2CSNXXX_SWUM204.book Page 1 Monday, January 25, 2016 1:25 PM Dell Networking N-Series N1500, N2000, N3000, and N4000 Switches CLI Reference Guide Version 6.3.0.
CSNXXX_SWUM204.book Page 2 Monday, January 25, 2016 1:25 PM Notes NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. ____________________ Information in this publication is subject to change without notice. Copyright © 2016 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
2CSNXXX_SWUM204.book Page 3 Monday, January 25, 2016 1:25 PM Contents 1 Dell Networking CLI Introduction . . . . . . . . . . . . . . . . 95 . . . . . . . . . . . . . . . . . . . . 95 Command Groups Mode Types 2 Using the CLI . . . . . . . . . . . . . . . . . 95 . . . . . . . . . . . . . . . . . . . . 100 . . . . . . . . . . . . . . . . . . . . . Introduction 219 . . . . . . . . . . . . . . . . . . . . Entering and Editing CLI Commands . . . . . . . . 219 . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 4 Monday, January 25, 2016 1:25 PM deny | permit (Mac-Access-List-Configuration) ip access-group . . 272 . . . . . . . . . . . . . . . . . . 275 mac access-group . . . . . . . . . . . . . . . . . mac access-list extended . . . . . . . . . . . . . mac access-list extended rename . remark 276 278 . . . . . . . . 279 . . . . . . . . . . . . . . . . . . . . . . . 279 service-acl input . . . . . . . . . . . . . . . . . . 281 show service-acl interface . . . . . . . .
2CSNXXX_SWUM204.book Page 5 Monday, January 25, 2016 1:25 PM show mac address-table . . . . . . . . . . . . . . show mac address-table address show mac address-table count 302 . . . . . . . . . 303 . . . . . . . . . . 304 show mac address-table dynamic . . . . . . . . . 304 show mac address-table interface . . . . . . . . 305 . . . . . . . . . . 306 . . . . . . . . . . . 307 . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 6 Monday, January 25, 2016 1:25 PM show isdp interface . . . . . . . . . . . . . . . . 321 show isdp neighbors . . . . . . . . . . . . . . . . 322 . . . . . . . . . . . . . . . . . . 323 show isdp traffic DHCP Client Commands . . . . . . . . . . . . . . . . . . . . . . .325 Commands in this Section . . . . . . . . . . . . . 327 release dhcp . . . . . . . . . . . . . . . . . . . . 327 renew dhcp . . . . . . . . . . . . . . . . . . . . . 328 show dhcp lease . . .
2CSNXXX_SWUM204.book Page 7 Monday, January 25, 2016 1:25 PM show dhcp l2relay circuit-id vlan . . . . . . . . . 341 show dhcp l2relay remote-id vlan . . . . . . . . . 342 clear dhcp l2relay statistics interface . . . . . . . 342 DHCP Snooping Commands . . . . . . . . . . . . . . . . . . . .344 Commands in this Section . . . . . . . . . . . . . clear ip dhcp snooping binding . . . . . . . . . . 345 . . . . . . . . . 346 . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 8 Monday, January 25, 2016 1:25 PM clear ipv6 dhcp snooping statistics ipv6 dhcp snooping . . . . . . . . . 360 . . . . . . . . . . . . . . . . 360 ipv6 dhcp snooping vlan . . . . . . . . . . . . . . ipv6 dhcp snooping binding . . . . . . . . . . . . ipv6 dhcp snooping database . . . . . . . . . . . ipv6 dhcp snooping database write-delay ipv6 dhcp snooping limit 362 363 . . . . . 364 . . . . . . . . . . . . . . 365 ipv6 dhcp snooping log-invalid .
2CSNXXX_SWUM204.book Page 9 Monday, January 25, 2016 1:25 PM Commands in this Section arp access-list . . . . . . . . . . . . . 378 . . . . . . . . . . . . . . . . . . . 378 clear ip arp inspection statistics . . . . . . . . . . 379 ip arp inspection filter . . . . . . . . . . . . . . . 380 ip arp inspection limit . . . . . . . . . . . . . . . 380 ip arp inspection trust . . . . . . . . . . . . . . . 381 ip arp inspection validate . . . . . . . . . . . . . 382 . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 10 Monday, January 25, 2016 1:25 PM rate-limit cpu . . . . . . . . . . . . . . . . . . . . show interfaces . . . . . . . . . . . . . . . . . . show interfaces advertise . . . . . . . . . . . . . show interfaces configuration show interfaces counters 399 401 404 . . . . . . . . . . . 406 . . . . . . . . . . . . . 407 show interfaces debounce . . . . . . . . . . . . . 411 show interfaces description . . . . . . . . . . . . 411 . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 11 Monday, January 25, 2016 1:25 PM Ethernet CFM Commands . . . . . . . . . . . . . . . . . . . . . .431 Commands in this Section . . . . . . . . . . . . . 431 . . . . . . . . . . . . . . . . 432 . . . . . . . . . . . . . . . . . . . . . . . 433 ethernet cfm domain service ethernet cfm cc level . . . . . . . . . . . . . . . . ethernet cfm mep level . . . . . . . . . . . . . . . 434 . . . . . . . . . . . . . 435 . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 12 Monday, January 25, 2016 1:25 PM green-mode eee . . . . . . . . . . . . . . . . . . 449 clear green-mode statistics . . . . . . . . . . . . 450 green-mode eee-lpi-history . . . . . . . . . . . . 450 show green-mode interface-id show green-mode . . . . . . . . . . 451 . . . . . . . . . . . . . . . . . 455 show green-mode eee-lpi-history interface . . . . 456 GVRP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . .459 Commands in this Section . .
2CSNXXX_SWUM204.book Page 13 Monday, January 25, 2016 1:25 PM show ip igmp snooping mrouter . . . . . . . . . . ip igmp snooping vlan immediate-leave . . . . . . 474 475 ip igmp snooping vlan groupmembershipinterval . . . . . . . . . . . . . . . . . . . . . . . 476 ip igmp snooping vlan last-member-queryinterval . . . . . . . . . . . . . . . . . . . . . . . 477 . . . . . . 478 . . . . . . . 478 . . . . . . 479 . . . . . . . . . .
2CSNXXX_SWUM204.book Page 14 Monday, January 25, 2016 1:25 PM show interfaces status err-disabled . . . . . . . . 496 IP Addressing Commands . . . . . . . . . . . . . . . . . . . . .499 Commands in this Section clear host . . . . . . . . . . . . . . 499 . . . . . . . . . . . . . . . . . . . . . 500 clear ip address-conflict-detect interface out-of-band . . . . . . . . . . 500 . . . . . . . . . . . . . . . 501 ip address (Out-of-Band) . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 15 Monday, January 25, 2016 1:25 PM show hosts . . . . . . . . . . . . . . . . . . . . . show ip address-conflict . show ip helper-address 516 . . . . . . . . . . . . . 517 . . . . . . . . . . . . . . 519 show ipv6 dhcp interface out-of-band statistics show ipv6 interface out-of-band . . 520 . . . . . . . . . 521 IPv6 Access List Commands . . . . . . . . . . . . . . . . . . .522 Commands in this Section . . . . . . . . . . . . . 522 . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 16 Monday, January 25, 2016 1:25 PM ipv6 mld snooping (Global) show ipv6 mld snooping . . . . . . . . . . . . . 540 . . . . . . . . . . . . . . 541 show ipv6 mld snooping groups . . . . . . . . . . 543 . . . . . . . . . 544 show ipv6 mld snooping mrouter IPv6 MLD Snooping Querier Commands . . . . . . . . .546 Commands in this Section . . . . . . . . . . . . . 546 ipv6 mld snooping querier . . . . . . . . . . . . . 546 ipv6 mld snooping querier (VLAN mode) . . . .
2CSNXXX_SWUM204.book Page 17 Monday, January 25, 2016 1:25 PM Commands in this Section . . . . . . . . . . . . . 560 . . . . . . . . . . . . . . . . . . 560 . . . . . . . . . . . . . . . . . . . . . . 561 iscsi aging time . iscsi cos iscsi enable . . . . . . . . . . . . . . . . . . . . . iscsi target port show iscsi 563 . . . . . . . . . . . . . . . . . . 564 . . . . . . . . . . . . . . . . . . . . . 565 show iscsi sessions . . . . . . . . . . . . . . . . 566 Link Dependency Commands . .
2CSNXXX_SWUM204.book Page 18 Monday, January 25, 2016 1:25 PM lldp med transmit-tlv lldp notification . . . . . . . . . . . . . . . . . 579 . . . . . . . . . . . . . . . . . . 580 lldp notification-interval . . . . . . . . . . . . . . 581 lldp receive . . . . . . . . . . . . . . . . . . . . . 581 lldp timers . . . . . . . . . . . . . . . . . . . . . 582 . . . . . . . . . . . . . . . . . . . . 583 lldp transmit lldp transmit-mgmt . . . . . . . . . . . . . . . . . 584 . . . . . . . . . .
2CSNXXX_SWUM204.book Page 19 Monday, January 25, 2016 1:25 PM keepalive action . . . . . . . . . . . . . . . . . . 600 show keepalive . . . . . . . . . . . . . . . . . . . 601 show keepalive statistics . . . . . . . . . . . . . 602 MLAG Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . .604 Commands in this Section . . . . . . . . . . . . . 604 . . . . . . . . . . . . . . . . 604 . . . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 20 Monday, January 25, 2016 1:25 PM system-priority vpc . . . . . . . . . . . . . . . . . . . 623 . . . . . . . . . . . . . . . . . . . . . . . . . 624 vpc domain . . . . . . . . . . . . . . . . . . . . . vpc peer-link . . . . . . . . . . . . . . . . . . . . 625 626 Multicast VLAN Registration Commands . . . . . . . .628 Commands in this Section mvr . . . . . . . . . . . . . 628 . . . . . . . . . . . . . . . . . . . . . . . . . 629 mvr group . mvr mode . . . . . .
2CSNXXX_SWUM204.book Page 21 Monday, January 25, 2016 1:25 PM LAG Hashing . . . . . . . . . . . . . . . . . . . . Enhanced LAG Hashing . . . . . . . . . . . . . . Manual Aggregation of LAGs . . . . . . . . . . . Flexible Assignment of Ports to LAGs . . . . . . . . . . . . . 646 . . . . . . . . . . . . . . . . . . . 646 . . . . . . . . . . . . . . . interface range port-channel 648 . . . . . . . . . . . . . . . . . . . 648 . . . . . . . . . . . . . . . . . . lacp system-priority 650 . . .
2CSNXXX_SWUM204.book Page 22 Monday, January 25, 2016 1:25 PM monitor capture mode . . . . . . . . . . . . . . . 663 . . . . . . . . . . . . . . . . . . 668 . . . . . . . . . . . . . . . . . . . . 671 monitor session remote-span show monitor capture . . . . . . . . . . . . . . . 672 show monitor session . . . . . . . . . . . . . . . 674 . . . . . . . . . . . . . . 676 show vlan remote-span QoS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 23 Monday, January 25, 2016 1:25 PM conform-color . . . . . . . . . . . . . . . . . . . 690 cos-queue min-bandwidth . . . . . . . . . . . . . 692 cos-queue random-detect . . . . . . . . . . . . . 693 . . . . . . . . . . . . . . . . . . 696 . . . . . . . . . . . . . . . . . . . . . . . 697 . . . . . . . . . . . . . . . . . . . . . . . . 698 cos-queue strict diffserv drop . mark cos . . . . . . . . . . . . . . . . . . . . . . mark ip-dscp . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 24 Monday, January 25, 2016 1:25 PM match source-address mac . . . . . . . . . . . . 712 match srcip . . . . . . . . . . . . . . . . . . . . . 713 match srcip6 . . . . . . . . . . . . . . . . . . . . 713 match srcl4port . . . . . . . . . . . . . . . . . . 714 . . . . . . . . . . . . . . . . . . . . . 715 . . . . . . . . . . . . . . . . . . . . . . . . 716 match vlan mirror police-simple . . . . . . . . . . . . . . . . . . . . police-single-rate . . . . . . . .
2CSNXXX_SWUM204.book Page 25 Monday, January 25, 2016 1:25 PM show interfaces cos-queue . . . . . . . . . . . . show interfaces random-detect show policy-map 737 . . . . . . . . . . 739 . . . . . . . . . . . . . . . . . . 741 show policy-map interface . . . . . . . . . . . . . 742 . . . . . . . . . . . . . . . . 743 traffic-shape . . . . . . . . . . . . . . . . . . . . 744 vlan priority . . . . . . . . . . . . . . . . . . . . . 745 show service-policy Spanning Tree Commands . . . . . .
2CSNXXX_SWUM204.book Page 26 Monday, January 25, 2016 1:25 PM spanning-tree bpdu-protection spanning-tree cost . . . . . . . . . . 764 . . . . . . . . . . . . . . . . . 765 spanning-tree disable . . . . . . . . . . . . . . . spanning-tree forward-time spanning-tree guard 767 . . . . . . . . . . . . 767 . . . . . . . . . . . . . . . . 768 spanning-tree loopguard . . . . . . . . . . . . . . 769 spanning-tree max-age . . . . . . . . . . . . . . 770 spanning-tree max-hops . . . . . . . . .
2CSNXXX_SWUM204.book Page 27 Monday, January 25, 2016 1:25 PM spanning-tree vlan . . . . . . . . . . . . . . . . . spanning-tree vlan forward-time . . . . . . . . . 786 . . . . . . . . . . . 787 . . . . . . . . . . . . 788 . . . . . . . . . . . . . . 789 spanning-tree vlan hello-time spanning-tree vlan max-age spanning-tree vlan root 785 spanning-tree vlan priority . . . . . . . . . . . . . 790 UDLD Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 28 Monday, January 25, 2016 1:25 PM Independent VLAN Learning . . . . . . . . . . . . 802 Protocol Based VLANs . . . . . . . . . . . . . . . 803 IP Subnet Based VLANs . . . . . . . . . . . . . . 803 . . . . . . . . . . . . . . . . 803 MAC-Based VLANs Private VLAN Commands . . . . . . . . . . . . . 804 Commands in this Section . . . . . . . . . . . . . 806 . . . . . . . . . . . . . . . . . . . 807 interface vlan . interface range vlan . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 29 Monday, January 25, 2016 1:25 PM switchport access vlan . . . . . . . . . . . . . . switchport dot1q ethertype (Global Configuration) . . . . . . . . . . . . . . . . . . . switchport dot1q ethertype (Interface Configuration) . . . . . . . . . . . . switchport general forbidden vlan 826 . . . . . . . . . 828 . . . . 829 . . . . . . . . . 830 switchport general ingress-filtering disable . . . . 831 . . . . . . . . . . . . . . 832 . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 30 Monday, January 25, 2016 1:25 PM vlan protocol group name 845 . . . . . . . . . . . . . vlan protocol group remove 846 . . . . . . . . . . . . Voice VLAN Commands . . . . . . . . . . . . . . . . . . . . . . .848 Commands in this Section voice vlan . . . . . . . . . . . . . . 849 . . . . . . . . . . . . . . . . . . . . . 849 voice vlan (Interface) voice vlan data priority . show voice vlan 4 849 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 851 . . .
2CSNXXX_SWUM204.book Page 31 Monday, January 25, 2016 1:25 PM aaa accounting . . . . . . . . . . . . . . . . . . . aaa authentication dot1x default . . . . . . . . . 863 . . . . . . . . . . . . . 864 . . . . . . . . . . . . . . 866 . . . . . . . . . . . . . . . . . 868 aaa authentication enable aaa authentication login aaa authorization . aaa authorization network default radius . . . . . 871 . . . . . . . . . . . . . . 872 . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 32 Monday, January 25, 2016 1:25 PM show aaa ias-users . . . . . . . . . . . . . . . . 885 show aaa statistics . . . . . . . . . . . . . . . . . 886 show accounting methods show authentication . . . . . . . . . . . . . 887 . . . . . . . . . . . . . . . . 888 show authenticaton authentication-history . . . . 889 show authentication methods . . . . . . . . . . . 889 show authentication statistics . . . . . . . . . . . 890 . . . . . . . . . . . . 891 . . . . . .
2CSNXXX_SWUM204.book Page 33 Monday, January 25, 2016 1:25 PM Commands in this Section logging email . . . . . . . . . . . . . 905 . . . . . . . . . . . . . . . . . . . . 906 logging email urgent logging traps . . . . . . . . . . . . . . . . 907 . . . . . . . . . . . . . . . . . . . . 908 logging email message-type to-addr logging email from-addr . . . . . . . 909 . . . . . . . . . . . . . . 910 logging email message-type subject logging email logtime . . . . . . . 911 . . . . . . . . . .
2CSNXXX_SWUM204.book Page 34 Monday, January 25, 2016 1:25 PM acct-port . . . . . . . . . . . . . . . . . . . . . . 922 attribute 6 . . . . . . . . . . . . . . . . . . . . . 923 attribute 8 . . . . . . . . . . . . . . . . . . . . . 923 attribute 25 . . . . . . . . . . . . . . . . . . . . . 924 attribute 31 . . . . . . . . . . . . . . . . . . . . . 925 authentication event fail retry . . . . . . . . . . . 927 auth-port . . . . . . . . . . . . . . . . . . . . . . 928 deadtime . . . . .
2CSNXXX_SWUM204.book Page 35 Monday, January 25, 2016 1:25 PM radius-server retransmit . . . . . . . . . . . . . . 943 radius-server source-ip . . . . . . . . . . . . . . 944 radius-server source-inteface . . . . . . . . . . . 944 . . . . . . . . . . . . . . . 945 . . . . . . . . . . . . . . . . . . . . . 946 radius-server timeout retransmit show aaa servers . . . . . . . . . . . . . . . . . show radius statistics . . . . . . . . . . . . . . . 950 . . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 36 Monday, January 25, 2016 1:25 PM 802.1x Monitor Mode . . . . . . . . . . . . . . . . Commands in this Section . . . . . . . . . . . . . 967 . . . . . . . . . . . . 968 . . . . . . . . . . . . . . . . . . 969 . . . . . . . . . . . . . . . . . . . 969 dot1x dynamic-vlan enable dot1x eapolflood dot1x initialize dot1x mac-auth-bypass dot1x max-req 966 . . . . . . . . . . . . . . 970 . . . . . . . . . . . . . . . . . . . 971 dot1x max-users dot1x port-control . .
2CSNXXX_SWUM204.book Page 37 Monday, January 25, 2016 1:25 PM port 985 . . . . . . . . . . . . . . . . . . . . . . . . . server-key . . . . . . . . . . . . . . . . . . . . . 986 show dot1x . . . . . . . . . . . . . . . . . . . . . 988 show dot1x authentication-history show dot1x clients . . . . . . . . 989 . . . . . . . . . . . . . . . . . 991 show dot1x interface . show dot1x interface statistics show dot1x users . . . . . . . . . . 994 . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 38 Monday, January 25, 2016 1:25 PM show captive-portal status . block . . . . . . . . . . . 1007 . . . . . . . . . . . . . . . . . . . . . . . 1008 configuration . . . . . . . . . . . . . . . . . . . 1009 . . . . . . . . . . . . . . . . . . . . . . 1010 . . . . . . . . . . . . . . . . . . . . . . . 1010 enable group interface locale . . . . . . . . . . . . . . . . . . . . . 1011 . . . . . . . . . . . . . . . . . . . . . . . 1012 name (Captive Portal) . . . . .
2CSNXXX_SWUM204.book Page 39 Monday, January 25, 2016 1:25 PM show captive-portal user . . . . . . . . . . . . 1022 user group . . . . . . . . . . . . . . . . . . . . 1023 user-logout . . . . . . . . . . . . . . . . . . . . 1024 user name . . . . . . . . . . . . . . . . . . . . 1024 user password . . . . . . . . . . . . . . . . . . user session-timeout . . . . . . . . . . . . . . . 1025 1026 show captive-portal configuration . . . . . . . .
2CSNXXX_SWUM204.book Page 40 Monday, January 25, 2016 1:25 PM rate-limit cpu . . . . . . . . . . . . . . . . . . . show dos-control . . . . . . . . . . . . . . . . show system internal pktmgr 1039 1041 . . . . . . . . . . 1042 storm-control broadcast . . . . . . . . . . . . . 1043 storm-control multicast . . . . . . . . . . . . . 1044 . . . . . . . . . . . . . . 1046 storm-control unicast Management ACL Commands . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 41 Monday, January 25, 2016 1:25 PM passwords history passwords lock-out . . . . . . . . . . . . . . . . 1060 . . . . . . . . . . . . . . . 1061 passwords min-length . . . . . . . . . . . . . . passwords strength-check . . . . . . . . . . . 1062 1063 passwords strength minimum uppercaseletters . . . . . . . . . . . . . . . . . . . . . . . 1064 passwords strength minimum lowercaseletters . . . . . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 42 Monday, January 25, 2016 1:25 PM crypto key generate rsa . . . . . . . . . . . . . crypto key pubkey-chain ssh . . . . . . . . . . crypto key zeroize pubkey-chain 1078 . . . . . . . . . . . 1079 . . . . . . . . . . . . . . . . . . . . 1079 ip ssh pubkey-auth . . . . . . . . . . . . . . . . 1080 . . . . . . . . . . . . . . . . . . . 1081 . . . . . . . . . . . . . . . . . . . . 1083 ip ssh server key-string . show crypto key mypubkey . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 43 Monday, January 25, 2016 1:25 PM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1101 Commands in this Section . . . . . . . . . . . . 1101 . . . . . . . . . . . . . . . 1101 . . . . . . . . . . . . . . . . . . . . . . . 1102 clear mvrp statistics mvrp mvrp global . . . . . . . . . . . . . . . . . . . . mvrp periodic state machine . show mvrp 1103 . . . . . . . . . . 1104 . . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 44 Monday, January 25, 2016 1:25 PM show msrp statistics show msrp stream . . . . . . . . . . . . . . . 1122 . . . . . . . . . . . . . . . . 1124 802.1AS Timesync Commands . . . . . . . . . . . . . . . . .1127 Commands in this Section clear dot1as statistics . . . . . . . . . . . . 1127 . . . . . . . . . . . . . . 1127 dot1as (Global Configuration) . . . . . . . . . . dot1as (Interface Configuration) dot1as priority . . . . . . . . . 1129 . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 45 Monday, January 25, 2016 1:25 PM Port Roles . . . . . . . . . . . . . . . . . . . . Commands in this Section . . . . . . . . . . . . Data Center Bridging Capability Exchange Commands . . . . . . . . . . . . . . . . . 1156 . . . . . . . . . . . . . . . 1156 . . . . . . . . . . . . . . . . . 1157 lldp tlv-select dcbxp (dcb enable) . . . . . . . . 1158 . . . . . . . . . . . . . . . . 1160 . . . . . . . . . . . . . . . 1161 . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 46 Monday, January 25, 2016 1:25 PM controller . . . . . . . . . . . . . . . . . . . . . hardware profile openflow . . . . . . . . . . . . 1180 . . . . . . . . . . . . . . . . . . . 1181 . . . . . . . . . . . . . . . . . . . . . . . 1182 ipv4 address mode 1178 openflow passive . . . . . . . . . . . . . . . . . . . . . 1185 . . . . . . . . . . . . . . . . . . . . . . 1186 protocol-version show openflow . . . . . . . . . . . . . . . . . 1187 . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 47 Monday, January 25, 2016 1:25 PM arp purge . . . . . . . . . . . . . . . . . . . . . arp resptime 1211 . . . . . . . . . . . . . . . . . . . 1212 arp retries . . . . . . . . . . . . . . . . . . . . 1213 arp timeout . . . . . . . . . . . . . . . . . . . . 1213 clear arp-cache . . . . . . . . . . . . . . . . . clear arp-cache management . . . . . . . . . . 1215 . . . . . . . . . . . . . . . . 1216 . . . . . . . . . . . . . . . . . . . 1216 . . . . . . . . . .
2CSNXXX_SWUM204.book Page 48 Monday, January 25, 2016 1:25 PM router bgp . . . . . . . . . . . . . . . . . . . . address-family . . . . . . . . . . . . . . . . . . address-family ipv4 vrf address-family ipv6 1234 . . . . . . . . . . . . . . 1236 . . . . . . . . . . . . . . . 1237 address-family vpnv4 unicast aggregate-address . 1233 . . . . . . . . . . 1237 . . . . . . . . . . . . . . . 1239 bgp aggregate-different-meds (BGP Router Configuration) . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 49 Monday, January 25, 2016 1:25 PM clear ip bgp . . . . . . . . . . . . . . . . . . . . clear ip bgp counters . . . . . . . . . . . . . . default-information originate (BGP Router Configuration) . . . . . . . . . . . . . . . . . . default-information originate (IPv6 Address Family Configuration) . . . . . . . . . . . . . 1255 1256 . . . 1257 . . . . . . . 1258 . . . . . . . . . . . . . . . . . . . . . 1259 default metric (IPv6 Address Family Configuration) . . . . .
2CSNXXX_SWUM204.book Page 50 Monday, January 25, 2016 1:25 PM match extcommunity . . . . . . . . . . . . . . . maximum-paths (BGP Router Configuration) . . 1276 . . . . . . 1277 . . . . . . . . 1278 maximum-paths (IPv6 Address Family Configuration) . . . . . . . . . . . . maximum-paths ibgp (BGP Router Configuration) . . . . . . . . . . maximum-paths ibgp (IPv6 Address Family Configuration) . . . . . . . . . . . . . . . neighbor activate 1275 . . . 1279 . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 51 Monday, January 25, 2016 1:25 PM neighbor local-as . . . . . . . . . . . . . . . . neighbor maximum-prefix (BGP Router Configuration) . . . . . . . . . . . . . 1296 . . . . . 1298 neighbor maximum-prefix (IPv6 Address Family Configuration) . . . . . . . . . . . . . . . . . . 1299 neighbor next-hop-self (BGP Router Configuration) . . . . . . . . . . . . 1301 . . . . . . neighbor next-hop-self (IPv6 Address Family Configuration) . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 52 Monday, January 25, 2016 1:25 PM neighbor send-community (IPv6 Address Family Configuration) . . . . . . . . . . . . . . . 1316 . . . . . . . . . . . . . . . 1317 . . . . . . . . . . . . . . . . . 1318 neighbor shutdown . neighbor timers neighbor update-source . . . . . . . . . . . . . network (BGP Router Configuration) . . . . . . . 1321 . . . . . . . . . . 1323 . . . . . . . . . . . . . . . . 1324 . . . . . . . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 53 Monday, January 25, 2016 1:25 PM show bgp ipv6 neighbors policy . . . . . . . . . show bgp ipv6 neighbors received-routes 1350 . . . 1351 show bgp ipv6 statistics . . . . . . . . . . . . . 1353 show bgp ipv6 summary . . . . . . . . . . . . . 1354 show bgp ipv6 update-group . . . . . . . . . . . 1357 . . . . . . . . . 1360 . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 54 Monday, January 25, 2016 1:25 PM show ip bgp update-group show ip bgp vpn4 . . . . . . . . . . . . . 1390 . . . . . . . . . . . . . . . . 1393 show router-capability . . . . . . . . . . . . . . 1398 . . . . . . . . . . . . . . . . . . 1399 . . . . . . . . . . . . . . . . . . . . 1401 template peer timers bgp BGP Routing Policy . . . . . . . . . . . . . . . . . . . . . . . . . .1403 Commands in this Section ip as-path access-list . . . . . . . . . . . . 1403 . .
2CSNXXX_SWUM204.book Page 55 Monday, January 25, 2016 1:25 PM clear ip prefix-list . . . . . . . . . . . . . . . . 1424 . . . . . . . . . . . . . . . 1425 clear ipv6 prefix-list clear ip community-list . set as-path . . . . . . . . . . . . . 1426 . . . . . . . . . . . . . . . . . . . . 1427 set comm-list delete set community . . . . . . . . . . . . . . . 1428 . . . . . . . . . . . . . . . . . . 1429 set ipv6 next-hop (BGP) . . . . . . . . . . . . . 1430 . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 56 Monday, January 25, 2016 1:25 PM host . . . . . . . . . . . . . . . . . . . . . . . . 1444 ip dhcp bootp automatic . . . . . . . . . . . . . 1445 ip dhcp conflict logging . . . . . . . . . . . . . 1446 ip dhcp excluded-address . . . . . . . . . . . . 1446 . . . . . . . . . . . . . . . 1447 . . . . . . . . . . . . . . . . . . . . . . . 1448 ip dhcp ping packets lease netbios-name-server . . . . . . . . . . . . . . . 1449 . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 57 Monday, January 25, 2016 1:25 PM domain-name (IPv6 DHCP Pool Config) . . . . . 1463 ipv6 dhcp pool . . . . . . . . . . . . . . . . . . 1464 ipv6 dhcp relay . . . . . . . . . . . . . . . . . . 1465 ipv6 dhcp server . . . . . . . . . . . . . . . . . 1466 prefix-delegation . . . . . . . . . . . . . . . . . 1468 . . . . . . . . . . . . . . . . . . 1469 service dhcpv6 show ipv6 dhcp . . . . . . . . . . . . . . . . . . show ipv6 dhcp binding . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 58 Monday, January 25, 2016 1:25 PM ipv6 dhcp snooping log-invalid . ipv6 dhcp snooping trust . . . . . . . . . 1485 . . . . . . . . . . . . . 1486 ipv6 dhcp snooping verify mac-address . . . . . 1486 ipv6 verify binding . . . . . . . . . . . . . . . . 1487 ipv6 verify source . . . . . . . . . . . . . . . . 1488 show ipv6 dhcp snooping . . . . . . . . . . . . show ipv6 dhcp snooping binding . . . . . . . . show ipv6 dhcp snooping database 1490 . . . . . . .
2CSNXXX_SWUM204.book Page 59 Monday, January 25, 2016 1:25 PM show ip dvmrp prune . show ip dvmrp route . . . . . . . . . . . . . . 1502 . . . . . . . . . . . . . . . 1502 GMRP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . .1504 Commands in this Section gmrp enable . . . . . . . . . . . . 1505 . . . . . . . . . . . . . . . . . . . 1505 clear gmrp statistics . . . . . . . . . . . . . . . show gmrp configuration . . . . . . . . . . . . 1506 1506 IGMP Commands . . . . . . . . . .
2CSNXXX_SWUM204.book Page 60 Monday, January 25, 2016 1:25 PM show ip igmp interface stats . . . . . . . . . . . 1520 IGMP Proxy Commands . . . . . . . . . . . . . . . . . . . . . .1522 Commands in this Section ip igmp proxy-service . . . . . . . . . . . . 1522 . . . . . . . . . . . . . . 1522 ip igmp proxy-service reset-status . . . . . . . ip igmp proxy-service unsolicit-rprtinterval . . . . . . . . . . . . . . . . show ip igmp proxy-service . . . . . . 1524 . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 61 Monday, January 25, 2016 1:25 PM ip helper enable . . . . . . . . . . . . . . . . . show ip helper-address show ip dhcp relay 1541 . . . . . . . . . . . . . 1542 . . . . . . . . . . . . . . . . 1543 show ip helper statistics . . . . . . . . . . . . . 1544 IP Routing Commands . . . . . . . . . . . . . . . . . . . . . . . .1547 Static Routes/ECMP Static Routes . . . . . . . 1547 . . . . . . . . . . . . . . . 1548 . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 62 Monday, January 25, 2016 1:25 PM ip unnumbered gratuitous-arp accept . . . . . . 1565 ip unreachables . . . . . . . . . . . . . . . . . 1566 match ip address . . . . . . . . . . . . . . . . . 1567 . . . . . . . . . . . . . . . . . . . 1570 match length match mac-list route-map . . . . . . . . . . . . . . . . . . 1571 . . . . . . . . . . . . . . . . . . . . 1572 set interface null0 . . . . . . . . . . . . . . . . set ip default next-hop set ip next-hop . . .
2CSNXXX_SWUM204.book Page 63 Monday, January 25, 2016 1:25 PM show routing heap summary . . . . . . . . . . . 1595 IPv6 Routing Commands . . . . . . . . . . . . . . . . . . . . . .1597 IPv6 Limitations & Restrictions . . . . . . . . . 1597 . . . . . . . . . . . . 1597 clear ipv6 neighbors . . . . . . . . . . . . . . . 1598 clear ipv6 statistics . . . . . . . . . . . . . . . . 1599 . . . . . . . . . . . . . . . . . . . 1600 . . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 64 Monday, January 25, 2016 1:25 PM ipv6 nd ns-interval . . . . . . . . . . . . . . . . ipv6 nd nud max-multicast-solicits . . . . . . . 1612 . . . . . . . . 1613 . . . . . . . . . . . . . . . . . 1614 ipv6 nd nud max-unicast-solicits ipv6 nd nud retry ipv6 nd other-config-flag ipv6 nd prefix 1611 . . . . . . . . . . . . . 1615 . . . . . . . . . . . . . . . . . . . 1616 ipv6 nd raguard attach-policy . . . . . . . . . . 1617 ipv6 nd ra-interval . . . . . . . . .
2CSNXXX_SWUM204.book Page 65 Monday, January 25, 2016 1:25 PM show ipv6 mld host-proxy groups . . . . . . . . show ipv6 mld host-proxy groups detail . . . . . 1637 . . . . . . . 1638 . . . . . . . . . . . . . . . 1640 show ipv6 mld host-proxy interface show ipv6 mld traffic 1635 show ipv6 nd raguard policy . . . . . . . . . . . 1641 show ipv6 neighbors . . . . . . . . . . . . . . . 1642 show ipv6 protocols . . . . . . . . . . . . . . . 1643 . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 66 Monday, January 25, 2016 1:25 PM ip mroute . . . . . . . . . . . . . . . . . . . . . ip multicast-routing . . . . . . . . . . . . . . . ip multicast ttl-threshold ip pim 1659 1660 . . . . . . . . . . . . . 1661 . . . . . . . . . . . . . . . . . . . . . . . 1662 ip pim bsr-border . . . . . . . . . . . . . . . . . ip pim bsr-candidate . . . . . . . . . . . . . . . 1664 . . . . . . . . . . . . . . . . 1665 . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 67 Monday, January 25, 2016 1:25 PM show ip mroute static show ip pim . . . . . . . . . . . . . . . 1677 . . . . . . . . . . . . . . . . . . . 1678 show ip pim bsr-router . . . . . . . . . . . . . . 1678 show ip pim interface . . . . . . . . . . . . . . 1680 show ip pim neighbor . . . . . . . . . . . . . . 1681 . . . . . . . . . . . . . . . 1682 show ip pim rp-hash show ip pim rp mapping show ip pim statistics . . . . . . . . . . . . . 1683 . . . . . . . . . .
2CSNXXX_SWUM204.book Page 68 Monday, January 25, 2016 1:25 PM ipv6 pim ssm show ipv6 pim . . . . . . . . . . . . . . . . . . . 1696 . . . . . . . . . . . . . . . . . . 1697 show ipv6 pim bsr-router . . . . . . . . . . . . . 1698 . . . . . . . . . . . . . 1702 . . . . . . . . . . . . 1703 show ipv6 pim interface . . . . . . . . . . . . . 1704 show ipv6 pim neighbor . . . . . . . . . . . . . 1705 . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 69 Monday, January 25, 2016 1:25 PM area nssa no-redistribute area nssa no-summary . . . . . . . . . . . . . 1718 . . . . . . . . . . . . . 1718 area nssa translator-role . . . . . . . . . . . . . area nssa translator-stab-intv . . . . . . . . . . 1720 . . . . . . . . . . . . 1721 . . . . . . . . . . . . . . . . . . . . . 1723 area range (Router OSPF) area stub 1719 area stub no-summary area virtual-link . . . . . . . . . . . . . . 1724 . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 70 Monday, January 25, 2016 1:25 PM default-metric distance ospf . . . . . . . . . . . . . . . . . . 1740 . . . . . . . . . . . . . . . . . . . 1741 distribute-list out enable . . . . . . . . . . . . . . . . . 1742 . . . . . . . . . . . . . . . . . . . . . . 1743 exit-overflow-interval . . . . . . . . . . . . . . 1743 . . . . . . . . . . . . . . . . 1744 . . . . . . . . . . . . . . . . . . . 1745 external-lsdb-limit ip ospf area .
2CSNXXX_SWUM204.book Page 71 Monday, January 25, 2016 1:25 PM nsf . . . . . . . . . . . . . . . . . . . . . . . . nsf helper . . . . . . . . . . . . . . . . . . . . . nsf helper strict-lsa-checking nsf restart-interval 1758 1759 . . . . . . . . . . 1760 . . . . . . . . . . . . . . . . 1761 passive-interface default . . . . . . . . . . . . 1762 passive-interface . . . . . . . . . . . . . . . . 1762 redistribute (OSPF) . . . . . . . . . . . . . . . . 1763 . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 72 Monday, January 25, 2016 1:25 PM show ip ospf statistics . . . . . . . . . . . . . . 1791 . . . . . . . . . . . . . 1793 . . . . . . . . . . . . . . . 1794 show ip ospf stub table show ip ospf traffic . show ip ospf virtual-link . . . . . . . . . . . . . show ip ospf virtual-links brief timers pacing flood . . . . . . . . . . . 1798 . . . . . . . . . . . . . . . 1798 timers pacing lsa-group timers spf 1796 . . . . . . . . . . . . . 1799 . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 73 Monday, January 25, 2016 1:25 PM area virtual-link hello-interval . . . . . . . . . . area virtual-link retransmit-interval area virtual-link transmit-delay . . . . . . . 1816 . . . . . . . . . 1817 default-information originate (Router OSPFv3 Configuration) . . . . . . . . . . . . . . . . . . 1817 . . . . . . . . . . . . . . . . . . 1818 . . . . . . . . . . . . . . . . . . . 1819 . . . . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 74 Monday, January 25, 2016 1:25 PM nsf . . . . . . . . . . . . . . . . . . . . . . . . nsf helper . . . . . . . . . . . . . . . . . . . . . nsf helper strict-lsa-checking 1832 1833 . . . . . . . . . . 1834 nsf restart-interval . . . . . . . . . . . . . . . . 1834 passive-interface . . . . . . . . . . . . . . . . 1835 passive-interface default . . . . . . . . . . . . 1836 . . . . . . . . . . . . . . 1837 . . . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 75 Monday, January 25, 2016 1:25 PM show ipv6 ospf stub table show ipv6 ospf virtual-links . . . . . . . . . . . . 1855 . . . . . . . . . . . 1855 show ipv6 ospf virtual-link brief . . . . . . . . . 1856 Router Discovery Protocol Commands . . . . . . . . .1858 Commands in this Section ip irdp . . . . . . . . . . . . . 1858 . . . . . . . . . . . . . . . . . . . . . . 1858 ip irdp holdtime . . . . . . . . . . . . . . . . . . 1860 ip irdp maxadvertinterval . . . . .
2CSNXXX_SWUM204.book Page 76 Monday, January 25, 2016 1:25 PM ip rip . . . . . . . . . . . . . . . . . . . . . . . 1871 ip rip authentication . . . . . . . . . . . . . . . 1872 ip rip receive version . . . . . . . . . . . . . . . 1873 . . . . . . . . . . . . . . . . 1874 . . . . . . . . . . . . . . . . . . . . 1875 . . . . . . . . . . . . . . . . . . . . . 1876 ip rip send version redistribute router rip show ip rip . . . . . . . . . . . . . . . . . . . . show ip rip interface . . . . .
2CSNXXX_SWUM204.book Page 77 Monday, January 25, 2016 1:25 PM maximum routes show ip vrf . . . . . . . . . . . . . . . . . 1891 . . . . . . . . . . . . . . . . . . . . 1893 Virtual Router Redundancy Protocol Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1895 Pingable VRRP Interface . . . . . . . . . . . . . VRRP Route/Interface Tracking . . . . . . . . . 1896 . . . . . . . . . . . . . . . . 1896 . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 78 Monday, January 25, 2016 1:25 PM show vrrp interface . . . . . . . . . . . . . . . show vrrp interface brief . . . . . . . . . . . . . 1912 show vrrp interface stats . . . . . . . . . . . . 1913 . . . . . . . . . . . . . . . 1914 ip vrrp accept-mode show ip vrrp interface 8 1910 . . . . . . . . . . . . . . Switch Management Commands . . . . . 1914 1917 Application Deployment . . . . . . . . . . . . . . . . . . . . . .1918 Commands in this Section . . . . . .
2CSNXXX_SWUM204.book Page 79 Monday, January 25, 2016 1:25 PM show boot . . . . . . . . . . . . . . . . . . . . 1929 CLI Macro Commands . . . . . . . . . . . . . . . . . . . . . . . .1931 Commands in this Section macro name . . . . . . . . . . . . 1932 . . . . . . . . . . . . . . . . . . . 1932 macro global apply . . . . . . . . . . . . . . . . 1934 macro global trace . . . . . . . . . . . . . . . . 1934 macro global description . . . . . . . . . . . . 1935 macro apply . . . . . . . . . .
2CSNXXX_SWUM204.book Page 80 Monday, January 25, 2016 1:25 PM sntp server . . . . . . . . . . . . . . . . . . . . sntp source-interface sntp trusted-key . . . . . . . . . . . . . . 1947 . . . . . . . . . . . . . . . . . 1948 sntp unicast client enable . . . . . . . . . . . . clock timezone hours-offset no clock timezone 1949 . . . . . . . . . . . 1949 . . . . . . . . . . . . . . . . 1950 clock summer-time recurring . . . . . . . . . . 1951 . . . . . . . . . . . . . 1952 . . . . . . . .
2CSNXXX_SWUM204.book Page 81 Monday, January 25, 2016 1:25 PM boot system . . . . . . . . . . . . . . . . . . . 1961 clear config . . . . . . . . . . . . . . . . . . . . 1962 . . . . . . . . . . . . . . . . . . . . . . . 1963 copy delete . . . . . . . . . . . . . . . . . . . . . . . 1969 delete backup-config . . . . . . . . . . . . . . 1970 delete backup-image . . . . . . . . . . . . . . . 1971 delete startup-config . . . . . . . . . . . . . . . 1971 . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 82 Monday, January 25, 2016 1:25 PM Commands in this Section . . . . . . . . . . . . 1986 . . . . . . . . . . . . . . . . . . . 1986 . . . . . . . . . . . . . . . . . . . . . 1987 server . . . . . . . . . . . . . . . . . . . . . . . 1988 enable . . . . . . . . . . . . . . . . . . . . . . 1989 eula-consent hiveagent proxy-ip-address url . . . . . . . . . . . . . . . . . . 1990 . . . . . . . . . . . . . . . . . . . . . . . . 1991 show hiveagent status . . . . . .
2CSNXXX_SWUM204.book Page 83 Monday, January 25, 2016 1:25 PM password (Line Configuration) . . . . . . . . . . 2004 . . . . . . . . . . . . . . . . . . . . . 2005 . . . . . . . . . . . . . . . . . . . . . . . 2006 show line speed terminal length . . . . . . . . . . . . . . . . . . 2007 PHY Diagnostics Commands . . . . . . . . . . . . . . . . . .2009 show copper-ports tdr . . . . . . . . . . . . . . show fiber-ports optical-transceiver test copper-port tdr 2009 . . . . . . 2010 . . . . . .
2CSNXXX_SWUM204.book Page 84 Monday, January 25, 2016 1:25 PM show power inline firmware-version . . . . . . 2026 RMON Commands . . . . . . . . . . . . . . . . . . . . . . . . . . .2028 Commands in this Section rmon alarm . . . . . . . . . . . . 2028 . . . . . . . . . . . . . . . . . . . . 2028 rmon collection history . rmon event . . . . . . . . . . . . . 2030 . . . . . . . . . . . . . . . . . . . . 2031 rmon hcalarm . . . . . . . . . . . . . . . . . . 2032 show rmon alarm . . . . . . . .
2CSNXXX_SWUM204.book Page 85 Monday, January 25, 2016 1:25 PM debug cfm . . . . . . . . . . . . . . . . . . . . debug clear . . . . . . . . . . . . . . . . . . . . debug console . . . . . . . . . . . . . . . . . . debug crashlog . . . . . . . . . . . . . . . . . . debug dhcp packet . . . . . . . . . . . . . . . . debug dhcp server packet 2053 2053 2054 2057 . . . . . . . . . . . . 2058 . . . . . . . . . . . . . . . . . . 2059 . . . . . . . . . . . . . . . . . . . 2060 debug dot1ag .
2CSNXXX_SWUM204.book Page 86 Monday, January 25, 2016 1:25 PM debug ipv6 pimsm . . . . . . . . . . . . . . . . 2072 debug isdp . . . . . . . . . . . . . . . . . . . . 2072 debug lacp . . . . . . . . . . . . . . . . . . . . 2073 debug mldsnooping debug ospf . . . . . . . . . . . . . . . 2074 . . . . . . . . . . . . . . . . . . . . 2075 debug ospfv3 . . . . . . . . . . . . . . . . . . . 2076 . . . . . . . . . . . . . . . . . . . . 2076 . . . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 87 Monday, January 25, 2016 1:25 PM show ip http . . . . . . . . . . . . . . . . . . . show supported mibs . . . . . . . . . . . . . . 2094 . . . . . . . . . . . . . . . . . . . 2099 . . . . . . . . . . . . . . . . . . . . 2100 snapshot bgp write core 2093 Sflow Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . .2102 Commands in this Section . . . . . . . . . . . . 2102 . . . . . . . . . . . . . . . . . 2102 . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 88 Monday, January 25, 2016 1:25 PM show snmp views show trapflags . . . . . . . . . . . . . . . . 2119 . . . . . . . . . . . . . . . . . . 2120 snmp-server community . . . . . . . . . . . . . snmp-server community-group snmp-server contact 2121 . . . . . . . . . 2123 . . . . . . . . . . . . . . . 2124 snmp-server enable traps . . . . . . . . . . . . snmp-server engineID local 2124 . . . . . . . . . . . 2128 snmp-server filter . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 89 Monday, January 25, 2016 1:25 PM proxy-ip-address server . . . . . . . . . . . . . . . . . . 2146 . . . . . . . . . . . . . . . . . . . . . . 2147 show eula-consent support-assist . . . . . . . 2148 . . . . . . . . . . . 2150 . . . . . . . . . . . . . . . . . . 2151 . . . . . . . . . . . . . . . . . . . . . . . . 2152 show support-assist status support-assist url . SYSLOG Commands . . . . . . . . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 90 Monday, January 25, 2016 1:25 PM logging on . . . . . . . . . . . . . . . . . . . . logging protocol logging snmp . . . . . . . . . . . . . . . . . 2168 . . . . . . . . . . . . . . . . . . . 2170 logging source-interface . . . . . . . . . . . . . 2171 . . . . . . . . . . . . . . . 2172 . . . . . . . . . . . . . . . . . . . . . . . . 2173 logging web-session port 2168 show logging . . . . . . . . . . . . . . . . . . . show logging file . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 91 Monday, January 25, 2016 1:25 PM disconnect exit . . . . . . . . . . . . . . . . . . . . 2189 . . . . . . . . . . . . . . . . . . . . . . . . 2190 hardware profile portmode hostname . . . . . . . . . . . 2191 . . . . . . . . . . . . . . . . . . . . . 2192 initiate failover . . . . . . . . . . . . . . . . . . 2193 . . . . . . . . . . . . . . . . . . . 2194 locate . . . . . . . . . . . . . . . . . . . . . . . 2195 logout . . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 92 Monday, January 25, 2016 1:25 PM show cut-through mode . . . . . . . . . . . . . 2213 show hardware profile . . . . . . . . . . . . . . 2213 show idprom interface . . . . . . . . . . . . . . 2214 . . . . . . . . . . . . . . . . . 2215 show interfaces show interfaces advanced firmware . . . . . . 2217 . . . . . . . . . . . . 2218 . . . . . . . . . . . . . . . . 2221 . . . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 93 Monday, January 25, 2016 1:25 PM show system power . . . . . . . . . . . . . . . show system temperature . . . . . . . . . . . . 2247 . . . . . . . . . . . . . . . . 2248 . . . . . . . . . . . . . . . . . . . . 2250 show tech-support show users show version stack . . . . . . . . . . . . . . . . . . . 2251 . . . . . . . . . . . . . . . . . . . . . . . 2253 stack-port . . . . . . . . . . . . . . . . . . . . stack-port shutdown standby 2253 . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 94 Monday, January 25, 2016 1:25 PM absolute . . . . . . . . . . . . . . . . . . . . . 2270 periodic . . . . . . . . . . . . . . . . . . . . . . 2271 show time-range . . . . . . . . . . . . . . . . . 2273 USB Flash Drive Commands . . . . . . . . . . . . . . . . . .2275 Validation of Files Downloaded/Uploaded from USB Device . . . . . . . . . . . . . . . . . . . . 2275 . . 2275 . . . . . . 2276 . . . . . . . . . . . . 2276 . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 95 Monday, January 25, 2016 1:25 PM common-name country . . . . . . . . . . . . . . . . . . 2288 . . . . . . . . . . . . . . . . . . . . . . 2289 crypto certificate generate crypto certificate import . . . . . . . . . . . 2290 . . . . . . . . . . . . . 2291 crypto certificate request duration . . . . . . . . . . . . 2292 . . . . . . . . . . . . . . . . . . . . . 2293 ip http port . . . . . . . . . . . . . . . . . . . . ip http server . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 95 Monday, January 25, 2016 1:25 PM 1 Dell Networking CLI Dell Networking N1500/N2000/N3000/N4000 Series Switches Introduction The Command Line Interface (CLI) is a network management application operated through an ASCII terminal without the use of a Graphic User Interface (GUI) driven software application. By directly entering commands, the user has greater configuration flexibility. The CLI is a basic command-line interpreter similar to the UNIX C shell.
2CSNXXX_SWUM204.book Page 96 Monday, January 25, 2016 1:25 PM Table 1-1. System Command Groups (continued) Command Group Description Auto-VoIP Configures Auto VoIP for IP phones on a switch. CDP Interoperability Configures Cisco® Discovery Protocol (CDP). DHCP L2 Relay Enables the Layer 2 DHCP Relay agent for an interface. DHCP Snooping Configures DHCP snooping and displays DHCP Snooping information. Dynamic ARP Inspection Configures for rejection of invalid and malicious ARP packets.
2CSNXXX_SWUM204.book Page 97 Monday, January 25, 2016 1:25 PM Table 1-1. System Command Groups (continued) Command Group Description Loop Protection Configures keep alive. MLAG Configures MLAG and displays MLAG information. Multicast VLAN Registration Configures MVLAN and displays MVLAN information. Port Channel Configures and displays Port channel information. Port Monitor Monitors activity on specific target ports. QoS Configures and displays QoS information.
2CSNXXX_SWUM204.book Page 98 Monday, January 25, 2016 1:25 PM Table 1-1. System Command Groups (continued) Command Group Description Audio Visual Bridging Commands MMRP Configures and displays MMRP information. MSRP Configures and displays MSRP information. MVRP Configures and displays MVRP information. Security Commands Configures and displays commands related to 802.1AS timesync.
2CSNXXX_SWUM204.book Page 99 Monday, January 25, 2016 1:25 PM Table 1-1. System Command Groups (continued) Command Group Description IP Helper/DHCP Relay Configures relay of UDP packets. IP Routing (IPv4) Configures IP routing and addressing. IPv6 Multicast Manages IPv6 Multicasting on the system. IPv6 Routing Configures IPv6 routing and addressing. Loopback Interface (IPv6) Manages Loopback configurations. Multicast (Mcast) Manages Multicasting on the system.
2CSNXXX_SWUM204.book Page 100 Monday, January 25, 2016 1:25 PM Table 1-1. System Command Groups (continued) Command Group Description HiveAgent Enables configuration of the Dell HiveAgent Line Configures the console, SSH, and remote Telnet connection. PHY Diagnostics Diagnoses and displays the interface status. Power Over Ethernet (PoE) Configures PoE and displays PoE information. RMON Can be configured through the CLI and displays RMON information.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 103 Monday, January 25, 2016 1:25 PM Layer 2 Commands ACL Command Description Modea ip access-list Creates an Access Control List (ACL) that is identified by the parameter accesslistnumber. GC deny | permit (IP ACL) The deny command denies traffic if the ML conditions defined in the deny statement are matched. The permit command allows traffic if the conditions defined in the permit statement are matched.
2CSNXXX_SWUM204.book Page 104 Monday, January 25, 2016 1:25 PM Modea Command Description show ip access-lists Displays an Access Control List (ACL) and all PE of the rules that are defined for the ACL. show mac access-lists Displays a MAC access list and all of the rules that are defined for the ACL. a. PE For the meaning of each Mode abbreviation, see Mode Typeson page 100.
2CSNXXX_SWUM204.book Page 105 Monday, January 25, 2016 1:25 PM Modea Command Description show mac address-table static Displays statically created entries in the bridge- PE forwarding database. show mac address-table vlan Displays all entries in the bridge-forwarding database for the specified VLAN. UE or PE show port-security PE a. Displays the port-lock status. For the meaning of each Mode abbreviation, see Mode Typeson page 100.
2CSNXXX_SWUM204.book Page 106 Monday, January 25, 2016 1:25 PM Command Description Modea show isdp interface Displays ISDP settings for the specified interface. PE show isdp neighbors Displays the list of neighboring devices. PE show isdp traffic Displays ISDP statistics. PE a. For the meaning of each Mode abbreviation, see Mode Types on page 100. DHCP L2 Relay Command Description Modea dhcp l2relay (Global Configuration) Enables the Layer 2 DHCP Relay agent for an interface or globally.
2CSNXXX_SWUM204.book Page 107 Monday, January 25, 2016 1:25 PM Modea Command Description show dhcp l2relay vlan Displays whether DHCP L2 Relay is PE or globally enabled on the specified VLAN or GC VLAN range. show dhcp l2relay circuit-id Displays whether DHCP L2 Relay is vlan globally enabled and whether the DHCP Circuit-ID option is enabled on the specified VLAN or VLAN range.
2CSNXXX_SWUM204.book Page 108 Monday, January 25, 2016 1:25 PM Modea Command Description ip dhcp snooping trust Configure a port as trusted for DHCP snooping. IC ip dhcp snooping verify mac- Enables the verification of the source MAC address address with the client MAC address in the received DHCP message. GC show ip dhcp snooping Displays the DHCP snooping global and per port configuration. PE show ip dhcp snooping binding Displays the DHCP snooping binding entries.
2CSNXXX_SWUM204.book Page 109 Monday, January 25, 2016 1:25 PM Command Description Modea ip arp inspection vlan Enables Dynamic ARP Inspection on a single VLAN or a range of VLANs. GC permit ip host mac host Configures a rule for a valid IP address and ARPA MAC address combination used in ARP packet validation. show arp access-list Displays the configured ARP ACLs with the rules. PE show ip arp inspection Displays the Dynamic ARP Inspection configuration.
2CSNXXX_SWUM204.book Page 110 Monday, January 25, 2016 1:25 PM Command Description Modea show interfaces advertise Displays information about auto negotiation advertisement. PE show interfaces configuration Displays the configuration for all configured interfaces. UE show interfaces counters Displays traffic seen by the Ethernet interface. UE show interfaces debounce Lists the debounce information for one or PE or multiple interfaces.
2CSNXXX_SWUM204.book Page 111 Monday, January 25, 2016 1:25 PM a. For the meaning of each Mode abbreviation, see Mode Types on page 100. Ethernet CFM Modea Command Description ethernet cfm domain Enters into maintenance domain Configuration GC mode for an existing domain. Use the optional level parameter to create a domain and enter into maintenance domain Configuration mode. service Associates a VLAN with a maintenance domain.
2CSNXXX_SWUM204.book Page 112 Monday, January 25, 2016 1:25 PM a. For the meaning of each Mode abbreviation, see Mode Types on page 100. Green Ethernet Command Description Modea clear counters Enables a Dell proprietary mode of power reduction on ports that are not connected to another interface. IC green-mode eee Enables EEE low power idle mode on an interface or all the interfaces.
2CSNXXX_SWUM204.book Page 113 Monday, January 25, 2016 1:25 PM GVRP Command Description Modea clear gvrp statistics Clears all the GVRP statistics information. PE garp timer Adjusts the GARP application join, leave, and leaveall GARP timer values. IC gvrp enable (Global Configuration) Enables GVRP globally. GC gvrp enable (Interface Configuration) Enables GVRP on an interface. IC gvrp registration-forbid Deregisters all VLANs, and prevents dynamic VLAN registration on the port.
2CSNXXX_SWUM204.book Page 114 Monday, January 25, 2016 1:25 PM Command Description Modea ip igmp snooping vlan immediate-leave Enables or disables IGMP Snooping fast-leave mode on a selected VLAN. VC ip igmp snooping vlan groupmembership-interval Sets the IGMP Group Membership Interval time on a VLAN. VC ip igmp snooping vlan lastmember-query-interval Sets the IGMP Maximum Response time on a particular VLAN.
2CSNXXX_SWUM204.book Page 115 Monday, January 25, 2016 1:25 PM a. For the meaning of each Mode abbreviation, see Mode Types on page 100. IP Addressing Command Description Modea clear host Deletes entries from the host name-to-address cache. PE clear ip address-conflictdetect Clears the address conflict detection status in the switch. PE interface out-of-band Enters into OOB interface configuration mode. GC ip address (Out-of-Band) Sets an IP address for the out-of-band interface.
2CSNXXX_SWUM204.book Page 116 Monday, January 25, 2016 1:25 PM Command Description Modea ipv6 enable (OOB Configuration) Enables IPv6 operation on the out-of-band interface. IC ipv6 gateway (OOB Configuration) Configures the address of the IPv6 gateway. IC show hosts Displays the default domain name, a list of UE name server hosts, static and cached list of host names and addresses. show ip address-conflict Displays the status information corresponding to the last detected address conflict.
2CSNXXX_SWUM204.book Page 117 Monday, January 25, 2016 1:25 PM IPv6 MLD Snooping Command Description Modea ipv6 mld snooping vlan groupmembership-interval Sets the MLD Group Membership Interval time on a VLAN or interface. VC ipv6 mld snooping vlan immediate-leave Enables or disables MLD Snooping immediate- VC leave admin mode on a selected interface or VLAN. ipv6 mld snooping vlan last- Sets the MLD Maximum Response time for an IC or listener-query-interval interface or VLAN.
2CSNXXX_SWUM204.book Page 118 Monday, January 25, 2016 1:25 PM Modea Command Description ipv6 mld snooping querier election participate Enables the Snooping Querier to participate in VC the Querier Election process when it discovers the presence of another Querier in the VLAN. ipv6 mld snooping querier query-interval Sets the MLD Querier Query Interval time. ipv6 mld snooping querier timer expiry Sets the MLD Querier timer expiration period.
2CSNXXX_SWUM204.book Page 119 Monday, January 25, 2016 1:25 PM Command Description Modea show iscsi Displays the iSCSI settings. PE show iscsi sessions Displays the iSCSI sessions. PE a. For the meaning of each Mode abbreviation, see Mode Types on page 100. Link Dependency Modea Command Description action Indicates if the link-dependency group should LD mirror or invert the status of the depended on interfaces.
2CSNXXX_SWUM204.book Page 120 Monday, January 25, 2016 1:25 PM Command Description Modea lldp med transmit-tlv Specifies which optional TLVs in the LLDP MED set are transmitted in the LLDPDUs. IC lldp notification Enables remote data change notifications. IC lldp notification-interval Limits how frequently remote data change notifications are sent. GC lldp receive Enables the LLDP receive capability.
2CSNXXX_SWUM204.book Page 121 Monday, January 25, 2016 1:25 PM Loop Protection Command Modea Description keepalive (Interface Config) Enables loop protection on an interface. IC keepalive (Global Config) GC Globally enable loop protection and optionally configure the loop protection timer and packet count. keepalive action Configure the action taken when a loop IC is detected on an interface. show keepalive Displays the global loop protect configuration.
2CSNXXX_SWUM204.book Page 122 Monday, January 25, 2016 1:25 PM Command Description Modea peer-keepalive timeout Configures the peer keepalive timeout value, in seconds. MD role priority Configures the priority value used on a switch for primary/secondary role selection. MD show vpc Displays information about an MLAG. PE show vpc brief Displays the MLAG global status.
2CSNXXX_SWUM204.book Page 123 Monday, January 25, 2016 1:25 PM Multicast VLAN Registration Command Description Modea mvr Enables MVR. GC or IC mvr group Adds an MVR membership group. GC mvr mode Changes the MVR mode type. GC mvr querytime Sets the MVR query response time. GC mvr vlan Sets the MVR multicast VLAN. GC mvr immediate Enables MVR Immediate Leave mode. IC mvr type Sets the MVR port type. IC mvr vlan group Use to participate in the specific MVR group.
2CSNXXX_SWUM204.book Page 124 Monday, January 25, 2016 1:25 PM Command Description Modea lacp port-priority Configures the priority value for Ethernet ports. IC lacp system-priority Configures the system LACP priority. GC lacp timeout Assigns an administrative LACP timeout. IC port-channel min-links Sets the minimum number of links that must IC be up in order for the port channel interface to be declared up. show interfaces portchannel Displays port-channel information.
2CSNXXX_SWUM204.book Page 125 Monday, January 25, 2016 1:25 PM QoS Modea Command Description assign-queue Modifies the queue ID to which the associated PCMC traffic stream is assigned. class Creates an instance of a class definition within PMC the specified policy for the purpose of defining treatment of the traffic class through subsequent policy attribute statements. class-map Defines a new DiffServ class of type match-all. GC class-map rename Changes the name of a DiffServ class.
2CSNXXX_SWUM204.book Page 126 Monday, January 25, 2016 1:25 PM Command Description Modea mark ip-dscp Marks all packets for the associated traffic stream with the specified IP DSCP value. PCMC mark ip-precedence Marks all packets for the associated traffic PCMC stream with the specified IP precedence value. match class-map Adds add to the specified class definition the set of match conditions defined for another class.
2CSNXXX_SWUM204.book Page 127 Monday, January 25, 2016 1:25 PM Modea Command Description match protocol Adds to the specified class definition a match CMC condition based on the value of the IP Protocol field in a packet using a single keyword notation or a numeric value notation. match source-address mac Adds to the specified class definition a match CMC condition based on the source MAC address of the packet.
2CSNXXX_SWUM204.book Page 128 Monday, January 25, 2016 1:25 PM Command Modea Description random-detect exponential- Configures the decay in the calculation of the weighting-constant average queue size user for WRED on an interface or all interfaces. GC, IC, or IR redirect Specifies that all incoming packets for the PCMC associated traffic stream are redirected to a specific egress interface (Ethernet port or portchannel).
2CSNXXX_SWUM204.book Page 129 Monday, January 25, 2016 1:25 PM Command Description Modea traffic-shape Specifies the maximum transmission bandwidth limit for the interface as a whole. GC or IC vlan priority Assigns a default VLAN priority tag for untagged frames ingressing an interface. IC a. For the meaning of each Mode abbreviation, see Mode Types on page 100.
2CSNXXX_SWUM204.book Page 130 Monday, January 25, 2016 1:25 PM Command Description Modea spanning-tree bpduprotection Enables BPDU protection on a switch. GC spanning-tree cost Configures the spanning tree path cost for a port. IC spanning-tree disable Disables spanning tree on a specific port. IC spanning-tree forward-time Configures the spanning tree bridge forward time. GC spanning-tree guard Selects whether loop guard or root guard is enabled on an interface.
2CSNXXX_SWUM204.book Page 131 Monday, January 25, 2016 1:25 PM Command Description Modea spanning-tree tcnguard Prevents a port from propagating topology change notifications. IC spanning-tree transmit hold- Set the maximum number of BPDUs that a count bridge is allowed to send within a hello time window (2 seconds). GC spanning-tree uplinkfast Configures the rate at which gratuitous frames are sent after a switchover to an alternate port and enables Direct Link Rapid Convergence.
2CSNXXX_SWUM204.book Page 132 Monday, January 25, 2016 1:25 PM Modea Command Description udld message time Configures the interval between the GC transmission of UDLD probe messages on ports that are in the advertisement phase. udld timeout interval Configures the interval for the receipt of ECHO replies. GC udld enable (Interface Configuration) Enables UDLD on a specific interface. IC udld port Selects the UDLD operating mode on a specific interface.
2CSNXXX_SWUM204.book Page 133 Monday, January 25, 2016 1:25 PM Modea Command Description show port protocol Displays the Protocol-Based VLAN information PE for either the entire system or for the indicated group. show switchport ethertype Displays the configured Ethertype for each PE interface. show vlan Displays detailed information, including interface information and dynamic vlan type, for a specific VLAN.
2CSNXXX_SWUM204.book Page 134 Monday, January 25, 2016 1:25 PM Modea Command Description switchport mode privatevlan Defines a private VLAN association for an IC isolated or community interface or a mapping for a promiscuous interface. switchport mode dot1qtunnel Enables QinQ tunneling on customer edge IC (CE) interfaces. switchport private-vlan Defines a private VLAN association for an IC isolated or community port or a mapping for a promiscuous port.
2CSNXXX_SWUM204.book Page 135 Monday, January 25, 2016 1:25 PM Command Description Modea voice vlan data priority Trusts or not trusts the data traffic arriving on the voice VLAN port. IC show voice vlan Displays various properties of the voice VLAN. PE a. For the meaning of each Mode abbreviation, see Mode Types on page 100.
2CSNXXX_SWUM204.book Page 136 Monday, January 25, 2016 1:25 PM Command Description Modea authentication restart Sets the interval after which reauthentication starts. IC clear (IAS) Deletes all IAS users. PE clear authentication statistics Clears the authentication statistics. PE clear authentication authentication-history Clears the authentication history logs. PE enable password Sets a local password to control access to the normal level.
2CSNXXX_SWUM204.book Page 137 Monday, January 25, 2016 1:25 PM Command Description Modea show users login-history Displays information about login histories of users. PE username Establishes a username-based authentication GC system. Optionally allows the specification of an Administrative Profile for a local user. username unlock Transfers local user passwords between devices without having to know the passwords. a.
2CSNXXX_SWUM204.book Page 138 Monday, January 25, 2016 1:25 PM Command Description Modea logging email urgent Sets the lowest severity level at which log messages are e-mailed in an urgent manner. GC logging traps Sets the lowest severity level at which SNMP traps are logged. GC logging email message-type Configures the To address field of the e-mail. to-addr GC logging email from-addr GC Configures the From address of the e-mail. logging email message-type Configures the subject.
2CSNXXX_SWUM204.book Page 139 Monday, January 25, 2016 1:25 PM RADIUS Command Description Modea acct-port Sets the port that connects to the RADIUS accounting server. R attribute 6 Configures the switch to send the RADIUS R Service-Type attribute in the AccessRequest message sent to a specific RADIUS authentication server. attribute 8 Configures the switch to send the RADIUS R Framed-IP-Address attribute in the AccessRequest message sent to a specific RADIUS authentication server.
2CSNXXX_SWUM204.book Page 140 Monday, January 25, 2016 1:25 PM Modea Command Description primary Specifies that a configured server should be the R primary server in the group of authentication servers which have the same server name. priority Specifies the order in which the servers are to be R used, with 0 being the highest priority. radius-server attribute 4 Sets the network access server (NAS) IP address GC for the RADIUS server.
2CSNXXX_SWUM204.book Page 141 Monday, January 25, 2016 1:25 PM Command Modea Description radius-server source-inteface Selects the interface from which to use the GC IP address in the source IP address field of transmitted RADIUS packets. radius-server timeout Sets the interval for which a switch waits for a RADIUS server to reply. retransmit Specifies the number of times the software R searches the list of RADIUS server hosts before stopping the search.
2CSNXXX_SWUM204.book Page 142 Monday, January 25, 2016 1:25 PM Command Description Modea tacacs-server key Sets the authentication and encryption key for all TACACS+ communications between the switch and the TACACS+ daemon. GC tacacs-server sourceinterface Selects the interface from which to use the IP address in the source IP address field of transmitted TACACS packets. GC tacacs-server timeout Sets the interval for which the switch waits for a GC server host to reply.
2CSNXXX_SWUM204.book Page 143 Monday, January 25, 2016 1:25 PM Command Description Modea dot1x system-auth-control monitor Enables 802.1X globally. GC dot1x timeout guest-vlanperiod Sets the number of seconds that the switch waits before authorizing the client if the client is a dot1x unaware client. IC dot1x timeout quiet-period Sets the number of seconds the switch remains IC in the quiet state following a failed authentication attempt.
2CSNXXX_SWUM204.book Page 144 Monday, January 25, 2016 1:25 PM Command Modea Description show dot1x authentication- Displays the dot1x authentication events and PE history information during successful and unsuccessful dot1x authentication processes. show dot1x clients Displays detailed information about the users who have successfully authenticated on the system or on a specified port. PE show dot1x interface Shows the status of MAC Authentication Bypass.
2CSNXXX_SWUM204.book Page 145 Monday, January 25, 2016 1:25 PM Modea Command Description show captive-portal status Reports the status of all captive portal instances PE in the system. block Blocks all traffic for a captive portal configuration. CPI configuration Enables the captive portal instance mode. CP enable Enables a captive portal configuration. CPI group Configures the group number for a captive portal configuration.
2CSNXXX_SWUM204.book Page 146 Monday, January 25, 2016 1:25 PM Command Description Modea show captive-portal interface client status Displays information about clients authenticated on all interfaces or a specific interface. PE show captive-portal interface configuration status Displays the clients authenticated to all captive PE portal configurations or a to specific configuration. clear captive-portal users Deletes all captive portal user entries.
2CSNXXX_SWUM204.book Page 147 Monday, January 25, 2016 1:25 PM a. For the meaning of each Mode abbreviation, see Mode Types on page 100. Denial of Service Command Description Modea dos-control firstfrag Enables Minimum TCP Header Size Denial of Service protection. GC dos-control icmp Enables Maximum ICMP Packet Size Denial of Service protections. GC dos-control l4port Enables L4 Port Denial of Service protection.
2CSNXXX_SWUM204.book Page 148 Monday, January 25, 2016 1:25 PM Modea Command Description management access-class Defines which management access-list is used. GC management access-list Defines a management access-list, and enters the access-list for configuration. GC permit (management) Defines a permit rule. MA show management accessclass Displays the active management access-list. PE show management accesslist Displays management access-lists. PE a.
2CSNXXX_SWUM204.book Page 149 Monday, January 25, 2016 1:25 PM Command Description Modea passwords strength minimum numericcharacters Enforces a minimum number of numeric numbers that a password should contain. GC passwords strength Enforces a minimum number of special minimum special-characters characters that a password may contain. GC passwords strength maxEnforces a maximum number of consecutive limit consecutive-characters characters that a password can contain.
2CSNXXX_SWUM204.book Page 150 Monday, January 25, 2016 1:25 PM Command Modea Description crypto key zeroize {rsa|dsa} Deletes the RSA or DSA keys from the GC switch. ip ssh port Specifies the port to be used by the SSH server. GC ip ssh pubkey-auth Enables public key authentication for incoming GC SSH sessions. ip ssh server Enables the switch to be configured from a SSH GC server connection. key-string Manually specifies a SSH public key.
2CSNXXX_SWUM204.book Page 151 Monday, January 25, 2016 1:25 PM MVRP Command Description Modea clear mmrp statistics Clears the MVRP statistics for an interface or all interfaces. PE mmrp Enables MVRP on a specific interface. IC IR mmrp global Globally enables MVRP. mmrp periodic state machine Globally enables the MVRP periodic state GC machine. show mmrp Displays the MVRP configuration for an interface or globally. PE Displays the MVRP statistics for an interface or globally.
2CSNXXX_SWUM204.book Page 152 Monday, January 25, 2016 1:25 PM Command Description Modea msrp talker-pruning Enables source pruning. GC show msrp Displays the MSRP configuration for an interface or globally. PE or GC show msrp reservations Displays the MSRP reservation information for PE or an interface. GC show msrp statistics Displays the MSRP statistics for an interface or globally. PE or GC show msrp stream Displays MSRP stream information. PE or GC a.
2CSNXXX_SWUM204.book Page 153 Monday, January 25, 2016 1:25 PM Command Description Modea dot1as timeout sync Configures the number of sync intervals expiries with no received announce message in which case the master is considered to be no longer transmitting. IC dot1as pdelay-threshold Configures the propagation delay IC threshold in nanoseconds, above which an interface is not considered capable of participating in the 802.1AS protocol.
2CSNXXX_SWUM204.book Page 154 Monday, January 25, 2016 1:25 PM Command Description Modea show lldp tlv-select Displays the Traffic Class to Traffic Class Group mapping. PE show lldp dcbx Displays the Traffic Class to Traffic Class Group mapping. PE classofservice traffic-classgroup Maps the internal Traffic Class to an internal Traffic Class Group (TCG).
2CSNXXX_SWUM204.book Page 155 Monday, January 25, 2016 1:25 PM Command Description Modea mode Configures the selection of interfaces used to assign the IP address utilized for controller connections. OFC openflow Enables OpenFlow on the switch (if disabled) GC and enters into OpenFlow configuration mode. passive Sets the switch to wait for the controller to initiate the connection. OFC protocol-version Selects the version of the protocol in which to operate.
2CSNXXX_SWUM204.book Page 156 Monday, January 25, 2016 1:25 PM Layer 3 Routing Commands ARP (IPv4) Command Description Modea arp Creates an Address Resolution Protocol (ARP) entry. GC arp cachesize Configures the maximum number of entries in the ARP cache. GC arp dynamicrenew Enables the ARP component to automatically renew dynamic ARP entries when they age out. GC arp purge Causes the specified IP address to be removed from the ARP cache.
2CSNXXX_SWUM204.book Page 157 Monday, January 25, 2016 1:25 PM Modea Command Description bfd interval Configures BFD session parameters for a VLAN IC routing interface. bfd slow-timer Configures the BFD periodic slow transmission GC interval for BFD Control packets. ip ospf bfd Enable sending of BFD events to OSPF on IC a VLAN routing interface. ipv6 ospf bfd Enables sending of BFD events to OSPF on a VLAN routing interface. IC neighbor fall-over bfd Enables BFD support for a BGP neighbor.
2CSNXXX_SWUM204.book Page 158 Monday, January 25, 2016 1:25 PM Command Description Modea bgp always-compare-med Compares MED values during the decision process in paths received from different autonomous systems. BR bgp client-to-client reflection (BGP Router Configuration) Enables client-to-client reflection. BR bgp client-to-client reflection (IPv6 Address Family Configuration) Enables client-to-client reflection. IPAF bgp cluster-id Specifies the cluster ID of a route reflector.
2CSNXXX_SWUM204.book Page 159 Monday, January 25, 2016 1:25 PM Command Modea Description default metric (BGP Router Sets the value of the MED attribute on routes Configuration) redistributed into BGP when no metric has been specified. BR default metric (IPv6 Address Sets the metric of redistributed IPv6 routes IPAF Family Configuration) when a metric is not configured in the redistribute command. distance Sets the preference of BGP routes to specific destinations.
2CSNXXX_SWUM204.book Page 160 Monday, January 25, 2016 1:25 PM Command Description Modea maximum-paths (BGP Router Configuration) Specifies the maximum number of next hops BGP may include in an Equal Cost Multipath (ECMP) route derived from paths received from neighbors outside the local autonomous system. BR maximum-paths (IPv6 Address Family Configuration) Limits the number of ECMP next hops in IPv6 IPAF routes from external peers.
2CSNXXX_SWUM204.book Page 161 Monday, January 25, 2016 1:25 PM Modea Command Description neighbor ebgp-multihop Configures BGP to form neighborship with BR, external peers that are not directly IPAF connected. neighbor filter-list (BGP Router Configuration) Filters advertisements to or from a specific BR neighbor according to the advertisement’s AS Path.
2CSNXXX_SWUM204.book Page 162 Monday, January 25, 2016 1:25 PM Modea Command Description neighbor prefix-list (IPv6 Address Family Configuration) Specifies an IPv6 prefix list to filter routes IPAF received from or advertised to a given peer. neighbor remote-as Configures a neighbor and identify the neighbor’s autonomous system. neighbor remove-private-as Removes private AS numbers when BR advertising IPv4 routes to an external peer.
2CSNXXX_SWUM204.book Page 163 Monday, January 25, 2016 1:25 PM Command Description Modea network (BGP Router Configuration) Configures BGP to advertise an address prefix. BR network (IPv6 Address Family Configuration) Identifies network IPv6 prefixes that BGP originates in route advertisements to its neighbors. IPAF redistribute (BGP Router Configuration) Configures BGP to advertise routes learned BR by means outside of BGP. BGP can redistribute local (connected), static, OSPF, and RIP routes.
2CSNXXX_SWUM204.book Page 164 Monday, January 25, 2016 1:25 PM Command Description Modea show bgp ipv6 neighbors advertised-routes Displays IPv6 routes advertised to a specific neighbor. PE show bgp ipv6 neighbors policy Displays the inbound and outbound IPv6 policies configured for a specific peer. PE show bgp ipv6 neighbors received-routes Displays a list of IPv6 routes received from PE a specific neighbor. show bgp ipv6 statistics Displays statistics for the IPv6 decision process.
2CSNXXX_SWUM204.book Page 165 Monday, January 25, 2016 1:25 PM Command Description Modea show ip bgp neighbors received-routes Displays the list of routes received from a specific neighbor. PE show ip bgp neighbors policy Displays the inbound and outbound IPv4 PE policies configured for a specific peer.
2CSNXXX_SWUM204.book Page 166 Monday, January 25, 2016 1:25 PM Command Description Modea ip bgp-community newformat Displays BGP standard communities in AA:NN format. GC ip community-list Creates or configures a BGP community list. GC ip prefix-list Creates a prefix list or adds a prefix list entry. GC ip prefix-list description Applies a text description to a prefix list. GC ipv6 prefix-list Creates an IPv6 prefix list or add an IPv6 prefix list entry.
2CSNXXX_SWUM204.book Page 167 Monday, January 25, 2016 1:25 PM Command Description Modea set comm-list delete Removes BGP communities from an inbound or outbound UPDATE message. RM set community Modifies the communities attribute of matching routes. RM set ipv6 next-hop (BGP) Sets the IPv6 next hop of a route. RM set local-preference Sets the local preference of specific BGP routes. RM set metric Sets the metric of a route. RM a.
2CSNXXX_SWUM204.book Page 168 Monday, January 25, 2016 1:25 PM Command Description Modea host Specifies a manual binding for a DHCP client host. DP ip dhcp bootp automatic Enables automatic BOOTP address assignments. GC ip dhcp conflict logging Enables DHCP address conflict detection. GC ip dhcp excluded-address Excludes one or more DHCP addresses from automatic assignment.
2CSNXXX_SWUM204.book Page 169 Monday, January 25, 2016 1:25 PM Command Modea Description show ip dhcp server statistics Displays the DHCP server binding and message PE counters. a. For the meaning of each Mode abbreviation, see Mode Types on page 100. DHCPv6 Modea Command Description clear ipv6 dhcp Clears DHCPv6 statistics for all interfaces or for PE a specific interface.
2CSNXXX_SWUM204.book Page 170 Monday, January 25, 2016 1:25 PM DHCPv6 Snooping Command Description Modea clear ipv6 dhcp snooping binding Clears all IPv6 DHCP snooping entries. UE or PE clear ipv6 dhcp snooping statistics Clears all IPv6 DHCP snooping statistics. UE or PE ipv6 dhcp snooping Globally enables IPv6 DHCP snooping. GC ipv6 dhcp snooping vlan Enables IPv6 DHCP snooping on a set of VLANs. GC ipv6 dhcp snooping binding Configures a static IPv6 DHCP snooping binding.
2CSNXXX_SWUM204.book Page 171 Monday, January 25, 2016 1:25 PM Command Description Modea show ipv6 dhcp snooping database Displays IPv6 DHCP snooping configurations related to database persistency. UE or PE show ipv6 dhcp snooping statistics Displays IPv6 DHCP snooping filtration statistics. UE or PE show ipv6 source binding Displays the IPv6 source guard configurations on all ports, an individual port, or on a VLAN.
2CSNXXX_SWUM204.book Page 172 Monday, January 25, 2016 1:25 PM GMRP Command Description Modea gmrp enable Enables GMRP globally or on a port. GC or IC clear gmrp statistics Clears all the GMRO statistics information. PE show gmrp configuration Displays GMRP configuration. GC or IC a. For the meaning of each Mode abbreviation, see Mode Types on page 100.
2CSNXXX_SWUM204.book Page 173 Monday, January 25, 2016 1:25 PM Command Description Modea ip igmp version Configures the version of IGMP for an interface. IC show ip igmp Displays system-wide IGMP information. PE show ip igmp groups Displays the registered multicast groups on the PE interface. show ip igmp interface Displays the IGMP information for the specified interface. PE show ip igmp membership Displays the list of interfaces that have registered in the multicast group.
2CSNXXX_SWUM204.book Page 174 Monday, January 25, 2016 1:25 PM IP Helper/DHCP Relay Modea Command Description bootpdhcprelay maxhopcount Configures the maximum allowable relay agent GC hops for BootP/DHCP Relay on the system. bootpdhcprelay minwaittime Configures the minimum wait time in seconds GC for BootP/DHCP Relay on the system. clear ip helper statistics Resets (to 0) the statistics displayed in show ip PE helper statistics.
2CSNXXX_SWUM204.book Page 175 Monday, January 25, 2016 1:25 PM IP Routing Modea Command Description encapsulation Configures the link layer encapsulation type for IC the packet. ip address Configures an IP address on an interface. IC ip netdirbcast Enables the forwarding of network-directed IC ip policy route-map Applies a route map on an interface. IC ip redirects Enables the generation of ICMP Redirect messages. IC ip route Configures a static route.
2CSNXXX_SWUM204.book Page 176 Monday, January 25, 2016 1:25 PM Modea Command Description set ip default next-hop Sets a list of default next-hop IP addresses RM to be used if no explicit route for the packet’s destination address appears in the routing table. set ip next-hop Specifies the adjacent next-hop router in the path toward the destination to which the packets should be forwarded. RM set ip precedence Sets the IP precedence bits in the IP packet header.
2CSNXXX_SWUM204.book Page 177 Monday, January 25, 2016 1:25 PM IPv6 Routing Command Description Modea arp Clears all entries in the IPv6 neighbor table or an entry on a specific interface. PE clear ipv6 statistics Clears IPv6 statistics for all interfaces or for a PE specific interface, including loopback and tunnel interfaces. ipv6 address Configures an IPv6 address on an interface (including tunnel and loopback interfaces).
2CSNXXX_SWUM204.book Page 178 Monday, January 25, 2016 1:25 PM Command Description Modea ipv6 nd dad attempts Sets the number of duplicate address detection probes transmitted while doing neighbor discovery. IC ipv6 nd managed-configflag Sets the managed address configuration flag in router advertisements. IC ipv6 nd ns-interval Sets the interval between router advertisements for advertised neighbor solicitations.
2CSNXXX_SWUM204.book Page 179 Monday, January 25, 2016 1:25 PM Modea Command Description ipv6 nd reachable-time Sets the router advertisement time to IC consider a neighbor reachable after neighbor discovery confirmation. ipv6 nd suppress-ra Suppresses router advertisement transmission on an interface. IC ipv6 route Configures an IPv6 static route GC ip route distance Sets the default distance (preference) for static routes.
2CSNXXX_SWUM204.book Page 180 Monday, January 25, 2016 1:25 PM Command Description Modea show ipv6 protocols Displays information about the configured IPv6 routing protocols. PE or GC show ipv6 route Displays the IPv6 routing table. PE show ipv6 route preferences Shows the preference value associated with the type of route. PE show ipv6 route summary Displays a summary of the routing table. PE show ipv6 snooping counters Displays the RA guard dropped packet counters.
2CSNXXX_SWUM204.book Page 181 Monday, January 25, 2016 1:25 PM Command Description Modea ip multicast-routing Sets the administrative mode of the IP multicast forwarder in the router to active. GC ip multicast ttl-threshold Applies a ttlvalue to a routing interface. IC ip pim Administratively configures PIM mode for IP multicast routing on a VLAN interface. IC ip pim bsr-border Administratively disables bootstrap router (BSR) messages from being sent or received through an interface.
2CSNXXX_SWUM204.book Page 182 Monday, January 25, 2016 1:25 PM Command Description Modea show ip multicast interface Displays the multicast information for the specified interface. PE show ip mroute Displays a summary or all the details of the multicast table. PE show ip mroute group Displays the multicast configuration settings of PE entries in the multicast mroute table. show ip mroute source Displays the multicast configuration settings of PE entries in the multicast mroute table.
2CSNXXX_SWUM204.book Page 183 Monday, January 25, 2016 1:25 PM Command Description Modea ipv6 pim (VLAN Interface config) Administratively enables PIM-SM multicast routing mode on a particular IPv6 router interface. IC ipv6 pim bsr-border Prevents bootstrap router (BSR) messages from IC being sent or received through an interface. ipv6 pim bsr-candidate Configures the router to announce its candidacy as a bootstrap router (BSR).
2CSNXXX_SWUM204.book Page 184 Monday, January 25, 2016 1:25 PM Command Description Modea show ip mroute source Displays the multicast configuration settings PE show ipv6 pim interface Displays interface config parameters. PE or GC show ipv6 pim neighbor Displays IPv6 PIMSM neighbors learned on the PE or routing interfaces. GC show ipv6 pim rp-hash Displays which rendezvous point (RP) is being selected for a specified group.
2CSNXXX_SWUM204.book Page 185 Monday, January 25, 2016 1:25 PM Command Description Modea area stub Creates a stub area for the specified area ID. ROSPF area stub no-summary Prevents Summary LSAs from being advertised into the NSSA. ROSPF area virtual-link Creates the OSPF virtual interface for the specified area-id and neighbor router.
2CSNXXX_SWUM204.book Page 186 Monday, January 25, 2016 1:25 PM Command Description Modea distance ospf Sets the route preference value of OSPF in the router. ROSPF distribute-list out Specifies the access list to filter routes received from the source protocol. ROSPF enable Resets the default administrative mode of OSPF ROSPF in the router (active). exit-overflow-interval Configures the exit overflow interval for OSPF. ROSPF external-lsdb-limit Configures the external LSDB limit for OSPF.
2CSNXXX_SWUM204.book Page 187 Monday, January 25, 2016 1:25 PM Command Description Modea max-metric router-lsa Configures OSPF to enable stub router mode. ROSPF maximum-paths Sets the number of paths that OSPF can report for a given destination. ROSPF network area Enables OSPFv2 on an interface and sets its area ROSPF ID if the IP address of an interface is covered by this network command. nsf Enables OSPF graceful restart.
2CSNXXX_SWUM204.book Page 188 Monday, January 25, 2016 1:25 PM Command Description Modea show ip ospf database Displays information about the link state database when OSPF is enabled. PE show ip ospf database database-summary Displays the number of each type of LSA in the database for each area and for the router. PE show ip ospf interface Displays the information for the IFO object or virtual interface tables.
2CSNXXX_SWUM204.book Page 189 Monday, January 25, 2016 1:25 PM OSPFv3 Command Modea Description area default-cost (Router Configures the monetary default cost for the stub ROSV3 OSPFv3) area. area nssa (Router OSPFv3) Configures the specified areaid to function as an ROSV3 NSSA. area nssa default-infooriginate (Router OSPFv3 Config) Configures the metric value and type for the default route advertised into the NSSA.
2CSNXXX_SWUM204.book Page 190 Monday, January 25, 2016 1:25 PM Command Modea Description area virtual-link transmit- Configures the transmit delay for the OSPF ROSV3 delay virtual interface on the virtual interface identified by areaid and neighbor. default-information originate (Router OSPFv3 Configuration) Controls the advertisement of default routes. default-metric Sets a default for the metric of distributed routes. ROSV3 distance ospf Sets the route preference value of OSPF in the router.
2CSNXXX_SWUM204.book Page 191 Monday, January 25, 2016 1:25 PM Command Description Modea ipv6 router ospf Enters Router OSPFv3 Configuration mode. GC maximum-paths Sets the number of paths that OSPF can report for a given destination. ROSV3 nsf Enables OSPF graceful restart. ROSV3 nsf helper Allows OSPF to act as a helpful neighbor for a restarting router. ROSV3 nsf helper strict-lsachecking Requires that an OSPF helpful neighbor exit ROSV3 helper mode whenever a topology change occurs.
2CSNXXX_SWUM204.book Page 192 Monday, January 25, 2016 1:25 PM Command Description Modea show ipv6 ospf interface Displays the information for the IFO object or virtual interface tables. PE show ipv6 ospf interface brief Displays brief information for the IFO object or virtual interface tables. PE show ipv6 ospf interface stats Displays the statistics for a specific interface. UE show ipv6 ospf interface vlan Displays OSPFv3 configuration and status information for a specific VLAN.
2CSNXXX_SWUM204.book Page 193 Monday, January 25, 2016 1:25 PM Command Description Modea ip irdp preference Configures the preference of the address as a default router address relative to other router addresses on the same subnet. IC show ip irdp Displays the router discovery information for all PE interfaces, or for a specified interface. a. For the meaning of each Mode abbreviation, see Mode Types on page 100.
2CSNXXX_SWUM204.book Page 194 Monday, January 25, 2016 1:25 PM Command Description Modea redistribute Configures OSPF protocol to allow redistribution of routes from the specified source protocol/routers. PIP router rip Enters Router RIP mode. GC show ip rip Displays information relevant to the RIP router. PE show ip rip interface Displays information related to a particular RIP PE interface. show ip rip interface brief Displays general information for each RIP interface.
2CSNXXX_SWUM204.book Page 195 Monday, January 25, 2016 1:25 PM Modea Command Description ip vrf Creates a virtual router with a specified name GC and enters Virtual Router Configuration mode. ip vrf forwarding Associates an interface with a VRF instance. maximum routes Reserves the number of routes allowed and sets VR the maximum limit on the number of routes for a virtual router instance in the total routing table space for the router.
2CSNXXX_SWUM204.book Page 196 Monday, January 25, 2016 1:25 PM Modea Command Description vrrp timers advertise Sets the frequency, in seconds, that an interface IC on the specified virtual router sends a virtual router advertisement. vrrp timers learn Configures the router, when it is acting as IC backup virtual router for a VRRR group, to learn the advertisement interval used by the master virtual router.
2CSNXXX_SWUM204.book Page 197 Monday, January 25, 2016 1:25 PM Switch Management Commands Application Deployment Command Description Modea application install Installs or removes a Dell-supplied application. GC application start Schedules a Dell-supplied application for GC immediate execution on the stack master. application stop Stops a Dell-supplied application if the application is executing on the stack master.
2CSNXXX_SWUM204.book Page 198 Monday, January 25, 2016 1:25 PM Command Description Modea show boot Displays the current status of the Auto Config process. PE a. For the meaning of each Mode abbreviation, see Mode Types on page 100. CLI Macro Command Description Modea macro name Creates a user-defined macro. GC macro global apply Use to apply a macro. GC macro global trace Applies and traces a macro. GC macro global description Appends a line to the global macro description.
2CSNXXX_SWUM204.book Page 199 Monday, January 25, 2016 1:25 PM Modea Command Description sntp source-interface Selects the interface from which to use the GC IP address in the source IP address field of transmitted SNTP packets. sntp trusted-key Authenticates the identity of a system to which GC Simple Network Time Protocol (SNTP) will synchronize. sntp unicast client enable Enables clients to use Simple Network Time Protocol (SNTP) predefined Unicast clients.
2CSNXXX_SWUM204.book Page 200 Monday, January 25, 2016 1:25 PM Modea Command Description boot system Specifies the system image that the switch loads PE at startup. clear config Restores switch to default configuration. PE copy Copies files from a source to a destination. PE delete Deletes a file from a flash memory. PE delete backup-image Deletes a file from a flash memory device. PE delete backup-config Deletes the backup configuration file.
2CSNXXX_SWUM204.book Page 201 Monday, January 25, 2016 1:25 PM Command Description Modea show dhcp lease Displays IPv4 addresses leased from a DHCP server. PE a. For the meaning of each Mode abbreviation, see Mode Types on page 100. HiveAgent Command Description Modea eula-consent Accepts or declines the end-user license agreement (EULA) for the hive agent GC hiveagent Accesses the HiveAgent configuration mode.
2CSNXXX_SWUM204.book Page 202 Monday, January 25, 2016 1:25 PM Modea Command Description enable authentication Specifies the authentication method list when LC accessing a higher privilege level from a remote telnet or console. exec-banner Enables exec banner on the console, telnet or SSH connection. exec-timeout Configures the interval that the system waits for LC user input before timeout. Also configures the web timeout. history Enables the command history function.
2CSNXXX_SWUM204.book Page 203 Monday, January 25, 2016 1:25 PM Command Description Modea show fiber-ports opticaltransceiver Displays the optical transceiver diagnostics. PE test copper-port tdr Diagnoses with TDR (Time Domain Reflectometry) technology the quality and characteristics of a copper cable attached to a port. PE a. For the meaning of each Mode abbreviation, see Mode Types on page 100.
2CSNXXX_SWUM204.book Page 204 Monday, January 25, 2016 1:25 PM a. For the meaning of each Mode abbreviation, see Mode Types on page 100. RMON Command Description Modea rmon alarm Configures alarm conditions. GC rmon collection history Enables a Remote Monitoring (RMON) MIB history statistics group on an interface. IC rmon event Configures an RMON event. GC rmon hcalarm Configures high capacity alarms. GC show rmon alarm Displays alarm configurations.
2CSNXXX_SWUM204.book Page 205 Monday, January 25, 2016 1:25 PM Command Description Modea debug clear Disables all debug traces. PE debug console Enables the display of debug trace output on the login session in which it is executed. PE debug crashlog Displays the crash log contents on the console. PE or GC debug dhcp packet Displays debug information about DHCPv4 PE client activities and traces DHCP v4 packets to and from the local DHCPv4 client.
2CSNXXX_SWUM204.book Page 206 Monday, January 25, 2016 1:25 PM Command Description Modea debug ipv6 mcache Traces MDATAv6 packet reception and transmission. PE debug ipv6 mld Traces MLD packet reception and transmission. PE debug ipv6 pimdm Traces PIMDMv6 packet reception and transmission. PE debug ipv6 pimsm Traces PIMSMv6 packet reception and transmission. PE debug isdp Traces ISDP packet reception and transmission.
2CSNXXX_SWUM204.book Page 207 Monday, January 25, 2016 1:25 PM Command Description Modea exception protocol Enables full core dumps. GC exception switch-chipregister Enables the dumping of the switch chip registers in case of an exception. GC ip http rest-api port Configures the RESTful API to listen on the configured port. GC ip http rest-api secure-port Configures the RESTful API to listen on the configured port.
2CSNXXX_SWUM204.book Page 208 Monday, January 25, 2016 1:25 PM Command Description Modea sflow sampling (Interface Mode) Enables a new sflow sampler instance for this data source if rcvr_idx is valid. IC show sflow agent Displays the sflow agent information. PE show sflow destination Displays all the configuration information related to the sFlow receivers. PE show sflow polling Displays the sFlow polling instances created on PE the switch.
2CSNXXX_SWUM204.book Page 209 Monday, January 25, 2016 1:25 PM Command Description Modea snmp-server group Configures a new SNMP group or a table that maps SNMP users to SNMP views. GC snmp-server host Specifies the recipient of SNMP notifications. GC snmp-server location Sets the system location string. GC snmp-server user Configures a new SNMP Version 3 user. GC snmp-server view Creates or updates a Simple Network Management Protocol (SNMP) server view entry.
2CSNXXX_SWUM204.book Page 210 Monday, January 25, 2016 1:25 PM Command Modea Description show eula-consent support- Reviews the EULA details whenever desired. assist PE show support-assist status Displays information on the Dell SupportAssist feature status support-assist Enables support-assist configuration mode GC if the EULA has been accepted. url Configures the URL to reach on the Dell SupportAssist remote server. a.
2CSNXXX_SWUM204.book Page 211 Monday, January 25, 2016 1:25 PM Command Description Modea logging protocol Logs messages in RFC5424 of RFC 3164 format. GC logging snmp Enables SNMP Set command logging. GC logging source-interface Selects the interface from which to use the IP address in the source IP address field of transmitted SYSLOG packets. GC logging web-session Enables web session logging. GC port Specifies the port number on which the SYSLOG server listens for messages.
2CSNXXX_SWUM204.book Page 212 Monday, January 25, 2016 1:25 PM Command Description Modea clear checkpoint statistics Clears the statistics for the checkpointing process. GC clear counters stackports Clears the statistics for all stack-ports. PE connect Connects to the serial console of a different stack member. PE cut-through mode Enables the cut-through mode on the switch. GC exit Disconnects the serial connection to the remote UE unit.
2CSNXXX_SWUM204.book Page 213 Monday, January 25, 2016 1:25 PM Command Description Modea set description Associates a text description with a switch in the stack. SG slot Configures a slot in the system. GC show banner Displays banner information. PE show buffers Displays the system allocated buffers. UE or PE show checkpoint statistics Displays the statistics for the checkpointing process. PE show cut-through mode Show the cut-through mode on the switch.
2CSNXXX_SWUM204.book Page 214 Monday, January 25, 2016 1:25 PM Command Description Modea show process proc-list Lists the configured and in-use resources for each application known to the Process Manager. PE or GC show sessions Displays a list of the open console sessions. PE show slot Displays information about all the slots in the system or for a specific slot. UE show supported cardtype Displays information about all card types supported in the system.
2CSNXXX_SWUM204.book Page 215 Monday, January 25, 2016 1:25 PM Command Description Modea standby Configures the standby in the stack. SG switch renumber Changes the identifier for a switch in the stack. GC telnet Logs into a host that supports Telnet. PE traceroute Discovers the IP routes that packets actually take when travelling to their destinations. PE traceroute ipv6 Discovers the IP routes that packets actually take when traveling to their destinations.
2CSNXXX_SWUM204.book Page 216 Monday, January 25, 2016 1:25 PM Command Description Modea show time-range Displays a time range and all the absolute/periodic time entries that are defined for the time range. PE a. For the meaning of each Mode abbreviation, see Mode Types on page 100. USB Flash Drive Command Description Modea show boot Makes the USB flash device inactive. PE show usb Displays the USB flash device details.
2CSNXXX_SWUM204.book Page 217 Monday, January 25, 2016 1:25 PM Web Server Command Description Modea common-name Specifies the common-name for the device. CC country Specifies the country. CC crypto certificate generate Generates a HTTPS certificate. GC crypto certificate import Imports a certificate signed by the Certification GC Authority for HTTPS. crypto certificate request Generates and displays a certificate request for PE HTTPS. duration Specifies the duration in days.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 219 Monday, January 25, 2016 1:25 PM 2 Using the CLI Dell Networking N1500/N2000/N3000/N4000 Series Switches Introduction This section describes the basics of entering and editing the Dell Networking N1500/N2000/N3000/N4000 Series Command Line Interface (CLI) commands and defines the command hierarchy. It also explains how to activate the CLI and implement its major functions.
2CSNXXX_SWUM204.book Page 220 Monday, January 25, 2016 1:25 PM Two instances where the help information can be displayed are: • Keyword lookup — The > key is entered in place of a command. A list of all valid commands and corresponding help messages is displayed. • Partial keyword lookup — A command is incomplete and the > key is entered in place of a parameter. The matched parameters for this command are displayed.
2CSNXXX_SWUM204.book Page 221 Monday, January 25, 2016 1:25 PM Table 2-1. History Buffer Keyword Source or Destination Up-arrow key Recalls commands in the history buffer, beginning with the most recent command. Repeats the key sequence to recall successively older commands. + Down-arrow key + Returns to more recent commands in the history buffer after recalling commands with the up-arrow key. Repeating the key sequence recalls more recent commands in succession.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 223 Monday, January 25, 2016 1:25 PM Table 2-2. CLI Shortcuts Keyboard Key Description Delete previous character + Go to beginning of line + Go to end of line + Go forward one character + Go backward one character + Delete current character + Delete to beginning of line + Delete to the end of the line.
2CSNXXX_SWUM204.book Page 224 Monday, January 25, 2016 1:25 PM or a blank. In these cases, it may be necessary to enclose the entire string in double quotes for the command line parser to properly interpret the parameter. Operating on Multiple Objects (Range) The CLI allows the user to operate on the set of objects at the same time.
2CSNXXX_SWUM204.book Page 225 Monday, January 25, 2016 1:25 PM • When operating on a range of objects, the CLI implementation hides the parameters that may not be configured in a range (for example, parameters that must be uniquely configured for each instance). • The CLI uses best effort when operating on a list of objects.
2CSNXXX_SWUM204.book Page 226 Monday, January 25, 2016 1:25 PM Table 2-3. CLI Command Notation Conventions Convention Description [] In a command line, square brackets indicate an optional entry. {} In a command line inclusive brackets indicate a selection of compulsory parameters separated by the | character. One option must be selected. For example: flowcontrol {auto | on | off} means that for the flowcontrol command either auto, on or off must be selected. Italic Indicates a variable.
2CSNXXX_SWUM204.book Page 227 Monday, January 25, 2016 1:25 PM • Port # — The port number is an integer number assigned to the physical port on the switch and corresponds to the lexan printed next to the port on the front or back panel. Ports are numbered from 1 to the maximum number of ports available on the switch unit, typically 24 or 48. Logical interfaces are identified by one of the keywords: loopback, portchannel, tunnel or vlan followed an integer index identifying the specific logical interface.
2CSNXXX_SWUM204.book Page 228 Monday, January 25, 2016 1:25 PM Stacking Interfaces Stacking interfaces are represented in the CLI with the same unit/slot/port form as Ethernet interfaces. The fixed stacking interfaces on the N2000/N3000 switches always use the TwentyGigabitStacking or Tw notation and on the N1500/ N4000 switches, are referred to using Ethernet notation.
2CSNXXX_SWUM204.book Page 229 Monday, January 25, 2016 1:25 PM loopback 3 Example #2 console(config-if-Gi1/0/23)#show vlan VLAN ----1 Name --------------default Ports ------------Po1-128, Gi1/0/1-24, Te1/0/1-2 Type -------------Default RSPAN Vlan --------------------------------------------------------------------None console(config-if-Gi1/0/23)#show slot 2/0 Slot.............................. Slot Status....................... Admin State....................... Power State.......................
2CSNXXX_SWUM204.book Page 230 Monday, January 25, 2016 1:25 PM Power State....................... Inserted Card: Model Identifier............... Card Description............... Configured Card: Model Identifier............... Card Description............... Pluggable.........................
2CSNXXX_SWUM204.book Page 231 Monday, January 25, 2016 1:25 PM Any host: 0000:0000:0000:0000:0000:0000:0000:0000 becomes :: The prefix length, if specified, ranges from 1 to 128 and is specified by a forward slash and a decimal number indicating the significant bits of the address, e.g. 3ffe:ffff:100:f101:0:0:0:/64. No spaces are allowed between the last address digit and the forward slash.
2CSNXXX_SWUM204.book Page 232 Monday, January 25, 2016 1:25 PM CLI Command Modes Since the set of CLI commands is very large, the CLI is structured as a command-tree hierarchy, where related command sets are assigned to command modes for easier access. At each level, only the commands related to that level are available to the user and only those commands are shown in the context sensitive help for that level. In this guide, commands are organized into three categories: • Layer 2 (IEEE 802.
2CSNXXX_SWUM204.book Page 233 Monday, January 25, 2016 1:25 PM The Privileged Exec mode provides access to commands that can not be executed in the User Exec mode and permits access to the switch Configuration mode. The Global Configuration mode manages switch configuration on a global level. For specific interface configurations, command modes exist at a sublevel. Entering a > at the system prompt displays a list of commands available for that particular command mode.
2CSNXXX_SWUM204.book Page 234 Monday, January 25, 2016 1:25 PM The following are the Global Configuration sub-modes: • SNMP v3 Host Configuration — Configures the parameters for the SNMP v3 server host. • SNMP Community Configuration — Configures the parameters for the SNMP server community. • MST — The Global Configuration mode command spanning-tree mst configuration is used to enter into the Multiple Spanning Tree configuration mode.
2CSNXXX_SWUM204.book Page 235 Monday, January 25, 2016 1:25 PM • Stack — Use the stack command to access the Stack Configuration Mode. • SSH Public Key-chain — Contains commands to manually specify other switch SSH public keys. The Global Configuration mode command crypto key pub-key chain ssh is used to enter the SSH Public Key-chain configuration mode. • SSH Public Key-string — Contains commands to manually specify the SSH Public-key of a remote SSH Client.
2CSNXXX_SWUM204.book Page 236 Monday, January 25, 2016 1:25 PM placed into trunk mode and the access mode information is only applied when the port is placed into access mode. Likewise, OSPF routing can be configured in the switch without being enabled on any port. Interface Configuration Modes Interface configuration modes are used to modify specific interface operations.
2CSNXXX_SWUM204.book Page 237 Monday, January 25, 2016 1:25 PM [device name] — is the name of the managed switch, which is typically the user-configured hostname established by the hostname command. [command mode] — is the current configuration mode and is omitted for the top configuration levels. [object] — indicates specific object or range of objects within the configuration mode.
2CSNXXX_SWUM204.book Page 238 Monday, January 25, 2016 1:25 PM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Global Configuration console(config)# From Privileged Exec mode, use the configure command. Use the exit command, or press + to return to the Privileged Exec mode. Line Interface From Global Configuration mode, use the line command.
2CSNXXX_SWUM204.book Page 239 Monday, January 25, 2016 1:25 PM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Management Access-List From Global Configuration mode, use the management access-list command. console(config-macal)# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode. Policy-Class-Map From Global Configuration mode, use the policy-map class command.
2CSNXXX_SWUM204.book Page 240 Monday, January 25, 2016 1:25 PM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode console(config-pubkeySSH Public Key- From Global chain)# Chain Configuration mode, use the crypto key pubkeychain ssh command. To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode.
2CSNXXX_SWUM204.book Page 241 Monday, January 25, 2016 1:25 PM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode console(config-radius-da)# Radius Dynamic From Global Authorization Configuraiton, use the aaa server radius dynamic-author command. To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode.
2CSNXXX_SWUM204.book Page 242 Monday, January 25, 2016 1:25 PM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Crypto Certificate Generation From Global Configuration mode, use the crypto certificate number generate command.
2CSNXXX_SWUM204.book Page 243 Monday, January 25, 2016 1:25 PM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode MST From Global Configuration mode, use the spanning-tree mst configuration command. console(config-mst)# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode. VLAN Config From Global Configuration mode, use the vlan command.
2CSNXXX_SWUM204.book Page 244 Monday, January 25, 2016 1:25 PM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Router RIP Config From Global Configuration mode, use the router rip command. console(config-router)# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode Router OSPFv3 Config console(config-rtr)# From Global Configuration mode, use the ipv6 router ospf command.
2CSNXXX_SWUM204.book Page 245 Monday, January 25, 2016 1:25 PM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode 10 Gigabit Ethernet From Global Configuration mode, use the interface tengigabitethernet command. Or, use the abbreviation interface te. console (config-ifTeunit/slot/port# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode.
2CSNXXX_SWUM204.book Page 246 Monday, January 25, 2016 1:25 PM Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Tunnel From Global Configuration mode, use the interface tunnel command. Or, use the abbreviation interface tu. console(config-tunneltunnel- To exit to Global id)# Configuration Loopback Exit or Access Previous Mode mode, use the exit command, or press + to Privileged Exec mode.
2CSNXXX_SWUM204.book Page 247 Monday, January 25, 2016 1:25 PM Using CLI Functions and Tools The CLI has been designed to manage the switch’s configuration file system and to manage switch security. A number of resident tools exist to support these and other functions. Configuration Management All managed systems have software images and databases that must be configured, backed up and restored. Two software images may be stored on the system, but only one of them is active.
2CSNXXX_SWUM204.book Page 248 Monday, January 25, 2016 1:25 PM To use the copy command, the user specifies the source file and the destination file. For example, copy tftp://remotehost/pub/backupfile backupconfig copies a file from the remote TFTP server to a local backup configuration file. In this case, if the local configuration file does not exist, then it is created by the command. If it does exist, it is overwritten.
2CSNXXX_SWUM204.book Page 249 Monday, January 25, 2016 1:25 PM • startup-config — This file refers to the special configuration image stored in flash memory which is loaded when the system next reboots. The user may copy a particular configuration file (remote or local) to this special file name and reboot the system to force it to use a particular configuration. • active & backup — These files refer to software images. The active image will be loaded when the system next reboots.
2CSNXXX_SWUM204.book Page 250 Monday, January 25, 2016 1:25 PM User Accounts Management The CLI provides authentication for users either through remote authentication servers supporting TACACS+ or Radius or through a set of locally managed user accounts. The setup wizard asks the user to create the initial administrator account and password at the time the system is booted. The following rules and specifications apply: • The user may create five local user accounts.
2CSNXXX_SWUM204.book Page 251 Monday, January 25, 2016 1:25 PM If the user account is created and maintained locally, each user is given an access level at the time of account creation. If the user is authenticated through remote authentication servers, the authentication server is configured to pass the user access level to the CLI when the user is authenticated. When Radius is used, the Vendor-Specific Option field returns the access level for the user. Two vendor specific options are supported.
2CSNXXX_SWUM204.book Page 252 Monday, January 25, 2016 1:25 PM • The switch maintains at most the last 1000 system events in the inmemory log. Security Logs The system log records security events including the following: • User login. • User logout. • Denied login attempts. • User attempt to exceed security access level. • Denied attempts by external management system to access the system.
2CSNXXX_SWUM204.book Page 253 Monday, January 25, 2016 1:25 PM • SNMPv3 and the security information for used this protocol. For each of these management profiles, the administrator defines the list of hosts or subnets from which the management profiles may be used. The management ACL capability only applies to in-band ports and may not be configured on the out-of-band management port. Other CLI Tools and Capabilities The CLI has several other capabilities associated with its primary functions.
2CSNXXX_SWUM204.book Page 254 Monday, January 25, 2016 1:25 PM PCI unit 0: Dev 0xb842, Rev 0x02, Chip BCM56842_A0, Driver BCM56840_B0 SOC unit 0 attached to PCI device BCM56842_A0 Adding BCM transport pointers Configuring CPUTRANS TX Configuring CPUTRANS RX <186> Aug 26 08:18:23 0.0.0.0-1 General[72162340]: bootos.c(166) 4 %% Event(0xaaaaaaaa) started! (Unit 1 - Waiting to select management unit)> Applying Global configuration, please wait ... Applying Interface configuration, please wait ...
2CSNXXX_SWUM204.book Page 255 Monday, January 25, 2016 1:25 PM Enter Choice# 4 Creating tmpfs filesystem on /mnt/download for download...done. Current Active Image# /dev/mtd7 Which Image to Update Active (/dev/mtd7) OR Back-Up (/dev/mtd6)? Select (A/B): B You selected to update Back-Up Image /dev/mtd6... Select Mode of Transfer (Press T/X/Y/Z for TFTP/XMODEM/YMODEM/ZMODEM) []:T Please ensure TFTP server is running to begin Transfer... Enter Server IP []:10.27.9.99 Enter Host IP []:10.27.22.
2CSNXXX_SWUM204.book Page 256 Monday, January 25, 2016 1:25 PM Are sure you want to Erase Current Configuration? (Y/N): y Erasing Current Configuration...done. Boot Menu Rev: 6.
2CSNXXX_SWUM204.book Page 257 Monday, January 25, 2016 1:25 PM Applying Global configuration, please wait ... Welcome to Dell Easy Setup Wizard The setup wizard guides you through the initial switch configuration, and gets you up and running as quickly as possible. You can skip the setup wizard, and enter CLI mode to manually configure the switch.
2CSNXXX_SWUM204.book Page 258 Monday, January 25, 2016 1:25 PM entitlement to receive related repair services from Dell,. You further agree to allow Dell to transmit and store the Collected Data from Dell SupportAssist in accordance with these terms. You agree that the provision of Dell SupportAssist may involve international transfers of data from you to Dell and/or to Dells affiliates,subcontractors or business partners.
2CSNXXX_SWUM204.book Page 259 Monday, January 25, 2016 1:25 PM The Easy Setup Wizard also prompts the user to configure a proxy server as follows: Step 5: Would you like to configure the address of an HTTPS proxy server used by the Dell SupportAssist agent? [Y/N] y Enter the IPv4 or IPv6 address of the proxy server:192.168.0.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 261 Monday, January 25, 2016 1:25 PM Layer 2 Switching Commands 3 The sections that follow describe commands that conform to the OSI model data link layer (Layer 2). Layer 2 commands provide a logical organization for transmitting data bits on a particular medium. This layer defines the framing, addressing, and checksum functions for Ethernet packets.
2CSNXXX_SWUM204.book Page 262 Monday, January 25, 2016 1:25 PM ACL Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Access to a switch or router can be made more secure through the use of Access Control Lists (ACLs) to control the type of traffic allowed into or out of specific ports. An ACL consists of a series of rules, each of which describes the type of traffic to be processed and the actions to take for packets that meet the classification criteria.
2CSNXXX_SWUM204.book Page 263 Monday, January 25, 2016 1:25 PM classifier rule. The ACL logging feature allows these hardware hit counts to be collected on a per-rule basis and reported periodically to the network administrator using the system logging facility and an SNMP trap. The Dell Networking ACL permit/deny rule specification supports a log parameter that enables hardware hit count collection and reporting.
2CSNXXX_SWUM204.book Page 264 Monday, January 25, 2016 1:25 PM Table 3-1. Common Ethertypes EtherType Protocol 0x0800 Internet Protocol version 4 (IPv4) 0x0806 Address Resolution Protocol (ARP) 0x0842 Wake-on LAN Packet 0x8035 Reverse Address Resolution Protocol (RARP) 0x8100 VLAN tagged frame (IEEE 802.1Q) 0x86DD Internet Protocol version 6 (IPv6) 0x8808 MAC Control 0x8809 Slow Protocols (IEEE 802.3) 0x8870 Jumbo frames 0x888E EAP over LAN (EAPOL – 802.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 266 Monday, January 25, 2016 1:25 PM ACL names are global. An IPv6 access list cannot have the same name as an IPv4 access list. Access list names can consist of any printable character except a question mark.. Names can be up to 31 characters in length. ACLs referenced in a route map may not be edited. Instead, create a new ACL with the desired changes and refer to the new ACL in the route map.
2CSNXXX_SWUM204.book Page 267 Monday, January 25, 2016 1:25 PM • • • {ipv4-protocol | number| every }—Specifies the protocol to match for the IP ACL rule. – IPv4 protocols: eigrp, gre, icmp, igmp, ip, ipinip, ospf, tcp, udp, pim, arp – Every: Match any protocol (don’t care) srcip srcmask | any | host srcip—Specifies a source IP address and netmask to match for the IP ACL rule. – Specifying “any” implies specifying srcip as “0.0.0.0” and srcmask as “255.255.255.255” for IPv4.
2CSNXXX_SWUM204.book Page 268 Monday, January 25, 2016 1:25 PM • – When “neq” is specified, IP ACL rule matches only if the layer 4 destination port number is not equal to the specified port number or portkey. – IPv4 TCP port names: bgp, domain, echo, ftp, ftp-data, http, smtp, telnet, www, pop2, pop3 – IPv4 UDP port names: domain, echo, ntp, rip, snmp, tftp, time, who dstip dstmask | any | host dstip—Specifies a destination IP address and netmask for match condition of the IP ACL rule.
2CSNXXX_SWUM204.book Page 269 Monday, January 25, 2016 1:25 PM – When icmp-type is specified, IP ACL rule matches on the specified ICMP message type, a number from 0 to 255. – When icmp-code is specified, IP ACL rule matches on the specified ICMP message code, a number from 0 to 255. – Specifying icmp-message implies both icmp-type and icmp-code are specified. – ICMP message is decoded into corresponding ICMP type and ICMP code within that ICMP type.
2CSNXXX_SWUM204.book Page 270 Monday, January 25, 2016 1:25 PM • {mirror | redirect} interface-id—Specifies the mirror or redirect Ethernet • rate-limit rate burst-size—Specifies the allowed rate of traffic as per the interface to which packets matching this rule are copied or forwarded, respectively. configured rate in kbps, and burst-size in kbytes. Rate limits only apply to permit rules. – Rate – the committed rate in kilobits per second – Burst-size – the committed burst size in Kilobytes.
2CSNXXX_SWUM204.book Page 271 Monday, January 25, 2016 1:25 PM Ethertype Protocol 0x86DD Internet Protocol version 6 (IPv6) 0x8808 MAC Control 0x8809 Slow Protocols (IEEE 802.3) 0x8870 Jumbo frames 0x888E EAP over LAN (EAPOL – IEEE 802.
2CSNXXX_SWUM204.book Page 272 Monday, January 25, 2016 1:25 PM rule is applied to an interface or bound to a VLAN, then the ACL rule is applied when the time-range with a specified name becomes active. The ACL rule is removed when the time-range with a specified name becomes inactive. An implicit deny all condition is added by the system after the last MAC or IP/IPv6 access group if no route-map is configured on the interface.
2CSNXXX_SWUM204.book Page 273 Monday, January 25, 2016 1:25 PM Use the no form of the command to delete an existing permit/deny clause.
2CSNXXX_SWUM204.book Page 274 Monday, January 25, 2016 1:25 PM • time-range-name—Use the time-range parameter to impose a time limitation on the MAC ACL rule as defined by the parameter. • assign-queue—Specifies particular hardware queue for handling traffic that matches the rule. • queue-id —0-6, where n is number of user configurable queues available for that hardware platform. • mirror—Copies the traffic matching this rule to the specified interface.
2CSNXXX_SWUM204.book Page 275 Monday, January 25, 2016 1:25 PM Command History Updated in 6.3.0.1 firmware. Example The following example configures a MAC ACL to deny traffic from MAC address 0806.c200.0000. console(config)#mac access-list extended DELL123 console(config-mac-access-list)#500 deny 0806.c200.0000 0000.0000.0000 any ip access-group Use the ip access-group command in Global and Interface Configuration modes to apply an IP-based ACL on an interface or a group of interfaces.
2CSNXXX_SWUM204.book Page 276 Monday, January 25, 2016 1:25 PM User Guidelines The Global Configuration mode command configures the ACL on all physical and LAG interfaces, whereas the interface mode command does so for the interface. If the access-list specified in the command does not exist, an error is given. The ACLs in the access-group are configured in hardware when the interface becomes active. Resource contention issues will only become apparent at that time.
2CSNXXX_SWUM204.book Page 277 Monday, January 25, 2016 1:25 PM • [in | out | control-plane]— The packet direction. in applies the access-list to ingress packets. out applies the access-list to egress packets. controlplane applies the access-list to ingress control plane packets. control-plane is only valid in Global Configuration mode. • sequence — Order of access list relative to other access lists already assigned to this interface and direction.
2CSNXXX_SWUM204.book Page 278 Monday, January 25, 2016 1:25 PM Example This example rate limits IPv4 multicast traffic ingressing the front panel ports to 8 kbps and a maximum burst of 4 kilobytes.
2CSNXXX_SWUM204.book Page 279 Monday, January 25, 2016 1:25 PM mac access-list extended rename Use the mac access-list extended rename command in Global Configuration mode to rename the existing MAC Access Control List (ACL). Syntax mac access-list extended rename name newname • name — Existing name of the access list. (Range: 1-31 characters) • newname — New name of the access list. (Range: 1-31 characters) Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 280 Monday, January 25, 2016 1:25 PM • comment—Each remark line is limited to 100 characters. The remark may consist of characters in the range A-Z, a-z, 0-9, and special characters like space, hyphen, underscore. The total length of the remark must not exceed 100 characters. Default Configuration No remarks are present by default.
2CSNXXX_SWUM204.book Page 281 Monday, January 25, 2016 1:25 PM console(config-arp-access-list)#permit 00:03:04:05:06:07 console(config-arp-access-list)#permit 00:03:04:05:06:08 console(config-arp-access-list)#remark console(config-arp-access-list)#remark console(config-arp-access-list)#permit 00:03:04:05:06:01 ip host 1.1.1.2 mac host ip host 2.1.1.2 mac host “test4” “test5” ip host 2.1.1.
2CSNXXX_SWUM204.book Page 282 Monday, January 25, 2016 1:25 PM User Guidelines To specify multiple protocols, enter the protocol parameters together on the command line, separated by spaces. This command can only be entered once per interface if no intervening no service-acl input command has been entered. Example console(config-if-Te1/0/1)#service-acl input blockall show service-acl interface This command displays the status of LLPF rules configured on a particular port or on all the ports.
2CSNXXX_SWUM204.book Page 283 Monday, January 25, 2016 1:25 PM VTP DTP UDLD PAGP SSTP ALL Disabled Disabled Disabled Disabled Disabled Disabled show access-lists interface Use the show access-lists interface command to display interface ACLs. Syntax show access-lists interface interface-id {in | out} | control-plane • interface-id—The interface identifier (Ethernet, port-channel, or VLAN). • in—Show the ingress ACLs. • out—Show the egress ACLs. • control-plane—Show the control plane ACLs.
2CSNXXX_SWUM204.book Page 284 Monday, January 25, 2016 1:25 PM Syntax show ip access-lists [accesslistname] • accesslistname—The name used to identify the IP ACL. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command displays information about the attributes “icmp-type”, “icmpcode”, “igmp-type,” “fragments,” “routing,” and “source and destination L4 port ranges.
2CSNXXX_SWUM204.book Page 285 Monday, January 25, 2016 1:25 PM Current number of ACLs: 4 Maximum number of ACLs: 100 ACL Name Rules Interface(s) Direction ---------------- ----- ------------ --------qwerty 3 Gi1/0/8 Inbound asdasd 2 Gi1/0/7 Inbound Count -132 43981901 The following example displays the IP ACLs configured on a device. console#show ip access-lists asdasd IP ACL Name: asdasd Inbound Interface(s): Gi1/0/7 Rule Number: 1 Action......................................... Match All............
2CSNXXX_SWUM204.book Page 286 Monday, January 25, 2016 1:25 PM PSH (Ignore) ACK (Ignore) URG (Ignore) ACL Hit Count.................................. 1 show mac access-lists Use the show mac access-lists command in Privileged Exec mode to display a MAC access list and all the rules that are defined for the MAC ACL. Use the [name] parameter to identify a specific MAC ACL to display. Syntax show mac access-lists name • name—Use this parameter to identify the specific MAC ACL to display.
2CSNXXX_SWUM204.book Page 287 Monday, January 25, 2016 1:25 PM MAC ACL Name: mac-acl Outbound Interface(s): Gi1/0/8 Rule Number: 1 Action......................................... Source MAC Address............................. Source MAC Mask................................ Ethertype...................................... VLAN........................................... ACL Hit Count ................................. permit 0000.1122.3344 FFFF.0000.0000 ipx 100 213 Rule Number: 2 Action...................
2CSNXXX_SWUM204.book Page 288 Monday, January 25, 2016 1:25 PM MAC Address Table Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Dell Networking switches implement a MAC Learning Bridge is compliance with IEEE 802.1Q. The switches implement independent VLAN learning (IVL).
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 290 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example In this example, the mac address-table tables are cleared. console#clear mac address-table dynamic mac address-table aging-time Use the mac address-table aging-time command in Global Configuration mode to set the aging time of the address. To restore the default, use the no form of the mac address table aging-time command.
2CSNXXX_SWUM204.book Page 291 Monday, January 25, 2016 1:25 PM mac address-table multicast forbidden address Use the mac address-table multicast forbidden address command in Global Configuration mode to forbid adding a specific Multicast address to specific ports. To return to the system default, use the no form of this command. If routers exist on the VLAN, do not change the unregistered multicast addresses state to drop on the routers ports.
2CSNXXX_SWUM204.book Page 292 Monday, January 25, 2016 1:25 PM Examples In this example the MAC address 0100.5e02.0203 is forbidden on port 2/0/9 within VLAN 8. console(config)#mac address-table multicast forbidden address vlan 8 0100.5e02.0203 add gigabitethernet 2/0/9 mac address-table static vlan Use the mac address table static vlan command in Global Configuration mode to add a static MAC-layer station source address to the bridge table.
2CSNXXX_SWUM204.book Page 293 Monday, January 25, 2016 1:25 PM The maximum number of static MAC addresses that may be configured on a port is limited by the switchport port-security maximum command. This command may be invoked multiple times with different interfaces (and the same VLAN) when used with a multicast MAC address. Example The following example adds a permanent static MAC address c2f3.220a.12f4 to the MAC address table. console(config)# mac address-table static c2f3.220a.
2CSNXXX_SWUM204.book Page 294 Monday, January 25, 2016 1:25 PM Port security allows the network administrator to secure interfaces by specifying (or learning) the allowable MAC addresses on a given port. Packets with a matching source MAC address are forwarded normally. All other host packets are discarded. Port security operates on access, trunk and general mode ports. Two methods are used to implement Port MAC locking: dynamic locking and static locking.
2CSNXXX_SWUM204.book Page 295 Monday, January 25, 2016 1:25 PM Sticky mode configuration converts all the existing dynamically learned MAC addresses on an interface to sticky. This means that they will not age out and will appear in the running-config. In addition, new addresses learned on the interface will also become sticky.
2CSNXXX_SWUM204.book Page 296 Monday, January 25, 2016 1:25 PM console(config)#vlan 33 console(config-vlan33)#interface gi1/0/3 console(config-if-Gi1/0/3)#switchport mode trunk console(config-if-Gi1/0/3)#switchport port-security mac-address sticky 0011.2233.4455 vlan 33 Remove a sticky mode MAC address from trunk port Gi1/0/3 and VLAN 33.
2CSNXXX_SWUM204.book Page 297 Monday, January 25, 2016 1:25 PM • mac-address — The static MAC address to be configured on the interface and VLAN. • vlan-id — The VLAN identifier on which to configure the MAC address. • dynamic — Configure the maximum number of dynamic MAC addresses that be be learned on the interface. • sticky – Configure a sticky MAC address on the interface. If not given, a statically locked MAC address is configured on the interface.
2CSNXXX_SWUM204.book Page 298 Monday, January 25, 2016 1:25 PM Two methods are used to implement port security: dynamic locking and static locking. Static locking further has an optional sticky mode. Dynamic locking implements a ‘first arrival’ mechanism for MAC locking. The administrator specifies how many dynamic addresses may be learned on the secure port. If the limit has not been reached, then a packet with an unknown source MAC address is learned and forwarded normally.
2CSNXXX_SWUM204.book Page 299 Monday, January 25, 2016 1:25 PM server enable traps port-security command. The default action is to log a message and send an SNMP trap. Port security can optionaly error disable an interface on which a violation occurs using the switchport port-security violation shutdown command. Sticky mode configuration converts all the existing dynamically learned MAC addresses on an interface to sticky. This means that they will not age out and will appear in the running-config.
2CSNXXX_SWUM204.book Page 300 Monday, January 25, 2016 1:25 PM console(config)#interface gi1/0/3 console(config-if-gi1/0/3)#switchport port-security console(config-if-gi1/0/3)#switchport port-security mac-address sticky Add a statically locked MAC address to trunk port Gi1/0/3 and VLAN 33. console(config)#vlan 33 console(config-vlan33)#interface gi1/0/3 console(config-if-Gi1/0/3)#switchport mode trunk console(config-if-Gi1/0/3)#switchport port-security mac-address 0011.2233.
2CSNXXX_SWUM204.book Page 301 Monday, January 25, 2016 1:25 PM show mac address-table multicast Use the show mac address-table multicast command in Privileged Exec mode to display Multicast MAC address table information. Syntax show mac address-table multicast [vlan vlan-id] [address {mac-multicastaddress | ip-multicast-address}] [format {ip | mac}] • vlan-id — A valid VLAN ID value. • mac-multicast-address — A valid MAC Multicast address. • ip- multicast-address — A valid IP Multicast address.
2CSNXXX_SWUM204.book Page 302 Monday, January 25, 2016 1:25 PM ---1 ----------------------0100.5E05.0505 --------------------------- NOTE: A multicast MAC address maps to multiple IP addresses, as shown above. show mac address-table Use the show mac address-table command in User Exec or Privileged Exec mode to display all entries in the bridge-forwarding database. Syntax show mac address-table Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 303 Monday, January 25, 2016 1:25 PM show mac address-table address Use the show mac address-table address command in User Exec or Privileged Exec mode to display all entries in the bridge-forwarding database for the specified MAC address. Syntax show mac address-table address mac-address [interface interface-id] [vlan vlan-id] • mac-address—A MAC address with the format xxxx.xxxx.xxxx. • interface-id—Display information for a specific interface.
2CSNXXX_SWUM204.book Page 304 Monday, January 25, 2016 1:25 PM show mac address-table count Use the show mac address-table count command in User Exec or Privileged Exec mode to display the number of addresses present in the Forwarding Database. Syntax show mac address-table count [vlan vlan-id | interface interface-id] • interface-id—Specify an interface type; valid interfaces include Ethernet ports and port channels. • vlan-id—Specify a valid VLAN, the range is 1 to 4093.
2CSNXXX_SWUM204.book Page 305 Monday, January 25, 2016 1:25 PM Syntax show mac address-table dynamic [address mac-address] [interface interfaceid] [vlan vlan-id] • mac-address—A MAC address in the format xxxx.xxxx.xxxx. • interface-id —Display information for a specific interface. Valid interfaces include Ethernet ports and port channels. • vlan-id—Display entries for the specific VLAN only. The range is 1 to 4093. Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 306 Monday, January 25, 2016 1:25 PM Syntax show mac address-table interface interface-id [vlan vlan-id] • interface-id —Specify an interface type.Valid interfaces include Ethernet ports and port channels. • vlan-id—Specify a valid VLAN. The range is 1 to 4093. Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 307 Monday, January 25, 2016 1:25 PM Syntax show mac address-table static [address mac-address] [interface interface-id] [vlan vlan-id] • mac-address —A MAC address with the format xxxx.xxxx.xxxx. • interface-id —Specify an interface type; valid interfaces include Ethernet ports and port channels. • vlan-id—Specify a valid VLAN; the range is 1 to 4093. Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 308 Monday, January 25, 2016 1:25 PM • vlan-id—Specify a valid VLAN; the range is 1 to 4093. Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example In this example, all classes of entries in the bridge-forwarding database are displayed.
2CSNXXX_SWUM204.book Page 309 Monday, January 25, 2016 1:25 PM Default Configuration Port security is disabled by default. No MAC addresses are learned or configured by default. The maximum static MAC address is 20. The dynamic MAC address limit is 600 MAC addresses. Command Mode Privileged EXEC mode, Global Configuration mode User Guidelines This information is shown if no parameters are given: Field Description Admin Mode The configured global administrative status of port MAC locking.
2CSNXXX_SWUM204.book Page 310 Monday, January 25, 2016 1:25 PM Field Description Dynamcally Configured Dynamically locked MAC addresses. MAC Address This information is shown if the static parameter is given: Field Description Statically Configured MAC Address Statically configured MAC addresses. VLAN ID The VLAN identifier of the MAC address. Sticky Indicates if the secure MAC address is sticky.
2CSNXXX_SWUM204.book Page 311 Monday, January 25, 2016 1:25 PM Auto-VoIP Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Voice over Internet Protocol (VoIP) allows network users to make telephone calls using a computer network over a data network like the Internet. With the increased prominence of delay-sensitive applications (voice, video, and other multimedia applications) deployed in networks today, proper QoS configuration ensures high-quality application performance.
2CSNXXX_SWUM204.book Page 312 Monday, January 25, 2016 1:25 PM show switchport voice switchport voice detect auto show switchport voice Use the show switchport voice command to show the status of Auto-VoIP on an interface or all interfaces. Syntax show switchport voice [ interface-id ] • interface-id —An Ethernet or port channel interface identifier. Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 314 Monday, January 25, 2016 1:25 PM • Traffic Class—The Cos Queue or Traffic Class to which all VoIP traffic is mapped. This is not configurable and defaults to the highest COS queue available in the system for data traffic. switchport voice detect auto The switchport voice detect auto command is used to enable the VoIP Profile on all the interfaces of the switch (global configuration mode) or for a specific interface (interface configuration mode).
2CSNXXX_SWUM204.book Page 315 Monday, January 25, 2016 1:25 PM CDP Interoperability Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Industry Standard Discovery Protocol (ISDP) is a proprietary Layer 2 network protocol which inter-operates with Cisco network equipment and is used to share information between neighboring devices.
2CSNXXX_SWUM204.book Page 316 Monday, January 25, 2016 1:25 PM User Guidelines There are no user guidelines for this command. Example console#clear isdp counters clear isdp table The clear isdp table command clears entries in the ISDP table. Syntax clear isdp table Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.book Page 317 Monday, January 25, 2016 1:25 PM Default Configuration ISDP sends version 2 packets by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#isdp advertise-v2 isdp enable The isdp enable command enables ISDP on the switch. User the “no” form of this command to disable ISDP. Use this command in global configuration mode to enable the ISDP function on the switch.
2CSNXXX_SWUM204.book Page 318 Monday, January 25, 2016 1:25 PM console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#isdp enable isdp holdtime The isdp holdtime command configures the hold time for ISDP packets that the switch transmits. The hold time specifies how long a receiving device should store information sent in the ISDP packet before discarding it. The range is given in seconds. Use the no form of this command to reset the holdtime to the default.
2CSNXXX_SWUM204.book Page 319 Monday, January 25, 2016 1:25 PM isdp timer The isdp timer command sets period of time between sending new ISDP packets. The range is given in seconds. Use the “no” form of this command to reset the timer to the default. Syntax isdp timer time no isdp timer • time—The time in seconds (range: 5–254 seconds). Default Configuration The default timer is 30 seconds.
2CSNXXX_SWUM204.book Page 320 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show isdp Timer................................ Hold Time............................ Version 2 Advertisements............. Neighbors table last time changed.... Device ID............................ Device ID format capability.......... Device ID format.....................
2CSNXXX_SWUM204.book Page 321 Monday, January 25, 2016 1:25 PM Device ID N2000/N3000 Series Switch Address(es): IP Address: 172.20.1.18 IP Address: 172.20.1.18 Capability Router IGMP Platform cisco WS-C4948 Interface Gi1/0/1 Port ID Gi1/0/1 Holdtime 64 Advertisement Version 2 Entry last changed time 0 days 00:13:50 Version : Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000 I9K91S-M), Version 12.2(25)EWA9, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.
2CSNXXX_SWUM204.book Page 322 Monday, January 25, 2016 1:25 PM Device ID Address(es): IP Address: Capability Platform Interface Port ID Holdtime Advertisement Version Time when last changed Version : 11.4.9.57 CN0H784T2829841E0534A00 Device ID Address(es): IP Address: IP Address: Capability Platform Interface Port ID Holdtime Advertisement Version Time when last changed Version : 11.2.11.19 R3 10.27.22.185 Router N3048 Gi1/0/13 Gi1/0/13 153 2 0 days 00:01:24 10.27.21.185 192.168.100.
2CSNXXX_SWUM204.book Page 323 Monday, January 25, 2016 1:25 PM Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines The information displayed varies based upon the information received from the ISDP neighbor.
2CSNXXX_SWUM204.book Page 324 Monday, January 25, 2016 1:25 PM Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show isdp traffic ISDP Packets Received.......................... ISDP Packets Transmitted....................... ISDPv1 Packets Received........................ ISDPv1 Packets Transmitted...................
2CSNXXX_SWUM204.book Page 325 Monday, January 25, 2016 1:25 PM DHCP Client Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Dell Networking switches support an embedded DHCP client. Any IP interface can use DHCP to obtain an IP address. The DHCP client can run on multiple interfaces simultaneously. For IPv4, an IP interface can either use manually configured addresses or be enabled for DHCP. The options are mutually exclusive.
2CSNXXX_SWUM204.book Page 326 Monday, January 25, 2016 1:25 PM • Boot file name (image/.
2CSNXXX_SWUM204.book Page 327 Monday, January 25, 2016 1:25 PM mytftpserverpath/N3000_N2000v6.3.0.1.stk Option 125 also supports sub-option 6, which is the path to a configuration file on the TFTP server. Only the path name is relevant. Configure the DHCP server to use vendor id 674 and the required sub-option 6 and a hexadecimal encoded ASCII path value. If sub-option 6 is specified, the switch attempts to download the configuration file .cfg using the DHCP supplied host name.
2CSNXXX_SWUM204.book Page 328 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Privileged Exec User Guidelines The DHCP client sends a DHCP RELEASE message telling the DHCP server that it no longer needs the IP address, and that the IP address can be reassigned to another client. The interface method does not change and will still be DHCP even after issuing this command.
2CSNXXX_SWUM204.book Page 329 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec User Guidelines If the interface has a leased IPv4 address when this command is issued, the DHCP client sends a DHCP REQUEST message telling the DHCP server that it wants to continue using the IP address. If DHCP is enabled on the interface, but the interface does not currently have an IPv4 address (for example, if the address was previously released), then the DHCP client sends a DISCOVER to acquire a new address.
2CSNXXX_SWUM204.book Page 330 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec, Configuration mode and all Configuration submodes User Guidelines This command lists all IPv4 addresses currently leased from a DHCP server on a routing interface. This command only applies to routing interfaces. To see the IPv4 address leased on the out-of-band interface, use the command show ip interface out-of-band. This command output provides the following information.
2CSNXXX_SWUM204.book Page 331 Monday, January 25, 2016 1:25 PM IP address: 10.1.1.2 on interface VLAN20 Subnet mask: 255.255.255.0 DHCP Lease server: 10.1.1.1, state: 5 Bound DHCP transaction id: 0x11EB Lease: 86400 secs, Renewal: 43200 secs, Rebind: 75600 secs Retry count: 0 console#show dhcp lease interface vlan 10 IP address: 10.1.20.1 on interface VLAN10 Subnet mask: 255.255.255.0 DHCP Lease server: 10.1.20.
2CSNXXX_SWUM204.book Page 332 Monday, January 25, 2016 1:25 PM DHCP Layer 2 Relay Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches In the majority of network configurations, DHCP clients and their associated servers do not reside on the same IP network or subnet. Therefore, some kind of third-party agent is required to transfer DHCP messages between clients and servers. Such an agent is known as a DHCP Relay agent.
2CSNXXX_SWUM204.book Page 333 Monday, January 25, 2016 1:25 PM Syntax dhcp l2relay no dhcp l2relay Default Configuration DHCP L2 Relay is disabled by default. Command Mode Global Configuration. User Guidelines There are no user guidelines for this command. Example console(config)#dhcp l2relay dhcp l2relay (Interface Configuration) Use the dhcp l2relay command to enable DHCP L2 Relay for an interface. Use the no form of this command to disable DHCP L2 Relay for an interface.
2CSNXXX_SWUM204.book Page 334 Monday, January 25, 2016 1:25 PM Example console(config-if-Gi1/0/1)#dhcp l2relay dhcp l2relay circuit-id Use the dhcp l2relay circuit-id command to enable setting the DHCP Option 82 Circuit ID for a VLAN. When enabled, the interface number is added as the Circuit ID in DHCP option 82. Use the no form of this command to disable setting the DHCP Option 82 Circuit ID.
2CSNXXX_SWUM204.book Page 335 Monday, January 25, 2016 1:25 PM Syntax dhcp l2relay remote-id remoteId vlan vlan-range no dhcp l2relay remote-id remoteId vlan vlan-range • remoteId —The string to be used as the remote ID in the Option 82 (Range: 1 128 characters). • vlan-range —A list of VLAN IDs. List separate, non-consecutive VLAN IDs separated by commas (without spaces). Use a hyphen to designate a range of IDs.
2CSNXXX_SWUM204.book Page 336 Monday, January 25, 2016 1:25 PM User Guidelines There are no user guidelines for this command. Example console(config-if-Gi1/0/1)#dhcp l2relay trust dhcp l2relay vlan Use the dhcp l2relay vlan command to enable the L2 DHCP Relay agent for a set of VLANs. All DHCP packets which arrive on interfaces in the configured VLAN are subject to L2 Relay processing. Use the no form of this command to disable L2 DHCP Relay for a set of VLANs.
2CSNXXX_SWUM204.book Page 337 Monday, January 25, 2016 1:25 PM Syntax show dhcp l2relay all Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console #show dhcp l2relay all DHCP L2 Relay is Enabled.
2CSNXXX_SWUM204.book Page 338 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show dhcp l2relay interface all DHCP L2 Relay is Enabled.
2CSNXXX_SWUM204.book Page 339 Monday, January 25, 2016 1:25 PM Example console#show dhcp l2relay stats interface all DHCP L2 Relay is Enabled.
2CSNXXX_SWUM204.book Page 340 Monday, January 25, 2016 1:25 PM • vlan-range—Show information for the specified VLAN range. List separate, non-consecutive VLAN IDs separated by commas (without spaces). Use a hyphen to designate a range of IDs. (Range: 1–4093) Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.book Page 341 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show dhcp l2relay vlan 100 DHCP L2 Relay is Enabled.
2CSNXXX_SWUM204.book Page 342 Monday, January 25, 2016 1:25 PM 300 show dhcp l2relay remote-id vlan Use the show dhcp l2relay remote-id vlan command to display whether DHCP L2 Relay is globally enabled and shows the remote ID configured on the specified VLAN or VLAN range. Syntax show dhcp l2relay remote-id vlan vlan-range • vlan-range—Show information for the specified VLAN range. List separate, non-consecutive VLAN IDs separated by commas (without spaces). Use a hyphen to designate a range of IDs.
2CSNXXX_SWUM204.book Page 343 Monday, January 25, 2016 1:25 PM Syntax clear dhcp l2relay statistics interface {all | interface-id} • all—Show all interfaces. • interface-id—An Ethernet interface. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.book Page 344 Monday, January 25, 2016 1:25 PM DHCP Snooping Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches DHCP Snooping is a security feature that monitors DHCP messages between DHCP clients and DHCP server to filter harmful DHCP messages and build a bindings database of {MAC address, IP address, VLAN ID, interface} tuples that are considered authorized. The DHCP snooping application processes incoming DHCP messages.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 346 Monday, January 25, 2016 1:25 PM clear ip dhcp snooping statistics Use the clear ip dhcp snooping statistics command to clear all DHCP Snooping statistics. Syntax clear ip dhcp snooping statistics Default Configuration There is no default configuration for this command. Command Mode Privileged Exec User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.book Page 347 Monday, January 25, 2016 1:25 PM User Guidelines To enable DHCP snooping, do the following: 1 Enable DHCP Snooping globally. 2 Enable DHCP Snooping per VLAN. 3 Set DHCP Snooping trusted port on the port in the DHCP server direction. The bindings database populated by DHCP snooping is used by several other services, including IP source guard and dynamic ARP inspection. DHCP snooping must be enabled for these services to operate.
2CSNXXX_SWUM204.book Page 348 Monday, January 25, 2016 1:25 PM Default Configuration There are no static or dynamic DHCP snooping bindings by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ip dhcp snooping binding 00:00:00:00:00:01 vlan 10 10.131.12.134 interface 1/0/1 ip dhcp snooping database Use the ip dhcp snooping database command to configure the persistent storage location of the DHCP snooping database.
2CSNXXX_SWUM204.book Page 349 Monday, January 25, 2016 1:25 PM Example The following example configures the storage location of the snooping database as local. console(config)#ip dhcp snooping database local The following example configures the storage location of the snooping database as remote. console(config)#ip dhcp snooping database tftp://10.131.11.1/db.
2CSNXXX_SWUM204.book Page 350 Monday, January 25, 2016 1:25 PM ip dhcp snooping limit Use the ip dhcp snooping limit command to diagnostically disable itself if the rate of received DHCP messages exceeds the configured limit. Use the no shutdown command to re-enable the interface. Use the no form of this command to disable automatic shutdown of the interface.
2CSNXXX_SWUM204.book Page 351 Monday, January 25, 2016 1:25 PM The administrator can configure the rate and burst interval. Rate limiting is configured independently on each physical interface and may be enabled on both trusted and untrusted interfaces. The rate limit is configurable in the range of 0-300 packets per second and the burst interval in the range of 1-15 seconds. In general, a rate limit of under 100 pps is valid for untrusted interfaces.
2CSNXXX_SWUM204.book Page 352 Monday, January 25, 2016 1:25 PM console(config-if-Gi1/0/1)#no ip dhcp snooping log-invalid ip dhcp snooping trust Use the ip dhcp snooping trust command to configure a port as trusted. Use the no form of this command to configure a port as untrusted. Syntax ip dhcp snooping trust no ip dhcp snooping trust Default Configuration Ports are untrusted by default.
2CSNXXX_SWUM204.book Page 353 Monday, January 25, 2016 1:25 PM ip dhcp snooping verify mac-address Use the ip dhcp snooping verify mac-address command to enable the verification of the source MAC address with the client MAC address in the received DHCP message. Use the “no” form of this command to disable verification of the source MAC address. Syntax ip dhcp snooping verify mac-address no ip dhcp snooping verify mac-address Default Configuration Source MAC address verification is enabled by default.
2CSNXXX_SWUM204.book Page 354 Monday, January 25, 2016 1:25 PM Command Mode User Exec, Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.book Page 355 Monday, January 25, 2016 1:25 PM Default Configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show ip dhcp snooping binding Total number of bindings: 2 MAC Address ----------------00:02:B3:06:60:80 00:02:FE:06:13:04 IP Address --------------210.1.1.3 210.1.1.
2CSNXXX_SWUM204.book Page 356 Monday, January 25, 2016 1:25 PM Example console#show ip dhcp snooping database agent url: write-delay: /10.131.13.79:/sai1.txt 5000 show ip dhcp snooping interfaces Use the show ip dhcp snooping interfaces command to show the DHCP Snooping status of the interfaces. Syntax show ip dhcp snooping interfaces [interface-id] • interface-id —A valid physical interface. Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 357 Monday, January 25, 2016 1:25 PM Gi1/0/15 Yes 15 1 show ip dhcp snooping statistics Use the show ip dhcp snooping statistics command to display the DHCP snooping filtration statistics. Syntax show ip dhcp snooping statistics Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 360 Monday, January 25, 2016 1:25 PM Command Modes User Exec, Privileged Exec User Guidelines This command has no user guidelines. Example (console) #clear ipv6 dhcp snooping binding clear ipv6 dhcp snooping statistics Use the clear ipv6 dhcp snooping statistics command to clear all IPv6 DHCP Snooping statistics. Syntax clear ipv6 dhcp snooping statistics Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 361 Monday, January 25, 2016 1:25 PM Syntax ipv6 dhcp snooping no ipv6 dhcp snooping Default Configuration By default, DHCP snooping is not enabled. Command Modes Global Configuration mode User Guidelines The DHCP snooping application processes incoming DHCP messages.
2CSNXXX_SWUM204.book Page 362 Monday, January 25, 2016 1:25 PM Syntax ipv6 dhcp snooping vlan vlan-range no ipv6 dhcp snooping vlan-range • vlan-range —A single VLAN, one or more VLANs separated by commas, or two VLANs separated by a single dash indicating all VLANs between the first and second inclusive. Multiple VLAN identifiers can be entered provided that no embedded spaces are contained within the vlan-range. Default Configuration By default, DHCP snooping is not enabled on any VLANs.
2CSNXXX_SWUM204.book Page 363 Monday, January 25, 2016 1:25 PM • mac-address—A valid mac address in standard format. • vlan-id —A configured VLAN id. (Range 1-4093) • ip-address—A valid IPv6 address. • interface-id—A valid physical interface ID in short or long format. • port-channel-number—A valid port channel identifier. Default Configuration By default, no static DHCP bindings are configured.
2CSNXXX_SWUM204.book Page 364 Monday, January 25, 2016 1:25 PM User Guidelines The DHCP binding database is persistently stored on a configured external server or locally in flash, depending on the user configuration. A row-wise checksum is placed in the text file that is stored on the configured TFTP server. On switch startup, the switch reads the text file and uses the contents to build the DHCP snooping database.
2CSNXXX_SWUM204.book Page 365 Monday, January 25, 2016 1:25 PM ipv6 dhcp snooping limit Use the ipv6 dhcp snooping limit command configures an interface to be diagnostically disabled if the rate of received DHCP messages exceeds the configured limit. Use the no shutdown command to reenable the interface. Use the no form of the command to disable diagnostic disabling of the interface.
2CSNXXX_SWUM204.book Page 366 Monday, January 25, 2016 1:25 PM The administrator can configure the rate and burst interval. Rate limiting is configured independently on each physical interface and may be enabled on both trusted and untrusted interfaces. The rate limit is configurable in the range of 0-300 packets per second and the burst interval in the range of 1-15 seconds.
2CSNXXX_SWUM204.book Page 367 Monday, January 25, 2016 1:25 PM ipv6 dhcp snooping trust Use the ipv6 dhcp snooping trust command to configure an interface as trusted. Use the no form of the command to return the interface to the default configuration. Syntax ipv6 dhcp snooping trust no ipv6 dhcp snooping trust Default Configuration By default, interfaces are untrusted.
2CSNXXX_SWUM204.book Page 368 Monday, January 25, 2016 1:25 PM no ipv6 dhcp snooping verify mac-address Default Configuration By default, MAC address verification is not enabled. Command Modes Global Configuration mode User Guidelines DHCP MAC address verification operates on DHCP messages received over untrusted interfaces. The source MAC address of DHCP packet is different from the client hardware if: • A DHCP discovery/request broadcast packet that was forwarded by the relay agent.
2CSNXXX_SWUM204.book Page 369 Monday, January 25, 2016 1:25 PM Syntax ipv6 verify binding mac-address vlan vlan-id ip-address interface interface id no ipv6 verify binding mac-address vlan vlan-id ip-address interface interface id • mac-address —A valid mac address in standard format. • vlan-id —A configured VLAN id. (Range 1-4093. • ip-address —A valid IPv6 address. • interface-id—A valid interface ID in short or long format.
2CSNXXX_SWUM204.book Page 370 Monday, January 25, 2016 1:25 PM Default Configuration By default, no sources are blocked. Command Modes Interface Configuration mode (physical and port-channel) User Guidelines DHCP snooping should be enabled on any interfaces for which ipv6 verify source is configured. If ipv6 verify source is configured on an interface for which DHCP snooping is disabled, or for which DHCP snooping is enabled and the interface is trusted, incoming traffic on the interface is dropped.
2CSNXXX_SWUM204.book Page 371 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 372 Monday, January 25, 2016 1:25 PM Command Modes User Exec, Privileged Exec (all show modes) User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.book Page 373 Monday, January 25, 2016 1:25 PM write-delay: 5000 show ipv6 dhcp snooping interfaces Use the show ipv6 dhcp snooping interfaces command to show the DHCP Snooping status of IPv6 interfaces. Syntax show ipv6 dhcp snooping interfaces [interface id] • interface id—A valid physical interface. Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 374 Monday, January 25, 2016 1:25 PM Syntax show ipv6 dhcp snooping statistics Default Configuration This command has no default configuration. Command Modes User Exec, Privileged Exec (all show modes) User Guidelines The following statistics are displayed. Parameter Description MAC Verify Failures The number of DHCP messages that got filtered on an untrusted interface because of the source MAC address and client hardware address mismatch.
2CSNXXX_SWUM204.book Page 375 Monday, January 25, 2016 1:25 PM show ipv6 source binding Use the show ipv6 source binding command to display the IPv6 Source Guard configurations on all ports, on an individual port, or on a VLAN. Syntax show ipv6 source binding [{dhcp-snooping | static}] [interface interface-id] [vlan vlan-id] • dhcp-snooping — Displays the DHCP snooping bindings. • static —Displays the statically configured bindings. Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 376 Monday, January 25, 2016 1:25 PM Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 377 Monday, January 25, 2016 1:25 PM Syntax show ipv6 verify source Default Configuration There is no default configuration for this command. Command Modes User Exec, Privileged Exec (all show modes) User Guidelines If MAC address filtering is not configured on the interface, the MAC Address field is empty. If port security is disabled on the interface, the MAC Address field displays permit-all.
2CSNXXX_SWUM204.book Page 378 Monday, January 25, 2016 1:25 PM Dynamic ARP Inspection Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Dynamic ARP Inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. The feature prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its neighbors.
2CSNXXX_SWUM204.book Page 379 Monday, January 25, 2016 1:25 PM Default Configuration There are no ARP ACLs created by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#arp access-list tier1 clear ip arp inspection statistics Use the clear ip arp inspection statistics command in Privileged Exec mode to reset the statistics for Dynamic Address Resolution Protocol (ARP) inspection on all VLANs.
2CSNXXX_SWUM204.book Page 380 Monday, January 25, 2016 1:25 PM ip arp inspection filter Use the ip arp inspection filter command to configure the ARP ACL to be used for a single VLAN or a range of VLANs to filter invalid ARP packets. If the static keyword is given, packets that do not match a permit statement are dropped without consulting the DHCP snooping bindings. Use the “no” form of this command to unconfigure the ARP ACL.
2CSNXXX_SWUM204.book Page 381 Monday, January 25, 2016 1:25 PM Syntax ip arp inspection limit {none | rate pps [burst interval seconds]} no ip arp inspection limit • none — To set no rate limit. • pps — The number of packets per second (Range: 0–300). • seconds — The number of seconds (Range: 1–15). Default Configuration The default rate limit is 15 packets per second. The default burst interval is 1 second.
2CSNXXX_SWUM204.book Page 382 Monday, January 25, 2016 1:25 PM Default Configuration Interfaces are configured as untrusted by default. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 384 Monday, January 25, 2016 1:25 PM Example console(config)#ip arp inspection vlan 200-300 console(config)#ip arp inspection vlan 200-300 logging permit ip host mac host Use the permit ip host mac host command to configure a rule for a valid IP address and MAC address combination used in ARP packet validation. Use the “no” form of this command to delete an ARP ACL rule.
2CSNXXX_SWUM204.book Page 385 Monday, January 25, 2016 1:25 PM Syntax show arp access-list [acl-name] • acl-name — A valid ARP ACL name (Range: 1–31 characters). Default Configuration There is no default configuration for this command. Command Mode Privileged Exec, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show arp access-list ARP access list H2 permit ip host 1.1.1.1 mac host 00:01:02:03:04:05 permit ip host 1.1.1.
2CSNXXX_SWUM204.book Page 386 Monday, January 25, 2016 1:25 PM • vlan vlan-range—Display the Dynamic ARP Inspection configuration on all the VLANs in the given VLAN range. It also displays the global configuration values for source MAC validation, destination MAC validation and invalid IP validation. List separate, non-consecutive VLAN IDs separated by commas (without spaces). Use a hyphen to designate a range of IDs.
2CSNXXX_SWUM204.book Page 387 Monday, January 25, 2016 1:25 PM Example Following is an example of the show ip arp inspection command. console#show ip arp inspection Source MAC Validation................. Disabled Destination MAC Validation............ Disabled IP Address Validation.................
2CSNXXX_SWUM204.book Page 388 Monday, January 25, 2016 1:25 PM show ip arp inspection vlan Use the show ip arp inspection vlan command to display the Dynamic ARP Inspection configuration on all the VLANs in the given VLAN range. It also displays the global configuration values for source MAC validation, destination MAC validation and invalid IP validation. Syntax show ip arp inspection vlan [vlan-range] • vlan-range— A list of VLAN identifiers.
2CSNXXX_SWUM204.book Page 389 Monday, January 25, 2016 1:25 PM Log Invalid Whether logging of invalid ARP packets is enabled on the VLAN. ACL Name ARP ACL Name if configured on the VLAN. Static flag If the ARP ACL is configured static on the VLAN.
2CSNXXX_SWUM204.book Page 390 Monday, January 25, 2016 1:25 PM Ethernet Configuration Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Dell Networking switches support a variety of configuration options to optimize network operations. Features such as flow-control and jumbo frames are supported along with a variety of commands to display traffic statistics as well as limit the effects of network loops or other network issues.
2CSNXXX_SWUM204.book Page 391 Monday, January 25, 2016 1:25 PM On a storm control enabled interface, if the ingress rate of that type of packet (L2 broadcast, multicast, or unicast) is greater than the configured threshold level (as a percentage of port speed or as an absolute packets-per-second rate), the switch forwarding-plane discards the excess traffic. The speed command controls interface link speeds and auto-negotiation.
2CSNXXX_SWUM204.book Page 392 Monday, January 25, 2016 1:25 PM • switchport—Clear all the interface counters • interface-id—An Ethernet or port-channel identifier. If specified, counters are cleared for the individual interface. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines Use of the clear counters command with no parameters indicates that both switch and all interface statistics are to be cleared.
2CSNXXX_SWUM204.book Page 393 Monday, January 25, 2016 1:25 PM Default Configuration By default, the interface does not have a description. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines This command has no user guidelines. Example The following example adds a description to the Ethernet port 5.
2CSNXXX_SWUM204.book Page 394 Monday, January 25, 2016 1:25 PM User Guidelines When both speed and duplex are configured to auto, auto negotiation is enabled for the port. To disable auto-negotiation on a port, it is necessary to enter both the speed and duplex commands without using the auto parameter. 10G/40G fiber ports do not support auto-negotiation and therefore require the operator to enter the duplex full command and the speed command with the desired operating bandwidth.
2CSNXXX_SWUM204.book Page 395 Monday, January 25, 2016 1:25 PM User Guidelines Dell Networking switches implement receive flow control only. They never issue a flow control PAUSE frame when congested, but do respect received flow control PAUSE frames received from other switches. Disabling flow control causes the switch to ignore received PAUSE frames. Interface specific configuration overrides any global configuration.
2CSNXXX_SWUM204.book Page 396 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration, Interface Configuration User Guidelines Dell Networking switches implement receive flow control only. They never issue a flow control PAUSE frame when congested, but will respect received flow control PAUSE frames received from other switches. Disabling flow control causes the switch to ignore received PAUSE frames. Interface specific configuration overrides any global configuration.
2CSNXXX_SWUM204.book Page 397 Monday, January 25, 2016 1:25 PM • port-range—A list of valid ports to configure. Separate non-consecutive ports with a comma and no spaces; use a hyphen to designate a range of ports. For more detailed information, see Operating on Multiple Objects (Range). The command line buffer parses up to the maximum number of command line characters possible in the port-range parameter. • port-type—Shows all interfaces of the specified type.
2CSNXXX_SWUM204.book Page 398 Monday, January 25, 2016 1:25 PM console(config)#interface range gi1/0/1,te1/1/1 console(config)#interface range gigabitEthernet 1/0/10,tengigabitEthernet 1/1/2 link debounce time Use the link debounce time command to configure the debounce timer for one or multiple interfaces. Use the no form of the command to set the link debounce time to the default. Use a time of 0 ms to disable link bounce hysteresis on an interface.
2CSNXXX_SWUM204.book Page 399 Monday, January 25, 2016 1:25 PM Use the show interfaces debounce command to display the link debounce time or to display the link flap count (the number of notifications sent to the system that link signal was lost). The link flap count is also displayed by the show interfaces command. The link debounce counter is cleared by the clear counters command and the clear counters interface-id command.
2CSNXXX_SWUM204.book Page 400 Monday, January 25, 2016 1:25 PM Default Configuration The default ingress rate limit is 1024 packets per second (3000 for N4000 series switches). Command Modes Global Configuration mode User Guidelines Unknown unicast and multicast packets are copied to the CPU on the lowest priority QoS queue. Unknown packets are those that do not have hardware forwarding entries. Known unicast/multicast packets are hardware forwarded and are not queued to the CPU.
2CSNXXX_SWUM204.book Page 401 Monday, January 25, 2016 1:25 PM Example The following example shows output with higher than normal CPU usage due to packets copied to the software forwarding task. console#show process cpu Memory Utilization Report status bytes ------ ---------free 1053933568 alloc 673873920 CPU Utilization: PID Name 5 Secs 60 Secs 300 Secs ---------- ------------------- -------- -------- -------1129 osapiTimer 0.00% 0.00% 0.01% 1133 _interrupt_thread 0.09% 0.01% 0.00% 1137 bcmCNTR.0 0.24% 0.
2CSNXXX_SWUM204.book Page 402 Monday, January 25, 2016 1:25 PM Default Configuration There is no default configuration. Command Mode All modes, including Config mode and all config submodes. User Guidelines The show interface command shows the actual operational status of the interface, which is not necessarily the same as the configuration. Input/output rate statistics are collected every 10 seconds. The link status field shows the hardware status followed by the keepalive status.
2CSNXXX_SWUM204.book Page 403 Monday, January 25, 2016 1:25 PM • DHCP Rate Limit – excessive DHCP packets detected • Loop Protection – A loop was detected by the CDP protocol • Multicast Storm – multicast storm detected • Port security – port security violation detected • SFP Mismatch – unsupported transceiver detected • SFP Plus Mismatch –SFP+ transceiver detected in SFP port • UDLD – UDLD disabled interface • Unicast Storm – unicast storm detected Command History Introduced in version 6.
2CSNXXX_SWUM204.book Page 404 Monday, January 25, 2016 1:25 PM Broadcast Packets Received..................... Total Packets Received with MAC Errors......... Jabbers Received............................... Fragments/Undersize Received................... Alignment Errors............................... FCS Errors..................................... Overruns....................................... Total Received Packets Not Forwarded........... Total Packets Transmitted Successfully.........
2CSNXXX_SWUM204.book Page 405 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines The priority resolution field indicates the auto-negotiated link speed and duplex. The clock field indicates whether the local interface has autonegotiated to clock master or clock slave. When the link is down, the field will show No link.
2CSNXXX_SWUM204.book Page 406 Monday, January 25, 2016 1:25 PM 10000f 1000f 1000h 100f 100h ------ ----- ----- ----- ----Admin Local link Advertisement no yes no yes no Oper Local link Advertisement no yes no yes no Oper Peer Advertisement no yes no yes no Priority Resolution yes - 10f ----yes yes yes - 10h ---no no no - show interfaces configuration Use the show interfaces configuration command in User Exec mode to display the configuration for all configured interfaces.
2CSNXXX_SWUM204.book Page 407 Monday, January 25, 2016 1:25 PM Field Description Admin State Displays whether the port is enabled or disabled.
2CSNXXX_SWUM204.book Page 408 Monday, January 25, 2016 1:25 PM Command Mode User Exec mode, Configuration mode and all Configuration submodes User Guidelines The following table describes the fields shown in the display: Field Description InOctets Counted received octets. InUcastPkts Counted received Unicast packets. InMcastPkts Counted received Multicast packets. InBcastPkts Counted received Broadcast packets. OutOctets Counted transmitted octets.
2CSNXXX_SWUM204.book Page 409 Monday, January 25, 2016 1:25 PM Field Description Internal MAC Rx Errors A count of frames for which reception fails due to an internal MAC sublayer receive error. Received Pause Frames A count of MAC Control frames received with an opcode indicating the PAUSE operation. Transmitted Pause Frames Counted MAC Control frames transmitted on this interface with an opcode indicating the PAUSE operation.
2CSNXXX_SWUM204.book Page 410 Monday, January 25, 2016 1:25 PM Gi1/0/19 Gi1/0/20 0 0 0 0 0 0 0 0 Port OutTotalPkts OutUcastPkts OutMcastPkts OutBcastPkts --------- ---------------- ---------------- ---------------- --------------Gi1/0/1 0 0 0 0 Gi1/0/2 0 0 0 0 Gi1/0/3 0 0 0 0 Gi1/0/4 0 0 0 0 Gi1/0/5 0 0 0 0 Gi1/0/6 0 0 0 0 Gi1/0/7 0 0 0 0 Gi1/0/8 0 0 0 0 Gi1/0/9 0 0 0 0 Gi1/0/10 0 0 0 0 Gi1/0/11 0 0 0 0 Gi1/0/12 0 0 0 0 The following example displays counters for Ethernet port Te1/0/1.
2CSNXXX_SWUM204.book Page 411 Monday, January 25, 2016 1:25 PM show interfaces debounce Use the show interfaces debounce command to list the debounce information for one or multiple interfaces. If no parameter is given, all physical interfaces are shown. Syntax show interfaces debounce [ interface-id ] • interface-id—A physical interface identifier (i.e., a 1G, 10G, or 40G Ethernet interface) in standard interface format. Default Configuration Physical interfaces have a 100 ms debounce time enabled.
2CSNXXX_SWUM204.book Page 412 Monday, January 25, 2016 1:25 PM Syntax show interfaces description [gigabitethernet unit/slot/port | port-channel port-channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port] Default Configuration This command has no default configuration. Command Mode User Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 413 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays detailed status and configuration of the specified interface.
2CSNXXX_SWUM204.book Page 414 Monday, January 25, 2016 1:25 PM PVID: 1 Ingress Filtering: Enabled Acceptable Frame Type: Untagged Port Gi1/0/1 is statically configured to: VLAN ---- Name Egress rule --------------------------------- ----------- Forbidden VLANS: VLAN Name ------------------------------------ Port Gi1/0/1 Enabled State: Disabled Port id: 128.1 Port Fast: No (Configured: no ) Designated bridge Priority: 32768 Designated port id: 0.
2CSNXXX_SWUM204.book Page 415 Monday, January 25, 2016 1:25 PM the show interfaces status command. The link state indicates the physical connectivity state of the link. It is possible that the link is connected physically yet frames are not able to pass over the link. Possible causes of this condition are speed or duplex mismatch. The displayed port status information includes the following: Field Description Port The port or port channel number. Oob means Out-of-Band Management Interface.
2CSNXXX_SWUM204.book Page 416 Monday, January 25, 2016 1:25 PM Example The following example displays the status for all configured interfaces.
2CSNXXX_SWUM204.book Page 417 Monday, January 25, 2016 1:25 PM Command Modes User Exec, Privileged Exec modes. User Guidelines This command only supports the display of 10G and 40G transceivers. Example The following example shows the qualifications status of the optics on the switch.
2CSNXXX_SWUM204.book Page 418 Monday, January 25, 2016 1:25 PM Syntax show statistics {gigabitethernet unit/slot/port |switchport | port-channel port-channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port} • unit/slot/port—A valid interface. See Interface Naming Conventions for interface representation. • switchport—Displays statistics for the entire switch. Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 419 Monday, January 25, 2016 1:25 PM Total Packets Received Without Errors.......... Unicast Packets Received....................... Multicast Packets Received..................... Broadcast Packets Received..................... 0 0 0 0 Total Packets Received with MAC Errors......... Jabbers Received............................... Fragments/Undersize Received................... Alignment Errors............................... FCS Errors.....................................
2CSNXXX_SWUM204.book Page 420 Monday, January 25, 2016 1:25 PM EAPOL Frames Transmitted....................... 0 EAPOL Start Frames Received.................... 0 Time Since Counters Last Cleared............... 0 day 13 hr 20 min 24 sec show statistics switchport Use the show statistics command in Privileged Exec mode to display detailed statistics for a specific port or for the entire switch. Syntax show statistics {interface-id |switchport} • interface-id—The interface ID.
2CSNXXX_SWUM204.book Page 421 Monday, January 25, 2016 1:25 PM Receive Packets Discarded ifInDiscards Octets Transmitted ifHCOutOctets Unicast Packets Transmitted ifHCOutUcastPkts Multicast Packets Transmitted ifHCOutMulticastPkts Broadcast Packets Transmitted ifHCOutBroadcastPkts Transmit Packets Discarded ifOutDiscards Example The following example shows statistics for the entire switch. console#show statistics switchport Total Packets Received (Octets)................
2CSNXXX_SWUM204.book Page 422 Monday, January 25, 2016 1:25 PM show storm-control Use the show storm-control command in Privileged Exec mode to display the configuration of storm control. Syntax show storm-control [all | {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 423 Monday, January 25, 2016 1:25 PM Gi1/0/4 Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 Disable Disable Disable Disable Disable 5 5 5 5 5 Disable Disable Disable Disable Disable 5 5 5 5 5 Disable Disable Disable Disable Disable 5 5 5 5 5 Enabled Enabled Enabled Enabled Enabled show storm-control action Use the show storm-control action command to display the storm control action configuration for one or all interfaces.
2CSNXXX_SWUM204.book Page 424 Monday, January 25, 2016 1:25 PM shutdown Use the shutdown command in Interface Configuration mode to disable an interface. To restart a disabled interface, use the no form of this command. Syntax shutdown no shutdown Default Configuration The interface is enabled. Command Mode Interface Configuration (Ethernet, Port-Channel, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Examples The following example disables gigabit Ethernet port 1/0/5.
2CSNXXX_SWUM204.book Page 425 Monday, January 25, 2016 1:25 PM • 10—Configures the port to 10 Mbps operation. • 100—Configures the port to 100 Mbps operation. • 1000—Configures the port to 1000 Mbps operation. • 10000—Configures the port to 10 Gbps operation. • 40000—Configures the port to 40 Gbps operation. • auto—The port automatically detects the speed it should run based on the port at the other end of the link.
2CSNXXX_SWUM204.book Page 426 Monday, January 25, 2016 1:25 PM Example The following example configures the speed operation of gigabit Ethernet port 1/0/5 to advertise 100-Mbps operation only via auto-negotiation. console(config)#interface gigabitethernet 1/0/5 console(config-if)#speed auto 100 switchport protected Use the switchport protected command in Interface Configuration mode to configure a protected port.
2CSNXXX_SWUM204.book Page 427 Monday, January 25, 2016 1:25 PM console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#switchport protected 1 switchport protected name Use the switchport protected name command in Global Configuration mode to adds the port to the protected group 1 and also sets the group name to "protected". Syntax switchport protected groupid name name no switchport protected groupid name • groupid — Identifies which group the port is to be protected in.
2CSNXXX_SWUM204.book Page 428 Monday, January 25, 2016 1:25 PM show switchport protected Use the show switchport protected command in Privileged Exec mode to display the status of all the interfaces, including protected and unprotected interfaces. Syntax show switchport protected groupid • groupid — Identifies which group the port is to be protected in. (Range: 0–2) Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 429 Monday, January 25, 2016 1:25 PM Command Modes Privileged Exec User Guidelines This command has no usage guidelines. Example a11-39#show system mtu System Jumbo MTU size is 9216 bytes system jumbo mtu Use the system jumbo mtu command to globally configure the link Maximum Transmission Unit (MTU) on all interfaces, IP/IPv6 interfaces, VLAN interfaces, and port channel interfaces for forwarded and systemgenerated frames.
2CSNXXX_SWUM204.book Page 430 Monday, January 25, 2016 1:25 PM User Guidelines Dell Networking N-Series switches do not fragment received packets. The IPv4 and IPv6 MTU are set to the link MTU minus 18 bytes. IP packets forwarded in software are dropped if they exceed the IP MTU. Packets originated on the router, such as OSPF packets, may be fragmented by the IP stack. OSPF advertises the IP MTU in the Database Description packets it sends to its neighbors during database exchange.
2CSNXXX_SWUM204.book Page 431 Monday, January 25, 2016 1:25 PM Ethernet CFM Commands Dell Networking N4000 Series Switches Connectivity Fault Management (CFM) is the OAM Protocol provision for end-to-end service layer OAM in carrier Ethernet networks. CFM provides mechanisms to support the operator in performing connectivity checks, fault detection, fault verification and isolation, and fault notification per service in the network domain of interest. Unlike Ethernet OAM defined in IEEE 802.
2CSNXXX_SWUM204.book Page 432 Monday, January 25, 2016 1:25 PM ethernet cfm mep active show ethernet cfm maintenance-points remote ethernet cfm mep archive-hold-time show ethernet cfm statistics ethernet cfm mip level – ethernet cfm domain Use the ethernet cfm domain command in Global Configuration mode to enter into Maintenance Domain Configuration mode for an existing domain. Use the optional level parameter to create a domain and enter into maintenance domain Configuration mode.
2CSNXXX_SWUM204.book Page 433 Monday, January 25, 2016 1:25 PM console(config-cfm-mdomain)# service Use the service command in Maintenance Domain Configuration mode to associate a VLAN with a maintenance domain. Use the no form of the command to remove the association. Syntax service service-name vlan vlan-id • service-name—Unique service identifier. • vlan-id—VLAN ID representing a service instance that is monitored by this maintenance association. The range is 1-4093.
2CSNXXX_SWUM204.book Page 434 Monday, January 25, 2016 1:25 PM • vlan-id—VLAN ID representing a service instance that is monitored by this maintenance association. The range is 1-4093. • secs—Time interval between successive transmissions. The range is 1, 10, 60, and 600 seconds. The default is 1 second. Default Configuration CCMs are not sent by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 435 Monday, January 25, 2016 1:25 PM Command Mode Interface Configuration mode User Guidelines This command has no user guidelines. Example The following example creates a maintenance endpoint at level 1 with mpid 1010 on vlan 10. console(config-if-Gi1/0/3)#ethernet cfm mep level 1 direction up mpid 1010 vlan 10 ethernet cfm mep enable Use the ethernet cfm mep enable command in Interface Configuration mode to enable a MEP at the specified level and direction.
2CSNXXX_SWUM204.book Page 436 Monday, January 25, 2016 1:25 PM Example The following example enables a maintenance endpoint at level 1 with mpid 1010 on vlan 10. console(config-if-Gi1/0/3)#ethernet cfm mep enable level 1 vlan 10 mpid 1010 ethernet cfm mep active Use the ethernet cfm mep active command in Interface Configuration mode to activate a MEP at the specified level and direction. Use the no form of the command to deactivate the MEP.
2CSNXXX_SWUM204.book Page 437 Monday, January 25, 2016 1:25 PM • hold-time—The time in seconds to maintain the data for a missing MEP before removing the data. The default value is 600 seconds. Default Configuration No MEPs are preconfigured. Command Mode Interface Configuration User Guidelines The hold time should generally be less than the CCM message interval. Example The following example sets the hold time for maintaining internal information regarding a missing MEP.
2CSNXXX_SWUM204.book Page 438 Monday, January 25, 2016 1:25 PM User Guidelines Refer to IEEE 802.1ag for an explanation of maintenance association levels. Typically, this value is assigned by the top level network service provider. Example console(config-if-Gi1/0/1)# ethernet cfm mip level 7 ping ethernet cfm Use the ping ethernet cfm command in Privileged Exec mode to generate a loopback message (LBM) from the configured MEP.
2CSNXXX_SWUM204.book Page 439 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example console #ping ethernet cfm mac 00:11:22:33:44:55 level 1 vlan 10 mpid 1 count 10 traceroute ethernet cfm Use the traceroute ethernet command in Privileged Exec mode to generate a link trace message (LTM) from the configured MEP.
2CSNXXX_SWUM204.book Page 440 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example console # traceroute ethernet cfm remote-mpid 32 level 7 vlan 11 mpid 12 show ethernet cfm errors Use the show ethernet cfm errors command in Privileged Exec mode to display the cfm errors.
2CSNXXX_SWUM204.book Page 441 Monday, January 25, 2016 1:25 PM • DevXconCCM—The MEP has recevied at least one CCM from either another MAID or a lower MD level whose CCM interval has not yet timed out.
2CSNXXX_SWUM204.book Page 442 Monday, January 25, 2016 1:25 PM show ethernet cfm maintenance-points local Use the show ethernet cfm maintenance-points local command in Privileged Exec mode to display the configured local maintenance points. Syntax show ethernet cfm maintenance-points local {level 0-7 | interface interface- id | domain domain-name} • level—Maintenance association level • domain—Name of the maintenance domain (an alphanumeric string of up to 43 characters in length).
2CSNXXX_SWUM204.book Page 443 Monday, January 25, 2016 1:25 PM • Operational Status—The MEP operational status • MAC—The MAC address associated with the MEP.
2CSNXXX_SWUM204.book Page 444 Monday, January 25, 2016 1:25 PM User Guidelines Refer to IEEE 802.1ag for an explanation of the maintenance association level and MEP ID. Typically, these are assigned by the top level network service provider.
2CSNXXX_SWUM204.book Page 445 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec, Configuration mode and all Configuration submodes User Guidelines Refer to IEEE 802.1ag for an explanation of the maintenance association level. Typically, maintenance levels are assigned by the top level network service provider.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 447 Monday, January 25, 2016 1:25 PM Green Ethernet Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Dell Networking switches support various Green Ethernet modes, i.e., power saving modes, namely: • Energy-Detect Mode • Energy Efficient Ethernet These modes can enable significant operational cost reductions through direct power savings and reducing cooling costs. Green mode commands are only valid for physical interfaces.
2CSNXXX_SWUM204.book Page 448 Monday, January 25, 2016 1:25 PM description show green-mode eee-lpi-history interface green-mode eee-lpi-history – green-mode energy-detect This command enables a Dell proprietary mode of power reduction on ports that are not connected to another interface. Use the green-mode energydetect command in Interface Configuration mode to enable energy-detect mode on an interface or all the interfaces.
2CSNXXX_SWUM204.book Page 449 Monday, January 25, 2016 1:25 PM mode is always enabled on N4000 series 10G ports and cannot be disabled. An error message (Unable to set energy-detect mode) will be displayed if the user attempts to configure energy-detect on a 10G port on a N1500/N2000/N3000 series switch. green-mode eee Use the green-mode eee command in Interface Configuration mode to enable EEE low power idle mode on an interface.
2CSNXXX_SWUM204.book Page 450 Monday, January 25, 2016 1:25 PM clear green-mode statistics Use the clear green-mode statistics command in Privileged Exec mode to clear: • The EEE LPI event count, and LPI duration • The EEE LPI history table entries • The Cumulative Power savings estimates for a specified interface or for all the interfaces based upon the argument. Syntax clear green-mode statistics {interface-id | all} • interface-id—An Ethernet interface identifier.
2CSNXXX_SWUM204.book Page 451 Monday, January 25, 2016 1:25 PM Syntax green-mode eee-lpi-history {sampling-interval 30 sec – 36000 sec| maxsamples 1 - 168} • sampling-interval—The interval in seconds at which power consumption data needs to be collected. • max-samples—Maximum number of samples to keep. Default Configuration The sampling-interval default value is 3600 seconds and the max-samples default value is 168.
2CSNXXX_SWUM204.book Page 452 Monday, January 25, 2016 1:25 PM Syntax show green-mode interface-id • interface-id—An Ethernet interface identifier. See Interface Naming Conventions for interface representation. Default Configuration This command has no default configuration. Command Mode Privileged Exec User Guidelines This command output provides the following information. Term Description Energy Detect Energy-detect admin mode Energy-detect mode is enabled or disabled.
2CSNXXX_SWUM204.book Page 453 Monday, January 25, 2016 1:25 PM Term Description Rx Low Power Idle Duration (μSec) This field indicates duration of Rx LPI state in 10us increments. Shows the total duration of Rx LPI since the EEE counters are last cleared. Tx Low Power Idle Event Count This field is incremented each time MAC TX enters LP IDLE state. Shows the total number of Tx LPI Events since EEE counters are last cleared.
2CSNXXX_SWUM204.book Page 454 Monday, January 25, 2016 1:25 PM Term Description Remote Tw_sys_rx (μSec) Integer that indicates the value of Tw_sys that the remote system requests from the local system. This value maps from the aLldpXdot3RemRxTwSys attribute. Remote Tw_sys_rx Echo (μSec) Integer that indicates the value of Receive Tw_sys echoed back by the remote system. This value maps from the aLldpXdot3RemRxTwSysEcho attribute.
2CSNXXX_SWUM204.book Page 455 Monday, January 25, 2016 1:25 PM Tx Low Power Idle Event Count.... 0 Tx Low Power Idle Duration (uSec) 0 Tw_sys_tx (usec)..................17 Tw_sys_tx Echo(usec)..............17 Tw_sys_rx (usec)..................17 Tw_sys_tx Echo(usec)..............17 Fallback Tw_sys (usec)............17 Remote Tw_sys_tx (usec)...........21 Remote Tw_sys_tx Echo(usec).......21 Remote Tw_sys_rx (usec)...........21 Remote Tw_sys_tx Echo(usec).......21 Remote fallback Tw_sys (usec).....
2CSNXXX_SWUM204.book Page 456 Monday, January 25, 2016 1:25 PM Term Description Energy-detect Config Energy-detect Admin mode is enabled or disabled. Energy-detect Opr Energy detect mode is currently active or inactive. The energy detect mode may be administratively enabled, but the operational status may be inactive. EEE EEE Config EEE Admin Mode is enabled or disabled. Example console#show green-mode Current Power Consumption (mW)................. 11545 Power Saving /Stack (%)....................
2CSNXXX_SWUM204.book Page 457 Monday, January 25, 2016 1:25 PM • interface-id—An Ethernet interface identifier. See Interface Naming Conventions for interface representation. Default Configuration This command has no default configuration. Command Mode Privileged Exec User Guidelines On combo ports, samples are only collected on the copper ports when enabled. The following fields are displayed by this command. Term Description Sampling Interval Interval at which EEE LPI statistics is collected.
2CSNXXX_SWUM204.book Page 458 Monday, January 25, 2016 1:25 PM Total No. of Samples to Keep................... 10 Percentage LPI time per stack.................. 0 Sample No.
2CSNXXX_SWUM204.book Page 459 Monday, January 25, 2016 1:25 PM GVRP Commands Dell Networking N2000/N3000/N4000 Series Switches GARP VLAN Registration Protocol (GVRP) is used to propagate VLAN membership information throughout the network. GVRP is based on the Generic Attribute Registration Protocol (GARP), which defines a method of propagating a defined attribute (that is, VLAN membership) throughout the network.
2CSNXXX_SWUM204.book Page 460 Monday, January 25, 2016 1:25 PM Syntax clear gvrp statistics [interface-id] • interface-id—An Ethernet interface identifier or a port channel identifier Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example clears all the GVRP statistics information on interface Gi1/0/8.
2CSNXXX_SWUM204.book Page 461 Monday, January 25, 2016 1:25 PM Default Configuration The default timer values are as follows: • Join timer — 20 centiseconds • Leave timer — 60 centiseconds • Leaveall timer — 1000 centiseconds Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines This command is available in Ethernet interface configuration mode and port channel interface configuration mode.
2CSNXXX_SWUM204.book Page 462 Monday, January 25, 2016 1:25 PM no gvrp enable Default Configuration GVRP is globally disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example globally enables GVRP on the device. console(config)#gvrp enable gvrp enable (Interface Configuration) Use the gvrp enable command in Interface Configuration mode to enable GVRP on an interface.
2CSNXXX_SWUM204.book Page 463 Monday, January 25, 2016 1:25 PM User Guidelines This command is available in Ethernet interface configuration mode and port channel interface configuration mode. An Access port cannot join dynamically to a VLAN because it is always a member of only one VLAN. Membership in untagged VLAN would be propagated in a same way as a tagged VLAN. In such cases it is the administrator’s responsibility to set the PVID to be the untagged VLAN VID.
2CSNXXX_SWUM204.book Page 464 Monday, January 25, 2016 1:25 PM Example The following example shows how default dynamic registering and deregistering is forbidden for each VLAN on port 1/0/8. console(config)#interface gigabitethernet 1/0/8 console(config-if-Gi1/0/8)#gvrp registration-forbid gvrp vlan-creation-forbid Use the gvrp vlan-creation-forbid command in Interface Configuration mode to disable dynamic VLAN creation. To enable dynamic VLAN creation, use the no form of this command.
2CSNXXX_SWUM204.book Page 465 Monday, January 25, 2016 1:25 PM show gvrp configuration Use the show gvrp configuration command in Privileged Exec mode to display GVRP configuration information. Timer values are displayed. Other data shows whether GVRP is enabled and which ports are running GVRP. Syntax show gvrp configuration [ interface-id ] Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 466 Monday, January 25, 2016 1:25 PM Gi1/0/12 Gi1/0/13 Gi1/0/14 20 20 20 60 60 60 1000 1000 1000 Disabled Disabled Disabled show gvrp error-statistics Use the show gvrp error-statistics command in User Exec mode to display GVRP error statistics. Syntax show gvrp error-statistics [interface-id] • interface-id—An Ethernet interface identifier or a port channel interface identifier. Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 467 Monday, January 25, 2016 1:25 PM Gi1/0/2 Gi1/0/3 Gi1/0/4 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 show gvrp statistics Use the show gvrp statistics command in User Exec mode to display GVRP statistics. Syntax show gvrp statistics [interface-id] • interface-id —A physical interface identifier or a port channel interface identifier. Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 469 Monday, January 25, 2016 1:25 PM IGMP Snooping Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Snooping of Internet Group Management Protocol (IGMP) messages is a feature that allows Dell Networking switches to forward multicast traffic intelligently on the switch. Multicast traffic is traffic that is destined to a host group. Host groups are identified by the destination MAC address, i.e.
2CSNXXX_SWUM204.book Page 470 Monday, January 25, 2016 1:25 PM interface within a specified length of time (multicast router present expiration time), that interface is removed from the list of interfaces with multicast routers attached. The multicast router present expiration time is configurable using management. The default value for the multicast router expiration time is zero, which indicates an infinite time-out (that is, no expiration).
2CSNXXX_SWUM204.book Page 471 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration mode User Guidelines Use this command without parameters to globally enable IGMP snooping. Use the no form of the command to disable IGMP snooping. Use the vlan parameter to enable IGMP snooping on a specific VLAN. GMRP is incompatible with IGMP snooping and should be disabled on any VLANs on which IGMP snooping is enabled.
2CSNXXX_SWUM204.book Page 472 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console(config)#show ip igmp snooping Admin Mode..................................... IGMP Router-Alert check........................ Multicast Control Frame Count.................. SSM FDB Capacity..............................
2CSNXXX_SWUM204.book Page 473 Monday, January 25, 2016 1:25 PM • ip-multicast-address — Specifies an IP Multicast address. Default Configuration This command has no default configuration. Command Mode User Exec mode, Configuration mode and all Configuration submodes User Guidelines To see the full Multicast address table (including static addresses) use the show mac address-table command.
2CSNXXX_SWUM204.book Page 474 Monday, January 25, 2016 1:25 PM SSM FDB High Water Mark........................ 1 SSM FDB Current Entries........................ 1 Flooding Unregistered to All Ports............. Disabled Vlan 1: -------IGMP Snooping Admin Mode....................... Immediate Leave Mode........................... Group Membership Interval...................... Last Member Query Interval..................... Multicast Router Expiry Time...................
2CSNXXX_SWUM204.book Page 475 Monday, January 25, 2016 1:25 PM ip igmp snooping vlan immediate-leave This command enables or disables IGMP Snooping immediate-leave mode on a selected VLAN. Enabling immediate-leave allows the switch to immediately remove the layer 2 LAN interface from its forwarding table entry upon receiving an IGMP leave message for that multicast group without first sending out MAC-based general queries to the interface.
2CSNXXX_SWUM204.book Page 476 Monday, January 25, 2016 1:25 PM ip igmp snooping vlan groupmembership-interval This command sets the IGMP Group Membership Interval time on a VLAN. The Group Membership Interval time is the amount of time in seconds that a switch waits for a report from a particular group on a particular interface before deleting the interface from the entry. This value must be greater than the IGMPv3 Maximum Response time value. The range is 2 to 3600 seconds.
2CSNXXX_SWUM204.book Page 477 Monday, January 25, 2016 1:25 PM ip igmp snooping vlan last-member-queryinterval This command sets the last-member-query interval on a particular VLAN. The last-member-query-interval is the amount of time in seconds after which a host is considered to have left the group. This value must be less than the IGMP Query Interval time value. The range is 1 to 25 seconds. The no form of this command sets the last-member-query-interval on the VLAN to the default value.
2CSNXXX_SWUM204.book Page 478 Monday, January 25, 2016 1:25 PM ip igmp snooping vlan mcrtrexpiretime This command sets the Multicast Router Present Expiration time. The time is set on a particular VLAN. This is the amount of time in seconds that a switch waits for a query to be received on an interface before the interface is removed from the list of interfaces with multicast routers attached. The range is 1–2147483647 seconds. A value of 0 indicates an infinite time-out (no expiration).
2CSNXXX_SWUM204.book Page 479 Monday, January 25, 2016 1:25 PM Syntax ip igmp snooping vlan vlan-id report-suppression no ip igmp report-suppression • vlan-id — A VLAN identifier (Range 1-4093). Default Configuration Report suppression is enabled by default. Command Mode Global Configuration mode User Guidelines When IGMP report suppression is enabled, the switch only sends the first report received for a group in response to a query. Report suppression is only applicable to IGMPv1 and IGMPv2.
2CSNXXX_SWUM204.book Page 480 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration mode. User Guidelines There is no equivalent MLD command since this setting applies to both protocols. Example console(config)#ip igmp snooping unregistered floodall ip igmp snooping vlan mrouter This command statically configures a port as connected to a multicast router for a specified VLAN. Use the no form of this command to remove the static binding.
2CSNXXX_SWUM204.book Page 481 Monday, January 25, 2016 1:25 PM IGMP snooping will consider that an mrouter is active if an mrouter port is defined in the VLAN, regardless of whether the mrouter port is up or not. If an mrouter port is defined, IGMP snooping will not flood multicast source packets received in the VLAN.
2CSNXXX_SWUM204.book Page 482 Monday, January 25, 2016 1:25 PM IGMP Snooping Querier Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches The IGMP Snooping Querier is an extension to the IGMP Snooping feature. IGMP Snooping Querier allows the switch to simulate an IGMP router in a Layer 2-only network, thus removing the need to have an IGMP Router to collect and refresh the multicast group membership information. The querier function simulates a small subset of the IGMP router functionality.
2CSNXXX_SWUM204.book Page 483 Monday, January 25, 2016 1:25 PM address when generating periodic queries. The no form of this command disables IGMP Snooping Querier on the system. Use the optional address parameter to set or reset the querier address. If a VLAN has IGMP Snooping Querier enabled, and IGMP Snooping is operationally disabled on the VLAN, IGMP Snooping Querier functionality is disabled on that VLAN.
2CSNXXX_SWUM204.book Page 484 Monday, January 25, 2016 1:25 PM The VLAN IP address takes precedence over the global IP address when both are configured. IGMP Querier does not detect when the local switch is configured as a multicast router. It is not recommended to configure both L3 multicast routing and IGMP Querier on the same switch. IGMP snooping (and IGMP querier) validates IGMP packets. As part of the validation, IGMP checks for the router alert option.
2CSNXXX_SWUM204.book Page 485 Monday, January 25, 2016 1:25 PM Default Configuration The snooping querier is configured to not participate in the querier election by default. If the switch detects another querier in the VLAN, it will cease sending queries for the querier timeout period. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures the snooping querier to participate in the querier election.
2CSNXXX_SWUM204.book Page 486 Monday, January 25, 2016 1:25 PM User Guidelines The value of this parameter should be larger than the IGMP Max Response Time value inserted into general query messages by the querier. The default IGMP Max Response Time is defined in RFC 3376 as 10 seconds. Dell Networking queriers use this value when sending general query messages. Use the show ip igmp snooping querier vlan command to display the operational max response time value.
2CSNXXX_SWUM204.book Page 487 Monday, January 25, 2016 1:25 PM Example The following example sets the querier timer expiry time to 100 seconds. console(config)#ip igmp snooping querier timer expiry 100 ip igmp snooping querier version This command sets the IGMP version of the query that the snooping switch is going to send periodically. The no form of this command sets the IGMP Querier Version to its default value.
2CSNXXX_SWUM204.book Page 488 Monday, January 25, 2016 1:25 PM Syntax show ip igmp snooping querier [detail | vlan vlan-id] • vlan-id —Specifies a VLAN ID value. Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes User Guidelines When the optional argument vlan-id is not used, the command shows the following information. Parameter Description IGMP Snooping Querier Indicates whether or not IGMP Snooping Querier is active on the switch.
2CSNXXX_SWUM204.book Page 489 Monday, January 25, 2016 1:25 PM Parameter Description Operational State Indicates whether IGMP Snooping Querier is in the Querier or Non-Querier state. When the switch is in Querier state it sends out periodic general queries. When in Non-Querier state it waits for moving to Querier state and does not send out any queries. VLAN Operational Indicates the time to wait before removing a Leave from a host Max Response Time upon receiving a Leave request.
2CSNXXX_SWUM204.book Page 490 Monday, January 25, 2016 1:25 PM Operational State........................ Last Querier Address..................... Operational version...................... Operational Max Resp Time................ Querier 2.2.2.
2CSNXXX_SWUM204.book Page 491 Monday, January 25, 2016 1:25 PM Interface Error Disable and Auto Recovery Dell Networking N1500/N2000/N3000/N4000 Series Switches Interface error disable automatically disables an interface when an error is detected; no traffic is allowed until the interface is either manually re-enabled or, if auto recovery is configured, the configured auto recovery time interval has passed.
2CSNXXX_SWUM204.book Page 492 Monday, January 25, 2016 1:25 PM • arp-inspection — Recovery for the dynamic ARP inspection cause is enabled. • dhcp-rate-limit — Recovery for the DHCP rate limit cause is enabled. • bcast-storm — Recovery for broadcast storm disabled interfaces is enabled. • bpdustorm — Recovery for BPDU storm disabled interfaces is enabled. • bpduguard — Recovery for BPDU protection disabled interfaces is enabled.
2CSNXXX_SWUM204.book Page 493 Monday, January 25, 2016 1:25 PM the interface continues to encounter errors (from any listed cause), it may be placed back in the diag-disable state and the interface will be disabled (link down). Interfaces in the disabled state due to a listed cause may be manually recovered by entering the no shutdown command for the interface. Interfaces in the disabled state may be manually shut down. These interfaces will not be recovered.
2CSNXXX_SWUM204.book Page 494 Monday, January 25, 2016 1:25 PM User Guidelines Error disabled interfaces indicate that a problem that must be resolved by the administrator. This could be a configuration problem or a physical problem and does not necessarily indicate a problem with the switch. When the interval expires, the system examines the error disabled interfaces and recovers them if recovery for the indicated cause is enabled.
2CSNXXX_SWUM204.book Page 495 Monday, January 25, 2016 1:25 PM User Guidelines Error disabled interfaces indicate that a problem that must be resolved by the administrator. This could be a configuration problem or a physical problem and does not necessarily indicate a problem with the switch. When the interval expires, the system examines the error disabled interfaces and recovers them if recovery for the indicated cause is enabled.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 497 Monday, January 25, 2016 1:25 PM When the interval expires, the system examines the error disabled interfaces and recovers them if recovery for the indicated cause is enabled. Only a single timer is used and recovery occurs when the timer expires, not when the interface time expires. The recovery delay time indicates the number of seconds until the interface is eligible for recovery if auto-recovery is enabled for the indicated cause.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 499 Monday, January 25, 2016 1:25 PM IP Addressing Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Interfaces on the Dell Networking switches support a variety of capabilities to support management of the switch. In addition to performing switching and routing of network traffic, Dell Networking switches act as a host for management of the switch.
2CSNXXX_SWUM204.book Page 500 Monday, January 25, 2016 1:25 PM ip domain-name show ipv6 dhcp interface out-of-band statistics ip host show ipv6 interface out-of-band clear host Use the clear host command in Privileged Exec mode to delete entries from the host name-to-address cache. Syntax clear host {name | *} • name — Host name to be deleted from the host name-to-address cache. (Range: 1-255 characters) • * — Deletes all entries in the host name-to-address cache.
2CSNXXX_SWUM204.book Page 501 Monday, January 25, 2016 1:25 PM Syntax clear ip address-conflict-detect [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, counters for the default (global) router instance is cleared. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines The VRF identified in the parameter must have been previously created or an error is returned.
2CSNXXX_SWUM204.book Page 502 Monday, January 25, 2016 1:25 PM Example console(config)#interface out-of-band console(config-if)# ip address (Out-of-Band) Use the ip address command in Interface Configuration mode to set an IP address for the out-of-band interface. Use the no form of this command to return the ip address configuration to its default value. Syntax ip address {ip-address {mask | prefix-length} | dhcp} no ip address • ip-address—Specifies a valid IPv4 address in dotted-quad notation.
2CSNXXX_SWUM204.book Page 503 Monday, January 25, 2016 1:25 PM In order to ensure the security of the switches from intruders, it is strongly recommended that the out-of-band interface be isolated on a physically separate network from the in-band ports. Example The following examples configure the out-of-band interface with an IP address 131.108.1.27 and subnet mask 255.255.255.0 and the same IP address with prefix length of 24 bits. console(config)#interface out-of-band console(config-if)#ip address 131.
2CSNXXX_SWUM204.book Page 504 Monday, January 25, 2016 1:25 PM ip address dhcp (Interface Configuration) Use the ip address dhcp command in Interface (VLAN) Configuration mode to enable the DHCPv4 client on an interface. Syntax ip address dhcp no ip address dhcp Default Configuration DHCPv4 is disabled by default on routing interfaces. Command Mode Interface (VLAN) Configuration mode User Guidelines This command only applies to routing interfaces.
2CSNXXX_SWUM204.book Page 505 Monday, January 25, 2016 1:25 PM • A domain name. The DNS client stores each domain name in its domain name list. Examples To enable DHCPv4 on vlan 2: console#config console(config)#interface vlan 2 console(config-if-vlan2)#ip address dhcp ip default-gateway Use the ip default-gateway command to configure a default gateway (router). Syntax ip default-gateway ip-address no ip default-gateway ip-address • ip-address—Valid IPv4 address of an attached router.
2CSNXXX_SWUM204.book Page 506 Monday, January 25, 2016 1:25 PM Only one default gateway can be configured. If you invoke this command multiple times, each command replaces the previous value. When in Virtual Router Configuration mode, this command operates within the context of the virtual router instance. When in Global Configuration mode, the command operates on the global router instance. Virtual Router Configuration mode is only available on the Dell Networking N3000/N4000 switches.
2CSNXXX_SWUM204.book Page 507 Monday, January 25, 2016 1:25 PM Example The following example enables the IP Domain Naming System (DNS)-based host name-to-address translation. console(config)#ip domain-lookup ip domain-name Use the ip domain-name command in Global Configuration mode to define a default domain name used to complete unqualified host names. To delete the default domain name, use the no form of this command.
2CSNXXX_SWUM204.book Page 508 Monday, January 25, 2016 1:25 PM ip host Use the ip host command in Global Configuration mode to define static host name-to-address mapping in the host cache. To delete the name-to-address mapping, use the no form of this command. Syntax ip host name address no ip host name • name — Host name. • address — IP address of the host. Default Configuration No host is defined. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 509 Monday, January 25, 2016 1:25 PM • server-address — Valid IPv4 or IPv6 addresses of the name server. (Range: 1–255 characters) Default Configuration No name server IP addresses are specified. Command Mode Global Configuration mode User Guidelines Server preference is determined by entry order. Up to eight servers can be defined in one command or by using multiple commands. Use the show hosts command on page 516 to display the configured name servers.
2CSNXXX_SWUM204.book Page 510 Monday, January 25, 2016 1:25 PM Default Configuration By default, the switch uses the assigned switch IP address as the source IP address for DNS packets. This address is either the IP address assigned to the VLAN from which the DNS packet originates or the out-of-band interface IP address. Command Mode Global Configuration mode User Guidelines The source interface must have an assigned IP address (assigned either manually or via another method such as DHCP).
2CSNXXX_SWUM204.book Page 511 Monday, January 25, 2016 1:25 PM ipv6 address (Interface Configuration) Use the ipv6 address command to set the IPv6 address of an interface. Use the no form of this command to reset the IPv6 address to the default. Syntax ipv6 address {prefix/prefix-length [eui64] | autoconfig | dhcp} no ipv6 address • prefix —The IPv6 address to be configured. • prefix-length —Designates how many of the high-order contiguous bits of the address make up the prefix.
2CSNXXX_SWUM204.book Page 512 Monday, January 25, 2016 1:25 PM • Dropping zeros: 3ffe:ffff:100:f101:0:0:0:1 becomes 3ffe:ffff:100:f101:1 • Local host: 0000:0000:0000:0000:0000:0000:0000:0001 becomes ::1 • Any host: 0000:0000:0000:0000:0000:0000:0000:0000 becomes :: The hexadecimal letters in IPv6 addresses are not case sensitive. The optional eui64 parameter indicates that the IPv6 address is configured to use the EUI-64 interface ID in the low order 64 bits of the address.
2CSNXXX_SWUM204.book Page 513 Monday, January 25, 2016 1:25 PM no ipv6 address {prefix/prefix-length [eui64] | autoconfig | dhcp} • prefix/prefix-length—An IPv6 prefix in global format address format. • eui64—Formulate the prefix in EUI-64 format. • autoconfig—Perform IPv6 auto-configuration. • dhcp—Obtain the prefix via DHCP. Default Configuration No address is assigned to the out-of-band interface by default.
2CSNXXX_SWUM204.book Page 514 Monday, January 25, 2016 1:25 PM Default Configuration DHCPv6 is disabled by default on routing interfaces. Command Mode Interface (VLAN) Configuration mode User Guidelines This command only applies to VLAN routing interfaces. When DHCPv6 is enabled on a VLAN routing interface, the system automatically deletes all manually configured IPv6 addresses on the interface. Use the no ipv6 address dhcp command to release a leased address and to disable DHCPv6 on an interface.
2CSNXXX_SWUM204.book Page 515 Monday, January 25, 2016 1:25 PM Command Mode Interface Configuration mode (VLAN, tunnel, loopback) User Guidelines There are no user guidelines for this command. Example console(config)#no ipv6 enable ipv6 enable (OOB Configuration) Use the ipv6 enable command in Interface (out-of-band) Configuration mode to enable IPv6 operation on the out-of-band interface. Prefixes configured by the ipv6 address command are not configured until the interface is enabled.
2CSNXXX_SWUM204.book Page 516 Monday, January 25, 2016 1:25 PM ipv6 gateway (OOB Configuration) Use the ipv6 gateway command in Interface (out-of-band) Configuration mode to configure the address of the IPv6 gateway. The gateway is used as a default route for packets addressed to network devices not present on the local subnet. Use the no form of the command to remove the gateway configuration. Syntax ipv6 gateway ipv6-address no ipv6 gateway • ipv6-address—An IPv6 address (not a prefix).
2CSNXXX_SWUM204.book Page 517 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode User Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays information about IP hosts. console>show hosts Host name: dellswitch Default domain: dell.com Name/address lookup is enabled DNS source interface: loopback 1 Name servers (Preference order): 176.16.1.18 176.
2CSNXXX_SWUM204.book Page 518 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000/N4000 series switches. The command provides the following information.
2CSNXXX_SWUM204.book Page 519 Monday, January 25, 2016 1:25 PM show ip helper-address Use the show ip helper-address command in Privileged Exec mode to display IP helper addresses configuration. Syntax show ip helper-address [vrf vrf-name][intf-address] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. • intf-address — IP address of a routing interface in dotted quad notation.
2CSNXXX_SWUM204.book Page 520 Monday, January 25, 2016 1:25 PM show ipv6 dhcp interface out-of-band statistics Use the show ipv6 dhcp interface out-of-band statistics command in Privileged Exec mode to display IPv6 DHCP statistics for the out-of-band interface. Syntax show ipv6 dhcp interface out-of-band statistics Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 521 Monday, January 25, 2016 1:25 PM show ipv6 interface out-of-band Use the show ipv6 interface out-of-band command in Privileged Exec mode to show the IPv6 out-of-band port configuration. Syntax show ipv6 interface out-of-band Default Configuration This command has no default configuration. Command Mode Privileged Exec, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 522 Monday, January 25, 2016 1:25 PM IPv6 Access List Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Access to a switch or router can be made more secure through the use of Access Control Lists (ACLs) to control the type of traffic allowed into or out of specific ports. An ACL consists of a series of rules, each of which describes the type of traffic to be processed and the actions to take for packets that meet the classification criteria.
2CSNXXX_SWUM204.book Page 523 Monday, January 25, 2016 1:25 PM deny | permit (IPv6 ACL) This command creates a new rule for the current IPv6 access list. Each rule is appended to the list of configured rules for the list. A rule may either deny or permit traffic according to the specified classification fields. At a minimum, either the every keyword or the protocol, source address, and destination address values must be specified.
2CSNXXX_SWUM204.book Page 524 Monday, January 25, 2016 1:25 PM [routing] [fragments] [dscp dscp]}} [time-range time-range-name] [log] [assign-queue queue-id] [{mirror | redirect} interface-id] [rate-limit rate burst-size] no [ssequence-number] deny | permit • sequence-number — Identifies the order of application of the permit/deny statement. If no sequence number is assigned, permit/deny statements are assigned a sequence number beginning at 1000 and incrementing by 10.
2CSNXXX_SWUM204.book Page 525 Monday, January 25, 2016 1:25 PM have a value equal or greater than the starting port. The starting port, ending port, and all ports in between will be part of the layer 4 port range. • – When “eq” is specified, IPv6 ACL rule matches only if the layer 4 port number is equal to the specified port number or portkey. – When “lt” is specified, IPv6 ACL rule matches if the layer 4 destination port number is less than the specified port number or portkey.
2CSNXXX_SWUM204.book Page 526 Monday, January 25, 2016 1:25 PM • – When “established” is specified, a match occurs if specified either RST or ACK bits are set in the TCP header. – This option is visible only if the protocol is tcp. – Ack – Acknowledgement bit – Fin – Finished bit – Psh – push bit – Rst – reset bit – Syn – Synchronize bit – Urg – Urgent bit [icmp-type icmp-type [icmp-code icmp-code] | icmp-message icmpmessage]—Specifies a match condition for ICMP packets.
2CSNXXX_SWUM204.book Page 527 Monday, January 25, 2016 1:25 PM • log—Specifies that this rule is to be logged when the rule has been matched one or more times since the expiry of the last logging interval. The logging interval is five minutes.. • time-range time-range-name—Allows imposing time limitation on the ACL rule as defined by the parameter time-range-name.
2CSNXXX_SWUM204.book Page 528 Monday, January 25, 2016 1:25 PM Any – is equivalent to ::/0 for IPv6 access lists. Host - indicates /128 prefix length for IPv6. Port ranges are not supported for egress (out) IPv6 traffic-filters. This means that only the eq operator is supported for egress (out) ACLs. The protocol type must be TCP or UDP to specify a port range. The IPv6 “fragment” and “routing” keywords are not supported on egress (out) access groups. The log action is only supported for deny rules.
2CSNXXX_SWUM204.book Page 529 Monday, January 25, 2016 1:25 PM • The IPv6 ACL “fragment” keyword matches only on the first IPv6 extension header for the fragment header (next header code 44). If the fragment header appears in the second or a subsequent header, it is not matched. • The IPv6 ACL “routing” keyword matches only on the first IPv6 extension header for the routing header (next header code 43). If the fragment header appears in the second or a subsequent header, it is not matched.
2CSNXXX_SWUM204.book Page 530 Monday, January 25, 2016 1:25 PM • name — Alphanumeric string of 1 to 31 characters uniquely identifying the IPv6 access list. Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 531 Monday, January 25, 2016 1:25 PM User Guidelines There are no user guidelines for this command. Example console(Config)#ipv6 access-list rename DELL_IP6 DELL_IP6_NEW_NAME ipv6 traffic-filter The ipv6 traffic-filter command either attaches a specific IPv6 Access Control List (ACL) to an interface or associates it with a VLAN ID in a given direction.
2CSNXXX_SWUM204.book Page 532 Monday, January 25, 2016 1:25 PM Default Configuration No IPv6 traffic filters are configured by default. Command Modes Global Configuration mode, Interface Configuration (Ethernet, Portchannel, VLAN) mode User Guidelines This command specified in Interface Configuration mode only affects a single interface, whereas the Global Configuration mode setting is applied to all interfaces.
2CSNXXX_SWUM204.book Page 533 Monday, January 25, 2016 1:25 PM Command Mode User Exec, Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.book Page 534 Monday, January 25, 2016 1:25 PM URG (Ignore) ACL Hit Count..................................
2CSNXXX_SWUM204.book Page 535 Monday, January 25, 2016 1:25 PM IPv6 MLD Snooping Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches In IPv6, Multicast Listener Discover (MLD) snooping performs functions similar to IGMP snooping in IPv4. With MLD snooping, IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data, instead of being flooded to all ports in a VLAN. This list is constructed by snooping IPv6 multicast control packets.
2CSNXXX_SWUM204.book Page 536 Monday, January 25, 2016 1:25 PM ipv6 mld snooping vlan groupmembershipinterval The ipv6 mld snooping vlan groupmembership-interval command sets the MLD Group Membership Interval time on a VLAN or interface. The Group Membership Interval time is the amount of time in seconds that a switch waits for a report from a particular group on a particular interface before deleting the interface from the entry. This value must be greater than the MLDv2 Maximum Response time value.
2CSNXXX_SWUM204.book Page 537 Monday, January 25, 2016 1:25 PM You should enable immediate-leave admin mode only on VLANs where only one host is connected to each layer 2 LAN port. This prevents the inadvertent dropping of the other hosts that were connected to the same layer 2 LAN port, but were still interested in receiving multicast traffic directed to that group. Also, immediate-leave processing is supported only with MLD version 1 hosts.
2CSNXXX_SWUM204.book Page 538 Monday, January 25, 2016 1:25 PM Default Configuration Listener message suppression is enabled by default. Command Mode Global Configuration mode. User Guidelines MLD listener message suppression is equivalent to IGMP report suppression. When MLD listener message suppression is enabled, the switch only sends the first report received for a group in response to a query. Listener message suppression is only applicable to MLDv1.
2CSNXXX_SWUM204.book Page 539 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example console(config)#ipv6 mld snooping vlan 2 last-listener-query-interval 7 ipv6 mld snooping vlan mcrtexpiretime The ipv6 mld snooping mcrtexpiretime command sets the Multicast Router Present Expiration time. The time is set for a particular interface or VLAN.
2CSNXXX_SWUM204.book Page 540 Monday, January 25, 2016 1:25 PM ipv6 mld snooping vlan mrouter This command statically configures a port as connected to a multicast router for a specified VLAN. The no form of this command removes the static binding. Syntax ipv6 mld snooping vlan vlan-id mrouter interface interface no ipv6 mld snooping vlan vlan-id mrouter interface interface • vlan-id — A VLAN identifier (Range 1-4093). • interface-id— The next-hop interface to the Multicast router.
2CSNXXX_SWUM204.book Page 541 Monday, January 25, 2016 1:25 PM no ipv6 mld snooping [vlan vlan-id] • vlan-id — A VLAN identifier (Range 1-4093). Default Configuration MLD Snooping is enabled globally and on all VLANs by default. Command Mode Global Configuration mode. User Guidelines Use this command without parameters to globally enable MLD Snooping. Use the no form of the command to disable MLD Snooping. Use the vlan parameter to enable MLD Snooping on a specific VLAN.
2CSNXXX_SWUM204.book Page 542 Monday, January 25, 2016 1:25 PM • interface-id—A physical interface identifier or a port channel identifier • vlan-id—A VLAN identifier. Default Configuration This command has no default configuration Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines With no optional arguments, the command displays the following information: • Admin Mode — Indicates whether or not MLD Snooping is active on the switch.
2CSNXXX_SWUM204.book Page 543 Monday, January 25, 2016 1:25 PM • Last Listener Query Interval—Displays the amount of time the switch waits after it sends a query on an interface, participating in the VLAN, because it did not receive a report for a particular group on that interface. This value may be configured.
2CSNXXX_SWUM204.book Page 544 Monday, January 25, 2016 1:25 PM Default configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This user guideline applies to all switch models.To see the full Multicast address table (including static addresses) use the show mac address-table multicast command.
2CSNXXX_SWUM204.book Page 545 Monday, January 25, 2016 1:25 PM Default configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines MLD snooping forwards IPv6 multicast data plane packets to mrouter ports, including statically configured mrouter ports. If a static mrouter port is configured in a VLAN, MLD snooping will forward multicast data plane packets received on the VLAN even if the interface is down.
2CSNXXX_SWUM204.book Page 546 Monday, January 25, 2016 1:25 PM IPv6 MLD Snooping Querier Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches The MLD Snooping Querier is an extension of the MLD Snooping feature. MLD Snooping Querier allows the switch to simulate an MLD router in a Layer 2-only network, thus removing the need to have an MLD Router to collect the multicast group membership information. The querier function simulates a small subset of the MLD router functionality.
2CSNXXX_SWUM204.book Page 547 Monday, January 25, 2016 1:25 PM no ipv6 mld snooping querier Default Configuration MLD Snooping Querier is disabled by default. Command Mode Global Configuration mode User Guidelines It is not recommended the MLD Snooping Querier be enabled on a switch enabled for IPv6 multicast routing. Example console(config)#ipv6 mld snooping querier ipv6 mld snooping querier (VLAN mode) Use the ipv6 mld snooping querier command in VLAN mode to enable MLD Snooping Querier on a VLAN.
2CSNXXX_SWUM204.book Page 548 Monday, January 25, 2016 1:25 PM Example console(config)#ipv6 mld snooping querier vlan 10 ipv6 mld snooping querier address Use the ipv6 mld snooping querier address command to set the global MLD Snooping Querier address. Use the no form of this command to reset the global MLD Snooping Querier address to the default. Syntax ipv6 mld snooping querier address prefix[/prefix-length] no ipv6 mld snooping querier address • prefix — An IPv6 address prefix.
2CSNXXX_SWUM204.book Page 549 Monday, January 25, 2016 1:25 PM periodic queries. If the Snooping Querier wins the election then it will continue sending periodic queries. Use the no form of this command to disable election participation on a VLAN. Syntax ipv6 mld snooping querier election participate vlan-id no ipv6 mld snooping querier election participate vlan-id • vlan-id — A VLAN identifier (Range: 1 - 4093) Default Configuration Election participation is disabled by default.
2CSNXXX_SWUM204.book Page 550 Monday, January 25, 2016 1:25 PM • interval — Amount of time that the switch waits before sending another general query. (Range: 1–1800 seconds) Default Configuration The default query interval is 60 seconds.
2CSNXXX_SWUM204.book Page 551 Monday, January 25, 2016 1:25 PM User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 mld snooping querier timer expiry 222 show ipv6 mld snooping querier Use the show ipv6 mld snooping querier command to display MLD Snooping Querier information. Configured information is displayed whether or not MLD Snooping Querier is enabled.
2CSNXXX_SWUM204.book Page 552 Monday, January 25, 2016 1:25 PM Querier Query Interval Shows the amount of time that a Snooping Querier waits before sending out a periodic general query. Querier Expiry Interval Displays the amount of time to wait in the Non-Querier operational state before moving to a Querier state.
2CSNXXX_SWUM204.book Page 553 Monday, January 25, 2016 1:25 PM IP Source Guard Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches IP Source Guard (IPSG) is a security feature that filters IP packets based on source ID. The source ID may either be source IP address or a {source IP address, source MAC address} pair. The network administrator configures whether enforcement includes the source MAC address. The network administrator can configure static authorized source IDs.
2CSNXXX_SWUM204.book Page 554 Monday, January 25, 2016 1:25 PM Syntax ip verify source {port-security} no ip verify source • port-security—Enables filtering based on IP address, VLAN, and MAC address. When not specified, filtering is based upon IP address. Default Configuration By default, no sources are blocked. Command Mode Interface Configuration mode (physical and port channel) User Guidelines DHCP snooping should be enabled on any ports for which ip verify source is configured.
2CSNXXX_SWUM204.book Page 555 Monday, January 25, 2016 1:25 PM ip verify binding Use the ip verify binding command in Global Configuration mode to configure static bindings. Use the no form of the command to remove the IPSG entry. Syntax ip verify binding macaddr vlan ipaddr interface Default Configuration By default, there are no static bindings configured.
2CSNXXX_SWUM204.book Page 556 Monday, January 25, 2016 1:25 PM Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 557 Monday, January 25, 2016 1:25 PM Syntax show ip verify source [interface interface-id] • interface-id : A valid physical interface identifier or port-channel identifier Default Configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 559 Monday, January 25, 2016 1:25 PM iSCSI Optimization Commands Dell Networking N2000/N3000/N4000 Series Switches iSCSI Optimization provides a means of performing configuration specific to storage traffic and optionally giving traffic between iSCSI initiator and target systems special Quality of Service (QoS) treatment. iSCSI Optimization is best applied to mixed-traffic networks where iSCSI packets constitutes a portion of overall traffic.
2CSNXXX_SWUM204.book Page 560 Monday, January 25, 2016 1:25 PM iSCSI Optimization borrows ACL lists from the global system pool. ACL lists allocated by iSCSI Optimization reduce the total number of ACLs available for use by the network operator. Enabling iSCSI Optimization uses one ACL list to monitor for iSCSI sessions. Each monitored iSCSI session utilizes two rules from additional ACL lists up to a maximum of two ACL lists. This means that the maximum number of ACL lists allocated by iSCSI is three.
2CSNXXX_SWUM204.book Page 561 Monday, January 25, 2016 1:25 PM User Guidelines Changing the aging time has the following behavior: • When aging time is increased, current sessions will be timed out according to the new value. • When aging time is decreased, any sessions that have been dormant for a time exceeding the new setting will be immediately deleted from the table. All other sessions will continue to be monitored against the new time out value.
2CSNXXX_SWUM204.book Page 562 Monday, January 25, 2016 1:25 PM Default Configuration By default, frames are not remarked. The default vpt setting for iSCSI is 4, which the default class of service dot1p mapping assigns to queue 2. Command Mode Global Configuration mode. User Guidelines The remark option only applies to DSCP values. Remarking is not available for vpt values. In general, the use of iSCSI CoS is not required.
2CSNXXX_SWUM204.book Page 563 Monday, January 25, 2016 1:25 PM console(config)#iscsi cos dscp 41 remark iscsi enable The iscsi enable command globally enables iSCSI optimization. To disable iSCSI optimization, use the no form of this command. Syntax iscsi enable no iscsi enable Default Configuration iSCSI is enabled by default. Command Mode Global Configuration mode User Guidelines This command modifies the running config to enable flow control on all interfaces.
2CSNXXX_SWUM204.book Page 564 Monday, January 25, 2016 1:25 PM AE Selector = 1 AE Protocol = 3260 AE Priority = priority configured for iSCSI PFC (the VPT value above). This TLV is sent in addition to any Application Priority TLV information received from the configuration source. If the configuration source is sending iSCSI application priority information, it is not necessary to enable iscsi cos to send the iSCSI Application Priority TLV. Example In the following example, iSCSI is globally enabled.
2CSNXXX_SWUM204.book Page 565 Monday, January 25, 2016 1:25 PM Default Configuration iSCSI well-known ports 3260 and 860 are configured by default but can be removed as any other configured target. Command Mode Global Configuration mode.
2CSNXXX_SWUM204.book Page 566 Monday, January 25, 2016 1:25 PM Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example The following example displays the iSCSI configuration.
2CSNXXX_SWUM204.book Page 567 Monday, January 25, 2016 1:25 PM Default Configuration If not specified, sessions are displayed in short mode (not detailed). Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines The N2000/N3000 Series switches support monitoring for up to 1024 sessions. The N4000 switches support monitoring for up to 512 sessions. Example The following examples show summary and detailed information about the iSCSI sessions.
2CSNXXX_SWUM204.book Page 568 Monday, January 25, 2016 1:25 PM 172.16.1.4 49155 172.16.1.21 30001 172.16.1.5 49156 172.16.1.22 30001 Session 2: ----------------------------------------------------Initiator: iqn.1995-05.com.os-vendor.plan9:cdrom.10 Time started: 17-Aug-2008 21:04:50 Time for aging out: 2 min ISID: 22 Initiator Initiator Target Target IP address TCP port IP address IP port 172.16.1.30 49200 172.16.1.20 30001 172.16.1.30 49201 172.16.1.
2CSNXXX_SWUM204.book Page 569 Monday, January 25, 2016 1:25 PM Link Dependency Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Link dependency allows the link status of a group of interfaces to be made dependent on the link status of other interfaces. The effect is that the link status of a group that depends on another interface either mirrors or inverts the link status of the depended-on interface. Circular dependencies are not allowed.
2CSNXXX_SWUM204.book Page 570 Monday, January 25, 2016 1:25 PM Command Mode Link Dependency mode User Guidelines The action up command will cause the group members to be up when no depended-on interfaces are up. Example console(config-depend-1)#action up link-dependency group Use the link-dependency group command to enter the link-dependency mode to configure a link-dependency group. Syntax link-dependency group GroupId no link-dependency group GroupId • GroupId — Link dependency group identifier.
2CSNXXX_SWUM204.book Page 571 Monday, January 25, 2016 1:25 PM add Use this command to add member ten gigabit or gigabit Ethernet port(s) or port channels to the dependency list. Syntax add intf-list • intf-list — List of Ethernet interface identifers or port channel identifiers or ranges. Separate nonconsecutive ports with a comma and no spaces. Use a hyphen to designate the range of ports. Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 572 Monday, January 25, 2016 1:25 PM no depends-on intf-list • intf-list — List of Ethernet interface identifiers or port channel interface identifiers or ranges.Separate nonconsecutive items with a comma and no spaces. Use a hyphen to designate the range of ports or port-channel numbers. Default Configuration This command has no default configuration. Command Mode Link Dependency mode User Guidelines Circular dependencies are not allowed, i.e.
2CSNXXX_SWUM204.book Page 573 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Privileged Exec, Configuration mode and all Configuration submodes User Guidelines No specific guidelines. Example The following command shows link dependencies for all groups.
2CSNXXX_SWUM204.book Page 574 Monday, January 25, 2016 1:25 PM LLDP Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches The IEEE 802.1AB standard defines the Link Layer Discovery Protocol (LLDP). This protocol allows stations residing on an IEEE802 LAN to advertise major capabilities, physical descriptions, and management information to physically adjacent devices, allowing a network management system (NMS) to access and display this information.
2CSNXXX_SWUM204.book Page 575 Monday, January 25, 2016 1:25 PM The receive function accepts incoming LLDPDU frames and stores information about the remote stations. Both local and remote data may be displayed by the user interface and retrieved using SNMP as defined in the LLDP MIB definitions. The component maintains one remote entry per physical network connection.
2CSNXXX_SWUM204.book Page 576 Monday, January 25, 2016 1:25 PM Default Configuration By default, data is removed only on system reset. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example displays how to clear the LLDP remote data. console#clear lldp remote-data clear lldp statistics Use the clear lldp statistics command in Privileged Exec mode to reset all LLDP statistics.
2CSNXXX_SWUM204.book Page 577 Monday, January 25, 2016 1:25 PM dcb enable This command enables the sending of DCBX information in LLDP frames. Syntax dcb enable no dcb enable Command Mode Global Configuration mode Default Value The sending of DCBX information in enabled by default. User Guidelines Use this command to disable the sending of DCBX information when it is desirable to utilize legacy QoS and disable the automatic configuration of CNAs based on transmitted DCBX information.
2CSNXXX_SWUM204.book Page 578 Monday, January 25, 2016 1:25 PM Default Value LLDP-MED is disabled on all supported interfaces. User Guidelines No specific guidelines. Example console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#lldp med lldp med confignotification This command is used to enable sending topology change notifications.
2CSNXXX_SWUM204.book Page 579 Monday, January 25, 2016 1:25 PM no lldp med faststartrepeatcount • count — Number of LLDPPDUs that are transmitted when the protocol is enabled. (Range 1–10) Command Mode Global Configuration Default Value 3 User Guidelines No specific guidelines. Example console(config)# lldp med faststartrepeatcount 2 lldp med transmit-tlv This command is used to specify which optional TLVs in the LLDP MED set are transmitted in the LLDPDUs.
2CSNXXX_SWUM204.book Page 580 Monday, January 25, 2016 1:25 PM Default Value By default, the capabilities and network policy TLVs are included in LLDP packets sent on interfaces enabled for MED Example console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#lldp med transmit-tlv capabilities console(config-if-Gi1/0/1)#lldp med transmit-tlv network-policies lldp notification Use the lldp notification command in Interface Configuration mode to enable remote data change notifications.
2CSNXXX_SWUM204.book Page 581 Monday, January 25, 2016 1:25 PM lldp notification-interval Use the lldp notification-interval command in Global Configuration mode to limit how frequently remote data change notifications are sent. To return the notification interval to the factory default, use the no form of this command. Syntax lldp notification-interval interval no lldp notification-interval • interval — The smallest interval in seconds at which to send remote data change notifications.
2CSNXXX_SWUM204.book Page 582 Monday, January 25, 2016 1:25 PM Default Configuration The default lldp receive mode is enabled. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example displays how to enable the LLDP receive capability. console(config-if-Gi1/0/3)#lldp receive lldp timers Use the lldp timers command in Global Configuration mode to set the timing parameters for local data transmission on ports enabled for LLDP.
2CSNXXX_SWUM204.book Page 583 Monday, January 25, 2016 1:25 PM The default delay before reinitialization is 2 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Examples The following example displays how to configure LLDP to transmit local information every 1000 seconds.
2CSNXXX_SWUM204.book Page 584 Monday, January 25, 2016 1:25 PM Example The following example displays how enable the transmission of local data. console(config-if-Gi1/0/3)#lldp transmit lldp transmit-mgmt Use the lldp transmit-mgmt command in Interface Configuration mode to include transmission of the local system management address information in the LLDPDUs. To cancel inclusion of the management information, use the no form of this command.
2CSNXXX_SWUM204.book Page 585 Monday, January 25, 2016 1:25 PM Syntax lldp transmit-tlv [sys-desc][sys-name][sys-cap][port-desc] no lldp transmit-tlv [sys-desc][sys-name][sys-cap][port-desc] • sys-name — Transmits the system name TLV. This is the configured host name for the system.
2CSNXXX_SWUM204.book Page 586 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the current LLDP configuration summary.
2CSNXXX_SWUM204.book Page 587 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Examples This example show how the information is displayed when you use the command with the all parameter.
2CSNXXX_SWUM204.book Page 588 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples These examples show advertised LLDP local data in two levels of detail.
2CSNXXX_SWUM204.book Page 589 Monday, January 25, 2016 1:25 PM Default Value Not applicable User Guidelines No specific guidelines. Example console(config)#show lldp med LLDP MED Global Configuration Fast Start Repeat Count: 3 Device Class: Network Connectivity show lldp med interface This command displays a summary of the current LLDP MED configuration for a specific interface.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 591 Monday, January 25, 2016 1:25 PM Media Policy Application Type : streamingvideo Vlan ID: 20 Priority: 1 DSCP: 2 Unknown: False Tagged: True Inventory Hardware Rev: xxx xxx xxx Firmware Rev: xxx xxx xxx Software Rev: xxx xxx xxx Serial Num: xxx xxx xxx Mfg Name: xxx xxx xxx Model Name: xxx xxx xxx Asset ID: xxx xxx xxx Location Subtype: elin Info: xxx xxx xxx Extended POE Device Type: pseDevice Extended POE PSE Available: 0.
2CSNXXX_SWUM204.book Page 592 Monday, January 25, 2016 1:25 PM • all — Indicates all valid LLDP interfaces. • detail — Includes a detailed version of remote data for the indicated interface.
2CSNXXX_SWUM204.book Page 593 Monday, January 25, 2016 1:25 PM DSCP: 2 Unknown: False Tagged: True Inventory Hardware Rev: xxx xxx xxx Firmware Rev: xxx xxx xxx Software Rev: xxx xxx xxx Serial Num: xxx xxx xxx Mfg Name: xxx xxx xxx Model Name: xxx xxx xxx Asset ID: xxx xxx xxx Location Subtype: elin Info: xxx xxx xxx Extended POE Device Type: pseDevice Extended POE PSE Available: 0.3 Watts Source: primary Priority: critical Extended POE PD Required: 0.
2CSNXXX_SWUM204.book Page 594 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples These examples show current LLDP remote data, including a detailed version.
2CSNXXX_SWUM204.book Page 595 Monday, January 25, 2016 1:25 PM Syntax show lldp statistics {unit/slot/port | all} Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples The following examples shows an example of the display of current LLDP traffic statistics. console#show lldp statistics all LLDP Device Statistics Last Update.......................
2CSNXXX_SWUM204.book Page 596 Monday, January 25, 2016 1:25 PM Fields Description Total Inserts The number of times a complete set of information advertised by a remote device has been inserted into the table. Total Deletes The number of times a complete set of information advertised by a remote device has been deleted from the table. Total Drops Number of times a complete set of information advertised by a remote device could not be inserted due to insufficient resources.
2CSNXXX_SWUM204.book Page 597 Monday, January 25, 2016 1:25 PM Loop Protection Dell Networking N2000/N3000/N4000/N5000 Series Switches Loop protection detects physical and logical loops between Ethernet ports on a device. Loop protection must be enabled globally before it can be enabled at the interface level.
2CSNXXX_SWUM204.book Page 598 Monday, January 25, 2016 1:25 PM • Source MAC Address:switch L2 MAC address • Destination MAC Address: Switch L2 MAC address • Ether Type: 0x0900 (LOOP) • Skip Count: 0 • Functions: Reply • Receipt Number: 0 • Data: 0 Since all switch ports share the same MAC address, if any interface receives CTP packets transmitted by the switch in excess of the configured limit, that interface is error disabled with a Loop Protection cause.
2CSNXXX_SWUM204.book Page 599 Monday, January 25, 2016 1:25 PM keepalive (Global Config) Use the keepalive command in Global Configuration mode to configure the loop protection timer and packet count. Use the no form of the command to return the configuration to the defaults. Syntax keepalive [ period [ count ] ] no keepalive • period – Configures the interval for the transmission of keepalive packets.
2CSNXXX_SWUM204.book Page 600 Monday, January 25, 2016 1:25 PM Example The following example configures the CTP transmit interval to transmit CTP packets every 5 seconds. console(config)#keepalive 5 This example configures the CTP transmit interval to 5 seconds. If an interface receives two CTP packets, it error disables the interface.
2CSNXXX_SWUM204.book Page 601 Monday, January 25, 2016 1:25 PM User Guidelines Error disabled interfaces can be configured to auto-recover using the errdisable recovery cause loop-protect command. Command History Implemented in version 6.3.0.1 firmware. Example The following example configures loop protection to log detected loop conditions without error disabling the port.
2CSNXXX_SWUM204.book Page 602 Monday, January 25, 2016 1:25 PM Field Description Retry Count The number of times a keepalive packet must be seen before a looped state is declared. Command History Implemented in version 6.3.0.1 firmware. Example console#show keepalive Keepalive Service: Enabled Transmit Interval : 5 seconds Retry Count : 1 show keepalive statistics Use the show keepalive statistics command to display the loop protect status for one or all interfaces.
2CSNXXX_SWUM204.book Page 603 Monday, January 25, 2016 1:25 PM User Guidelines The following information is displayed. Field Description Port The interface identifier. Keep Alive Are keepalives transmitted on this interface (Yes, No)? Loop Detected Has a loop been detected (Yes, No)? Loop Count The number of CTP packets detected. Time Since Last Loop The last time a loop was detected. Rx Action Action when a loop is detected (Error disable, Log).
2CSNXXX_SWUM204.book Page 604 Monday, January 25, 2016 1:25 PM MLAG Commands Dell Networking N2000/N3000/N4000 Series Switches MLAG enables a LAG to be created across two independent switches, so that some member ports of a MLAG can reside on one switch and the other members of a MLAG can reside on another switch. The partner switch on the remote side can be a MLAG-unaware unit. To the MLAG unaware switch, the MLAG appears to be a single LAG connected to a single switch.
2CSNXXX_SWUM204.book Page 605 Monday, January 25, 2016 1:25 PM Default Configuration There is no default configuration for this command. Command Modes Privileged Exec mode User Guidelines There are no user guidelines for this command. Example console#clear vpc statistics feature vpc The feature vpc command globally enables MLAG. Use the no form of the command to globally disable MLAG. Syntax feature vpc no feature vpc Default Configuration By default, the MLAG feature is not globally enabled.
2CSNXXX_SWUM204.book Page 606 Monday, January 25, 2016 1:25 PM peer detection enable Use the peer detection enable command to enable the Dual Control Plane Detection Protocol. This enables the detection of peer MLAG switches and suppresses state transitions out of the secondary state in the presence of peer link failures. Use the no form of the command to disable the dual control plane detection protocol.
2CSNXXX_SWUM204.book Page 607 Monday, January 25, 2016 1:25 PM Syntax peer detection interval interval-msecs timeout timeout-msecs no peer detection interval • interval-msecs—The peer keepalive timeout in seconds. The range is 200–4000 milliseconds. • timeout-msecs—The peer timeout value in milliseconds. The range is 700–14000 milliseconds. Default Configuration The default transmission interval is 1000 milliseconds. The default reception timeout is 3500 milliseconds.
2CSNXXX_SWUM204.book Page 608 Monday, January 25, 2016 1:25 PM Syntax peer-keepalive destination ipaddress source srcaddr [udp-port port] no peer-keepalive destination • ipaddress—The ip address of the MLAG peer. • port—The UDP port number to use to listen for peer Dual Control Plane Detection Protocol packets. • srcaddr—The local source address to use. Default Configuration There are no Dual Control Plane Detection Protocol peers configured by default.
2CSNXXX_SWUM204.book Page 609 Monday, January 25, 2016 1:25 PM Example console(config)#vpc domain 1 console(config-vpc 1)#peer-keepalive enable console(config-vpc 1)#peer-keepalive destination 192.168.0.2 source 192.168.0.1 console(config-vpc 1)#peer detection enable console(config-vpc 1)#exit peer-keepalive enable Use the peer-keepalive enable command to enable the peer keepalive protocol on the peer link.
2CSNXXX_SWUM204.book Page 610 Monday, January 25, 2016 1:25 PM • • Secondary device fails: All MLAG members’ port information regarding the secondary device that the primary switch maintains are removed from the primary switch. Forwarding and control processing continues on the local MLAG ports on the primary switch. Once the secondary comes back up again, it starts the keepalive protocol and, if successful in contacting the primary device, moves to the secondary state.
2CSNXXX_SWUM204.book Page 611 Monday, January 25, 2016 1:25 PM no peer-keepalive timeout • value—The peer keepalive timeout value in seconds. The range is 2 to 15 seconds. Default Configuration By default, the keeplive timeout value is 5 seconds. Command Modes VPC Domain User Guidelines This command configures the peer keepalive timeout value (in seconds).
2CSNXXX_SWUM204.book Page 612 Monday, January 25, 2016 1:25 PM • Value—The local switch priority value. (The range is 1-255.) Default Configuration The default priority value is 100. Command Modes MLAG Domain Configuration mode User Guidelines This value is used for the MLAG role election and is sent to the MLAG peer in the MLAG keepalive messages. The MLAG switch with the numerically lower priority value becomes the Primary and the switch with higher priority becomes the Secondary.
2CSNXXX_SWUM204.book Page 613 Monday, January 25, 2016 1:25 PM Default Configuration There is no default configuration for this command. Command Modes Privileged Exec mode and above User Guidelines There are no user guidelines for this command. Example (console)# show vpc 10 VPC Id 10 ----------------Configuration mode......................Enabled Operational mode........................Enabled Port channel................................
2CSNXXX_SWUM204.book Page 614 Monday, January 25, 2016 1:25 PM User Guidelines A VPC domain ID must be configured for this command to display the VPC status. Only the Primary switch maintains the member status of the Secondary switch. The Secondary switch does not maintain or show the status of the Primary switch peer members. A VPC instance may show as enabled even if all of the port-channels that are members of the VPC are disabled or all of the links in the port channels are disabled.
2CSNXXX_SWUM204.book Page 615 Monday, January 25, 2016 1:25 PM Number of VPCs configured...................... 2 Number of VPCs operational..................... 2 VPC id# 1 ----------Interface...................................... Po2 Configured Vlans............................... 1,10,11,12,13,14,15,16,17 VPC Interface State............................
2CSNXXX_SWUM204.book Page 616 Monday, January 25, 2016 1:25 PM User Guidelines There are no user guidelines for this command. Command History Introduced in 6.2.0.1 firmware. Updated in 6.3.0.1 firmware.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 618 Monday, January 25, 2016 1:25 PM Syntax show vpc consistency-features { global | interface port-channel-number } • port-channel-number—A valid port-channel identifier (range 1-128). Default Configuration There is no default configuration for this command. Command Modes Privileged Exec mode and above User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.book Page 619 Monday, January 25, 2016 1:25 PM Peer IP address............................10.130.14.55 Source IP address..........................10.130.14.54 UDP port...................................50000 Peer detection admin status................Enabled Peer detection operational status .........Up Peer is detected...........................True Configured Tx interval.....................500 milliseconds Configured Rx timeout......................
2CSNXXX_SWUM204.book Page 620 Monday, January 25, 2016 1:25 PM Configured VPC system priority..................32767 Operational VPC system priority.................32767 Local System MAC..................................... 00:10:18:82:18:63 Timeout........................................ 5 VPC State...................................... Primary VPC Role....................................... Primary Peer ---VPC Domain ID.................................. 1 Role Priority..................................
2CSNXXX_SWUM204.book Page 621 Monday, January 25, 2016 1:25 PM Total received..........................................115 Rx successful...........................................108 Rx Errors...............................................7 Timeout counter.........................................
2CSNXXX_SWUM204.book Page 622 Monday, January 25, 2016 1:25 PM system-mac Use this command to manually configures the MAC address for the VPC domain. Use the no form of the command to revert the domain MAC address to the default value. Syntax system-mac mac-address no system-mac • mac-address—The system MAC address for the VPC domain. Default Configuration By default, the domain uses a pre-configured MAC address.
2CSNXXX_SWUM204.book Page 623 Monday, January 25, 2016 1:25 PM system-priority Use this command to manually configure the priority for the VPC domain. Use the no form of the command to revert the priority to the default value. Syntax system-priority priority no system-priority • priority—The priority for the VPC domain. Range is 1-65535. Default Configuration By default, the system priority is 32767.
2CSNXXX_SWUM204.book Page 624 Monday, January 25, 2016 1:25 PM vpc Use the vpc command to configure a port-channel (LAG) as part of an MLAG instance. Upon issuing this command, the port-channel is down until the port-channel member information is exchanged and agreed between the MLAG peer switches. Use the no form of the command to remove the LAG from the MLAG domain. Syntax vpc vpc-id no vpc vpc-id • vpc-id—The MLAG identifier. Default Configuration LAGs are not members of an MLAG domain by default.
2CSNXXX_SWUM204.book Page 625 Monday, January 25, 2016 1:25 PM console(config-if-Po3)#switchport trunk allowed vlan 1-99,101-4093 console(config-if-Po3)#vpc 2 console(config-if-Po3)#exitconsole(config)#interface po3 console(config-if-Po3)#switchport mode trunk console(config-if-Po3)#switchport trunk allowed vlan 1-99,101-4093 console(config-if-Po3)#vpc 2 console(config-if-Po3)#exit vpc domain Use the vpc domain command to enter into MLAG configuration mode.
2CSNXXX_SWUM204.book Page 626 Monday, January 25, 2016 1:25 PM BPDUs sent out on VPC interfaces. If two VPC domains have the identical domain-ids, the resulting actor IDs may lead to LACP or STP convergence issues. Example console(config)#vpc domain 1 console(config-vpc 1)#peer-keepalive enable console(config-vpc 1)#peer-keepalive destination 192.168.0.2 source 192.168.0.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 628 Monday, January 25, 2016 1:25 PM Multicast VLAN Registration Commands Dell Networking N2000/N3000/N4000 Series Switches Multicast VLAN registration (MVR) is a method for consolidating multicast traffic from multiple VLANs onto a single VLAN. A typical usage scenario would be the distribution of a multicast group to a switch using a single VLAN where the switch has users in different VLANs subscribing to the multicast group.
2CSNXXX_SWUM204.book Page 629 Monday, January 25, 2016 1:25 PM mvr mvr type mvr group mvr vlan group mvr mode show mvr mvr querytime show mvr members mvr vlan show mvr interface mvr immediate show mvr traffic mvr Use the mvr command in Global Configuration and Interface Configuration modes to enable MVR. Use the no form of this command to disable MVR. Syntax mvr no mvr Default Configuration The default value is Disabled.
2CSNXXX_SWUM204.book Page 630 Monday, January 25, 2016 1:25 PM no mvr group A.B.C.D [count] • A.B.C.D—Specify a multicast group. • count—Specifies the number of multicast groups to configure. Groups are configured contiguously by incrementing the first group specified. Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The following table lists the completion messages.
2CSNXXX_SWUM204.book Page 631 Monday, January 25, 2016 1:25 PM • dynamic—Send IGMP joins to the multicast source when IGMP joins are received on receiver ports. Default Configuration The default mode is compatible. Command Mode Global Configuration User Guidelines This command has no user guidelines. mvr querytime Use the mvr querytime command in Global Configuration mode to set the MVR query response time.
2CSNXXX_SWUM204.book Page 632 Monday, January 25, 2016 1:25 PM Message Type Message Description Successful Completion Message Defaulting MVR query response time.
2CSNXXX_SWUM204.book Page 633 Monday, January 25, 2016 1:25 PM Message Type Message Description Successful Completion Message MVR multicast VLAN ID is set to the default value which is equal to 1. Error Completion Message Receiver port in mVLAN, operation failed. mvr immediate Use the mvr immediate command in Interface Configuration mode to enable MVR Immediate Leave mode. Use the no form of this command to set the MVR multicast VLAN to the default value.
2CSNXXX_SWUM204.book Page 634 Monday, January 25, 2016 1:25 PM mvr type Use the mvr type command in Interface Configuration mode to set the MVR port type. Use the no form of this command to set the MVR port type to None. Syntax mvr type {receiver | source} no mvr type • receiver—Configure the port as a receiver port. Receiver ports are ports over which multicast data will be sent but not received. • source—Configure the port as a source port.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 636 Monday, January 25, 2016 1:25 PM console(config-if-Gi1/0/24)#switchport trunk native vlan 2000 console(config-if-Gi1/0/24)#switchport trunk allowed vlan add 2000 console(config-if-Gi1/0/24)#mvr console(config-if-Gi1/0/24)#mvr type source console(config-if-Gi1/0/24)#mvr vlan 2000 group 239.1.1.1 show mvr Use the show mvr command in Privileged Exec mode to display global MVR settings. Syntax show mvr Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 637 Monday, January 25, 2016 1:25 PM Parameter Description MVR Current Multicast groups The current number of MVR groups allocated. MVR Query Response Time The current MVR query response time. MVR Mode The current MVR mode. It can be compatible or dynamic. Example console #show mvr MVR Running.............................. MVR multicast VLAN....................... MVR Max Multicast Groups................. MVR Current multicast groups.............
2CSNXXX_SWUM204.book Page 638 Monday, January 25, 2016 1:25 PM Message Type Message Description Error Completion Message MVR disabled The following table explains the output parameters. Parameter Description MVR Group IP MVR group multicast IP address. Status The status of the specific MVR group. It can be active or inactive. Members The list of ports which participates in the specific MVR group. Examples console#show mvr members MVR Group IP Status -------------------------------224.1.1.
2CSNXXX_SWUM204.book Page 639 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec, Configuration mode and all Configuration submodes User Guidelines The following table lists the completion messages. Message Type Message Description Successful Completion Message None Error Completion Message MVR disabled The following table explains the output parameters. Parameter Description Port Interface number Type The MVR port type. It can be None, Receiver, or Source type.
2CSNXXX_SWUM204.book Page 640 Monday, January 25, 2016 1:25 PM console#show mvr interface gi1/0/23 members vlan 12 235.0.0.1 STATIC ACTIVE 235.1.1.1 STATIC ACTIVE show mvr traffic Use the show mvr traffic command in Privileged Exec mode to display global MVR statistics. Syntax show mvr traffic Default Configuration This command has no default configuration. Command Mode Privileged Exec, Configuration mode and all Configuration submodes User Guidelines The following table lists the completion messages.
2CSNXXX_SWUM204.book Page 641 Monday, January 25, 2016 1:25 PM Parameter Description IGMP Report V1 Transmitted Number of transmitted IGMP Reports V1. IGMP Report V2 Transmitted Number of transmitted IGMP Reports V2. IGMP Leave Transmitted Number of transmitted IGMP Leaves. IGMP Packet Receive Failures Number of failures on receiving the IGMP packets. IGMP Packet Transmit Failures Number of failures on transmitting the IGMP packets.
2CSNXXX_SWUM204.book Page 642 Monday, January 25, 2016 1:25 PM Port Channel Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches A port channel is a set of one or more links that can be aggregated together to form a bonded channel (Link Aggregation Group or LAG or port channel). Individual conversations in a particular direction always travel over a single link in the port channel, however, in aggregate, the bandwidth usage of all of the links is fairly evenly distributed.
2CSNXXX_SWUM204.book Page 643 Monday, January 25, 2016 1:25 PM unable to buffer the requisite number of frames will show excessive frame discard. Configuring copper and fiber ports together in an aggregation group is not recommended. If a dynamic LAG member sees an LACPDU that contains information different from the currently configured default partner values, that particular member drops out of the LAG.
2CSNXXX_SWUM204.book Page 644 Monday, January 25, 2016 1:25 PM VLANs and LAGs When Ethernet interfaces are added to a LAG, they are removed from all existing VLAN membership and take on the VLAN membership of the LAG. When members are removed from a LAG, the members regain the Ethernet interface VLAN membership as per the configuration. LAG Thresholds In many implementations, a LAG is declared as up if any one of its member ports is active.
2CSNXXX_SWUM204.book Page 645 Monday, January 25, 2016 1:25 PM • Source/Destination IP and source/destination TCP/UDP Port fields of the packet. Enhanced LAG Hashing Dell Networking devices based on Broadcom XGS-IV silicon support configuration of hashing algorithms for each LAG interface. The hashing algorithm is used to distribute traffic load among the physical ports of the LAG while preserving the per-flow packet order. NOTE: Enhanced hashing mode is not supported on N1500 Series switches.
2CSNXXX_SWUM204.book Page 646 Monday, January 25, 2016 1:25 PM Flexible Assignment of Ports to LAGs Assignment of interfaces to dynamic LAGs is based upon a maximum of 144 interfaces assigned to dynamic LAGs, a maximum of 128 dynamic LAGs and a maximum of 8 interfaces per dynamic LAG. For example, 128 LAGs may be assigned 2 interfaces each or 18 LAGs may be assigned 8 interfaces each.
2CSNXXX_SWUM204.book Page 647 Monday, January 25, 2016 1:25 PM Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example shows how port gi1/0/5 is configured in port-channel 1 without LACP (static LAG). console(config)# interface gigabitethernet 1/0/5 console(config-if-Gi1/0/5)# channel-group 1 mode on The following example shows how port gi1/0/6 is configured to port-channel 2 with LACP (dynamic LAG).
2CSNXXX_SWUM204.book Page 648 Monday, January 25, 2016 1:25 PM console(config)# interface port-channel 1 console(config-if-po1)# interface range port-channel Use the interface range port-channel command in Global Configuration mode to execute a command on multiple port channels at the same time. Syntax interface range port-channel {port-channel-range | all} • port-channel-range — List of port-channels to configure. Separate nonconsecutive port-channels with a comma and no spaces.
2CSNXXX_SWUM204.book Page 649 Monday, January 25, 2016 1:25 PM Syntax hashing-mode mode • mode — Mode value in the range of 1 to 7.
2CSNXXX_SWUM204.book Page 650 Monday, January 25, 2016 1:25 PM lacp port-priority Use the lacp port-priority command to configure the priority value for physical ports. To reset to default priority value, use the no form of this command. Syntax lacp port-priority value no lacp port-priority • value — Port priority value. (Range: 1–65535) Default Configuration The default port priority value is 1. Command Mode Interface Configuration (Ethernet) mode Interface Range mode User Guidelines Per IEEE 802.
2CSNXXX_SWUM204.book Page 651 Monday, January 25, 2016 1:25 PM console(config)#interface gigabitethernet 1/0/8 console(config-if-Gi1/0/8)#lacp port-priority 247 lacp system-priority Use the lacp system-priority command in Global Configuration mode to configure the Link Aggregation system priority. To reset to default, use the no form of this command. Syntax lacp system-priority value no lacp system-priority • value — Port priority value.
2CSNXXX_SWUM204.book Page 652 Monday, January 25, 2016 1:25 PM Example The following example configures the system priority to 120. console(config)#lacp system-priority 120 lacp timeout Use the lacp timeout command to assign an administrative LACP timeout. To reset the default administrative LACP timeout, use the no form of this command. Syntax lacp timeout {long | short} no lacp timeout • long — Specifies a long timeout value. • short — Specifies a short timeout value.
2CSNXXX_SWUM204.book Page 653 Monday, January 25, 2016 1:25 PM console(config)#interface gigabitethernet 1/0/8 console(config-if-Gi1/0/8)#lacp timeout long port-channel local-preference Use the port-channel local-preference command in Interface Configuration mode to enable the local-preference mode on a port-channel (LAG) interface or range of port-channel interfaces. Use the no form of the command to remove the local preference.
2CSNXXX_SWUM204.book Page 654 Monday, January 25, 2016 1:25 PM port-channel min-links Use the port-channel min-links command in Interface Configuration (portchannel) mode to set the minimum number of links that must be up in order for the port channel interface to be declared up. Use the no form of the command to return the configuration to the default value (1).
2CSNXXX_SWUM204.book Page 655 Monday, January 25, 2016 1:25 PM User Guidelines The command displays the following information. Parameter Description [index] Number of the port channel to show. This parameter is optional. If the port channel number is not given, all the channel groups are displayed. (Range: Valid port-channel number, 1 to 48). Local Prf An additional field added to support the display of the local preference.
2CSNXXX_SWUM204.book Page 656 Monday, January 25, 2016 1:25 PM Syntax show lacp {gigabitethernet unit/slot/port| tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port [{parameters | statistics}] Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example shows how to display LACP Ethernet interface information.
2CSNXXX_SWUM204.book Page 657 Monday, January 25, 2016 1:25 PM synchronization: collecting: distributing: expired: port Gi1/0/1 LACP Statistics: LACP PDUs send: LACP PDUs received: FALSE FALSE FALSE FALSE 0 0 show statistics port-channel Use the show statistics port-channel command in Privileged Exec mode to display statistics about a specific port-channel. Syntax show statistics port-channel port-channel-number Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 658 Monday, January 25, 2016 1:25 PM Packets Packets Packets Packets Packets Packets RX RX RX RX RX RX and and and and and and TX TX TX TX TX TX 256-511 Octets............... 512-1023 Octets.............. 1024-1518 Octets............. 1519-2047 Octets............. 2048-4095 Octets............. 4096-9216 Octets............. 0 0 0 0 0 0 Total Packets Received Without Errors.......... Unicast Packets Received....................... Multicast Packets Received....................
2CSNXXX_SWUM204.book Page 659 Monday, January 25, 2016 1:25 PM Excessive Collision Frames..................... 0 802.3x Pause Frames Transmitted................ GVRP PDUs received............................. GVRP PDUs Transmitted.......................... GVRP Failed Registrations...................... GMRP PDUs Received............................. GMRP PDUs Transmitted.......................... GMRP Failed Registrations......................
2CSNXXX_SWUM204.book Page 660 Monday, January 25, 2016 1:25 PM Port Monitor Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Dell Networking switches allow the user to monitor traffic with an external network analyzer. The external network analyzer can use any of the Ethernet ports as a probe port. The probe port transmits a mirror copy of the traffic being probed. Network traffic transmission is always disrupted whenever a configuration change is made for port monitoring.
2CSNXXX_SWUM204.book Page 661 Monday, January 25, 2016 1:25 PM • Once configured, there is no network connectivity on the probe (destination) port. The probe port does not forward any traffic and does not receive any traffic. The probe tool attached to the probe port is unable to ping the networking device or ping through the networking device, and no device is able to ping the probe tool.
2CSNXXX_SWUM204.book Page 662 Monday, January 25, 2016 1:25 PM The in memory buffer is 128 packets. The file system buffer is 524288 bytes and is named cpuPktCapture.pcap. The remote monitor capture port is 2002. Command Modes Global Configuration mode User Guidelines Packets that are transmitted or received by the switch CPU may be captured to the switch file system, to local memory, or sent to a WireShark client.
2CSNXXX_SWUM204.book Page 663 Monday, January 25, 2016 1:25 PM monitor capture (Privileged Exec) Use the monitor capture command to capture packets transmitted or received from the CPU. This facility captures switch control plane traffic and is useful in monitoring network control traffic and analyzing network security. Remote packet capture is not supported when the packets are received via Service Port.
2CSNXXX_SWUM204.book Page 664 Monday, January 25, 2016 1:25 PM Syntax monitor capture mode {line | remote | file} no monitor capture mode • line—Captured packets are sent to the console. • remote—Captured packets are sent to a remote WireShark network analyzer. • file—Captured packets are sent to the file system. Default Configuration By default, remote capture is configured. Command Modes Global Configuration mode User Guidelines Only one file, remote, or line may be specified.
2CSNXXX_SWUM204.book Page 665 Monday, January 25, 2016 1:25 PM • The time when packet passed through CPU. • The first 128 bytes of packet. • The length of full packet (if greater than 128 bytes). The in-memory capture buffer can be configured to stop when full. This mode is configured with the command no monitor capture line wrap. Capturing packets is started by the monitor capture start command. Capturing packets is stopped automatically when 128 packets are captured and saved into the RAM.
2CSNXXX_SWUM204.book Page 666 Monday, January 25, 2016 1:25 PM If capturing is in progress and more than 128 packets are captured and the user configures no monitor capture line wrap mode, capturing is stopped automatically. No packets are lost when capturing is in progress. All captured packets can be displayed. No captured and not yet displayed packets are lost. Captured packets can be displayed when capturing is in progress or after the moment when capturing is stopped.
2CSNXXX_SWUM204.book Page 667 Monday, January 25, 2016 1:25 PM Remote capture can be enabled or disabled using the CLI. The network operator should obtain a computer with the Wireshark tool to display the captured traffic. When using remote capture mode, the switch doesn’t store any captured data locally. The local TCP port number can be configured for connecting Wireshark to the switch. The default port number is 2002.
2CSNXXX_SWUM204.book Page 668 Monday, January 25, 2016 1:25 PM Example This example sends capture output to the console. console(config)#monitor capture line console(config)#exit console#monitor capture start all monitor session Use the monitor session command in Global Configuration mode to configure the source and destinaqtion for mirroring. Packets are copied from the source to the destination. Use the source interace parameter to specify the interface to monitor.
2CSNXXX_SWUM204.book Page 669 Monday, January 25, 2016 1:25 PM • acl-name— An IP or MAC ACL name. • remote vlan rspan-vlan-id— An RSPAN VLAN. • rx — Monitors received packets only. If no option specified, monitors both rx and tx. • tx — Monitors transmitted packets only. If no option is specified, monitors both rx and tx. • both—Monitors both ingress and egress. This is the default. Default Configuration The default is to monitor both transmit and receive directions.
2CSNXXX_SWUM204.book Page 670 Monday, January 25, 2016 1:25 PM to RSPAN traffic only. Traffic on other VLANs on the reflector port is forwarded normally. Each RSPAN session must use a unique reflector port and RSPAN VLAN. Reflector ports should be configured as trunk or general mode. VLAN based mirroring is applicable only for ingress (RX) traffic. For RSPAN, the original tag is not retained for tagged traffic received/transmitted at the source port(s).
2CSNXXX_SWUM204.book Page 671 Monday, January 25, 2016 1:25 PM Example This example shows how to configure a source switch using VLAN 723 as the destination RSPAN VLAN and Gi1/0/3 as the source interface. Gi1/0/10 is configured as the reflector port. It is recommended that interface Gi1/0/10 be configured as a trunk port. Interface Gi1/0/10 must be configured as a member of VLAN 723 and may also carry traffic on other VLANs.
2CSNXXX_SWUM204.book Page 672 Monday, January 25, 2016 1:25 PM Command Modes VLAN Configuration mode. User Guidelines Remote-span VLANs must be configured as a tagged VLAN on trunk or general mode ports on RSPAN transit switches.. Traffic in an RSPAN VLAN is always flooded as MAC address learning and link local protocols are disabled on RSPAN VLANs. VLANs on transit switches must be configured as remotespan VLANs in order to ensure delivery of all mirrored packets.
2CSNXXX_SWUM204.book Page 673 Monday, January 25, 2016 1:25 PM Operational Status............................. Current Capturing Type......................... Capturing Traffic Mode......................... Line Wrap Mode................................. RPCAP Listening Port........................... RPCAP dump file size (KB)...................... Enabled Line Tx/Rx Disabled 2002 45 console#show monitor capture packets Gi1/0/1 Length = 94 [RECEIVE] =================== 02:29:23.
2CSNXXX_SWUM204.book Page 674 Monday, January 25, 2016 1:25 PM 0020 0030 0040 0050 00 00 01 00 00 00 00 00 00 00 82 00 00 00 00 00 88 00 43 00 ff 00 62 00 fe 00 27 00 2f 00 10 00 8e 00 00 00 82 01 00 00 ff 3a 00 ff 02 00 00 ff 00 05 00 00 00 00 00 02 00 00 00 00 00 00 show monitor session Use the show monitor session command in Privileged Exec mode to display status of port monitoring, VLAN-based mirroring, Flow-based mirroring, and mirroring across RSPAN.
2CSNXXX_SWUM204.book Page 675 Monday, January 25, 2016 1:25 PM The following example shows the detailed status of the port based mirroring session that is constrained to a local switch.
2CSNXXX_SWUM204.book Page 676 Monday, January 25, 2016 1:25 PM TX Only Both Source VLANs RX Only Source RSPAN VLAN Destination Ports Dest RSPAN VLAN : : : : : : : None None None 999 Gi1/0/15 None show vlan remote-span Use this command to display the RSPAN VLAN IDs. Syntax show vlan remote-span Default Configuration This command has no default configuration. Command Modes User Exec, Privileged Exec modes. User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 677 Monday, January 25, 2016 1:25 PM QoS Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Quality of Service (QoS) technologies are intended to provide guaranteed timely delivery of specific application data to a particular destination. In contrast, standard IP-based networks are designed to provide best effort data delivery service. Best effort service implies that the network delivers the data in a timely fashion, although there is no guarantee.
2CSNXXX_SWUM204.book Page 678 Monday, January 25, 2016 1:25 PM ACLs can be configured to apply to a VLAN instead of an interface. Traffic tagged with a VLAN ID (either receive-tagged or tagged by ingress process such as PVID) is evaluated for a match regardless of the interface on which it is received. Layer 2 ACLs The Layer 2 ACL feature provides access list capability by allowing classification on the Layer 2 header of an Ethernet frame, including the 802.1Q VLAN tag(s).
2CSNXXX_SWUM204.book Page 679 Monday, January 25, 2016 1:25 PM CoS mapping tables, port default priority, and hardware queue parameters may be configured on LAG interfaces as well as physical port interfaces. Queue Mapping The priority of a packet arriving at an interface is used to steer the packet to the appropriate outbound CoS queue through a mapping table.
2CSNXXX_SWUM204.book Page 680 Monday, January 25, 2016 1:25 PM Diffserv Standard IP-based networks are designed to provide “best effort” data delivery service. Best effort service implies that the network delivers the data in a timely fashion, although there is no guarantee that it will meet the latency or bandwidth requirements. During times of congestion, packets may be delayed, sent sporadically, or dropped.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 682 Monday, January 25, 2016 1:25 PM Example The following example displays how to change the queue ID to 4 for the associated traffic stream. console(config-policy-classmap)#assign-queue 4 class Use the class command in Policy-Map Class Configuration mode to create an instance of a class definition within the specified policy for the purpose of defining treatment of the traffic class through subsequent policy attribute statements.
2CSNXXX_SWUM204.book Page 683 Monday, January 25, 2016 1:25 PM class-map Use the class-map command in Global Configuration mode to define a new DiffServ class of type match-all. To delete the existing class, use the no form of this command. Syntax class-map match-all class-map-name [{ipv4 | ipv6}] no class-map match-all class-map-name • class-map-name — a case-sensitive alphanumeric string from 1 to 31 characters uniquely identifying an existing DiffServ class.
2CSNXXX_SWUM204.book Page 684 Monday, January 25, 2016 1:25 PM • classname — The name of an existing DiffServ class. (Range: 1–31 characters) • newclassname — A case-sensitive alphanumeric string. (Range: 1–31 characters) Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to change the name of a DiffServ class from "DELL" to "DELL1.
2CSNXXX_SWUM204.book Page 685 Monday, January 25, 2016 1:25 PM Default Configuration The default dot1p mapping is as follows: User Priority Traffic Class 0 1 1 0 2 0 3 1 4 2 5 2 6 3 7 3 Command Mode Global Configuration or Interface Configuration (Ethernet, Port-channel) mode User Guidelines None Example The following example globally configures a mapping for user priority 1 and traffic class 2. If trust mode is enabled for 802.
2CSNXXX_SWUM204.book Page 686 Monday, January 25, 2016 1:25 PM Syntax classofservice ip-dscp-mapping ipdscp trafficclass no classofservice ip-dscp-mapping ipdscp • ipdscp—Specifies the IP DSCP value to which you map the specified traffic class. (Range: 0–63 or an IP DSCP keyword – af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef). • trafficclass—Specifies the traffic class for this value mapping. (Range: 0–6).
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 688 Monday, January 25, 2016 1:25 PM IP DSCP Traffic Class (queue-id) 44 2 45 2 46(ef) 2 47 2 48(cs6) 3 49 3 50 3 51 3 52 3 53 3 54 3 55 3 56(cs7) 3 57 3 58 3 59 3 60 3 61 3 62 3 63 3 Command Mode Global Configuration mode User Guidelines The switch may be configured to trust either DSCP or CoS values, but not both. Setting the trust mode does not affect ACL packet matching, e.g.
2CSNXXX_SWUM204.book Page 689 Monday, January 25, 2016 1:25 PM Example The following example globally configures the mapping for IP DSCP 1 to traffic class 2. If trust mode is enabled for DSCP (classofservice trust ipdscp), packets received on any interface marked with DSCP 1 will be assigned to internal CoS queue 2.
2CSNXXX_SWUM204.book Page 690 Monday, January 25, 2016 1:25 PM Examples The following example sets the class of service trust mode of an interface to trust dot1p (802.1p) packet markings. console(config)#classofservice trust dot1p The following example displays how to set the class of service trust mode of an interface to trust IP Precedence packet markings.
2CSNXXX_SWUM204.book Page 691 Monday, January 25, 2016 1:25 PM Color conforming classes must be one of the following types: • Primary COS • Secondary COS • DSCP • IP Precedence This includes both the input and color aware classes. The conform color class may not be the same as the input class, nor may the match criteria be of the same type. The input class map may have a match type of "any." The exceed color class may only be specified for the two-rate police algorithm.
2CSNXXX_SWUM204.book Page 692 Monday, January 25, 2016 1:25 PM cos-queue min-bandwidth Use the cos-queue min-bandwidth command in either Global Configuration mode or Interface Configuration mode to specify the minimum transmission bandwidth for each interface queue. To restore the default for each queue’s minimum bandwidth value, use the no form of this command.
2CSNXXX_SWUM204.book Page 693 Monday, January 25, 2016 1:25 PM When ETS is operational on an N4000 series switch, this command overrides the ETS assignments and assigns minimum bandwidth constraints across traffic class groups. This allows the administrator to ensure that the frame scheduler does not completely starve lower priority groups when strict priority is enabled on a high numbered TCG.
2CSNXXX_SWUM204.book Page 694 Monday, January 25, 2016 1:25 PM Default Configuration WRED queue management policy is disabled by default. Tail-drop queue management policy is enabled by default. The threshold for invoking taildrop behavior when WRED is disabled is approximately 1/2 of the remaining free packet buffer in the switch.
2CSNXXX_SWUM204.book Page 695 Monday, January 25, 2016 1:25 PM Simple RED may be enabled/disabled for any CoS queue on the Dell Networking N1500 Series switches, however, the drop probability must be one of the values given below. The percentage before the dash indicates the actual drop probability. The number after the dash indicates the value entered in the drop-prob-scale parameter. 0.097% - 1 0.195% - 2 0.391% - 4 0.781% - 8 1.563% - 16 3.125% - 31 6.
2CSNXXX_SWUM204.book Page 696 Monday, January 25, 2016 1:25 PM cos-queue strict Use the cos-queue strict command in either Global Configuration mode or Interface Configuration mode to activate the strict priority scheduler mode for the specified queue. To restore the default weighted scheduler mode for each specified queue, use the no form of this command.
2CSNXXX_SWUM204.book Page 697 Monday, January 25, 2016 1:25 PM bandwidth on other queues, ensure that the total of the minimum bandwidths is less than 100% to allow the scheduler to handle bursts of traffic. Example The following example displays how to activate the strict priority scheduler mode for two queues.
2CSNXXX_SWUM204.book Page 698 Monday, January 25, 2016 1:25 PM Example The following example displays how to set the DiffServ operational mode to active. console(Config)#diffserv drop Use the drop command in Policy-Class-Map Configuration mode to specify that all packets for the associated traffic stream are to be dropped at ingress. NOTE: This command is not available on the N1500 Series switches. Syntax drop Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 699 Monday, January 25, 2016 1:25 PM Syntax mark cos cos-value • cos-value — Specifies the CoS value as an integer. (Range: 0–7) Default Configuration There is no default cos-value for this command. Packets are not remarked by default.
2CSNXXX_SWUM204.book Page 700 Monday, January 25, 2016 1:25 PM • dscpval — Specifies a DSCP value (10, 12, 14, 18, 20, 22, 26, 28, 30, 34, 36, 38, 0, 8, 16, 24, 32, 40, 48, 56, 46) or a DSCP keyword (af11, af12, af13, af21, af22, af23, af31, af32, af33, af41, af42, af43, be, cs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, ef). Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 701 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines. Received frames are assigned to a CoS queue on ingress depending on configuration such as whether the ingress port is trusted for CoS, DSCP or IP precedence value and it's mapping onto an internal CoS queue. IP packets may be remarked using either an in or an out policy map.
2CSNXXX_SWUM204.book Page 702 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines • The parameters refclassname and class-map-name can not be the same. • Only one other class may be referenced by a class. • Any attempts to delete the refclassname class while the class is still referenced by any class-map-name fails.
2CSNXXX_SWUM204.book Page 703 Monday, January 25, 2016 1:25 PM Syntax match cos • cos-value — Specifies the CoS value as an integer (Range: 0–7) Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example displays adding a match condition to the specified class.
2CSNXXX_SWUM204.book Page 704 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example configures a match condition for the specified MAC address and bit mask.
2CSNXXX_SWUM204.book Page 705 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example The following example displays adding a match condition using the specified IP address and bit mask. console(config-classmap)#match dstip 10.240.1.1 10.240.0.0 match dstip6 The match dstip6 command adds a match condition based on the destination IPv6 address of a packet. NOTE: This command is not available on the N1500 Series switches.
2CSNXXX_SWUM204.book Page 706 Monday, January 25, 2016 1:25 PM match dstl4port Use the match dstl4port command in Class-Map Configuration mode to add a match condition based on the destination layer 4 port of a packet using a single keyword or a numeric notation. NOTE: This command is not available on the N1500 Series switches. Syntax match dstl4port {portkey | port-number} • portkey — Specifies one of the supported port name keywords. A match condition is specified by one layer 4 port number.
2CSNXXX_SWUM204.book Page 707 Monday, January 25, 2016 1:25 PM Syntax match ethertype {keyword | 0x0600-0xffff} • keyword — Specifies either a valid keyword or a valid hexadecimal number. The supported keywords are appletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios, novell, pppoe, rarp. (Range: 0x0600–0xFFFF) Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 708 Monday, January 25, 2016 1:25 PM Command Mode Ipv6-Class-Map Configuration mode. User Guidelines There are no user guidelines for this command. Example The following example adds a rule to match packets whose IPv6 Flow Label equals 32312.
2CSNXXX_SWUM204.book Page 709 Monday, January 25, 2016 1:25 PM The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a slightly different user notation. To specify a match on all DSCP values, use the match ip tos tosbits tosmask command with tosbits set to "0" (zero) and tosmask set to hex "03." Example The following example displays how to add a match condition based on the DSCP field.
2CSNXXX_SWUM204.book Page 710 Monday, January 25, 2016 1:25 PM To specify a match on all precedence values, use the match ip tos tosbits tosmask command with tosbits set to "0" (zero) and tosmask set to hex "1F." Example The following example displays adding a match condition based on the value of the IP precedence field.
2CSNXXX_SWUM204.book Page 711 Monday, January 25, 2016 1:25 PM This specification is the free form version of the IP DSCP/Precedence/TOS match specification in that you have complete control of specifying which bits of the IP Service Type field are checked. Example The following example displays adding a match condition based on the value of the IP TOS field in a packet.
2CSNXXX_SWUM204.book Page 712 Monday, January 25, 2016 1:25 PM Example The following example displays adding a match condition based on the "ip" protocol name keyword. console(config-classmap)#match protocol ip match source-address mac Use the match source-address mac command in Class-Map Configuration mode to add to the specified class definition a match condition based on the source MAC address of the packet. NOTE: This command is not available on the N1500 Series switches.
2CSNXXX_SWUM204.book Page 713 Monday, January 25, 2016 1:25 PM match srcip Use the match srcip command in Class-Map Configuration mode to add to the specified class definition a match condition based on the source IP address of a packet. NOTE: This command is not available on the N1500 Series switches. Syntax match srcip ipaddr ipmask • ipaddr — Specifies a valid IP address. • ipmask — Specifies a valid IP address bit mask.
2CSNXXX_SWUM204.book Page 714 Monday, January 25, 2016 1:25 PM Syntax match srcip6 source-ipv6-prefix/prefix-length • source-ipv6-prefix —IPv6 prefix in IPv6 global address format. • prefix-length —IPv6 prefix length value. Default Configuration There is no default configuration for this command. Command Mode Ipv6-Class-Map Configuration mode. User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.book Page 715 Monday, January 25, 2016 1:25 PM Command Mode Class-Map Configuration mode User Guidelines Only one srcl4port matching criteria can be specified. To remove the matching criteria, delete the class map. Example The following example displays how to add a match condition using the "snmp" port name keyword.
2CSNXXX_SWUM204.book Page 716 Monday, January 25, 2016 1:25 PM Example The following example displays adding a match condition for the VLAN ID "2." console(config-classmap)#match vlan 2 mirror Use the mirror command in Policy-Class-Map Configuration mode to mirror all the data that matches the class defined to the destination port specified. NOTE: This command is not available on the N1500 Series switches.
2CSNXXX_SWUM204.book Page 717 Monday, January 25, 2016 1:25 PM Syntax police-simple {datarate burstsize conform-action {drop | set-prectransmit cos | set-dscp-transmit dscpval | transmit} [violate-action {drop | set-costransmit cos | set-prec-transmit cos | set-dscp-transmit dscpval | transmit}]} • datarate — Data rate in kilobits per second (kbps).
2CSNXXX_SWUM204.book Page 718 Monday, January 25, 2016 1:25 PM Example The following example configures a single rate ingress meter with packets received at a rate below 1000 Kbps and 4096 byte burst size are transmitted and packets above that rate are dropped. The transmitted packets are colored green should the operator desire to configure a WRED drop policy.
2CSNXXX_SWUM204.book Page 719 Monday, January 25, 2016 1:25 PM Command Modes Policy-Class-Map Configuration mode User Guidelines An srTCM meters a traffic stream and colors packets according to three parameters: Committed Information Rate (CIR), Committed Burst Size (CBS), and Peak Burst Size (PBS). A packet is colored red if it exceeds the CBS and the PBS, yellow if it exceeds the CBS, and green if it exceeds neither.
2CSNXXX_SWUM204.book Page 720 Monday, January 25, 2016 1:25 PM • action— The action to take according to the color. Select one of: – drop— Drop the packet. – set-prec-transmit ip-prec— Remark the IP precedence in the packet to ip-prec and transmit. (Range 0-7) – set-dscp-transmit dscp-val— Remark the DSCP in the packet to dscpval and transmit. (Range 0-63) – set-cos-transmit 802.1p-priority— Remark the 802.1p priority in the packet to 802.1p-priority and transmit.
2CSNXXX_SWUM204.book Page 721 Monday, January 25, 2016 1:25 PM Example console#police-two-rate 100000000 64 1000000000 32 conform-action set-costransmit 7 exceed-action set-prec-transmit 7 violate-action drop policy-map Use the policy-map command in Global Configuration mode to establish a new DiffServ policy or to enter policy map configuration mode. To remove the policy, use the no form of this command. NOTE: This command is not available on the N1500 Series switches.
2CSNXXX_SWUM204.book Page 722 Monday, January 25, 2016 1:25 PM Example The following example shows how to establish a new ingress DiffServ policy named "DELL." console(config)#policy-map DELL in console(config-policy-classmap)# random-detect queue-parms Use the random-detect queue-parms command to configure the WRED green, yellow, and red TCP and non-TCP packet minimum and maximum drop thresholds and corresponding drop probabilities on an interface or globally.
2CSNXXX_SWUM204.book Page 723 Monday, January 25, 2016 1:25 PM • drop-prob-scale—The maximum drop probability. Range 0-100. This is the drop probability for a packet when the maximum threshold is reached. Above the maximum threshold, 100% of matching packets are dropped. • ecn—Enables ECN marking for the selected CoS queues. Packets marked as ECN capable are not dropped when selected for discard by WRED.
2CSNXXX_SWUM204.book Page 724 Monday, January 25, 2016 1:25 PM WRED Processing WRED is intended to provide feedback to protocols (e.g. TCP) that depend on packet loss to adjust their transmission rate. WRED drop behavior only occurs when an interface is congested within the ranges specified. If congestion exceeds the upper limit, queued packets will be dropped at the rate of traffic ingressing the system, e.g. 100%. If the congestion is less than the lower limit, no packets will be dropped.
2CSNXXX_SWUM204.book Page 725 Monday, January 25, 2016 1:25 PM 0 - 6.25% of maximum drop probability 1 - 18.75% of maximum drop probability 2 - 30.25% of maximum drop probability 3 - 43.75% of maximum drop probability 4 - 56.25% of maximum drop probability 5 - 68.75% of maximum drop probability 6 - 81.25% of maximum drop probability 7 - 92.
2CSNXXX_SWUM204.book Page 726 Monday, January 25, 2016 1:25 PM green/yellow/red. The maximum threshold may not be configured nor can the threshold or drop probability be configured for non-TCP traffic. ECN capability is supported. Simple RED may be enabled/disabled for any CoS queue on the Dell Networking N1500 Series switches, however, the drop probability must be one of the values given below. The percentage before the dash indicates the actual drop probability.
2CSNXXX_SWUM204.book Page 727 Monday, January 25, 2016 1:25 PM • 0–15 — The weighting constant is used to smooth the calculation of the queue size using the following formula where the 0-15 value is N. Default Configuration The default value is 15. This value corresponds to maximum smoothing of the average queue size.
2CSNXXX_SWUM204.book Page 728 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example shows how to redirect incoming packets to port Gi1/0/1.
2CSNXXX_SWUM204.book Page 729 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration mode (for all system interfaces) Interface Configuration (Ethernet, Port-channel) mode (for a specific interface) User Guidelines This command enables DiffServ on an interface. No separate interface administrative mode command for DiffServ is available. Use the policy-map command to configure the DiffServ policy. The service-policy direction must catch the direction given for the policy map.
2CSNXXX_SWUM204.book Page 730 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays all the configuration information for the class named "Dell".
2CSNXXX_SWUM204.book Page 731 Monday, January 25, 2016 1:25 PM show classofservice dot1p-mapping Use the show classofservice dot1p-mapping command in Privileged Exec mode to display the current IEEE 802.1p priority mapping to internal traffic classes for a specific interface.
2CSNXXX_SWUM204.book Page 732 Monday, January 25, 2016 1:25 PM 0 1 2 3 4 5 6 7 1 0 0 1 2 2 3 3 show classofservice ip-dscp-mapping Use the show classofservice ip-dscp-mapping command in Privileged Exec mode to display the current IP DSCP mapping to internal traffic classes for a specific interface. Syntax show classofservice ip-dscp-mapping Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 734 Monday, January 25, 2016 1:25 PM 56(cs7) 57 58 59 60 61 62 63 3 3 3 3 3 3 3 3 show classofservice trust Use the show classofservice trust command in Privileged Exec mode to display the current trust mode setting for a specific interface. Syntax show classofservice trust [{gigabitethernet unit/slot/port| port-channel portchannel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 735 Monday, January 25, 2016 1:25 PM show diffserv Use the show diffserv command to display the DiffServ general information, which includes the current administrative mode setting as well as the current and maximum number of DiffServ components. NOTE: On the N1500 Series switches, enable Simple RED since the hardware is not capable of Weighted Red. Syntax show diffserv Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 736 Monday, January 25, 2016 1:25 PM Syntax show diffserv service interface {interface-id} {in|out} • interface-id—An Ethernet or port-channel identifier. • in—Show ingress policies. • out—Show egress policies. Default Configuration This command has no default configuration. Command Mode Privileged Exec, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 737 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example shows how to display all interfaces in the system to which a DiffServ policy has been attached.
2CSNXXX_SWUM204.book Page 738 Monday, January 25, 2016 1:25 PM Examples The following example displays the COS configuration with no unit/slot/port or port-channel parameter. console#show interfaces cos-queue Global Configuration Interface Shaping Rate......................... 0 Queue Id -------0 1 2 3 4 5 6 Min.
2CSNXXX_SWUM204.book Page 739 Monday, January 25, 2016 1:25 PM Parameter Description Intf Shaping Rate The maximum transmission bandwidth limit for the interface as a whole. It is independent of any per-queue maximum bandwidth values in effect for the interface. This value is a configured value. Queue Mgmt Type The queue depth management technique used for all queues on this interface. Queue An interface supports n queues numbered 0 to (n-1).The specific n value is platform-dependent.
2CSNXXX_SWUM204.book Page 740 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command displays the globally configured policy if no interface parameter is given. If an interface parameter is given, it displays the configured interface policy.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 742 Monday, January 25, 2016 1:25 PM Example The following example displays the DiffServ information. console#show Policy Name ----------POLY1 DELL policy-map Policy Type ----------xxx xxx Class Members ------------DellClass DellClass show policy-map interface Use the show policy-map interface command in Privileged Exec mode to display policy-oriented statistics information for the specified interface. NOTE: This command is not available on the N1500 Series switches.
2CSNXXX_SWUM204.book Page 743 Monday, January 25, 2016 1:25 PM Policy Name................................... Interface Summary: Class Name.................................... In Offered Packets............................ In Discarded Packets.......................... DELL Dell Networking 1003 11 show service-policy Use the show service-policy command in Privileged Exec mode to display a summary of policy-oriented statistics information for all interfaces.
2CSNXXX_SWUM204.book Page 744 Monday, January 25, 2016 1:25 PM traffic-shape Use the traffic-shape command in Global Configuration mode and Interface Configuration mode to specify the maximum transmission bandwidth limit for the interface as a whole. To restore the default interface shaping rate value, use the no form of this command. Syntax traffic-shape bw kbps no traffic-shape • bw — Maximum transmission bandwidth value expressed in Kbps.
2CSNXXX_SWUM204.book Page 745 Monday, January 25, 2016 1:25 PM vlan priority Use the vlan priority command to assign a default VLAN priority tag for untagged frames ingressing an interface. Syntax vlan priority cos-value • cos-value – A value ranging from 0-7. Default Configuration By default, untagged frames are processed with VLAN priority 0. The VLAN priority is mapped to a class of service value which determines the handling of the frame.
2CSNXXX_SWUM204.book Page 746 Monday, January 25, 2016 1:25 PM Spanning Tree Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches The Multiple Spanning Tree Protocol (MSTP) component complies with IEEE 802.1 by efficiently segregating VLAN traffic over separate interfaces for multiple instances of Spanning Tree. IEEE 802.1D, Spanning Tree and IEEE w, Rapid Spanning Tree are supported through the IEEE 802.1s implementation. The difference between the RSTP and STP (IEEE 802.
2CSNXXX_SWUM204.book Page 747 Monday, January 25, 2016 1:25 PM MSTP scenario the port may be designated in one of the instances while being alternate in the CIST, and so on. Root guard is a per port (not a per port per instance command) configuration so all the MSTP instances this port participates in should not be in root role. STP BPDU Filtering - STP BPDU filtering applies to all operational edge ports. An Edge Port is supposed to be connected to hosts that typically do not generate BPDUs.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 749 Monday, January 25, 2016 1:25 PM exit (mst) Use the exit command in MST mode to exit the MST configuration mode and apply all configuration changes. Syntax exit Default Configuration MST configuration. Command Mode MST mode User Guidelines This command has no user guidelines. Example The following example shows how to exit the MST configuration mode and save changes.
2CSNXXX_SWUM204.book Page 750 Monday, January 25, 2016 1:25 PM Default Configuration VLANs are mapped to the common and internal spanning tree (CIST) instance (instance 0). Command Mode MST mode User Guidelines Before mapping VLANs to an instance use the spanning-tree mst enable command to enable the instance. All VLANs that are not explicitly mapped to an MST instance are mapped to the common and internal spanning tree (CIST) instance (instance 0) and cannot be unmapped from the CIST.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 752 Monday, January 25, 2016 1:25 PM Example The following example sets the configuration name to “region1”. console(config)#spanning-tree mst configuration console(config-mst)#name region1 revision (mst) Use the revision command in MST mode to identify the configuration revision number. To return to the default setting, use the no form of this command. Syntax revision version no revision • version — Configuration revision number.
2CSNXXX_SWUM204.book Page 753 Monday, January 25, 2016 1:25 PM show spanning-tree Use the show spanning-tree command in Privileged Exec mode to display the spanning-tree configuration.
2CSNXXX_SWUM204.book Page 754 Monday, January 25, 2016 1:25 PM Spanning tree :Enabled :Disabled - mode :rstp CST Regional Root: Regional Root Path Cost: ROOT ID Priority Address Path Cost Root Port Hello Time 2 6 sec Bridge ID Priority Address Hello Time Interfaces Name -----Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 State -------Enabled Enabled Enabled Enabled BPDU Flooding :Disabled - Portfast BPDU filtering 80:00:00:1E:C9:AA:AD:1B 0 32768 0010.1882.
2CSNXXX_SWUM204.book Page 755 Monday, January 25, 2016 1:25 PM Regional Root Path Cost: 0 ROOT ID Priority 32768 Address 0010.1882.1C53 Path Cost 20000 Root Port Gi1/0/1 Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec Bridge ID Priority 32768 Address 001E.C9AA.AD1B Hello Time 2 Sec Max Age 20 sec Forward Delay 15 sec Number of topology changes 1 last change occurred 0d0h17m7s ago Times: hold 6, hello 2, max age 20, forward delay 15 Port Gi1/0/1 Enabled State: Forwarding Port id: 128.
2CSNXXX_SWUM204.book Page 756 Monday, January 25, 2016 1:25 PM Designated bridge Priority: 32768 Designated port id: 128.48 CST Regional Root: 80:00:00:10:18:82:1C:53 BPDU: sent 24, received 504 Port Gi1/0/5 Enabled State: Forwarding Port id: 128.5 Root Protection: No Designated bridge Priority: 32768 Designated port id: 128.5 CST Regional Root: 80:00:00:1E:C9:AA:AD:1B BPDU: sent 524, received 0 Address: 0010.1882.
2CSNXXX_SWUM204.book Page 757 Monday, January 25, 2016 1:25 PM ----------------------Uplinkfast transitions (all VLANs) : 0 Proxy multicast addresses transmitted (all VLANs) : 0 Name Interface List -------------------- -----------------------------------Vl1 gi1/0/1,gi1/0/2 This example shows spanning-tree configured in mstp mode. Output is shown for each VLAN that is a member of an MST domain.
2CSNXXX_SWUM204.book Page 758 Monday, January 25, 2016 1:25 PM Spanning tree enabled protocol rstp Spanning-tree: Enabled (BPDU flooding: Disabled) (BPDU filtering: Disabled) CST Regional Root: Regional Root Path Cost: 80:00:00:1E:C9:DE:B1:37 0 ROOT ID Priority 32768 Address 001E.C9DE.B137 This Switch is the Root. Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Interfaces Name --------Gi1/0/3 Gi1/0/6 State -------Enabled Enabled Prio.Nbr --------128.3 128.
2CSNXXX_SWUM204.book Page 759 Monday, January 25, 2016 1:25 PM Interfaces Name State Prio.Nbr Cost Sts Role RestrictedPort --------- -------- --------- --------- ---- ----- -------------Gi1/0/3 Enabled 128.3 20000 FWD Desg No show spanning-tree summary Use the show spanning-tree summary command to display spanning tree settings and parameters for the switch. Syntax show spanning-tree summary Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 760 Monday, January 25, 2016 1:25 PM Configuration Digest Key A generated Key used in the exchange of the BPDUs. Configuration Format Selector Specifies the version of the configuration format being used in the exchange of BPDUs. The default value is zero. MST Instances List of all multiple spanning tree instances configured on the switch. Example console#show spanning-tree summary Spanning Tree Adminmode........... Spanning Tree Version............. BPDU Guard Mode.........
2CSNXXX_SWUM204.book Page 761 Monday, January 25, 2016 1:25 PM User Guidelines There are no user guidelines for this command. Example console(config-vlan)#show spanning-tree vlan 1 VLAN 1 Spanning Tree: Enabled Mode: rapid-pvst RootID Priority 32769 Address F8B1.562B.A1D6 Cost 0 Port This switch is the root Hello Time: 2s Max Age: 20s Forward Delay: 15s BridgeID Priority 32769 (priority 32768 sys-id-ext 1) Address F8B1.562B.
2CSNXXX_SWUM204.book Page 762 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example The following example enables spanning-tree functionality. console(config)#spanning-tree spanning-tree auto-portfast Use the spanning-tree auto-portfast command to set the port to auto portfast mode. This enables the port to become a portfast port if it does not see any BPDUs for 3 seconds after a link up event. Use the no form of this command to disable auto portfast mode.
2CSNXXX_SWUM204.book Page 763 Monday, January 25, 2016 1:25 PM spanning-tree backbonefast Use the spanning-tree backbonefast command to enable the detection of indirect link failures and accelerate spanning tree convergence on STP-PV/RSTP-PV configured switches using Indirect Link Rapid Convergence (IRC). IRC accelerates finding an alternative path when an indirect link to the root port goes down. Use the no form of the command to disable the IRC feature.
2CSNXXX_SWUM204.book Page 764 Monday, January 25, 2016 1:25 PM spanning-tree bpdu flooding The spanning-tree bpdu flooding command allows flooding of BPDUs received on non-spanning-tree ports to all other non-spanning-tree ports. Use the “no” form of the command to disable flooding. Syntax spanning-tree bpdu flooding no spanning-tree bpdu flooding Default Configuration This feature is disabled by default.
2CSNXXX_SWUM204.book Page 765 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration mode User Guidelines The administrator should ensure that interfaces on which BDPU guard is enabled are configured as edge ports. To configure an interface as an edge port, use the spanning-tree portfast command. An edge port is generally connected to a user terminal (such as a desktop computer) or file server directly and is configured as an edge port to implement a fast transition to the forwarding state.
2CSNXXX_SWUM204.book Page 766 Monday, January 25, 2016 1:25 PM no spanning-tree cost • cost — The port path cost. (Range: 1–200,000,000) Default Configuration The default value is to select the path cost based on the link speed.
2CSNXXX_SWUM204.book Page 767 Monday, January 25, 2016 1:25 PM spanning-tree disable Use the spanning-tree disable command in Interface Configuration mode to disable spanning-tree on a specific port. To enable spanning-tree on a port, use the no form of this command. Syntax spanning-tree disable no spanning-tree disable Default Configuration By default, all ports are enabled for spanning-tree.
2CSNXXX_SWUM204.book Page 768 Monday, January 25, 2016 1:25 PM no spanning-tree forward-time • seconds — Time in seconds. (Range: 4–30) Default Configuration The default forwarding-time for IEEE Spanning-tree Protocol (STP) is 15 seconds. Command Mode Global Configuration mode. User Guidelines When configuring the Forward-Time the following relationship should be satisfied: 2*(Forward-Time - 1) >= Max-Age. Example The following example configures spanning-tree bridge forward time to 25 seconds.
2CSNXXX_SWUM204.book Page 769 Monday, January 25, 2016 1:25 PM Default Configuration Neither root nor loop guard is enabled. Command Mode Interface Configuration (Ethernet, Port Channel) mode. User Guidelines There are no user guidelines for this command. Example The following example disables spanning-tree guard functionality on gigabit ethernet interface 4/0/1.
2CSNXXX_SWUM204.book Page 770 Monday, January 25, 2016 1:25 PM Example The following example enables spanning-tree loopguard functionality on all ports. console(config)#spanning-tree loopguard default spanning-tree max-age Use the spanning-tree max-age command in Global Configuration mode to configure the spanning-tree bridge maximum age. To reset the default maximum age, use the no form of this command. Syntax spanning-tree max-age seconds no spanning-tree max-age • seconds -Time in seconds.
2CSNXXX_SWUM204.book Page 771 Monday, January 25, 2016 1:25 PM spanning-tree max-hops Use the spanning-tree max-hops command to set the MSTP Max Hops parameter to a new value for the common and internal spanning tree. Use the “no” form of this command to reset the Max Hops to the default. Syntax spanning-tree max-hops hops no spanning-tree max-hops • hops — The maximum number of hops to use (Range: 6 to 40). Default Configuration The maximum number of hops is 20 by default.
2CSNXXX_SWUM204.book Page 772 Monday, January 25, 2016 1:25 PM • rapid-pvst— Spanning-tree operates in RSTP-PV mode. Default Configuration Rapid Spanning Tree Protocol (RSTP) is enabled. Command Mode Global Configuration mode User Guidelines In RSTP mode, the switch uses STP when the neighbor switch is using STP. In MSTP mode, the switch uses RSTP when the neighbor switch is using RSTP and uses STP when the neighbor switch is using STP.
2CSNXXX_SWUM204.book Page 773 Monday, January 25, 2016 1:25 PM RSTP-PV embeds support for STP-PV Indirect Link Rapid Convergence and Direct Link Rapid Convergence. There is no provision to enable or disable these features in RSTP-PV. Example The following example configures the spanning-tree protocol to MSTP.
2CSNXXX_SWUM204.book Page 774 Monday, January 25, 2016 1:25 PM spanning-tree mst cost Use the spanning-tree mst cost command in Interface Configuration mode to configure the internal path cost for multiple spanning tree (MST) calculations. If a loop occurs, the spanning tree considers path cost when selecting an interface to put in the forwarding state. To return to the default port path cost, use the no form of this command.
2CSNXXX_SWUM204.book Page 775 Monday, January 25, 2016 1:25 PM console(config-if-Gi1/0/9)#spanning-tree mst 1 cost 4 spanning-tree mst port-priority Use the spanning-tree mst port-priority command in Interface Configuration mode to configure port priority. To return to the default port priority, use the no form of this command. Syntax spanning-tree mst instance-id port-priority priority no spanning-tree mst instance-id port-priority • instance-id—ID of the spanning-tree instance.
2CSNXXX_SWUM204.book Page 776 Monday, January 25, 2016 1:25 PM spanning-tree mst priority Use the spanning-tree mst priority command in Global Configuration mode to set the switch priority for the specified spanning-tree instance. To return to the default setting, use the no form of this command. Syntax spanning-tree mst instance-id priority priority no spanning-tree mst instance-id priority • instance-id—ID of the spanning-tree instance.
2CSNXXX_SWUM204.book Page 777 Monday, January 25, 2016 1:25 PM spanning-tree portfast Use the spanning-tree portfast command in Interface Configuration mode to enable portfast mode. In portfast mode, the interface is immediately put into the forwarding state upon linkup, without waiting for the timer to expire. To disable portfast mode, use the no form of this command. Syntax spanning-tree portfast no spanning-tree portfast Default Configuration Portfast mode is disabled.
2CSNXXX_SWUM204.book Page 778 Monday, January 25, 2016 1:25 PM spanning-tree portfast bpdufilter default The spanning-tree portfast bpdufilter default command disables the transmission and reception of BPDUs on portfast enabled ports. Use the “no” form of the command to enable the transmission and receipt of BPDUs. Syntax spanning-tree portfast bpdufilter default no spanning-tree portfast bpdufilter default Default Configuration This feature is disabled by default.
2CSNXXX_SWUM204.book Page 779 Monday, January 25, 2016 1:25 PM console#spanning-tree portfast bpdufilter default spanning-tree portfast default Use the spanning-tree portfast default command to enable portfast mode on access ports. Interfaces configured as access mode ports are considered to be edge ports. Use the no form of this command to disable portfast mode on all ports.
2CSNXXX_SWUM204.book Page 780 Monday, January 25, 2016 1:25 PM spanning-tree port-priority (Interface Configuration) Use the spanning-tree port-priority command in Interface Configuration mode to configure the priority value of an edge-port or point-to-point interface to allow the operator to select the relative importance of the interface in the selection process for forwarding. Set this value to a lower number to prefer an operationally enabled interface for forwarding of frames.
2CSNXXX_SWUM204.book Page 781 Monday, January 25, 2016 1:25 PM An edge port is a port with spanning-tree port-fast enabled. A point-to-point link is a link configured as full-duplex. Edge-ports and point-to-point links directly transition to the forwarding state and do not delay for the listening and learning stages of spanning-tree. An edge port that receives a BPDU is no longer considered an edge-port and will utilize the configured port priority value.
2CSNXXX_SWUM204.book Page 782 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration mode User Guidelines The priority value must be a multiple of 4096. The switch with the lowest priority is the root of the spanning tree. Bridge priority configuration is given preference over root primary/secondary configuration. Root primary/secondary configuration is given preference over DRC configuration. Example The following example configures spanning-tree priority to 12288.
2CSNXXX_SWUM204.book Page 783 Monday, January 25, 2016 1:25 PM Example The following example configures spanning-tree tcnguard on 4/0/1. console(config-if-4/0/1)#spanning-tree tcnguard spanning-tree transmit hold-count Use the spanning-tree transmit hold-count command to set the maximum number of BPDUs that a bridge is allowed to send within a hello time window (2 seconds). Use the no form of this command to reset the hold count to the default value.
2CSNXXX_SWUM204.book Page 784 Monday, January 25, 2016 1:25 PM Direct Link Rapid Convergence on STP-PV switches. This command assists in accelerating spanning-tree convergence after switchover to an alternate port. Use the no form of the command to return the configured rate to the default value (or disable uplinkfast on STP-PV configured switches).
2CSNXXX_SWUM204.book Page 785 Monday, January 25, 2016 1:25 PM Configuration of the bridge priority is given preference over configuration of the root primary or root secondary configuration, which is given preference over the configuration of DirectLink Rapid Convergence. RSTP-PV embeds support for IRC and DRC. There is no provision to enable or disable these features in RSTP-PV configured switches. DRC is most useful for enterprise wiring-closet topologies with a limited number of VLANs.
2CSNXXX_SWUM204.book Page 786 Monday, January 25, 2016 1:25 PM User Guidelines This command can be configured even if the switch is configured for MST(RSTP) mode. It is only used when the switch is configured for STP-PV or RSTP-PV modes.
2CSNXXX_SWUM204.book Page 787 Monday, January 25, 2016 1:25 PM Forward delay is only application to STP modes. The forward delay setting is ignored in MSTP, RSTP and RSTP-PV modes as the designated port is transitioned to the forwarding state immediately. Example console(config)#spanning-tree vlan 3 forward-time 12 spanning-tree vlan hello-time Use the spanning-tree vlan hello-time command to configure the spanning tree hello time for a specified VLAN or a range of VLANs.
2CSNXXX_SWUM204.book Page 788 Monday, January 25, 2016 1:25 PM spanning-tree vlan max-age Use the spanning-tree vlan max-age command to configure the spanning tree maximum age time for a set of VLANs. Use the no form of the command to return the maximum age timer to the default value. Syntax spanning-tree vlan vlan-list max-age 6-40 no spanning-tree vlan vlan-list> max-age • max-age — The maximum age time before a bridge port saves its configuration information.
2CSNXXX_SWUM204.book Page 789 Monday, January 25, 2016 1:25 PM Example console(config)#spanning-tree vlan 3 max-age 18 spanning-tree vlan root Use the spanning-tree vlan root primary command to configure the switch to become the root bridge or standby root bridge by modifying the bridge priority from the default value to a lower value calculated to ensure the bridge is the root (or standby) bridge. Use the no form of the command to let the network elect the root bridge.
2CSNXXX_SWUM204.book Page 790 Monday, January 25, 2016 1:25 PM spanning-tree vlan priority Use the spanning-tree vlan priority command to configure the bridge priority of a VLAN. The bridge priority is combined with the MAC address of the switch and is used to select the root bridge for the VLAN. Use the no form of the command to return the priority to the default value.
2CSNXXX_SWUM204.book Page 791 Monday, January 25, 2016 1:25 PM Configuration of the bridge priority is given preference over configuration of the root primary or root secondary configuration, which is given preference over the configuration of DirectLink Rapid Convergence. Example This example configures a switch to be the spanning tree root bridge for VLANs 12, 13, 24, 25, and 26. This presumes other switches in the network utilize the default bridge priority configuration.
2CSNXXX_SWUM204.book Page 792 Monday, January 25, 2016 1:25 PM UDLD Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches The UDLD feature detects unidirectional links on physical ports. A unidirectional link is a forwarding anomaly in a Layer 2 communication channel in which a bi-directional link stops passing traffic in one direction. UDLD must be enabled on the both sides of the link in order to detect a unidirectional link.
2CSNXXX_SWUM204.book Page 793 Monday, January 25, 2016 1:25 PM Processing UDLD Traffic from Neighbors Every UDLD-capable device collects information about all other UDLDcapable devices. Each device populates UDLD echo packets with collected neighbor information to help neighbors identify unidirectional links. Every frame basically contains the device ID of the sender and the collection of device IDs of its discovered neighbors.
2CSNXXX_SWUM204.book Page 794 Monday, January 25, 2016 1:25 PM a When there is a loopback, the device ID and port ID sent out on a port is received back. b UDLD PDU is received from a partner does not have its own details (echo). c Bidirectional connection is established and no UDLD packets are received from the partner device within three times the message interval. d In aggressive mode, when the partner does not respond to an ECHO within 7 seconds.
2CSNXXX_SWUM204.book Page 795 Monday, January 25, 2016 1:25 PM User Guidelines This command globally enables UDLD. Interfaces which are not connected or enabled at the Ethernet layer at the time the command is issued will be enabled for UDLD when connected or enabled. Example This command globally enables UDLD. console(config)#udld enable udld reset Use the udld reset command in Privileged Exec mode to reset (enable) all interfaces disabled by UDLD.
2CSNXXX_SWUM204.book Page 796 Monday, January 25, 2016 1:25 PM Example This example resets all UDLD disabled interfaces. console#udld reset udld message time Use the udld message time command in Global Configuration mode to configure the interval between the transmission of UDLD probe messages on ports that are in the advertisement phase. Use the no form of the command to return the message transmission interval to the default value.
2CSNXXX_SWUM204.book Page 797 Monday, January 25, 2016 1:25 PM udld timeout interval Use the udld timeout interval command in Global Configuration mode to configure the interval for the receipt of ECHO replies. Use the no form of the command to return the value to the default setting. Syntax udld timeout interval timeout-interval no udld timeout interval • timeout-interval—UDLD timeout interval. Range is 5 to 60 seconds. Default Configuration The default timeout interval is 5 seconds.
2CSNXXX_SWUM204.book Page 798 Monday, January 25, 2016 1:25 PM no udld enable Default Configuration UDLD is disabled by default on an interface. Command Mode Interface (physical) Configuration mode User Guidelines UDLD cannot be enabled on a port channel. Instead, enable UDLD on the physical interfaces of a port channel. Example This example enables UDLD on an interface. UDLD must also be enabled globally.
2CSNXXX_SWUM204.book Page 799 Monday, January 25, 2016 1:25 PM User Guidelines In aggressive mode, UDLD will attempt to detect a peer by sending an ECHO packet every seven seconds until a peer is detected. Example This example configure an interface to operate in UDLD aggressive mode. console(config-if-Te1/0/1)#udld port aggressive show udld Use the show udld command in User Exec or Privileged Exec mode to display the global settings for UDLD.
2CSNXXX_SWUM204.book Page 800 Monday, January 25, 2016 1:25 PM Field Description Interface Id The interface identifier in short form, e.g. te1/0/1. Admin Mode The administrative mode of UDLD configured on this interface. This is either Enabled or Disabled. UDLD Mode The UDLD mode configured on this interface. This is either Normal or Aggressive. UDLD Status The status of the link as determined by UDLD.
2CSNXXX_SWUM204.book Page 801 Monday, January 25, 2016 1:25 PM VLAN Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Dell Networking 802.1Q VLANs are an implementation of the Virtual Local Area Network, specification 802.1Q. Operating at Layer 2 of the OSI model, the VLAN is a means of parsing a single network into logical user groups or organizations as if they physically resided on a dedicated LAN segment of their own.
2CSNXXX_SWUM204.book Page 802 Monday, January 25, 2016 1:25 PM Double VLAN Mode An incoming frame is identified as tagged or untagged based on Tag Protocol Identifier (TPID) value it contains. The IEEE 802.1Q standard specifies a TPID value (0x8100) to recognize an incoming frame as tagged or untagged. Any valid Ethernet frame with a value of 0x8100 in the 12th and 13th bytes is recognized as a tagged frame. Dell Networking N-Series switches can be configured to enable the port in double-VLAN (QinQ) mode.
2CSNXXX_SWUM204.book Page 803 Monday, January 25, 2016 1:25 PM Protocol Based VLANs The main purpose of Protocol-based VLANs (PBVLANs) is to selectively process packets based on their upper-layer protocol by setting up protocolbased filters. Packets are bridged through user-specified ports based on their protocol. In PBVLANs, the VLAN classification of a packet is based on its protocol (IP, IPX, NetBIOS, and so on).
2CSNXXX_SWUM204.book Page 804 Monday, January 25, 2016 1:25 PM Private VLAN Commands The Dell Networking Private VLAN feature separates a regular VLAN domain into two or more subdomains. Each subdomain is defined (represented) by a primary VLAN and a secondary VLAN. The primary VLAN ID is the same for all subdomains that belong to a private VLAN. The secondary VLAN ID differentiates subdomains from each another and provides Layer 2 isolation between ports of the same private VLAN.
2CSNXXX_SWUM204.book Page 805 Monday, January 25, 2016 1:25 PM promiscuous ports or can communicate only with the promiscuous ports (if the secondary VLAN is an isolated VLAN). The Private VLANs can be extended across multiple switches through interswitch/stack links that transport primary, community and isolated VLANs between devices, as shown in Figure 3-1. Figure 3-1.
2CSNXXX_SWUM204.book Page 806 Monday, January 25, 2016 1:25 PM Private VLAN Operation in the Switch Environment The Private VLAN feature operates in a stacked or single switch environment. The stack links are transparent to the configured VLAN, thus there is no need for special private VLAN configuration. Any private VLAN port can reside on any stack member.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 808 Monday, January 25, 2016 1:25 PM User Guidelines Assigning an IP address to a VLAN interface enables Layer 3 on the VLAN interface. If IP routing is globally enabled and an IP address is assigned, the router will route packets to and from the VLAN. Use the no form of the command to remove empty interface vlan entries from the running config.
2CSNXXX_SWUM204.book Page 809 Monday, January 25, 2016 1:25 PM Example The following example groups VLAN 221 through 228 and VLAN 889 to execute the commands entered in interface range mode.
2CSNXXX_SWUM204.book Page 810 Monday, January 25, 2016 1:25 PM The CLI does not filter illegal characters and may truncate entries at the first illegal character or reject the entry entirely. The name of VLAN 1 cannot be changed. Example The following example configures a VLAN name of office2 for VLAN 2.
2CSNXXX_SWUM204.book Page 811 Monday, January 25, 2016 1:25 PM Command Mode VLAN Configuration mode User Guidelines A community VLAN carries traffic among community ports and from community ports to the promiscuous ports on the corresponding primary VLAN. An isolated VLAN is used by isolated ports to communicate with promiscuous ports. It does not carry traffic to other community ports or other isolated ports with the same primary VLAN.
2CSNXXX_SWUM204.book Page 812 Monday, January 25, 2016 1:25 PM To detach the VLAN from this protocol-based group identified by this groupid, use the no form of this command. Syntax protocol group group-id vlan-id no protocol group group-id vlan-id • group-id — The protocol-based VLAN group ID, which is automatically generated when you create a protocol-based VLAN group with the vlan protocol group command.
2CSNXXX_SWUM204.book Page 813 Monday, January 25, 2016 1:25 PM interface(s) are not added to the group. Ensure that the referenced VLAN is created prior to the creation of the protocol-based group except when GVRP is expected to create the VLAN. To remove the interface from this protocol-based VLAN group that is identified by this groupid, use the no form of this command. If you select all, all ports are removed from this protocol group.
2CSNXXX_SWUM204.book Page 814 Monday, January 25, 2016 1:25 PM interface to a group causes any conflicts with protocols currently associated with the group, this command fails and the interface(s) are not added to the group. Ensure that the referenced VLAN is created prior to the creation of the protocol-based group except when GVRP is expected to create the VLAN.
2CSNXXX_SWUM204.book Page 815 Monday, January 25, 2016 1:25 PM Syntax show dot1q-tunnel [ interface interface-id ] Default Configuration If no interfaces are specified, information is shown for all interfaces. Command Mode Privileged Exec mode and all show modes User Guidelines Up to three additional TPIDs can be configured. The 802.1Q tag is predefined in the system and cannot be removed. It is not possible to configure an inner TPID value other than 0x8100.
2CSNXXX_SWUM204.book Page 816 Monday, January 25, 2016 1:25 PM Syntax show interfaces switchport {{gigabitethernet unit/slot/port | port-channel port-channel-number | tengigabitethernet unit/slot/port| fortygigabitethernet unit/slot/port}} Default Configuration If no interface parameter is given, all interfaces are shown.
2CSNXXX_SWUM204.book Page 817 Monday, January 25, 2016 1:25 PM Private VLAN Operational Bindings: Default Priority: 0 Protected: Disabled Forbidden VLANS: VLAN Name -----------73 Out show port protocol Use the show port protocol command in Privileged Exec mode to display the Protocol-Based VLAN information for either the entire system or for the indicated group.
2CSNXXX_SWUM204.book Page 818 Monday, January 25, 2016 1:25 PM test 1 IP 1 gi1/0/1 show switchport ethertype Use the show switchport ethertype to display the configured Ethertype for each interface. Syntax show switchport ethertype [ interface interface-id | all ] • interface-id—A physical interface or port channel. • all—All interfaces. Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 819 Monday, January 25, 2016 1:25 PM console(config)#show switchport ethertype interface gi1/0/1 Interface EtherType Secondary TPIDs --------- --------- --------------Gi1/0/1 802.1 console(config-vlan10)#show switchport ethertype interface all console(config)#show switchport ethertype interface gi1/0/1 Interface --------Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 EtherType Secondary TPIDs --------- --------------802.1 802.1 VMAN 802.1 802.1 802.
2CSNXXX_SWUM204.book Page 820 Monday, January 25, 2016 1:25 PM • Name—The VLAN name • Ports—The port membership for the VLAN • Type—The type of VLAN (default, static, dynamic) Example This shows all VLANs and RSPAN VLANs. console#show vlan VLAN ----1 Name --------------default Ports ------------Po1-128, Gi1/0/1-48 10 Type -------------Default Static RSPAN Vlan -----------------------------------------------------------------10 This example shows information for a specific VLAN ID.
2CSNXXX_SWUM204.book Page 821 Monday, January 25, 2016 1:25 PM show vlan association mac Use the show vlan association mac command in Privileged Exec mode to display the VLAN associated with a specific configured MAC address. If no MAC address is specified, the VLAN associations of all the configured MAC addresses are displayed. Syntax show vlan association mac [mac-address] • mac-address — Specifies the MAC address to be entered in the list.
2CSNXXX_SWUM204.book Page 822 Monday, January 25, 2016 1:25 PM Syntax show vlan association subnet [ip-address ip-mask] • ip-address — Specifies IP address to be shown • ip-mask — Specifies IP mask to be shown Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 823 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default setting. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines Do not configure private VLANs on ports configured with any of these features: • Link Aggregation Control Protocol (LACP) • Multicast VLAN Registration (MVR) • Voice VLAN It is recommended that the private VLAN host ports be configured as spanning-tree portfast.
2CSNXXX_SWUM204.book Page 824 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default values. Command Mode Interface Configuration (Ethernet and port channel) mode User Guidelines This command configures the interface access mode VLAN membership. The no form of the command sets the access mode VLAN membership to VLAN 1. It is possible to configure the access mode VLAN identifier when the port is in general or trunk mode.
2CSNXXX_SWUM204.book Page 825 Monday, January 25, 2016 1:25 PM Syntax switchport dot1q ethertype { vman | custom 1-65535 } no switchport dot1q ethertype { vman | custom 1-65535 } • vman—Define the Ethertype as 0x88A8. • custom—Define the Ethertype as a 16 bit user defined value (in decimal). Default Configuration 802.1Q is the default Ethertype for both inner and outer VLAN TPIDs. The 802.1Q TPID cannot be removed from the configuration. By default QinQ processing of frames is disabled.
2CSNXXX_SWUM204.book Page 826 Monday, January 25, 2016 1:25 PM NOTE: This feature is not available on the N3000 when loaded with the AGGREGATION ROUTER enabled firmware (e.g., N3000_BGPvA.B.C.D.stk). Example This example defines the VMAN (0x88A8) TPID for use on a service provider (SP) port and configures a service provider port (Te1/0/1) in general mode after creating the common SP/CE VLAN. The port is configured in general mode and to only allow tagged packets on ingress using the outer VLAN ID 10.
2CSNXXX_SWUM204.book Page 827 Monday, January 25, 2016 1:25 PM Syntax switchport dot1q ethertype { 802.1Q | vman | custom 0-65535 } [primarytpid] no switchport dot1q ethertype { 802.1Q |vman | custom 0-65535 } [primary-tpid] • 802.1Q—Allow ingress frames with Ethertype 0x8100. • vman—Define the Ethertype as 0x88A8. • custom—Define the Ethertype as a 16 bit user defined value (in decimal). • primary-tpid—Set the outer VLAN tag TPID to be inserted in frames transmitted on an SP port.
2CSNXXX_SWUM204.book Page 828 Monday, January 25, 2016 1:25 PM The no form of the command with the optional primary TPID specified sets the primary TPID value to 802.1Q (0x8100). If the TPID value was not configured as a primary TPID and the no form the command includes the optional primary-tpid argument, the command will fail. If the TPID value was configured as the primary TPID, and the no form of the command does not include the optional primary-tpid argument, the command will fail.
2CSNXXX_SWUM204.book Page 829 Monday, January 25, 2016 1:25 PM Syntax switchport general forbidden vlan {add vlan-list | remove vlan-list} • add vlan-list — List of valid VLAN IDs to add to the forbidden list. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of IDs. • remove vlan-list — List of valid VLAN IDs to remove from the forbidden list. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of IDs.
2CSNXXX_SWUM204.book Page 830 Monday, January 25, 2016 1:25 PM Syntax switchport general acceptable-frame-type tagged-only no switchport general acceptable-frame-type tagged-only Default Configuration All frame types are accepted at ingress. Command Mode Interface Configuration (Ethernet and port channel) mode User Guidelines It is possible to configure the general mode acceptable frame types of a port while the port is in access or trunk mode.
2CSNXXX_SWUM204.book Page 831 Monday, January 25, 2016 1:25 PM • tagged — Sets the port to transmit tagged packets for the VLANs. If the port is added to a VLAN without specifying tagged or untagged, the default is untagged. • untagged — Sets the port to transmit untagged packets for the VLANs. Default Configuration Untagged.
2CSNXXX_SWUM204.book Page 832 Monday, January 25, 2016 1:25 PM Default Configuration Ingress filtering is enabled. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines Ingress filtering, when enabled, discards received frames that are not tagged with a VLAN for which the port is a member. If ingress filtering is disabled, tagged frames from all VLANs are processed by the switch.
2CSNXXX_SWUM204.book Page 833 Monday, January 25, 2016 1:25 PM Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines Setting a new PVID does NOT remove the previously configured PVID VLAN from the port membership. Example The following example shows how to configure the PVID for 1/0/8, when the interface is in general mode.
2CSNXXX_SWUM204.book Page 834 Monday, January 25, 2016 1:25 PM • general—Full 802.1Q support VLAN interface. A general mode port is a combination of both trunk and access ports capabilities. It is possible to fully configure all VLAN features on a general mode port. Both tagged and untagged packets may be accepted and transmitted. Default Configuration The default switchport mode is access.
2CSNXXX_SWUM204.book Page 835 Monday, January 25, 2016 1:25 PM User Guidelines This command configures a customer edge (CE) port for QinQ tunneling. The dot1q-tunnel mode is an overlay on switchport access mode. In particular, configuring the access mode PVID sets the outer dot1q-tunnel VLAN ID. Changing the switchport mode to access, general, or trunk, effectively disables tunneling on the interface. Customer edge ports can be physical ports or port channels.
2CSNXXX_SWUM204.book Page 836 Monday, January 25, 2016 1:25 PM addition, packets forwarded internally across a stacking link may have different tags applied than packets forwarded on a local egress port. This is due to the processing required for forwarding across a stack. Example This example configures ports Gi1/0/10 through Gi1/0/24 as CE ports using VLAN 10 as the service provider VLAN ID. See the example for the switchport dot1q ethertype command to configure an associated SP port.
2CSNXXX_SWUM204.book Page 837 Monday, January 25, 2016 1:25 PM Command Mode Interface Configuration (physical or port-channel) User Guidelines Do not configure private VLANs on ports configured with any of these features: • Link Aggregation Control Protocol (LACP) • Multicast VLAN Registration (MVR) • Voice VLAN It is recommended that the private VLAN host ports be configured as spanning-tree portfast.
2CSNXXX_SWUM204.book Page 838 Monday, January 25, 2016 1:25 PM • secondary-vlan-list—A list of secondary VLANs to be mapped to a primary VLAN. Default Configuration This command has no default association or mapping configuration. Command Mode Interface Configuration (physical or port-channel) User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 839 Monday, January 25, 2016 1:25 PM • – except lists the VLANs that should be calculated by inverting the defined list of VLANs. (VLANs are added except the ones specified.) – vlan-atom is either a single VLAN number from 1 to 4093 or a continuous range of VLANs described by two VLAN numbers, the lesser one first, separated by a hyphen. valid–id—A valid VLAN id in the range 1–4093.
2CSNXXX_SWUM204.book Page 840 Monday, January 25, 2016 1:25 PM console(config-if-Gi1/0/1)#switchport trunk allowed vlan except 1,2,3,5,7,11,13 switchport trunk encapsulation dot1q Use this command for compatibility. This command performs no action. Syntax switchport trunk encapsulation dot1q Default Configuration Dell Networking switches use dot1q encapsulation on trunk ports by default.
2CSNXXX_SWUM204.book Page 841 Monday, January 25, 2016 1:25 PM • vlan–range—A list of valid VLAN IDs. List separate, non-consecutive VLAN IDs separated by commas (without spaces). Use a hyphen to designate a range of IDs. (Range: 1–4093) Default Configuration This command has no default configuration. Command Mode Global Configuration (Config) User Guidelines Deleting the VLAN assigned as the PVID on an access port will cause VLAN 1 to be assigned as the PVID for the access port.
2CSNXXX_SWUM204.book Page 842 Monday, January 25, 2016 1:25 PM Default Configuration No assigned MAC address. Command Mode VLAN Configuration mode User Guidelines This command has no user guidelines. Example The following example associates MAC address with VLAN ID 1. console(config)# vlan 1 console(config-vlan-1)#vlan association mac 0001.0001.0001 vlan association subnet Use the vlan association subnet command in VLAN Configuration mode to associate a VLAN to a specific IP-subnet.
2CSNXXX_SWUM204.book Page 843 Monday, January 25, 2016 1:25 PM Example The following example associates the 192.168.0.xxx IP address with VLAN ID 1. console(config)# vlan 1 console(config-vlan-1)#vlan association subnet 192.168.0.0 255.255.255.0 vlan makestatic This command changes a dynamically created VLAN (one that is created by GVRP registration) to a static VLAN (one that is permanently configured and defined). The ID is a valid VLAN identification number. VLAN range is 24093.
2CSNXXX_SWUM204.book Page 844 Monday, January 25, 2016 1:25 PM vlan protocol group Use the vlan protocol group command in Global Configuration mode to add protocol-based groups to the system. When a protocol group is created, it is assigned a unique group ID number. The group ID is used to identify the group in subsequent commands. Use the no form of the command to remove the specified VLAN protocol group name from the system.
2CSNXXX_SWUM204.book Page 845 Monday, January 25, 2016 1:25 PM To remove the protocol from the protocol-based VLAN group identified by groupid, use the no form of this command. Syntax vlan protocol group add protocol group-id ethertype value no vlan protocol group add protocol group-id ethertype value • group-id — The protocol-based VLAN group ID, which is automatically generated when you create a protocol-based VLAN group with the vlan protocol group command.
2CSNXXX_SWUM204.book Page 846 Monday, January 25, 2016 1:25 PM • groupid—The protocol-based VLAN group ID, which is automatically generated when you create a protocol-based VLAN group with the vlan protocol group command. To see the group ID associated with the name of a protocol group, use the show port protocol all command • groupName—The group name you want to add. The group name can be up to 16 characters length. It can be any valid alpha numeric characters.
2CSNXXX_SWUM204.book Page 847 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example The following example displays the removal of the protocol-based VLAN group identified as "2.
2CSNXXX_SWUM204.book Page 848 Monday, January 25, 2016 1:25 PM Voice VLAN Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches The Voice VLAN feature enables switch ports to carry voice traffic with an administrator-defined priority so as to enable prioritization of voice traffic over data traffic. Using Voice VLAN helps to ensure that the sound quality of an IP phone is protected from deterioration when the data traffic utilization on the port is high.
2CSNXXX_SWUM204.book Page 849 Monday, January 25, 2016 1:25 PM Commands in this Section This section explains the following commands: voice vlan voice vlan data priority voice vlan (Interface) show voice vlan voice vlan This command is used to enable the voice VLAN capability on the switch. Syntax voice vlan no voice vlan Command Mode Global Configuration User Guidelines Voice VLAN must be configured on General mode ports. It is not supported on access or trunk mode ports.
2CSNXXX_SWUM204.book Page 850 Monday, January 25, 2016 1:25 PM no voice vlan • auth { enable | disable}—Enables/disables authentication on the voice VLAN port. • data priority {trust | untrust}—Respect (ignore) the priority of received voice VLAN traffic (trusted mode). The interface may be configured to trust either DSCP or IEEE 802.1p priority tagged packets. • dot1p—Configure the Voice VLAN 802.1p priority for voice traffic. Data traffic will use the default or native VLAN on the port.
2CSNXXX_SWUM204.book Page 851 Monday, January 25, 2016 1:25 PM voice vlan data priority This command is to either trust or not trust (untrust) the data traffic arriving on the voice VLAN port. Syntax voice vlan data priority {trust | untrust} • trust —Trust the IEEE 802.1p user priority or DSCP values contained in packets arriving on the voice VLAN port. • untrust —Do not trust the IEEE 802.1p user priority or DSCP value contained in packets arriving on the voice VLAN port.
2CSNXXX_SWUM204.book Page 852 Monday, January 25, 2016 1:25 PM • When the interface parameter is specified, the following is displayed: When the interface parameter is specified: Voice VLAN Mode The admin mode of the voice VLAN on the interface. Voice VLAN ID The voice VLAN ID. Voice VLAN Priority The Dot1p priority for the voice VLAN on the port. Voice VLAN Untagged The tagging option for the voice VLAN traffic.
2CSNXXX_SWUM204.book Page 853 Monday, January 25, 2016 1:25 PM 4 Security Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Security commands enable network operators to administer security for administrator access to the switch management console or web interface as well as to configure restrictions of network access for network attached devices.
2CSNXXX_SWUM204.book Page 854 Monday, January 25, 2016 1:25 PM AAA Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Dell Networking switches support authentication of network users and switch administrators via a number of methods. Management access to the switch is via telnet, HTTP, SSH, or the serial console (SNMP access is discussed in the SNMP Commands section).
2CSNXXX_SWUM204.book Page 855 Monday, January 25, 2016 1:25 PM To authenticate a switch administrator , the authentication methods in the APL for the access line are attempted in order until an authentication attempt returns a success or failure return code. If a method times out, the next method in the list is attempted. The component requesting authentication is unaware of the ultimate authentication source.
2CSNXXX_SWUM204.book Page 856 Monday, January 25, 2016 1:25 PM Accounting notification is sent when the administrator exits exec mode. The duration of the exec session is logged in the accounting notice. Accounting notifications are sent at the end of each administrator executed command. In the case of commands like reload, and clear config, an exception is made and the stop accounting notice is sent at the beginning of the command.
2CSNXXX_SWUM204.book Page 857 Monday, January 25, 2016 1:25 PM Command Authorization Dell Networking switches support per command or enable authorization using a TACACS server. See the authorization command in this section for further information. Additionally, the RADIUS or TACACS server can be configured to assign an administrative profile to a switch administrator. The administrative profile identifies groups of commands which may be executed by the administrator.
2CSNXXX_SWUM204.book Page 858 Monday, January 25, 2016 1:25 PM The Internal Authentication Server feature provides support for the creation of users for IEEE 802.1x access only, i.e. without switch management access. This feature maintains a separate database of users allowed for 802.1x access. The authentication method internal is available in the list of methods supported by authentication to support user database lookup.
2CSNXXX_SWUM204.book Page 859 Monday, January 25, 2016 1:25 PM MAC Authentication Bypass (MAB) provides 802.1x unaware clients controlled access to the network using the devices’ MAC address as an identifier. This requires that the known and allowable MAC address and corresponding access rights be prepopulated in the authentication server. MAB only works when the port control mode of the port is MAC-based.
2CSNXXX_SWUM204.book Page 860 Monday, January 25, 2016 1:25 PM in the unauthorized state and the client is not granted access to the network. If an unauthenticated VLAN is configured for the port and the 802.1x client fails to authenticate for the configured number of attempts, the port is placed in the authorized state on the unauthenticated VLAN and the client is granted access to the network. The default number of authorization attempts is three.
2CSNXXX_SWUM204.book Page 861 Monday, January 25, 2016 1:25 PM Use the no form of the command to delete a list. A list may be identified by the default keyword or a user-specified listname. Use either the aaa accounting dot1x default none or no aaa accounting dot1x default command to disable dot1x accounting. Use the no aaa accounting exec or no aaa accounting commands to disable aaa accounting and optionally delete an accounting method list.
2CSNXXX_SWUM204.book Page 862 Monday, January 25, 2016 1:25 PM User Guidelines This list is identified by default or a user-specified list_name. Accounting records, when enabled for a line-mode, can be sent at both the beginning and at the end (start-stop) or only at the end (stop-only). If none is specified, accounting is disabled for the specified list. If tacacs is specified as the accounting method, accounting records are notified to a TACACS+ server.
2CSNXXX_SWUM204.book Page 863 Monday, January 25, 2016 1:25 PM For the same set of accounting type and list name, the administrator can change the record type, or the methods list, without having to first delete the previous configuration.
2CSNXXX_SWUM204.book Page 864 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration mode User Guidelines Only one authentication method may be specified in the command. For the RADIUS authentication method, if the RADIUS server cannot be contacted, the supplicant fails authentication. The none method always allows access. the ias method utilizes the internal authentication server. The internal authentication server only supports the EAP-MD5 method.
2CSNXXX_SWUM204.book Page 865 Monday, January 25, 2016 1:25 PM • method1 [method2...] — Specify at least one from the following table: Keyword Source or destination enable Uses the enable password for authentication. line Uses the line password for authentication. none Uses no authentication. radius Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS+ servers for authentication. Default Configuration The default enable list is enableList.
2CSNXXX_SWUM204.book Page 866 Monday, January 25, 2016 1:25 PM NOTE: Requests sent by the switch to a RADIUS server include the username "$enabx$", where x is the requested privilege level. For enable to be authenticated on Radius servers, add "$enabx$" users to them. The login user ID is also sent to TACACS+ servers for enable authentication. Example The following example sets authentication when accessing higher privilege levels.
2CSNXXX_SWUM204.book Page 867 Monday, January 25, 2016 1:25 PM Default Configuration The default login lists are defaultList and networkList. defaultList is used by the console and only contains the method none. networkList is used by telnet and SSH and only contains the method local. Command Mode Global Configuration mode User Guidelines The default and optional list names created with the aaa authentication login command are used with the login authentication command.
2CSNXXX_SWUM204.book Page 868 Monday, January 25, 2016 1:25 PM aaa authorization Use the aaa authorization command to enable authorization and optionally create an authorization method list. A list may be identified by a userspecified list-name or the keyword default. Use the no form of the command to disable authorization and optionally delete an authorization list.
2CSNXXX_SWUM204.book Page 869 Monday, January 25, 2016 1:25 PM Authorization is not enabled by default. Authorization supports Exec authorization and command authorization for RADIUS. Only TACACS is supported for command authorization. Setting a none or local method for authorization authorizes Exec access for all functions.
2CSNXXX_SWUM204.book Page 870 Monday, January 25, 2016 1:25 PM If no authorization server is available or configured, the function is denied unless the none method is configured in the list. If authorization is configured on the console, this can lead to situations where the console denies administrative access. Therefore, it is recommended that the console authorization only be enabled with due regard to the risks involved.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 872 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration mode User Guidelines The RADIUS server can place a port in a particular VLAN based on the result of the authentication. VLAN assignment must be configured on the external RADIUS server using the RADIUS TUNNEL-TYPE attribute and others. See RADIUS Commands and Security Commands for further information. Example The following example enables RADIUS-assigned VLANs.
2CSNXXX_SWUM204.book Page 873 Monday, January 25, 2016 1:25 PM Examples console#configure console(config)#aaa ias-user username client-1 console(Config-IAS-User)#exit console(config)#no aaa ias-user username client-1 aaa new-model The aaa new-model command in Global Configuration mode is a no-op command. It is present only for compatibility purposes. Dell Networking switches only support the new model command set. Syntax aaa new-model Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 874 Monday, January 25, 2016 1:25 PM Default Configuration By default, no dynamic RADIUS servers are configured. Command Mode Global Configuration User Guidelines Confguring a dynamic RADIUS server causes the system to begin listening on the default port 3799 for RADIUS CoA requests. The switch ensures that a unique Acct-Session-Id and the Calling-Station-Id is sent to the RADIUS server in all Access-Request packets.
2CSNXXX_SWUM204.book Page 875 Monday, January 25, 2016 1:25 PM authentication type is allowed for CoA and disconnect requests. In this example, the NAS-IP-Adddress is optionally configured at the fixed IPv4 address of 3.3.3.3. CoA client 5.5.5.5 uses the global server key while client 4.4.4.4 uses a client-specific server key.
2CSNXXX_SWUM204.book Page 876 Monday, January 25, 2016 1:25 PM Default Configuration The default value is Disabled. Command Mode Global Configuration mode User Guidelines The administrator must ensure that any methods configured by the Authentication Manager are enabled (e.g. enable IEEE 802.1x using the dot1x system-auth-control command). Enable MAB using the dot1x macauth-bypass command.
2CSNXXX_SWUM204.book Page 877 Monday, January 25, 2016 1:25 PM User Guidelines Each method can only be entered once. Ordering is only possible between 802.1x and MAB. Captive portal can be configured either as a stand-alone method or as the last method in the order. Example console(config-if-Gi1/0/1)# authentication order dot1x mab captive-portal console(config-if-Gi1/0/1)# no authentication order authentication priority Use this command to set the priority for the authentication methods used on a port.
2CSNXXX_SWUM204.book Page 878 Monday, January 25, 2016 1:25 PM Example console(config-if-Gi1/0/1)# authentication priority mab dot1x captive-portal console(config-if-Gi1/0/1)# no authentication priority authentication restart Use this command to set the interval after which reauthentication starts. This timer starts only if all the authentication methods fail. Use the no form of this command to set the authentication restart timer to factory default value.
2CSNXXX_SWUM204.book Page 879 Monday, January 25, 2016 1:25 PM Syntax clear aaa ias-users Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines There are no user guidelines for this command. Example console#clear aaa ias-users clear authentication statistics Use this command to clear the authentication statistics.
2CSNXXX_SWUM204.book Page 880 Monday, January 25, 2016 1:25 PM clear authentication authentication-history Use this command to clear the authentication history logs. Syntax clear authentication authentication-history {interface-id | all} • interface-id—The interface. • all—All interfaces. Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 881 Monday, January 25, 2016 1:25 PM • encrypted — Encrypted password entered, copied from another switch configuration. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The Dell Networking firmware emulates industry standard behavior for enable mode authentication over SSH and telnet.
2CSNXXX_SWUM204.book Page 882 Monday, January 25, 2016 1:25 PM Keyword Source or destination local Uses the local username database for authentication. none Uses no authentication. radius Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS+ servers for authentication. Default Configuration The local user database is checked. This action has the same effect as the command ip http authentication local.
2CSNXXX_SWUM204.book Page 883 Monday, January 25, 2016 1:25 PM Keyword Source or destination local Uses the local username database for authentication. none Uses no authentication. radius Uses the list of all RADIUS servers for authentication. tacacs Uses the list of all TACACS+ servers for authentication. Default Configuration The local user database is checked. This action has the same effect as the command ip https authentication local.
2CSNXXX_SWUM204.book Page 884 Monday, January 25, 2016 1:25 PM Syntax password password [encrypted] no password • password — Password for this level. (Range: 8- 64 characters) • encrypted — Encrypted password to be entered, copied from another switch configuration. Default Configuration This command has no default configuration. Command Mode aaa IAS User Configuration User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 885 Monday, January 25, 2016 1:25 PM characters allowed in the password include ! # $ % & ‘ ( ) * + , - . / : ; < = > @ [ \ ] ^ _ ` { | } ~. User names can contain blanks if the name is surrounded by double quotes. NOTE: For commands that configure password properties, see Password Management Commands. Syntax password Default Configuration There is no default configuration for this command. Command Mode User Exec mode User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 886 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Privileged Exec, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show aaa ias-users UserName ------------------Client-1 Client-2 show aaa statistics Use the show aaa statistics command to display accounting statistics.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 888 Monday, January 25, 2016 1:25 PM show authentication Use this command to list the authentication methods configured on the interface and display if the Tiered Authentication feature is enabled. Syntax show authentication [interface {interface-id | all}] • interface-id—The physical interface. • all—All interfaces. Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 889 Monday, January 25, 2016 1:25 PM show authenticaton authentication-history Use this command to display the authentication history on one or more interfaces. Syntax show authentication authentication-history {interface-id | all} • interface-id—Any physical interface. Default Configuration There is no default configuration for this command. Command Modes Privileged Exec mode User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 890 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the authentication configuration.
2CSNXXX_SWUM204.book Page 891 Monday, January 25, 2016 1:25 PM Default Configuration There is no default configuration for this command. Command Modes Privileged Exec mode User Guidelines This command has no user guidelines. Example config# show authentication statistics gi1/0/1 Port........................................... 802.1x attempts................................ 802.1x failed attempts......................... Mab attempts................................... Mab failed attempts.................
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 893 Monday, January 25, 2016 1:25 PM Parameter Description UserName Local user account’s user name. Privilege User’s access level (read only-1 or read/write-15). Password Aging Indicates whether password aging is enabled and the password aging period. Password Expiry Date Current password expiration date in date format. Lockout Displays the user’s lockout status (True or False). Example The following example displays information about the local user database.
2CSNXXX_SWUM204.book Page 894 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example shows user login history outputs.
2CSNXXX_SWUM204.book Page 895 Monday, January 25, 2016 1:25 PM • password—The authentication password for the user. Range: 8-64 characters. This value can be 0 [zero] if the no passwords min-length command has been executed. The special characters allowed in the password include ! # $ % & ‘ ( ) * + , - . / : ; < = > @ [ \ ] ^ _ ` { | } ~. Question marks are disallowed. • level—The user’s privilege level. Level 0 can be assigned by a level 15 user to another user to suspend that user’s access.
2CSNXXX_SWUM204.book Page 896 Monday, January 25, 2016 1:25 PM Message Type Reason behind the failure Message Description 1 Exceeds Minimum Length of a Password. Password should be in the range of 8-64 characters in length. Set minimum password length to 0 by using the passwords min-length 0 command.
2CSNXXX_SWUM204.book Page 897 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 898 Monday, January 25, 2016 1:25 PM Administrative Profiles Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches The administrative profiles capability provides the network administrator control over which commands a user is allowed to execute. The administrator is able to group commands into a “profile” and assign a profile to a user upon authentication. This provides more granularity than simply allowing readonly and read-write users.
2CSNXXX_SWUM204.book Page 899 Monday, January 25, 2016 1:25 PM passes enable authentication, the user is permitted access to all commands. This is also true if none of the Administrative Profiles provided are configured on the switch. RADIUS and TACACS+ The network administrator may configure a custom attribute to be provided by the server during authentication. The RADIUS and TACACS+ applications process this custom attribute and provide this data to the User Manager for configuring the user profile.
2CSNXXX_SWUM204.book Page 900 Monday, January 25, 2016 1:25 PM Default Configuration The administrative profiles are defined by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console(config)#admin-profile qos console(admin-profile)# description (Administrative Profile Configuration) Use the description command in Administrative Profile Configuration mode to add a description to an administrative profile.
2CSNXXX_SWUM204.book Page 901 Monday, January 25, 2016 1:25 PM Example console(admin-profile)#description “This profile allows access to QoS commands.” rule Use the rule command to add a rule to an administrative profile. Use the no form of this command to delete a rule. Syntax rule number {deny|permit} {command command-string|mode modename} no rule number • number—The sequence number of the rule. Rules are applied from the highest • command-string—Specifies which commands to permit or deny.
2CSNXXX_SWUM204.book Page 902 Monday, January 25, 2016 1:25 PM show admin-profiles Use the show admin-profiles command in Privileged Exec mode to show the administrative profiles. If the optional profile name parameter is used, only that profile will be shown. Syntax show admin-profiles [name profile-name] • profile-name—The name of the administrative profile to display. Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 903 Monday, January 25, 2016 1:25 PM 3 permit mode class-map show admin-profiles brief Use the show admin-profiles brief command in Privileged Exec mode to list the names of the administrative profiles defined on the switch. Syntax show admin-profiles brief Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 904 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines These are the generic mode names to be used in the rule command above. These are not the same as the prompt which is displayed in a particular mode.
2CSNXXX_SWUM204.book Page 905 Monday, January 25, 2016 1:25 PM E-mail Alerting Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches E-mail Alerting is an extension of the logging system. The Dell Networking logging system allows the user to configure a variety of destinations for log messages. This feature adds e-mail configuration capabilities, by which the log messages are sent to a configured SMTP server such that an operator may receive the log in an e-mail account of their choice.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 907 Monday, January 25, 2016 1:25 PM Default Configuration E-mail alerting is disabled by default. When e-mail alerting is enabled, log messages at or above severity Warning are e-mailed. Command Mode Global Configuration mode User Guidelines The logging email command with no arguments enables e-mail alerting. Specify a severity to set the severity level of log messages that are e-mailed in a non-urgent manner.
2CSNXXX_SWUM204.book Page 908 Monday, January 25, 2016 1:25 PM • – error (3) – warning (4) – notice (5) – info (6) – debug (7) none—If you specify this keyword, no log messages are e-mailed urgently. All log messages at or above the non-urgent level (configured with the logging email command) are e-mailed in batch. Default Configuration The default severity level is alert.
2CSNXXX_SWUM204.book Page 909 Monday, January 25, 2016 1:25 PM – emergency (0) – alert (1) – critical (2) – error (3) – warning (4) – notice (5) – info (6) – debug (7) Default Configuration The default severity level is info(6). Command Mode Global Configuration mode User Guidelines You can filter log messages that appear in the buffered log by severity level. You can specify the severity level of log messages that are e-mailed.
2CSNXXX_SWUM204.book Page 910 Monday, January 25, 2016 1:25 PM no logging email to-addr to-addr message-type no logging email message-type {urgent | non-urgent | both} to-addr to- email-addr Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The to-email-addr is the address to which the email is sent. Urgent | non-urgent | both—The priority with which the email is queued. Urgent email is sent immediately.
2CSNXXX_SWUM204.book Page 911 Monday, January 25, 2016 1:25 PM User Guidelines The from-addr in this command is the email address of the email sender. Many mail servers will validate the from address of an email to ensure that abuse of the email server does not occur. logging email message-type subject Use the logging email message-type subject command in Global Configuration mode to configures subject of the e-mail.
2CSNXXX_SWUM204.book Page 912 Monday, January 25, 2016 1:25 PM Default Configuration The default value is 30 minutes. Command Mode Global Configuration User Guidelines This command has no user guidelines. logging email test message-type Use the logging email test message-type command in Global Configuration mode to test whether or not an e-mail is being sent to an SMTP server.
2CSNXXX_SWUM204.book Page 913 Monday, January 25, 2016 1:25 PM show logging email statistics Use the show logging email statistics command in Privileged Exec mode to show the statistics about the e-mails. The command displays information on how many e-mails are sent, how many e-mails failed, when the last e-mail was sent, how long it has been since the last e-mail was sent, how long it has been since the e-mail changed to disabled mode.
2CSNXXX_SWUM204.book Page 914 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. security Use the security command in Mail Server Configuration mode to set the email alerting security protocol. This enables and disables the switch to use TLS authentication with the SMTP Server. If the administrator sets the TLS mode and, if the SMTP sever does not support TLS mode, then no e-mail goes to the SMTP server.
2CSNXXX_SWUM204.book Page 915 Monday, January 25, 2016 1:25 PM • hostname—The DNS name of an SMTP server. Default Configuration The default configuration for a mail server is shown in the table below. Field Default Email Alert Mail Server Port 25 Email Alert Security Protocol none Email Alert Username admin Email Alert Password admin Command Mode Global Configuration User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 916 Monday, January 25, 2016 1:25 PM User Guidelines Port 25 is the standard SMTP port for cleartext messages. Port 465 is the standard port for messages sent using TLSv1. Messages are always sent in plain text mode. username (Mail Server Configuration Mode) Use the username command in Mail Server Configuration mode to configure the username required by the authentication. Use the no form of the command to revert the username to the default value.
2CSNXXX_SWUM204.book Page 917 Monday, January 25, 2016 1:25 PM Default Configuration The default value for password is admin. Command Mode Mail Server Configuration User Guidelines This command has no user guidelines. show mail-server Use the show mail-server command in Privileged Exec mode to display the configuration of all the mail servers or a particular mail server. Syntax show mail-server {ip-address | hostname | all} Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 918 Monday, January 25, 2016 1:25 PM SMTP server authentication details: Username: admin console#show mail-server 10.131.1.11 SMTP server SMTP server SMTP server SMTP server Username: 10.131.1.
2CSNXXX_SWUM204.book Page 919 Monday, January 25, 2016 1:25 PM RADIUS Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Authentication of users in a large network can be significantly simplified by making use of a single database of accessible information supplied by an Authentication Server. These servers commonly use the Remote Authentication Dial In User Service (RADIUS) protocol as defined by RFC 2865.
2CSNXXX_SWUM204.book Page 920 Monday, January 25, 2016 1:25 PM This gives flexibility for clients to move around the network with out requiring the operator to perform additional provisioning for each network interface. RADIUS Change of Authorization Dell Networking supports the Change of Authorization Disconnect -Request per RFC 3575. The Dell Networking switch listens for the DisconnectRequest on UDP port 3799.
2CSNXXX_SWUM204.book Page 921 Monday, January 25, 2016 1:25 PM The administrator can configure whether all or any of the session attributes are used to identify a client session. If all is configured, all session identification attributes included in the CoA Disconnect-Request must match a session or the device returns a Disconnect-NAK or CoA-NAK with the “Invalid Attribute Value” error-code attribute.
2CSNXXX_SWUM204.book Page 922 Monday, January 25, 2016 1:25 PM deadtime radius-server deadtime timeout key radius-server host usage msgauth radius-server key – name (RADIUS server) radius-server retransmit – acct-port Use the acct-port command to set the port on which the RADIUS accounting server listens for connections. Use the no form of this command to reset the port to the default.
2CSNXXX_SWUM204.book Page 923 Monday, January 25, 2016 1:25 PM attribute 6 Use the attribute 6 command to configure the switch to send the RADIUS Service-Type attribute in the Access-Request message sent to a specific RADIUS authentication server. Syntax attribute 6 on-for-login-auth no attribute 6 on-for-login-auth Default Configuration By default, the Service-Type is not included in the Access-Request message sent to the authentication server.
2CSNXXX_SWUM204.book Page 924 Monday, January 25, 2016 1:25 PM Syntax attribute 8 include-in-access-req no attribute 8 include-in-access-req Default Configuration By default, the Service-Type is not included in the Access-Request message sent to the authentication server. Command Mode RADIUS Server Configuration User Guidelines There are no user guidelines for this command. Command History Introduced in version 6.3.0.1 firmware. Example console#conf console(config)#radius-server host 4.3.2.
2CSNXXX_SWUM204.book Page 925 Monday, January 25, 2016 1:25 PM Command Mode RADIUS Server Configuration User Guidelines The switch sends the value supplied by the RADIUS server in the Class attribute. The Class attribute may be up to 16 octets in length Command History Introduced in version 6.3.0.1 firmware. Example console#conf console(config)#radius-server host 4.3.2.
2CSNXXX_SWUM204.book Page 926 Monday, January 25, 2016 1:25 PM • upper-case—Format hexadecimal characters using the character set [0-9AF]. Default Configuration There is no default configuration. Command Mode RADIUS Server Configuration User Guidelines Use this command to override the formats of MAC addresses sent in authentication requests for ports configured for MAC based 802.1x authentication for a specific interface. This command is only valid for 802.1X authentication.
2CSNXXX_SWUM204.book Page 927 Monday, January 25, 2016 1:25 PM authentication event fail retry Use the authentication event fail retry command to select the number of times authentication is reattempted by the user for an IEEE 802.1X supplicant. Use the no form of the command to return the number of maximum attempts to the default value.
2CSNXXX_SWUM204.book Page 928 Monday, January 25, 2016 1:25 PM requests to the RADIUS server before the authenticator allows IEEE 802.1x to stop supplicant authentication and to invoke the quiet period for the supplicant. This command sets the limit for retring failed authentications for RADIUS. The switch attempts authentication based on the selected method and if authentication returns an error (as opposed to a failure), the next authentication method is attempted regardless of this setting.
2CSNXXX_SWUM204.book Page 929 Monday, January 25, 2016 1:25 PM Default Configuration The default value of the port number is 1812. Command Mode RADIUS Server Configuration mode User Guidelines User must enter the mode corresponding to a specific RADIUS Server Configuration before executing this command. Example The following example sets the port number 2412 for authentication requests. console(config)#radius-server host 192.143.120.
2CSNXXX_SWUM204.book Page 930 Monday, January 25, 2016 1:25 PM User Guidelines If only one RADIUS server is configured, it is recommended to use a deadtime interval of 0. Example The following example specifies a deadtime interval of 60 minutes. console(config)#radius-server host 192.143.120.123 console(config-radius)#deadtime 60 key Use the key command to specify the encryption key which is shared with the RADIUS server. Use the no form of this command to remove the key.
2CSNXXX_SWUM204.book Page 931 Monday, January 25, 2016 1:25 PM In an Access-Request, encrypted passwords are sent using the RSA Message Digest algorithm (MD5). MD5 always transmits the encrypted password in 32 characters. If no encryption parameter (7 or encrypted) is present, the key string is interpreted as an unencrypted shared secret. Keys are always displayed in their encrypted form in the running configuration. The encryption algorithm is the same across switches.
2CSNXXX_SWUM204.book Page 932 Monday, January 25, 2016 1:25 PM User Guidelines There are no user guidelines for this command. Example console(Config-auth-radius)#msgauth name (RADIUS server) Use the name command to assign a name to a RADIUS server. Use the no form of the command to return the name to the default (unspecified). The no form of the command does not require the user to enter the configured name.
2CSNXXX_SWUM204.book Page 933 Monday, January 25, 2016 1:25 PM the request would be sent to the name1 servers. If for name1 list, the configured servers fail to respond, the request is sent to the second configured name list. Within the same server list, the first primary server would be tried. You can have multiple secondary servers in the same name list. From the multiple secondary servers, the one with the lowest priority value would be tried.
2CSNXXX_SWUM204.book Page 934 Monday, January 25, 2016 1:25 PM User Guidelines There are no user guidelines for this command. Example console(Config-auth-radius)#primary priority Use the priority command in RADIUS Server Configuration mode to specify the order in which the servers are to be used, with 0 being the highest priority. Syntax priority priority • priority — Sets server priority level. (Range 0-65535) Default Configuration The default priority is 0.
2CSNXXX_SWUM204.book Page 935 Monday, January 25, 2016 1:25 PM Syntax radius-server attribute 4 ip-address no radius-server attribute 4 • ip-address — Specifies the IPv4 address to be used as the RADIUS attribute 4, the NAS-IP-Address. Default Configuration If a RADIUS server has been configured on the switch, the default NAS-IPAddress sent to the RADIUS server is the address of the switch or the address of the interface over which the Access-Request is sent.
2CSNXXX_SWUM204.book Page 936 Monday, January 25, 2016 1:25 PM Syntax radius-server attribute 6 on-for-login-auth no radius-server attribute 6 on-for-login-auth Default Configuration By default, the switch does not send the service-type attribute to the authentication server. Command Mode Global Configuration User Guidelines This command globally configures the switch to send the RADIUS ServiceType attribute in the Access-Request message sent to all RADIUS authentication servers.
2CSNXXX_SWUM204.book Page 937 Monday, January 25, 2016 1:25 PM Default Configuration By default, the switch does not send the Framed-IP-Address attribute to the authentication server. Command Mode Global Configuration User Guidelines The switch sends the IP address of the host attempting to access the network in the Framed-IP-Address attribute. Command History Introduced in version 6.3.0.1 firmware.
2CSNXXX_SWUM204.book Page 938 Monday, January 25, 2016 1:25 PM User Guidelines The switch sends the value supplied by the RADIUS server in the Class attribute. The Class attribute may be up to 16 octets in length Command History Introduced in version 6.3.0.1 firmware.
2CSNXXX_SWUM204.book Page 939 Monday, January 25, 2016 1:25 PM Default Configuration By default, the switch sends the Calling-Station-Id MAC address in lower case legacy format and the User-Name (Attribute 1) is sent in legacy upper case format. Command Mode Global Configuration User Guidelines Use this command to override the format of MAC addresses sent in the Calling-Station-Id (attribute 31) and the User-Name (attribute 1) for authentication requests for ports configured for MAC based 802.
2CSNXXX_SWUM204.book Page 940 Monday, January 25, 2016 1:25 PM radius-server deadtime Use the radius-server deadtime command in Global Configuration mode to configure the minimum amount of time to wait before attempting to recontact an unresponsive RADIUS server. If a RADIUS server is currently active and responsive, that server will be used until it no longer responds. RADIUS servers whose deadtime interval has not expired are skipped when searching for a new RADIUS server to contact.
2CSNXXX_SWUM204.book Page 941 Monday, January 25, 2016 1:25 PM radius-server host Use the radius-server host command in Global Configuration mode to specify a RADIUS server host and enter RADIUS Server Configuration mode. To delete the specified RADIUS host, use the no form of this command. Syntax radius-server host [acct | auth] {ip–address | hostname} no radius-server host [acct | auth] {ip–address | hostname} • acct | auth—The type of server (accounting or authentication).
2CSNXXX_SWUM204.book Page 942 Monday, January 25, 2016 1:25 PM radius-server key Use the radius-server key command in Global Configuration mode to set the authentication and encryption key for all RADIUS communications between the switch and the RADIUS server. Use the no form of the command to disable the key. Syntax radius-server key [ 0 | 7 ]key-string no radius-server key • 0—The key string that follows is the unencrypted shared secret. The length is 1–256 characters.
2CSNXXX_SWUM204.book Page 943 Monday, January 25, 2016 1:25 PM Command History Updated in version 6.3.0.1 firmware. Example The following two examples globally configure the RADIUS server key for all configured servers. The two examples are identical in effect.
2CSNXXX_SWUM204.book Page 944 Monday, January 25, 2016 1:25 PM radius-server source-ip Use the radius-server source-ip command in Global Configuration mode to specify the source IPv4 address used in the IP header for communication with RADIUS servers. To return to the default, use the no form of this command. 0.0.0.0 is interpreted as a request to use the IPv4 address of the outgoing IP interface.
2CSNXXX_SWUM204.book Page 945 Monday, January 25, 2016 1:25 PM Syntax radius-server source-interface {loopback loopback-id | vlan vlan-id} no radius-server source-interface • loopback-id — A loopback interface identifier. • vlan-id—A VLAN identifier. Default Configuration By default, the switch uses the assigned switch IP address as the source IP address for RADIUS packets.
2CSNXXX_SWUM204.book Page 946 Monday, January 25, 2016 1:25 PM Syntax radius-server timeout timeout no radius-server timeout • timeout — Specifies the timeout value in seconds. (Range: 1–30) Default Configuration The default value is 15 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the interval for which a switch waits for a server to reply to 5 seconds.
2CSNXXX_SWUM204.book Page 947 Monday, January 25, 2016 1:25 PM User Guidelines User must enter the mode corresponding to a specific RADIUS server before executing this command. Example The following example of the retransmit command specifies five retries. console(config)#radius-server host 192.143.120.
2CSNXXX_SWUM204.book Page 948 Monday, January 25, 2016 1:25 PM User Guidelines The following fields are displayed: Field Description Configured Authentication Servers The number of RADIUS Authentication servers that have been configured. Configured Accounting Servers The number of RADIUS Accounting servers that have been configured. Named Authentication Server Groups The number of configured named RADIUS server groups.
2CSNXXX_SWUM204.book Page 949 Monday, January 25, 2016 1:25 PM IP address Type Port TimeOut Retran. DeadTime Source IP Prio.Usage ---------------- ----- ----- ------- ------- -------- ---------- ----- -----6.6.6.6 5.5.5.5 4.4.4.4 3.3.3.3 2.2.2.2 1.1.1.
2CSNXXX_SWUM204.book Page 950 Monday, January 25, 2016 1:25 PM Number Number Number Number Number of of of of of Coa Requests Ignored........................ 55 CoA Missing/Unsupported Attribute Requests..... CoA Session Context Not Found Requests......... CoA Invalid Attribute Value Requests... 11 Administratively Prohibited Requests.........3 18 5 show radius statistics Use the show radius statistics command to show the statistics for an authentication or accounting server.
2CSNXXX_SWUM204.book Page 951 Monday, January 25, 2016 1:25 PM Field Description RADIUS Name of the accounting server. Accounting Server Name Server Host Address IP address of the host. Round Trip Time The time interval, in hundredths of a second, between the most recent Accounting Response and the Accounting Request that matched it from this RADIUS accounting server. Requests The number of RADIUS Accounting Request packets sent to this server not including the retransmissions.
2CSNXXX_SWUM204.book Page 952 Monday, January 25, 2016 1:25 PM Field Description RADIUS Server Name Name of the authenticating server. Server Host Address IP address of the host. Access Requests The number of RADIUS Access Request packets sent to this server. This number does not include retransmissions. Access Retransmissions The number of RADIUS Access Request packets retransmitted to this RADIUS authentication server.
2CSNXXX_SWUM204.book Page 953 Monday, January 25, 2016 1:25 PM RADIUS Accounting Server Name................. Host Address.................................. Round Trip Time............................... Requests...................................... Retransmissions............................... Responses..................................... Malformed Responses........................... Bad Authenticators............................ Pending Requests.............................. Timeouts.................
2CSNXXX_SWUM204.book Page 954 Monday, January 25, 2016 1:25 PM Command Mode RADIUS Server Configuration mode User Guidelines The administrator must enter the mode corresponding to a specific RADIUS server before executing this command. Example The following example specifies 10.240.1.23 as the source IP address. console(config)#radius-server host 192.143.120.123 console(config-radius)#source-ip 10.240.1.
2CSNXXX_SWUM204.book Page 955 Monday, January 25, 2016 1:25 PM console(config)#radius-server host 192.143.120.123 console(config-radius)#timeout 20 usage Use the usage command in RADIUS mode to specify the usage type of the server. Syntax usage type • type — Variable can be one of the following values: login, x or all. Default Configuration The default variable setting is all.
2CSNXXX_SWUM204.book Page 956 Monday, January 25, 2016 1:25 PM TACACS+ Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches TACACS+ provides access control for networked devices via one or more centralized servers, similar to RADIUS this protocol simplifies authentication by making use of a single database that can be shared by many clients on a large network.
2CSNXXX_SWUM204.book Page 957 Monday, January 25, 2016 1:25 PM – timeout key Use the key command in TACACS Configuration mode to specify the authentication and encryption key for all TACACS communications between the device and the TACACS server. This key must match the key used on the TACACS daemon. Syntax key [ 0 | 7 | encrypted ] key-string] no key • 0—The key string that follows is the unencrypted shared secret. The length is 1–256 characters.
2CSNXXX_SWUM204.book Page 958 Monday, January 25, 2016 1:25 PM If no encryption parameter is present, the key string is interpreted as an unencrypted shared secret. Keys are always displayed in their encrypted form in the running configuration. In an Access-Request, encrypted passwords are sent using the RSA Message Digest algorithm (MD5). MD5 always transmits the encrypted password in 32 characters. The encryption algorithm is the same across switches.
2CSNXXX_SWUM204.book Page 959 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example The following example displays how to specify TACACS server port number 1200. console(tacacs)#port 1200 priority Use the priority command in TACACS Configuration mode to specify the order in which servers are used, where 0 (zero) is the highest priority. Syntax priority [priority] • priority — Specifies the priority for servers. 0 (zero) is the highest priority. (Range: 0–65535).
2CSNXXX_SWUM204.book Page 960 Monday, January 25, 2016 1:25 PM Syntax show tacacs [ip-address] • ip-address — The name or IP address of the host. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples The following example displays TACACS+ server settings. console#show tacacs Global Timeout: 5 Server Address --------------10.254.24.
2CSNXXX_SWUM204.book Page 961 Monday, January 25, 2016 1:25 PM • hostname — The hostname of the TACACS+ server. (Range: 1-255 characters). Default Configuration No TACACS+ host is specified. Command Mode Global Configuration mode User Guidelines To specify multiple hosts, multiple tacacs-server host commands can be used. TACACS servers are keyed by the host name, therefore it is advisable to use unique host names. Example The following example specifies a TACACS+ host.
2CSNXXX_SWUM204.book Page 962 Monday, January 25, 2016 1:25 PM • key-string — Specifies the key string in encrypted or unencrypted form. It may be up to 256 characters in length in unencrypted format and 32 characters in length in encrypted format. (Range 1-256 characters) Default Configuration The default is an empty string. Command Mode Global Configuration mode User Guidelines The tacacs-server key command accepts any printable characters for the key except a question mark.
2CSNXXX_SWUM204.book Page 963 Monday, January 25, 2016 1:25 PM tacacs-server source-interface Use the tacacs-server source-interface command to select the interface from which to use the IP address in the source IP address field of transmitted TACACS packets. Use the no form of the command to revert to the default IP address. Syntax tacacs-server source-interface { loopback loopback-id | vlan vlan-id } no tacacs-server source-interface • loopback-id — Identifies the loopback interface.
2CSNXXX_SWUM204.book Page 964 Monday, January 25, 2016 1:25 PM tacacs-server timeout Use the tacacs-server timeout command in Global Configuration mode to set the interval during which a switch waits for a server host to reply. To restore the default, use the no form of this command. Syntax tacacs-server timeout [timeout] no tacacs-server timeout • timeout — The timeout value in seconds. (Range: 1–30) Default Configuration The default value is 5 seconds.
2CSNXXX_SWUM204.book Page 965 Monday, January 25, 2016 1:25 PM Default Configuration If left unspecified, the timeout defaults to the global value. Command Mode TACACS Configuration mode User Guidelines This command has no user guidelines. Example This example shows how to specify the timeout value.
2CSNXXX_SWUM204.book Page 966 Monday, January 25, 2016 1:25 PM 802.1x Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Local Area Networks (LANs) are often deployed in environments that permit the attachment of unauthorized devices. The networks also permit unauthorized users to attempt to access the LAN through existing equipment. In such environments, the administrator may desire to restrict access to the services offered by the LAN.
2CSNXXX_SWUM204.book Page 967 Monday, January 25, 2016 1:25 PM There are three important aspects to this feature after activation: 1 To allow successful authentications using the returned information from authentication server. 2 To provide a mechanism to report unsuccessful authentications without negative repercussions to the user due to operator errors or failure cases from the Authentication server or supplicants.
2CSNXXX_SWUM204.book Page 968 Monday, January 25, 2016 1:25 PM dot1x re-authenticate client clear dot1x authentication–history dot1x reauthentication ignore dot1x guest-vlan dot1x system-auth-control port dot1x unauth-vlan – – show dot1x advanced 802.
2CSNXXX_SWUM204.book Page 969 Monday, January 25, 2016 1:25 PM dot1x eapolflood This command enables the flooding of received IEEE 802.1x frames in the VLAN. Syntax dot1x eapolflood Default Configuration By default, the switch does not forward received IEEE 802.1x frames, even if 802.1x is not enabled on the switch. This is the default behavior required by IEEE 802.1x-2010. Command Mode Global Configuration mode User Guidelines Local processing of IEEE 802.
2CSNXXX_SWUM204.book Page 970 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines There are no user guidelines for this command. dot1x mac-auth-bypass Use the dot1x mac-auth-bypass command to enable MAB on an interface. Use the no form of this command to disable MAB on an interface. Syntax dot1x mac-auth-bypass no dot1x mac-auth-bypass Default Configuration MAC Authentication Bypass is disabled by default.
2CSNXXX_SWUM204.book Page 971 Monday, January 25, 2016 1:25 PM dot1x max-req Use the dot1x max-req command in Interface Configuration mode to set the maximum number of times that the switch sends an Extensible Authentication Protocol (EAP)-request frame (assuming that no response is received) to the client before restarting the authentication process. To return to the default setting, use the no form of this command.
2CSNXXX_SWUM204.book Page 972 Monday, January 25, 2016 1:25 PM dot1x max-users Use the dot1x max-users command in Interface Configuration mode to set the maximum number of clients supported on the port when MAC-based 802.1x authentication is enabled on the port. Use the no version of the command to reset the maximum number of clients supported on the port when MAC-based 802.1x authentication is enabled on the port.
2CSNXXX_SWUM204.book Page 973 Monday, January 25, 2016 1:25 PM Syntax dot1x port-control {force-authorized | force-unauthorized | auto | macbased} no dot1x port-control • auto — Enables 802.1x authentication on the interface and causes the port to transition to the authorized or unauthorized state based on the 802.1x authentication exchange between the switch and the client. VLAN assignment is allowed on the port if it is not configured in trunk mode. This is the default port-control mode.
2CSNXXX_SWUM204.book Page 974 Monday, January 25, 2016 1:25 PM When configuring a port to use MAC-based authentication, the port must be in switchport general mode. Example The following command enables MAC-based authentication on port 1/0/2 console(config)# interface gigabitethernet 1/0/2 console(config-if-Gi1/0/2)# dot1x port-control mac-based dot1x re-authenticate Use the dot1x re-authenticate command in Privileged Exec mode to manually initiate a re-authentication of all 802.
2CSNXXX_SWUM204.book Page 975 Monday, January 25, 2016 1:25 PM dot1x reauthentication Use the dot1x reauthentication command in Interface Configuration mode to enable periodic re-authentication of the client. To return to the default setting, use the no form of this command. Syntax dot1x reauthentication no dot1x reauthentication Default Configuration Periodic reauthentication is disabled. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 976 Monday, January 25, 2016 1:25 PM Default Configuration The default for this command is disabled. Command Mode Global Configuration mode User Guidelines Devices connected to interfaces on which IEEE 802.1X authentication is enabled will be required to authenticate before accessing network resources. This command enables local processing of IEEE 802.1x frames on the switch. Dot1x eapolflood mode must be disabled for local processing to occur. If 802.
2CSNXXX_SWUM204.book Page 977 Monday, January 25, 2016 1:25 PM User Guidelines Monitor mode always allows access to network resources, even if authentication fails. Example The following example enables 802.1x globally. Devices connected to interfaces on which IEEE 802.1X authentication is enabled will be required to authenticate before accessing network resources.
2CSNXXX_SWUM204.book Page 978 Monday, January 25, 2016 1:25 PM Change the default value of this command only to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients and authentication servers. To provide a faster response time to the user, enter a smaller number than the default. Example The following example sets the number of seconds that the switch remains in the quiet state following a failed authentication exchange to 3600.
2CSNXXX_SWUM204.book Page 979 Monday, January 25, 2016 1:25 PM Example The following example sets the number of seconds between re-authentication attempts to 300. console(config)# interface gigabitethernet 1/0/16 console(config-if-Gi1/0/16)# dot1x timeout re-authperiod 300 dot1x timeout server-timeout Use the dot1x timeout server-timeout command in Interface Configuration mode to set the time that the switch waits for a response from the authentication server.
2CSNXXX_SWUM204.book Page 980 Monday, January 25, 2016 1:25 PM dot1x timeout supp-timeout Use the dot1x timeout supp-timeout command to set the time that the switch waits for a response before retransmitting an Extensible Authentication Protocol (EAP-Request/Identity) frame to the client. To return to the default setting, use the no form of this command.
2CSNXXX_SWUM204.book Page 981 Monday, January 25, 2016 1:25 PM dot1x timeout tx-period Use the dot1x timeout tx-period command in Interface Configuration mode to set the number of seconds that the switch waits for a response to an Extensible Authentication Protocol EAP-Request/Identity frame from the client before resending the request. To return to the default setting, use the no form of this command.
2CSNXXX_SWUM204.book Page 982 Monday, January 25, 2016 1:25 PM auth-type Use this command to set the accepted authorization types for dynamic RADIUS clients. Use the no form of the command to set the authorization type to the default. Syntax auth-type { all | any |session-key} no auth-type • all—Selects all COA client authentication types. All authentication attributes must match for the authentication to succeed. • any—Selects any COA client authentication type.
2CSNXXX_SWUM204.book Page 983 Monday, January 25, 2016 1:25 PM client Use this command to enter the CoA client parameters. Syntax client {ip-address | name } [ server-key [0 | 7] string ] no client {ip-address | name } • ip-address—The IPv4 address of a CoA client. The IPv4 address is entered in dotted-quad notation. • name—The fully qualified domain name (FQDN) of a CoA client. Maximum length of a host FQDN is 255 characters.
2CSNXXX_SWUM204.book Page 984 Monday, January 25, 2016 1:25 PM Example The following example configures RADIUS servers at 1.1.1.1, 2.2.2.2, and 3.3.3.3 and CoA clients at 3.3.3.3, 4.4.4.4, and 5.5.5.5. It sets the front panel ports to use 802.1x MAC-based authentication. CoA is configured for two RADIUS servers located at 1.1.1.1 and 2.2.2.2 using a global shared secret and a third server using a server specific shared secret. CoA and disconnect requests are accepted from these servers.
2CSNXXX_SWUM204.book Page 985 Monday, January 25, 2016 1:25 PM Syntax ignore {session-key | server-key} no ignore {session-key | server-key} • Session-key—Do not attempt to authenticate with the session key. • Server-key—Do not attempt to authenticate with the server key. Default Configuration The default is to authenticate using the parameters as specified by the configured auth-type.
2CSNXXX_SWUM204.book Page 986 Monday, January 25, 2016 1:25 PM Syntax port port–number no port • port-number—An integer in the range of 1025–65535 Default Configuration The default is port 3799. Command Modes Dynamic Radius Configuration User Guidelines Only one port may be defined and it is used to all RADIUS clients. Do not use a port number reserved for use by the switch.
2CSNXXX_SWUM204.book Page 987 Monday, January 25, 2016 1:25 PM • 7—An encrypted key is to be entered. • string—The shared secret string. The maximum length is 256 characters. Enclose in quotes to use special characters or embedded blanks. Default Configuration By default, no global server key is configured. Command Modes Dynamic Radius Configuration User Guidelines Only one global server key may be defined.
2CSNXXX_SWUM204.book Page 988 Monday, January 25, 2016 1:25 PM console(Config-radius)#exit console(config)# radius-server key “Keep it. Keep it.” console(config)# aaa server radius dynamic-author console(config-radius-da)# client 3.3.3.3 server-key 0 “That’s your secret.” console(config-radius-da)# client 1.1.1.1 console(config-radius-da)# client 2.2.2.2 console(config-radius-da)# server-key 0 “Keep it. Keep it.
2CSNXXX_SWUM204.book Page 989 Monday, January 25, 2016 1:25 PM Field Description Administrative Mode Indicates whether authentication control on the switch is enabled or disabled. VLAN Assignment Mode Indicates whether assignment of an authorized port to a RADIUS assigned VLAN is allowed (enabled) or not (disabled). Monitor Mode Indicates whether the Dot1x Monitor mode on the switch is enabled or disabled.
2CSNXXX_SWUM204.book Page 990 Monday, January 25, 2016 1:25 PM Syntax show dot1x authentication-history {interface-id | all} [failed-auth-only] [detail] • interface-id— Any valid interface. See Interface Naming Conventions for interface representation. • all—All interfaces. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines The following table explains the output parameters.
2CSNXXX_SWUM204.book Page 991 Monday, January 25, 2016 1:25 PM Reason...... ............................ Dot1x Authentication due to Guest VLAN Timer Expiry. ...... ......
2CSNXXX_SWUM204.book Page 992 Monday, January 25, 2016 1:25 PM User Guidelines The following fields are displayed by this command. Field Description Clients Indicates the number of Dot1x clients authenticated using Authenticated using Monitor mode. Monitor Mode Clients Indicates the number of Dot1x clients authenticated using Authenticated using 802.1x authentication process. Dot1x The following table describes the significant fields shown in the display. Field Description Interface The port number.
2CSNXXX_SWUM204.book Page 993 Monday, January 25, 2016 1:25 PM Logical Interface.............................. Interface...................................... User Name...................................... Supp MAC Address............................... Session Time................................... Filter Id...................................... VLAN Id........................................ VLAN Assigned.................................. Session Timeout................................
2CSNXXX_SWUM204.book Page 994 Monday, January 25, 2016 1:25 PM Administrative Mode............... Disabled Dynamic VLAN Creation Mode........ Disabled Monitor Mode...................... Disabled Port Admin Mode ------- -----------------Gi1/0/10 auto Oper Mode -----------N/A Reauth Control -------FALSE Quiet Period................................... Transmit Period................................ Maximum Requests............................... Max Users......................................
2CSNXXX_SWUM204.book Page 995 Monday, January 25, 2016 1:25 PM Field Description EAPOL Frames Received The number of valid EAPOL frames of any type that have been received by this Authenticator. EAPOL Frames Transmitted The number of EAPOL frames of any type that have been transmitted by this Authenticator. EAPOL Start Frames Received The number of EAPOL Start frames that have been received by this Authenticator.
2CSNXXX_SWUM204.book Page 996 Monday, January 25, 2016 1:25 PM EAPOL Frames Received.......................... EAPOL Frames Transmitted....................... EAPOL Start Frames Received.................... EAPOL Logoff Frames Received................... Last EAPOL Frame Version....................... Last EAPOL Frame Source........................ EAP Response/Id Frames Received................ EAP Response Frames Received................... EAP Request/Id Frames Transmitted..............
2CSNXXX_SWUM204.book Page 997 Monday, January 25, 2016 1:25 PM Port Username --------- --------Gi1/0/1 Bob The following table describes the significant fields shown in the display: Field Description Username The username representing the identity of the Supplicant. Port The port over which the user authenticated.
2CSNXXX_SWUM204.book Page 998 Monday, January 25, 2016 1:25 PM 802.1x Advanced Features dot1x guest-vlan Use the dot1x guest-vlan command in Interface Configuration mode to set the guest VLAN on a port. The VLAN must already have been defined. The no form of this command sets the guest VLAN id to zero, which disables the guest VLAN on a port. Syntax dot1x guest-vlan vlan-id no dot1x guest-vlan • vlan-id — The ID of a valid VLAN to use as the guest VLAN (Range: 04093).
2CSNXXX_SWUM204.book Page 999 Monday, January 25, 2016 1:25 PM dot1x timeout guest-vlan-period Use the dot1x timeout guest-vlan-period command in Interface Configuration mode to set the number of seconds that the switch waits before authorizing the client if the client is an 802.1X unaware client. Use the no form of the command to return the timeout to the default value.
2CSNXXX_SWUM204.book Page 1000 Monday, January 25, 2016 1:25 PM Syntax dot1x unauth-vlan vlan-id no dot1x unauth-vlan • vlan-id — The ID of a valid VLAN to use for unauthenticated clients (Range: 0-4093). Default Configuration The unauthenticated VLAN is disabled on the interface by default. Command Mode Interface Configuration (Ethernet) mode User Guidelines The switch attempts authentication three times before assigning a user to the unauthenticated VLAN.
2CSNXXX_SWUM204.book Page 1001 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays 802.1x advanced features for the switch.
2CSNXXX_SWUM204.book Page 1002 Monday, January 25, 2016 1:25 PM Captive Portal Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches The Captive Portal feature is a software implementation that blocks both wired and wireless clients from accessing the network until user verification has been established. Verification can be configured to allow access for both guest and authenticated users.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1004 Monday, January 25, 2016 1:25 PM Syntax authentication timeout timeout no authentication timeout • timeout —The authentication timeout (Range: 60–600 seconds). Default Configuration The default authentication timeout is 300 seconds. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.book Page 1005 Monday, January 25, 2016 1:25 PM Example console(config)#captive-portal console(config-CP)# enable Use the enable command to globally enable captive portal. Use the “no” form of this command to globally disable captive portal. Syntax enable no enable Default Configuration Captive Portal is disabled by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.book Page 1006 Monday, January 25, 2016 1:25 PM Default Configuration Captive portal only monitors port 80 by default. Command Mode Captive Portal Configuration mode User Guidelines The port number should not be set to a value that might conflict with other wellknown protocol port numbers used on this switch.
2CSNXXX_SWUM204.book Page 1007 Monday, January 25, 2016 1:25 PM Example console(config-CP)#https port 1443 console(config-CP)#no https port show captive-portal Use the show captive-portal command to display the status of the captive portal feature. Syntax show captive-portal Default Configuration There is no default configuration for this command Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.book Page 1008 Monday, January 25, 2016 1:25 PM Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show captive-portal status Additional HTTP Port........................... Additional HTTP Secure Port.................... Authentication Timeout......................... Supported Captive Portals..........
2CSNXXX_SWUM204.book Page 1009 Monday, January 25, 2016 1:25 PM Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command. Example console(config-CP 2)#block configuration Use the configuration command to enter the captive portal instance mode. The captive portal configuration identified by CP ID 1 is the default CP configuration. The system supports a total of ten CP configurations. Use the “no” form of this command to delete a configuration.
2CSNXXX_SWUM204.book Page 1010 Monday, January 25, 2016 1:25 PM enable Use the enable command to enable a captive portal configuration. Use the no form of this command to disable a configuration. Syntax enable no enable Default Configuration Configurations are enabled by default Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.book Page 1011 Monday, January 25, 2016 1:25 PM Default Configuration The default group number is 1. Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command. Example console(config-CP 2)#group 2 interface Use the interface command to associate an interface with a captive portal configuration. Use the no form of this command to remove an association.
2CSNXXX_SWUM204.book Page 1012 Monday, January 25, 2016 1:25 PM locale The locale command is not intended to be a user command. The administrator must use the Web UI to create and customize captive portal web content. This command is primarily used by the show running-config command and process as it provides the ability to save and restore configurations using a text based format.
2CSNXXX_SWUM204.book Page 1013 Monday, January 25, 2016 1:25 PM Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command. Example console(config-CP 2)#name cp2 protocol Use the protocol command to configure the protocol mode for a captive portal configuration. Syntax protocol {http | https} Default Configuration The default protocols mode is https. Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.book Page 1014 Monday, January 25, 2016 1:25 PM no redirect Default Configuration Redirect mode is disabled by default. Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command. Example console(config-CP 2)#redirect redirect-url Use the redirect-url command to configure the redirect URL for a captive portal configuration. Syntax redirect-url url • url —The URL for redirection (Range: 1–512 characters).
2CSNXXX_SWUM204.book Page 1015 Monday, January 25, 2016 1:25 PM session-timeout Use the session-timeout command to configure the session timeout for a captive portal configuration. Use the no form of this command to reset the session timeout to the default. Syntax session-timeout timeout no session-timeout • timeout —Session timeout. 0 indicates timeout not enforced (Range: 0–86400 seconds). Default Configuration There is no session timeout by default. Command Mode Captive Portal Instance mode.
2CSNXXX_SWUM204.book Page 1016 Monday, January 25, 2016 1:25 PM • radius—Authenticates users against a remote RADIUS database. Default Configuration The default verification mode is guest. Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.book Page 1017 Monday, January 25, 2016 1:25 PM Example console#captive-portal client deauthenticate 0002.BC00.1290 show captive-portal client status Use the show captive-portal client status command to display client connection details or a connection summary for connected captive portal users. Syntax show captive-portal client [macaddr] status • macaddr — Client MAC address. Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 1018 Monday, January 25, 2016 1:25 PM User Name................................. user123 Session Time.............................. 0d:00:00:13 show captive-portal configuration client status Use the show captive-portal configuration client status command to display the clients authenticated to all captive portal configurations or a to specific configuration. Syntax show captive-portal configuration [ cp-id ] client status • cp-id —Captive Portal ID.
2CSNXXX_SWUM204.book Page 1019 Monday, January 25, 2016 1:25 PM show captive-portal interface client status Use the show captive-portal interface client status command to display information about clients authenticated on all interfaces or a specific interface. Syntax show captive-portal interface {gigabitethernet unit/slot/port| tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port} client status Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 1020 Monday, January 25, 2016 1:25 PM Captive Portal Interface Commands show captive-portal interface configuration status Use the show captive-portal interface configuration status command to display the interface to configuration assignments for all captive portal configurations or for a specific configuration. Syntax show captive-portal interface configuration [cp-id] status • cp-id —Captive Portal ID. Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 1021 Monday, January 25, 2016 1:25 PM Captive Portal Local User Commands clear captive-portal users Use the clear captive-portal users command to delete all captive portal user entries. Syntax clear captive-portal users Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode. User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.book Page 1022 Monday, January 25, 2016 1:25 PM Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-CP)#no user 1 show captive-portal user Use the show captive-portal user command to display all configured users or a specific user in the captive portal local user database. Syntax show captive-portal user [user-id] • user-id — User ID (Range: 1–128).
2CSNXXX_SWUM204.book Page 1023 Monday, January 25, 2016 1:25 PM User Name...................................... user123 Password Configured............................ Yes Session Timeout................................ 0 Group ID Group Name -------- -------------------------------1 Default 2 group2 user group Use the user group command to associate a group with a captive portal user. Use the “no” form of this command to disassociate a group and user.
2CSNXXX_SWUM204.book Page 1024 Monday, January 25, 2016 1:25 PM user-logout Use the user-logout command in Captive Portal Instance mode to enable captive portal users to log out of the portal (versus having the session time out). Use the no form of the command to return the user logout configuration to the default. Syntax user-logout no user-logout Default Configuration User-logout is disabled by default.
2CSNXXX_SWUM204.book Page 1025 Monday, January 25, 2016 1:25 PM • name — user name (Range: 1–32 characters). Default Configuration There is no name for a user by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines. Example console(config-CP)#user 1 name johnsmith user password Use the user password command to create a local user or change the password for an existing user.
2CSNXXX_SWUM204.book Page 1026 Monday, January 25, 2016 1:25 PM Example console(Config-CP)#user 1 password Enter password (8 to 64 characters): ******** Re-enter password: ******** user session-timeout Use the user session-timeout command to set the session timeout value for a captive portal user. Use the no form of this command to reset the session timeout to the default. Syntax user user-id session-timeout timeout no user user-id session-timeout • user-id — User ID (Range: 1–128).
2CSNXXX_SWUM204.book Page 1027 Monday, January 25, 2016 1:25 PM Captive Portal Status Commands show captive-portal configuration Use the show captive-portal configuration command to display the operational status of each captive portal configuration. Syntax show captive-portal configuration cp-id • cp-id —Captive Portal ID. Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 1028 Monday, January 25, 2016 1:25 PM Syntax show captive-portal configuration cp-id interface [{gigabitethernet unit/slot/port| tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] • cp-id —Captive Portal ID. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.book Page 1029 Monday, January 25, 2016 1:25 PM Syntax show captive-portal configuration cp-id locales • cp-id —Captive Portal Configuration ID. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.book Page 1030 Monday, January 25, 2016 1:25 PM User Guidelines There are no user guidelines for this command. Example console#show captive-portal configuration status CP ID CP Name Mode Protocol Verification ----- --------------- -------- -------- -----------1 cp1 Enable https Guest 2 cp2 Enable http Local 3 cp3 Disable https Guest console#show captive-portal configuration 1 status CP ID.......................................... 1 CP Name........................................ cp1 Mode..
2CSNXXX_SWUM204.book Page 1031 Monday, January 25, 2016 1:25 PM Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-CP)#user group 2 console(config-CP)#no user group 2 user group moveusers Use the user group moveusers command to move a group's users to a different group. Syntax user group group-id moveusers new-group-id • group-id —Group ID (Range: 1–10). • new-group-id —Group ID (Range: 1–10).
2CSNXXX_SWUM204.book Page 1032 Monday, January 25, 2016 1:25 PM Syntax user group group-id name name • group-id —Group ID (Range: 1–10). • name — Group name (Range: 1–32 characters). Default Configuration User groups have no names by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.book Page 1033 Monday, January 25, 2016 1:25 PM Denial of Service Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches The Dell Networking DoS capability supports a package of filters intended to provide network administrators the ability to reduce network exposure to common attack vectors. The following list shows the DoS attack detection Dell Networking supports.
2CSNXXX_SWUM204.book Page 1034 Monday, January 25, 2016 1:25 PM • – TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and – TCP Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and – TCP Sequence Number = 0 or TCP Flags SYN and FIN set. TCP Offset: – • TCP SYN: – • TCP Flags FIN and URG and PSH set and TCP Sequence Number = 0. ICMP V6: – • TCP Flags SYN and FIN set. TCP FIN & URG & PSH: – • TCP Flag SYN set. TCP SYN & FIN: – • Checks for TCP header offset =1.
2CSNXXX_SWUM204.book Page 1035 Monday, January 25, 2016 1:25 PM dos-control firstfrag Use the dos-control firstfrag command in Global Configuration mode to enable Minimum TCP Header Size Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress having a TCP Header Size smaller than the configured value, the packets are dropped. Syntax dos-control firstfrag [size] no dos-control firstfrag • size —TCP header size.
2CSNXXX_SWUM204.book Page 1036 Monday, January 25, 2016 1:25 PM Syntax dos-control icmp [size ] no dos-control icmp • size — Maximum ICMP packet size. (Range: 0-16376). If size is unspecified, the value is 512. Default Configuration Denial of Service is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example activates the Maximum ICMP Packet Denial of Service protection with a maximum packet size of 1023.
2CSNXXX_SWUM204.book Page 1037 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example activates L4 Port Denial of Service protection. console(config)#dos-control l4port dos-control sipdip Use the dos-control sipdip command in Global Configuration mode to enable Source IP Address = Destination IP Address (SIP=DIP) Denial of Service protection.
2CSNXXX_SWUM204.book Page 1038 Monday, January 25, 2016 1:25 PM dos-control tcpflag Use the dos-control tcpflag command in Global Configuration mode to enable TCP Flag Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack.
2CSNXXX_SWUM204.book Page 1039 Monday, January 25, 2016 1:25 PM no dos-control tcpfrag Default Configuration Denial of Service is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example activates TCP Fragment Denial of Service protection. console(config)#dos-control tcpfrag rate-limit cpu Use the rate-limit cpu command to reduce the amount of unknown unicast/multicast packets forwarded to the CPU on CoS queues 0 and 1.
2CSNXXX_SWUM204.book Page 1040 Monday, January 25, 2016 1:25 PM Command Modes Global Configuration mode User Guidelines Unknown multicast and IPv4/IPv6 data packets destined to hosts in the connected networks on the router for which the MAC address is not resolved are trapped to CPU to trigger the ARP/neighbor discovery resolution of those hosts. When the ARP or neighbor table is filled, the switch cannot accommodate new entries.
2CSNXXX_SWUM204.book Page 1041 Monday, January 25, 2016 1:25 PM status bytes ------ ---------free 1055653888 alloc 672153600 CPU Utilization: PID Name 5 Secs 60 Secs 300 Secs ---------- ------------------- -------- -------- -------1129 osapiTimer 0.09% 0.02% 0.01% 1137 bcmCNTR.0 0.19% 0.28% 0.30% 1142 bcmRX 18.00% 12.04% 11.10% 1155 bcmLINK.0 0.39% 0.37% 0.36% 1156 cpuUtilMonitorTask 0.09% 0.04% 0.04% 1170 nim_t 0.09% 0.07% 0.07% 1222 snoopTask 0.09% 0.02% 0.02% 1243 ipMapForwardingTask 27.30% 24.19% 29.
2CSNXXX_SWUM204.book Page 1042 Monday, January 25, 2016 1:25 PM Example The following example displays Denial of Service configuration information. console#show dos-control SIPDIP Mode...............................Disable First Fragment Mode.......................Disable Min TCP Hdr Size..........................20 TCP Fragment Mode........................ Disable TCP Flag Mode.............................Disable L4 Port Mode..............................Disable ICMP Mode.................................
2CSNXXX_SWUM204.book Page 1043 Monday, January 25, 2016 1:25 PM storm-control broadcast Use the storm-control broadcast command to enable broadcast storm recovery mode for a specific interface. Use the no form of the command to disable storm control or to return the configuration to the default.
2CSNXXX_SWUM204.book Page 1044 Monday, January 25, 2016 1:25 PM Either the level or the rate threshold may be configured, but not both. Either the trap action or the shutdown action may be specified, but not both. The trap action issues a log message and a trap when the configured threshold is exceeded. Traffic exceeding the threshold is dropped. The shutdown action shuts down the interface, puts the interface into the Ddisable state, issues a log message (WARNING) and a trap.
2CSNXXX_SWUM204.book Page 1045 Monday, January 25, 2016 1:25 PM Default Configuration By default, multicast storm control is not enabled on any interfaces. If multicast storm-control is enabled, the rate of L2 multicast traffic received on an interface increases beyond the configured threshold, traffic will be dropped. The default threshold for multicast traffic is 5% of link bandwidth. The default behavior is to rate limit (drop) traffic exceeding the configured threshold. The default action is no action.
2CSNXXX_SWUM204.book Page 1046 Monday, January 25, 2016 1:25 PM Example The following example configures any port to shut down if the received multicast traffic rate exceeds 20% of link bandwidth: console(config)#interface range gi1/0/1-24 console(config-if)#storm-control multicast level 20 console(config-if)#storm-control multicast action shutdown console(config-if)#exit storm-control unicast Use the storm-control unicast command in Interface Configuration mode to enable storm control for an interface.
2CSNXXX_SWUM204.book Page 1047 Monday, January 25, 2016 1:25 PM User Guidelines A destination lookup failure (DLF) is when a L2 unicast packet is unable to resolve the destination MAC address to an egress interface (no MAC forwarding address entry exists). The standard behavior for L2 DLFs is to flood the packet on all ports in the VLAN other than the port on which the packet was received.
2CSNXXX_SWUM204.book Page 1048 Monday, January 25, 2016 1:25 PM Management ACL Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches In order to ensure the security of the switch management features, the administrator may elect to configure a management access control list. The Management Access Control and Administration List (ACAL) component is used to ensure that only known and trusted devices are allowed to remotely manage the switch via TCP/IP.
2CSNXXX_SWUM204.book Page 1049 Monday, January 25, 2016 1:25 PM management access-class show management access-class management access-list show management access-list deny (management) Use the deny command in Management Access-List Configuration mode to set conditions for disallowing packets to flow to the switch management function.
2CSNXXX_SWUM204.book Page 1050 Monday, January 25, 2016 1:25 PM • priority priority — Priority for the rule. (Range: 1–64) Default Configuration This command has no default configuration. Command Mode Management Access-list Configuration mode User Guidelines Rules with gigabitethernet, tengigabitethernet, fortygigabitethernet, vlan, and port-channel parameters are valid only if an IP address is defined on the appropriate interface. Ensure that each rule has a unique priority.
2CSNXXX_SWUM204.book Page 1051 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration mode User Guidelines The active management access-list processes IPv4 TCP/UDP packets only. Packets for certain management protocols are allowed to pass to the CPU without processing by the management ACL list.
2CSNXXX_SWUM204.book Page 1052 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration mode User Guidelines A management access list is only supported on the OOB interface. This command enters the access-list configuration mode, where access conditions may be defined with deny and permit commands. If no match criteria are defined the default is to deny the packet (i.e., the packet is dropped). If editing an access-list context, new rules are appended to the end of the access-list.
2CSNXXX_SWUM204.book Page 1053 Monday, January 25, 2016 1:25 PM permit (management) Use the permit command in Management Access-List configuration mode to set conditions for allowing packets to flow to the switch management function.
2CSNXXX_SWUM204.book Page 1054 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Management Access-list Configuration mode User Guidelines Rules with gigabitethernet, tengigabitethernet, fortygigabitethernet, vlan, and port-channel parameters are valid only if an IP address is defined on the appropriate interface. Ensure that each rule has a unique priority.
2CSNXXX_SWUM204.book Page 1055 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the management access-list information.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1057 Monday, January 25, 2016 1:25 PM Password Management Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches The Password Management component supports configuration of strength checks intended to ensure that network operators utilize passwords that are difficult to crack. In addition, the administrator can age passwords, ensure that operators do not reuse passwords, and lock out operator accounts when multiple attempts to enter incorrect passwords are detected.
2CSNXXX_SWUM204.book Page 1058 Monday, January 25, 2016 1:25 PM user is locked out form further remote switch access. Only an administrator with read/write access can reactivate that user. The user lockout feature is disabled by default. The user lockout feature applies to all users on all ports. The administrator can access the serial port even if he/she is locked out and reset the password or clear the config to regain control of the switch.
2CSNXXX_SWUM204.book Page 1059 Monday, January 25, 2016 1:25 PM • Maximum number of repetition of characters or numbers (such as 1111 or aaaa). Configuring minimum value of 0 for the above parameters means no restriction on that set of characters and configuring maximum of 0 means disabling the restriction (or no limit on the maximum number of course limited by minimum password length).
2CSNXXX_SWUM204.book Page 1060 Monday, January 25, 2016 1:25 PM passwords aging Use the passwords aging command in Global Configuration mode to implement aging on passwords for local users. When a user’s password expires, the user is prompted to change it before logging in again. Use the no form of this command to set the password aging to the default value. Syntax passwords aging 1-365 no passwords aging Default Configuration The default value is 0.
2CSNXXX_SWUM204.book Page 1061 Monday, January 25, 2016 1:25 PM no passwords history Default Configuration The default value is 0. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example sets the number of previous passwords remembered by the system at 10.
2CSNXXX_SWUM204.book Page 1062 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration mode. User Guidelines Password lockout only applies to users with authentication configured to local. RADIUS or TACACS authenticated users will use policies configured on the respective RADIUS/TACACS servers. Example The following example sets the number of user attempts before lockout at 2.
2CSNXXX_SWUM204.book Page 1063 Monday, January 25, 2016 1:25 PM Example The following example configures user bob with password xxxyymmmm and user level 15. (config)# username bob password xxxyyymmm level 15 passwords strength-check Use the passwords strength-check command in Global Configuration mode to enable the Password Strength feature. The command is used to enable the checking of password strength during user configuration. Use the no form of the command to disable the Password Strength feature.
2CSNXXX_SWUM204.book Page 1064 Monday, January 25, 2016 1:25 PM minimum strength check character classes if password strength checking is desired. Use the minimum character class check to require the user to enter a password that passes the minimum strength check for more than one minimum strength check character class. Minimum character class checking validates passwords that contain a character matching a configured character class.
2CSNXXX_SWUM204.book Page 1065 Monday, January 25, 2016 1:25 PM User Guidelines This limit is not enforced unless the passwords strength minimum uppercase-letters command is configured with a value greater than 0. In other words, with a configuration of 0, a password consisting entirely of upper case letters will pass the minimum strength check criteria.
2CSNXXX_SWUM204.book Page 1066 Monday, January 25, 2016 1:25 PM passwords strength minimum numericcharacters Use this command to enforce a minimum number of numeric numbers that a password should contain. The valid range is 0–16. The default is 1. A minimum of 0 means no restriction on that set of characters. Use the no form of this command to reset the minimum numeric characters to the default value.
2CSNXXX_SWUM204.book Page 1067 Monday, January 25, 2016 1:25 PM Syntax passwords strength minimum special–characters 0–16 no passwords strength minimum special–characters Default Configuration The default value is 1. Command Mode Global Configuration User Guidelines This limit is not enforced unless the passwords strength minimum specialcharacters command is configured with a value greater than 0.
2CSNXXX_SWUM204.book Page 1068 Monday, January 25, 2016 1:25 PM Default Configuration The default value is 0. Command Mode Global Configuration User Guidelines This command has no user guidelines. Example console(config)#passwords strength max-limit consecutive-characters 3 passwords strength max-limit repeatedcharacters Use this command to enforce a maximum repeated characters that a password should contain.
2CSNXXX_SWUM204.book Page 1069 Monday, January 25, 2016 1:25 PM Example console(config)# passwords strength max-limit repeated-characters 3 passwords strength minimum character-classes Use this command to enforce a minimum number of character classes that a password should contain. Character classes are uppercase letters, lowercase letters, numeric characters and special characters. The valid range is 0-4. The default is 0. If a value of 0 is configured then no character class checking is performed, i.e.
2CSNXXX_SWUM204.book Page 1070 Monday, January 25, 2016 1:25 PM A value greater than 0 specifies the minimum number of character class tests a password must pass. A value of 0 disables the minimum strength checking set by the above commands. Minimum character class checking validates passwords that contain a character matching a configured character class.
2CSNXXX_SWUM204.book Page 1071 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example console(config)#passwords strength exclude-keyword dell enable password encrypted This command is used by an Administrator to transfer the enable password between devices without having to know the password. The password parameter must be exactly 128 hexadecimal characters. Syntax enable password encrypted password Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1072 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines The following fields are displayed by this command. Parameter Description Minimum Password Length Minimum number of characters required when changing passwords. Password History Number of passwords to store for reuse prevention. Password Aging Length in days that a password is valid.
2CSNXXX_SWUM204.book Page 1073 Monday, January 25, 2016 1:25 PM Parameter Description Password Exclude-Keywords Minimum number of character classes (uppercase, lowercase, numeric and special) required when configuring passwords. Example The following example displays the command output. console#show passwords configuration Passwords Configuration ----------------------Minimum Password Length........................ Password History............................... Password Aging (days)...................
2CSNXXX_SWUM204.book Page 1074 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example The following example displays the command output. console#show passwords result Last User whose password is set ...................... dell Password strength check ........................... Enable Last Password Set Result: Reason for failure: Could not set user password! Password should contain at least 4 uppercase letters.
2CSNXXX_SWUM204.book Page 1075 Monday, January 25, 2016 1:25 PM SSH Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Management access to the switch is supported via telnet, SSH, or the serial console. The Dell Networking supports secure shell (SSH) and secure sockets layer (SSL) to help ensure the security of network transactions. Keys and certificates can be generated externally (that is, offline) and downloaded to the target or generated directly by the Dell Networking switch.
2CSNXXX_SWUM204.book Page 1076 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration mode User Guidelines DSA keys are generated in pairs: one public DSA key and one private DSA key. These keys are used the encrypt communication with the switch when using SSH. If your switch already has DSA keys when you issue this command, you are warned and prompted to replace the existing keys.
2CSNXXX_SWUM204.book Page 1077 Monday, January 25, 2016 1:25 PM User Guidelines RSA keys are generated in pairs: one public RSA key and one private RSA key. These keys are used to encrypt communication with the switch when using SSH.If your switch already has RSA keys when you issue this command, you are warned and prompted to replace the existing keys. The keys are not saved in the switch configuration; they are saved in the file system and the private key is never displayed to the user.
2CSNXXX_SWUM204.book Page 1078 Monday, January 25, 2016 1:25 PM Enclose the key string is quotes. The Key String is the contents of the public key in uu-encoded format. Example The following example configures a public key for administrator bob, enables the SSH server, and enables public key authentication over SSH..
2CSNXXX_SWUM204.book Page 1079 Monday, January 25, 2016 1:25 PM crypto key zeroize {rsa|dsa} Use the crypto key zeroize {rsa|dsa} command in Global Configuration mode to delete the RSA or DSA private keys from the switch. Syntax crypto key zeroize {rsa|dsa} Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 1080 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration mode User Guidelines The SSH TCP port should not be set to a value that might conflict with other well-known protocol port numbers used on this switch. The following nonexhaustive list of ports are reserved to the system and may not be able to be configured for another purpose: 23 (telnet), 80 (HTTP), 161,162 (SNMP), 514, (SYSLOG), 546,547 (DHCPv6), 2222 (SSH).
2CSNXXX_SWUM204.book Page 1081 Monday, January 25, 2016 1:25 PM User Guidelines Public key authentication allow administrators with an SSH client access to the switch without requiring a password. Use the crypto key pubkey-chain ssh user-key command to configure the administrators public key.AAA authentication is independent from this configuration. Example The following example enables public key authentication for incoming SSH sessions.
2CSNXXX_SWUM204.book Page 1082 Monday, January 25, 2016 1:25 PM console(config)#ip ssh server The following example configures the switch to allow administrative access without a password for users with correctly configured SSH clients. This example shows how to generate a public/private key pair on linux, configure linux SSH and configure the switch to authenticate SSH connections. Log in to your linux account and generate the RSA key pair. DSA keys are considered weak. ssh-keygen -t rsa In the ~/.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1084 Monday, January 25, 2016 1:25 PM User Guidelines The key string is the public key of the specified type (RSA or DSA) generated by the administrator. The administrator will need access to both the public and private key on the host to log in without authenticating via password. Enclose the key string in quotes. DSA is considered less secure than RSA. Use of RSA is suggested. Use the key-string row command to specify which SSH public key you will configure interactively next.
2CSNXXX_SWUM204.book Page 1085 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the SSH public keys on the switch.
2CSNXXX_SWUM204.book Page 1086 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays all SSH public keys stored on the switch.
2CSNXXX_SWUM204.book Page 1087 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example The following example displays the SSH server configuration. console#show ip ssh SSH server enabled. Port: 22 RSA key was generated. DSA key was generated. SSH Public Key Authentication is enabled. Active incoming sessions: IP Address User Name Idle Time ------------- -------------------- -------------10.240.1.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1093 Monday, January 25, 2016 1:25 PM 5 Audio Visual Bridging Commands Dell Networking N4000 Series Switches This section of the document contains the following audio visual bridging commands: Multiple MAC Registration Protocol Commands Multiple Stream Reservation Protocol Commands Multiple VLAN Registration Protocol Commands 802.
2CSNXXX_SWUM204.book Page 1094 Monday, January 25, 2016 1:25 PM Multiple MAC Registration Protocol Commands Dell Networking N4000 Series Switches This section covers commands related to Multiple MAC Registration Protocol (MMRP). MMRP is an implementation of IEEE 802.1ak. MMRP supports registration of MAC address/VLAN pairs in support of Audio-Visual Bridging.
2CSNXXX_SWUM204.book Page 1095 Monday, January 25, 2016 1:25 PM User Guidelines MMRP is not compatible the GMRP. Do NOT enable GMRP/GVRP on MMRP enabled switches. The clear counters command also clears all MMRP statistics for all interfaces in addition to clearing other counters. Command History Introduced in version 6.2.0.1 firmware. Example This example clears the MMRP counters on port channel 1 console#clear mmrp statistics po1 mmrp This command enables MMRP on a specific interface.
2CSNXXX_SWUM204.book Page 1096 Monday, January 25, 2016 1:25 PM Enabling MMRP on a port channel associated Ethernet interface has no effect as long as the interface is a member of the port channel. MMRP must also be enabled globally in order to become operational. This command is only available on the Dell Networking N4000 Series switches. Command History Introduced in version 6.2.0.1 firmware. Example This example enables MMRP on port channel 1.
2CSNXXX_SWUM204.book Page 1097 Monday, January 25, 2016 1:25 PM IGMP snooping can interfere with MMRP/MVRP. Disable IGMP snooping if using MMRP/MVRP. MMRP propagates VLAN registration information to allow switches in the network to dynamically learn and configure VLANs. Refer to IEEE Std. 802.1Q-2005 and IEEE Std. 802.1Qbe-2010 for further information. In particular, MMRP must also be enabled on the individual interfaces to become operational.
2CSNXXX_SWUM204.book Page 1098 Monday, January 25, 2016 1:25 PM User Guidelines The MMRP periodic state machine ages out unused MMRP entries. Use the show mmrp summary command to display the global MMRP administrative status. Command History Introduced in version 6.2.0.1 firmware. Example This example enables the MMRP periodic state machine. console(config)#mmrp periodic state machine show mmrp Use this command to display the MMRP configuration for an interface or globally.
2CSNXXX_SWUM204.book Page 1099 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.2.0.1 firmware. Example console#show mmrp summary MMRP Global Admin Mode......................... Disabled MMRP Periodic State Machine.................... Disabled console#show mmrp interface Gi1/0/12 MMRP Interface Admin Mode......................
2CSNXXX_SWUM204.book Page 1100 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.2.0.1 firmware. Example console#show mmrp statistics gi1/0/12 Port........................................... MMRP messages received......................... MMRP messages received with bad header......... MMRP messages received with bad format......... MMRP messages transmitted...................... MMRP messages failed to transmit...............
2CSNXXX_SWUM204.book Page 1101 Monday, January 25, 2016 1:25 PM Multiple VLAN Registration Protocol Commands Dell Networking N4000 Series Switches This section covers commands related to Multiple VLAN Registration Protocol (MVRP). MVRP is an implementation of IEEE 802.1ak in support of Audio-Video Bridging. Dell Networking MVRP supports registration (dynamic VLAN creation) and propagation of VLAN membership information.
2CSNXXX_SWUM204.book Page 1102 Monday, January 25, 2016 1:25 PM User Guidelines MVRP is not compatible with GVRP. Do not enable GMRP/GVRP on MVRP enabled switches. The clear counters command also clears all MVRP statistics for all interfaces in addition to clearing other counters. Command History Introduced in version 6.2.0.1 firmware. Example This example clears the MVRP counters on port channel 1 console#clear mmrp statistics po1 mvrp This command enables MVRP on a specific interface.
2CSNXXX_SWUM204.book Page 1103 Monday, January 25, 2016 1:25 PM Enabling MVRP on a port channel associated interface has no effect as long as the interface is a member of the port channel. MVRP is not compatible with private VLAN configured interfaces. Do not enable GVRP on private VLAN enabled interfaces. MVRP must also be enabled globally in order to become operational. Command History Introduced in version 6.2.0.1 firmware.
2CSNXXX_SWUM204.book Page 1104 Monday, January 25, 2016 1:25 PM MVRP propagates VLAN registration information to allow switches in the network to dynamically learn and configure VLANs. Refer to IEEE Std. 802.1Q-2005 and IEEE Std. 802.1Qbe-2010 for further information. In particular, MVRP must also be enabled on the individual interfaces to become operational. MVRP does not support configuration of default group filtering behavior.
2CSNXXX_SWUM204.book Page 1105 Monday, January 25, 2016 1:25 PM Default Configuration By default, the MVRP periodic state machine is disabled globally. Command Mode Global Configuration User Guidelines The periodic state machine ages out MVRP created dynamic VLANs. Use the show mvrp summary command to display the global MVRP administrative status. Command History Introduced in version 6.2.0.1 firmware. Example This example enables the MVRP periodic state machine.
2CSNXXX_SWUM204.book Page 1106 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec, Global Configuration, and all submodes User Guidelines MVRP is not compatible with GMRP. Do not enable GMRP/GVRP on MVRP enabled switches. Command History Introduced in version 6.2.0.1 firmware. Example The following shows example CLI display output for the command. console#show mvrp summary MVRP global state.............................. Disabled MVRP Periodic State Machine state..............
2CSNXXX_SWUM204.book Page 1107 Monday, January 25, 2016 1:25 PM User Guidelines MVRP is not compatible with GMRP/GVRP. Do not enable GVRP on MMRP enabled switches. Command History Introduced in version 6.2.0.1 firmware. Example The following shows example CLI display output for the command. console#show mvrp statistics summary MVRP MVRP MVRP MVRP MVRP MVRP messages received......................... messages received with bad header......... messages received with bad format.........
2CSNXXX_SWUM204.book Page 1108 Monday, January 25, 2016 1:25 PM Multiple Stream Reservation Protocol Commands Dell Networking N4000 Series Switches This section covers commands related to Multiple Stream Reservation Protocol (MSRP). MSRP supports registration of stream membership and resource reservation in support of Audio-Visual Bridging as defined by IEEE 802.1Qat and IEEE 802.1Qav. These commands are only available on the Dell Networking N4000 Series switches.
2CSNXXX_SWUM204.book Page 1109 Monday, January 25, 2016 1:25 PM Default Configuration This command has no defaults. Command Mode Privileged Exec User Guidelines The clear counters command also clears all MSRP statistics for all interfaces in addition to clearing other counters. Command History Introduced in version 6.2.0.1 firmware.
2CSNXXX_SWUM204.book Page 1110 Monday, January 25, 2016 1:25 PM MSRP must also be enabled globally in order to become operational. This command is only available on the N4000 Series switches. Command History Introduced in version 6.2.0.1 firmware. Example This example enables MSRP on interface Gi1/0/1 console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#msrp msrp boundary-propagate Use this command to configure the IEEE 802.1Qav boundary propagation.
2CSNXXX_SWUM204.book Page 1111 Monday, January 25, 2016 1:25 PM Example This example administratively enables MSRP talker propagation from outside the domain. console(config)#no msrp global console(config)#msrp boundary-propagate console(config)#msrp global console(config)#show msrp summary MSRP Global Admin Mode......................... MSRP Talker Pruning............................ MSRP Maximum Fan-in Ports...................... MSRP Boundary Propagation...................... QAV class A priority.......
2CSNXXX_SWUM204.book Page 1112 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.2.0.1 firmware. Example This example configure MSRP delta bandwidth for class A traffic on interface Gi1/0/3 to be 50% console(config)#interface gi1/0/3 console(config-if-Gi1/0/3)#msrp console(config-if-Gi1/0/3)#msrp delta-bw a 50 msrp global Use this command to globally enable MSRP. Use the no form of the command to globally disable MSRP.
2CSNXXX_SWUM204.book Page 1113 Monday, January 25, 2016 1:25 PM MSRP is internally mapped onto multicast queues 2 and 3. Generally, unicast traffic does not use these queues except for destination lookup failures which are broadcast to all ports in the VLAN. Delay limits are not calculated to accommodate such traffic. Likewise, static configuration can place traffic onto the multicast queues and interfere with AVB traffic. Delay limits cannot be guaranteed in such cases.
2CSNXXX_SWUM204.book Page 1114 Monday, January 25, 2016 1:25 PM User Guidelines This command configures the maximum number of ingress ports that are capable of transmitting into a single egress port (i.e., the maximum number of talker registrations on a switch). If the fan in is reduced below the number of active registrations, the switch attempts to remove the lowest priority registrations until the fan in limit is reached. Command History Introduced in version 6.2.0.1 firmware.
2CSNXXX_SWUM204.book Page 1115 Monday, January 25, 2016 1:25 PM Command Mode Interface Configuration, Interface range User Guidelines The VLAN must be configured on the interface is order to carry traffic. The interface must be configured to carry tagged traffic (i.e., trunk mode). MSRP must also be enabled globally in order to become operational. Command History Introduced in version 6.2.0.1 firmware.
2CSNXXX_SWUM204.book Page 1116 Monday, January 25, 2016 1:25 PM • Class A : pcp = 3, remap = 1 • Class B : pcp = 2, remap = 1 Command Mode Global Configuration User Guidelines The IEEE802.1 Qav standard supports time-sensitive traffic streams by pacing all switch traffic, including legacy asynchronous Ethernet traffic, through queuing and forwarding. Dell Networking switches support two stream reservation (SR) classes (A and B).
2CSNXXX_SWUM204.book Page 1117 Monday, January 25, 2016 1:25 PM This example maps class B traffic onto user priority 3. console(config)#msrp srclassqav class b pcp 3 console(config)#show msrp summary MSRP Global Admin Mode......................... MSRP Talker Pruning............................ MSRP Maximum Fan-in Ports...................... MSRP Boundary Propagation...................... QAV class A priority........................... QAV class A remap priority..................... QAV class B priority...
2CSNXXX_SWUM204.book Page 1118 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.2.0.1 firmware. Example This example administratively enables MSRP source pruning. console(config)#no msrp global console(config)#msrp talker-pruning console(config)#msrp global console(config)#show msrp summary MSRP Global Admin Mode......................... MSRP Talker Pruning............................ MSRP Maximum Fan-in Ports...................... MSRP Boundary Propagation......................
2CSNXXX_SWUM204.book Page 1119 Monday, January 25, 2016 1:25 PM User Guidelines The following fields are displayed for the summary command. Field Description MSRP Global Admin Mode If MSRP global admin mode is enabled or disabled. MSRP Talker Pruning If MSRP talker pruning is enabled or disabled. MSRP Maximum Fan-in Ports The configured MSRP maximum fan-in ports value. MSRP Boundary Propagation If MSRP boundary propagation is enabled or disabled.
2CSNXXX_SWUM204.book Page 1120 Monday, January 25, 2016 1:25 PM MSRP QAV class B The allocated and total bandwidth allocated to MSRP bandwidth (allocated/total) QAV class B. MSRP total bandwidth The allocated and total bandwidth allocated to MSRP. QAV class A priority The class A priority for traffic class mapping. QAV class A remap priority The class A remap priority for traffic class mapping. QAV class B priority The class B priority for traffic class mapping.
2CSNXXX_SWUM204.book Page 1121 Monday, January 25, 2016 1:25 PM QAV class B remap priority..................... 1 console#show msrp interface Gi1/0/12 MSRP Interface Admin Mode...................... SRclassPVID.................................... MSRP class A Boundary port status.............. MSRP class B Boundary port status.............. MSRP QAV class A delta bandwidth............... MSRP QAV class A delta bandwidth............... MSRP class A bandwidth (allocated/total).......
2CSNXXX_SWUM204.book Page 1122 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec mode, Global Configuration mode and all sub-modes. User Guidelines Use the clear msrp statistics command to clear the MMRP counters. The clear counters command also clears all MSRP statistics for all interfaces in addition to clearing other counters. Command History Introduced in version 6.2.0.1 firmware.
2CSNXXX_SWUM204.book Page 1123 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec mode, Global Configuration mode and all sub-modes. User Guidelines The following information is displayed for the summary command. Field Description MSRP messages received The number of MSRP messages that have been received. MSRP messages received with bad header The number of MSRP messages that have been received with a bad header.
2CSNXXX_SWUM204.book Page 1124 Monday, January 25, 2016 1:25 PM MSRP failed registrations The number of MSRP failed registrations. Command History Introduced in version 6.2.0.1 firmware. Example console# show msrp statistics summary MSRP MSRP MSRP MSRP MSRP MSRP messages received......................... messages received with bad header......... messages received with bad format......... messages transmitted...................... messages failed to transmit............... Message Queue Failures.......
2CSNXXX_SWUM204.book Page 1125 Monday, January 25, 2016 1:25 PM User Guidelines The following information is displayed for the detail command. Field Description Stream Talker ID The MSRP stream talker ID. Stream MAC Address The MSRP stream MAC address. Traff Class The MSRP traffic class. Stream TSpec The MSRP stream TSpec. Failure Code The MSRP failure code. Failure Intf The MSRP interface. Failure MAC Address The MSRP MAC address. Port The port interface.
2CSNXXX_SWUM204.book Page 1126 Monday, January 25, 2016 1:25 PM console#show msrp stream summary Stream ID ------41543 Stream MAC Address ----------------12:22:e1:65:a3:f8 Destination MAC Address ----------------01:00:00:80:42:01 Acc.
2CSNXXX_SWUM204.book Page 1127 Monday, January 25, 2016 1:25 PM 802.1AS Timesync Commands Dell Networking N4000 Series Switches This section covers commands related to IEEE 802.1AS timesync. The Dell Networking 802.1AS capability implements the 2008 PTP Version 2 of the IEEE 1588 protocol in support of Audio-Visual Bridging. Dell Networking 802.1AS implements the best master clock algorithm to select a precise time source and to measure propagation delay accurately.
2CSNXXX_SWUM204.book Page 1128 Monday, January 25, 2016 1:25 PM Default Configuration This command has no defaults. Command Mode Privileged Exec. User Guidelines The clear counters command also clears all IEEE 802.1AS statistics for all interfaces in addition to clearing other counters. Command History Introduced in version 6.2.0.1 firmware. Example This example clears the 802.
2CSNXXX_SWUM204.book Page 1129 Monday, January 25, 2016 1:25 PM User Guidelines IEEE 802.1AS propagates time information from master clocks and synchronizes internally with the clock in support of delivering streams to the destination device with the same relative timing as sampled at the source. All IEEE 802.1AS interfaces must reside on the same stack member. Propagation of timing information across a stack is not supported. IEEE 802.
2CSNXXX_SWUM204.book Page 1130 Monday, January 25, 2016 1:25 PM All IEEE 802.1AS interfaces must reside on the same stack member. Propagation of timing information across a stack is not supported. IEEE 802.1AS must also be enabled globally as well as on an interface to become operational. Command History Introduced in version 6.2.0.1 firmware.
2CSNXXX_SWUM204.book Page 1131 Monday, January 25, 2016 1:25 PM IEEE 802.1AS propagates time information from master clocks and synchronizes internally with the clock in support of delivering streams to the destination device with the same relative timing as sampled at the source. While disabled, IEEE 802.1AS configuration is retained and can be changed, but is not operationally active. Command History Introduced in version 6.2.0.1 firmware.
2CSNXXX_SWUM204.book Page 1132 Monday, January 25, 2016 1:25 PM Default Configuration By default, the announcement interval is 0. Command Mode Interface Configuration User Guidelines The initial log announcement interval is used to initialize the value of announce interval; it is the mean time interval between transmission of successive ANNOUNCE messages. The ANNOUNCE interval may be modified by the operation of the protocol (i.e.
2CSNXXX_SWUM204.book Page 1133 Monday, January 25, 2016 1:25 PM Propagation Delay.............................. Port Role...................................... PDELAY Threshold............................... PDELAY lost responses allowed.................. Neighbor Rate Ratio............................ Initial Sync Interval.......................... Current Sync Interval.......................... Initial Pdelay Interval........................ Current Pdelay Interval........................
2CSNXXX_SWUM204.book Page 1134 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.2.0.1 firmware. Example This example configures the switch with an initial log sync interval of 3. console(config-if-Gi1/0/1)#dot1as interval sync 3 console(config-if-Gi1/0/1)#show dot1as interface gi1/0/1 AS Interface Admin Mode................... Enabled AS Capable................................ No Is Measuring Delay............................. No Propagation Delay..............................
2CSNXXX_SWUM204.book Page 1135 Monday, January 25, 2016 1:25 PM Command Mode Interface Configuration User Guidelines This value is the logarithm to the base 2 of the desired mean time interval between successive Pdelay_req messages sent by the link peer. IEEE 802.1AS must also be enabled globally as well as on an interface to become operational. Command History Introduced in version 6.2.0.1 firmware. Example This example configures the switch with an initial log sync interval of 3.
2CSNXXX_SWUM204.book Page 1136 Monday, January 25, 2016 1:25 PM Syntax dot1as timeout announce expiries no dot1as timeout announce • expiries—The number of expriries with no received announce message on which the master is considered to be no longer transmitting. The range is 2–255. Default Configuration By default, the number of expiries is set to 3. Command Mode Interface Configuration User Guidelines IEEE 802.1AS must also be enabled globally as well as on an interface to become operational.
2CSNXXX_SWUM204.book Page 1137 Monday, January 25, 2016 1:25 PM Initial Announce Interval...................... Current Announce Interval...................... Sync Receipt Timeout........................... Announce Receipt Timeout....................... 0 0 3 5 dot1as timeout sync Use this command to configure the number of sync intervals expiries with no received announce message in which case the master is considered to be no longer transmitting.
2CSNXXX_SWUM204.book Page 1138 Monday, January 25, 2016 1:25 PM Is Measuring Delay............................. Propagation Delay.............................. Port Role...................................... PDELAY Threshold............................... PDELAY lost responses allowed.................. Neighbor Rate Ratio............................ Initial Sync Interval.......................... Current Sync Interval.......................... Initial Pdelay Interval........................
2CSNXXX_SWUM204.book Page 1139 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.2.0.1 firmware. Example This example configures interface Gi1/0/4 to delay retiring the interface for 10 ms. console(config-if-Gi1/0/4)#dot1as pdelay-threshold 10000 console(config-if-Gi1/0/4)#show dot1as interface gi1/0/4 AS Interface Admin Mode................... Enabled AS Capable................................ No Is Measuring Delay............................. No Propagation Delay..................
2CSNXXX_SWUM204.book Page 1140 Monday, January 25, 2016 1:25 PM Default Configuration By default, the number of expiries is set to three responses. If three Pdelay_Resp messages are received within that time, the port is considered to be no longer exachanging messages with the peer. Command Mode Interface Configuration User Guidelines IEEE 802.1AS must also be enabled globally as well as on an interface to become operational. Command History Introduced in version 6.2.0.1 firmware.
2CSNXXX_SWUM204.book Page 1141 Monday, January 25, 2016 1:25 PM show dot1as Use this command to show the IEEE 802.1AS configuration for an interface or globally. Syntax show dot1as[ summary | interface [ interface-id | summary ] ] • summary—Show the global IEEE 802.1AS configuration. • interface-id—Show the IEEE 802.1AS configuration for the specified interface. • interface summary—Show the per interface IEEE 802.1AS configuration for all interfaces.
2CSNXXX_SWUM204.book Page 1142 Monday, January 25, 2016 1:25 PM Grandmaster Change Count Specifies the number of GM change events occurred. Last Grandmaster Change Specifies the timestamp of the last GM change event. Timestamp The following information is displayed for the interface command. Field Description Intf Slot/port Mode IEEE 802.1AS interface admin mode (enabled/disabled) asCapable Indicates if the interface is asCapable. measuringPdelay Indicates if the interface is measuring PDELAY.
2CSNXXX_SWUM204.book Page 1143 Monday, January 25, 2016 1:25 PM Initial Sync Interval Specifies the configured mean time interval between successive SYNC messages, in logarithm to base 2 format Current Pdelay interval Specifies the current mean time interval between successive PDELAY_REQ messages sent over a link, in logarithm to base 2 format. Current Announce Interval Specifies the current mean time interval between successive ANNOUNCE messages in logarithm to base 2 format.
2CSNXXX_SWUM204.book Page 1144 Monday, January 25, 2016 1:25 PM Port Role...................................... PDELAY Threshold............................... PDELAY lost responses allowed.................. Neighbor Rate Ratio............................ Initial Sync Interval.......................... Initial Pdelay Interval........................ Initial Announce Interval...................... Current Sync Interval.......................... Current Pdelay Interval........................
2CSNXXX_SWUM204.book Page 1145 Monday, January 25, 2016 1:25 PM User Guidelines Use the clear dot1as statistics or the clear counters command to clear the counters. Command History Introduced in version 6.2.0.1 firmware. Example #show dot1as statistics gi1/0/3 Port........................................... Gi1/0/3 Sync messages transmitted...................... 0 Sync messages received......................... 0 Followup messages transmitted.................. 0 Followup messages received................
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1147 Monday, January 25, 2016 1:25 PM 6 Data Center Technology Commands Dell Networking N4000 Series Switches The data center commands allow network operators to deploy lossless Ethernet capabilities in support of a converged network with Fibre Channel and Ethernet data, as specified by the FC-BB-5 working group of ANSI T11. This capability allows operators to deploy networks at a lower cost while still maintaining the same SAN network management operations that exists today.
2CSNXXX_SWUM204.book Page 1148 Monday, January 25, 2016 1:25 PM Data Center Bridging Commands Dell Networking N4000 Series Switches NOTE: Enhanced Transmission Selection commands are only supported on N4000 series switches. CLI commands and Dell OpenManage Switch Administrator pages are not available for other switch models. Data Center Bridging Exchange Protocol The Data Center Bridging Exchange Protocol (DCBX) is used by DCB devices to exchange configuration information with directly connected peers.
2CSNXXX_SWUM204.book Page 1149 Monday, January 25, 2016 1:25 PM In a typical switch or router, each physical port supports one or more queues for transmitting packets on the attached network. Multiple queues per port are often provided to give preference to certain packets over others based on user-defined criteria.
2CSNXXX_SWUM204.book Page 1150 Monday, January 25, 2016 1:25 PM CoS queue configuration. The TCG scheduling and bandwidth enforcement occurs after the CoS queue scheduling and bandwidth enforcement is performed. Therefore all CoS queues mapped to the same TCG share the scheduling and bandwidth properties of the TCG. ETS Operations ETS provides an operational model for priority processing and bandwidth allocation for the switch in a Data Center Bridging environment.
2CSNXXX_SWUM204.book Page 1151 Monday, January 25, 2016 1:25 PM The indirect mapping between the 802.1p priorities and the associated Traffic Class Group mapping is advertised by DCBX as part of ETS TLVs. For this indirect mapping to be valid, the following parameters need to be configured in addition to the configuration of the TCGs. 1 Configure 802.1p priority to CoS mapping for the ingress ports. 2 Enable Trust mode on the ingress ports to trust the 802.1p priority present in the frames.
2CSNXXX_SWUM204.book Page 1152 Monday, January 25, 2016 1:25 PM DCBX can be used to detect misconfiguration of a feature between the peers on a link. Misconfiguration detection is feature-specific because some features may allow asymmetric configuration. • Peer configuration of DCB features DCBX can be used by a device to perform configuration of DCB features in its peer device if the peer device is willing to accept configuration.
2CSNXXX_SWUM204.book Page 1153 Monday, January 25, 2016 1:25 PM Manual Ports operating in the Manual role do not have their configuration affected by peer devices or by internal propagation of configuration. These ports have their operational mode and TC and bandwidth information specified explicitly by the operator. These ports will advertise their configuration to their peer if DCBX is enabled on that port. Incompatible peer configurations will be logged and counted with an error counter.
2CSNXXX_SWUM204.book Page 1154 Monday, January 25, 2016 1:25 PM 1 If the configuration is compatible with the configuration source, then the DCBX client becomes operationally active on the upstream port. 2 If the configuration is not compatible with the configuration source, then a message is logged indicating an incompatible configuration, an error counter is incremented, and the DCBX client is operationally disabled on the port.
2CSNXXX_SWUM204.book Page 1155 Monday, January 25, 2016 1:25 PM Configuration Source Port Selection Process When an auto-upstream or auto-downstream port receives a configuration from a peer, the DCBX client first checks if there is an active configuration source. If there is a configuration source already selected, the received configuration is checked against the local port operational values as received from the configuration source, and if compatible, the client marks the port as operationally enabled.
2CSNXXX_SWUM204.book Page 1156 Monday, January 25, 2016 1:25 PM In order to reduce flapping of configuration information, if the configuration source port is disabled, disconnected or loses LLDP connectivity, the system clears the selection of configuration source port (if not manually selected) and enables the willing bit on all auto-upstream ports. The configuration on the auto-configuration ports is not cleared (configuration holdover).
2CSNXXX_SWUM204.book Page 1157 Monday, January 25, 2016 1:25 PM Syntax datacenter-bridging Default Configuration This command has no default configuration. Command Mode Interface Configuration (Ethernet) mode User Guidelines NOTE: This command is only available on N40xx series switches. Datacenter bridging mode is only available on physical interfaces, not on port-channel interfaces.
2CSNXXX_SWUM204.book Page 1158 Monday, January 25, 2016 1:25 PM Syntax lldp dcbx version {auto | cin | cee | ieee} no lldp dcbx version • auto—Automatically select the version based on the peer response. • CIN—Force the mode to Cisco-Intel-Nuova. (DCBX 1.0) • CEE—Force the mode to CEE (DCBX 1.06) • IEEE—Force the mode to IEEE 802.1Qaz Default Configuration The default version is auto. Command Mode Global Config User Guidelines NOTE: This command is only available on N40xx series switches.
2CSNXXX_SWUM204.book Page 1159 Monday, January 25, 2016 1:25 PM for transmission. If executed in Interface mode, the interface configuration overrides the global configuration for that interface. Entering the command with no parameters enables transmission of all TLVs. Use the no form of the command to return the configuration to the default settings.
2CSNXXX_SWUM204.book Page 1160 Monday, January 25, 2016 1:25 PM The following example globally configures all ports to not transmit any DCBX TLVs. console(config)#no dcb enable lldp dcbx port-role Use the lldp dcbx port-role command in Interface Configuration mode to configure the port role to manual, auto-upstream, auto-downstream and configuration source. The default port role is manual.
2CSNXXX_SWUM204.book Page 1161 Monday, January 25, 2016 1:25 PM Default Configuration The default port role is manual. Command Mode Interface Config User Guidelines NOTE: This command is only available on N40xx series switches. In order to reduce configuration flapping, ports that obtain configuration information from a configuration source port will maintain that configuration for 2x the LLDP time out, even if the configuration source port becomes operationally disabled.
2CSNXXX_SWUM204.book Page 1162 Monday, January 25, 2016 1:25 PM User Guidelines NOTE: This command is only available on N40xx series switches. This command has no user guidelines.
2CSNXXX_SWUM204.book Page 1163 Monday, January 25, 2016 1:25 PM This command has no user guidelines. Example #1 DCBX Status: console# show lldp dcbx interface all status Config DCBX DCBX Frame TLV Interface Status Role Version Rx Tx Errors Dscrd Dscrd ---------- ------- -------- -------- ------ ------ ------ ------ ----te1/0/1 Enabled Auto-up CEE 1.06 Yes 32 37 0 0 te1/0/2 Enabled Auto-up IEEE 32 37 0 0 te2/0/1 Enabled Auto-dn CIN 1.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1165 Monday, January 25, 2016 1:25 PM Example #4 DCBX enabled – IEEE device (DCBX Version Forced): console# show lldp dcbx interface te1/0/1 Interface te1/0/1 DCBX Admin Status: Enabled Configured DCBX Version: CIN 1.0 Peer DCBX Version: CEE 1.6 Peer MAC: 00:23:24:A4:21:03 Peer Description: Cisco Nexus 5020 IOS Version 5.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1167 Monday, January 25, 2016 1:25 PM Default Configuration By default, all the traffic classes are mapped to TCG 0. In the default configuration, all the Traffic Classes are grouped as one Traffic Class Group and TCG0 is configured as weighted round robin. Command Mode Global Config, Interface Configuration modes User Guidelines NOTE: This command is only available on N40xx series switches.
2CSNXXX_SWUM204.book Page 1168 Monday, January 25, 2016 1:25 PM traffic-class-group max-bandwidth Use this command in Global Config or Interface Configuration mode to specify the maximum transmission bandwidth limit for each TCG as a percentage of the interface rate. Also known as rate shaping, this has the effect of smoothing temporary traffic bursts over time so that the transmitted traffic rate is bound.
2CSNXXX_SWUM204.book Page 1169 Monday, January 25, 2016 1:25 PM If a non-zero value is specified for any bw-x maximum bandwidth parameter, it must not be less than the current minimum bandwidth value for the corresponding queue. A bw-x maximum bandwidth parameter value of 0 may be specified at any time without restriction. The maximum bandwidth limits may be used with either a weighted or strict priority scheduling scheme.
2CSNXXX_SWUM204.book Page 1170 Monday, January 25, 2016 1:25 PM User Guidelines NOTE: This command is only available on N40xx series switches. This command specified in Interface Configuration mode only affects a single interface, whereas the Global Configuration mode setting is applied to all interfaces. The Interface Configuration mode command is only available on the N4000 series switches. Each bw-x value is a percentage that ranges from 0 to 100 in increments of 1.
2CSNXXX_SWUM204.book Page 1171 Monday, January 25, 2016 1:25 PM Syntax traffic-class-group strict tcg-id [tcg-id … tcg-id] no traffic-class-group strict • tcg-id—The TCG identifier. Range is 0 to 2 Default Configuration The default scheduling mode for all TCGs is weighted scheduling. Command Mode Global Configuration mode, Interface Configuration mode User Guidelines NOTE: This command is only available on N40xx series switches.
2CSNXXX_SWUM204.book Page 1172 Monday, January 25, 2016 1:25 PM Example The following example demonstrates how to set TCGs 1 and 2 to strict priority scheduling. console(config)# traffic-class-group strict 1 2 traffic-class-group weight Use the traffic-class-group weight command in Global Config or Interface Configuration mode to specify the scheduling weight for each TCG.
2CSNXXX_SWUM204.book Page 1173 Monday, January 25, 2016 1:25 PM The weight percentage is not considered for Traffic Class Groups that are configured for strict priority scheduling. Auto-configuration ports utilize the weights received from the auto-configuration source but do no alter the manual settings. Manually configured ports enabled for DCBX transmit the manually configured weights in the TC Bandwidth table in the ETS TLVs.
2CSNXXX_SWUM204.book Page 1174 Monday, January 25, 2016 1:25 PM Traffic class group 7 is reserved by the system and is not shown. Auto-configuration ports utilize the traffic class group mappings received from the auto-configuration source. Manually configured ports enabled for DCBX transmit the traffic class groups in the ETS TLVs.
2CSNXXX_SWUM204.book Page 1175 Monday, January 25, 2016 1:25 PM User Guidelines The interface-id parameter is optional. The following information is displayed: Field Description Congestion drops Packets dropped due to congestion. This includes packets that exceeded an upper WRED threshold and packet dropped by WRED. ECN marked packets are not counted as dropped. Tx Queue The instantaneous number of cells queued for egress on the interface. Cells are 208 bytes.
2CSNXXX_SWUM204.book Page 1176 Monday, January 25, 2016 1:25 PM Gi1/0/3 0 0 0 0 0 0 show interfaces traffic-class-group Use the show interfaces traffic-class-group command in Privileged Exec mode to display the Traffic Class to Traffic Class Group mapping. Syntax show interfaces traffic-class-group [interface-id] • interface-id—A valid physical interface specifier. Default Configuration The default is to show the global traffic class group configuration.
2CSNXXX_SWUM204.book Page 1177 Monday, January 25, 2016 1:25 PM Field Description Max-Bandwidth The maximum transmission bandwidth g, expressed as a percentage. A value of 0 means no upper limit is enforced, so the queue may use any or all of the available bandwidth of the interface. This is a configured value. Scheduler Type Indicates whether this queue is scheduled for transmission using a strict priority or a weighted scheme.
2CSNXXX_SWUM204.book Page 1178 Monday, January 25, 2016 1:25 PM OpenFlow Commands Dell Networking N2000/N3000/N4000 Series Switches The OpenFlow feature configures the switch to be managed by a centralized OpenFlow Controller using the OpenFlow protocol. Openflow is not supported in a stacking environment. The OpenFlow agent has been validated with the Helium release of OpenDaylight (ODL).
2CSNXXX_SWUM204.book Page 1179 Monday, January 25, 2016 1:25 PM Command Mode OpenFlow Configuration User Guidelines If connection to the controller over an interface other than the OOB interface is desired, use the OpenFlow mode command prior to issuing this command. Issuing the mode command after a connection has been established drops the connection. The connections are then re-attempted over the new interface as specified by the mode command.
2CSNXXX_SWUM204.book Page 1180 Monday, January 25, 2016 1:25 PM hardware profile openflow Use the hardware profile openflow command to select the forwarding mode for the OpenFlow hybrid capability. Use the no form of the command to select the default forwarding capability. Syntax hardware profile openflow { full-match | layer2-match } no hardware profile openflow • full-match—Perform full matching when configured in OpenFlow 1.0 mode. • layer2-match—Perform L2 matching when configured in OpenFlow 1.
2CSNXXX_SWUM204.book Page 1181 Monday, January 25, 2016 1:25 PM Example The following example configures OpenFlow 1.0 full matching, configures a connection to the controller at IPv4 address 1.2.3.4 TCP port 3435 using SSL security, and enables OpenFlow 1.0 on the switch. console(config)#hardware profile openflow full-match console(config)#openflow WARNING! OpenFlow does not operate on stack members. Enable OpenFlow on stand-alone switches only. console(config-of-switch)#controller ipv4 1.2.3.
2CSNXXX_SWUM204.book Page 1182 Monday, January 25, 2016 1:25 PM Only IPv4 addresses are supported for OpenFlow controllers. OpenFlow operates on the stack master only. Flows may not be configured on stack members. Failover to the stack standby unit is not supported. OpenFlow should only be enabled on stand-alone switches and should not be enabled on stacks of switches. This restriction is not enforced. Command History Introduced in version 6.3.0.1 firmware.
2CSNXXX_SWUM204.book Page 1183 Monday, January 25, 2016 1:25 PM no mode • auto—Automatically select the switch IP address • static—Use the configured static IP address • oob—Use the OOB interface IP address Default Configuration By default, the switch select an address automatically. Command Mode OpenFlow Configuration User Guidelines This command configures the switch to select an IP address from a particular type of interface.
2CSNXXX_SWUM204.book Page 1184 Monday, January 25, 2016 1:25 PM If the switch is configured in static mode, OpenFlow will remain operationally disabled until a static IPv4 address is configured, the IPv4 address matches exactly an IPv4 address on a VLAN interface, and the VLAN interface is operationally enabled. If the OOB interface is manually selected as the OpenFlow IP address then the Open Flow feature becomes enabled immediately, even if there is no IP address assigned to the service port.
2CSNXXX_SWUM204.book Page 1185 Monday, January 25, 2016 1:25 PM openflow Use the openflow command to enable OpenFlow on the switch (if disabled) and enter into OpenFlow configuration mode. Use the exit command to return to Global Configuration mode. Syntax openflow no openflow Default Configuration The OpenFlow capability is disabled by default. No controllers are configured by default. OpenFlow 1.3 mode is selected by default when OpenFlow is enabled.
2CSNXXX_SWUM204.book Page 1186 Monday, January 25, 2016 1:25 PM Example This example enables OpenFlow 1.3 on a switch and configures a connection the controller at IPv4 address 1.2.3.4 TCP port 3435 using SSL security. console(config)#openflow WARNING! OpenFlow does not operate on stack members. Enable OpenFlow on stand-alone switches only. console(config-of-switch)#controller ipv4 1.2.3.
2CSNXXX_SWUM204.book Page 1187 Monday, January 25, 2016 1:25 PM OpenFlow operates on the stack master only. Flows may not be configured on stack members. Failover to the stack standby unit is not supported. OpenFlow should only be enabled on stand-alone switches and should not be enabled on stacks of switches. This restriction is not enforced. Command History Introduced in version 6.3.0.1 firmware. Example This example configures a connection to the controller at IPv4 address 1.2.3.
2CSNXXX_SWUM204.book Page 1188 Monday, January 25, 2016 1:25 PM Command Mode OpenFlow Configuration User Guidelines If the administrator changes the OpenFlow variant while the OpenFlow feature is enabled, the switch automatically disables and re-enables the OpenFlow feature causing all flows to be deleted and connections to the controllers to be dropped. OpenFlow operates on the stack master only. Flows may not be configured on stack members. Failover to the stack standby unit is not supported.
2CSNXXX_SWUM204.book Page 1189 Monday, January 25, 2016 1:25 PM • switch controllers—Show information about configured controllers • switch flows—Show information regarding flows • switch groups—Show information regarding OpenFlow groups • switch tables—Show information regarding the switch tables Default Configuration When invoked with no parameters, the show openflow command shows summary information regarding OpenFlow.
2CSNXXX_SWUM204.book Page 1190 Monday, January 25, 2016 1:25 PM Parameter Description OpenFlow Variant OpenFlow Protocol Variant. The OpenFlow protocol can be “OpenFlow 1.0” or “OpenFlow 1.3”. Default Table The Hardware Table used as the target for flows installed by an OpenFlow 1.0 controller which is not enhanced to handle multiple hardware tables. Passive Mode The OpenFlow passive mode set by the ‘passive’ command.
2CSNXXX_SWUM204.book Page 1191 Monday, January 25, 2016 1:25 PM When the switch groups parameter is given, the following information is displayed: Parameter Description Group Type Type of Group: Indirect, All, Select, etc. Group Id Unique ID for the Group Refence Count This count indicates how many Select groups are referring to the current Indirect group. Reference Count is used only for Indirect groups. Duration The time since the group was created. Bucket Count Number of Buckets in the group.
2CSNXXX_SWUM204.book Page 1192 Monday, January 25, 2016 1:25 PM Example This output shows an operationaly disabled switch: console#show openflow Administrative Mode............................ Administrative Status.......................... Disable Reason................................. IP Address..................................... IP Mode................................. ...... Static IP Address.............................. Network MTU.................................... OpenFlow Variant..............
2CSNXXX_SWUM204.book Page 1193 Monday, January 25, 2016 1:25 PM Flow Insertion Count.....................1 Flow Deletion Count......................0 Insertion Failure Count..................0 Flow Table Description: The forwarding database maps non-multicast MAC addresses and the ports on which these addresses are located. This example shows the output for OpenFlow 1.3 using the switch tables parameter: console#show openflow switch tables Flow Table.....................................
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1195 Monday, January 25, 2016 1:25 PM console#show openflow switch flows Flow: 00000000 Flow Table: 60 Match Criteria: Ingress port: Gi1/0/1 VLAN ID: Src MAC: Dst MAC: IP Protocol: Action: Drop Duration (secs): 55 Packet Count: 12321 Type: "1DOT0" Priority: 1 Type: Untagged MAC Egress Port: VLAN PCP: Src IP: Dst IP: TOS: EtherType: 0x0800 Src IP Port: Dst IP Port: DSCP: Idle (secs): 45 HW Priority: 2131 In HW: Yes This example shows the output for OpenFlow 1.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1197 Monday, January 25, 2016 1:25 PM Priority Flow Control Commands Dell Networking N4000 Series Switches Priority Flow Control (PFC) provides a means of pausing frames based on individual priorities on a single physical link. By pausing the congested priority or priorities independently, protocols that are highly loss sensitive can share the same link with traffic that has different loss tolerances with less congestion spreading than standard flow control.
2CSNXXX_SWUM204.book Page 1198 Monday, January 25, 2016 1:25 PM The effective default behavior on an interface enabled for PFC without a nodrop priority is that no flow control (legacy or PFC) is enabled. If the user enables PFC but does not create any no-drop priorities, the interface will not be lossless. Changing the drop and no-drop capabilities on an interface, either in flow control or priority flow control, may require that all ports briefly drop link.
2CSNXXX_SWUM204.book Page 1199 Monday, January 25, 2016 1:25 PM Default Configuration Priority-flow-control mode is off (disabled) by default. Command Mode Datacenter-Bridging Configuration mode User Guidelines NOTE: This command is only available on N40xx series switches. PFC must be enabled before FIP snooping can operate over the interface. Use the no form of the command to return the mode to the default (off).
2CSNXXX_SWUM204.book Page 1200 Monday, January 25, 2016 1:25 PM Syntax priority-flow-control priority priority-list {drop | no-drop} no priority-flow-control priority • drop—Disable lossless behavior on the selected priorities. • no-drop—Enable lossless behavior on the selected priorities. • priority-list —A list of IEEE 802.1p priorities (up to two) which are to be configured as lossless. Default Configuration The default behavior for all priorities is tail-drop.
2CSNXXX_SWUM204.book Page 1201 Monday, January 25, 2016 1:25 PM Syntax clear priority-flow-control statistics [ethernet interface ] • interface — A valid Ethernet port. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1205 Monday, January 25, 2016 1:25 PM Layer 3 Routing Commands 7 The sections that follow describe commands that conform to the OSI model’s Network Layer (Layer 3). Layer 3 Routing commands enable routing protocols to perform a series of exchanges over various data links to route data between any two nodes in a network. These commands define the addressing and routing structure of the Internet.
2CSNXXX_SWUM204.book Page 1206 Monday, January 25, 2016 1:25 PM ARP Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches When a host has an IP packet to send on an Ethernet network, it must encapsulate the IP packet in an Ethernet frame. The Ethernet header requires a destination MAC address. If the destination IP address is on the same network as the sender, the sender uses the Address Resolution Protocol (ARP) to determine the MAC address associated with destination IP address.
2CSNXXX_SWUM204.book Page 1207 Monday, January 25, 2016 1:25 PM ARP Aging Dynamic entries in the ARP cache are aged. When an entry for a neighbor router reaches its maximum age, the system sends an ARP request to the neighbor router to renew the entry. Entries for neighbor routers should remain in the ARP cache as long as the neighbor continues to respond to ARP requests. ARP cache entries for neighbor hosts are renewed more selectively.
2CSNXXX_SWUM204.book Page 1208 Monday, January 25, 2016 1:25 PM Syntax arp [vrf vrf-name]ip-address hardware-address [ interface interface-id] no arp ip-address • vrf-name—The name of the VRF with which the ARP entry is to be associated. If no VRF is specified, the ARP entry is associated with the global ARP table. • ip-address — IP address of a device on a subnet attached to an existing routing interface. • hardware-address — A unicast MAC address for that device.
2CSNXXX_SWUM204.book Page 1209 Monday, January 25, 2016 1:25 PM Example The following example creates an ARP entry consisting of an IP address and a MAC address. console(config)#arp 192.168.1.2 00A2.64B3.A245 arp cachesize Use the arp cachesize command in Global Configuration mode to configure the maximum number of entries in the ARP cache. To return the maximum number of ARP cache entries to the default value, use the no form of this command.
2CSNXXX_SWUM204.book Page 1210 Monday, January 25, 2016 1:25 PM arp dynamicrenew Use the arp dynamicrenew command in Global Configuration mode to enable the ARP component to automatically renew dynamic ARP entries when they age out. To disable the automatic renewal of dynamic ARP entries when they age out, use the no form of the command. Syntax arp dynamicrenew no arp dynamicrenew Default Configuration The default state is enabled.
2CSNXXX_SWUM204.book Page 1211 Monday, January 25, 2016 1:25 PM cache capacity, enabling dynamic renew could prevent some neighbors from communicating because the ARP cache is full. Dynamic renewal should be disabled in these networks. Example console#configure console(config)#arp dynamicrenew console(config)#no arp dynamicrenew arp purge Use the arp purge command in Privileged Exec mode to cause the specified IP address to be removed from the ARP cache.
2CSNXXX_SWUM204.book Page 1212 Monday, January 25, 2016 1:25 PM The interface identifier is the identifier of the unnumbered interface, not the loopback interface from which the IP address is borrowed. When the IP address does not uniquely identify an ARP entry, the interface must be given to uniquely identify the ARP entry. The interface may be numbered or unnumbered. Example The following example removes the specified IP address from arp cache. console#arp purge 192.168.1.
2CSNXXX_SWUM204.book Page 1213 Monday, January 25, 2016 1:25 PM arp retries Use the arp retries command in Global Configuration mode to configure the ARP count of maximum requests for retries. To return to the default value, use the no form of this command. Syntax arp retries integer no arp retries • integer — The maximum number of requests for retries. (Range: 0-10) Default Configuration The default value is 4 retries.
2CSNXXX_SWUM204.book Page 1214 Monday, January 25, 2016 1:25 PM Default Configuration The default value is 1200 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines 900 seconds as the timeout. console(config)#arp timeout 900 clear arp-cache Use the clear arp-cache command in Privileged Exec mode to remove all ARP entries of type dynamic from the ARP cache.
2CSNXXX_SWUM204.book Page 1215 Monday, January 25, 2016 1:25 PM Example The following example clears all entries ARP of type dynamic, including gateway, from ARP cache. console#clear arp-cache gateway clear arp-cache management Use the clear arp-cache management command to clear all entries that show as management arp entries in the show arp command. Syntax clear arp-cache management Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1216 Monday, January 25, 2016 1:25 PM 10.27.20.243 0019.B9D1.29A3 console#clear arp-cache management Management Dynamic n/a ip local-proxy-arp Use the ip local proxy-arp command in Interface Configuration mode to enable proxying of ARP requests. This allows the switch to respond to ARP requests within a subnet where routing is not enabled. Syntax ip local-proxy-arp no ip local-proxy-arp Default Configuration Proxy arp is disabled by default.
2CSNXXX_SWUM204.book Page 1217 Monday, January 25, 2016 1:25 PM next hops in its route to the destination are through interfaces other than the interface that received the ARP request. Use the no form of the command to disable proxy ARP on a router interface. Syntax ip proxy-arp no ip proxy-arp Default Configuration Enabled is the default configuration. Command Mode Interface Configuration (VLAN) mode User Guidelines The ip proxy-arp command is not available in interface range mode.
2CSNXXX_SWUM204.book Page 1218 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode User Exec and Privileged Exec modes, Configuration mode and all Configuration submodes User Guidelines The show arp command will display static (user-configured) ARP entries regardless of whether they are reachable over an interface or not. The VRF identified in the parameter must have been previously created or an error is returned.
2CSNXXX_SWUM204.book Page 1219 Monday, January 25, 2016 1:25 PM Bidirectional Forwarding Detection Commands Dell Networking N3000/N4000 Series Switches Bidirectional Forwarding Detection (BFD) verifies bidirectional connectivity between forwarding engines, which can be a single hop or multiple hops away.
2CSNXXX_SWUM204.book Page 1220 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration User Guidelines BFD supports fast detection of forwarding failures on a routing interface. BFD provides an advantage for forwarding plane failure detection over that provided by the individual protocols, each having different hello protocol timers and detection periods. The BFD feature provides notification to BGP or OSPF when an interface is detected to not be in a forwarding state.
2CSNXXX_SWUM204.book Page 1221 Monday, January 25, 2016 1:25 PM Syntax bfd echo no bfd echo Default Configuration BFD echo mode is not enabled by default. Command Mode Interface (VLAN) Configuration and Interface (VLAN) range mode. User Guidelines BFD echo mode enables fast sending and turnaround of BFD echo packets. Use the bfd slow-timer command to adjust the sending of BFD control plane packets when BFD echo mode is enabled. Command History Introduced in version 6.2.0.1 firmware.
2CSNXXX_SWUM204.book Page 1222 Monday, January 25, 2016 1:25 PM • transmit-interval—Refers to the desired minimum transmit interval, • minimum-receive-interval—Refers to the required minimum receive • detection-time-multiplier—Specifies the number of BFD control packets which is the minimum interval the user wants to use while transmitting BFD control packets. It is represented in milliseconds. Its range is 100 ms to 1000 ms with a change granularity of 100 ms and with a default value of 100 ms.
2CSNXXX_SWUM204.book Page 1223 Monday, January 25, 2016 1:25 PM console(config-if-vlan100)#bfd interval 100 min_rx 100 multiplier 5 console(config-if-vlan100)#exit console(config)#interface te1/0/1 console(config-if-Te1/0/1)#switchport mode trunk bfd slow-timer This command configures the BFD periodic slow transmission interval for BFD Control packets. Use the no form of the command to return the slow transmission interval value to the default.
2CSNXXX_SWUM204.book Page 1224 Monday, January 25, 2016 1:25 PM ip ospf bfd Use the ip ospf bfd command to enable sending of BFD events to OSPF on a VLAN routing interface. Use the no form of the command to disable sending of BFD events. Syntax ip ospf bfd no ip ospf bfd Default Configuration BFD is not enabled by default. Command Mode Interface (VLAN) Configuration mode User Guidelines BFD processing notifies OSPF of L3 connectivity issues with the peer.
2CSNXXX_SWUM204.book Page 1225 Monday, January 25, 2016 1:25 PM ipv6 ospf bfd Use the ipv6 ospf bfd command to enable sending of BFD events to OSPF on a VLAN routing interface. Use the no form of the command to disable sending of BFD events. Syntax ipv6 ospf bfd no ipv6 ospf bfd Default Configuration BFD is not enabled by default. Command Mode Interface (VLAN) Configuration mode User Guidelines BFD procesisng notifies OSPFv3 of level 3 connectivity issues with the peer.
2CSNXXX_SWUM204.book Page 1226 Monday, January 25, 2016 1:25 PM neighbor fall-over bfd This command enables BFD support for a BGP neighbor. Use the no form of the command to disable BFD for the specified BGP neighbor.
2CSNXXX_SWUM204.book Page 1227 Monday, January 25, 2016 1:25 PM Syntax show bfd neighbor [details] [ip-address] • details—Display additional information regarding each BFD neighbor, including sent and received message counts. • ip-address—The IPv4 or IPv6 address of a BFD neighbor. Limits the output to the specific neighbor. Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 1228 Monday, January 25, 2016 1:25 PM Parameters Description Registered Protocol The protocol from which the BFD session was initiated and that is registered to receive events from BFD. (for example, BGP). Local Diag The diagnostic state specifying the reason for the most recent change in the local session state. Demand mode Indicates if the system wishes to use Demand mode. Note: Demand mode is not supported in Dell 6.0 8.
2CSNXXX_SWUM204.book Page 1229 Monday, January 25, 2016 1:25 PM Local IP address............................... Neighbor IP address............................ State.......................................... Interface...................................... Uptime......................................... Registered Protocol............................ Local Diag..................................... Demand mode.................................... Minimum transmit interval......................
2CSNXXX_SWUM204.book Page 1230 Monday, January 25, 2016 1:25 PM Border Gateway Protocol Commands Dell Networking N3000/N4000 Series Switches This section describes the commands you use to view and configure Border Gateway Protocol (BGP), which is an exterior gateway routing protocol that you use to route traffic between autonomous systems. The BGP CLI commands are available in the N3000/N4000 Series switches. On the N3000 Series switches, the BGP specific firmware must be loaded (e.g., N3000_BGPvA.B.C.D.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1234 Monday, January 25, 2016 1:25 PM ASNs 0, 56320–64511, and 65535 are reserved and cannot be used. Command History Introduced in version 6.2.0.1 firmware. Example The following example creates a BGP routing instances and enables BGP routing for AS 4324. console(config)#router bgp 4324 address-family Use the address-family command in peer template configuration mode to configure policy parameters within a peer template to be applied to a specific address family.
2CSNXXX_SWUM204.book Page 1235 Monday, January 25, 2016 1:25 PM • advertisement-interval seconds • default-originate • filter-list as-path-list-number {in | out} • maximum-prefix { maximum | unlimited } [threshold] • next-hop-self • prefix-list prefix-list-name { in | out } • remove-private-as • route-reflector-client • route-map map-name { in | out } • send-community The activate command is only available in address-family ipv6 mode.
2CSNXXX_SWUM204.book Page 1236 Monday, January 25, 2016 1:25 PM console(config-rtr-tmplt-af)# route-map RM6-OUT out console(config-rtr-tmplt-af)# exit console(config-rtr-tmplt)# exit console(config-router)# neighbor 172.20.1.2 inherit peer AGGR console(config-router)# neighbor 172.20.2.2 inherit peer AGGR console(config-router)# address-family ipv6 console(config-router)# neighbor 172.20.1.2 activate console(config-router)# neighbor 172.20.2.
2CSNXXX_SWUM204.book Page 1237 Monday, January 25, 2016 1:25 PM address-family ipv6 Use the address-family ipv6 command to enter IPv6 family configuration mode to specify IPv6 configuration parameters. Use the no form of the command to delete all IPv6 configuration. Syntax address family ipv6 no address family ipv6 Default Configuration By default, the exchange of IPv6 routes is disabled.
2CSNXXX_SWUM204.book Page 1238 Monday, January 25, 2016 1:25 PM Syntax address-family vpn4 unicast no address-family vpn4 unicast Default Configuration VPN-IPv4 address family mode is not configured by default. Command Mode Router BGP Configuration mode User Guidelines When an iBGP neighbor is configured in this mode, each VPN-IPv4 prefix is made globally unique by the addition of an 8-byte route distinguisher (RD). Only unicast prefixes are advertised to the iBGP neighbor.
2CSNXXX_SWUM204.book Page 1239 Monday, January 25, 2016 1:25 PM console(config-router-af)# neighbor 1.1.1.1 send-community extended console(config-router-af)# exit console(config-router)# aggregate-address Use the aggregate-address command to configure a summary address for BGP.
2CSNXXX_SWUM204.book Page 1240 Monday, January 25, 2016 1:25 PM • summary-only – When specified, the more-specific routes within the aggregate address are not advertised to neighbors. Default Configuration No aggregate addresses are configured by default. Unless the options are specified, the aggregate is advertised with the ATOMIC_AGGREGATE attribute and an empty AS path, and the more specific routes are advertised along with the aggregate.
2CSNXXX_SWUM204.book Page 1241 Monday, January 25, 2016 1:25 PM Syntax bgp aggregate-different-meds no bgp aggregate-different-meds Default Configuration By default, all the routes aggregated by a given aggregate address must have the same MED value. Command Mode BGP Router Configuration mode User Guidelines When this command is used, the path for an active aggregate address is advertised without an MED attribute and the MED attribute is not considered in aggregating routes.
2CSNXXX_SWUM204.book Page 1242 Monday, January 25, 2016 1:25 PM no bgp aggregate-different-meds Default Configuration By default, all the routes aggregated by a given aggregate address must have the same MED value. Command Mode IPv6 Address Family Configuration mode User Guidelines When this command is used, the path for an active aggregate address is advertised without an MED attribute and the MED attribute is not considered in aggregating routes.
2CSNXXX_SWUM204.book Page 1243 Monday, January 25, 2016 1:25 PM Default Configuration By default, all routes aggregated by a given aggregate address must have the same MED value. Command Mode • BGP Router Configuration mode • IPv6 Address Family Configuration mode User Guidelines The MED is a 32-bit integer, commonly set by an external peer to indicate the internal distance to a destination. The decision process compares MED values to prefer paths that have a shorter internal distance.
2CSNXXX_SWUM204.book Page 1244 Monday, January 25, 2016 1:25 PM Default Configuration Client-to-client reflection is enabled by default when a router is configured as a route reflector. Command Mode BGP Router Configuration mode User Guidelines Route reflection can change the routes clients select. A route reflector only reflects those routes it selects as best routes. Best route selection can be influenced by the IGP metric of the route to reach the BGP next hop.
2CSNXXX_SWUM204.book Page 1245 Monday, January 25, 2016 1:25 PM Syntax bgp client-to-client reflection no bgp client-to-client reflection Default Configuration Client-to-client reflection is enabled by default when a router is configured as a route reflector. Command Mode IPv6 Address Family Configuration mode User Guidelines Route reflection can change the routes clients select. A route reflector only reflects those routes it selects as best routes.
2CSNXXX_SWUM204.book Page 1246 Monday, January 25, 2016 1:25 PM Syntax bgp cluster-id cluster-id no bgp cluster-id • cluster-id—A non-zero 32-bit identifier that uniquely identifies a cluster of route reflectors and their clients. The cluster ID may be entered in dotted notation like an IPv4 address or as an integer. Default Configuration A route reflector whose cluster ID has not been configured uses its BGP router ID (configured with bgp router-id) as the cluster ID.
2CSNXXX_SWUM204.book Page 1247 Monday, January 25, 2016 1:25 PM Syntax bgp default local-preference number no bgp default local-preference • number—The value to use as the local preference for routes advertised to internal peers. The range is 0 to 4,294,967,295. Default Configuration If no other value is configured, BGP advertises a local preference of 100 in UPDATE messages to internal peers.
2CSNXXX_SWUM204.book Page 1248 Monday, January 25, 2016 1:25 PM no bgp fast-external-fallover Default Configuration Fast external fallover is enabled by default. Command Mode BGP Router Configuration mode User Guidelines When BGP gets a routing interface down event, BGP drops the adjacency with all external peers whose IPv4 address is in one of the subnets on the failed interface. This behavior can be overridden for specific interfaces using ip bgp fast-external-fallover.
2CSNXXX_SWUM204.book Page 1249 Monday, January 25, 2016 1:25 PM User Guidelines BGP tracks the reachability of each internal peer’s IP address. If a peer becomes unreachable (that is, the RIB no longer has a non-default route to the peer’s IP address), BGP drops the adjacency. Command History Introduced in version 6.2.0.1 firmware.
2CSNXXX_SWUM204.book Page 1250 Monday, January 25, 2016 1:25 PM Default Configuration No subnets are associated with a BGP listen subnet range, and the BGP dynamic neighbor feature is not activated. Command Mode BGP Router Configuration mode, IPv4 Address Family Configuration mode, IPv6 Address Familiy Configuration mode User Guidelines This command can be used to configure IPv4 BGP neighbors (BGP Router Configuration mode) as well as IPv6 BGP neighbors (IPv6 Address Family Configuration mode).
2CSNXXX_SWUM204.book Page 1251 Monday, January 25, 2016 1:25 PM bgp log-neighbor-changes Use the bgp log-neighbor-changes command to enable logging of adjacency state changes. Syntax bgp log-neighbor-changes no bgp log-neighbor-changes Default Configuration Neighbor state changes are not logged by default. Command Mode BGP Router Configuration mode User Guidelines Both backward and forward adjacency state changes are logged.
2CSNXXX_SWUM204.book Page 1252 Monday, January 25, 2016 1:25 PM • limit—The maximum length of an AS Path that BGP accepts from its neighbors. The length is the number of autonomous systems listed in the path. The limit may be set to any value from 1 to 100.
2CSNXXX_SWUM204.book Page 1253 Monday, January 25, 2016 1:25 PM Command Mode BGP Router Configuration mode User Guidelines The BGP router ID must be a valid IPv4 unicast address, but is not required to be an address assigned to the router. The router ID is specified in the dotted notation of an IPv4 address. Changing the router ID disables and reenables BGP, causing all adjacencies to be re-established.
2CSNXXX_SWUM204.book Page 1254 Monday, January 25, 2016 1:25 PM • ipv4-address—Only reset the adjacency with a single specified peer with a given IPv4 peer address. • ipv6-address [ interface interface-id ]—Only reset the adjacency with a single specified peer with a given IPv6 peer address. If the interface-id is given, only reset the adjacency on the specified interface. The interface id must be a routing interface (a routed VLAN identifier).
2CSNXXX_SWUM204.book Page 1255 Monday, January 25, 2016 1:25 PM Example console(config-router)#clear ip bgp clear ip bgp counters Use the clear ip bgp counters resets all BGP counters to 0. These counters include send and receive packet and prefix counters for all neighbors. Syntax clear ip bgp [vrf vrf-name] counters • vrf-name—This optional parameter identifies the VRF for which to clear counters. If not given, the default VRF counters are cleared.
2CSNXXX_SWUM204.book Page 1256 Monday, January 25, 2016 1:25 PM no default-information originate Default Configuration • always—Allows BGP to originate a default route even if the common routing table has no default route. Default Configuration By default BGP does not originate a default route. If a default route is redistributed into BGP, BGP does not advertise the default route unless the default-information originate command has been given. The always option is disabled by default.
2CSNXXX_SWUM204.book Page 1257 Monday, January 25, 2016 1:25 PM Default Configuration By default BGP does not originate a default route. If a default route is redistributed into BGP, BGP does not advertise the default route unless the default-information originate command has been given. The always option is disabled by default.
2CSNXXX_SWUM204.book Page 1258 Monday, January 25, 2016 1:25 PM Command Mode BGP Router Configuration mode User Guidelines There are no user guidelines. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#default-metric 1 default metric (IPv6 Address Family Configuration) This command sets the metric of redistributed IPv6 routes when a metric is not configured in the redistribute command. Syntax default-metric value no default-metric • value—The value to as the MED.
2CSNXXX_SWUM204.book Page 1259 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#default-metric 1 distance Use this command to set the preference (also known as administrative distance) of BGP routes to specific destinations. Syntax distance distance [ prefix wildcard-mask [prefix-list] ] no distance distance [ prefix wildcard-mask [prefix-list] ] • distance—The preference value for matching routes. The range is 1 to 255.
2CSNXXX_SWUM204.book Page 1260 Monday, January 25, 2016 1:25 PM can be overlap between the prefix and mask configured for different commands. When there is overlap, the command whose prefix and wildcard mask are the longest match for a neighbor’s address is applied to routes from that neighbor. An ECMP route’s distance is determined by applying distance commands to the neighbor that provided the best path. The distance command is not applied to existing routes.
2CSNXXX_SWUM204.book Page 1261 Monday, January 25, 2016 1:25 PM no distance bgp • external-distance—The preference value for routes learned from external peers. The range is 1 to 255. • internal-distance—The preference value for routes learned from internal peers. The range is 1 to 255. • local-distance—The preference value for locally-originated routes. The range is 1 to 255.
2CSNXXX_SWUM204.book Page 1262 Monday, January 25, 2016 1:25 PM distance bgp (IPv6 Address Family Configuration) Use this command to set the preference (also known as administrative distance) of BGP routes. Syntax distance bgp external-distance internal-distance local-distance no distance bgp • external-distance—The preference value for routes learned from external peers. The range is 1 to 255. • internal-distance—The preference value for routes learned from internal peers. The range is 1 to 255.
2CSNXXX_SWUM204.book Page 1263 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#distance bgp 20 200 200 distribute-list prefix in Use this command to configure a filter that restricts the routes that BGP accepts from all neighbors based on destination prefix.
2CSNXXX_SWUM204.book Page 1264 Monday, January 25, 2016 1:25 PM distribute-list prefix out (BGP Router Configuration) Use this command to configure a filter that restricts the advertisement of routes based on destination prefix. Syntax distribute-list prefix list-name out [ protocol | connected | static ] no distribute-list prefix list-name out [ protocol | connected | static ] • prefix list-name—A prefix list used to filter routes advertised to neighbors.
2CSNXXX_SWUM204.book Page 1265 Monday, January 25, 2016 1:25 PM distribute-list prefix out (IPv6 Address Family Configuration) Use this command to apply an IPv6 prefix list to IPv6 routes advertised via BGP. Syntax distribute-list prefix list-name out [ protocol | connected | static ] no distribute-list prefix list-name out [ protocol | connected | static ] • prefix list-name—A prefix list used to filter routes advertised to neighbors.
2CSNXXX_SWUM204.book Page 1266 Monday, January 25, 2016 1:25 PM enable This command globally enables BGP, while retaining the configuration. Syntax enable no enable Default Configuration By default, BGP is enabled once the administrator has specified the local AS number with the router bgp command and configured a router id with bgp router-id. Command Mode BGP Router Configuration mode User Guidelines When disabling BGP using no enable, BGP retains its configuration.
2CSNXXX_SWUM204.book Page 1267 Monday, January 25, 2016 1:25 PM Syntax ip as-path access-list as-path-list-number { permit | deny } regexp no ip as-path access-list as-path-list-number • as-path-list-number—A number from 1 to 500 uniquely identifying the list. All AS path access list commands with the same as-path-list-number are considered part of the same list. • permit—Permit routes whose AS Path attribute matches the regular expression.
2CSNXXX_SWUM204.book Page 1268 Monday, January 25, 2016 1:25 PM Statements are applied in the order in which they are created. New statements are added to the end of the list. The statement with the first matching regular expression is applied. Up to 128 AS path access lists can be configured, with up to 64 statements each. To enter the question mark within a regular expression, first enter CTRL-V to prevent the CLI from interpreting the question mark as a request for help.
2CSNXXX_SWUM204.book Page 1269 Monday, January 25, 2016 1:25 PM Example In the following example, the router is configured to reject routes received from neighbor 172.20.1.1 with an AS path that indicates the route originates in or passes through AS 100. console(config)# ip as-path access-list 1 deny _100_ console(config)# ip as-path access-list 1 deny ^100$ console(config)# router bgp 1 console(config-router)# neighbor 172.20.1.1 remote-as 200 console(config-router)# neighbor 172.20.1.
2CSNXXX_SWUM204.book Page 1270 Monday, January 25, 2016 1:25 PM ip bgp fast-external-fallover Use the ip bgp fast-external-fallover command to configure fast external failover behavior for a specific routing interface. Syntax ip bgp fast-external-fallover { permit | deny } no ip bgp fast-external-fallover • permit—Enables fast external fallover on the interface, regardless of the global configuration of the feature.
2CSNXXX_SWUM204.book Page 1271 Monday, January 25, 2016 1:25 PM Syntax ip community-list standard list-name {permit | deny} [community-number] [no-advertise] [no-export] [no-export-subconfed] [no-peer] no ip community-list standard list-name • standard list-name—Identifies a named standard community list. The name may contain up to 32 characters. • permit—Indicates that matching routes are permitted. • deny—Indicates that matching routes are denied.
2CSNXXX_SWUM204.book Page 1272 Monday, January 25, 2016 1:25 PM A community number may be entered in either format, as a 32-bit integer or a pair of 16-bit integers separated by a colon, regardless of whether the ip bgpcommunity new-format command is active. Up to 16 communities, including the well-known communities, can be listed in a single command. Up to 32 statements may be configured with a given community list name. Up to 128 unique community list names may be configured.
2CSNXXX_SWUM204.book Page 1273 Monday, January 25, 2016 1:25 PM – • 32-bit IPv4 address :a 16-bit value (Ex : 10.1.1.1:22) soo value— Specifies the site of origin (SOO) extended community value. The site of origincan be configured only with standard extended community lists. This value can be entered in one of the following formats: – 16-bit AS number :a 32-bit value (Ex : 100:11) – 32-bit IPv4 address :a 16-bit value (Ex : 10.1.1.
2CSNXXX_SWUM204.book Page 1274 Monday, January 25, 2016 1:25 PM The site of origin (SOO) extended communities attribute is configured with the soo keyword. This attribute uniquely identifies the site from which the provider edge (PE) router learned the route. All routes learned from a particular site must be assigned the same site of origin extended community attribute, regardless if a site is connected to a single PE router or multiple PE routers.
2CSNXXX_SWUM204.book Page 1275 Monday, January 25, 2016 1:25 PM (R1)(Config-router-af)# neighbor 1.1.1.1 route-map SEND_OUT out (R1)(Config-router-af)# neighbor 1.1.1.1 activate match extcommunity Use the match extcommunity command to match BGP extended community list attributes. Use the no form of this command to remove the match extcommunity from the configuration and BGP extended community list attribute entry. NOTE: This command is effective only if BGP is running on the router.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1277 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#maximum-paths 5 maximum-paths (IPv6 Address Family Configuration) Use this command to limit the number of ECMP next hops in IPv6 routes from external peers. Syntax maximum-paths number-of-paths no maximum-paths • number-of-paths—The maximum number of next hops in a BGP route.
2CSNXXX_SWUM204.book Page 1278 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#maximum-paths 5 maximum-paths ibgp (BGP Router Configuration) Use this command to specify the maximum number of next hops BGP may include in an Equal Cost Multipath (ECMP) route derived from paths received from neighbors within the local autonomous system.
2CSNXXX_SWUM204.book Page 1279 Monday, January 25, 2016 1:25 PM Configure the data-center version of the desired SDM template to increase the ECMP paths. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#maximum-paths ibgp 5 maximum-paths ibgp (IPv6 Address Family Configuration) Use this command to limit the number of ECMP next hops in IPv6 routes from internal peers.
2CSNXXX_SWUM204.book Page 1280 Monday, January 25, 2016 1:25 PM • N40xx 1-4 • N30xx 1-4 • N20xx 1-1 Configure the data-center version of the desired SDM template to increase the ECMP paths. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#maximum-paths ibgp 5 neighbor activate Use this command to enable the exchange of IPv6 routes with a neighbor. To disable the exchange of IPv6 addresses, use the no form of this command.
2CSNXXX_SWUM204.book Page 1281 Monday, January 25, 2016 1:25 PM Command Mode IPv4 Address Family Configuration mode, IPv6 Address Family Configuration mode User Guidelines The neighbor address must be the same IP address used in the neighbor remote-as command to create the peer. When IPv6 is enabled or disabled for a neighbor, the adjacency is brought down and restarted to communicate to the change to the peer. Completely configure IPv6 policy for the peer before activating the peer.
2CSNXXX_SWUM204.book Page 1282 Monday, January 25, 2016 1:25 PM no neighbor { ip-address [interface interface-id]} advertisement-interval • interface-id—A routing interface identifier. • ip-address—The neighbor’s IPv4 address. • seconds—The minimum time between route advertisement, in seconds. The range is 0 to 600 seconds. Default Configuration The default value is 30 seconds for external peers and 5 seconds for internal peers.
2CSNXXX_SWUM204.book Page 1283 Monday, January 25, 2016 1:25 PM Syntax neighbor { ipv6-address [interface interface-id]} advertisement-interval seconds no neighbor { ipv6-address [interface interface-id]} advertisement-interval • interface-id—A routing interface identifier. • ipv6-address—The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. • seconds—The minimum time between route advertisement, in seconds.
2CSNXXX_SWUM204.book Page 1284 Monday, January 25, 2016 1:25 PM neighbor allowas-in Use the neighbor allowas-in command to accept prefixes even if local ASN is part of the AS_PATH attribute. Use the no form of the command to disable acceptance of prefixes if the local ASN is part of the AS_PATH.
2CSNXXX_SWUM204.book Page 1285 Monday, January 25, 2016 1:25 PM Example console(config)# router console(config-router)# console(config-router)# console(config-router)# console(config-router)# bgp 65000 neighbor 172.20.1.2 remote-as 65001 neighbor 172.20.1.2 allowas-in 1 neighbor 2001::2 remote-as 65003 neighbor 2001::2 allowas-in 3 neighbor connect-retry-interval Use this command in to configure the initial connection retry time for a specific neighbor.
2CSNXXX_SWUM204.book Page 1286 Monday, January 25, 2016 1:25 PM User Guidelines If a neighbor does not respond to an initial TCP connection attempt, the N3000/N4000 Series switch retries three times. The first retry is after the retry interval configured with neighbor connect-retry-interval. Each subsequent retry doubles the previous retry interval. So by default, the TCP connection is retried after 2, 4, and 8 seconds.
2CSNXXX_SWUM204.book Page 1287 Monday, January 25, 2016 1:25 PM Command Mode BGP Router Configuration mode User Guidelines By default, a neighbor-specific default has no MED and the Origin is IGP. Attributes may be set using an optional route map. A neighbor-specific default is only advertised if the Adj-RIB-Out does not include a default learned by other means, either from the default-information originate (BGP Router Configuration) command or a default learned from a peer.
2CSNXXX_SWUM204.book Page 1288 Monday, January 25, 2016 1:25 PM Syntax neighbor { ip-address | ipv6-address [interface interface-id]} defaultoriginate [route-map map-name] • ip-address—The neighbor’s IPv4 address. • ipv6-address [interface interface-id]—The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified.
2CSNXXX_SWUM204.book Page 1289 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#neighbor FE80::0202:B3FF:FE1E:8329 defaultoriginate neighbor description Use this command to record a text description of a neighbor. The description is informational and has no functional impact.
2CSNXXX_SWUM204.book Page 1290 Monday, January 25, 2016 1:25 PM User Guidelines There are no user guidelines for this command. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Example console(config-router)#neighbor FE80::0202:B3FF:FE1E:8329 description TestSystem neighbor ebgp-multihop Use the neighbor ebgp-multihop command to configure BGP to form neighborship with external peers that are not directly connected.
2CSNXXX_SWUM204.book Page 1291 Monday, January 25, 2016 1:25 PM Default Configuration The default hop count is 64. Command Mode BGP Router Configuration mode, IPv6 Address Family Configuration mode User Guidelines The ebgp-multihop parameter is relevant only for external BGP neighbors. For internal BGP neighbors, the TTL value remains 64 and can’t be modified. A neighbor can inherit this configuration from a peer template.
2CSNXXX_SWUM204.book Page 1292 Monday, January 25, 2016 1:25 PM 3 If autodetect neighbor is configured on an interface, a link-local IPv6 neighbor cannot be configured on the same interface. 4 If more than one link local IPv6 address is detected on the specified interface, this is considered to be an error and the address auto-detection fails. 5 The feature is supported only on platforms that also support the RFC 5549. 6 The feature is applicable only for directly connected neighbors.
2CSNXXX_SWUM204.book Page 1293 Monday, January 25, 2016 1:25 PM • in—The AS Path list is applied to advertisements received from the neighbor. • out—The AS Path list is applied to advertisements to be sent to the neighbor. Default Configuration No neighbor filter lists are configured by default. Command Mode BGP Router Configuration mode User Guidelines Only a single AS path list can be configured in each direction for each neighbor.
2CSNXXX_SWUM204.book Page 1294 Monday, January 25, 2016 1:25 PM no neighbor { ip-address | ipv6-address [ interface interface-id ]} filter-list as-path-list-number {in | out} • ip-address—The neighbor’s IPv4 address. • ipv6-address [interface interface-id]—The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. • as-path-list-number —Identifies an AS path list.
2CSNXXX_SWUM204.book Page 1295 Monday, January 25, 2016 1:25 PM Syntax neighbor { ip-address | ipv6-address [ interface interface-id ] ] | autodetect interface interface-id} inherit peer template-name no neighbor { ip-address | ipv6-address [ interface interface-id ] | autodetect interface interface-id} inherit peer template-name • ip-address—The neighbor’s IPv4 address. • ipv6-address [interface interface-id]—The neighbor’s IPv6 address.
2CSNXXX_SWUM204.book Page 1296 Monday, January 25, 2016 1:25 PM console(config-router)# template peer AGGR console(config-rtr-tmp)# timers 3 9 console(config-rtr-tmp)# address-family ipv4 console(config-rtr-tmp-af)# send-community console(config-rtr-tmp-af)# route-map RM4-IN in console(config-rtr-tmp-af)# route-map RM4-OUT out console(config-rtr-tmp-af)# exit console(config-rtr-tmp)# exit console(config-router)# neighbor 172.20.1.2 inherit peer AGGR console(config-router)# neighbor 172.20.2.
2CSNXXX_SWUM204.book Page 1297 Monday, January 25, 2016 1:25 PM Command Mode BGP Router Configuration mode, IPv4 Address Family Configuration mode User Guidelines In typical data center deployments using CLOS networks, the peering is all external BGP between the BGP devices requiring an unique ASN for each router. Normally, the private BGP networks are expected to use private AS numbers. But, there are only 1024 private AS numbers in the standard 2-byte ASN.
2CSNXXX_SWUM204.book Page 1298 Monday, January 25, 2016 1:25 PM neighbor maximum-prefix (BGP Router Configuration) Use the neighbor maximum-prefix command to configure the maximum number of IPv4 prefixes that BGP will accept from a specified neighbor.
2CSNXXX_SWUM204.book Page 1299 Monday, January 25, 2016 1:25 PM Default Configuration There is no prefix limit by default. The default warning threshold is 75%. A neighbor that exceeds the limit is shut down by removing the adjacency unless the warning-only option is configured. Command Mode BGP Router Configuration mode User Guidelines If the peering session is shut down, the adjacency stays down until clear ip bgp is issued for the neighbor. Different limits can be set for IPv4 and IPv6.
2CSNXXX_SWUM204.book Page 1300 Monday, January 25, 2016 1:25 PM • interface-id—If the neighbor’s IPv6 address is a link local address, the local VLAN routing interface must also be specified. • maximum—The maximum number of prefixes BGP will accept from this neighbor. Range 0-4294967295. Values greater than the free space in the route table are not enforced. • threshold—The percentage of the maximum number of prefixes BGP configured for this neighbor.
2CSNXXX_SWUM204.book Page 1301 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#neighbor FE80::0202:B3FF:FE1E:8329 maximum-prefix unlimited neighbor next-hop-self (BGP Router Configuration) The neighbor next-hop-self command configures BGP to set the next hop attribute to a local IP address when advertising a route to an internal peer. Normally, BGP retains the next hop attribute received from the external peer.
2CSNXXX_SWUM204.book Page 1302 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#neighbor FE80::0202:B3FF:FE1E:8329 next-hop-self neighbor next-hop-self (IPv6 Address Family Configuration) In IPv6 address family configuration mode, the neighbor next-hop-self command configures BGP to use a local address as the IPv6 next hop when advertising IPv6 routes to a specific peer.
2CSNXXX_SWUM204.book Page 1303 Monday, January 25, 2016 1:25 PM In IPv6 Address Family Configuration mode, the command accepts either an IPv4 or an IPv6 address. For IPv6, BGP uses an IPv6 address from the local interface that terminates the peering session. Command History Introduced in version 6.2.0.1 firmware.
2CSNXXX_SWUM204.book Page 1304 Monday, January 25, 2016 1:25 PM Command Mode BGP Router Configuration mode IPv4 Address Family Configuration mode User Guidelines MD5 must either be enabled or disabled on both peers. The same password must be configured on both peers. After a TCP connection is established, if the password on one end is changed, then the password on the other end must be changed to match before the hold time expires.
2CSNXXX_SWUM204.book Page 1305 Monday, January 25, 2016 1:25 PM • interface vlan vlan-id—The local interface/VLAN ID over which the IPv6 neighbor can be reached. Range: 1-4093. • in—Apply the prefix list to advertisements received from this neighbor. • out—Apply the prefix list to advertisements to be sent to this neighbor. Default Configuration No prefix list is configured.
2CSNXXX_SWUM204.book Page 1306 Monday, January 25, 2016 1:25 PM • prefix-list-name—The name of an IP prefix list. • ipv6-address—The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. This command is available in IPv6 address family mode. • interface vlan vlan-id—The local interface/VLAN ID over which the IPv6 neighbor can be reached. Range: 1-4093. • in—Apply the prefix list to advertisements received from this neighbor.
2CSNXXX_SWUM204.book Page 1307 Monday, January 25, 2016 1:25 PM no neighbor { ip-address | ipv6-address [interface vlan vlan-id] | autodetect interface interface-id } remote-as • ip-address—The neighbor’s IPv4 address. For external peers, this address must be an IPv4 address on the link that connects the two peers. For internal peers, the neighbor address can be any address, such as the IPv4 address of a loopback interface. • ipv6-address—The neighbor’s IPv6 address.
2CSNXXX_SWUM204.book Page 1308 Monday, January 25, 2016 1:25 PM neighbor remove-private-as Use the neighbor remove-private-as command to remove private AS numbers when advertising IPv4 routes to an external peer. To stop removing private AS numbers, use the no form of this command.
2CSNXXX_SWUM204.book Page 1309 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#neighbor 10.130.14.55 remove-private-as neighbor rfc5549-support Use the neighbor rfc5549-support command to enable advertisement of IPv4 routes over IPv6 next hops selectively to an external BGP IPv6 peer. To disable advertisement of these routes, use the no form of this command.
2CSNXXX_SWUM204.book Page 1310 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.3.0.1 firmware. Example The following example results in the connected IPv4 networks 1.1.1.0/24 and 2.2.2.0/24 advertised with next hop set to 2001::1 only to eBGP IPv6 peer 2001::2 and not to eBGP peer 2002::2.
2CSNXXX_SWUM204.book Page 1311 Monday, January 25, 2016 1:25 PM • route-map map-name—The name of the route map to be used to filter route updates on the specified interface. • in | out—Whether the route map is applied to incoming or outgoing routes. Default Configuration No route maps are applied by default. Command Mode A route map can be used to change the local preference, MED, or AS Path of a route. Routes can be selected for filtering or modification using an AS path access list or a prefix list.
2CSNXXX_SWUM204.book Page 1312 Monday, January 25, 2016 1:25 PM no neighbor { ip-address | ipv6-address [ interface vlan vlan-id]} route-map map-name { in | out } • ip-address—The neighbor’s IP address. • ipv6-address—The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. Valid in IPv6 address family mode. • interface vlan vlan-id—The local interface/VLAN ID over which the IPv6 neighbor can be reached. Range 1-4093.
2CSNXXX_SWUM204.book Page 1313 Monday, January 25, 2016 1:25 PM neighbor route-reflector-client (BGP Router Configuration) To configure an internal peer as an IPv4 route reflector client, use the neighbor route-reflector-client command. Syntax neighbor ip-address route-reflector-client no neighbor ip-address route-reflector-client • ip-address—The neighbor’s IPv4 address. Default Configuration Peers are not route reflector clients by default.
2CSNXXX_SWUM204.book Page 1314 Monday, January 25, 2016 1:25 PM Example console(config-router)#neighbor 10.130.14.55 route-reflector-client neighbor route-reflector-client (IPv6 Address Family Configuration) To configure an internal peer as an IPv4 route reflector client, use the neighbor route-reflector-client command.
2CSNXXX_SWUM204.book Page 1315 Monday, January 25, 2016 1:25 PM An external peer may not be configured as a route reflector client. When reflecting a route, BGP ignores the set statements in an outbound route map to avoid causing the receiver to compute routes that are inconsistent with other routers in the AS. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#neighbor 10.130.14.
2CSNXXX_SWUM204.book Page 1316 Monday, January 25, 2016 1:25 PM Example console(config-router)#neighbor 10.130.14.55 send-community neighbor send-community (IPv6 Address Family Configuration) In IPv6 address family configuration mode, the neighbor send-community command tells BGP to send the COMMUNITIES attribute with routes advertised to the peer.
2CSNXXX_SWUM204.book Page 1317 Monday, January 25, 2016 1:25 PM neighbor shutdown Use the neighbor shutdown command to administratively disable communications with a specific BGP neighbor. The effect is to gracefully bring down the adjacency with the neighbor. If the adjacency is up when the command is given, the peering session is dropped and all route information learned from the neighbor is purged.
2CSNXXX_SWUM204.book Page 1318 Monday, January 25, 2016 1:25 PM User Guidelines When a neighbor is shut down, BGP first sends a NOTIFICATION message with a Cease error code. When an adjacency is administratively shut down, the adjacency stays down until administratively re-enabled (using no neighbor shutdown). Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Example console(config-router)#neighbor 10.130.14.
2CSNXXX_SWUM204.book Page 1319 Monday, January 25, 2016 1:25 PM • keepalive—The time, in seconds, between BGP KEEPALIVE packets sent to a neighbor. The range is 0 to 65,535 seconds. A small internal jitter is applied to the keepalive interval timer in order to reduce the CPU load that may occur when multiple timers expire simultaneously. • holdtime—The time, in seconds, that BGP continues to consider a neighbor to be alive without receiving a BGP KEEPALIVE or UPDATE packet from the neighbor.
2CSNXXX_SWUM204.book Page 1320 Monday, January 25, 2016 1:25 PM Syntax neighbor { ip-address | ipv6-address [ interface vlan vlan-id ] | autodetect interface interface-id }} update-source interface no neighbor { ip-address | ipv6-address [ interface vlan vlan-id ] | autodetect interface interface-id }} update-source • ip-address—The neighbor’s IPv4 address. This is the IP address of the neighbor on the connected link. • ipv6-address—The neighbor’s IPv6 address.
2CSNXXX_SWUM204.book Page 1321 Monday, January 25, 2016 1:25 PM It is common to use an IP address on a loopback interface as an update source because a loopback interface is always reachable as long as any routing interface is up. The peering session will stay up as long as the loopback interface remains reachable. If you use an IP address on a routing interface, then the peering session will go down if that interface goes down. Command History Introduced in version 6.2.0.1 firmware. Updted in version 6.
2CSNXXX_SWUM204.book Page 1322 Monday, January 25, 2016 1:25 PM • prefix-length—The length of the IPv6 prefix given as part of the ipv6prefix. Required if a prefix is specified. A decimal value in the range 1 to 128 that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address) in /length format. A slash mark must precede the decimal value in /length format.
2CSNXXX_SWUM204.book Page 1323 Monday, January 25, 2016 1:25 PM network (IPv6 Address Family Configuration) In IPv6 address family configuration mode, the network command identifies network IPv6 prefixes that BGP originates in route advertisements to its neighbors.
2CSNXXX_SWUM204.book Page 1324 Monday, January 25, 2016 1:25 PM User Guidelines BGP supports up to 64 networks. The network command may also be used specify a default route (network 0.0.0.0 mask 0.0.0.0). If a route map is configured to set attributes on the advertised routes, match as-path and match community terms in the route map are ignored. A match ip-address prefix-list term is honored in this context.
2CSNXXX_SWUM204.book Page 1325 Monday, January 25, 2016 1:25 PM – Type 1 external route. – Type 2 external route. • tag-value—Inserts the specified tag value into redistributed routes.(Range: 0–4294967295) • subnets—Specifies whether to redistribute the routes to subnets. Default Configuration The default tag value is 0. There is no default metric or route map configured. Command Mode Router BGP Configuration mode User Guidelines The configured metric value is specific to the routes distributed.
2CSNXXX_SWUM204.book Page 1326 Monday, January 25, 2016 1:25 PM rd Use the rd command to configure a BGP routing session to advertise VPNIPv4 prefixes. Use the no form of this command to delete the VPN-IPv4 configuration. Syntax rd route-distinguisher no rd route-distinguisher— A 2-byte or an 8-byte value to be prepended to an IPv4 prefix to create a VPN IPv4 prefix.
2CSNXXX_SWUM204.book Page 1327 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.3.0.1 firmware. Example The following example shows how to configure an RD for a VRF instance in ASN format: console(config)#ip vrf Customer_A console(config-vrf-Customer_A)#rd 62001:10 console(config-vrf-Customer_A)#exit The following example shows how to configure an RD for a VRF instance in IPv4 address format: console(config)#ip vrf Customer_A console(config-vrf-Customer_A)#rd 192.168.10.
2CSNXXX_SWUM204.book Page 1328 Monday, January 25, 2016 1:25 PM • match—(Optional) By default, if BGP is configured to redistribute OSPF routes, BGP only redistributes internal routes (OSPF intra-area and interarea routes). Use of the match option configures BGP to also redistribute specific types of external routes, or to disable redistribution of internal OSPF routes. The match option is only valid for OSPF originated routes.
2CSNXXX_SWUM204.book Page 1329 Monday, January 25, 2016 1:25 PM redistribute (IPv6 Address Family Configuration) In IPv6 address family configuration node, the redistribute command configures BGP to redistribute non-BGP routes from the IPv6 routing table.
2CSNXXX_SWUM204.book Page 1330 Monday, January 25, 2016 1:25 PM Command Mode IPv6 Address Family Configuration mode User Guidelines The distribute-list out command can also be used to filter redistributed routes by prefix. Either a redistribute route map or a distribute list may be configured, but not both. Successive invocations of the redistribute command are additive. The redistribute command does not overwrite previous redistribute command configuration or the default configuration.
2CSNXXX_SWUM204.book Page 1331 Monday, January 25, 2016 1:25 PM • import—Imports routing information from the target VPN extended community. • both—Exports and imports the routing information to/from the target VPN extended community. • rt-ext-comm — The route-target extended community attributes to be added to the list of import, export or both (import and export) route-target extended communities. The route target specifies a target VPN extended community.
2CSNXXX_SWUM204.book Page 1332 Monday, January 25, 2016 1:25 PM Example The following example shows how to configure route target extended community attributes for a VRF instance in IPv4. The result of this command sequence is that VRF named Customer_A has two export extended communities (100:10 and 300:10) and two import extended communities (300:10 and 192.168.10.1:10).
2CSNXXX_SWUM204.book Page 1333 Monday, January 25, 2016 1:25 PM User Guidelines The route target (RT) extended community attribute is configured with the rt keyword. This attribute is used to identify VRFs that may receive routes that are tagged with the configured route target. Configuring the route target extended attribute with a route allows that route to be placed in the per-site forwarding tables that are used for routing traffic that is received from corresponding sites.
2CSNXXX_SWUM204.book Page 1334 Monday, January 25, 2016 1:25 PM • • value — Specifies the site of origin extended community value. This value can be entered in one of the following formats: – 16-bit AS number :your 32-bit value (Ex : 100 :11) – 32-bit IPv4 address :your 16-bit value (Ex : 10.1.1.1 :22 additive–Adds a route target to the exsisting route target list without replacing any existing route targets. Default Configuration No site of origin extended community attributes are set.
2CSNXXX_SWUM204.book Page 1335 Monday, January 25, 2016 1:25 PM The receiving BGP router will apply the route map with an extended community list in the inward direction. show bgp ipv6 Use this command to display IPv6 routes in the BGP routing table. This command deprecates and replaces the show ipv6 bgp command. Syntax show bgp ipv6[ipv6-prefix/prefix-length [ longer-prefixes | shorter-prefixes [ length ] ] | filter-list as-path-list ] • ipv6-prefix—An IPv6 network prefix.
2CSNXXX_SWUM204.book Page 1336 Monday, January 25, 2016 1:25 PM Command Mode User Exec mode, Privileged EXEC mode, Global Config mode and all submodes User Guidelines The following fields are displayed. Field Description BGP table version Each time phase 2 of the BGP decision process runs to select new BGP routes, this number is incremented.
2CSNXXX_SWUM204.book Page 1337 Monday, January 25, 2016 1:25 PM Origin codes: i - IGP, e - EGP, ? - incomplete Network *> 2001:DB8::/48 *> 2001:DB8:4:5::/64 Next Hop 3FFE:100::1 3FFE:200::4 3FFE:100::1 Metric 10 10 LocPrf 100 Path 20 10 i 100 20 10 ? show bgp ipv6 aggregate-address Use this command to display the configured IPv6 aggregate addresses and indicates if each address is currently active. This command replaces and deprecates the show ipv6 bgp aggregate-address command.
2CSNXXX_SWUM204.book Page 1338 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.2.0.1 firmware. Modified in version 6.3.0.1 firmware. Example console# show bgp ipv6 aggregate-address Prefix/Len ---------------2001:DB8::/48 3ffe:4000:1::/48 AS Set -----N N Summary Only -----------Y Y Active -----Y Y show bgp ipv6 community Use this command to display IPv6 routes that belong to the specified set of communities.
2CSNXXX_SWUM204.book Page 1339 Monday, January 25, 2016 1:25 PM Field Description BGP table version Each time phase 2 of the BGP decision process runs to select new BGP routes, this number is incremented.
2CSNXXX_SWUM204.book Page 1340 Monday, January 25, 2016 1:25 PM show bgp ipv6 community-list Use this command to display the IPv6 routes that match a specified community list. Syntax show bgp ipv6 community-list name [ exact-match ] • name—A standard community list name. • exact-match—Displays only routes that are an exact match for the set of communities in the matching community list statement. Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 1341 Monday, January 25, 2016 1:25 PM LocPrf The local preference Path The AS path Origin The value of the Origin attribute Command History Introduced in version 6.2.0.1 firmware. Example BGP table version is 0, local router ID is 65.1.1.
2CSNXXX_SWUM204.book Page 1342 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.3.0.1 firmware. Example console#show bgp ipv6 listen range Listen Range .................................. 2001::1/64 Inherited Template ............................ template_2001 Member ASN State --------------------------------------- ----- ----------2001::10 65001 OPENCONFIRM 2001::20 0 ACTIVE Listen Range .................................. 2002::1/64 Inherited Template ............................
2CSNXXX_SWUM204.book Page 1343 Monday, January 25, 2016 1:25 PM Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode and all show modes User Guidelines • "RFC 5549 Support" is displayed only if the BGP neighbor is peered over IPv6 network. • If the peer is configured as “autodetect”, the “Remote Address” shows detected IPv6 address or “Unresolved” in case if the peer is not detected by the autodetect feature.
2CSNXXX_SWUM204.book Page 1344 Monday, January 25, 2016 1:25 PM Neighbor Capabilities Optional capabilities reported by the neighbor, recognized and accepted by this router. Codes listed in the show output are as follows: • MP: Multiprotocol • RF: Route Refresh This version of Dell Networking does not support any multiprotocol AFI/SAFI pairs other than IPv4 unicast. The presence of this capability does not imply otherwise.
2CSNXXX_SWUM204.book Page 1345 Monday, January 25, 2016 1:25 PM Negotiated Hold Time The minimum configured hold time and the hold time in the OPEN message received from this neighbor. If the local router does not receive a KEEPALIVE or UPDATE message from this neighbor within this interval of time, the local router drops the adjacency. This field is only shown if the adjacency state is OPEN CONFIRM or greater. Keep Alive Time The number of seconds between KEEPALIVE messages sent to this neighbor.
2CSNXXX_SWUM204.book Page 1346 Monday, January 25, 2016 1:25 PM Received Update Queue Size Received UPDATE messages are queued for processing. This section shows the current length of the neighbor’s UPDATE queue in bytes, the high water mark, the limit, and the number of UPDATEs that have been dropped because the queue reached the limit. The following fields are displayed for IPv4 and for IPv6. Prefixes Advertised A running count of the number of prefixes advertised to or received from this neighbor.
2CSNXXX_SWUM204.book Page 1347 Monday, January 25, 2016 1:25 PM Peer Admin Status ............................. Peer State .................................... Peer Type ..................................... Local Port .................................... Remote Port ................................... Connection Retry Interval ..................... Neighbor Capabilities ......................... IPv4 Unicast Support .......................... IPv6 Unicast Support ..........................
2CSNXXX_SWUM204.book Page 1348 Monday, January 25, 2016 1:25 PM show bgp ipv6 neighbors advertised-routes Use this command to display IPv6 routes advertised to a specific neighbor. The format and field descriptions are the same as for show ip bgp neighbors advertised-routes, except that the Netowrk and Next Hop fields show IPv6 addresses. This command deprecates and replaces the show ipv6 bgp neighbors advertised-routes command.
2CSNXXX_SWUM204.book Page 1349 Monday, January 25, 2016 1:25 PM Network The Destination prefix. Next Hop The BGP Next Hop as advertised to the peer. Metric The value of the Multi Exit Discriminator (MED), if the MED is advertised to the peer. LocPref The local preference. Local preference is never advertised to external peers. Path The AS path. The AS path does not include the local AS number, which is added to the beginning of the AS path when a route is advertised to an external peer.
2CSNXXX_SWUM204.book Page 1350 Monday, January 25, 2016 1:25 PM show bgp ipv6 neighbors policy Use this command to display the inbound and outbound IPv6 policies configured for a specific peer. The output distinguishes policies that are configured on the peer itself and policies that the peer inherits from a peer template. This command deprecates and replaces the show ipv6 bgp neighbors policy command.
2CSNXXX_SWUM204.book Page 1351 Monday, January 25, 2016 1:25 PM Modified in version 6.3.0.1 firmware. Example console#show bgp ipv6 neighbors fe80::1 vlan 10 policy Neighbor Policy Template --------------- ------------------------------------------------ ----------fe80::1%Vl0010 activate prefix-list jupiter in prefix-list saturn out maximum-prefix 2000 send-community show bgp ipv6 neighbors received-routes Use this command to display a list of IPv6 routes received from a specific neighbor.
2CSNXXX_SWUM204.book Page 1352 Monday, January 25, 2016 1:25 PM Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC and all show modes User Guidelines The following fields are displayed. Field Description Network The destination prefix. Next Hop The BGP Next Hop as advertised by the peer. Metric The value of the MED, if a MED is received from the peer. Local Pref The local preference received from the peer.
2CSNXXX_SWUM204.book Page 1353 Monday, January 25, 2016 1:25 PM Local router ID is 0.0.0.101 Origin codes: i - IGP, e - EGP, ? - incomplete Network ------------------1010:10::/64 2020:20::/64 Next Hop ---------------1010:10::103 1010:10::103 Metric LocPref Path Origin ---------- ------- ------------- -----0 65001 i 0 65001 i show bgp ipv6 statistics Use this command to display statistics for the IPv6 decision process. This command deprecates and replaces the show ipv6 bgp statistics command.
2CSNXXX_SWUM204.book Page 1354 Monday, January 25, 2016 1:25 PM Reason The event that triggered the decision process to run Peer Phase 1 of the decision process can be triggered for a specific peer when a peer’s inbound routing policy changes or the peer is reset. When phase 1 is run for a single peer, the peer’s IP address is given. Duration How long the decision process took, in milliseconds Adds The number of routes added.
2CSNXXX_SWUM204.book Page 1355 Monday, January 25, 2016 1:25 PM Syntax show bgp ipv6 summary Default Configuration There is no default configuration for this command. Command Mode User Exec mode, Privileged EXEC mode, Global Configuration mode and all sub-modes. User Guidelines The following fields are displayed. Field Description Admin Mode Whether BGP is globally enabled. BGP Router ID The configured router ID. Local AS Number The router’s AS number. Traps Whether BGP traps are enabled.
2CSNXXX_SWUM204.book Page 1356 Monday, January 25, 2016 1:25 PM Default Route Advertise Whether BGP is configured to advertise a default route. Corresponds to default-information originate. Redistributing Source A source of routes that BGP is configured to redistribute. Metric The metric configured with the redistribute command. Match Value For routes redistributed from OSPF, the types of OSPF routes being redistributed.
2CSNXXX_SWUM204.book Page 1357 Monday, January 25, 2016 1:25 PM Local AS Number ............................... Traps ......................................... Maximum Paths ................................. Maximum Paths iBGP ............................ Default Keep Alive Time ....................... Default Hold Time ............................. Number of Network Entries ..................... Number of AS Paths ............................ Dynamic Neighbors Current/High/Limit ..........
2CSNXXX_SWUM204.book Page 1358 Monday, January 25, 2016 1:25 PM • ipv6-address [ interface interface-id ]—The IPv6 address of a peer. If the peer address is a link local address, the interface that defines the scope of the address must also be given. If a peer address is specified, this option restricts the output to the update group containing the peer with the given address.
2CSNXXX_SWUM204.book Page 1359 Monday, January 25, 2016 1:25 PM Fields Description Update Group ID Unique identifier for outbound update group. Peer Type Whether peers in this update group are internal or external. Minimum Advertisement Interval The minimum time, in seconds, between sets of UPDATE messages sent to the group. Send Community Whether BGP communities are included in route advertisements to members of the group. Yes or No.
2CSNXXX_SWUM204.book Page 1360 Monday, January 25, 2016 1:25 PM UPDATE Send Failures The number of UPDATE messages that failed to be delivered to all members of the group. Current Members The IPv4 address of all current members of the group. Command History Introduced in version 6.2.0.1 firmware. Modified in version 6.3.0.1 firmware. show bgp ipv6 route-reflection Use this command to display a summary of BGP route reflection.
2CSNXXX_SWUM204.book Page 1361 Monday, January 25, 2016 1:25 PM Client-to-Client Reflection Displayed as Enabled when this router reflects routes received from its clients to its other clients. Disabled otherwise. Clients A list of this router’s internal peers which have been configured as route reflector clients. Non-client Internal Peers A list of this router’s internal peers that are not configured as route reflector clients. Routes from nonclient peers are reflected to clients and vice-versa.
2CSNXXX_SWUM204.book Page 1362 Monday, January 25, 2016 1:25 PM • shorter-prefixes [ length ]—(Optional) Used with the network/pfx-len option to show routes whose prefix length is shorter than pfx-len, and, optionally, longer than a specified length. This option may not be given if the longer-prefixes option is given. • filter-list as-path-list—(Optional) Filter the output to the set of routes that match a given AS Path list. This option may not be given if a network/pfx-len option is given.
2CSNXXX_SWUM204.book Page 1363 Monday, January 25, 2016 1:25 PM LocPrf The local preference Path The AS path Origin The value of the Origin attribute Command History Introduced in version 6.2.0.1 firmware. Example console# show ip bgp BGP table version is 5, local router ID is 20.1.1.1 Status codes: s suppressed, * valid, > best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network *> 172.20.1.0/24 *> 172.20.2.0/24 Next Hop 100.10.1.1 200.10.1.1 100.10.1.
2CSNXXX_SWUM204.book Page 1364 Monday, January 25, 2016 1:25 PM User Guidelines If the vrf argument is specified, information pertaining to that VRF is displayed. The following fields are displayed. Field Description Prefix/Len Destination prefix and length AS Set Indicates whether an empty AS path is advertised with the aggregate address (N) or an AS SET is advertised with the set of AS numbers for the paths contributing to the aggregate (Y).
2CSNXXX_SWUM204.book Page 1365 Monday, January 25, 2016 1:25 PM • communities—A string of zero or more community values, which may be in either format and may contain the community keywords no-advertise and no-export. The output displays routes that belong to every community specified in the command. • exact-match—Only displays routes that are members of the communities specified in the command. Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 1366 Monday, January 25, 2016 1:25 PM • vrf vrf-name—Displays the route information associated with the named VRF. • name—A standard community list name. • exact-match—(Optional) Only displays routes that are members of those and only those communities specified in the command. Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 1367 Monday, January 25, 2016 1:25 PM Syntax show ip bgp extcommunity-list list-number • list-number — A standard extended community list number (0 to 99). Default Configuration No extended community lists are configured by default. Command Mode Privileged Exec and Global Config modes User Guidelines The following fields are displayed. Field Description Standard extended community-list The standard named extended community list.
2CSNXXX_SWUM204.book Page 1368 Monday, January 25, 2016 1:25 PM show ip bgp listen range Use the show ip bgp listen range command to display information about IPv4 BGP listen ranges. Syntax show ip bgp [vrf vrf-name] listen range [ network/length ] • network/length — Displays information about the specified listen range. • vrf-name—The name of a previously configured VRF. Default Configuration By default, all listen ranges are shown.
2CSNXXX_SWUM204.book Page 1369 Monday, January 25, 2016 1:25 PM show ip bgp neighbors The show ip bgp neighbors command shows details about BGP neighbor configuration and status. Syntax show ip bgp [vrf vrf-name] neighbors [neighbor-address] • neighbor-address—(Optional) The IPv4 address of a neighbor. Used to limit the output to a single neighbor. • vrf vrf-name — Displays the aggregate address information associated with the named VRF.
2CSNXXX_SWUM204.book Page 1370 Monday, January 25, 2016 1:25 PM Peer State The adjacency state of this neighbor Local Port TCP port number on the local end of the connection Remote Port TCP port number on the remote end of the connection Connection Retry Interval How long BGP waits between connection retries Neighbor Capabilities Optional capabilities reported by the neighbor, recognized and accepted by this router.
2CSNXXX_SWUM204.book Page 1371 Monday, January 25, 2016 1:25 PM Prefix Limit The maximum number of prefixes this router is willing to accept from this neighbor. Prefix Warning Threshold Percentage of the prefix limit that causes a warning message to be logged. Warning Only on Prefix Limit Whether to shutdown a neighbor that exceeds the prefix limit. TRUE if the event is logged without shutting down the neighbor.
2CSNXXX_SWUM204.book Page 1372 Monday, January 25, 2016 1:25 PM If the router receives an UPDATE message with an invalid path attribute, the router will in most cases send a NOTIFICATION message and reset the adjacency. BGP maintains a per-neighbor counter for each type of path attribute error. This show command lists each non-zero counter, just after the LastSubError.
2CSNXXX_SWUM204.book Page 1373 Monday, January 25, 2016 1:25 PM Missing mandatory path attribute An UPDATE message was received without a mandatory path attribute. Missing LOCAL PREF attribute An UPDATE message was received from an internal peer without the LOCAL PREF attribute. Invalid prefix in UPDATE NLRI An UPDATE message received from this peer contained a syntactically incorrect prefix. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware.
2CSNXXX_SWUM204.book Page 1374 Monday, January 25, 2016 1:25 PM Time Since Last Update ........................ No UPDATE received IPv4 Outbound Update Group .................... None Msgs Sent Msgs Rcvd Open 2287 2122 Update 0 0 Keepalive 0 0 Notification 2122 0 Received UPDATE Queue Size: 0 bytes.
2CSNXXX_SWUM204.book Page 1375 Monday, January 25, 2016 1:25 PM Last Error (Sent).............................. Last SubError.................................. Time Since Last Error.......................... Established Transitions ....................... Established Time .............................. Time Since Last Update ........................ Outbound Update Group..........................
2CSNXXX_SWUM204.book Page 1376 Monday, January 25, 2016 1:25 PM Syntax show ip bgp [vrf vrf-name] neighbors ip-address advertised-routes • ip-address—The IPv4 address of a neighbor. • vrf vrf-name — Displays the aggregate address information associated with the named VRF. Default Configuration By default, information about the global VRF is shown.
2CSNXXX_SWUM204.book Page 1377 Monday, January 25, 2016 1:25 PM Metric The value of the Multi Exit Discriminator, if the MED is advertised to the peer. Path The AS path. The AS path does not include the local AS number, which is added to the beginning of the AS path when a route is advertised to an external peer. Origin The value of the Origin attribute. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Example console#show ip bgp neighbors 10.10.10.
2CSNXXX_SWUM204.book Page 1378 Monday, January 25, 2016 1:25 PM • Routes—Display both the received and advertised routes. • Rejected-routes—Display the routes rejected from the specified neighbor. Default Configuration By default, information about the global VRF is shown. Command Mode Privileged Exec mode, Global Configuration mode and all sub-modes User Guidelines If the vrf-name argument is specified, information pertaining to that VRF is displayed. The following fields are displayed.
2CSNXXX_SWUM204.book Page 1379 Monday, January 25, 2016 1:25 PM Network 172.20.1.0/24 20.1.1.0/24 Next Hop 172.20.101.1 172.20.101.1 Metric 10 Local Pref Path 100 20 10 100 20 Origin i ? console#show ip bgp neighbors 10.10.10.3 routes Local router ID is 0.0.0.101 Origin codes: i - IGP, e - EGP, ? - incomplete Network ------------------1.1.1.0/24 1.2.0.0/16 1.2.3.0/24 Next Hop ---------------10.10.10.3 10.10.10.3 10.10.10.
2CSNXXX_SWUM204.book Page 1380 Monday, January 25, 2016 1:25 PM Fields Description Neighbor The peer address of a neighbor. Policy A neighbor-specific BGP policy. Template If the policy is inherited from a peer template, this field lists the template name. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Example console #show ip bgp neighbors 172.20.101.
2CSNXXX_SWUM204.book Page 1381 Monday, January 25, 2016 1:25 PM • vrf vrf-name — Displays the aggregate address information associated with the named VRF. Default Configuration By default, information about the global VRF is shown. Command Mode Privileged Exec mode, Global Configuration mode and all sub-modes User Guidelines If a route reflector client is configured with an outbound route map, the output warns that set statements in the route map are ignored when reflecting routes to this client.
2CSNXXX_SWUM204.book Page 1382 Monday, January 25, 2016 1:25 PM Example console # show ip bgp route-reflection Cluster ID........................ 1.1.1.1 (configured) Client-to-client Reflection....... Enabled Clients: 172.20.1.2, 172.20.3.2, 172.20.5.2 Non-client Internal Peers: 192.168.1.2, 192.168.2.2 Skipping set statements in outbound route map gandolf when reflecting to internal peer 172.20.1.2. show ip bgp statistics This command displays recent decision process history.
2CSNXXX_SWUM204.book Page 1383 Monday, January 25, 2016 1:25 PM User Guidelines If the vrf-name argument is specified, information pertaining to that VRF is displayed. The following information is displayed. Fields Description Delta T How long since the decision process was run. hours:minutes:seconds if the elapsed time is less than 24 hours. Otherwise, days:hours. Phase The phase of the decision process that was run. Upd Grp Outbound update group ID. Only applies when phase 3 is run.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1385 Monday, January 25, 2016 1:25 PM Local AS Number The router’s AS number Traps Whether BGP traps are enabled. Maximum Paths The maximum number of next hops in an external BGP route. Maximum Paths iBGP The maximum number of next hops in an internal BGP route. Default Keep Alive Time The configured keepalive time used by all peers that have not been configured with a peer-specific keepalive time.
2CSNXXX_SWUM204.book Page 1386 Monday, January 25, 2016 1:25 PM MsgRcvd The number of BGP messages received from this neighbor. MsgSent The number of BGP messages sent to this neighbor. State The adjacency state. One of IDLE, CONNECT, ACTIVE, OPEN SENT, OPEN CNFRM, EST. Up/Down Time How long the adjacency has been in the ESTABLISHED state, or, if the adjacency is down, how long it has been down. In days:hours:minutes:seconds. Pfx Rcvd The number of prefixes received from the neighbor.
2CSNXXX_SWUM204.book Page 1387 Monday, January 25, 2016 1:25 PM ---------------- ----- -------- -------- ------------- -------------- -----10.10.10.10 65000 2269 4666 ESTABLISHED 0:00:17:15 0 show ip bgp template The show ip bgp template command lists the routes that are allowed by the specified community list. Syntax show ip bgp template [ template-name ] • template-name—(Optional) Limits the output to a single template Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1389 Monday, January 25, 2016 1:25 PM The output shows when BGP counters were last cleared (using clear ip bgp counters). Clearing counters resets all values in this output to 0 except for the high water mark for the work queues. The first table lists the number of BGP messages of each type that this router has sent and received. Following the table is a maximum send and receive UPDATE message rate. These rates report the busiest one-second interval.
2CSNXXX_SWUM204.book Page 1390 Monday, January 25, 2016 1:25 PM Rx Data RTO Notifications MIB Queries 0 0 0 3 4 0 0 0 0 500 1222 5 show ip bgp update-group This command reports the status of IPv4 outbound update groups and their members. Syntax show ip bgp [vrf vrf-name] update-group [group-index | peer-address ] • vrf vrf-name — Displays the aggregate address information associated with the named VRF.
2CSNXXX_SWUM204.book Page 1391 Monday, January 25, 2016 1:25 PM Duration How long the update send process took, in milliseconds UPD Built The number of UPDATE messages built. UPD Sent The number of UPDATE messages successfully transmitted to group members. Normally a copy of each UPDATE message built is sent to each group member. Paths Sent The number of paths advertised. Pfxs Adv The number of prefixes advertised. Pfxs Wd The number of prefixes withdrawn.
2CSNXXX_SWUM204.book Page 1392 Monday, January 25, 2016 1:25 PM Time Since Last UPDATE Time since an UPDATE message was last sent to the group. If no UPDATE has been sent to the group, the status is “Never.” Current Prefixes The number of prefixes currently advertised to the group. Current Paths The number of paths currently advertised to the group. Prefixes Advertised The total number of prefixes advertised to the group since the group was formed.
2CSNXXX_SWUM204.book Page 1393 Monday, January 25, 2016 1:25 PM Current Members: Version 10 11 12 13 14 15 16 17 18 19 172.20.1.100, 172.20.2.100 Delta T Duration UPD Built UPD Sent Paths Sent Pfxs Adv 00:33:49 100 6 288 5 1250 00:33:49 0 4 192 3 750 00:33:49 0 2 96 1 250 00:33:49 0 2 96 1 250 00:33:49 0 1 48 0 0 00:33:49 100 8 384 7 1750 00:33:49 0 3 144 2 500 00:31:49 0 4 192 3 750 00:23:49 100 4 192 3 750 00:03:49 100 6 288 5 1250 Update Group ID............................ Peer Type.................
2CSNXXX_SWUM204.book Page 1394 Monday, January 25, 2016 1:25 PM Syntax show ip bgp vpnv4 {all | rd route-distinguisher [ipprefix/length]| vrf vrfname [ip-prefix/length] | statistics } • all— Displays the complete VPNv4 database. • rd route-distinguisher—Displays the NLRI prefixes that match the named route distinguisher. • vrf vrf-name—Displays the NLRI prefixes associated with the named VRF instance.
2CSNXXX_SWUM204.book Page 1395 Monday, January 25, 2016 1:25 PM • The "Autodetect Status” field is displayed only if the peer is configured as “autodetect”. The field shows one of the following status’: “Peer is detected”, “Peer is not detected” or “Multiple peers are detected”. The command output provides the following information.
2CSNXXX_SWUM204.book Page 1396 Monday, January 25, 2016 1:25 PM Term Description Origin Value of the ORIGIN attribute. Metric Value of the MED attribute, if included. Type Whether the path is received from an internal or external peer. IGP Cost The interior gateway cost (e.g., OSPF cost) to the BGP NEXT HOP. Peer (Peer ID) The IP address of the peer that sent this route, and its router ID. BGP Next Hop The BGP NEXT HOP attrribute.
2CSNXXX_SWUM204.book Page 1397 Monday, January 25, 2016 1:25 PM *> 24.95.16.0/24 *> 24.14.8.0/24 100.10.1.1 100.10.1.1 10 10 100 100 20 10 i 20 10 i Route Distinguisher *> 173.20.1.0/24 *> 25.95.16.0/24 *> 25.14.8.0/24 : 2:20 (for VRF blue) 120.10.1.1 10 120.10.1.1 10 120.10.1.1 10 100 100 100 20 10 i 20 10 i 20 10 i Route Distinguisher *> 174.20.1.0/24 *> 26.95.16.0/24 *> 26.14.8.0/24 : 3:30 (for VRF yellow) 130.10.1.1 10 130.10.1.1 10 130.10.1.
2CSNXXX_SWUM204.book Page 1398 Monday, January 25, 2016 1:25 PM Atomic Aggregate........................... Aggregator (AS, Router ID)................. Communities................................ Extended Community......................... Originator................................ Included 300, 14.1.1.1 no-export RT:1:100 RT:2:200 10.1.1.1 Non-best Paths: Local Preference........................... AS Path.................................... Origin..................................... Type..............
2CSNXXX_SWUM204.book Page 1399 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.3.0.1 firmware. Examples This example displays the capabilities of an N3000_N2000v6.3.x.x firmware build. console# show router-capability Switch is capable of operating as an ACCESS ROUTER MP-BGP capability is unavailable. utilizing OSPF and RIP. This example displays the capabilities of an N3000BGPv6.3.x.x firmware build.
2CSNXXX_SWUM204.book Page 1400 Monday, January 25, 2016 1:25 PM User Guidelines A peer template can be configured with parameters that apply to many peers. Neighbors can then be configured to inherit parameters from the peer template. A peer template can include both session parameters and peer policies. Peer policies are configured within an address family configuration mode and apply only to that address family. You can configure up to 32 peer templates.
2CSNXXX_SWUM204.book Page 1401 Monday, January 25, 2016 1:25 PM Example console(config)# router bgp 65000 console(config-router)# neighbor 172.20.1.2 remote-as 65001 console(config-router)# neighbor 172.20.2.
2CSNXXX_SWUM204.book Page 1402 Monday, January 25, 2016 1:25 PM for longer than the hold time, BGP drops the adjacency. If the hold time is set to 0, then BGP does not enforce a hold time and BGP does not send periodic KEEPALIVE messages. The range is 0, 3 to 65,535 seconds. Default Configuration The default keepalive time is 30 seconds. The default hold time is 90 seconds.
2CSNXXX_SWUM204.book Page 1403 Monday, January 25, 2016 1:25 PM BGP Routing Policy Dell Networking N3000/N4000 Series Switches Exterior routing protocols like BGP use industry-standard routing policy to filter and modify routing information exchanged with peers.
2CSNXXX_SWUM204.book Page 1404 Monday, January 25, 2016 1:25 PM show ip community-list – ip as-path access-list To create an AS path access list, use the ip as-path access-list. An AS path access list filters BGP routes on the AS path attribute of a BGP route.
2CSNXXX_SWUM204.book Page 1405 Monday, January 25, 2016 1:25 PM statement’s action is taken. An AS path list has an implicit deny statement at the end. If a path does not match any of the statements in an AS path list, the action is considered to be deny. Once you have created an AS path list, you cannot delete an individual statement. If you want to remove an individual statement, you must delete the AS path list and recreate it without the statement to be deleted.
2CSNXXX_SWUM204.book Page 1406 Monday, January 25, 2016 1:25 PM Example In the following example, the router is configured to reject routes received from neighbor 172.20.1.1 with an AS path that indicates the route originates in or passes through AS 100. console(config)# ip as-path access-list 1 deny _100_ console(config)# ip as-path access-list 1 deny ^100$ console(config)# router bgp 1 console(config-router)# neighbor 172.20.1.1 remote-as 200 console(config-router)# neighbor 172.20.1.
2CSNXXX_SWUM204.book Page 1407 Monday, January 25, 2016 1:25 PM ip community-list To create or configure a BGP community list, use the ip community-list command in global configuration mode. To delete a community list, use the no form of this command. Syntax ip community-list standard list-name {permit | deny} [community-number] [no-advertise] [no-export] [no-export-subconfed] [no-peer] no ip community-list standard list-name • standard list-name—Identifies a named standard community list.
2CSNXXX_SWUM204.book Page 1408 Monday, January 25, 2016 1:25 PM User Guidelines A community list statement with no community values is considered a match for all routes, regardless of their community membership. So the statement ip community-list bullseye permit is a permit all statement. A community number may be entered in either format, as a 32-bit integer or a pair of 16-bit integers separated by a colon, regardless of whether the ip bgpcommunity new-format command is active.
2CSNXXX_SWUM204.book Page 1409 Monday, January 25, 2016 1:25 PM • network mask—Specifies the match criteria for routes being compared to the prefix list statement. The network can be any valid IP prefix. The mask is any IPv4 prefix in dotted-quad notation. • ge length—(Optional) If this option is configured, a prefix is only considered a match if its network mask length is greater than or equal to this value. This value must be longer than the network length and less than or equal to 32.
2CSNXXX_SWUM204.book Page 1410 Monday, January 25, 2016 1:25 PM The command no ip prefix-list list-name deletes the entire prefix list. To remove an individual statement from a prefix list, you must specify the statement exactly, with all its options. Up to 128 prefix lists may be configured. The maximum number of statements allowed in prefix list is 64. Command History Introduced in version 6.2.0.1 firmware.
2CSNXXX_SWUM204.book Page 1411 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration User Guidelines There are no user guidelines for this command. Command History Introduced in version 6.2.0.1 firmware. Example console(config)#ip prefix-list test description test prefix lists ipv6 prefix-list To create an IPv6 prefix list or add an IPv6 prefix list entry, use the ipv6 prefix-list command in global configuration mode.
2CSNXXX_SWUM204.book Page 1412 Monday, January 25, 2016 1:25 PM • ipv6-prefix—The IPv6 network assigned to the specified prefix list. This argument must be in the form documented in RFC 2373 where the address is specified in hexadecimal using 16-bit values between colons. • prefix-length—The length of the IPv6 prefix given as part of the ipv6prefix. Required if a prefix is specified.
2CSNXXX_SWUM204.book Page 1413 Monday, January 25, 2016 1:25 PM User Guidelines The ipv6 prefix-list command is used to create IPv6 prefix lists. These are similar to ip prefix lists except that the lists are IPv6 specific. An IPv6 prefix list can contain only IPv6 addresses. Prefix lists allow matching of route prefixes against those specified in the prefix list. Each prefix list includes of a sequence of prefix list entries ordered by sequence numbers.
2CSNXXX_SWUM204.book Page 1414 Monday, January 25, 2016 1:25 PM Example The following example configures a prefix list that allows routes with one of two specific destination prefixes, 2001::/64 and 5F00::/48: console(config)# ipv6 prefix-list apple seq 10 permit 2001:: /64 console(config)# ipv6 prefix-list apple seq 20 permit 5F00:: FFFF:FFFF:FFFF:: The following example renumbers the apple prefix list beginning at sequence number 10.
2CSNXXX_SWUM204.book Page 1415 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.2.0.1 firmware. Example console(route-map)#match as-path 250 match community To configure a route map to match based on a BGP community list, use the match community command. To delete a match term from a route map, use the no form of this command. Syntax match community community-list [ community-list...] [exact-match] no match community [ community-list [ community-list...
2CSNXXX_SWUM204.book Page 1416 Monday, January 25, 2016 1:25 PM The command no match community removes the match term and all its community lists. Command History Introduced in version 6.2.0.1 firmware. Example console(route-map)#match community test match ip address prefix-list Use this command to configure a route map to match based on a destination prefix. To delete a match statement from a route map, use the no form of this command.
2CSNXXX_SWUM204.book Page 1417 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.2.0.1 firmware. Example console(route-map)#match ip address prefix-list test match ipv6 addrss prefix-list Use this command to configure a route map to match based on an IPv6 destination prefix. To delete a match statement from a route map, use the no form of this command. Syntax match ip address prefix-list prefix-list-name [prefix-list-name...
2CSNXXX_SWUM204.book Page 1418 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.2.0.1 firmware. Example In the example below, IPv6 addresses specified by the prefix list apple are matched through the route map abc. Router(config)# route-map abc Router(config-route-map)# match ipv6 address prefix-list apple show ip as-path-access-list This command displays the contents of AS path access lists.
2CSNXXX_SWUM204.book Page 1419 Monday, January 25, 2016 1:25 PM deny ^100$ AS path access list 2 deny _200_ deny ^200$ show ip community-list This command displays the contents of AS path access lists. Syntax show ip community-list [community-list-name | detail [community-listname]] • community-list-name—(Optional) A standard community list name. This option limits the output to a single community.
2CSNXXX_SWUM204.book Page 1420 Monday, January 25, 2016 1:25 PM permit 200:2 permit 200:3 show ip prefix-list This command displays the contents of IPv4 prefix lists.
2CSNXXX_SWUM204.book Page 1421 Monday, January 25, 2016 1:25 PM show ip prefix-list prefix-list-name network /length longer show ip prefix-list prefix-list-name network /length show ip prefix-list prefix-list-name seq sequence-number show ip prefix-list prefix-list-name show ip prefix-list summary show ip prefix-list summary prefix-list-name show ip prefix-list detail show ip prefix-list detail prefix-list-name show ip prefix-list The following information is displayed.
2CSNXXX_SWUM204.book Page 1422 Monday, January 25, 2016 1:25 PM ip prefix-list fred: count: 3, range entries: 3, sequences: 5 - 15, refcount: 0 console#show ip prefix-list detail fred ip prefix-list fred: count: 3, range entries: 3, sequences: 5 - 15, refcount: 0 seq 5 permit 10.10.1.1/20 ge 22 (hitcount: 0) seq 10 permit 10.10.1.2/20 le 30 (hitcount: 0) seq 15 permit 10.10.1.2/20 ge 29 le 30 (hitcount: 0) show ipv6 prefix-list This command displays the contents of IPv6 prefix lists.
2CSNXXX_SWUM204.book Page 1423 Monday, January 25, 2016 1:25 PM • first-match – (Optional) Displays the entry of a prefix list that matches the given prefix /prefix-length. Default Configuration No prefix lists are configured by default. Command Mode Privileged Exec mode, Global Configuration mode and all sub-modes. User Guidelines The following information is displayed. Fields Description count Number of entries in the prefix list. range entries Number of entries that match the input range.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1425 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.2.0.1 firmware. Example console# clear ip prefix-list orange 20.0.0.0 /8 clear ipv6 prefix-list To reset the IPv6 prefix-list counters, use the clear ipv6 prefix-list command. Syntax clear ipv6 prefix-list [list-name | list-name ipv6-prefix/prefix-length] • list-name – (Optional) Name of the IPv6 prefix list from which the hit count is to be cleared.
2CSNXXX_SWUM204.book Page 1426 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.2.0.1 firmware. Example The command below clears the counters only for the matching statement in the IPv6 prefix list apple. Router# clear ipv6 prefix-list apple FF05::/35 clear ip community-list To reset the IPv6 prefix-list counters, use the clear ipv6 prefix-list command.
2CSNXXX_SWUM204.book Page 1427 Monday, January 25, 2016 1:25 PM set as-path To prepend one or more AS numbers to the AS path in a BGP route, use the set as-path command. To remove a set command from a route map, use the no form of this command. Syntax set as-path prepend as-path-string no set as-path prepend as-path-string • prepend as-path-string—A list of AS path numbers to insert at the beginning of the AS_PATH attribute of matching BGP routes.
2CSNXXX_SWUM204.book Page 1428 Monday, January 25, 2016 1:25 PM Example console# config console(config)#route-map ppAsPath console(route-map)#set as-path prepend “2 2 2” console(route-map)#exit console(config)#router bgp 1 console(config-rtr)#neighbor 172.20.1.2 remote-as 2 console(config-rtr)#neighbor 172.20.1.2 route-map ppAsPath in set comm-list delete To remove BGP communities from an inbound or outbound UPDATE message, use the set comm-list delete command.
2CSNXXX_SWUM204.book Page 1429 Monday, January 25, 2016 1:25 PM When a route map statement includes both set community and set commlist delete terms, the set comm-list delete term is processed first, and then the set community term (that is, communities are first removed, and then communities are added). Command History Introduced in version 6.2.0.1 firmware.
2CSNXXX_SWUM204.book Page 1430 Monday, January 25, 2016 1:25 PM Command Mode Route Map Configuration User Guidelines The set community command can be used to assign communities to routes originated through BGP’s network and redistribute commands and to set communities on routes received from a specific neighbor or advertised to a specific neighbor. It can also be used to remove all communities from a route. To remove a subset of the communities on a route, use the set comm-list delete command.
2CSNXXX_SWUM204.book Page 1431 Monday, January 25, 2016 1:25 PM User Guidelines When used in a route map applied to UPDATE messages received from a neighbor, the command sets the next hop address for matching IPv6 routes received from the neighbor. When used in a route map applied to UPDATE messages sent to a neighbor, the command sets the next hop address for matching IPv6 routes sent to the neighbor.
2CSNXXX_SWUM204.book Page 1432 Monday, January 25, 2016 1:25 PM User Guidelines The local preference is the first attribute used to compare BGP routes. Setting the local preference can influence which route BGP selects as the best route. When used in conjunction with a match as-path or match ip-address command, this command can be used to prefer routes that transit certain ASs or to make the local router a more preferred exit point to certain destinations. Command History Introduced in version 6.2.0.
2CSNXXX_SWUM204.book Page 1433 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.2.0.1 firmware.
2CSNXXX_SWUM204.book Page 1434 Monday, January 25, 2016 1:25 PM DHCP Server Commands Dell Networking N2000/N3000/N4000 Series Switches DHCP is based on the Bootstrap Protocol (BOOTP). It also captures the behavior of BOOTP relay agents and DHCP participants can inter operate with BOOTP participants. The host RFC’s standardize the configuration parameters which can be supplied by the DHCP server to the client.
2CSNXXX_SWUM204.book Page 1435 Monday, January 25, 2016 1:25 PM • Using DHCP a centralized management policy can be implemented as the DHCP server keeps information about all the subnets. This allows a system operator to update a single server when configuration changes take place.
2CSNXXX_SWUM204.book Page 1436 Monday, January 25, 2016 1:25 PM no ip dhcp pool [pool-name] • pool-name—The name of an existing or new DHCP address pool. The pool name can be up to 31 characters in length and can contain the following characters: a-z, A-Z, 0-9, ’-’, ’_’, ’ ’. Enclose the entire pool name in quotes if an embedded blank is to appear in the pool name. Default Configuration The command has no default configuration.
2CSNXXX_SWUM204.book Page 1437 Monday, January 25, 2016 1:25 PM • Client address lease time – lease Administrators may also configure manual bindings for clients using the host command in DHCP Pool Configuration mode. This is the most often used for DHCP clients for which the administrator wishes to reserve an ip address, for example a computer server or a printer. A DHCP pool can contain automatic or dynamic address assignments or a single static address assignment.
2CSNXXX_SWUM204.book Page 1438 Monday, January 25, 2016 1:25 PM bootfile Use the bootfile command in DHCP Pool Configuration mode to set the name of the image for the DHCP client to load. Use the no form of the command to remove the bootfile configuration. Use the show ip dhcp pool command to display pool configuration parameters. Syntax bootfile filename no bootfile • filename—The name of the file for the DHCP client to load. Default Configuration There is no default bootfile filename.
2CSNXXX_SWUM204.book Page 1439 Monday, January 25, 2016 1:25 PM Default Configuration The command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example console#clear ip dhcp binding 1.2.3.4 clear ip dhcp conflict Use the clear ip dhcp conflict command in Privileged Exec mode to remove DHCP server address conflicts. Use the show ip dhcp conflict command to display address conflicts detected by the DHCP server.
2CSNXXX_SWUM204.book Page 1440 Monday, January 25, 2016 1:25 PM client-identifier Use the client-identifier command in DHCP Pool Configuration mode to identify a Microsoft DHCP client to be manually assigned an address. Use the no form of the command to remove the client identifier configuration. Syntax client-identifier unique-identifier no client-identifier • unique-identifier—The identifier of the Microsoft DHCP client.
2CSNXXX_SWUM204.book Page 1441 Monday, January 25, 2016 1:25 PM Syntax client-name name no client-name • name—The name of the DHCP client. The client name is specified as up to 31 printable characters. Default Configuration There is no default client name. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters.
2CSNXXX_SWUM204.book Page 1442 Monday, January 25, 2016 1:25 PM • ip-address1—The IPv4 address of the first default router for the DHCP client. • ip-address2—The IPv4 address of the second default router for the DHCP client. Default Configuration No default router is configured. Command Mode DHCP Pool Configuration mode User Guidelines This command has no user guidelines. Example console(config-dhcp-pool)#default-router 192.168.22.1 192.168.23.
2CSNXXX_SWUM204.book Page 1443 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. domain-name (IP DHCP Pool Config) Use the domain-name command in IP DHCP Pool Configuration mode to set the DNS domain name which is provided to a DHCP client by the DHCP server. The DNS name is an alphanumeric string up to 255 characters in length. Use the no form of the command to remove the domain name. Syntax domain-name domain no domain-name domain • domain — DHCP domain name.
2CSNXXX_SWUM204.book Page 1444 Monday, January 25, 2016 1:25 PM Default Configuration There are no default MAC address manual bindings. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. It may be necessary to use the no host command prior to executing the no hardware-address command. Example console(config-dhcp-pool)#hardware-address 00:23:12:43:23:54 console(config-dhcp-pool)#host 192.168.21.
2CSNXXX_SWUM204.book Page 1445 Monday, January 25, 2016 1:25 PM User Guidelines Use the client-identifier or hardware-address command prior to using this command for an address pool. Use the show ip dhcp pool command to display pool configuration parameters. Example console(config-dhcp-pool)#client-identifier 00:23:12:43:23:54 console(config-dhcp-pool)#host 192.168.21.
2CSNXXX_SWUM204.book Page 1446 Monday, January 25, 2016 1:25 PM ip dhcp conflict logging Use the ip dhcp conflict logging command in Global Configuration mode to enable DHCP address conflict detection. Use the no form of the command to disable DHCP conflict logging. Syntax ip dhcp conflict logging no ip dhcp conflict logging Default Configuration Conflict logging is enabled by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 1447 Monday, January 25, 2016 1:25 PM • high-address—An IPv4 address indicating the ending range for exclusion from automatic DHCP address assignment. The high-address must be numerically greater than the low-address. Default Configuration By default, no IP addresses are excluded from the lists configured by the IP DHCP pool configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console#ip dhcp excluded-address 192.
2CSNXXX_SWUM204.book Page 1448 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console#ip dhcp ping packets 5 lease Use the lease command in DHCP Pool Configuration mode to set the period for which a dynamically assigned DHCP address is valid. Use the infinite parameter to indicate that addresses are to be automatically assigned. Use the no form of the command to return the lease configuration to the default.
2CSNXXX_SWUM204.book Page 1449 Monday, January 25, 2016 1:25 PM User Guidelines The Dell Networking DHCP server does not offer infinite duration DHCP leases. The maximum lease offered is 60 days, which corresponds to an "infinite" setting in the UI. Example The following examples sets a lease period of 1 day, 12 minutes and 59 seconds. console(config)#ip dhcp pool asd console(config-dhcp-pool)#network 10.0.0.0 255.0.0.
2CSNXXX_SWUM204.book Page 1450 Monday, January 25, 2016 1:25 PM User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. Up to eight name server addresses may be specified. The NetBIOS WINS information is conveyed in the Option 44 TLV of the DHCP OFFER, DCHP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages. Example console(config-dhcp-pool)#netbios-name-server 192.168.21.1 192.168.22.
2CSNXXX_SWUM204.book Page 1451 Monday, January 25, 2016 1:25 PM • hybrid (h-node) Example console(config-dhcp-pool)#netbios-node-type h-node network Use the network command in IP DHCP Pool Configuration mode to define a pool of IPv4 addresses for distributing to clients. Syntax network network-number [mask | prefix-length] • network-number—A valid IPv4 address • mask—A valid IPv4 network mask with contiguous left-aligned bits.
2CSNXXX_SWUM204.book Page 1452 Monday, January 25, 2016 1:25 PM Default Configuration There is no default IPv4 next server configured. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. The IPv4 address is conveyed in the SIADDR field of the DHCP OFFER, DHCP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages. Example console(config-dhcp-pool)#next-server 192.168.21.
2CSNXXX_SWUM204.book Page 1453 Monday, January 25, 2016 1:25 PM Default Configuration There is no default option configured. Command Mode DHCP Pool Configuration mode User Guidelines The option information must match the selected option type and length. Options cannot be longer than 255 characters in length. The option information is conveyed in the TLV specified by the code parameter in the DHCP OFFER, DHCP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages.
2CSNXXX_SWUM204.book Page 1454 Monday, January 25, 2016 1:25 PM Table 7-1 lists the other options that can be configured and their fixed length, minimum length, and length multiple requirements. Refer to the relevant documentation for the DHCP client to identify what information, if any, is accepted by the client for the options listed below. Table 7-1.
2CSNXXX_SWUM204.book Page 1455 Monday, January 25, 2016 1:25 PM Table 7-1.
2CSNXXX_SWUM204.book Page 1456 Monday, January 25, 2016 1:25 PM Table 7-1.
2CSNXXX_SWUM204.book Page 1457 Monday, January 25, 2016 1:25 PM service dhcp Use the service dhcp command in Global Configuration mode to enable the local IPv4 DHCP server on the switch. Use the no form of the command to disable the DHCPv4 service. Syntax service dhcp no service dhcp Default Configuration The service is disabled by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 1458 Monday, January 25, 2016 1:25 PM User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. The IPv4 address of the NTP server is conveyed in the Option 42 TLV of the DHCP OFFER, DHCP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages. Example console(config-dhcp-pool)#sntp 192.168.21.2 show ip dhcp binding Use the show ip dhcp binding command in Privileged Exec mode to display the configured DHCP bindings.
2CSNXXX_SWUM204.book Page 1459 Monday, January 25, 2016 1:25 PM show ip dhcp conflict Use the show ip dhcp conflict command in User Exec mode to display DHCP address conflicts for all relevant interfaces or a specified interface. If an interface is specified, the optional statistics parameter is available to view statistics for the specified interface. Syntax show ip dhcp conflict [address] • address—A valid IPv4 address for which the conflict information is desired.
2CSNXXX_SWUM204.book Page 1460 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example console#show ip dhcp server statistics show ip dhcp pool Use the show ip dhcp pool command in User Exec or Privileged Exec mode to display the configured DHCP pool or pools. If no pool name is specified, information about all pools is displayed. Syntax show ip dhcp pool [all | poolname] • poolname—Name of the pool.
2CSNXXX_SWUM204.book Page 1461 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show ip dhcp server statistics Automatic Bindings............................. 100 Expired Bindings............................... 32 Malformed Bindings............................. 0 Messages Received ------------------DHCP DISCOVER.................................. 132 DHCP REQUEST.......
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1463 Monday, January 25, 2016 1:25 PM Examples The following examples clears DHCPv6 statistics for VLAN 11. console#clear ipv6 dhcp interface vlan 11 statistics\ dns-server (IPv6 DHCP Pool Config) Use the dns-server command in IPv6 DHCP Pool Configuration mode to set the IPv6 DNS server address which is provided to a DHCPv6 client by the DHCPv6 server. DNS server address is configured for stateless server support.
2CSNXXX_SWUM204.book Page 1464 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode IPv6 DHCP Pool Configuration mode User Guidelines DHCPv6 pool can have multiple number of domain names with maximum of 8. Example The following example sets the DNS domain name "test", which is provided to a DHCPv6 client by the DHCPv6 server.
2CSNXXX_SWUM204.book Page 1465 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enters IPv6 DHCP Pool Configuration mode. console(config)#service dhcpv6 console(config)#ipv6 dhcp pool addrpool console(config-dhcp6s-pool)# ipv6 dhcp relay Use the ipv6 dhcp relay command in Interface Configuration mode to configure an interface for DHCPv6 relay functionality.
2CSNXXX_SWUM204.book Page 1466 Monday, January 25, 2016 1:25 PM User Guidelines The IPv6 DHCP service must be enabled to use this feature. Enable the IPv6 DHCP service using the service dhcpv6 command. If relay-address is an IPv6 global address, then relay-interface is not required. If relay-address is a linklocal or multicast address, then relay-interface is required.
2CSNXXX_SWUM204.book Page 1467 Monday, January 25, 2016 1:25 PM Default Configuration The default preference value is 20. Rapid commit is not enabled by default. Command Mode Interface Configuration (VLAN, Tunnel) mode User Guidelines This feature requires the IPv6 DHCP service. Enable the IPv6 DHCP service using the service dhcpv6 command.
2CSNXXX_SWUM204.book Page 1468 Monday, January 25, 2016 1:25 PM console(config-if-vlan10)# prefix-delegation Use the prefix-delegation command in IPv6 DHCP Pool Configuration mode to define multiple IPv6 prefixes within a pool for distributing to specific DHCPv6 Prefix delegation clients.
2CSNXXX_SWUM204.book Page 1469 Monday, January 25, 2016 1:25 PM Example The following example defines a Multiple IPv6 prefix and client DUID within a pool for distributing to specific DHCPv6 Prefix delegation clients.
2CSNXXX_SWUM204.book Page 1470 Monday, January 25, 2016 1:25 PM show ipv6 dhcp Use the show ipv6 dhcp command in Privileged Exec mode to display the DHCPv6 server name and status. Syntax show ipv6 dhcp Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes, Configuration mode and all Configuration submodes User Guidelines The DUID value of the server will only appear in the output when a DHCPv6 lease is active.
2CSNXXX_SWUM204.book Page 1471 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec and User Exec modes, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the configured DHCP pool based on the entered IPv6 address.
2CSNXXX_SWUM204.book Page 1472 Monday, January 25, 2016 1:25 PM Examples The following examples display DHCPv6 information for VLAN 11 when configured in relay mode. console> show ipv6 dhcp interface vlan 11 IPv6 Interface................................. Mode........................................... Relay Address.................................. Relay Interface Number......................... Relay Remote ID................................ Option Flags...................................
2CSNXXX_SWUM204.book Page 1473 Monday, January 25, 2016 1:25 PM • interface-id—Any valid IP interface. See Interface Naming Conventions for interface representation. Default Configuration This command has no default configuration. Command Mode Privileged Exec, Configuration mode and all Configuration submodes User Guidelines This command shows the DHCP status. Information displayed depends on the mode. The command output provides the following information for an interface configured in client mode.
2CSNXXX_SWUM204.book Page 1474 Monday, January 25, 2016 1:25 PM Term Description Preferred Lifetime The preferred life time (in seconds) of the IPv6 Address leased by the DHCPv6 Server. Valid Lifetime The valid life time (in seconds) of the IPv6 Address leased by the DHCPv6 Server. Renew Time The time remaining (in seconds) to send a DHCPv6 Renew request to DHCPv6 Server for the leased address. Expiry Time The time (in seconds) when the DHCPv6 leased address expires.
2CSNXXX_SWUM204.book Page 1475 Monday, January 25, 2016 1:25 PM IPv6 Interface................................. Mode........................................... Pool Name...................................... Server Preference.............................. Option Flags................................... Vl10 Server asd 20 console#show ipv6 dhcp interface vlan 10 statistics DHCPv6 Server Interface Vl10 Statistics DHCPv6 Solicit Packets Received................ DHCPv6 Request Packets Received...............
2CSNXXX_SWUM204.book Page 1476 Monday, January 25, 2016 1:25 PM show ipv6 dhcp pool Use the show ipv6 dhcp pool command in Privileged Exec mode to display the configured DHCP pool. Syntax show ipv6 dhcp pool poolname • poolname — Name of the pool. (Range: 1-32 characters) Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 1477 Monday, January 25, 2016 1:25 PM Command Mode User Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the DHCPv6 server name and status. console> show ipv6 dhcp statistics DHCPv6 Interface Global Statistics -----------------------------------DHCPv6 Solicit Packets Received................ DHCPv6 Request Packets Received................ DHCPv6 Confirm Packets Received.......
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1479 Monday, January 25, 2016 1:25 PM Command Modes User Exec, Privileged Exec User Guidelines This command has no user guidelines. Example (console) #clear ipv6 dhcp snooping binding clear ipv6 dhcp snooping statistics Use the clear ipv6 dhcp snooping statistics command to clear all IPv6 DHCP Snooping statistics. Syntax clear ipv6 dhcp snooping statistics Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1480 Monday, January 25, 2016 1:25 PM Syntax ipv6 dhcp snooping no ipv6 dhcp snooping Default Configuration By default, DHCP snooping is not enabled. Command Modes Global Configuration mode User Guidelines The DHCP snooping application processes incoming DHCP messages.
2CSNXXX_SWUM204.book Page 1481 Monday, January 25, 2016 1:25 PM Syntax ipv6 dhcp snooping vlan vlan-range no ipv6 dhcp snooping vlan-range • vlan-range —A single VLAN, one or more VLANs separated by commas, or two VLANs separated by a single dash indicating all VLANs between the first and second inclusive. Multiple VLAN identifiers can be entered provided that no embedded spaces are contained within the vlan-range. Default Configuration By default, DHCP snooping is not enabled on any VLANs.
2CSNXXX_SWUM204.book Page 1482 Monday, January 25, 2016 1:25 PM • mac-address—A valid mac address in standard format. • vlan-id —A configured VLAN id. (Range 1-4093) • ip-address—A valid IPv6 address. • interface-id—A valid physical interface ID in short or long format. • port-channel-number—A valid port channel identifier. Default Configuration By default, no static DHCP bindings are configured.
2CSNXXX_SWUM204.book Page 1483 Monday, January 25, 2016 1:25 PM User Guidelines The DHCP binding database is persistently stored on a configured external server or locally in flash, depending on the user configuration. A row-wise checksum is placed in the text file that is stored on the configured TFTP server. On switch startup, the switch reads the text file and uses the contents to build the DHCP snooping database.
2CSNXXX_SWUM204.book Page 1484 Monday, January 25, 2016 1:25 PM ipv6 dhcp snooping limit Use the ipv6 dhcp snooping limit command configures an interface to be diagnostically disabled if the rate of received DHCP messages exceeds the configured limit. Use the no shutdown command to reenable the interface. Use the no form of the command to disable diagnostic disabling of the interface.
2CSNXXX_SWUM204.book Page 1485 Monday, January 25, 2016 1:25 PM The administrator can configure the rate and burst interval. Rate limiting is configured independently on each physical interface and may be enabled on both trusted and untrusted interfaces. The rate limit is configurable in the range of 0-300 packets per second and the burst interval in the range of 1-15 seconds.
2CSNXXX_SWUM204.book Page 1486 Monday, January 25, 2016 1:25 PM ipv6 dhcp snooping trust Use the ipv6 dhcp snooping trust command to configure an interface as trusted. Use the no form of the command to return the interface to the default configuration. Syntax ipv6 dhcp snooping trust no ipv6 dhcp snooping trust Default Configuration By default, interfaces are untrusted.
2CSNXXX_SWUM204.book Page 1487 Monday, January 25, 2016 1:25 PM no ipv6 dhcp snooping verify mac-address Default Configuration By default, MAC address verification is not enabled. Command Modes Global Configuration mode User Guidelines DHCP MAC address verification operates on DHCP messages received over untrusted interfaces. The source MAC address of DHCP packet is different from the client hardware if: • A DHCP discovery/request broadcast packet that was forwarded by the relay agent.
2CSNXXX_SWUM204.book Page 1488 Monday, January 25, 2016 1:25 PM Syntax ipv6 verify binding mac-address vlan vlan-id ip-address interface interface id no ipv6 verify binding mac-address vlan vlan-id ip-address interface interface id • mac-address —A valid mac address in standard format. • vlan-id —A configured VLAN id. (Range 1-4093. • ip-address —A valid IPv6 address. • interface-id—A valid interface ID in short or long format.
2CSNXXX_SWUM204.book Page 1489 Monday, January 25, 2016 1:25 PM Default Configuration By default, no sources are blocked. Command Modes Interface Configuration mode (physical and port-channel) User Guidelines DHCP snooping should be enabled on any interfaces for which ipv6 verify source is configured. If ipv6 verify source is configured on an interface for which DHCP snooping is disabled, or for which DHCP snooping is enabled and the interface is trusted, incoming traffic on the interface is dropped.
2CSNXXX_SWUM204.book Page 1490 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 1491 Monday, January 25, 2016 1:25 PM Command Modes User Exec, Privileged Exec (all show modes) User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.book Page 1492 Monday, January 25, 2016 1:25 PM write-delay: 5000 show ipv6 dhcp snooping interfaces Use the show ipv6 dhcp snooping interfaces command to show the DHCP Snooping status of IPv6 interfaces. Syntax show ipv6 dhcp snooping interfaces [interface id] • interface id—A valid physical interface. Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 1493 Monday, January 25, 2016 1:25 PM Syntax show ipv6 dhcp snooping statistics Default Configuration This command has no default configuration. Command Modes User Exec, Privileged Exec (all show modes) User Guidelines The following statistics are displayed. Parameter Description MAC Verify Failures The number of DHCP messages that got filtered on an untrusted interface because of the source MAC address and client hardware address mismatch.
2CSNXXX_SWUM204.book Page 1494 Monday, January 25, 2016 1:25 PM show ipv6 source binding Use the show ipv6 source binding command to display the IPv6 Source Guard configurations on all ports, on an individual port, or on a VLAN. Syntax show ipv6 source binding [{dhcp-snooping | static}] [interface interface-id] [vlan vlan-id] • dhcp-snooping — Displays the DHCP snooping bindings. • static —Displays the statically configured bindings. Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1495 Monday, January 25, 2016 1:25 PM Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 1496 Monday, January 25, 2016 1:25 PM Syntax show ipv6 verify source Default Configuration There is no default configuration for this command. Command Modes User Exec, Privileged Exec (all show modes) User Guidelines If MAC address filtering is not configured on the interface, the MAC Address field is empty. If port security is disabled on the interface, the MAC Address field displays permit-all.
2CSNXXX_SWUM204.book Page 1497 Monday, January 25, 2016 1:25 PM DVMRP Commands Dell Networking N3000/N4000 Series Switches Distance Vector Multicast Routing Protocol (DVMRP) is a dense mode multicast protocol and is most appropriate for use in networks where bandwidth is relatively plentiful and there is at least one multicast group member in each subnet. DVMRP assumes that all hosts are part of a multicast group until it is informed of multicast group changes.
2CSNXXX_SWUM204.book Page 1498 Monday, January 25, 2016 1:25 PM Default Configuration Disabled is the default configuration. Command Mode Global Configuration Interface Configuration (VLAN) mode User Guidelines PIM must be disabled before DVMRP can be enabled. Example The following example sets VLAN 15’s administrative mode of DVMRP to active.
2CSNXXX_SWUM204.book Page 1499 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example The following example configures a metric of 5 for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip dvmrp metric 5 show ip dvmrp Use the show ip dvmrp command in Privileged Exec mode to display the system-wide information for DVMRP. Syntax show ip dvmrp Default Configuration This command has no default condition.
2CSNXXX_SWUM204.book Page 1500 Monday, January 25, 2016 1:25 PM show ip dvmrp interface Use the show ip dvmrp interface command in Privileged Exec mode to display the interface information for DVMRP on the specified interface. Syntax show ip dvmrp interface vlan vlan-id • vlan-id — Valid VLAN ID. Default Configuration This command has no default condition. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 1501 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the neighbor information for DVMRP. console(config)#show ip dvmrp neighbor No neighbors available.
2CSNXXX_SWUM204.book Page 1502 Monday, January 25, 2016 1:25 PM show ip dvmrp prune Use the show ip dvmrp prune command in Privileged Exec mode to display the table that lists the router’s upstream prune information. Syntax show ip dvmrp prune Default Configuration This command has no default condition. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 1503 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the multicast routing information for DVMRP.
2CSNXXX_SWUM204.book Page 1504 Monday, January 25, 2016 1:25 PM GMRP Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches The GARP Multicast Registration Protocol (GMRP) provides a mechanism that allows networking devices to dynamically register (and deregister) Group membership information with the MAC networking devices attached to the same segment, and for that information to be disseminated across all networking devices in the bridged LAN that support Extended Filtering Services.
2CSNXXX_SWUM204.book Page 1505 Monday, January 25, 2016 1:25 PM entries created by GMRP ensures that frames are not transmitted on LAN segments which neither have registered GMRP participants nor are in the path through the active topology between the sources of the frames and the registered group members. NOTE: This feature is not available on the N3000 when loaded with the AGGREGATION ROUTER enabled firmware (e.g., N3000_BGPvA.B.C.D.stk).
2CSNXXX_SWUM204.book Page 1506 Monday, January 25, 2016 1:25 PM console(config)#gmrp enable clear gmrp statistics Use the clear gmrp statistics command in Privileged Exec mode to clear all the GMRO statistics information. Syntax clear gmrp statistics [{gigabitethernet unit/slot/port | port-channel portchannel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1507 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration and Interface Configuration modes User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 1508 Monday, January 25, 2016 1:25 PM IGMP Commands Dell Networking N3000/N4000 Series Switches The Dell Network N1500/N2000 Series switches support limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. Internet Group Management Protocol (IGMP) is the multicast group membership discovery protocol used for IPv4 multicast groups. Three versions of IGMP exist.
2CSNXXX_SWUM204.book Page 1509 Monday, January 25, 2016 1:25 PM IGMPv2 introduced a Leave Group message, which is sent by a host when it leaves a multicast group for which it was the last host to send an IGMP Report message. Receipt of this message causes the Querier possibly to reduce the remaining lifetime of its state for the group, and to send a groupspecific IGMP Query message to the multicast group.
2CSNXXX_SWUM204.book Page 1510 Monday, January 25, 2016 1:25 PM Syntax ip igmp last-member-query-count Imqc no ip igmp last-member-query-count • Imqc — Query count. (Range: 1-20) Default Configuration The default last member query count is 2. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets 10 as the number of VLAN 2 Group-Specific Queries.
2CSNXXX_SWUM204.book Page 1511 Monday, January 25, 2016 1:25 PM Default Configuration The default Maximum Response Time value is ten (in tenths of a second). Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example configures 2 seconds as the Maximum Response Time inserted in VLAN 15’s Group-Specific Queries.
2CSNXXX_SWUM204.book Page 1512 Monday, January 25, 2016 1:25 PM Default Configuration Disabled is the default state. Command Mode Interface VLAN Configuration mode User Guidelines IGMP is enabled when ip pim sparse-mode, ip pim dense-mode, ip dvmrp, or ip igmp-proxy are enabled. A multicast routing protocol (e.g. PIM) should be enabled whenever IGMP is enabled. L3 IP multicast must be enabled for IGMP to operate. Example The following example globally enables IGMP the IGMP proxy service on VLAN 1.
2CSNXXX_SWUM204.book Page 1513 Monday, January 25, 2016 1:25 PM Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example configures a 10-second query interval for VLAN 15.
2CSNXXX_SWUM204.book Page 1514 Monday, January 25, 2016 1:25 PM console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp query-max-response-time 10 ip igmp robustness Use the ip igmp robustness command in Interface VLAN Configuration mode to configure the robustness that allows tuning of the interface, that is, tuning for the expected packet loss on a subnet. If a subnet is expected to have significant loss, the robustness variable may be increased for the interface.
2CSNXXX_SWUM204.book Page 1515 Monday, January 25, 2016 1:25 PM Syntax ip igmp startup-query-count count no ip igmp startup-query-count • count — The number of startup queries. (Range: 1-20) Default Configuration The default count value is 2. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets for VLAN 15 the number of queries sent out on startup at 10.
2CSNXXX_SWUM204.book Page 1516 Monday, January 25, 2016 1:25 PM Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets at 10 seconds the interval between general queries sent at startup for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp startup-query-interval 10 ip igmp version Use the ip igmp version command in Interface Configuration mode to configure the version of IGMP for an interface.
2CSNXXX_SWUM204.book Page 1517 Monday, January 25, 2016 1:25 PM show ip igmp Use the show ip igmp command in Privileged Exec mode to display systemwide IGMP information. Syntax show ip igmp Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays system-wide IGMP information. console#show ip igmp IGMP Admin Mode........
2CSNXXX_SWUM204.book Page 1518 Monday, January 25, 2016 1:25 PM • interface-type interface-number—Interface type of VLAN and a valid VLAN ID Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the registered multicast groups for VLAN 1.
2CSNXXX_SWUM204.book Page 1519 Monday, January 25, 2016 1:25 PM Command Mode User Exec, Privileged Exec modes, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays IGMP information for VLAN 11. console#show ip igmp vlan 11 Interface..................................... 11 IGMP Admin Mode............................... Enable Interface Mode................................ Enable IGMP Version...........................
2CSNXXX_SWUM204.book Page 1520 Monday, January 25, 2016 1:25 PM Command Mode User Exec, Privileged Exec modes, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples The following examples display the list of interfaces that have registered in the multicast group at IP address 224.5.5.5, the latter in detail mode. console#show ip igmp interface membership 224.5.5.5 console(config)#show ip igmp interface membership 224.5.5.
2CSNXXX_SWUM204.book Page 1521 Monday, January 25, 2016 1:25 PM console#show ip igmp interface stats vlan 7 Querier Status............................... Querier Querier IP Address........................... 7.7.7.7 Querier Up Time (secs)...................... 55372 Querier Expiry Time (secs).................. 0 Wrong Version Queries........................ 0 Number of Joins.............................. 7 Number of Groups.............................
2CSNXXX_SWUM204.book Page 1522 Monday, January 25, 2016 1:25 PM IGMP Proxy Commands Dell Networking N3000/N4000 Series Switches IGMP Proxy is used by the router on IPv4 systems to enable the system to issue IGMP host messages on behalf of hosts that the system discovered through standard IGMP router interfaces, thus acting as proxy to all its hosts residing on its router interfaces. Dell Networking supports IGMP Version 3, Version 2 and Version 1.
2CSNXXX_SWUM204.book Page 1523 Monday, January 25, 2016 1:25 PM no ip igmp proxy-service Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN) mode User Guidelines This command enables IGMP proxy on the VLAN interface. Use this command to enable sending of IGMP messages received on interfaces configured with the ip igmp mroute-proxy command to an attached multicast router. PIM and DVMRP are not compatible with IGMP proxy.
2CSNXXX_SWUM204.book Page 1524 Monday, January 25, 2016 1:25 PM Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example resets the host interface status parameters of the IGMP Proxy router.
2CSNXXX_SWUM204.book Page 1525 Monday, January 25, 2016 1:25 PM console(config-if-vlan15)#ip igmp proxy-service unsolicit-rpt-interval 10 show ip igmp proxy-service Use the show ip igmp proxy-service command in Privileged Exec mode to display a summary of the host interface status parameters. It displays status parameters only when IGMP Proxy is enabled. Syntax show ip igmp proxy-service Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1526 Monday, January 25, 2016 1:25 PM show ip igmp proxy-service interface Use the show ip igmp proxy-service interface command in Privileged Exec mode to display a detailed list of the host interface status parameters. It displays status parameters only when IGMP Proxy is enabled. Syntax show ip igmp proxy-service interface Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1527 Monday, January 25, 2016 1:25 PM Syntax show ip igmp proxy-service groups Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example attempts to display a table of information about multicast groups that IGMP Proxy reported. console#show ip igmp proxy-service groups Interface Index....................
2CSNXXX_SWUM204.book Page 1528 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays complete information about multicast groups that IGMP Proxy has reported. console#show ip igmp proxy-service groups detail Interface Index................................
2CSNXXX_SWUM204.book Page 1529 Monday, January 25, 2016 1:25 PM IP Helper/DHCP Relay Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches The IP Helper feature provides the ability for a router to forward configured UDP broadcast packets to a particular IP address. This allows applications to reach servers on non-local subnets.
2CSNXXX_SWUM204.book Page 1530 Monday, January 25, 2016 1:25 PM Protocol UDP Port Number NetBIOS Name Server 137 NetBIOS Datagram Server 138 TACACS Server 49 Time Service 37 DHCP 67 Trivial File Transfer Protocol 69 Certain pre-existing DHCP relay options do not apply to relay of other protocols. These options are unchanged from prior releases. The user may optionally set a DHCP maximum hop count or minimum wait time. The relay agent relays DHCP packets in both directions.
2CSNXXX_SWUM204.book Page 1531 Monday, January 25, 2016 1:25 PM • The destination UDP port must match a configured relay entry. DHCP relay cannot be enabled and disabled globally. IP helper can be enabled or disabled globally. Enabling IP helper enables DHCP relay.
2CSNXXX_SWUM204.book Page 1532 Monday, January 25, 2016 1:25 PM User Guidelines Enable DHCP Relay using the ip helper enable command. When in Virtual Router Configuration mode, this command operates within the context of the virtual router instance. When in Global Configuration mode, the command operates on the global router instance. Virtual Router Configuration mode is only available on the N3000/N4000 switches. Example The following example defines a maximum hopcount of 6.
2CSNXXX_SWUM204.book Page 1533 Monday, January 25, 2016 1:25 PM When in Virtual Router Configuration mode, this command operates within the context of the virtual router instance. When in Global Configuration mode, the command operates on the global router instance. Virtual Router Configuration mode is only available on the N3000/N4000 switches. Example The following example defines a minimum wait time of 10 seconds.
2CSNXXX_SWUM204.book Page 1534 Monday, January 25, 2016 1:25 PM ip dhcp relay information check Use the ip dhcp relay information check command to enable DHCP Relay to check that the relay agent information option in forwarded BOOTREPLY messages is valid. If an invalid message is received, the relay agent drops it. This information check will take effect, though enabled, only when the relay agent interface is enabled to insert the suboptions.
2CSNXXX_SWUM204.book Page 1535 Monday, January 25, 2016 1:25 PM ip dhcp relay information check-reply Use the ip dhcp relay information check-reply command to enable DHCP Relay to check that the relay agent information option in forwarded BOOTREPLY messages is valid. If an invalid message is received, the relay agent drops it. This information check will take effect, though enabled, only when the relay agent interface is enabled to insert the suboptions.
2CSNXXX_SWUM204.book Page 1536 Monday, January 25, 2016 1:25 PM ip dhcp relay information option Use the ip dhcp relay information option command in Global Configuration mode to enable the circuit ID option and remote agent ID mode for BootP/DHCP Relay on the system (also called option 82). Use the no form of the command to disable the circuit ID option and remote agent ID mode for BootP/DHCP Relay.
2CSNXXX_SWUM204.book Page 1537 Monday, January 25, 2016 1:25 PM ip dhcp relay information option-insert Use the ip dhcp relay information option-insert command in Interface Configuration mode to enable the circuit ID option and remote agent ID mode for BootP/DHCP Relay on the interface (also called option 82). Use the no form of the command to return the option insert configuration to the default.
2CSNXXX_SWUM204.book Page 1538 Monday, January 25, 2016 1:25 PM ip helper-address (global configuration) Use the ip helper-address (global configuration) command to configure the relay of certain UDP broadcast packets received on any interface. To delete an IP helper entry, use the no form of this command.
2CSNXXX_SWUM204.book Page 1539 Monday, January 25, 2016 1:25 PM The command no ip helper-address with no arguments clears all global IP helper addresses. When in Virtual Router Configuration mode, this command operates within the context of the virtual router instance. When in Global Configuration mode, the command operates on the global router instance. Virtual Router Configuration mode is only available on the N3000/N4000 switches.
2CSNXXX_SWUM204.book Page 1540 Monday, January 25, 2016 1:25 PM • discard — Matching packets should be discarded rather than relayed, even if a global ip helper-address configuration matches the packet. • dest-udp-port — A destination UDP port number from 0 to 65535. • port-name — The destination UDP port may be optionally specified by its name. Whether a port is specified by its number or its name has no effect on behavior.
2CSNXXX_SWUM204.book Page 1541 Monday, January 25, 2016 1:25 PM This command takes precedence over an ip helper-address command given in global configuration mode. With the following configuration, the relay agent relays DHCP packets received on any interface other than VLAN 5 and VLAN 6 to 192.168.40.1, relays DHCP and DNS packets received on VLAN 5 to 192.168.40.2, relays SNMP traps (port 162) received on interface VLAN 6 to 192.168.23.
2CSNXXX_SWUM204.book Page 1542 Monday, January 25, 2016 1:25 PM When in Virtual Router Configuration mode, this command operates within the context of the virtual router instance. When in Global Configuration mode, the command operates on the global router instance. Virtual Router Configuration mode is only available on the N3000/N4000 switches. Example console(config)#ip helper enable show ip helper-address Use the show ip helper-address command to display the IP helper address configuration.
2CSNXXX_SWUM204.book Page 1543 Monday, January 25, 2016 1:25 PM Field Description Interface The relay configuration is applied to packets that arrive on this interface. This field is set to “any” for global IP helper entries. UDP Port The relay configuration is applied to packets whose destination UDP port is this port. Entries whose UDP port is identified as “any” are applied to packets with the destination UDP ports listed in Table 7-2.
2CSNXXX_SWUM204.book Page 1544 Monday, January 25, 2016 1:25 PM Default Configuration The command has no default configuration. Command Mode User Exec and Privileged Exec modes, Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000/N4000 series switches. Example The following example defines the Boot/DHCP Relay information.
2CSNXXX_SWUM204.book Page 1545 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000/N4000 series switches. The following information is displayed. Field Description DHCP client messages received The number of valid messages received from a DHCP client.
2CSNXXX_SWUM204.book Page 1546 Monday, January 25, 2016 1:25 PM DHCP message with secs field below min The number of DHCP client messages received with secs fields that are less than the minimum value. The minimum secs value is a configurable value and is displayed in show ip dhcp relay. A log message is written for each such failure. The DHCP relay agent does not relay these packets.
2CSNXXX_SWUM204.book Page 1547 Monday, January 25, 2016 1:25 PM IP Routing Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches The Dell Network N1500/N2000 series supports limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. Dell Networking routing provides the base Layer 3 support for Local Area Network (LAN) and Wide Area Network (WAN) environments.
2CSNXXX_SWUM204.book Page 1548 Monday, January 25, 2016 1:25 PM The addition of a preference option has a side benefit. The preference option allows the operator to control the preference of individual static routes relative to routes learned from other sources (such as OSPF). When routes from different sources have the same preference, Dell Networking routing prefers a static route over a dynamic route.
2CSNXXX_SWUM204.book Page 1549 Monday, January 25, 2016 1:25 PM ip route distance set ip next-hop show ip vlan ip routing set ip precedence show route-map – – show routing heap summary encapsulation Use the encapsulation command in Interface Configuration (VLAN) mode to configure the Link Layer encapsulation type for the packet. Routed frames are always Ethernet-encapsulated when a frame is routed to a VLAN. Syntax encapsulation {ethernet | snap} • ethernet — Specifies Ethernet encapsulation.
2CSNXXX_SWUM204.book Page 1550 Monday, January 25, 2016 1:25 PM configuration method to none. The no ip address command clears the currently assigned IPv4 address sets the IP address configuration method to the default (whatever the default is). Use the show ip interface command to display the configured IP addresses. Syntax ip address ip-address {subnet-mask | prefix-length} [secondary] no ip address ip-address {subnet-mask | prefix-length} [secondary] • ip-address — IP address of the interface.
2CSNXXX_SWUM204.book Page 1551 Monday, January 25, 2016 1:25 PM Example The following example defines the IP address and subnet mask for VLAN 15 and enables the VLAN for routing. console(config)#interface vlan 15 console(config-if-vlan15)#ip address 192.168.10.10 255.255.255.0 ip icmp echo-reply Use the ip icmp echo-reply command to enable or disable the generation of ICMP Echo Reply messages. Use the no form of this command to prevent the generation of ICMP Echo Replies.
2CSNXXX_SWUM204.book Page 1552 Monday, January 25, 2016 1:25 PM ip icmp error-interval Use the ip icmp error-interval command to limit the rate at which IPv4 ICMP error messages are sent. The rate limit is configured as a token bucket with two configurable parameters: Burst-size and burst-interval. To disable ICMP rate limiting, set burst-interval to zero. Use the no form of this command to return burst-interval and burst-size to their default values.
2CSNXXX_SWUM204.book Page 1553 Monday, January 25, 2016 1:25 PM ip netdirbcast Use the ip netdirbcast command in Interface Configuration mode to enable the forwarding of network-directed broadcasts. When enabled, network directed broadcasts are forwarded. When disabled they are dropped. Use the no form of the command to disable the broadcasts. Syntax ip netdirbcast no ip netdirbcast Default Configuration Disabled is the default configuration.
2CSNXXX_SWUM204.book Page 1554 Monday, January 25, 2016 1:25 PM Default Configuration No route maps are configured by default. Command Mode Interface Configuration (VLAN) mode User Guidelines Policy-based routing must be configured on the VLAN interface that receives the packets, not on the VLAN interface from which the packets are sent. Packets matching a deny route map are routed using the routing table. Policy maps with no set clause are ignored. When a route-map applied on an interface is changed, i.
2CSNXXX_SWUM204.book Page 1555 Monday, January 25, 2016 1:25 PM Route-maps and Diffserv cannot operate on the same interface due to allocation of conflicting resources. An error is thrown to user if when configuring a route-map on an interface on which diffserv has been previously configured. When a route map is configured on a VLAN interface and a Diffserv policy is applied on any individual member port of the same VLAN interface, the port policy (Diffserv) takes priority over the VLAN (route map)policy.
2CSNXXX_SWUM204.book Page 1556 Monday, January 25, 2016 1:25 PM Virtual Router Configuration mode is only available on the N3000/N4000 switches. Example console(config-if-vlan10)#ip redirects ip route Use the ip route command in Global Configuration mode to configure a static route. Use the no form of the command to delete the static route.
2CSNXXX_SWUM204.book Page 1557 Monday, January 25, 2016 1:25 PM • text—A textual name for the route as configured by the administrator. May be up to 32 characters in length. Default Configuration Default value of preference is 1. The router will prefer a route with a smaller administrative distance that a route with a higher administrative distance. Command Mode Global Configuration mode User Guidelines The IP route command sets a value for the route preference.
2CSNXXX_SWUM204.book Page 1558 Monday, January 25, 2016 1:25 PM Only IPv4 routes are supported with the vrf parameter. Adding a static route with a Null 0 next hop specified configures a routing black hole (a static reject route). Packets destined to that prefix are dropped. If an interface for the next hop is specified, it may be a numbered or unnumbered interface. A static route entry is only installed if the next hop IP address matches one of the local subnets (i.e., the next hop is reachable).
2CSNXXX_SWUM204.book Page 1559 Monday, January 25, 2016 1:25 PM interface Gi1/0/1 switchport mode trunk switchport access vlan 10 exit ! interface loopback 0 ip vrf forwarding red-1 ip address 1.1.1.1 255.255.255.255 exit Route Leaking Example 2 Subnetwork 9.0.0.0/24 is a directly connected subnetwork on VLAN 10 in the default routing table. Subnet 8.0.0.0/24 is a directly connected subnetwork in VLAN 30 in virtual router Red. Subnet 66.6.6.x is reachable via VLAN 30 in vrf Red.
2CSNXXX_SWUM204.book Page 1560 Monday, January 25, 2016 1:25 PM ip route 0.0.0.0 0.0.0.0 9.0.0.2 253 ip route vrf Red 9.0.0.0 255.255.255.0 Vl10 ip route vrf Red 66.6.6.0 255.255.255.0 8.0.0.
2CSNXXX_SWUM204.book Page 1561 Monday, January 25, 2016 1:25 PM ip route default Use the ip route default command in Global Configuration mode to configure the next hop address of the default route. Use the no form of the command to delete the default route. Use of the optional VRF parameter executes the command within the context of the VRF specific routing table.
2CSNXXX_SWUM204.book Page 1562 Monday, January 25, 2016 1:25 PM Using this command, the administrator may manually configure a single, global default gateway. The switch installs a default route for a configured default gateway with a preference of 253, making it more preferred than the default gateways learned via DHCP, but less preferred than a static default route. The preference of these routes is not configurable.
2CSNXXX_SWUM204.book Page 1563 Monday, January 25, 2016 1:25 PM no ip route distance integer • vrf-name—The name of the VRF associated with the routing table context used by the command. If no vrf is specified, the global routing table context is used. • integer — Specifies the distance (preference) of an individual static route. (Range 1-255) Default Configuration Default value of distance is 1.
2CSNXXX_SWUM204.book Page 1564 Monday, January 25, 2016 1:25 PM Default Configuration Disabled is the default configuration. Command Mode Global Configuration mode, Virtual Router Configuration mode User Guidelines Use the show ip brief command to determine if routing is enabled or disabled. When in virtual router configuration mode, this command operates within the context of the virtual router instance. When in global config mode, the command operates on the global router instance.
2CSNXXX_SWUM204.book Page 1565 Monday, January 25, 2016 1:25 PM User Guidelines IP unnumbered interfaces are supported in the default VRF only. The interface should be configured as able to borrow an IP address, i.e. a routing interface with no IP address. The loopback interface is the numbered interface providing the borrowed address. The providing loopback interface cannot be unnumbered. The loopback interface is identified by its loopback interface number.
2CSNXXX_SWUM204.book Page 1566 Monday, January 25, 2016 1:25 PM Syntax ip unnumbered gratuitous-arp accept no ip unnumbered gratuitous-arp accept Default Configuration The default mode is accept. Command Mode Interface (VLAN) Configuration User Guidelines IP unnumbered interfaces are supported in the default VRF only. The interface should be configured as able to borrow an IP address, i.e. a routing interface with no IP address.
2CSNXXX_SWUM204.book Page 1567 Monday, January 25, 2016 1:25 PM Default Configuration ICMP Destination Unreachable messages are enabled. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config-if-vlan10)#ip unreachables match ip address Use this command to specify IP address match criteria for a route map. Use the no form of this command to delete a match statement from a route map.
2CSNXXX_SWUM204.book Page 1568 Monday, January 25, 2016 1:25 PM Actions in the IP ACL configuration are applied with other actions present in the route-map. If an IP ACL referenced by a route-map is removed or rules are added or deleted from the ACL, the configuration is rejected.. If a list of IP access lists is specified in this command and a packet matches at least one of these access list match criteria, the corresponding set of actions in the route map are applied to the packet.
2CSNXXX_SWUM204.book Page 1569 Monday, January 25, 2016 1:25 PM console(config)#route-map equal-access permit 10 console(config-route-map)#match ip address R1 console(config-route-map)#set ip default next-hop 192.168.6.6 console(config-route-map)#exit console(config)#route-map equal-access permit 20 console(config-route-map)#match ip address R2 console(config-route-map)#set ip default next-hop 172.16.7.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1571 Monday, January 25, 2016 1:25 PM • min—Specifies the minimum Layer 3 length for the packet, inclusive, allowing for a match. • max—Specifies the maximum Layer 3 length for the packet, inclusive, allowing for a match. Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 1572 Monday, January 25, 2016 1:25 PM Command Mode Route Map mode User Guidelines The MAC ACL must be configured before it is linked to a route map. Trying to link to an unconfigured MAC ACL causes an error. Actions in the MAC ACL configuration are applied with other actions configured in the route map. When a MAC ACL referenced by a route map is removed, the route map rule is also removed.
2CSNXXX_SWUM204.book Page 1573 Monday, January 25, 2016 1:25 PM Default Configuration No route maps are configured by default. If no permit or deny tag is specified, permit is the default. Command Mode Global Configuration mode User Guidelines Apply an ACL rule on the VLAN interface to perform policy based routing based on the VLAN ID as a matching criteria for incoming packets. Packets matching a deny rule or a deny route-map are routed using the routing table.
2CSNXXX_SWUM204.book Page 1574 Monday, January 25, 2016 1:25 PM console(config-route-map)# match ip address prefix-list redist-pl console(config-route-map)# exit console(config) router bgp 1 console(Config-router) redistribute ospf route-map redist-rm set interface null0 Use this command to drop a packet instead of reverting to normal routing for packets that do not match the route map criteria.
2CSNXXX_SWUM204.book Page 1575 Monday, January 25, 2016 1:25 PM Example console(config-route-map)#set interface null0 set ip default next-hop Use this route map clause to override default entries in the routing table. Packets that can routed by an active explicit route in the routing table are not affected by this clause. Use this command to set a list of default next-hop IP addresses to be used if no explicit route for the packet’s destination address appears in the routing table.
2CSNXXX_SWUM204.book Page 1576 Monday, January 25, 2016 1:25 PM set ip next-hop Use this command to specify an adjacent next-hop router in the path toward the destination to which the packets should be forwarded. If more than one IP address is specified, the first IP address associated with a link up interface is used to route the packets. Use the no form of this command to remove a set command from a route map.
2CSNXXX_SWUM204.book Page 1577 Monday, January 25, 2016 1:25 PM set ip precedence Use this command to set the three IP precedence bits in the IP packet header on ingress. Values 0 through 7 are supported. This precedence value may be used by other QoS services in the switch such as weighted fair queuing (WFQ) or weighted random early detection (WRED). Use the no form of this command to remove a set clause from a route map. Syntax set ip precedence 0-7 no set ip precedence • 0—Sets the routine precedence.
2CSNXXX_SWUM204.book Page 1578 Monday, January 25, 2016 1:25 PM show ip brief Use the show ip brief command in Privileged EXEC mode to display all the summary information of the IP. Syntax show ip brief [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1579 Monday, January 25, 2016 1:25 PM Syntax show ip interface [vrf vrf-name] [type number] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. • type—Interface type (loopback, out-of-band, or VLAN) • number—Interface number. Valid only for loopback and VLAN types. Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1580 Monday, January 25, 2016 1:25 PM Vl2 Up unnumbered -->loopback 2 N/A console# console#show ip interface vlan 1 Routing interface status....................... Unnumbered - numbered interface................ Unnumbered - gratuitous ARP accept............. Method......................................... Routing Mode................................... Administrative Mode............................ Forward Net Directed Broadcasts................ Proxy ARP....................
2CSNXXX_SWUM204.book Page 1581 Monday, January 25, 2016 1:25 PM Example console#show ip policy Interface Gi1/0/24 Route map pbr-rmap show ip protocols Use the show ip protocols command in Privileged EXEC mode to display a summary of the configuration and status for each unicast routing protocol. The command lists all supported routing protocols, regardless of whether they are currently configured or enabled.
2CSNXXX_SWUM204.book Page 1582 Monday, January 25, 2016 1:25 PM Parameter Description BGP Admin Mode Whether BGP is globally enabled or disabled. Maximum Paths The maximum number of next hops in an internal or external BGP route. Distance The default administrative distance (or route preference) for external, internal, and locally-originated BGP routes.
2CSNXXX_SWUM204.book Page 1583 Monday, January 25, 2016 1:25 PM Parameter Description Metric Type The metric type to advertise for redistributed routes of this type. Redist Source The type of routes OSPF is redistributing. Metric The metric to advertise for redistributed routes of this type. Metric Type The metric type to advertise for redistributed routes of this type. Subnets Whether OSPF redistributes subnets of classful addresses, or only classful prefixes.
2CSNXXX_SWUM204.book Page 1584 Monday, January 25, 2016 1:25 PM Router ID................................. Local AS Number........................... BGP Admin Mode............................ Maximum Paths............................. 6.6.6.6 65001 Enable Internal 32, External 32 Distance.................................. Ext 20 Int 200 Local 200 Address Wildcard Distance Pfx List ---------------------------172.20.0.0 0.0.255.255 40 None 172.21.0.0 0.0.255.255 45 1 Prefix List In........................
2CSNXXX_SWUM204.book Page 1585 Monday, January 25, 2016 1:25 PM ABR Status................................ Yes ASBR Status............................... Yes Routing Protocol.......................... RIP Admin Mode............................ Split Horizon Mode........................ Default Metric............................ Default Route Advertise................... Distance..................................
2CSNXXX_SWUM204.book Page 1586 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes, Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000/N4000 series switches. If the subnet mask is specified, then only routes with an exact match are displayed.
2CSNXXX_SWUM204.book Page 1587 Monday, January 25, 2016 1:25 PM S U S U 6.1.0.6/32 [0/0] via Vl20 6.2.0.6/32 [0/0] via Vl20 show ip route static Use the show ip route static command in Privileged EXEC mode to display the statically configured routes, whether or not they are reachable. Syntax show ip route static [name] Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1588 Monday, January 25, 2016 1:25 PM show ip route preferences Use the show ip route preferences command in Privileged EXEC mode displays detailed information about the route preferences. Route preferences are used in determining the best route. Lower router preference values are preferred over higher router preference values. The user can configure a global default gateway using the ip default-gateway command, creating a default route with a preference of 253.
2CSNXXX_SWUM204.book Page 1589 Monday, January 25, 2016 1:25 PM show ip route summary Use the show ip route summary command in Privileged EXEC mode to display the routing table summary, including best and non-best routes. Syntax show ip route summary [best] • best—Shows the number of best routes. To include the count of all routes, do not use this optional parameter. Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1590 Monday, January 25, 2016 1:25 PM show ip traffic Use the show ip traffic command in User EXEC mode to display IP statistical information of the software IP stack. Refer to RFC 1213 for more information about the fields that are displayed. Syntax show ip traffic [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown.
2CSNXXX_SWUM204.book Page 1591 Monday, January 25, 2016 1:25 PM IpOutDiscards.................................. IpOutNoRoutes.................................. IpReasmTimeout................................. IpReasmReqds................................... IpReasmOKs..................................... IpReasmFails................................... IpFragOKs...................................... IpFragFails.................................... IpFragCreates..................................
2CSNXXX_SWUM204.book Page 1592 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays VLAN routing information. console#show ip vlan MAC Address used by Routing VLANs: 00:00:00:01:00:02 VLAN ID IP Address Subnet Mask ------- --------------- --------------10 0.0.0.0 0.0.0.0 20 0.0.0.0 0.
2CSNXXX_SWUM204.book Page 1593 Monday, January 25, 2016 1:25 PM Example For each route map, the match count is shown in terms of number of packets and number of bytes. This counter displays the match count in packets and bytes when a route map is applied. When a route map is created/removed from interface, this count is shown as zero.
2CSNXXX_SWUM204.book Page 1594 Monday, January 25, 2016 1:25 PM Policy routing matches: 5387983 packets, 344831232 bytes route-map simplest permit 20 Match clauses: ip address (access-lists) : 1 Set clauses: ip default next-hop 4.4.4.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1596 Monday, January 25, 2016 1:25 PM Parameter Description Memory on Free List The number of bytes currently on the free list. When a chunk of memory from the routing heap is freed, it is placed on a free list for future reuse. Memory Available in The number of bytes in the original heap that have never been Heap allocated. In Use High Water Mark The maximum memory in use since the system last rebooted.
2CSNXXX_SWUM204.book Page 1597 Monday, January 25, 2016 1:25 PM IPv6 Routing Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches The Dell Network N1500/N2000 series supports limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. The IPv6 version of the routing table manager provides a repository for IPv6 routes learned by dynamic routing protocols or static configuration.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1599 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example The following example clears all entries in the IPv6 neighbor table. console(config)#clear ipv6 neighbors clear ipv6 statistics Use the clear ipv6 statistics command in Privileged Exec mode to clear IPv6 statistics for all interfaces or for a specific interface, including loopback and tunnel interfaces. IPv6 statistics display in the output of the show ipv6 traffic command.
2CSNXXX_SWUM204.book Page 1600 Monday, January 25, 2016 1:25 PM ipv6 address Use the ipv6 address command in Interface Configuration mode to configure an IPv6 address on an interface (including tunnel and loopback interfaces) and to enable IPv6 processing on this interface. Multiple globally reachable addresses can be assigned to an interface by using this command. There is no need to assign a link-local address by using this command since one is automatically created.
2CSNXXX_SWUM204.book Page 1601 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example The following example configures an IPv6 address and enables IPv6 processing. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 address 2020:1::1/64 ipv6 enable Use the ipv6 enable command in Interface Configuration mode to enable IPv6 routing on an interface (including tunnel and loopback interfaces) that has not been configured with an explicit IPv6 address.
2CSNXXX_SWUM204.book Page 1602 Monday, January 25, 2016 1:25 PM ipv6 hop-limit Use the ipv6 hop-limit command to configure the hop limit used in IPv6 PDUs originated by the router. Use the no form of the command to return the hop limit to the default setting. Syntax ipv6 hop-limit count no ipv6 hop-limit • count—The number of hops before the PDU expires (Range 1-255). Default Configuration The default count is "not configured.
2CSNXXX_SWUM204.book Page 1603 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example console(config)#ipv6 host Dell 2001:DB8::/32 ipv6 icmp error-interval Use the icmp error-interval command to limit the rate at which ICMP error messages are sent. The rate limit is configured as a token bucket with two configurable parameters: Burst-size and burst interval.
2CSNXXX_SWUM204.book Page 1604 Monday, January 25, 2016 1:25 PM Example console(config)#ipv6 icmp error-interval 2000 20 ipv6 mld last-member-query-count The ipv6 mld last-member-query-count command sets the number of listener-specific queries sent before the router assumes that there are no local members on the interface. Use the “no” form of this command to set the last member query count to the default.
2CSNXXX_SWUM204.book Page 1605 Monday, January 25, 2016 1:25 PM Syntax ipv6 mld last-member-query-interval last-member-query-interval no ipv6 mld last-member-query-interval • last-member-query-interval — The last member query interval (Range: 0–65535 milliseconds). Default Configuration The default last member query interval is 1 second. Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.book Page 1606 Monday, January 25, 2016 1:25 PM Default Configuration MLD Proxy is disabled by default. Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 mld host-proxy ipv6 mld host-proxy reset-status Use the ipv6 mld host-proxy reset-status command to reset the host interface status parameters of the MLD Proxy router.
2CSNXXX_SWUM204.book Page 1607 Monday, January 25, 2016 1:25 PM ipv6 mld host-proxy unsolicit-rprt-interval Use the ipv6 mld host-proxy unsolicit-rprt-interval command to set the unsolicited report interval for the MLD Proxy router. This command is only valid when MLD Proxy is enabled on the interface. Use the “no” form of this command to reset the MLD Proxy router's unsolicited report interval to the default value.
2CSNXXX_SWUM204.book Page 1608 Monday, January 25, 2016 1:25 PM • query-interval — Query interval (Range: 1–3600). Default Configuration The default query interval is 125 seconds. Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 mld query-interval 130 ipv6 mld query-max-response-time The ipv6 mld query-max-response-time command sets MLD query maximum response time for the interface.
2CSNXXX_SWUM204.book Page 1609 Monday, January 25, 2016 1:25 PM User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 mld query-max-response-time 4500 ipv6 nd dad attempts Use the ipv6 nd dad attempts command in Interface Configuration mode to set the number of duplicate address detection probes transmitted while doing neighbor discovery. Duplicate address detection verifies that an IPv6 address on an interface is unique.
2CSNXXX_SWUM204.book Page 1610 Monday, January 25, 2016 1:25 PM ipv6 nd ra hop-limit unspecified Use the ipv6 nd ra hop-limit unspecified command to configure the hop limit sent in router alert messages. Use the no form of the command to send the default hop limit of 64. Syntax ipv6 nd ra hop-limit unspecified no ipv6 nd ra hop-limit unspecified Default Configuration The default TTL is 64.
2CSNXXX_SWUM204.book Page 1611 Monday, January 25, 2016 1:25 PM Syntax ipv6 nd managed-config-flag no ipv6 nd managed-config-flag Default Configuration False is the default configuration. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Example In the following example, the end node uses DHCPv6.
2CSNXXX_SWUM204.book Page 1612 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example The following example sets the interval between router advertisements for advertised neighbor solicitations at 5000 ms.
2CSNXXX_SWUM204.book Page 1613 Monday, January 25, 2016 1:25 PM Example console (config)#ipv6 nd nud max-multicast-solicits 5 ipv6 nd nud max-unicast-solicits Configures the maximum number of unicast neighbor solicitations sent during neighbor resolution or during NUD (neighbor unreachability detection). Use the no form of the command to reset the value to the default.
2CSNXXX_SWUM204.book Page 1614 Monday, January 25, 2016 1:25 PM ipv6 nd nud retry This command configures the exponential backoff multiple to be used in the calculation of the next timeout value for Neighbor Solicitation transmission during NUD (neighbor unreachabililty detection) following the exponential backoff algorithm. Use the no form of the command to return the backoff multiple to the default.
2CSNXXX_SWUM204.book Page 1615 Monday, January 25, 2016 1:25 PM exponential backoff timing for retransmissions, there is a higher probability that the cache entry is removed resulting in the disruption of the existing traffic. Another significant benefit of delayed neighbor solicitation retransmission is higher robustness against transient failures, such as spanning tree reconvergence and other layer 2 issues that can take many seconds to resolve.
2CSNXXX_SWUM204.book Page 1616 Monday, January 25, 2016 1:25 PM Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 1617 Monday, January 25, 2016 1:25 PM Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines The router advertises its global IPv6 prefixes in its router advertisements (RAs). An RA only includes the prefixes of the IPv6 addresses configured on the interface where the RA is transmitted. Addresses are configured using the ipv6 address interface configuration command.
2CSNXXX_SWUM204.book Page 1618 Monday, January 25, 2016 1:25 PM Command Mode Interface Configuration (physical, port-channel) User Guidelines RA Guard drops all incoming IPv6 router advertisement and router redirect messages. RA Guard may be configured on L2 or L3 interfaces. Command History Introduced in version 6.2.0.1 firmware.
2CSNXXX_SWUM204.book Page 1619 Monday, January 25, 2016 1:25 PM • minimum — The minimum interval duration (Range: 3 – (0.75 * maximum) seconds). Default Configuration 600 is the default value for seconds. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines The minimum interval cannot be larger than 75% of the maximum interval. Example The following example sets the transmission interval between router advertisements at 1000 seconds.
2CSNXXX_SWUM204.book Page 1620 Monday, January 25, 2016 1:25 PM Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Example The following example sets at 1000 seconds the value that is placed in the Router Lifetime field of the router advertisements.
2CSNXXX_SWUM204.book Page 1621 Monday, January 25, 2016 1:25 PM Example The following example sets the router advertisement time at 5000 milliseconds to consider a neighbor reachable after neighbor discovery confirmation. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 nd reachable-time 5000 ipv6 nd suppress-ra Use the ipv6 nd suppress-ra command in Interface Configuration mode to suppress router advertisement transmission on an interface.
2CSNXXX_SWUM204.book Page 1622 Monday, January 25, 2016 1:25 PM ipv6 route Use the ipv6 route command in Global Configuration mode to configure an IPv6 static route. Use the no form of the command to remove a preference, an individual next hop, or all next hops for a route. Using the no ipv6 route distance form causes the system to use the system default administrative distance.
2CSNXXX_SWUM204.book Page 1623 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configure an IPv6 static route. console(config)#ipv6 route 2020:1::1/64 2030:1::2 ipv6 route distance Use the ipv6 route distance command in Global Configuration mode to set the default distance (preference) for static routes. Lower route preference values are preferred when determining the best route.
2CSNXXX_SWUM204.book Page 1624 Monday, January 25, 2016 1:25 PM User Guidelines Lower route distance values are preferred when determining the best route. Example The following example sets the default distance to 80. console(config)#ipv6 route distance 80 ipv6 unicast-routing Use the ipv6 unicast-routing command in Global Configuration mode to enable forwarding of IPv6 unicast datagrams. Syntax ipv6 unicast-routing no ipv6 unicast-routing Default Configuration Disabled is the default configuration.
2CSNXXX_SWUM204.book Page 1625 Monday, January 25, 2016 1:25 PM Syntax ipv6 unreachables no ipv6 unreachables Default Configuration ICMPv6 Destination Unreachable messages are enabled by default. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.book Page 1626 Monday, January 25, 2016 1:25 PM Example The following example displays the IPv6 status of forwarding mode and IPv6 unicast routing mode. console#show ipv6 brief IPv6 Unicast Routing Mode.................... IPv6 Hop Limit............................... ICMPv6 Rate Limit Error Interval............. ICMPv6 Rate Limit Burst Size.................
2CSNXXX_SWUM204.book Page 1627 Monday, January 25, 2016 1:25 PM Field Description Auto The IPv6 address is automatically generated using IPv6 auto address configuration (RFC 2462). Config The IPv6 address is manually configured. DHCP The IPv6 address is leased from a DHCP server. TENT Tentative address. The long form of the command includes the same annotations and shows whether address autoconfiguration or DHCP client are enabled on the interface.
2CSNXXX_SWUM204.book Page 1628 Monday, January 25, 2016 1:25 PM The following example displays the long form of the command, and indicates whether address autoconfiguration or DHCP client are enabled on the interface. When the interface acts as a host interface, the output also shows the default gateway on the interface, if one exists. console#show ipv6 interface vlan2 IPv6 is enabled IPv6 Prefix is ................................
2CSNXXX_SWUM204.book Page 1629 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example console#show ipv6 interface management statistics DHCPv6 Client Statistics ------------------------DHCPv6 Advertisement Packets Received.......... DHCPv6 Reply Packets Received.................. Received DHCPv6 Advertisement Packets Discard.. Received DHCPv6 Reply Packets Discarded........ DHCPv6 Malformed Packets Received.............. Total DHCPv6 Packets Received.................
2CSNXXX_SWUM204.book Page 1630 Monday, January 25, 2016 1:25 PM User Guidelines The following fields are displayed as a table when vlan vlan-id is specified: Field Description Number of (*, G) entries Displays the number of groups present in the MLD Table. Number of (S, G) entries Displays the number of include and exclude mode sources present in the MLD Table. Group Address The address of the multicast group. Interface Interface through which the multicast group is reachable.
2CSNXXX_SWUM204.book Page 1631 Monday, January 25, 2016 1:25 PM The following table is displayed to indicate all the sources associated with this group: Field Description Source Address The IP address of the source. Uptime Time elapsed in seconds since the source has been known. Expiry Time Time left in seconds before the entry is removed. Example console#show ipv6 mld groups ff1e::5 Interface..................................... vlan 6 Group Address................................
2CSNXXX_SWUM204.book Page 1632 Monday, January 25, 2016 1:25 PM Interface..................................... vlan 6 Up Time (hh:mm:ss).......................... 00:04:23 Expiry Time (hh:mm:ss)........................ ------ show ipv6 mld interface The show ipv6 mld interface command is used to display MLD related information for an interface. Syntax show ipv6 mld interface { vlan vlan-id | all} • vlan-id — A valid VLAN id. Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 1633 Monday, January 25, 2016 1:25 PM Query Max Response Time This field indicates the configured maximum query response time (in seconds) advertised in MLD queries on this interface. Robustness This field displays the configured value for the tuning for the expected packet loss on a subnet attached to the interface. Startup Query Interval This value indicates the configured interval between General Queries sent by a Querier on startup.
2CSNXXX_SWUM204.book Page 1634 Monday, January 25, 2016 1:25 PM Example console#show ipv6 mld interface vlan 2 Interface................................... vlan 2 MLD Global Admin Mode....................... Enabled MLD Interface Admin Mode.................... Disabled MLD Operational Mode........................ Disabled MLD Version................................. 2 Query Interval (secs)....................... 100 Query Max Response Time(milli-secs)........ 1111 Robustness................................
2CSNXXX_SWUM204.book Page 1635 Monday, January 25, 2016 1:25 PM Operational Mode Indicates whether MLD Proxy is operationally enabled or disabled. This is a status parameter. Version The present MLD host version that is operational on the proxy interface. Number of Multicast Groups The number of multicast groups that are associated with the MLD-Proxy interface. Unsolicited Report The time interval at which the MLD-Proxy interface sends Interval unsolicited group membership reports.
2CSNXXX_SWUM204.book Page 1636 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec, Configuration mode and all Configuration submodes User Guidelines The following parameters are displayed by this command: Field Description Interface The MLD Proxy interface. Group Address The IP address of the multicast group. Last Reporter The IP address of the host that last sent a membership report for the current group on the network attached to the MLD-Proxy interface (upstream interface).
2CSNXXX_SWUM204.book Page 1637 Monday, January 25, 2016 1:25 PM show ipv6 mld host-proxy groups detail Use the show ipv6 mld host-proxy groups detail command to display information about multicast groups that MLD Proxy reported. Syntax show ipv6 mld host-proxy groups detail Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 1638 Monday, January 25, 2016 1:25 PM Group Source List The list of IP addresses of the sources attached to the multicast group. Expiry Time The time left for a source to get deleted. Example console#show ipv6 mld host-proxy groups Interface................................ vlan 10 Group Address Last Reporter Up Time Member State Filter Mode Sources ------------- ---------------- --------- ----------------- ------------- --FF1E::1 FE80::100:2.
2CSNXXX_SWUM204.book Page 1639 Monday, January 25, 2016 1:25 PM Default Configuration There is no default configuration for this command. Command Mode Privileged Exec, Configuration mode and all Configuration submodes User Guidelines The following parameters are displayed only when MLD Proxy is enabled: Parameter Description Interface The MLD Proxy interface. The column headings of the table associated with the interface are as follows: Parameter Description Ver The MLD version.
2CSNXXX_SWUM204.book Page 1640 Monday, January 25, 2016 1:25 PM show ipv6 mld traffic The show ipv6 mld traffic command is used to display MLD statistical information for the router. Syntax show ipv6 mld traffic Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 1641 Monday, January 25, 2016 1:25 PM Example console#show ipv6 mld traffic Valid MLD Packets Received..................... Valid MLD Packets Sent......................... Queries Received............................... Queries Sent................................... Reports Received............................... Reports Sent................................... Leaves Received................................ Leaves Sent....................................
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1643 Monday, January 25, 2016 1:25 PM IPv6 Address MAC Address isRtr -------------------- ----------------- ----- State Updated Interface ------- --------- show ipv6 protocols Use the show ipv6 protocols command to display information about the configured IPv6 routing protocols Syntax show ipv6 protocols Default Configuration There is no default configuration for this command. Command Mode Priveleged Exec mode, Global Configuration mode, all Configuration submodes.
2CSNXXX_SWUM204.book Page 1644 Monday, January 25, 2016 1:25 PM Source Metric Dist List Route Map --------- ---------- -------------------------------- ------------------------------connected Networks Originated: Neighbors: 2001::1 Filter List In ............................ 1 Filter List Out ........................... 1 Routing Protocol .............................. Router ID ..................................... OSPF Admin Mode ............................... Maximum Paths .............................
2CSNXXX_SWUM204.book Page 1645 Monday, January 25, 2016 1:25 PM • interface-type interface-number—Valid IPv6 interface. Specifies that the routes with next-hops on the selected interface be displayed. Supported interface types are VLAN, Tunnel, and Loopback. • best—Specifies that only the best routes are displayed. If the connected keyword is selected for protocol, the best option is not available because there are no best or non-best connected routes.
2CSNXXX_SWUM204.book Page 1646 Monday, January 25, 2016 1:25 PM Syntax show ipv6 route preferences Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example shows the preference value associated with the type of route. console#show ipv6 route preferences Local.......................................... Static.......................
2CSNXXX_SWUM204.book Page 1647 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Command History Updated in version 6.3.0.1 firmware. Example The following example displays a summary of the routing table. console#show ipv6 route summary Connected Routes...............................32 Static Routes.........
2CSNXXX_SWUM204.book Page 1648 Monday, January 25, 2016 1:25 PM • interface-id—An interface identifier (physical or port-channel). Default Configuration By default, no RA guard policies are applied to any interface. Command Mode Privileged Exec, Global Configuration, and all submodes User Guideline There are no user guidelines for this command. Command History Introduced in version 6.2.0.1 firmware.
2CSNXXX_SWUM204.book Page 1649 Monday, January 25, 2016 1:25 PM • loopback-id — Loopback identifier. (Range: 0-7) Default Configuration This command has no default configuration. Command Mode User Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples The following examples show traffic and statistics for IPv6 and ICMPv6, first for all interfaces and an individual VLAN.
2CSNXXX_SWUM204.book Page 1650 Monday, January 25, 2016 1:25 PM Received Datagrams Locally Delivered............... Received Datagrams Discarded Due To Header Errors.. Received Datagrams Discarded Due To MTU............ Red Datagrams Discarded Due To No Route............ Received Datagrams With Unknown Protocol........... Received Datagrams Discarded Due To Invalid Address Received Datagrams Discarded Due To Truncated Data. Received Datagrams Discarded Other.................
2CSNXXX_SWUM204.book Page 1651 Monday, January 25, 2016 1:25 PM MAC Address used by Routing VLANs: 00:02:BC:00:30:68 VLAN ID IPv6 Address/Prefix Length ------- --------------------------------------1 traceroute ipv6 Use the traceroute ipv6 command in Privileged Exec mode to determine the path and measure the transit delay to another device in the network. The transit delays are measured for each hop in the network.
2CSNXXX_SWUM204.book Page 1652 Monday, January 25, 2016 1:25 PM Default Configuration There is no default configuration for this command. Command Mode Privileged Exec and User Exec modes User Guidelines Traceroute operates by sending a sequence of Internet Control Message Protocol (ICMP) echo request packets. The time-to-live (TTL) value, is used in determining the intermediate routers through which the packet flows toward the destination address.
2CSNXXX_SWUM204.book Page 1653 Monday, January 25, 2016 1:25 PM Loopback Interface Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Dell Networking provides for the creation, deletion, and management of loopback interfaces. They are dynamic interfaces that are created and deleted by user configuration. A loopback interface is always expected to be up. As such, it provides a means to configure a stable IP address on the device which may be referred to by other switches in the network.
2CSNXXX_SWUM204.book Page 1654 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example The following example enters the Interface Loopback 1 configuration mode. console(config)#interface loopback 1 console(config-if-loopback0)#ip address 192.168.22.1 255.255.255.255 console(config-if-loopback0)#exit console(config)#ex console#ping 192.168.22.1 Pinging 192.168.22.1 with 0 bytes of data: Reply Reply Reply Reply From From From From 192.168.22.1: 192.168.22.1: 192.168.
2CSNXXX_SWUM204.book Page 1655 Monday, January 25, 2016 1:25 PM Examples The following examples display information about configured loopback interfaces. console# show interfaces loopback Loopback Id Interface IP Address ----------- --------- ---------1 loopback 1 0.0.0.0 Received Packets ---------------0 Sent Packets -----------0 console# show interfaces loopback 1 Interface Link Status.......................... Up IP Address..................................... 0.0.0.0 0.0.0.0 MTU size................
2CSNXXX_SWUM204.book Page 1656 Monday, January 25, 2016 1:25 PM IP Multicast Commands Dell Networking N3000/N4000 Series Switches The Dell Network N1500/N2000 series supports limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. The Dell Networking Multicast component is best suited for video and audio traffic requiring multicast packet control for optimal operation.
2CSNXXX_SWUM204.book Page 1657 Monday, January 25, 2016 1:25 PM mandatory. Discovering the local domain-name server is the intended use of multicast messages on remote networks when there is less than one server per network. • Applications used for datacasting: Since multimedia transmission has become increasingly popular, multicast transmission use has increased. Multicast transmission may be used to efficiently accommodate this type of communication.
2CSNXXX_SWUM204.book Page 1658 Monday, January 25, 2016 1:25 PM Syntax clear ip mroute { * | group-address [ source-address ] } • * —Deletes all IPv4 entries from the IP multicast routing table. • group-address— IP address of the multicast group. • source-address—IP address of a multicast srouce that is sending multicast traffic to the group. Default configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 1659 Monday, January 25, 2016 1:25 PM ip multicast boundary Use the ip multicast boundary command in Interface Configuration mode to add an administrative scope multicast boundary specified by groupipaddr and mask for which this multicast administrative boundary is applicable. groupipaddr is a group IP address and mask is a group IP mask. Syntax ip multicast boundary groupipaddr mask no ip multicast boundary groupipaddr • groupipaddr — IP address of multicast group.
2CSNXXX_SWUM204.book Page 1660 Monday, January 25, 2016 1:25 PM Syntax ip mroute source-address mask rpf-address preference no ip mroute source-address mask • source-address — The IP address of the multicast data source. • mask — The IP subnet mask of the multicast data source. • rpf-address — The IP address of the next hop towards the source. • preference — The cost of the route (Range: 1 - 255). Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 1661 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Use of a multicast routing protocol is recommended (e.g., PIM) when ip multicast is enabled. Unless required, IGMP/MLD snooping should be disabled when ip multicast is enabled.
2CSNXXX_SWUM204.book Page 1662 Monday, January 25, 2016 1:25 PM Syntax ip multicast ttl-threshold ttlvalue no ip multicast ttl-threshold • ttlvalue — Specifies TTL threshold. (Range: 0-255) Default Configuration This command has no default configuration. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example applies a ttlvalue of 5 to the VLAN 15 routing interface.
2CSNXXX_SWUM204.book Page 1663 Monday, January 25, 2016 1:25 PM Command Mode Interface (VLAN) Configuration mode User Guidelines PIM requires that routing, multicast, and IGMP be enabled. Example console(config)#ip routing console(config)#ip multicast console(config)#interface vlan 10 console(if-vlan-10)#ip pim ip pim bsr-border The ip pim bsr-border command is used in Interface (VLAN) Configuration mode to administratively disable bootstrap router (BSR) messages on the interface.
2CSNXXX_SWUM204.book Page 1664 Monday, January 25, 2016 1:25 PM ip pim bsr-candidate The ip pim bsr-candidate command is used to configure the router to advertise itself as a bootstrap router (BSR). Use the no form of this command to return to the default configuration. This command replaces the ip pimsm bsr-candidate, ip pimsm cbsrhaskmasklength and ip pimsm cbsrpreference commands.
2CSNXXX_SWUM204.book Page 1665 Monday, January 25, 2016 1:25 PM ip pim dense-mode Use the ip pim dense-mode command in Global Configuration mode to administratively configure PIM dense mode for IP multicast routing. Use the no form of this command to disable PIM. Syntax ip pim dense-mode no ip pim Default Configuration PIM is not enabled by default. Command Mode Global Configuration mode User Guidelines Only one of sparse or dense mode can be configured on a router.
2CSNXXX_SWUM204.book Page 1666 Monday, January 25, 2016 1:25 PM no ip pim dr-priority • priority — The administratively configured priority (Range: 0–2147483647). Default Configuration The default election priority is 1. Command Mode Interface (VLAN) Configuration mode User Guidelines This command only has an effect if sparse mode is enabled. Lower values are preferred.
2CSNXXX_SWUM204.book Page 1667 Monday, January 25, 2016 1:25 PM User Guidelines There are no user guidelines for this command. Example console(config-if-vlan10)#ip pim hello-interval 20 ip pim join-prune-interval The ip pim join-prune-interval command in Interface (VLAN) Configuration mode to administratively configure the frequency of join/prune messages on the specified interface. Use the no form of this command to return the configuration to the default.
2CSNXXX_SWUM204.book Page 1668 Monday, January 25, 2016 1:25 PM ip pim rp-address Use the ip pim rp-address command in Global Configuration mode to define the address of a PIM Rendezvous point (RP) for a specific multicast group range. Use the no form of this command to remove a configured RP. This command replaces the ip pimsm rp-address command.
2CSNXXX_SWUM204.book Page 1669 Monday, January 25, 2016 1:25 PM ip pim rp-candidate Use the ip pim rp-candidate command in Global Configuration mode to configure the router to advertise itself to the bootstrap router (BSR) router as a PIM candidate rendezvous point (RP) for a specific multicast group range. Use the no form of this command to return to the default configuration. This command replaces the ip pimsm rp-candidate command.
2CSNXXX_SWUM204.book Page 1670 Monday, January 25, 2016 1:25 PM Syntax ip pim sparse-mode no ip pim Default Configuration PIM not enabled by default. Command Mode Global Configuration mode User Guidelines Only one of sparse or dense mode can be configured on a router.IGMP is automatically enabled if PIM is enabled and disabled when PIM is disabled. IP multicast must be enabled for PIM to operate. ip multicast-routing is not disabled or enabled by this command.
2CSNXXX_SWUM204.book Page 1671 Monday, January 25, 2016 1:25 PM • group-address—An IP multicast group address. • group-mask—An IPv4 mask in a.b.c.d form where a, b, c and d range from 0-255. Default Configuration There are no group addresses configured by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ip pim ssm 239.0.10.0 255.255.255.
2CSNXXX_SWUM204.book Page 1672 Monday, January 25, 2016 1:25 PM Field Description MFC IPv4 Mode Enabled when IPv4 Multicast routing is operational. MFC IPv6 Mode Enabled when IPv6 Multicast routing is operational. MFC Entry Count The number of entries present in MFC. Total Pkts Forwarded in Total Number of multicast packets forwarded in software. SW Source Address Source address of the multicast route entry. Group Address Group address of the multicast route entry.
2CSNXXX_SWUM204.book Page 1673 Monday, January 25, 2016 1:25 PM Command Mode User Exec, Privileged Exec modes, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays system-wide multicast information. console#show ip multicast Admin Mode........................... Protocol State....................... Table Max Size....................... Protocol.............................
2CSNXXX_SWUM204.book Page 1674 Monday, January 25, 2016 1:25 PM Example The following example displays all the configured administrative scoped multicast boundaries. console#show ip pim boundary all MULTICAST BOUNDARY Interface Group IP Mask -------- -------------------- show ip multicast interface Use the show ip multicast interface command in Privileged Exec mode to display the multicast information for the specified interface.
2CSNXXX_SWUM204.book Page 1675 Monday, January 25, 2016 1:25 PM show ip mroute Use the show ip mroute command in Privileged Exec mode to display a summary or details of the multicast table. Syntax show ip mroute Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 1676 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the multicast configuration settings such as flags, timer settings, incoming and outgoing interfaces. console#show ip mroute group 239.5.5.5 summary console#show ip mroute group 239.5.5.
2CSNXXX_SWUM204.book Page 1677 Monday, January 25, 2016 1:25 PM Example The following example displays multicast configuration settings. console#show ip mroute source 10.1.1.1 summary console#show ip mroute source 10.1.1.1 239.5.5.5 show ip mroute static Use the show ip mroute static command in Privileged Exec mode to display all the static routes configured in the static mcast table if it is specified or display the static route associated with the particular sourceipaddr.
2CSNXXX_SWUM204.book Page 1678 Monday, January 25, 2016 1:25 PM show ip pim The show ip pim command displays information about the interfaces enabled for PIM. Syntax show ip pim Default Configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines The following information is displayed: Field Description PIM Mode The routers that are enabled for PIM.
2CSNXXX_SWUM204.book Page 1679 Monday, January 25, 2016 1:25 PM • candidate – Shows the candidate routers capable of acting as the bootstrap router. • elected – Shows the router elected as the PIM bootstrap router. Default Configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines The following information is displayed: Field Description BSR address IP address of the BSR.
2CSNXXX_SWUM204.book Page 1680 Monday, January 25, 2016 1:25 PM show ip pim interface The show ip pim interface command displays the PIM interface status parameters. If the interface number is not is specified, the command displays the status parameters of all the PIM-enabled interfaces. Syntax show ip pim interface [vlan vlan-id] • vlan-id — A valid VLAN ID for which multicast routing has been enabled.
2CSNXXX_SWUM204.book Page 1681 Monday, January 25, 2016 1:25 PM Interface Mode Hello Interval(secs) Join Prune Interval(secs) DR Priority BSR Border Neighbor Count Designated Router VLAN0010 Sparse 30 60 1 Disabled 1 192.168.10.1 Interface Mode Hello Interval(secs) Join Prune Interval(secs) DR Priority BSR Border Neighbor Count Designated Router VLAN0001 Sparse 30 60 1 Disabled 1 192.168.10.
2CSNXXX_SWUM204.book Page 1682 Monday, January 25, 2016 1:25 PM User Guidelines The following information is displayed. Field Description Neighbor Addr IP address of the PIM neighbor Interface Interface number Uptime Time since the neighbor is learned Expiry Time Time remaining for the neighbor to expire Example (console)#show ip pim neighbor vlan 10 Up Time Expiry Time Neighbor Addr Interface hh:mm:ss hh:mm:ss --------------- ---------- --------- ----------192.168.10.
2CSNXXX_SWUM204.book Page 1683 Monday, January 25, 2016 1:25 PM Default Configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines The following fields are displayed: Field Description RP Address Address of the RP Type Origin from where this group mapping was learned. Example console#show ip pim rp-hash 239.1.2.0 RP-Address 192.168.10.
2CSNXXX_SWUM204.book Page 1684 Monday, January 25, 2016 1:25 PM Command Mode User Exec, Privileged Exec modes, Configuration mode and all Configuration submodes User Guidelines The following fields are displayed. Field Description RP Address Address of the RP Group Address Address of the multicast group. Group Mask Mask for the group address. Origin Origin from where this group mapping is learned. Example console#show ip pim rp mapping candidate RP Address....................................
2CSNXXX_SWUM204.book Page 1685 Monday, January 25, 2016 1:25 PM Default configuration There is no default configuration for this command. Command Mode Privileged Exec modes, Global Configuration mode and all submodes User Guidelines This command only displays output if pim sparse-mode is enabled. The following statistics are displayed. Field Description Stat Rx: Packets received. Tx: Packets transmitted. Interface The PIM enabled routing interface. Hello Number of PIM Hello messages.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1687 Monday, January 25, 2016 1:25 PM IPv6 Multicast Commands Dell Networking N3000/N4000 Series Switches The Dell Network N1500/N2000 series supports limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities.
2CSNXXX_SWUM204.book Page 1688 Monday, January 25, 2016 1:25 PM Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command does not clear static multicast route entries. When a * entry is deleted through this command, it cannot be formed again until it is expired in MLD and started again via the host. The default mcache time-out is 210 seconds.
2CSNXXX_SWUM204.book Page 1689 Monday, January 25, 2016 1:25 PM Default Configuration PIM is disabled by default. Command Mode Interface Configuration (VLAN) mode User Guidelines Either PIM-SM or PIM-DM are enabled by this command depending on the globally configured mode. Refer to the ipv6 pim sparse-mode and ipv6 pim dense-mode commands for further information.
2CSNXXX_SWUM204.book Page 1690 Monday, January 25, 2016 1:25 PM ipv6 pim bsr-candidate Use the ipv6 pim bsr-candidate command to configure the router to announce its candidacy as a bootstrap router (BSR). Use the no form of this command to stop the router from announcing its candidacy as a bootstrap router. Syntax ipv6 pim bsr-candidate vlan vlan-id hash-mask-len [priority][interval] no ipv6 pim bsr-candidate vlan vlan-id • vlan-id — A valid VLAN ID value.
2CSNXXX_SWUM204.book Page 1691 Monday, January 25, 2016 1:25 PM Example console(config)#ipv6 pim bsr-candidate vlan 9 10 34 ipv6 pim dense-mode Use the ipv6 pim dense-mode command in Global configuration mode to administratively configure PIM dense mode for IPv6 multicast routing. This command also enables MLD. Use the no form of this command to disable PIM and MLD. This command does not affect ip multicast-routing.
2CSNXXX_SWUM204.book Page 1692 Monday, January 25, 2016 1:25 PM • priority — The election priority (Range: 0–2147483647). Default Configuration The default election priority is 1. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 pim dr-priority 10 ipv6 pim hello-interval Use the ipv6 pim hello-interval command to configure the PIM-SM Hello Interval for the specified interface.
2CSNXXX_SWUM204.book Page 1693 Monday, January 25, 2016 1:25 PM Example console(config-if-vlan3)#ipv6 pim hello-interval 45 ipv6 pim join-prune-interval Use the ipv6 pim join-prune-interval command to configure the interface join/prune interval for the PIM-SM router. Use the no form of this command to set the join/prune interval to the default. Syntax ipv6 pim join-prune-interval interval no ipv6 pim join-prune-interval • interval— The join/prune interval (Range: 0–18000 seconds).
2CSNXXX_SWUM204.book Page 1694 Monday, January 25, 2016 1:25 PM Default Configuration The default threshold rate is 0. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 pim register-threshold 250 ipv6 pim rp-address Use the ipv6 pim rp-address command to statically configure the RP address for one or more multicast groups.
2CSNXXX_SWUM204.book Page 1695 Monday, January 25, 2016 1:25 PM User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 pim rp-address 2001::1 ff1e::/64 ipv6 pim rp-candidate Use the ipv6 pim rp-candidate command to configure the router to advertise itself as a PIM candidate rendezvous point (RP) to the bootstrap router (BSR).
2CSNXXX_SWUM204.book Page 1696 Monday, January 25, 2016 1:25 PM Example console(config)#ipv6 pim rp-candidate vlan 6 ff1e::/64 ipv6 pim sparse-mode Use the ipv6 pim sparse-mode command to administratively configure PIM sparse mode for multicast routing. This command also enables MLD. Use the no form of this command to disable PIM and MLD. Syntax ipv6 pim sparse-mode no ipv6 pim Default Configuration IPv6 PIM sparse mode is disabled by default.
2CSNXXX_SWUM204.book Page 1697 Monday, January 25, 2016 1:25 PM • prefixlength —This parameter specifies the prefix length of the IP address for the media gateway. (Range: 1–128) Default Configuration The default range is FF3x::/32. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ipv6 pim ssm ff1e::/64 show ipv6 pim Use the show ipv6 pim command to display global status of IPv6 PIMSM and its IPv6 routing interfaces.
2CSNXXX_SWUM204.book Page 1698 Monday, January 25, 2016 1:25 PM Interface --------Vl1 Interface-Mode -------------Enabled Operational-Status -----------------Operational show ipv6 pim bsr-router Use the show ipv6 pim bsr-router command to display the bootstrap router (BSR) information. Syntax show ipv6 pim bsr-router { candidate | elected } • candidate—Show the IPv6 PIM candidate bootstrap router information. • elected—Show the IPv6 elected PIM bootstrap router information.
2CSNXXX_SWUM204.book Page 1699 Monday, January 25, 2016 1:25 PM Example console(config)#show ipv6 pim bsr-router candidate BSR Address.................................... 2001:0db8:0:badc::1 BSR Priority................................. 0 BSR Hash Mask Length......................... 64 C-BSR Advertisement Interval (secs).......... 60 Next Bootstrap message (hh:mm:ss)............
2CSNXXX_SWUM204.book Page 1700 Monday, January 25, 2016 1:25 PM show ipv6 mroute Use the show ipv6 mroute command in Privileged Exec mode to display a summary or all the details of the multicast table. Syntax show ipv6 mroute [group groupip [summary] | source sourceip [summary] | static summary] • group—Show the multicast route information for the specified multicast group. • source—Show the multicast route information for the specified multicast source.
2CSNXXX_SWUM204.book Page 1701 Monday, January 25, 2016 1:25 PM Multicast Route Table Summary Source IP Group IP Protocol IIF OIF Expiry --------------- --------------- -------- --------- --------- ------* FF43::5 PIMSM Vl11 Vl13 2001::5 FF43::5 PIMSM Vl12 Vl11 Vl13 console#show ipv6 mroute source 2001::5 ? | summary Press enter to execute the command. Output filter options. Display the IPV6 multicast routing table summary.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1704 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example console#show ipv6 mroute source 2001::5 ? | summary Press enter to execute the command. Output filter options. Display the IPV6 multicast routing table summary.
2CSNXXX_SWUM204.book Page 1705 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show ipv6 pim interface vlan 6 Slot/Port...................................... IP Address..................................... Hello Interval (secs).......................... Join Prune Interval (secs)..................... Neighbor Count ................................
2CSNXXX_SWUM204.book Page 1706 Monday, January 25, 2016 1:25 PM Slot/Port...................................... Neighbor Address............................... Up Time (hh:mm:ss)............................. Expiry Time (hh:mm:ss)......................... DR Priority.................................... vlan 6 FE80::200:FF:FE00:33 00:00:12 00:01:34 0 show ipv6 pim rp-hash Use the show ipv6 pim rp-hash command to display which rendezvous point (RP) is being selected for a specified group.
2CSNXXX_SWUM204.book Page 1707 Monday, January 25, 2016 1:25 PM Syntax show ipv6 pim rp mapping [ rp-address | candidate | static ] • rp-address — IP address of RP. • candidate—Show candidate rendezvous point mappings. • static—Show static rendezvous point mappings. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.book Page 1708 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec mode, Global Configuration mode, all sub-modes. User Guidelines This command only displays output if pim sparse-mode is enabled. The following counters are displayed in the output. Field Description Stat Rx :Packets received. Tx: Packets transmitted. Interface The PIM enabled routing interface. Hello Number of PIM Hello messages. Register Number of PIM Register messages.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1710 Monday, January 25, 2016 1:25 PM OSPF Commands Dell Networking N3000/N4000 Series Switches The Dell Network N1500/N2000 series supports limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. OSPF is a link-state protocol. Dell Networking OSPF supports variablelength subnet masks. Dell Networking OSPF only operates over VLAN interfaces. OSPF operates within a hierarchy.
2CSNXXX_SWUM204.book Page 1711 Monday, January 25, 2016 1:25 PM Route Preferences Normally, OSPF select routes in the following order: • Local • Static • Intra-area • Inter-area • External • RIP Dell Networking OSPF allows the administrator to change the preference for selecting intra, inter, and external routes according to the following rules: a External route preferences apply to all ospf external routes like type1, type2, nssa-type1, nssa-type2 equally.
2CSNXXX_SWUM204.book Page 1712 Monday, January 25, 2016 1:25 PM • Learned Dynamically: Routing protocols can learn ECMP routes. For example, if OSPF is configured on both links connecting Router A to Router B with interface addresses 10.1.1.2 and 10.1.2.2 respectively, and Router B advertises its connection to 20.0.0.0/ 8, then Router A computes an OSPF route to 20.0.0.0/8 with next hops of 10.1.1.2 and 10.1.2.2. Dell Networking routing stores static and dynamic routes in a single combined routing table.
2CSNXXX_SWUM204.book Page 1713 Monday, January 25, 2016 1:25 PM Graceful Restart The Dell Networking implementation of OSPFv2 supports graceful restart as specified in RFC 3623. Graceful restart works in concert with Dell Networking nonstop forwarding to enable the hardware to continue forwarding IPv4 packets using OSPFv2 routes while a backup unit takes over management unit responsibility.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1715 Monday, January 25, 2016 1:25 PM • area-id — Identifies the OSPF stub area to configure. (Range: IP address or decimal from 0-4294967295) • integer — The default cost for the stub area. (Range: 1–16777215) Default Configuration 10 is the default configuration for integer. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example identifies a stub area of 10 and default cost of 100.
2CSNXXX_SWUM204.book Page 1716 Monday, January 25, 2016 1:25 PM • metric-value—Specifies the metric of the default route advertised to the NSSA. (Range: 1–16777214) • metric-type-value—The metric type can be one of the following : • • – A metric type of nssa-external 1 – A metric type of nssa-external 2 (default) role—The translator role where role is one of the following : – always - The router assumes the role of the translator when it becomes a border router.
2CSNXXX_SWUM204.book Page 1717 Monday, January 25, 2016 1:25 PM area nssa default-info-originate (Router OSPF Config) Use the area nssa default-info-originate command in Router OSPF Configuration mode to configure the metric value and type for the default route advertised into the NSSA. The metric type can be comparable (nssaexternal 1) or noncomparable (nssa-external 2). Use the no form of the command to return the metric value and type to the default value.
2CSNXXX_SWUM204.book Page 1718 Monday, January 25, 2016 1:25 PM area nssa no-redistribute Use the area nssa no-redistribute command in Router OSPF Configuration mode to configure the NSSA Area Border router (ABR) so that learned external routes are not redistributed to the NSSA. Syntax area area-id nssa no-redistribute no area area-id nssa no-redistribute • area-id — Identifies the OSPF NSSA to configure.
2CSNXXX_SWUM204.book Page 1719 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the NSSA so that summary LSAs are not advertised into the NSSA.
2CSNXXX_SWUM204.book Page 1720 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example The following example configures the translator role of the NSSA. console(config-router)#area 20 nssa translator-role always area nssa translator-stab-intv Use the area nssa translator-stab-intv command in Router OSPF Configuration mode to configure the translator stability interval of the NSSA.
2CSNXXX_SWUM204.book Page 1721 Monday, January 25, 2016 1:25 PM area range (Router OSPF) Use the area range command in Router OSPF Configuration mode to configure a summary prefix that an area border router advertises for a specific area. There are two types of area ranges. An area range can be configured to summarize intra-area routes. An ABR advertises the range rather than the specific intra-area route as a type 3 summary LSA.
2CSNXXX_SWUM204.book Page 1722 Monday, January 25, 2016 1:25 PM type 3 summary LSA is not advertised, but contained networks are suppressed. This behavior is equivalent to specifying the not-advertise option. If the range is configured for type 7 to type 5 translation, a type 5 LSA is sent if the metric is set to 16,777,215; however, other routers will not compute a route from a type 5 LSA with this metric. Default Configuration No area ranges are configured by default. No cost is configured by default.
2CSNXXX_SWUM204.book Page 1723 Monday, January 25, 2016 1:25 PM If the user tries to configure both types of ranges for the same prefix and area: A T3 range with the same prefix is already configured on this area. If the network mask is invalid: console (config-router)#area 1 range 0.0.0.0 0.0.0.0 summarylink An area range mask must have contiguous ones and be no longer than 31 bits. If the prefix is not a valid area range prefix: console (config-router)#area 1 range 0.0.0.0 255.0.0.
2CSNXXX_SWUM204.book Page 1724 Monday, January 25, 2016 1:25 PM External LSAs and Summary LSAs can significantly reduce the link state database of routers within the stub area. Use the no form of the command to remove the stub area. Syntax area area-id stub no area area-id stub • area-id — Identifies the area identifier of the OSPF stub. (Range: IP address or decimal from 0–4294967295) Default Configuration This command has no default configuration. Command Mode Router OSPF Configuration mode.
2CSNXXX_SWUM204.book Page 1725 Monday, January 25, 2016 1:25 PM • area-id — Identifies the OSPF area to configure. (Range: IP address or decimal from 0–4294967295) Default Configuration Disabled is the default configuration. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example prevents the Summary LSA from being advertised into the area 3 NSSA.
2CSNXXX_SWUM204.book Page 1726 Monday, January 25, 2016 1:25 PM • area-id—Identifies the OSPF stub area to configure. (Range: IP address or decimal from 0-4294967295) • router-id—Valid IP address. • authentication—Specifies authentication type. • message-digest —Specifies that message-digest authentication is used. • null—No authentication is used. Overrides password or message-digest authentication if configured for the area.
2CSNXXX_SWUM204.book Page 1727 Monday, January 25, 2016 1:25 PM Parameter Default transmit-delay seconds 1 second dead-interval seconds 40 seconds authentication-key key No key is predefined. message-digest-key key-id md5 key No key is predefined. Command Mode Router OSPF Configuration mode. User Guidelines Unauthenticated interfaces cannot be configured with an authentication key. Use the area virtual-link authentication command on page 1727 to enable configuration of an authentication key.
2CSNXXX_SWUM204.book Page 1728 Monday, January 25, 2016 1:25 PM Syntax area area-id virtual-link neighbor-id authentication [none | simple key | encrypt key key-id] no area area-id virtual-link neighbor-id authentication • area-id — Identifies the OSPF area to configure. (Range: IP address or decimal from 0–4294967295) • neighbor-id — Identifies the Router identifier of the neighbor. • encrypt — Use MD5 Encryption for an OSPF Virtual Link. • key — Authentication key for the specified interface.
2CSNXXX_SWUM204.book Page 1729 Monday, January 25, 2016 1:25 PM area virtual-link dead-interval Use the area virtual-link dead-interval command in Router OSPF Configuration mode to configure the dead interval for the OSPF virtual interface on the virtual interface identified by area-id and neighbor router. Use the no form of the command to return the dead interval to the default value.
2CSNXXX_SWUM204.book Page 1730 Monday, January 25, 2016 1:25 PM area virtual-link hello-interval Use the area virtual-link hello-interval command in Router OSPF Configuration mode to configure the hello interval for the OSPF virtual interface on the virtual interface identified by the area ID and neighbor ID. Use the no form of the command to return the hello interval to the default value.
2CSNXXX_SWUM204.book Page 1731 Monday, January 25, 2016 1:25 PM area virtual-link retransmit-interval Use the area virtual-link retransmit-interval command in Router OSPF Configuration mode to configure the retransmit interval for the OSPF virtual interface on the virtual interface identified by the area ID and neighbor ID. Use the no form of the command to return the retransmit interval to the default value.
2CSNXXX_SWUM204.book Page 1732 Monday, January 25, 2016 1:25 PM area virtual-link transmit-delay Use the area virtual-link transmit-delay command in Router OSPF Configuration mode to configure the transmit delay for the OSPF virtual interface identified by the area ID and neighbor ID. Use the no form of the command to return the transmit delay to the default value.
2CSNXXX_SWUM204.book Page 1733 Monday, January 25, 2016 1:25 PM bandwidth is defined by the “bandwidth” command. Because the default reference bandwidth is 100 Mbps, OSPF uses the same default link cost for all interfaces whose bandwidth is 100 Mbps or greater. To change the reference bandwidth, use the auto-cost command, specifying the reference bandwidth in megabits per second. The different reference bandwidth can be independently configured for OSPFv2 and OSPFv3.
2CSNXXX_SWUM204.book Page 1734 Monday, January 25, 2016 1:25 PM Syntax bandwidth bw • bw — Interface bandwidth in Kbps (Range: 1–10000000). Default Configuration The default reference bandwidth is 10 Mbps Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command. Example The following example configures the interface bandwidth to 500000 Kbps.
2CSNXXX_SWUM204.book Page 1735 Monday, January 25, 2016 1:25 PM User Guidelines BFD processing notifies OSPF of layer 3 connectivity issues with the peer. The interface must be a VLAN interface enabled for routing. BFD event notification must also be enabled in VLAN interface mode in order for processing of BFD events to occur. Command History Introduced in version 6.3.0.1 firmware.
2CSNXXX_SWUM204.book Page 1736 Monday, January 25, 2016 1:25 PM User Guidelines There are no user guidelines for this command. Example console(config-router)#capability opaque clear ip ospf Use the clear ip ospf command to reset specific OSPF states. If no parameters are specified, OSPF is disabled and then reenabled.
2CSNXXX_SWUM204.book Page 1737 Monday, January 25, 2016 1:25 PM User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. Example The following example shows the options for the clear ip ospf command. console#clear ip ospf ? Press enter to execute the command.
2CSNXXX_SWUM204.book Page 1738 Monday, January 25, 2016 1:25 PM The VRF identified in the parameter must have been previously created or an error is returned. compatible rfc1583 Use the compatible rfc1583 command in Router OSPF Configuration mode to enable OSPF 1583 compatibility. Use the no form of the command to disable it. Syntax compatible rfc1583 no compatible rfc1583 Syntax Description This command has no arguments or keywords. Default Configuration Compatible with RFC 1583.
2CSNXXX_SWUM204.book Page 1739 Monday, January 25, 2016 1:25 PM default-information originate (Router OSPF Configuration) Use the default-information originate command in Router OSPF Configuration mode to control the advertisement of default routes. Use the no form of the command to return the default route advertisement settings to the default value.
2CSNXXX_SWUM204.book Page 1740 Monday, January 25, 2016 1:25 PM Example The following example always advertises default routes. console(config-router)#default-information originate always metric 100 metric-type 1 default-metric Use the default-metric command in Router OSPF Configuration mode to set a default for the metric of distributed routes. Use the no form of the command to remove the metric from the distributed routes. If the area has not been previously created, it is created by this command.
2CSNXXX_SWUM204.book Page 1741 Monday, January 25, 2016 1:25 PM distance ospf The distance ospf command sets the preference values of OSPF route types in the router. Lower route preference values are preferred when determining the best route. The type of OSPF route can be intra, inter, external. All the external type routes are given the same preference value. Use the no form of this command to reset the preference values to the default.
2CSNXXX_SWUM204.book Page 1742 Monday, January 25, 2016 1:25 PM distribute-list out Use the distribute-list out command in Router OSPF Configuration mode to specify the access list to filter routes received from the source protocol. Use the no form of the command to remove the specified source protocol from the access list. Syntax distribute-list name out {rip | static \ connected} no distribute-list name out {rip | static \ connected} • name—The name used to identify an existing ACL.
2CSNXXX_SWUM204.book Page 1743 Monday, January 25, 2016 1:25 PM enable Use the enable command in Router OSPF Configuration mode to set the administrative mode of OSPF in the router (active). OSPF is now globally enabled using the router ospf command. Use the no form of the command to disable the administrative mode for OSPF. Syntax enable no enable Default Configuration Enabled is the default configuration. Command Mode Router OSPF Configuration mode.
2CSNXXX_SWUM204.book Page 1744 Monday, January 25, 2016 1:25 PM Syntax exit-overflow-interval seconds no exit-overflow-interval • seconds — Number of seconds after entering overflow state that a router will wait before attempting to leave the overflow state. (Range: 0–2147483647) Default Configuration 0 seconds is the default configuration. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 1745 Monday, January 25, 2016 1:25 PM Default Configuration -1 is the default configuration. Command Mode Router OSPF Configuration mode. User Guidelines The external LSDB limit MUST be set identically in all routers attached to the OSPF backbone and/or any regular OSPF area. Example The following example configures the external LSDB limit for OSPF with the number of non-default AS-external-LSAs set at 20.
2CSNXXX_SWUM204.book Page 1746 Monday, January 25, 2016 1:25 PM User Guidelines There are no user guidelines for this command. Example console(config-if-vlan1)#ip ospf area 192.168.1.10 console(config-if-vlan1)#ip ospf area 3232235786 ip ospf authentication Use the ip ospf authentication command in the Interface Configuration mode to set the OSPF Authentication Type and Key for the specified interface. Use the no form of the command to return the authentication type to the default value.
2CSNXXX_SWUM204.book Page 1747 Monday, January 25, 2016 1:25 PM Example The following example sets the OSPF Authentication Type and Key for VLAN 15. console(config-if-vlan15)#ip ospf authentication encrypt test123 100 ip ospf cost Use the ip ospf cost command in Interface Configuration mode to configure the cost on an OSPF interface. Use the no form of the command to return the cost to the default value.
2CSNXXX_SWUM204.book Page 1748 Monday, January 25, 2016 1:25 PM Syntax ip ospf database-filter all out no ip ospf database-filter all out Default Configuration By default, LSAs are flooded on all interfaces in a routed VLAN. Command Mode Interface Configuration mode User Guidelines This command is only applicable to OSPFv2 routing configurations. ip ospf dead-interval Use the ip ospf dead-interval command in Interface Configuration to set the OSPF dead interval for the specified interface.
2CSNXXX_SWUM204.book Page 1749 Monday, January 25, 2016 1:25 PM User Guidelines The value for the length of time must be the same for all routers attached to a common network. This value should be some multiple of the Hello Interval (i.e., 4). Example The following example sets the dead interval at 30 seconds.
2CSNXXX_SWUM204.book Page 1750 Monday, January 25, 2016 1:25 PM ip ospf mtu-ignore Use the ip ospf mtu-ignore command in Interface Configuration mode to disable OSPF maximum transmission unit (MTU) mismatch detection. OSPF Database Description packets specify the size of the largest IP packet that can be sent without fragmentation on the interface. When a router receives a Database Description packet, it examines the MTU advertised by the neighbor.
2CSNXXX_SWUM204.book Page 1751 Monday, January 25, 2016 1:25 PM Syntax ip ospf network {broadcast | point-to-point} no ip ospf network • broadcast — Set the network type to broadcast. • point-to-point — Set the network type to point-to-point Default Configuration Interfaces operate in broadcast mode by default. Command Mode Interface Configuration (VLAN) mode. User Guidelines OSPF treats interfaces as broadcast interfaces by default.
2CSNXXX_SWUM204.book Page 1752 Monday, January 25, 2016 1:25 PM no ip ospf priority • number-value — Specifies the OSPF priority for the specified router interface. (Range: 0–255) Default Configuration 1 is the default integer value. Command Mode Interface Configuration (VLAN) mode. User Guidelines A value of 1 is the highest router priority. A value of 0 indicates that the interface is not eligible to become the designated router on this network.
2CSNXXX_SWUM204.book Page 1753 Monday, January 25, 2016 1:25 PM Command Mode Interface Configuration (VLAN) mode. User Guidelines A value of 1 is the highest router priority. A value of 0 indicates that the interface is not eligible to become the designated router on this network. Example The following example sets the OSPF retransmit Interval for VLAN 15 at 50 seconds.
2CSNXXX_SWUM204.book Page 1754 Monday, January 25, 2016 1:25 PM Example The following example sets the OSPF Transit Delay for VLAN 15 at 20 seconds. console(config-if-vlan1)#ip ospf transmit-delay 20 log adjacency-changes Use the log adjacency-changes command in OSPFv2 Router Configuration mode to enable logging of OSPFv2 neighbor state changes. Use the no form of the command to disable state change logging.
2CSNXXX_SWUM204.book Page 1755 Monday, January 25, 2016 1:25 PM Syntax max-metric router-lsa [on-startup seconds] [summary-lsa {metric}] no max-metric router-lsa [on-startup] [summary-lsa] • on-startup—(Optional) OSPF starts in stub router mode after a reboot. • seconds—(Required if on-startup) The number of seconds that OSPF remains in stub router mode after a reboot. The range is 5 to 86,400 seconds. There is no default value.
2CSNXXX_SWUM204.book Page 1756 Monday, January 25, 2016 1:25 PM If the router is configured to enter stub router mode on startup (max-metric router-lsa on-startup), and one then enters max-metric router lsa, there is no change.
2CSNXXX_SWUM204.book Page 1757 Monday, January 25, 2016 1:25 PM User Guidelines OSPF is only enabled on an interface if the primary IPv4 address on the interface matches a network area range. Any individual interface can only be attached to a single area. If an interface address matches multiple network area ranges, the interface is assigned to the area for the first matching range. If the ip ospf area command is given for an interface, it overrides any matching network area command.
2CSNXXX_SWUM204.book Page 1758 Monday, January 25, 2016 1:25 PM Command Mode Router OSPF Configuration mode. User Guidelines OSPF is only enabled on an interface if the primary IPv4 address on the interface matches a network area range. Any individual interface can only be attached to a single area. If an interface address matches multiple network area ranges, the interface is assigned to the area for the first matching range.
2CSNXXX_SWUM204.book Page 1759 Monday, January 25, 2016 1:25 PM Default Configuration Graceful restart is disabled by default Command Mode Router OSPF Configuration mode User Guidelines Graceful restart works in concert with nonstop forwarding to enable the hardware to continue forwarding IPv4 packets using OSPFv2 routes while a backup unit takes over management unit responsibility.
2CSNXXX_SWUM204.book Page 1760 Monday, January 25, 2016 1:25 PM Command Mode Router OSPF Configuration mode User Guidelines The grace LSA announcing the graceful restart includes a restart reason. Reasons 1 (software restart) and 2 (software reload/upgrade) are considered planned restarts. Reasons 0 (unknown) and 3 (switch to redundant control processor) are considered unplanned restarts. nsf ietf helper disable is functionally equivalent to no nsf helper and is supported solely for IS CLI compatibility.
2CSNXXX_SWUM204.book Page 1761 Monday, January 25, 2016 1:25 PM until the graceful restart completes. By exiting the graceful restart on a topology change, a router tries to eliminate the loops or black holes as quickly as possible by routing around the restarting router. A helpful neighbor considers a link down with the restarting router to be a topology change, regardless of the strict LSA checking configuration.
2CSNXXX_SWUM204.book Page 1762 Monday, January 25, 2016 1:25 PM passive-interface default The passive-interface default command enables the global passive mode by default for all interfaces. It overrides any interface level passive mode. Use the “no” form of this command to disable the global passive mode by default for all interfaces. Any interface previously configured to be passive reverts to nonpassive mode.
2CSNXXX_SWUM204.book Page 1763 Monday, January 25, 2016 1:25 PM Default Configuration Passive interface mode is disabled by default. Command Mode Router OSPF Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-router)#passive-interface vlan 1 redistribute (OSPF) Use the redistribute command in Router OSPF Configuration mode to configure OSPF protocol to allow redistribution of routes from the specified source protocol/routers.
2CSNXXX_SWUM204.book Page 1764 Monday, January 25, 2016 1:25 PM – Type 1 external route. – Type 2 external route. • tag-value—Inserts the specified tag value into redistributed routes.(Range: 0–4294967295) • subnets—Specifies whether to redistribute the routes to subnets. Default Configuration The default tag value is 0. There is no default metric or route map configured. Command Mode Router OSPF Configuration mode, Router BGP Configuration mode. Router RIP Configuration mode.
2CSNXXX_SWUM204.book Page 1765 Monday, January 25, 2016 1:25 PM Syntax router-id router-id • router-id— A 32-bit interface (in IPv4 address format) that uniquely identifies the router ID. Default Configuration There is no default router ID. Command Mode Router OSPF Configuration mode. User Guidelines The router-id must be set in order for OSPF to become operationally enabled.
2CSNXXX_SWUM204.book Page 1766 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration mode. User Guidelines The command prompt changes when the router ospf command executes. The VRF identified in the parameter must have been previously created or an error is returned. This command is only available on the N3000/N4000 switches. IPv4 OSPF is the only routing protocol currently implemented for VRFs.
2CSNXXX_SWUM204.book Page 1767 Monday, January 25, 2016 1:25 PM Command Mode User EXEC, Privileged EXEC modes, Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000/N4000 series switches. Some of the information below displays only if you enable OSPF and configure certain features.
2CSNXXX_SWUM204.book Page 1768 Monday, January 25, 2016 1:25 PM LSA Refresh Group Pacing Time The size of the LSA refresh group window, in seconds. This is the value configured with the timers pacing lsa-group command. Opaque Capability Shows whether router is capable of sending Opaque LSAs. AutoCost Ref BW The configured autocost reference bandwidth. This value is used to determine the OSPF metric on its interfaces. The reference bandwidth is divided by the interface speed to compute the metric.
2CSNXXX_SWUM204.book Page 1769 Monday, January 25, 2016 1:25 PM ASBR Status Indicates whether the router is an autonomous system border router. Router automatically becomes an ASBR when it is configured to redistribute routes learned from another protocol. The possible values for the ASBR status is enabled (if the router is configured to redistribute routes learned by other protocols) or disabled (if the router is not configured for the same). Stub Router Status One of Active or Active.
2CSNXXX_SWUM204.book Page 1770 Monday, January 25, 2016 1:25 PM Maximum Number The maximum number of entries that can be on neighbors’ of Retransmit retransmit lists at any given time. This is the sum for all Entries neighbors. When OSPF receives an LSA and cannot allocate a new retransmit list entry, the router does not acknowledge the LSA, expecting the sender to retransmit.
2CSNXXX_SWUM204.book Page 1771 Monday, January 25, 2016 1:25 PM console#show ip ospf Router ID................................ OSPF Admin Mode.......................... RFC 1583 Compatibility................... External LSDB Limit...................... Exit Overflow Interval................... Spf Delay Time........................... Spf Hold Time............................ Opaque Capability........................ AutoCost Ref BW.......................... Default Passive Setting..................
2CSNXXX_SWUM204.book Page 1772 Monday, January 25, 2016 1:25 PM NSF NSF NSF NSF Restart Age....................... Restart Exit Reason............... Helper Support.................... Helper Strict LSA Checking........ 0 seconds Not Attempted Always Enabled Example #2 The following example displays the length of the global flood queue for LSAs with AS flooding scope and for stub router configuration. Also displayed are the values of the LSA pacing configuration parameters.
2CSNXXX_SWUM204.book Page 1773 Monday, January 25, 2016 1:25 PM AS_OPAQUE LSA Count............................ AS_OPAQUE LSA Checksum......................... New LSAs Originated............................ LSAs Received.................................. LSA Count...................................... Maximum Number of LSAs......................... LSA High Water Mark............................ AS Scope LSA Flood List Length................. Retransmit List Entries........................
2CSNXXX_SWUM204.book Page 1774 Monday, January 25, 2016 1:25 PM ----- --------INTRA 3.3.3.3 INTRA 4.4.4.4 ----- --------------- --------1 0.0.0.1 10.1.23.3 10 0.0.0.1 10.1.24.4 Intf -------vlan11 vlan12 show ip ospf area Use the show ip ospf area command in Privileged EXEC mode to display information about the identified OSPF area. Syntax show ip ospf area area-id [vrf vrf-name] • area-id —Identifies the OSPF area whose ranges are being displayed.
2CSNXXX_SWUM204.book Page 1775 Monday, January 25, 2016 1:25 PM Area LSA Checksum.............................. 0 Import Summary LSAs............................ Enable Example #2 console#show ip ospf area 20 AreaID......................................... External Routing............................... Spf Runs....................................... Area Border Router Count....................... Area LSA Count................................. Area LSA Checksum..............................
2CSNXXX_SWUM204.book Page 1776 Monday, January 25, 2016 1:25 PM Syntax show ip ospf asbr [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1777 Monday, January 25, 2016 1:25 PM • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. • area-id — Identifies a specific OSPF area for which link state database information will be displayed. • asbr-summary — Display the autonomous system boundary router (ASBR) summary LSAs. • external — Display the external LSAs. • network — Display the network LSAs.
2CSNXXX_SWUM204.book Page 1778 Monday, January 25, 2016 1:25 PM Example The following example displays information about the link state database when OSPF is enabled. console#show ip ospf database Router Link States (Area 0.0.0.0) Link Id --------------5.2.0.0 5.2.0.0 20.20.20.20 Adv Router --------------0.0.0.0 5.2.0.0 20.20.20.
2CSNXXX_SWUM204.book Page 1779 Monday, January 25, 2016 1:25 PM Link Id Adv Router Age Sequence Chksm Options Rtr Opt --------------- --------------- ----- -------- ------ ------- ----5.2.0.0 0.0.0.0 1362 80000005 e166 ------ AS External States Link Id Adv Router Age Sequence Chksm Options Rtr Opt --------------- --------------- ----- -------- ------ ------- ----6.0.0.0 5.2.0.
2CSNXXX_SWUM204.book Page 1780 Monday, January 25, 2016 1:25 PM User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000/N4000 series switches. The following fields are displayed: Field Description Router Shows Total number of router LSAs in the OSPF link state database. Network Shows Total number of network LSAs in the OSPF link state database.
2CSNXXX_SWUM204.book Page 1781 Monday, January 25, 2016 1:25 PM Opaque Link.................................... Opaque Area.................................... Subtotal....................................... Area 0.0.0.10 database summary Router......................................... Network........................................ Summary Net.................................... Summary ASBR................................... Type-7 Ext..................................... Self Originated Type-7..........
2CSNXXX_SWUM204.book Page 1782 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example #1 The following example displays the information for the IFO object or virtual interface tables associated with VLAN 10. console#show ip ospf interface vlan 10 IP Address..................................... Subnet Mask.
2CSNXXX_SWUM204.book Page 1783 Monday, January 25, 2016 1:25 PM IP Address........................... Subnet Mask.......................... Secondary IP Address(es)............. OSPF Admin Mode...................... OSPF Area ID......................... OSPF Network Type.................... Router Priority...................... Retransmit Interval.................. Hello Interval....................... Dead Interval........................ LSA Ack Interval..................... Transmit Delay...............
2CSNXXX_SWUM204.book Page 1784 Monday, January 25, 2016 1:25 PM User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000/N4000 series switches. Example The following example displays brief information for the IFO object or virtual interface tables. console#show ip ospf interface brief Admin Interface Mode ------------ -------Vl10 Enable Vl20 Enable Vl100 Enable loopback 1 Enable Router Area ID Prior.
2CSNXXX_SWUM204.book Page 1785 Monday, January 25, 2016 1:25 PM Example The following example displays the ospf statistics for VLAN 15. console>show ip ospf interface stats vlan 15 OSPF Area ID....................................... 0.0.0.0 Area Border Router Count................................. 0 AS Border Router Count................................... 0 Area LSA Count........................................... 1 IP Address......................................... 2.2.2.2 OSPF Interface Events.........
2CSNXXX_SWUM204.book Page 1786 Monday, January 25, 2016 1:25 PM Average LSAs per group The number of self-originated LSAs divided by the number of LSA groups. The number of LSA groups is the refresh interval (1800 seconds) divided by the pacing interval (configured with timers pacing lsa-group) plus two. Pacing group limit The maximum number of self-originated LSAs in one LSA group.
2CSNXXX_SWUM204.book Page 1787 Monday, January 25, 2016 1:25 PM 1080 1140 1200 1260 1139 1199 1259 1319 94 115 110 111 show ip ospf neighbor Use the show ip ospf neighbor command in Privileged EXEC mode to display locally derived information about OSPF neighbors. The information below only displays if OSPF is enabled and the interface has a neighbor.
2CSNXXX_SWUM204.book Page 1788 Monday, January 25, 2016 1:25 PM Field Description Interface The name of the interface on which the adjacency is formed. Neighbor IP Address The IPv4 address on the neighbor's interface used to form the adjacency. Interface Index The SNMP interface index. Area Id The OSPF area in which the adjacency is formed. Options The options advertised by the neighbor. Router Priority The router priority advertised by the neighbor.
2CSNXXX_SWUM204.book Page 1789 Monday, January 25, 2016 1:25 PM Field Description Restart Helper Exit Reason One of the following values: • Restart Reason — When the router is in helpful neighbor mode, the output includes the restart reason the restarting router sent in its grace LSA. The Restart Reason is the value in the Graceful Restart Reason TLV in the grace LSA sent by the restarting router.
2CSNXXX_SWUM204.book Page 1790 Monday, January 25, 2016 1:25 PM console#show ip ospf neighbor 3.3.3.3 Interface...................................... 0/25 Neighbor IP Address............................ 172.20.25.3 Interface Index................................ 25 Area Id........................................ 0.0.0.0 Options........................................ 0x2 Router Priority................................ 1 Dead timer due in (secs)....................... 10 Up Time.............................
2CSNXXX_SWUM204.book Page 1791 Monday, January 25, 2016 1:25 PM The VRF parameter is only available on the N3000/N4000 series switches. The following information is displayed. Field • Description • Prefix The summary prefix. Subnet Mask The subnetwork mask of the summary prefix. Type S (Summary Link) or E (External Link) Action Advertise or Suppress Cost Metric to be advertised when the range is active. If a static cost is not configured, the field displays Auto.
2CSNXXX_SWUM204.book Page 1792 Monday, January 25, 2016 1:25 PM • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default configuration. Command Mode User EXEC, Privileged EXEC modes, Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned.
2CSNXXX_SWUM204.book Page 1793 Monday, January 25, 2016 1:25 PM Reason The event or events that triggered the SPF. Reasons may include the following: • R – New router LSA • N – New network LSA • SN –New network summary LSA • SA – New ASBR summary LSA • X – New external LSA Example console# show ip ospf statistics Area 0.0.0.
2CSNXXX_SWUM204.book Page 1794 Monday, January 25, 2016 1:25 PM • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned.
2CSNXXX_SWUM204.book Page 1795 Monday, January 25, 2016 1:25 PM • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default setting. Command Mode Privileged EXEC mode User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000/N4000 series switches.
2CSNXXX_SWUM204.book Page 1796 Monday, January 25, 2016 1:25 PM Example console# show ip ospf traffic Time Since Counters Cleared: 4000 seconds OSPFv2 Packet Statistics Recd: Sent: Hello 500 400 Database Desc 10 8 LS Request 20 16 LS Update 50 40 LS ACK 20 16 Total 600 480 LSAs Retransmitted................0 LS Update Max Receive Rate........20 pps LS Update Max Send Rate...........10 pps Number of LSAs Received T1 (Router).......................10 T2 (Network)......................
2CSNXXX_SWUM204.book Page 1797 Monday, January 25, 2016 1:25 PM • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. • area-id — Identifies the OSPF area whose ranges are being displayed. (Range: IP address or decimal from 0–4294967295) • neighbor-id — Identifies the neighbor’s router ID. (Range: Valid IP address) Default Configuration Show information for all OSPF Virtual Interfaces.
2CSNXXX_SWUM204.book Page 1798 Monday, January 25, 2016 1:25 PM show ip ospf virtual-links brief Use the show ip ospf virtual-link brief command in Privileged EXEC mode to display the OSPF Virtual Interface information for all areas in the system in table format. Syntax show ip ospf virtual-link brief Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1799 Monday, January 25, 2016 1:25 PM no timers pacing flood • milliseconds—The average time between transmission of LS Update packets. The range is from 5 ms to 100 ms. The default is 33 ms. Default Configuration The default pacing between LS Update packets is 33 ms. Command Mode OSPFv2 Global Configuration mode User Guidelines OSPF distributes routing information in Link State Advertisements (LSAs), which are bundled into Link State Update (LS Update) packets.
2CSNXXX_SWUM204.book Page 1800 Monday, January 25, 2016 1:25 PM User Guidelines OSPF refreshes self-originated LSAs approximately once every 30 minutes. When OSPF refreshes LSAs, it considers all self-originated LSAs whose age is from 1800 to 1800 plus the pacing group size. Grouping LSAs for refresh allows OSPF to combine refreshed LSAs into a minimal number of LS Update packets. Minimizing the number of Update packets makes LSA distribution more efficient.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1802 Monday, January 25, 2016 1:25 PM OSPFv3 Commands Dell Networking N3000/N4000 Series Switches The Dell Network N1500/N2000 series supports limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1804 Monday, January 25, 2016 1:25 PM Example The following example configures the monetary default cost at 100 for stub area 1. console(config)#ipv6 router ospf console(config-rtr)#area 1 default-cost 100 area nssa (Router OSPFv3) Use the area nssa command in Router OSPF Configuration mode to configure the specified area ID to function as an NSSA. If the area has not been previously created, this command creates the area and then applies the NSSA distinction.
2CSNXXX_SWUM204.book Page 1805 Monday, January 25, 2016 1:25 PM • interval—The period of time that an elected translator continues to perform its duties after it determines that its translator status has been deposed by another router. (Range: 0–3600) Default Configuration If no metric is defined, 10 is the default configuration. The default role is candidate. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 1806 Monday, January 25, 2016 1:25 PM Syntax area areaid nssa default-info-originate [metric [comparable | noncomparable]] no area areaid nssa default-info-originate • areaid — Valid OSPFv3 area identifier. • metric — Metric value for default route. (Range: 1-16777214) • comparable — Metric Type (nssa-external 1). • non-comparable — Metric Type (nssa-external 2). Default Configuration If no metric is defined, 10 is the default configuration.
2CSNXXX_SWUM204.book Page 1807 Monday, January 25, 2016 1:25 PM • areaid — Valid OSPF area identifier. Default Configuration This command has no default configuration. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the area 1 NSSA ABR so that learned external routes will not be redistributed to the NSSA.
2CSNXXX_SWUM204.book Page 1808 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example The following example configures the area 1 NSSA so that summary LSAs are not advertised into the NSSA. console(config)#ipv6 router ospf console(config-rtr)#area 1 nssa no-summary area nssa translator-role Use the area nssa translator-role command in Router OSPFv3 Configuration mode to configure the translator role of the NSSA.
2CSNXXX_SWUM204.book Page 1809 Monday, January 25, 2016 1:25 PM Example The following example configures the always translator role of the area 1 NSSA. console(config)#ipv6 router ospf console(config-rtr)#area 1 nssa translator-role always area nssa translator-stab-intv Use the area nssa translator-stab-intv command in Router OSPFv3 Configuration mode to configure the translator stability interval of the NSSA.
2CSNXXX_SWUM204.book Page 1810 Monday, January 25, 2016 1:25 PM area range (Router OSPFv3) Use the area range command in Router OSPF Configuration mode to configure a summary prefix for routes learned in a given area. If the area has not been previously created, this command creates the area and then applies the range parameters. There are two types of area ranges. An area range can be configured to summarize intra-area routes.
2CSNXXX_SWUM204.book Page 1811 Monday, January 25, 2016 1:25 PM Example The following example creates an area range for the area 1 NSSA. console(config)#ipv6 router ospf console(config-rtr)#area 1 range 2020:1::1/64 summarylink area stub Use the area stub command in Router OSPFv3 Configuration mode to create a stub area for the specified area ID. If the area has not been previously created, this command creates the area and then applies the stub distinction.
2CSNXXX_SWUM204.book Page 1812 Monday, January 25, 2016 1:25 PM area stub no-summary Use the area stub no-summary command in Router OSPFv3 Configuration mode disable the import of Summary LSAs for the stub area identified by area-id. Syntax area area-id stub no-summary no area area-id stub no-summary • area-id — Valid OSPFv3 area identifier. • so-summary — Disable the import of Summary LSAs for the stub area identified by area-id. Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1813 Monday, January 25, 2016 1:25 PM Syntax area area-id virtual-link router-id [hello-interval seconds] [retransmitinterval seconds] [transmit-delay seconds] [dead-interval seconds] no area area-id virtual-link router-id id [hello-interval] [retransmit-interval] [transmit-delay] [dead-interval] • area-id—Valid OSPFv3 area identifier (or decimal value in the range of 04294967295). • router-id—Identifies the Router ID or valid IP address of the neighbor.
2CSNXXX_SWUM204.book Page 1814 Monday, January 25, 2016 1:25 PM Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example creates the OSPF virtual interface for area 1 and its neighbor router.
2CSNXXX_SWUM204.book Page 1815 Monday, January 25, 2016 1:25 PM Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures a 20-second dead interval for the OSPF virtual interface on the virtual interface identified by area 1 and its neighbor.
2CSNXXX_SWUM204.book Page 1816 Monday, January 25, 2016 1:25 PM Example The following example configures a hello interval of 20 seconds for the OSPF virtual interface on the virtual interface identified by area 1 and its neighbor.
2CSNXXX_SWUM204.book Page 1817 Monday, January 25, 2016 1:25 PM area virtual-link transmit-delay Use the area virtual-link transmit-delay command in Router OSPFv3 Configuration mode to configure the transmit delay for the OSPF virtual interface on the virtual interface identified by areaid and neighbor. Syntax area areaid virtual-link neighbor transmit-delay seconds no area areaid virtual-link neighbor transmit-delay • areaid — Valid OSPFv3 area identifier. • neighbor — Router ID of neighbor.
2CSNXXX_SWUM204.book Page 1818 Monday, January 25, 2016 1:25 PM Syntax default-information originate [always] [metric metric-value] [metric-type type-value] no default-information originate [metric] [metric-type] • always—Always advertise default routes. • metric-value— • type-value—The metric (or preference) value of the default route. (Range: 1–16777214) • One of the following: 1 External type-1 route. 2 External type-2 route.
2CSNXXX_SWUM204.book Page 1819 Monday, January 25, 2016 1:25 PM Syntax default-metric metric-value no default-metric • metric-value — The metric (or preference) value of the default route. (Range: 1–16777214) Default Configuration This command has no default configuration. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example sets a default of 100 for the metric of distributed routes.
2CSNXXX_SWUM204.book Page 1820 Monday, January 25, 2016 1:25 PM Default Configuration The default preference value is 110. Command Mode Router OSPF Configuration mode. Router OSPFv3 Configuration mode. User Guidelines There are no user guidelines for this command. Example The following example sets a route preference value of 100 for intra OSPF in the router.
2CSNXXX_SWUM204.book Page 1821 Monday, January 25, 2016 1:25 PM Example The following example enables administrative mode of OSPF in the router (active). console(config)#ipv6 router ospf console(config-rtr)#enable exit-overflow-interval Use the exit-overflow-interval command in Router OSPFv3 Configuration mode to configure the exit overflow interval for OSPF. It describes the number of seconds after entering Overflow state that a router will wait before attempting to leave the Overflow State.
2CSNXXX_SWUM204.book Page 1822 Monday, January 25, 2016 1:25 PM external-lsdb-limit Use the external-lsdb-limit command in Router OSPFv3 Configuration mode to configure the external LSDB limit for OSPF. If the value is -1, then there is no limit. When the number of non-default AS-external-LSAs in a router's link-state database reaches the external LSDB limit, the router enters overflow state. The router never holds more than the external LSDB limit non-default AS-external- LSAs in it database.
2CSNXXX_SWUM204.book Page 1823 Monday, January 25, 2016 1:25 PM Syntax ipv6 ospf no ipv6 ospf Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Example The following example enables OSPF on VLAN 15.
2CSNXXX_SWUM204.book Page 1824 Monday, January 25, 2016 1:25 PM Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode. User Guidelines This command has no user guidelines. Example The following example defines the OSPF area to which VLAN 15 belongs. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf area 100 ipv6 ospf cost Use the ipv6 ospf cost command in Interface Configuration mode to configure the cost on an OSPF interface.
2CSNXXX_SWUM204.book Page 1825 Monday, January 25, 2016 1:25 PM console(config-if-vlan15)#ipv6 ospf cost 100 ipv6 ospf dead-interval Use the ipv6 ospf dead-interval command in Interface Configuration mode to set the OSPF dead interval for the specified interface.
2CSNXXX_SWUM204.book Page 1826 Monday, January 25, 2016 1:25 PM Syntax ipv6 ospf hello-interval seconds no ipv6 ospf hello-interval • seconds — A valid positive integer which represents the length of time of the OSPF hello interval. The value must be the same for all routers attached to a network. (Range: 1-65535 seconds) Default Configuration 10 seconds is the default value of seconds. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode.
2CSNXXX_SWUM204.book Page 1827 Monday, January 25, 2016 1:25 PM Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode. User Guidelines OSPF Database Description packets specify the size of the largest IP packet that can be sent without fragmentation on the interface. When a router receives a Database Description packet, it examines the MTU advertised by the neighbor.
2CSNXXX_SWUM204.book Page 1828 Monday, January 25, 2016 1:25 PM User Guidelines Normally, the network type is determined from the physical IP network type. By default all Ethernet networks are OSPF-type broadcast. Similarly, tunnel interfaces default to point-to-point. When an Ethernet port is used as a single large bandwidth IP network between two routers, the network type can be point-to-point since there are only two routers.
2CSNXXX_SWUM204.book Page 1829 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example The following example sets the OSPF priority at 50 for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf priority 50 ipv6 ospf retransmit-interval Use the ipv6 ospf retransmit-interval command in Interface Configuration mode to set the OSPF retransmit interval for the specified interface.
2CSNXXX_SWUM204.book Page 1830 Monday, January 25, 2016 1:25 PM ipv6 ospf transmit-delay Use the ipv6 ospf transmit-delay command in Interface Configuration mode to set the OSPF Transmit Delay for the specified interface. Syntax ipv6 ospf transmit-delay seconds no ipv6 ospf transmit-delay • seconds — OSPF transmit delay for the specified interface. In addition, it sets the estimated number of seconds it takes to transmit a link state update packet over this interface.
2CSNXXX_SWUM204.book Page 1831 Monday, January 25, 2016 1:25 PM no ipv6 router ospf Default Configuration This command has no default configuration. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example Use the following command to enable OSPFv3. console(config)#ipv6 router ospf maximum-paths Use the maximum-paths command in Router OSPFv3 Configuration mode to set the number of paths that OSPF can report for a given destination.
2CSNXXX_SWUM204.book Page 1832 Monday, January 25, 2016 1:25 PM Example The following example sets the number of paths that OSPF can report for a destination to 1. console(config)#ipv6 router ospf console(config-rtr)#maximum-paths 1 nsf Use this command to enable OSPF graceful restart. Use the no form of this command to disable graceful restart.
2CSNXXX_SWUM204.book Page 1833 Monday, January 25, 2016 1:25 PM everything that goes with that (i.e., flooding of LSAs, SPF runs). Helpful neighbors continue to forward packets through the restarting router. The restarting router relearns the network topology from its helpful neighbors. This implementation of graceful restart restarting router behavior is only useful with a router stack. Graceful restart does not work on a standalone, single-unit router.
2CSNXXX_SWUM204.book Page 1834 Monday, January 25, 2016 1:25 PM nsf helper strict-lsa-checking Use the nsf-helper strict-lsa-checking command to require that an OSPF helpful neighbor exit helper mode whenever a topology change occurs. Use the “no” form of this command to allow OSPF to continue as a helpful neighbor in spite of topology changes.
2CSNXXX_SWUM204.book Page 1835 Monday, January 25, 2016 1:25 PM Syntax nsf [ietf] restart-interval seconds no nsf [ietf] restart-interval • ietf — This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations. Since the IETF implementation is the only one supported, this keyword is optional. • seconds — The number of seconds that the restarting router asks its neighbors to wait before exiting helper mode.
2CSNXXX_SWUM204.book Page 1836 Monday, January 25, 2016 1:25 PM Default Configuration Passive interface mode is disabled by default. Command Mode Router OSPFv3 Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-router)#passive-interface vlan 1 passive-interface default The passive-interface default command enables the global passive mode by default for all interfaces. It overrides any interface level passive mode.
2CSNXXX_SWUM204.book Page 1837 Monday, January 25, 2016 1:25 PM redistribute (OSPFv3) Use the redistribute command in Router OSPFv3 Configuration mode to configure the OSPFv3 protocol to allow redistribution of routes from the specified sources. Syntax redistribute protocol [metric metric-value] [tag tag-value] [route-map routetag] no redistribute protocol • protocol —One of the following: – static—Specifies that static routes are to be redistributed.
2CSNXXX_SWUM204.book Page 1838 Monday, January 25, 2016 1:25 PM Example The following example configures the OSPFv3 protocol to allow redistribution of routes to connected devices. console(config)#ipv6 router ospf console(config-rtr)#redistribute connected router-id Use the router-id command in Router OSPFv3 Configuration mode to set a 4-digit dotted-decimal number uniquely identifying the Router OSPF ID. Syntax router-id router-id • router-id — Router OSPF identifier.
2CSNXXX_SWUM204.book Page 1839 Monday, January 25, 2016 1:25 PM Syntax show ipv6 ospf [area-id] area-id — Identifier for the OSPF area being displayed. Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines Some of the information below displays only if you enable OSPF and configure certain features.
2CSNXXX_SWUM204.book Page 1840 Monday, January 25, 2016 1:25 PM Default Route Advertise When enabled, OSPF originates a type 5 LSA advertising a default route. Always When this option is configured, OSPF only originates a default route when the router has learned a default route from another source. Metric Shows the metric for the advertised default routes. If the metric is not configured, this field is not configured.
2CSNXXX_SWUM204.book Page 1841 Monday, January 25, 2016 1:25 PM LSAs Received Shows the number of link-state advertisements received determined to be new instantiations. LSA Count The number of LSAs in the link state database. Maximum Number The limit on the number of LSAs that the router can store in its of LSAs link state database. LSA High Water Mark The maximum number of LSAs that have been in the link state database since OSPF began operation.
2CSNXXX_SWUM204.book Page 1842 Monday, January 25, 2016 1:25 PM Source Shows source protocol/routes that are being redistributed. Possible values are static, connected, or RIP. Tag Shows the decimal value attached to each external route. Subnets When this option is not configured, OSPF will only redistribute classful prefixes. Distribute-List Shows the access list used to filter redistributed routes. Example The following example enables OSPF traps. console#show ipv6 ospf Router ID.................
2CSNXXX_SWUM204.book Page 1843 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode User Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show ipv6 ospf abr Type Router Id Cost Area ID ---INTRA INTRA Next Hop Next Hop Intf -------- ---- -------- ----------------------- ----3.3.3.3 10 0.0.0.1 FE80::211:88FF:FE2A:3CB3 vlan11 4.4.4.4 10 0.0.0.
2CSNXXX_SWUM204.book Page 1844 Monday, January 25, 2016 1:25 PM Example The following example displays information about area 1. console#show ipv6 ospf area 1 AreaID........................................ External Routing.............................. Spf Runs...................................... Area Border Router Count...................... Area LSA Count................................ Area LSA Checksum............................. Stub Mode..................................... Import Summary LSAs....
2CSNXXX_SWUM204.book Page 1845 Monday, January 25, 2016 1:25 PM show ipv6 ospf border-routers Use the show ipv6 ospf command to display internal OSPFv3 routes to reach Area Border Routers (ABR) and Autonomous System Boundary Routers (ASBR). This command takes no options. Syntax show ipv6 ospf border-routers Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1846 Monday, January 25, 2016 1:25 PM • prefix — Displays intra-area Prefix LSA. • router — Displays router LSAs. • unknown — Displays unknown area, AS or link-scope LSAs. • link-state-id — Specifies a valid link state identifier (LSID). • adv-router — Shows the LSAs that are restricted by the advertising router. • router-id — Specifies a valid router identifier. • self-originate — Displays the LSAs in that are self originated.
2CSNXXX_SWUM204.book Page 1847 Monday, January 25, 2016 1:25 PM 1.1.1.1 2.2.2.2 2 2 293 375 80000001 3529 80000001 FC5E Link States (Area 0.0.0.0) Adv Router Link Id Age Sequence -------------- --------------- ----- -------1.1.1.1 634 700 80000008 2.2.2.2 634 689 8000000A 2.2.2.2 635 590 80000001 Csum ---2D89 6F82 7782 Options Rtr Opt ------- ------V6E--RV6E--RV6E--R- Intra Prefix States (Area 0.0.0.
2CSNXXX_SWUM204.book Page 1848 Monday, January 25, 2016 1:25 PM show ipv6 ospf database database-summary Use the show ipv6 ospf database database-summary command in Privileged Exec mode to display the number of each type of LSA in the database and the total number of LSAs in the database. Syntax show ipv6 ospf database database-summary Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1849 Monday, January 25, 2016 1:25 PM show ipv6 ospf interface Use the show ipv6 ospf interface command in Privileged Exec mode to display the information for the IFO object or virtual interface tables. Syntax show ipv6 ospf interface [interface-type interface-number] • interface-type—The interface type, VLAN, tunnel or loopback • interface-number—The valid interface number, a valid VLAN ID, tunnel identifier (Range: 0–7) or loopback identifier (Range: 0–7).
2CSNXXX_SWUM204.book Page 1850 Monday, January 25, 2016 1:25 PM OSPF cannot be initialized on this interface. show ipv6 ospf interface brief Use the show ipv6 ospf interface brief command in Privileged Exec mode to display brief information for the IFO object or virtual interface tables. Syntax show ipv6 ospf interface brief Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1851 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode User Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the interface statistics for VLAN 5. console>show ipv6 ospf interface stats vlan 5 OSPFv3 Area ID................................. 0.0.0.1 Spf Runs.......................................
2CSNXXX_SWUM204.book Page 1852 Monday, January 25, 2016 1:25 PM show ipv6 ospf interface vlan Use the show ipv6 ospf interface vlan command in Privileged Exec mode to display OSPFv3 configuration and status information for a specific VLAN. Syntax show ipv6 ospf interface vlan {vlan-id | brief} • vlan-id — Valid VLAN ID. Range is 1-4093. • brief — Displays a snapshot of configured interfaces. Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1853 Monday, January 25, 2016 1:25 PM Number of Link Events.................... 46 show ipv6 ospf neighbor Use the show ipv6 ospf neighbor command in Privileged Exec mode to display information about OSPF neighbors. If a neighbor IP address is not specified, the output displays summary information in a table. If an interface or tunnel is specified, only the information for that interface or tunnel displays.
2CSNXXX_SWUM204.book Page 1854 Monday, January 25, 2016 1:25 PM console#show ipv6 ospf neighbor interface tunnel 1 IP Address..................................... 2.4.6.8 ifIndex........................................ 619 OSPF Admin Mode................................ Enable OSPF Area ID................................... 0.0.0.0 Router Priority................................ 1 Retransmit Interval............................ 5 Hello Interval................................. 10 Dead Interval.............
2CSNXXX_SWUM204.book Page 1855 Monday, January 25, 2016 1:25 PM --------- ------------------------- --------------- ------------- show ipv6 ospf stub table Use the show ipv6 ospf stub table command in Privileged Exec mode to display the OSPF stub table. The information below will only be displayed if OSPF is initialized on the switch. Syntax show ipv6 ospf stub table Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1856 Monday, January 25, 2016 1:25 PM • neighbor-id — Router ID of neighbor. Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the OSPF Virtual Interface information for area 1 and its neighbor. console#show ipv6 ospf virtual-link 1 1.1.1.1 Area ID.............................
2CSNXXX_SWUM204.book Page 1857 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the OSPF stub table.
2CSNXXX_SWUM204.book Page 1858 Monday, January 25, 2016 1:25 PM Router Discovery Protocol Commands Dell Networking N3000/N4000 Series Switches Routers can be configured to periodically send router discovery messages to announce their presence to locally attached hosts. The router discovery message advertises one or more IP addresses on the router that hosts can use as their default gateway.
2CSNXXX_SWUM204.book Page 1859 Monday, January 25, 2016 1:25 PM • multicast—Configure the address that the interface uses to send the router discovery advertisements to be 224.0.0.1, the all-hosts IP multicast address. Use the no form of the command to use 255.255.255.255, the limited broadcast address. • holdtime seconds—Integer value in seconds of the holdtime field of the router advertisement sent from this interface.
2CSNXXX_SWUM204.book Page 1860 Monday, January 25, 2016 1:25 PM Example The following example enables router discovery on the selected interface. console(config)#interface vlan 15 console(config-if-vlan15)#ip irdp ip irdp holdtime Use the ip irdp holdtime command in Interface Configuration mode to configure the value, in seconds, of the holdtime field of the router advertisement sent from this interface. Use the no form of the command to set the time to the default value.
2CSNXXX_SWUM204.book Page 1861 Monday, January 25, 2016 1:25 PM ip irdp maxadvertinterval Use the ip irdp maxadvertinterval command in Interface Configuration mode to configure the maximum time, in seconds, allowed between sending router advertisements from the interface. Use the no form of the command to set the time to the default value.
2CSNXXX_SWUM204.book Page 1862 Monday, January 25, 2016 1:25 PM console(config-if-vlan15)#ip irdp maxadvertinterval 600 ip irdp minadvertinterval Use the ip irdp minadvertinterval command in Interface Configuration mode to configure the minimum time, in seconds, allowed between sending router advertisements from the interface. Use the no form of the command to set the time to the default value.
2CSNXXX_SWUM204.book Page 1863 Monday, January 25, 2016 1:25 PM ip irdp multicast To send router advertisements as IP multicast packets, use the ip irdp multicast command in Interface Configuration mode. To send router advertisements to the limited broadcast address (255.255.255.255), use the no form of this command. Syntax ip irdp multicast no ip irdp multicast Default Configuration Router discovery packets are sent to the all hosts IP multicast address (224.0.0.1) by default.
2CSNXXX_SWUM204.book Page 1864 Monday, January 25, 2016 1:25 PM Syntax ip irdp preference integer no ip irdp preference • integer — Preference of the address as a default router address, relative to other router addresses on the same subnet. (Range: -2147483648 to 2147483647) Default Configuration 0 is the default value. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example sets the ip irdp preference to 1000 for VLAN 15.
2CSNXXX_SWUM204.book Page 1865 Monday, January 25, 2016 1:25 PM Command Mode User Exec, Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example shows router discovery information for VLAN 15. console#show ip irdp vlan 15 Interface Ad Mode Advertise Address Max Int Min Int Hold Time Preference --------- ------- ----------------- ------- ------- -------- ---------vlan15 Enable 224.0.0.
2CSNXXX_SWUM204.book Page 1866 Monday, January 25, 2016 1:25 PM Routing Information Protocol Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches The Routing Information Protocol (RIP) has been a long-standing protocol used by routers for exchanging route information. RIP is a distance vector protocol whereby each route is characterized by the number of gateways, or hops, a packet must traverse to reach its intended destination.
2CSNXXX_SWUM204.book Page 1867 Monday, January 25, 2016 1:25 PM no auto-summary Default Configuration Disabled is the default configuration. Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines. Example console(config-router)#auto-summary default-information originate (Router RIP Configuration) Use the default-information originate command in Router RIP Configuration mode to control the advertisement of default routes.
2CSNXXX_SWUM204.book Page 1868 Monday, January 25, 2016 1:25 PM Example console(config-router)#default-information originate default-metric Use the default-metric command in Router RIP Configuration mode to set a default for the metric of distributed routes. Use the no form of the command to return the metric to the default value. Syntax default-metric number-value no default-metric • number-value — Metric for the distributed routes.
2CSNXXX_SWUM204.book Page 1869 Monday, January 25, 2016 1:25 PM Syntax distance rip integer no distance rip • integer — RIP route preference. (Range: 1-255) Default Configuration 15 is the default configuration. Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines. Example The following example sets the route preference value of RIP in the router at 100.
2CSNXXX_SWUM204.book Page 1870 Monday, January 25, 2016 1:25 PM • connected — Apply the specified access list when packets come from a directly connected route. Default Configuration This command has no default configuration. Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines. Example The following example elects access list ACL40 to filter routes received from the source protocol.
2CSNXXX_SWUM204.book Page 1871 Monday, January 25, 2016 1:25 PM Example console(config-router)#enable hostroutesaccept Use the hostroutesaccept command in Router RIP Configuration mode to enable the RIP hostroutesaccept mode. Use the no form of the command to disable the RIP hostroutesaccept mode. Syntax hostroutesaccept no hostroutesaccept Default Configuration Enabled is the default configuration. Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 1872 Monday, January 25, 2016 1:25 PM Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example console(config-if-vlan2)#ip rip console(config-if-vlan2)#no ip rip ip rip authentication Use the ip rip authentication command in Interface Configuration Mode to set the RIP Version 2 Authentication Type and Key for the specified VLAN.
2CSNXXX_SWUM204.book Page 1873 Monday, January 25, 2016 1:25 PM Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example sets the RIP Version 2 Authentication Type and Key for VLAN 11.
2CSNXXX_SWUM204.book Page 1874 Monday, January 25, 2016 1:25 PM Example The following example allows no RIP control packets to be received by VLAN 11. console(config-if-vlan11)#ip rip receive version none ip rip send version Use the ip rip sent version command in Interface Configuration mode to configure the interface to allow RIP control packets of the specified version to be sent. Use the no form of the command to return the version to the default value.
2CSNXXX_SWUM204.book Page 1875 Monday, January 25, 2016 1:25 PM redistribute The redistribute command configures RIP protocol to redistribute routes from the specified sources. If the source protocol is OSPF, there are five possible match options.
2CSNXXX_SWUM204.book Page 1876 Monday, January 25, 2016 1:25 PM User Guidelines When redistributing a route metric, the receiving protocol must understand the metric. The OSPF metric is a cost value equal to 108/ link bandwidth in bits/sec. For example, the OSPF cost of GigabitEthernet is 1 = 108/108 = 1. The RIP metric is a hop count with a maximum value of 15. Dell Networking RIP does not support sending a tag value.
2CSNXXX_SWUM204.book Page 1877 Monday, January 25, 2016 1:25 PM show ip rip Use the show ip rip command in Privileged Exec mode to display information relevant to the RIP router. Syntax show ip rip Default Configuration The command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays information relevant to the RIP router.
2CSNXXX_SWUM204.book Page 1878 Monday, January 25, 2016 1:25 PM show ip rip interface Use the show ip rip interface command in Privileged Exec mode to display information related to a particular RIP interface. Syntax show ip rip interface vlan vlan-id • vlan-id — Valid VLAN ID. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 1879 Monday, January 25, 2016 1:25 PM show ip rip interface brief Use the show ip rip interface brief command in Privileged Exec mode to display general information for each RIP interface. For this command to display successful results routing must be enabled per interface (i.e. ip rip). Syntax show ip rip interface brief Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1880 Monday, January 25, 2016 1:25 PM • none — RIP does not use split horizon to avoid routing loops. • simple — RIP uses split horizon to avoid routing loops. • poison — RIP uses split horizon with poison reverse (increases routing packet update size). Default Configuration Simple is the default configuration. Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines. Example The following example does not use split horizon.
2CSNXXX_SWUM204.book Page 1881 Monday, January 25, 2016 1:25 PM Tunnel Interface Commands Dell Networking N3000/N4000 Series Switches Dell Networking provides for the creation, deletion, and management of tunnel interfaces. They are dynamic interfaces that are created and deleted by user configuration. Tunnel interfaces are used for the following purposes. • IPv4 tunnels • IPv6 tunnels Each router interface (port or VLAN interface) may have associated tunnel interfaces.
2CSNXXX_SWUM204.book Page 1882 Monday, January 25, 2016 1:25 PM Syntax interface tunnel tunnel-id no interface tunnel tunnel-id • tunnel-id — Tunnel identifier. (Range: 0–7) Default Configuration This command has no default configuration. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example The following example enables the interface configuration mode for tunnel 1.
2CSNXXX_SWUM204.book Page 1883 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Examples The following examples show the parameters related to an individual tunnel and to all tunnel interfaces. console#show interfaces tunnel 1 Interface Link Status.......................... down MTU size.......................................
2CSNXXX_SWUM204.book Page 1884 Monday, January 25, 2016 1:25 PM Example The following example specifies the destination transport address of tunnel 1. console(config)#interface tunnel 1 console(config-if-tunnel1)#tunnel destination 10.1.1.1 tunnel mode ipv6ip Use the tunnel mode ipv6ip command in Interface Configuration mode to specify the mode of the tunnel. Syntax tunnel mode ipv6ip [6to4] no tunnel mode • 6to4 — Sets the tunnel mode to automatic.
2CSNXXX_SWUM204.book Page 1885 Monday, January 25, 2016 1:25 PM Syntax tunnel source {ip-address | interface-type interface-number} no tunnel source • ip-address—Valid IPv4 address. • interface-type—Valid interface type. VLAN is the only type supported. • interface-number—Valid interface number. Default Configuration This command has no default configuration. Command Mode Interface Configuration (Tunnel) mode. User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 1886 Monday, January 25, 2016 1:25 PM Virtual Router Commands Dell Networking N3000/N4000 Series Switches Dell Networking VRF is an implementation of Virtual Routing and Forwarding (VRF). Virtual Routing and Forwarding allows multiple independent instances for the forwarding plane to exist simultaneously. This allows the administrator to segment the network without incurring the costs of multiple routers. Each VRF operates as an independent VPN.
2CSNXXX_SWUM204.book Page 1887 Monday, January 25, 2016 1:25 PM 2 In global config mode, create the pool of VLANs. console#configure terminal console(config)#vlan 100-109 console(config-vlan100-109)#exit 3 Assign the VLAN to an interface. console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#switchport access vlan 100 console(config-if-Gi1/0/1)#exit 4 Create the VRF and enable routing.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1889 Monday, January 25, 2016 1:25 PM User Guidelines There are no user guidelines for this command. Example The following example shows the assignment of descriptive text to a VRF. console(config)#ip vrf Red console(config-vrf-Red)#description “Backbone to Gateway” console(config-vrf-Red)#exit ip vrf This command creates a virtual router with a specified name and enters Virtual Router Configuration mode.
2CSNXXX_SWUM204.book Page 1890 Monday, January 25, 2016 1:25 PM Up to 64 VRFs may be configured on the N4000 and up to 16 VRFs may be configured on the N3000. If sufficient resources requested by the VRF instance, such as routes, are not available to create the router instance, a warning is shown and the VRF is not created. The ARP table, among others, is a shared resource and is not allocated or partitioned on a VRF basis.
2CSNXXX_SWUM204.book Page 1891 Monday, January 25, 2016 1:25 PM User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. This command is only available on the N3000/N4000 switches. L3 configuration on an interface, including the IP address, is retained when the interface migrated to a new VRF instance. A interface may be migrated from the global routing instance to a VRF or from any non-global VRF instances as well.
2CSNXXX_SWUM204.book Page 1892 Monday, January 25, 2016 1:25 PM Syntax maximum routes {limit | warn threshold} no maximum routes [warn] • limit—Reserve this number of routes for the VRF instance. • threshold —The percentage of total routes over which the router issues a warning that the router has allocated the specified number of routes. Range 1-100. Default Configuration A VRF is limited by the number of unreserved routes available.
2CSNXXX_SWUM204.book Page 1893 Monday, January 25, 2016 1:25 PM show ip vrf This command shows the interfaces associated with a VRF instance. Syntax show ip vrf [interfaces] show ip vrf [vrf-name] [detail] • interfaces—Displays the interfaces associated with the VRF. • vrf-name—The name of the VRF for which information is displayed. If no vrf is specified, all VRFs are shown. The VRF name must match the configured VRF name exactly, including capitalization.
2CSNXXX_SWUM204.book Page 1894 Monday, January 25, 2016 1:25 PM Description....................... Route Distinguisher............... Maximum Routes.................... Warning-only...................... Test network 2:200 512 TRUE Route table size.................. 2 Number of interfaces.............. 2 Interfaces ----------Vl10 Lo1 Export VPN route-target communities None Import VPN route-target communities None console(Config)#show ip vrf Red VRF Identifier.......... 2 Description.............
2CSNXXX_SWUM204.book Page 1895 Monday, January 25, 2016 1:25 PM Virtual Router Redundancy Protocol Commands Dell Networking N1500/N3000/N4000 Series Switches An end station running IP needs to know the address of its first hop router. While some network administrators choose to install dynamic router discovery protocols such as DHCP, others prefer to statically allocate router addresses. If the router identified by such a statically allocated address goes down, the end station loses connectivity.
2CSNXXX_SWUM204.book Page 1896 Monday, January 25, 2016 1:25 PM The Pingable VRRP Interface feature, when enabled, allows the VRRP master to respond to both fragmented and unfragmented ICMP echo requests packets destined to a VRRP address (or addresses). A virtual router in backup state discards these. For any packet destined to a VRRP address (or addresses), the VRRP master responds with VRRP address as the source IPv4 address and VRMAC as the source MAC address.
2CSNXXX_SWUM204.book Page 1897 Monday, January 25, 2016 1:25 PM Route Tracking The network operator may perform this task to track the reachability of an IP route. A tracked route is considered up when a routing table entry exists for the route and the route is accessible. For route tracking, make VRRP a best route client of RTO. When a tracked route is added or deleted, change the priority. For simplicity, routes are not distinguished with the next hop interface that has VRRP enabled.
2CSNXXX_SWUM204.book Page 1898 Monday, January 25, 2016 1:25 PM Syntax ip vrrp no ip vrrp Default Configuration VRRP is disabled by default. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example The following example enables VRRP protocol on the router.
2CSNXXX_SWUM204.book Page 1899 Monday, January 25, 2016 1:25 PM User Guidelines The VRRP IP address is not pingable from within the switch. vrrp authentication Use the vrrp authentication command in Interface Configuration mode to set the authentication details value for the virtual router configured on a specified interface. Use the no form of the command to return the authentication type to the default value.
2CSNXXX_SWUM204.book Page 1900 Monday, January 25, 2016 1:25 PM vrrp description Use the vrrp description command in Interface Configuration mode to assign a description to the Virtual Router Redundancy Protocol (VRRP) group. To remove the description, use the no form of the command. Syntax vrrp group description text no vrrp group description • group—The virtual router identifier. (Range: 1-255) • text—Description for the virtual router group up to 80 characters.
2CSNXXX_SWUM204.book Page 1901 Monday, January 25, 2016 1:25 PM Syntax vrrp group ip ip-address [secondary] no vrrp group ip ip-address vlan secondary • group—The virtual router identifier. (Range: 1-255) • ip-address—The IP address of the virtual router. • secondary—Designates the virtual router IP address as a secondary IP address on an interface. Default Configuration VRRP is not configured on the interface. Command Mode Interface Configuration (VLAN) mode.
2CSNXXX_SWUM204.book Page 1902 Monday, January 25, 2016 1:25 PM console(config)#interface vlan 15 console(config-if-vlan15)#ip address 192.168.5.1 255.255.255.0 console(config-if-vlan15)#vrrp 20 console(config-if-vlan15)#vrrp 20 ip 192.168.5.20 console(config-if-vlan15)#vrrp 20 mode vrrp mode Use the vrrp mode command in Interface Configuration mode to enable the virtual router configured on an interface. Enabling the status field starts a virtual router.
2CSNXXX_SWUM204.book Page 1903 Monday, January 25, 2016 1:25 PM Syntax vrrp group preempt [delay seconds] no vrrp group preempt • group—The virtual router identifier. (Range: 1-255) • seconds—The number of seconds the VRRP router will wait before issuing an advertisement claiming master ownership. Default Configuration Enabled is the default configuration. Delay defaults to 0 seconds. Command Mode Interface Configuration (VLAN) mode.
2CSNXXX_SWUM204.book Page 1904 Monday, January 25, 2016 1:25 PM no vrrp group priority level • group — The virtual router identifier. (Range: 1-255) • level — Priority value for the interface. (Range: 1-254) Default Configuration Priority has a default value of 100. Command Mode Interface Configuration (VLAN) mode. User Guidelines The VRRP router with the highest numerical value for priority will become the VR master.
2CSNXXX_SWUM204.book Page 1905 Monday, January 25, 2016 1:25 PM Default Configuration Interval has a default value of 1. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example sets the frequency at which the VLAN 15 virtual router 5 sends a virtual router advertisement.
2CSNXXX_SWUM204.book Page 1906 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example The following configures VLAN 15 virtual router to learn the advertisement interval used by the master virtual router. console(config-if-vlan15)#vrrp 5 timers learn vrrp track interface Use the vrrp track interface command in Interface Configuration mode to alter the priority of the VRRP router based on the availability of its interfaces.
2CSNXXX_SWUM204.book Page 1907 Monday, January 25, 2016 1:25 PM • vlan vlan-id—Valid VLAN ID. • priority—Priority decrement value for the tracked interface. (Range: 1254) Default Configuration No interfaces are tracked. The default decrement priority is 10. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example adds VLAN 2 to the virtual router tracked list (with a priority decrement value of 20.
2CSNXXX_SWUM204.book Page 1908 Monday, January 25, 2016 1:25 PM no vrrp group track ip route ip-address/prefix-length • group—The virtual router identifier. (Range: 1–255). • ip-address/prefix-length—Specifies the route to be tracked. • priority—Priority decrement value for the tracked route. (Range: 1–254). Default Configuration There are no routes tracked by default. The default decrement priority is 10. Command Mode Interface Configuration (VLAN) mode.
2CSNXXX_SWUM204.book Page 1909 Monday, January 25, 2016 1:25 PM Command Mode User Exec, Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays detailed VRRP status. console# show vrrp Admin Mode..................................... Router Checksum Errors......................... Router Version Errors.......................... Router VRID Errors.............................
2CSNXXX_SWUM204.book Page 1910 Monday, January 25, 2016 1:25 PM Advertisement Interval (secs).................. 10 Accept Mode ................................... Enable Pre-empt Mode.................................. Enable Pre-empt Delay................................. 0 Administrative Mode............................ Enable State.......................................... Initialized Timers Learn Mode............................ Disable Description ..................................... Track Interface..
2CSNXXX_SWUM204.book Page 1911 Monday, January 25, 2016 1:25 PM Command Mode User Exec, Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays all configuration information about the VLAN 15 virtual router. console#show vrrp interface vlan 7 Vlan 7 – Group 1 Primary IP Address........................... 192.168.5.55 VMAC Address................................ 0000.5E00.0101 Authentication Type...
2CSNXXX_SWUM204.book Page 1912 Monday, January 25, 2016 1:25 PM Advertisement Interval Errors.................. Authentication Failure......................... IP TTL Errors.................................. Zero Priority Packets Received................. Zero Priority Packets Sent..................... Invalid Type Packets Received.................. Address List Errors ........................... Invalid Authentication Type.................... Authentication Type Mismatch...................
2CSNXXX_SWUM204.book Page 1913 Monday, January 25, 2016 1:25 PM show vrrp interface stats Use the show vrrp interface stats command in User Exec mode to display the statistical information about each virtual router configured on the switch. Syntax show vrrp interface stats vlan vlan-id vr-id • vlan-id — Valid VLAN ID. • vr-id — The virtual router identifier. (Range: 1-255) Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1914 Monday, January 25, 2016 1:25 PM Pingable VRRP Commands ip vrrp accept-mode Use the ip vrrp accept-mode command in Interface (VLAN) Configuration mode to enable the VRRP Master to accept ping packets sent to one of the virtual router’s IP addresses. Use the no form of the command to disable responding to ping packets. Syntax ip vrrp vrid accept-mode no vrrp vrid accept-mode • vrid — Virtual router identification.
2CSNXXX_SWUM204.book Page 1915 Monday, January 25, 2016 1:25 PM Default Configuration The command has no default configuration. Command Mode User Exec, Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays all configuration information about the VLAN 15 virtual router. console#show ip vrrp interface vlan2 1 Primary IP Address........................... 10.10.10.1 VMAC Address....................
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1918 Monday, January 25, 2016 1:25 PM Application Deployment Dell Networking N1500/N2000/N3000/N4000 Series Switches This section contains commands to manage Dell-supplied or end-user generated applications. Commands in this Section This section explains the following commands: application install application stop application start show application application install Use the application install command to install or remove an application.
2CSNXXX_SWUM204.book Page 1919 Monday, January 25, 2016 1:25 PM • max-megabytes — Set the maximum memory resource that the application process(es) are allowed to consume. Expressed as megabytes between 0 and 200. If 0 is specified, the application process(es) are not limited. If this keyword is not specified, the default value is used. The default is 0. Default Configuration By default, no applications are installed.
2CSNXXX_SWUM204.book Page 1920 Monday, January 25, 2016 1:25 PM Default Configuration By default, no applications are installed. Command Mode Global Configuration User Guidelines Applications must be downloaded and installed prior to scheduling execution. Application names may be up to 16 characters in length. The name specified in the application-name parameter must match the filename output of the show application command exactly. Application names are case sensitive.
2CSNXXX_SWUM204.book Page 1921 Monday, January 25, 2016 1:25 PM User Guidelines Applications must be downloaded and installed prior to scheduling execution. Application names may be up to 16 characters in length. The name specified in the application-name parameter must match the filename output of the show application command exactly. Application names are case sensitive. Command History Introduced in version 6.3.0.1 firmware.
2CSNXXX_SWUM204.book Page 1922 Monday, January 25, 2016 1:25 PM Parameter Definition filename Name of the application start-on-boot Yes or No stating if the application is configured to start on boot auto-restart Yes or No stating if the application is configured to restart when the application process ends Max-CPU-Util Configured application CPU utilization limit expressed as a percentage. “None” if unlimited. Max-memory Configured application memory limit in megabytes. “None” if unlimited.
2CSNXXX_SWUM204.book Page 1923 Monday, January 25, 2016 1:25 PM Auto-Install Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Auto-Install provides automatic update of the image and configuration of Dell Networking devices on boot up from a TFTP server as controlled by received DHCP options. It plays a critical role in the Dell Networking offering of touchless or low-touch provisioning, in which configuration and imaging of a device is greatly simplified.
2CSNXXX_SWUM204.book Page 1924 Monday, January 25, 2016 1:25 PM Commands in this Section This section explains the following commands: boot auto-copy-sw boot host retrycount boot auto-copy-sw allow-downgrade boot auto-copy-sw boot host autoreboot show auto-copy-sw boot host autosave show boot boot host dhcp – boot auto-copy-sw Use the boot auto-copy-sw command in Privileged Exec mode to enable or disable Stack Firmware Synchronization.
2CSNXXX_SWUM204.book Page 1925 Monday, January 25, 2016 1:25 PM boot auto-copy-sw allow-downgrade Use the boot auto-copy-sw allow-downgrade command in Privileged Exec mode to enable downgrading the firmware version on the stack member if the firmware version on the manager is older than the firmware version on the member. Use the no form of the command to disable downgrading the image.
2CSNXXX_SWUM204.book Page 1926 Monday, January 25, 2016 1:25 PM boot host autoreboot Use the boot host autoreboot command in Global Configuration mode to enable rebooting the device (no administrative intervention) when the autoimage is successfully downloaded. Use the no form of this command to disable rebooting the device (no administrative intervention) when the autoimage is successfully downloaded. Syntax boot host autoreboot no boot host autoreboot Default Configuration The default value is enabled.
2CSNXXX_SWUM204.book Page 1927 Monday, January 25, 2016 1:25 PM Syntax boot host autosave no boot host autosave Default Configuration The default value is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines Example console# console#configure console(config)#boot host auto-save console(config)#no boot host auto-save boot host dhcp Use the boot host dhcp command in Global Configuration mode to enable Auto-Install and Auto Configuration on the switch.
2CSNXXX_SWUM204.book Page 1928 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration. User Guidelines This command has no user guidelines Example console# console#configure console(config)#boot host dhcp console(config)#no boot host dhcp boot host retrycount The boot host retrycount command sets the number of attempts to download a configuration. Use the no form of this command to reset the number of attempts to download a configuration to the default.
2CSNXXX_SWUM204.book Page 1929 Monday, January 25, 2016 1:25 PM console(config)#no boot host retrycount show auto-copy-sw Use the show auto-copy-sw command in Privileged Exec mode to display Stack Firmware Synchronization configuration status. Syntax show auto-copy-sw Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1930 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Privileged Exec, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 1931 Monday, January 25, 2016 1:25 PM CLI Macro Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches CLI Macros provides a convenient way to save and distribute common configurations. A CLI macro is a set of the CLI commands having a unique name. When a CLI macro is applied, the CLI commands contained within the macro are executed and added to the Running Configuration File.
2CSNXXX_SWUM204.book Page 1932 Monday, January 25, 2016 1:25 PM • profile-wireless, the interface configuration, used when connecting the switch and a wireless access point. • profile-compellent-nas, the interface configuration, used when connecting the switch to a Dell Compellent NAS.
2CSNXXX_SWUM204.book Page 1933 Monday, January 25, 2016 1:25 PM Macro Context Name Service interface profile-desktop Configure port security and spanning-tree portfast for a desktop user. interface profile-phone Enable an interface for the Voice VLAN service. interface profile-switch Configure a trunk mode port for a switch. interface profile-router Configure a trunk mode port for a router. interface profile-wireless Configure a port for connection to a wireless AP.
2CSNXXX_SWUM204.book Page 1934 Monday, January 25, 2016 1:25 PM macro global apply Use the macro global apply command in Global Configuration mode to apply a macro. Syntax macro global apply macro-name [parameter value] [parameter value][parameter value] • macro-name—The name of the macro. • parameter—The name of the parameter recognized by the macro. The parameter must begin with a dollar sign ($). • value—The string to be substituted within the macro for the specified parameter name.
2CSNXXX_SWUM204.book Page 1935 Monday, January 25, 2016 1:25 PM • parameter—The name of the parameter recognized by the macro. The parameter must begin with a dollar sign ($). • value—The string to be substituted within the macro for the specified parameter name. Default Configuration No parameters are substituted unless supplied on the command line. Command Mode Global Configuration mode User Guidelines The line number of the first error encountered is printed.
2CSNXXX_SWUM204.book Page 1936 Monday, January 25, 2016 1:25 PM User Guidelines This command is intended to give the administrator an easy way to remember which macros have been applied globally. All text up to the new line is included in the description. The line is appended to the global description. macro apply Use the macro apply command in Interface Configuration mode to apply a macro.
2CSNXXX_SWUM204.book Page 1937 Monday, January 25, 2016 1:25 PM Syntax macro trace macro-name [parameter value] [parameter value][parameter value] no macro name name • macro-name—The name of the macro. • parameter—The name of the parameter recognized by the macro. The parameter must begin with a dollar sign ($). • value—The string to be substituted within the macro for the specified parameter name. Default Configuration No parameters are substituted unless supplied on the command line.
2CSNXXX_SWUM204.book Page 1938 Monday, January 25, 2016 1:25 PM Default Configuration There is no description by default. Command Mode Interface Configuration mode User Guidelines This command is intended to give the administrator an easy way to remember which macros have been applied to an interface. All text up to the new line is included in the description. The line is appended to the interface description.
2CSNXXX_SWUM204.book Page 1939 Monday, January 25, 2016 1:25 PM Clock Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Real-time Clock The Dell Networking supports a real-time clock that maintains the system time across reboots. The system time is used to timestamp messages in the logging subsystem as well as for the application of time based ACLs. The administrator has the ability to configure and view the current time, time zone, and summer time settings.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1941 Monday, January 25, 2016 1:25 PM console#show sntp configuration Polling interval: 64 seconds MD5 Authentication keys: Authentication is not required for synchronization. Trusted keys: No trusted keys No trusted keys. Unicast clients: Disable Unicast servers: Server Key ------------------10.27.128.
2CSNXXX_SWUM204.book Page 1942 Monday, January 25, 2016 1:25 PM Server Current Entries: 2 SNTP Servers -----------Host Address: 2001::01 Address Type: IPv6 Priority: 1 Version: 4 Port: 123 Last Update Time: Dec 22 11:10:00 2009 Last Attempt Time: Dec 22 11:10:00 2009 Last Update Status: Success Total Unicast Requests: 955 Failed Unicast Requests: 1 Host Address: 3.north-america.pool.ntp.
2CSNXXX_SWUM204.book Page 1943 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Examples The following example shows the status of the SNTP. console#show sntp status Client Mode: Last Update Time: Unicast servers: Server Status ------------------192.168.0.
2CSNXXX_SWUM204.book Page 1944 Monday, January 25, 2016 1:25 PM console(config)# sntp authentication-key 8 md5 ClkKey console(config)# sntp trusted-key 8 console(config)# sntp authenticate sntp authentication-key Use the sntp authentication-key command in Global Configuration mode to define an authentication key for Simple Network Time Protocol (SNTP). To remove the authentication key for SNTP, use the no form of this command.
2CSNXXX_SWUM204.book Page 1945 Monday, January 25, 2016 1:25 PM Syntax sntp broadcast client enable no sntp broadcast client enable Default Configuration The SNTP Broadcast client is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example enables a Simple Network Time Protocol (SNTP) Broadcast client.
2CSNXXX_SWUM204.book Page 1946 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration mode User Guidelines If a user enters a value which is not an exact power of two, the nearest powerof-two value is applied. Example The following example sets the polling time for the Simple Network Time Protocol (SNTP) client to 1024 seconds. console(config)# sntp client poll timer 1024 sntp server Use the sntp server command in Global Configuration mode to configure an SNTP server address or a host name.
2CSNXXX_SWUM204.book Page 1947 Monday, January 25, 2016 1:25 PM Example The following example configures the device to accept Simple Network Time Protocol (SNTP) traffic from the server at IP address 192.1.1.1. console(config)# sntp server 192.1.1.1 sntp source-interface Use the sntp source-interface command to select the interface from which to use the IP address in the source IP address field of transmitted SNTP packets. Use the no form of the command to revert to the default IP address.
2CSNXXX_SWUM204.book Page 1948 Monday, January 25, 2016 1:25 PM console(config)#interface vlan 1 console(config-if-vlan1)#ip address dhcp console(config-if-vlan1)#exit console(config)#sntp source-interface vlan 1 sntp trusted-key Use the sntp trusted-key command in Global Configuration mode to authenticate the identity of a system to which Simple Network Time Protocol (SNTP) will synchronize. To disable authentication of the identity of the system, use the no form of this command.
2CSNXXX_SWUM204.book Page 1949 Monday, January 25, 2016 1:25 PM sntp unicast client enable Use the sntp unicast client enable command in Global Configuration mode to enable a client to use Simple Network Time Protocol (SNTP) predefined Unicast clients. To disable an SNTP Unicast client, use the no form of this command. Syntax sntp unicast client enable no sntp unicast client enable Default Configuration The SNTP Unicast client is disabled.
2CSNXXX_SWUM204.book Page 1950 Monday, January 25, 2016 1:25 PM • minutes-offset — Minutes difference from UTC. (Range: 0–59) • acronym — The acronym for the time zone. (Range: Up to four characters) Command Mode Global Configuration Default Value No default setting User Guidelines No specific guidelines Example console(config)#clock timezone -5 minutes 30 zone IST no clock timezone Use the no clock timezone command to reset the time zone settings.
2CSNXXX_SWUM204.book Page 1951 Monday, January 25, 2016 1:25 PM clock summer-time recurring Use the clock summer-time recurring {usa | eu | {week day month hh:mm week day month hh:mm}} [offset offset] [zone acronym] command to set the summertime offset to UTC recursively every year. If the optional parameters are not specified, they are read as either '0' or '\0', as appropriate.
2CSNXXX_SWUM204.book Page 1952 Monday, January 25, 2016 1:25 PM clock summer-time date Use the clock summer-time date {date | month} {month | date} year hh:mm {date | month} {month | date} year hh:mm [offset offset] [zone acronym] command to set the summertime offset to UTC. If the optional parameters are not specified, they are read as either '0' or '\0', as appropriate.
2CSNXXX_SWUM204.book Page 1953 Monday, January 25, 2016 1:25 PM no clock summer-time Use the no clock summer-time command to reset the summertime configuration. Syntax no clock summer-time Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines No specific guidelines Example console(config)#no clock summer-time show clock Use the show clock command in Privileged Exec or User Exec mode to display the time and date from the system clock.
2CSNXXX_SWUM204.book Page 1954 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example The following example shows the time and date only. console# show clock 15:29:03 PDT(UTC-7) Jun 17 2014 Time source is SNTP The following example shows the time, date, timezone, and summertime configuration. console# show clock detail 15:29:03 PDT(UTC-7) Jun 17 2014 Time source is SNTP Time zone: Acronym is PST Offset is UTC-7 Summertime: Acronym is PDT Recurring every year.
2CSNXXX_SWUM204.book Page 1955 Monday, January 25, 2016 1:25 PM Command Line Configuration Scripting Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches The Configuration Scripting feature allows the user to generate textformatted files representing the current system configuration. These configuration script files can be uploaded to a computer and edited, then downloaded to the system and applied to the system.
2CSNXXX_SWUM204.book Page 1956 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example applies the config.scr script to the switch. console#script apply config.scr script delete Use the script delete command in Privileged Exec mode to delete a specified script.
2CSNXXX_SWUM204.book Page 1957 Monday, January 25, 2016 1:25 PM console#script delete all script list Use the script list command in Privileged Exec mode to list all scripts present on the switch as well as the remaining available space. Syntax script list Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example displays all scripts present on the switch.
2CSNXXX_SWUM204.book Page 1958 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example displays the contents of the script file config.scr. console#script show config.scr interface gigabitethernet 1/0/1 ip address 176.242.100.100 255.255.255.
2CSNXXX_SWUM204.book Page 1959 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example The following example validates the contents of the script file config.scr. console#script validate config.
2CSNXXX_SWUM204.book Page 1960 Monday, January 25, 2016 1:25 PM Configuration and Image File Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches File System Commands CLI commands allow the user to show the contents of the current directory in the flash file system (dir command). These files may also be deleted from the flash using the delete command or renamed with the rename command.
2CSNXXX_SWUM204.book Page 1961 Monday, January 25, 2016 1:25 PM delete backup-image show running-config delete startup-config show startup-config dir write boot system Use the boot system command in Privileged Exec mode to specify the system image that the device loads at startup. Syntax boot system [unit-id][active|backup] • unit-id—Unit to be used for this operation. If absent, command executes on this node. • active—Boot from the currently active image. • backup—Boot from the backup image.
2CSNXXX_SWUM204.book Page 1962 Monday, January 25, 2016 1:25 PM Machine Description............... System Model ID................... Machine Type...................... Serial Number..................... Manufacturer...................... Burned In MAC Address............. System Object ID.................. CPU Version....................... SOC Version....................... HW Version........................ CPLD Version......................
2CSNXXX_SWUM204.book Page 1963 Monday, January 25, 2016 1:25 PM copy Use the copy command in Privileged Exec mode to copy files within the switch and to upload and download files from and to the switch. Syntax copy source-url destination-url Parameter Description source-url The location URL or or reserved keyword of the source file being copied. (Range: 1-160 characters.) List of valid source parameters for uploading from the switch: backup-config Uploads Backup Config file.
2CSNXXX_SWUM204.book Page 1964 Monday, January 25, 2016 1:25 PM Parameter Description destination-url The URL or reserved keyword of the destination file. (Range: 1-160 characters. List of valid destination parameters for downloading to the switch: application filename Download a Dell-supplied application. backup-config Downloads a backup config file using FTP, SFTP, or TFTP. ca-root [index] A Certificate Authority (CA) root certificate file.
2CSNXXX_SWUM204.book Page 1965 Monday, January 25, 2016 1:25 PM Parameter Description ias-users Downloads the ias-users database file. Valid destination URLs for uploading from the switch: tftp://{ipaddress | hostname}/filepath/filename scp://{user@ipaddresss | hostname}/filepath/filename sftp://{user@ipaddress | hostname}/filepath/filename flash://filename usb://filename/filename The following list describes syntax keywords.
2CSNXXX_SWUM204.book Page 1966 Monday, January 25, 2016 1:25 PM Reserved Keyword Description application Represents a manufacturer-supplied application running-config Represents the current running configuration file. startup-config Represents the startup configuration file. startup-log Represents the startup syslog file. This can only be the source of a copy operation. operational-log Represents the operational syslog file. This can only be the source of a copy operation.
2CSNXXX_SWUM204.book Page 1967 Monday, January 25, 2016 1:25 PM User Guidelines When copying files from the switch, match a source parameter with a destination URL. When copying to the switch, match a source URL to a destination parameter. URLs may not exceed 160 characters in length, including filename, file path, hostname, ip address, user, and reserved keywords. Script download performs syntax checking of downloaded scripts. If a syntax error is detected, the user is prompted to save the file.
2CSNXXX_SWUM204.book Page 1968 Monday, January 25, 2016 1:25 PM Configuration saved! Example – Downloading new code to the switch console#copy tftp://10.27.9.99/jmclendo/N4000v6.0.1.3.stk backup Transfer Mode.................................. Server IP Address.............................. Source File Path............................... Source Filename................................ Data Type...................................... Destination Filename........................... TFTP 10.27.9.
2CSNXXX_SWUM204.book Page 1969 Monday, January 25, 2016 1:25 PM Example – Downloading and applying ias users file console#copy tftp://10.131.17.104/aaa_users.txt ias-users Transfer Mode.................................. TFTP Server IP Address.............................. 10.131.17.104 File Path...................................... ./ File Name...................................... aaa_users.txt Data Type......................................
2CSNXXX_SWUM204.book Page 1970 Monday, January 25, 2016 1:25 PM • backup—Deletes the backup. • backup-config—Deletes the backup configuration. • startup-config—Deletes the startup configuration. • core-dump-file file-name - Delete the specified core dump file • core-dump-file all – Delete all core dump files. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example console#delete file1.
2CSNXXX_SWUM204.book Page 1971 Monday, January 25, 2016 1:25 PM Example The following example deletes the backup-config file. console#delete backup-config Delete backup-config (Y/N)?y delete backup-image Use the delete backup-image command in Privileged Exec mode to delete a file from a flash memory device. Syntax delete backup-image Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines NOTE: The active image cannote be deleted.
2CSNXXX_SWUM204.book Page 1972 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines If the startup-config file is not present when system reboots, it reboots with default settings. Example The following example deletes the startup-config file. console# delete startup-config Delete startup-config (y/n)? dir Use the dir command to print the contents of the flash file system or of a subdirectory.
2CSNXXX_SWUM204.book Page 1973 Monday, January 25, 2016 1:25 PM drwx drwx -rw-rw-rw-rw-rw-rw-rwdrwx -rw-rw- 2640 0 96 156 14363703 18335232 64 37549 245 160 0 2497 Feb Feb Jan Jan Jan Dec Oct Jan Jan Dec Jan Jan 02 19 28 01 22 31 03 01 01 30 28 21 2022 2014 2022 1970 2022 2021 2029 1970 1970 2021 2022 2022 00:26:43 15:22:53 23:05:45 00:03:14 03:36:08 01:03:06 01:46:00 00:03:02 00:03:14 03:24:26 23:05:12 22:37:38 . .. snmpOprData.cfg dh512.pem image1 image2 logNvmSave.bin xacl1.scr dh1024.
2CSNXXX_SWUM204.book Page 1974 Monday, January 25, 2016 1:25 PM User Guidelines This command is not supported on USB drives. filedescr Use the filedescr command in Privileged Exec mode to add a description to a file. Use the no version of this command to remove the description from the filename. Syntax filedescr {active | backup} description no filedescr {active | backup} • active | backup — Image file. • description — Block of descriptive text.
2CSNXXX_SWUM204.book Page 1975 Monday, January 25, 2016 1:25 PM Example The following example attaches a file description to image2. console#filedescr image2 "backedup on 03-22-05" rename Use the rename command in Privileged Exec mode to rename a file present in flash. Syntax rename source dest • source — Source file name • dest — Destination file name Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1976 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example shows backup-config data. console#show backup-config !Current Configuration: !System Description "Dell Networking N4032, 6.0.0.0, Linux 2.6.32.9" !System Software Version 6.0.0.
2CSNXXX_SWUM204.book Page 1977 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode User Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the active system image file that the device loads at startup.
2CSNXXX_SWUM204.book Page 1978 Monday, January 25, 2016 1:25 PM Syntax show running-config [all | interface interface-id [all] |scriptname] • all—Display or capture the complete configuration, including settings equal to the defaults. • interface-id—An interface identifier (logical or physical). Limits the display to the specified interface. • scriptname—If the optional scriptname is provided, the output is redirected to a script file.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1980 Monday, January 25, 2016 1:25 PM console(config)#show startup-config !Current Configuration: !System Description "Dell Networking N4064F, 6.1.0.1, Linux 2.6.32.9" !System Software Version 6.1.0.
2CSNXXX_SWUM204.book Page 1981 Monday, January 25, 2016 1:25 PM DHCP Client Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Dell Networking switches support an embedded DHCP client. Any IP interface can use DHCP to obtain an IP address. The DHCP client can run on multiple interfaces simultaneously. For IPv4, an IP interface can either use manually configured addresses or be enabled for DHCP. The options are mutually exclusive.
2CSNXXX_SWUM204.book Page 1982 Monday, January 25, 2016 1:25 PM release dhcp Use the release dhcp command in Privileged Exec mode to force the DHCPv4 client to release a leased address. Syntax release dhcp interface-id • interface-id—Any valid VLAN interface. See Interface Naming Conventions for interface representation. Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1983 Monday, January 25, 2016 1:25 PM Syntax renew dhcp {interface-id | out-of-band} • interface-id—Any valid routing interface. See Interface Naming • out-of-band—Keyword to identify the out-of-band interface. The DHCP client renews the leased address on this interface. Conventions for interface representation. Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1984 Monday, January 25, 2016 1:25 PM show dhcp lease Use the show dhcp lease command in Privileged Exec mode to display IPv4 addresses leased from a DHCP server. Syntax show dhcp lease [interface { out-of-band | vlan vlan-id } ] • out-of-band—The out-of-band interface. • vlan—The VLAN and VLAN ID. Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 1985 Monday, January 25, 2016 1:25 PM Term Description Rebind The time (in seconds) when the DHCP Rebind process starts. Retry count Number of times the DHCPv4 client sends a DHCP REQUEST message before the server responds. Examples The following example shows the output from this command when the device has leased two IPv4 addresses from the DHCP server. console#show dhcp lease IP address: 10.1.20.1 on interface VLAN10 Subnet mask: 255.255.255.0 DHCP Lease server: 10.1.20.
2CSNXXX_SWUM204.book Page 1986 Monday, January 25, 2016 1:25 PM HiveAgent Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches The commands in this section enable configuration of the Dell HiveAgent.
2CSNXXX_SWUM204.book Page 1987 Monday, January 25, 2016 1:25 PM User Guidelines Messages are shown for both the accept and reject use cases with information directing the user to URLs for further information. If the user rejects or has not yet accepted the EULA, the configuration mode for the specified service is not usable. If there is existing configuration for that feature, the configuration is not removed, but the feature is disabled. This command can be executed multiple times.
2CSNXXX_SWUM204.book Page 1988 Monday, January 25, 2016 1:25 PM no hiveagent Default Configuration By default, no HiveManager NG is configured by default. Command Mode Global Configuration User Guidelines This command enters HiveAgent Configuration mode. It allows the administrator to configure HiveAgent information. The configured information is stored in the running config. Use the write command to save the information into the startup-config. Command History Introduced in version 6.3.0.1 firmware.
2CSNXXX_SWUM204.book Page 1989 Monday, January 25, 2016 1:25 PM Syntax server server-name no server server-name server-name — The name of the server. The server name has a maximum length of 20 characters. Any printable character other than a question mark may be used in the server name. Enclose the server name in quotes if an embedded blank is desired in the server name. Default Configuration The default server HiveManagerNG is configured.
2CSNXXX_SWUM204.book Page 1990 Monday, January 25, 2016 1:25 PM no enable Default Configuration By default, the default server is enabled. It may be disabled using the no enable form of the command. Command Mode HiveAgent Server Configuration User Guidelines Only one HiveAgent server (HiveManager NG) can be enabled. Command History Introduced in version 6.3.0.1 firmware.
2CSNXXX_SWUM204.book Page 1991 Monday, January 25, 2016 1:25 PM • userid — The user name used to log into the proxy server. • encryption-type— 0 indicates an unencrypted password; 7 indicates an encrypted password. • password— An unencrypted or encrypted password. The maximum length is 256 characters for an unencrypted password . Encrypted passwords must be 32 characters in length. Default Configuration By default, no proxy is configured.
2CSNXXX_SWUM204.book Page 1992 Monday, January 25, 2016 1:25 PM Default Configuration By default, the HiveManagerNG URL is cloud-rd.aerohive.com. Command Mode HiveAgent Server Configuration User Guidelines The hostip for HiveManager NG may be specified as an IPv4 address, an IPv6 address or as a DNS hostname. If using the DNS hostname, the DNS resolver feature will need to be configured, enabled and operational. Command History Introduced in version 6.3.0.1 firmware.
2CSNXXX_SWUM204.book Page 1993 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.3.0.1 firmware. Example console# show hiveagent status HiveAgent: Enabled HiveManager NG: https://cloud-va.aerohive.com (resolved) EULA: Accepted Proxy Server: 172.167.33.101 Proxy Port: 8080 show eula-consent hiveagent Use the show eula-consent command to review the EULA details. Displaying the EULA details does not modify the current state of EULA acceptance for that feature.
2CSNXXX_SWUM204.book Page 1994 Monday, January 25, 2016 1:25 PM This switch includes a feature that enables it to work with HiveManager (an optional management suite), by sending the switch’s service tag number to HiveManager to authenticate your entitlement to use HiveManager. If you wish to disable this feature, you should run command “eula-consent hiveagent reject” immediately upon powering up the switch for the first time, or at any time thereafter.
2CSNXXX_SWUM204.book Page 1995 Monday, January 25, 2016 1:25 PM Line Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches This section explains the following commands: accounting line authorization login authentication enable authentication login-banner exec-banner motd-banner exec-timeout password (Line Configuration) history show line history size speed terminal length Authentication commands related to line configuration mode are in DHCP Client Commands.
2CSNXXX_SWUM204.book Page 1996 Monday, January 25, 2016 1:25 PM • list-name—Character string of not more than 15 characters used to name the list of accounting methods. The list name can consist of any printable character other than a question mark. Use quotes around the list name if embedded blanks are contained in the list name. Default Configuration Accounting is not enabled by default.
2CSNXXX_SWUM204.book Page 1997 Monday, January 25, 2016 1:25 PM • list-name—Character string used to name the list of authorization methods. The list name can consist of any printable character other than a question mark. Use quotes around the list name if embedded blanks are contained in the list name. Default Configuration Authorization is not enabled on any line method by default.
2CSNXXX_SWUM204.book Page 1998 Monday, January 25, 2016 1:25 PM • default — Uses the default list created with the aaa authentication enable command. • list-name — Uses the indicated list created with the aaa authentication enable command. (Range: 1-12 characters) Default Configuration Uses the default set with the command aaa authentication enable. Command Mode Line Configuration mode User Guidelines Use of the no form of the command does not disable authentication.
2CSNXXX_SWUM204.book Page 1999 Monday, January 25, 2016 1:25 PM Command Mode Line Configuration User Guidelines The exec banner can consist of multiple lines. Enter a quote to complete the message and return to configuration mode. Example console(config-telnet)# no exec-banner exec-timeout Use the exec-timeout command in Line Configuration mode to set the interval that the system waits for user input before timeout. To restore the default setting, use the no form of this command.
2CSNXXX_SWUM204.book Page 2000 Monday, January 25, 2016 1:25 PM console(config)#line console console(config-line)#exec-timeout 20 history Use the history command in Line Configuration mode to enable the command history function. To disable the command history function, use the no form of this command. Syntax history no history Default Configuration The default value for this command is enabled. Command Mode Line Interface mode User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 2001 Monday, January 25, 2016 1:25 PM • number-of-commands—Specifies the number of commands the system may record in its command history buffer. (Range: 0-216) Default Configuration The default command history buffer size is 10. Command Mode Line Configuration mode User Guidelines This command has no user guidelines. Example The following example configures the command history buffer size to 20 commands for the current terminal session.
2CSNXXX_SWUM204.book Page 2002 Monday, January 25, 2016 1:25 PM User Guidelines The default authentication list for telnet and SSH is enableNetList. The enableNetList uses a single method: enable. This implies that users accessing the switch via telnet or SSH must have an enable password defined in order to access privileged mode. Alternatively, the administrator can set the telnet and ssh lists to enableList, which has the enable and none methods defined.
2CSNXXX_SWUM204.book Page 2003 Monday, January 25, 2016 1:25 PM Default Configuration Uses the default set with the command aaa authentication login. Command Mode Line Configuration mode User Guidelines This command has no user guidelines. Example The following example specifies the default authentication method for a console.
2CSNXXX_SWUM204.book Page 2004 Monday, January 25, 2016 1:25 PM Example console(config-telnet)# no login-banner motd-banner Use the motd-banner command to enable motd on the console, telnet or SSH connection. To disable, use the no form of the command. Syntax motd-banner no motd-banner • MESSAGE — Quoted text Default Configuration This command has no default configuration. Command Mode Line Configuration User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 2005 Monday, January 25, 2016 1:25 PM • password — Password for this level. (Range: 8- 64 characters) The special characters allowed in the password include ! # $ % & ‘ ( ) * + , - . / : ; < = > @ [ \ ] ^ _ ` { | } ~. User names can contain blanks if the name is surrounded by double quotes. • encrypted — Encrypted password to be entered, copied from another switch configuration. Default Configuration No password is specified.
2CSNXXX_SWUM204.book Page 2006 Monday, January 25, 2016 1:25 PM Command Mode User Exec and Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the line configuration.
2CSNXXX_SWUM204.book Page 2007 Monday, January 25, 2016 1:25 PM Command Mode Line Interface (console) mode User Guidelines This configuration applies only to the current session. Example The following example configures the console baud rate to 9600. console(config-line)#speed 9600 terminal length Use the terminal length command to set the terminal length. Use the no form of the command to reset the terminal length to the default.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 2009 Monday, January 25, 2016 1:25 PM PHY Diagnostics Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches This section explains the following commands: show copper-ports tdr test copper-port tdr show fiber-ports optical-transceiver – show copper-ports tdr Use the show copper-ports tdr command in Privileged Exec mode to display the stored information regarding cable lengths. Syntax show copper-ports tdr [interface] • interface — A valid Ethernet port.
2CSNXXX_SWUM204.book Page 2010 Monday, January 25, 2016 1:25 PM Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 OK Short 50 13:32:00 23 July 2004 Test has not been performed Open 128 13:32:08 23 July 2004 Fiber - show fiber-ports optical-transceiver Use the show fiber-ports optical-transceiver command in Privileged Exec mode to display the optical transceiver diagnostics. Syntax show fiber-ports optical-transceiver [interface] • interface — A valid fiber port.
2CSNXXX_SWUM204.book Page 2011 Monday, January 25, 2016 1:25 PM test copper-port tdr Use the test copper-port tdr command in Privileged Exec mode to diagnose with Time Domain Reflectometry (TDR) technology the quality and characteristics of a copper cable attached to a 1GBaseT or 10GBaseT port. Syntax test copper-port tdr interface • interface — A valid Ethernet port. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines.
2CSNXXX_SWUM204.book Page 2012 Monday, January 25, 2016 1:25 PM Power Over Ethernet Commands Dell Networking N1500P/N2000P/N3000P Series Switches The Dell Networking PoE solution implements the PoE+ specification (IEEE 802.3at) for power sourcing equipment (PSE). IEEE 802.3at allows power to be supplied to Class 4 PD devices that require power greater than 15.4 Watts and up to 34.2 Watts.
2CSNXXX_SWUM204.book Page 2013 Monday, January 25, 2016 1:25 PM The Dell Networking PoE solution also provides a global usage threshold feature in order to limit the PoE switch from reaching an overload condition. The operator can specify the limit as a percentage of the maximum power. NOTE: PoE commands are only applicable to copper ports.
2CSNXXX_SWUM204.book Page 2014 Monday, January 25, 2016 1:25 PM User Guidelines Auto enables the switch to deliver power to the powered device. The power inline management parameter should be set to class-based mode to enable power negotiation via LLDP-MED.. Default Value The default value is auto, that is, device discovery is enabled and the port is capable of delivering power.
2CSNXXX_SWUM204.book Page 2015 Monday, January 25, 2016 1:25 PM power inline four-pair forced Use this command to force 4-pair power feed on an interface. Use the no form of the command to use the default 2-pair power feed. Syntax power inline four-pair forced no power inline four-pair forced Default Configuration The default power feed is high-power (34.2W).
2CSNXXX_SWUM204.book Page 2016 Monday, January 25, 2016 1:25 PM power inline high-power Use this command to enable high power mode. Use the no form of this command to disable high power mode. Syntax power inline high-power no power inline high-power Default Configuration High power is enabled by default. Command Mode Interface Configuration.
2CSNXXX_SWUM204.book Page 2017 Monday, January 25, 2016 1:25 PM • class—Class-based power management • unit-id—A stack unit ID. Default Configuration Default management is dynamic.
2CSNXXX_SWUM204.book Page 2018 Monday, January 25, 2016 1:25 PM the show power inline command shows the actual reported power draw and does not take into account the class reserved power. Configure the powered device to send LLDP-MED packets in this mode. It may take up to 60 seconds to power up a device in class based management mode as LLDPMED packets need to be exchanged in order to configure the desired power.
2CSNXXX_SWUM204.book Page 2019 Monday, January 25, 2016 1:25 PM Model Name System Power Maximum Dissipation PoE Power Budget Limit One PSU Maximum PSU output ability N3024P 110W 715W POE+ power turn on limitation Power budget is 550W Two PSUs Maximum PSUs output ability 715W The total POE supplied power cannot exceed 950W. N3048P 140W 1100W Power budget is 950W 1000W Power budget is 850W 2200W 1000W Power budget is 850W The total POE supplied power cannot exceed 850W.
2CSNXXX_SWUM204.book Page 2020 Monday, January 25, 2016 1:25 PM N1524P 40W 600W Power budget is 500W 1600W The total PoE supplied power must not exceed 500W. N1548P 62W 600W Power budget is 500W The total PoE supplied power must not exceed 850W. Power budget is 1350W All PoE+ ports can supply maximum power. 1600W Power budget is 1350W The total PoE supplied power must not exceed 1350W. Assuming a maximum current draw of 31.
2CSNXXX_SWUM204.book Page 2021 Monday, January 25, 2016 1:25 PM • For Class 3 device: 15.4 watts • For Class 4 device: User defined power limit Class Based Power Management Mode In this mode, the dynamic guard band for the port being powered up is: • For Class 0 device: User defined power limit • For Class 1 device: 4 Watts • For Class 2 device: 7 Watts • For Class 3 device: 15.4 Watts • For Class 4 AF/AT device: If AF device, it is 15.4 Watts.
2CSNXXX_SWUM204.book Page 2022 Monday, January 25, 2016 1:25 PM Port Configuration ================== power inline powered-device The power inline powered-device command adds a comment or description of the powered device type to enable the user to remember what is attached to the interface. To remove the description, use the no form of this command. Syntax power inline powered-device pd-type no power inline powered-device • pd-type — Specifies the type of powered device attached to the interface.
2CSNXXX_SWUM204.book Page 2023 Monday, January 25, 2016 1:25 PM Syntax power inline priority {critical | high | low} no power inline priority Command Mode Interface Configuration (Ethernet). User Guidelines Priority is always enabled for all ports. If all ports have equal priority in an overload condition, the switch will shut down the lowest numbered ports first.
2CSNXXX_SWUM204.book Page 2024 Monday, January 25, 2016 1:25 PM power inline usage-threshold The power inline usage-threshold command configures the system power usage threshold level at which lower priority ports are disconnected. The threshold is configured as a percentage of the total available power. Use the no form of the command to set the threshold to the default value.
2CSNXXX_SWUM204.book Page 2025 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Modes Privileged Exec User Guidelines This command has no user guidelines. show power inline Use the show power inline command to report current PoE configuration and status. If no port is specified, the command displays global configuration and status of all the ports. If a port is specified, then the command displays the details for the single port.
2CSNXXX_SWUM204.book Page 2026 Monday, January 25, 2016 1:25 PM Overload Counter............................... Short Counter ................................. Denied Counter................................. Absent Counter................................. Invalid Signature Counter...................... Output Volts................................... Output Current................................. Temperature....................................
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 2028 Monday, January 25, 2016 1:25 PM RMON Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches The Dell Networking SNMP component includes an RMON (remote monitoring) agent. RMON is a base technology used by network management applications to manage a network. Troubleshooting and network planning can be accomplished through the network management applications.
2CSNXXX_SWUM204.book Page 2029 Monday, January 25, 2016 1:25 PM Syntax rmon alarm number variable interval {delta | absolute} rising-threshold value [event-number] falling-threshold value [event-number] [owner string] [startup direction] no rmon alarm number • number—The alarm index. (Range: 1–65535) • variable—A fully qualified SNMP object identifier that resolves to a particular instance of a MIB object.
2CSNXXX_SWUM204.book Page 2030 Monday, January 25, 2016 1:25 PM Default Configuration No alarms are configured. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures the following alarm conditions: • Alarm index — 1 • Variable identifier — 1.3.6.1.2.1.2.2.1.10.
2CSNXXX_SWUM204.book Page 2031 Monday, January 25, 2016 1:25 PM • owner ownername — Records the RMON statistics group owner name. If unspecified, the name is an empty string. • buckets bucket-number — A value associated with the number of buckets specified for the RMON collection history group of statistics. If unspecified, defaults to 50. (Range: 1 - 65535) • interval seconds — The number of seconds in each polling cycle. If unspecified, defaults to 1800.
2CSNXXX_SWUM204.book Page 2032 Monday, January 25, 2016 1:25 PM • number—The event index. (Range: 1–65535) • log—An entry is made in the log table for each event. • trap—An SNMP trap is sent to one or more management stations. • community—If an SNMP trap is to be sent, it is sent to the SNMP community specified by this octet string. (Range: 0-127 characters) • description—A comment describing this event. (Range 0-127 characters) • owner—Enter a name that specifies who configured this event.
2CSNXXX_SWUM204.book Page 2033 Monday, January 25, 2016 1:25 PM • variable—The MIB object to monitor. May be fully qualified or relative. Only variables that resolve to an ASN.1 primitive type of INTEGER are allowed. • interval—The interval in seconds over which the data is sampled and compared with the rising and falling thresholds. (Range: 1– 2147483647. The default is 1 second.) • absolute—Specifies to use a fixed value for the threshold (Default value).
2CSNXXX_SWUM204.book Page 2034 Monday, January 25, 2016 1:25 PM Example console(config)# rmon hcalarm 2 ifInOctets.1 30 absolute rising-threshold high 2147483648 falling-threshold high -2147483648 startup rising owner "dell-owner" show rmon alarm Use the show rmon alarm command in User Exec mode to display alarm configuration. Also see the rmon alarm command. Syntax show rmon alarm number • number — Alarm index. (Range: 1–65535) Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 2035 Monday, January 25, 2016 1:25 PM Field Description Alarm Alarm index. OID Monitored variable OID. Last Sample Value The statistic value during the last sampling period. For example, if the sample type is delta, this value is the difference between the samples at the beginning and end of the period. If the sample type is absolute, this value is the sampled value at the end of the period.
2CSNXXX_SWUM204.book Page 2036 Monday, January 25, 2016 1:25 PM show rmon alarms Use the show rmon alarms command in User Exec mode to display the alarms summary table. Syntax show rmon alarms Default Configuration This command has no arguments or keywords. Command Mode User Exec, Privileged Exec modes, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 2037 Monday, January 25, 2016 1:25 PM show rmon collection history Use the show rmon collection history command in User Exec mode to display the requested group of statistics. Also see the rmon collection history command. Syntax show rmon collection history [{gigabitethernet unit/slot/port | port-channel port-channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 2038 Monday, January 25, 2016 1:25 PM 2 Gi1/0/1 1800 50 50 Manager show rmon events Use the show rmon events command in User Exec mode to display the RMON event table. Also see the rmon event command. Syntax show rmon events Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 2039 Monday, January 25, 2016 1:25 PM console> show rmon events Index Description Type Community ----- ---------------------1 Errors Log CLI 2 High Broadcast Log-Trap switch Owner ------ Last time sent ------------------Jan 18 2005 23:58:17 Manager Jan 18 2005 23:59:48 show rmon hcalarm Use the show rmon hcalarm command to display high capacity (64-bit) alarms configured with the rmon hcalarm command.
2CSNXXX_SWUM204.book Page 2040 Monday, January 25, 2016 1:25 PM Falling Threshold Status: Positive Rising Event: 1 Falling Event: 2 Startup Alarm: Rising Owner: dell-owner console#show rmon hcalarms Index OID Owner ---------------------------------------------2 ifInOctets.1 dell-owner show rmon history Use the show rmon history command in User Exec mode to display RMON Ethernet Statistics history. Also see the rmon collection history command.
2CSNXXX_SWUM204.book Page 2041 Monday, January 25, 2016 1:25 PM Field Description Time Date and Time the entry is recorded. Octets The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including FCS octets). Packets The number of packets (including bad packets) received during this sampling interval. Broadcast The number of good packets received during this sampling interval that were directed to the Broadcast address.
2CSNXXX_SWUM204.book Page 2042 Monday, January 25, 2016 1:25 PM Field Description Jabbers The number of packets received during this sampling interval that were longer than 1518 octets (excluding framing bits but including FCS octets), and had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error).
2CSNXXX_SWUM204.book Page 2043 Monday, January 25, 2016 1:25 PM console> show rmon history 1 other Sample Set: 1 Owner: Me Interface: Gi1/0/1 Interval: 1800 Requested samples: 50 Granted samples: 50 Maximum table size: 270 Time Dropped Collisions ----------------------------- ----------10-Mar-2005 22:06:00 3 0 10-Mar-2005 22:06:20 3 0 show rmon log Use the show rmon log command in User Exec mode to display the RMON logging table. Syntax show rmon log [event] • event — Event index.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 2045 Monday, January 25, 2016 1:25 PM Field Description Octets The total number of octets of data (including those in bad packets) received on the network (excluding framing bits but including FCS octets). Packets The total number of packets (including bad packets, Broadcast packets, and Multicast packets) received. Broadcast The total number of good packets received and directed to the Broadcast address. This does not include Multicast packets.
2CSNXXX_SWUM204.book Page 2046 Monday, January 25, 2016 1:25 PM Field Description 65 to 127 Octets The total number of packets (including bad packets) received that are between 65 and 127 octets in length inclusive (excluding framing bits but including FCS octets). 128 to 255 Octets The total number of packets (including bad packets) received that are between 128 and 255 octets in length inclusive (excluding framing bits but including FCS octets).
2CSNXXX_SWUM204.book Page 2047 Monday, January 25, 2016 1:25 PM Serviceability Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Debug commands cause the output of the enabled trace to display on a serial port or telnet console. Note that the output resulting from enabling a debug trace always displays on the serial port. The output resulting from enabling a debug trace displays on all login sessions for which any debug trace has been enabled.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 2049 Monday, January 25, 2016 1:25 PM User Guidelines Debug commands should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred by enabling debug output. debug arp Use the debug arp command to enable tracing of ARP packets. Use the no form of this command to disable tracing of ARP packets. Use of the optional vrf parameter executes the command within the context of the VRF specific routing table.
2CSNXXX_SWUM204.book Page 2050 Monday, January 25, 2016 1:25 PM Example console#debug arp debug authentication interface Use this command to enable Authentication Manager debug traces for the interface.Use the no form of this command to set the debug trace to factory default value. Syntax debug authentication {event | all} interface-id no debug authentication {event | all} interface-id • event—Traces Authentication Manager debug events. • all—Enables all Authentication Manager debugs.
2CSNXXX_SWUM204.book Page 2051 Monday, January 25, 2016 1:25 PM Syntax debug auto-voip [ H323 | SCCP | SIP ] no debug auto-voip [ H323 | SCCP | SIP ] Default Configuration Auto VOIP tracing is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug.
2CSNXXX_SWUM204.book Page 2052 Monday, January 25, 2016 1:25 PM User Guidelines Debug commands should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred by enabling debug output. Example console# configure console(config)# vlan 100 console(config-vlan100)# exit console(config)# interface vlan 100 console(config-if-vlan100)# bfd interval 100 min_rx 100 multiplier 5 debug cfm Use the debug cfm command in Privileged Exec mode to enable CFM debugging.
2CSNXXX_SWUM204.book Page 2053 Monday, January 25, 2016 1:25 PM User Guidelines Debug commands should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred by enabling debug output. Example The following examples enables display of CFM events on the console. console#debug cfm event debug clear Use the debug clear command to disable all debug traces. Syntax debug clear Default Configuration There is no default configuration for this command.
2CSNXXX_SWUM204.book Page 2054 Monday, January 25, 2016 1:25 PM Syntax debug console Default Configuration Display of debug traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug console debug crashlog Use this command to display the crash log contents on the console.
2CSNXXX_SWUM204.book Page 2055 Monday, January 25, 2016 1:25 PM • item-number— • add-param— Default Configuration By default, this command displays all crash logs for the specified index. Command Modes Privileged Exec mode, User Config mode, all show modes User Guidelines There are no user guidelines for this command. Command History Introduced in version 6.2.0.1 firmware. Example This example displays the most recent crash log for the stack master.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 2058 Monday, January 25, 2016 1:25 PM Example This example enables DHCP client packet tracing for both transmit and receive flows. console#debug dhcp packet The second example is for transmit flow. console#debug dhcp packet transmit The third example is for receive flow. console#debug dhcp packet receive debug dhcp server packet Use thi command to trace DHCPv4 packets to and from the local DHCPv4 server. To disable debugging, use the no form of this command.
2CSNXXX_SWUM204.book Page 2059 Monday, January 25, 2016 1:25 PM debug dot1ag Use this command to enable or disable the tracing of CFM components for events and CFM PDUs based on the type of packet for reception and transmission. Syntax debug dot1ag {all | ccm | events | lbm | lbr | ltm | ltr | pdu} no debug dot1ag {all | ccm | events | lbm | lbr | ltm | ltr | pdu} • all—Traces CCM, LBM, LBR, LTM, LTRs.
2CSNXXX_SWUM204.book Page 2060 Monday, January 25, 2016 1:25 PM console# console#debug dot1ag events Dot1ag events tracing enabled. console# console#debug dot1ag ccm Dot1ag CCM tracing enabled. console# console#no debug dot1ag ccm Dot1ag CCM tracing disabled. debug dot1x Use the debug dot1x command to enable dot1x packet tracing. Use the “no” form of this command to disable dot1x packet tracing.
2CSNXXX_SWUM204.book Page 2061 Monday, January 25, 2016 1:25 PM Example console#debug dot1x packet debug igmpsnooping Use the debug igmpsnooping to enable tracing of IGMP Snooping packets transmitted and/or received by the switch. IGMP Snooping should be enabled on the device and the interface in order to monitor packets for a particular interface.
2CSNXXX_SWUM204.book Page 2062 Monday, January 25, 2016 1:25 PM no debug ip acl acl • acl — The number of the IP ACL to debug. Default Configuration Display of IP ACL traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug.
2CSNXXX_SWUM204.book Page 2063 Monday, January 25, 2016 1:25 PM • ipv6-address [interface interface-name]—The IPv6 address of a BGP • events—(Optional) Trace adjacency state events. • keepalives—(Optional) Trace transmit and receive of KEEPALIVE packets. • notification—(Optional) Trace transmit and receive of NOTIFICATION packets. • open—(Optional) Trace transmit and receive of OPEN packets. • refresh—(Optional) Traces transmit and receive of ROUTE REFRESH packets.
2CSNXXX_SWUM204.book Page 2064 Monday, January 25, 2016 1:25 PM If the vrf-name is specified, information pertaining to that VRF is displayed. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Example console#debug ip bgp 10.27.21.142 events debug ip dvmrp Use the debug ip dvmrp to trace DVMRP packet reception and transmission. The receive option traces only received DVMRP packets and the transmit option traces only transmitted DVMRP packets.
2CSNXXX_SWUM204.book Page 2065 Monday, January 25, 2016 1:25 PM debug ip igmp Use the debug ip igmp command to trace IGMP packet reception and transmission. The receive option traces only received IGMP packets and the transmit option traces only transmitted IGMP packets. When neither keyword is used in the command, then all IGMP packet traces are dumped.
2CSNXXX_SWUM204.book Page 2066 Monday, January 25, 2016 1:25 PM information such as source address, destination address, packet length, and the interface on which the packet is received or transmitted is displayed on the console. Use the “no” form of this command to disable MDATA tracing. Syntax debug ip mcache packet [ receive | transmit ] no debug ip mcache packet [ receive | transmit ] Default Configuration Display of MDATA traces is disabled by default. Command Mode Privileged Exec mode.
2CSNXXX_SWUM204.book Page 2067 Monday, January 25, 2016 1:25 PM no debug ip pimdm packet [ receive | transmit ] Default Configuration Display of PIMDM traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug.
2CSNXXX_SWUM204.book Page 2068 Monday, January 25, 2016 1:25 PM User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug ip pimsm packet debug ip vrrp Use the debug ip vrrp command to enable VRRP debug protocol messages. Use the “no” form of this command to disable VRRP debug protocol messages.
2CSNXXX_SWUM204.book Page 2069 Monday, January 25, 2016 1:25 PM debug ipv6 dhcp Use the debug ipv6 dhcp command in Privileged Exec mode to display debug information about DHCPv6 client activities and to trace DHCPv6 packets to and from the local DHCPv6 client. To disable debugging, use the no form of the command. Syntax debug ipv6 dhcp no debug ipv6 dhcp Default Configuration Debugging for the DHCP for IPv6 is disabled by default.
2CSNXXX_SWUM204.book Page 2070 Monday, January 25, 2016 1:25 PM Syntax debug ipv6 mcache packet [ receive | transmit ] no debug ipv6 mcache packet [ receive | transmit ] Default Configuration Display of MDATA traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug.
2CSNXXX_SWUM204.book Page 2071 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug ipv6 mld packet debug ipv6 pimdm Use the debug ipv6 pimdm command to trace PIMDMv6 packet reception and transmission.
2CSNXXX_SWUM204.book Page 2072 Monday, January 25, 2016 1:25 PM Example console#debug ipv6 pimdm packet debug ipv6 pimsm Use the debug ipv6 pimsm command to trace PIMSMv6 packet reception and transmission. The receive option traces only received PIMSMv6 packets and the transmit option traces only transmitted PIMSMv6 packets. When neither keyword is used in the command, then all PIMSMv6 packet traces are dumped.
2CSNXXX_SWUM204.book Page 2073 Monday, January 25, 2016 1:25 PM is used in the command, then all ISDP packet traces are dumped. Vital information such as source address, destination address, control packet type, packet length, and the interface on which the packet is received or transmitted is displayed on the console. Use the “no” form of this command to disable ISDP tracing.
2CSNXXX_SWUM204.book Page 2074 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug lacp packet debug mldsnooping Use the debug mldsnooping command to trace MLD snooping packet reception and transmission.
2CSNXXX_SWUM204.book Page 2075 Monday, January 25, 2016 1:25 PM User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug mldsnooping debug ospf Use the debug ospf command to enable tracing of OSPF packets received and transmitted by the switch. Use the no form of this command to disable tracing of OSPF packets.
2CSNXXX_SWUM204.book Page 2076 Monday, January 25, 2016 1:25 PM Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug ospf packet debug ospfv3 Use the debug ospfv3 command to enable tracing of OSPFv3 packets received and transmitted by the switch. Use the “no” form of this command to disable tracing of OSPFv3 packets.
2CSNXXX_SWUM204.book Page 2077 Monday, January 25, 2016 1:25 PM Use of the optional vrf parameter executes the command within the context of the VRF specific routing table. Syntax debug ping packet [vrf vrf-name] no debug ping packet • vrf-name—The name of the VRF associated with the routing table context used by the command. If no vrf is specified, the global routing table context is used. Default Configuration Display of ICMP echo traces is disabled by default. Command Mode Privileged Exec mode.
2CSNXXX_SWUM204.book Page 2078 Monday, January 25, 2016 1:25 PM Syntax debug rip packet no debug rip packet Default Configuration Display of RIP traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug rip packet debug sflow Use the debug sflow command to enable sFlow debug packet trace.
2CSNXXX_SWUM204.book Page 2079 Monday, January 25, 2016 1:25 PM User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug sflow packet debug spanning-tree Use the debug spanning-tree command to trace spanning tree BPDU packet reception and transmission. The receive option traces only received spanning tree BPDUs and the transmit option traces only transmitted BPDUs.
2CSNXXX_SWUM204.book Page 2080 Monday, January 25, 2016 1:25 PM debug udld Use the debug udld command in Privileged Exec mode to enable the display of UDLD packets or event processing. Use the no form of the command to disable debugging. Syntax debug udld {packet [receive|transmit]|events} no debug udld {packet [receive|transmit]|events} • Packet—Display transmitted and received UDLD packets. • Receive—Debug packets received by the switch. • Transmit—Debug packets transmitted by the switch.
2CSNXXX_SWUM204.book Page 2081 Monday, January 25, 2016 1:25 PM no debug vpc [{peer-keepalive [packet]| peer-link {control-message | datamessage} | peer detection | core] • peer-keepalive—Displays the debug traces for the keepalive state machine transitions. The packet option enables debug traces for the keepalive packets exchanged between the MLAG peer devices on the peer link.
2CSNXXX_SWUM204.book Page 2082 Monday, January 25, 2016 1:25 PM Syntax debug vrrp all no debug vrrp all Default Configuration The display of VRRP traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. exception core-file Use the exception core-file command to configure the core dump file name.
2CSNXXX_SWUM204.book Page 2083 Monday, January 25, 2016 1:25 PM Command Modes Global Configuration mode User Guidelines The configuration parameters are not validated when this command is entered. Use the write core test command to validate the configured parameters and that the core dump is likely to succeed. An average core file is around 450 MB.
2CSNXXX_SWUM204.book Page 2084 Monday, January 25, 2016 1:25 PM • username—The login id on the FTP server • nopassword—The user id configured on the FTP server does not require a password. • password—The user id configured on the FTP server requires a password. • file-path—The directory to prepend to the core file name. • protocol dhcp—Obtain the out-of-band port address via DHCP for core dump transfer.
2CSNXXX_SWUM204.book Page 2085 Monday, January 25, 2016 1:25 PM addresses be unique in the network. The stack master will distribute the addresses to the stack members for use on the out-of-band port only during crash dump transfer. In addition, for the purposes of transferring the core file to the server, a unique MAC address is assigned to the stack unit. Example This example enables core dumps to a TFTP server 10.27.9.1 reachable over the out-of-band port.
2CSNXXX_SWUM204.book Page 2086 Monday, January 25, 2016 1:25 PM Stack-ip-address parameters: • ipv4-address—The address used by the of the out-of-band port of the switch during crash dump transfer. • netmask —The netmask for use with the ip address for core dump transfer. • gateway —The default gateway to use on the out-of-band port for core dump transfer. • protocol dhcp—Obtain the out-of-band port address via DHCP for core dump transfer.
2CSNXXX_SWUM204.book Page 2087 Monday, January 25, 2016 1:25 PM Example This example enables core dumps to a TFTP server 10.27.9.1 reachable over the out-of-band port. The core file is written to the dumps directory and the name includes the host name of the switch and the switch TOD. console(config)#exception dump tftp-server 10.27.9.1 file-path dumps console(config)#exception core-file Core hostname time-stamp console(config)#exception protocol tftp This example enables core dumps to a USB flash drive.
2CSNXXX_SWUM204.book Page 2088 Monday, January 25, 2016 1:25 PM Default Configuration By default, switch register dumps are disabled. Command Modes Global Configuration mode User Guidelines This option should only be used under the direction of Dell support personnel. Switch registers are captured to the local file system. ip http rest-api port Use the ip http rest-api port command to configure the RESTful API to listen on the configured port.
2CSNXXX_SWUM204.book Page 2089 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.3.0.1 firmware. Example console(config)#ip http rest-api port 8081 ip http rest-api secure-port Use the ip http rest-api secure-port command to configure the RESTful API to listen on the configured port. Use the no form of the command to configure the RESTful API to listen on the default port.
2CSNXXX_SWUM204.book Page 2090 Monday, January 25, 2016 1:25 PM ip http timeout-policy Use the ip http timeout-policy command to configure the timeout policy for closing HTTP and HTTPS sessions to the local HTTP server. Syntax ip http timeout-policy idle seconds life seconds no ip http timeout-policy • seconds—For the idle parameter, the approximate number of seconds after which an idle connection is closed.
2CSNXXX_SWUM204.book Page 2091 Monday, January 25, 2016 1:25 PM Example console(config)#ip http timeout-policy idle 3600 life 86400 show debugging Use the show debugging command to display packet tracing configurations. Syntax show debugging no show debugging Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines Enabled packet tracing configurations are displayed.
2CSNXXX_SWUM204.book Page 2092 Monday, January 25, 2016 1:25 PM show exception Use the show exception command to display the core dump configuration parameters, the current or previous exception log, or the core dump file listing. Syntax show exception [log [previous] | core-dump-file] • log—Display the current exception log. • log previous—Display the previous exception log. • core-dump-file—Display the core-dump file listing. Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 2093 Monday, January 25, 2016 1:25 PM Parameter Description File path File path for TFTP or FTP server Protocol Exception protocol (TFTP, USB, Core default none). Switch-chip-register Include register dump (True or False) Compression mode Compress core file (True or False) Stack IP Address Protocol Obtain switch IP address (DHCP or Static) Example The following example shows the default core transfer values. console(config)#show exception Coredump file name............
2CSNXXX_SWUM204.book Page 2094 Monday, January 25, 2016 1:25 PM Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC and Global Configuration User Guidelines There are no user guidelines for this command. Command History Introduced in version 6.3.0.1 firmware. Example console#show ip http HTTP Mode (Unsecure)........................... Java Mode...................................... HTTP Port......................................
2CSNXXX_SWUM204.book Page 2095 Monday, January 25, 2016 1:25 PM Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC and Global Configuration User Guidelines There are no user guidelines for this command. Command History Introduced in version 6.3.0.1 firmware.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 2099 Monday, January 25, 2016 1:25 PM DELL-MULTICAST-MIB IPMROUTE-STD-MIB MGMD-STD-MIB DELL-NSF-MIB configure RFC 2465 - IPV6-MIB RFC 2466 - IPV6-ICMP-MIB RFC 3419 - TRANSPORT-ADDRESS-MIB DELL-ROUTING6-MIB DELL-DHCP6SERVER-PRIVATE-MIB DELL-IPV6-LOOPBACK-MIB DELL-IPV6-TUNNEL-MIB Dell-LAN-SYSMNG-MIB Dell-LAN-TRAP-MIB Dell-Vendor-MIB The MIB definitions for Multicast Routing Flex package.
2CSNXXX_SWUM204.book Page 2100 Monday, January 25, 2016 1:25 PM Command Mode Support mode User Guidelines This command has no user guidelines. Command History Introduced in version 6.2.0.1 firmware. write core Use the write core command to generate a core file on demand and either reboot the switch or test the core file configuration. Syntax write core [test [dest-file-name]] • dest-file-name — The file name used if a tftp-server is configured with the exception dump tftp-server command.
2CSNXXX_SWUM204.book Page 2101 Monday, January 25, 2016 1:25 PM server can be contacted. Similarly, if the protocol is configured as usb, it mounts and unmounts the file system and then informs the administrator regarding the status. Example console#write core The system has unsaved changes. Would you like to save them now? (y/n) n Configuration Not Saved! This operation will reboot the device. Are you sure you want to create coredump? (y/n).
2CSNXXX_SWUM204.book Page 2102 Monday, January 25, 2016 1:25 PM Sflow Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches sFlow® is the standard for monitoring high-speed switched and routed networks. sFlow technology is built into network equipment and gives complete visibility into network activity, enabling effective management and control of network resources.
2CSNXXX_SWUM204.book Page 2103 Monday, January 25, 2016 1:25 PM Syntax sflow rcvr_index destination { ip-address [ port ] | maxdatagram size | owner "owner_string" {notimeout|timeout rcvr_timeout} no sflow rcvr_index destination [ip-address | maxdatagram | owner ] • rcvr_index — The index of this sFlow Receiver (Range: 1–8). • ip-address — The sFlow receiver IP address. If set to 0.0.0.0, no sFlow datagrams will be sent.
2CSNXXX_SWUM204.book Page 2104 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration mode. User Guidelines An sflow destination entry must have an owner assigned in order for polling or sampling to be operational. The last set of command parameters are optional in the no form of the command. Sflow commands with a timeout value supplied do not show in the running config. Because the timer is actively running, the command is ephemeral and is therefore not shown in the running config.
2CSNXXX_SWUM204.book Page 2105 Monday, January 25, 2016 1:25 PM Default Configuration There are no pollers configured by default. The default poll interval is 0. Command Mode Global Configuration mode. User Guidelines The sflow instance must be configured using the sflow destination owner command before this command can successfully execute.
2CSNXXX_SWUM204.book Page 2106 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example console(config-if-Gi1/0/2)#sflow 1 polling 6055 sflow sampling Use the sflow sampling command to enable a new sflow sampler instance for this data source if rcvr_idx is valid. An sflow sampler collects flow samples to send to the receiver. Use the “no” form of this command to reset sampler parameters to the default.
2CSNXXX_SWUM204.book Page 2107 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration mode. User Guidelines Lower sampling numbers cause more samples to be collected and increase the load on the CPU. Setting a sampling rate of 1024 on a large number of ports may tax the CPU beyond it's ability to deliver the packets to the receiver. Lowering the sampling rate (higher numerical value) will help to ensure that all collected samples can be sent to the receiver.
2CSNXXX_SWUM204.book Page 2108 Monday, January 25, 2016 1:25 PM Default Configuration There are no samplers configured by default. The default sampling rate is 0. The default maximum header size is 128. Command Mode Interface Configuration (Ethernet) mode User Guidelines Lower sampling numbers cause more samples to be collected and increase the load on the CPU. Setting a sampling rate of 1024 on a large number of ports may tax the CPU beyond it's ability to deliver the packets to the receiver.
2CSNXXX_SWUM204.book Page 2109 Monday, January 25, 2016 1:25 PM sFlow Version Uniquely identifies the version and implementation of this MIB. The version string must have the following structure: MIB Version; Organization; Software Revision where: MIB Version: 1.3, the version of this MIB. Organization: Dell Corp. Revision: 1.0 IP Address The IP address associated with this agent. Example console#show sflow agent sFlow Version.......................... 1.3;Dell Inc.;10.23.18.28 IP Address..............
2CSNXXX_SWUM204.book Page 2110 Monday, January 25, 2016 1:25 PM Time Out The time (in seconds) remaining before the receiver is released and stops sending samples to sFlow receiver. Max Datagram Size The maximum number of bytes that can be sent in a single sFlow datagram. Port The destination Layer4 UDP port for sFlow datagrams. Example console(config)#show sflow 1 destination Receiver Index................................. Owner String................................... Time out.....................
2CSNXXX_SWUM204.book Page 2111 Monday, January 25, 2016 1:25 PM Poller Data Source The sFlowDataSource (unit/slot/port) for this sFlow sampler. This agent will support Physical ports only. Receiver Index The sFlowReceiver associated with this sFlow counter poller. Poller Interval The number of seconds between successive samples of the counters associated with this data source.
2CSNXXX_SWUM204.book Page 2112 Monday, January 25, 2016 1:25 PM Sampler Data Source The sFlowDataSource (unit/slot/port) for this sFlow sampler. This agent will support Physical ports only. Receiver Index The sFlowReceiver configured for this sFlow sampler. Packet Sampling Rate The statistical sampling rate for packet sampling from this source. Max Header Size The maximum number of bytes that should be copied from a sampled packet to form a flow sample.
2CSNXXX_SWUM204.book Page 2113 Monday, January 25, 2016 1:25 PM SNMP Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches The SNMP component provides a machine-to-machine interface for the Dell Networking product family. This includes the ability to configure the network device, view settings and statistics, and upload or download code or configuration images.
2CSNXXX_SWUM204.book Page 2114 Monday, January 25, 2016 1:25 PM show snmp Use the show snmp command in Privileged Exec mode to display the SNMP communications status. Syntax show snmp Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the SNMP communications status.
2CSNXXX_SWUM204.book Page 2115 Monday, January 25, 2016 1:25 PM Version 3 notifications Target Address Type Username Security Level -------------- ----- -------- -------192.122.173.42 Inform Bob Priv System Contact: Robert System Location: Marketing Source Interface: Default UDP Port ---162 Filter name -----filt31 TO Retries Sec --- -----15 3 show snmp engineid Use the show snmp engineid command in Privileged Exec mode to display the ID of the local Simple Network Management Protocol (SNMP) engine.
2CSNXXX_SWUM204.book Page 2116 Monday, January 25, 2016 1:25 PM • filtername — Specifies the name of the filter. (Range: 1-30) Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines Per RFC 2573, an implicit exclude all filter is present at the beginning of every filter list. This implicit filter is not shown in the output of this command.
2CSNXXX_SWUM204.book Page 2117 Monday, January 25, 2016 1:25 PM • groupname — Specifies the name of the group. (Range: 1-30) Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines The group name accepts any printable characters except a question mark. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 2120 Monday, January 25, 2016 1:25 PM ----------- ----------------------- --------- user-view1 1.3.6.1.2.1.1 Included user-view1 1.3.6.1.2.1.1.7 Excluded user-view2 1.3.6.1.2.1.2.2.1.*.1 Included show trapflags Use the show trapflags command in Privileged Exec mode to display the trap settings. Syntax show trapflags [vrf {vrf-name}][ospf|ospfv3|captive-portal] • vrf-name—The name of an existing VRF instance. • ospf—Display OSPFv2 specific trap settings.
2CSNXXX_SWUM204.book Page 2121 Monday, January 25, 2016 1:25 PM Mbuf Threshold Flag............................ CPU Threshold Flag............................. Spanning Tree Flag............................. PoE Traps...................................... VRRP trap...................................... ACL Traps...................................... BGP Traps...................................... DVMRP Traps.................................... OSPFv2 Traps................................... PIM Traps......
2CSNXXX_SWUM204.book Page 2122 Monday, January 25, 2016 1:25 PM • ipaddress—Specifies the IP address of the management station. If no IP address is specified, all management stations are permitted. Both IPv4 and IPv6 addresses are accepted. • view-name—Specifies the name of a previously defined view. For information on views, see the User Guidelines below. (Range: 1-30 characters) Default Configuration No community is defined. Default to read–only access if not specified.
2CSNXXX_SWUM204.book Page 2123 Monday, January 25, 2016 1:25 PM snmp-server community-group Use the snmp-server community-group command in Global Configuration mode to map the internal security name for SNMP v1 and SNMP v2 security models to the group name. To remove the specified community string, use the no form of this command.
2CSNXXX_SWUM204.book Page 2124 Monday, January 25, 2016 1:25 PM snmp-server contact Use the snmp-server contact command in Global Configuration mode to set up a system contact (sysContact) string. To remove the system contact information, use the no form of the command. Syntax snmp-server contact text no snmp-server contact • text — Character string, 0 to 160 characters, describing the system contact information. Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 2126 Monday, January 25, 2016 1:25 PM • port-security—Enable traps on port security violations. • port-security trap-rate—Configure the interval at which port security traps are issued. Range 1-1000000 seconds. Default 30 seconds. • buffers—Enables sending of a trap on the internal message buffer count exceeding the rising threshold. • cpu threshold—Enables sending of a trap on the CPU occupancy exceeding the rising threshold.
2CSNXXX_SWUM204.book Page 2127 Monday, January 25, 2016 1:25 PM User Guidelines Use the command with no parameters to globally enable sending of traps. Use the no form of the command with no parameters to globally disable sending of traps without changing the configured traps. Refer to the description of the global configuration mode buffer command for setting the rising and falling thresholds for the sending of the message buffer trap.
2CSNXXX_SWUM204.book Page 2128 Monday, January 25, 2016 1:25 PM spanning-tree vrf vrrp Configure spanning tree traps. Specify VPN Routing/Forwarding instance. Enable/Disable VRRP trap. snmp-server engineID local Use the snmpserver engineID local command in Global Configuration mode to specify the Simple Network Management Protocol (SNMP) engine ID on the local device. To remove the configured engine ID, use the no form of this command.
2CSNXXX_SWUM204.book Page 2129 Monday, January 25, 2016 1:25 PM 2 For stackable systems, configure your own EngineID, and verify that is unique within your administrative domain. Changing the value of the snmpEngineID has important side-effects. A user's password (entered on the command line) is converted to an MD5 or SHA security digest. This digest is based on both the password and the local engine ID. The command line password is then deleted and is not stored on the switch, as required by RFC 2274.
2CSNXXX_SWUM204.book Page 2130 Monday, January 25, 2016 1:25 PM Default Configuration No filter entry exists. Command Mode Global Configuration mode User Guidelines An SNMP server filter identifies the objects to be included or excluded from notifications sent to a server per RFC 2573 Section 6 "Notification Filtering." This command can be entered multiple times for the same filter record. Later lines take precedence when an object identifier is included in two or more lines.
2CSNXXX_SWUM204.book Page 2131 Monday, January 25, 2016 1:25 PM Syntax snmp-server group groupname { v1 | v2 | v3 { noauth | auth | priv } [ notify notifyview ] } [ context contextname ] [ read readview ] [ write writeview ] no snmp-server group groupname { v1 | v2 | v3 { noauth | auth | priv } } [ context contextname ] • groupname — Specifies the name of the group. (Range: 1-30 characters.) • v1 — Indicates the SNMP Version 1 security model. • v2 — Indicates the SNMP Version 2 security model.
2CSNXXX_SWUM204.book Page 2132 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration Mode User Guidelines View-name should be an existing view created using the snmp-server view command. If there are multiple records with the same view-name, then the argument specified in this command points to first view-name in the table.
2CSNXXX_SWUM204.book Page 2133 Monday, January 25, 2016 1:25 PM • seconds—Number of seconds to wait for an acknowledgment before resending informs. The default is 15 seconds. (Range: 1-300.) • retries—Maximum number of times to resend an inform request. The default is 3 attempts. (Range: 0-255 characters.) • port—UDP port of the host to use. The default is 162. (Range: 1-65535.) • filtername— A string that is the name of the filter that defines the filter for this host.
2CSNXXX_SWUM204.book Page 2134 Monday, January 25, 2016 1:25 PM Syntax snmp-server location text no snmp-server location • text — Character string describing the system location. (Range: 1 to 255 characters.) Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The location string may contain embedded blanks if enclosed in quotes. Any printable character is allowed in the string.
2CSNXXX_SWUM204.book Page 2135 Monday, January 25, 2016 1:25 PM • groupname — Specifies the name of the group to which the user belongs. (Range: 1-40 characters.) • engineid-string — Specifies the engine ID of the remote SNMP entity to which the user belongs. The engine ID is a concatenated hexadecimal string. Each byte in the hexadecimal character string is two hexadecimal digits.
2CSNXXX_SWUM204.book Page 2136 Monday, January 25, 2016 1:25 PM • aes-key— Advanced Encryption Standard. Enter a pre-generated AES key of the appropriate length (128 or 256 bits). An AES 128 bit key is 32 hexadecimal characters in length. Default Configuration No user entry exists.
2CSNXXX_SWUM204.book Page 2137 Monday, January 25, 2016 1:25 PM • view-name — Specifies the label for the view record that is being created or updated. The name is used to reference the record. (Range: 1-30 characters.) • oid-tree — Specifies the object identifier of the ASN.1 subtree to be included or excluded from the view. To identify the subtree, specify a text string consisting of numbers, such as 1.3.6.2.4, or a word, such as system.
2CSNXXX_SWUM204.book Page 2138 Monday, January 25, 2016 1:25 PM console(config)#snmp-server view "A beautiful view!" 1.1.2.1 included snmp-server v3-host Use the snmp-server v3-host command in Global Configuration mode to specify the recipient of Simple Network Management Protocol Version 3 (SNMPv3) notifications. To remove the specified host, use the no form of this command.
2CSNXXX_SWUM204.book Page 2139 Monday, January 25, 2016 1:25 PM • filtername — A string that is the name of the filter that define the filter for this host. If unspecified, does not filter anything. (Range: 1-30 characters.) Default Configuration The default configuration is 3 retries and 15 seconds timeout. Command Mode Global Configuration mode User Guidelines The username can include any printable characters except a question mark.
2CSNXXX_SWUM204.book Page 2140 Monday, January 25, 2016 1:25 PM • vlan-id — A VLAN identifier. Default Configuration By default, the switch uses the assigned switch IP address as the source IP address for SNMP packets. This is either the IP address assigned to the VLAN from which the SNMP packet originates or the out-of-band interface IP address. Command Mode Global Configuration User Guidelines The source interface must have an assigned IP address (either manually or via another method such as DHCP).
2CSNXXX_SWUM204.book Page 2141 Monday, January 25, 2016 1:25 PM SupportAssist Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches The commands in this section enable configuration of Dell SupportAssist.
2CSNXXX_SWUM204.book Page 2142 Monday, January 25, 2016 1:25 PM User Guidelines Messages are shown for both the accept and reject use cases with information directing the user to URLs for further information. If the user rejects or has not yet accepted the EULA, the configuration mode for the specified service will not be usable. If there is existing configuration for that feature, the configuration will not be removed but the feature will be disabled. This command can be executed multiple times.
2CSNXXX_SWUM204.book Page 2143 Monday, January 25, 2016 1:25 PM downloading SupportAssist on behalf of a company or other legal entity, you are further certifying to Dell that you have appropriate authority to provide this consent on behalf of that entity. If you do not consent to the collection, transmission and/or use of the Collected Data, you may not download, install or otherwise use SupportAssist.
2CSNXXX_SWUM204.book Page 2144 Monday, January 25, 2016 1:25 PM Command Mode Support Assist Configuration User Guidelines This information is transmitted to Dell if the Dell SupportAssist service is enabled. This command can be executed multiple times. It overwrites the previous information each time. The collected information is stored in the runningconfig. The administrator must write the configuration in order to persist it across reboots. Command History Introduced in version 6.3.0.1 firmware.
2CSNXXX_SWUM204.book Page 2145 Monday, January 25, 2016 1:25 PM • phone—The complete phone number. Maximum of 23 printable characters. • preferred-method—The preferred method of contact. May be either email or phone. Default Configuration No contact person information is populated by default. Command Mode Support Asisst Configuration User Guidelines The email address must conform to RFC 5322 sections 3.2.3 and 3.4.1 and RFC 5321.
2CSNXXX_SWUM204.book Page 2146 Monday, January 25, 2016 1:25 PM Syntax enable no enable Default Configuration By default, the default server is enabled. It may be disabled using the no enable form of the command. Command Mode Support Assist Configuration User Guidelines Only one Dell SupportAssist server may be enabled. If contact with the server fails, the switch sleeps for the quiet period (default 1 hour) before attempting contact again. Command History Introduced in version 6.3.0.1 firmware.
2CSNXXX_SWUM204.book Page 2147 Monday, January 25, 2016 1:25 PM • ipv6-address — The IPv6 address of the proxy server in IPv6 notation. • port-number — The TCP port number of the proxy server. Range 1-65535. Default 443. • userid— The user name used to log into the proxy server. • encryption-type— 0 indicates an unencrypted password. 7 indicates an encrypted password. • password— An unencrypted or encrypted password. Maximum length is 256 characters for an unencrypted password .
2CSNXXX_SWUM204.book Page 2148 Monday, January 25, 2016 1:25 PM • server-name — The server name has a maximum length of 20 characters. Any printable character may be used in the server name other than a question mark. Enclose the server name in quotes if an embedded blank is desired in the server name. Default Configuration A default server named “default” exists at URL stor.g3.ph.dell.com. This server is pre-configured and may not be removed or modified other than to disable it.
2CSNXXX_SWUM204.book Page 2149 Monday, January 25, 2016 1:25 PM Default Configuration The SupportAssist EULA is Accepted by default. Command Mode Privileged EXEC User Guidelines Acceptance of the SupportAssist EULA is enabled by default. Command History Introduced in version 6.3.0.1 firmware.
2CSNXXX_SWUM204.book Page 2150 Monday, January 25, 2016 1:25 PM show support-assist status Use the show support-assist status command to display information on Dell SupportAssist feature status including any activities, status of communication, last time communication sent, etc.. Syntax show support-assist status Default Configuration This command has no defaults. Command Mode Privileged EXEC, Global Configuration User Guidelines There are no guidelines for this command.
2CSNXXX_SWUM204.book Page 2151 Monday, January 25, 2016 1:25 PM support-assist Use the support-assist command to enable support-assist configuration mode if the EULA has been accepted. Use the no form of the command to remove the configured Dell SupportAssist information. Syntax support-assist no support-assist Default Configuration By default, a server named “default” is configured. It may be disabled by the administrator.
2CSNXXX_SWUM204.book Page 2152 Monday, January 25, 2016 1:25 PM SupportAssist EULA has not been accepted. SupportAssist cannot be configured until the SupportAssist EULA is accepted. console(config)# url Use the url command to configure the URL to reach on the Dell SupportAssist remote server. Use the no form of the command to remove the URL information.
2CSNXXX_SWUM204.book Page 2153 Monday, January 25, 2016 1:25 PM console(conf-support-assist-default)#url https://stor.g3.ph.dell.
2CSNXXX_SWUM204.book Page 2154 Monday, January 25, 2016 1:25 PM SYSLOG Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches The Dell Networking supports a centralized logging service with support for local in-memory logs, crash dump logs, and forwarding messages to syslog servers. All switch components use the logging service.
2CSNXXX_SWUM204.book Page 2155 Monday, January 25, 2016 1:25 PM <190> JAN 10 18:59:17 10.27.21.22-2 CLI_WEB[209809328]: cmd_logger_api.c(260) 369 %% [CLI:----:EIA-232] Access level of user admin has been set to 15 If enabled, the CLI command logger subsystem begins to log commands immediately after the user is authenticated. After authentication, the CLI generates an explicit message and invokes the command logger. The format of the message at login is: <189> JAN 10 18:58:56 10.27.21.
2CSNXXX_SWUM204.book Page 2156 Monday, January 25, 2016 1:25 PM Syntax clear logging Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example clears messages from the internal syslog message logging buffer. console#clear logging Clear logging buffer [y/n] clear logging file Use the clear logging file command in Privileged Exec mode to clear messages from the logging file.
2CSNXXX_SWUM204.book Page 2157 Monday, January 25, 2016 1:25 PM Example The following example shows the clear logging file command and confirmation response. console#clear logging file Clear logging file [y/n] description (Logging) Use the description command in Logging mode to describe the syslog server. Syntax description description • description — Sets the description of the syslog server. (Range: 1-64 characters.) Default Configuration This command has no default value.
2CSNXXX_SWUM204.book Page 2158 Monday, January 25, 2016 1:25 PM no level • level—The severity level for syslog messages. (Range: emergency, alert, critical, error, warning, notice, info, debug) Default Configuration The default value for level is info. Command Mode Logging mode User Guidelines After entering the view corresponding to a specific syslog server, the command can be executed to set the severity level for syslog messages. Debug level messages are intended for use by support personnel.
2CSNXXX_SWUM204.book Page 2159 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration User Guidelines See the CLI commands by using the show logging command. Example console(config)#logging cli-command console(config)#do show logging Logging is enabled Console Logging: level warnings. Console Messages: 384 Dropped. Buffer Logging: level informational. Buffer Messages: 71 Logged, File Logging: level notActive. File Messages: 385 Dropped.
2CSNXXX_SWUM204.book Page 2160 Monday, January 25, 2016 1:25 PM logging Use the logging command in Global Configuration mode to log messages to a syslog server. To delete the syslog server with the specified address from the list of syslogs, use the no form of this command. Syntax logging {ip-address | ipv6-address | hostname} [tls {anon | x509 | x509 certificate index}] no logging {ip-address | ipv6-address |hostname} • ip-address — IP address of the host to be used as a syslog server.
2CSNXXX_SWUM204.book Page 2161 Monday, January 25, 2016 1:25 PM The Dell Dell Networking uses the local7(23) facility in the syslog message by default. Syslog messages will not exceed 96 bytes in length. Syslog messages use the following format: <130>JAN0100:00:060.0.0.0-1UNKN[0x800023]:bootos.
2CSNXXX_SWUM204.book Page 2162 Monday, January 25, 2016 1:25 PM Sequence Number The message sequence number for this stack component. Sequence numbers may be skipped because of filtering but are always monotonically increasing on a per stack member basis. Message An informative message regarding the event. Example The following example configures the named server as an available SYSLOG server. console# logging Syslog-server-1.dell.
2CSNXXX_SWUM204.book Page 2163 Monday, January 25, 2016 1:25 PM no logging buffered • severity–level—(Optional) The number or name of the desired severity level. Range: – [0 | emergencies] – [1 | alerts] – [2 | critical] – [3 | errors] – [4 | warnings] – [5 | notifications] – [6 | informational] – [7 | debugging] Default Configuration The default value for level is info. Command Mode Global Configuration mode User Guidelines All the syslog messages are logged to the internal buffer.
2CSNXXX_SWUM204.book Page 2164 Monday, January 25, 2016 1:25 PM logging console Use the logging console command in Global Configuration mode to limit messages logged to the console based on severity. To disable logging to the console terminal, use the no form of this command. Syntax logging console [severity–level] no logging console • severity–level—(Optional) The number or name of the desired severity level.
2CSNXXX_SWUM204.book Page 2165 Monday, January 25, 2016 1:25 PM Example The following example limits messages logged to the console based on severity level "alert". console(config)#logging console alert logging facility Use the logging facility command in Global Configuration mode to configure the facility to be used in log messages. Syntax logging facility facility no logging facility • facility—The facility that will be indicated in the message.
2CSNXXX_SWUM204.book Page 2166 Monday, January 25, 2016 1:25 PM Syntax logging file [severity–level-number | type] no logging file • severity–level—(Optional) The number or name of the desired severity level. Range: – [0 | emergencies] – [1 | alerts] – [2 | critical] – [3 | errors] – [4 | warnings] – [5 | notifications] – [6 | informational] – [7 | debugging] Default Configuration The default severity level is error.
2CSNXXX_SWUM204.book Page 2167 Monday, January 25, 2016 1:25 PM logging monitor Use the logging monitor command in Global Configuration mode to enable logging messages to telnet and SSH sessions with the default severity level. Use the no logging monitor command to disable logging messages. Syntax logging monitor severity no logging monitor • severity—(Optional) The number or name of the desired severity level.
2CSNXXX_SWUM204.book Page 2168 Monday, January 25, 2016 1:25 PM logging on Use the logging on command in Global Configuration mode to control error messages logging. This command globally enables the sending of logging messages to the currently configured locations. To disable the sending of log messages, use the no form of this command. Syntax logging on no logging on Default Configuration Logging is enabled.
2CSNXXX_SWUM204.book Page 2169 Monday, January 25, 2016 1:25 PM Syntax logging protocol {protocol-selector} no logging protocol • protocol-selector—One of the following: – 0 – Generate RFC3164 format messages – 1 – Generate RFC5424 format messages Default Configuration Messages are logged in RFC3164 format by default. Command Modes Global Configuration mode. User Guidelines During system startup, messages are logged in RFC3164 format (e.g., in the startup persistent log).
2CSNXXX_SWUM204.book Page 2170 Monday, January 25, 2016 1:25 PM <189> DEC 20 20:45:20 10.130.182.151-1 TRAPMGR[249300304]: traputil.c(657) 6 %% Failed User Login with User ID: abcd The following example shows the logging format when logging protocol is set to 1. console(config)#logging protocol 1 console(config)# <190>1 DEC 20 20:46:20.250 10.130.182.151-1 USER_MGR[249300304]: user_mgr.c(1789) 9 %% User xyz Failed to login because of authentication failures <189>1 DEC 20 20:46:20.250 10.130.182.
2CSNXXX_SWUM204.book Page 2171 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration mode User Guidelines To see SNMP Set command logs use the show logging command. Example console(config)#logging snmp logging source-interface Use the logging source-interface command to select the interface from which to use the IP address in the source IP address field of transmitted SYSLOG packets. Use the no form of the command to revert to the default IP address.
2CSNXXX_SWUM204.book Page 2172 Monday, January 25, 2016 1:25 PM Command History Introduced in version 6.3.0.1 firmware. Example console#conf console(config)#interface vlan 1 console(config-if-vlan1)#ip address dhcp console(config-if-vlan1)#exit console(config)#logging source-interface vlan 1 logging web-session Use the logging web-session command in Global Configuration mode to enable web session logging. To disable, use the no form of this command.
2CSNXXX_SWUM204.book Page 2173 Monday, January 25, 2016 1:25 PM port Use the port command in Logging mode to specify the port number of a SYSLOG server to which SYSLOG messages are sent.. To reset to the default value, use the no form of the command. Syntax port port no port • port—The port number to which SYSLOG messages are sent. (Range: 165535) Default Configuration The default port number for UDP messages is 514. When DTLS is configured (logging protocol 1), the default port number is 6514..
2CSNXXX_SWUM204.book Page 2174 Monday, January 25, 2016 1:25 PM Syntax show logging Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the state of logging and the SYSLOG messages stored in the internal buffer. console#show logging Logging is enabled Logging protocol version: 1 Console Logging: Level warnings.
2CSNXXX_SWUM204.book Page 2175 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the state of logging messages sorted in the logging file. console#show logging file Persistent Logging : enabled Persistent Log Count : 1 <186> JAN 01 00:00:05 0.0.0.0-1 UNKN[268434928]: bootos.
2CSNXXX_SWUM204.book Page 2176 Monday, January 25, 2016 1:25 PM User Guidelines This command has no user guidelines. Example The following example displays the SYSLOG server settings. console#show syslog-servers IP address Port Severity Description ---------------------------------------------192.180.2.275 14 Info 7 192.180.2.
2CSNXXX_SWUM204.book Page 2177 Monday, January 25, 2016 1:25 PM Use the no terminal monitor command to disable the display of system messages on the terminal for Telnet and SSH sessions. Use the logging monitor command to display logging messages in a Telnet or SSH session. Terminal monitor and logging monitor are enabled on console sessions by default. Example This example enables the display of system messages and logging messages on the current telnet session.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 2179 Monday, January 25, 2016 1:25 PM – show hardware profile show switch update bootcode asset-tag Use the asset-tag command in Global Configuration mode to specify the switch asset tag. To remove the existing asset tag, use the no form of the command. Syntax asset-tag [unit] tag no asset-tag [unit] • unit — Switch number. (Range: 1–12) • tag — The switch asset tag. Default Configuration No asset tag is defined by default.
2CSNXXX_SWUM204.book Page 2180 Monday, January 25, 2016 1:25 PM banner exec Use the banner exec command to set the message that is displayed after a successful login. Use the no form of the command to remove the set message. Syntax banner exec MESSAGE no banner exec • MESSAGE — Quoted text Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The exec message may consist of multiple lines.
2CSNXXX_SWUM204.book Page 2181 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The login banner can consist of multiple lines. Enter a quote to end the banner text and return to the configuration prompt. Up to 2000 characters may be entered into a banner. Each line entered will consume an extra two characters to account for the carriage return and line feed.
2CSNXXX_SWUM204.book Page 2182 Monday, January 25, 2016 1:25 PM User Guidelines The motd banner can consist of multiple lines. Enter a quote to end the banner text and return to the configuration prompt. Up to 2000 characters may be entered into a banner. Each line entered will consume an extra two characters to account for the carriage return and line feed. The motd banner is usually displayed prior to logging into the switch, although some protocols, for example SSH, may enforce different behavior.
2CSNXXX_SWUM204.book Page 2183 Monday, January 25, 2016 1:25 PM User Guidelines Various terminal emulators exhibit different behaviors with regards to the MOTD and the acknowledge prompt, for example, TeraTerm and putty. There are also different behaviors based upon the protocol used (SSH versus telnet). See below for some examples where the MOTD prompt occurs either before or after the acknowledge prompt.
2CSNXXX_SWUM204.book Page 2184 Monday, January 25, 2016 1:25 PM [root@kevin ~]# ssh 192.168.12.84 -l dellradius If you need to utilize this device or otherwise make changes to the configuration, you may contact Kevin at x911. Please, be advised this unit is under test by Kevin. dellradius@192.168.12.84's password: Press 'y' to continue (within 30 seconds) (y/n) Welcome to the N3024 in the Bottom Chassis - 192.168.12.190. This unit is located in A2 and is currently under test.
2CSNXXX_SWUM204.book Page 2185 Monday, January 25, 2016 1:25 PM Syntax buffers {rising-threshold rising-threshold-val | falling-threshold fallingthreshold-val | severity severity-level} no buffers {rising-threshold | falling-threshold | severity } • rising-threshold-val—The rising message buffer threshold over which a trap will be issued. This is a percentage of messages buffers utilized and ranges from 0 to 100. • falling-threshold-val—The falling threshold value.
2CSNXXX_SWUM204.book Page 2186 Monday, January 25, 2016 1:25 PM The falling-threshold-val should be configured to be less than or equal to the rising-threshold-val. Command History Introduced in version 6.2.0.1 firmware. Example console(config)#buffers rising-threshold 90 clear checkpoint statistics Use the clear checkpoint statistics command to clear the statistics for the checkpointing process. Syntax clear checkpoint statistics Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 2187 Monday, January 25, 2016 1:25 PM Syntax clear counters stack-ports Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines This command resets all statistics shown by the show switch stack-ports counters and the show switch stack-ports diag commands. Example console#clear counters stack-ports connect Use this command to connect the serial console of a different stack member to the local unit.
2CSNXXX_SWUM204.book Page 2188 Monday, January 25, 2016 1:25 PM User Guidelines This command is available from the Unit prompt on a member unit serial port. The user need not be currently connected over the serial port to connect to another unit. The stack member being connected to must be up and running and connected as part of the stack. This command connects the the serial console from the target stack member to the local unit. There is only one console session allowed per stack.
2CSNXXX_SWUM204.book Page 2189 Monday, January 25, 2016 1:25 PM no cut-through mode Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines Cut-through mode is only supported on Dell Networking N4000 series switches. It is not supported on Dell Networking N1500/N2000/N3000 Series switches. Example console(config)#cut-through mode The mode (enable) is effective from the next reload of Switch/Stack.
2CSNXXX_SWUM204.book Page 2190 Monday, January 25, 2016 1:25 PM It is not possible to disconnect the EIA-232 (serial console) session. exit Use this command to disconnect the serial connection to a remote unit. Syntax exit Default Configuration There is no default configuration for this command. Command Modes User EXEC mode on stack master. Unit prompt on the stack member.
2CSNXXX_SWUM204.book Page 2191 Monday, January 25, 2016 1:25 PM To disconnect a remote session to the stack master established from a stack member.
2CSNXXX_SWUM204.book Page 2192 Monday, January 25, 2016 1:25 PM This command takes effect only after rebooting the switch. hostname Use the hostname command in Global Configuration mode to specify or modify the switch host name. To restore the default host name, use the no form of the command. Syntax hostname name no hostname • name — The name of the host. (Range: 1–255 characters) The command allows spaces in the host name when specified in double quotes. For example, #snmp-server v3-host “host name”.
2CSNXXX_SWUM204.book Page 2193 Monday, January 25, 2016 1:25 PM initiate failover To manually force a failover from the management unit to the backup unit in a stack, use the initiate failover command in Stack Configuration mode. The initiate failover command checks for stack port errors and NSF synchronization prior to initiating failover.
2CSNXXX_SWUM204.book Page 2194 Monday, January 25, 2016 1:25 PM Example-Stack Port Errors console(config-stack)#initiate failover Warning! Stack errors detected on the following interfaces: Interface ---------------Gi1/0/1 Gi1/0/3 Error Count ---------------12 22 NSF Status: Not synchronized Stack port errors or lack of NSF synchronization may indicate a non-redundant stack topology exists. Fail-over on a non-redundant topology may cause the stack to split! Management unit will be reloaded.
2CSNXXX_SWUM204.book Page 2195 Monday, January 25, 2016 1:25 PM Example console(config-if-Gi1/0/1)#load-interval 150 locate Use the locate command to locate a switch by LED blinking. Syntax locate [switch unit] [time time] • switch unit—If multiple devices are stacked, you can choose which switch to identify. • time time —LED blinking duration in seconds. Range 1-3600 seconds. Default Configuration Default value is 20 seconds.
2CSNXXX_SWUM204.book Page 2196 Monday, January 25, 2016 1:25 PM Syntax logout Default Configuration There is no default configuration for this command. Command Modes Unit prompt on the stack member User Guidelines This command is available in privileged exec mode on the master unit serial port and from the Unit prompt on member unit serial ports. The user need not be currently connected over the serial port to connect to another unit.
2CSNXXX_SWUM204.book Page 2197 Monday, January 25, 2016 1:25 PM member Use the member command in Stack Global Configuration mode to preconfigure a switch stack member. Execute this command on the Management Switch. To remove a stack-member configuration from the stack, use the no form of the command. The no form of the command may not be used if the member is present in the stack.
2CSNXXX_SWUM204.book Page 2198 Monday, January 25, 2016 1:25 PM memory free low-watermark Use the memory free low-watermark command to configure the notification of a low memory condition on the switch. for the issuance of the CPU overload SNMP trap and notification via a SYSLOG message. Use the no form of the command to return the threshold to its default value.
2CSNXXX_SWUM204.book Page 2199 Monday, January 25, 2016 1:25 PM nsf Use this command to enable non-stop forwarding. The no form of the command will disable NSF. Syntax nsf no nsf Default Configuration Non-stop forwarding is enabled by default.
2CSNXXX_SWUM204.book Page 2200 Monday, January 25, 2016 1:25 PM Syntax ping [vrf vrf-name] {[ ip ]ip-address | hostname | { ipv6 { interface interface-id | vlan vlan-id | loopback loopback-id | out-of-band | tunnel tunnel-id} link-local-address | ipv6-address | hostname} [count count] [ interval interval] [ size size] [source { ip-address | ipv6-address | interface-id | vlan vlan-id | out-of-band}] • ip-address—The IPv4 address to ping. • ipv6-address—The IPv6 address to ping.
2CSNXXX_SWUM204.book Page 2201 Monday, January 25, 2016 1:25 PM Default Configuration The default mode is IPv4. The command defaults to an IPv4 address. The default ping count is 4. The default interval is 1 second. The default packet size is 0 data bytes. The packet size is specified in bytes and refers to the packet payload, not the frame size. Packets are padded to extend the frame to the minimum legal frame length by default.
2CSNXXX_SWUM204.book Page 2202 Monday, January 25, 2016 1:25 PM If a host name is specified, a DNS server must be configured locally on the switch and the host name must resolve to an IPv4/IPv6 address as appropriate for the syntax entered. Thecommand allows spaces in the host name when specified in double quotes, even though host names may only consist of letters, numbers and the hyphen character. The VRF identified in the parameter must have been previously created or an error is returned.
2CSNXXX_SWUM204.book Page 2203 Monday, January 25, 2016 1:25 PM process cpu threshold Use the process cpu threshold command to configure the rising and falling thresholds for the issuance of the CPU overload SNMP trap and notification via a SYSLOG message. Use the no form of the command to return the thresholds to their default values.
2CSNXXX_SWUM204.book Page 2204 Monday, January 25, 2016 1:25 PM where weight = 2 / ((TotalTimePeriod/samplePeriod) + 1). The sample period is 5 seconds. The utilization monitoring time period can be configured from 5 secs to 86400 seconds in multiples of 5 seconds. Setting a threshold or interval to 0 disables that individual function. The falling-threshold percentage should be configured to be less than or equal to the rising-threshold percentage.
2CSNXXX_SWUM204.book Page 2205 Monday, January 25, 2016 1:25 PM Command Modes User EXEC mode, Privileged EXEC mode User Guidelines This command is available in privileged exec mode on the master unit serial port and from the Unit prompt on member unit serial ports. The user need not be currently connected over the serial port to connect to another unit. The stack member being connected to must be up and running and connected as part of the stack. This command is an alias for the exit command.
2CSNXXX_SWUM204.book Page 2206 Monday, January 25, 2016 1:25 PM • stack–member–number—The stack member to be reloaded. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode User Guidelines If no unit is specified, all units are reloaded. Examples Example-Reloading the Stack The following example displays how to reload the stack. console#reload 1 Management switch has unsaved changes.
2CSNXXX_SWUM204.book Page 2207 Monday, January 25, 2016 1:25 PM service unsupported-transceiver Use this command to avoid the following on using an unsupported optic. • Logging of a message. • Generation of SNMP trap. Use the no form of this command to set the transceiver support to the factory default.
2CSNXXX_SWUM204.book Page 2208 Monday, January 25, 2016 1:25 PM Syntax set description unit description • unit — The switch identifier. (Range: 1–12) • description — The text description. (Range: 1–80 alphanumeric characters) Default Configuration This command has no default configuration. Command Mode Stack Global Configuration mode User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 2209 Monday, January 25, 2016 1:25 PM • Dell Networking N3024 • Dell Networking N3024F • Dell Networking N3024P • Dell Networking N3048 • Dell Networking N3048P • Dell Networking N4032 • Dell Networking N4032F • Dell Networking N4064 • Dell Networking N4064F • Dell SFP+ Card • Dell 10GBase-T Card Use the no form of the command to return the unit/slot configuration to the default value.
2CSNXXX_SWUM204.book Page 2210 Monday, January 25, 2016 1:25 PM Administrators may issue multiple consecutive slot commands addressing a particular unit/slot without issuing an intervening no slot command. Example console(config)#slot 1/3 3 console(config)#slot 1/3 4 show banner Use the show banner command to display banner information. Syntax show banner Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 2211 Monday, January 25, 2016 1:25 PM Line SSH.......................... Enable Line Telnet....................... Enable ===motd===== show buffers Use the show buffers command to display the system allocated buffers. Syntax show buffers Default Configuration There is no default configuration.
2CSNXXX_SWUM204.book Page 2212 Monday, January 25, 2016 1:25 PM ------------------------------------------------Norm 0 0 0% Mid2 0 0 0% Mid1 0 0 0% Mid0 0 0 0% High 0 0 0% Transmit Attempts Failures %Failure ------------------------------------------------All 145 0 0% Monitoring Parameters --------------------Rising Threshold................................ 0% Falling Threshold............................... 0% Trap Severity.................................
2CSNXXX_SWUM204.book Page 2213 Monday, January 25, 2016 1:25 PM Example console#show checkpoint statistics Messages Checkpointed.....................6708 Bytes Checkpointed........................894305 Time Since Counters Cleared...............3d 01:05:09 Checkpoint Message Rate...................0.025 msg/sec Last 10-second Message Rate...............0 msg/sec Highest 10-second Message Rate............
2CSNXXX_SWUM204.book Page 2214 Monday, January 25, 2016 1:25 PM Syntax show hardware profile portmode [interface-id] Default Configuration This command has no default setting. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 2215 Monday, January 25, 2016 1:25 PM Command Modes User EXEC, Privileged EXEC modes. User Guidelines This command has no user guidelines. Example The following example shows the optic parameters in user readable format. console#show idprom interface tengigabitethernet 1/0/9 Type.............................. Media............................. Serial Number..................... Dell Qualified....................
2CSNXXX_SWUM204.book Page 2216 Monday, January 25, 2016 1:25 PM Command Modes All modes User Guidelines The show interface command shows the actual operational status of the interface, which is not necessarily the same as the configuration. Input/output rate statistics are collected every 10 seconds. Example The following example shows the output for a 1G interface: console#show interfaces gi1/0/1 Interface Name : .............................. SOC Hardware Info :............................
2CSNXXX_SWUM204.book Page 2217 Monday, January 25, 2016 1:25 PM Total Packets Transmitted Successfully......... Unicast Packets Transmitted.................... Multicast Packets Transmitted.................. Broadcast Packets Transmitted.................. Transmit Packets Discarded..................... Total Transmit Errors.......................... Total Transmit Packets Discarded............... Single Collision Frames........................ Multiple Collision Frames......................
2CSNXXX_SWUM204.book Page 2218 Monday, January 25, 2016 1:25 PM User Guidelines This command is only applicable to 10G non-stacking interfaces. Example console#show interfaces advanced firmware Port Revision Part number -------- ----------- ----------Te1/0/1 0x411 BCM8727 Te1/0/2 0x411 BCM8727 Te1/0/3 0x411 BCM8727 Te1/0/4 0x411 BCM8727 Te1/0/5 0x411 BCM8727 show interfaces utilization Use this command to display interface utilization.
2CSNXXX_SWUM204.book Page 2219 Monday, January 25, 2016 1:25 PM port that is experiencing congestion (incast); if the cell count continues to increase over time, the port begins discarding packets when reaching the tail drop threshold. The value of 10 cells above corresponds to one and one-half maximum length packets queued for transmission. For the N2000/N3000 and N4000 switches, the cell size is 208 bytes; for the N1500, the cell size is 128 bytes.
2CSNXXX_SWUM204.book Page 2220 Monday, January 25, 2016 1:25 PM Field Description Tx Util The transmit utilization. The link utilization in the transmit direction as a percentage of operational speed (range 0-100). The utilization is derived by dividing the link speed by the number of bytes received averaged over the last sampling interval. Rx PPS The received packets per second. This value is the average number of packets received over the last sampling interval.
2CSNXXX_SWUM204.book Page 2221 Monday, January 25, 2016 1:25 PM console#show interfaces utilization Port Load Interval --------- -------Gi1/0/1 300 Gi1/0/2 300 Gi1/0/3 300 Gi1/0/4 300 Gi1/0/5 300 Gi1/0/6 300 Gi1/0/7 300 Gi1/0/8 300 Oper.
2CSNXXX_SWUM204.book Page 2222 Monday, January 25, 2016 1:25 PM Syntax show nsf Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 2223 Monday, January 25, 2016 1:25 PM Parameter Description Range Default Last Startup Reason The type of activation that caused the software to start the last time. There are four options. “Power-On” means that the switch rebooted. This could have been caused by a power cycle or an administrative “Reload” command. “Administrative Move” means that the administrator issued a command for the stand-by manager to take over.
2CSNXXX_SWUM204.book Page 2224 Monday, January 25, 2016 1:25 PM Parameter Description Range Time Since Last Copy When the running configuration was last copied from the management unit to the backup unit. Time Stamp Time Until Next Copy The number of seconds until the 0 - 120 seconds running configuration will be copied to the backup unit. This line only appears when the running configuration on the backup unit is Stale.
2CSNXXX_SWUM204.book Page 2225 Monday, January 25, 2016 1:25 PM Syntax show power-usage-history unit-id • unit-id—Stack unit for which to display the power history. Range 1-12. Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show power-usage-history unit 1 Sampling Interval (sec)........................ 30 Total No.
2CSNXXX_SWUM204.book Page 2226 Monday, January 25, 2016 1:25 PM Command Mode Privileged EXEC mode, Global Configuration mode, all show modes User Guidelines The following fields are displayed. Fields Description ID Application ID assigned by the Process Manager. Name Application Name PID Application Linux Process ID. Admin-Status Flag indicating if the application is administratively enabled.
2CSNXXX_SWUM204.book Page 2227 Monday, January 25, 2016 1:25 PM Syntax show process app-resource-list Default Configuration There is no default configuration for this command. Command Mode Privileged EXEC mode, Global Configuration mode, all show modes User Guidelines The following fields are displayed. Fields Description ID Application ID assigned by the Process Manager. Name Application Name PID Application Linux Process ID.
2CSNXXX_SWUM204.book Page 2228 Monday, January 25, 2016 1:25 PM 1 2 switchdrvr syncdb-test 280 0 Unlimited 10MB Unlimited 256MB 20% 0MB 280MB 0MB show process cpu Use the show process cpu command to check the CPU utilization for each process currently running on the switch. Syntax show process cpu Default Configuration This command has no default configuration. Command Mode Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines No specific guidelines.
2CSNXXX_SWUM204.book Page 2229 Monday, January 25, 2016 1:25 PM 3b5b750 bcmRX 0.00% 0.13% 0.12% 3d3f6d0 MAC Send Task 0.00% 0.07% 0.10% 3d48bd0 MAC Age Task 0.00% 0.00% 0.03% 40fdbf0 bcmLINK.0 0.00% 0.14% 0.46% 4884e70 tL7Timer0 0.00% 0.06% 0.02% 48a1250 osapiMonTask 0.00% 0.32% 0.17% 4969790 BootP 0.00% 0.00% 0.01% 4d71610 dtlTask 0.00% 0.06% 0.05% 4ed00e0 hapiRxTask 0.00% 0.06% 0.03% 562e810 DHCP snoop 0.00% 0.00% 0.06% 58e9bc0 Dynamic ARP Inspection 0.00% 0.06% 0.03% 62038a0 dot1s_timer_task 0.00% 0.
2CSNXXX_SWUM204.book Page 2230 Monday, January 25, 2016 1:25 PM User Guidelines The following fields are displayed. Fields Description PID Application Linux Process ID Process-Name Linux process name Application ID-VRID-Name Name of the application that started the process and the application ID assigned by the Process Manager. The VRID is the virtual router with which this application is associated.
2CSNXXX_SWUM204.book Page 2231 Monday, January 25, 2016 1:25 PM show sessions Use the show sessions command in Privileged EXEC mode to display a list of the open telnet sessions to remote hosts. Syntax show sessions Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays a list of open telnet sessions to remote hosts.
2CSNXXX_SWUM204.book Page 2232 Monday, January 25, 2016 1:25 PM Field Description Type The type of connection (Serial, Telnet, SSH, HTTP, HTTPS). show slot Use the show slot command in User EXEC mode to display information about all the slots in the system or for a specific slot. Syntax show slot [slot/port] Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 2233 Monday, January 25, 2016 1:25 PM Parameter Description Pluggable Cards are pluggable or non-pluggable in the slot. If you supply a value for slot/port, the following additional information appears as shown in the table below. Parameter Description Inserted Card Model Identifier The model identifier of the card inserted in the slot. Model identifier is a 32character field used to identify a card. This field is displayed only if the slot is full.
2CSNXXX_SWUM204.book Page 2234 Monday, January 25, 2016 1:25 PM • cardindex — Displays the index into the database of the supported card types. This index is used when preconfiguring a slot. Default Configuration This command has no default configuration. Command Mode User EXEC, Configuration mode and all Configuration submodes User Guidelines The CID information is used when preconfiguring cards using the slot command. The following table explains the output parameters.
2CSNXXX_SWUM204.book Page 2235 Monday, January 25, 2016 1:25 PM --1 2 3 4 5 6 7 -------------------------------Dell Networking N4032 Dell Networking N4032F Dell Networking N4064 Dell Networking N4064F Dell QSFP Card Dell SFP+ Card Dell 10GBase-T Card show supported switchtype Use the show supported switchtype command in User EXEC mode to display information about all supported switch types.
2CSNXXX_SWUM204.book Page 2236 Monday, January 25, 2016 1:25 PM Field Description Model Identifier This field displays the model identifier for the supported switch type. Management Preference This field indicates the management preference value of the switch type. Code Version This field displays the code load target identifier of the switch type. The following table describes the fields in the second example.
2CSNXXX_SWUM204.book Page 2237 Monday, January 25, 2016 1:25 PM Model Identifier............... Dell Networking N4032 Slot........................... 1 Card Index (CID)............... 5 Model Identifier............... Dell QSFP Card Slot........................... 1 Card Index (CID)............... 6 Model Identifier............... Dell SFP+ Card Slot........................... 1 Card Index (CID)............... 7 Model Identifier...............
2CSNXXX_SWUM204.book Page 2238 Monday, January 25, 2016 1:25 PM Use the show sdm prefer command to display the SDM template configuration. Syntax show switch [stack–member–number | stack–ports[counters | diag | stackpath {from-unit | all} to unit] | stack–standby] • unitid—The unit number. • stack–member–number—The stack member number. • stack–ports—Display summary stack-port information for all interfaces. • counters—Display summary data counter information for all interfaces.
2CSNXXX_SWUM204.book Page 2239 Monday, January 25, 2016 1:25 PM Unit Description Switch This field displays the unit identifier assigned to the switch. Management Status This field indicates whether the switch is the Management Switch, a stack member, or the status is unassigned. Switch Type This field displays the 32-bit numeric switch type. Preconfigured Model Identifier This field displays the model identifier for this switch.
2CSNXXX_SWUM204.book Page 2240 Monday, January 25, 2016 1:25 PM Unit Description Up Time This field displays the system up time. The additional fields in the all units example are as follows: Unit Description Switch This field displays the unit identifier assigned to the switch. Management Status This field indicates whether the switch is the Management Switch, a stack member, or the status is unassigned. Standby Status This field indicates whether the switch is the Standby Switch.
2CSNXXX_SWUM204.book Page 2241 Monday, January 25, 2016 1:25 PM Examples Example – Stack Status for the Switch console#show switch 1 Switch............................ Management Status................. Switch Type....................... Preconfigured Model Identifier.... Plugged-in Model Identifier....... Switch Status..................... Switch Description................ Detected Code Version............. Detected Code in Flash............ SFS Last Attempt Status........... Serial Number...............
2CSNXXX_SWUM204.book Page 2242 Monday, January 25, 2016 1:25 PM Example-Stacking Links Path This command tracks the path a packet may take when traversing stacking links. The command shows active paths only, not those that may be taken after a stack failover or stack reconvergence.
2CSNXXX_SWUM204.book Page 2243 Monday, January 25, 2016 1:25 PM --- ---------- --------- ------------- ------------- ------------- --------1 Mgmt Sw N4032F N4032F SDM Mismatch 10.7.14.21 show system Use the show system command in User EXEC mode to display system information. Syntax show system [unit] • unit — The unit number. Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 2244 Monday, January 25, 2016 1:25 PM Temperature Sensors: Unit Description Temperature (Celsius) ---- ------------------ ----------1 MAC 33 1 PHY 34 Fans: Unit ---1 1 Description ----------Fan-1 Fan-2 Status ------Failure Failure Power Supplies: Unit Description ---1 1 1 ----------System PS-1 PS-2 Status ----------OK Failure No Power Average Power (Watts) ---------39.8 Current Power (Watts) -------39.
2CSNXXX_SWUM204.book Page 2245 Monday, January 25, 2016 1:25 PM Command Mode User EXEC, Privileged EXEC, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console>show system fan Fans: Unit Description Status ---- ----------- -----1 Fan 1 OK 1 Fan 2 OK 1 Fan 3 OK show system id Use the show system id command in User EXEC mode to display the system identity information. Syntax show system id [unit] • unit — The unit number.
2CSNXXX_SWUM204.book Page 2246 Monday, January 25, 2016 1:25 PM console#show system id Service Tag: 13820M0230LF Serial Number: 13820M0230LF Asset Tag: none Unit Service tag Serial number ---- ------------------------1 13820M0230LF 13820M0230LF Asset tag -----------none show system power Use the show system power command in User EXEC or Privileged EXEC mode to display information about the system level power consumption.
2CSNXXX_SWUM204.book Page 2247 Monday, January 25, 2016 1:25 PM show system temperature Use the show system temperature command in User EXEC or Privileged EXEC mode to display information about the system temperature and fan status. Syntax show system temperature Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 2248 Monday, January 25, 2016 1:25 PM ---- ------------------ ----------1 MAC 33 1 PHY 34 show tech-support Use the show tech-support command to display system and configuration information for use in debugging or contacting technical support.
2CSNXXX_SWUM204.book Page 2249 Monday, January 25, 2016 1:25 PM • ospfv3 — Show detailed information specific to OSPFv3. • bfd — Show detailed information specific to BFD. • file — Write the output to a file in the local flash instead of the console. • usb — Write the output to a file on the USB drive instead of the console. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines Tech support files are named tech-supportXXX.
2CSNXXX_SWUM204.book Page 2250 Monday, January 25, 2016 1:25 PM System Object ID.................. CPU Version....................... SOC Version....................... HW Version........................ CPLD Version...................... 1.3.6.1.4.1.674.10895.3042 XLP308H-B2 BCM56842_A1 3 17 unit active backup current-active next-active ---- ----------- ----------- -------------- -------------1 6.0.0.0 6.0.0.0 6.0.0.0 Operating System............................... Linux 2.6.
2CSNXXX_SWUM204.book Page 2251 Monday, January 25, 2016 1:25 PM Syntax show users [long] Default Configuration This command has no default configuration. Command Mode Privileged EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays a list of active users and the information about them.
2CSNXXX_SWUM204.book Page 2252 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode User EXEC mode, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show version Machine Description............... System Model ID................... Machine Type...................... Serial Number..................... Manufacturer...................... Operating System..................
2CSNXXX_SWUM204.book Page 2253 Monday, January 25, 2016 1:25 PM stack Use the stack command in Global Configuration mode to set the mode to Stack Global Config. Syntax stack Default Configuration This command has no default mode. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. If not stack configuration appears in the saved config, it is built at runtime and appears in the running config. The operator can save the stack configuration.
2CSNXXX_SWUM204.book Page 2254 Monday, January 25, 2016 1:25 PM Syntax stack-port {fortygigabitethernet|tengigabitethernet} unit/slot/port {ethernet | stack} Default Configuration By default, Ethernet ports are configured to operate in Ethernet mode. Command Mode Stack Configuration mode User Guidelines Once this command has been issued, the switch must be rebooted in order for the command to take effect.
2CSNXXX_SWUM204.book Page 2255 Monday, January 25, 2016 1:25 PM configured in a stack and can utilize rear panel mini-SAS ports only for stacking. The N1500 Series switches support stacking up to four units in a stack and can utilize pairs of SFP+ ports for stacking. On the N1500 Series switch, configuring an SFP+ port as stacking will always configure the corresponding pair in stacking mode as well (i.e.
2CSNXXX_SWUM204.book Page 2256 Monday, January 25, 2016 1:25 PM This command persists across reboots, therefore, administrators should use this command with caution during stack upgrade procedures. Example console(config-stack)#stack-port tengigabitethernet 1/2/1 shutdown Disabling a stack port will cause the stack to attempt to re-converge. Application messages will appear in the logs during stack convergence.
2CSNXXX_SWUM204.book Page 2257 Monday, January 25, 2016 1:25 PM Examples console(config)#stack console(config-stack)#standby 2 switch renumber Use the switch renumber command in Global Configuration mode to change the identifier for a switch in the stack. Upon execution, the switch is configured with the configuration information for the new switch, if any is available. The old switch configuration information is retained; however, the original switch will be operationally detached.
2CSNXXX_SWUM204.book Page 2258 Monday, January 25, 2016 1:25 PM telnet Use the telnet command in Privileged EXEC mode to log into a host that supports Telnet. Syntax telnet {ip-address | hostname} [port] [keyword1......] • ip-address—Valid IP address of the destination host. • hostname—Hostname of the destination host. (Range: 1–158 characters). • port—A decimal TCP port number. • keyword—One or more keywords from the keywords table in the user guidelines (see Keywords Table below).
2CSNXXX_SWUM204.book Page 2259 Monday, January 25, 2016 1:25 PM console#telnet 176.213.10.50 Trying 176.213.10.50... Connected to 176.213.10.50 Entering character mode... Escape character is'^^'. traceroute Use the traceroute command in Privileged EXEC mode to discover the IP routes that packets actually take when traveling to their destinations. Use of the optional VRF parameter executes the command within the context of the VRF specific routing table.
2CSNXXX_SWUM204.book Page 2260 Monday, January 25, 2016 1:25 PM • count—The number of probes to be sent at each TTL level (Range:1–10). • port—The destination UDP port of the probe. This should be an unused port on the remote destination system (Range: 1–65535). • size—The size, in bytes, of the payload of the Echo Requests sent (Range: 0–39936 bytes). • src-ip-address—The IPv4 source address to use in the ICMP echo request packets. • vlan—A valid VLAN interface.
2CSNXXX_SWUM204.book Page 2261 Monday, January 25, 2016 1:25 PM Examples The following example discovers the routes that packets will actually take when traveling to the destination specified in the command. (console) # traceroute 10.240.10.115 init-ttl 1 max-ttl 4 max-fail 0 interval 1 count 3 port 33434 size 43 Traceroute to 10.240.10.115, 4 hops max, 43 byte packets: 1 10.240.4.1 708 msec 41 msec 11 msec 2 10.240.10.
2CSNXXX_SWUM204.book Page 2262 Monday, January 25, 2016 1:25 PM • port—The destination UDP port of the probe. This should be an unused port on the remote destination system (Range: 1–65535). • size—The size, in bytes, of the payload of the Echo Requests sent (Range: 0–39936 bytes). The default is 0. • src-ip-address—The IPv4 source address to use in the ICMP echo request packets. • vlan—The source VLAN over which to send the echo request.
2CSNXXX_SWUM204.book Page 2263 Monday, January 25, 2016 1:25 PM Traceroute to 2001::2, 4 hops max, 43 byte packets: 1 2001::2 708 msec 41 msec 11 msec 2 2001::2 12 msec 13 msec 12 msec 3 2001::2 14 msec 9 msec 11 msec update bootcode Use the update bootcode command in Privileged EXEC mode to update the bootcode on one or more switches. For each switch, the bootcode is extracted from the active image and programmed to flash. Syntax update bootcode [unit ] • unit —Unit number.
2CSNXXX_SWUM204.book Page 2264 Monday, January 25, 2016 1:25 PM Telnet Server Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches The Telnet protocol (outlined in RFC 854) allows users (clients) to connect to multiuser computers (servers) on the network. Telnet is often employed when a user communicates with a remote login service. Telnet is the terminal emulation protocol in the TCP/IP suite. Telnet uses TCP as the transport protocol to initiate a connection between server and client.
2CSNXXX_SWUM204.book Page 2265 Monday, January 25, 2016 1:25 PM dellradius@192.168.12.84's password: Press 'y' to continue (within 30 seconds) (y/n) Welcome to the N3024 in the Bottom Chassis - 192.168.12.190. This unit is located in A2 and is currently under test. N3024-C1> 2 SSH (Linux Terminal): [root ~]# ssh 192.168.12.84 -l dellradius If you need to utilize this device or otherwise make changes to the configuration, you may contact the owner at x38525. Please, be advised this unit is under test.
2CSNXXX_SWUM204.book Page 2266 Monday, January 25, 2016 1:25 PM Commands in this Section This section explains the following commands: ip telnet server disable show ip telnet ip telnet port – ip telnet server disable The ip telnet server disable command is used to enable/disable the Telnet service on the switch. Syntax ip telnet server disable no ip telnet server disable Command Mode Global Configuration User Guidelines No specific guidelines. Default Value This feature is enabled by default.
2CSNXXX_SWUM204.book Page 2267 Monday, January 25, 2016 1:25 PM Syntax ip telnet port port number • port number — Telnet TCP port number (Range: 1025–65535) Default Configuration The default value for the Telnet TCP port is 23. Command Mode Global Configuration User Guidelines The Telnet server TCP port should not be set to a value that might conflict with other well-known protocol port numbers used on this switch.
2CSNXXX_SWUM204.book Page 2268 Monday, January 25, 2016 1:25 PM Example (console)#show ip telnet Telnet Server is Enabled.
2CSNXXX_SWUM204.book Page 2269 Monday, January 25, 2016 1:25 PM Time Ranges Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches Time ranges are used with time-based ACLs to restrict their application due to specific time slots. This section explains the following commands: show boot periodic absolute show time-range time-range Use the time-range command in Global Configuration mode to globally enable or disable the event notification service of the time range component.
2CSNXXX_SWUM204.book Page 2270 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration User Guidelines The CLI mode changes to Time-Range Configuration mode when you successfully execute this command. Example console(config)#time-range timeRange_1 absolute Use the absolute command in Time Range Configuration mode to add an absolute time entry to a time range. Use the no form of this command to delete the absolute time entry in the time range.
2CSNXXX_SWUM204.book Page 2271 Monday, January 25, 2016 1:25 PM User Guidelines Only one absolute time entry is allowed per time-range. The time parameter is referenced to the currently configured time zone. Example console#time-range timeRange_1 console(config-time-range)#absolute end 12:00 16 Dec 2010 periodic Use the periodic command to add a periodic time entry to a time range. The time parameter is based off of the currently configured time zone.
2CSNXXX_SWUM204.book Page 2272 Monday, January 25, 2016 1:25 PM • time—The first occurrence of this argument is the starting hours:minutes which the configuration that referenced the time range starts going into effect. The second occurrence is the ending hours:minutes at which the configuration that referenced the time range is no longer in effect. The hours:minutes are expressed in a 24-hour clock. For example, 8:00 is 8:00 am and 20:00 is 8:00 pm.
2CSNXXX_SWUM204.book Page 2273 Monday, January 25, 2016 1:25 PM console(config-time-range)#periodic wednesday 12:30 to thursday 20:00 console(config-time-range)#periodic weekend 18:00 to 20:00 show time-range Use the show time-range command in Privileged Exec mode to display a time range and all the absolute/periodic time entries that are defined for the time range. The [name] parameter is used to identify a specific time range to display.
2CSNXXX_SWUM204.book Page 2274 Monday, January 25, 2016 1:25 PM Parameter Description Periodic end End time and day for periodic entry.
2CSNXXX_SWUM204.book Page 2275 Monday, January 25, 2016 1:25 PM USB Flash Drive Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches When available, a USB flash drive can be used to configure, upgrade and provide consistency to a switching network. A USB flash drive can be plugged in sequentially to a set of routers/switches to upgrade to newer software versions without depending on the network to upgrade the switches with new firmware.
2CSNXXX_SWUM204.book Page 2276 Monday, January 25, 2016 1:25 PM Files downloaded from USB flash drive are not copied to RAM to perform validations. Instead, the file is directly read from the USB flash device and copied to buffers to perform the necessary validations. Downloading and Uploading of Files After the file validations are successful, the switch proceeds with downloading of files from the USB flash device to the switch and uploading of files from the switch to the USB flash drive.
2CSNXXX_SWUM204.book Page 2277 Monday, January 25, 2016 1:25 PM Example console#unmount usb show usb Use the show usb command in Privileged Exec mode to display the USB flash device details. Syntax show usb device Default Configuration This command has no default configuration. Command Mode Privileged Exec User Guidelines The following table explains the output parameters. Parameter Description Device Status This field specifies the current status of device.
2CSNXXX_SWUM204.book Page 2278 Monday, January 25, 2016 1:25 PM Parameter Description Vendor ID Vendor specific details of device- Vendor ID. Product ID Vendor specific details of device- Product ID. Example The following example is the output if the device is plugged into the USB slot. console#show usb device Device Status……………………………………………… Active Manufacturer…………………………………………………… xxxx Serial Number………………………………………………… yyyyy USB Version Compliance………………………… 2.
2CSNXXX_SWUM204.book Page 2279 Monday, January 25, 2016 1:25 PM Command Mode Privileged Exec User Guidelines Only the first 32 characters of the file name are displayed, even if the file name is longer. Examples console#dir usb Attr Size(bytes) drwx 2640 drwx 0 -rw96 -rw14363703 drwx 1024 Total Size: Bytes Used: Bytes Free: console#dir Creation Time Feb 02 2022 00:26:43 Feb 19 2014 15:22:53 Jan 28 2022 23:05:45 Jan 22 2022 03:36:08 Jan 22 2022 03:36:08 Name . .. snmpOprData.cfg image1.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 2281 Monday, January 25, 2016 1:25 PM User Interface Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches This section explains the following commands: configure terminal end console#rename file1.scr file2.scr exit enable quit configure terminal Use the configure terminal command to enter Global Configuration mode. This command is equivalent to the configure command with no terminal argument.
2CSNXXX_SWUM204.book Page 2282 Monday, January 25, 2016 1:25 PM using this command. When in modes other than Global Configuration mode, the do command will not appear in the list of commands shown in the help, nor will prompting be available. Syntax do line do ? • line — Command to be executed. It should be an unambiguous command from the Privileged Exec mode. Commands such as configure are forbidden. Command line completion for the line parameter is supported.
2CSNXXX_SWUM204.book Page 2283 Monday, January 25, 2016 1:25 PM copy Copy files to or from the switch. crypto Request a crypto certificate. debug Configure debug flags. delete Delete a file. dir Display directory information. disconnect Close active remote session(s). dot1x Initialize dot1x or re-authenticate clients. enable Enter into user privilege mode. erase Delete a file. exit Exit privileged exec mode. filedescr Set a text description for an image file.
2CSNXXX_SWUM204.book Page 2284 Monday, January 25, 2016 1:25 PM Default Configuration The default privilege level is 15. Command Mode User Exec and Privileged Exec modes User Guidelines If there is no authentication method defined for enable, then a level 1 user is not allowed to execute this command. Example The following example shows how to enter privileged mode. console>enable console# end Use the end command to get the CLI user control back to the privileged execution mode or user execution mode.
2CSNXXX_SWUM204.book Page 2285 Monday, January 25, 2016 1:25 PM exit Use the exit command to go to the next lower command prompt or, in User Exec mode, to close an active terminal session by logging off the switch. Syntax exit Default Configuration This command has no default configuration. Command Mode All command modes. In User Exec mode, this command behaves identically with the quit command. User Guidelines There are no user guidelines for this command.
2CSNXXX_SWUM204.book Page 2286 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode User Exec command mode User Guidelines There are no user guidelines for this command. Example The following example closes an active terminal session.
2CSNXXX_SWUM204.book Page 2287 Monday, January 25, 2016 1:25 PM Web Server Commands Dell Networking N1500/N2000/N3000/N4000 Series Switches If enabled, the Dell Networking is manageable via industry standard web browsers. User privilege levels are the same as for the CLI. Over 95% of the management functions are available via the web interface, including configuration and firmware upgrades. Web Sessions The HTTP protocol does not provide support for persistent connections.
2CSNXXX_SWUM204.book Page 2288 Monday, January 25, 2016 1:25 PM on the server is 15, the user is given read-write permissions. Any other value is read-only. If exec shell feature is not enabled on the server, the user is given read-only permissions.
2CSNXXX_SWUM204.book Page 2289 Monday, January 25, 2016 1:25 PM Command Mode Crypto Certification mode User Guidelines This command mode is entered using the crypto certificate request or crypto certificate generate command. Example The following example displays how to specify the name of "router.gm.com." console(config-crypto-cert)#common-name router.gm.com country Use the country command in Crypto Certificate Generation or Crypto Certificate Request mode to specify the country.
2CSNXXX_SWUM204.book Page 2290 Monday, January 25, 2016 1:25 PM crypto certificate generate Use the crypto certificate generate command in Global Configuration mode to generate a self-signed HTTPS certificate. Syntax crypto certificate number generate • number—Specifies the certificate number. (Range: 1–2) • generate—Regenerates the SSL RSA key. Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 2291 Monday, January 25, 2016 1:25 PM crypto certificate import Use the crypto certificate import command in Global Configuration mode to import a certificate signed by the Certification Authority for HTTPS. Syntax crypto certificate number import • number — Specifies the certificate number. (Range: 1–2) Default Configuration This command has no default configuration.
2CSNXXX_SWUM204.book Page 2292 Monday, January 25, 2016 1:25 PM ZvKBAEL9Ggp+6MIIBNgYDVR0fBIIBLTCCASkwgdKggc+ggcyGgclsZGFwOi8v L0VByb3h5JTIwU29mdHdhcmUlMjBSb290JTIwQ2VydGlmaWVyLENOPXNlcnZl -----END CERTIFICATE----Certificate imported successfully. Issued to: router.gm.com Issued by: www.verisign.com Valid from: 8/9/2005 to 8/9/2005 Subject: CN= router.gm.
2CSNXXX_SWUM204.book Page 2293 Monday, January 25, 2016 1:25 PM Use the end command to exit Crypto Certificate Request mode without generating a certificate request. Use the exit command to exit Crypto Certificate Request mode and generate a certificate request. duration Use the duration command in Crypto Certificate Generation mode to specify the duration. Syntax duration days • days — Specifies the number of days a certification would be valid. If left unspecified, the parameter defaults to 365 days.
2CSNXXX_SWUM204.book Page 2294 Monday, January 25, 2016 1:25 PM Syntax ip http port port-number no ip http port • port-number — Port number on which the switch HTTP server listens for connections.. (Range: 1025–65535) Default Configuration This default port number is 80. Command Mode Global Configuration mode User Guidelines The HTTP TCP port should not be set to a value that might conflict with other well-known protocol port numbers used on this switch.
2CSNXXX_SWUM204.book Page 2295 Monday, January 25, 2016 1:25 PM Command Mode Global Configuration mode User Guidelines This command enables HTTP access to the switch. Use the ip http secureserver command to enable HTTPS access. It is recommended that administrators enable HTTPS access in preference to HTTP access in order to ensure that management activity is not snooped. Example The following example enables the switch to be configured from a browser.
2CSNXXX_SWUM204.book Page 2296 Monday, January 25, 2016 1:25 PM Example The following example configures the active certificate for HTTPS. console(config)#ip http secure-certificate 1 ip http secure-port Use the ip http secure-port command in Global Configuration mode to configure a TCP port on which the switch listens for HTTPS connections. To use the default port, use the no form of this command.
2CSNXXX_SWUM204.book Page 2297 Monday, January 25, 2016 1:25 PM ip http secure-server Use the ip http secure-server command in Global Configuration mode to enable the switch to be accessed via HTTPS clients. To disable HTTPS access,, use the no form of this command. Syntax ip http secure-server no ip http secure-server Default Configuration The default for the switch is disabled.
2CSNXXX_SWUM204.book Page 2298 Monday, January 25, 2016 1:25 PM Default Configuration This command has no default configuration. Command Mode Crypto Certificate Generation mode User Guidelines This command mode is entered using the crypto certificate request command. You must use the key-generate command prior to exiting the crypto certificate request mode to properly generate a certificate request.
2CSNXXX_SWUM204.book Page 2299 Monday, January 25, 2016 1:25 PM Example The following example displays how to specify the city location of "austin." console(config-crypto-cert)#location austin no crypto certificate Use the no crypto certificate command in Global Configuration mode to delete a certificate. Syntax no crypto certificate { openflow | number } • number— The number of the SSH certificate to remove(between 1 to 2). • openflow—Remove the openflow certificate and associated information.
2CSNXXX_SWUM204.book Page 2300 Monday, January 25, 2016 1:25 PM Syntax organization-unit organization-unit • organization-unit — Specifies the organization-unit or department name. (Range: 1–64 characters) Default Configuration This command has no default configuration. Command Mode Crypto Certificate Generation or Crypto Certificate Request mode User Guidelines This command mode is entered using the crypto certificate request or crypto certificate generate command.
2CSNXXX_SWUM204.book Page 2301 Monday, January 25, 2016 1:25 PM Example The following example displays the SSL certificate of a sample switch.
2CSNXXX_SWUM204.book Page 2302 Monday, January 25, 2016 1:25 PM show ip http server secure status Use the show ip http server secure status command in User Exec or Privileged Exec mode to display the HTTP secure server status information. Syntax show ip http server secure status Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes, Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
2CSNXXX_SWUM204.book Page 2303 Monday, January 25, 2016 1:25 PM Certificate 1 is active Issued by: www.verisign.com Valid from: 8/9/2003 to 8/9/2004 Subject: CN= router.gm.com, 0= General Motors, C= US Finger print: DC789788 DC88A988 127897BC BB789788 Certificate 2 is inactive Issued by: self-signed Valid from: 8/9/2003 to 8/9/2004 Subject: CN= router.gm.
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 2305 Monday, January 25, 2016 1:25 PM Appendix A: List of Commands A aaa accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 860 aaa authentication dot1x default . . . . . . . . . . . . . . . . . . . . . . . . . . . . 863 aaa authentication enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 864 aaa authentication login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 866 aaa authorization . .
2CSNXXX_SWUM204.book Page 2306 Monday, January 25, 2016 1:25 PM area stub . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1723, 1811 area stub no-summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1724, 1812 area virtual-link . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1725, 1812 area virtual-link authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1727 area virtual-link dead-interval . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2307 Monday, January 25, 2016 1:25 PM banner motd acknowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2182 bfd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1734 bfd echo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1220 bfd interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1221 bfd slow-timer . . . .
2CSNXXX_SWUM204.book Page 2308 Monday, January 25, 2016 1:25 PM classofservice dot1p-mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 684 classofservice ip-dscp-mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 685 classofservice traffic-class-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1166 classofservice trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 689 clear (IAS) . . . . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2309 Monday, January 25, 2016 1:25 PM clear ipv6 prefix-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1425 clear ipv6 statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1599 clear isdp counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315 clear isdp table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316 clear lldp remote-data . .
2CSNXXX_SWUM204.book Page 2310 Monday, January 25, 2016 1:25 PM crypto key generate dsa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . crypto key generate rsa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . crypto key pubkey-chain ssh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . crypto key zeroize {rsa|dsa} . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . crypto key zeroize pubkey-chain . . . . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2311 Monday, January 25, 2016 1:25 PM debug mldsnooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2074 debug ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2075 debug ospfv3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2076 debug ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2076 debug rip . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2312 Monday, January 25, 2016 1:25 PM dir usb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2278 disconnect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2189 distance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1259 distance bgp (BGP Router Configuration) . . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2313 Monday, January 25, 2016 1:25 PM dot1x re-authenticate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 974 dot1x reauthentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 975 dot1x system-auth-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 975 dot1x system-auth-control monitor . . . . . . . . . . . . . . . . . . . . . . . . . . 976 dot1x timeout guest-vlan-period . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2314 Monday, January 25, 2016 1:25 PM exit (mst) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 749 exit-overflow-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1743, 1821 external-lsdb-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1744, 1822 F feature bfd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1219 feature vpc . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2315 Monday, January 25, 2016 1:25 PM interface port-channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647 interface range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396 interface range port-channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648 interface range vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 808 interface tunnel . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2316 Monday, January 25, 2016 1:25 PM ip domain-lookup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506 ip domain-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507 ip dvmrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1497 ip dvmrp metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1498 ip extcommunity-list . . . . .
2CSNXXX_SWUM204.book Page 2317 Monday, January 25, 2016 1:25 PM ip igmp snooping vlan groupmembership-interval . . . . . . . . . . . . . . 476 ip igmp snooping vlan immediate-leave . . . . . . . . . . . . . . . . . . . . . . . 475 ip igmp snooping vlan last-member-query-interval . . . . . . . . . . . . . . 477 ip igmp snooping vlan mcrtrexpiretime . . . . . . . . . . . . . . . . . . . . . . . 478 ip igmp snooping vlan mrouter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2318 Monday, January 25, 2016 1:25 PM ip pim dr-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1665 ip pim hello-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1666 ip pim join-prune-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1667 ip pim rp-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1668 ip pim rp-candidate . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2319 Monday, January 25, 2016 1:25 PM ipv6 dhcp pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1464 ipv6 dhcp relay . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1465 ipv6 dhcp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1466 ipv6 dhcp snooping log-invalid . . . . . . . . . . . . . . . . . . . . . . . . . 366, 1485 ipv6 dhcp snooping trust . . . . . . . . .
2CSNXXX_SWUM204.book Page 2320 Monday, January 25, 2016 1:25 PM ipv6 nd nud retry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1614 ipv6 nd other-config-flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1615 ipv6 nd prefix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1616 ipv6 nd ra hop-limit unspecified . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1610 ipv6 nd raguard attach-policy . . . . . . . .
2CSNXXX_SWUM204.book Page 2321 Monday, January 25, 2016 1:25 PM ipv6 verify binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368, 1487 ipv6 verify source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369, 1488 iscsi aging time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 560 iscsi cos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 561 iscsi enable . . . . . . .
2CSNXXX_SWUM204.book Page 2322 Monday, January 25, 2016 1:25 PM lldp transmit-mgmt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 584 lldp transmit-tlv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 584 load-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2194 locale . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1012 locate . . . . . . .
2CSNXXX_SWUM204.book Page 2323 Monday, January 25, 2016 1:25 PM macro apply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1936 macro description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1937 macro global apply . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1934 macro global description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1935 macro global trace . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2324 Monday, January 25, 2016 1:25 PM maximum-paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1276, 1756, 1831 maximum-paths (IPv6 Address Family Configuration) . . . . . . . . . 1277 maximum-paths ibgp (IPv6 Address Family Configuration) . . . . . 1279 max-metric router-lsa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1754 member . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2325 Monday, January 25, 2016 1:25 PM name (VLAN Configuration) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 809 neighbor activate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1280 neighbor advertisement-interval (BGP Router Configuration) . . . 1281 neighbor advertisement-interval (IPv6 Address Family Configuration 1282 neighbor allowas-in . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2326 Monday, January 25, 2016 1:25 PM network area . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . next-server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . no clock summer-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . no clock timezone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . no crypto certificate . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2327 Monday, January 25, 2016 1:25 PM peer-keepalive enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 609 peer-keepalive timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 610 periodic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2271 permit (management) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1053 permit ip host mac host . . . . . . . .
2CSNXXX_SWUM204.book Page 2328 Monday, January 25, 2016 1:25 PM Q quit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2285 R radius-erver attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 934 radius-server attribute 25 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 937 radius-server attribute 31 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2329 Monday, January 25, 2016 1:25 PM route-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1572 router bgp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1233 router ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1765 router rip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1876 router-id . . .
2CSNXXX_SWUM204.book Page 2330 Monday, January 25, 2016 1:25 PM sflow sampling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2106 sflow sampling (Interface Mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . 2107 show aaa ias-users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 885 show aaa servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 947 show aaa statistics . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2331 Monday, January 25, 2016 1:25 PM show captive-portal configuration client status . . . . . . . . . . . . . . . . 1018 show captive-portal configuration interface . . . . . . . . . . . . . . . . . . . 1027 show captive-portal configuration locales . . . . . . . . . . . . . . . . . . . . . 1028 show captive-portal configuration status . . . . . . . . . . . . . . . . . . . . . 1029 show captive-portal interface client status . . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2332 Monday, January 25, 2016 1:25 PM show dot1x authentication-history . . . . . . . . . . . . . . . . . . . . . . . . . . . 989 show dot1x clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 991 show dot1x interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 993 show dot1x interface statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 994 show dot1x users . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2333 Monday, January 25, 2016 1:25 PM show interfaces random-detect . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 739 show interfaces status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 414 show interfaces status err-disabled . . . . . . . . . . . . . . . . . . . . . . . . . . . 496 show interfaces switchport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 815 show interfaces traffic . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2334 Monday, January 25, 2016 1:25 PM show ip dhcp snooping statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357 show ip dvmrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1499 show ip dvmrp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1500 show ip dvmrp neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1500 show ip dvmrp nexthop . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2335 Monday, January 25, 2016 1:25 PM show ip ospf interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1781 show ip ospf interface brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1783 show ip ospf interface stats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1784 show ip ospf neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1787 show ip ospf range . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2336 Monday, January 25, 2016 1:25 PM show ipv6 dhcp binding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1470 show ipv6 dhcp interface (Privileged EXEC) . . . . . . . . . . . . . . . . . . 1472 show ipv6 dhcp interface (User EXEC) . . . . . . . . . . . . . . . . . . . . . . 1471 show ipv6 dhcp interface out-of-band statistics . . . . . . . . . . . . . . . . . 520 show ipv6 dhcp pool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2337 Monday, January 25, 2016 1:25 PM show ipv6 ospf interface vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1852 show ipv6 ospf neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1853 show ipv6 ospf range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1854 show ipv6 ospf stub table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1855 show ipv6 ospf virtual-link brief . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2338 Monday, January 25, 2016 1:25 PM show lldp med . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 588 show lldp med interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589 show lldp med local-device detail . . . . . . . . . . . . . . . . . . . . . . . . . . . . 590 show lldp med remote-device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 591 show lldp remote-device . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2339 Monday, January 25, 2016 1:25 PM show passwords configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1071 show passwords result . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1073 show policy-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 741 show policy-map interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 742 show port protocol . . . . . . . . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2340 Monday, January 25, 2016 1:25 PM show sntp configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1940 show sntp server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1941 show sntp status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1942 show spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 753 show spanning-tree summary . . . . . . .
2CSNXXX_SWUM204.book Page 2341 Monday, January 25, 2016 1:25 PM show vlan private-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 822 show vlan remote-span . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 676 show voice vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 851 show vpc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 612 show vpc brief . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2342 Monday, January 25, 2016 1:25 PM source-ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 953 spanning-tree . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 761 spanning-tree auto-portfast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 762 spanning-tree backbonefast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 763 spanning-tree bpdu flooding . . . .
2CSNXXX_SWUM204.book Page 2343 Monday, January 25, 2016 1:25 PM state . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2303 storm-control broadcast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1043 storm-control multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1044 storm-control unicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1046 support-assist . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2344 Monday, January 25, 2016 1:25 PM time-range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2269 timers bgp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1401 timers pacing flood . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1798 timers pacing lsa-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1799 timers spf . . . . . . . . . . .
2CSNXXX_SWUM204.book Page 2345 Monday, January 25, 2016 1:25 PM V verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1015 vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 840 vlan association mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 841 vlan association subnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 842 vlan makestatic . . . .
2CSNXXX_SWUM204.
2CSNXXX_SWUM204.book Page 1 Monday, January 25, 2016 1:25 PM Printed in the U.S.A. w w w. del l . co m | s upp ort . del l .
2CSNXXX_SWUM204.