 to 4079, and is used for IP-peer.
Uplinks An uplink is a set of ports that are connected to the customer network. This uplink entity contains a rigid set of network characteristics. Layer 2 Uplinks from leaf nodes Layer 2 uplinks are a set of user-selected ports that belong to same VLT peer nodes on which the Layer 2 network is applied. SFS creates a VLT LAG for these connected ports. If the ports are from a single device, then the VLT LAG is a single armed VLT LAG.
Spanning tree considerations For VXLAN networks, the network must be loop free. SFS does not allow configuration of the same network on multiple uplinks to ensure that no loops are created accidentally. For Layer 3 VLAN networks, RPVST+ is enabled on the uplink interfaces by default. It is recommended not to change the spanning tree type or to disable it.
Leaf: OS10(config)# smartfabric l3fabric enable role LEAF vlti ethernet 1/1/4-1/1/5 Reboot to change the personality? [yes/no]: yes The no smartfabric l3fabric command disables the L3 fabric personality. After you disable the L3 fabric in the switch, the system prompts for confirmation. OS10(config)# no smartfabric l3fabric Reboot to change the personality? [yes/no]: yes You can also enable SFS through the SFS Graphical User Interface (GUI).
• • Mozilla Firefox Microsoft Edge You launch the SFS GUI from the SmartFabric master switch to complete the SFS initial setup. You can access the SFS GUI in HTTPS using the IP address of the master switch that is deployed in the leaf-spine topology. Identify the SmartFabric master switch When you create a Layer 3 fabric in a leaf-spine topology, of all the leaf switches, one leaf switch is selected as the SmartFabric master and the remaining leaf switches are nonmaster switches.
1. 2. 3. 4. Launch the Update Default Fabric, Switch Names and Descriptions wizard. Change the name and description of the network fabric, and click NEXT. Change the name and description of the rack or VLT fabric, and click NEXT. Change the name and description of the switches, and click FINISH. Create Uplink for External Network Connectivity wizard Uplinks enable the network fabric to communicate with the external network. SFS supports Layer 2 and Layer 3 uplinks.
• • 6. 7. 8. 9. 10. Spine — Select a spine switch and an interface or multiple interfaces of the spine switch to be associated with the uplink. Leaf — Select a leaf switch from the rack, and an interface or multiple interfaces of the leaf switch to be associated with the uplink. Select the static or dynamic LAG based on the configuration setup in the external network, and click NEXT. Create a L3 VLAN network by providing name, description, and VLAN ID, and associate to the selected interfaces.
Configure Jump Host wizard A jump host is a designated port to which an external device such as laptop can be connected. You can configure only one port in a leaf switch as a jump port for the external device to connect to L3 fabric. You can select any available port that is not part of an uplink and ICL, and port connected to a server in SmartFabric deployment. This wizard allows you to configure the jump host. To do so: 1. 2. 3. 4. 5. Launch the Configure Jump Host wizard.
• Private Subnet Prefix • Private Prefix Length • Global Subnet Prefix • Global Subnet Length • Client Control VLAN • Client Management VLAN 3. Click OK. NOTE: After you click OK, all the switches in the network fabric reload to apply the fabric setting changes. Fabric operations and life cycle management Dell EMC Open Manage Network Integration (OMNI) is an efficient REST API-based plugin, integrated with VMware's vCenter.
Reboot to change the personality? [yes/no]: yes Example (disable SFS) OS10(config)# no smartfabric l3fabric Reboot to change the personality? [yes/no]: yes Supported Releases 10.5.0.3 or later show smartfabric cluster Displays the basic cluster information of the switch or IOM, where the command is executed. Syntax show smartfabric cluster Parameters None Default None Command Mode EXEC Usage Information This command is supported in both Full Swtich and SmartFabric modes.
Example Supported Releases OS10# show smartfabric cluster member Service-tag IP Address Status Role Type Chassis-Service-Tag ChassisSlot ------------------------------------------------------------9A2HEM3 fde1:53ba:e9a0:de14:2204:fff:fe01:eb90 ONLINE BACKUP 9GB1XC3 fde1:53ba:e9a0:de14:e6f0:4ff:fe3e:45dd ONLINE MASTER 3GB1XC2 fde1:53ba:e9a0:de14:e6f0:4ff:fe3e:3ce4 ONLINE BACKUP 10.5.0.
Parameters None Default None Command Mode EXEC Usage Information Use this command to view detailed description of the configured network profiles. This command is supported in both Full Swtich and SmartFabric modes. For supported platforms, see SmartFabric Services for leaf and spine. Supported on the MX9116n and MX5108n switches starting in release 10.5.0.1. Also available on SFS-supported PowerSwitch platforms starting in release 10.5.0.3.
show smartfabric personality Displays the personality of the node. Syntax show smartfabric personality Parameters None Default None Command Mode EXEC Usage Information The output varies depending on the role of the switch. This command is supported in both Full Swtich and SmartFabric modes. For supported platforms, see SmartFabric Services for leaf and spine. Supported on the MX9116n and MX5108n switches starting in release 10.5.0.1.
Media Type Native Vlan Untagged-network Networks : ETHERNET : 1 : : deb0886c-4a9b-47f2-8220-55afcb1f1756, 9f2bed94-9148-46d8-9df6-3b606c83a472 Configured-Interfaces : 9A2HEM3:ethernet1/1/42, 3GB1XC2:ethernet1/1/42 ------------------------------------------------------------------------------------------------------------------Name : u1 Description : ID : e1c8169e-00dd-4a72-9e42-54485c049591 Media Type : FC Native Vlan : 0 Untagged-network : Networks : d1de8f16-ebd0-4b1a-9689-a802d23b2b26 Configured-Interfa
8 SmartFabric Director SmartFabric Director manages the switches in a data center with or without any virtual infrastructure. SmartFabric Director provides a single view of operating, managing, and troubleshooting of physical and virtual networks. SmartFabric Director features • • • • • • • Define, build, and maintain a Layer 2 or Layer 3 leaf-spine data center fabric (underlay).
To set a security profile for the gNMI agent, enter the following command in CONFIGURATION mode: • OS10(config)#gnmi-security-profile profile-name Activate gNMI agent To activate gNMI agent, set the switch-operating-mode to SmartFabric director mode. NOTE: Changing the switch mode takes effect only after you reload the device.
Table 7. Openconfig system Sensor group name YANG container oc-system • • openconfig-system/system/processes/process openconfig-platform/components/component Table 8. Openconfig environment Sensor group name YANG container oc-environment openconfig-platform/components/component Table 9. Openconfig interface Sensor group name YANG container oc-interface openconfig-interfaces/interfaces/interface Table 10.
Table 14. activate API API Name Description activate Activates the newly installed OS10 image. Activation is a two stage process. In the first stage, the boot partition is set to standby for subsequent boot cycles. In the second stage, a system reload is issued to boot the newly installed OS10 image from the standby partition. The activate-image operation requires a system reload. As a result, the current services are affected. Table 15.
Example Supported releases OS10(config)# switch-operating-mode Full-Switch 10.4.3.0 or later gnmi-security-profile Set the security profile for the gNMI agent. Syntax gnmi-security-profile profile-name Parameters profile-name — Enter the name of the security profile to be associated with the gNMI agent. Default Not configured Command mode CONFIGURATION Usage information Before establishing a connection to the gNMI agent, set a valid application-specific security profile for the gNMI agent.
----------------------------------------------------------------------------10.14.8.102 8443 active OS10# Supported releases 130 10.5.0.
9 System management System banners Provides information to configure a system login and message of the day (MOTD) text banners, see System banners. User session management Provides information to manage the active user sessions, see User session management. Telnet server Provides information to set up Telnet TCP/IP connections on the switch, see Telnet server. To set up secure, encrypted the secure shell (SSH) connections to the switch, see SSH server.
MOTD banner Configure a message of the day banner that displays after you log in. Enter up to 4096 characters. To start and end the MOTD banner, enter a single delimiter character or the key combination ^C. You can enter any character as the delimiter. To enter a MOTD banner text, use the interactive mode. Enter the command with the delimiter character and press Enter. Then enter each line and press Enter. Complete the banner configuration by entering a line that contains only the delimiter character.
... delimiter Parameters • • delimiter — Enter a single delimiter character or the key combination ^C to specify the start and end of the text banner. banner-text — Enter a maximum of 4096 characters. There is no limit on the number of lines. Default The Dell EMC default MOTD banner is displayed after you log in. Command Mode CONFIGURATION Usage Information • • Example Supported releases To enter a MOTD banner text, use the interactive mode.
User session management commands exec-timeout Configures a timeout value for all the user sessions. Syntax exec-timeout timeout-value Parameters timeout-value — Enter the timeout value in seconds, from 0 to 3600. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command disables the timeout. Example Supported Releases OS10(config)# exec-timeout 300 OS10(config)# 10.3.1E or later kill-session Terminates a user session.
Telnet server To allow Telnet TCP/IP connections to an OS10 switch, enable the Telnet server. The OS10 Telnet server uses the Debian telnetd package. By default, the Telnet server is disabled. When you enable the Telnet server, connect to the switch using the IP address configured on the management or any front-panel port. The Telnet server configuration is persistent and is maintained after you reload the switch. To verify the Telnet server configuration, enter the show running-configuration command.
• vrf vrf-name — Enter the keyword vrf followed by the name of the VRF to configure the non-default VRF instance used to reach the Telnet server. Default The Telnet server is reachable on the default VRF. Command Mode CONFIGURATION Usage Information By default, the Telnet server is disabled. To enable the Telnet server, use the telnet enable command. Example Supported Releases OS10(config)# ip telnet server vrf management OS10(config)# ip telnet server vrf vrf-blue 10.4.
Module Standard IEEE8023-LAG-MIB IEEE 802.3ad IF-MIB RFC 2863 IP-FORWARD-MIB RFC 4292 IP-MIB RFC 4293 LLDP-EXT-DOT1-MIB IEEE 802.1AB LLDP-EXT-DOT3-MIB IEEE 802.1AB LLDP-MIB IEEE 802.1AB OSPF-MIB RFC 4750 OSPFV3-MIB RFC 5643 Q-BRIDGE-MIB IEEE 802.
SNMP engine ID An engine ID identifies the SNMP entity that serves as the local agent on the switch. The engine ID is an octet colon-separated number; for example, 00:00:17:8B:02:00:00:01. When you configure an SNMPv3 user, you can specify that a localized authentication and/or privacy key be generated. The localized password keys are generated using the engine ID of the switch. A localized key is more complex and provides greater privacy protection.
Configure SNMP engineID OS10(config)# snmp-server engineID local 80:00:02:b8:04:61:62:63 Display SNMP engineID OS10# show snmp engineID local Local default SNMP engineID: 0x800002a2036c2b59fbd8a0 Configure SNMP views Configure a read-only, read-write, or notify view of the MIB tree structure in the SNMP agent on the switch. The oid-tree value specifies the OID in the MIB tree hierarchy at which a view starts.
Display SNMP groups OS10# show snmp group groupname version notifyview readview : : : : v2group 2c GetsSets readview groupname version security level notifyview readview writeview : : : : : : v3group 3 priv alltraps readview writeview Configure SNMP users Configure user access to the SNMP agent on the switch using group membership. Assign each user to a group and configure SNMPv3specific authentication and encryption settings, and optionally, localized security keys and ACL-based access.
• Encryption algorithms—DES and AES-128 While configuring SNMP users, instead of using plain text passwords, you can use localized keys that are encrypted using authentication and encryption algorithms. To generate the localized keys, use the Snmpkey utility in Linux.
snmp-server host {ipv4–address | ipv6–address} {informs version version-number | traps version version-number | version version-number} [snmpv3-security-level] [community-name] [udp-port port-number] [dom | entity | envmon | lldp | snmp] Configure SNMP v3 informs OS10(config)# snmp-server group Group3 3 priv notify NOTIFY OS10(config)# snmp-server engineID remote 10.1.1.1 0x80000232334abc34d OS10(config)# snmp-server user rem-user Group3 remote 10.1.1.
show snmp group Displays the SNMP groups configured on the switch, including SNMP views and security models. Syntax show snmp group Parameters None Defaults None Command Mode EXEC Usage Information To configure an SNMP group, use the snmp-server group command.
Example Supported Releases OS10# show snmp view view name OID excluded : readview : 1.3.6.5 : True 10.4.2.0 or later snmp-server community Configures an SNMP user community. Syntax snmp-server community name {ro | rw} [acl acl-name] Parameters • • • • community name — Set the community name string to act as a password for SNMPv1 and SNMPv2c access. A maximum of 20 alphanumeric characters. ro — Set read-only access for the SNMP community. rw — Set read-write access for the SNMP community.
snmp-server enable traps Enables SNMP traps on a switch. Syntax snmp-server enable traps [notification-type] [notification-option] Parameters • notification-type notification-option — Enter an SNMP notification type, and optionally, a notification option for the type. Table 19. Notification types and options Notification type Notification option entity — Enable entity change traps. None envmon — Enable SNMP environmental monitor traps. • • • fan — Enable fan traps.
• • • remote ip-address — Enter the IPv4 or IPv6 address of a remote SNMP device that accesses the local SNMP agent. udp-port port-number — Enter the UDP port number on the remote device, from 0 to 65535. remote-engineID — Enter the engine ID that identifies the SNMP agent on a remote device, 0x then by a hexadecimal string). Defaults The local engine ID is generates using the MAC address of the management Ethernet interface.
Command Mode CONFIGURATION Usage Information Use this command to set up the access privileges for a group of SNMP users. Configure the security level for receiving SNMP messages. Specify read-only, read-write, and/or notification access to the SNMP agent. To configure an SNMPv3 user's authentication and privacy settings, use the snmp-server user command. Enter an access acl-name value to limit access to the SNMP agent to only ACL-allowed users. A read-view provides read-only access to the SNMP agent.
An SNMP host does not acknowledge the trap messages and notifications received from the SNMP agent. SNMP hosts send an acknowledgement when receiving informs. Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0E(R3S). Also supported in SmartFabric mode starting in release 10.5.0.1. The no version of the command disables the local agent from sending SNMP traps, informs, or notifications to a host receiver.
• • noauth — (SNMPv3 only) Configure SNMPv3 messages to send without user authentication and privacy encryption. auth — (SNMPv3 only) Include a user authentication key for SNMPv3 messages sent to the user: • • • • md5 — Generate an authentication key using the MD5 algorithm. sha — Generate an authentication key using the SHA algorithm. auth-password — Enter a text string used to generate the authentication key that identifies the user; a maximum of 32 alphanumeric characters maximum.
snmp-server view Configures an SNMPv3 view. Syntax snmp-server view view-name oid-tree [included | excluded] Parameters • • • • Defaults Not configured Command Mode CONFIGURATION view-name — Enter the name of a read-only, read-write, or notify view. A maximum of 32 characters. oid-tree — Enter the SNMP object ID at which the view starts in 12-octet dotted-decimal format. included — (Optional) Include the MIB family in the view. excluded — (Optional) Exclude the MIB family from the view.
version notifyview : 2c : notofy_view groupname version security level readview : : : : snv3group 3 noauth read_view OS10(config)# do show snmp user User name : snuser Group : sngroup Version : 3 Authentication Protocol : SHA OS10(config)# do show snmp view view name : readview OID : 1.3.6.1.2.1.2.2 included : True view name OID excluded : snview : .1 : True System clock OS10 uses the network time protocol (NTP) to synchronize the system clock with a time-serving host.
• • • • standard-timezone-name — Enter a standard time zone name that is supported in Linux. To view a list of supported standard time zone names, see the Time zones and UTC offset reference section. timezone-string — Enter the name of the time zone. hours — Enter the hour offset from UTC, ranging from -23 to 23. minutes - Enter the minute offset from UTC, ranging from 0 to 59. Set time and date OS10# clock set 13:00:00 2018-08-30 View system time and date OS10# show clock 2018-08-30T13:01:01.
Continent/Country America City UTC offset El_Aaiun +00:00 Freetown +00:00 Gaborone +02:00 Harare +02:00 Johannesburg +02:00 Juba +03:00 Kampala +03:00 Khartoum +02:00 Kigali +02:00 Kinshasa +01:00 Lagos +01:00 Libreville +01:00 Lome +00:00 Luanda +01:00 Lubumbashi +02:00 Lusaka +02:00 Malabo +01:00 Maputo +02:00 Maseru +02:00 Mbabane +02:00 Mogadishu +03:00 Monrovia +00:00 Nairobi +03:00 Ndjamena +01:00 Niamey +01:00 Nouakchott +00:00 Ouagadougou +00:
Continent/Country 154 System management City UTC offset Argentina/ComodRivadavia −03:00 Argentina/Cordoba −03:00 Argentina/Jujuy −03:00 Argentina/La_Rioja −03:00 Argentina/Mendoza −03:00 Argentina/Rio_Gallegos −03:00 Argentina/Salta −03:00 Argentina/San_Juan −03:00 Argentina/San_Luis −03:00 Argentina/Tucuman −03:00 Argentina/Ushuaia −03:00 Aruba −04:00 Asuncion −04:00 Atikokan −05:00 Atka −10:00 Bahia −03:00 Bahia_Banderas −06:00 Barbados −04:00 Belem −03:00 Belize
Continent/Country City UTC offset Danmarkshavn +00:00 Dawson −08:00 Dawson_Creek −07:00 Denver −07:00 Detroit −05:00 Dominica −04:00 Edmonton −07:00 Eirunepe −05:00 El_Salvador −06:00 Ensenada −08:00 Fort_Nelson −07:00 Fort_Wayne −05:00 Fortaleza −03:00 Glace_Bay −04:00 Godthab −03:00 Goose_Bay −04:00 Grand_Turk −05:00 Grenada −04:00 Guadeloupe −04:00 Guatemala −06:00 Guayaquil −05:00 Guyana −04:00 Halifax −04:00 Havana −05:00 Hermosillo −07:00 Indiana/In
Continent/Country 156 System management City UTC offset Kentucky/Monticello −05:00 Knox_IN −06:00 Kralendijk −04:00 La_Paz −04:00 Lima −05:00 Los_Angeles −08:00 Louisville −05:00 Lower_Princes −04:00 Maceio −03:00 Managua −06:00 Manaus −04:00 Marigot −04:00 Martinique −04:00 Matamoros −06:00 Mazatlan −07:00 Mendoza −03:00 Menominee −06:00 Merida −06:00 Metlakatla −09:00 Mexico_City −06:00 Miquelon −03:00 Moncton −04:00 Monterrey −06:00 Montevideo −03:00 M
Continent/Country Antarctica City UTC offset Port-au-Prince −05:00 Porto_Acre −05:00 Porto_Velho −04:00 Puerto_Rico −04:00 Punta_Arenas −03:00 Rainy_River −06:00 Rankin_Inlet −06:00 Recife −03:00 Regina −06:00 Resolute −06:00 Rio_Branco −05:00 Rosario −03:00 Santa_Isabel −08:00 Santarem −03:00 Santiago −04:00 Santo_Domingo −04:00 Sao_Paulo −03:00 Scoresbysund −01:00 Shiprock −07:00 Sitka −09:00 St_Barthelemy −04:00 St_Johns −03:30 St_Kitts −04:00 St_Lucia −
Continent/Country City UTC offset Davis +07:00 DumontDUrville +10:00 Macquarie +11:00 Mawson +05:00 McMurdo +12:00 Palmer −03:00 Rothera −03:00 South_Pole +12:00 Syowa +03:00 Troll +00:00 Vostok +06:00 Arctic Longyearbyen +01:00 Asia Aden +03:00 Almaty +06:00 Amman +02:00 Anadyr +12:00 Aqtau +05:00 Aqtobe +05:00 Ashgabat +05:00 Ashkhabad +05:00 Atyrau +05:00 Baghdad +03:00 Bahrain +03:00 Baku +04:00 Bangkok +07:00 Barnaul +07:00 Beirut +02:00 Bishke
Continent/Country City UTC offset Dushanbe +05:00 Famagusta +02:00 Gaza +02:00 Harbin +08:00 Hebron +02:00 Ho_Chi_Minh +07:00 Hong_Kong +08:00 Hovd +07:00 Irkutsk +08:00 Istanbul +03:00 Jakarta +07:00 Jayapura +09:00 Jerusalem +02:00 Kabul +04:30 Kamchatka +12:00 Karachi +05:00 Kashgar +06:00 Kathmandu +05:45 Katmandu +05:45 Khandyga +09:00 Kolkata +05:30 Krasnoyarsk +07:00 Kuala_Lumpur +08:00 Kuching +08:00 Kuwait +03:00 Macao +08:00 Macau +08:00 Mag
Continent/Country Atlantic 160 System management City UTC offset Rangoon +06:30 Riyadh +03:00 Saigon +07:00 Sakhalin +11:00 Samarkand +05:00 Seoul +09:00 Shanghai +08:00 Singapore +08:00 Srednekolymsk +11:00 Taipei +08:00 Tashkent +05:00 Tbilisi +04:00 Tehran +03:30 Tel_Aviv +02:00 Thimbu +06:00 Thimphu +06:00 Tokyo +09:00 Tomsk +07:00 Ujung_Pandang +08:00 Ulaanbaatar +08:00 Ulan_Bator +08:00 Urumqi +06:00 Ust-Nera +10:00 Vientiane +07:00 Vladivostok +1
Continent/Country Australia Brazil Canada City UTC offset Stanley −03:00 ACT +10:00 Adelaide +09:30 Brisbane +10:00 Broken_Hill +09:30 Canberra +10:00 Currie +10:00 Darwin +09:30 Eucla +08:45 Hobart +10:00 LHI +10:30 Lindeman +10:00 Lord_Howe +10:30 Melbourne +10:00 North +09:30 NSW +10:00 Perth +08:00 Queensland +10:00 South +09:30 Sydney +10:00 Tasmania +10:00 Victoria +10:00 West +08:00 Yancowinna +09:30 Acre −05:00 DeNoronha −02:00 East −03:00
Continent/Country City UTC offset Cuba −06:00 EET −05:00 Egypt +02:00 Eire +02:00 EST +00:00 EST5EDT −05:00 Etc/GMT −05:00 Etc/GMT+0 +00:00 Etc/GMT+1 +00:00 Etc/GMT+10 −01:00 Etc/GMT+11 −10:00 Etc/GMT+12 −11:00 Etc/GMT+2 −12:00 Etc/GMT+3 −02:00 Etc/GMT+4 −03:00 Etc/GMT+5 −04:00 Etc/GMT+6 −05:00 Etc/GMT+7 −06:00 Etc/GMT+8 −07:00 Etc/GMT+9 −08:00 Etc/GMT0 −09:00 Etc/GMT-0 +00:00 Etc/GMT-1 +00:00 Etc/GMT-10 +01:00 Etc/GMT-11 +10:00 Etc/GMT-12 +11:00 Etc/GM
Continent/Country City Etc/Zulu Europe UTC offset +00:00 Amsterdam +00:00 Andorra +01:00 Astrakhan +01:00 Athens +04:00 Belfast +02:00 Belgrade +00:00 Berlin +01:00 Bratislava +01:00 Brussels +01:00 Bucharest +01:00 Budapest +02:00 Busingen +01:00 Chisinau +01:00 Copenhagen +02:00 Dublin +01:00 Gibraltar +00:00 Guernsey +01:00 Helsinki +00:00 Isle_of_Man +02:00 Istanbul +00:00 Jersey +03:00 Kaliningrad +00:00 Kiev +02:00 Kirov +02:00 Lisbon +03:00 Ljublj
Continent/Country City UTC offset Riga +02:00 Rome +01:00 Samara +04:00 San_Marino +01:00 Sarajevo +01:00 Saratov +04:00 Simferopol +03:00 Skopje +01:00 Sofia +02:00 Stockholm +01:00 Tallinn +02:00 Tirane +01:00 Tiraspol +02:00 Ulyanovsk +04:00 Uzhgorod +02:00 Vaduz +01:00 Vatican +01:00 Vienna +01:00 Vilnius +02:00 Volgograd +04:00 Warsaw +01:00 Zagreb +01:00 Zaporozhye +02:00 Zurich +01:00 GB +00:00 GB-Eire +00:00 GMT +00:00 GMT+0 +00:00 GMT0 +00
Continent/Country City UTC offset Mahe +04:00 Maldives +05:00 Mauritius +04:00 Mayotte +03:00 Reunion +04:00 Iran +03:30 Israel +02:00 Jamaica −05:00 Japan +09:00 Kwajalein +12:00 Libya +02:00 MET +01:00 Mexico BajaNorte −08:00 BajaSur −07:00 General −06:00 MST −07:00 MST7MDT −07:00 Navajo −07:00 NZ +12:00 NZ-CHAT +12:45 Pacific Apia +13:00 Auckland +12:00 Bougainville +11:00 Chatham +12:45 Chuuk +10:00 Easter −06:00 Efate +11:00 Enderbury +13:00
Continent/Country City UTC offset Majuro +12:00 Marquesas −09:30 Midway −11:00 Nauru +12:00 Niue −11:00 Norfolk +11:00 Noumea +11:00 Pago_Pago −11:00 Palau +09:00 Pitcairn −08:00 Pohnpei +11:00 Ponape +11:00 Port_Moresby +10:00 Rarotonga −10:00 Saipan +10:00 Samoa −11:00 Tahiti −10:00 Tarawa +12:00 Tongatapu +13:00 Truk +10:00 Wake +12:00 Wallis +12:00 Yap +10:00 Poland +01:00 Portugal +00:00 PRC +08:00 PST8PDT −08:00 ROC +08:00 ROK +09:00 Singapo
Continent/Country City UTC offset Indiana-Starke −06:00 Michigan −05:00 Mountain −07:00 Pacific −08:00 Pacific-New −08:00 Samoa −11:00 UTC +00:00 WET +00:00 W-SU +03:00 Zulu +00:00 System Clock commands clock set Sets the system time. Syntax Parameters clock set time year-month-day time Enter time in the format hour:minute:second, where hour is 1 to 24; minute is 1 to 60; second is 1 to 60. For example, enter 5:15 PM as 17:15:00.
Usage Information The standard time zone option applies the predefined offset for the selected standard time zone, including DST changes that apply to the local time. After you configure this command, OS10 uses the updated local time in all logs and timestamps. You can use the ? character or press the tab key for command completion and view a list of supported standard time zones. To view a list of supported standard time zone names, see the Time zones and UTC offset reference section.
clients choose from several NTP servers to determine which offers the best available source of time and the most reliable transmission of information. To get the correct time, OS10 synchronizes with a time-serving host. For the current time, you can set the system to poll specific NTP time-serving hosts. From those time-serving hosts, the system chooses one NTP host to synchronize with and acts as a client to the NTP host.
system flags: jitter: stability: broadcastdelay: authdelay: monitor ntp kernel stats 0.000000 s 0.000 ppm 0.000000 s 0.000000 s View calculated NTP synchronization variables OS10(config)# do show ntp associations remote local st poll reach delay offset disp ======================================================================= 10.16.150.185 10.16.151.123 16 1024 0 0.00000 0.000000 3.
Authentication NTP authentication and the corresponding trusted key provides a reliable exchange of NTP packets with trusted time sources. NTP authentication begins with creating the first NTP packet after the key configuration. NTP authentication uses the message digest 5 (MD5) algorithm. The key is embedded in the synchronization packet that is sent to an NTP time source. 1. Enable NTP authentication in CONFIGURATION mode. ntp authenticate 2.
To create this sample NTP configuration: 1. Configure the NTP server: a. Create a non-default VRF instance and assign an interface to the VRF. OS10(conf-vrf)# exit OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(config)# interface OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(config)# ethernet 1/1/1 no switchport ip vrf forwarding red ip address 10.0.0.
OS10(conf-if-eth1/1/1)# exit OS10(config)# b. Configure the NTP server IP address on the NTP client. OS10(config)# ntp server 10.0.0.1 OS10(config)# do show running-configuration ntp ntp server 10.0.0.1 OS10(config)# c. Configure NTP in the VRF Red instance. OS10(config)# ntp enable vrf red “% Warning: NTP server/client will be disabled in default VRF and enabled on a red VRF” Do you wish to continue? (y/n): y OS10(config)# do show running-configuration ntp ntp server 10.0.0.
reference ID: reference time: system jitter: clock jitter: clock wander: broadcast delay: symm. auth. delay: OS10# 10.0.0.1 dbc7b087.5d47aaa6 0.000000 0.462 0.003 -50.000 0.000 Sat, Nov 5 2016 1:12:39.364 5. Verify that the NTP server (10.0.0.1) is connected to the NTP master (11.0.0.2) running in VRF Red. OS10(config)# do show ntp associations vrf red remote refid st t when poll reach delay offset jitter ============================================================================== LOCAL(0) *11.
ntp authenticate-key Configures the authentication key for trusted time sources. Syntax ntp authenticate-key number md5 [0 | 7] key Parameters • • • • • Default 0 Command Mode CONFIGURATION number — Enter the authentication key number, from 1 to 4294967295. md5 — Set to MD5 encryption. 0 — Set to unencrypted format, the default. 7 — Set to hidden encryption. key — Enter the authentication key.
ntp enable vrf Enables NTP for the management or non-default VRF instance. Syntax ntp enable vrf {management | vrf vrf-name} Parameters • • Defaults Disabled Command Mode CONFIGURATION management — Enter the keyword to enable NTP for the management VRF instance. vrf vrf-name — Enter the keyword then the name of the VRF to enable NTP for that non-default VRF instance. Usage Information The no version of this command disables NTP for the management VRF instance.
Example Supported Releases OS10(config)# ntp server eureka.com 10.2.0E or later ntp source Configures an interface IP address to include in NTP packets. Syntax ntp source interface Parameters interface — Set the interface type: • • • • • ethernet node/slot/port[:subport] — Enter the Ethernet interface information. port-channel id-number — Enter the port-channel number, from 1 to 128. vlan vlan-id — Enter the VLAN number, from 1 to 4093.
Default Not configured Command Mode EXEC Usage Information • • • • • • • • • • (none) — One or more of the following symbols displays: • * — Synchronized to this peer. • # — Almost synchronized to this peer. • + — Peer was selected for possible synchronization. • - — Peer is a candidate for selection. • ~ — Peer is statically configured. remote — Remote IP address of the NTP peer. ref clock — IP address of the remote peer reference clock.
leap indicator: stratum: precision: root distance: root dispersion: reference ID: reference time: system flags: jitter: stability: broadcastdelay: authdelay: 11 16 -22 0.00000 s 1.28647 s [73.78.73.84] 00000000.00000000 Mon, Jan 1 1900 0:00:00.000 monitor ntp kernel stats 0.000000 s 0.000 ppm 0.000000 s 0.
DHCP server Network device offering configuration parameters to the client. DHCP client Network device requesting configuration parameters from the server. Relay agent Intermediary network device that passes DHCP messages between the client and the server when the server is not on the same subnet as the host. Packet format and options The DHCP server listens on port 67 and transmits to port 68. The DHCP client listens on port 68 and transmits to port 67.
DHCP Option Description DHCP relay agent 82 — Helps secure DHCP traffic that goes through a DHCP relay agent, and ensures that communication information option between the DHCP relay agent and the DHCP server is not compromised.
ip dhcp server ! pool Dell network 20.1.1.0/24 default-router 20.1.1.1 range 20.1.1.2 20.1.1.8 Address lease time Use the lease {days [hours] [minutes] | infinite} command to configure an address lease time. The default is 24 hours. OS10(config)# ip dhcp server OS10(conf-dhcp)# pool Dell OS10(conf-dhcp-Dell)# lease 36 Default gateway Ensure the IP address of the default router is on the same subnet as the client. 1. Enable DHCP server-assigned dynamic addresses on an interface in CONFIGURATION mode.
4. Enter the DNS servers in order of preference that are available to a DHCP client in DHCP mode. dns-server address DNS address resolution OS10(config)# ip dhcp OS10(conf-dhcp)# pool OS10(conf-dhcp-Dell)# OS10(conf-dhcp-Dell)# server Dell domain-name dell.com dns-server 192.168.1.1 NetBIOS WINS address resolution DHCP clients can be one of four types of NetBIOS nodes — broadcast, peer-to-peer, mixed, or hybrid. Dell EMC recommends using hybrid as the NetBIOS node type. 1.
View the DHCP binding table OS10# show ip dhcp binding IP Address Hardware address Lease expiration Hostname +-------------------------------------------------------------------------11.1.1.254 00:00:12:12:12:12 Jan 27 2016 06:23:45 Total Number of Entries in the Table = 1 With a fixed host configuration, also known as manual binding, you must configure a network pool with a matching subnet.
The DHCP relay agent inserts Option 82 before forwarding DHCP packets to the DHCP server. The DHCP server includes Option 82 back in its response to the relay agent. The relay agent uses this information to forward a reply out the interface on which the request was received rather than flooding it on the entire VLAN. However, the relay agent removes Option 82 from its DHCP responses before forwarding the responses to the client. NOTE: Option 82 is supported, but not configurable.
View local system domain name information OS10# show running-configuration ! Version 10.2.9999E ! Last configuration change at Feb 20 04:50:33 2017 ! username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/ VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH. aaa authentication system:local ip domain-name dell.com ip domain-list f10.com ip name-server 1.1.1.1 2::2 ip host dell-f10.com 10.10.10.10 snmp-server community public read-only snmp-server contact http://www.dell.
Rogue DHCP server detection In the following topology, a trusted DHCP server, a DHCP client, and a rogue DHCP server are connected to the DHCP snooping switch. The DHCP client and DHCP server are on the same VLAN. The physical interface eth 1/1/2 is a trusted interface. When the rogue DHCP server sends a DHCP packet to the client, the switch analyzes the packet.
DHCP snooping in a VLT environment OS10 supports DHCP snooping in a VLT environment. DHCP snooping switches in a VLT topology synchronize DHCP snooping binding information between them. The system interprets the VLTi link between VLT peers as trusted interfaces. To configure DHCP snooping in a VLT environment: • • Enable DHCP snooping on both VLT peers. Configure the VLT port-channel interfaces facing the DHCP server as trusted interfaces.
Enable and configure DHCP snooping globally 1. Enable DHCP snooping globally in CONFIGURATION mode. ip dhcp snooping 2. Specify physical or port-channel interfaces that have connections towards DHCP servers as trusted in INTERFACE mode. ip dhcp snooping trust Add static DHCP snooping entry in the binding table • Add a static DHCP snooping entry in the binding table in CONFIGURATION mode.
• Remove a static DHCP snooping entry from the binding table in CONFIGURATION mode. no ip dhcp snooping binding mac mac-address vlan vlan-id interface [ethernet slot/port/subport | port-channel port-channel-id] Example for removing static DHCP snooping entry in the binding table OS10(config)# no ip dhcp snooping binding mac 00:04:96:70:8a:12 vlan 100 ip 100.1.1.
DHCP server OS10(config)# interface ethernet 1/1/1 S10(conf-if-eth1/1/1)# no shutdown OS10(conf-if-eth1/1/1)# no switchport OS10(conf-if-eth1/1/1)# ip address 10.1.1.1/24 OS10(conf-if-eth1/1/1)# exit OS10(config)# ip dhcp server OS10(config-dhcp)# no disable OS10(config-dhcp)# pool dell_server1 OS10(config-dhcp-dell_server1)# lease 0 1 0 OS10(config-dhcp-dell_server1)# network 10.1.1.0/24 OS10(config-dhcp-dell_server1)# range 10.1.1.2 10.1.1.
DHCP snooping switch as relay agent This example uses a simple topology with a DHCP snooping switch configured as a DHCP relay agent. A DHCP server and a DHCP client are connected to the snooping switch through different VLANs. A rogue DHCP server attempts to pose as a legitimate DHCP server. With a configuration similar to the following, the DHCP snooping switch drops packets from the rogue DHCP server which is connected to an untrusted interface.
DHCP server OS10# configure terminal OS10(config)# ip dhcp server OS10(config-dhcp)# no disable OS10(config-dhcp)# pool dell_1 OS10(config-dhcp-dell_1)# network 10.1.1.0/24 OS10(config-dhcp-dell_1)# range 10.1.1.2 10.1.1.250 OS10(config-dhcp-dell_1)# exit OS10(config-dhcp)# pool dell_2 OS10(config-dhcp-dell_2)# network 10.2.1.
VLAN configuration • Create a VLAN. OS10# configure terminal OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# no shutdown VLT configuration 1. Create a VLT domain and configure VLTi. OS10(config)# interface range ethernet 1/1/4-1/1/5 OS10(conf-range-eth1/1/4-1/1/5)# no switchport OS10(conf-range-eth1/1/4-1/1/5)# exit OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# discovery-interface ethernet 1/1/4-1/1/5 2. Configure a VLT MAC address. OS10(conf-vlt-1)# vlt-mac 12:5e:23:2d:76:3e 3.
1. Create a VLT domain and configure VLTi. OS10(config)# interface range ethernet 1/1/4-1/1/5 OS10(conf-range-eth1/1/4-1/1/5)# no switchport OS10(conf-range-eth1/1/4-1/1/5)# exit OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# discovery-interface ethernet 1/1/4-1/1/5 2. Configure a VLT MAC address. OS10(conf-vlt-1)# vlt-mac 12:5e:23:f4:23:54 3. Specify the management IP address of the VLT peer as a backup link. OS10(conf-vlt-1)# backup destination 10.10.10.1 4. Configure VLT port channels.
======================================================================================= 10.1.1.2 14:18:77:0d:05:e9 3600 D port-channel10 vlan100 DHCP snooping with DHCP relay agent in a VLT setup In this VLT setup, DHCP clients on the virtual machine are connected to SW1 and SW2 and acquire IP addresses from the DHCP server. The VLAN of both the client and the DHCP server are in the default VRF on SW 1 and SW 2. SW 1 DHCP snooping configuration • Enable DHCP snooping globally.
• Configure SW 1 as the DHCP relay agent for the clients in the VM. The IP address that you specify here is the IP address of the DHCP server OS10# configure terminal OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# ip helper-address 10.2.1.2 VLT configuration 1. Create a VLT domain and configure VLTi.
• Create a VLAN and assign an IP address to it which acts as the gateway for the VMs. OS10# configure terminal OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# no shutdown OS10(conf-if-vl-100)# ip address OS10(conf-if-vl-100)# ip address 10.1.1.2/24 OS10(conf-if-vl-100)# exit • Create another VLAN and assign an IP address to it which can communicate with the DHCP server.
• Configure peer routing. OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# peer-routing DHCP server VLAN configuration OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# exit OS10(config)# interface vlan 200 OS10(conf-if-vl-200)# ip address 10.2.1.
DAI statistics The system maintains DAI statistics that contain the following details: • • • • Valid ARP requests Invalid ARP requests Valid ARP replies Invalid ARP replies You can clear the DAI statistics using the clear ip arp inspection statistics command. DAI trusted interfaces By default, all ports are untrusted and all packets go through the DAI validation process on all DAI-enabled VLANs. You can configure an interface to bypass ARP inspection by configuring the interface as trusted.
• Use the following command in EXEC mode: show ip arp inspection statistics vlan vlan-name Example for viewing DAI statistics OS10# show ip arp inspection statistics Dynamic ARP Inspection (DAI) Statistics --------------------------------------Valid ARP Requests Valid ARP Replies Invalid ARP Requests Invalid ARP Replies • : : : : 0 1000 1000 0 View DAI violation information show ip arp inspection logging Example for viewing DAI violation information OS10# show ip arp inspection logging Total Number of
DHCP source MAC address validation The switch compares the source MAC address of the DHCP packet to the Client Hardware Address (CHADDR) field in the DHCP packet and drops the DHCP packet if there is a mismatch. Restrictions for Source Address Validation • As the SAV feature shares TCAM memory with user ACLs, the maximum number of SAV rules that the system can support depends on how much TCAM memory is allocated to user ACLs.
Command Mode DHCP Usage Information The no version of this command enables the DHCP server. Example Supported Releases OS10(conf-dhcp)# no disable 10.2.0E or later dns-server address Assigns a DNS server to clients based on the address pool. Syntax dns-server address [address2...address8] Parameters • • Default Not configured Command Mode DHCP-POOL address — Enter the DNS server IP address that services clients on the subnet in A.B.C.D or A::B format. address2...
Supported Releases 10.2.0E or later host Assigns a host to a single IPv4 or IPv6 address pool for manual configurations. Syntax host A.B.C.D/A::B Parameters A.B.C.D/A::B — Enter the host IP address in A.B.C.D or A::B format. Default Not configured Command Mode DHCP-POOL Usage Information The host address is the IP address that a client machine uses for DHCP. Example Supported Releases OS10(conf-dhcp-Dell)# host 20.1.1.100 10.2.0E or later ip dhcp server Enters DHCP configuration mode.
ipv6 helper-address Configures a DHCPv6 server address. Syntax ipv6 helper-address ipv6-address [vrf vrf-name] Parameters • • vrf vrf-name — (Optional) Enter the keyword vrf and then the name of the VRF through which the host address can be reached. ipv6–address — Specify the DHCPv6 server address in the A::B format.
Usage Information Configure up to eight NetBIOS WINS servers available to a Microsoft DHCP client, in order of preference. The no version of this command returns the value to the default. Example Supported Releases OS10(conf-dhcp-Dell)# netbios-name-server 192.168.10.5 10.2.0E or later netbios-node-type Configures the NetBIOS node type for the DHCP client. Syntax netbios-node-type type Parameters type — Enter the NetBIOS node type: • • • • Broadcast — Enter b-node. Hybrid — Enter h-node.
Usage Information Use the pool command to name the pool of available IP addresses used by a DHCP server to assign an IP address to a client and enter DHCP POOL mode. In this mode, use the network command to configure the IPv4 or IPv6 subnet from which the DHCP server assigns addresses. Example Supported Releases OS10(conf-dhcp)# pool Dell OS10(conf-dhcp-Dell)# 10.2.0E or later range Configures a range of IP addresses.
DHCP snooping commands arp inspection Enables Dynamic ARP Inspection (DAI) on a VLAN. Syntax arp inspection Parameters None Defaults Disabled Command Mode INTERFACE VLAN Usage Information Dell EMC Networking recommends enabling DAI before enabling DHCP snooping. Example Supported Releases OS10(conf-if-vl-230)# arp inspection 10.5.0 or later arp inspection-trust Configures a port as trusted so that ARP frames are not validated against the DAI database.
clear ip arp inspection statistics Clear the Dynamic ARP Inspection statistics. Syntax clear ip arp inspection statistics [vlan vlan-id] Parameters • Defaults None Command Mode EXEC vlan vlan-id—Enter the VLAN ID. The range is from 1 to 4093. Usage Information This command is accessible to users with sysadmin and secadmin roles. Example (Global) Supported Release OS10# clear ip dhcp snooping binding 10.5.
Usage Information When you enable this feature, the switch begins to monitor all transactions between DHCP servers and DHCP clients and use the information to build the DHCP snooping binding table. If you disable DHCP snooping, the system removes the DHCP snooping binding table. Source Address Validation and Dynamic ARP Inspection entries are also removed. This command is accessible to users with sysadmin and secadmin roles. The no version of this command disables DHCP snooping globally.
This command is accessible to users with sysadmin and secadmin roles. The no version of this command deletes the static entry from the DHCP snooping binding table. Example Supported Releases OS10(config)# ip dhcp snooping binding mac 00:04:96:70:8a:12 vlan 100 ip 100.1.1.2 interface ethernet 1/1/4 10.5.0 or later ip dhcp snooping trust Configures an interface as trusted in a DHCP snooping enabled VLAN.
Usage Information This command displays the list of snooped hosts from which ARP packets were processed. Example OS10# show ip arp inspection database Number of entries : 3 Address Hardware Address Interface VLAN -----------------------------------------------------------------------55.2.1.1 00:40:50:00:00:00 port-channel100 vlan3001 200.1.1.134 00:2a:10:01:00:00 port-channel100 vlan3001 200.1.1.62 00:2a:10:01:00:01 port-channel100 vlan3001 Supported Releases 10.5.
Parameters • Defaults None Command Mode EXEC vlan vlan-id—Enter the VLAN ID. The range is from 1 to 4093. Usage Information The dynamically learned entries are displayed as D and statically configured entries are displayed as S. Example OS10# show ip dhcp snooping binding Codes : S - Static D – Dynamic IPv4 Address MAC Address Expires(Sec) Type Interface VLAN ========================================================================= 10.1.1.22 11:22:11:22:11:22 120331 S ethernet1/1/4 100 10.1.
Usage Information This domain appends to incomplete DNS requests. The no version of this command returns the value to the default. Example Supported Releases OS10(config)# ip domain-name jay dell.com 10.2.0E or later ip host Configures mapping between the host name server and the IP address. Syntax ip host [vrf vrf-name] [host-name] address Parameters • • • vrf vrf-name — (Optional) Enter vrf and then the name of the VRF to configure the name server to IP address mapping for that VRF.
Parameters vrf vrf-name — Enter vrf then the name of the VRF to display DNS host information corresponding to that VRF. Default Not configured Command Mode EXEC Usage Information None Example Supported Releases OS10# show hosts Default Domain Name : dell.com Domain List : abc.com Name Servers : 1.1.1.
10 Interfaces You can configure and monitor physical interfaces (Ethernet), port-channels, and virtual local area networks (VLANs) in Layer 2 (L2) or Layer 3 (L3) modes. Table 21.
Figure 1. S4148U-ON unified port groups MX9116n Fabric Switching Engine On the MX9116n Fabric Switching Engine module: • • • • QSFP28-DD port groups 1 to 12 operate only in Ethernet mode. For more information, see Double-density QSFP28 interfaces. QSFP28 port groups 13 and 14 operate in Ethernet 1x100GE mode by default. Unified port groups 15 and 16 operate in Ethernet 1x100GE mode by default, and support Fibre Channel and other Ethernet modes.
View Ethernet unified port interface OS10(config)# interface ethernet 1/1/41 OS10(conf-if-eth1/1/41:1)# show configuration ! interface ethernet1/1/41:1 no shutdown Z9264F-ON port-group profiles On the Z9264F-ON switch, the port-group profiles determine the available front-panel Ethernet ports and supported breakout interfaces. QSFP28 ports operate only in Ethernet mode. Use the port-group profile to configure breakout interfaces and specify the port speed.
• 100g-1x — Reset a port to 100GE mode. • 40g-1x — Set a port to 40GE mode for use with a QSFP+ 40GE transceiver. • 25g-4x — Split a port into four 25GE interfaces. • 10g-4x — Split a port into four 10GE interfaces. 4. Return to CONFIGURATION mode. exit 5. Enter Ethernet Interface mode to configure other settings. Enter a single interface, a hyphen-separated range, or multiple interfaces separated by commas.
Port Group Ports Supported breakout modes • • • • 50g-2x 40g-1x 25g-4x 10g-4x Port-group1/1/14 14 • • • • • 100g-1x 50g-2x 40g-1x 25g-4x 10g-4x Port-group1/1/6 15 • • • • • 100g-1x 50g-2x 40g-1x 25g-4x 10g-4x The following shows the supported port groups and breakout modes on the S5224F-ON switch: OS10# show port-group Port-group port-group1/1/1 port-group1/1/2 port-group1/1/3 port-group1/1/4 port-group1/1/5 port-group1/1/6 port-group1/1/7 port-group1/1/8 port-group1/1/9 port-group1/1/10 Mode E
Port Group Ports Supported breakout modes Port-group1/1/8 26 • • • • • 100g-1x 50g-2x 40g-1x 25g-4x 10g-4x Port-group1/1/9 27 • • • • • 100g-1x 50g-2x 40g-1x 25g-4x 10g-4x Port-group1/1/10 28 • • • • • 100g-1x 50g-2x 40g-1x 25g-4x 10g-4x The following shows the supported port groups and breakout modes on the S5248F-ON switch: OS10# show port-group Port-group Mode Ports port-group1/1/1 Eth 25g-4x 1 2 3 4 port-group1/1/2 Eth 25g-4x 5 6 7 8 port-group1/1/3 Eth 25g-4x 9 10 11 12 port-group1/1/4 E
Port Group Ports Supported breakout modes Port-group1/1/7 25, 26, 27, 28 • • 25g-4x 10g-4x Port-group1/1/8 29, 30, 31, 32 • • 25g-4x 10g-4x Port-group1/1/9 33, 34, 35, 36 • • 25g-4x 10g-4x Port-group1/1/10 37, 38, 39, 40 • • 25g-4x 10g-4x Port-group1/1/11 41, 42, 43, 44 • • 25g-4x 10g-4x Port-group1/1/12 45, 46, 47, 48 • • 25g-4x 10g-4x Port-group1/1/13 49, 50 • • • • • 100g-2x 50g-4x 40g-2x 25g-8x 10g-8x Port-group1/1/14 51, 52 • • • • • 100g-2x 50g-4x 40g-2x 25g-8x 10g-8x
Port-group port-group1/1/1 port-group1/1/2 port-group1/1/3 port-group1/1/4 port-group1/1/5 port-group1/1/6 port-group1/1/7 port-group1/1/8 port-group1/1/9 port-group1/1/10 port-group1/1/11 port-group1/1/12 port-group1/1/13 port-group1/1/14 port-group1/1/15 port-group1/1/16 port-group1/1/17 port-group1/1/18 port-group1/1/19 port-group1/1/20 port-group1/1/21 port-group1/1/22 port-group1/1/23 port-group1/1/24 port-group1/1/25 port-group1/1/26 port-group1/1/27 port-group1/1/28 port-group1/1/29 port-group1/1/30
Port Group Ports Supported breakout modes Port-group1/1/11 41, 42, 43, 44 • • 25g-4x 10g-4x Port-group1/1/12 45, 46, 47, 48 • • 25g-4x 10g-4x Port-group1/1/13 49, 50, 51, 52 • • 25g-4x 10g-4x Port-group1/1/14 53, 54, 55, 56 • • 25g-4x 10g-4x Port-group1/1/15 57, 58, 59, 60 • • 25g-4x 10g-4x Port-group1/1/16 61, 62, 63, 64 • • 25g-4x 10g-4x Port-group1/1/17 65, 66, 67, 68 • • 25g-4x 10g-4x Port-group1/1/18 69, 70,71, 72 • • 25g-4x 10g-4x Port-group1/1/19 73, 74, 75, 76 •
Port Group Ports Supported breakout modes • 10g-4x Port-group1/1/28 100 • • • • • 100g-1x 50g-2x 40g-1x 25g-4x 10g-4x Port-group1/1/29 101 • • • • • 100g-1x 50g-2x 40g-1x 25g-4x 10g-4x Port-group1/1/30 102 • • • • • 100g-1x 50g-2x 40g-1x 25g-4x 10g-4x Port-group1/1/31 103 • • • • • 100g-1x 50g-2x 40g-1x 25g-4x 10g-4x Port-group1/1/32 104 • • • • • 100g-1x 50g-2x 40g-1x 25g-4x 10g-4x To configure breakout modes: 1. Configure a port group in CONFIGURATION mode.
4. Enter Interface breakout mode to configure other settings, such as, speed.
1. Remove a port from L2 switching in INTERFACE mode. no switchport 2. Configure L3 routing in INTERFACE mode. Add secondary to configure backup IP addresses. ip address address [secondary] 3. Enable the interface for L3 traffic transmission in INTERFACE mode. no shutdown L3 interface configuration OS10(config)# interface OS10(conf-if-eth1/1/9)# OS10(conf-if-eth1/1/9)# OS10(conf-if-eth1/1/9)# ethernet 1/1/9 no switchport ip address 10.10.1.
2. Activate the unified port group for FC operation in PORT-GROUP mode. The available FC modes depend on the switch. mode fc {32g-4x | 32g-2x | 32g-1x | 16g-4x} • 16g-4x — Split a unified port group into four 16 GFC interfaces. • 32g-1x — Split a unified port group into one 32 GFC interface. A 1x-32G interface has a rate limit of 28G. • 32g-2x — Split a unified port group into two 32 GFC interfaces. • 32g-4x — Split a unified port group into four 32 GFC interfaces.
0 class 2 frames, 33 class 3 frames 0 BB credit 0, 0 oversize frames 6356027325 total errors Rate Info: Input 116 bytes/sec, 1 frames/sec, 0% of line rate Output 78 bytes/sec, 1 frames/sec, 0% of line rate Time since last interface status change: 00:00:24 Configuring wavelength You can configure optical transmission wavelength values for SPF+ optics. This configuration enables you to fine tune the laser wavelengths and frequencies up to two decimal places in the nanometer scale.
Management interface For management connectivity, use the management VLAN. VLAN 4020 is the default management VLAN and is enabled by default. The mgmt1/1/1 port is part of VLAN 4020. You cannot configure gateway addresses, IP addresses, and proxy ARPs on the management interface. VLAN interfaces VLANs are logical interfaces and are, by default, in L2 mode. Physical interfaces and port-channels can be members of VLANs. OS10 supports inter-VLAN routing.
VLAN scale profile When you scale the number of VLANs on a switch, use the VLAN scale profile. VLAN scale profile consumes less memory. Enable the scale profile before you configure VLANs on the switch. The scale profile globally applies L2 mode on all VLANs you create and disables L3 transmission. To enable L3 routing traffic on a VLAN, use the mode L3 command. NOTE: With VLAN scale profile configuration, Layer 3 VLANs, IGMP snooping-enabled VLANs, and FCoE VLANs require mode L3 configuration. 1.
MTU 1532 bytes Flowcontrol rx false tx false ARP type: ARPA, ARP Timeout: 240 Last clearing of "show interface" counters : 00:00:11 Queuing strategy : fifo Input 0 packets, 0 bytes, 0 multicast Received 0 errors, 0 discarded Output 0 packets, 0 bytes, 0 multicast Output 0 errors, Output 0 invalid protocol Time since last interface status change : 00:00:11 Port-channel interfaces Port-channels are not configured by default.
• • Port-channels support 802.3ad LACP. LACP identifies similarly configured links and dynamically groups ports into a logical channel. LACP activates the maximum number of compatible ports that the switch supports in a port-channel. If you globally disable a spanning-tree operation, L2 interfaces that are LACP-enabled port-channel members may flap due to packet loops.
Assign Port Channel IP Address OS10# configure terminal OS10(config)# interface port-channel 1 OS10(conf-if-po-1)# ip address 1.1.1.1/24 OS10(conf-if-po-1)# Remove or disable port-channel You can delete or disable a port-channel. 1. Delete a port-channel in CONFIGURATION mode. no interface port-channel channel-number 2. Disable a port-channel to place all interfaces within the port-channel operationally down in CONFIGURATION mode.
Change hash algorithm The load-balancing command selects the hash criteria applied to traffic load balancing on port-channels. If you do not obtain even traffic distribution, use the hash-algorithm command to select the hash scheme for LAG. Rotate or shift the L2-bit LAG hash until you achieve the desired traffic distribution. • Change the default (0) to another algorithm and apply it to LAG hashing in CONFIGURATION mode.
Configure range of port channels OS10(config)# interface range port-channel 1-25 OS10(conf-range-po-1-25)# Switch-port profiles A port profile determines the enabled front-panel ports and supported breakout modes on Ethernet and unified ports. Change the port profile on a switch to customize uplink and unified port operation, and the availability of front-panel data ports.
S4148-ON Series port profiles On the S4148-ON Series of switches, port profiles determine the available front-panel Ethernet ports and supported breakout interfaces on uplink ports. In the port profile illustration, blue boxes indicate the supported ports and breakout interfaces. Blank spaces indicate ports and speeds that are not available. • • • • • 10GE mode is an SFP+ 10GE port or a 4x10G breakout of a QSFP+ or QSFP28 port. 25GE is a 4x25G breakout of a QSFP28 port.
S4148U-ON Ethernet modes—QSFP+ ports 27-28 and SFP+ ports 31-54: • • 10GE mode is an SFP+ 10GE port or a 4x10G breakout of a QSFP+ port. 40GE mode is a QSFP+ port. For example, all S4148U-ON activate support 10G speed on unified ports 1-24 and Ethernet ports 31-54, but only profile-1 and profile-2 activate QSFP+ ports 27-28 in 40GE mode with 4x10G breakouts.
To reset the negotiation mode to the default setting of the media you use, use one of the following commands: negotiation auto no negotiation The following examples show that the nondefault configuration is added to the running configuration: OS10(conf-if-eth1/1/50)# negotiation off OS10(conf-if-eth1/1/50)# show configuration ! interface ethernet1/1/50 no shutdown switchport access vlan 1 negotiation off flowcontrol receive on OS10(conf-if-eth1/1/50)# negotiation on OS10(conf-if-eth1/1/50)# show configurati
• • • • • • node/slot/port — Enter the physical port information. 10g-4x — Split a QSFP28 or QSFP+ port into four 10G interfaces. 25g-4x — Split a QSFP28 port into four 25G interfaces. 40g-1x — Set a QSFP28 port to use with a QSFP+ 40G transceiver. 50g-2x — Split a QSFP28 port into two 50G interfaces. 100g-1x — Reset a QSFP28 port to 100G speed. To configure an Ethernet breakout interface, use the interface ethernet node/slot/port:subport command in CONFIGURATION mode.
-----------------------------------------------------------------Port Description Status Speed Duplex Mode Vlan Tagged-Vlans -----------------------------------------------------------------Eth 1/1/1 down 0 auto Eth 1/1/2 down 0 auto A 1 Eth 1/1/25:1 down 0 auto A 1 Eth 1/1/25:2 down 0 auto A 1 Eth 1/1/25:3 down 0 auto A 1 Eth 1/1/25:4 down 0 auto A 1 Eth 1/1/29 down 0 auto A 1 - Reset default configuration You can clear all configured settings on an Ethernet or Fibre Channel interface and reset the interf
OS10(conf-if-eth1/1/2)# exit S10(config)# default interface ethernet 1/1/2 Proceed to cleanup the interface config? [confirm yes/no]:y Sep 9 01:06:28 OS10 dn_l3_core_services[968]: Node.1-Unit.1:PRI:notice [os10:trap], %Dell EMC (OS10) %IP_ADDRESS_DEL: IP Address delete is successful. IP 2.2.2.2/24 deleted successfully Sep 9 01:06:28 OS10 dn_l3_core_services[968]: Node.1-Unit.1:PRI:notice [os10:trap], %Dell EMC (OS10) %IP_ADDRESS_DEL: IP Address delete is successful. IP 3.3.3.
Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 60 Last clearing of "show interface" counters: 00:00:17 Queuing strategy: fifo Input statistics: 7 packets, 818 octets 2 64-byte pkts, 0 over 64-byte pkts, 5 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 7 Multicasts, 0 Broadcasts, 0 Unicasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output statistics: 15 packets, 1330 octets 10 64-byte pkts, 0 over 64-byte pkts, 5 over 127-byte pkts 0 over 255-b
Disable EEE OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# no eee Clear EEE counters You can clear EEE counters on physical Ethernet interfaces globally or per interface.
... Eth Eth Eth ... Eth 1/1/47 1/1/48 1/1/49 on on n/a 1/1/52 n/a 0 0 0 0 0 0 0 0 EEE commands clear counters interface eee Clears all EEE counters. Syntax clear counters interface eee Parameters None Default Not configured Command Mode EXEC Usage Information None Example Supported Releases OS10# clear counters interface eee Clear all eee counters [confirm yes/no]:yes 10.3.0E or later clear counters interface ethernet eee Clears EEE counters on a specified Ethernet interface.
Example (Disable EEE) Supported Releases OS10(config)# interface ethernet 1/1/2 OS10(conf-if-eth1/1/2)# no eee 10.3.0E or later show interface eee Displays the EEE status for all interfaces. Syntax show interface eee Parameters None Default Not configured Command Mode EXEC Example OS10# show interface eee Port EEE Status Speed Duplex --------------------------------------------Eth 1/1/1 off up 1000M ...
Parameters node/slot/port[:subport]—Enter the interface information. Default Not configured Command Mode EXEC Example OS10# show interface ethernet 1/1/48 eee Port EEE Status Speed Duplex --------------------------------------------Eth 1/1/48 on up 1000M Supported Releases 10.3.0E or later show interface ethernet eee statistics Displays EEE statistics for a specified interface.
Receive power reading is 0.
interface ethernet1/1/1 ip address 1.1.1.1/24 no switchport no shutdown View candidate configuration OS10(conf-if-eth1/1/1)# show configuration candidate ! interface ethernet1/1/1 ip address 1.1.1.1/24 no switchport no shutdown View running configuration OS10# show running-configuration Current Configuration ... ! interface ethernet1/1/1 no ip address shutdown ! interface ethernet1/1/2 no ip address shutdown ! interface ethernet1/1/3 no ip address shutdown ! interface ethernet1/1/4 no ip address shutdown ..
Ethernet 1/1/32 Management 1/1/1 Vlan 1 Vlan 10 Vlan 20 Vlan 30 unassigned 10.16.153.
Alarm Category Power transmission (Tx) Alarm Name Traps Generated? Severity Level Bias low warning N Minor Tx high Y Major Tx high warning N Minor Tx low Y Major Tx low warning N Minor Y Major Rx high warning N Minor Rx low Y Major Rx low warning N Minor Power reception (Rx) Rx high You can enable or disable the DOM feature, configure traps, and view the DOM status. Enable DOM and DOM traps To generate DOM alarms, do the following. 1. Enable DOM. OS10(config)# dom enable 2.
The following are examples of DOM traps. 2018-08-21 17:38:18 [UDP: [10.11.56.49]:51635->[10.11.86.108]:162]: iso.3.6.1.2.1.1.3.0 = Timeticks: (0) 0:00:00.00 iso.3.6.1.6.3.1.1.4.1.0 = OID: iso.3.6.1.4.1.674.11000.5000.100.4.1.3.1.15 iso.3.6.1.4.1.674.11000.5000.100.4.1.3.2.4 = INTEGER: 1 iso.3.6.1.4.1.674.11000.5000.100.4.1.3.2.5 = INTEGER: 21 iso.3.6.1.4.1.674.11000.5000.100.4.1.3.2.1 = INTEGER: 1081393 iso.3.6.1.4.1.674.11000.5000.100.4.1.3.2.3 = INTEGER: 1 iso.3.6.1.4.1.674.11000.5000.100.4.1.3.
• • An Ethernet interface is enabled using the no shutdown command; a Fibre Channel interface is disabled using the shutdown command. An Ethernet interface is assigned to the default VLAN. The default interface command removes all software settings and all L3, VLAN, and port-channel configurations on a physical interface. You must manually remove configured links to the interface from other software features; for example, if you configure an Ethernet interface as a discovery interface in a VLT domain.
no switchport ! interface ethernet1/1/3 no shutdown no switchport ip address 192.28.43.1/31 ipv6 address 2000:28:43::28:43:1/127 ! interface ethernet1/1/4 no shutdown no switchport ip address 192.41.43.1/31 ipv6 address 2000:41:43::41:43:1/127 OS10(conf-range-eth1/1/1-1/1/4)# exit OS10(config)# default interface range ethernet 1/1/1,1/1/2-1/1/4 Proceed to cleanup interface range config? [confirm yes/no]:yes Mar 5 22:21:12 OS10 dn_l3_core_services[590]: Node.1-Unit.
Parameters vlan-id — Enter the default VLAN ID number, from 1 to 4093. Default VLAN1 Command Mode CONFIGURATION Usage Information By default, VLAN1 serves as the default VLAN for switching untagged L2 traffic on OS10 ports in Trunk or Access mode. If you use VLAN1 for network-specific data traffic, reconfigure the VLAN ID of the default VLAN. The command reconfigures the access VLAN ID, the default VLAN, of all ports in Switchport Acess mode.
duplex Configures Duplex mode on the Management port. Syntax duplex {full | half | auto} Parameters • • • Defaults Not configured Command Mode CONFIGURATION full — Set the physical interface to transmit in both directions. half — Set the physical interface to transmit in only one direction. auto — Set the port to auto-negotiate speed with a connected device. Usage Information You can only use this command on the Management port.
Example OS10# configure terminal OS10(config)# snmp-server enable traps dom temperature OS10# configure terminal OS10(config)# no snmp-server enable traps dom temperature Supported Releases 10.4.3.0 or later feature auto-breakout Enables front-panel Ethernet ports to automatically detect SFP media and autoconfigure breakout interfaces.
interface breakout Splits a front-panel Ethernet port into multiple breakout interfaces. Syntax interface breakout node/slot/port map {100g-1x | 50g-2x |40g-1x | 25g-4x | 10g-4x | 25g-4x} Parameters • • • • • • Default Not configured Command Mode CONFIGURATION Usage Information • • • • Example Supported Releases node/slot/port — Enter the physical port information. 100g-1x — Reset a QSFP28 port to 100G speed. 50g-2x — Split a QSFP28 port into two 50GE interfaces.
Usage Information The no version of this command deletes the Loopback interface. Example Supported Releases OS10(config)# interface loopback 100 OS10(conf-if-lo-100)# 10.2.0E or later interface mgmt Configures the Management port. Syntax interface mgmt node/slot/port Parameters node/slot/port — Enter the physical port interface information for the Management interface. Default Enabled Command Mode CONFIGURATION Usage Information You cannot delete a Management port.
Example Supported Releases OS10(config)# interface port-channel 10 OS10(conf-if-po-10)# 10.2.0E or later interface range Configures a range of Ethernet, port-channel, or VLAN interfaces for bulk configuration. Syntax interface range {ethernet node/slot/port[:subport]-node/slot/port[:subport], [...]} | {port-channel IDnumber-IDnumber,[ ...]} | vlan vlanID-vlanID,[...]} Parameters • node/slot/port[:subport]-node/slot/port[:subport] — Enter a range of Ethernet interfaces.
Supported Releases 10.2.0E or later link-bundle-utilization Configures link-bundle utilization. Syntax link-bundle-utilization trigger-threshold value Parameters value — Enter the percentage of port-channel bandwidth that triggers traffic monitoring on port-channel members, from 0 to 100. Default Disabled Command Mode CONFIGURATION Usage Information None Example Supported Releases OS10(config)# link-bundle-utilization trigger-threshold 10 10.2.
Usage Information • • • • Example The mode {FC | Eth} command configures a port group to operate at line rate and guarantees no traffic loss. To configure oversubscription on a FC interface, use the speed command. To view the currently active ports and subports, use the show interfaces status command. The no version of the command resets port-group interfaces to the default Ethernet port mode/speed. Use the no mode command before you reset the mode on an interface.
NOTE: You must configure the MTU on VLAN members first before you configure the VLAN MTU. • • • All members of a VLAN must have the same MTU value. Tagged members must have a link MTU 4 bytes higher than untagged members to account for the packet tag. Ensure that the MTU of VLAN members is greater than or equal to the VLAN MTU. If you configure the MTU on VLAN members after you configure the VLAN MTU, the VLAN MTU may not be updated.
OS10(conf-if-eth1/1/50)# negotiation on OS10(conf-if-eth1/1/50)# show configuration ! interface ethernet1/1/50 no shutdown switchport access vlan 1 negotiation on flowcontrol receive on OS10(conf-if-eth1/1/50)# no negotiation OS10(conf-if-eth1/1/50)# show configuration ! interface ethernet1/1/50 no shutdown switchport access vlan 1 flowcontrol receive on OS10(conf-if-eth1/1/50)# do show interface ethernet 1/1/50 Ethernet 1/1/50 is up, line protocol is up Hardware is Eth, address is e4:f0:04:3e:2d:86 Current
port-group Configures a group of front-panel unified ports, or a double-density QSFP28 (QSFP28-DD) or single-density QSFP28 port group. Syntax port-group node/slot/port-group Parameters • • Default Not configured Command mode CONFIGURATION node/slot — Enter 1/1 for node/slot when you configure a port group. port-group — Enter the port-group number, from 1 to 16. The available port-group range depends on the switch.
scale-profile vlan Configures the L2 VLAN scale profile on a switch. Syntax scale-profile vlan Parameters None Defaults Not configured Command Mode CONFIGURATION Usage Information Use the VLAN scale profile when you scale the number of VLANs so that the switch consumes less memory. Enable the scale profile before you configure VLANs on the switch. The scale profile globally applies L2 mode on all VLANs you create and disables L3 transmission. The no version of the command disables L2 VLAN scaling.
• • • • • • • • phy-eth node/slot/port[:subport] — Display information about physical ports connected to the interface. status — Display interface status. ethernet node/slot/port[:subport] — Display Ethernet interface information. loopback id — Display Loopback IDs, from 0 to 16383. mgmt node/slot/port — Display Management interface information. null — Display null interface information. port-channel id-number — Display port channel interface IDs, from 1 to 128.
Members in this channel: ARP type: ARPA, ARP Timeout: 60 OS10# show interface port-channel summary LAG Mode Status Uptime Ports 22 L2 up 20:38:08 Eth 1/1/10 (Up) Eth 1/1/11 (Down) Eth 1/1/12 (Inact) 23 L2 up 20:34:32 Eth 1/1/20 (Up) Eth 1/1/21 (Up) Eth 1/1/22 (Up) Example (VLAN) Supported Releases OS10# show interface vlan 20 Vlan 20 is up, line protocol is down vlan name: vlanname20 Address is 0c:9b:1d:68:89:6a, Current address is 0c:9b:1d:68:89:6a Interface index is 60 Internet address is not set Mode o
Usage Information Use the show inventory media command to verify the media type inserted in a port. On the MX9116n Fabric Switching Engine and MX5108n Ethernet Switch, server-facing interfaces are on the backplane and are enabled by default. To view the backplane port connections to servers, use the show inventory media command. In the output, a FIXED port does not use external transceivers and always displays as Dell EMC Qualified.
1/1/4 1/1/5 1/1/6 1/1/7 1/1/8 ... Supported Releases FIXED FIXED FIXED FIXED FIXED INTERNAL INTERNAL INTERNAL INTERNAL INTERNAL true true true true true 10.2.0E or later show link-bundle-utilization Displays information about the link-bundle utilization. Syntax show link-bundle-utilization Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show link-bundle-utilization Link-bundle trigger threshold - 60 Supported Releases 10.2.
summary Flags: D - Down U - member up but inactive P - member up and active U - Up (port-channel) Group Port-Channel Type Protocol Member Ports 22 port-channel22 (U) Eth STATIC 1/1/10(P) 1/1/11(P) 1/1/14(P) 1/1/16(P) 1/1/19(P) 23 port-channel23 (D) Eth STATIC Supported Releases 10.2.0E or later show port-group Displays the current port-group configuration on a switch.
Supported Releases • • port-group1/1/3 restricted port-group1/1/4 restricted port-group1/1/5 restricted port-group1/1/6 restricted port-group1/1/7 restricted port-group1/1/8 restricted 1/1/5 1/1/6 1/1/7 1/1/8 1/1/9 1/1/10 1/1/11 1/1/12 1/1/13 1/1/14 1/1/15 Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth 10g-4x Disabled 10g-4x Disabled 10g-4x Disabled 10g-4x Disabled 10g-4x Disabled 10g-4x 10.3.1E or later 10.4.3.
Up Time : 1 day 00:48:58 -- Unit 1 -Status System Identifier Down Reason Digital Optical Monitoring System Location LED Required Type Current Type Hardware Revision Software Version Physical Ports BIOS System CPLD Master CPLD Slave CPLD Supported Releases : : : : : : : : : : up 1 unknown disable off S4148F S4148F X01 10.5.0.0 48x10GbE, 2x40GbE, 4x100GbE : 3.33.0.0-3 : 0.4 : 0.10 : 0.7 10.4.3.
Command Mode EXEC Usage Information None Example Supported Releases OS10# show vlan Codes: * - Default VLAN, M - Management VLAN, R - Remote Port Mirroring VLANs Q: A - Access (Untagged), T - Tagged NUM Status Description Q Ports 1 down 10.2.0E or later shutdown Disables an interface. Syntax shutdown Parameters None Default Disabled Command Mode INTERFACE Usage Information This command marks a physical interface as unavailable for traffic.
Example Supported Releases OS10(conf-if-fc-1/1/2)# speed 16 10.3.1E or later speed (Management) Configures the transmission speed of the Management interface. Syntax speed {10 | 100 | 1000 | auto} Parameters Set the Management port speed to: • • • • 10 — 10M 100 — 100M 1000 — 1000M auto — Set the port to auto-negotiate speed with a connected device. Defaults Auto Command Mode INTERFACE Usage Information The speed command is supported only on Management and Fibre Channel interfaces.
• • • • profile-4 — SFP+ 10G ports (5-24 and 31-50), QSFP+ 40G ports (27-28), and QSFP28 ports with 40G and 100G capability (25-26 and 29-30) are enabled. QSFP+ ports support 40GE and 4x10G breakouts. QSFP28 ports support 100GE and 2x50G breakouts with QSFP28 transceivers, and 40GE and 4x10G breakouts with QSFP+ transceivers.
• To change the port profile on a switch, use the switch-port-profile command with the desired profile, save it to the startup configuration and use the reload command to apply the change. The switch reboots with new port configuration. The no version of the command resets to the default profile.
Usage Information • • • • • Example Supported Releases If you assign an IP address to an interface, you cannot use this command to enable L2 switching — you must first remove the IP address. The access parameter automatically adds an interface to default VLAN1 to transmit untagged traffic. Use the switchport access vlan command to change the access VLAN assignment. The trunk parameter configures an interface to transmit tagged VLAN traffic.
• Example Supported Releases The no version of the command removes the Fabric Expander provisioning. OS10(config)# unit-provision 1/78 403RPK2 10.4.0E(R3S) or later wavelength Configures wavelength for tunable 10-GB SFP+ optical transceiver. Syntax wavelength wavelength-value Parameters wavelength-value — Enter a value to set a wavelength for the SPF+ optics. The range is from 1528.38 to 1568.77. Defaults None.
11 PowerEdge MX Ethernet I/O modules The Dell EMC PowerEdge MX7000 supports the following Ethernet modules: MX9116n Fabric Switching Engine, MX7116n Fabric Expander Module, and MX5108n Ethernet Switch. For detailed information, see the Dell EMC PowerEdge MX7000 documentation. • The MX9116n Fabric Switching Engine is a scalable L2/L3 switch designed that provides high-bandwidth, low-latency 25GE networking; for example, in private cloud and software-defined storage (SDS) networks.
• Use power control. SmartFabric mode In SmartFabric mode, the PowerEdge MX switches operate as Layer 2 I/O aggregation devices. The OpenManage Enterprise - Modular interface supports most switch configuration settings. Use SmartFabric mode to configure your switch. SmartFabric mode supports all OS10 show commands and the following subset of CLI configuration commands: Other CLI configuration commands are not available. • • • • • • • • • • • • • clock — Configure clock parameters.
Changing operating modes To switch an MX9116n Fabric Switching Engine or MX5108n Ethernet Switch between Full Switch and SmartFabric modes, use the OpenManage Enterprise - Modular interface to create a new fabric. Full Switch to SmartFabric mode All Full Switch CLI configuration changes are deleted except for the subset of supported configuration commands that you can also enter and save in SmartFabric mode (see Operating modes).
• • • For information about how to configure single-density QSFP28 Ethernet port groups 13 and 14, see Single-density QSFP28 interfaces. For information about how to configure unified port groups 15 and 16 to operate in Ethernet or Fibre Channel mode, see Unified port groups. If an MX9116n module is in SmartFabric mode, use the OpenManage Enterprise - Modular interface to configure breakout interfaces and speed on a QSFP28-DD port. 1.
View QSFP28-DD interface OS10(config)# interface ethernet 1/1/29:4 OS10(conf-if-eth1/1/29:4)# show configuration ! interface ethernet1/1/29:4 no shutdown View QSFP28-DD port groups and default modes OS10# show port-group Port-group Mode port-group1/1/1 Eth 25g-8x port-group1/1/2 Eth 25g-8x port-group1/1/3 Eth 25g-8x port-group1/1/4 Eth 25g-8x port-group1/1/5 Eth 25g-8x port-group1/1/6 Eth 25g-8x port-group1/1/7 Eth 25g-8x port-group1/1/8 Eth 25g-8x port-group1/1/9 Eth 25g-8x port-group1/1/10 Eth 100g-2x por
• • • The Fabric Expander is connected to the Fabric Engine by attaching a cable between a QSFP28-DD port on each device. On the Fabric Engine, the QSFP28-DD port-group connected to the Fabric Expander is in 25g-8x fabric-expander-mode mode. At least one compute sled is installed in the MX7000 chassis containing the Fabric Expander. NOTE: If you move a Fabric Expander by cabling it to a different QSFP28-DD port on the Fabric Engine, all software configurations on virtual ports are maintained.
403RPK2 MX7116n Fabric 1 Expander Module SKY003Q A2 port-group1/1/2 71 When the Fabric Switching Engine discovers the Fabric Expander, it creates virtual ports by mapping each 8x25GE FEM breakout interface in port groups 1 to 9 to a Fabric Expander virtual port. Table 28.
Port Description Status Speed Duplex Mode Vlan Tagged-Vlans --------------------------------------------------------------------------------...
2. Activate the QSFP28 port-group interface for Ethernet operation in PORT-GROUP mode. mode Eth {100g-1x | 50g-2x | 40g-1x | 25g-4x | 10g-4x} • 100g-1x — Reset a port group to 100GE mode. • 50g-2x — Split a QSFP28 port into two 50GE interfaces. • 40g-1x — Split a QSFP28 port into one 40GE interface. • 25g-4x — Split a QSFP28 port into four 25GE interfaces. • 10g-4x — Split a QSFP28D port into four 10GE interfaces. 3. Return to CONFIGURATION mode. exit 4.
Server-facing interfaces On the MX9116n Fabric Switching Engine and MX5108n Ethernet Switch, server-facing interfaces are internal and are enabled by default. To view the internal port connections to servers, use the show inventory media command. In the output, a server-facing interface displays INTERNAL as its media. A FIXED port does not use external transceivers and always displays as Dell EMC Qualified true. To view the server-facing backplane port status, use the show interface status command.
Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth ... 1/1/7 1/1/8 1/1/9 1/1/10 1/1/11 1/1/12 1/1/13 1/1/14 1/1/15 1/1/16 down down down down up down down down down down 0 0 0 0 25G 0 0 0 0 0 auto auto auto auto auto auto auto auto auto A A A A A A A A A A 1 1 1 1 1 1 1 1 1 1 - Replace MX Ethernet IO modules in SmartFabric OS10 enables you to replace an Ethernet I/O module (IOM) that is part of a SmartFabric, when an error occurs.
5. Confirm that the new IOM is recognized by OME-Modular. NOTE: To confirm that the new IOM is listed in the correct Chassis and slot, log in to the OME-Modular GUI. Verify and configure IOM settings • • Verify the firmware version on the new IOM. You may need to upgrade the firmware on the new IOM. To view the pending firmware upgrade, use the show image firmware command. For more information, see Install firmware upgrade.
Log in to the master IOM from the member To use the module replacement command, access the master IOM from the member. Use the IPv6 address of the master IOM to log in to the master IOM. After logging in to the master IOM, use the module replacement command to initiate the replacement workflow. 1. Log in to the Linux shell from EXEC mode in the connected IOM. OS10# system bash admin@MX9116N-A2:~$ 2. Log in to the master IOM using the IPv6 address displayed in the IOM.
No Fabric found for specified nodes. Please recheck and issue this command again. Output example when you use the module replacement command in the master IOM: admin@MX9116N-A2:~$ sfs_node_replace.
12 Fibre Channel OS10 switches with Fibre Channel (FC) ports operate in one of the following modes: Direct attach (F_Port), NPIV Proxy Gateway (NPG), or FIP Snooping Bridge (FSB). In the FSB mode, you cannot use the FC ports. F_Port Fibre Channel fabric port (F_Port) is the switch port that connects the FC fabric to a node. S4148U-ON, MX9116n, and MX7116n switches support F_Port. Enable Fibre Channel F_Port mode globally using the feature fc domain-ID domain-ID command in CONFIGURATION mode.
Fibre Channel over Ethernet Fibre Channel over Ethernet (FCoE) encapsulates Fibre channel frames over Ethernet networks. FCoE Initialization protocol (FIP) establishes Fibre channel connectivity with Ethernet ports. FIP snooping bridge (FSB) implements security characteristics to admit valid FCoE traffic in the Ethernet networks. FIP and FCoE provide FC emulation over Ethernet links.
Configure FIP snooping bridge OS10(config)# feature fip-snooping OS10(config)# interface ethernet 1/1/32 OS10(conf-if-eth1/1/32)# fip-snooping port-mode fcf OS10(conf-if-eth1/1/32)# exit OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# fip-snooping enable OS10(conf-if-vl-100)# fip-snooping fc-map 0xEFC64 OS10(conf-if-vl-100)# exit OS10(config)# fcoe max-sessions-per-enodemac 64 View FIP snooping configuration details OS10# show fcoe statistics interface vlan 100 Number of Vlan Requests :0 Number of Vl
----------------d4:ae:52:1b:e3:cd ---------------- ---- ---- -------ethernet1/1/54 100 1 5 Terminology ENode End Node or FCoE node FC Fibre Channel FC ID A 3-byte address used by FC to identify the end points FC Map A 3-byte prefix configured per VLAN, used to frame FCoE MAC address FCF Fibre Channel Forwarder FCoE Fibre Channel over Ethernet FCoE MAC Unique MAC address used to identify an FCoE session. This is a combination of FC ID and FC Map.
View vfabric configuration OS10(conf-vfabric-100)# show configuration ! vfabric 100 name 100 vlan 1023 fcoe fcmap 0xEFC64 zoneset activate set zone default-zone permit OS10# show vfabric Fabric Name 100 Fabric Type FPORT Fabric Id 100 Vlan Id 1023 FC-MAP 0xEFC64 Config-State ACTIVE Oper-State UP ========================================== Switch Config Parameters ========================================== Domain ID 100 ========================================== Switch Zoning Parameters ======================
Configure vfabric in NPG mode OS10(config)# vfabric 10 OS10(conf-vfabric-10)# name 10 OS10(conf-vfabric-10)# vlan 100 OS10(conf-vfabric-10)# fcoe fcmap 0x0efc01 OS10(conf-vfabric-10)# fcoe fcf-priority 128 OS10(conf-vfabric-10)# fcoe fka-adv-period 8 OS10(conf-vfabric-10)# fcoe vlan-priority 3 OS10(conf-vfabric-10)# exit OS10(config)# interface ethernet 1/1/31 OS10(conf-if-eth1/1/31)# vfabric 10 View vfabric configuration OS10(conf-vfabric-10)# show configuration ! vfabric 10 name 10 vlan 100 fcoe fcmap 0xE
5. Create a zoneset using the fc zoneset zoneset-name command in CONFIGURATION mode. The switch enters Zoneset CONFIGURATION mode. 6. Add the existing zones to the zoneset with the member zone-name command in Zoneset CONFIGURATION mode. 7. Activate the zoneset using the zoneset activate zoneset-name command in vfabric CONFIGURATION mode. The members in the zoneset become active. 8.
50:00:d3:10:00:ec:f9:1f hba1 *10:00:00:90:fa:b8:22:19 *21:00:00:24:ff:7b:f5:c8 OS10# show fc zoneset set ZoneSetName ZoneName ZoneMember ========================================================== set hba1 21:00:00:24:ff:7b:f5:c8 10:00:00:90:fa:b8:22:19 21:00:00:24:ff:7f:ce:ee 21:00:00:24:ff:7f:ce:ef hba2 20:01:00:0e:1e:e8:e4:99 50:00:d3:10:00:ec:f9:1b 50:00:d3:10:00:ec:f9:05 50:00:d3:10:00:ec:f9:1f 20:35:78:2b:cb:6f:65:57 F_Port on Ethernet OS10 supports configuring F_Port mode on an Ethernet port that
NOTE: The pinned port configuration is supported on FSB, Ethernet downlink port-channel of NPG, and F_Port mode. Limitations: • • • • The system uses an ACL table for ENode MAC with a redirect port option similar to FCF. This limits the number of FC or FCoE sessions. When the pinned port goes down, you must manually re-configure another active port in the port-channel as pinned port. You can perform this re-configuration only in the intermediate switches, but not in the server.
Sample FSB configuration on VLT network 1. Enable the FIP snooping feature globally. OS10(config)# feature fip-snooping 2. Create the FCoE VLAN. OS10(config)#interface vlan 1001 OS10(conf-if-vl-1001)# fip-snooping enable 3. Configure the VLTi interface. OS10(config)# interface ethernet 1/1/27 OS10(conf-if-eth1/1/27)# no shutdown OS10(conf-if-eth1/1/27)# no switchport 4. Configure the VLT. OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.151.
OS10(config)# policy-map type network-qos PFC OS10(config-pmap-network-qos)# class fcoematch OS10(config-pmap-c-nqos)# pause OS10(config-pmap-c-nqos)# pfc-cos 3 7. Create uplink and downlink port-channels, and configure the FCF facing port.
Version : 2.0 Local System MAC address : 50:9a:4c:d3:cf:70 Primary priority : 32768 VLT MAC address : 50:9a:4c:d3:cf:70 IP address : fda5:74c8:b79e:1::2 Delay-Restore timer : 90 seconds Peer-Routing : Disabled Peer-Routing-Timeout timer : 0 seconds VLTi Link Status port-channel1000 : up VLT Peer Unit ID System MAC Address Status IP Address Version ---------------------------------------------------------------------------------1 50:9a:4c:d3:e2:f0 up fda5:74c8:b79e:1::1 2.
Initiator CNA>> OS10(config-fc-zone-zoneA)# member wwn 21:00:00:24:ff:7b:f5:c8 <> 3. Create the FC zoneset. OS10(config)# fc zoneset zonesetA OS10(conf-fc-zoneset-zonesetA)# member zoneA 4. Create the vfabric VLAN. OS10(config)# interface vlan 1001 5. Create vfabric and activate the FC zoneset. OS10(config)# vfabric OS10(conf-vfabric-1)# OS10(conf-vfabric-1)# OS10(conf-vfabric-1)# 1 vlan 1001 fcoe fcmap 0xEFC00 zoneset activate zonesetA 6. Configure the VLTi interface.
View configuration Name server entries: OS10# show fc ns switch brief Total number of devices = 2 Intf# Domain port-channel10(Eth 1/1/9) 1 20:00:f4:e9:d4:a4:7d:c3 fibrechannel1/1/26 1 21:00:00:24:ff:7c:ae:0e FC-ID 01:00:00 Enode-WWPN 20:01:f4:e9:d4:a4:7d:c3 01:68:00 21:00:00:24:ff:7c:ae:0e Enode-WWNN Zoneset details: vFabric id: 1 Active Zoneset: zonesetA ZoneName ZoneMember =========================================================== zoneA *20:01:f4:e9:d4:a4:7d:c3 *21:00:00:24:ff:7c:ae:0e Pinned port
OS10(conf-if-po-20)# switchport access vlan 1 OS10(conf-if-po-20)# switchport trunk allowed vlan 1001,10 6. Apply the PFC configuration on downlink and uplink interfaces. In addition, include the interfaces to the port-channel and configure one of the interfaces as pinned-port.
Sample FC Switch configuration on non-VLT network 1. Enable the F_PORT mode. OS10(config)# feature fc domain-id 1 2. Create the FC zones. OS10(config)# fc zone zoneA OS10(config-fc-zone-zoneA)# member wwn 10:00:00:90:fa:b8:22:19 <> OS10(config-fc-zone-zoneA)# member wwn 21:00:00:24:ff:7b:f5:c8 <> 3. Create the FC zoneset. OS10(config)# fc zoneset zonesetA OS10(conf-fc-zoneset-zonesetA)# member zoneA 4. Create the vfabric VLAN.
Name server entries: OS10# show fc ns switch brief Total number of devices = 2 Intf# Domain port-channel10(Eth 1/1/9) 1 20:00:f4:e9:d4:a4:7d:c3 fibrechannel1/1/26 1 21:00:00:24:ff:7c:ae:0e FC-ID 01:00:00 Enode-WWPN 20:01:f4:e9:d4:a4:7d:c3 01:68:00 21:00:00:24:ff:7c:ae:0e Enode-WWNN Zoneset details: vFabric id: 1 Active Zoneset: zonesetA ZoneName ZoneMember =========================================================== zoneA *20:01:f4:e9:d4:a4:7d:c3 *21:00:00:24:ff:7c:ae:0e Pinned port status: OS10# show
Configure multi-hop FSB The following example shows a simple multi-hop FSB setup. CNA-2 and CNA-3 shown in this topology are for illustrative purposes only. The following example does not include CNA-2 and CNA-3 configurations. Ensure that the access and core FSB switches are running in FSB mode. To configure multi-hop FSB: 1. Configure the L2 switch. a. Disable flow control on the interfaces connected to CNA-4 and FSB1.
L2switch(config-pmap-network-qos)# class c3 L2switch(config-pmap-c-nqos)# pause L2switch(config-pmap-c-nqos)# pfc-cos 3 L2switch(config)# policy-map type queuing ets_policy L2switch(config-pmap-queuing)# class q0 L2switch(config-pmap-c-que)# bandwidth percent 30 L2switch(config-pmap-c-que)# class q3 L2switch(config-pmap-c-que)# bandwidth percent 70 f. Create a qos-map.
d. Create an FCoE VLAN and configure FIP snooping on the FCoE VLAN. FSB1(config)# interface vlan 777 FSB1(conf-if-vl-777)# fip-snooping enable e. Create class-maps. FSB1(config)# class-map type network-qos c3 FSB1(config-cmap-nqos)# match qos-group 3 FSB1(config)# class-map type queuing q0 FSB1(config-cmap-queuing)# match queue 0 FSB1(config-cmap-queuing)# exit FSB1(config)# class-map type queuing q3 FSB1(config-cmap-queuing)# match queue 3 FSB1(config-cmap-queuing)# exit f. Create policy-maps.
FSB1(config)# interface ethernet 1/1/2 FSB1(conf-if-eth1/1/2)# switchport mode trunk FSB1(conf-if-eth1/1/2)# switchport trunk allowed vlan 777 j. Configure FIP snooping port mode on the L2 DCBX switch connected interface and FSB2 connected interface. The default port mode is ENode. Hence, CNA1-connected interface does not require additional configuration.
g. Create a qos-map. FSB2(config)# qos-map traffic-class tc-q-map1 FSB2(config-qos-map)# queue 3 qos-group 3 FSB2(config-qos-map)# queue 0 qos-group 0-2,4-7 h. Apply the QoS configurations on FSB1 and FCF connected interfaces.
e. Create a vfabric VLAN. FCF(config)# interface vlan 777 f. Create vfabric and activate the zoneset. FCF(config)# vfabric FCF(conf-vfabric-2)# FCF(conf-vfabric-2)# FCF(conf-vfabric-2)# 2 vlan 777 fcoe fcmap 0xEFC00 zoneset activate zonesetA g. Enable DCBX. FCF(config)# dcbx enable h. Create class maps and policy maps.
Verify multi-hop FSB configuration Verify the configuration using the following show commands: • To verify FSB mode and the CVL status, use the show fcoe system command. FSB1# show fcoe system Mode CVL Status FCOE VLAN List (Operational) FCFs Enodes Sessions • : : : : : : FSB Enabled 777 1 2 2 To verify the discovered ENodes, use the show fcoe enode command.
• To verify the active zoneset on the FCF, use the show fc zoneset active command. FCF# show fc zoneset active vFabric id: 2 Active Zoneset: zonesetA ZoneName ZoneMember =========================================================== zoneA 20:01:f4:e9:d4:a4:7d:c3 21:00:00:24:ff:7c:ae:0e Sample Multi-hop FSB configuration The following is a sample multi-hop FSB topology. In this topology: • • • • FSB1 and FSB2—access FSBs. FSB3 and FSB4—core FSBs.
FSB1/FSB2 FSB3/FSB4 FCF1/FCF2 3. Create FCoE VLAN and configure FIP snooping. 4. Create class-maps. 5. Create policy-maps. 6. Create a qos-map. 7. Configure port channel. 8. Configure VLTi interface member links. 9. Configure VLT domain. 10. Configure VLAN. 11. Apply QoS configurations on uplink (FSB3/FSB4) and downlink interfaces (CNA-1/CNA-2). Configure the uplink interface as pinned-port. 12. Configure FIP snooping port mode on the uplink interface. 3. Create FCoE VLAN and configure FIP snooping. 4.
6. Create a qos-map. FSB1(config)# qos-map traffic-class tc-q-map1 FSB1(config-qos-map)# queue 3 qos-group 3 FSB1(config-qos-map)# queue 0 qos-group 0-2,4-7 7. Configure port channel. FSB1(config)# interface port-channel 10 FSB1(conf-if-po-10)# no shutdown FSB1(conf-if-po-10)# vlt-port-channel 1 8. Configure VLTi interface member links.
FSB1(conf-if-eth1/1/31)# FSB1(conf-if-eth1/1/31)# FSB1(conf-if-eth1/1/31)# FSB1(conf-if-eth1/1/31)# trust-map dot1p default qos-map traffic-class tc-q-map1 service-policy input type network-qos nqpolicy service-policy output type queuing ets_policy 12. Configure FIP snooping port mode on the port channel interface. The default port mode is ENode. Hence, the interface connected to CNA-1 does not require additional configuration.
8. Configure VLTi interface member links.
FSB3 configuration 1. Enable FIP snooping. FSB3(config)# feature fip-snooping with-cvl 2. Enable DCBX. FSB3(config)# dcbx enable 3. Create FCoE VLAN and configure FIP snooping. FSB3(config)#interface vlan1001 FSB3(conf-if-vl-1001)# fip-snooping enable FSB3(conf-if-vl-1001)# no shutdown FSB3(config)#interface vlan1002 FSB3(conf-if-vl-1002)# fip-snooping enable FSB3(conf-if-vl-1002)# no shutdown 4. Create class-maps.
8. Configure VLTi interface member links.
FSB4 configuration 1. Enable FIP snooping. FSB4(config)# feature fip-snooping with-cvl 2. Enable DCBX. FSB4(config)# dcbx enable 3. Create FCoE VLAN and configure FIP snooping. FSB4(config)#interface vlan1001 FSB4(conf-if-vl-1001)# fip-snooping enable FSB4(conf-if-vl-1001)# no shutdown FSB4(config)#interface vlan1002 FSB4(conf-if-vl-1002)# fip-snooping enable FSB4(conf-if-vl-1002)# no shutdown 4. Create class-maps.
9. Configure VLT domain. FSB4(config)# vlt-domain 3 FSB4(conf-vlt-2)# discovery-interface ethernet1/1/40 FSB4(conf-vlt-2)# vlt-mac 1a:2b:3c:2a:1b:1c 10. Configure VLAN on FSB4.
FCF1(conf-vfabric-1)# fcoe fcmap 0xEFC00 FCF1(conf-vfabric-1)# zoneset activate zonesetA 6. Enable DCBX. FCF1(config)# dcbx enable 7. Create class-maps. FCF1(config)# class-map type network-qos c3 FCF1(config-cmap-nqos)# match qos-group 3 FCF1(config)# class-map type queuing q0 FCF1(config-cmap-queuing)# match queue 0 FCF1(config-cmap-queuing)# exit FCF1(config)# class-map type queuing q3 FCF1(config-cmap-queuing)# match queue 3 FCF1(config-cmap-queuing)# exit 8. Create policy-maps.
2. Create zones. FCF2(config)# fc zone zoneB FCF2(config-fc-zone-zoneB)# member wwn 20:01:00:0e:1e:f1:f1:84 FCF2(config-fc-zone-zoneB)# member wwn 53:00:a3:10:00:ec:f9:01 3. Create zoneset. FCF2(config)# fc zoneset zonesetB FCF2(conf-fc-zoneset-setB)# member zoneB 4. Create a vfabric VLAN. FCF2(config)# interface vlan 1002 5. Create vfabric and activate the zoneset.
11. Apply vfabric on the interfaces connected to FSB4 and the target.
Enodes Sessions : 1 : 1 FSB3 FSB3# show fcoe sessions Enode MAC Enode Interface FCF MAC FCF interface VLAN FCoE MAC FCID PORT WWPN PORT WWNN -------------------------------------------------------------------------------------------------------------------------f4:e9:d4:f9:fc:42 Po 10(Eth 1/1/36) 14:18:77:20:86:ce Eth 1/1/45 1001 0e:fc:00:02:02:00 02:02:00 23:05:22:11:0d:64:67:11 22:04:22:13:0d:64:67:00 FSB3# show fcoe fcf FCF MAC FCF Interface VLAN FC-MAP FKA_ADV_PERIOD No.
f4:e9:d4:f9:fc:42 Eth 1/1/45 14:18:77:20:86:ce ~ 02:02:00 23:05:22:11:0d:64:67:11 22:04:22:13:0d:64:67:00 1001 0e:fc:00:02:02:00 FCF1# show fc ns switch brief Total number of devices = 2 Intf# fibrechannel1/1/3 51:00:d3:10:00:ec:f9:01 ethernet1/1/45 22:04:22:13:0d:64:67:00 Domain FC-ID Enode-WWPN 2 02:00:00 50:00:d3:10:00:ec:f9:00 2 02:02:00 23:05:22:11:0d:64:67:11 Enode-WWNN FCF2 FCF2# show fcoe sessions Enode MAC Enode Interface FCF MAC FCF interface VLAN FCoE MAC FCID PORT WWPN PORT WWNN ---
NPG1 switch configuration 1. Enable the NPG feature. OS10(config)# feature fc npg 2. Configure vFabric. OS10(config)# vfabric 2 OS10(conf‐vfabric‐2)# vlan 1000 OS10(conf‐vfabric‐2)# name fcoe_fabric OS10(conf‐vfabric‐2)# fcoe fcmap 0efc02 3. Apply the vFabric configuration on the interface that connects to FC HBA and change the port mode to F_Port. OS10(config)# interface fibrechannel 1/1/21 OS10(conf‐if‐fc1/1/21)# vfabric 2 4. Apply the vFabric configuration on the interface that connects to CNA 1.
9. Apply the service policy on the interface that connects to CNA 1. OS10(config)# interface ethernet 1/1/50 OS10(conf‐if‐eth1/1/50)# service‐policy input type network‐qos pmap1 10. Configure the interface that connects to NPG2. OS10(config)# interface fibrechannel 1/1/5 OS10(config-if‐fc1/1/5)# vfabric 2 NPG2 switch configuration 1. Enable the NPG feature. OS10(config)# feature fc npg 2. Configure vFabric.
Support for untagged VLAN in FCoE In SmartFabric mode, OS10 provides support to use any untagged VLAN for FCoE Ethernet uplinks and Ethernet server ports, which are part of the FCoE VLAN. The FCoE uplink identifies FIP Snooping bridge (FSB) mode at the switch. You must configure the same untagged VLAN on the FCoE uplinks and server ports for the FCoE sessions to come up.
Example Supported Releases OS10(config)# fc zone hba1 OS10(config-fc-zone-hba1)# member wwn 10:00:00:90:fa:b8:22:19 OS10(config-fc-zone-hba1)# member wwn 21:00:00:24:ff:7b:f5:c8 10.3.1E or later fc zoneset Creates an FC zoneset and adds the existing FC zones to the zoneset. Syntax fc zoneset zoneset-name Parameters zoneset-name — Enter a name for the FC zoneset.
Command Mode Alias CONFIGURATION Usage Information Supported on the MX9116n switch in Full Switch mode starting in release 10.4.0E(R3S). Also supported in SmartFabric mode starting in release 10.5.0.1 The no version of this command removes the member from the FC alias. Example Supported Releases OS10(config)# fc alias test OS10(config-fc-alias-test)# member wwn 21:00:00:24:ff:7b:f5:c9 OS10(config-fc-alias-test)# member wwn 20:25:78:2b:cb:6f:65:57 10.3.
show fc alias Displays the details of a FC alias and its members. Syntax show fc alias [alias-name] Parameters alias-name — (Optional) Enter the FC alias name. Default Not configured Command Mode EXEC Usage Information Supported on the MX9116n switch in Full Switch mode starting in release 10.4.0E(R3S). Also supported in SmartFabric mode starting in release 10.5.0.
Domain Id 4 Switch Port port-channel10(Eth 1/1/9) FC-Id 04:00:00 Port Name 50:00:d3:10:00:ec:f9:05 Node Name 50:00:d3:10:00:ec:f9:00 Class of Service 8 Symbolic Port Name Compellent Port QLGC FC 8Gbps; Slot=06 Port=01 in Controller: SN 60665 of Storage Center: DEVTEST 60665 Symbolic Node Name Compellent Storage Center: DEVTEST 60665 Port Type N_PORT Registered with NameServer Yes Registered for SCN No Example (brief) Supported Releases OS10# show fc ns switch brief Total number of devices = 1 Intf# Domain
show fc zoneset Displays the FC zonesets, the zones in the zoneset, and the zone members. Syntax show fc zoneset [active | zoneset-name] Parameters zoneset-name — Enter the FC zoneset name.
hba2 Supported Releases 20:01:00:0e:1e:e8:e4:99 50:00:d3:10:00:ec:f9:1b 50:00:d3:10:00:ec:f9:05 50:00:d3:10:00:ec:f9:1f 20:35:78:2b:cb:6f:65:57 10.3.1E or later zone default-zone permit Enables access between all logged-in FC nodes of the vfabric in the absence of an active zoneset configuration.
fc port-mode F Configures port mode on Fibre Channel interfaces. Syntax fc port-mode F Parameters None Defaults N_Port Command Mode Fibre Channel INTERFACE Usage Information Configure the port mode when the port is in Shut mode and when NPG mode is enabled. The no version of this command returns the port mode to default. Example Supported Releases OS10(config)# interface fibrechannel 1/1/1 OS10(conf-if-fc1/1/1)# fc port-mode F 10.4.1.0 or later feature fc npg Enables the NPG mode globally.
FC-ID :01:04:02 Login Method :FLOGI Time since discovered(in Secs) :6253 Status :LOGGED_IN Example (brief) Supported Releases Total NPG Devices = 1 ENode-Interface ENode-WWPN FCoE-Vlan Fabric-Intf Vfabric-Id LoginMe -------------------------------------------------------------------------------------Po 10(Eth 1/1/9) 20:01:d4:ae:52:1a:ee:54 1001 Fc 1/1/25 10 FLOGI LOGGED_IN 10.4.
Example Supported Releases OS10(config)# vfabric 10 OS10(conf-vfabric-10)# name OS10(conf-vfabric-10)# fcoe OS10(conf-vfabric-10)# fcoe OS10(conf-vfabric-10)# fcoe OS10(conf-vfabric-10)# fcoe 10 fcmap 0x0efc01 fcf-priority 128 fka-adv-period 8 vlan-priority 3 10.3.1E or later name Configures a vfabric name. Syntax name vfabric-name Parameters vfabric-name — Enter a name for the vfabric.
Number of FLOGO Accepts Number of FLOGO Rejects Supported Releases 10.3.1E or later show fc switch Displays FC switch parameters. Syntax show fc switch Parameters None Default Not configured Command Mode EXEC Usage Information None Example Supported Releases OS10# show fc switch Switch Mode : FPORT Switch WWN : 10:00:14:18:77:20:8d:cf 10.3.1E or later show running-config vfabric Displays the running configuration for the vfabric.
Example OS10# show vfabric Fabric Name SAN_FABRIC Fabric Type FPORT Fabric Id 10 VlanId 1001 FC-MAP 0EFC00 Config-State ACTIVE Oper-State UP ========================================== Switch Config Parameters ========================================== Domain ID 4 ========================================== Switch Zoning Parameters ========================================== Default Zone Mode: Deny Active ZoneSet: zoneset5 ========================================= Members fibrechannel1/1/25 port-channel10(Eth
Example OS10(config)# interface fibrechannel 1/1/1 OS10(conf-if-fc1/1/1)# vfabric 100 OS10(config)# interface ethernet 1/1/10 OS10(conf-if-eth1/1/10)# vfabric 200 Supported Releases 10.3.1E or later vlan Associates an existing VLAN ID to the vfabric to carry traffic. Syntax vlan vlan-ID Parameters vlan-ID — Enter an existing VLAN ID. Defaults Not configured Command Mode Vfabric CONFIGURATION Usage Information Create the VLAN ID before associating it to the vfabric.
Example OS10(config)# feature fip-snooping OS10(config)# feature fip-snooping with-cvl Supported Releases 10.4.0E(R1) or later fip-snooping enable Enables FIP snooping on a specified VLAN. Syntax fip-snooping enable Parameters None Defaults Disabled Command Mode VLAN INTERFACE Usage Information Enable FIP snooping on a VLAN only after enabling the FIP snooping feature globally using the feature fipsnooping command. OS10 supports FIP snooping on a maximum of 12 VLANs.
Usage Information OS10 supports this configuration only on a switch running FSB mode, and on Ethernet and port-channel interfaces. You cannot configure FIP snooping port mode on a port channel member. Use this command to change the port mode. By default, the port mode of an interface is set to ENode. Configure the port mode only after you enable FIP snooping. Before you disable FIP snooping, reset the port mode to its default value, ENode.
Example Supported Releases OS10# clear fcoe statistics interface ethernet 1/1/1 OS10# clear fcoe statistics interface port-channel 5 10.4.0E(R1) or later fcoe-pinned-port Marks a port as a pinned port in the port-channel. This configuration is supported on FSB, Ethernet LAG in NPG, and F_Port mode. It is not supported on a VLTi LAG. Syntax fcoe-pinned-port Parameters node/slot/port[:subport]—Enter the interface type details.
Parameter priority-value — Enter PFC priority value advertised in FCoE application TLV. You can enter one of the following values: 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, or 0x80. Default 0x08 Command Mode CONFIGURATION Usage Information You can configure only one PFC priority at a time. The no version of this command returns the configuration to default value. Example Supported Releases OS10(config)# fcoe priority-bits 0x08 10.4.
show fcoe fcf Displays details of the FCFs connected to the switch. Syntax show fcoe [fcf-mac-address] Parameters fcf-mac-address — (Optional) Enter the MAC address of the FCF. This option displays details of the specified FCF.
Command Mode EXEC Usage Information None Example Supported Releases Enode MAC Enode Interface FCF MAC FCF interface VLAN FCoE MAC FC-ID PORT WWPN aa:bb:cc:00:00:00 Po 20(Eth 1/1/3) aa:bb:cd:00:00:00 Po 10(Eth 1/1/1) 100 0e:fc:00:01:00:01 01:00:01 31:00:0e:fc:00:00:00:00 21:00:0e:fc:00:00:00:00 aa:bb:cc:00:00:00 Po 20(Eth 1/1/3) aa:bb:cd:00:00:00 Po 10(Eth 1/1/1) 100 0e:fc:00:01:00:02 01:00:02 31:00:0e:fc:00:00:00:00 21:00:0e:fc:00:00:00:00 10.4.
Command Mode EXEC Usage Information None Example Supported Releases OS10# show fcoe system Mode: FIP Snooping Bridge CVL Status: Enabled FCOE VLAN List (Operational) FCFs Enodes Sessions : : : : 1, 100 1 2 17 10.4.0E(R1) or later show fcoe vlan Displays details of FIP-snooping VLANs.
13 Layer 2 802.1X Verifies device credentials before sending or receiving packets using the Extensible Authentication Protocol (EAP), see 802.1X Commands. Link Aggregation Control Protocol (LACP) Exchanges information between two systems and automatically establishes a link aggregation group (LAG) between the systems, see LACP Commands.
The authentication process involves three devices: • • • Supplicant — The device attempting to access the network performs the role of supplicant. Regular traffic from this device does not reach the network until the port associated to the device is authorized. Before that, the supplicant can only exchange 802.1x messages (EAPOL frames) with the authenticator.
EAP over RADIUS 802.1X uses RADIUS to transfer EAP packets between the authenticator and the authentication server. EAP messages are encapsulated in RADIUS packets as an attribute of type, length, value (TLV) format — the type value for EAP messages is 79. Configure 802.1X You can configure and enable 802.1X on a port in a single process. OS10 supports 802.1X with EAP-MD5. All platforms support RADIUS as the authentication server.
Enable 802.1X 1. Enable 802.1X globally in CONFIGURATION mode. dot1x system-auth-control 2. Enter an interface or a range of interfaces in INTERFACE mode. interface range 3. Enable 802.1X on the supplicant interface only in INTERFACE mode. dot1x port-control auto Configure and verify 802.
Identity retransmissions If the authenticator sends a Request Identity frame but the supplicant does not respond, the authenticator waits 30 seconds and then retransmits the frame. There are several reasons why the supplicant might fail to respond — the supplicant maybe booting when the request arrived, there may be a physical layer problem, and so on. 1.
The Request Identity Retransmit interval is for an unresponsive supplicant. You can configure the interval for a maximum of 10 times for an unresponsive supplicant. 1. Configure the amount of time that the authenticator waits to retransmit a Request Identity frame after a failed authentication in INTERFACE mode from 1 to 65535, default 60 seconds.
Configure and verify force-authorized state OS10(conf-range-eth1/1/7-1/1/8)# dot1x port-control force-authorized OS10(conf-range-eth1/1/7-1/1/8)# do show dot1x interface ethernet 1/1/7 802.
Host Mode: Auth PAE State: Backend State: MULTI_HOST Initialize Initialize View interface running configuration OS10(conf-range-eth1/1/7-1/1/8)# do show running-configuration interface ...
dot1x re-authentication dot1x timeout quiet-period 120 dot1x timeout re-authperiod 3600 dot1x timeout server-timeout 60 dot1x timeout supp-timeout 45 dot1x timeout tx-period 120 ! interface ethernet1/1/8 no shutdown dot1x max-req 5 dot1x re-authentication dot1x timeout quiet-period 120 dot1x timeout re-authperiod 3600 dot1x timeout server-timeout 60 dot1x timeout supp-timeout 45 dot1x timeout tx-period 120 ... 802.1X commands dot1x host-mode Allows 802.
dot1x port-control Controls the 802.1X authentication performed on the interface. Syntax dot1x port-control {force-authorized | force-unauthorized | auto} Parameters • • • force-authorized — Disables 802.1X authentication on the interface and allows all traffic on the interface without authentication. force-unauthorized — Keeps the port in the unauthorized state, ignoring all attempts by the client to authenticate. auto — Enables 802.1X authentication on the interface.
dot1x timeout re-authperiod Sets the number of seconds between re-authentication attempts. Syntax dot1x timeout re-authperiod seconds Parameters re-authperiod seconds — Enter the number of seconds for the 802.1X re-authentication timeout, from 1 to 65535. Default 3600 seconds Command Mode INTERFACE Usage Information The no version of this command resets the value to the default. Example Supported Releases OS10(conf-range-eth1/1/7-1/1/8)# dot1x timeout re-authperiod 7200 10.2.
Default 60 seconds Command Mode INTERFACE Usage Information The no version of this command resets the value to the default. Example Supported Releases OS10(conf-range-eth1/1/7-1/1/8)# dot1x timeout tx-period 120 10.2.0E or later show dot1x Displays global 802.1X configuration information.
Port Auth Status: --more-Example (when dot1x is not enabled globally) Supported Releases UNAUTHORIZED OS10# show dot1x interface 802.1x not enabled in the system OS10# 10.2.0E or later Far-end failure detection Far-End Failure Detection (FEFD) is a protocol that detects remote data link errors in a network. FEFD uses a link layer echo protocol to detect and signal far-end failures over Ethernet and optical links.
FEFD modes FEFD operates in two modes—Normal mode and aggressive mode. • • Normal mode—When you enable Normal mode on an interface and a far-end failure is detected, no intervention is required to reset the interface to bring it back to an FEFD operational state. Aggressive mode—When you enable Aggressive mode on an interface in the same state, you must manually reset the interface.
Enable FEFD globally To configure FEFD globally: 1. Do one of the following: • Configure FEFD Normal mode globally using the fefd-global command in CONFIGURATION mode. OS10(Config)# fefd-global • Configure FEFD Normal mode globally using the fefd-global mode normal command in CONFIGURATION mode. OS10(Config)# fefd-global mode normal • Configure FEFD Aggressive mode globally using the fefd-global mode aggressive command in CONFIGURATION mode. OS10(Config)# fefd-global mode aggressive 2.
• • To view FEFD information globally, use the show fefd command in EXEC mode. To view FEFD information for an interface, use the show fefd interface command in EXEC mode. The following is a sample output of FEFD global information: OS10# show fefd FEFD is globally 'ON', interval is 15 seconds, mode is Normal.
Usage Information The fefd command without any arguments enables the normal mode with the default FEFD interval of 15 seconds. If you use the no fefd command, the system does not disable FEFD if the fefd mode command is already present in the configuration. Similarly, if you use the no fefd mode command, the system does not disable FEFD if the fefd command is already present in the configuration. To disable FEFD on an interface when FEFD globally enabled, use the fefd disable command on the interface.
Parameters • Default Not configured Command Mode EXEC (Optional) interface—Enter the interface name to reset the error-disabled state of the interface because FEFD is set to Aggressive mode. Usage Information If you do not enter the interface name, this command resets the error-disabled state of all interfaces because FEFD is set to Aggressive mode. Example OS10# fefd reset OS10# fefd reset ethernet 1/1/2 Supported Releases 10.4.3.
eth1/1/8 Normal 22 eth1/1/9 Aggressive 22 eth1/1/10 Normal 22 Supported Releases Unknown Err-disabled Unknown 10.4.3.0 or later Link Aggregation Control Protocol Group Ethernet interfaces to form a single link layer interface called a LAG or port channel. Aggregating multiple links between physical interfaces creates a single logical LAG, which balances traffic across the member links within an aggregated Ethernet bundle and increases the uplink bandwidth.
3. Configure the LACP rate in INTERFACE mode (default normal). lacp rate [fast | normal] Configure LACP OS10(config)# lacp system-priority 65535 OS10(config)# interface range ethernet 1/1/7-1/1/8 OS10(conf-range-eth1/1/7-1/1/8)# lacp port-priority 4096 OS10(conf-range-eth1/1/7-1/1/8)# lacp rate fast Verify LACP configuration OS10(conf-range-eth1/1/7-1/1/8)# do show running-configuration ...
• Set the LACP rate in CONFIGURATION mode.
Bravo LAG configuration summary OS10(config)# interface port-channel 1 OS10(conf-if-po-1)# exit OS10(config)# interface ethernet 1/1/29 OS10(conf-if-eth1/1/29)# no switchport OS10(conf-if-eth1/1/29)# channel-group 1 mode active OS10(conf-if-eth1/1/29)# interface ethernet 1/1/30 OS10(conf-if-eth1/1/30)# no switchport OS10(conf-if-eth1/1/30)# channel-group 1 mode active OS10(conf-if-eth1/1/30)# interface ethernet 1/1/31 OS10(conf-if-eth1/1/31)# no switchport OS10(conf-if-eth1/1/31)# channel-group 1 mode activ
7840 packets, 938965 octets 0 64-byte pkts,1396 over 64-byte pkts, 6444 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 7840 Multicasts, 0 Broadcasts,0 Unicasts 0 throttles, 0 discarded, 0 Collisions, 0 wreddrops Rate Info(interval 299 seconds): Input 0 Mbits/sec, 0 packets/sec, 0% of line rate Output 0 Mbits/sec, 1 packets/sec, 0% of line rate Time since last interface status change : 01:25:29 Verify LAG 1 OS10# show interface port-channel 1 Port-channel 1 is up,line pr
Oper: State Key 1 Priority 32768 Partner Admin: State Key 0 Priority 0 Oper: State Key 1 Priority 32768 Verify LAG membership OS10# show lacp interface ethernet 1/1/29 Interface ethernet1/1/29 is up Channel group is 1 port channel is po1 PDUS sent: 17 PDUS rcvd: 11 Marker sent: 0 Marker rcvd: 0 Marker response sent: 0 Marker response rcvd: 0 Unknown packetse rcvd: 0 Illegal packetse rcvd: 0 Local Port: MAC Address=74:e6:e2:f5:b5:80 System Identifier=32768,32768 Port Identifier=32768,32768 Operational key=1
• If all the ports in a port channel have same port priority, the switch internally compares the interface names by base name, module number, port number, and then selects the lowest one to be active. For example, Ethernet 1 is less than Ethernet 2 and hence Ethernet 1 becomes active. In a VLT network, if the interface name is the same on both the VLT peers, then the port in switch with lower system MAC address becomes active.
In the above scenario, LACP fallback works as follows: 1. The ToR/server boots 2. The switch detects the link that is up and checks fallback enabled status. If fallback is enabled, the device waits for the time-out period for any LACP BPDUs. If there are no LACP BPDUs received within the time period, then the LAG enters into fallback mode and adds the first operationally UP port to the port channel instead of placing it in an inactive state. 3. Now the ToR/server has one port up and active.
In the above scenario, LACP fallback works as follows: 1. The ToR/server boots 2. One of the VLT peers takes care of controlling the LACP fallback mode. All events are sent to the controlling VLT peer for deciding the port that should be brought up and then the decision is passed on to peer devices. 3. The controlling VLT peer can decide to bring up one of the ports in either the local port channel or in the peer VLT port channel. 4.
Usage Information When you delete the last physical interface from a port channel, the port channel remains. Configure these attributes on an individual member port. If you configure a member port with an incompatible attribute, OS10 suspends that port in the port channel. The member ports in a port channel must have the same setting for link speed capability and duplex capability. The no version of this command removes the interface from the port channel.
lacp fallback preemption Enables or disables LACP fallback port preemption. Syntax lacp fallback preemption {enable | disable} Parameters • • Default Enabled Command Mode Port-channel INTERFACE enable—Enables preemption on the port channel. disable—Disables preemption on the port channel. Usage Information When you enable preemption, the fallback port election preempts the already elected fallback port and elects a new fallback port.
Command Mode INTERFACE Usage Information The no version of this command resets the maximum bundle size to the default value. Example Supported Releases OS10(conf-if-po-10)# lacp max-bundle 10 10.2.0E or later Lacp port-priority Sets the priority for the physical interfaces for LACP. Syntax lacp port-priority priority Parameters priority — Enter the priority for the physical interfaces (0 to 65535).
Example Supported Releases OS10(config)# lacp system-priority 32768 10.2.0E or later show lacp counter Displays information about LACP statistics. Syntax show lacp counter [interface port-channel channel-number] Parameters • • Default Not configured Command Mode EXEC interface port channel — (Optional) Enter the interface port-channel. channel-number — (Optional) Enter the LACP channel group number (1 to 128).
PDUS rcvd: 17 Marker sent: 0 Marker rcvd: 0 Marker response sent: 0 Marker response rcvd: 0 Unknown packetse rcvd: 0 Illegal packetse rcvd: 0 Local Port: ethernet1/1/29 MAC Address=90:b1:1c:f4:9b:8a System Identifier=32768,32768 Port Identifier=32768,32768 Operational key=1 LACP_Activity=passive LACP_Timeout=Long Timeout(30s) Synchronization=IN_SYNC Collecting=true Distributing=true Partner information refresh timeout=Long Timeout(90s) Actor Admin State=BCFHJKNO Actor Oper State=BDEGIKNO Neighbor: 178 MAC A
show lacp port channel Displays information about LACP port channels. Syntax show lacp port-channel [interface port-channel channel-number] Parameters • • Default Not configured Command Mode EXEC interface port channel — (Optional) Enter the interface port-channel. channel-number — (Optional) Enter the port channel number for the LACP neighbor (1 to 128). Usage Information All channel groups display if you do not enter the channel-number parameter.
• • • • • • An LLDP-enabled interface supports up to eight neighbors. An OS10 switch supports a maximum of 250 neighbors per system. OS10 switches receive and periodically transmit Link Layer Discovery Protocol Data Units (LLDPDUs). The default transmission interval is 30 seconds. LLDPDU information received from a neighbor expires after a specific amount of time, called time to live (TTL). The default TTL value is 120 seconds. Spanning-tree blocked ports allow LLDPDUs. 802.
Optional TLVs OS10 supports basic TLVs, management TLVs, IEEE 802.1 and IEEE 802.3 organization-specific TLVs, and LLDP-Media Endpoint Discovery (MED) TLVs. NOTE: The maximum size of the LLDPDUs supported on the transmission side is 1500 bytes. If the size of the TLVs that are transmitted exceeds 1500 bytes when adding one optional TLV of a particular type, all optional TLVs of that type is removed. Only the optional TLVs that fit the maximum supported size is allowed. Basic TLVs Table 32.
TLV Subtype Description Power through MDI 2 Not supported. Maximum frame size 4 Maximum frame size capability of the MAC and PHY. Table 35. iDRAC organizationally specific TLVs; Subtypes used in iDRAC custom TLVs (Type – 127, OUI – 0xF8-0xB1-0x56) TLV Subtype Description Originator 1 Indicates the iDRAC string that is used as originator. This string enables external switches to identify iDRAC LLDP PDUs. Port type 2 Following are the applicable port types: 1. iDRAC port (dedicated) 2.
TLV Subtype Description Originator 1 Indicates the OS10 string that is used as originator. The string enables the OS10 switches to identify LLDP PDUs. Role 2 Following are the applicable roles: 1. LEAF 2. SPINE 3. UNKNOWN IP address 3 Indicates the IPv6 address of the originator. Virtual IP address of the fabric 4 Virtual IP address of the master node. The Isilon nodes can also use this IPv6 address when needed.
127/2 — Network policy Application type, VLAN ID, L2 priority, and DSCP value. 127/3 — Local identification Physical location of the device expressed in one of three formats: • • • Coordinate-based LCI Civic address LCI Emergency call services ELIN 127/4 — Extended Power requirements, priority, and power status. power-via-MDI LLDP-MED capabilities TLV The LLDP-MED capabilities TLV communicates the types of TLVs that the endpoint device and network-connectivity device support.
• DSCP value An integer represents the application type the Type integer, which indicates a device function where a unique network policy is defined. An individual LLDP-MED network policy TLV generates for each application type that you use with OS10 commands, see Advertise LLDPMED TLVs. NOTE: Signaling is a series of control packets that exchange between an endpoint device and a network-connectivity device to establish and maintain a connection.
Packet timer values LLDPDUs transmit periodically. You can configure LLDP packet timer values for LLDPDU transmission. 1. Configure the LLDP packet timer value in CONFIGURATION mode. lldp timer 2. Enter the multiplier value for the hold time in CONFIGURATION mode. lldp holdtime-multiplier 3. Enter the delay in seconds for LLDP initialization on any interface in CONFIGURATION mode.
Disable LLDP OS10(config)# no lldp timer 100 OS10(config)# no lldp holdtime-multiplier 10 OS10(config)# no lldp reinit 8 Disable LLDP interface OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# ethernet 1/1/4 no lldp med no lldp tlv-select no lldp transmit no lldp receive Enable LLDP OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# lldp transmit OS10(conf-if-eth1/1/1)# lldp receive Disable LLDP globally OS10(config)# no ll
Advertise TLVs Configure the system to advertise TLVs from all interfaces or specific interfaces. If you configure an interface, only the interface sends LLDPDUs with the specified TLVs. 1. Enable basic TLV attributes to transmit and receive LLDP packets in INTERFACE mode. lldp tlv-select basic-tlv {port-description | system-name | system-description | systemcapabilities | management-address} 2. Enable dot3 TLVs to transmit and receive LLDP packets in INTERFACE mode.
4. Specify a name for VLAN 1 in INTERFACE VLAN mode. OS10(conf-if-vl-1)#vlan-name vlan1 Transmit the VLAN names of a specific set of VLANs An interface can transmit a maximum of eight VLAN names. If you specify 10 VLANs and the default VLAN has a name that is configured, the interface transmits LLDPDUs with VLAN names of the default VLAN and the first seven configured VLANs that have a name configured.
The interface transmits the name of the default VLAN even if the VLAN name is not explicitly configured. The interface transmits the first eight VLAN names and excludes the names of VLAN 9 and VLAN 10. Following shows that the interface transmits the names of VLANs 1 to 8: OS10# show lldp interface ethernet 1/1/1 local-device Device ID: 34:17:eb:f2:05:c4 Port ID: ethernet1/1/1 System Name: OS10 Capabilities: Router, Bridge, Repeater System description: Dell EMC Networking OS10 Enterprise.
5 vlan5 6 vlan6 7 vlan7 8 vlan8 9 vlan9 Maximum size of LLDP PDU: 1500 Current LLDP PDU Size: 386 LLDP PDU Truncated(Too many TLV's): false LLDP MED Capabilities: Supported: LLDP-MED Capabilities, Network Policy, Inventory Management Current: LLDP-MED Capabilities, Network Policy LLDP MED Device Type: Network connectivity Network policy advertisement LLDP-MED is enabled on all interfaces by default. Configure OS10 to advertise LLDP-MED TLVs from configured interfaces.
• View LLDP error messages in EXEC mode. show lldp errors • View LLDP timers in EXEC mode. show lldp timers • View the LLDP traffic in EXEC mode.
Adjacent agent advertisements • View brief information about adjacent devices in EXEC mode. show lldp neighbors • View all information that neighbors are advertising in EXEC mode. show lldp neighbors detail • View all interface-specific information that neighbors are advertising in EXEC mode.
S/W Revision : 10.1.9750B Serial Number : B11G152 Manufacturer : Dell Model : S6010-ON Asset ID : E1001 Power-via-MDI: Power Type: PD Device Power Source: Local and PSE Power Priority: Low Power required: 6.
Advertise virtual management IP address in management address TLV You can enable the system to select a single IP address in a VLT pair, using the lldp management-addr-tlv {ipv4 | ipv6} virtual-ip command globally or on a specific interface. LLDP advertises the elected virtual IP address in the management address TLV.
lldp enable Enables or disables LLDP globally. Syntax lldp enable Parameters None Default Enabled Command Mode CONFIGURATION Usage Information This command enables LLDP globally for all Ethernet PHY interfaces, except on those interfaces where you manually disable LLDP. The no version of this command disables LLDP globally irrespective of whether you manually disable LLDP on an interface. Example Supported Releases OS10(config)# lldp enable 10.3.
Parameters • • Default Enabled with network-policy TLV Command Mode INTERFACE enable — Enable LLDP-MED on the interface. disable — Disable LLDP-MED on the interface. Usage Information LLDP-MED communicates the types of TLVs that the endpoint device and network-connectivity device support. Use the no lldp med or lldp med disable command to disable LLDP-MED on a specific interface. Example Supported Releases OS10(conf-if-eth1/1/1)# lldp med disable 10.2.
• number — Enter a network policy index number, from 1 to 32. Default Not configured Command Mode INTERFACE Usage Information Attach only one network policy for per interface. Example Supported Release OS10(conf-if-eth1/1/5)# lldp med network-policy add 1 10.2.0E or later lldp med tlv-select Configures the LLDP-MED TLV type to transmit or receive.
Usage Information Enable LLDP globally on the system before using the lldp receive command. The no version of this command disables the reception of LLDP packets. Example Supported Releases OS10(conf-if-eth1/1/3)# lldp receive 10.2.0E or later lldp reinit Configures the delay time in seconds for LLDP to initialize on any interface. Syntax lldp reinit seconds Parameters seconds — Enter the delay timer value in seconds, from 1 to 10.
Usage Information The no form of the command disables TLV attribute transmission and reception in LLDP packets. Example Supported Releases OS10(conf-if-eth1/1/3)# lldp tlv-select basic-tlv system-name 10.2.0E or later lldp management-addr-tlv virtual-ip Enables VLT peers to send the elected virtual IP address in the management address TLV.
Supported Releases 10.2.0E or later lldp tlv-select dot3tlv Enables or disables the dot3 TLVs to transmit in LLDP packets. Syntax lldp tlv-select dot3tlv {macphy-config | max-framesize} Parameters • • Default Enabled Command Mode INTERFACE macphy-config — Enable the port VLAN ID TLV. max-framesize — Enable maximum frame size TLV. Usage Information The no version of this command disables TLV transmission. Example Supported Releases OS10(conf-if-eth1/1/3)# lldp tlv-select dot3tlv macphy-config 10.
Example OS10(conf-if-eth1/1/1)# lldp vlan-name-tlv allowed vlan vlan2 OS10(conf-if-eth1/1/1)# lldp vlan-name-tlv allowed vlan 2-10,12,14-16,20,24 Supported Releases 10.5.0 or later show lldp interface Displays the LLDP information that is advertised from a specific interface. Syntax show lldp interface ethernet node/slot/port[:subport] [local—device | med] Parameters • • • Default None Command Mode EXEC ethernet node/slot/port[:subport] — Enter the Ethernet interface information.
Network Policy LLDP MED Device Type: Network connectivity Example (MED) Supported Releases OS10# show lldp interface ethernet 1/1/20:1 med Port |Capabilities|Network Policy|Location|Inventory|POE ----------------|------------|--------------|--------|---------|--ethernet1/1/20:1| Yes| Yes| No| No| No Network Polices : 10.2.0E or later show lldp errors Displays the LLDP errors that are related to memory allocation failures, queue overflows, and table overflows.
ethernet1/1/16 ethernet1/1/17 ethernet1/1/18 ethernet1/1/19 ethernet1/1/20 ethernet1/1/21 ethernet1/1/22 ethernet1/1/23 ethernet1/1/24 ethernet1/1/25 ethernet1/1/26 ethernet1/1/27 ethernet1/1/28 ethernet1/1/29 ethernet1/1/30 ethernet1/1/31 ethernet1/1/32 Supported Releases | | | | | | | | | | | | | | | | | Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| Yes| No| No| No| No| No| No| No| No
Auto-neg advertised capabilities: 1000BASE-T half duplex mode Dell EMC Organization Specific Detail: Originator: Switch Service Tag: B8D1XC2 Product Base: base1 Product Serial Number: sn1 Product Part Number: pn1 Example (Interface) Supported Releases OS10# show lldp neighbors interface ethernet 1/1/1 Loc PortID Rem Host Name Rem Port Id Rem Chassis Id ----------------------------------------------------------------------ethernet1/1/1 OS10 ethernet1/1/2 4:17:eb:f7:06:c4 10.2.
show lldp traffic Displays LLDP traffic information including counters, packets that are transmitted and received, discarded packets, and unrecognized TLVs. Syntax show lldp traffic [interface ethernet node/slot/port[:subport]] Parameters interface ethernet node/slot/port[:subport] — (Optional) Enter the Ethernet interface information to view the LLDP traffic.
Interface: none Network Policy Profile 36 voice vlan 4 cos 3 Interface: ethernet 1/1/1,ethernet 1/1/3-5 Supported Releases 10.2.0E or later Media Access Control All Ethernet switching ports maintain media access control (MAC) address tables. Each physical device in your network contains a MAC address. OS10 devices automatically enter learned MAC addresses as dynamic entries in the MAC address table. Learned MAC address entries are subject to aging. Set the aging timer to zero (0) to disable MAC aging.
• • • • • address mac-address — (Optional) Displays MAC address information. interface ethernet node/slot/port[:subport] — (Optional) Displays a list of dynamic and static MAC address entries. interface port-channel number — (Optional) Displays port channel information, from 1 to 128. count — (Optional) Displays the number of dynamic and static MAC address entries. vlan vlan-id — (Optional) Displays information for a specified VLAN only, from 1 to 4093.
• • ethernet node/slot/port[:subport] — Delete the Ethernet interface configuration from the address table. port-channel channel-number — Delete the port-channel interface configuration from the address table, from 1 to 128. Default Not configured Command Mode EXEC Usage Information Use the all parameter to remove all dynamic entries from the address table. Example OS10# clear mac address-table dynamic all Example (VLAN) Supported Releases OS10# clear mac address-table dynamic vlan 20 10.2.
Supported Releases 10.2.0E or later show mac address-table Displays information about the MAC address table. Syntax show mac address-table [address mac-address | aging-time | [count [vlan vlanid] | dynamic | interface {ethernet node/slot/port[:subport] | port-channel number}]| static [address mac-address] | vlan vlan-id Parameters • • • • • address mac-address — (Optional) Displays MAC address table information. aging-time — (Optional) Displays MAC address table aging-time information.
EdgePort EdgePort allows the interface to forward traffic approximately 30 seconds sooner as it skips the Blocking and Learning states. CAUTION: Configure EdgePort only on links connecting to an end station. EdgePort can cause loops if you enable it on an interface connected to a network. Edge ports do not receive BPDUs. • Enable EdgePort on an interface in INTERFACE mode.
1. Enable spanning-tree BPDU filter in INTERFACE mode. spanning-tree bpdufilter enable 2. Enable STP BPDU guard in INTERFACE mode. spanning-tree bpduguard enable BPDU guard violation causes the system to perform the following actions: • • • Shuts down the port channel interface and all member ports are disabled in the hardware. Adds the physical port to a port-channel already in the Error_Disable state; also, the new member port is disabled in the hardware.
Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID -----------------------------------------------------------------ethernet1/1/4 128.272 128 500 BLK 500 32769 90b1.1cf4.a911 128.
----------------------------------------------bpduguard Enabled OS10# show errdisable recovery Error-Disable Recovery Timer Interval: 300 seconds Error-Disable Reason Recovery Status --------------------------------------------------bpduguard Enabled Recovery Time left Interface Errdisable Cause (seconds) --------------------------------------------------------------------ethernet 1/1/1:1 bpduguard 273 ethernet 1/1/2 bpduguard 4 port-channel 12 bpduguard 45 MAC flush optimization OS10 offers a MAC address
RPVST allows (VLAN, port) based flush until the number of calls sent is equal to the MAC flush threshold value that is configured. When the number of calls sent exceeds the configured threshold, RPVST ignores further (VLAN, port) based flush and starts the MAC flush timer. When the timer starts, the system blocks further flush. When the timer expires for that specific instance, the system triggers VLAN-based flushing. By default, the MAC flush threshold value is set to 5.
Common STP commands clear spanning-tree counters Clears the counters for STP. Syntax clear spanning-tree counters [interface {ethernet node/slot/port[:subport] | port—channel number}}] Parameters • interface — Enter the interface type: • • ethernet node/slot/port[:subport] — Deletes the spanning-tree counters from a physical port. port-channel number — Deletes the spanning-tree counters for a port-channel interface, from 1 to 128.
When the option is disabled, the port is not shut down but moved to BLOCKING state whenever there is a BPDU guard violation. In this case, the port is operationally DOWN in spanning-tree mode and when the recovery timer expires, the port is UP irrespective of the recovery cause configuration. The no version of the command disables the detect cause option. Example Supported Releases OS10(config)# errdisable detect cause bpduguard 10.4.2.
clear spanning-tree detected-protocol Forces the MST ports to renegotiate with neighbors. Syntax clear spanning-tree detected-protocol [interface {ethernet node/slot/ port[:subport] | port-channel number}] Parameters • interface — Enter the interface type: • • ethernet node/slot/port[:subport] — Enter the Ethernet interface information, from 1 to 48. port-channel number — Enter the port-channel number, from 1 to 128.
spanning-tree disable Disables Spanning-Tree mode configured with the spanning-tree mode command globally on the switch or specified interfaces. Syntax spanning-tree disable Parameters None Default Not configured. Usage Information The no version of this command re-enables STP and applies the currently configured spanning-tree settings. Command Mode CONFIGURATION INTERFACE Example Supported Releases OS10(config)# interface ethernet 1/1/4 OS10(config-if-eth1/1/4)# spanning-tree disable 10.3.
Supported Releases OS10 legacy command. spanning-tree mac-flush-timer Enables or disables MAC flush optimization. Syntax spanning-tree mac-flush-timer timer-interval Parameters timer-interval—Enter the timer interval in milli-seconds, from 0 to 500. The default value is 200 milliseconds. Default Enabled Command Mode CONFIGURATION Usage Information This command configures the flush interval time in milli-seconds, and controls the number of calls invoked from the spanning-tree module.
Usage Information When you configure an EdgePort on a device running STP, the port immediately transitions to the Forwarding state. Only configured ports connected to end hosts act as EdgePorts. Example Supported Releases OS10(config)# spanning-tree port type edge 10.2.0E or later show errdisable Displays information on errdisable configurations and port recovery status.
Example Supported Releases OS10# show spanning-tree interface ethernet 1/1/6:2 detail Port 281 (ethernet1/1/6:2) of RSTP 1 is root Forwarding Port path cost 2000, Port priority 128, Port Identifier 281.128 Designated root has priority 32768, address 34:17:44:55:66:7f Designated bridge has priority 32768, address 34:17:44:55:66:7f Designated port id is 151.
To achieve RPVST+ load balancing, assign a different priority on each bridge. Enable RPVST+ By default, RPVST+ is enabled and creates an instance only after you add the first member port to a VLAN. To participate in RPVST+, port-channel or physical interfaces must be a member of a VLAN. Add all physical and port-channel interfaces to the default VLAN (VLAN1). • Enable Rapid-PVST+ mode in CONFIGURATION mode.
• Assign a number as the bridge priority or designate it as the root in CONFIGURATION mode, from 0 to 61440. spanning-tree {vlan vlan-id priority priority-value} • • vlan-id — Enter a value between 1 to 4093. priority priority-value — Enter the priority value in increments of 4096, default is 32768. The lower the number assigned, the more likely this bridge becomes the root bridge.
ethernet1/1/23 128.348 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/24 128.352 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/25 128.356 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/26 128.360 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/27 128.364 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/28 128.368 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/29 128.372 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/30 128.376 128 200000000 FWD 0 32769 0000.0000.
Forward-time Amount of time required for an interface to transition from the Discarding state to the Learning state or from the Learning state to the Forwarding state. Hello-time Time interval within which the bridge sends BPDUs. Max-age Length of time the bridge maintains configuration information before it refreshes information by recomputing the RPVST+ topology. • Modify the forward-time in seconds in CONFIGURATION mode, from 4 to 30, default 15.
ethernet1/1/10 128.296 128 ethernet1/1/11 128.300 128 ethernet1/1/12 128.304 128 Supported Releases 200000000 FWD 0 200000000 FWD 0 200000000 FWD 0 32769 32769 32769 0000.0000.0000 128.296 0000.0000.0000 128.300 0000.0000.0000 128.304 10.2.0E or later spanning-tree vlan cost Sets the path cost of the interface per VLAN for PVST calculations.
Usage Information None Example Supported Releases OS10(config)# spanning-tree vlan 10 forward-time 16 10.2.0E or later spanning-tree vlan force-version Configures a forced version of spanning-tree to transmit BPDUs. Syntax spanning-tree vlan vlan-id force-version rstp Parameters • Default Not configured Command Mode CONFIGURATION rstp — Forces the version for the BPDUs transmitted by RPVST+ to RSTP Usage Information Forces a bridge that supports RPVST+ to operate in an STP-compatible mode.
Example Supported Releases OS10(config)# spanning-tree vlan 100 mac-flush-threshold 255 10.4.0E(R1) or later spanning-tree vlan max-age Configures the time period the bridge maintains configuration information before refreshing the information by recomputing RPVST. Syntax spanning-tree vlan vlan-id max-age seconds Parameters max-age seconds — Enter a maximum age value in seconds, from 6 to 40.
spanning-tree vlan root Designates a device as the primary or secondary root bridge. Syntax spanning-tree vlan vlan-id root {primary | secondary} Parameters • • • • Default Not configured Command Mode CONFIGURATION vlan-id — Enter a VLAN ID number, from 1 to 4093. root — Designate the bridge as the primary or secondary root. primary — Designate the bridge as the primary or root bridge. secondary — Designate the bridge as the secondary or secondary root bridge.
View all port participating in RSTP OS10# show spanning-tree Spanning tree enabled protocol rstp with force-version rstp Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 3417.4455.667f Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 90b1.1cf4.
Interface Name Role PortID Prio Cost Sts Cost Link-type Edge ------------------------------------------------------------------------ethernet1/1/1 Disb 128.260 128 200000000 BLK 0 AUTO No ethernet1/1/2 Disb 128.264 128 200000000 BLK 0 AUTO No ethernet1/1/3 Disb 128.268 128 200000000 BLK 0 AUTO No ethernet1/1/4 Disb 128.272 128 200000000 BLK 0 AUTO No ethernet1/1/5:1 Disb 128.
Interface Name Role PortID Prio Cost Sts Cost Link-type Edge ---------------------------------------------------------ethernet1/1/1 Altr 128.244 128 500 BLK 0 AUTO No ethernet1/1/2 Altr 128.248 128 500 BLK 0 AUTO No ethernet1/1/3 Root 128.252 128 500 FWD 0 AUTO No ethernet1/1/4 Altr 128.256 128 500 BLK 0 AUTO No Interface parameters Set the port cost and port priority values on interfaces in L2 mode. Port cost Value based on the interface type. The previous table lists the default values.
Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ---------------------------------------------------------------------ethernet1/1/6:3 128.282 128 2000 FWD 0 32768 3417.4455.667f 128.152 ethernet1/1/6:4 128.283 128 2000 BLK 0 32768 3417.4455.667f 128.153 Interface Name Role PortID Prio Cost Sts Cost Link-type Edge ----------------------------------------------------------------ethernet1/1/6:3 Root 128.
spanning-tree mode Enables an STP type: RSTP, Rapid-PVST+, or MST. Syntax spanning-tree mode {rstp | mst | rapid-pvst} Parameters • • • Default RPVST+ Command Mode CONFIGURATION rstp — Sets STP mode to RSTP. mst — Sets STP mode to MST. rapid-pvst — Sets STP mode to RPVST+. Usage Information All STP instances stop in the previous STP mode and restart in the new mode. You can also change to RSTP/MST mode.
spanning-tree rstp hello-time Sets the time interval between generation and transmission of RSTP BPDUs. Syntax spanning-tree rstp hello-time seconds Parameters seconds — Enter a hello-time interval value in seconds, from 1 to 10. Default 2 seconds Command Mode CONFIGURATION Usage Information Dell EMC recommends increasing the hello-time for large configurations, especially configurations with multiple ports. Example Supported Releases OS10(config)# spanning-tree rstp hello-time 5 10.2.
spanning-tree rstp priority Sets the priority value for RSTP. Syntax spanning-tree rspt priority priority value Parameters priority priority value — Enter a bridge-priority value in increments of 4096, from 0 to 61440. Valid priority values are: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440. All other values are rejected.
Configure and verify MSTP OS10(config)# spanning-tree mode mst OS10(config)# do show spanning-tree show spanning-tree mst configuration Region Name: abc Revision: 0 MSTI VID 0 1,7-4093 1 2 2 3 3 4 4 5 5 6 Add or remove interfaces By default, all interfaces are enabled in L2 switchport mode, and all L2 interfaces are part of spanning-tree. • Disable spanning-tree on an interface in INTERFACE mode. spanning-tree disable • Enable MST on an interface in INTERFACE mode.
View port forwarding/discarding state OS10# show spanning-tree msti 0 brief Spanning tree enabled protocol msti with force-version mst MSTI 0 VLANs mapped 1,31-4093 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 3417.4455.667f Root Bridge hello time 2, max age 20, forward delay 15, max hops 20 Bridge ID Priority 32768, Address 90b1.1cf4.a523 Configured hello time 2, max age 20, forward delay 15, max hops 20 CIST regional root ID Priority 32768, Address 90b1.1cf4.
• Assign a bridge priority number to a specific instance in CONFIGURATION mode, from 0 to 61440 in increments of 4096, default 32768. spanning-tree mst instance-number priority priority Assign root bridge priority OS10(config)# spanning-tree mst 0 priority 32768 Verify root bridge priority OS10# show spanning-tree active Spanning tree enabled protocol msti with force-version mst MSTI 0 VLANs mapped 1,31-4093 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 3417.4455.
Modify parameters The root bridge sets the values for forward-delay, hello-time, max-age, and max-hops and overwrites the values set on other MST bridges. Forward-time Time an interface waits in the Discarding state and Learning state before it transitions to the Forwarding state. Hello-time Interval in which the bridge sends MST BPDUs. Max-age Length of time the bridge maintains configuration information before it refreshes that information by recomputing the MST topology.
Port cost Interface type value. The greater the port cost, the less likely the port is a forwarding port. Port priority Influences the likelihood that a port is selected as a forwarding port if several ports have the same port cost.
Parameters region-name — Enter a name for an MST region. A maximum of 32 characters. Default System MAC address Command Mode MULTIPLE-SPANNING-TREE Usage Information By default, the MST protocol assigns the system MAC address as the region name. Two MST devices within the same region must share the same region name, including matching case. Example Supported Releases OS10(conf-mst)# name my-mst-region 10.2.0E or later revision Configures a revision number for the MSTP configuration.
spanning-tree msti Configures the MSTI, cost, and priority values for an interface. Syntax spanning-tree msti instance {cost cost | priority value} Parameters • • msti instance — Enter the MST instance number, from 0 to 63. For Mt. Echo platform, enter a MST instance value from 0 to 61. cost cost — (Optional) Enter a port cost value, from 1 to 200000000.
Usage Information The no version of this command enables spanning tree on the specified MST instance. Example Supported Releases OS10(config)# spanning-tree mst 10 disable 10.4.0E(R1) or later spanning-tree mst force-version Configures a forced version of STP to transmit BPDUs. Syntax spanning-tree mst force-version {stp | rstp} Parameters • • Default Not configured Command Mode CONFIGURATION stp — Forces the version for the BPDUs transmitted by MST to STP.
spanning-tree mst mac-flush-threshold Configures the mac-flush threshold value for a specific instance. Syntax spanning-tree mst instance-number mac-flush-threshold threshold-value Parameters • • Default Not configured Command Mode CONFIGURATION instance-number—Enter the instance number, from 0 to 4094. threshold-value—Enter the threshold value for the number of flushes, from 0 to 65535. The default value is 5.
show spanning-tree mst Displays MST configuration information. Syntax show spanning-tree mst configuration Parameters None Default Not configured Command Mode EXEC Usage Information Enable MSTl before using this command. Example Supported Releases OS10# show spanning-tree mst configuration Region Name: asia Revision: 0 MSTI VID 0 1,7-4093 1 2 2 3 3 4 4 5 5 6 10.2.0E or later show spanning-tree msti Displays MST instance information.
ethernet1/1/6 152.128 128 200000000 BLK 0 32768 90b1.1cf4.9b8a 128.152 ethernet1/1/7 156.128 128 200000000 BLK 0 32768 90b1.1cf4.9b8a 128.156 ... Interface Name Role PortID Prio Cost Sts Cost Link-type Edge --------------------------------------------------------------ethernet1/1/1 Disb 128.132 128 200000000 BLK 0 SHARED No ethernet1/1/2 Disb 128.136 128 200000000 BLK 0 SHARED No ethernet1/1/3 Disb 128.140 128 200000000 BLK 0 SHARED No ethernet1/1/4 Disb 128.
In SmartFabric Services mode, you can configure up to a maximum of 256 uplink VLANs including the default VLAN given the limited hardware capability. For each of the uplink VLAN interface, the system creates an ACL entry to classify the traffic. This ACL entry maps the traffic from the VLAN to the corresponding traffic-class (TC) queue. If you create more than 256 VLANs, ACL table creation fails when the uplinks are created in the Fiber Channel Gateway or the Fiber Channel Direct Attach mode.
49 1/1/50 1/1/51 1/1/52 1/1/53 1/1/54 A Eth1/1/3:1 The shutdown command stops L3–routed traffic only. L2 traffic continues to pass through the VLAN. If the VLAN is not a routed VLAN configured with an IP address, the shutdown command has no effect on VLAN traffic. When you delete a VLAN using the no interface vlan vlan-id command, any interfaces assigned to that VLAN are assigned to the default VLAN as untagged interfaces.
Access mode An access port is an untagged member of only one VLAN. Configure a port in Access mode and configure which VLAN carries the traffic for that interface. If you do not configure the VLAN for a port in Access mode, or an access port, the interface carries traffic for VLAN 1, the default VLAN. Change the access port membership in a VLAN by specifying the new VLAN. You must create the VLAN before you can assign the port in Access mode to that VLAN.
View running configuration OS10# show running-configuration ... ! interface ethernet1/1/8 switchport mode trunk switchport trunk allowed vlan 108 no shutdown ! interface vlan1 no shutdown ! ... Assign IP address You can assign an IP address to each VLAN to make it a L3 VLAN. All the ports in that VLAN belong to that particular IP subnet. The traffic between the ports in different VLANs route using the IP address.
Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 240 Last clearing of "show interface" counters Queueing strategy: fifo Time since last interface status change: Vlan 320 is up, line protocol is up Address is , Current address is Interface index is 69209184 Internet address is 20.2.11.
Internet address is not set MTU 1532 bytes LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 240 Last clearing of "show interface" counters Queueing strategy: fifo Time since last interface status change: Vlan 320 is up, line protocol is up Address is , Current address is Interface index is 69209184 Internet address is not set MTU 1532 bytes LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 240 Last clearing of "show interface" counters Queueing strategy: fifo Time si
NOTE: In SmartFabric Services mode, creation of VLAN is disabled. Example Supported Releases OS10(config)# interface vlan 10 OS10(conf-if-vl-10)# 10.2.0E or later show vlan Displays VLAN configurations. Syntax show vlan vlan-id Parameters vlan-id — (Optional) Enter a VLAN ID number, from 1 to 4093. Default Not configured Command Mode EXEC Usage Information Use this command to view VLAN configuration information for a specific VLAN ID.
2. Create a monitoring session in CONFIGURATION mode. monitor session session-id [local] 3. Enter the source and direction of the monitored traffic in MONITOR-SESSION mode. source interface interface-type {both | rx | tx} 4. Enter the destination of traffic in MONITOR-SESSION mode.
Session and VLAN requirements RPM requires the following: • • • Source session, such as monitored ports on different source devices. Reserved tagged VLAN for transporting monitored traffic configured on source, intermediate, and destination devices. Destination session, where destination ports connect to analyzers on destination devices. Configure any network device with source and destination ports.
4. Enable the monitoring interface in MONITOR-SESSION mode. no shut Create remote monitoring session OS10(config)# monitor session 10 type rpm-source OS10(conf-mon-rpm-source-10)# Configure source and destination port, and traffic direction OS10(conf-mon-rpm-source-10)# source interface vlan 10 rx OS10(conf-mon-rpm-source-10)# destination remote-vlan 100 OS10(conf-mon-rpm-source-10)# no shut View monitoring session OS10(conf-mon-rpm-source-10)# do show monitor session all S.
3. Configure source and destination IP addresses, and protocol type in MONITOR-SESSION mode. source-ip source ip-address destination-ip destination ip-address [gre-protocol protocolvalue] 4. Configure TTL and DSCP values in MONITOR-SESSION mode. ip {ttl ttl-number | dscp dscp-number} 5. Enable the monitoring interface in MONITOR-SESSION mode.
4. Define access-list rules using seq, permit, and deny statements in CONFIG-ACL mode. ACL rules describe the traffic to monitor. seq sequence-number {deny | permit} {source [mask] | any | host ip-address} [count [byte]] [fragments] [threshold-in-msgs count] [capture session session-id] 5. Return to CONFIGURATION mode. exit 6. Apply the flow-based monitoring ACL to the monitored source port in CONFIGURATION mode. The access list name can have a maximum of 140 characters.
Scenario Recommendation remote-span ! 2. Create an L2 ACL for the RPM VLAN - RPM session and attach it to VLTi LAG interface. ! mac access-list rpm seq 10 permit any any capture session 10 vlan 100 ! interface ethernet 1/1/1 no shutdown switchport access vlan 1 mac access-group rpm in ! 3. Create a flow-based RPM session on the peer VLT device to monitor the VLTi LAG interface as the source.
Scenario Recommendation Mirror an orphan port in the primary VLT device to any orphan port — on a secondary VLT device through the VLTi. The packet analyzer connects to the secondary VLT device through the orphan port. In this case, the mirroring packets duplicate. Mirror a VLT LAG of the primary VLT device to any orphan port on a secondary VLT device through the VLTi. The packet analyzer connects to the secondary VLT device through the orphan port.
Usage Information The no version of this command resets the value to the default. Example OS10(conf-mon-local-10)# destination interface port-channel 10 OS10(conf-mon-rpm-source-3)# destination remote-vlan 20 Supported Releases 10.2.0E or later flow-based Enables flow-based monitoring. The monitoring session can be: local, RPM, or ERPM.
• • rpm-source — (Optional) Enter a remote monitoring session. erpm-source — (Optional) Enter an encapsulated remote monitoring session. Default local Command Mode CONFIGURATION Usage Information The no version of this command removes the monitor session.
Command Mode MONITOR-SESSION Usage Information The no version of this command enables the monitoring session. Example OS10(config)# monitor session 1 OS10(conf-mon-local-1)# no shut OS10(config)# monitor session 5 type rpm-source OS10(conf-mon-rpm-source-5)# no shut OS10(config)# monitor session 10 type erpm-source OS10(conf-mon-erpm-source-10)# no shut Supported Releases 10.2.0E or later source Configures a source for port monitoring. The monitoring session can be: local, RPM, or ERPM.
Command Mode MONITOR-SESSION Usage Information Example Supported Releases OS10(config)# monitor session 10 OS10(conf-mon-erpm-source-10)# source-ip 10.16.132.181 destination-ip 172.16.10.11 gre-protocol 35006 10.4.
14 Layer 3 Bidirectional forwarding detection (BFD) Provides rapid failure detection in links with adjacent routers (see BFD commands). Border Gateway Protocol (BGP) Provides an external gateway protocol that transmits inter-domain routing information within and between autonomous systems (see BGP Commands). Equal Cost MultiPath (ECMP) Provides next-hop packet forwarding to a single destination over multiple best paths (see ECMP Commands).
Table 40.
Or management route 2::/64 managementethernet Configure non-default VRF instances In addition to a management VRF instance and default VRF, OS10 also supports non-default VRF instances. You can create a maximum of 512 non-default VRF instances. While you can assign management interfaces only to the management VRF instance, you can assign any physical or logical interface – VLAN, port channel, or loopback, to a non-default VRF instance.
ip vrf forwarding vrf-test Before assigning a n interface to a VRF instance, ensure that no IP address is configured on the interface. 3. Assign an IPv4 address to the interface. INTERFACE CONFIGURATION ip address 10.1.1.1/24 4. Assign an IPv6 address to the interface. INTERFACE CONFIGURATION ipv6 address 1::1/64 You can also auto configure an IPv6 address using the ipv6 address autoconfig command. Assign an interface back to the default VRF instance Table 41.
Deleting a non-default VRF instance Before deleting a non-default VRF instance, ensure all the dependencies and associations corresponding to that VRF instance are first deleted or disabled. The following procedure describes how to delete a non-default VRF instance: After deleting all dependencies, you can delete the non-default VRF instances that you have created.
Figure 7. Setup VRF Interfaces Router 1 ip vrf blue ! ip vrf orange ! ip vrf green ! interface ethernet 1/1/1 no ip address no switchport no shutdown ! interface ethernet1/1/2 no shutdown no switchport ip vrf forwarding blue ip address 20.0.0.
ip address 30.0.0.1/24 ! interface ethernet1/1/4 no shutdown no switchport ip vrf forwarding green ip address 40.0.0.1/24 ! interface vlan128 mode L3 no shutdown ip vrf forwarding blue ip address 1.0.0.1/24 ! interface vlan192 mode L3 no shutdown ip vrf forwarding orange ip address 2.0.0.1/24 ! ! interface vlan256 mode L3 no shutdown ip vrf forwarding green ip address 3.0.0.1/24 ! ip route vrf green 31.0.0.0/24 3.0.0.
mode L3 no shutdown ip vrf forwarding green ip address 3.0.0.2/24 ! ip route vrf green 30.0.0.0/24 3.0.0.
green Eth1/1/7 Vlan256 orange Eth1/1/6 Vlan192 OS10# show ip route vrf blue Codes: C - connected S - static B - BGP, IN - internal BGP, EX - external BGP O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, * - candidate default, + - summary route, > - non-active route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ---------------------------------------------------------------
Limitations • • • In VLT scenarios, the resolved ARP entry for the leaked route is not synchronized between the VLT peers. The ARP entry resolved in the source VRF is programmed into the leaked VRF when the leaked route configuration is active. During downgrade from 10.4.2, the leaked route configuration is restored. However, the routes remain inactive in the destination VRF instance. During downgrade from 10.4.2, the update-source-if command is not restored.
O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, * - candidate default, + - summary route, > - non-active route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change --------------------------------------------------------------------------------------------------S 120.0.0.0/24 Direct,VRF1 ethernet1/1/1 1/0 00:00:05 C 140.0.0.0/24 via 140.0.0.
ip vrf source-vrf-name ip vrf VRF-A 2. Configure the IP prefix. CONFIGURATION ip prefix-list prefix-list-name {permit | deny} ip-address ip prefix-list abc permit 20.0.0.0/24 or ip prefix-list abc deny 20.0.0.0/24 3. Configure the route-map. CONFIGURATION route-map route-map-name route-map xyz 4. Associate the prefix list to the route-map.
VRF commands interface management Adds a management interface to the management VRF instance. Syntax interface management Parameters None Default Not configured Command Mode VRF CONFIGURATION Usage Information The no version of this command removes the management interface from the management VRF instance. Example Supported Releases OS10(config)# ip vrf management OS10(conf-vrf)# interface management 10.4.
Example Supported Releases OS10(config)# ip domain-name vrf management dell.com or OS10(config)# ip domain-name vrf blue dell.com 10.4.0E(R1) or later ip vrf Create a non-default VRF instance. Syntax ip vrf vrf-name Parameters • Default Not configured Command Mode CONFIGURATION vrf-name—Enter the name of the non-default VRF that you want to create. Enter a VRF name that is not greater than 32 characters in length.
Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the hostname from the management or non-default VRF instance. Example Supported Releases OS10(config)# ip host vrf management dell 10.1.1.1 or OS10(config)# ip host vrf blue dell 10.1.1.1 10.4.0E(R1) or later ip http vrf Configures an HTTP client for the management or non-default VRF instance.
Parameters • Default Not configured Command Mode VRF CONFIG route-target — Enter the route-target of the non-default VRF instance, from 1 to 65535. Usage Information You can import routes corresponding only to a non-default or a default VRF instance. You cannot import routes that belong to a management VRF instance into another VRF instance. Use the no form of this command to remove the imported routes. Example Supported Releases OS10(conf-vrf)# ip route-import 1:1 ==> No route-map attached 10.4.3.
ipv6 route-export Exports an IPv6 static route from a VRF instance to another VRF instance. Syntax [no] ipv6 route-export route-target [route-map route-map-name] Parameters • • Default Not configured Command Mode VRF CONFIG route-target — Enter the route-target of the VRF instance. route-map route-map-name — (Optional) Enter the route-map name to specify the route-map. Usage Information You can export IPv6 routes corresponding only to a non-default or a default VRF instance.
Supported Releases 10.4.0E(R1) or later ip tftp vrf Configures a TFTP client for the management or non-default VRF instance. Syntax ip tftp vrf {management | vrf vrf-name} Parameters • • Default Not configured Command Mode CONFIGURATION management — Enter the keyword to configure a TFTP client for the management VRF instance. vrf vrf-name — Enter the keyword then the name of the VRF to configure a TFTP client for that nondefault VRF instance.
Static Host to IP mapping Table ================================================= Host IP-Address ------------------------------------------------google.com 172.217.160.142 yahoo.com 98.139.180.180 Supported Releases 10.4.0E(R1) or later show ip vrf Displays the VRF instance information. Syntax show ip vrf [management | vrf-name] Parameters • • management—Enter the keyword management to display information corresponding to the management VRF instance.
Bidirectional Forwarding Detection The Bidirectional Forwarding Detection (BFD) protocol rapidly detects communication failures between two adjacent routers. BFD replaces link-state detection mechanisms in existing routing protocols. It also provides a failure detection solution for links with no routing protocols. BFD provides forwarding-path failure detection in milliseconds instead of seconds. Because BFD is independent of routing protocols, it provides consistent network failure detection.
BFD three-way handshake A BFD session requires a three-way handshake between neighboring routers. In the following example, the handshake assumes: • • • One router is active, and the other router is passive. This is the first session established on this link. The default session state on both ports is Down. 1. The active system sends a steady stream of control packets to indicate that its session state is Down until the passive system responds.
BFD configuration Before you configure BFD for a routing protocol, first enable BFD globally on both routers in the link. BFD is disabled by default. • • • • • OS10 supports: • 64 BFD sessions at 100 minimum transmit and receive intervals with a multiplier of 4 • 100 BFD sessions at 200 minimum transmit and receive intervals with a multiplier of 3 OS10 does not support Demand mode, authentication, and Echo function. OS10 does not support BFD on multi-hop and virtual links.
2. Enable BFD globally in CONFIGURATION mode. bfd enable To verify that BFD is globally enabled, use the show running-config bfd command.
• Establish BFD sessions with all neighbors discovered by BGP using the bfd all-neighbors command. For example: Router 1 OS10(conf)# bfd enable OS10(conf)# router bgp 1 OS10(config-router-bgp-1)# neighbor 2.2.4.
Configure BFD sessions with all neighbors discovered by the BGP in ROUTER-BGP mode. The BFD session parameters you configure override the global session parameters configured in Step 1. bfd all-neighbors [interval milliseconds min_rx milliseconds multiplier number role {active | passive}] • interval milliseconds — Enter the time interval for sending control packets to BFD peers, from 100 to 1000; default 200. Dell EMC recommends using more than 100 milliseconds.
---------------------------------------------------------------------------* 150.150.1.2 150.150.1.1 vlan10 up 1000 1000 5 default bgp OS10# show bfd neighbors detail Session Discriminator: 1 Neighbor Discriminator: 2 Local Addr: 150.150.1.2 Local MAC Addr: 90:b1:1c:f4:ab:fd Remote Addr: 150.150.1.
Martian address 0, Our own AS in AS-PATH 0 Invalid Nexthop 0, Invalid AS-PATH length 0 Wellknown community 0, Locally originated 0 Local host: 20.1.1.2, Local port: 179 Foreign host: 20.1.1.1, Foreign port: 58248 BFD for OSPF You can configure BFD to monitor and notify reachability status between OSPF neighbors. When you use BFD with OSPF, BFD sessions are established between all neighboring interfaces participating with OSPF full state.
CONFIGURATION Mode 3. Associate a non-default VRF with the interface you have entered. ip vrf forwarding vrf1 INTERFACE CONFIGURATION Mode 4. Assign an IP address to the VRF. ip address ip-address VRF CONFIGURATION Mode 5. Attach the interface to an OSPF area. ip ospf ospf-instance area area-address VRF CONFIGURATION Mode 6. Establish BFD session with OSPFv2 neighbors in a single OSPF interface in a non-default VRF instance. ip ospf bfd all-neoghbors VRF CONFIGURATION Mode 7.
ip ospf bfd all-neighbors interval milliseconds min_rx milliseconds multiplier value role [active | passive] INTERFACE CONFIGURATION Mode Disabling BFD for OSPFv2 If you disable BFD globally, all sessions are torn down and sessions on the remote system are placed in a Down state. If you disable BFD on an interface, sessions on the interface are torn down and sessions on the remote system are placed in a Down state.
CONFIGURATION Mode 3. Associate a non-default VRF with the interface you have entered. ip vrf forwarding vrf1 INTERFACE CONFIGURATION Mode 4. Assign an IP address to the VRF. ip address ip-address VRF CONFIGURATION Mode 5. Attach the interface to an OSPF area. ipv6 ospf ospf-instance area area-address VRF CONFIGURATION Mode 6. Establish BFD session with OSPFv3 neighbors in a single OSPF interface in a non-default VRF instance. ipv6 ospf bfd all-neoghbors VRF CONFIGURATION Mode 7.
BFD for Static routes The static route BFD feature enables association of static routes with a BFD session to monitor the static route reachability. Depending on the status of the BFD session, the static routes are added to or deleted from the Routing Information Base (RIB). When you configure BFD, next-hop reachability depends on the BFD state of the BFD session corresponding to the specified next hop. If the BFD session of the configured next hop is down, the static route is not installed in the RIB.
NOTE: By default, OSPF uses the following BFD parameters for its neighbors: min_tx = 200 msec, min_rx = 200 msec, multiplier = 3, role = active. Disabling BFD for IPv4 Static Routes If you disable BFD, all static route BFD sessions are torn down. A final Admin Down packet is sent to all neighbors on the remote systems, and those neighbors change to the Down state. To disable BFD for IPv4 static routes, use the following command. Disable BFD for static routes.
BFD commands bfd Enables BFD sessions with specified neighbors. Syntax bfd Parameters None Default Not configured Command Mode ROUTER-NEIGHBOR ROUTER-TEMPLATE Usage Information • • Example Use the bfd command to configure BFD sessions with a specified neighbor or neighbors which inherit a BGP template. Use the neighbor {ip-address | ipv6-address} command in ROUTER-BGP mode to specify the neighbor. Use the template template-name command in ROUTER-BGP mode to specify a BGP template.
Command Mode ROUTER-OSPF Usage Information • • Example Supported releases Use the bfd all-neighbors command to configure BFD sessions between discovered neighbors. The BFD session parameters you configure override the global session parameters configured with the bfd interval command. To disable BFD and ignore the configured bfd all-neighbors settings for a specified neighbor, enter the bfd disable command in ROUTER-NEIGHBOR mode.
Parameters • • • • Default interval milliseconds — Enter the time interval for sending control packets to BFD peers; from 100 to 1000. Dell EMC recommends using more than 100 milliseconds. min_rx milliseconds — Enter the maximum waiting time for receiving control packets from BFD peers, from 100 to 1000. Dell EMC recommends using more than 100 milliseconds.
Supported releases 10.4.2E or later ipv6 ospf bfd all-neighbors Enables and configures the default BFD parameters for all OSPFv3 neighbors in this interface. Syntax ipv6 ospf bfd all-neighbors [disable|[interval millisec min_rx min_rx multiplier role {active | passive}]] To disable default BFD parameters for all OSPFv3 neighbors using the no ipv6 ospf bfd all-neighbors. Parameters • • • • • Default disable — Disables the BFD session on an interface alone.
The number of consecutive packets that must be received from a BFD peer is 3. The BFD role is active Command Mode CONFIG Usage Information Use this command to enable or disable BFD for all the configured IPv4 static routes for the specified VRF. If you do not specify a VRF name, the command is applicable for the default VRF. The no version of this command disables BFD on a static route Example Supported releases OS10(config)# ip route bfd interval 250 min_rx 250 multiplier 4 role active 10.4.
• • • ethernet node/slot/port[:subport] — Displays Ethernet interface information. port-channel id-number — Display port channel interface IDs, from 1 to 128. vlan vlan-id — Displays the VLAN interface number, from 1 to 4093. Default Not configured Command Mode EXEC Usage Information Use this command to verify that a BFD session between neighbors is up using the default VRF instance. Use the detail par the BFD session parameters.
The Internet Assigned Numbers Authority (IANA) identifies each network with a unique AS number (ASN). AS numbers 64512 through 65534 are reserved for private purposes. AS numbers 0 and 65535 cannot be used in a live environment. IANA assigns valid AS numbers in the range of 1 to 64511. Multihomed AS Maintains connections to more than one other AS. This group allows the AS to remain connected to the Internet if a complete failure occurs to one of their connections.
OpenSent Router sends an Open message and waits for one in return after a successful OpenSent transition. OpenConfirm Neighbor relation establishes and is in the OpenConfirm state after the Open message parameters are agreed on between peers. The router then receives and checks for agreement on the parameters of the open messages to establish a session. Established Keepalive messages exchange, and after a successful receipt, the router is in the Established state.
BGP session supports multiple address family interface (AFI) and sub address family interface (SAFI) combinations, BGP uses OPEN message to convey this information to the peers. As a result, the IPv6 routing information is exchanged over the IPv4 peers and vice versa. BGP routers that support IPv6 can set up BGP sessions using IPv6 peers. If the existing BGP-v4 session is capable of exchanging ipv6 prefixes, the same is used to carry ipv4 as well as ipv6 prefixes.
• If the Router-ID is not the same for multiple paths, prefer the path that was first received as the Best Path. The path selection algorithm returns without performing any of the checks detailed. 9. Prefer the external path originated from the BGP router with the lowest router ID. If both paths are external, prefer the oldest path— first received path. For paths containing an RR attribute, the originator ID is substituted for the router ID.
MEDs are nontransitive attributes. If AS 100 sends the MED to AS 200, AS 200 does not pass it on to AS 300 or AS 400. The MED is a locally relevant attribute to the two participating AS — AS 100 and AS 200. The MEDs advertise across both links—if a link goes down, AS 100 has connectivity to AS 300 and AS 400. Origin The origin indicates how the prefix came into BGP. There are three origin codes—IGP, EGP, and INCOMPLETE. IGP Prefix originated from information learned through an IGP.
When you configure the non-deterministic-med command, paths are compared in the order they arrive. OS10 follows this method to select different best paths from a set of paths, depending on the order they were received from the neighbors—MED may or may not get compared between the adjacent paths. By default, the bestpath as-path multipath-relax command is disabled. This prevents BGP from load-balancing a learned route across two or more EBGP peers.
If the AS number of the peer is different, the 4-byte speaker brings up the neighbor session using a reserved 2-byte ASN, 23456 called AS_TRANS. The AS_TRANS is used to interop between a 2-byte and 4-byte AS number. Where the 2-byte format is 1 to 65535, the 4-byte format is 1 to 4294967295. You can also enter AS numbers using the dotted decimal format. For example, you can enter 0.123. AS number migration You can transparently change the AS number of an entire BGP network.
After the switch over, the graceful restart operation begins. Both routers reestablish their neighbor relationship and exchange their BGP routes again. The helper continues to forward prefixes pointing to the restarting peer, and the restarting router continues to forward traffic to its peers even though those neighbor relationships are restarting. When the restarting router receives all route updates from all BGP peers that are graceful restart capable, the graceful restart is complete.
4. Enable the BGP neighbor in ROUTER-NEIGHBOR mode. no shutdown 5. (Optional) Add a description text for the neighbor in ROUTER-NEIGHBOR mode. description text To reset the configuration when you change the configuration of a BGP neighbor, use the clear ip bgp * command. To view the BGP status, use the show ip bgp summary command. Configure BGP OS10# configure terminal OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 5.1.1.
Prefixes accepted 3, Prefixes advertised 0 Connections established 3; dropped 2 Closed by neighbor sent 00:03:26 ago Local host: 5.1.1.2, Local port: 43115 Foreign host: 5.1.1.1, Foreign port: 179 View BGP running configuration OS10# show running-configuration bgp ! router bgp 100 ! neighbor 5.1.1.1 description n1_abcd Configuring BGP in a non-default VRF instance To configure BGP in a non-default VRF instance. 1.
Disable announcements of ASN values Modify the AS_PATH attribute of the received routes. • Disable prepending the local AS number in CONFIG-ROUTER-NEIGHBOR mode. local-as as-number no-prepend • Disable prepending the globally-configured AS number in CONFIG-ROUTER-NEIGHBOR mode. local-as as-number no-prepend replace-as Configure Dual Stack OS10 supports dual stack for BGPv4 and BGPv6. Dual stack BGP allows simultaneous exchange of the same IPv4 or IPv6 prefixes through different IPv4 and IPv6 peers.
IPv6: address-family ipv6 unicast 3. Change the administrative distance for BGP from the respective ADDRESS-FAMILY mode.
• To add an IBGP neighbor, configure the as-number parameter with the same BGP as-number configured in the router bgp as-number command. 8. Assign a peer-template with a peer-group name from which to inherit to the neighbor in ROUTER-NEIGHBOR mode. inherit template template-name 9. Enable the neighbor in ROUTER-BGP mode. no shutdown When you add a peer to a peer group, it inherits all the peer group configured parameters.
100.5.1.1 100.6.1.1 64802 64802 376 376 325 327 04:28:25 04:26:17 1251 1251 View running configuration OS10# show running-configuration bgp ! router bgp 64601 bestpath as-path multipath-relax bestpath med missing-as-worst non-deterministic-med router-id 100.0.0.8 ! template leaf_v4 description peer_template_1_abcd ! address-family ipv4 unicast distribute-list leaf_v4_in in distribute-list leaf_v4_out out route-map set_aspath_prepend in ! neighbor 100.5.1.
7. Assign a peer-template with a peer-group name from which to inherit to the neighbor in ROUTER-NEIGHBOR mode. inherit template template-name 8. Enable the neighbor in ROUTER-BGP mode. neighbor ip-address 9. Enable the peer-group in ROUTER-NEIGHBOR mode. no shutdown When you add a peer to a peer group, it inherits all the peer group configured parameters. When you disable a peer group, all the peers within the peer template that are in the Established state move to the Idle state.
Configure neighbor fall-over OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 3.1.1.1 OS10(config-router-neighbor)# remote-as 100 OS10(config-router-neighbor)# fall-over OS10(config-router-neighbor)# no shutdown Verify neighbor fall-over on neighbor OS10(config-router-neighbor)# do show ip bgp neighbors 3.1.1.1 BGP neighbor is 3.1.1.1, remote AS 100, local AS 100 internal link BGP version 4, remote router ID 3.3.3.
remote-as 100 no shutdown ! template bgppg fall-over remote-as 102 ! Configure password You can enable message digest 5 (MD5) authentication with a password on the TCP connection between two BGP neighbors. Configure the same password on both BGP peers. When you configure MD5 authentication between two BGP peers, each segment of the TCP connection is verified and the MD5 digest is checked on every segment sent on the TCP connection. Configuring a password for a neighbor establishes a new connection.
password 9 f785498c228f365898c0efdc2f476b4b27c47d972c3cd8cd9b91f518c14ee42d ! neighbor 11.1.1.2 inherit template pass password 9 01320afb39f49134882b0a9814fe6e8e228f616f60a35958844775314c00f0e5 remote-as 10 no shutdown Peer 2 in ROUTER-NEIGHBOR mode OS10# configure terminal OS10(config)# interface ethernet 1/1/5 OS10(conf-if-eth1/1/5)# no switchport ip OS10(conf-if-eth1/1/5)# ip address 11.1.1.2/24 OS10(conf-if-eth1/1/5)# router bgp 20 OS10(config-router-bgp-20)# neighbor 11.1.1.
no shutdown ! neighbor 3::1 remote-as 100 no shutdown ! address-family ipv6 unicast activate OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# show configuration ! interface ethernet1/1/1 ip address 3.1.1.3/24 no switchport no shutdown ipv6 address 3::3/64 OS10(conf-if-eth1/1/1)# shutdown OS10(conf-if-eth1/1/1)# do show ip bgp summary BGP router identifier 11.11.11.11 local AS number 300 Neighbor AS Down State/Pfx 3.1.1.
Passive peering When you enable a peer-template, the system sends an OPEN message to initiate a TCP connection. If you enable passive peering for the peer template, the system does not send an OPEN message but responds to an OPEN message. When a BGP neighbor connection with authentication rejects a passive peer-template, the system prevents another passive peertemplate on the same subnet from connecting with the BGP neighbor.
6. Add a remote AS in ROUTER-TEMPLATE mode (1 to 65535 for 2 bytes, 1 to 4294967295 for 4 bytes). remote-as as-number Allow external routes from neighbor OS10(config)# router bgp 10 OS10(conf-router-bgp-10)# neighbor 32.1.1.
OS10(config-router-neighbor)# remote-as 100 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# address-family ipv6 unicast OS10(config-router-bgp-neighbor-af)# activate OS10(config-router-bgp-neighbor-af)# allowas-in 1 OS10(config-router-bgp-neighbor-af)# end OS10# show running-configuration bgp ! router bgp 100 ! neighbor 172:16:1::2 remote-as 100 no shutdown ! address-family ipv6 unicast activate allowas-in 1 OS10# show ip bgp BGP local RIB : Routes to be Added , Replaced , Withdrawn
3. Enter Address Family mode in ROUTER-NEIGHBOR mode. address-family {[ipv4 | ipv6] [unicast]) 4. Allow the specified neighbor to send or receive multiple path advertisements in ROUTER-BGP mode. The count parameter controls the number of paths that are advertised — not the number of paths received. add-path [both | received | send] count Enable additional paths OS10(config)# router bgp 102 OS10(conf-router-bgp-102)# neighbor 32.1.1.
5. Apply the route map to the neighbor’s incoming or outgoing routes in ROUTER-BGP-NEIGHBOR-AF mode. route-map map-name {in | out) 6. Enter the peer group to apply the route map configuration in ROUTER-BGP mode. template template-name 7. Apply the route map to the peer group’s incoming or outgoing routes in CONFIG-ROUTER-TEMPLATE-AF mode.
Modify weight attribute OS10(config)# router bgp 10 OS10(config-router-bgp-10)# neighbor OS10(config-router-neighbor)# weight OS10(config-router-neighbor)# exit OS10(config-router-bgp-10)# template OS10(config-router-template)# weight 10.1.1.4 400 zanzibar 200 Enable multipath You can have one path to a destination by default, and enable multipath to allow up to 64 parallel paths to a destination. The show ip bgp network command includes multipath information for that network.
OS10(conf-router-template)# address-family ipv4 unicast OS10(conf-router-bgp-template-af)# route-map metro in Route reflector clusters BGP route reflectors are intended for ASs with a large mesh. They reduce the amount of BGP control traffic. With route reflection configured properly, IBGP routers are not fully meshed within a cluster but all receive routing information.
Configure aggregate routes OS10(config)# router bgp 105 OS10(conf-router-bgp-105)# address-family ipv4 unicast OS10(conf-router-bgpv4-af)# aggregate-address 3.3.0.0/16 View running configuration OS10(conf-router-bgpv4-af)# do show running-configuration bgp ! Version ! Last configuration change at Jul 27 06:51:17 2016 ! ! router bgp 105 ! address-family ipv4 unicast aggregate-address 3.3.0.0/16 ! neighbor 32.1.1.
no shutdown ! neighbor 2.1.1.2 remote-as 65503 no shutdown ! neighbor 3.1.1.2 remote-as 65504 no shutdown Route dampening When EBGP routes become unavailable, they “flap” and the router issues both WITHDRAWN and UPDATE notices. A flap occurs when a route is withdrawn, readvertised after being withdrawn, or has an attribute change. The constant router reaction to the WITHDRAWN and UPDATE notices causes instability in the BGP process.
From Total number of prefixes: 0 Reuse Path View dampened paths OS10# show ip bgp dampened-paths BGP local router ID is 80.1.1.1 Status codes: s suppressed, S stale, d dampened, h history, * valid, > best Origin codes: i - IGP, e - EGP, ? - incomplete Network From Reuse Path d* 3.1.2.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.3.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.4.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.5.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.6.0/24 80.1.1.
1. Enable soft-reconfiguration for the BGP neighbor and BGP template in ROUTER-BGP mode. BGP stores all the updates that the neighbor receives but does not reset the peer-session. Using this command starts the storage of updates, which is required for inbound soft reconfiguration. neighbor {ip-address} soft-reconfiguration inbound 2. Enter Address Family mode in ROUTER-NEIGHBOR mode. address-family {[ipv4 | ipv6] [unicast]} 3. Configure soft-configuration for the neighbors belonging to the template.
! interface ethernet1/1/1 no shutdown no switchport ip address 10.10.9.1 ! router bgp 20 network 192.168.100.0 neighbor 10.10.9.2 remote-as 20 address-family ipv4 unicast Configuration on Core 1 Core 1 has both OSPF and BGP configured. Core 1 has OSPF neighbor adjacency with Core 2 and BGP neighbor adjacency with BR. The iBGPtoOSPF prefix-list is configured and applied to a route-map. The match ip address prefix-list iBGPtoOSPF command processes the iBGP-learned routes.
! ! address-family ipv6 unicast router bgp 20 neighbor 2030::2 remote-as 20 Configuration on Core 1 Core 1 has both OSPF and BGP configured. Core 1 has OSPF neighbor adjacency with Core 2 and BGP neighbor adjacency with BR. The iBGPtoOSPF prefix-list is configured and applied to a route-map. The match ip address prefix-list iBGPtoOSPF command processes the iBGP-learned routes.
BGP commands activate Enables the neighbor or peer group to be the current address-family identifier (AFI). Syntax activate Parameters None Default Not configured Command Mode ROUTER-BGP-NEIGHBOR-AF Usage Information This command exchanges IPv4 or IPv6 address family information with an IPv4 or IPv6 neighbor. IPv4 unicast Address family is enabled by default. To activate IPv6 address family for IPv6 neighbor, use the activate command.
Usage Information This command applies to all IPv4 or IPv6 peers belonging to the template or neighbors only. The no version of this command deletes the subsequent address-family configuration. Example (IPv4 Unicast) OS10(config)# router bgp 3 OS10(conf-router-bgp-3)# address-family ipv4 unicast OS10(conf-router-bgpv4-af)# Example (IPv6 Unicast) Supported Releases OS10(config)# router bgp 4 OS10(conf-router-bgp-4)# address-family ipv6 unicast OS10(conf-router-bgpv6-af)# 10.3.
• • • • summary-only — (Optional) Filters more specific routes from updates. advertise-map map-name — (Optional) Enter the map name to advertise. attribute-map route-map-name — (Optional) Enter the route-map name to set aggregate attributes. suppress-map route-map-name — (Optional) Enter the route-map name to conditionally filter specific routes from updates.
Example Supported Releases OS10(conf-router-bgp-10)# always-compare-med 10.2.0E or later as-notation Changes the AS number notation format and requires four-octet-assupport. Syntax as-format {asdot | asdot+ | asplain} Parameters • • • Defaults asplain Command Modes ROUTER-BGP Usage Information asdot — Specify the AS number notation in asdot format. asdot+ — Specify the AS number notation in asdot+ format. asplain — Specify the AS number notation in asplain format.
bestpath med Changes the best path MED attributes during MED comparison for path selection. Syntax bestpath med {confed | missing-as-worst} Parameters • • Default Disabled Command Mode ROUTER-BGP confed — Compare MED among BGP confederation paths. missing-as-worst — Treat missing MED as the least preferred path. Usage Information Before you apply this command, use the always-compare-med command. The no version of this command resets the MED comparison influence.
• • • • IPv4–address — Enter an IPv4 address to clear a BGP neighbor configuration. IPv6–address — Enter an IPv6 address to clear a BGP neighbor configuration. * — Clears all BGP sessions. soft — Configures and activates policies without resetting the BGP TCP session. Default Not configured Command Mode EXEC Usage Information None. Example Supported Releases OS10# clear ip bgp 1.1.15.4 10.3.0E or later clear ip bgp * Resets BGP sessions.
clear ip bgp flap-statistics Clears all or specific IPv4 or IPv6 flap counts of prefixes. Syntax clear ip bgp [vrf vrf-name] [ipv4–address | ipv6–address] flap-statistics [ipv4–prefix | ipv6–prefix] Parameters • • • • • vrf vrf-name — (OPTIONAL) Enter vrf then the name of the VRF to clear flap statistics information. ipv4–address — (Optional) Enter an IPv4 address to clear the flap counts of the prefixes learned from the given peer.
Usage Information Configure your system to accept 4-byte formats before entering a 4-byte AS number. All routers in the Confederation must be 4-byte or 2-byte identified routers. You cannot have a mix of 2-byte and 4-byte identified routers. The autonomous system number that you configure in this command is visible to the EBGP neighbors. Each autonomous system is fully meshed and contains a few connections to other autonomous systems.
Usage Information If a cluster contains only one route reflector, the cluster ID is the route reflector’s router ID. For redundancy, a BGP cluster may contain two or more route reflectors. Without a cluster ID, the route reflector cannot recognize route updates from the other route reflectors within the cluster. The default format to display the cluster ID is A.B.C.D format. If you enter the cluster ID as an integer, an integer displays. The no version of this command resets the value to the default.
Example Supported Releases OS10# debug ip bgp OS10 legacy command. description Configures a description for the BGP neighbor or for peer template. Syntax description text Parameters text — Enter a description for the BGP neighbor or peer template. Default None Command Mode ROUTER-BGP-NEIGHBOR ROUTER-BGP-TEMPLATE Usage Information The no version of this command removes the description.
Default Enabled Command Mode ROUTER-BGP-NEIGHBOR-AF ROUTER-TEMPLATE-AF Usage Information The no version of this command removes the default route. Example Supported Releases OS10(conf-router-bgp-10)# template lunar OS10(conf-router-bgp-template)# address-family ipv6 unicast OS10(conf-router-template-af)# default-originate route-map rmap-bgp 10.4.1.0 or later distance bgp Sets the administrative distance for BGP routes.
distribute-list Distributes BGP information through an established prefix list. Syntax distribute-list prefix-list-name {in | out} Parameters • • • Defaults None Command Modes ROUTER-BGP-NEIGHBOR-AF prefix-list-name—Enter the name of established prefix list. in—Enter to distribute inbound traffic. out—Enter to distribute outbound traffic. ROUTER-TEMPLATE-AF Usage Information The no version of this command removes the route-map.
Supported Releases 10.3.0E or later enforce-first-as Enforces the first AS in the AS path of the route received from an EBGP peer to be the same as the configured remote AS. Syntax enforce-first-as Parameters None Default Enabled Command Mode ROUTER-BGP Usage Information To verify statistics of routes rejected, use the show ip bgp neighbors command. If routes are rejected, the session is reset. In the event of a failure, the existing BGP sessions flap.
Usage Information Fast external fall-over terminates the EBGP session immediately after the IP unreachability or link failure is detected. This only applies after you manually reset all existing BGP sessions. For the configuration to take effect, use the clear ip bgp command. The no version of this command disables fast external fallover. NOTE: To configure these settings for a non default VRF instance, you must first enter the ROUTER-CONFIG-VRF sub mode using the following commands: 1.
Supported Releases 10.2.0E or later listen Enables peer listening and sets the prefix range for dynamic peers. Syntax listen ip-address [limit count] Parameters • • Default Not configured Command Mode ROUTER-TEMPLATE ip-address—Enter the BGP neighbor IP address. limit count—(Optional) Enter a maximum dynamic peer count, from 1 to 4294967295. Usage Information Enables a passive peering session for listening. The no version of this command disables a passive peering session.
Usage Information OS10 saves logs which includes the neighbor operational status and reset reasons. To view the logs, use the show bgp config command. The no version of this command disables the feature. NOTE: To configure these settings for a non default VRF instance, you must first enter the ROUTER-CONFIG-VRF sub mode using the following commands: 1. Enter the ROUTER BGP mode using the router bgp as-number command. 2. From the ROUTER BGP mode, enter the ROUTER BGP VRF mode using the vrf vrf-name command.
Usage Information If you configure this command and the neighbor receives more prefixes than the configuration allows, the neighbor goes down. To view the prefix information, use the show ip bgp summary command. The neighbor remains down until you use the clear ip bgp command for the neighbor or the peer group to which the neighbor belongs. The no version of this command resets the value to the default. Example Supported Releases OS10(conf-router-bgp-neighbor-af)# maximum-prefix 20 100 warning-only 10.3.
non-deterministic-med Compares paths in the order they arrive. Syntax non-deterministic-med Parameters None Default Disabled Command Mode ROUTER-BGP Usage Information Paths compare in the order they arrive. OS10 uses this method to choose different best paths from a set of paths, depending on the order they are received from the neighbors. MED may or may not be compared between adjacent paths.
• password-string—Enter a password for authentication. A maximum of 128 characters. Default Disabled Command Mode ROUTER-NEIGHBOR ROUTER-TEMPLATE Usage Information You can enter the password either as plain text or in encrypted format. The password that is provided in ROUTER-NEIGHBOR mode takes preference over the password in ROUTER-TEMPLATE mode. The no version of this command disables authentication.
remote-as Adds a remote AS to the specified BGP neighbor or peer group. Syntax remote-as as-number Parameters as-number — Specify AS number ranging from 1 to 65535 for 2 byte or 1 to 4294967295 for 4 byte. Defaults None Command Modes CONFIG-ROUTER-NEIGHBOR CONFIG-ROUTER-TEMPLATE Usage Information The no version of this command deletes the remote AS. Example Supported Releases OS10(config)# router bgp 300 OS10(config-router-bgp-300)# template ebgppg OS10(config-router-template)# remote-as 100 10.4.
Example OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-bgp-neighbor-af)# route-map bgproutemap in OS10(conf-router-template)# address-family ipv4 unicast OS10(conf-router-bgp-template-af)# route-map bgproutemap in Supported Releases 10.4.1.0 or later route-reflector-client Configures a neighbor as a member of a route-reflector cluster.
NOTE: To configure these settings for a nondefault VRF instance, you must first enter the ROUTER-CONFIG-VRF sub mode using the following commands: 1. Enter the ROUTER BGP mode using the router bgp as-number command. 2. From the ROUTER BGP mode, enter the ROUTER BGP VRF mode using the vrf vrf-name command. Example Supported Releases OS10(conf-router-bgp-10)# router-id 10.10.10.40 10.3.0E or later send-community Sends a community attribute to a BGP neighbor or peer group.
show ip bgp Displays information that BGP neighbors exchange. Syntax show ip bgp [vrf vrf-name] ip-address/mask Parameters • • vrf vrf-name — (OPTIONAL) Enter vrf and then the name of the VRF to view route information corresponding to that VRF. ip-address/mask — Enter the IP address and mask in A.B.C.D/x format. Default Not configured Command Mode EXEC Usage Information None Example OS10# show ip bgp 1.1.1.0/24 BGP routing table entry for 1.1.1.
show ip bgp flap-statistics Displays BGP flap statistics on BGP routes. Syntax show ip bgp [vrf vrf-name] flap-statistics Parameters None Default Not configured Command Mode EXEC Usage Information • • • • • • • Example Supported Releases vrf vrf-name — (OPTIONAL) Enter vrf and then the name of the VRF to view flap statistics on BGP routes corresponding to that VRF. Network — Displays the network ID where the route is flapping.
Example Supported Releases OS10# show ip bgp ipv4 unicast summary BGP router identifier 80.1.1.1 local AS number 102 Neighbor AS MsgRcvd MsgSent Up/Down State/Pfx 80.1.1.2 800 8 4 00:01:10 5 10.3.0E or later show ip bgp ipv6 unicast Displays route information for BGP IPv6 routes.
Network Next Hop LocPrf Weight Path *> 1001::/64 fe80::3617:ebff:fef1:dc5e 0 0 10 Metric 0 OS10# show ip bgp ipv6 unicast neighbors interface ethernet 1/1/1 deniedroutes BGP local router ID is 40.1.1.2 Status codes: D denied Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path D 1002::/64 fe80::3617:ebff:fef1:dc5e 0 0 0 10 Supported Releases 10.3.0E or later show ip bgp neighbors Displays information that BGP neighbors exchange.
Example OS10# show ip bgp neighbors BGP neighbor is 80.1.1.2, remote AS 800, local AS 102 external link BGP version 4, remote router ID 12.12.0.
Example receivedroutes OS10# show ip bgp ipv6 unicast neighbors 172:16:1::2 BGP local router ID is 100.1.1.
Usage Information • • • • • • • • Example OS10# show ip bgp peer-group bgppg Peer-group bgppg, remote AS 103 BGP version 4 Minimum time between advertisement runs is 30 seconds Description: peer_template_1_abcd For address family: Unicast BGP neighbor is bgppg, peer-group external Update packing has 4_OCTET_AS support enabled Example (Summary) Supported Releases Peer-group — Displays the peer group name. Minimum time displays the time interval between BGP advertisements.
Example OS10# show BGP router Neighbor 80.1.1.2 ip bgp summary identifier 80.1.1.1 local AS number 102 AS MsgRcvd MsgSent Up/Down State/Pfx 800 24 23 00:09:15 5 Example for unnumbered peer: Supported Releases 10.2.0E or later show ip route Displays information about IPv4 BGP routing table entries.
Default Not configured Command Mode EXEC Usage Information This command displays information about IPv6 BGP routing table entries. Example Supported Releases OS10# show ipv6 route 10.4.2.0 or later soft-reconfiguration inbound Enables soft-reconfiguration for a neighbor. Syntax soft-reconfiguration inbound Parameters None Default Not configured Command Modes ROUTER-BGP-NEIGHBOR-AF Usage Information This command is not supported on a peer-group level.
timers Adjusts BGP keepalive and holdtime timers. Syntax timers keepalive holdtime Parameters • • keepalive—Enter the time interval, in seconds, between keepalive messages sent to the neighbor routers, from 1 to 65535. holdtime—Enter the time interval, in seconds, between the last keepalive message and declaring a router dead, from 3 to 65535.
Equal cost multi-path ECMP is a routing technique where next-hop packet forwarding to a single destination occurs over multiple best paths. When you enable ECMP, OS10 uses a hash algorithm to determine the next-hop. The hash algorithm makes hashing decisions based on values in various packet fields and internal values. Configure the hash algorithm in CONFIGURATION mode.
In this section, the term, "member link" refers to either a member physical port, in the case of port channels or next hop in the case of ECMP groups. With resilient hashing, when a member link goes down, the existing flows are not affected; they do not remap. Resilient hashing reassigns the traffic from the failed link to another member link without remapping the other existing flows. However, minimal re-mapping occurs when a new member link is added.
Member link goes down In the following example, if member link D goes down, resilient hashing distributes the traffic intended for member link D to A and B. The existing 1, 2, and 3 traffic is not disturbed.
Important notes • • Resilient hashing on port channels applies only for unicast traffic. For resilient hashing on ECMP groups, the ECMP path must be in multiples of 64. Before you enable resilient hashing, ensure that the maximum ECMP path is set to a multiple of 64. You can configure this value using the ip ecmp-group maximum-paths command. Maximum ECMP groups and paths The maximum number of ECMP groups supported on the switch depends on the maximum ECMP paths configured on the switch.
ECMP commands enhanced-hashing Ensures that existing traffic flows are not remapped when a member link goes down. Syntax enhanced-hashing resilient-hashing {lag | ecmp} Parameters • • Defaults Disabled Command Mode CONFIGURATION resilient-hashing—Enter the keyword to enable enhanced-hashing. {ecmp | lag}—Enter the keyword to enable resilient hashing for a port channel or ECMP group. Usage Information The no version of this command disables resilient hashing.
Supported Releases 10.3.0E or later ip ecmp-group maximum-paths Configures the maximum number of ECMP paths per route. Syntax ip ecmp-group maximum-paths number Parameters number — Enter the maximum number of ECMP paths, from 2 to 128. Default 64 Command Mode CONFIGURATION Usage Information To save the new ECMP settings, use the write memory command, then reload the system for the new settings to take effect. The no version of this command returns the value to the default.
Default • • • • • • l4-destination-port — Enables Layer 4 (L4) destination port information in the hash calculation. l4-source-port — Enables L4 source port information in the hash calculation. mac-selection — Enables MAC load-balancing configurations. destination-mac— Enables destination MAC information in the hash calculation. source-mac— Enables source MAC information in the hash calculation. ethertype — Enables Ethernet type information in the hash calculation.
show hash-algorithm Displays hash-algorithm information. Syntax show hash-algorithm Parameters None Default Not configured Command Mode EXEC Usage Information None Example Supported Releases OS10# show hash-algorithm EcmpAlgo - crc LabAlgo - crc 10.3.0E or later show ip ecmp-group details Displays the number of ECMP groups and paths.
mac-in-mac header based hashing is disabled TcpUdp Load Balancing Enabled Supported Releases 10.3.0E or later IPv4 routing OS10 supports IPv4 addressing including variable-length subnetting mask (VLSM), Address Resolution Protocol (ARP), static routing, and routing protocols. With VLSM, you can configure one network with different masks. You can also use supernetting, which increases the number of subnets.
LineSpeed 40G, Auto-Negotiation on Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 60 Last clearing of "show interface" counters: 3 weeks 1 day 23:12:50 Queuing strategy: fifo Input statistics: 0 packets, 0 octets 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts, 0 Unicasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output statistics: 0 packets, 0 octets 0 64-byte pkts, 0 over 64-by
Address Resolution Protocol Address Resolution Protocol (ARP) runs over Ethernet and enables end stations to learn the MAC addresses of neighbors on an IP network. Using ARP, OS10 automatically updates the ARP cache table that maps the MAC addresses to their corresponding IP addresses. The ARP cache enables dynamically learned addresses to be removed after a time period you configure. Configure static ARP entries You can manually configure static entries in the ARP mapping table.
Example Supported Releases OS10# clear ip arp interface ethernet 1/1/5 10.2.0E or later clear ip route Clears the specified routes from the IP routing table. Syntax clear ip route [vrf vrf-name] {* | A.B.C.D/mask} Parameters • • • vrf vrf-name — (Optional) Enter the keyword vrf and then the name of the VRF to clear the routes corresponding to that VRF. *—Clear the entire IP routing table. This option refreshes all the routes in the routing table.
Supported Releases 10.3.0E or later ip arp Configures static ARP and maps the IP address of the neighbor to a MAC address. Syntax ip arp mac-address Parameters mac-address — Enter the MAC address of the IP neighbor in A.B.C.D format. Default Not configured Command Mode INTERFACE Usage Information Do not use Class D (multicast) or Class E (reserved) IP addresses. Zero MAC addresses (00:00:00:00:00:00) are invalid. The no version of this command disables the IP ARP configuration.
Command Mode CONFIGURATION Usage Information The no version of this command deletes a static route configuration. Example OS10(config)# ip route 200.200.200.0/24 10.1.1.2 OS10(config)# ip route 200.200.200.0/24 interface null 0 Supported Releases 10.2.0E or later show ip arp Displays the ARP table entries for a specific IP address or MAC address, static, dynamic, and a summary of all ARP entries.
192.168.2.2 193.168.2.3 Supported Releases 90:b1:1c:f4:a6:e6 54:bf:64:e6:d4:c5 ethernet1/1/49:1 vlan4000 ethernet1/1/49:1 port-channel1000 10.2.0E or later show ip route Displays IP route information.
E2 - OSPF external type 2, * - candidate default, + - summary route, > - non-active route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change -------------------------------------------------------------------------------------C 140.0.0.0/24 via 140.0.0.1 ethernet1/1/2 0/0 00:01:54 B IN 160.0.0.0/24 via 120.0.0.2 200/0 00:00:02 Supported Releases 10.2.
Ethernet 1/1/20 up / up Management 1/1/1 Vlan 1 up up / up / up fe80::eef4:bbff:fefb:fa30/64 2020::1/64 fe80::eef4:bbff:fefb:f9ef/64 fe80::eef4:bbff:fefb:fa59/64 Enabled Enabled Enabled IPv6 addresses An IPv6 address consists of a 48-bit global routing prefix, optional 16-bit subnet ID, and a 64-bit interface identifier in the extended universal identifier (EUI)-64 format. IPv6 128-bit addresses are represented as a series of eight 16-bit hexadecimal fields separated by colons: x:x:x:x:x:x:x:x.
An interface can have multiple IPv6 addresses. To configure an IPv6 address in addition to the link-local address, use the ipv6 address ipv6-address/mask command. Enter the full 128-bit IPv6 address, including the network prefix and a 64-bit interface ID. NOTE: Dell EMC Networking does not recommend configuring both a static IPv6 address and DHCPv6 on the same interface.
Neighbor Discovery The IPv6 NDP determines if neighboring IPv6 devices are reachable and receives the IPv6 addresses of IPv6 devices on local links. Using the link-layer and global prefixes of neighbor addresses, OS10 performs stateless autoconfiguration of IPv6 addresses on interfaces. ICMPv6 RA messages advertise the IPv6 addresses of IPv6-enabled interfaces and allow a router to learn of any address changes in IPv6 neighbors. By default, RAs are disabled on an interface.
On-link determination is the process used to forward IPv6 packets to a destination IPv6 address.
Codes: C - connected S - static B - BGP, IN - internal BGP, EX - external BGP O - OSPF,IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, > - non-active route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change -------------------------------------------------------------------------S 2111:dddd:eee::22/12via 2001:db86:fff::2 ethernet1/1/1 1/1 00:01:24 IPv6 destination unreachable By default, w
IPv6 commands clear ipv6 neighbors Deletes all entries in the IPv6 neighbor discovery cache or neighbors of a specific interface. Static entries are not removed. Syntax clear ipv6 neighbors [vrf vrf-name] [ipv6-address | interface | virtual-network vn-id | all] Parameters • vrf vrf-name — (Optional) Enter vrf then the name of the VRF to clear the neighbor corresponding to that VRF. If you do not specify this option, the neighbors in the default VRF clear.
Parameters ipv6-address/prefix-length — Enter a full 128-bit IPv6 address with the network prefix length, including the 64bit interface identifier. Defaults None Command Mode INTERFACE Usage Information An interface can have multiple IPv6 addresses. To configure an IPv6 address in addition to the link-local address, use the ipv6 address ipv6-address/mask command and specify the complete 128-bit IPv6 address.
Example Supported Releases OS10(config)# interface mgmt 1/1/1 OS10(conf-if-ma-1/1/1)# ipv6 address dhcp 10.3.0E or later ipv6 enable Enables and disables IPv6 forwarding on an interface configured with an IPv6 address. Syntax ipv6 enable Parameters None Defaults None Command Mode INTERFACE Usage Information Use this command to disable and re-enable IPv6 forwarding on an interface for security purposes or to recover from a duplicate address discovery (DAD) failure.
Usage Information • • Example Supported Releases An interface can have only one link-local address. By default, an IPv6 link-local address automatically generates with a MAC-based EUI-64 interface ID when a router boots up and IPv6 is enabled. Use this command to manually configure a link-local address to replace the autoconfigured address. For example, to configure a more user-friendly link-local address, replace fe80::eef4:bbff:fefb:fa30/64 with fe80::1/64.
Example: Enable DAD on link-local address Supported Releases OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ipv6 nd dad disable-ipv6-on-dad-failure 10.4.0E(R1) or later ipv6 nd hop-limit Sets the hop limit advertised in RA messages and included in IPv6 data packets sent by the router. Syntax ipv6 nd hop-limit hops Parameters • Defaults 64 hops Command Mode INTERFACE hop-limit hops — Enter the maximum number of hops allowed for RA messages, from 0 to 255.
ipv6 nd mtu Sets the maximum transmission unit (MTU) used on a local link in RA messages. Syntax ipv6 nd mtu number Parameters • Defaults 1500 bytes Command Mode INTERFACE mtu number — Enter the MTU size in bytes, from 1280 to 65535. Usage Information The no version of this command restores the default MTU value advertised in RA messages. Example Supported Releases OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# ipv6 nd mtu 2500 10.4.
• lifetime. The default is 86400 seconds (1 day). The infinite setting allows the prefix to be valid for on-link determination with no time limit. lifetime {preferred-lifetime seconds | infinite} — (Optional) Sets AdvPreferredLifetime in seconds for the prefix in the radvd.conf file. IPv6 addresses generated from the prefix using stateless autoconfiguration remain preferred for the configured lifetime. The default is 14400 seconds (4 hours).
Parameters • Defaults 0 Command Mode INTERFACE reachable-time milliseconds — Enter the reachable time in milliseconds, from 0 to 3600000. Usage Information The no version of this command restores the default reachable time. 0 indicates that no reachable time is sent in RA messages. Example Supported Releases OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# ipv6 nd reachable-time 1000 10.4.
ipv6 route Configures a static IPv6 static route. Syntax ipv6 route [vrf vrf-name] dest-ipv6–prefix mask {next-hop | interface interface-type [route-preference]} Parameters • • • • • • vrf vrf-name — (Optional) Enter vrf then the name of the VRF to install IPv6 routes in that VRF. dest-ipv6-prefix — Enter the destination IPv6 address in x:x:x:x::x format. mask — Enter the mask in slash prefix-length /x format. next-hop — Enter the next-hop IPv6 address in x:x:x:x::x format.
Parameters • • • vrf vrf-name — (Optional) Enter vrf then the name of the VRF to display the neighbors corresponding to that VRF. If you do not specify this option, neighbors corresponding to the default VRF display. ipv6-address — Enter the IPv6 address of the neighbor in the x:x:x:x::x format. The :: notation specifies successive hexadecimal fields of zero. interface interface — Enter interface then the interface type and slot/port or number information: • • • • Defaults None.
Example (Connected) Example (Summary) Supported Releases OS10# show ipv6 route connected Codes: C - connected S - static B - BGP, IN - internal BGP, EX - external BGP O - OSPF,IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, > - non-active route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change -----------------------------------------------------------------C 2001:db86::/32 via 2001:db8
Open shortest path first OSPF routing is a link-state routing protocol that allows sending link-state advertisements (LSAs) to all other routers within the same autonomous system (AS) area. OSPF LSAs include information about attached interfaces, metrics used, and other attributes. OSPF routers accumulate link-state information, and use the shortest path first (SPF) algorithm to calculate the shortest path to each node. Autonomous system areas OSPF operates in a hierarchy.
As a link-state protocol, OSPF sends routing information to other OSPF routers concerning the state of the links between them. The Up or Down state of those links is important. Routers that share a link become neighbors on that segment. OSPF uses the hello protocol as a neighbor discovery and keepalive mechanism. After two routers are neighbors, they may proceed to exchange and synchronize their databases, which creates an adjacency.
Designated and backup designated routers OSPF elects a designated router (DR) and a backup designated router (BDR). The DR generates LSAs for the entire multiaccess network. Designated routers allow a reduction in network traffic and in the size of the topological database. Designated router Maintains a complete topology table of the network and sends updates to the other routers via multicast. All routers in an area form a slave/master relationship with the DR.
2 Connection to a transit network IP address of the DR 3 Connection to a stub network IP network or subnet number 4 Virtual link neighboring router ID Router priority Router priority determines the designated router for the network. The default router priority is 1. When two routers attach to a network, both attempt to become the DR. The router with the higher router priority takes precedence. If there is a tie, the router with the higher router ID takes precedence.
• • hold-time — Configure the additional delay before performing an SPF calculation when a new topology change occurs, from 1 to 600000 milliseconds; default 10000. max-wait — Configure the maximum amount of hold time that can delay an SPF calculation, from 1 to 600000 milliseconds; default 10000.
2. Enter the interface information to configure the interface for OSPF in INTERFACE mode. interface ethernet node/slot/port[:subport] 3. Enable the interface in INTERFACE mode. no shutdown 4. Disable the default switchport configuration and remove it from an interface or a LAG port in INTERFACE mode. no switchport 5. Assign an IP address to the interface in INTERFACE mode. ip address ip-address/mask 6. Enable OSPFv2 on an interface in INTERFACE mode.
6. Associate the interface with the non-default VRF instance that you created earlier. ip vrf forwarding vrf-name 7. Assign an IP address to the interface. ip address ip-address/mask 8. Enable OSPFv2 on the interface. ip ospf process-id area area-id • • process-id—Enter the OSPFv2 process ID for a specific OSPF process, from 1 to 65535. area-id—Enter the OSPFv2 area ID as an IP address (A.B.C.D) or number, from 1 to 65535.
SPF algorithm executed 38 times Area ranges are Stub areas Type 5 LSAs are not flooded into stub areas. The ABR advertises a default route into the stub area where it is attached. Stub area routers use the default route to reach external destinations. 1. Enable OSPF routing and enter ROUTER-OSPF mode, from 1 to 65535. router ospf instance number 2. Configure an area as a stub area in ROUTER-OSPF mode. area area-id stub [no-summary] • • area-id—Enter the OSPF area ID as an IP address in A.B.C.
View passive interfaces OS10# show running-configuration !!! !! interface ethernet1/1/6 ip address 10.10.10.1/24 no switchport no shutdown ip ospf 100 area 0.0.0.0 ip ospf passive !! ! You can disable a passive interface using the no ip ospf passive command. Fast convergence Fast convergence sets the minimum origination and arrival LSA parameters to zero (0), allowing rapid route calculation. A higher convergence level can result in occasional loss of OSPF adjacency.
Disable fast convergence OS10(conf-router-ospf-65535)# no fast-converge Interface parameters To avoid routing errors, interface parameter values must be consistent across all interfaces. For example, set the same time interval for the hello packets on all routers in the OSPF network to prevent misconfiguration of OSPF neighbors. 1. To change the OSPFv2 parameters in CONFIGURATION mode, enter the interface. interface interface-name 2.
Redistribute routes Add routes from other routing instances or protocols to the OSPFv2 process and include BGP, static, or connected routes in the OSPFv2 process. Do not route IBGP routes to OSPFv2 unless there are route-maps associated with the OSPFv2 redistribution.
router ospf 100 summary-address 10.0.0.0/8 not-advertise Graceful restart When a networking device restarts, the adjacent neighbors and peers detect the condition. During a graceful restart, the restarting device and neighbors continue to forward the packets without interrupting network performance. The neighbors that help in the restart process are called helper routers. When you enable graceful restart, the restarting device retains the routes learned by OSPF in the forwarding table.
• • • • • • • • Is OSPF enabled globally? Is OSPF enabled on the interface? Are adjacencies established correctly? Are the interfaces configured for L3 correctly? Is the router in the correct area type? Are the OSPF routes included in the OSPF database? Are the OSPF routes included in the routing table in addition to the OSPF database? Are you able to ping the IPv4 address of adjacent router interface? Troubleshooting OSPF with show commands • View a summary of all OSPF process IDs enabled in EXEC mode.
Usage Information The cost is also referred as reference-bandwidth or bandwidth. Use the area default-cost command on the border routers at the edge of a stub area. The no version of this command resets the value to the default. Example Supported Releases OS10(conf-router-ospf-10)# area 10.10.1.5 default-cost 10 10.2.0E or later area nssa Defines an area as a NSSA.
Usage Information The no version of this command deletes a stub area. Example Supported Releases OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# area 10.10.1.5 stub 10.2.0E or later auto-cost reference-bandwidth Calculates default metrics for the interface based on the configured auto-cost reference bandwidth value. Syntax auto-cost reference-bandwidth value Parameters value — Enter the reference bandwidth value to calculate the OSPF interface cost in megabits per second, from 1 to 4294967.
Example Supported Releases OS10# clear ip ospf 10 vrf vrf-test statistics 10.4.0E(R1) or later debug ip ospfv2 Enables Open Shortest Path First version 2 (OSPFv2) debugging and displays messages related to processing of OSPFv2. Syntax debug ip ospfv2 Parameters None Defaults None Command Mode EXEC Usage Information The no debug ip ospfv2 command stops displaying messages related to processing of OSPFv2 Example Supported Releases debug ip ospfv2 OS10 legacy command.
fast-converge Sets the minimum LSA origination and arrival times to zero (0) allowing more rapid route computation so convergence takes less time. Syntax fast-converge convergence-level Parameters convergence-level — Enter a desired convergence level value, from 1 to 4. Default Not configured Command Mode ROUTER-OSPF Usage Information Convergence level 1 (optimal) meets most convergence requirements. NOTE: Only select higher convergence levels following consultation with Dell EMC Technical Support.
ip ospf authentication-key Configures a text authentication key to enable OSPF traffic on an interface. Syntax ip ospf authentication-key key Parameters key — Enter an eight-character string for the authentication key. Defaults Not configured Command Mode INTERFACE Usage Information To exchange OSPF information, all neighboring routers in the same network must use the same authentication key. The no version of this command deletes the authentication key.
ip ospf hello-interval Sets the time interval between the hello packets sent on the interface. Syntax ip ospf hello-interval seconds Parameters seconds — Enter the hello-interval value in seconds, from 1 to 65535. Default 10 seconds Command Mode INTERFACE Usage Information All routers in a network must have the same hello time interval between the hello packets. The no version of the this command resets the value to the default.
ip ospf network Sets the network type for the interface. Syntax ip ospf network {point-to-point | broadcast} Parameters • • Default Broadcast Command Mode INTERFACE point-to-point — Sets the interface as part of a point-to-point network. broadcast — Sets the interface as part of a broadcast network. Usage Information The no version of this command resets the value to the default. Example Supported Releases OS10(conf-if-eth1/1/1)# ip ospf network broadcast 10.2.
ip ospf retransmit-interval Sets the retransmission time between lost LSAs for adjacencies belonging to the interface. Syntax ip ospf retransmit-interval seconds Parameters seconds — Enter a value in seconds as the interval between retransmission, from 1 to 3600. Default 5 seconds Command Mode INTERFACE Usage Information Set the time interval to a number large enough to avoid unnecessary retransmission. The no version of this command resets the value to the default.
Usage Information Routers in the network do not prefer other routers as the next intermediate hop after they calculate the shortest path. The no version of this command disables the maximum metric advertisement configuration. Example Supported Releases OS10(conf-router-ospf-10)# max-metric router-lsa 10.2.0E or later maximum-paths Enables forwarding of packets over multiple paths. Syntax maximum—paths number Parameters number —Enter the number of paths for OSPF, from 1 to 128.
Command Mode ROUTER-OSPF Usage Information Configure an arbitrary value in the IP address format for each router. Each router ID must be unique. Use the fixed router ID for the active OSPF router process. Changing the router ID brings down the existing OSPF adjacency. The new router ID becomes effective immediately. The no version of this command disables the router ID configuration. Example Supported Releases OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# router-id 10.10.1.5 10.2.
show ip ospf asbr Displays all the ASBR visible to OSPF. Syntax show ip ospf [process-id] [vrf vrf-name] asbr Parameters • • Default Not configured Command Mode EXEC process-id—(Optional) Displays information based on the process ID. vrf vrf-name — (Optional) Displays the ASBR router visible to the OSPF process configured in the specified VRF. Usage Information You can isolate problems with external routes.
Link ID 110.1.1.2 111.1.1.1 111.2.1.1 112.1.1.1 112.2.1.1 ADV Router 112.2.1.1 111.2.1.1 111.2.1.1 112.2.1.1 112.2.1.1 Age 1287 1458 1458 1372 1372 Seq# 0x80000008 0x80000008 0x80000008 0x80000008 0x80000008 Checksum 0xd2b1 0x1b8f 0x198f 0x287c 0x267c Summary Network (Area 0.0.0.0) Supported Releases 10.2.0E or later show ip ospf database asbr-summary Displays information about AS boundary LSAs.
Parameters • • process-id—(Optional) Displays AS external Type 5 LSA information for a specified OSPF process ID. If you do not enter a process ID, this command applies only to the first OSPF process. vrf vrf-name — (Optional) Displays AS external (Type 5) LSA information for a specified OSPF Process ID corresponding to a VRF. Default Not configured Command Mode EXEC Usage Information • • • • • • • • • • • Example LS Age — Displays the LS age.
• • • • • • • Example Advertising Router—Identifies the advertising router’s ID. LS Seq Number—Identifies the LS sequence number. This identifies old or duplicate LSAs. Checksum—Displays the Fletcher checksum of an LSA’s complete contents. Length—Displays the LSA length in bytes. Network Mask—Identifies the network mask implemented on the area. TOS—Displays the ToS options. The only option available is zero.. Metric—Displays the LSA metric. OS10# show ip ospf 10 database network OSPF Router with ID (111.2.
Options: (No TOS-Capability, No DC, No Type 7/5 translation) LS type: NSSA External Link State ID: 0.0.0.0 Advertising Router: 1.1.1.1 LS Seq Number: 0x80000001 Checksum: 0x430C Length: 36 Network Mask: /0 Metric Type: 1 TOS: 0 Metric: 16777215 Forward Address: 0.0.0.0 External Route Tag: 0 LS age: 70 Options: (No TOS-Capability, No DC, No Type 7/5 translation) LS type: NSSA External Link State ID: 0.0.0.0 Advertising Router: 2.2.2.
Forward Address: 0.0.0.0 External Route Tag: 0 Supported Releases 10.2.0E or later show ip ospf database opaque-area Displays information about the opaque-area Type 10 LSA. Syntax show ip ospf [process-id] [vrf vrf-name] database opaque-area Parameters • • process-id — (Optional) Displays the opaque-area Type 10 information for an OSPF process ID. If you do not enter a process ID, this command applies only to the first OSPF process.
Usage Information • • • • • • • • • • Example LS Age — Displays the LS age. Options — Displays the optional capabilities available on the router. LS Type — Displays the LS type. Link State ID — Identifies the router ID. Advertising Router — Identifies the advertising router’s ID. LS Seq Number — Identifies the LS sequence number. This identifies old or duplicate LSAs. Checksum — Displays the Fletcher checksum of an LSA’s complete contents. Length — Displays the LSA length in bytes.
LS age: 3600 Options: (No TOS-Capability, No DC) LS type: Type-9 Link Local Opaque Link State ID: 8.1.1.1 Advertising Router: 2.2.2.2 LS Seq Number: 0x80000007 Checksum: 0x9DA1 Length: 28 Opaque Type: 8 Opaque ID: 65793 Supported Releases 10.2.0E or later show ip ospf database router Displays information about the router Type 1 LSA. Syntax show ip ospf process-id [vrf vrf-name] database router Parameters • • process-id — (Optional) Displays the router Type 1 LSA for an OSPF process ID.
(Link Data) Router Interface address: 111.1.1.1 Number of TOS metric: 0 TOS 0 Metric: 1 Link connected to: a Transit Network (Link ID) Designated Router address: 111.2.1.1 (Link Data) Router Interface address: 111.2.1.1 Number of TOS metric: 0 TOS 0 Metric: 1 Supported Releases 10.2.0E or later show ip ospf database summary Displays the network summary Type 3 LSA routing information.
show ip ospf interface Displays the configured OSPF interfaces. You must enable OSPF to display output. Syntax show ip ospf interface [process-id] [vrf vrf-name] interface or show ip ospf [process-id] [vrf vrf-name] interface [interface] Parameters • • • process-id — (Optional) Displays information for an OSPF process ID. If you do not enter a process ID, this command applies only to the first OSPF process. vrf vrf-name — (Optional) Displays information for an OSPF instance corresponding to a VRF.
show ip ospf statistics Displays OSPF traffic statistics. Syntax • show ip ospf [instance-number] [vrf vrf-name] statistics [interface interface] Parameters • • instance-number — (Optional) Enter an OSPF instance number, from 1 to 65535. vrf vrf-name — (Optional) Enter the keyword vrf followed by the name of the VRF to display OSPF traffic statistics corresponding to that VRF.
Usage Information The “E” flag output indicates the router listed is an ASBR. The “B” flag indicates that the router listed is an ABR. If the Flag field shows both E and B, it indicates that the listed router is both an ASBR and an ABR. Example OS10# show ip ospf 10 topology Router ID 111.111.111.1 111.111.111.2 112.2.1.1 112.112.112.1 112.112.112.2 Supported Releases Flags -/B/-/ -/B/-/ E/-/-/ -/B/-/ -/B/-/ Cost 1 1 1 2 2 Nexthop 111.1.1.2 111.2.1.2 110.1.1.2 110.1.1.2 110.1.1.
• • hold-time — Sets the additional hold time between two SPF calculations in milliseconds, from 1 to 600000; default 10000. max-wait — Sets the maximum wait time between two SPF calculations in milliseconds, from 1 to 600000; default 10000. Default • • • Command Mode ROUTER-OSPF start-time — 1000 milliseconds hold-time — 10000 milliseconds max-wait — 10000 milliseconds Usage Information By default, SPF timers are disabled in an OSPF instance.
Example Supported Releases OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# timers throttle lsa all 100 300 1000 10.2.0E or later OSPFv3 OSPFv3 is an IPv6 link-state routing protocol that supports IPv6 unicast address families (AFs). OSPFv3 is disabled by default. You must configure at least one interface, either physical or Loopback. The OSPF process automatically starts when OSPFv3 is enabled for one or more interfaces. Any area besides area 0 can have any number ID assigned to it.
4. Enable the interface in INTERFACE mode. no shutdown 5. Disable the default switchport configuration and remove it from an interface or a LAG port in INTERFACE mode. no switchport 6. Associate the interface with the non-default VRF instance that you created earlier. ip vrf forwarding vrf-name 7. Enable the OSPFv3 on an interface. ipv6 ospfv3 process-id area area-id • • process-id — Enter the OSPFv3 process ID for a specific OSPFv3 process, from 1 to 65535.
Number of interface in SPF algorithm executed Area (0.0.0.1) Number of interface in SPF algorithm executed this area is 1 42 times this area is 1 42 times Configure Stub Areas Type 5 LSAs are not flooded into stub areas. The ABR advertises a default route into the stub area where it is attached. Stub area routers use the default route to reach external destinations. 1. Enable OSPFv3 routing and enter ROUTER-OSPFv3 mode, from 1 to 65535. router ospfv3 instance number 2.
199.205.134.103 42 202.254.156.15 54 0x80000001 0x80000001 12 12 ethernet1/1/3 ethernet1/1/3 Enable Passive Interfaces A passive interface is one that does not send or receive routing information. Configuring an interface as a passive interface suppresses both the receiving and sending routing updates. Although the passive interface does not send or receive routing updates, the network on that interface is included in OSPF updates sent through other interfaces.
Change OSPFv3 Interface Parameters OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# ethernet 1/1/1 ipv6 ospf hello-interval 5 ipv6 ospf dead-interval 20 ipv6 ospf priority 4 View OSPFv3 Interface Parameters OS10# show ipv6 ospf interface ethernet1/1/1 is up, line protocol is up Link Local Address fe80::20c:29ff:fe0a:d59/64, Interface ID 5 Area 0.0.0.0, Process ID 200, Instance ID 0, Router ID 10.0.0.
Configure IPsec authentication on interfaces Prerequisite: Before you enable IPsec authentication on an OSPFv3 interface, first enable IPv6 unicast routing globally, then enable OSPFv3 on the interface, and assign it to an area. The SPI value must be unique to one IPsec authentication or encryption security policy on the router. You cannot configure the same SPI value on another interface even if it uses the same authentication or encryption algorithm.
Configure IPsec encryption on interface OS10(conf-if-eth1/1/1)# ipv6 ospf encryption ipsec spi 500 esp des 1234567812345678 md5 12345678123456781234567812345678 OS10(conf-if-eth1/1/1)# show configuration ! interface ethernet1/1/1 ipv6 ospf encryption ipsec spi 500 esp des 1234567812345678 md5 12345678123456781234567812345678 no switchport no shutdown ipv6 address 1::1/64 Configure IPsec authentication for OSPFv3 area Prerequisite: Before you enable IPsec authentication for an OSPFv3 area, enable OSPFv3 glo
Configure IPsec encryption for OSPFv3 area OS10(config-router-ospfv3-100)# area 1 encryption ipsec spi 401 esp des 1234567812345678 md5 12345678123456781234567812345678 OS10(config-router-ospfv3-100)# show configuration ! router ospfv3 100 area 0.0.0.1 encryption ipsec spi 401 esp des 1234567812345678 md5 12345678123456781234567812345678 Troubleshoot OSPFv3 You can troubleshoot OSPFv3 operations and check questions for typical issues that interrupt a process.
Default OSPFv3 area authentication is not configured. Command Mode ROUTER-OSPFv3 Usage Information • • Example Supported Releases Before you enable IPsec authentication for an OSPFv3 area, you must enable OSPFv3 globally on each router. All OSPFv3 routers in the area must share the same authentication key to exchange information. Only a nonencrypted key is supported. For MD5 authentication, the non-encrypted key must be 32 plain hex digits.
Command Mode ROUTER-OSPFv3 Usage Information The no version of this command deletes a stub area. Example Supported Releases OS10(config)# router ospfv3 10 OS10(conf-router-ospfv3-10)# area 10.10.1.5 stub 10.3.0E or later auto-cost reference-bandwidth Calculates default metrics for the interface based on the configured auto-cost reference bandwidth value.
Usage Information This command clears the OSPFv3 traffic statistics in a specified instance or in all the configured OSPFv3 instances, and resets them to zero. Example Supported Releases OS10# clear ipv6 ospf 100 statistics 10.4.0E(R1) or later debug ip ospfv3 Enables Open Shortest Path First version 3(OSPFv3) debugging and displays messages related to processing of OSPFv3.
Supported Releases 10.3.0E or later ipv6 ospf authentication Configures OSPFv3 authentication on an IPv6 interface. Syntax ipv6 ospf authentication {null | ipsec spi number {MD5 | SHA1} key} Parameters • • • • • Default IPv6 OSPF authentication is not configured on an interface. Command Mode INTERFACE Usage Information • • • • Example Supported Releases null — Prevents area authentication from being inherited on the interface.
Parameters seconds — Enter the dead interval value in seconds, from 1 to 65535. Default 40 seconds Command Mode INTERFACE Usage Information The dead interval is four times the default hello-interval by default. The no version of this command resets the value to the default. Example Supported Releases OS10(config)# interface vlan 10 OS10(conf-if-vl-10)# ipv6 ospf dead-interval 10 10.3.0E or later ipv6 ospf encryption Configures OSPFv3 encryption on an IPv6 interface.
Default 10 seconds Command Mode INTERFACE Usage Information All routers in a network must have the same hello time interval between the hello packets. The no version of the this command resets the value to the default. Example Supported Releases OS10(config)# interface vlan 10 OS10(conf-if-vl-10)# ipv6 ospf hello-interval 30 10.3.0E or later ipv6 ospf network Sets the network type for the interface.
Default 1 Command Mode INTERFACE Usage Information When two routers attached to a network attempt to become the DR, the one with the higher router priority takes precedence. The no version of this command resets the value to the default. Example Supported Releases OS10(config)# interface ethernet 1/1/6 OS10(conf-if-eth1/1/6)# ipv6 ospf priority 4 10.3.0E or later log-adjacency-changes Enables logging of syslog messages about changes in the OSPFv3 adjacency state.
Usage Information When an OSPFv3 redistributes, the process is not completely removed from the BGP configuration. The no version of this command disables the redistribute configuration. Example OS10(config)# router ospfv3 100 OS10(config-router-ospfv3-100)# redistribute bgp 4 route-map dell1 Example (Connected) Supported Releases OS10((config-router-ospfv3-100)# redistribute connected route-map dell2 10.3.0E or later router-id Configures a fixed router ID for the OSPFv3 process.
Usage Information None Example Supported Releases OS10# show ipv6 ospf Routing Process ospfv3 200 with ID 1.1.1.1 It is an Area Border Router Min LSA origination 5000 msec, Min LSA arrival 1000 Min LSA hold time 0 msec, Max LSA wait time 0 msec Number of area in this router is 2, normal 2 stub 0 Area (0.0.0.0) Number of interface in this area is 1 SPF algorithm executed 42 times Area (0.0.0.
--------------------------------------------------------------1.1.1.1 1605 0x80000027 1 3.3.3.3 Link (Type-8) Link States (Area 0.0.0.0) ADV Router Age Seq# Link ID Interface -------------------------------------------------------------------1.1.1.1 1615 0x80000125 5 ethernet1/1/1 2.2.2.2 1369 0x8000011B 5 ethernet1/1/1 10.0.0.2 1044 0x80000001 5 ethernet1/1/1 Type-5 AS External Link States ADV Router Age Seq# Prefix -------------------------------------------------------------------------3.3.3.
• • • • Example Supported Releases State—Displays the OSPF state of the neighbor. Dead Time—Displays the expected time until the system declares the neighbor dead. Interface ID—Displays the neighbor interface ID Interface—Displays the interface type, node/slot/port or number information. OS10(conf-if-eth1/1/1)# show ipv6 ospf neighbor Neighbor ID Pri State Dead Time Interface ID Interface ------------------------------------------------------------------2.2.2.2 1 Full/DR 00:00:30 5 ethernet1/1/1 10.3.
Parameters • • • start-time — Sets the initial SPF delay in milliseconds, from 1 to 600000; default 1000. hold-time — Sets the additional hold time between two SPF calculations in milliseconds, from 1 to 600000; default 10000. max-wait — Sets the maximum wait time between two SPF calculations in milliseconds, from 1 to 600000; default 10000.
Figure 8. Object tracking Interface tracking You can create an object that tracks the line-protocol state of an L2 interface, and monitors its operational up or down status. You can configure up to 500 objects. Each object is assigned a unique ID. When the link-level status goes down, the tracked resource status is also considered Down. If the link-level status goes up, the tracked resource status is also considered Up.
2. (Optional) Enter interface object tracking on the line-protocol state of an L2 interface in OBJECT TRACKING mode. interface interface line-protocol 3. (Optional) Configure the time delay used before communicating a change to the status of a tracked interface in OBJECT TRACKING mode, from 0 to 80 seconds; default 0. delay [up seconds] [down seconds] 4. (Optional) View the tracked object information in EXEC mode. show track object-id 5. (Optional) View all interface object information in EXEC mode.
OS10 (conf-track-2)# do show track 2 IP Host 1.1.1.
--------------------------------------------------------------------------------2 ipv4-reachablity 1.1.1.
ip reachability Configures an object to track a specific next-hop host's reachability. Syntax ip host-ip-address reachability Parameters host-ip-address — Enter the IPv4 host address. Defaults Not configured Command Mode CONFIGURATION Usage Information None Example Supported Releases OS10(config)# track 100 OS10(conf-track-100)# ip 10.10.10.1 reachability 10.3.0E or later ipv6 reachability Configures an object to track a specific next-hop host's reachability.
• • • interface — (Optional) Displays all interface object information. ip — (Optional) Displays all IPv4 next-hop object information. ipv6 — (Optional) Displays all IPv6 next-hop object information.
1. Assign an access-list to match the route-map in CONFIGURATION mode. ip access-list access-list-name 2. Set the IP address to match the access-list in IP-ACL mode. permit ip ip-address Configure IPv4 access-list to match route-map OS10(config)# ip access-list acl5 OS10(conf-ipv4-acl)# permit ip 10.10.10.
1. View IPv4 or IPv6 PBR policy information in EXEC mode. show {ip | ipv6} policy name 2. View current PBR statistics in EXEC mode. show route-map map-name pbr-statistics 3. Clear all policy statistics information in EXEC mode.
3. Configure a route-map to re-direct traffic arriving on a specific VRF instance. route-map route-map-name 4. Enter the IPv4 or IPv6 address to match and specify the access-list name. match {ip | ipv6} address access-list-name 5. In the route-map, set the IPv4 or IPv6 next-hop to be reached through a different VRF instance. set {ip | ipv6} vrf vrf-name next-hop next-hop-ipv4address This next-hop-address is reachable through a different VRF instance.
SW 1 VLAN configuration • Create a VLAN and assign an IP address to it which acts as the gateway for the hosts in the VM. OS10# configure terminal OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# no shutdown OS10(conf-if-vl-100)# ip address 10.1.1.1/24 OS10(conf-if-vl-100)# exit • Create another VLAN and assign an IP address to it. OS10# configure terminal OS10(config)# interface vlan 200 OS10(conf-if-vl-200)# no shutdown OS10(conf-if-vl-200)# ip address 10.2.1.
3. Specify the management IP address of the VLT peer as a backup link. OS10(conf-vlt-1)# backup destination 10.10.10.2 4. Configure VLT port channels.
VLT configuration 1. Create a VLT domain and configure VLTi. OS10(config)# interface range ethernet 1/1/4-1/1/5 OS10(conf-range-eth1/1/4-1/1/5)# no switchport OS10(conf-range-eth1/1/4-1/1/5)# exit OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# discovery-interface ethernet 1/1/4-1/1/5 2. Configure a VLT MAC address. OS10(conf-vlt-1)# vlt-mac 12:5e:23:f4:23:54 3. Specify the management IP address of the VLT peer as a backup link. OS10(conf-vlt-1)# backup destination 10.10.10.1 4. Configure VLT port channels.
Using the following PBR configuration, you can re-direct traffic ingresssing to VRF RED to a destination that is reachable through the next-hop IP address 2.2.2.2 in VRF BLUE: 1. Create a route-map. OS10(config)# route-map test 2. Enter the IP address to match the specified access list. OS10(config-route-map)# match ip 4.4.4.4 acl1 3. Set the next-hop address to 2.2.2.2, which is reachable through VRF BLUE. OS10(config-route-map)# OS10(config-route-map)# set ip vrf BLUE next-hop 2.2.2.
3. Configure the route-map. route-map route-map-name OS10(config-route-map)# OS10(config-route-map)# match ip address acl1 4. Set the track ID configured in step 1 to the route-map. set ip vrf vrf-name nexy-hop next-hop-address track-id track-id-number OS10(config-route-map)# set ip vrf red next-hop 1.1.1.1 track-id 200 5. Apply the route-map to the interface where traffic is ingressing on the VRF instance.
• Create a route-map to permit traffic for PBR processing. route-map TEST-RM permit 10 match ip address TEST-ACL set ip next-hop 10.0.40.235 • Apply the policy to the previously created interface. ip policy route-map TEST-RM In this configuration, the route-map TEST-RM deny 5 configuration blocks traffic that matches the TEST-ACL-DENY ACL from further PBR processing. This traffic is routed using the routing table.
Supported Releases 10.3.0E or later match address Matches the access-list to the route-map. Syntax match {ip | ipv6} address [name] Parameters name—Enter the name of an access-list. A maximum of 140 characters. Defaults Not configured Command Mode ROUTE-MAP Usage Information None Example Supported Releases OS10(conf-route-map)# match ip address acl1 10.3.0E or later policy route-map Assigns a route-map for IPv4 or IPV6 policy-based routing to the interface.
Parameters • vrf vrf-name — Enter the keyword then the name of the VRF to make the next-hop reachable over that VRF. address — Enter the next-hop IPv4 or IPv6 address. • Defaults Not configured Command Mode ROUTE-MAP Usage Information You must configure next-hop IP address tracking and PBR next-hop with the same VRF instance. For next-hop reachability in the same VRF instance, you must configure both PBR per VRF and object tracking.
Usage Information None Example Supported Releases OS10# show ip policy map-name 10.3.0E or later show route-map pbr-statistics Displays the current PBR statistics. Syntax show route-map [map-name] pbr-statistics Parameters map-name — (Optional) Enter the name of a configured route map. A maximum of 140 characters. Defaults None Command Mode EXEC Usage Information None Example Supported Releases OS10# show route-map map1 pbr-statistics 10.3.
The example shows a typical network configuration using VRRP. Instead of configuring the hosts on network 10.10.10.0 with the IP address of either Router A or Router B as the default router, the default router of all hosts is set to the IP address of the virtual router. When any host on the LAN segment requests Internet access, it sends packets to the IP address of the virtual router.
! vrrp-group 254 no shutdown ... Group version Configure a VRRP version for the system. Define either VRRPv2 — vrrp version 2 or VRRPv3 — vrrp version 3. • Configure the VRRP version for IPv4 in INTERFACE mode. vrrp version Configure VRRP version 3 OS10(config)# vrrp version 3 1. Set the switch with the lowest priority to vrrp version 2. 2. Set the switch with the highest priority to vrrp version 3. 3. Set all switches from vrrp version 2 to vrrp version 3.
1. Configure a VRRP group in INTERFACE mode, from 1 to 255. vrrp-group vrrp-id 2. Configure virtual IP addresses for this VRRP ID in INTERFACE-VRRP mode. A maximum of 10 IP addresses. virtual-address ip-address1 [...ip-address10] Configure virtual IP address OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# no switchport OS10(conf-if-eth1/1/1)# ip address 10.1.1.1/24 OS10(conf-if-eth1/1/1)# vrrp-group 10 OS10(conf-eth1/1/1-vrid-10)# virtual-address 10.1.1.
Configure virtual IP address in a VRF You can configure a VRRP group in a non-default VRF instance and assign a virtual address to this group. To configure VRRP under a specific VRF: 1. Create the non-default VRF in which you want to configure VRRP. ip vrf vrf-name CONFIGURATION Mode 2. In the VRF Configuration mode, enter the desired interface. interface interface-id VRF CONFIGURATION Mode 3. Remove the interface from L2 switching mode. no switchport INTERFACE CONFIGURATION Mode 4.
Verify VRRP group priority OS10(conf-eth1/1/5-vrid-254)# do show vrrp 254 Interface : ethernet1/1/5 IPv4 VRID : 254 Primary IP Address : 10.1.1.1 State : master-state Virtual MAC Address : 00:00:5e:00:01:01 Version : version-3 Priority : 200 Preempt : Hold-time : Authentication : no-authentication Virtual IP address : 10.1.1.
Disable preempt OS10(config)# interface ethernet 1/1/5 OS10(conf-if-eth1/1/5)# vrrp-group 254 OS10(conf-eth1/1/5-vrid-254)# no preempt View running configuration OS10(conf-eth1/1/5-vrid-254)# do show running-configuration ! Version 10.2.0E ! Last configuration change at Sep 24 07:17:45 2016 ! debug radius false snmp-server contact http://www.dell.
! aaa authentication system:local ! interface ethernet1/1/1 ip address 10.1.1.1/16 no switchport no shutdown ! vrrp-group 1 advertisment-interval centisecs 200 priority 200 virtual-address 10.1.1.1 ! interface ethernet1/1/2 switchport access vlan 1 no shutdown Interface/object tracking You can monitor the state of any interface according to the virtual group. OS10 supports a maximum of 10 track groups and each track group can track only one interface.
no switchport no shutdown ! vrrp-group 1 priority 200 virtual-address 10.1.1.1 ! interface ethernet1/1/2 switchport access vlan 1 no shutdown ! interface ethernet1/1/3 switchport access vlan 1 no shutdown ! interface ethernet1/1/4 switchport access vlan 1 no shutdown ! interface ethernet1/1/5 switchport access vlan 1 no shutdown ! interface ethernet1/1/6 switchport access vlan 1 no shutdown ! ..... .....
authentication-type Enables authentication of VRRP data exchanges. Syntax authentication-type simple-text password Parameters simple-text password — Enter a simple text password. Default Disabled Command Mode INTERFACE-VRRP Usage Information With authentication enabled, OS10 ensures that only trusted routers participate in routing in an autonomous network. The no version of this command disables authentication of VRRP data exchanges.
show vrrp Displays VRRP group information. Syntax show vrrp [vrf vrf-name] {brief | vrrp-id | ipv6 group-id} Parameters • • • vrf vrf-name — Displays the VRRP group information corresponding to the specified VRF. brief — Displays the configuration information for all VRRP instances in the system. vrrp-id — Enter a VRRP group ID number to view the VRRP IPv4 group operational status information, from 1 to 255.
Supported Releases 10.2.0E or later track interface Monitors an interface and lowers the priority value of the VRRP group on that interface, if disabled. Syntax interface {ethernet node/slot/port[:subport]} [line-protocol] Parameters • • ethernet node/slot/port[:subport] — (Optional) Enter the keyword and the interface information to track. line-protocol — (Optional) Tracks the interface line-protocol operational status.
Usage Information VRRP delay reload time of zero seconds indicates no delays. This command configuration applies to all the VRRP configured interfaces. The no version of this command resets the value to the default. Example Supported Releases OS10(config)# vrrp delay reload 5 10.4.0E(R1) or later vrrp-group Assigns a VRRP group identification number to an IPv4 interface or VLAN Syntax vrrp-group vrrp-id Parameters vrrp-id — Enter a VRRP group identification number, from 1 to 255.
Usage Information The no version of this command disables the VRRP version for the IPv4 group. Example Supported Releases 694 Layer 3 OS10(config)# vrrp version 2 10.2.
15 Multicast Multicast is a technique that allows networking devices to send data to a group of interested receivers in a single transmission. For instance, this technique is widely used for streaming videos. Multicast allows you to more efficiently use network resources, specifically for bandwidth-consuming services such as audio and video transmission.
Unknown multicast flood control The unknown multicast flood control feature enables the system to forward unknown multicast packets only to a multicast router (mrouter). When you enable multicast snooping, OS10 forwards multicast frames, whose destination is already learned, to their intended recipients. When the system receives multicast frames whose destination is not known, it floods the frames for all ports on the specific VLAN. All hosts that receive these multicast frames must process them.
Enable multicast flood control Multicast flood control is enabled on OS10 by default. If it is disabled, use the following procedure to enable multicast flood control: 1. Configure IGMP snooping. To know how to configure IGMP snooping, see the IGMP snooping section. 2. Configure MLD snooping. To know how to configure MLD snooping, see the MLD Snooping section. 3. Enable the multicast flood control feature.
To disable multicast snooping flood control, use the no multicast snooping flood-restrict command. Example Supported Releases OS10(config)# multicast snooping flood-restrict 10.4.3.0 or later Internet Group Management Protocol Internet Group Management Protocol (IGMP) is a communications protocol that establishes multicast group memberships using IPv4 networks. OS10 supports IGMPv1, IGMPv2, and IGMPv3 to manage the multicast group memberships on IPv4 networks.
Supported IGMP versions IGMP has three versions. Version 3 obsoletes and is backwards-compatible with version 2; version 2 obsoletes version 1. OS10 supports the following IGMP versions: • • Router—IGMP versions 2 and 3. The default is version 3. Host—IGMP versions 1, 2, and 3. In IGMP version 2, the host expresses interest in a particular group membership (*, G).
IGMP immediate leave reduces leave latency by enabling a router to immediately delete the group membership on an interface after receiving a leave message. Immediate leave does not send group-specific or group-and-source queries before deleting the entry. To configure IGMP immediate leave: OS10# configure terminal OS10# interface vlan14 OS10(conf-if-vl-14)# ip igmp immediate-leave Select an IGMP version OS10 enables IGMP version 3 by default.
Group Address 225.1.1.1 225.1.1.2 225.1.1.3 225.1.1.4 225.1.1.5 225.1.1.6 225.1.1.7 225.1.1.8 225.1.1.9 225.1.1.10 225.1.1.11 225.1.1.12 225.1.1.13 225.1.1.14 225.1.1.15 225.1.1.
OS10(conf-if-vl-100)# OS10(conf-if-vl-100)# OS10(conf-if-vl-100)# OS10(conf-if-vl-100)# OS10(conf-if-vl-100)# OS10(conf-if-vl-100)# ip ip ip ip ip ip igmp igmp igmp igmp igmp igmp snooping querier version 3 snooping fast-leave snooping query-interval 60 snooping query-max-resp-time 10 snooping last-member-query-interval 1000 View IGMP snooping information OS10# show ip igmp snooping groups Total Number of Groups: 480 IGMP Connected Group Membership Group Address Interface Mode 225.1.0.
Example Supported Releases OS10# clear ip igmp groups 10.4.3.0 or later ip igmp immediate-leave Enables IGMP immediate leave. Syntax ip igmp immediate-leave Parameters None Default None Command Mode INTERFACE Usage Information The querier sends some group-specific queries when it receives a leave message before deleting the group from the membership database. If you need to immediately delete a group from the membership database, use the ip igmp immediate-leave command.
Example Supported Releases OS10# configure terminal OS10# interface vlan12 OS10(conf-if-vl-12)# ip igmp query-interval 60 10.4.3.0 or later ip igmp query-max-resp-time Configures the maximum query response time advertised in general queries. Syntax ip igmp query-max-resp-time seconds Parameters seconds—Enter the amount of time in seconds, from 1 to 25.
Supported Releases 10.4.0E(R1) or later ip igmp snooping fast-leave Enables fast leave in IGMP snooping for specified VLAN. Syntax ip igmp snooping fast-leave Parameters None Default Disabled Command Mode VLAN INTERFACE Usage Information The fast leave option allows the IGMP snooping switch to remove an interface from the multicast group immediately on receiving the leave message. The no version of this command disables the fast leave functionality.
ip igmp snooping querier Enables IGMP querier processing for the specified VLAN interface. Syntax ip igmp snooping querier Parameters None Default Not configured Command Mode VLAN INTERFACE Usage Information The no version of this command disables IGMP querier on the VLAN interface.. Example Supported Releases OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# ip igmp snooping querier 10.4.
Command Mode VLAN INTERFACE Usage Information The no version of this command resets the version number to the default value. Example Supported Releases OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# ip igmp version 2 10.4.1.0 or later show ip igmp groups Displays the IGMP groups.
Parameters • • Default None Command Mode EXEC vrf vrf-name—Enter the keyword vrf, then the name of the VRF. interface name—Enter the keyword interface, then the interface name. Usage Information None Example OS10# show ip igmp interface Vlan103 is up, line protocol is up Internet address is 2.1.1.
225.1.0.6 vlan3031 IGMPv2-Compat Member-ports :port-channel51,ethernet1/1/51:1,ethernet1/1/52:1 225.1.0.7 vlan3031 IGMPv2-Compat Member-ports :port-channel51,ethernet1/1/51:1,ethernet1/1/52:1 225.1.0.8 vlan3031 IGMPv2-Compat Member-ports :port-channel51,ethernet1/1/51:1,ethernet1/1/52:1 225.1.0.9 vlan3031 IGMPv2-Compat Member-ports :port-channel51,ethernet1/1/51:1,ethernet1/1/52:1 225.1.0.
Group 232.11.0.1 Source List 101.41.0.21 Member Port Mode port-channel51 Include ethernet1/1/51:1 Include ethernet1/1/52:1 Include Uptime 1d:20:26:07 1d:20:26:05 1d:20:26:08 Expires 00:01:41 00:01:46 00:01:46 Uptime 1d:20:26:07 Expires 00:01:41 OS10# show ip igmp snooping groups vlan 3041 detail Interface vlan3041 Group 232.11.0.0 Source List 101.41.0.
Usage Information The multicast flood control feature is not available on the S4248FB-ON and S4248FBL-ON devices.
IGMP snooping last member query response interval is 1000 ms IGMP Snooping max response time is 10 seconds IGMP snooping fast-leave is disabled on this interface IGMP snooping querier is enabled on this interface Multicast snooping flood-restrict is enabled on this interface Supported Releases 10.4.0E(R1) or laterUpdated the command to display the multicast flood restrict status on 10.4.3.0 or later show ip igmp snooping mrouter Displays the multicast router ports details.
MLD snooping MLD snooping enables switches to use the information in MLD packets and generate a forwarding table that associates ports with multicast groups. When switches receive multicast frames, they forward them to their intended receivers. OS10 supports MLD snooping on VLAN interfaces. Effective with OS10 release 10.4.3.0, MLD snooping is enabled by default. Configure MLD snooping • • • • • • • • • • Enable MLD snooping globally with the ipv6 mld snooping enable command in the CONFIGURATION mode.
ff0e:225:1::4 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::5 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff02::2 vlan3532 Exclude 00:01:47 ff0e:225:2:: vlan3532 MLDv1-Compat 00:01:56 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:2::1 vlan3532 MLDv1-Compat 00:01:56 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:2::2 vlan3532 MLDv1-Compat 00:01:56 Member-ports :port
Example Supported Releases OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# no ipv6 mld snooping 10.4.1.0 or later ipv6 mld snooping enable Enables MLD snooping globally. Syntax ipv6 mld snooping enable Parameters None Default Enabled Command Mode CONFIGURATION Usage Information The no version of this command disables the MLD snooping. Example Supported Releases OS10(config)# ipv6 mld snooping enable 10.4.1.
ipv6 mld snooping mrouter Configures the specified VLAN member port as a multicast router interface. Syntax ipv6 mld snooping mrouter interface interface—type Parameters interface—type—Enter the interface type details. The interface should be a member of the VLAN. Default Not configured Command Mode VLAN INTERFACE Usage Information The no version of this command removes the multicast router configuration from the VLAN member port.
Command Mode VLAN INTERFACE Usage Information The no version of this command resets the query response time to default value. Example Supported Releases OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# ipv6 mld snooping query-max-resp-time 15 10.4.1.0 or later ipv6 mld version Configures the MLD version. Syntax ipv6 mld version version-number Parameters version-number—Enter the version number as 1 or 2.
00:01:52 Member-ports ff02::2 00:01:47 ff0e:225:2:: 00:01:56 Member-ports ff0e:225:2::1 00:01:56 Member-ports ff0e:225:2::2 00:01:56 Member-ports --more-Example (with VLAN) vlan3532 MLDv1-Compat :port-channel41,ethernet1/1/51,ethernet1/1/52 vlan3532 MLDv1-Compat :port-channel41,ethernet1/1/51,ethernet1/1/52 vlan3532 MLDv1-Compat :port-channel41,ethernet1/1/51,ethernet1/1/52 OS10# show ipv6 mld snooping groups vlan 3531 Total Number of Groups: 7 MLD Connected Group Membership Group Address Interface Mode
Source List 2001:101:29::1b Member Port port-channel31 ethernet1/1/51:1 ethernet1/1/52:1 Mode Include Include Include Uptime 2d:11:50:17 2d:11:50:36 2d:11:50:36 Expires 00:01:42 00:01:38 00:01:25 Uptime 2d:11:50:17 2d:11:50:36 2d:11:50:36 Expires 00:01:29 00:01:25 00:01:38 OS10# show ipv6 mld snooping groups vlan 3041 detail Interface vlan3041 Group ff02::2 Source List -Member Port Mode Uptime port-channel31 Exclude 2d:11:57:08 Expires 00:01:44 Interface vlan3041 Group ff3e:232:b:: Source List 2001:
Usage Information The multicast flood control feature is not available on the S4248FB-ON and S4248FBL-ON devices.
PIM terminology Table 43. PIM terminology Terminology Definition Rendezvous point (RP) The RP is a single root node that the shared tree uses, called the rendezvous point. (*, G) (*, G) refers to an entry in the PIM table for a group. (S, G) (S, G) refers to an entry in the PIM table for a source and group on the RP tree (RPT). (S, G, RPT) (S, G, RPT) refers to an entry in the RP tree. First hop router (FHR) The FHR is the router that is directly connected to the multicast source.
PIM-SSM PIM-SSM uses source-based trees. A separate multicast distribution tree is built for each multicast source that sends data to a multicast group. Each multicast distribution tree has as its root node a router near the source. Sources send data directly to the root of the tree. PIM-SSM enables receivers to specify the source from which to receive data and the multicast group they want to join.
Configure static rendezvous point The rendezvous point (RP) is an interface on a router that acts as the root to a group-specific tree; every group must have an RP. You must configure the RP on all nodes in your network. To configure a static RP: OS10# configure terminal OS10(config)# ip pim rp-address 171.1.1.1 group-address 225.1.1.
Every PIM router within a domain must map a particular multicast group address to the same RP. With BSR, group-to-RP mapping is dynamic. You can configure a subset of routers within a domain as C-RPs. Each PIM router selects an RP for a multicast group from the list of group-to-RP mappings learnt from the BSR messages. The RP election process is: 1. The C-BSRs announce their candidacy throughout the domain in BSMs. Each BSM contains a BSR priority. The C-BSR with the highest priority becomes the BSR. 2.
2. (Optional) Configure the BSR timer. OS10(config)# ip pim bsr-candidate-timers ethernet 1/1/9 advt-interval 40 To view the BSR timer value: OS10# show ip pim bsr-router This system is the Bootstrap Router (v2) BSR address: 10.1.1.8 BSR Priority: 255, Hash mask length: 31 Next bootstrap message in 00:00:39 This system is a candidate BSR Candidate BSR address: 11.1.1.8, priority: 255, hash mask length: 31 3. Configure candidate RP.
Next Cand_RP_advertisement in 00:00:09 RP: 10.1.2.8(loopback10) To view RP-mapping details: OS10# show ip pim rp mapping Group(s) : 225.1.1.0/24 RP : 10.1.2.8, v2 Info source: 10.1.1.8, via bootstrap, priority 23 expires: 00:01:04 Configure designated router priority Multiple PIM-SM routers can connect to a single local area network (LAN) segment. One of these routers is elected as the designated router (DR). The DR is elected using hello messages.
Default None Command Mode CONFIGURATION Usage Information After you enable IP multicast, enable IGMP and PIM on an interface. To do this, use the ip pim sparse-mode command in INTERFACE mode. The no form of the command disables IP multicast forwarding. Example Supported Releases OS10# configure terminal OS10(config)# ip multicast-routing 10.4.3.0 or later ip pim bsr-candidate Configures the router as an IPv4 PIM BSR candidate.
Command Mode CONFIGURATION Usage Information Use this command to adjust the time interval between periodic BSR advertisements. The no form of the command resets the candidate BSR advertisement interval to the default value. Do not specify the parameters in the no form of the command. Example Supported Releases OS10(config)# ip pim vrf red bsr-candidate-timers loopback 10 advt-interval 40 10.5.0 or later ip pim bsr-timeout Configures the BSR timeout value.
Parameters seconds—Enter the amount of time, in seconds, the router waits before sending a PIM hello packet out of each PIM-enabled interface, from 2 to 18000. Default 30 seconds Command Mode INTERFACE CONFIGURATION Usage Information The no form of this command returns the frequency of PIM router query messages to the default value. Example Supported Releases OS10# configure terminal OS10(config)# interface vlan 1 OS10(conf-if-vl-1)# ip pim query-interval 20 10.4.3.
• • • • • loopback-interface-number—Enter a value from 0 to 16383 vlan-number—Enter a value from 1 to 4093 port-channel-number—Enter a value from 1 to 128 priority-value—Enter a value from 0 to 255 acl-name—Standard ACL name Default Priority is 192. Command Mode CONFIGURATION Usage Information Specify the interface to obtain the candidate RP address. The access-list acl-name adds a range of group addresses that this candidate RP can serve.
ip pim sparse-mode Enables PIM sparse mode and IGMP on the interface. Syntax ip pim sparse-mode Parameters None Default Disabled Command Mode INTERFACE CONFIGURATION Usage Information Before you enable PIM sparse mode, ensure that: • • • Multicast is enabled globally using the ip multicast-routing command. The interface is enabled. Use the no shutdown command to enable the interface. The interface is in Layer 3 mode. PIM-SM is enabled only on a Layer 3 interface.
Example OS10# configure terminal OS10(config)# ip pim ssm-range ssm Supported Releases 10.4.3.0 or later show ip pim bsr-router Displays information about the bootstrap router. Syntax show ip pim [vrf vrf-name] bsr-router Parameters vrf vrf-name—Enter the keyword vrf, then the name of the VRF. Default None Command Mode EXEC Usage Information None Example OS10# show ip pim bsr-router PIMv2 Bootstrap information BSR address: 101.0.0.
show ip pim mcache Displays routes that are synchronized from VLT peer and local route information. Syntax show ip pim [vrf vrf-name] mcache [group-address [source-address]] [vlt] Parameters • • • Default None Command Mode EXEC vrf vrf-name—Enter the keyword vrf, then the name of the VRF. group-address—Enter the multicast group address in dotted-decimal format (A.B.C.D). source-address—Enter the multicast source address in dotted-decimal format (A.B.C.D).
Example Supported Releases OS10# show ip pim neighbor Neighbor Address Interface Uptime/Expires Ver DR Priority/Mode ------------------------------------------------------------------------------2.1.1.1 vlan103 13:05:58/00:01:19 v2 1 / S 3.1.1.1 vlan105 13:05:58/00:01:17 v2 1 / S 10.4.3.0 or later show ip pim rp Displays brief information about all multicast group to RP mappings.
Default None Command Mode EXEC Usage Information None Example Supported Releases OS10# show ip pim ssm-range Group Address / MaskLen 224.1.1.1 / 32 10.4.3.0 or later show ip pim summary Displays PIM summary. Syntax show ip pim [vrf vrf-name] summary Parameters vrf vrf-name—Enter the keyword vrf, then the name of the VRF.
show ip pim tib Displays the PIM tree information base (TIB). Syntax show ip pim [vrf vrf-name] tib [group-address [source-address]] Parameters • • • Default None Command Mode EXEC vrf vrf-name—Enter the keyword vrf, then the name of the VRF. group-address—Enter the group address in dotted-decimal format (A.B.C.D). source-address—Enter the source address in dotted-decimal format (A.B.C.D).
Example Supported Releases OS10# show ip rpf RPF information for 101.1.1.10 RPF interface: vlan103 RPF neighbor: 2.1.1.1 RPF route/mask: 101.1.1.0/255.255.255.0 RPF type: Unicast RPF information for 171.1.1.1 RPF interface: vlan105 RPF neighbor: 3.1.1.1 RPF route/mask: 171.1.1.0/255.255.255.0 RPF type: Unicast 10.4.3.0 or later PIM-SM sample configuration This section describes how to enable PIM-SM in the FHR, RP, and LHR nodes using the topology show in the following illustration.
FHR(config)# ip pim rp-address 192.168.1.25 group-address 224.0.0.0/4 FHR(config)# FHR# configure terminal FHR(config)# interface ethernet 1/1/48 FHR(conf-if-eth1/1/48)# no switchport FHR(conf-if-eth1/1/48)# ip address 22.1.1.2/24 FHR(conf-if-eth1/1/48)# ip pim sparse-mode FHR(conf-if-eth1/1/48)# ip ospf 1 area 0 FHR(conf-if-eth1/1/48)# The show ip pim interface command displays the PIM-enabled interfaces in FHR.
1.1.1.2 RP# ethernet1/1/43 v2/S 1 30 1 1.1.1.2 The show ip pim neighbor command displays the PIM neighbor of RP and the interface to reach the neighbor. RP# show ip pim neighbor Neighbor Address Interface Uptime/Expires Ver DR Priority/ Mode ---------------------------------------------------------------------------------------------3.3.3.2 ethernet1/1/31 00:02:57/00:01:17 v2 1 / DR S 1.1.1.
2.2.2.2 1.1.1.2 ethernet1/1/17 ethernet1/1/29 00:02:58/00:01:24 00:07:49/00:01:31 v2 v2 1 1 / DR S / DR S LHR# show ip pim rp mapping Group(s) : 224.0.0.0/4, Static RP : 192.168.1.25, v2 The following show command output examples display the PIM states across all nodes after IGMP join and multicast traffic is received. PIM states in FHR node The show ip pim tib command output displays the PIM tree information base (TIB).
00:01:59 LHR# 15.1.1.10 LHR# show ip pim tib PIM Multicast Routing Table Flags: S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register Flag, T - SPT-bit set, J - Join SPT, K - Ack-Pending state Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (*, 224.1.1.1), uptime 00:00:05, expires 00:00:54, RP 192.168.1.25, flags: SCJ Incoming interface: ethernet1/1/29, RPF neighbor 1.1.1.2 Outgoing interface list: vlan2001 Forward/Sparse 00:00:05/Never (22.1.1.10, 224.1.1.
R1(conf-if-eth1/1/6)# R1(conf-if-eth1/1/6)# R1(conf-if-eth1/1/6)# R1(conf-if-eth1/1/6)# no ip vrf forwarding no switchport channel-group 11 end R1# configure terminal R1(config)# interface ethernet 1/1/7 R1(conf-if-eth1/1/7)# no switchport R1(conf-if-eth1/1/7)# interface ethernet 1/1/7 R1(conf-if-eth1/1/7)# ip vrf forwarding red R1(conf-if-eth1/1/7)# ip address 201.1.1.
R2(conf-if-eth1/1/40:1)# end R2# configure terminal R2(config)# interface port-channel 11 R2(conf-if-po-11)# no switchport R2(conf-if-po-11)# ip vrf forwarding red R2(conf-if-po-11)# end R2# configure terminal R2(config)# interface ethernet 1/1/26:1 R2(conf-if-eth1/1/26:1)# no ip vrf forwarding R2(conf-if-eth1/1/26:1)# no switchport R2(conf-if-eth1/1/26:1)# channel-group 11 R2(conf-if-eth1/1/26:1)# end R2# configure terminal R2(config)# interface vlan 2001 R2(conf-if-vl-2001)# ip vrf forwarding red R2(conf-
--------------------------------------------------------------------------193.1.1.2 port-channel11 02:34:33/00:01:17 v2 1 / DR S The show ip pim vrf red ssm-range command displays the specified multicast address range. R1# show ip pim vrf red ssm-range Group Address / MaskLen 224.1.1.0 / 24 The show ip pim vrf red tib command output displays the PIM tree information base (TIB).
The show ip pim vrf red ssm-range command displays the specified multicast address range. R2# show ip pim vrf red ssm-range Group Address / MaskLen 224.1.1.0 / 24 The show ip pim vrf red mcache command output displays multicast route entries. R2# show ip pim vrf red mcache PIM Multicast Routing Cache Table (201.1.1.1, 224.1.1.
Perform the following configuration on each of the nodes, R1, R2, R3, and R4.
R1(config-router-ospf-100)# interface port-channel 11 R1(conf-if-po-11)# ip ospf 100 area 0 R1(conf-if-po-11)# end R1# configure terminal R1(config)# ip multicast-routing vrf red R1(config)# end R1# configure terminal R1(config)# ip pim vrf red rp-address 182.190.168.224 group-address 224.0.0.
R2(config)# ip pim vrf red rp-address 182.190.168.224 group-address 224.0.0.
R3(config-router-ospf-100)# interface Lo1 R3(conf-if-lo-1)# ip ospf 100 area 0 R3(conf-if-lo-1)# end R3# configure terminal R3(config)# ip multicast-routing vrf red R3(config)# end R3# configure terminal R3(config)# interface Lo1 R3(conf-if-lo-1)# ip vrf forwarding red R3(conf-if-lo-1)# ip address 182.190.168.224/32 R3(conf-if-lo-1)# ip pim sparse-mode R3(conf-if-lo-1)# no shutdown R3(conf-if-lo-1)# end R3# configure terminal R3(config)# ip pim vrf red rp-address 182.190.168.224 group-address 224.0.0.
R4(config)# interface port-channel 11 R4(conf-if-po-11)# no switchport R4(conf-if-po-11)# interface port-channel 11 R4(conf-if-po-11)# ip vrf forwarding red R4(conf-if-po-11)# ip address 193.1.1.2/24 R4(conf-if-po-11)# ip pim sparse-mode R4(conf-if-po-11)# no shutdown R4(conf-if-po-11)# end R4# configure terminal R4(config)# interface port-channel 12 R4(conf-if-po-12)# no switchport R4(conf-if-po-12)# interface port-channel 12 R4(conf-if-po-12)# ip vrf forwarding red R4(conf-if-po-12)# ip address 194.1.1.
Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (201.1.1.1, 224.1.1.1), uptime 00:00:33, expires 00:02:56, flags: FT Incoming interface: ethernet1/1/7, RPF neighbor 0.0.0.0 Outgoing interface list: port-channel11 Forward/Sparse 00:00:33/00:02:56 R1# show ip pim vrf red rp Group RP --------------------------------224.1.1.1 182.190.168.224 R1# show ip pim vrf red rp mapping Group(s) : 224.0.0.0/4, Static RP : 182.190.168.
RPF route/mask: 0.0.0.0/0.0.0.0 RPF type: Unicast R3# show ip pim vrf red rp mapping Group(s) : 224.0.0.0/4, Static RP : 182.190.168.224, v2 R3# show ip pim vrf red rp Group RP --------------------------------224.1.1.1 182.190.168.224 R3# show ip pim vrf red rp Group RP --------------------------------224.1.1.1 182.190.168.
R4# show ip rpf vrf red RPF information for 182.190.168.224 RPF interface: port-channel12 RPF neighbor: 194.1.1.1 RPF route/mask: 182.190.168.224/255.255.255.255 RPF type: Unicast R4# show ip pim vrf red tib PIM Multicast Routing Table Flags: S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register Flag, T - SPT-bit set, J - Join SPT, K - Ack-Pending state Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (*, 224.1.1.1), uptime 00:05:44, expires 00:00:15, RP 182.
VLT multicast routing OS10 supports multicast routing in a VLT domain for IPv4 networks. This feature provides resiliency to multicast-routed traffic when a VLT peer node or the VLTi link goes down. Multicast routing table synchronization Multicast routing protocols do not exchange multicast routes between peer VLT nodes. Each VLT node runs the PIM protocol independent of the peer VLT node. Hence, the PIM states do not synchronize between the nodes.
• In large-scale multicast deployments, you might see frequent bursts of multicast control traffic. For such deployments, Dell EMC recommends that you increase the burst size for queue 2 on all PIM routers using control-plane policing. For more information on how to configure a QoS policy to rate limit control-plane traffic, see Configure control-plane policing. NOTE: OS10 does not support Anycast RP.
core(config)# interface loopback 103 core(conf-if-lo-103)# no shutdown core(conf-if-lo-103)# ip address 103.0.0.3/32 core(conf-if-lo-103)# ip pim sparse-mode core(conf-if-lo-103)# ip ospf 100 area 0.0.0.0 core(conf-if-lo-103)# exit PIM neighbors of core and the interface to reach the neighbors The show ip pim neighbor command displays the PIM neighbors of core and the interface to reach the neighbors.
Sample configuration on AG1: AG1# configure terminal AG1(config)# ip multicast-routing AG1 (config)# ip pim rp-address 103.0.0.3 group-address 224.0.0.0/4 AG1(config)# router ospf 100 AG1(config-router-ospf-100)# exit AG1(config)# vlt-domain 255 AG1(conf-vlt-255)# backup destination 10.16.132.
AG1(conf-if-po-12)# vlt-port-channel 12 AG1(conf-if-po-12)# exit PIM neighbors of AG1 and the interface to reach the neighbors The show ip pim neighbor command displays the PIM neighbors of AG1 and the interface to reach the neighbors. AG1# show ip pim neighbor Neighbor Address Interface Uptime/Expires Ver DR Priority / Mode ---------------------------------------------------------------------11.0.0.2 vlan11 00:00:43/00:01:33 v2 10 / S 12.0.0.2 vlan12 00:01:01/00:01:44 v2 10 / S 12.0.0.
K - Ack-Pending state Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (*, 225.1.1.1), uptime 00:10:15, expires 00:00:44, RP 103.0.0.3, flags: SCJ Incoming interface: vlan12, RPF neighbor 12.0.0.3 Outgoing interface list: vlan11 Forward/Sparse 00:10:15/Never (16.0.0.10, 225.1.1.1), uptime 00:00:55, expires 00:02:34, flags: CT Incoming interface: vlan12, RPF neighbor 12.0.0.
AG2(config)# interface vlan 11 AG2(conf-if-vlan-11)# no shutdown AG2(conf-if-vlan-11)# ip address 11.0.0.2/24 AG2(conf-if-vlan-11)# ip pim sparse-mode AG2(conf-if-vlan-11)# ip pim dr-priority 10 AG2(conf-if-vlan-11)# ip ospf 100 area 0.0.0.0 AG2(conf-if-vlan-11)# ip ospf cost 3000 AG2(conf-if-vlan-11)# exit AG2(config)# interface vlan 12 AG2(conf-if-vlan-12)# no shutdown AG2(conf-if-vlan-12)# ip address 12.0.0.
The output of the show ip pim tib command. AG2# show ip pim tib PIM Multicast Routing Table Flags: S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register Flag, T - SPT-bit set, J - Join SPT, K - Ack-Pending state Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (*, 225.1.1.1), uptime 00:02:15, expires 00:00:00, RP 103.0.0.3, flags: SC Incoming interface: vlan12, RPF neighbor 12.0.0.
Outgoing interface list : vlan11 (S) (16.0.0.10, 225.1.1.
• • • • CR1, CR2, AG1, AG2, AG3, and AG4 are multicast routers. CR1 and CR2 are the BSR and RP nodes. TR1 and TR2 are IGMP-enabled L2 nodes. OSPFv2 is the unicast routing protocol. CR1 switch 1. Configure RSTP. CR1(config)# spanning-tree disable 2. Configure the VLT domain. CR1(config)# interface ethernet 1/1/27:2 CR1(conf-if-eth1/1/27:2)# no switchport CR1(config)#vlt-domain 128 CR1(conf-vlt-128)# backup destination 10.222.208.
CR1(conf-vlt-128)# CR1(conf-vlt-128)# CR1(conf-vlt-128)# CR1(conf-vlt-128)# discovery-interface ethernet1/1/27:2 peer-routing primary-priority 1 vlt-mac 9a:00:00:aa:aa:aa 3. Configure a port channel interface towards AG1 and AG2.
• VLAN 1001 towards AG1 and AG2 CR1(config)# interface vlan 1001 CR1(conf-if-vl-1001)# ip address 10.1.2.5/24 CR1(conf-if-vl-1001)# ip ospf 1 area 0.0.0.0 CR1(conf-if-vl-1001)# ip pim sparse-mode CR1(conf-if-vl-1001)# ip igmp snooping mrouter interface port-channel11 • VLAN 1101 towards AG3 CR1(config)# interface vlan 1101 CR1(conf-if-vl-1101)# ip address 10.1.3.5/24 CR1(conf-if-vl-1101)# ip ospf 1 area 0.0.0.
3. Configure a port channel interface towards AG1 and AG2. CR2(config)# interface port-channel 11 CR2(config)# interface ethernet 1/1/1:1 CR2(conf-if-eth1/1/1:1)# channel-group 11 mode active CR2(config)# interface ethernet 1/1/9:1 CR2(conf-if-eth1/1/9:1)# channel-group 11 mode active CR2(config)# interface port-channel 11 CR2(conf-if-po-11)# vlt-port-channel 11 4. Configure a port channel interface towards AG3.
CR2(conf-if-vl-1001)# ip pim sparse-mode CR2(conf-if-vl-1001)# ip igmp snooping mrouter interface port-channel11 • VLAN 1151 towards AG3 CR2(config)# interface vlan 1151 CR2(conf-if-vl-1151)# ip address 10.110.1.5/24 CR2(conf-if-vl-1151)# ip ospf 1 area 0.0.0.0 CR2(conf-if-vl-1151)# ip pim sparse-mode CR2(conf-if-vl-1151)# ip ospf cost 65535 CR2(conf-if-vl-1151)#ip igmp snooping mrouter interface port-channel22 • VLAN 1251 towards AG4 CR2(config)# interface vlan 1251 CR2(conf-if-vl-1251)# ip address 10.
AG1(config)# interface ethernet 1/1/3:1 AG1(conf-if-eth1/1/3:1)# channel-group 11 mode active AG1(config)# interface port-channel 11 AG1(conf-if-po-11)# vlt-port-channel 11 AG1(conf-if-po-11)# spanning-tree disable 4. Configure a port channel interface towards AG3 and AG4.
10. Configure the interfaces as VLAN trunk ports and specify the allowed VLANs.
AG2(config)# interface ethernet 1/1/17:1 AG2(conf-if-eth1/1/17:1)# channel-group 41 mode active 6. Configure Loopback interface and enable PIM-SM. AG2(config)# interface loopback 1 AG2(conf-if-lo-1)# ip address 10.1.100.2/32 AG2(conf-if-lo-1)# ip pim sparse-mode 7. Enable multicast routing on the default VRF. AG2(config)# ip multicast-routing 8. Configure OSPF for unicast routing.
AG3 switch 1. Configure RSTP. AG3(config)# spanning-tree mode rstp AG3(config)# spanning-tree rstp priority 8192 2. Configure the VLT domain. AG3(config)# interface ethernet 1/1/25:1 AG3(conf-if-eth1/1/25:1)# no switchport AG3(config)#vlt-domain 1 AG3(conf-vlt-255)# backup destination 10.222.208.39 AG3(conf-vlt-255)# discovery-interface ethernet1/1/25:1 AG3(conf-vlt-255)# peer-routing AG3(conf-vlt-255)# primary-priority 1 AG3(conf-vlt-255)# vlt-mac f0:ce:10:f0:ce:10 3.
AG3(conf-if-vl-1101)# ip pim sparse-mode AG3(conf-if-vl-1101)# ip igmp snooping mrouter interface port-channel21 • VLAN 1151 towards CR2 AG3(config)# interface vlan 1151 AG3(conf-if-vl-1151)# ip address 10.110.1.3/24 AG3(conf-if-vl-1151)# ip ospf 1 area 0.0.0.0 AG3(conf-if-vl-1151)# ip pim sparse-mode AG3(conf-if-vl-1151)# ip igmp snooping mrouter interface port-channel22 • VLAN 1301 towards AG1 and AG2 AG3(config)# interface vlan 1301 AG3(conf-if-vl-1301)# ip address 10.112.1.
AG4(conf-vlt-255)# primary-priority 65535 AG4(conf-vlt-255)# vlt-mac f0:ce:10:f0:ce:10 3. Configure a port channel interface towards CR1. AG4(config)# interface port-channel 31 AG4(config)# interface ethernet 1/1/1:1 AG4(conf-if-eth1/1/1:1)# channel-group 31 mode active 4. Configure a port channel interface towards CR2. AG4(config)# interface port-channel 32 AG4(config)# interface ethernet 1/1/4:1 AG4(conf-if-eth1/1/4:1)# channel-group 32 mode active 5.
• VLAN 2001 towards TR2 AG4(config)# interface vlan 2001 AG4(conf-if-vl-2001)# ip address 192.168.1.4/24 AG4(conf-if-vl-2001)# ip pim sparse-mode AG4(conf-if-vl-2001)# ip igmp snooping mrouter interface port-channel1 10. Configure the interfaces as VLAN trunk ports and specify the allowed VLANs.
TR1(conf-if-eth1/1/31)# switchport trunk allowed vlan 2001 TR1(conf-if-eth1/1/31)# spanning-tree port type edge TR1(config)# interface ethernet 1/1/32 TR1(conf-if-eth1/1/32)# switchport mode trunk TR1(conf-if-eth1/1/32)# switchport trunk allowed vlan 2001 TR1(conf-if-eth1/1/32)# spanning-tree port type edge TR2 switch 1. Configure RSTP. TR2(config)# spanning-tree mode rstp 2. Configure a port channel interface towards AG3.
10.1.1.6 10.1.3.3 10.1.4.4 10.1.2.1 10.1.2.2 10.1.2.6 vlan100 vlan1101 vlan1201 vlan1001 vlan1001 vlan1001 00:24:19/00:01:25 00:20:28/00:01:18 00:18:21/00:01:24 00:22:12/00:01:36 00:17:38/00:01:36 00:24:17/00:01:36 v2 v2 v2 v2 v2 v2 4294967295 1 1 1 1 1 The show ip pim summary command displays the PIM summary.
The show ip pim mcache command displays the multicast route entries. CR1# show ip pim mcache PIM Multicast Routing Cache Table (192.168.1.201, 225.1.0.0) Incoming interface : vlan1001 Outgoing interface list : vlan1 (192.168.1.202, 225.1.0.0) Incoming interface : vlan1001 Outgoing interface list : vlan1 (172.16.1.201, 225.1.0.0) Incoming interface : vlan1 Outgoing interface list : vlan1001 The show ip pim mcache vlt command displays the multicast route entries synchronized between the VLT peers.
Info source: 10.1.100.5, via bootstrap, priority 100 expires: 00:01:07 The show ip igmp snooping groups command displays the IGMP database. CR1# show ip igmp snooping groups Total Number of Groups: 320 CR1# show ip igmp snooping groups vlan 1 225.1.0.0 detail Interface vlan1 Group 225.1.0.
205 Null Register messages received 268/181 Register-stop messages sent/received Data path event summary: 11 last-hop switchover messages received 28/28 pim-assert messages sent/received 186/79 register messages sent/received VLT Multicast summary: 0(*,G) synced entries in MFC 21(S,G) synced entries in MFC 0(S,G,Rpt) synced entries in MFC The show ip pim tib command displays the PIM tree information base (TIB).
The show ip pim mcache vlt command displays the multicast route entries synchronized between the VLT peers. CR2# show ip pim mcache vlt PIM Multicast Routing Cache Table Flags: S - Synced (192.168.1.201, 225.1.0.0) Incoming interface : vlan1001 Outgoing interface list : vlan1 (192.168.1.202, 225.1.0.0) Incoming interface : vlan1001 Outgoing interface list : vlan1 (172.16.1.201, 225.1.0.
AG1 The show ip pim interface command displays the PIM-enabled interfaces on the node. AG1# show ip pim interface Address Interface Ver/Mode Nbr Count Query Intvl DR Prio DR ----------------------------------------------------------------------------10.1.2.1 vlan1001 v2/S 3 30 1 10.1.2.6 10.112.1.1 vlan1301 v2/S 3 30 1 10.112.1.4 192.168.1.4 vlan2001 v2/S 3 30 4294967295 192.168.1.4 The show ip pim neighbor command displays the PIM neighbor of the node and the interface to reach the neighbor.
The show ip pim tib command displays the PIM tree information base (TIB). AG1# show ip pim tib PIM Multicast Routing Table Flags: S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register Flag, T - SPT-bit set, J - Join SPT, K - Ack-Pending state Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (*, 225.1.0.0), uptime 01:39:47, expires 00:00:09, RP 10.1.100.6, flags: SCJ Incoming interface: vlan1001, RPF neighbor 10.1.2.
vlan1001 vlan2002 vlan2003 vlan2004 vlan2005 (172.16.1.201, 225.1.0.0) Incoming interface : vlan1001 Outgoing interface list : vlan2002 vlan2003 vlan2004 vlan2005 The show ip pim mcache vlt command displays the multicast route entries synchronized between the VLT peers. AG1# show ip pim mcache vlt | no-more PIM Multicast Routing Cache Table Flags: S - Synced (*, 225.1.0.0) Incoming interface : vlan1001 Outgoing interface list : vlan2002 vlan2003 vlan2004 vlan2005 (192.168.1.201, 225.1.0.
--------------------------------225.1.0.0 10.1.100.6 AG1# show ip pim rp mapping Group(s) : 225.0.0.0/8 RP : 10.1.100.5, v2 Info source: 10.1.100.5, via bootstrap, priority 100 expires: 00:00:45 Group(s) : 225.0.0.0/8 RP : 10.1.100.6, v2 Info source: 10.1.100.5, via bootstrap, priority 100 expires: 00:00:56 The show ip igmp snooping groups command displays the IGMP database. AG1# show ip igmp snooping groups Total Number of Groups: 1600 AG1# show ip igmp snooping groups vlan 2001 225.1.0.
TIB Summary: 20/0 (*,G) entries in PIM-TIB/MFC 40/40 (S,G) entries in PIM-TIB/MFC 0/0 (S,G,Rpt) entries in PIM-TIB/MFC 2 RP 2 sources 0 Register states Message Summary: 63/775 Joins/Prunes sent/received 0/0 Candidate-RP advertisements sent/received 587/1895 BSR messages sent/received 0 Null Register messages received 0/0 Register-stop messages sent/received Data path event summary: 0 last-hop switchover messages received 22/162 pim-assert messages sent/received 0/0 register messages sent/received VLT Multic
(192.168.1.201, 225.1.0.0) Incoming interface : vlan2001 Outgoing interface list : vlan1001 vlan2002 vlan2003 vlan2004 vlan2005 (192.168.1.202, 225.1.0.0) Incoming interface : vlan2001 Outgoing interface list : vlan1001 vlan2002 vlan2003 vlan2004 vlan2005 (172.16.1.201, 225.1.0.0) Incoming interface : vlan1001 Outgoing interface list : vlan2002 vlan2003 vlan2004 vlan2005 The show ip pim mcache vlt command displays the multicast route entries synchronized between the VLT peers.
BSR Priority: 199, Hash mask length: 31 Expires: 00:00:26 The show ip pim rp mapping command displays information about all multicast group-to-RP mappings. AG2# show ip pim rp Group RP --------------------------------225.1.0.0 10.1.100.6 AG2# show ip pim rp mapping Group(s) : 225.0.0.0/8 RP : 10.1.100.5, v2 Info source: 10.1.100.5, via bootstrap, priority 100 expires: 00:01:03 Group(s) : 225.0.0.0/8 RP : 10.1.100.6, v2 Info source: 10.1.100.
Active Modes: PIM-SM Interface summary: 8 active PIM interfaces 0 passive PIM interfaces 20 active PIM neighbor TIB Summary: 20/0 (*,G) entries in PIM-TIB/MFC 40/40 (S,G) entries in PIM-TIB/MFC 0/0 (S,G,Rpt) entries in PIM-TIB/MFC 2 RP 2 sources 0 Register states Message Summary: 40/20 Joins/Prunes sent/received 0/0 Candidate-RP advertisements sent/received 680/1899 BSR messages sent/received 0 Null Register messages received 0/0 Register-stop messages sent/received Data path event summary: 0 last-hop switc
Outgoing interface list : (192.168.1.202, 225.1.0.0) Incoming interface : vlan2001 Outgoing interface list : The show ip pim bsr-router command displays information about the BSR. AG3# show ip pim bsr-router PIMv2 Bootstrap information BSR address: 10.1.100.5 BSR Priority: 199, Hash mask length: 31 Expires: 00:00:30 The show ip pim rp mapping command displays information about all multicast group-to-RP mappings. AG3# show ip pim rp Group RP -------------------------------225.1.0.0 10.1.100.
192.168.1.4 192.168.1.3 192.168.1.2 10.192.168.5 vlan2001 vlan2001 vlan2001 vlan1251 00:22:52/00:01:41 00:20:33/00:01:41 00:23:50/00:01:41 00:22:37/00:01:39 v2 v2 v2 v2 4294967295 4294967290 100000 1 / / / / DR S S S DR S The show ip pim summary command displays the PIM summary.
(192.168.1.202, 225.1.0.0), uptime 01:27:01, expires 00:00:30, flags: CTP Incoming interface: vlan2001, RPF neighbor 0.0.0.0 Outgoing interface list: (172.16.1.201, 225.1.0.0), uptime 01:27:01, expires 00:00:31, flags: CT Incoming interface: vlan1251, RPF neighbor 10.192.168.5 Outgoing interface list: vlan2001 Forward/Sparse 01:27:01/Never The show ip pim mcache command displays the multicast route entries. AG4# show ip pim mcache PIM Multicast Routing Cache Table (*, 225.1.0.
Member Port port-channel1 port-channel1000 port-channel51 ethernet1/1/32:2 Mode Exclude IGMPv2-Compat Exclude IGMPv2-Compat Uptime 01:52:34 01:54:04 01:52:49 01:53:42 Expires 00:01:26 00:01:27 00:01:21 00:01:27 TR1 The show ip igmp snooping groups command displays the IGMP database. TR1# show ip igmp snooping groups Total Number of Groups: 1600 TR1# show ip igmp snooping groups vlan 2001 225.1.0.0 detail Interface vlan2001 Group 225.1.0.
show vlt mismatch Displays configuration mismatch between VLT peers. Syntax show vlt {domain-id | all} mismatch Parameters domain-id—Enter a VLT domain ID, from 1 to 255. Default None Command Mode EXEC Usage Information The show vlt mismatch command displays multicast configuration mismatches.
16 VXLAN A virtual extensible LAN (VXLAN) extends Layer 2 (L2) server connectivity over an underlying Layer 3 (L3) transport network in a virtualized data center. A virtualized data center consists of virtual machines (VMs) in a multi-tenant environment. OS10 supports VXLAN as described in RFC 7348. VXLAN provides a L2 overlay mechanism on an existing L3 network by encapsulating the L2 frames in L3 packets.
VXLAN tunnel endpoint (VTEP) A switch with connected end hosts that are assigned to virtual networks. The virtual networks map to VXLAN segments. Local and remote VTEPs perform encapsulation and de-capsulation of VXLAN headers for the traffic between end hosts. A VTEP is also known as a network virtualization edge (NVE) node. Bridge domain A L2 domain that receives packets from member interfaces and forwards or floods them to other member interfaces based on the destination MAC address of the packet.
4. 5. 6. 7. Configure untagged access ports. (Optional) Enable routing for hosts on different virtual networks. Advertise the local VXLAN source IP address to remote VTEPs. (Optional) Configure VLT. Configure source IP address on VTEP When you configure a switch as a VXLAN tunnel endpoint (VTEP), configure a Loopback interface, whose IP address is used as the source IP address in encapsulated packet headers.
After you configure the remote VTEP, when the IP routing path to the remote VTEP IP address in the underlay IP network is known, the virtual network sends and receives VXLAN-encapsulated traffic from and to downstream servers and hosts. All broadcast, multicast, and unknown unicast (BUM) traffic received on access interfaces replicate and are sent to all configured remote VTEPs. Each packet contains the VXLAN VNI in its header.
transmits on the virtual-network bridge domain. The VLAN ID regenerates using the VLAN ID associated with the virtual-network egress interface on the VTEP and is included in the packet header. Configure untagged access ports Add untagged access ports to the VXLAN overlay network using either a switch-scoped VLAN or port-scoped VLAN. Only one method is supported. • To use a switch-scoped VLAN to add untagged member ports to a virtual network: 1. Assign a VLAN to a virtual network in VLAN Interface mode.
migration of hosts and virtual machines on different VTEPs, configure a common virtual IP address, known as an anycast IP address, on all VTEPs for each virtual network. Use this anycast IP address as the gateway IP address on VMs. To support multiple tenants when each tenant has its own L2 segments, configure a different IP VRF for each tenant. All tenants share the same VXLAN underlay IP fabric in the default VRF. 1. Create a non-default VRF instance for overlay routing in Configuration mode.
• • Internet Group Management Protocol (IGMP) and Protocol-Independent Multicast (PIM) are not supported on a virtual-network interface. IP routing of incoming VXLAN encapsulated traffic in the overlay after VXLAN termination is not supported. The following tables show how to use anycast gateway IP and MAC addresses in a data center with three virtual networks and multiple VTEPs: • Globally configure an anycast MAC address for all VTEPs in all virtual networks.
Each VTEP switch in the underlay IP network learns the IP address of the VXLAN source interface. If a remote VTEP switch is not reachable, its status displays as DOWN in the show nve remote-vtep output. 2. Configure the MTU value on L3 underlay network-facing interfaces in Interface mode to be at least 50 bytes higher than the MTU on the server-facing links to allow for VXLAN encapsulation. The range is from 1312 to 9216. mtu value 3. Return to CONFIGURATION mode.
Table 46.
DHCP relay on VTEPs Dynamic Host Configuration Protocol (DHCP) clients on hosts in the overlay communicate with a DHCP server using a DHCP relay on the VTEP switch. In OS10, DHCP relay is supported on VTEPs only if you locate the DHCP server in the underlay network. To work seamlessly, VTEP DHCP relay transmits the virtual-network IP address of the relay interface to the DHCP server. By default, DHCP uses the giaddr packet field to carry these addresses to the server.
100 100 1000 5000 ethernet1/1/1,ethernet1/1/2 ethernet1/1/2 View the VXLAN virtual-network VLANs OS10# show vlan Codes: * - Default VLAN, M - Management VLAN, R - Remote Port Mirroring VLANs, @ – Attached to Virtual Network Q: A - Access (Untagged), T - Tagged NUM * 1 @ 100 @ 101 200 Status Description Q Ports up A Eth1/1/1-1/1/48 up T Eth1/1/2,Eth1/1/3 A Eth1/1/1 up T port-channel5 up T Eth1/1/11-1/1/15 View the VXLAN virtual-network statistics OS10# show virtual-network counters Virtual-Network Input
The show ip arp vrf and show ipv6 neighbors vrf command output displays information about IPv4 and IPv6 neighbors learned in a non-default VRF on the switch. The show ip route vrf command displays the IPv4 and IPv6 routes learned. OS10# show ip arp vrf tenant1 Address Hardware address Interface Egress Interface ---------------------------------------------------------------111.0.0.2 00:c5:15:02:12:f1 virtual-network20 ethernet1/1/5 111.0.0.3 00:c5:15:02:12:a2 virtual-network20 port-channel5 111.0.0.
Table 47. Display VXLAN MAC addresses Command Description show mac address-table virtual-network [vn-id | local | remote | static | dynamic | address macaddress | interface {ethernet node/slot/ port:subport | port-channel number}] Displays all MAC addresses learned on all or a specified virtual network. vn-id: Displays only information about the specified virtual network. local: Displays only locally-learned MAC addresses. remote: Displays only remote MAC addresses.
Command Description show mac address-table count nve {remote-vtep ipaddress | vxlan-vni vn-id} Displays the number of MAC addresses learned for a virtual network or from a remote VTEP. remote-vtep ip-address: Displays the number of MAC addresses learned on the specified remote VTEP. vxlan-vni vn-id: Displays the number of MAC addresses learned on the specified VXLAN virtual network.
• disableoverlayrouting Default S5200-ON series switches: 53248 entries Allocate 0 next-hop entries for overlay routing and all next-hop entries for underlay routing. S4048T-ON and S6010-ON switches reserve 8192 ARP table entries. S4100-ON series switches reserve 4096 ARP table entries. S5200-ON series switches reserve 8192 ARP table entries. Command mode CONFIGURATION Usage information The number of reserved table entries in a profile varies according to the OS10 switch.
Usage information Configure the same anycast gateway IP address on all VTEPs in a VXLAN virtual network. Use the anycast gateway IP address as the default gateway IP address if the host VMs move from one VTEP to another in a VXLAN. The anycast gateway IP address must be in the same subnet as the IP address of the virtual-network router interface. Example Supported releases OS10(config)# interface virtual-network 10000 OS10(config-if-vn-10000)# ip virtual-router address 10.1.0.100 10.4.3.
Supported releases 10.4.2.0 or later nve Enters network virtualization edge (NVE) configuration mode to configure the source VXLAN tunnel endpoint. Syntax nve Parameters None Default None Command mode CONFIGURATION Usage information In NVE mode, configure the source tunnel endpoint for all virtual networks on the switch. Example Supported releases OS10# nve OS10(config-nve)# 10.4.2.0 or later remote-vtep Configures the IP address of a remote tunnel endpoint in a VXLAN network.
Example (S5200ON series) OS10# show hardware overlay-routing-profile mode all Overlay Underlay Overlay Mode Next-hop Next-hop L3 RIF Entries Entries Entries default-overlay-routing 8192 57344 2048 disable-overlay-routing 0 65536 0 balanced-overlay-routing 32768 32768 8192 scaled-overlay-routing 53248 12288 12288 show hardware overlay-routing-profile mode Overlay Setting Mode Next-hop Entries Current default-overlay-routing 8192 14336 Next-boot default-overlay-routing 8192 Supported releases Underlay L3 R
summary Display summary information about remote VTEPs. counters Display statistics on remote VTEP traffic. Default Not configured Command mode EXEC Usage information Use this command to display the IP address, operational state, and configured VXLANs for each remote VTEP. The remote MAC learning and unknown unicast drop settings used for each VXLAN ID (VNI) also display. Example OS10# show nve remote-vtep summary Remote-VTEP State ----------------------2.2.2.
Example Supported releases OS10# show nve vxlan-vni VNI Virtual-Network Source-IP Remote-VTEPs -----------------------------------------------------10000 1 1.1.1.1 2.2.2.2 200 2 1.1.1.1 2.2.2.2 300 300 1.1.1.1 2.2.2.2 10.4.2.0 or later show virtual-network Displays a virtual-network configuration, including all VXLAN configurations. Syntax Parameters show virtual-network [vn-id] vn-id Default Not configured Command mode EXEC Enter a virtual-network ID, from 1 to 65535.
show virtual-network interface counters Displays packet statistics for a member port, port channel, or VLAN in VXLAN virtual networks. Syntax show virtual-network interface {ethernet node/slot/port:subport | port-channel number} [vlan vlan-id] counters Parameters interface ethernet node/ slot/ port[:subport] Enter the port information for an Ethernet interface. interface port-channel number Enter a port-channel number, from 1 to 128. vlan vlan-id (Optional) Enter a VLAN ID, from 1 to 4093.
Supported releases 10.4.2.0 or later show virtual-network vlan Displays the VXLAN virtual networks where a VLAN is assigned. Syntax Parameters show virtual-network vlan vlan-id vlan vlan-id Default Not configured Command mode EXEC Enter a VLAN ID, from 1 to 4093. Usage information Use this command to verify the VXLAN virtual networks where a VLAN is assigned, including the port members connected to downstream servers.
Default Not configured Command mode NVE-INSTANCE Usage information The IP address of the Loopback interface serves as the source IP address in encapsulated packets transmitted from the switch as an NVE VTEP. • The Loopback interface must have an IP address configured. The Loopback IP address must be reachable from the remote VTEP. You cannot change the source interface if at least one VXLAN virtual network ID (VNID) is configured for the NVE instance.
vxlan-vni Assigns a VXLAN ID to a virtual network. Syntax Parameters vxlan-vni vni vni Default Not configured Command mode VIRTUAL-NETWORK Enter the VXLAN ID for a virtual network, from 1 to 16,777,215. Usage information This command associates a VXLAN ID number with a virtual network. The no version of this command removes the configured ID. Example Supported releases OS10(conf-vn-100)# vxlan-vni 100 OS10(config-vn-vxlan-vni)# 10.4.2.
virtualnetwork vn-id Clear all MAC addresses learned on the specified virtual network, from 1 to 65535. local Clear only locally-learned MAC addresses. vn-id Clear learned MAC addresses on the specified virtual network, from 1 to 65535. vn-id local Clear locally learned MAC addresses on the specified virtual network, from 1 to 65535. vn-id address mac-address Clear only the MAC address entry learned in the specified virtual network. Enter the MAC address in EEEE.EEEE.EEEE format.
Parameters vxlan-vni vni Display MAC addresses learned on the specified VXLAN virtual network, from 1 to 16,777,215. remote-vtep ip-address Display MAC addresses learned from the specified remote VTEP. Default Not configured Command mode EXEC Usage information Use the clear mac address-table dynamic nve remote-vtep command to delete all MAC address entries learned from a remote VTEP.
Static Address (User-defined) Count : Total MAC Addresses in Use: Supported releases 0 8 10.4.2.0 or later show mac address-table extended Displays MAC addresses learned on all VLANs and VXLANs. Syntax show mac address-table extended [address mac-address | interface {ethernet node/slot/port:subport | port-channel number} | static | dynamic] Parameters address macaddress Display only information about the specified MAC address.
remote-vtep ip-address Default Not configured Command mode EXEC Display MAC addresses learned from the specified remote VTEP. Usage information Use the clear mac address-table dynamic nve remote-vtep command to delete all MAC address entries learned from a remote VTEP. Use the clear mac address-table dynamic virtual-network vn-id command to delete all dynamic MAC address entries learned on a virtual-network bridge. Example OS10# show mac address-table nve remote-vtep 32.1.1.
10000 10000 20000 20000 20000 20000 20000 Supported releases 100 300 300 300 300 00:00:00:00:00:77 34:a0:a0:a1:a2:f6 00:00:00:00:00:22 00:00:00:00:00:33 00:00:00:00:00:66 00:00:00:00:00:88 34:a0:a0:a1:a2:f6 dynamic dynamic dynamic dynamic dynamic dynamic dynamic VxLAN(32.1.1.1) port-channel10 port-channel100 port-channel1000 port-channel10 VxLAN(32.1.1.1) port-channel10 10.4.2.
Figure 10. Static VXLAN use case VTEP 1 Leaf Switch 1. Configure the underlay OSPF protocol Do not configure the same IP address for the router ID and the source loopback interface in Step 2. OS10(config)# router ospf 1 OS10(config-router-ospf-1)# router-id 172.16.0.1 OS10(config-router-ospf-1)# exit 2. Configure a Loopback interface OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.1.1/32 OS10(conf-if-lo-0)# ip ospf 1 area 0.0.0.
3. Configure the Loopback interface as the VXLAN source tunnel interface OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 4.
OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# no switchport mtu 1650 ip address 172.16.2.0/31 ip ospf 1 area 0.0.0.0 exit 8. Configure VLT Configure a dedicated L3 underlay path to reach the VLT Peer in case of network failure OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.1/30 OS10(config-if-vl-4000)# ip ospf 1 area 0.0.0.
OS10(config-if-vn-10000)# ip address 10.1.0.231/16 OS10(config-if-vn-10000)# ip virtual-router address 10.1.0.100 OS10(config-if-vn-10000)# no shutdown OS10(config-if-vn-10000)# exit OS10(config)# interface virtual-network 20000 OS10(config-if-vn-20000)# ip vrf forwarding tenant1 OS10(config-if-vn-20000)# ip address 10.2.0.231/16 OS10(config-if-vn-20000)# ip virtual-router address 10.2.0.100 OS10(config-if-vn-20000)# no shutdown OS10(config-if-vn-20000)# exit VTEP 2 Leaf Switch 1.
OS10(conf-if-po-10)# exit OS10(config)# interface OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# ethernet1/1/5 no shutdown channel-group 10 mode active no switchport exit OS10(config)# interface port-channel20 OS10(conf-if-po-20)# no shutdown OS10(conf-if-po-20)# switchport mode access OS10(conf-if-po-20)# switchport access vlan 200 OS10(conf-if-po-20)# exit OS10(config)# interface OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10
Configure a VLT domain OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.150.
4. Configure VXLAN virtual networks with a static VTEP OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vxlan-vni 10000 OS10(config-vn-vxlan-vni)# remote-vtep OS10(config-vn-vxlan-vni-remote-vtep)# OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# vxlan-vni 20000 OS10(config-vn-vxlan-vni)# remote-vtep OS10(config-vn-vxlan-vni-remote-vtep)# OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 192.168.1.1 exit 192.168.1.
OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# no switchport mtu 1650 ip address 172.18.2.0/31 ip ospf 1 area 0.0.0.0 exit 9.
Configure an anycast L3 gateway OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 Configure routing with an anycast gateway IP address for each virtual network OS10(config)# interface virtual-network 10000 OS10(config-if-vn-10000)# ip vrf forwarding tenant1 OS10(config-if-vn-10000)# ip address 10.1.0.233/16 OS10(config-if-vn-10000)# ip virtual-router address 10.1.0.
OS10(conf-if-po-10)# no switchport access vlan OS10(conf-if-po-10)# exit OS10(config)# interface OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# ethernet1/1/5 no shutdown channel-group 10 mode active no switchport exit OS10(config)# interface port-channel20 OS10(conf-if-po-20)# no shutdown OS10(conf-if-po-20)# switchport mode trunk OS10(conf-if-po-20)# no switchport access vlan OS10(conf-if-po-20)# exit OS10(config)# interface OS10(conf-if-eth1/1/6)# OS10(co
OS10(conf-if-po-10)# exit OS10(config)# interface port-channel20 OS10(conf-if-po-20)# vlt port-channel 20 OS10(conf-if-po-20)# exit Configure VLTi member links OS10(config)# interface OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# ethernet1/1/3 no shutdown no switchport exit OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# ethernet1/1/4 no shutdown no switchport exit Configure a VLT domain OS10(config)# vlt-domain 1 OS10(conf-vlt-1)
OS10(conf-if-eth1/1/1)# ip address 172.16.1.1/31 OS10(conf-if-eth1/1/1)# ip ospf 1 area 0.0.0.0 OS10(conf-if-eth1/1/1)# exit OS10(config)# interface OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# ethernet1/1/2 no shutdown no switchport ip address 172.17.1.1/31 ip ospf 1 area 0.0.0.
BGP EVPN for VXLAN Ethernet Virtual Private Network (EVPN) is a control plane for VXLAN that reduces flooding in the network and resolves scalability concerns. EVPN uses MP-BGP to exchange information between VTEPs. EVPN was introduced in RFC 7432 and is based on BGP MPLSbased VPNs. RFC 8365 describes VXLAN-based EVPN. The MP-BGP EVPN control plane provides protocol-based remote VTEP discovery, and MAC and ARP learning. This configuration reduces flooding related to L2 unknown unicast traffic.
Figure 11. BGP EVPN topology Leaf nodes Leaf nodes are typically top-of-rack (ToR) switches in a data center network. They act as the VXLAN tunnel endpoints and perform VXLAN encapsulation and decapsulation. Leaf nodes also participate in the MP-BGP EVPN to support control plane and data plane functions. Control plane functions include: • • • Initiate and maintain route adjacencies using any routing protocol in the underlay network. Advertise locally learned routes to all MP-BGP EVPN peers.
• Does not perform VXLAN encapsulation or decapsulation. The BGP EVPN running on each VTEP listens to the exchange of route information in the local overlay, encodes the learned routes as BGP EVPN routes, and injects them into BGP to advertise to the peers. Tunnel endpoints advertise as Type 3 EVPN routes. MAC/IP addresses advertise as Type 2 EVPN routes. EVPN instance An EVPN instance (EVI) spans across the VTEPs that participate in an Ethernet VPN.
EVPN requires that you establish MP-BGP sessions between leaf and spine nodes in the underlay network. On each spine and leaf node, configure at least two BGP peering sessions: • • A directly connected BGP peer in the underlay network to advertise VTEP and Loopback IP addresses using the IPv4 unicast address family. A BGP peer in the overlay network to advertise overlay information using the EVPN address family. In BGP peer sessions in the overlay, activate only the EVPN address family.
f. Configure the L2 VPN EVPN address family for VXLAN host-based routing to the BGP peer in ROUTER-BGP-NEIGHBOR mode. address-family l2vpn evpn g. Enable the exchange of L2VPN EVPN addresses with the BGP peer in ROUTER-BGP-NEIGHBOR mode. activate h. Return to ROUTER-BGP mode. exit i. Enter IPv4 address-family configuration mode from ROUTER-BGP mode. address-family ipv4 unicast j. Disable the exchange of IPv4 addresses with BGP peers in ROUTER-BGP mode. no activate k. Return to ROUTER-BGP-NEIGHBOR mode.
b. Manually create an EVPN instance in EVPN mode. The range is from 1 to 65535. evi id c. Configure the Route Distinguisher in EVPN EVI mode. rd {A.B.C.D:[1-65535] | auto} Where: • rd A.B.C.D:[1-65535] configures the RD with a 4-octet IPv4 address then a 2-octet-number. • rd auto automatically generates the RD. d. Configure the RT values in EVPN EVI mode. route-target {auto | value [asn4] {import | export | both}} Where: • • route-target auto auto-configures an import and export value for EVPN routes.
MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) 4_OCTET_AS(65) MP_L2VPN_EVPN Capabilities advertised to neighbor for IPv4 Unicast: MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) 4_OCTET_AS(65) MP_L2VPN_EVPN Prefixes accepted 1, Prefixes advertised 1 Connections established 2; dropped 0 Last reset never Prefixes ignored due to: Martian address 0, Our own AS in AS-PATH 0 Invalid Nexthop 0, Invalid AS-PATH length 0 Wellknown community 0, Locally originated 0 Local host: 110.111.180.
To enable efficient traffic forwarding on a VTEP, OS10 supports distributed gateway routing. A distributed gateway allows multiple VTEPs to act as the gateway router for a tenant subnet. The VTEP that is located nearest to a host acts as its gateway router. To enable L3 gateway/IRB functionality for BGP EVPN, configure a VXLAN overlay network and enable routing on a switch: 1. Create a non-default VRF instance for overlay routing. For multi-tenancy, create a VRF instance for each tenant. 2.
Figure 12. BGP EVPN in VLT domain VXLAN BGP commands activate (l2vpn evpn) Enables the exchange of L2 VPN EVPN address family information with a BGP neighbor or peer group. Syntax activate Parameters None Default Not configured Command Mode ROUTER-BGP-NEIGHBOR-AF Usage Information Use this command to exchange L2 VPN EVPN address information for VXLAN host-based routing with a BGP neighbor. The IPv4 unicast address family is enabled by default.
Example Supported Releases OS10(conf-router-neighbor)# address-family l2vpn evpn unicast OS10(conf-router-bgp-neighbor-af)# activate 10.2.0E or later address-family l2vpn evpn Configures the L2 VPN EVPN address family for VXLAN host-based routing to a BGP neighbor.
Usage Information This command helps detect routing loops, based on the AS path before it starts advertising routes. To configure a neighbor to accept routes use the neighbor allowas-in command. The no version of this command disables sender-side loop detection for that neighbor. Example (IPv4) Example (IPv6) Supported Releases OS10(conf-router-bgp-102)# neighbor 3.3.3.
BGP version 4, remote router ID 3.3.3.
Example Supported releases OS10(config)# evpn OS10(config-evpn)# auto-evi 10.4.2.0 or later evi Creates an EVPN instance (EVI) in EVPN mode. Syntax Parameters evi id id Default Not configured Command mode EVPN Enter the EVPN instance ID, from 1 to 65535. Usage information If an MP-BGP network uses 4-byte autonomous systems or to specify the RD and RT values, manually configure EVPN instances and associate each EVI with the overlay VXLAN virtual network.
Usage information A RD maintains the uniqueness of an EVPN route between different EVPN instances. Configure a route distinguisher in a tenant VRF used for EVPN symmetric IRB traffic. The RD auto-configures as Type 1 from the overlay network source IP address and the auto-generated EVPN instance ID. Example OS10(config)# evpn OS10(config-evpn)# evi 10 OS10(config-evpn-evi)# vni 10000 OS10(config-evpn-evi)# rd 111.111.111.
show evpn evi Displays the configuration settings of EVPN instances. Syntax show evpn evi [id] Parameters id — (Optional) Enter the EVPN instance ID, from 1 to 65535. Default Not configured Command mode EXEC Usage information Use this command to verify EVPN instance status, associated VXLAN virtual networks and the RD and RT values the BGP EVPN routes use in the EVI. The status of integrated routing and bridging (IRB) and the VRF used for EVPN traffic also display.
EVI 811 next-hop 80.80.1.8 MAC Entries : Remote MAC Address Count : 2 Supported releases 10.4.2.0 or later show evpn mac-ip Displays the BGP EVPN Type 2 routes used for host MAC-IP address binding. Syntax show evpn mac-ip [count | evi evi [mac-address mac-address] | mac-address macaddress | next-hop ip-address] Parameters • • • • • count — Displays the total number of MAC addresses in EVPN MAC-IP address binding. evi evi — Enter an EVPN instance ID, from 1 to 65535.
104 104 14:18:77:25:6e:b9 14:18:77:25:6e:b9 lcl lcl 0 0 14.14.14.2 2001:14::14:2 OS10# show evpn mac-ip evi 101 mac-address 14:18:77:0c:e5:a3 Type EVI 101 101 -(lcl): Local (rmt): remote Mac-Address 14:18:77:0c:e5:a3 14:18:77:0c:e5:a3 Type rmt rmt Seq-No 0 0 Host-IP Interface/Next-Hop 11.11.11.3 95.0.0.5 2001:11::11:3 95.0.0.
Example OS10# show evpn vxlan-vni VXLAN-VNI 100 Supported releases EVI 65447 Bridge-Domain 65447 10.4.2.0 or later Example: VXLAN with BGP EVPN The following VXLAN with BGP EVPN example uses a Clos leaf-spine topology with VXLAN tunnel endpoints (VTEPs). The individual switch configuration shows how to set up an end-to-end VXLAN. eBGP is used to exchange IP routes in the IP underlay network, and EVPN routes in the VXLAN overlay network. All spine nodes are in one autonomous system—AS 101.
Figure 13. VXLAN BGP EVPN use case VTEP 1 Leaf Switch 1. Configure a Loopback interface for the VXLAN underlay using same IP address as the VLT peer OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.1.1/32 OS10(conf-if-lo-0)# exit 2.
3. Configure VXLAN virtual networks OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vxlan-vni 10000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# vxlan-vni 20000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 4.
OS10(config-router-bgp-100)# address-family ipv4 unicast OS10(config-router-bgp-af)# redistribute connected OS10(config-router-bgp-af)# exit 8. Configure eBGP for the IPv4 point-to-point peering OS10(config-router-bgp-100)# neighbor 172.16.1.
12. Configure VLT Configure a dedicated L3 underlay path to reach the VLT Peer in case of a network failure OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.
Configure routing on the virtual networks OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network 10000 ip vrf forwarding tenant1 ip address 10.1.0.231/16 ip virtual-router address 10.1.0.
OS10(config)# interface port-channel20 OS10(conf-if-po-20)# no shutdown OS10(conf-if-po-20)# switchport mode trunk OS10(conf-if-po-20)# switchport access vlan 200 OS10(conf-if-po-20)# exit OS10(config)# interface OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# ethernet1/1/6 no shutdown channel-group 20 mode active no switchport exit 6.
OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# no activate OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# address-family l2vpn evpn OS10(config-router-bgp-neighbor-af)# activate OS10(config-router-bgp-neighbor-af)# allowas-in 1 OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# neighbor 172.202.0.
OS10(conf-vlt-1)# vlt-mac aa:bb:cc:dd:ee:ff OS10(conf-vlt-1)# exit Configure UFD with uplink VLT ports and downlink network ports OS10(config)# uplink-state-group OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# 1 enable downstream ethernet1/1/1-1/1/2 upstream port-channel10 upstream port-channel20 exit Configure iBGP IPv4 peering between VLT peers OS10(config)# router bgp 100 OS10(config-ro
OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# vxlan-vni 20000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 4. Configure unused VLAN ID for untagged membership OS10(config)# virtual-network untagged-vlan 1000 5.
9. Configure eBGP for the IPv4 point-to-point peering OS10(config-router-bgp-100)# neighbor 172.18.1.1 OS10(config-router-neighbor)# remote-as 101 OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-bgp-neighbor-af)# allowas-in 1 OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# neighbor 172.18.2.
OS10(config-evpn-evi-20000)# OS10(config-evpn-evi-20000)# OS10(config-evpn-evi-20000)# OS10(config-evpn-evi-20000)# OS10(config-evpn)# exit vni 20000 rd auto route-target auto exit 13.
OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 14.
OS10(config)# interface OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# ethernet1/1/5 no shutdown channel-group 10 mode active no switchport exit OS10(config)# interface port-channel20 OS10(conf-if-po-20)# no shutdown OS10(conf-if-po-20)# switchport mode trunk OS10(conf-if-po-20)# no switchport access vlan OS10(conf-if-po-20)# exit OS10(config)# interface OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# etherne
OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 10. Configure a Loopback interface for BGP EVPN peering different from the VLT peer IP address OS10(config)# interface loopback1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 172.19.0.1/32 OS10(conf-if-lo-1)# exit 11. Configure BGP EVPN peering OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 172.201.0.
OS10(conf-vn-20000)# vlti-vlan 200 OS10(conf-vn-20000)# exit Configure a dedicated L3 underlay path to reach the VLT Peer in case of a network failure OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.
Configure routing on the virtual networks OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network 10000 ip vrf forwarding tenant1 ip address 10.1.0.234/16 ip virtual-router address 10.1.0.
OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-neighbor-af)# no sender-side-loop-detection OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-101)# neighbor 172.19.1.
OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-neighbor-af)# no activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# address-family l2vpn evpn OS10(conf-router-neighbor-af)# no sender-side-loop-detection OS10(conf-router-neighbor-af)# activate OS10(conf-router-neighbor-af)# exit Spine Switch 2 1.
OS10(conf-router-neighbor-af)# no sender-side-loop-detection OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-101)# exit 4. Configure a Loopback interface for BGP EVPN peering OS10(config)# interface loopback1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 172.202.0.1/32 OS10(conf-if-lo-1)# exit 5. Configure BGP EVPN peer sessions OS10(config)# router bgp 101 OS10(conf-router-bgp-101)# neighbor 172.16.0.
Verify VXLAN with BGP EVPN configuration 1. Verify virtual network configurations LEAF1# show virtual-network Codes: DP - MAC-learn Dataplane, CP - MAC-learn Controlplane, UUD - Unknown-Unicast-Drop Virtual Network: 10000 Members: VLAN 100: port-channel10, port-channel1000 VxLAN Virtual Network Identifier: 10000 Source Interface: loopback0(192.168.1.1) Remote-VTEPs (flood-list): 192.168.2.
64 64 64 64 bytes bytes bytes bytes from from from from 10.1.0.20: 10.1.0.20: 10.1.0.20: 10.1.0.20: icmp_seq=2 icmp_seq=3 icmp_seq=4 icmp_seq=5 ttl=64 ttl=64 ttl=64 ttl=64 time=0.737 time=0.772 time=0.799 time=0.866 ms ms ms ms --- 10.1.0.20 ping statistics --5 packets transmitted, 5 received, 0% packet loss, time 4061ms rtt min/avg/max/mdev = 0.737/0.783/0.866/0.047 ms root@HOST-A:~# 6. Check connectivity between host A and host D root@HOST-A:~# ping 10.2.0.20 -c 5 PING 10.2.0.20 (10.2.0.
Figure 14. VXLAN BGP EVPN with multiple AS VTEP 1 Leaf Switch 1. Configure a Loopback interface for the VXLAN underlay using same IP address as the VLT peer OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.1.1/32 OS10(conf-if-lo-0)# exit 2.
3. Configure VXLAN virtual networks OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vxlan-vni 10000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# vxlan-vni 20000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 4.
OS10(config-router-bgp-99)# address-family ipv4 unicast OS10(config-router-bgp-af)# redistribute connected OS10(config-router-bgp-af)# exit 8. Configure eBGP for the IPv4 point-to-point peering OS10(config-router-bgp-99)# neighbor 172.16.1.1 OS10(config-router-neighbor)# remote-as 101 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-99)# neighbor 172.16.2.
OS10(config-evpn-evi-20000)# route-target 100:20000 import OS10(config-evpn-evi-20000)#exit OS10(config-evpn)# 12. Configure VLT Configure a dedicated L3 underlay path to reach the VLT Peer in case of a network failure OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.
Configure an anycast gateway MAC address OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 Configure routing on the virtual networks OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network10000 ip vrf forwarding tenant1 ip address 10.1.0.231/16 ip virtual-router address 10.1.0.
OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# OS10(conf-if-eth1/1/5)# no shutdown channel-group 10 mode active no switchport exit OS10(config)# interface port-channel20 OS10(conf-if-po-20)# no shutdown OS10(conf-if-po-20)# switchport mode trunk OS10(conf-if-po-20)# switchport access vlan 200 OS10(conf-if-po-20)# exit OS10(config)# interface OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# ethernet1/1/6 no shutdown channel-group 20 m
OS10(config-router-bgp-neighbor-af)# no activate OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# address-family l2vpn evpn OS10(config-router-bgp-neighbor-af)# activate OS10(config-router-bgp-neighbor-af)# exit OS10(config-router-neighbor)# exit OS10(config-router-bgp-99)# neighbor 172.202.0.
OS10(conf-if-eth1/1/4)# no switchport OS10(conf-if-eth1/1/4)# exit Configure the VLT domain OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.150.
2. Configure the Loopback interface as the VXLAN source tunnel interface OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 3. Configure VXLAN virtual networks OS10(config)# virtual-network 10000 OS10(config-vn-10000)# vxlan-vni 10000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# vxlan-vni 20000 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 4.
OS10(conf-if-eth1/1/1)# mtu 1650 OS10(conf-if-eth1/1/2)# ip address 172.18.2.0/31 OS10(conf-if-eth1/1/2)# exit 8. Configure eBGP OS10(config)# router bgp 100 OS10(config-router-bgp-100)# router-id 172.18.0.1 OS10(config-router-bgp-100)# address-family ipv4 unicast OS10(configure-router-bgp-af)# redistribute connected OS10(configure-router-bgp-af)# exit 9. Configure eBGP for the IPv4 point-to-point peering OS10(config-router-bgp-100)# neighbor 172.18.1.
OS10(config-evpn-evi-10000)# rd 192.168.2.1:10000 OS10(config-evpn-evi-10000)# route-target 99:10000 import OS10(config-evpn-evi-10000)# route-target 100:10000 both OS10(config-evpn-evi-10000)#exit OS10(config-evpn)# evi 20000 OS10(config-evpn-evi-20000)# vni 20000 OS10(config-evpn-evi-20000)# rd 192.168.2.1:20000 OS10(config-evpn-evi-20000)# route-target 99:20000 import OS10(config-evpn-evi-20000)# route-target 100:20000 both OS10(config-evpn-evi-20000)#exit OS10(config-evpn)# 13.
Configure iBGP IPv4 peering between VLT peers OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 172.16.250.11 OS10(config-router-neighbor)# remote-as 100 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 14.
5.
OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 10. Configure a Loopback interface for BGP EVPN peering different from the VLT peer IP address OS10(config)# interface loopback1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 172.19.0.1/32 OS10(conf-if-lo-1)# exit 11. Configure BGP EVPN peering OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 172.201.0.
OS10(conf-vn-20000)# vlti-vlan 200 OS10(conf-vn-20000)# exit Configure a dedicated L3 underlay path to reach the VLT Peer in case of a network failure OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.
Configure routing on the virtual networks OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network10000 ip vrf forwarding tenant1 ip address 10.1.0.234/16 ip virtual-router address 10.1.0.
OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-101)# exit 4. Configure a Loopback interface for BGP EVPN peering OS10(config)# interface loopback1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 172.201.0.1/32 OS10(conf-if-lo-1)# exit 5. Configure BGP EVPN peer sessions OS10(config)# router bgp 101 OS10(conf-router-bgp-101)# neighbor 172.16.0.
OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(config)# interface OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(config)# interface OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# no switchport ip address 172.16.2.
OS10(conf-router-neighbor-af)# exit OS10(conf-router-bgp-102)# neighbor 172.17.0.
Inclusive Multicast : 192.168.2.1 IRB : Enabled(tenant1) EVI : 20000, State : up Bridge-Domain : Route-Distinguisher : Route-Targets : Inclusive Multicast : IRB : LEAF1# Virtual-Network 20000, VNI 20000 1:192.168.1.1:20000 0:99:10000 both, 0:100:10000 import 192.168.2.1 Enabled(tenant1) 3. Verify BGP EVPN neighborship between leaf and spine nodes LEAF1# show ip bgp l2vpn evpn summary BGP router identifier 172.16.0.1 local AS number 99 Neighbor AS MsgRcvd MsgSent Up/Down State/Pfx 172.201.0.
Example: VXLAN BGP EVPN — Centralized L3 gateway The following VXLAN with BGP EVPN example uses a centralized Layer 3 gateway to perform virtual-network routing. It is based on the sample configuration in Example: VXLAN BGP EVPN — Multiple AS topology. In the VXLAN BGP EVPN multiple AS topology, all VTEPs are configured to perform distributed L3 gateway routing, in which each VTEP routes VXLAN traffic. Routing decisions are made by ingress VTEPs.
Figure 15. VXLAN BGP EVPN with centralized L3 gateway NOTE: This centralized L3 gateway example for VXLAN BGP EVPN uses the same configuration steps as in Example: VXLAN BGP EVPN — Multiple AS topology. Configure each spine and leaf switch as in the Multiple AS topology example, except: • Because VTEPs 1 and 2 operate only in Layer 2 VXLAN mode, do not configure IP switching in the overlay network.
Create a tenant VRF OS10(config)# ip vrf tenant1 OS10(conf-vrf)# exit Configure an anycast gateway MAC address OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 Configure routing on the virtual networks OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network10000 ip vrf forwarding tenant1 ip address 10.1.0.233/16 ip virtual-router address 10.1.0.
networks. You can connect an egress virtual network to a VLAN in an external router, which connects to the external network. In the following example, VLT domain 1 is a VLT VTEP. VLT domain 2 is the border leaf VLT VTEP pair. All virtual networks in the data center network are configured in all VTEPs with virtual-network IP and anycast IP gateway addresses. Configure a dedicated virtual network for sending VXLAN traffic to an external network on all VTEPs.
NOTE: This border leaf gateway example for VXLAN BGP EVPN uses the same configuration steps as in Example: VXLAN BGP EVPN — Multiple AS topology. Configure each spine and leaf switch as in the Multiple AS topology example and add the following additional configuration steps on each VTEP. VTEP 1 Leaf Switch 14. Configure a dedicated VXLAN virtual network. OS10(config)# virtual-network 500 OS10(config-vn-500)# vxlan-vni 500 OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit 15.
17. Configure externally connected VLAN. OS10(conf)#interface vlan 200 OS10(conf-if-vlan)#ip address 10.10.0.1/16 OS10(conf-if-vlan)#no shutdown OS10(conf-if-vlan)#exit OS10(conf)#interface ethernet 1/1/7 switchport mode trunk switchport trunk allowed vlan 200 18. Configure a static route for outbound traffic sent to VLAN 200. OS10(config)#ip route 0.0.0.0/0 10.10.0.3 VTEP 4 Leaf Switch 14. Configure a dedicated VXLAN virtual network.
The NSX controller communicates with an OS10 VTEP using the OVSDB management protocol over a Secure Sockets Layer (SSL) connection. Establishing the communication between the controller and VTEP involves generating the SSL certificate at a VTEP and copying the certificate to the NSX controller. After SSL authentication, a secure connection over SSL is established between the controller and the VTEP. The VTEP then receives and processes the configuration data from the controller.
• • An OS10 switch does not send VXLAN access port statistics to the NSX controller. Controller-provisioned VXLAN is not supported on VTEPs configured as peers in a VLT domain. Only VTEPs in standalone mode are supported. Specify the controller reachability information In OS10 VTEP, the controller configuration command initializes a connection to an OVSDB-based controller. OS10 supports only one controller connection at a time. NOTE: Currently, the only supported OVSDB-based controller is NSX.
To view the controller information and the ports the controller manages, use the show nve controller command. OS10# show nve controller Management IP Gateway IP Max Backoff Configured Controller Controller Cluster IP 10.16.140.173 10.16.140.171 10.16.140.172 Port 6640 6640 6640 : : : : 10.16.140.29/16 55.55.5.5 1000 10.16.140.
To view established sessions, use the show bfd neighbors command. OS10# show bfd neighbors * - Active session role -----------------------------------------------------------------------------------------LocalAddr RemoteAddr Interface State RxInt TxInt Mult VRF Clients -----------------------------------------------------------------------------------------* 55.55.5.5 2.2.2.2 virtual-network0 up 1000 1000 3 default vxlan * 55.55.5.5 2.2.2.
68ROX0ILrtOz/2q5oUb/rpJd15KFFN3itT/xYBfZ1ZdLYd5F -----END CERTIFICATE----2. Create a VXLAN gateway in VMware vCenter console. This following steps configure the VXLAN gateway: a. b. c. d. e. Open a browser window, enter the vCenter IP address, and log in to VMware vCenter. Click Service Definitions from the left navigation pane. Click the Hardware Devices tab. Click the green + icon under Hardware Devices to add a device. The Add Hardware Device dialog window opens.
b. Click the green + icon under Logical Switches. The New Logical Switch dialog window opens. c. Enter a name and select Unicast as the replicate mode and click OK 4. Create a logical switch port that provides a logical connection point for a VM interface (VIF) and a L2 gateway connection to an external network. 5. (Optional) Enable or disable BFD globally. The following steps enable or disable BFD configuration in the controller. a. b. c. d. Click Service Definitions from the left navigation pane.
After you configure a VMware NSX controller on a server VM, connect to the controller from the VXLAN gateway switch. For more information about the NSX controller configuration in the VTEP, see Configure a connection to an OVSDB controller. For more information about NSX controller configuration, see the NSX User Guide from VMware. Example: VXLAN with a controller configuration This example shows a simple NSX controller and an hardware OS10 VTEP deployed in VXLAN environment.
• Configure the NSX controller in VMware vCenter. For more information about configuring the NSX controller using the GUI, see the Configure and control VXLAN from the VMware vCenter. You must configure an OS10 VTEP with the controller configuration so that the VTEP can communicate with the NSX controller. The NSX controller handles configurations and control plane operations in the VXLAN environment. VTEP 1 1. Configure the OSPF protocol in the underlay.
3. Create an NVE instance and configure a Loopback interface as the VXLAN source tunnel interface. OS10(config)# nve OS10(config-nve)# source-interface loopback 1 4. Specify the NSX controller reachability information. OS10(config-nve)# controller ovsdb OS10(config-nve-ovsdb)# ip 10.16.140.182 port 6640 ssl OS10(config-nve-ovsdb)# max-backoff 10000 OS10(config-nve-ovsdb)# exit 5. Assign interfaces to be managed by the controller.
13.0.0.3 13.0.0.2 Up Up To view the remote VTEP status, use the show nve remote-vtep command. OS10# show nve remote-vtep IP Address: 13.0.0.2, State: up, Encap: VxLAN VNI list: ,6000 IP Address: 13.0.0.3, State: up, Encap: VxLAN VNI list: ,6000 IP Address: 13.0.0.5, State: up, Encap: VxLAN VNI list: ,6000 IP Address: 202.0.0.1, State: up, Encap: Vxlan VNI list: 6000 VTEP 2 OS10# show nve controller Management IP Gateway IP Max Backoff Configured Controller Controller Cluster IP 10.16.140.182 10.16.140.
IP Adress: 200.0.0.1, VNI list: 6000 State: up, Encap: Vxlan VXLAN Controller commands controller ovsdb Changes the mode to CONFIGURATION-NVE-OVSDB from where you can configure the controller parameters. Syntax controller ovsdb Parameters None Default None Command mode CONFIGURATION-NVE Usage information The controller configuration initiates the OVSDB service on the OS10 switch. The no version of this command stops the OVSDB service.
Parameters interval—Enter the amount of time, in ms. This is the duration the switch waits between the connection attempts to the controller, from 1000 to 180000 ms. Default 8000 ms Command Mode CONFIGURATION-NVE-OVSDB Usage Information The no version of this command replaces the default maximum wait time configuration in the switch. Example Supported Releases OS10(config)# nve OS10(config-nve)# controller ovsdb OS10(config-nve-ovsdb)# max-backoff 40000 10.4.3.
show nve controller Displays information about the controller and the controller-managed interfaces. Syntax show nve controller Parameters None Default None Command mode EXEC Example OS10# show nve controller Management IP Gateway IP Max Backoff Configured Controller Controller Cluster IP Backoff 10.16.140.173 10.16.140.171 10.16.140.172 : : : : 10.16.140.29/16 55.55.5.5 1000 10.16.140.
Supported releases 10.4.3.0 or later show nve replicators Displays all the replicators and their states. Syntax show nve replicators [vnid vnid] Parameters None Default None Command mode EXEC Usage information When you specify the VNID, the output displays details about the service nodes available for the VNID. Example (without VNID) OS10# show nve replicators Codes: * - Active Replicator BFD Status:Enabled Replicators State ----------------------2.2.2.3 Up 2.2.2.
show ovsdb-tables mac-remote-ucast Displays information about remote MAC address entries including each MAC address, IP address, local switch name, and VNID. Syntax show ovsdb-tables mac-remote-ucast Parameters None Default None Command mode EXEC Usage information This command is available only for netadmin, sysadmin, and secadmin roles.
Command mode EXEC Usage information This command is available only for netadmin, sysadmin, and secadmin roles. Example Supported releases OS10# show ovsdb-tables tunnel Count : 2 Tunnel table _uuid bfd_config_local bfd_config_remote bfd_params bfd_status local remote ------------------------------------ -----------------------------------------------------------------------8025d953-acf5-4091-9fa2-75d41953b397 {bfd_dst_ip="55.55.5.5", bfd_dst_mac="00:23:20:00:00:01"} {bfd_dst_ip="2.2.2.
17 UFT modes A switch in a Layer 2 (L2) network may require a larger MAC address table size, while a switch in a Layer 3 (L3) network may require a larger routing table size. Unified forwarding table (UFT) offers the flexibility to configure internal L2/L3 forwarding table sizes. OS10 supports several UFT modes for the forwarding tables. By default, OS10 selects a UFT mode that provides a reasonable size for all tables.
Table 54. UFT Modes — Table Size for Z9264F-ON UFT Mode L2 MAC Table Size L3 Host Table Size L3 Routes Table Size Scaled-l2–switch 270336 8192 32768 Scaled-l3–hosts 8192 270336 32768 Scaled-l3–routes 8192 8192 262144 Default 139264 139264 32768 Table 55.
L3 Host Entries L3 Route Entries : : 147456 32768 212992 98304 View UFT information for all modes OS10# show hardware forwarding-table mode all Mode default scaled-l2 scaled-l3-routes L2 MAC Entries 163840 294912 32768 L3 Host Entries 147456 16384 16384 L3 Route Entries 32768 32768 131072 scaled-l3-hosts 98304 212992 98304 IPv6 extended prefix routes IPv6 addresses that contain prefix routes with mask between /64 to /128 are called as IPv6 extended prefix routes.
• • scaled-l3-routes — Enter the L3 routes table size. scaled-l3-hosts — Enter the L3 hosts table size. Defaults The default parameters vary according to the platform. See UFT modes. Command Mode CONFIGURATION Usage Information Configure the sizes of internal L2 and L3 forwarding tables for your requirements of the network environment. To apply the changes, reload the switch. The no version of this command resets the UFT mode to default.
show hardware forwarding-table mode all Displays table sizes for the hardware forwarding table modes. Syntax show hardware forwarding-table mode all Parameters None Defaults None Command Mode EXEC Usage Information None Example Supported Releases OS10# show hardware forwarding-table mode all Mode default scaled-l2 scaled-l3-routes hosts L2 MAC Entries 163840 294912 32768 L3 Host Entries 147456 16384 16384 L3 Route Entries 32768 32768 131072 scaled-l398304 212992 98304 10.3.
18 Security Authentication, authorization, and accounting (AAA) services secure networks against unauthorized access. In addition to local authentication, OS10 supports remote authentication dial-in user service (RADIUS) and terminal access controller access control system (TACACS+) client/server authentication systems. For RADIUS and TACACS+, an OS10 switch acts as a client and sends authentication requests to a server that contains all user authentication and network service access information.
aaa authentication login default group radius local aaa authentication login console local Remove AAA authentication methods OS10(config)# no aaa authentication login default OS10(config)# do show running-configuration aaa aaa authentication login default local aaa authentication login console local User re-authentication To prevent users from accessing resources and performing tasks that they are not authorized to perform, OS10 allows you to require users to re-authenticate by logging in again when an aut
Disable strong password check OS10(config)# password-attributes min-length 7 character-restriction upper 4 numeric 2 OS10(config)# username admin2 password 4newhire4 role sysadmin %Error: Password fail: it does not contain enough DIFFERENT characters OS10(config)# enable password 0 4newhire4 priv-lvl 5 %Error: Password it does not contain enough DIFFERENT characters.
OS10(config)# show running-configuration users username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/ VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH role sysadmin priv-lvl 15 username test1 password $6$rounds=656000$50vutEWA9w3ImvF.$2pSDnaINYTKCQ6WAlJqeabiFQNRvUgui3. 6vR2e.L/D7DBwnV0QtY.KtOBTZAIDDT5.AFWxQHVgs2/V3jC3yG1 role sysadmin priv-lvl 15 OS10(config)# show running-configuration radius-server radius-server host 10.2.2.
Bootloader protection To prevent unauthorised users with malicious intent from accessing your switch, protect the bootloader using a GRUB password. OS10 allows you to enable, disable, and view bootloader protection. This feature is available only for the sysadmin and secadmin roles. WARNING: When you enable bootloader protection, keep a copy of a configured user name and password. You cannot access the switch without configured credentials. • Enable bootloader protection in EXEC mode.
$6$5DdOHYg5$JCE1vMSmkQOrbh31U74PIPv7lyOgRmba1IxhkYibppMXs1KM4Y.gbTPcxyMP/PHUkMc5rdk/ ZLv9Sfv3ALtB61 Disable linuxadmin user To disable or lock the linuxadmin user, use the system-user linuxadmin disable command in CONFIGURATION mode. OS10(config)# system-user linuxadmin disable To re-enable or unlock the linuxadmin user, use the no system-user linuxadmin disable command in CONFIGURATION mode.
RADIUS authentication To configure a RADIUS server for authentication, enter the server IP address or host name, and the key used to authenticate the OS10 switch on a RADIUS host. You can enter the authentication key in plain text or encrypted format. You can change the User Datagram Protocol (UDP) port number on the server. • Configure a RADIUS authentication server in CONFIGURATION mode. By default, a RADIUS server uses UDP port 1812.
Configure RADIUS server for non-default VRFs OS10(config)# ip vrf blue OS10(conf-vrf)# exit OS10(config)# radius-server vrf blue View RADIUS server configuration OS10# show running-configuration ... radius-server host 1.2.4.5 key 9 3a95c26b2a5b96a6b80036839f296babe03560f4b0b7220d6454b3e71bdfc59b radius-server retransmit 10 radius-server timeout 10 ip radius source-interface mgmt 1/1/1 ... Delete RADIUS server OS10# no radius-server host 1.2.4.
TACACS+ authentication Configure a TACACS+ authentication server by entering the server IP address or host name. You must also enter a text string for the key used to authenticate the OS10 switch on a TACACS+ host. The Transmission Control Protocol (TCP) port entry is optional. TACACS+ provides greater data security by encrypting the entire protocol portion in a packet sent from the switch to an authentication server. RADIUS encrypts only passwords.
Delete TACACS+ server OS10# no tacacs-server host 1.2.4.5 Unknown user role When a RADIUS or TACACS+ server authenticates a user, it may return an unknown user role, or the role may be missing. In these cases, OS10 assigns the netoperator role and associated permissions to the user by default. You can reconfigure the default assigned role. In addition, you can configure an unknown RADIUS or TACACS+ user-role name to inherit the permissions of an existing OS10 systemdefined role.
• Configure the maximum number of authentication attempts using the ip ssh server max-auth-tries number command, from 0 to 10; default 6. To reset the default, use the no ip ssh server max-auth-tries command. The max-auth-tries value includes all authentication attempts, including public-key and password. If you enable both, public-key based authentication and password authentication, the public-key authentication is the default and is tried first.
Restrict SNMP access To filter SNMP requests on the switch, assign access lists to an SNMP community. Both IPv4 and IPv6 access lists are supported. 1. Create access lists with permit or deny filters; for example: OS10(config)# ip access-list snmp-read-only-acl OS10(config-ipv4-acl)# permit ip 172.16.0.0 255.255.0.0 any OS10(config-ipv4-acl)# exit OS10(config)# 2. Apply ACLs to an SNMP community in CONFIGURATION mode.
Configure user lockout OS10(config)# password-attributes max-retry 4 lockout period 360 Limit concurrent login sessions To avoid an unlimited number of active sessions on a switch for the same user ID, limit the number of console and remote connections. Log in from a console connection by cabling a terminal emulator to the console serial port on the switch. Log in to the switch remotely through a virtual terminal line, such as Telnet and SSH.
Enable login statistics OS10(config)# login-statistics enable To disable login statistics, use the no login-statistics enable command. Privilege levels Controlling terminal access to a switch is one method of securing the device and network. To increase security, you can limit user access to a subset of commands using privilege levels. Configure privilege levels, add commands to them, and restrict access to the command line with passwords.
• role role — Enter a user role: • • sysadmin — Full access to all commands in the system, exclusive access to commands that manipulate the file system, and access to the system shell. A system administrator can create user IDs and user roles. • secadmin — Full access to configuration commands that set security policy and system access, such as password strength, AAA authorization, and cryptographic keys.
• • sha-256 — Encrypt the password using the SHA-256 algorithm. • sha-512 — Encrypt the password using the SHA-512 algorithm. priv-lvl privilege-level — Enter a privilege level, from 1 to 15.
admin on console used cmd: 'exit' - success <110>1 2019-02-14T13:15:21.794529+00:00 OS10 .clish 7412 - - Node.1-Unit.1:PRI [audit], User admin on console used cmd: 'exit' - success <110>1 2019-02-14T13:15:16.331515+00:00 OS10 .clish 7412 - - Node.1-Unit.1:PRI [audit], User admin on console used cmd: 'crypto security-profile mltestprofile' - success <14>1 2019-02-14T13:15:06.283337+00:00 OS10 audispd - - - Node.1-Unit.1:PRI [audit], Dell EMC (OS10) node=OS10 type=USER_END msg=audit(1550150106.
Default Local authentication Command Mode CONFIGURATION Usage Information NOTE: If you configure multiple authentication methods on Dell EMC PowerEdge MX7000 Ethernet modules such as MX9116n Fabric Switching Engine and MX5108n Ethernet Switch, operating in SmartFabric mode, you must configure local authentication as the first method in the list. Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.1.0. Also supported in SmartFabric mode starting in release 10.5.0.
Default Disabled Command Mode EXEC Usage Information You can disable bootloader protection for each individual user. Example Supported Releases OS10# boot protect disable username root 10.4.3.0 or later boot protect enable username password Allows you to enable bootloader protection. Syntax boot protect enable username username password password Parameters • • Default Disabled Command Mode EXEC username — Enter the username to provide access to bootloader protection.
Default The SSH server uses default public key lengths for client authentication: • • • Command Mode RSA key: 2048 bits ECDSA key : 256 bits Ed25519 key: 256 bits EXEC Usage Information If necessary, you can regenerate the public keys used by the SSH server with a customized bit size. You cannot change the default size of the Ed25519 key. The crypto ssh-key generate command is available only to the sysadmin and secadmin roles.
Example OS10# enable OS10# enable 10 Supported Releases 10.4.3.0 or later enable password priv-lvl Sets a password for a privilege level. Syntax enable password encryption-type password-string priv-lvl privilege-level Parameters • encryption-type — Enter the type of password encryption: • • 0 — Use an unencrypted password. • sha-256 — Use a SHA-256 encrypted password. • sha-512 — Use a SHA-512 encrypted password. priv-lvl privilege-level — Enter a privilege number from 1 to 15.
Supported Releases 10.4.0E(R1) or later ip radius source-interface Specifies the interface whose IP address is used as the source IP address for user authentication with a RADIUS server. Syntax ip radius source-interface interface Parameters interface: • • • • • ethernet node/slot/port[:subport] — Enter a physical Ethernet interface. loopback number — Enter a Loopback interface, from 0 to 16383. mgmt 1/1/1 — Enter the management interface.
Parameters access-list-name — Enter the access list name. Default Not configured Command Mode LINE VTY CONFIGURATION Usage Information The no version of this command removes the filter. Example Supported Releases OS10(config)# line vty OS10(config-line-vty)# ipv6 access-class permit10 10.4.0E(R1) or later ip ssh server challenge-response-authentication Enables challenge response authentication in the SSH server.
• • Command Mode aes256-gcm@openssh.com chacha20-poly1305@opens CONFIGURATION Usage Information Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0E(R3S). Also supported in SmartFabric mode starting in release 10.5.0.1. The no version of this command removes the configuration. Example Supported Releases OS10(config)# ip ssh server cipher 3des-cbc aes128-cbc 10.3.0E or later ip ssh server enable Enables the SSH server.
Parameters key-exchange-algorithm — Enter the supported key exchange algorithms separated by a blank space.
• • • • • • • • • Command Mode hmac-sha2-256 hmac-sha2-512 umac-64@openssh.com umac-128@openssh.com hmac-sha1-etm@openssh.com hmac-sha2-256-etm@openssh.com hmac-sha2-512-etm@openssh.com umac-64-etm@openssh.com umac-128-etm@openssh.com CONFIGURATION Usage Information Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0E(R3S). Also supported in SmartFabric mode starting in release 10.5.0.1. The no version of this command removes the configuration.
Supported Releases 10.3.0E or later ip ssh server pubkey-authentication Enables public key authentication for the SSH server. Syntax ip ssh server pubkey-authentication Parameters None Default Enabled Command Mode CONFIGURATION Usage Information Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0E(R3S). Also supported in SmartFabric mode starting in release 10.5.0.1. The no version of this command disables the public key authentication.
Supported Releases 10.4.0E(R1) or later logging audit enable Enables recording of configuration and security event in the audit log. Syntax logging audit enable Parameters None Defaults Not configured Command Mode CONFIGURATION Usage Information Audit log entries are saved locally and sent to configured Syslog servers. Only the sysadmin and secadmin roles can enable the audit log. The no version of the command disables audit log recording.
Example Supported Releases OS10(config)# login-statistics enable 10.4.0E(R1) or later mac address-table static Configures a static entry for the L2 MAC address table. Syntax mac address-table static mac-address vlan vlan-id interface {ethernet node/ slot/port[:subport] | port-channel number} Parameters • • • mac-address — Enter the MAC address to add to the table in nn:nn:nn:nn:nn:nn format. vlan vlan-id — Enter the VLAN to apply the static MAC address to, from 1 to 4093.
Command Mode EXEC Usage Information By default, the password you configure with the username password command must be at least nine alphanumeric characters. Use this command to increase password strength. When you enter the command, at least one parameter is required. When you enter the character-restriction parameter, at least one option is required. To reset parameters to their default values, use the no password-attributes command.
• • • route-map — Accesses route-map mode. • router — Accesses router-bgp and router-ospf modes. • line — Accesses line-vty mode. priv-lvl privilege-level — Enter the number of a privilege level, from 2 to 14. command-string — Enter the commands supported at the privilege level. Defaults Not configured Command Mode CONFIGURATION Usage Information For users assigned to sysadmin, netadmin, and secadmin roles, you cannot configure a privilege level less than 2.
radius-server host tls Configures a RADIUS server for RADIUS over TLS user authentication and secure communication. For RADIUS over TLS authentication, the radsec shared key and a security profile that uses an X.509v3 certificate are required. Syntax radius-server host {hostname | ip-address} tls security-profile profile-name [auth-port tcp-port-number] key {0 authentication-key | 9 authentication-key | authentication-key} Parameters • • • • • • • • hostname — Enter the host name of the RADIUS server.
Example Supported Releases OS10(config)# radius-server retransmit 50 10.2.0E or later radius-server timeout Configures the timeout used to resend RADIUS authentication requests. Syntax radius-server timeout seconds Parameters seconds — Enter the time in seconds for retransmission, from 0 to 1000. Default An OS10 switch stops sending RADIUS authentication requests after five seconds.
Command Mode CONFIGURATION Usage Information Use service obscure-password command so that the text characters of passwords are not displayed in show command output. The command obscures the passwords that you configure for user names, NTP, BGP, SNMP, RADIUS servers, and TACACS+ servers. To disable the obscure passwords function, use the no service obscure-password command. Example Supported Releases OS10(config)# service obscure-password 10.5.
show crypto ssh-key Displays the current host public keys used in SSH authentication. Syntax show crypto ssh-key {rsa | ecdsa | ed25119} Parameters • • • Default Not configured Command Mode EXEC rsa — Displays the RSA public key. ecdsa — Displays the ECDSA public key. ed25519 — Displays the Ed25519 key. Usage Information After you regenerate an SSH server key with a customized bit size, disable and re-enable the SSH server to use the new public keys.
Supported Releases 10.3.0E or later show mac address-table count Displays the number of entries in the MAC address table. Syntax show mac address-table count [interface {ethernet slot/port:subport | portchannel number | vlan vlan-id}] Parameters • interface — Displays the interface type: • ethernet node/slot/port[:subport] — Displays the Ethernet interface configuration from the address table.
<110>1 2019-02-14T13:16:05.882555+00:00 OS10 .clish 7412 - - Node.1-Unit.1:PRI [audit], User admin on console used cmd: 'exit' - success <110>1 2019-02-14T13:15:21.794529+00:00 OS10 .clish 7412 - - Node.1-Unit.1:PRI [audit], User admin on console used cmd: 'exit' - success <110>1 2019-02-14T13:15:16.331515+00:00 OS10 .clish 7412 - - Node.1-Unit.1:PRI [audit], User admin on console used cmd: 'crypto security-profile mltestprofile' - success <14>1 2019-02-14T13:15:06.283337+00:00 OS10 audispd - - - Node.
Defaults Not configured Command Mode EXEC Example Supported Releases OS10# show privilege Current privilege level is 15. 10.4.3.0 or later show running-configuration privilege Displays the configured privilege levels of all users.
Usage Information Use this command to disable and lock the linuxadmin user. The no version of the command enables and unlocks the linuxadmin user. Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.3.0. Also supported in SmartFabric mode starting in release 10.5.0.1. Example OS10(config)# system-user linuxadmin disable OS10(config)# no system-user linuxadmin disable Supported Releases 10.4.3.
tacacs-server timeout command. By default, OS10 times out an authentication attempt on a TACACS+ server after five seconds. Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0E(R3S). Also supported in SmartFabric mode starting in release 10.5.0.1. The no version of this command removes a TACACS+ server configuration. Example Supported Releases OS10(config)# tacacs-server host 1.5.6.4 key secret1 10.4.
username password role Creates an authentication entry based on a user name and password, and assigns a role to the user. Syntax username username password password role role [priv-lvl privilege-level] Parameters • • • username username—Enter a text string. A maximum of 32 alphanumeric characters; one character minimum. password password—Enter a text string. A maximum of 32 alphanumeric characters; nine characters minimum. Password prefixes $1$, $5$, and$6$ are not supported in clear-text passwords.
Parameters • • username — Enter the user name of the remote client. This value is the user name configured with the username password role command. sshkey-string — Enter the text string used as the public key by a remote client device to log on to the OS10 switch. If sshkey-string contains a blank space, enclose the string in double quotes ("). Default The default SSH server keys are an RSA key generated using 2048 bits, an ECDSA key with 256 bits, and an Ed2559 key with 256 bits.
NOTE: Entering the command when an SSH key file is not present has no effect and results in a silent failure. SSH password-less login is not enabled. Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.1.0. Also supported in SmartFabric mode starting in release 10.5.0.1. The no version of the command removes the SSH password-less configuration for the specified user name. Example OS10(config)# username user10 sshkey filename /test_file.
Supported Releases 10.4.0E(R3P3) or later X.509v3 certificates OS10 supports X.509v3 certificates to secure communications between the switch and a host, such as a RADIUS server. Both the switch and the server exchange a public key in a signed X.509v3 certificate issued by a certificate authority (CA) to authenticate each other. The certificate authority uses its private key to sign the switch and host certificates.
When an organization wants to assure customers that the connection to their network is secure, it may pay a commercial Certificate Authority, such as VeriSign or DigiCert, to sign a certificate for their domain. However, to implement an X.509v3 infrastructure, you can act as your own CA. While acting as your own CA, you can set up CAs to issue certificates to hosts in the same trusted domain to authenticate each other. X.509v3 public key infrastructure To set up a PKI using X.
CommonName = Dell_rootCA1 IssuerName = Dell_rootCA1 Display CA server certificate OS10# show crypto ca-certs -------------------------------------| Locally installed certificates | -------------------------------------Dell_rootCA1.crt OS10# show crypto ca-certs Dell_rootCA1.
X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign Signature Algorithm: sha256WithRSAEncryption 8e:0c:50:18:5f:db:cc:80:5c:6e:ce:43:29:32:2e:0b:70:96: db:e8:23:c9:15:a2:99:72:d6:01:c9:61:8e:ed:8d:f8:4d:2f: 99:57:bf:52:1f:4a:5b:7b:ff:24:23:5f:eb:3e:e8:8e:0c:d4: 94:0f:20:a7:e3:3b:18:e9:76:06:5a:ae:65:38:d4:3a:98:d6: 0b:73:5b:b5:8e:4c:b5:74:02:9a:9d:9a:7d:7a:18:2f:32:38: 9e:0e:7b:de:15:3c:f1:33:e8:2d:3f:92:f0:f2:4e:7a:7f:e2: a5:2e:04:3a:2f:3b:1b:05:71:39:70:6d:a4:6e:8f:25:31:0e: 2c:8a:7e:
2. Install CRLs that have been downloaded from CDPs in EXEC mode. crypto crl install crl-path [crl-filename] Display a list of the CRLs installed on the switch in EXEC mode. show crypto crl [crl-filename] To delete a manually installed CRL that was configured with the crypto crl install command, use the crypto crl delete [crl-filename] command. To enable CRL checking on the switch, see Security profiles. Example: Configure CDP OS10# crypto cdp add cert1_cdp http://crl.chambersign.org/chambersignroot.
• Create a private key and a CSR in EXEC mode. Store the CSR file in the home directory or flash: so that you can later copy it to a CA server. Specify a keypath to store the device.key file in a secure persistent location, such as the home directory, or use the private option to store the key file in a private hidden location in the internal file system that is not visible to users.
• • password passphrase specifies the password used to decrypt the private key if it was generated using a password. fips installs the certificate-key pair as FIPS-compliant. Enter fips to install a certificate-key pair that is used by a FIPS-aware application, such as RADIUS over TLS. If you do not enter fips, the certificate-key pair is stored as a non-FIPS-compliant pair. NOTE: You determine if the certificate-key pair is generated as FIPS-compliant.
Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, ST = California, O = Dell EMC, OU = Networking, CN = Dell_interCA1 Validity Not Before: Jul 25 19:11:19 2018 GMT Not After : Jul 22 19:11:19 2028 GMT Subject: C = US, ST = California, L = Santa Clara, O = Dell EMC, OU = Networking, CN = Dell_host1_CA1 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:e7:81:4b:4a:12:8d:ce:88:e6:73:3f:da:19:03: c6:56:01:19:b2:02:61:3f:5b:1e:33:28:a1:ed:e3: 85:bc:56:fb:18
If you enter the cert-file option, you must enter all the required parameters, including the local path where the certificate and private key are stored. If you do specify the cert-file option, you are prompted to enter the other parameter values for the certificate interactively; for example: You are about to be asked to enter information that will be incorporated in your certificate request. What you are about to enter is what is called a Distinguished Name or a DN.
-------------------------------------| Installed FIPS certificates | -------------------------------------OS10# show crypto cert DellHost.pem ------------ Non FIPS certificate ----------------Certificate: Data: Version: 3 (0x2) Serial Number: 245 (0xf5) Signature Algorithm: sha256WithRSAEncryption Issuer: emailAddress = admin@dell.com Validity Not Before: Feb 11 20:10:12 2019 GMT Not After : Feb 11 20:10:12 2020 GMT Subject: emailAddress = admin@dell.
3. (Optional) Enable CRL checking for certificates received from external devices in SECURITY-PROFILE mode. CRL checking verifies the validity of a certificate using the CRLs installed on the switch. revocation-check 4. (Optional) Enable peer name checking for certificates presented by external devices in SECURITY-PROFILE mode. Peer name checking ensures that the certificate matches the name of the peer device, such as a remote server name. peer-name-check 5. Use the security profile to configure X.
• Request and install host certificates. When you replace the default certificate-key pair for cluster applications, ensure that all devices in the cluster use the same custom certificate-key pair or a unique certificate-key pair issued by the same CA. CAUTION: While you replace the default certificate-key pair, cluster devices temporarily lose their secure channel connectivity. Dell EMC Networking recommends that you change the cluster security configuration during a maintenance time.
X.509v3 commands certificate Configures a certificate and private key pair in an application-specific security profile. Syntax certificate certificate-name Parameters certificate-name — Enter the name of the certificate-key pair as it appears in the show crypto certs output without the .pem extension. Default Not configured Command mode SEC-PROFILE Usage information Use the certificate command to associate a certificate and private key with a security profile.
Command mode EXEC Usage information To display the currently installed CA certificates, use the show crypto ca-certs command. Example OS10# crypto ca-cert delete Amazon_Root_CA.crt Successfully removed certificate OS10# crypto ca-cert delete all Proceed to delete all installed CA certificates? [confirm yes/ no(default)]:yes Supported releases 10.4.3.0 or later crypto ca-cert install Installs a certificate from a Certificate Authority that is copied to the switch.
crypto cdp delete Deletes a certificate distribution point from the trust store on the switch. Syntax crypto cdp delete crl-filename Parameters • Default Not configured Command Mode EXEC cdp-name — Enter a CDP name. Usage Information Before you delete a CDP, use the show crypto cdp command to display a list of all CDPs installed on the switch. Example Supported Releases OS10# crypto cdpl delete Comsign 10.5.
• • • • • • • • • • • key-file {key-path | private} — Enter the local path where the downloaded or locally generated private key is stored. If the key was downloaded to a remote server, enter the server path using a secure method, such as HTTPS, SCP, or SFTP. Enter private to store the key in a local hidden location. country 2-letter-code — (OPTIONAL) Enter the two-letter code that identifies the country. state state — Enter the name of the state. locality city — Enter the name of the city.
Successfully created certificate file /home/admin/cert2.pem and key Supported releases 10.4.3.0 or later crypto cert install Installs a host certificate and private key on the switch. A host certificate may be trusted from a CA or self-signed. Syntax crypto cert install cert-file cert-path key-file {key-path | private} [password passphrase] [fips] Parameters • • • • cert-file cert-path — Enter the local path to where the downloaded certificate is stored.
Command Mode EXEC Usage Information The crypto crl delete command deletes only manually installed CRLs. Before you delete a CRL, use the show crypto crl command to display a list of all CRLs installed on the switch. Example Supported Releases OS10# crypto crl delete COMODO_Certification_Authority.0.crl.pem 10.5.0 or later crypto crl install Installs the Certificate Revocation List files that you copied to the switch.
If you enable FIPS using the crypto fips enable command, RADIUS over TLS operates in FIPS mode. In FIPS mode, RADIUS over TLS requires that a FIPS-compliant certificate and key pair are installed on the switch. Example Supported releases OS10# crypto fips enable 10.4.3.0 or later crypto security-profile Creates an application-specific security profile. Syntax crypto security-profile profile-name Parameters profile-name — Enter the name of the security profile; a maximum of 32 characters.
Usage information Use the revocation-check command to enable the verification of certificates presented by external devices for a PKI-enablled application on the switch. Use the show crypto crl command to display the CRLs installed on the switch and used to ensure the validity and trustworthiness of certificates from external devices. The no version of the command disables CRL checking in a security profile.
0d:36:ff:cb:72:04:63:d1:df:48:59:d3:e9:51:e1: cb:2a:61:20:ee:31:25:51:68:0e:be:98:c3:22:98: 29:f9:13:03:c4:2d:bb:4a:d2:cf:7d:00:f9:4c:2e: 46:70:e3:ab:e7:3c:91:b0:c9:f7:48:89:ea:e7:df: 4f:f4:f5:fc:3a:17:dc:f8:8c:48:e5:aa:03:84:d7: 20:7b:55:2e:73:63:85:1c:97:a1:bb:96:95:a1:d3: ae:0c:7a:ae:02:3c:2c:07:b6:9b:c5:97:69:fa:88: bd:ec:8b:88:b3:90:e3:dc:aa:98:15:c6:91:99:a4: Supported releases 10.4.3.0 or later show crypto cdp Displays a list of configured certificate distribution points (CDPs).
| Installed non-FIPS certificates | -------------------------------------Dell_host1_CA1.pem -------------------------------------| Installed FIPS certificates | -------------------------------------OS10# show crypto cert Dell_host1_CA1.
Command Mode EXEC Usage Information Use the show crypto crl command to verify the CRLs installed on the switch. In the show output: • • Example Manually installed CRLs are installed using the crypto crl install command. Downloaded CRLs are automatically installed from a configured CDP or when you install a CA certificate with a specified CDP. OS10# show crypto crl -------------------------------------| Manually installed CRLs | -------------------------------------COMODO_Certification_Authority.0.crl.
CommonName = GeoTrust Universal CA IssuerName = GeoTrust Universal CA 2. Generate a CSR, copy the CSR to a CA server, download the signed certificate, and install the host certificate. OS10# crypto cert generate request cert-file home://s4048-001-csr.pem key-file home://tsr6-key.pem cname "Top of Rack 6" altname "IP:10.0.0.6 DNS:tor6.dell.com" email admin@dell.com organization "Dell EMC" orgunit Networking locality "santa Clara" state California country US length 1024 Processing certificate ...
19 OpenFlow Switches implement the control plane and data plane in the same hardware. Software-defined network (SDN) decouples the software (control plane) from the hardware (data plane). A centralized SDN controller handles the control plane traffic and hardware configuration for data plane flows. The SDN controller is the "brain" of an SDN.
OpenFlow logical switch instance In OpenFlow-only mode, you can configure only one logical switch instance. After you enable OpenFlow mode, create a logical switch instance. The logical switch instance is disabled by default. When the logical switch instance is enabled, the OpenFlow application starts the connection with the configured controller. When you create an OpenFlow logical switch instance, all the physical interfaces are automatically added to it.
Table 59. Supported fields Fields Support match_fields Supported priority Supported counters Supported instructions Supported timeouts Supported cookie Not supported Group table Not supported Meter table Not supported Instructions Each flow entry contains a set of instructions that execute when a packet matches the entry. Table 60.
Action set Support output Supported Action types An action type associates with each packet. Table 62. Supported action types Action type Support Output Supported Set-queue Not supported Drop Supported Group Not supported Push-tag/Pop-tag Not supported Set-field Partially supported • • • • • change-TTL Source MAC—Supported Destination MAC—Supported VLAN ID—Supported VLAN PCP—Supported IP DSCP—Supported Not supported Counters Counters are used for statistical purposes. Table 63.
Required/Optional Counter Bits Support Optional Transmit errors 64 Supported Optional Receive frame alignment errors 64 Not supported Optional Receive overrun errors 64 Not supported Optional Receive CRC errors 64 Supported Optional Collisions 64 Supported Required Duration (seconds) 32 Not supported Optional Duration (nanoseconds) 32 Not supported Required Transmit packets 64 Not supported Optional Transmit bytes 64 Not supported Optional Transmit overrun errors 64
Table 64. Supported controller-to-switch types Controller-to-switch types Supported/Not supported Feature request Supported Configuration get Supported Configuration set Supported Modify-state Supported Read-state Supported Packet-out Supported Barrier Supported Role-request Supported Asynchronous Table 65. Supported asynchronous types Asynchronous types Supported/Not supported Packet-in Supported Flow-removed Supported Port-status Supported Error Supported Symmetric Table 66.
Flow table modification messages Table 68. Supported messages Flow table modification messages Supported/Not supported OFPFC_ADD=0 Supported OFPFC_MODIFY=1 Supported OFPFC_MODIFY_STRICT=2 Supported OFPFC_DELETE=3 Supported OFCPC_DELETE_STRICT=4 Supported Message types Table 69.
Message Type Meters and rate limiters configuration messages Message Support OFPT_GET_ASYNC_REPLY=27 Not supported OFPT_SET_ASYNC=28 Not supported OFPT_METER_MOD=29 Not supported Flow match fields Table 70.
Flow match fields Supported/Not supported OFPXMT_OFB_ARP_THA = 25 Not supported OFPXMT_OFB_IPV6_SRC = 26 Not supported OFPXMT_OFB_IPV6_DST = 27 Not supported OFPXMT_OFB_IPV6_FLABEL = 28 Not supported OFPXMT_OFB_ICMPV6_TYPE = 29 Not supported OFPXMT_OFB_ICMPV6_CODE = 30 Not supported OFPXMT_OFB_IPV6_ND_TARGET = 31 Not supported OFPXMT_OFB_IPV6_ND_SLL = 32 Not supported OFPXMT_OFB_IPV6_ND_TLL = 33 Not supported OFPXMT_OFB_MPLS_LABEL = 34 Not supported OFPXMT_OFB_MPLS_TC = 35 Not support
Action structures Supported/Not supported OFPAT_SET_FIELD = 25 Supported OFPAT_PUSH_PBB = 26 Not supported OFPAT_POP_PBB = 27 Not supported Capabilities supported by the data path Table 72.
Message type description Request/Reply Body Message Support Group counter statistics • The request body is struct ofp_group_stats_request The reply is an array of struct ofp_group_stats OFPMP_GROUP = 6 Not supported Not supported • Group description • • The request body is empty The reply body is an array of struct ofp_group_desc_stats OFPMP_GROUP_DESC = 7 Group features • • The request body is empty The reply body is struct ofp_group_features OFPMP_GROUP_FEATURES = Not supported 8 Meter s
Property type Table 75.
Packet-in reasons Supported/Not supported OFPR_ACTION = 1 Supported OFPR_INVALID_TTL = 2 Not supported Flow-removed reasons Table 79. Supported reasons Flow-removed reasons Supported/Not supported OFPRR_IDLE_TIMEOUT = 0 Supported OFPRR_HARD_TIMEOUT = 1 Supported OFPRR_DELETE = 2 Supported OFPRR_GROUP_DELETE = 3 Not supported Error types from switch to controller Table 80.
Error types Supported/Not supported OFPBRC_BAD_EXP_TYPE = 4 Not supported OFPBRC_EPERM = 5 Not supported OFPBRC_BAD_LEN = 6 Supported OFPBRC_BUFFER_EMPTY = 7 Not supported OFPBRC_BUFFER_UNKNOWN = 8 Not supported OFPBRC_BAD_TABLE_ID = 9 Supported OFPBRC_IS_SLAVE = 10 Not supported OFPBRC_BAD_PORT = 11 Supported OFPBRC_BAD_PACKET = 12 Not supported OFPBRC_MULTIPART_BUFFER_OVERFLOW = 13 Not supported Bad action code OFPBAC_BAD_TYPE = 0 Supported OFPBAC_BAD_LEN = 1 Supported OFPBAC_BAD
Error types Supported/Not supported OFPBIC_UNSUP_METADATA = 3 Not supported OFPBIC_UNSUP_METADATA_MASK = 4 Not supported OFPBIC_BAD_EXPERIMENTER = 5 Not supported OFPBIC_BAD_EXP_TYPE = 6 Not supported OFPBIC_BAD_LEN = 7 Not supported OFPBIC_EPERM = 8 Not supported Bad match code OFPBMC_BAD_TYPE = 0 Not supported OFPBMC_BAD_LEN = 1 Not supported OFPBMC_BAD_TAG = 2 Not supported OFPBMC_BAD_DL_ADDR_MASK = 3 Not supported OFPBMC_BAD_NW_ADDR_MASK = 4 Not supported OFPBMC_BAD_WILDCARDS = 5
Error types Supported/Not supported OFPGMFC_INVALID_GROUP = 1 Not supported OFPGMFC_WEIGHT_UNSUPPORTED = 2 Not supported OFPGMFC_OUT_OF_GROUPS = 3 Not supported OFPGMFC_OUT_OF_BUCKETS = 4 Not supported OFPGMFC_CHAINING_UNSUPPORTED = 5 Not supported OFPGMFC_WATCH_UNSUPPORTED = 6 Not supported OFPGMFC_LOOP = 7 Not supported OFPGMFC_UNKNOWN_GROUP = 8 Not supported OFPGMFC_CHAINED_GROUP = 9 Not supported OFPGMFC_BAD_TYPE = 10 Not supported OFPGMFC_BAD_COMMAND = 11 Not supported OFPGMFC_B
Error types Supported/Not supported OFPSCFC_BAD_LEN = 1 Not supported OFPSCFC_EPERM = 2 Not supported Role request failed code OFPRRFC_STALE = 0 Not supported OFPRRFC_UNSUP = 1 Not supported OFPRRFC_BAD_ROLE = 2 Not supported Table features failed code OFPTFFC_BAD_TABLE = 0 Supported OFPTFFC_BAD_METADATA = 1 Not supported OFPTFFC_BAD_TYPE = 2 Not supported OFPTFFC_BAD_LEN = 3 Not supported OFPTFFC_BAD_ARGUMENT = 4 Not supported OFPTFFC_EPERM = 5 Not supported OpenFlow use cases OS10
The following lists the minimum configuration you need to establish a connection between the OpenFlow controller and a logical switch instance: 1. Enter the OPENFLOW configuration mode. OS10# configure terminal OS10 (config)# openflow OS10 (config-openflow)# 2. Enable the OpenFlow-only mode. OS10 (config-openflow)# mode openflow-only Reload the switch. Enter yes to enable OpenFlow-only mode. NOTE: When the switch starts up in OpenFlow mode, it disables all Layer 2 (L2) and Layer 3 (L3) protocols.
OS10 (config-openflow-switch)# controller ipv6 2025::1 port 6633 OS10 (config-openflow-switch)# controller ipv6 2025::12 port 6633 where IP or IPv6 address is of the controller and port 6633 is for OpenFlow communication. 5. Enter the no shutdown command to enable the logical switch instance. OS10 (config-openflow-switch) no shutdown Establish TLS connection • • Generate the switch and controller certificates from a server that supports public-key infrastructure (PKI).
Usage Information You can configure up to eight OpenFlow controllers. If you specify the security tls option, the OpenFlow application looks for the following certificates and private key in the following locations specified for certificate-based authentication. For information about obtaining certificates and installing them on the switch and the controller, see Establish TLS connection between the switch and the controller. ca_cert /config/etc/opt/dell/os10/openflow/cacert.
most significant 16 bits (default to 0) and the DPID-MAC-ADDRESS, which is the least significant 48 bits. OS10 currently supports only one logical switch instance and the instance ID is automatically set to 0. This value is not configurable. You can use this command to modify the MAC address bits of the DPID. Example DPID MAC address is 00:00:00:00:00:0a.
OS10 (config-openflow)# switch of-switch-1 OS10 (config-openflow-switch)# max-backoff 25 OS10 (config-openflow-switch)# Supported Releases 10.4.1.0 or later mode openflow-only Enables OpenFlow-only mode on the switch. Syntax mode openflow-only Parameters None Default None Command Mode OPENFLOW CONFIGURATION Usage Information Use this command to enable OpenFlow-only mode. This command reloads the switch and boots to OpenFlow-only mode. This command deletes all L2 and L3 configurations.
probe-interval Configures the echo request interval, in seconds, for the controller configured with the logical switch instance. Syntax probe-interval interval Parameters interval—Enter the amount of time, in seconds, between the keepalive messages, also known as echo requests, from 1 to 65,535.
rate-limit packet_in Configures the maximum packet rate for the controller connection, and the maximum packets permitted in a burst sent to the controller in a second. Syntax rate-limit packet_in controller-packet-rate [burst maximum-packets-tocontroller] Parameters • • controller-packet-rate—Rate in packets per second for the controller OpenFlow channel connection, from 100 to 268000000 seconds. The default is 0 seconds, disabled.
Layer-1 : in-port Layer-2 : eth-src, eth-dst, eth-type, vlan-id, vlan-pcp Layer-3 : ipv4-src, ipv4-dst, ip-protocol, ip-dscp, ip-ecn Layer-4 : tcp-src, tcp-dst, udp-src, udp-dst, icmpv4-type, icmpv4-code Instructions : apply-actions, write-actions Actions : output, set-field Set field actions : eth-src, eth-dst, vlan-id, vlan-pcp, ip-dscp TLS parameters : certificate identifying trustworthy controller : /config/etc/opt/dell/ os10/openflow/cacert.
show openflow ports Displays the OpenFlow ports for a specific logical switch instance. Syntax show openflow switch logical-switch-name ports Parameters logical-switch-name—Enter the name of the logical switch instance to view port information.
NONE ethernet1/1/22 NONE ethernet1/1/23 NONE ethernet1/1/24 NONE ethernet1/1/25 COPPER ethernet1/1/26 COPPER ethernet1/1/27 NONE ethernet1/1/28 NONE ethernet1/1/29 NONE ethernet1/1/30 NONE ethernet1/1/31 NONE ethernet1/1/32 NONE Supported Releases 85 PORT_UP(CLI) LINK_DOWN 0MB FD NO 89 PORT_UP(CLI) LINK_DOWN 0MB FD NO 93 PORT_UP(CLI) LINK_DOWN 0MB FD NO 97 PORT_UP(CLI) LINK_DOWN 0MB FD NO 101 PORT_UP(CLI) LINK_DOWN 0MB FD NO 105 PORT_UP(CLI) LINK_DOWN 0MB FD NO 109 PORT
show openflow switch controllers Displays OpenFlow controllers for a specific logical switch instance. Syntax show openflow switch logical-switch-name controllers Parameters logical-switch-name—Enter the name of the logical switch instance to query. Default None Command Mode EXEC Usage Information This command displays information for all active OpenFlow controllers.
Supported Releases 10.4.1.0 or later OpenFlow-only mode commands When you configure the switch to OpenFlow-only mode, only the following commands are available; all other commands are disabled. NOTE: • The ntp subcommand under the interface command is not applicable when the switch is in OpenFlow mode. • The ip and ipv6 subcommands under the interface command are applicable only when you configure the interface as the management port using the in-band-mgmt command.
Mode Available CLI commands password-attributes policy-map radius-server rest scale-profile support-assist system tacacs-server trust username userrole EXEC All commands The following debug commands are not available: • • • debug iscsi debug radius debug tacacs+ LAG INTERFACE CONFIGURATION LAG is not supported. LOOPBACK INTERFACE CONFIGURATION Loopback interface is not supported.
20 Access Control Lists OS10 uses two types of access policies — hardware-based ACLs and software-based route-maps. Use an ACL to filter traffic and drop or forward matching packets. To redistribute routes that match configured criteria, use a route-map. ACLs ACLs are a filter containing criterion to match; for example, examine internet protocol (IP), transmission control protocol (TCP), or user datagram protocol (UDP) packets, and an action to take such as forwarding or dropping packets at the NPU.
Destination MAC packet address MAC address range—address-mask in 3x4 dotted hexadecimal notation, and any to denote that the rule matches all destination addresses. Packet protocol Set by its EtherType field contents and assigned protocol number for all protocols. VLAN ID Set in the packet header Class of service Present in the packet header IPv4/IPv6 and MAC ACLs apply separately for inbound and outbound packets.
• • IP_PROTOCOL—TCP, UDP, and so on • L4_DST_PORT—Destination port MAC qualifiers: • • • • • • • OUT_PORT—Egress CPU port SRC_MAC—Source MAC address DST_MAC—Destination MAC address ETHER_TYPE—Ethertype OUTER_VLAN_ID—VLAN ID IP_TYPE—IP type OUTER_VLAN_PRI—DOT1P value IP fragment handling OS10 supports a configurable option to explicitly deny IP-fragmented packets, particularly for the second and subsequent packets.
• • If a packet's FO > 0, the packet is permitted If a packet's FO = 0, the next ACL entry processes Deny ACL with L3 information only If a packet's L3 information does not match the L3 information in the ACL, the packet's FO is checked: • • If a packet's FO > 0, the packet is denied If a packet's FO = 0, the next ACL line processes Permit all packets from host OS10(config)# ip access-list ABC OS10(conf-ipv4-acl)# permit tcp host 10.1.1.
• Configure a deny or permit filter to examine TCP packets in IPV4-ACL mode. {deny | permit} tcp {source mask] | any | host ip-address}} [count [byte]] [fragments] • Configure a deny or permit filter to examine UDP packets in IPV4-ACL mode.
Table 82. L2 and L3 targeted traffic L2 ACL / L3 ACL Targeted traffic Deny / Deny L3 ACL denies Deny / Permit L3 ACL permits Permit / Deny L3 ACL denies Permit / Permit L3 ACL permits Assign and apply ACL filters To filter an Ethernet interface, a port-channel interface, or a VLAN, assign an IP ACL filter to the corresponding interface. The IP ACL applies to all traffic entering a physical, port-channel, or VLAN interface.
Ingress ACL filters To create an ingress ACL filter, use the ip access-group command in EXEC mode. To configure ingress, use the in keyword. Apply rules to the ACL with the ip access-list acl-name command. To view the access-list, use the show access-lists command. 1. Apply an ingress access-list on the interface in INTERFACE mode. ip access-group access-group-name in 2. Return to CONFIGURATION mode. exit 3. Create the access-list in CONFIGURATION mode. ip access-list access-list-name 4.
ethernet1/1/29 seq 10 deny ip any any fragment count (100 packets) VTY ACLs To limit Telnet and SSH connections to the switch, apply access lists on a virtual terminal line (VTY). See Virtual terminal line ACLs for more information. SNMP ACLs To filer SNMP requests on the switch, assign access lists to an SNMP community. Both IPv4 and IPv6 access lists are supported to restrict IP source addresses. See Restrict SNMP access for more information.
To configure a prefix-list, use commands in PREFIX-LIST and ROUTER-BGP modes. Create the prefix-list in PREFIX-LIST mode and assign that list to commands in ROUTER-BGP modes. Route-maps Route-maps are a series of commands that contain a matching criterion and action. They change the packets meeting the matching criterion. ACLs and prefix-lists can only drop or forward the packet or traffic while route-maps process routes for route redistribution.
View route-map configuration OS10(conf-router-bgp-neighbor-af)# do show route-map route-map test1, deny, sequence 10 Match clauses: ip address prefix-list p1 Set clauses: route-map test2, permit, sequence 10 Match clauses: ip address prefix-list p1 Set clauses: route-map test3, deny, sequence 10 Match clauses: ip address prefix-list p2 Set clauses: route-map test4, permit, sequence 10 Match clauses: ip address prefix-list p2 Set clauses: Match routes Configure match criterion for a route-map.
• Enter a metric value for redistributed routes in ROUTE-MAP mode, from 0 to 4294967295. set metric {+ | - | metric-value} • Enter an OSPF type for redistributed routes in ROUTE-MAP mode. set metric-type {type-1 | type-2 | external | internal} • Enter an ORIGIN attribute in ROUTE-MAP mode. set origin {egp | igp | incomplete} • Enter a tag value for the redistributed routes in ROUTE-MAP mode, from 0 to 4294967295.
seq sequence-number {deny | permit} {source [mask] | any | host ip-address} [count [byte]] [fragments] [threshold-in-msgs count] [capture session session-id] If you configure the flow-based enable command and do not apply an ACL on the source port or the monitored port, both flowbased monitoring and port mirroring do not function. Flow-based monitoring is supported only for ingress traffic.
seq seq seq seq 5 permit icmp any any capture session 10 permit ip 102.1.1.0/24 any capture 15 deny udp any any capture session 2 20 deny tcp any any capture session 3 1 count (0 packets) session 1 count bytes (0 bytes) count bytes (0 bytes) count bytes (0 bytes) View monitor sessions OS10(conf-if-eth1/1/1)# show monitor session all S.
USER_L2_ACL Shared:1 G3 1 2 1022 1024 USER_IPV4_ACL Shared:1 G2 2 3 1021 1024 USER_IPV6_ACL Shared:2 G4 1 2 510 512 PBR_V6 Shared:2 G10 1 1 511 512 SYSTEM_FLOW Shared:2 G0 49 49 975 1024 ISCSI_SNOOPING Shared:1 G8 12 12 500 512 FCOE Shared:2 G6 55 55 457 512 -----------------------------------------------------------------------------------------------------Egress ACL utilization Hardware Pools -----------------------------------------------------------------------------------------------------Pool ID App(s
ACL logging helps to administer and manage traffic that traverses your network and is useful for network supervision and maintenance activities. High volumes of network traffic can result in large volume of logs, which can negatively impact system performance and efficiency. You can specify the threshold after which a log is created and the interval at which the logs must be created. The threshold defines how often a log message is created after an initial packet match. The default is 10 messages.
Parameters access-list-name — (Optional) Enter the name of the IPv6 access-list to clear counters. A maximum of 140 characters. Default Not configured Command Mode EXEC Usage Information If you do not enter an access-list name, all IPv6 access-list counters clear. The counter counts the number of packets that match each permit or deny statement in an access list. To get a more recent count of packets matching an access list, clear the counters to start at zero.
• • fragment — (Optional) Use ACLs to control packet fragments. log — (Optional) Enables ACL logging. Information about packets that match an ACL rule are logged. Default Not configured Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes; when you use the count byte options, only bytes increment. The no version of this command removes the filter. Example Supported Releases OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# deny udp any any 10.2.
Parameters • • • nn:nn:nn:nn:nn:nn — Enter the MAC address of the network from or to which the packets are sent. 00:00:00:00:00:00 — (Optional) Enter which bits in the MAC address must match. If you do not enter a mask, a mask of 00:00:00:00:00:00 applies. any — (Optional) Set routes which are subject to the filter. • • • • • protocol-number — (Optional) MAC protocol number identified in the header, from 600 to ffff. capture — (Optional) Capture packets the filter processes.
deny icmp (IPv6) Configures a filter to drop all or specific ICMP messages. Syntax deny icmp [A::B | A::B/x | any | host ipv6-address] [A::B | A::B/x | any | host ipv6-address] [capture | count | dscp value | fragment | log] Parameters • • • • • • • • • • Default Not configured Command Mode IPV6-ACL A::B — Enter the IPv6 address in hexadecimal format separated by colons. A::B/x — Enter the number of bits to match to the IPv6 address.
deny ipv6 Configures a filter to drop all or specific packets from an IPv6 address. Syntax deny ipv6 [A::B | A::B/x | any | host ipv6–address] [A::B | A:B/x | any | host ipv6–address] [capture | count [byte] | dscp | fragment] Parameters • • • A::B — (Optional) Enter the source IPv6 address from which the packet was sent and the destination address. A::B/x — (Optional) Enter the source network mask in /prefix format (/x) and the destination mask.
• • • • • eq — Equal to gt — Greater than lt — Lesser than neq — Not equal to range — Range of ports, including the specified port numbers. Default Not configured Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes; when you use the count byte options, only bytes increment. The no version of this command removes the filter. Example Supported Releases OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# deny tcp any any capture session 1 10.2.
deny udp Configures a filter to drop User Datagram Protocol (UDP) packets meeting the filter criteria. Syntax deny udp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | count | dscp value | fragment | log] Parameters • • • • • • • • • • • • • • • • • A.B.C.D — Enter the IPv4 address in dotted decimal format. A.B.C.D/x — Enter the number of bits to match to the dotted decimal address.
• • • • • • • • • • • • fin — (Optional) Set the bit as finish—no more data from sender. psh — (Optional) Set the bit as push. rst — (Optional) Set the bit as reset. syn — (Optional) Set the bit as synchronize. urg — (Optional) Set the bit set as urgent. capture — (Optional) Capture packets the filter processes. count — (Optional) Count packets the filter processes. byte — (Optional) Count bytes the filter processes. dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63.
• out — Apply the ACL to outgoing traffic. Default Not configured Command Mode INTERFACE CONTROL-PLANE Usage Information Use this command in the CONTROL-PLANE mode to apply a control-plane ACL. Control-plane ACLs are only applied on the ingress traffic. By default, the control-plane ACL is applied to the front-panel ports as well as the management port.The no version of this command deletes the IPv4 ACL configuration.
Example Supported Release OS10(config)# ip as-path access-list abc deny 123 10.3.0E or later ip community-list standard deny Creates a standard community list for BGP to deny access. Syntax ip community-list standard name deny {aa:nn | no-advertise | local-AS | noexport | internet} Parameters • • • • • • name — Enter the name of the standard community list used to identify one more deny groups of communities.
ip extcommunity-list standard deny Creates an extended community list for BGP to deny access. Syntax ip extcommunity-list standard name deny {4byteas-generic | rt | soo} Parameters • • • • name — Enter the name of the community list used to identify one or more deny groups of extended communities. 4byteas-generic—Enter the generic extended community then the keyword transitive or nontransitive. rt — Enter the route target. soo — Enter the route origin or site-of-origin.
Example Supported Release OS10(config)# ip prefix-list TEST description TEST_LIST 10.3.0E or later ip prefix-list deny Creates a prefix list to deny route filtering from a specified network address. Syntax ip prefix-list name deny [A.B.C.D/x [ge | le]] prefix-len Parameters • • • • • Defaults Not configured Command Mode CONFIGURATION name — Enter the name of the prefix list. A.B.C.D/x — (Optional) Enter the source network address and mask in /prefix format (/x).
• • • • A.B.C.D/x — Enter the source network address and mask in /prefix format (/x). ge — Enter to indicate the network address is greater than or equal to the range specified. le — Enter to indicate the network address is less than or equal to the range specified. prefix-len — Enter the prefix length. Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the specified prefix list.
Example (Controlplane ACL) Supported Releases OS10# configure terminal OS10(config)# control-plane OS10(config-control-plane)# ipv6 access-group aaa-cp-acl in 10.2.0E or later; 10.4.1 or later (control-plane ACL) ipv6 access-list Creates an IP access list to filter based on an IPv6 address. Syntax ipv6 access-list access-list-name Parameters access-list-name — Enter the name of an IPv6 access list. A maximum of 140 characters.
Usage Information The no version of this command removes the specified prefix list. Example Supported Release OS10(config)# ipv6 prefix-list TEST description TEST_LIST 10.3.0E or later ipv6 prefix-list permit Creates a prefix-list to permit route filtering from a specified IPv6 network address. Syntax ipv6 prefix-list prefix-list-name permit {A::B/x [ge | le] prefix-len} Parameters • • • • • Defaults Not configured Command Mode CONFIGURATION prefix-list-name — Enter the IPv6 prefix-list name.
Parameters • • • • • • Defaults Not configured Command Mode CONFIGURATION name — (Optional) Enter the name of the IPv6 prefix-list. num — Enter the sequence number of the specified IPv6 prefix list. A::B/x — Enter the IPv6 address and mask in /prefix format (/x). ge — Enter to indicate the network address is greater than or equal to the range specified. le — Enter to indicate the network address is less than or equal to the range specified. prefix-len — Enter the prefix length.
Example Supported Releases OS10(config)# mac access-list maclist 10.2.0E or later permit Configures a filter to allow packets with a specific IPv4 address. Syntax permit [protocol-number | icmp | ip | tcp | udp] [A.B.C.D | A.B.C.D/x | any | host ip-address] [A.B.C.D | A.B.C.
• • • • • • • • any — (Optional) Enter the keyword any to specify any source or destination IP address. host ip-address — (Optional) Enter the IPv6 address to use a host address only. capture — (Optional) Capture packets the filter processes. count — (Optional) Count packets the filter processes. byte — (Optional) Count bytes the filter processes. dscp value — (Optional) Permit a packet based on the DSCP values, from 0 to 63. fragment — (Optional) Use ACLs to control packet fragments.
permit icmp Configures a filter to permit all or specific ICMP messages. Syntax permit icmp [A.B.C.D | A.B.C.D/x | any | host ip-address] [[A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | count | dscp value | fragment | log] Parameters • • • • • • • • • • Default Not configured Command Mode IPV4-ACL A.B.C.D — Enter the IPv4 address in dotted decimal format. A.B.C.D/x — Enter the number of bits that must match the dotted decimal address.
permit ip Configures a filter to permit all or specific packets from an IPv4 address. Syntax permit ip [A.B.C.D | A.B.C.D/x | any | host ip-address] [[A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | count | dscp value | fragment | log] Parameters • • • • • • • • • • Default Not configured Command Mode IPV4-ACL A.B.C.D — Enter the IPv4 address in dotted decimal format. A.B.C.D/x — Enter the number of bits to match to the dotted decimal address.
permit tcp Configures a filter to permit TCP packets meeting the filter criteria. Syntax permit tcp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [operator] ] [ack | fin | psh | rst | syn | urg] [capture | count | dscp value | fragment | log] Parameters • • • A.B.C.D — Enter the IPv4 address in dotted decimal format. A.B.C.D/x — Enter the number of bits that must match the dotted decimal address.
• any — (Optional) Enter the keyword any to specify any source or destination IP address. NOTE: The control-plane ACLs do not support the any parameter. • • • • • • • host ipv6-address — (Optional) Enter the IPv6 address to use a host address only. capture — (Optional) Capture packets the filter processes. count — (Optional) Count packets the filter processes. byte — (Optional) Count bytes the filter processes. dscp value — (Optional) Permit a packet based on the DSCP values, from 0 to 63.
Default Not configured Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter. Example Supported Releases OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# permit udp any any capture session 1 10.2.0E or later permit udp (IPv6) Configures a filter to permit UDP packets meeting the filter criteria.
remark Specifies an ACL entry description. Syntax remark description Parameters description — Enter a description. A maximum of 80 charaters. Default Not configured Command Mode IPV4-ACL Usage Information Configure up to 16777214 remarks for a given IPv4, IPv6, or MAC. The no version of the command removes the ACL entry description. Supported Releases 10.2.0E or later seq deny Assigns a sequence number to deny IPv4 addresses while creating the filter.
seq deny (IPv6) Assigns a sequence number to deny IPv6 addresses while creating the filter. Syntax seq sequence-number deny [protocol-number icmp | ip | tcp | udp] [A::B | A::B/x | any | host ipv6-address] [A::B | A::B/x | any | host ipv6-address] [capture | count | dscp value | fragment | log] Parameters • • • • • • • • • • • • • • • • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214.
• • byte — (Optional) Count bytes the filter processes. vlan — (Optional) VLAN number, from 1 to 4093. Default Not configured Command Mode CONFIG-MAC-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number.
Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. A::B — Enter the IPv6 address in hexadecimal format separated by colons. A::B/x — Enter the number of bits that must match the IPv6 address. any — (Optional) Enter the keyword any to specify any source or destination IP address. host ipv6-address — (Optional) Enter the IPv6 address to use a host address only. capture — (Optional) Capture packets the filter processes.
Supported Releases 10.2.0E or later seq deny ipv6 Assigns a filter to deny IPv6 addresses while creating the filter. Syntax seq sequence-number deny ip [A::B | A::B/x | any | host ipv6-address] [A::B | A:B/x | any | host ipv6-address] [capture | count | dscp value | fragment | log] Parameters • • • • • • • • • • • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214.
• • • • • • • capture — (Optional) Capture packets the filter processes. count — (Optional) Count packets the filter processes. byte — (Optional) Count bytes the filter processes. dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63. fragment — (Optional) Use ACLs to control packet fragments. log — (Optional) Enables ACL logging. Information about packets that match an ACL rule are logged.
• • • • • eq — Equal to gt — Greater than lt — Lesser than neq — Not equal to range — Range of ports, including the specified port numbers. Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number.
Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. Example Supported Releases OS10(config)# ip access-list egress OS10(conf-ipv4-acl)# seq 10 deny udp any any capture session 1 log 10.2.0E or later seq deny udp (IPv6) Assigns a filter to deny UDP packets while creating the filter.
seq permit Assigns a sequence number to permit packets while creating the filter. Syntax seq sequence-number permit [protocol-number A.B.C.D | A.B.C.D/x | any | host ip-address] [A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | count | dscp value | fragment | log] Parameters • • • • • • • • • • • • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. protocol-number — (Optional) Enter the protocol number, from 0 to 255. A.B.
Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. Example Supported Releases OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# seq 10 permit ipv6 any any capture session 1 log 10.2.
Parameters • • • • • • • • • • • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. A.B.C.D — Enter the IPv4 address in dotted decimal format. A.B.C.D/x — Enter the number of bits that must match the dotted decimal address. any — (Optional) Enter the keyword any to specify any source or destination IP address. host ip-address — (Optional) Enter the IPv4 address to use a host address only.
Supported Releases 10.2.0E or later seq permit ip Assigns a sequence number to allow packets while creating the filter. Syntax seq sequence-number permit ip [A.B.C.D | A.B.C.D/x | any | host ip-address] [A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | count | dscp value | fragment | log] Parameters • • • • • • • • • • • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. A.B.C.
Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. Example Supported Releases OS10(config)# ipv6 access-list egress OS10(conf-ipv6-acl)# seq 5 permit ipv6 any any capture session 1 log 10.2.
Supported Releases 10.2.0E or later seq permit tcp (IPv6) Assigns a sequence number to allow TCP IPv6 packets while creating the filter.
Parameters • • • • • • • • • • • • • • • • • • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. A.B.C.D — Enter the IPv4 address in dotted decimal format. A.B.C.D/x — Enter the number of bits that must match the dotted decimal address. any — (Optional) Enter the keyword any to specify any source or destination IP address. host ip-address — (Optional) Enter the IPv4 address to use a host address only.
• • • • • • • • • • • • • eq — Equal to • gt — Greater than • lt — Lesser than • neq — Not equal to • range — Range of ports, including the specified port numbers. ack — (Optional) Set the bit as acknowledgment. fin — (Optional) Set the bit as finish—no more data from sender. psh — (Optional) Set the bit as push. rst — (Optional) Set the bit as reset. syn — (Optional) Set the bit as synchronize. urg — (Optional) Set the bit set as urgent. capture — (Optional) Capture packets the filter processes.
Example (IPv6) OS10# show ipv6 access-group ccc Ingress IPV6 access list aaa on ethernet1/1/1 Ingress IPV6 access list aaa on ethernet1/1/2 Egress IPV6 access list aaa on ethernet1/1/2 Example (Controlplane ACL - IP) OS10# show ip access-group aaa-cp-acl Ingress IP access-list aaa-cp-acl on control-plane data mgmt Example (Controlplane ACL - MAC) OS10# show mac access-group aaa-cp-acl Ingress MAC access-list aaa-cp-acl on control-plane data Example (Controlplane ACL - IPv6) Supported Releases OS10# s
seq 20 permit tcp any any count (0 packets) seq 30 permit udp any any count bytes (0 bytes) Example (IP Out) Example (IPv6 In) Example (IPv6 Out) Example (IP In Control-plane ACL) Example (IPv6 In Control-plane ACL) Example (MAC In Control-plane ACL) Supported Releases OS10# show ip access-lists out Egress IP access list aaaa Active on interfaces : ethernet1/1/1 ethernet1/1/2 seq 10 permit ip any any seq 20 permit tcp any any count (0 packets) seq 30 permit udp any any count bytes (0 bytes) OS10# sho
show acl-table-usage detail Displays the ingress and egress ACL tables, the features that are used, and their space utilizations. Syntax show acl-table-usage detail Parameters None Default None Command Mode EXEC Usage Information The hardware pool displays the ingress application groups (pools), the features mapped to each of these groups, and the amo space available in each of the pools.
-------------------------------------------------------------------------------------App Allocated pools App group Configured rules Used rows Free -------------------------------------------------------------------------------------SYSTEM_FLOW Shared:3 G0 49 49 207 256 -------------------------------------------------------------------------------------Ingress ACL utilization - Pipe 2 Hardware Pools ---------------------------------------------------------------------Pool ID App(s) Used rows Free rows Max r
App Allocated pools App group Configured rules Used rows Free --------------------------------------------------------------------------------------------------------------------------------------------------------------------------S6010-ON platform OS10# show acl-table-usage detail Ingress ACL utilization Hardware Pools ------------------------------------------------------------------Pool ID App(s) Used rows Free rows Max rows ------------------------------------------------------------------0 SYSTEM_FLO
show ip as-path-access-list Displays the configured AS path access lists. Syntax show ip as-path-access-list [name] Parameters name — (Optional) Specify the name of the AS path access list. Defaults None Command Mode EXEC Usage Information None Example Supported Releases OS10# show ip as-path-access-list ip as-path access-list hello permit 123 deny 35 10.3.0E or later show ip community-list Displays the configured IP community lists in alphabetic order.
show ip prefix-list Displays configured IPv4 or IPv6 prefix list information. Syntax show {ip | ipv6} prefix-list [prefix-name] Parameters • • Defaults None Command Mode EXEC ip | ipv6—(Optional) Displays information related to IPv4 or IPv6. prefix-name — Enter a text string for the prefix list name. A maximum of 140 characters. Usage Information None Example Example (IPv6) Supported Releases OS10# show ip prefix-list ip prefix-list hello: seq 10 deny 1.2.3.4/24 seq 20 permit 3.4.4.
Usage Information The no version of this command deletes a match. Example Supported Releases OS10(config)# route-map bgp OS10(conf-route-map)# continue 65535 10.3.0E or later match as-path Configures a filter to match routes that have a certain AS path in their BGP paths. Syntax match as-path as-path-name Parameters as-path-name — Enter the name of an established AS-PATH ACL. A maximum of 140 characters.
Example Supported Releases OS10(config)# route-map bgp OS10(conf-route-map)# match extcommunity extcommlist1 exact-match 10.3.0E or later match interface Configures a filter to match routes whose next-hop is the configured interface. Syntax match interface interface Parameters interface — Interface type: • • • ethernet node/slot/port[:subport] — Enter the Ethernet interface information as the next-hop interface.
Usage Information The no version of this command deletes the match. Example Supported Releases OS10(config)# route-map bgp OS10(conf-route-map)# match ip next-hop prefix-list test100 10.3.0E or later match ipv6 address Configures a filter to match routes based on IPv6 addresses specified in IP prefix lists. Syntax match ipv6 address {prefix-list prefix-list | access-list} Parameters • • Default Not configured Command Mode ROUTE-MAP prefix-list — Enter the name of the configured prefix list.
Example Supported Releases OS10(conf-route-map)# match metric 429132 10.2.0E or later match origin Configures a filter to match routes based on the origin attribute of BGP. Syntax match origin {egp | igp | incomplete} Parameters • • • Default Not configured Command Mode ROUTE-MAP egp — Match only remote EGP routes. igp — Match only on local IGP routes. incomplete — Match on unknown routes that are learned through some other means.
Command Mode ROUTE-MAP Usage Information The no version of this command deletes the match. Example Supported Releases OS10(conf-route-map)# match tag 656442 10.2.0E or later route-map Enables a route-map statement and configures its action and sequence number. Syntax route-map map-name [permit | deny | sequence-number] Parameters • • • • map-name — Enter the name of the route-map. A maximum of 140 characters.
set comm-list delete Remove communities in the specified list from the COMMUNITY attribute in a matching inbound or outbound BGP route. Syntax set comm-list {community-list-name} delete Parameters community-list-name — Enter the name of an established community list. A maximum of 140 characters. Defaults None‘ Command Mode ROUTE-MAP Usage Information Configure the community list you use in the set comm-list delete command so that each filter contains only one community.
Example Supported Releases OS10(config)# route-map bgp OS10(conf-route-map)# set extcomm-list TestList add 10.4.0E(R1) or later set extcomm-list delete Remove communities in the specified list from the EXTCOMMUNITY attribute in a matching inbound or outbound BGP route. Syntax set extcomm-list extcommunity-list-name delete Parameter extcommunity-list-name — Enter the name of an established extcommunity list. A maximum of 140 characters.
Usage Information This command changes the LOCAL_PREF attribute for routes meeting the route map criteria. To change the LOCAL_PREF for all routes, use the bgp default local-preference command. The no version of this command removes the LOCAL_PREF attribute. Example Supported Releases OS10(conf-route-map)# set local-preference 200 10.2.0E or later set metric Set a metric value for a routing protocol.
• OSPF • • external — Sets the cost of the external routes so that it is equal to the sum of all internal costs and the external cost. internal — Sets the cost of the external routes so that it is equal to the external cost alone, the default. The no version of this command removes the set clause from a route map. Example Supported Releases OS10(conf-route-map)# set metric-type internal 10.2.0E or later set next-hop Sets an IPv4 or IPv6 address as the next-hop.
set tag Sets a tag for redistributed routes. Syntax set tag tag-value Parameters tag-value — Enter a tag number for the route to redistribute, from 0 to 4294967295. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes the set clause from a route map. Example Supported Releases OS10(conf-route-map)# set tag 23 10.2.0E or later set weight Set the BGP weight for the routing table.
Supported Releases 10.3.
21 Quality of service Quality of service (QoS) reserves network resources for highly critical application traffic with precedence over less critical application traffic. QoS prioritizes different types of traffic and ensures quality of service. You can control the following traffic flow parameters: Delay, Bandwidth, Jitter, and Drop. Different QoS features control the traffic flow parameters, as the traffic traverses a network device from ingress to egress interfaces.
Configuring QoS is a three-step process: 1. Create class-maps to classify the traffic flows. The following are the different types of class-maps: • qos (default)—Classifies ingress data traffic. • queuing —Classifies egress queues. • control-plane—Classifies control-plane traffic. • network-qos—Classifies traffic-class IDs for ingress buffer configurations. • application —Classifies application-type traffic. The reserved policy-map policy-iscsi defines the actions for class-iscsi traffic. 2.
Ingress traffic classification Ingress traffic can either be data or control traffic. OS10 groups network traffic into different traffic classes, from class 0 to 7 based on various parameters. Grouping traffic into different classes helps to identify and prioritize traffic as it goes through the switch. NOTE: Traffic class is also called as QoS group. By default, OS10 does not classify data traffic. OS10 assigns the default traffic class ID 0 to all data traffic.
3. Verify the map entries. OS10# show qos maps type trust-map-dot1p example-dot1p-trustmap-name DOT1P Priority to Traffic-Class Map : example-dot1p-trustmap-name Traffic-Class DOT1P Priority ------------------------------3 0-4 5 5-7 4. Apply the map on a specific interface or on system-qos, global level. • Interface level OS10(conf-if-eth1/1/1)# trust-map dot1p example-dot1p-trustmap-name NOTE: In the interface level, the no version of the command returns the configuration to the system-qos level.
DSCP values Traffic class ID Color 40-43 5 G 44-47 5 Y 48-51 6 G 52-55 6 Y 56-59 7 G 60-62 7 Y 63 7 R NOTE: You cannot modify the default DSCP trust map. User–defined DCSP trust map You can override the default mapping by creating a user-defined DSCP trust map. All the unspecified DSCP entries map to the default traffic class ID 0 and color G. Configure user–defined DSCP trust map 1. Create a DSCP trust map.
ACL-based classification Classify the ingress traffic by matching the packet fields using ACL entries. Classify the traffic flows based on QoS-specific fields or generic fields, using IP or MAC ACLs. Create a class-map template to match the fields. OS10 allows matching any of the fields or all the fields based on the match type you configure in the class-map. Use the access-group match filter to match MAC or IP ACLs. You can configure a maximum of four access-group filters in a class-map: • • • • 802.
3. Create a class-map and attach it to a policy where trust is configured. This example uses 802.1p cos to define the match criteria. You can use dscp or other access group match filters. If the 802.1p traffic matches the defined criteria, the set qos-group 1 command assigns the traffic to TC 1.
set qos-group 5 police cir 300 pir 300 After upgrade to release 10.4.2, the policy configuration appears as follows: policy-map type control-plane test ! class test_Remapped_0 set qos-group 0 police cir 300 pir 300 ! class test_Remapped_5 set qos-group 5 police cir 300 pir 300 ! class test_Remapped_6 set qos-group 6 police cir 300 pir 300 In release 10.4.2, ARP_REQ is mapped to queue 6, ICMPV6_RS and ICMPV6_NS are mapped to queue 5, and ISCSI is mapped to queue 0.
Queue Protocols Minimum rate limit (in pps) Maximum rate limit (in pps) Minimum guaranteed buffer (in bytes) Static shared limit (in bytes) 3 VLT, NDS 600 1000 1664 48880 4 IPv6 ICMP, IPv4 ICMP 500 500 1664 20800 5 ICMPv6 RS, RA, NS, NA 500 500 1664 48880 6 ARP request 500 1000 1664 48880 7 ARP response 500 1000 1664 48880 8 SSH, TELNET, NTP, FTP, TACACS 500 500 1664 20800 9 FCoE 600 600 1664 48880 10 LACP 600 1000 1664 48880 11 STP, RSTP, MSTP 400 40
2. Return to CONFIGURATION mode. exit 3. Create an input policy-map to assign the QoS policy to the desired service queues in CONFIGURATION mode. policy-map type control-plane example-copp-policy-map-name 4. Associate a policy-map with a class-map in POLICY-MAP mode. class example-copp-class-map-name 5. Configure marking for a specific queue number in POLICY-MAP-CLASS-MAP mode. Use the show control-plane info command to view the list of control-plane queues. set qos-group queue-number 6.
View configuration Use show commands to display the protocol traffic assigned to each control-plane queue and the current rate-limit applied to each queue. Use the show command output to verify the CoPP configuration.
13 14 15 16 17 18 19 0 1265 422 0 0 0 0 0 108790 36075 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Egress traffic classification Egress traffic is classified into different queues based on the traffic-class ID marked on the traffic flow. Set the traffic class ID for a flow by enabling trust or by classifying ingress traffic and mark it with a traffic class ID using a policy map. By default, the value of traffic class ID for all the traffic is 0. The order of precedence for a qos-map is: 1.
• System-qos level OS10(config-sys-qos)# qos-map traffic-class tc-q-map Choose all traffic classified for a queue 1. Create a queuing type class-map to match queue 5. OS10(config)# class-map type queuing q5 2. Define the queue to match. OS10(config-cmap-queuing)# match queue 5 Policing traffic Use policing to limit the rate of ingress traffic flow. The flow can be all the ingress traffic on a port or a particular flow defined using a QoS class-map.
Mark Traffic You can select a flow and mark it with a traffic class ID. Traffic class IDs identify the traffic flow when the traffic reaches egress for queue scheduling. Mark traffic 1. Create a QoS type class-map to match the traffic flow. OS10(config)# class-map cmap-cos3 OS10(config-cmap-qos)# match cos 3 2. Create a QoS type policy-map to mark it with a traffic class ID and assign it to the CoS flow.
Configure traffic shaping 1. Enter the queuing type policy-map and configure a policy-map name in CONFIGURATION mode. policy-map type queuing policy-map-name 2. Enter a class name to apply to the shape rate in POLICY-MAP-QUEUEING mode. A maximum of 32 characters. class class-name 3. (Optional) Configure rate shaping on a specific queue by matching the corresponding qos-group in the class-map. If you do not configure the match qos-group command, rate shaping applies to all queues.
View class-map OS10(conf-cmap-queuing)# do show class-map Class-map (queuing): example-que-cmap-name Match: queue 5 View policy-map OS10(conf-pmap-c-que)# do show policy-map Service-policy (queuing) output: example-que-pmap-name Class-map (queuing): example-que-cmap-name bandwidth percent 80 Strict priority queuing OS10 uses queues for egress QoS policy types. Enable strict priority to dequeue all packets from the assigned queue before servicing any other queues.
OS10(config-pmap-c-que)# exit OS10(config-pmap-queuing)# exit OS10(config)# system qos OS10(config-sys-qos)# service-policy output type queuing example-pmap-strictpriority Enable strict priority on interface NOTE: You can apply a policy-map globally in SYSTEM-QOS mode or apply it on the interface. OS10 does not support applying the same policy-map in SYSTEM-QOS mode as well as at the interface level. However, you can apply a different queuing policy-map in SYSTEM-QOS mode or at the interface level.
Buffer management OS10 devices distribute the total available buffer resources into two buffer pools at ingress direction and three buffer pools at egress direction of all physical ports. You can map a single traffic class or a group of traffic classes to a priority group. All ports in a system are allocated a certain amount of buffers from corresponding pools based on the configuration state of each priority-group or queue. The remaining buffers in the pool are shared across all similarly configured ports.
Table 88. Maximum buffer size Platforms Max buffer size S4000 12 MB S6010–ON, S4048–ON 16 MB S4100-ON Series 12 MB S4200-ON Series 6 GB S5200-ON Series 32 MB Z9100–ON 16 MB Z9264F-ON 42 MB The following table lists the values allocated for the default ingress buffers on the S4100-ON series platform. These values may differ for different platforms and speeds. Use the show qos ingress buffers command to view the default ingress buffers on your switch. Table 89.
2. Create network-qos type policy-map to define the actions for traffic classes, such as a buffer configuration and threshold. OS10(config)# policy-map type network-qos example-pmap-in-buffer OS10(config-pmap-network-qos)# class example-cmap-in-buffer OS10 (config-pmap-c-nqos)# pause buffer-size 300 pause-threshold 200 resume-threshold 100 OS10 (config-pmap-c-nqos)# queue-limit thresh-mode dynamic 5 Configure egress buffer All port queues are allocated with reserved buffers.
Configure Deep Buffer mode You must disable all the network QoS configurations; for example, PFC and LLFC, before configuring the Deep Buffer mode. Deep Buffer mode is disabled by default. 1. Enable Deep Buffer mode in CONFIGURATION mode. OS10# configure terminal OS10(config)# hardware deep-buffer-mode NOTE: To disable Deep Buffer mode, use the no form of the command. Disabling Deep Buffer mode takes effect only after saving it in the startup configuration and reloading the switch.
• • dropping excess packets with a certain drop-probability when the average queue length exceeds the configured minimum threshold. The early drop ensures that only some of TCP sources slow down, which avoids global TCP re-synchronization. Weighted random early detection (WRED)—This allows different drop-probabilities and thresholds for each color — red, yellow, green — of traffic. You can configure the drop characteristics for three different flows by assigning the colors to the flow.
5. Exit WRED CONFIGURATION mode. OS10(config-wred)#exit 6. Create a QoS class-map. OS10(config)# class-map type queuing example-cmap-wred-1 OS10(config-cmap-queuing)# match queue 2 7. Enter QOS POLICY-MAP mode and create a queuing policy type. OS10(config)#policy-map type queuing example-pmap-wred-1 OS10(config-pmap-queuing)# class example-cmap-wred-1 8. Assign a WRED profile to the specified queue. OS10(config-pmap-c-que)#random-detect example-wred-prof-1 9. Exit CLASS MAP and POLICY MAP modes.
To enable RRoCE, configure the QoS service policy on the switch in ingress and egress directions on all the interfaces. For more information about this configuration, see Configure RoCE on the switch. Configure RoCE on the switch The following example describes the steps to configure RoCE on the switch. This configuration example uses priority 3 for RoCE. 1. Enter CONFIGURATION mode. OS10# configure terminal OS10 (config)# 2. Enable the Data Center Bridging Exchange protocol (DCBX).
c. Specify the allowed VLANs on the trunk port. OS10 (conf-if-eth1/1/1)# switchport trunk allowed vlan 55 d. Apply the network-qos type policy-map to the interface. OS10 (conf-if-eth1/1/1)# service-policy input type network-qos policy_pfcdot1p3 e. Apply the queuing policy to egress traffic on the interface. OS10 (conf-if-eth1/1/1)# service-policy output type queuing policy_2Q f. Enable ETS on the interface. OS10 (conf-if-eth1/1/1)# ets mode on g. Apply the qos-map for ETS configurations on the interface.
The following examples show each device in this network and their respective configuration: SW1 configuration VXLAN configuration — SW1 OS10# configure terminal OS10(config)# interface vlan 3000 OS10(conf-if-vl-3000)# exit OS10(config)# interface vlan 200 OS10(conf-if-vl-200)# exit OS10(config)# interface loopback 1 OS10(conf-if-lo-1)# ip address 1.1.1.1/32 OS10(conf-if-lo-1)# exit OS10(config)# router ospf 1 OS10(config-router-ospf-1)# router-id 8.8.8.
OS10(config)# configure terminal OS10(config)# nve OS10(conf-nve)# source-interface loopback 1 OS10(conf-nve)# exit OS10(config)# virtual-network 5 OS10(conf-vn-5)# vxlan-vni 1000 OS10(conf-vn-vxlan-vni)# remote-vtep 2.2.2.
WRED and ECN configuration — SW1 OS10# configure terminal OS10(config)# wred w1 OS10(config-wred)# random-detect ecn OS10(config-wred)# random-detect color green minimum-threshold 100 maximum-threshold 500 dropprobability 100 OS10(config-wred)# random-detect color yellow minimum-threshold 100 maximum-threshold 500 drop-probability 100 OS10(config-wred)# random-detect color red minimum-threshold 100 maximum-threshold 500 dropprobability 100 OS10(config-wred)# exit OS10(config)# class-map type queuing cq OS10
OS10(config-router-ospf-1)# router-id 9.9.9.
OS10(config)# policy-map type network-qos llfc OS10(config-pmap-network-qos)# class llfc OS10(config-pmap-c-nqos)# pause buffer-size 120 pause-threshold 50 resume-threshold 12 OS10(config-pmap-c-nqos)# end OS10# configure terminal OS10(config)# interface range ethernet 1/1/1,1/1/20,1/1/31,1/1/32 OS10(conf-range-eth1/1/1,1/1/20,1/1/31,1/1/32)# flowcontrol transmit on OS10(conf-range-eth1/1/1,1/1/20,1/1/31,1/1/32)# flowcontrol receive on OS10(conf-range-eth1/1/1,1/1/20,1/1/31,1/1/32)# service-policy input typ
OS10(conf-if-vl-3000)# ip address 5.5.5.3/24 OS10(conf-if-vl-3000)# exit OS10(config)# interface vlan 200 OS10(conf-if-vl-200)# exit OS10(config)# interface loopback 1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 2.2.2.2/32 OS10(conf-if-lo-1)# exit OS10(config)# router ospf 1 OS10(config-router-ospf-1)# router-id 10.10.10.
LLFC configuration — VLT peer 2 Instead of PFC, you can configure LLFC as follows: OS10# configure terminal OS10(config)# class-map type network-qos llfc OS10(config-cmap-nqos)# match qos-group 0-7 OS10(config-cmap-nqos)# exit OS10(config)# policy-map type network-qos llfc OS10(config-pmap-network-qos)# class llfc OS10(config-pmap-c-nqos)# pause buffer-size 50 pause-threshold 30 resume-threshold 10 OS10(config-pmap-c-nqos)# end OS10# configure terminal OS10(config)# interface range ethernet 1/1/1,1/1/20,1/1
NOS(conf-if-eth1/1/3)# end NOS# NOS# configure terminal NOS(config)# interface port-channel 2 NOS(conf-if-po-2)# switchport mode trunk NOS(conf-if-po-2)# switchport trunk allowed vlan 200 NOS(conf-if-po-2)# end PFC configuration — ToR device NOS# configure terminal NOS(config)# trust dot1p-map t1 NOS(config-tmap-dot1p-map)# qos-group 0 dot1p 0 NOS(config-tmap-dot1p-map)# qos-group 1 dot1p 1 NOS(config-tmap-dot1p-map)# qos-group 2 dot1p 2 NOS(config-tmap-dot1p-map)# qos-group 3 dot1p 3 NOS(config-tmap-dot1p-
NOS(config-cmap-queuing)# exit NOS(config)# policy-map type queuing pq NOS(config-pmap-queuing)# class cq NOS(config-pmap-c-que)# random-detect w1 NOS(config-pmap-c-que)# end NOS# configure terminal NOS(config)# interface range ethernet 1/1/1,1/1/2,1/1/3 NOS(conf-range-eth1/1/1,1/1/2,1/1/3)# flowcontrol receive off NOS(conf-range-eth1/1/1,1/1/2,1/1/3)# priority-flow-control mode on NOS(conf-range-eth1/1/1,1/1/2,1/1/3)# ets mode on NOS(conf-range-eth1/1/1,1/1/2,1/1/3)# service-policy input type network-qos p
After you disable BST, be sure to clear the counter using the clear qos statistics type buffer-statistics-tracking command. Port to port-pipe and MMU mapping A port pipe handles network traffic to and from a set of front-end I/O ports. On the Z9100–ON, Z9264F–ON, and MX9116n platforms, interfaces are shared across port pipes and port pipes are shared across Memory Management Units (MMUs).
Eth 1/1/26 3 0, 1 1, 3 down Eth 1/1/27 3 0, 1 1, 3 down Eth 1/1/28 3 0, 1 1, 3 down Eth 1/1/29 0 0, 1 0, 2 down Eth 1/1/30 0 0, 1 0, 2 down Eth 1/1/31 0 0, 1 0, 2 down Eth 1/1/32 0 0, 1 0, 2 down Eth 1/1/33 1 2, 3 0, 2 up Eth 1/1/34 2 2, 3 1, 3 up View information for a single interface: OS10# show qos port-map details interface ethernet 1/1/1 --------------------------------------------------------------------------Interface Port Pipe Ingress MMU Egress MMU
Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth 1/1/21:4 1/1/23 1/1/24 1/1/25:1 1/1/25:2 1/1/25:3 1/1/25:4 1/1/27:1 1/1/27:2 1/1/27:3 1/1/27:4 1/1/29:1 1/1/29:2 1/1/29:3 1/1/29:4 1/1/31 1/1/32 1/1/33 1/1/34 1/1/35:1 1/1/35:2 1/1/35:3 1/1/35:4 1/1/37:1 1/1/37:2 1/1/37:3 1/1/37:4 1/1/39:1 1/1/39:2 1/1/39:3 1
MX9116n output example: OS10# show qos port-map details --------------------------------------------------------------------------Interface Port Pipe Ingress MMU Egress MMU Oper Status --------------------------------------------------------------------------Eth 1/1/1 3 0, 1 1, 3 down Eth 1/1/2 3 0, 1 1, 3 down Eth 1/1/3 3 0, 1 1, 3 down Eth 1/1/4 3 0, 1 1, 3 down Eth 1/1/5 3 0, 1 1, 3 down Eth 1/1/6 3 0, 1 1, 3 down Eth 1/1/7 3 0, 1 1, 3 down Eth 1/1/8 3 0, 1 1, 3 down Eth 1/1/9 1 2, 3 0, 2 down Eth 1/1/10
Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth 1/1/29:3 1/1/29:4 1/1/30:1 1/1/30:2 1/1/30:3 1/1/30:4 1/1/31:1 1/1/31:2 1/1/31:3 1/1/31:4 1/1/32:1 1/1/32:2 1/1/32:3 1/1/32:4 1/1/33:1 1/1/33:2 1/1/33:3 1/1/33:4 1/1/34:1 1/1/34:2 1/1/34:3 1/1/34:4 1/1/35 1/1/36 1/1/37 1/1/38 1/1/39 1/1/40 1/1/41:1 1/1/41:2 1/1/41:3 1/1/41:4 1/1/42:1 1/1/42:2 1/1/42:3 1/1/42:4 1/1/43:1 1/1/43:2 1/1/4
Example Supported Releases OS10(config-pmap-c-que)# bandwidth percent 70 10.2.0E or later buffer-statistics-tracking Enables or disables buffer statistics tracking feature globally. Syntax buffer-statistics-tracking Parameters None Default Disabled Command Mode SYSTEM-QOS Usage Information The no form of the command disables buffer statistics tracking feature globally. After you disable BST, be sure to clear the counter using the clear qos statistics type buffer-statistics-tracking command.
• • • • • qos — Enter a qos type class-map. queuing — Enter a queueing type class-map. control-plane — Enter a control-plane type class-map. match-all — Determines how packets are evaluated when multiple match criteria exist. Enter the keyword to determine that all packets must meet the match criteria to be assigned to a class. match-any — Determines how packets are evaluated when multiple match criteria exist.
Example Example (controlplane) Example (queuing) Example (BST) Supported Releases OS10# clear qos statistics type qos interface ethernet 1/1/5 OS10# clear qos statistics type control-plane interface ethernet 1/1/7 OS10# clear qos statistics type queuing interface ethernet 1/1/2 OS10# clear qos statistics type buffer-statistics-tracking 10.2.0E or later control-plane Enters CONTROL-PLANE mode.
flowcontrol Enables or disables link-level flow control on an interface. Syntax flowcontrol [receive | transmit] [on | off] Parameters • • • • receive — (Optional) Indicates the port can receive flow control packets from a remote device. transmit — (Optional) Indicates the local port can send flow control packets to a remote device. on — (Optional) When used with receive, allows the local port to receive flow control traffic.
• • • • • • • • • • • • • precedence value — (Optional) Enter a precedence value for L3 precedence match criteria, from 0 to 7. ip-any — Enter the IPv4 or IPv6 match criteria. dscp dscp-value — (Optional) Enter a DSCP value for L3 DSCP match criteria, from 0 to 63. ecn ecn-value — (Optional) Enter a ECN value for ECN bit match criteria, from 0 to 3. precedence value — (Optional) Enter a precedence value for L3 precedence match criteria, from 0 to 7. ipv6 — Enter the IPv6 match criteria.
• • • ip-any — Enter to use both IPv4 and IPv6 as the match protocol. dscp dscp-value — Enter a DSCP value in single numbers, comma separated, or a hyphenated range, from 0 to 63. ecn ecn-value — (Optional) Enter a ECN value for ECN bit match criteria, from 0 to 3. Default Not configured Command Mode CLASS-MAP Usage Information You cannot enter two match statements with the same filter-type.
match vlan Configures a match criteria based on the VLAN ID number. Syntax match vlan vlan-id Parameters vlan-id — Enter a VLAN ID number, from 1 to 4093. Default Not configured Command Mode CLASS-MAP Usage Information You cannot enter two match statements with the same filter-type. If you enter two match statements with the same filter-type, the second statement overwrites the first statement. Example Supported Releases OS10(conf-cmap-qos)# match vlan 100 10.2.
Example Example (global and shared buffer) OS10(conf-pmap-c-nqos)# pause buffer-size 45 pause-threshold 25 resumethreshold 10 OS10(config)# policy-map type network-qos nqGlobalpolicy1 OS10(conf-cmap-nqos)# class CLASS-NAME OS10(conf-cmap-nqos-c)# pause buffer-size 45 pause-threshold 30 resumethreshold 30 OS10(config)# policy-map type network-qos nqGlobalpolicy1 OS10(conf-cmap-nqos)# class type network-qos nqclass1 OS10(conf-cmap-nqos-c)# pause buffer-size 45 pause-threshold 30 resumethreshold 10 Supporte
Usage Information This command configures the maximum size of the lossless buffer pool. The no version of this command removes the maximum buffer size limit. Example Supported Releases OS10(config-sys-qos)# pfc-max-buffer-size 2000 10.4.0E(R1) or later pfc-shared-buffer-size Changes the shared buffers size limit for priority flow-control enabled flows. Syntax pfc-shared-buffer-size buffer-size Parameters buffer-size — Enter the size of the priority flow-control buffer in KB, from 0 to 8911.
Parameters • • cir committed-rate — Enter a committed rate value in kilo bits per second, from 0 to 4000000. bc committed-burst-size — (Optional) Enter the committed burst size in packets for control plane policing and in KB for data packets, from 16 to 200000. pir peak-rate — Enter a peak-rate value in kilo bits per second, from 0 to 40000000. be peak-burst-size — (Optional) Enter a peak burst size in kilo bytes, from 16 to 200000.
Example Supported Releases OS10(config-pmap-c-que)# priority 10.2.0E or later priority-flow-control mode Enables or disables Priority Flow-Control mode on an interface. Syntax priority-flow-control mode [on] Parameters • Default Disabled Command Mode INTERFACE on — (Optional) Enables Priority Flow-Control mode. Usage Information Before enabling priority flow-control on a interface, verify a matching network-qos type policy is configured with the pfc-cos value for an interface.
Command Mode TRUST-MAP Usage Information If the trust map does not define DSCP values to any traffic class, those flows map to the default traffic class 0. If some of the DSCP values are already mapped to an existing traffic class, you will see an error. The no version of this command returns the value to the default. Example Supported Releases OS10(conf-tmap-dscp-qos)# qos-group 5 dscp 42 10.3.0E or later qos-map traffic-class Creates a user-defined trust map for queue mapping.
• • • • 45 KB (10G)/111 KB (40G) if the queue is priority flow control enabled • 2 KB (10G)/8 KB (40G) if the queue is lossy/link-level flow control • If this is a priority flow-control queue, this configuration is invalid • Only supported for POLICY-MAP-CLASS-MAP (pmap-c-queue) mode thresh-mode — (Optional) Buffer threshold mode. dynamic thresh-alpha-value — (Optional) Enter the value indexes to calculate the shared threshold to the enabled dynamic shared buffer threshold, from 0 to 10.
queue qos-group Configures a dot1p traffic class to a queue. Syntax queue number [qos-group dot1p-values] Parameters • • Default 0 Command Mode TRUST-MAP queue number — Enter the traffic single value queue ID, from 0 to 7. qos-group dot1p-values — (Optional) Enter either single, comma-delimited, or a hyphenated range of dot1p values, from 0 to 7. Usage Information If the trust map does not define traffic class values to a queue, those flows map to the default queue 0.
random-detect (queue) Assigns a WRED profile to the specified queue. Syntax random-detect wred-profile-name Parameters wred-profile-name — Enter the name of an existing WRED profile. Default Not configured Command Mode PMAP-C-QUE Usage Information The no version of this command removes the WRED profile from the queue. Example Supported Releases OS10(config)# policy-map type queuing p1 OS10(config-pmap-queuing)# class c1 OS10(config-pmap-c-que)# random-detect test_wred 10.4.
Supported Releases 10.4.0E(R1) or later random-detect ecn Enables ECN for the system globally. Syntax random-detect ecn Default Not configured Command Mode SYSTEM QOS Usage Information The no version of this command disables ECN globally. NOTE: This command enables ECN globally and is supported only on the S4200–ON Series platform. In the SYSTEM QOS mode, this command is not available on other platforms.
Supported Releases 10.4.0E(R1) or later service-policy Configures the input and output service policies. Syntax service-policy {input | output} [type {qos | queuing | network-qos}] policymap-name Parameters • • • • • • Default Not configured Command Mode INTERFACE input — Enter to assign a QoS policy to the interface input. output — Enter to assign a QoS policy to the interface output. qos — Enter to assign a qos type policy-map. queuing — Enter to assign the queuing type policy-map.
• yellow — (Optional) Enter to mark the packets to deliver to the egress queue. Default Not configured Command Mode POLICY-MAP-CLASS-MAP Usage Information This command supports only QoS ingress policy type. Packets marked as color yellow deliver to the egress queue, then the egress queue transmits the packets with the available bandwidth. If bandwidth is not available, the packets drop. All packets marked as color red drop. When class-map type is qos, the qos-group corresponds to data queues 0 to 7.
Supported Releases 10.2.0E or later show class-map Displays configuration details of all existing class-maps. Syntax show class-map [type {control-plane | qos | queuing | network-qos} class-mapname] Parameters • • • • • • Default Not configured Command Mode EXEC type — Enter the policy-map type — qos, queuing, or control-plane. qos — Displays all policy-maps of qos type. queuing — Displays all policy-maps of queuing type. network-qos — Displays all policy-maps of network-qos type.
48880 9 48880 10 48880 11 48880 12 48880 13 48880 14 48880 15 48880 16 48880 17 48880 18 48880 19 48880 20 20800 21 20800 22 20800 Supported Releases lossy 9216 static lossy 1664 static lossy 1664 static lossy 1664 static lossy 9216 static lossy 1664 static lossy 9216 static lossy 1664 static lossy 1664 static lossy 1664 static lossy 1664 static lossy 1664 static lossy 1664 static lossy 1664 static 10.4.
18 19 20 21 22 Supported Releases 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 10.4.2 and later show control-plane info Displays control-plane queue mapping and rate limits. Syntax show control-plane info Parameters None Default Not configured Command Mode EXEC Usage Information Monitors statistics for the control-plane and to troubleshoot CoPP.
Example Supported Releases OS10# show control-plane statistics Queue Packets Bytes Dropped Packets 0 0 0 0 1 0 0 0 2 0 0 0 3 0 0 0 4 0 0 0 5 0 0 0 6 3 204 0 7 6 408 0 8 0 0 0 9 0 0 0 10 0 0 0 11 0 0 0 12 0 0 0 13 0 0 0 14 0 0 0 15 0 0 0 16 0 0 0 17 0 0 0 18 0 0 0 19 0 0 0 20 0 0 0 21 0 0 0 22 0 0 0 OS10# 10.2.0E or later show hardware deep-buffer-mode Displays the status of Deep buffer mode in the current and next boot of the switch.
Next-boot Settings Supported Releases : Enabled 10.4.3.0 or later show interface priority-flow-control Displays the priority flow-control, operational status, CoS bitmap, and statistics per port. Syntax show interface ethernet node/slot/port[:subport] priority-flow-control [details] Parameters details — (Optional) Displays all priority flow control information for an interface.
Supported Releases 10.2.0E or later show policy-map Displays information on all existing policy-maps. Syntax show policy-map type {control-plane | qos | queuing | network-qos}] [policymap-name] Parameters • • • • • • Default Not configured Command Mode EXEC type — Enter the policy-map type — qos, queuing, or control-plane. qos — Displays all policy-maps of qos type. queuing — Displays all policy-maps configured of queuing type. network-qos — Displays all policy-maps configured of network-qos type.
Default Not configured Command Mode EXEC Usage Information None Example Supported Releases OS10# show qos egress buffers interface ethernet 1/1/1 Interface : ethernet1/1/1 Speed : 0 queue-number pool-type rsvd-buf-size threshold-mode threshold-value -----------------------------------------------------------------------0 lossy 1664 dynamic 8 1 lossy 1664 dynamic 8 2 lossy 1664 dynamic 8 3 lossless 0 static 12479488 4 lossy 1664 dynamic 8 5 lossy 1664 dynamic 8 6 lossy 1664 dynamic 8 7 lossy 1664 dynam
show qos egress buffer-stats interface Displays the buffers statistics for the egress interface. Syntax show qos egress buffer-stats interface [interface node/slot/port[:subport]] [detail] Parameters • • • Default Not configured Command Mode EXEC interface — (Optional) Enter the interface type. node/slot/port[:subport] — (Optional) Enter the port information. detail — Displays per MMU egress buffer statistics in platforms with multiple MMU instances such as Z9100-ON, Z9264F-ON, and MX9116n.
show qos ingress buffers interface Displays interface buffer configurations. Syntax show qos ingress buffers interface [interface node/slot/port[:subport]] Parameters • • Default Not configured Command Mode EXEC interface — (Optional) Enter the interface type. node/slot/port[:subport] — (Optional) Enter the port information.
3 4 5 6 7 Supported Releases 0 0 0 0 0 0 0 0 0 0 10.4.3.0 or later show qos ingress buffer-stats interface Displays the buffers statistics for the ingress interface. Syntax show qos ingress buffer-stats interface [interface node/slot/port[:subport]] [detail] Parameters • • • Default Not configured Command Mode EXEC interface — (Optional) Enter the interface type. node/slot/port[:subport] — (Optional) Enter the port information.
Queue Traffic-Class -------------------------1 5 2 6 3 7 OS10# show qos maps type trust-map-dot1p dot1p-trustmap1 DOT1P Priority to Traffic-Class Map : dot1p-trustmap1 Traffic-Class DOT1P Priority ------------------------------0 2 1 3 2 4 3 5 4 6 5 7 6 1 OS10# show qos maps type trust-map-dscp dscp-trustmap1 DSCP Priority to Traffic-Class Map : dscp-trustmap1 Traffic-Class DSCP Priority ------------------------------0 8-15 2 16-23 1 0-7 OS10# show qos maps Traffic-Class to Queue Map: queue-map1 Queue Traffi
Traffic-Class Queue number ------------------------------0 0 1 1 2 2 3 3 4 4 5 5 6 6 7 7 OS10# Example (dscp) OS10# show qos trust-map dscp new-dscp-map new-dscp-map qos-group Dscp Id ------------------0 0-7 1 8-15 2 16-23 3 24-31 4 32-39 5 40-47 6 48-55 7 56-63 Supported Releases 10.3.0E or later show qos maps (Z9332F-ON) Displays the QoS maps configuration of the dot1p-to-traffic class, DSCP-to-traffic class, and traffic-class to queue mapping in the device.
show qos port-map details Displays port to port pipe and MMU mapping. Syntax show qos port-map details [interface interface-type] Parameters interface interface-type — (Optional) Enter the keyword interface and the interface type. Default Not configured Command Mode EXEC Usage Information On the Z9100–ON, Z9264F–ON, and MX9116n platforms, interfaces are shared across port pipes and port pipes are shared across Memory Management Units (MMUs).
Eth 1/1/23 0 0, 1 0, 2 down Eth 1/1/24 0 0, 1 0, 2 down Eth 1/1/25 3 0, 1 1, 3 up Eth 1/1/26 3 0, 1 1, 3 down Eth 1/1/27 3 0, 1 1, 3 down Eth 1/1/28 3 0, 1 1, 3 down Eth 1/1/29 0 0, 1 0, 2 down Eth 1/1/30 0 0, 1 0, 2 down Eth 1/1/31 0 0, 1 0, 2 down Eth 1/1/32 0 0, 1 0, 2 down Eth 1/1/33 1 2, 3 0, 2 up Eth 1/1/34 2 2, 3 1, 3 up View information for a single interface: OS10# show qos port-map details interface ethernet 1/1/1 ------------------------
Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth 1/1/19:1 1/1/19:2 1/1/19:3 1/1/19:4 1/1/21:1 1/1/21:2 1/1/21:3 1/1/21:4 1/1/23 1/1/24 1/1/25:1 1/1/25:2 1/1/25:3 1/1/25:4 1/1/27:1 1/1/27:2 1/1/27:3 1/1/27:4 1/1/29:1 1/1/29:2 1/1/29:3 1/1/29:4 1/1/31 1/1/32 1/1/33 1/1/34 1/1/35:1
View information for a single interface: OS10# show qos port-map details interface ethernet 1/1/1 --------------------------------------------------------------------------Interface Port Pipe Ingress MMU Egress MMU Oper Status --------------------------------------------------------------------------Eth 1/1/1:1 0 0, 1 0, 2 up MX9116n fabric engine: OS10# show qos port-map details --------------------------------------------------------------------------Interface Port Pipe Ingress MMU Egress MMU Oper Status
Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth 1/1/26:4 1/1/27:1 1/1/27:2 1/1/27:3 1/1/27:4 1/1/28:1 1/1/28:2 1/1/28:3 1/1/28:4 1/1/29:1 1/1/29:2 1/1/29:3 1/1/29:4 1/1/30:1 1/1/30:2 1/1/30:3 1/1/30:4 1/1/31:1 1/1/31:2 1/1/31:3 1/1/31:4 1/1/32:1 1/1/32:2 1/1/32:3 1/1/32:4 1/1/33:1 1/1/33:2 1/1/33:3 1/1/33:4 1/1/34:1 1/1/34:2 1/1/34:3 1/1
show qos-rate-adjust Displays the status of the rate adjust limit for policing and shaping. Syntax show qos-rate-adjust Parameters None Default Not configured Command Mode EXEC Usage Information Not applicable for the S4200-ON series switches. Example OS10# show qos-rate-adjust QoS Rate adjust configured for Policer and Shaper (in bytes) : 10 Supported Releases 10.4.3.0 or later show qos service-pool buffer-statistics-tracking Displays service-pool level peak buffer usage count in bytes.
Supported Releases 10.4.1.0 or later show qos system buffers Displays the system buffer configurations and utilization. Syntax show qos system {ingress | egress} buffers [detail] Parameters detail — Displays system buffers per MMU level in platforms that support multiple MMU instances such as the Z9100-ON, Z9264F-ON, and MX9116n.
Total shared CPU buffers Total used shared CPU buffers - 558 - 0 The following command is supported on platforms such as the Z9100-ON, Z9264F-ON, and MX9116n: OS10# show qos system egress buffer detail All values are in kb Total buffers Total lossless buffers Total shared lossless buffers Total used shared lossless buffers Total lossy buffers Total shared lossy buffers Total used shared lossy buffers MMU 0 Total lossy buffers Total shared lossy buffers Total used shared lossy buffers MMU 1 Total lossy buf
profile1 | 10 100 100 | | | | Off| -------------|-----------------------|---------------------|--------------------|--------|-----| profile2 | | | | | On| |-----------------------|---------------------|--------------------|--------|-----| Color Blind ECN Thd| 100 1000 100 | -------------|-----------------------|---------------------|--------------------|--------|-----| Supported Releases show queuing statistics Displays QoS queuing statistics information.
Supported Releases 10.2.0E or later system qos Enters SYSTEM-QOS mode to configure system-level QoS configurations. Syntax system qos Parameters None Default Not configured Command Mode CONFIGURATION Usage Information None Example Supported Releases OS10(config)# system qos OS10(config-sys-qos)# 10.2.0E or later trust dot1p-map Creates a user-defined trust map for dot1p flows. Syntax trust dot1p-map map-name Parameters map-name — Enter the name of the dot1p trust map.
trust-map Configures trust map on an interface or on a system QoS. Syntax trust—map {dot1p | dscp} {default | trust-map-name} Parameters • • • • Default Disabled Command Mode INTERFACE dot1p — Apply dot1p trust map. dscp — Apply dscp trust map. default — Apply default dot1p or dscp trust map. trust-map-name — Enter the name of trust map. SYSTEM-QoS Usage Information Use the show qos maps type [tc-queue | trust-map-dot1p | trust-map-dscp] [trustmap-name] command to view the current trust mapping.
22 Virtual Link Trunking Virtual Link Trunking (VLT) is a Layer 2 aggregation protocol used between an end device such as a server and two or more connected network devices. VLT helps to aggregate ports terminating on multiple switches. OS10 currently supports VLT port channel terminations on two different switches. VLT: • • • • • • • • • Provides node-level redundancy by using the same port channel terminating on multiple upstream nodes.
Optimized forwarding with VRRP To ensure the same behavior on both sides of the VLT nodes, VRRP requires state information coordination. VRRP Active-Active mode optimizes L3 forwarding over VLT. By default, VRRP Active-Active mode is enabled on all the VLAN interfaces. VRRP Active-Active mode enables each peer to locally forward L3 packets, resulting in reduced traffic flow between peers over the VLTi link. Spanning-Tree Protocol VLT ports support RSTP, RPVST+, and MSTP.
VLT interconnect A VLT interconnect (VLTi) synchronizes states between VLT peers. OS10 automatically adds VLTi ports to VLANs spanned across VLT peers, but does not add VLTi ports to VLANs configured on only one peer. • • • • • • VLAN ID 4094 is reserved as an internal control VLAN for the VLT domain, and it is not user configurable. Port-channel 1000 is reserved for the VLTi link and is not user configurable. The VLTi synchronizes L2 and L3 control-plane information across the two nodes.
With graceful LACP, VLT Peer A sends graceful LACP PDUs out to all VLT member ports, as shown: These PDUs notify the server to direct the traffic to VLT Peer B hence minimizing traffic loss.
Configure VLT Verify that both VLT peer devices are running the same operating system version. For VRRP operation, configure VRRP groups and L3 routing on each VLT peer. Configure the following settings on each VLT peer device separately: 1. To prevent loops in a VLT domain, Dell EMC Networking recommends enabling STP globally using the spanning-tree mode command. Enabling STP prevents accidental loops that faulty wiring causes. 2.
Configure a Spanning Tree Protocol Dell EMC Networking recommends configuring one of the supported spanning tree protocols (MSTP, RSTP, or RPVST+) on both VLT peers. Use a spanning tree protocol for initial loop prevention during the VLT startup phase and for orphan ports. Configure the spanning tree protocol in the network before you configure VLT on peer switches. NOTE: RPVST+ is enabled by default. RPVST+ configuration Configure RPVST+ on both the VLT peers.
VFP(VirtualFabricPort) of vlan 100 is Designated Blocking Edge port: No (default) Link type: point-to-point (auto) Boundary: No, Bpdu-filter: Disable, Bpdu-Guard: Disable, Shutdown-on-Bpdu-Guard-violation: No Root-Guard: Disable, Loop-Guard: Disable Bpdus (MRecords) Sent: 7, Received: 9 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID -----------------------------------------------------------------------------------------------------------VFP(VirtualFabricPort) 0.1 0 1 BLK 0 4196 90b1.
View STP virtual interface detail OS10# show spanning-tree virtual-interface detail Port 1 (VFP(VirtualFabricPort)) of RSTP 1 is designated Forwarding Port path cost 1, Port priority 0, Port Identifier 0.1 Designated root priority: 32768, address: 00:78:76:14:60:62 Designated bridge priority: 32768, address: 00:78:76:14:60:62 Designated port ID: 0.
Bpdus (MRecords) Sent: 387, Received: 16 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID --------------------------------------------------------------------------------------------------VFP(VirtualFabricPort) 0.1 0 1 FWD 0 32768 3417.ebf2.a8c4 0.
Configure the VLTi Before you configure the VLTi on peer interfaces, remove each interface from L2 mode with the no switchport command. For more information, see the VLT interconnect section. 1. Enter the VLT domain ID to enter from CONFIGURATION mode. vlt-domain domain-id 2. Configure one or a hyphen-separated range of VLT peer interfaces to become a member of the VLTi in INTERFACE mode. discovery-interface {ethernet node/slot/port[:subport] | ethernet node/slot/port[:subport] -node/slot/port[:subport]} 3.
the VLT port restoration timer expires. The delay restore timer enables both VLT peers to synchronize the control information with each other. The default timer is 90 seconds. You can use the delay-restore seconds command to modify the duration of the timer. Example: OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# delay-restore 100 Configure the VLT peer liveliness check The VLT peer liveliness mechanism checks for the availability of the peer node.
Support for new streams during VLTi failure If the VLTi fails, MAC addresses that are learned after the failure are not synchronized with VLT peers. Thus, the VLTi failure leads to continuous flooding of traffic instead of unicast. If the VLTi links fail, MAC and ARP synchronization does not happen. As a result, the system floods L2 packets and drops L3 packets.
When the VLT backup link is enabled, the secondary VLT Peer 2 identifies the node liveliness through the backup link. If the primary is up, the secondary peer brings down VLT port channels. Now the traffic from Host 1 reaches VLT Peer 1 and then reaches the destination, that is Host 2.
Role of VLT backup link in the prevention of loops during VLTi failure When the VLTi is down, STP may fail to detect any loops in the system, which creates a data loop in an L2 network. In the following figure, STP is running in all three switches: In the steady state, VLT Peer 1 is elected as the root bridge. When the VLTi is down, both the VLT nodes become primary. In this state, VLT Peer 2 sends STP BPDU to TOR assuming that TOR sends BPDU to VLT Peer 1.
When the VLT backup link is enabled, the secondary VLT peer identifies the node liveliness of primary through the backup link. If the primary VLT peer is up, the secondary VLT peer brings down the VLT port channels. In this scenario, the STP opens up the orphan port and there is no loop in the system as shown in the following figure: Configure a VLT port channel A VLT port channel, also known as a virtual link trunk, links an attached device and VLT peer switches.
Configure VLT port channel — peer 1 OS10(config)# interface port-channel 20 OS10(conf-if-po-20)# vlt-port-channel 20 Configure VLT port channel — peer 2 OS10(config)# interface port-channel 20 OS10(conf-if-po-20)# vlt-port-channel 20 Configure VLT peer routing VLT peer routing enables optimized routing where packets destined for the L3 endpoint of the VLT peer are locally routed. VLT supports unicast routing of both IPv4 and IPv6 traffic. To enable VLT unicast routing, both VLT peers must be in L3 mode.
Configure symmetric VRRP with the same VRRP group ID and virtual IP in VLANs stretched or spanned across data centers. VMs use the VRRP Virtual IP address of the VLAN as Gateway IP. As the VLAN configurations are symmetric across data centers, you can move the VMs from one data center to another. You must assign the same VRRP group IDs to the VLANs in L3 mode, with VRRP in Active-Active mode.
• Configure VLT port channel for VLAN 100: C1(config)# interface port-channel 10 C1(conf-if-po-10)# vlt-port-channel 10 C1(conf-if-po-10)# switchport mode trunk C1(conf-if-po-10)# switchport trunk allowed vlan 100 C1(conf-if-po-10)# exit • Add members to port channel 10: C1(config)# interface C1(conf-if-eth1/1/3)# C1(conf-if-eth1/1/3)# C1(config)# interface C1(conf-if-eth1/1/4)# C1(conf-if-eth1/1/4)# • ethernet 1/1/3 channel-group 10 exit ethernet 1/1/4 channel-group 10 exit Configure OSPF on L3 side
D1(conf-router-ospf-100)# exit D1(config)# interface vlan 200 D1(conf-if-vl-200)# ip ospf 100 area 0.0.0.
Sample configuration of D2: • Configure VRRP on L2 links between core routers: D2(config)# interface vlan 100 D2(conf-if-vl-100)# ip address 10.10.100.4/24 D2(conf-if-vl-100)# vrrp-group 10 D2(conf-vlan100-vrid-10)# virtual-address 10.10.100.
• View detailed information about VLT ports in EXEC mode. show vlt domain-id vlt-port-detail • View the current configuration of all VLT domains in EXEC mode. show running-configuration vlt VLT commands backup destination Configures the VLT backup link for heartbeat timers. Syntax backup destination {ip-address | ipv6 ipv6–address} [vrf management] [interval interval-time] Parameters • • • • ip-address — Enter the IPv4 address of the backup link.
discovery-interface Configures the interface to discover and connect to a VLT peer in the VLT interconnect (VLTi) link between peers. Syntax discovery-interface {ethernet node/slot/port[:subport]} Parameters ethernet — Enter the Ethernet interface information for the port on a VLT peer. You can also enter a range of interfaces separated by hyphens and commas.
Supported Releases 10.3.0E or later primary-priority Configures the priority when selecting the primary and secondary VLT peers during the election. Syntax primary-priority value Parameters value — Enter a lower value than the priority value of the remote peer. The range is from 1 to 65535. The default value is 32768. Default 32768.
Supported Releases 10.2.0E or later show spanning-tree virtual-interface Displays STP, RPVST+, and MSTP information specific to the VLTi. Syntax show spanning-tree virtual-interface [detail] Parameters detail—(Optional) Displays detailed output.
Example (MSTP information) OS10# show spanning-tree virtual-interface VFP(VirtualFabricPort) of MSTI 0 is Designated Forwarding Edge port: No (default) Link type: point-to-point (auto) Boundary: Yes, Bpdu-filter: Disable, Bpdu-Guard: Disable, Shutdown-on-Bpdu-Guard-violation: No Root-Guard: Disable, Loop-Guard: Disable Bpdus (MRecords) Sent: 387, Received: 16 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID --------------------------------------------------------------------------------
Delay-Restore timer : Peer-Routing : Peer-Routing-Timeout timer : VLTi Link Status port-channel1000 : 100 seconds Enabled 9999 seconds up VLT Peer Unit ID System MAC Address Status IP Address Version ---------------------------------------------------------------------------------2 34:17:eb:3a:c2:80 up fda5:74c8:b79e:1::2 2.0 Supported Releases 10.2.
MAC 00:00:00:00:00:02 VLAN 132 ---------MAC 00:00:00:00:00:02 VLAN 135 ---------MAC 00:00:00:00:00:02 VLAN 137 ---------MAC 00:00:00:00:00:02 is missing from Node(s) 2 is missing from Node(s) 2 is missing from Node(s) 2 is missing from Node(s) 2 Run "show vlt mismatch ..." commands to identify configuration issues Supported Releases 10.2.0E or later show vlt mismatch Displays mismatches in a VLT domain configuration.
* 1 2 Example (mismatch peer routing) Example (mismatch VLAN) Example (mismatch VLT VLAN) Example (mismatch — Virtual Network (VN) name not available in the peer) Example (mismatch of VLTi and VLAN) Example (mismatch of VN mode) Example (mismatch of port and VLAN list) 1 2 OS10# show vlt 1 mismatch peer-routing Peer-routing mismatch: VLT Unit ID Peer-routing ----------------------------------* 1 Enabled 2 Disabled OS10# show vlt 1 mismatch vlan VLT Unit ID Mismatch VLAN List -------------------------
Example (mismatch of untagged interfaces) Example (Anycast MAC address) OS10# show vlt all mismatch virtual-network Virtual Network: 104 VLT Unit ID Mismatch Untagged VLT Port-channel List -----------------------------------------------------1 10 * 2 show vlt 1 mismatch virtual-network Interface virtual-network Anycast-mac mismatch: VLT Unit ID Anycast-MAC ------------------------------------1 00:01:02:03:04:051 * 2 00:01:02:03:04:055 Example (Anycast MAC address not available on one of the peers) Examp
1 * 2 10.16.128.25 10.16.128.20 Virtual-network: 20 VLT Unit ID Anycast-IP ------------------------------------1 10.16.128.26 * 2 ABSENT Virtual-network: 30 VLT Unit ID Anycast-IP ------------------------------------1 ABSENT * 2 10.16.128.
Example Supported Releases OS10# show vlt 1 vlt-port-detail Vlt-port-channel ID : 1 VLT Unit ID Port-Channel Status Configured ports Active ports --------------------------------------------------------------------* 1 port-channel1 down 2 0 2 port-channel1 down 2 0 VLT ID : 2 VLT Unit ID Port-Channel Status Configured ports Active ports --------------------------------------------------------------------* 1 port-channel2 down 1 0 2 port-channel2 down 1 0 VLT ID : 3 VLT Unit ID Port-Channel Status Configur
vlt-mac Configures a MAC address for all peer switches in a VLT domain. Syntax vlt-mac mac-address Parameters mac-address — Enter a MAC address for the topology in nn:nn:nn:nn:nn:nn format. Default Not configured Command Mode VLT-DOMAIN Usage Information Use this command to minimize the time required to synchronize the default MAC address of the VLT domain on both peer devices when one peer switch reboots.
23 Uplink Failure Detection Uplink failure detection (UFD) indicates the loss of upstream connectivity to servers connected to the switch. A switch provides upstream connectivity for devices, such as servers. If the switch loses upstream connectivity, the downstream devices also lose connectivity. However, the downstream devices do not generally receive an indication that the upstream connectivity was lost because connectivity to the switch is still operational. To solve this issue, use UFD.
Configure uplink failure detection Consider the following before configuring an uplink-state group: • • • • • • • • • • You can assign a physical port or a port channel to an uplink-state group. You can assign an interface to only one uplink-state group at a time. You can designate the uplink-state group as either an upstream or downstream interface, but not both. You can configure multiple uplink-state groups and operate them concurrently.
1. Create an uplink-state group in CONFIGURATION mode. uplink-state-group group-id 2. Configure the upstream and downstream interfaces in UPLINK-STATE-GROUP mode. upstream {interface-type | interface-range[ track-vlt-status ] | VLTi} downstream {interface-type | interface-range} 3. (Optional) Disable uplink-state group tracking in UPLINK-STATE-GROUP mode. no enable 4. (Optional) Provide a descriptive name for the uplink-state group in UPLINK-STATE-GROUP mode. name string 5.
Uplink State Group : 1 Name: iscsi_group, Status: Enabled, Up Upstream Interfaces : eth1/1/35(Up) *po10(V:Up, ^P:Dwn) VLTi(NA) Downstream Interfaces : eth1/1/2(Up) *po20(V: Up,P: Up) OS10#show uplink-state-group 2 detail (Up): Interface up (Dwn): Interface down (Dis): Interface disabled (NA): Not Available *: VLT port-channel, V: VLT status, P: Peer Operational status ^: Tracking status Uplink State Group : 1 Name: iscsi_group, Status: Enabled, Up Upstream Interfaces : eth1/1/36(Up) *po30(^V:Up, P:Dwn) VLTi
Event VLT action on primary node VLT action on secondary node UFD action channel remains disabled until the timer expires. After the timer expires, UFD receives operationally up of upstream VLT port-channel and sends clear errordisable of downstream VLT port-channel to IFM. Reboot of VLT primary peer Primary becomes secondary peer and runs delay restore timer Secondary becomes primary UFD error-disables the downstream VLT port-channel as the upstream VLT portchannel is operationally down.
In the following example, the upstream member is part of VLT port-channel and the downstream member is an orphan port. The uplinkstate group includes the VLT port-channel, VLT node, and the downstream port. The configuration is symmetric on both the VLT nodes. In the following example, the downstream member is part of VLT port-channel and the upstream member is an orphan port. The uplinkstate group includes the VLT port-channel, VLT node, and the upstream port.
OS10 does not support adding a VLTi link member to the uplink-state group. You can add the VLTi link as upstream member to an uplinkstate group using the upstream VLTi command. If the VLTi link is not available in the system, OS10 allows adding the VLTi link as an upstream member. In this case, UFD starts tracking the operational status of the VLTi link when the link is available. Until the VLTi link is available, the show uplink-state-group details command displays the status of the link as NA.
Parameters • • Default None Command Mode EXEC interface-type — Enter the interface type. group-id — Enter the uplink state group ID, from 1 to 32. Usage Information This command manually brings up a disabled downstream interface that is in an UFD-disabled error state. After the downstream interface is up, it is not disabled until there are changes in the upstream interfaces. This command does not affect downstream interfaces that are already up or interfaces that are not part of the UFD group.
downstream auto-recover Enables auto-recovery of the disabled downstream interfaces. Syntax downstream auto-recover Parameters None Default Enabled Command Mode UPLINK-STATE-GROUP Usage Information The no version of this command disables the auto-recovery of downstream interfaces. Example Supported Releases OS10(config)# uplink-state-group 1 OS10(conf-uplink-state-group-1)# no downstream auto-recover 10.4.1.
name Configures a descriptive name for the uplink-state group. Syntax name string Parameters string — Enter a description for the uplink-state group. A maximum of 32 characters. Default Not configured Command Mode UPLINK-STATE-GROUP Usage Information The no version of this command removes the descriptive name. Example Supported Releases OS10(config)# uplink-state-group 1 OS10(conf-uplink-state-group-1)# name test_ufd_group 10.4.
Uplink State Group: 9, Status: Enabled,down OS10# Example (detail) OS10# show uplink-state-group detail (Up): Interface up (Dwn): Interface down Uplink State Group : Defer Time : Upstream Interfaces : Downstream Interfaces: Eth 1/1/4(Dwn) (Dis): Interface disabled 1 Status : Enabled,up Name : UFDGROUP1 10 second(s) Eth 1/1/7:1(Up) Eth 1/1/1(Dwn) Eth 1/1/2(Dwn) Eth 1/1/3(Dwn) Eth 1/1/5(Dwn) Eth 1/1/9:2(Dwn) Eth 1/1/9:3(Dwn) OS10# show uplink-state-group 2 detail (Up): Interface up (Dwn): Interface do
Usage Information The no version of this command removes the uplink-state group. Example Supported Releases OS10(config)# uplink-state-group 1 10.4.0E(R3) or later upstream Adds an interface or a range of interfaces as an upstream interface to the uplink-state group. Syntax upstream {interface-type | interface-range [ track-vlt-status ] | VLTi} Parameters • • • • Default When you add an upstream member without the track-vlt-status option, the operational status is tracked by default.
24 Converged data center services OS10 supports converged data center services, including IEEE 802.1 data center bridging (DCB) extensions to classic Ethernet. DCB provides I/O consolidation in a data center network. Each network device carries multiple traffic classes while ensuring lossless delivery of storage traffic with best-effort for local area network (LAN) traffic and latency-sensitive scheduling of service traffic. • • • 802.1Qbb — Priority flow control 802.
PFC configuration notes • • • PFC is supported for 802.1p, dot1p priority traffic, from 0 to 7. FCoE traffic traditionally uses dot1p priority 3 — iSCSI storage traffic uses dot1p priority 4. Configure PFC for ingress traffic by using network-qos class and policy maps. For more information, see Quality of service. PFCenabled traffic queues are treated as lossless queues. Configure the same network-qos policy map on all PFC-enabled ports.
Decide if you want to use the default traffic-class-queue mapping or configure a nondefault traffic-class-to-queue mapping. Traffic Class : 0 Queue : 0 1 1 2 2 3 3 4 4 5 5 6 6 7 7 If you are using the default traffic-class-to-queue map, no further configuration steps are necessary. 1. Create a traffic-class-to-queue map in CONFIGURATION mode. Assign a traffic class (qos-group) to a queue in QOS-MAP mode using 1-to-1 mappings. For a PFC traffic class, map only one qos-group value to a queue number.
2 3 4 5 6 7 2 3 4 5 6 7 Both Both Both Both Both Both View the interface PFC configuration OS10# show interface ethernet 1/1/1 priority-flow-control details ethernet1/1/1 Admin Mode : true Operstatus: true PFC Priorities: 4 Total Rx PFC Frames: 0 Total Tx PFC frames: 0 Cos Rx Tx --------------------------------------0 0 0 1 0 0 2 0 0 3 0 0 4 0 0 5 0 0 6 0 0 7 0 0 Configure PFC PFC provides a pause mechanism that is based on the 802.1p priorities in ingress traffic.
3. Configure default values for ingress buffers used for the network-qos class maps in POLICY-CLASS-MAP mode. pause (Optional) Change the default values for the ingress-buffer size that is reserved for the network-qos class-map traffic and the thresholds that are used to send XOFF and XON pause frames in kilobytes. pause [buffer-size kilobytes {pause-threshold kilobytes | resume-threshold kilobytes}] 4. Enable the PFC pause function for dot1p traffic in POLICY-CLASS-MAP mode.
OS10(conf-if-eth1/1/1)# priority-flow-control mode on OS10(conf-if-eth1/1/1)# no shutdown View PFC configuration and operational status OS10(conf-if-eth1/1/1)# do show interface ethernet 1/1/1 priority-flow-control details ethernet1/1/1 Admin Mode : true Operstatus: true PFC Priorities: 3,4 Total Rx PFC Frames: 300 Total Tx PFC frames: 200 Cos Rx Tx ------------------------0 0 0 1 0 0 2 0 0 3 300 200 4 0 0 5 0 0 6 0 0 7 0 0 View PFC ingress buffer configuration OS10# show qos ingress buffers interface ether
Total shared lossy buffers Total used shared lossy buffers - 11192 - 0 OS10# show qos system egress buffer All values are in kb Total buffers - 12187 Total lossless buffers - 0 Total shared lossless buffers - 0 Total used shared lossless buffers Total lossy buffers - 11567 Total shared lossy buffers - 9812 Total used shared lossy buffers - 0 Total CPU buffers - 620 Total shared CPU buffers - 558 Total used shared CPU buffers - 0 View PFC ingress buffer statistics OS10(config)# show qos ingress buffer-stat
Command Mode POLICY-CLASS NETWORK-QOS Usage Information Use the pause command without optional parameters to apply the default ingress-buffer size, and pause (XON) and resume (XOFF) thresholds. Default values for the buffer-size, pause-threshold and resumethreshold parameters vary across interface types and port speeds. The default values are based on the default MTU size of 9216 bytes.
Example Supported Releases OS10(config)# system qos OS10(conf-sys-qos)# pause-shared-buffer-size 1024 10.3.0E or later priority-flow-control Enables PFC on ingress interfaces. Syntax priority-flow-control {mode on} Parameter mode on — Enable PFC for FCoE and iSCSI traffic on an interface without enabling DCBX. Default Disabled Command Mode INTERFACE Usage Information Before you enable PFC, apply a network-qos policy-class map with the specific PFC dot1p priority values to the interface.
Default Not configured Command Mode EXEC Usage Information Use the details option to display PFC statistics on received/transmitted frames for each dot1p CoS value. Use the clear qos statistics interface ethernet 1/1/1 command to delete PFC statistics and restart the counter.
• • • • • Trust maps — OS10 interfaces do not honor the L2 and L3 priority fields in ingress traffic by default. Create a trust map to honor dot1p and DSCP classes of lossless traffic. A trust map does not change ingress dot1p and DSCP values in egress flows. In a trust map, assign a qos-group traffic class to trusted dot1p/DSCP values. A qos-group number is used only internally to schedule classes of ingress traffic.
(Optional) To configure a queue as strict-priority, use the priority command. Packets scheduled to a strict priority queue are transmitted before packets in nonpriority queues. policy—map type queuing policy—map-name class class—map-name priority 6. Apply the trust maps for dot1p and DSCP values, and the traffic class-queue mapping globally on the switch in SYSTEM-QOS mode or on an interface or interface range in INTERFACE mode.
OS10(config)# system qos OS10(config-sys-qos)# trust-map dot1p dot1p_map1 OS10(config-sys-qos)# trust-map dscp dscp_map1 OS10(config-sys-qos)# qos-map traffic-class tc-q-map1 OS10(config-sys-qos)# ets mode on OS10(config-sys-qos)# service-policy output type queuing p1 View ETS configuration OS10# show qos interface ethernet 1/1/1 Interface unknown-unicast-storm-control : Disabled multicast-storm-control : Disabled broadcast-storm-control : Disabled flow-control-rx : Disabled flow-control-tx : Disabled ets m
• • PFC configuration and application-priority configuration ETS configuration and ETS recommendation This sample DCBX topology shows two 40GbE ports on a switch that are configured as DCBX auto-upstream ports and used as uplinks to top-of-rack (ToR) switches. The ToR switches are part of a fiber channel storage network. DCBX configuration notes • • • • • • • • • To exchange link-level configurations in a converged network, DCBX is a prerequisite for using DCB features, such as PFC and ETS.
1. Configure the DCBX version used on a port in INTERFACE mode. dcbx version {auto | cee | ieee} • auto — Automatically selects the DCBX version based on the peer response, the default. • cee — Sets the DCBX version to CEE. • ieee — Sets the DCBX version to IEEE 802.1Qaz. 2. (Optional) A DCBX-enabled port advertises all TLVs by default. If PFC or ETS TLVs is disabled, enter the command in INTERFACE mode to reenable PFC or ETS TLV advertisements.
Total Total Total Total DCBX DCBX DCBX DCBX Frames transmitted 538 Frames received 220 Frame errors 0 Frames unrecognized 0 View DCBX PFC TLV status OS10# show lldp dcbx interface ethernet 1/1/15 pfc detail Interface ethernet1/1/15 Admin mode is on Admin is enabled, Priority list is 4,5,6,7 Remote is enabled, Priority list is 4,5,6,7 Remote Willing Status is disabled Local is enabled, Priority list is 4,5,6,7 Oper status is init PFC DCBX Oper status is Up State Machine Type is Feature PFC TLV Tx Status i
Local is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3 70% ETS 1 4,5,6,7 30% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP 15 0% SP Oper status is init ETS DCBX Oper status is Up State Machine Type is Feature Conf TLV Tx Status is enabled Reco TLV Tx Status is disabled 220 Input Conf TLV Pkts, 396 Output Conf TLV Pkts, 0 Error Conf TLV Pkts DCBX commands dcbx enable Enables DCBX globally on all port interfaces.
Example Supported Releases OS10(conf-if-eth1/1/2)# dcbx tlv-select ets-conf pfc 10.3.0E or later dcbx version Configures the DCBX version that is used on a port interface. Syntax dcbx version {auto | cee | ieee} Parameters • • • Default Auto Command Mode INTERFACE auto — Automatically select the DCBX version based on the peer response. cee — Set the DCBX version to CEE. ieee — Set the DCBX version to IEEE 802.1Qaz.
Usage Information Enable DCBX before using this command. DCBX advertises all TLVs — PFC, ETS Recommendation, ETS Configuration, DCBXP, and basic TLVs by default. Enter a port range to display DCBX configuration and TLV operation on multiple ports. NOTE: In the command output, the Is configuration source parameter always displays False. Configuration source is the type of port role that is not supported.
Remote Willing Status is disabled Local Parameters : ------------------Local is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3 70% ETS 1 4,5,6,7 30% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP Oper status is init ETS DCBX Oper status is Up State Machine Type is Asymmetric Conf TLV Tx Status is enabled Reco TLV Tx Status is enabled 5 Input Conf TLV Pkts, 2 Output Conf TLV Pkts, 0 Error Conf TLV Pkts 5 Input Reco TLV Pkts, 2 Output Reco TLV Pkts, 0 Erro
In an iSCSI session, a switch connects CNA servers (iSCSI initiators) to a storage array (iSCSI targets) in a SAN or TCP/IP network. iSCSI optimization running on the switch uses dot1p priority-queue assignments to ensure that iSCSI traffic receives priority treatment. iSCSI configuration notes • • • • Enable iSCSI optimization so the switch autodetects and autoconfigures Dell EMC EqualLogic storage arrays that are directly connected to an interface.
2. Enable the interface to support a storage device that is directly connected to the port and not automatically detected by iSCSI. Use this command for storage devices that do not support LLDP. The switch autodetects and autoconfigures Dell EMC EqualLogic storage arrays that are directly connected to an interface when you enable iSCSI optimization. iscsi profile-storage storage-device-name 3.
OS10(config-sys-qos)# service-policy type application policy-iscsi OS10(config-sys-qos)# exit OS10(config)# OS10(config)# OS10(config)# OS10(config)# iscsi iscsi iscsi iscsi session-monitoring enable aging time 15 priority-bits 0x20 enable View iSCSI optimization OS10# show iscsi iSCSI Auto configuration is Enabled iSCSI session monitoring is Enabled iSCSI COS qos-group 4 remark dot1p 4 Session aging time 15 Maximum number of connections is 100 Port IP Address -----------------------3260 860 3261 10.1.1.
• When a VLT interconnect comes up, information about iSCSI sessions learned on the VLT LAG exchanges between the VLT-peers. iSCSI commands iscsi aging Sets the aging time for monitored iSCSI sessions. Syntax iscsi aging [time minutes] Parameters time minutes — Enter the aging time in minutes allowed for monitoring iSCSI sessions, from 5 to 43,200.
frames for dot1p 4 traffic using the pfc-cos dot1p-priority command. The no version of this command resets to the default value. Example Supported Releases OS10(config)# iscsi priority-bits 0x20 10.3.0E or later iscsi profile-storage Configures a port for direct connection to a storage device that is not automatically detected by iSCSI. Syntax iscsi profile-storage storage-device-name Parameter storage-device-name — Enter a user-defined name of a storage array that iSCSI does not automatically detect.
Usage Information You can configure a maximum of 16 TCP ports to monitor iSCSI traffic from target storage devices. The no version of this command including the IP address deletes a TCP port from iSCSI monitoring. Example Supported Releases OS10(config)# iscsi target port 26,40 10.3.0E or later lldp tlv-select dcbxp-appln iscsi Enables a port to advertise iSCSI application TLVs to DCBX peers.
Parameter detailed — Displays a detailed version of the active iSCSI sessions. Command Mode EXEC Usage Information In an iSCSI session, Target is the storage device, and Initiator is the server that is connected to the storage device. Example Example (detailed) OS10# show iscsi session OS10# show iscsi session detailed Session 1 -----------------------------------------------Target:iqn.2001-05.com.equallogic:0-8a0906-00851a00c-98326939fba510a1-517 Initiator:iqn.1991-05.com.
• • • • • Separate traffic classes for the different service needs of network applications. PFC flow control to pause data transmission and avoid dropping packets during congestion. ETS bandwidth allocation to guarantee a percentage of shared bandwidth to bursty traffic, while allowing each traffic class to exceed its allocated bandwidth if another traffic class is not using its share.
OS10(conf-if-eth1/1/53)# priority-flow-control mode on OS10(conf-if-eth1/1/53)# end 4. ETS configuration (global) A trust dot1p-map assigns dot1p 0, 1, 2, and 3 traffic to qos-group 0, and dot1p 4, 5, 6, and 7 traffic to qos-group 1. A qos-map traffic-class map assigns the traffic class in qos-group 0 to queue 0, and qos-group 1 traffic to queue 1. A queuing policy map assigns 30% of interface bandwidth to queue 0, and 70% of bandwidth to queue 1.
trust-map dot1p tmap1 priority-flow-control mode on 7.
3 4 5 6 7 0% 0% 0% 0% 0% ETS ETS ETS ETS ETS Remote Parameters : ------------------Remote is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3, 30% ETS 1 4,5,6,7 70% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP Remote Willing Status is disabled Local Parameters : ------------------Local is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3, 30% ETS 1 4,5,6,7 70% ETS 2 0% ETS 3 0% ETS 4 0% ETS 5 0% ETS 6 0% E
11. Verify iSCSI optimization (global) After you enable iSCSI optimization, the iSCSI application priority TLV parameters are added in the show command output to verify a PFC configuration.
DCBX Operational Version is 0 DCBX Max Version Supported is 0 Sequence Number: 1 Acknowledgment Number: 2 3 Input PFC TLV pkts, 3 Output PFC TLV pkts, 0 Error PFC pkts 3 Input PG TLV Pkts, 3 Output PG TLV Pkts, 0 Error PG TLV Pkts 3 Input Appln Priority TLV pkts, 3 Output Appln Priority TLV pkts, 0 Error Appln Priority TLV Pkts Total Total Total Total 0 DCBX DCBX DCBX DCBX Frames transmitted 3 Frames received 3 Frame errors 0 Frames unrecognized OS10(conf-if-eth1/1/53)# dcbx version cee OS10(conf-if-eth1
25 sFlow sFlow is a standard-based sampling technology embedded within switches and routers that monitors network traffic. It provides traffic monitoring for high-speed networks with many switches and routers.
Enable sFlow on a specific interface OS10(config)# sflow enable OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# sflow enable Enable sFlow on a range of interfaces OS10(config)# sflow enable OS10(config)# interface range ethernet 1/1/1-1/1/10 OS10(conf-range-eth1/1/1-1/1/10)# sflow enable Enable sFlow on a port-channel OS10(config)# sflow enable OS10(config)# interface range port-channel 1-10 OS10(conf-range-po-1-10)# sflow enable Max-header size configuration • Set the packet maximum size i
Collector configuration Configure the IPv4 or IPv6 address for the sFlow collector. When you configure the collector, enter a valid and reachable IPv4 or IPv6 address. You can configure a maximum of two sFlow collectors. If you specify two collectors, samples are sent to both. The agent IP address must be the same for both the collectors.
Polling-interval configuration The polling interval for an interface is the number of seconds between successive samples of counters sent to the collector. You can configure the duration for polled interface statistics. Unless there is a specific deployment need to configure a lower polling interval value, configure the polling interval to the maximum value. • Change the default counter polling interval in CONFIGURATION mode, from 10 to 300. The default is 20.
Configure sFlow sampling rate OS10(config)# sflow sample-rate 4096 View sFlow packet header size OS10# show sflow sFlow services are enabled Management Interface sFlow services are disabled Global default sampling rate: 4096 Global default counter polling interval: 20 Global default extended maximum header size: 128 bytes Global extended information enabled: none 1 collector(s) configured Collector IP addr:10.16.151.245 Agent IP addr:10.16.132.
OS10(config)#show running-configuration interface vlan ! interface vlan1 no shutdown ! interface vlan10 no shutdown ip address 10.1.1.1/24 View sFlow details OS10# show sflow sFlow services are enabled Management Interface sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 30 Global default extended maximum header size: 128 bytes Global extended information enabled: none 2 collector(s) configured Collector IP addr:5.1.1.1 Agent IP addr:10.1.1.
sFlow commands sflow collector Configures an sFlow collector IP address where sFlow datagrams are forwarded. You can configure a maximum of two collectors. Syntax sflow collector {ipv4-address | ipv6-address} agent-addr {ipv4-address | ipv6address} [collector-port-number] [max-datagram-size datagram-size-number] [vrf vrf-name] Parameters • • • • • ipv4-address | ipv6-address — Enter an IPv4 or IPv6 address in A.B.C.D/A::B format. agent-addr ipv4-address | ipv6-address — Enter the sFlow agent IP address.
Example (portchannel) Supported Releases OS10(config)# sflow enable OS10(config)# interface range port-channel 1-10 OS10(conf-range-po-1-10)# sflow enable 10.3.0E or later sflow max-header-size Sets the maximum header size of a packet. Syntax sflow max-header-size header-size Parameter header-size — Enter the header size in bytes, from 64 to 256. The default is 128.
Example Supported Releases OS10(conf)# sflow sample-rate 4096 10.3.0E or later sflow source-interface Configures an interface as source for sFlow. The sFlow agent uses the IP address of the configured source interface as the agent IP address. Syntax sflow source-interface {ethernet node/slot/port[:subport] | loopback loopbackID | port-channel port-channel-ID | vlan vlan-ID} Parameters • • ethernet node/slot/port[:subport]—Enter the physical interface type details.
31722 UDP packets exported 0 UDP packets dropped 34026 sFlow samples collected OS10# show sflow sFlow services are enabled Management Interface sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 30 Global default extended maximum header size: 128 bytes Global extended information enabled: none 1 collector(s) configured Collector IP addr:10.16.151.145 Agent IP addr:10.16.132.
26 Telemetry Network health relies on performance monitoring and data collection for analysis and troubleshooting. Network data is often collected with SNMP and CLI commands using the pull mode. In pull mode, a management device sends a get request and pulls data from a client. As the number of objects in the network and the metrics grow, traditional methods limit network scaling and efficiency. Using multiple management systems further limits network scaling.
Table 97. BGP peers YANG Container Minimum sampling interval (milliseconds) infra-bgp/peer-state/peer-status 0 Buffer statistics Table 98. Buffer statistics YANG Container Minimum sampling interval (milliseconds) base-qos/queue-stat 15000 base-qos/priority-group-stat 15000 base-qos/buffer-pool-stat 15000 base-qos/buffer-pool 15000 Device information Table 99.
Table 103. System statistics YANG Container Minimum sampling interval (milliseconds) system-status/current-status 15000 Configure telemetry NOTE: To set up a streaming telemetry collector, download and use the OS10 telemetry .proto files from the Dell EMC Support site. To enable the streaming of telemetry data to destinations in a subscription profile: 1. Enable telemetry on the switch. 2. Configure a destination group. 3.
2. Enter the IPv4 or IPv6 address and transport-service port number in DESTINATION-GROUP mode. Only one destination is supported in the 10.4.3.0 release. You can enter a fully qualified domain name (FQDN) for ip-address. The destination domain name resolves to an IP address — see System domain name and list. OS10(conf-telemetry-dg-dest)# destination ip-address port-number 3. Return to TELEMETRY mode.
Destination : 10.11.56.
Telemetry Status : enabled -- Telemetry Sensor Groups -Group : bgp Sensor Path : bgp/bgp-oper/bgpPrfxCntrsEntry Sensor Path : bgp/bgp-oper/bgpPeerCount Group : bgp-peer Sensor Path : infra-bgp/peer-state/peer-status Group : buffer Sensor Path : base-qos/queue-stat Sensor Path : base-qos/priority-group-stat Sensor Path : base-qos/buffer-pool-stat Sensor Path : base-qos/buffer-pool Group : device Sensor Path : base-pas/chassis Sensor Path : base-pas/card Sensor Path : base-switch/switching-entities/switch-s
destination-group dest1 destination 10.11.56.204 40001 ! subscription-profile subscription-1 destination-group dest1 sensor-group bgp 300000 sensor-group bgp-peer 0 sensor-group buffer 15000 sensor-group device 300000 sensor-group environment 300000 sensor-group interface 180000 sensor-group lag 0 sensor-group system 300000 encoding gpb transport grpc no-tls source-interface ethernet1/1/1 Telemetry commands debug telemetry Starts data collection to troubleshoot telemetry operation.
Example Supported releases OS10(conf-telemetry)# destination-group dest1 OS10(conf-telemetry-dg-dest1)# destination 10.11.56.204 40001 OS10(conf-telemetry-dg-dest1)# 10.4.3.0 or later destination-group (subscription-profile) Assigns a destination group to a subscription profile for streaming telemetry. Syntax destination-group group-name Parameters group-name — Enter the name of the destination group. A maximum of 32 characters.
Example Supported releases OS10(conf-telemetry)# enable 10.4.3.0 or later encoding Configures the encoding format used to stream telemetry data to a destination device. Syntax encoding format Parameters format — Enter the gpb (Google protocol buffer) encoding format in which data is streamed. Default None Command mode SUBSCRIPTION-PROFILE Usage information The no version of the command removes the configured encoding format from a subscription profile.
environment interface lag system Switch peripheral statistics sensor group Interface statistics sensor group Lag statistics sensor group System statistics sensor group OS10(conf-telemetry)# subscription-profile subscription-1 OS10(conf-telemetry-sp-subscription-1)# sensor-group bgp 30000 OS10(conf-telemetry-sp-subscription-1)# sensor-group environment 415000 Supported releases 10.4.3.0 or later sensor-group (telemetry) Configures a sensor group for streaming telemetry.
OS10(conf-telemetry-sg-interfaces)# sensor-group dell-base-cmn/if/interfaces/ interface/member-ports Supported releases 10.4.3.0 or later show telemetry Displays the configured destination-group, sensor-group, and subscription profiles for streaming telemetry. Syntax show telemetry [destination-group [group-name] | sensor-group [group-name] | subscription-profile [profile-name]] Parameters • • • Default Display all destination-group, sensor-group, and subscription configurations.
Sensor Path : openconfig-platform/components/component Sensor Path : openconfig-network-instance/network-instances/networkinstance Group : oc-environment Sensor Path : openconfig-platform/components/component Group : oc-interface Sensor Path : openconfig-interfaces/interfaces/interface Group : oc-lacp Sensor Path : openconfig-lacp/lacp Group : oc-lag Sensor Path : openconfig-interfaces/interfaces/interface Group : oc-lldp Sensor Path : openconfig-lldp/lldp Group : oc-stp Sensor Path : openconfig-spanning-tr
Sensor Path : dell-base-if-cmn/if/interfaces Group : system Sensor Path : system-status/current-status OS10# show telemetry subscription-profile Telemetry Status : enabled -- Telemetry Subscription Profile -Name : subscription-1 Destination Groups(s) : dest1 Sensor-group Sample-interval ----------------------------------bgp 300000 bgp-peer 0 buffer 15000 device 300000 environment 300000 interface 180000 lag 0 system 300000 Encoding : gpb Transport : grpc TLS : disabled Source Interface : ethernet1/1/1 Act
subscription-profile Configures a subscription profile for streaming telemetry data. Syntax subscription-profile profile-name Parameters profile-name — Enter a profile name. A maximum of 32 characters. Default Not configured Command mode TELEMETRY Usage information A subscription profile associates destination groups with sensor groups, and specifies the data encoding format and transport protocol. Telemetry data is sent to the IP address and port specified in the destination groups.
Supported releases 10.4.3.0 or later Example: Configure streaming telemetry OS10(config)# telemetry OS10(conf-telemetry)# enable OS10(conf-telemetry)# destination-group dest1 OS10(conf-telemetry-dg-dest1)# destination 10.11.56.
Destination Groups(s) : dest1 Sensor-group Sample-interval ----------------------------------bgp 300000 bgp-peer 0 buffer 15000 device 300000 environment 300000 interface 180000 lag 0 system 300000 Encoding : gpb Transport : grpc TLS : disabled Source Interface : ethernet1/1/1 Active : true Reason : Connection summary: One or more active connections The connection 10.11.56.
27 RESTCONF API RESTCONF is a representational state transfer (REST)-like protocol that uses HTTPS connections. Use the OS10 RESTCONF API to set up the configuration parameters on OS10 switches using JavaScript Object Notation (JSON)-structured messages. Use any programming language to create and send JSON messages. The examples in this chapter use curl. The OS10 RESTCONF implementation complies with RFC 8040. You can use the RESTCONF API to configure and monitor an OS10 switch.
• ecdhe-rsa-with-aes-256-gcm-SHA384 rest https cipher-suite 4. Enable RESTCONF API in CONFIGURATION mode. rest api restconf RESTCONF API configuration OS10(config)# rest https server-certificate name OS10.dell.
Supported Releases 10.4.1.0 or later rest https server-certificate Creates the SSL self-signed server certificate a RESTCONF HTTPS connection uses. Syntax rest https server-certificate name hostname Parameters name hostname — Enter the IP address or domain name of the OS10 switch. Default The OS10 switch domain name is used as the hostname. Command Mode CONFIGURATION Usage Information The no version of the command removes the host name from the SSL server certificate.
• • • -k specifies a text file to read curl arguments from. The command line arguments found in the text file will be used as if they were provided on the command line. Use the IP address or URL of the OS10 switch when you access the OS10 RESTCONF API from a remote orchestration system. -H specifies an extra header to include in the request when sending HTTPS to a server. You can enter multiple extra headers. -d sends the specified data in an HTTPS request.
merge stop-on-error set PAGE 1278} Parameters • • • type string —Enter iana-if-type:softwareLoopback for a loopback interface. enabled bool— Enter true to enable the interface; enter false to disable. description string — Enter a text string to describe the interface. A maximum of 80 alphanumeric characters. name string — Enter loopback loopback-id of the interface, loopback-id is from 0 to 16383. • Example "name":"loopback1"}] curl -X POST -k -u admin:admin "https://10.11.86.
28 Troubleshoot OS10 Critical workloads and applications require constant availability. Dell EMC Networking offers tools to help you monitor and troubleshoot problems before they happen.
1 1 1 1 1 S4148F-ON-PWR-1-AC S4148F-ON-FANTRAY-1 S4148F-ON-FANTRAY-2 S4148F-ON-FANTRAY-3 S4148F-ON-FANTRAY-4 06FKHH 0N7MH8 0N7MH8 0N7MH8 0N7MH8 A00 X01 X01 X01 X01 CN-06FKHH-28298-6B5-03NY TW-0N7MH8-28298-713-0101 TW-0N7MH8-28298-713-0102 TW-0N7MH8-28298-713-0103 TW-0N7MH8-28298-713-0104 Boot partition and image Display system boot partition and image information. • View all boot information in EXEC mode. show boot • View boot details in EXEC mode.
3 root 5 root 7 root 8 root 10 root 11 root 12 root 13 root 14 root 15 root 16 root 17 root 19 root 20 root 21 root 22 root 23 root 24 root 25 root --more-- 20 0 20 20 20 20 20 rt rt rt rt 20 0 0 20 0 20 0 25 0 -20 0 0 0 0 0 0 0 0 0 0 -20 -20 0 -20 0 -20 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 S S R S S S S S S S S S S S S S S S S 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.
listening on e101-003-0, link-type EN10MB (Ethernet), capture size 262144 bytes 01:39:22.457185 IP 3.3.3.1 > 3.3.3.4: ICMP echo request, id 5320, seq 26, length 64 01:39:22.457281 IP 3.3.3.1 > 3.3.3.4: ICMP echo reply, id 5320, seq 26, length 64 Capture two packets from interface $ tcpdump -c 2 -i e101-003-0 listening on e101-003-0, link-type EN10MB (Ethernet), capture size 96 bytes 01:39:22.457185 IP 3.3.3.1 > 3.3.3.4: ICMP echo request, id 5320, seq 26, length 64 01:39:22.457281 IP 3.3.3.1 > 3.3.3.
Sending 5, 100-byte ICMP Echos to 172.31.1.255, timeout is 2 seconds: Reply to request 1 from 172.31.1.208 0 ms Reply to request 1 from 172.31.1.216 0 ms Reply to request 1 from 172.31.1.205 16 ms :: Reply to request 5 from 172.31.1.209 0 ms Reply to request 5 from 172.31.1.66 0 ms Reply to request 5 from 172.31.1.87 0 ms Check IPv6 connectivity OS10# ping 100::1 Type Ctrl-C to abort. Sending 5, 100-byte ICMP Echos to 100::1, timeout is 2 seconds: !!!!! Success rate is 100.
View inventory OS10# show inventory Product : S6000-ON Description : S6000-ON 32x40GbE QSFP+ Interface Module Software version : 10.4.
View diagnostics View system diagnostic information using show commands. Use the show hash-algorithm command to view the current hash algorithms configured for the Link Aggregation Group (LAG) and Equal Cost MultiPath (ECMP) protocols.
Software Version Physical Ports BIOS System CPLD Master CPLD Slave CPLD : 10.5.0.0 : 48x10GbE, 2x40GbE, 4x100GbE : 3.33.0.0-3 : 0.4 : 0.10 : 0.
Supported Releases 10.3.0E or later show boot Displays boot partition-related information. Syntax show boot [detail] Parameters detail — (Optional) Enter to display detailed information. Default Not configured Command Mode EXEC Usage Information Use the boot system command to set the boot partition for the next reboot.
00:0e.0 Host bridge: Intel Corporation Atom processor C2000 RAS (rev 02) 00:0f.0 IOMMU: Intel Corporation Atom processor C2000 RCEC (rev 02) 00:13.0 System peripheral: Intel Corporation Atom processor C2000 SMBus 2.0 (rev 02) 00:14.0 Ethernet controller: Intel Corporation Ethernet Connection I354 (rev 03) 00:14.1 Ethernet controller: Intel Corporation Ethernet Connection I354 (rev 03) 00:16.0 USB controller: Intel Corporation Atom processor C2000 USB Enhanced Host Controller (rev 02) 00:17.
Example Supported Releases OS10# show hash-algorithm LagAlgo - CRC EcmpAlgo - CRC 10.2.0E or later show inventory Displays system inventory information. Syntax show inventory Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show inventory Product Description Software version Product Base Product Serial Number Product Part Number : S4148F-ON : S4148F-ON 48x10GbE, 2x40GbE QSFP+, 4x100GbE QSFP28 Interface M : 10.5.0.
3 root ksoftirqd/0 5 root 0:+ 7 root 8 root 10 root 11 root 12 root 13 root migration/0 14 root watchdog/0 15 root watchdog/1 16 root migration/1 17 root ksoftirqd/1 19 root 1:+ 20 root 21 root 22 root 23 root khungtaskd 24 root 25 root --more-- 20 0 0 0 0 S 0.0 0.0 0:25.37 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/ 20 20 20 20 20 rt 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 R S S S S S 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 5:15.27 2:43.64 0:00.00 0:00.00 0:00.00 0:07.
Down Reason Digital Optical Monitoring System Location LED Required Type Current Type Hardware Revision Software Version Physical Ports BIOS System CPLD Master CPLD Slave CPLD : : : : : : : : unknown disable off S4148F S4148F X01 10.5.0.0 48x10GbE, 2x40GbE, 4x100GbE : 3.33.0.0-3 : 0.4 : 0.10 : 0.
---------------------------------------------------------------1 up AC NORMAL 1 13312 up 2 fail -- Fan Status -FanTray Status AirFlow Fan Speed(rpm) Status ---------------------------------------------------------------1 up NORMAL 1 13195 up Supported Releases 2 up NORMAL 1 13151 up 3 up NORMAL 1 13239 up 4 up NORMAL 1 13239 up 10.2.0E or later traceroute Displays the routes that packets take to travel to an IP address.
Default Not configured Command Mode EXEC Usage Information None Example Example (IPv6) Supported Releases OS10# traceroute www.dell.com traceroute to www.dell.com (23.73.112.54), 30 hops max, 60 byte packets 1 10.11.97.254 (10.11.97.254) 4.298 ms 4.417 ms 4.398 ms 2 10.11.3.254 (10.11.3.254) 2.121 ms 2.326 ms 2.550 ms 3 10.11.27.254 (10.11.27.254) 2.233 ms 2.207 ms 2.391 ms 4 Host65.hbms.com (63.80.56.65) 3.583 ms 3.776 ms 3.757 ms 5 host33.30.198.65 (65.198.30.33) 3.758 ms 4.286 ms 4.221 ms 6 3.
bash | | initrd (hd0,gpt7)/boot/ os10.initrd | +------------------------------------------------------------------------------------------+ 6. Press Ctrl + x to reboot your system. If Ctrl + x does not cause the system to reboot, press Alt + 0. The system boots to a root shell without a password. 7. At the root prompt, enter usermod -s /bin/bash linuxadmin to enable the linuxadmin user. root@OS10: /# usermod -s /bin/bash linuxadmin 8.
The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Dell EMC Network Operating System (OS10) *-* *-* Copyright (c) 1999-2018 by Dell Inc. All Rights Reserved.
trademarks of Dell Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. s4048t-1# configure terminal s4048t-1(config)# 9.
SupportAssist The SupportAssist feature monitors the devices in your network that run the Dell EMC Networking Operating System. This feature offers an extra layer of service to your IT support capabilities by: • • Identifying issues and helping you resolve them quickly. Proactively monitoring the network and minimizing the risk of downtime. SupportAssist periodically collects information about configuration, inventory, logs, and so on, from the network devices.
2. Accept the EULA. OS10(config)# eula-consent support-assist accept 3. Enter SupportAssist mode from CONFIGURATION mode. OS10(config)# support-assist OS10(conf-support-assist)# 4. (Required) Specify the SupportAssist server URL or IP address in SUPPORT-ASSIST mode, and specify your Dell Digital Locker (DDL) credentials to access the SupportAssist server. This account must have entitlements to the OS10 switch in DDL. You can enter default to specify the SupportAssist server URL (https://esrs3.emc.com).
Configure SupportAssist company OS10(conf-support-assist)# contact-company name ExampleCompanyName OS10(conf-support-assist-ExampleCompanyName)# address city San Jose state California country USA zipcode 95125 OS10(conf-support-assist-ExampleCompanyName)# street-address "123 Example Street" "Bldg 999" OS10(conf-support-assist-ExampleCompanyName)# territory Sales Set contact information Configure contact details in SUPPORT-ASSIST mode.
• • monthly day number hour number min number—Enter the time to schedule a monthly task, from 1 to 31 days, 0 to 23 hours, and 0 to 59 minutes. yearly month number day number hour number min number—Enter the time to schedule a yearly task, from 1 to 12 months, 1 to 31 days, 0 to 23 hours, and 0 to 59 minutes.
Last Last Last Last Last Last KeepAlive Status KeepAlive Successful KeepAlive Failed at MFT Status : MFT Successful at : MFT Failed at : : Failed at : 2019-06-13 17:30:03 : 2019-06-13 18:00:03 Success 2019-06-13 16:15:19 Never View EULA license OS10# show support-assist eula SUPPORTASSIST ENTERPRISE - SOFTWARE TERMS *** IMPORTANT INFORMATION - PLEASE READ CAREFULLY *** This SupportAssist Software ("Software") contains computer programs and other proprietary material and information, the use of which is g
Country name Country code Belarus BLR Belgium BEL Belize BLZ Benin BEN Bermuda BMU Bhutan BTN Bolivia, Plurinational State of BOL Bonaire, Sint Eustatius and Saba BES Bosnia and Herzegovina BIH Botswana BWA Bouvet Island BVT Brazil BRA British Indian Ocean Territory IOT Brunei Darussalam BRN Bulgaria BGR Burkina Faso BFA Burundi BDI Cambodia KHM Cameroon CMR Canada CAN Cabo Verde CPV Cayman Islands CYM Central African Republic CAF Chad TCD Chile CHL China
Country name Country code Denmark DNK Djibouti DJI Dominica DMA Dominican Republic DOM Ecuador ECU Egypt EGY El Salvador SLV Equatorial Guinea GNQ Eritrea ERI Estonia EST Ethiopia ETH Falkland Islands (Malvinas) FLK Faroe Islands FRO Fiji FJI Finland FIN France FRA French Guiana GUF French Polynesia PYF French Southern Territories ATF Gabon GAB Gambia GMB Georgia GEO Germany DEU Ghana GHA Gibraltar GIB Greece GRC Greenland GRL Grenada GRD Guadeloupe
Country name Country code Hungary HUN Iceland ISL India IND Indonesia IDN Iran, Islamic Republic of IRN Iraq IRQ Ireland IRL Isle of Man IMN Israel ISR Italy ITA Jamaica JAM Japan JPN Jersey JEY Jordan JOR Kazakhstan KAZ Kenya KEN Kiribati KIR Korea, Democratic People's Republic of PRK Korea, Republic of KOR Kuwait KWT Kyrgyzstan KGZ Lao People's Democratic Republic LAO Latvia LVA Lebanon LBN Lesotho LSO Liberia LBR Libya LBY Liechtenstein LIE Lithua
Country name Country code Mauritania MRT Mauritius MUS Mayotte MYT Mexico MEX Micronesia, Federated States of FSM Moldova, Republic of MDA Monaco MCO Mongolia MNG Montenegro MNE Montserrat MSR Morocco MAR Mozambique MOZ Myanmar MMR Namibia NAM Nauru NRU Nepal NPL Netherlands NLD New Caledonia NCL New Zealand NZL Nicaragua NIC Niger NER Nigeria NGA Niue NIU Norfolk Island NFK Northern Mariana Islands MNP Norway NOR Oman OMN Pakistan PAK Palau PLW Pa
Country name Country code Réunion REU Romania ROU Russian Federation RUS Rwanda RWA Saint Barthélemy BLM Saint Helena, Ascension and Tristan da Cunha SHN Saint Kitts and Nevis KNA Saint Lucia LCA Saint Martin (French part) MAF Saint Pierre and Miquelon SPM Saint Vincent and the Grenadines VCT Samoa WSM San Marino SMR Sao Tome and Principe STP Saudi Arabia SAU Senegal SEN Serbia SRB Seychelles SYC Sierra Leone SLE Singapore SGP Sint Maarten (Dutch part) SXM Slova
Country name Country code Thailand THA Timor-Leste TLS Togo TGO Tokelau TKL Tonga TON Trinidad and Tobago TTO Tunisia TUN Turkey TUR Turkmenistan TKM Turks and Caicos Islands TCA Tuvalu TUV Uganda UGA Ukraine UKR United Arab Emirates ARE United Kingdom GBR United States USA United States Minor Outlying Islands UMI Uruguay URY Uzbekistan UZB Vanuatu VUT Venezuela, Bolivarian Republic of VEN Viet Nam VNM Virgin Islands, British VGB Virgin Islands, U.S.
Usage Information If you reject the end-user license agreement, you cannot access the SupportAssist Configuration submode. If there is an existing SupportAssist configuration, the configuration is removed and the feature is disabled. Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0E(R3S). Also supported in SmartFabric mode starting in release 10.5.0.
support-assist-activity Schedules a time for data collection and transfer activity or performs on-demand data collection and managed file transfer. Syntax support-assist-activity full-transfer {start-now | [schedule {hourly minute | daily hour number min number | weekly day-of-week number hour number min number | monthly day number hour number min number | yearly month number day number hour number min number]} Parameters • • • start-now—Schedules the transfer to start immediately.
SupportAssist configuration commands activity Enables data collection activity for full transfer or event notifications. Syntax activity {event-notification | full-transfer} Parameters None Default Enabled Command Mode SUPPORT-ASSIST Usage Information This command enables data collection for the specified activity. Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0(R3S). Also supported in SmartFabric mode starting in release 10.5.0.
Usage Information Enter your Dell Digital Locker (DDL) credentials. This account must have entitlements to the OS10 switch in DDL. To view the server configuration. The no version of this command removes the configuration, only configure one SupportAssist server, use the show support-assist status command. Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0(R3S). Also supported in SmartFabric mode starting in release 10.5.0.
ce4bd298375e15bb989a9a6e6ee51d130d446ce3c25ade72a6f99fc6 source-interface mgmt1/1/1 ! contact-company name "Example Company Name" street-address No:123 Example Street Bldg 999 address city San Jose state California country USA zipcode 95125 territory Global ! contact-person first Firstname last Lastname email-address primary youremail@example.com alternate alternate_email@example.com phone primary 0001234567 alternate 1234567890 preferred-method email Supported Releases 10.2.
Example OS10# show support-assist status EULA support-assist : Accepted Service : Enabled Contact-Company : ExampleCompanyName Street Address : Olympia City : SanJose State : California Country : USA Zipcode : 95123 Territory : West Contact-person : Firstname Lastname Primary email : youremail@example.com Alternate email : emailid@example.
Examples OS10(conf-support-assist)# source-interface ethernet 1/1/4 OS10(conf-support-assist)# source-interface loopback 1 OS10(conf-support-assist)# source-interface mgmt 1/1/1 OS10(conf-support-assist)# source-interface port-channel 10 OS10(conf-support-assist)# source-interface vlan 100 Supported Releases 10.4.0E(R1) or later SupportAssist company commands address Configures the company address.
Example Supported Releases OS10(conf-support-assist-ExampleCompanyName)# contact-person first Firstname last Lastname 10.2.0E or later street-address Configures the street address of the company. Syntax street-address {line-1} [line-2] [line-3] Parameters line-1 line-2 line-3 — Enter the address of the company, from 1 to 3 lines. Enclose the text within double quotes. Insert a space after each line of text.
Usage Information Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0(R3S). Also supported in SmartFabric mode starting in release 10.5.0. The no version of this command removes the configuration. Example Supported Releases OS10(conf-support-assist-ExampleCompanyName-FirstnameLastname)# emailaddress primary youremail@example.com alternate emailid@example.com 10.2.0E or later phone Configures the phone number of the contact person.
Support bundle The Support Bundle is based on the sosreport tool. Use the Support Bundle to generate an sosreport tar file that collects Linux system configuration and diagnostics information, as well as the show command output to send to Dell EMC Technical Support. To send Dell EMC Technical Support troubleshooting details about the Linux system configuration and OS10 diagnostics, generate an sosreport tar file. 1. Generate the tar file in EXEC mode. generate support-bundle 2.
Usage Information To send the tar file to Dell EMC Technical Support, use the dir supportbundle and copy supportbundle://sosreport-OS10-file-number.tar.gz tftp://server-address/path commands. Example Example (Enable Options) Supported Releases OS10# generate support-bundle OS10# generate support-bundle enable-all-plugin-options 10.2.0E or later System monitoring Monitor OS10 using system alarms and log information.
Severity profiles OS10 allows you to change the severity of events using severity profiles. A severity profile is a .xml file that defines the effective severity of events or disables the notification of events. OS10 comes with a default severity profile. You cannot modify or delete the default profile. However, OS10 allows you to define custom severity profiles. • • Default severity profile—All events are defined in the default profile.
When you copy the custom profile, you must update the name of the custom profile. You cannot use the same name as the default profile (default.xml) or the active profile (mySevProf.xml). 5. Apply the custom severity profile on the switch. OS10# event severity-profile mySevProf_1.xml NOTE: You must restart the switch for the changes to take effect. 6. Restart the switch. OS10# reload 7. Use the show event severity-profile command to view the custom profile that is active.
• Disable console logging, and reset the minimum logging severity to the default in CONFIGURATION mode. no logging console severity • Disable log-file logging, and reset the minimum logging severity to the default in CONFIGURATION mode. no logging log-file severity • Disable monitor logging, and reset the minimum logging severity to the default in CONFIGURATION mode. no logging monitor severity • Disable server logging, and reset the minimum logging severity to the default in CONFIGURATION mode.
• Both take the name of the certificate. For example, if you install a certificate using: OS10# crypto cert install cert-file home://Dell_host1.pem key-file home://abcd.key • The certificate-key pair is installed as Dell_host1.pem and Dell_host1.key. In configuration commands, refer to the pair as Dell_host1. When you configure a security profile, you would enter Dell_host1 in the certificate certificatename command.
admin@dell.com organization "Dell EMC" orgunit Networking locality "Santa Clara" state California country US length 2048 Processing certificate ... Successfully created CSR file /home/admin/clientreq.pem and key OS10# copy home://clientreq.pem scp://CAadmin:secret@172.11.222.1/clientreq.pem OS10# copy scp://CAadmin:secret@172.11.222.1/clientcert.pem home://clientcert.pem OS10# copy scp://CAadmin:secret@172.11.222.1/clientkey.pem home://clientkey.pem OS10# crypto cert install cert-file home://clientcert.
View logging process names OS10# show logging process-names dn_alm dn_app_vlt dn_app_vrrp dn_bgp dn_dot1x dn_eqa dn_eqm dn_eth_drv dn_etl dn_i3 dn_ifm dn_infra_afs dn_issu dn_l2_services dn_l2_services_ dn_l2_services_ dn_l2_services_ dn_l2_services_ dn_l3_core_serv dn_l3_service dn_lacp dn_lldp dn_mgmt_entity_ --More-- Environmental monitoring Monitors the hardware environment to detect temperature, CPU, and memory utilization.
! ... Show link-bundle utilization OS10(config)# do show link-bundle-utilization Link-bundle trigger threshold - 10 Alarm commands alarm acknowledge Acknowledges an active alarm. Syntax alarm acknowledge sequence-number Parameters • Default Not configured Command Mode EXEC sequence-number — Acknowledge the alarm corresponding to the sequence number. Usage Information Use the show alarm command to view all active alarms. Use active alarm sequence numbers to acknowledge specific alarms.
Command Mode EXEC Usage Information None Example OS10# show alarms Sq No Severity Name Timestamp Source ------------------------------------------------------------------- -----7563 critical EQM_MORE_PSU_FAULT 2019 /pus/1 7566 warning EQM_TML_MINOR_CROSSED 2019 /pus/1 7569 information L2_SERV_LACP_CMS_CPS_SEND_FAIL 2019 /pus/1 Supported Releases Fri Jul 26 19:26:16 Fri Jul 26 19:30:22 Fri Jul 26 19:55:40 10.2.0E or later show alarms acknowledged Displays all acknowledged alarms.
Active-alarm details - 732 ------------------------------------------Sequence Number: 732 Severity: critical Source: /psu/2 Name: EQM_MORE_PSU_FAULT Description: psu 2 is not working correctly Raise-time: Mon Jul 29 06:12:30 2019 Ack-time: New: true Acknowledged: false ------------------------------------------Alarm is acknowledged: OS10# show alarms details Active-alarm details - 732 ------------------------------------------Sequence Number: 732 Severity: critical Source: /psu/2 Name: EQM_MORE_PSU_FAULT De
show alarms severity Displays all active alarms corresponding to a specific severity level. Syntax show alarms severity severity Parameters severity — Set the alarm severity: • • • • critical — Critical alarm severity. major — Major alarm severity. minor — Minor alarm severity. warning — Warning alarm severity.
show alarms summary Displays the summary of all active alarms. Syntax show alarms summary Parameters None Default Not configured Command Mode EXEC Usage Information None Example Supported Releases OS10# show alarms summary Active-alarm Summary ------------------------------------------Total-count: 2 Critical-count: 0 Major-count: 1 Minor-count: 1 Warning-count: 0 ------------------------------------------10.2.
Example (reverse) Example (sequence) Example (details) Example (summary) OS10# Sq No ----1 2 3 4 5 6 show event history reverse State Name Timestamp -------- ------------------ ----------------------Stateless SYSTEM_REBOOT Sun 10-07-2018 15:39:41 Raised EQM_FANTRAY_FAULT Sun 10-07-2018 16:39:42 Raised EQM_MORE_PSU_FAULT Sun 10-07-2018 18:39:44 Raised EQM_MORE_PSU_FAULT Sun 10-07-2018 18:39:47 Ack EQM_MORE_PSU_FAULT Sun 10-07-2018 20:39:49 Cleared EQM_FANTRAY_FAULT Sun 10-07-2018 22:39:50 OS10# show ev
show event severity-profile Displays the active severity profile and the profile that becomes active after a system restart. Syntax show event severity-profile Parameters None Default None Command Mode EXEC Usage Information None Example Supported Releases OS10# show event severity-profile Severity Profile Details -----------------------Currently Active : default Active after restart : mySevProf.xml 10.5.0 or later Logging commands clear logging Clears messages in the logging buffer.
Command Mode CONFIGURATION Usage Information Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0E(R3S). Also supported in SmartFabric mode starting in release 10.5.0.1. To set the severity to the default level, use the no logging console severity command. The default severity level is log-notice.
Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0E(R3S). Also supported in SmartFabric mode starting in release 10.5.0.1. Example OS10(config)# logging log-file disable Example (Enable) OS10(config)# logging log-file enable Example (Severity) Supported Releases OS10(config)# logging log-file severity log-notice 10.2.0E or later logging monitor Set the minimum severity level for logging to the terminal lines.
Supported releases 10.5.0 or later logging server Configures a remote syslog server. Syntax logging server {ipv4–address | ipv6–address} [tcp | udp | tls] [port-number] [severity severity-level] [vrf {management | vrf-name] Parameters • • ipv4–address | ipv6–address — (Optional) Enter the IPv4 or IPv6 address of the logging server. tcp | udp | tls port-number — (Optional) Send syslog messages using TCP, UDP, or TLS transport to a specified port on a remote logging server, from 1 to 65535.
Command Mode EXEC Usage Information The output from this command is the /var/log/eventlog file. Supported on the MX9116n and MX5108n switches in Full Switch mode starting in release 10.4.0E(R3S). Also supported in SmartFabric mode starting in release 10.5.0.1.
conv erted to SAI types (func:2359305) May 23 17:10:04 OS10 base_nas: [NDI:NDI-SAI], conv erted to SAI types (func:2359311) May 23 17:10:04 OS10 base_nas: [NDI:NDI-SAI], converted May 23 17:10:04 OS10 base_nas: [NDI:NDI-SAI], conv erted to SAI types (func:2359312) May 23 17:10:04 OS10 base_nas: [NDI:NDI-SAI], (23 59344) May 23 17:10:04 OS10 base_nas: [NDI:NDI-SAI], (23 59345) May 23 17:10:04 OS10 base_nas: [NDI:NDI-SAI], (23 59346) May 23 17:10:04 OS10 base_nas: [NDI:NDI-SAI], (23 59319) May 23 17:10:08 OS1
jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. linuxadmin@OS10:~$ To log in to OS10 and access the command-line interface, enter su — admin at the Linux shell prompt, then admin as the password. linuxadmin@OS10:~$ su - admin Password: admin OS10# Frequently asked questions This section contains answers to frequently asked questions for ONIE-enabled devices.
Configuration How do I enter CONFIGURATION mode? Use the configure terminal command to change from EXEC mode to CONFIGURATION mode. I made changes to the running configuration file but the updates are not showing. How do I view my changes? Use the show running-configuration command to view changes that you have made to the running-configuration file.
Access control lists How do I setup filters to deny or permit packets from an IPv4 or IPv6 address? Use the deny or permit commands to create ACL filters. How do I clear access-list counters? Use the clear ip access-list counters, clear ipv6 access-list counters, or clear mac access-list counters commands. How do I setup filters to automatically assign sequencer numbers for specific addresses? Use the seq deny or seq permit commands for specific packet filtering.
29 Support resources The Dell EMC Support site provides a range of documents and tools to assist you with effectively using Dell EMC devices. Through the support site you can obtain technical information regarding Dell EMC products, access software upgrades and patches, download available management software, and manage your open cases. The Dell EMC support site provides integrated, secure access to these services. To access the Dell EMC Support site, go to www.dell.com/support/.