Dell EMC Networking N-Series N1100-ON, N1500, N2000, N2100-ON, N2200-ON, N3000ON, N3100-ON, and N3200-ON Switches CLI Reference Guide Version 6.
Notes NOTE: A NOTE indicates important information that helps you make better use of your computer. CAUTION: A CAUTION indicates potential damage to hardware or loss of data if instructions are not followed. ____________________ Information in this publication is subject to change without notice. Copyright © 2021 Dell EMC Inc. All rights reserved. Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden. This product is protected by U.S.
Contents 1 Dell EMC Networking CLI Introduction . . . . . . . . . . . . 97 . . . . . . . . . . . . . . . . . . . . 97 Command Groups Mode Types . . . . . . . . . . . . . . . . . 97 . . . . . . . . . . . . . . . . . . . . 103 Layer 2 Commands Security Commands 161 . . . . . . . . . . . . Switch Management Commands 207 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Introduction 160 . . . . . . . . . . . . . . Layer 3 Routing Commands Using the CLI 143 . . . . . . . . . .
3 Layer 2 Switching Commands 279 . . . . . . . . ACL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281 ACL Logging . . . . . . . . . . . . . . . . . . . . 281 ip access-list . . . . . . . . . . . . . . . . . . . . 284 deny | permit (IP ACL) . . . . . . . . . . . . . . . deny | permit (Mac-Access-List-Configuration) ip access-group . . 291 . . . . . . . . . . . . . . . . . . 294 mac access-group . . . . . . . . . . . . . . . . . mac access-list extended . . . . . .
switchport port-security (Global Configuration) . . 313 switchport port-security (Interface Configuration) 317 show mac address-table multicast show mac address-table . . . . . . . . . 322 . . . . . . . . . . . . . 323 show mac address-table address show mac address-table count . . . . . . . . . 324 . . . . . . . . . . 325 show mac address-table dynamic . . . . . . . . . 326 show mac address-table interface . . . . . . . . 327 . . . . . . . . . . 328 . . . . . . . . . . . 329 . . . .
isdp enable . . . . . . . . . . . . . . . . . . . . . isdp holdtime 345 . . . . . . . . . . . . . . . . . . . . 345 isdp timer . . . . . . . . . . . . . . . . . . . . . . 346 show isdp . . . . . . . . . . . . . . . . . . . . . . 347 show isdp entry . . . . . . . . . . . . . . . . . . . 348 show isdp interface . . . . . . . . . . . . . . . . 349 show isdp neighbors . . . . . . . . . . . . . . . . 350 . . . . . . . . . . . . . . . . . .
show dhcp l2relay remote-id vlan . . . . . . . . . clear dhcp l2relay statistics interface . . . . . . . 362 363 DHCP Snooping Commands . . . . . . . . . . . . . . . . . . . .364 clear ip dhcp snooping binding . . . . . . . . . . 364 . . . . . . . . . 365 . . . . . . . . . . . . . . . . . . 366 clear ip dhcp snooping statistics ip dhcp snooping ip dhcp snooping binding . . . . . . . . . . . . . 367 . . . . . . . . . . . .
ipv6 dhcp snooping vlan . . . . . . . . . . . . . . ipv6 dhcp snooping binding . . . . . . . . . . . . 381 . . . . . . . . . . . 382 ipv6 dhcp snooping database ipv6 dhcp snooping database write-delay ipv6 dhcp snooping limit . . . . . 382 . . . . . . . . . . . . . . 383 ipv6 dhcp snooping log-invalid ipv6 dhcp snooping trust 380 . . . . . . . . . . . 384 . . . . . . . . . . . . . . 385 ipv6 dhcp snooping verify mac-address . . . . . . 386 ipv6 verify binding . . . . . . . . . . . . .
ip arp inspection filter . . . . . . . . . . . . . . . 397 ip arp inspection limit . . . . . . . . . . . . . . . 398 ip arp inspection trust . . . . . . . . . . . . . . . 399 ip arp inspection validate . . . . . . . . . . . . . 400 . . . . . . . . . . . . . . . 401 . . . . . . . . . . . . . . 402 . . . . . . . . . . . . . . . . 402 ip arp inspection vlan permit ip host mac host show arp access-list show ip arp inspection . . . . . . . . . . . . . . .
show interfaces configuration show interfaces counters . . . . . . . . . . . 427 . . . . . . . . . . . . . 428 show interfaces debounce . . . . . . . . . . . . . 433 show interfaces description . . . . . . . . . . . . 433 show interfaces detail . . . . . . . . . . . . . . . 434 show interfaces status . . . . . . . . . . . . . . . 436 show interfaces transceiver . . . . . . . . . . . . 438 . . . . . . . . . . . . . . . 439 . . . . . . . . . . . . . . . . . . .
service . . . . . . . . . . . . . . . . . . . . . . . ethernet cfm cc level . . . . . . . . . . . . . . . . ethernet cfm mep level . 459 . . . . . . . . . . . . . 460 . . . . . . . . . . . . . . 460 ethernet cfm mep archive-hold-time . . . . . . . 461 . . . . . . . . . . . . . . . 462 . . . . . . . . . . . . . . . . . 462 ethernet cfm mip level ping ethernet cfm 458 . . . . . . . . . . . . . . ethernet cfm mep enable ethernet cfm mep active 457 traceroute ethernet cfm . . . . . . . .
open-ring . . . . . . . . . . . . . . . . . . . . . . 477 instance . . . . . . . . . . . . . . . . . . . . . . 478 . . . . . . . . . . . . . . . . . . . . . . . . 479 . . . . . . . . . . . . . . . . . . . . . . . . . . 480 profile rpl inclusion-list . . . . . . . . . . . . . . . . . . . . ethernet tcn-propagation . . . . . . . . . . . . . 484 . . . . . . . . . . . . . . . . . . . . 485 . . . . . . . . . . . . . . . . . . . . . . . . 486 aps-channel level . raps-vlan g8032 482 . . . .
green-mode eee . . . . . . . . . . . . . . . . . . green-mode eee { tx-idle-time | tx-wake-time} 505 . . 505 clear green-mode statistics . . . . . . . . . . . . 506 green-mode eee-lpi-history . . . . . . . . . . . . 507 show green-mode interface-id show green-mode . . . . . . . . . . 508 . . . . . . . . . . . . . . . . . 512 show green-mode eee-lpi-history interface . . . . 513 GMRP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . .516 gmrp enable . . . . . . . . . . . . .
ip igmp snooping . . . . . . . . . . . . . . . . . . show ip igmp snooping . . . . . . . . . . . . . . . 530 531 show ip igmp snooping groups . . . . . . . . . . . 532 show ip igmp snooping mrouter . . . . . . . . . . 534 ip igmp snooping vlan immediate-leave . . . . . . 535 ip igmp snooping vlan groupmembership-interval . 536 ip igmp snooping vlan last-member-query-interval 536 ip igmp snooping vlan mcrtrexpiretime . . . . . . 537 . . . . . . . 538 . . . . . . 539 . . . . . . . . . . .
show interfaces status err-disabled . . . . . . . . 555 IP Device Tracking Commands . . . . . . . . . . . . . . . . .558 ip device tracking . . . . . . . . . . . . . . . . . ip device tracking probe . . . . . . . . . . . . . . ip device tracking probe interval 558 561 . . . . . . . . . 562 ip device tracking probe count . . . . . . . . . . 563 ip device tracking probe delay . . . . . . . . . . . 564 ip device tracking probe auto-source fallback . . 565 . . . . . . . . . . . .
ipv6 mld snooping vlan mcrtrexpiretime . . . . . . 588 . . . . . . . . . . 588 . . . . . . . . . . . . . 589 . . . . . . . . . . . . . . 590 ipv6 mld snooping vlan mrouter ipv6 mld snooping (Global) show ipv6 mld snooping show ipv6 mld snooping groups . . . . . . . . . . show ipv6 mld snooping mrouter . . . . . . . . . . 592 593 IPv6 MLD Snooping Querier Commands . . . . . . . . 595 ipv6 mld snooping querier . . . . . . . . . . . . .
iscsi enable . show iscsi . . . . . . . . . . . . . . . . . . . . 609 . . . . . . . . . . . . . . . . . . . . . 610 Link Dependency Commands . . . . . . . . . . . . . . . . . .612 action . . . . . . . . . . . . . . . . . . . . . . . . link-dependency group add 612 . . . . . . . . . . . . . . 613 . . . . . . . . . . . . . . . . . . . . . . . . . 613 depends-on . . . . . . . . . . . . . . . . . . . . . show link-dependency . . . . . . . . . . . . . . . 614 615 LLDP Commands . . . . . . . . .
show lldp . . . . . . . . . . . . . . . . . . . . . . show lldp interface . . . . . . . . . . . . . . . . . show lldp local-device show lldp med 628 629 . . . . . . . . . . . . . . . 631 . . . . . . . . . . . . . . . . . . . 632 show lldp med interface . . . . . . . . . . . . . . show lldp med local-device detail . . . . . . . . . 633 . . . . . . . . . . . 635 . . . . . . . . . . . . . . 637 . . . . . . . . . . . . . . . . .
peer-keepalive timeout . . . . . . . . . . . . . . 655 . . . . . . . . . . . . . . . . . . . . . 656 . . . . . . . . . . . . . . . . . . . . . . 657 role priority show vpc show vpc brief . . . . . . . . . . . . . . . . . . . show vpc consistency-parameters . . . . . . . . 660 . . . . . . . . . . 662 . . . . . . . . . . . . . 663 . . . . . . . . . . . . . . . . . . . 663 show vpc consistency-features show vpc peer-keepalive show vpc role show vpc statistics . system-mac . . . . . . . . .
mvr type . . . . . . . . . . . . . . . . . . . . . . mvr vlan group show mvr 677 . . . . . . . . . . . . . . . . . . . 678 . . . . . . . . . . . . . . . . . . . . . . 679 show mvr members . . . . . . . . . . . . . . . . . 681 . . . . . . . . . . . . . . . . . 682 . . . . . . . . . . . . . . . . . . 683 show mvr interface show mvr traffic Port Channel Commands . . . . . . . . . . . . . . . . . . . . . . 686 Static LAGS . . . . . . . . . . . . . . . . . . . . . VLANs and LAGs . . . . . . .
port-channel local-preference . port-channel min-links . . . . . . . . . . 696 . . . . . . . . . . . . . . . 698 show interfaces port-channel show lacp . . . . . . . . . . . 698 . . . . . . . . . . . . . . . . . . . . . 700 show statistics port-channel . . . . . . . . . . . . 701 Port Monitor Commands . . . . . . . . . . . . . . . . . . . . . . .704 destination . . . . . . . . . . . . . . . . . . . . . destination interface 705 . . . . . . . . . . . . . . . . 705 . . . . . . . . . . . . .
source . . . . . . . . . . . . . . . . . . . . . . . source interface . . . . . . . . . . . . . . . . . . 727 728 show monitor capture . . . . . . . . . . . . . . . 729 show monitor session . . . . . . . . . . . . . . . 730 . . . . . . . . . . . . . . 732 show vlan remote-span QoS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 734 Access Control Lists Layer 2 ACLs . . . . . . . . . . . . . . . . 734 . . . . . . . . . . . . . . . . . . . . 735 Layer 3/4 IPv4 ACLs . .
cos-queue random-detect . . . . . . . . . . . . . 750 . . . . . . . . . . . . . . . . . . 753 . . . . . . . . . . . . . . . . . . . . . . . 754 . . . . . . . . . . . . . . . . . . . . . . . . 755 cos-queue strict diffserv drop . mark cos . . . . . . . . . . . . . . . . . . . . . . mark ip-dscp . . . . . . . . . . . . . . . . . . . . 756 757 mark ip-precedence . . . . . . . . . . . . . . . . 758 match access-group . . . . . . . . . . . . . . . . 759 . . . . . . . . . . . . . . . . . .
match source-address mac match srcip . . . . . . . . . . . . 774 . . . . . . . . . . . . . . . . . . . . . 775 match srcip6 . . . . . . . . . . . . . . . . . . . . match srcl4port . . . . . . . . . . . . . . . . . . . 776 . . . . . . . . . . . . . . . . . . . . . 777 . . . . . . . . . . . . . . . . . . . . . . . . 778 match vlan mirror police-simple . . . . . . . . . . . . . . . . . . . . police-single-rate policy-map 780 . . . . . . . . . . . . . . . . . . . 782 . . . . . . . . . . .
show interfaces cos-queue . . . . . . . . . . . . show interfaces random-detect show interfaces traffic . . . . . . . . . . 803 . . . . . . . . . . . . . . . 805 show interfaces utilization show policy-map 801 . . . . . . . . . . . . . 806 . . . . . . . . . . . . . . . . . . 809 show policy-map interface . . . . . . . . . . . . . 810 . . . . . . . . . . . . . . . . 811 traffic-shape . . . . . . . . . . . . . . . . . . . . 812 vlan priority . . . . . . . . . . . . . . . . . . . . .
spanning-tree bpdu flooding . . . . . . . . . . . . spanning-tree bpdu-protection spanning-tree cost 833 . . . . . . . . . . 834 . . . . . . . . . . . . . . . . . 835 spanning-tree disable . . . . . . . . . . . . . . . spanning-tree forward-time spanning-tree guard 836 . . . . . . . . . . . . 837 . . . . . . . . . . . . . . . . 838 spanning-tree loopguard . . . . . . . . . . . . . . 839 spanning-tree max-age . . . . . . . . . . . . . . 839 spanning-tree max-hops . . . . . . . . . . .
spanning-tree uplinkfast spanning-tree vlan . . . . . . . . . . . . . . 853 . . . . . . . . . . . . . . . . . 854 spanning-tree vlan forward-time . . . . . . . . . 855 . . . . . . . . . . . 856 . . . . . . . . . . . . 857 . . . . . . . . . . . . . . 858 spanning-tree vlan hello-time spanning-tree vlan max-age spanning-tree vlan root spanning-tree vlan priority . . . . . . . . . . . . . 859 UDLD Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Protocol Based VLANs . . . . . . . . . . . . . . . IP Subnet Based VLANs MAC-Based VLANs . . . . . . . . . . . . . . . 872 . . . . . . . . . . . . . . . . 872 Private VLAN Commands . interface vlan . . . . . . . . . . . . . 873 . . . . . . . . . . . . . . . . . . . . 876 interface range vlan . . . . . . . . . . . . . . . . name (VLAN Configuration) private-vlan 877 . . . . . . . . . . . . 878 . . . . . . . . . . . . . . . . . . . . . 879 protocol group . . . . . . . . . . . . . . . . .
switchport dot1q ethertype (Interface Configuration) 897 switchport general forbidden vlan . . . . . . . . . 899 switchport general acceptable-frame-type tagged-only 900 switchport general allowed vlan . . . . . . . . . . switchport general ingress-filtering disable . . . . 901 . . . . . . . . . . . . . . 902 . . . . . . . . . . . . . . . . . . 903 switchport general pvid switchport mode 900 switchport mode dot1q-tunnel . . . . . . . . . . . 904 switchport mode private-vlan . . . . . . . .
switchport voice vlan . . . . . . . . . . . . . . . . switchport voice vlan (Interface) switchport voice vlan priority 920 . . . . . . . . . 920 . . . . . . . . . . . 925 authentication event server dead action authorize voice 926 show voice vlan . . . . . . . . . . . . . . . . . . 927 Multiple MAC Registration Protocol Commands . 929 clear mmrp statistics mmrp . . . . . . . . . . . . . . . . 929 . . . . . . . . . . . . . . . . . . . . . . . . 930 mmrp global . . . . . . . . . . . . . . . .
Administrative Authentication . . . . . . . . . . . 944 . . . . . . . . . . . . 945 . . . . . . . . . . . . . 946 . . . . . . . . . . . . . . . . 946 Administrative Accounting . Accounting Method Lists Access Line Modes Command Authorization . . . . . . . . . . . . . . 947 Network Authentication . . . . . . . . . . . . . . 947 Local 802.1x Authentication Server . . . . . . . . 947 . . . . . . . . . . . . 948 . . . . . . . . . . . . . . . . . . . .
authentication command . . . . . . . . . . . . . . authentication control-direction . . . . . . . . . . 971 authentication critical recovery . . . . . . . . . . 972 authentication dynamic-vlan enable . authentication enable . . . . . . . 973 . . . . . . . . . . . . . . . 974 authentication event server dead action . . . . . 975 authentication event server alive action . . . . . . 976 authentication open . . . . . . . . . . . . . . . . 977 authentication order . . . . . . . . . . . . .
ip https authentication mab . . . . . . . . . . . . . . . 990 . . . . . . . . . . . . . . . . . . . . . . . . . 991 password (AAA IAS User Configuration) . . . . . 992 . . . . . . . . . . . . . . . 993 show aaa ias-users . . . . . . . . . . . . . . . . 994 show aaa statistics . . . . . . . . . . . . . . . . . 995 password (User Exec) show accounting methods . . . . . . . . . . . . . 996 . . . . . . . . . . . . . 997 . . . . . . . . . . . . . . . . 997 show accounting update .
rule . . . . . . . . . . . . . . . . . . . . . . . . show admin-profiles . . . . . . . . . . . . . . . show admin-profiles brief show cli modes 1015 1016 . . . . . . . . . . . . 1017 . . . . . . . . . . . . . . . . . . 1017 E-mail Alerting Commands . . . . . . . . . . . . . . . . . . . 1019 logging email . . . . . . . . . . . . . . . . . . . logging email urgent . . . . . . . . . . . . . . . logging email message-type to-addr . logging email from-addr 1021 . . . . . . 1022 . . . . . . . .
RADIUS Change of Authorization . . . . . . . . 1034 . . . . . . . . . . . . . . . . . . . . . 1036 attribute 6 . . . . . . . . . . . . . . . . . . . . 1036 attribute 8 . . . . . . . . . . . . . . . . . . . . 1038 attribute 25 . . . . . . . . . . . . . . . . . . . . 1038 acct-port attribute mac format . . . . . . . . . . . . . . . 1039 attribute 32 . . . . . . . . . . . . . . . . . . . . 1041 attribute 44 . . . . . . . . . . . . . . . . . . . . 1042 . . . . . . . . . . . . . . . . . .
radius server attribute 25 . . . . . . . . . . . . . 1056 radius server attribute 32 . . . . . . . . . . . . . 1057 radius server attribute 44 . . . . . . . . . . . . . 1058 radius server attribute mac format . radius server attribute 168 . . . . . . . 1059 . . . . . . . . . . . . 1061 radius server dead-criteria . . . . . . . . . . . . 1062 . . . . . . . . . . . . . . 1063 . . . . . . . . . . . . . . . . . . . 1064 radius server deadtime radius server radius server key . . . . . . .
TACACS+ Commands . . . . . . . . . . . . . . . . . . . . . . . .1086 key . . . . . . . . . . . . . . . . . . . . . . . . 1086 port . . . . . . . . . . . . . . . . . . . . . . . . 1088 priority . . . . . . . . . . . . . . . . . . . . . . show tacacs . . . . . . . . . . . . . . . . . . . 1088 1089 tacacs-server host . . . . . . . . . . . . . . . . 1090 tacacs-server key . . . . . . . . . . . . . . . . 1091 tacacs-server source-interface . . . . . . . . . 1092 . . . . . . . . . . . . . .
authentication max-users . . . . . . . . . . . . 1108 . . . . . . . . . . . 1109 . . . . . . . . . . . . . 1111 . . . . . . . . . . . . . . . 1112 authentication port-control authentication periodic . clear dot1x statistics dot1x supplicant user . . . . . . . . . . . . . . . dot1x system-auth-control . . . . . . . . . . . . 1114 . . . . . . . . . . . . . . 1115 . . . . . . . . . . . . . . . . . . . 1116 authentication monitor dot1x timeout authentication timer reauthenticate . . . . . .
802.1x Advanced Features . . . . . . . . . . . . authentication event no-response . . . . . . . . 1140 . . . . . . . . . . . . . 1141 . . . . . . . . . . . . . . 1142 authentication event fail show dot1x advanced 1140 Captive Portal Commands . . . . . . . . . . . . . . . . . . . .1144 Captive Portal Administrative Profile Commands 1144 authentication timeout . . . . . . . . . . . . . . 1144 . . . . . . . . . . . . . . . . . . 1145 . . . . . . . . . . . . . . . . . . . . . .
protocol . . . . . . . . . . . . . . . . . . . . . . 1154 redirect . . . . . . . . . . . . . . . . . . . . . . 1154 redirect-url . . . . . . . . . . . . . . . . . . . . session-timeout verification 1155 . . . . . . . . . . . . . . . . . 1156 . . . . . . . . . . . . . . . . . . . . 1157 Captive Portal Client Connection Commands . . 1158 . . . . . . . 1158 . . . . . . . .
show captive-portal configuration . . . . . . . . show captive-portal configuration interface . . 1169 . . . 1170 . . . . 1171 . . . . . 1172 . . . . . . . . . . . . . . . . . . . . 1172 show captive-portal configuration locales show captive-portal configuration status Captive Portal User Group Commands . user group 1168 user group moveusers user group name . . . . . . . . . . . . . . 1172 . . . . . . . . . . . . . . . . . 1173 Denial of Service Commands . . . . . . . . . . . . . . . . .
deny (management) . . . . . . . . . . . . . . . management access-class 1190 . . . . . . . . . . . 1191 management access-list . . . . . . . . . . . . . 1192 no priority (management) . . . . . . . . . . . . 1193 . . . . . . . . . . . . . . 1194 permit (management) . show management access-class show management access-list . . . . . . . . . 1195 . . . . . . . . . 1196 Password Management Commands . . . . . . . . . . . 1198 Configurable Minimum Password Length . . . . 1198 . . . . . . .
passwords strength minimum special-characters 1207 passwords strength max-limit consecutive-characters 1207 passwords strength max-limit repeated-characters 1208 passwords strength minimum character-classes 1209 passwords strength exclude-keyword enable password encrypted . . . . . 1210 . . . . . . . . . . . 1211 show passwords configuration show passwords result . . . . . . . . . 1211 . . . . . . . . . . . . . 1213 SSH Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ssh session-limit ssh time-out . . . . . . . . . . . . . . . . . 1226 . . . . . . . . . . . . . . . . . . . 1227 show crypto key mypubkey . . . . . . . . . . . show crypto key pubkey-chain ssh . . . . . . . 1229 . . . . . . . . . . . . . . . . . . . . 1230 . . . . . . . . . . . . . . . . . . . . . 1232 show ip ssh show ssh 5 1228 Data Center Technology Commands . . 1233 OpenFlow Commands . . . . . . . . . . . . . . . . . . . . . . . 1234 controller . . . . . . . . . . . . . . . . . . .
arp cachesize . . . . . . . . . . . . . . . . . . arp dynamicrenew arp purge 1257 . . . . . . . . . . . . . . . . 1257 . . . . . . . . . . . . . . . . . . . . . 1259 arp resptime . . . . . . . . . . . . . . . . . . . 1260 arp retries . . . . . . . . . . . . . . . . . . . . 1260 arp timeout . . . . . . . . . . . . . . . . . . . . 1261 clear arp-cache . . . . . . . . . . . . . . . . . clear arp-cache management . . . . . . . . . . 1263 . . . . . . . . . . . . . . . . 1264 . . . . . . .
address-family . . . . . . . . . . . . . . . . . . address-family ipv4 vrf address-family ipv6 . . . . . . . . . . . . . . . 1281 . . . . . . . . . . . . . . . 1282 address-family vpnv4 unicast aggregate-address 1279 . . . . . . . . . . 1283 . . . . . . . . . . . . . . . . 1284 bgp aggregate-different-meds (BGP Router Configuration) 1286 bgp aggregate-different-meds (IPv6 Address Family Configuration) . . . . . . . . . . . . . . . . . . 1287 bgp always-compare-med . . . . . . . . . . . .
default-information originate (BGP Router Configuration) 1301 default-information originate (IPv6 Address Family Configuration) . . . . . . . . . . . . . . . . . . default metric (BGP Router Configuration) . . . 1302 1303 default metric (IPv6 Address Family Configuration) 1304 distance . . . . . . . . . . . . . . . . . . . . . distance bgp (BGP Router Configuration) . . . . 1305 1306 distance bgp (IPv6 Address Family Configuration) 1307 distribute-list prefix in . . . . . . . . . . . . . .
maximum-paths ibgp (BGP Router Configuration) 1324 maximum-paths ibgp (IPv6 Address Family Configuration) 1325 neighbor activate . . . . . . . . . . . . . . . . . 1326 neighbor advertisement-interval (BGP Router Configuration) . . . . . . . . . . . . . . . . . . 1327 neighbor advertisement-interval (IPv6 Address Family Configuration) . . . . . . . . . . . . . . . . . . 1328 neighbor allowas-in . . . . . . . . . . . . . . . neighbor connect-retry-interval . . . . . . . . .
neighbor next-hop-self (IPv6 Address Family Configuration) 1349 neighbor password . . . . . . . . . . . . . . . . neighbor prefix-list (BGP Router Configuration) . 1350 1351 neighbor prefix-list (IPv6 Address Family Configuration) 1352 neighbor remote-as . . . . . . . . . . . . . . . neighbor remove-private-as 1353 . . . . . . . . . . . 1355 . . . . . . . . . . . .
redistribute (BGP IPv6) route-target . . . . . . . . . . . . . . . 1375 . . . . . . . . . . . . . . . . . . . 1377 set extcommunity rt . . . . . . . . . . . . . . . 1378 . . . . . . . . . . . . . . 1380 . . . . . . . . . . . . . . . . . . 1381 set extcommunity soo show bgp ipv6 show bgp ipv6 aggregate-address . show bgp ipv6 community . . . . . . . 1383 . . . . . . . . . . . . 1385 show bgp ipv6 community-list . . . . . . . . . . 1386 . . . . . . . . . . . 1388 . . . . . . . . . . . .
show ip bgp extcommunity-list . . . . . . . . . 1413 . . . . . . . . . . . . . 1414 . . . . . . . . . . . . . . 1415 show ip bgp listen range show ip bgp neighbors show ip bgp neighbors advertised-routes . . . . 1422 . . . . . 1423 show ip bgp neighbors policy . . . . . . . . . . 1425 show ip bgp route-reflection . . . . . . . . . . . 1427 show ip bgp statistics . . . . . . . . . . . . . . 1428 show ip bgp summary . . . . . . . . . . . . . . 1430 show ip bgp template . . . . . . .
ip community-list ip prefix-list . . . . . . . . . . . . . . . . . 1453 . . . . . . . . . . . . . . . . . . . . 1454 ip prefix-list description . . . . . . . . . . . . . 1456 ipv6 prefix-list . . . . . . . . . . . . . . . . . . . 1457 match as-path . . . . . . . . . . . . . . . . . . 1460 match community . . . . . . . . . . . . . . . . match ip address prefix-list . . . . . . . . . . . match ipv6 address prefix-list 1463 . . . . . . . . . . . 1464 . . . . . . . . . . . . . 1465 . . .
DVMRP Commands . . . . . . . . . . . . . . . . . . . . . . . . . .1480 ip dvmrp . . . . . . . . . . . . . . . . . . . . . ip dvmrp metric . show ip dvmrp 1480 . . . . . . . . . . . . . . . . . 1481 . . . . . . . . . . . . . . . . . . 1482 show ip dvmrp interface . . . . . . . . . . . . . 1482 show ip dvmrp neighbor . . . . . . . . . . . . . 1483 show ip dvmrp nexthop . . . . . . . . . . . . . 1484 . . . . . . . . . . . . . . 1485 . . . . . . . . . . . . . . . 1485 show ip dvmrp prune .
show ip igmp membership . . . . . . . . . . . . show ip igmp interface stats . . . . . . . . . . . 1498 1499 IGMP Proxy Commands . . . . . . . . . . . . . . . . . . . . . 1500 ip igmp proxy-service . . . . . . . . . . . . . . ip igmp proxy-service reset-status . . . . . . . . ip igmp proxy-service unsolicit-rprt-interval . show ip igmp proxy-service 1501 . . 1502 . . . . . . . . . . . 1502 show ip igmp proxy-service interface show ip igmp-proxy groups 1500 . . . . . . 1503 . . . . . . . .
ip helper enable . . . . . . . . . . . . . . . . . show ip helper-address show ip dhcp relay 1522 . . . . . . . . . . . . . 1523 . . . . . . . . . . . . . . . . 1524 show ip helper statistics . . . . . . . . . . . . . 1525 IP Routing Commands . . . . . . . . . . . . . . . . . . . . . . . .1529 Static Routes/ECMP Static Routes . . . . . . . 1529 . . . . . . . . . . . . . . . 1530 Default Routes . . . . . . . . . . . . . . . . . . 1530 encapsulation . . . . . . . . . . . . . . . . . .
ip unreachables . . . . . . . . . . . . . . . . . 1548 match ip address . . . . . . . . . . . . . . . . . 1549 . . . . . . . . . . . . . . . . . . . 1552 match length match mac-list route-map . . . . . . . . . . . . . . . . . . 1553 . . . . . . . . . . . . . . . . . . . . 1554 set interface null0 . . . . . . . . . . . . . . . . set ip default next-hop set ip next-hop . . . . . . . . . . . . . . 1557 . . . . . . . . . . . . . . . . . . 1558 set ip precedence show ip brief . . . . . . .
IPv6 Limitations & Restrictions . . . . . . . . . 1580 . . . . . . . . . . . . . . . 1580 . . . . . . . . . . . . . . . . . . 1581 clear ipv6 neighbors clear ipv6 ospf clear ipv6 ospf configuration . . . . . . . . . . . 1582 clear ipv6 ospf counters . . . . . . . . . . . . . 1582 clear ipv6 ospf neighbor . . . . . . . . . . . . . 1583 clear ipv6 ospf redistribution . . . . . . . . . . . 1584 . . . . . . . . . . . . 1584 . . . . . . . . . . . . . . . 1585 . . . . . . . . . . . . . . .
ipv6 nd dad attempts . . . . . . . . . . . . . . . ipv6 nd ra hop-limit unspecified . . . . . . . . . 1596 . . . . . . . . . . 1597 . . . . . . . . . . . . . . . . 1597 ipv6 nd managed-config-flag . ipv6 nd ns-interval ipv6 nud max-multicast-solicits . . . . . . . . . 1598 . . . . . . . . . . 1599 . . . . . . . . . . . . . . . . . 1600 ipv6 nud max-unicast-solicits ipv6 nd nud retry ipv6 nd other-config-flag ipv6 nd prefix . . . . . . . . . . . . . 1601 . . . . . . . . . . . . . . . . .
show ipv6 interface . . . . . . . . . . . . . . . show ipv6 mld groups . . . . . . . . . . . . . . show ipv6 mld interface . . . . . . . . . . . . . show ipv6 mld host-proxy . . . . . . . . . . . . show ipv6 mld host-proxy groups . . . . . . . . show ipv6 mld host-proxy groups detail 1617 1620 1622 1623 . . . . . 1625 . . . . . . . 1626 . . . . . . . . . . . . . . . 1627 show ipv6 mld host-proxy interface show ipv6 mld traffic 1615 show ipv6 nd raguard policy . . . . . . . . . . .
clear ip mroute . . . . . . . . . . . . . . . . . . ip multicast boundary ip mroute . . . . . . . . . . . . . . 1647 . . . . . . . . . . . . . . . . . . . . . 1648 ip multicast-routing . . . . . . . . . . . . . . . . ip multicast ttl-threshold ip pim 1650 . . . . . . . . . . . . . . . . . . . . . . . 1651 . . . . . . . . . . . . . . . . . ip pim bsr-candidate ip pim dr-priority 1652 . . . . . . . . . . . . . . . . 1653 . . . . . . . . . . . . . . . . . 1654 ip pim hello-interval . . .
show ip mroute group . . . . . . . . . . . . . . show ip mroute source . . . . . . . . . . . . . . 1665 . . . . . . . . . . . . . . 1665 . . . . . . . . . . . . . . . . . . . 1666 show ip mroute static show ip pim . 1664 show ip pim bsr-router . . . . . . . . . . . . . . 1667 show ip pim interface . . . . . . . . . . . . . . 1668 show ip pim neighbor . . . . . . . . . . . . . . 1670 . . . . . . . . . . . . . . . 1671 show ip pim rp-hash show ip pim rp mapping show ip pim statistics .
ipv6 pim rp-candidate . . . . . . . . . . . . . . 1682 ipv6 pim sparse-mode . . . . . . . . . . . . . . 1683 . . . . . . . . . . . . . . . . . . . 1684 . . . . . . . . . . . . . . . . . . 1685 ipv6 pim ssm show ipv6 pim show ipv6 pim bsr-router . . . . . . . . . . . . . 1685 . . . . . . . . . . . . . 1689 . . . . . . . . . . . . 1690 show ipv6 pim interface . . . . . . . . . . . . . 1691 show ipv6 pim neighbor . . . . . . . . . . . . . 1692 . . . . . . . . . . . . . .
vrf (IP SLA) . . . . . . . . . . . . . . . . . . . . clear ip sla statistics . . . . . . . . . . . . . . . show ip sla configuration 1710 . . . . . . . . . . . . 1710 . . . . . . . . . . . . . . . 1712 . . . . . . . . . . . . . . . . . . . . 1713 show ip sla statistics show track 1708 OSPF Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . .1716 Route Preferences . . . . . . . . . . . . . . . . OSPF Equal Cost Multipath (ECMP) . . . . . . .
area virtual-link . . . . . . . . . . . . . . . . . . area virtual-link authentication 1730 . . . . . . . . . 1733 area virtual-link dead-interval . . . . . . . . . . 1734 area virtual-link hello-interval . . . . . . . . . . 1735 area virtual-link retransmit-interval . . . . . . . 1736 . . . . . . . . . 1737 . . . . . . . . . . . . . . . . . . . . . 1737 . . . . . . . . . . . . . . . . . . . . 1738 . . . . . . . . . . . . . . . . . . . . . . . .
ip ospf authentication ip ospf cost . . . . . . . . . . . . . . 1751 . . . . . . . . . . . . . . . . . . . . 1752 ip ospf database-filter all out . . . . . . . . . . 1752 ip ospf dead-interval . . . . . . . . . . . . . . . 1753 ip ospf hello-interval . . . . . . . . . . . . . . . 1754 . . . . . . . . . . . . . . . . 1754 . . . . . . . . . . . . . . . . . 1755 . . . . . . . . . . . . . . . . . . 1756 ip ospf mtu-ignore ip ospf network . ip ospf priority ip ospf retransmit-interval . . .
router-id . . . . . . . . . . . . . . . . . . . . . router ospf show ip ospf . . . . . . . . . . . . . . . . . . . . 1770 . . . . . . . . . . . . . . . . . . . 1771 show ip ospf abr . . . . . . . . . . . . . . . . . 1777 show ip ospf area . . . . . . . . . . . . . . . . 1778 show ip ospf asbr . . . . . . . . . . . . . . . . . 1780 show ip ospf database . . . . . . . . . . . . . . show ip ospf database database-summary show ip ospf interface . . . 1784 . . . . . . . . . . . . . .
timers spf . . . . . . . . . . . . . . . . . . . . . 1805 OSPFv3 Commands . . . . . . . . . . . . . . . . . . . . . . . . . .1806 area default-cost (Router OSPFv3) area nssa (Router OSPFv3) . . . . . . . . 1806 . . . . . . . . . . . 1807 area nssa default-info-originate (Router OSPFv3 Config) 1808 area nssa no-redistribute area nssa no-summary . area nssa translator-role . . . . . . . . . . . . 1809 . . . . . . . . . . . . . 1810 . . . . . . . . . . . . 1811 area nssa translator-stab-intv .
enable . . . . . . . . . . . . . . . . . . . . . . exit-overflow-interval . . . . . . . . . . . . . . 1824 . . . . . . . . . . . . . . . . 1824 . . . . . . . . . . . . . . . . . . . . . 1825 external-lsdb-limit ipv6 ospf ipv6 ospf area . ipv6 ospf cost . . . . . . . . . . . . . . . . . . 1826 . . . . . . . . . . . . . . . . . . . 1827 ipv6 ospf dead-interval . . . . . . . . . . . . . . 1827 ipv6 ospf hello-interval . . . . . . . . . . . . . . 1828 . . . . . . . . . . . . . . . 1829 .
redistribute (OSPFv3) . router-id . . . . . . . . . . . . . . 1839 . . . . . . . . . . . . . . . . . . . . . 1841 show ipv6 ospf . . . . . . . . . . . . . . . . . . show ipv6 ospf abr . . . . . . . . . . . . . . . . 1841 1845 show ipv6 ospf area . . . . . . . . . . . . . . . 1846 show ipv6 ospf asbr . . . . . . . . . . . . . . . 1847 show ipv6 ospf border-routers . show ipv6 ospf database . . . . . . . . . . 1848 . . . . . . . . . . . .
IPv6 Policy-Based Routing Commands . . . . . . . . 1867 ipv6 policy route-map . . . . . . . . . . . . . . 1867 . . . . . . . . . . . . . . . 1869 . . . . . . . . . . . . . . . . . 1870 match ipv6 address . set ipv6 next-hop set ipv6 default next-hop . . . . . . . . . . . . . 1871 . . . . . . . . . . . . . . . 1872 . . . . . . . . . . . . . . . . . 1873 set ipv6 precedence show ipv6 policy Router Discovery Protocol Commands . . . . . . . . 1875 ip irdp . . . . . . . . . . . . . . . . . . . .
hostroutesaccept ip rip . . . . . . . . . . . . . . . . 1887 . . . . . . . . . . . . . . . . . . . . . . . 1887 ip rip authentication . . . . . . . . . . . . . . . ip rip receive version . . . . . . . . . . . . . . . 1889 . . . . . . . . . . . . . . . . 1890 . . . . . . . . . . . . . . . . . 1890 . . . . . . . . . . . . . . . . . . . . . 1892 ip rip send version redistribute (RIP) router rip 1888 show ip rip . . . . . . . . . . . . . . . . . . . . show ip rip interface . . . . . . . . .
description ip vrf . . . . . . . . . . . . . . . . . . . . 1908 . . . . . . . . . . . . . . . . . . . . . . . 1909 ip vrf forwarding . . . . . . . . . . . . . . . . . 1910 maximum routes . . . . . . . . . . . . . . . . . 1912 . . . . . . . . . . . . . . . . . . . . 1913 show ip vrf show ipv6 vrf . . . . . . . . . . . . . . . . . . . 1914 Virtual Router Redundancy Protocol Commands 1916 Pingable VRRP Interface . . . . . . . . . . . . . VRRP Route/Interface Tracking . . . . . . . . .
vrrp timers learn . . . . . . . . . . . . . . . . . vrrp track interface . . . . . . . . . . . . . . . . 1927 . . . . . . . . . . . . . . . . 1928 . . . . . . . . . . . . . . . . . . . . 1929 vrrp track ip route show vrrp . 1926 show vrrp interface . . . . . . . . . . . . . . . 1931 Virtual Router Redundancy Protocol v3 Commands 1933 fhrp version vrrp v3 . vrrp . . . . . . . . . . . . . . . 1934 . . . . . . . . . . . . . . . . . . . . . . . . 1934 show vrrp . . . . . . . . . . . . . . .
application install . . . . . . . . . . . . . . . . . 1950 application start . . . . . . . . . . . . . . . . . 1951 application stop . . . . . . . . . . . . . . . . . 1952 show application . . . . . . . . . . . . . . . . . 1953 Auto-Install Commands . . . . . . . . . . . . . . . . . . . . . . 1955 boot auto-copy-sw . . . . . . . . . . . . . . . . boot auto-copy-sw allow-downgrade . . . . . . 1956 . . . . . . . . . . . . . . 1957 . . . . . . . . . . . . . . . 1958 . . . . . . . . . . . .
Clock Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . .1971 Real-time Clock . . . . . . . . . . . . . . . . . Simple Network Time Protocol 1971 . . . . . . . . . 1971 . . . . . . . . . . . . . 1972 show sntp server . . . . . . . . . . . . . . . . . 1972 show sntp status . . . . . . . . . . . . . . . . . 1974 sntp authenticate . . . . . . . . . . . . . . . . 1975 show sntp configuration sntp authentication-key . . . . . . . . . . . . . sntp broadcast client enable . . . .
Command Line Configuration Scripting Commands 1988 script apply . . . . . . . . . . . . . . . . . . . . 1988 . . . . . . . . . . . . . . . . . . . 1989 . . . . . . . . . . . . . . . . . . . . . 1989 script delete script list script show . . . . . . . . . . . . . . . . . . . . script validate . . . . . . . . . . . . . . . . . . 1990 1991 CLI Output Filtering Commands . . . . . . . . . . . . . . . 1992 show xxx|include “string” . . . . . . . . . . . .
erase . . . . . . . . . . . . . . . . . . . . . . . filedescr rename 2013 . . . . . . . . . . . . . . . . . . . . . 2013 . . . . . . . . . . . . . . . . . . . . . . 2014 show backup-config show bootvar . . . . . . . . . . . . . . . . 2015 . . . . . . . . . . . . . . . . . . 2016 show running-config . . . . . . . . . . . . . . . 2017 show startup-config . . . . . . . . . . . . . . . 2019 . . . . . . . . . . . . . . . . . . . . . . . 2020 write DHCP Client Commands . . . . . . . . . . .
hardware-address host . . . . . . . . . . . . . . . . 2035 . . . . . . . . . . . . . . . . . . . . . . . . 2035 ip dhcp bootp automatic . . . . . . . . . . . . . 2036 ip dhcp conflict logging . . . . . . . . . . . . . 2037 ip dhcp excluded-address . . . . . . . . . . . . 2038 . . . . . . . . . . . . . . . 2039 . . . . . . . . . . . . . . . . . . . . . . . 2039 ip dhcp ping packets lease netbios-name-server . . . . . . . . . . . . . . . 2041 . . . . . . . . . . . . . . . . 2041 . . .
dns-server (IPv6 DHCP Pool Config) . . . . . . . domain-name (IPv6 DHCP Pool Config) 2054 . . . . . 2055 ipv6 dhcp pool . . . . . . . . . . . . . . . . . . 2056 ipv6 dhcp relay . . . . . . . . . . . . . . . . . . 2057 ipv6 dhcp server . . . . . . . . . . . . . . . . . 2058 prefix-delegation . . . . . . . . . . . . . . . . . 2060 . . . . . . . . . . . . . . . . . . 2061 service dhcpv6 show ipv6 dhcp . . . . . . . . . . . . . . . . . . show ipv6 dhcp binding . . . . . . . . . . . . .
show hiveagent debug . . . . . . . . . . . . . . show hiveagent source-interface show hiveagent status 2078 . . . . . . . . 2078 . . . . . . . . . . . . . . 2079 show eula-consent hiveagent . . . . . . . . . . 2080 IP Addressing Commands . . . . . . . . . . . . . . . . . . . . 2082 clear host . . . . . . . . . . . . . . . . . . . . . clear ip address-conflict-detect . . . . . . . . . 2083 . . . . . . . . . . . . . . 2084 . . . . . . . . . . . . . . . . . . . .
ipv6 enable (Interface Configuration) . . . . . . 2099 ipv6 enable (OOB Configuration) . . . . . . . . . 2100 ipv6 gateway (OOB Configuration) . . . . . . . . 2101 . . . . . . . . . . . . . . . . . . . . 2101 show hosts show ip address-conflict . show ip helper-address . . . . . . . . . . . . 2102 . . . . . . . . . . . . . 2104 show ipv6 dhcp interface out-of-band statistics 2105 show ipv6 interface out-of-band . 2106 . . . . . . . . Line Commands . . . . . . . . . . . . . . . . . . .
show line speed . . . . . . . . . . . . . . . . . . . . . 2117 . . . . . . . . . . . . . . . . . . . . . . . 2118 terminal length . . . . . . . . . . . . . . . . . . 2119 MACsec Commands . . . . . . . . . . . . . . . . . . . . . . . . . 2120 mka policy (Global Config) key-server priority . . . . . . . . . . . . 2120 . . . . . . . . . . . . . . . . 2120 macsec-cipher-suite . . . . . . . . . . . . . . . 2121 confidentiality-offset . . . . . . . . . . . . . . . 2122 . . . . . . . . . . . . .
show key chain . . . . . . . . . . . . . . . . . . show mka statistics . . . . . . . . . . . . . . . show macsec secy statistics clear mka statistics 2135 2136 . . . . . . . . . . 2138 . . . . . . . . . . . . . . . 2139 clear macsec secy statistics . . . . . . . . . . . 2139 mka defaults policy send-secure-announcements 2140 send-secure-announcements eapol announcements . . . . . . . . . . 2141 . . . . . . . . . . . . . . 2142 PHY Diagnostics Commands . . . . . . . . . . . . . . . . . .
power inline reset . . . . . . . . . . . . . . . . power inline usage-threshold . . . . . . . . . . 2158 . . . . . . . . . . . 2159 . . . . . . . . . . . . . . . . 2160 clear power inline statistics show power inline 2157 show power inline firmware-version . . . . . . . 2163 RMON Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 2164 rmon alarm . . . . . . . . . . . . . . . . . . . . rmon collection history rmon event 2164 . . . . . . . . . . . . . . 2166 . . . . . . . . . . .
debug auto-voip . . . . . . . . . . . . . . . . . 2186 debug bfd . . . . . . . . . . . . . . . . . . . . . 2187 debug cfm . . . . . . . . . . . . . . . . . . . . 2188 debug clear . . . . . . . . . . . . . . . . . . . . debug console . . . . . . . . . . . . . . . . . . debug crashlog . . . . . . . . . . . . . . . . . . debug dhcp packet . . . . . . . . . . . . . . . . debug dhcp server packet debug dot1x 2189 2189 2190 2193 . . . . . . . . . . . . 2194 . . . . . . . . . . . . . . . . . .
debug ipv6 mld . . . . . . . . . . . . . . . . . . debug ipv6 ospfv3 packet . . . . . . . . . . . . 2206 debug ipv6 pimdm . . . . . . . . . . . . . . . . 2207 debug ipv6 pimsm . . . . . . . . . . . . . . . . 2208 . . . . . . . . . . . . . . . . . 2209 debug isdp . . . . . . . . . . . . . . . . . . . . 2210 debug lacp . . . . . . . . . . . . . . . . . . . . 2210 debug ipv6 ping . debug mldsnooping . debug ospf . . . . . . . . . . . . . . . 2211 . . . . . . . . . . . . . . . . . . . .
exception protocol . . . . . . . . . . . . . . . . exception switch-chip-register 2224 . . . . . . . . . 2227 . . . . . . . . . . . . . . 2227 show debugging . . . . . . . . . . . . . . . . . 2228 show exception . . . . . . . . . . . . . . . . . 2229 ip http timeout-policy . show supported mibs . . . . . . . . . . . . . . 2231 . . . . . . . . . . . . . . . . . . . 2236 . . . . . . . . . . . . . . . . . . . . 2236 snapshot bgp write core Sflow Commands . . . . . . . . . . . . . . . . .
show snmp engineid . . . . . . . . . . . . . . . 2252 show snmp filters . . . . . . . . . . . . . . . . . 2253 show snmp group . . . . . . . . . . . . . . . . 2254 . . . . . . . . . . . . . . . . . 2256 . . . . . . . . . . . . . . . . 2257 . . . . . . . . . . . . . . . . . . 2258 show snmp user show snmp views show trapflags snmp-server community . . . . . . . . . . . . . snmp-server community-group snmp-server contact 2259 . . . . . . . . . 2261 . . . . . . . . . . . . . . .
contact-company . . . . . . . . . . . . . . . . 2284 . . . . . . . . . . . . . . . . . 2285 . . . . . . . . . . . . . . . . . . . . . . 2286 contact-person . enable proxy-ip-address server . . . . . . . . . . . . . . . . . . 2287 . . . . . . . . . . . . . . . . . . . . . . 2288 show eula-consent support-assist . . . . . . . 2289 . . . . . . . . . . . 2290 . . . . . . . . . . . . . . . . . . 2291 . . . . . . . . . . . . . . . . . . . . . . . .
logging file . . . . . . . . . . . . . . . . . . . . logging monitor logging on . . . . . . . . . . . . . . . . . . 2307 . . . . . . . . . . . . . . . . . . . . 2308 logging protocol logging snmp . . . . . . . . . . . . . . . . . 2309 . . . . . . . . . . . . . . . . . . . 2310 logging source-interface logging traps . . . . . . . . . . . . . 2311 . . . . . . . . . . . . . . . . . . . 2312 logging web-session port 2305 . . . . . . . . . . . . . . . 2313 . . . . . . . . . . . . . . . . . .
clear counters stack-ports . connect . . . . . . . . . . . . 2327 . . . . . . . . . . . . . . . . . . . . . 2328 disconnect exit . . . . . . . . . . . . . . . . . . . . 2329 . . . . . . . . . . . . . . . . . . . . . . . . 2330 hardware profile portmode hostname . . . . . . . . . . . 2331 . . . . . . . . . . . . . . . . . . . . . 2334 initiate failover . . . . . . . . . . . . . . . . . . 2335 . . . . . . . . . . . . . . . . . . . 2336 locate . . . . . . . . . . . . . . . . . . . . . . .
show buffers . . . . . . . . . . . . . . . . . . . show checkpoint statistics . show cut-through mode . . . . . . . . . . . 2354 . . . . . . . . . . . . . 2355 show hardware profile portmode . . . . . . . . 2356 . . . . . . . . . . . . . . 2357 . . . . . . . . . . . . . . . . . 2358 show idprom interface show interfaces show interfaces advanced firmware . . . . . . . 2360 . . . . . . . . . . . . . . . . 2361 . . . . . . . . . . . . . . . . . 2362 . . . . . . . . . . . . . . . . . . . .
show system . . . . . . . . . . . . . . . . . . . 2389 show system fan . . . . . . . . . . . . . . . . . 2391 show system id . . . . . . . . . . . . . . . . . . 2391 show system power . . . . . . . . . . . . . . . show system temperature . . . . . . . . . . . . 2393 . . . . . . . . . . . . . . . . 2394 . . . . . . . . . . . . . . . . . . . . 2398 show tech-support show users show version stack . . . . . . . . . . . . . . . . . . . 2399 . . . . . . . . . . . . . . . . . . . . . . .
show ip telnet . . . . . . . . . . . . . . . . . . . 2417 Time Ranges Commands . . . . . . . . . . . . . . . . . . . . . 2418 time-range [name] . . . . . . . . . . . . . . . . 2418 absolute . . . . . . . . . . . . . . . . . . . . . 2419 periodic . . . . . . . . . . . . . . . . . . . . . . 2420 show time-range . . . . . . . . . . . . . . . . . 2422 USB Flash Drive Commands . . . . . . . . . . . . . . . . . .
Web Server Commands . . . . . . . . . . . . . . . . . . . . . .2436 Web Sessions . . . . . . . . . . . . . . . . . . 2436 common-name . . . . . . . . . . . . . . . . . . 2437 . . . . . . . . . . . . . . . . . . . . . . 2437 country crypto certificate generate crypto certificate import . . . . . . . . . . . 2438 . . . . . . . . . . . . . 2441 crypto certificate request . . . . . . . . . . . . 2443 . . . . . . . . . . . . . . . . . . . . . 2445 . . . . . . . . . . . . . . . . . . . . . . .
show crypto certificate mycertificate show ip http server status . . . . . . 2455 . . . . . . . . . . . . 2456 show ip http server secure status state . . . . . . . . 2458 . . . . . . . . . . . . . . . . . . . . . . . 2459 subject-alternative-name . . . . . . . . . . . . A Appendix A: List of Commands 96 Contents . . . . . .
Dell EMC Networking CLI 1 Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Introduction The Command Line Interface (CLI) is a network management application operated through an ASCII terminal without the use of a Graphic User Interface (GUI) driven software application. By directly entering commands, the user has greater configuration flexibility.
Table 1-1. System Command Groups Command Group Description Layer 2 Commands ACL Configures and displays ACL information. Auto-VoIP Configures auto VoIP for IP phones on a switch. CDP Interoperability Configures Cisco® Discovery Protocol (CDP). DHCP L2 Relay Enables the Layer 2 DHCP relay agent for an interface. DHCP Snooping Configures DHCP snooping and displays DHCP snooping information. Dynamic ARP Inspection Configures for rejection of invalid and malicious ARP packets.
Table 1-1. System Command Groups (continued) Command Group Description IPv6 MLD Snooping Querier Configures IPv6 Snooping Querier and displays IPv6 Snooping Querier information. IP Source Guard Configures IP source guard and displays IP source guard information. iSCSI Optimization Configures special QoS treatment for traffic between iSCSI initiators and target systems. Link Dependency Configures and displays link dependency information. LLDP Configures and displays LLDP information.
System Command Groups (continued) Table 1-1. Command Group Description Security Commands AAA Configures connection security including authorization and passwords. Administrative Profiles Commands Group commands into a profile and assign a profile to a user upon authentication. E-mail Alerting Configures e-mail capabilities. RADIUS Configures and displays RADIUS information. TACACS+ Configures and displays TACACS+ information. 802.1x Configures and displays commands related to 802.
Table 1-1. System Command Groups (continued) Command Group Description DHCPv6 Snooping Configures DHCP v6 snooping and whether an interface is trusted or untrusted. DVMRP (Mcast) Configures DVMRP operations. GMRP Configures GMRP and displays GMRP information. IGMP (Mcast) Configures IGMP operations. IGMP Proxy (Mcast) Manages IGMP Proxy on the system. IP Helper/DHCP Relay Configures relay of UDP packets. IP Routing (IPv4) Configures IP routing and addressing.
System Command Groups (continued) Table 1-1. Command Group Description Virtual Router Redundancy Protocol version 3 Commands Provides address redundancy for both IPv4 and IPv6 router addresses. Switch Management Commands Application Deployment Manages Dell-supplied applications. Auto-Install Automatically configures switch when a configuration file is not found. CLI Macro Configures CLI Macro and displays CLI Macro information. Clock Configures the system clock.
Table 1-1. System Command Groups (continued) Command Group Description SYSLOG Manages and displays SYSLOG messages. System Management Configures the switch clock, name and authorized users. Telnet Server Configures telnet service on the switch and displays telnet information. Time Ranges Configures time ranges and displays time range information. USB Flash Drive Configures USB flash drive and displays USB flash drive information.
• ERC—Ethernet Ring Configuration • ERI—Ethernet Ring Instance Configuration • ERIA—Ethernet Ring Instance APS-Channel Configuration • ERIC—Ethernet Ring Instance Configuration APM • ESDSEC — ERSPAN Destination Session Configuration (config-erspandst) • ESDSOC— ERSPAN Destination Source Configuration (config-erspansrc-dst) • ESSC — ERSPAN Source Configuration (config-erspan-src) • ESSDC — ERSPAN Source Destination Configuration (config-erspandst-src) • ESSSC— ERSPAN Source Session Conf
• MDC — Maintenance Domain Configuration • ML — MAC-List Configuration • MP — MACsec Policy Configuration • MSC — Mail Server Configuration • MT — MAC-acl • OFC—OpenFlow Configuration • OG — OSPFv2 Global Configuration • OR—OSPFv2 Router Configuration • PE — Privileged Exec • PM — Policy Map Configuration • PCGC — Policy Map Global Configuration • PCMC — Policy Class Map Configuration • PTC—Peer Template Configuration • R — RADIUS Server Configuration • RIP — Router RIP Configur
• VC — VLAN Configuration (reached via vlan command) • VRC—VRF Configuration • VR—Virtual Router Configuration • VRRP—VRRPv3 Group Configuration • v6ACL — IPv6 Access List Configuration • v6CMC — IPv6 Class-Map Configuration • v6DP — IPv6 DHCP Pool Configuration Layer 2 Commands ACL Command Description Modea ip access-list Creates an Access Control List (ACL) that is identified by the parameter accesslistnumber.
Command Description Modea remark Adds a comment to an ACL rule. IPAF4, IPAF, ML, ARPA service-acl input Blocks Link Local Protocol Filtering (LLPF) protocol(s) on a given port. IC show access-lists interface Displays interface ACLs. PE show service-acl interface Displays the status of LLPF rules configured on PE a particular port or on all the ports. show ip access-lists Displays an Access Control List (ACL) and all PE of the rules that are defined for the ACL.
Command Description Modea show mac address-table address Displays all entries in the bridge-forwarding database for the specified MAC address. UE or PE show mac address-table count Displays the number of addresses present in the PE Forwarding Database. show mac address-table dynamic Displays all entries in the bridge-forwarding database. UE or PE show mac address-table interface Displays the mac forwarding table entries for a specific interface.
Auto-VoIP Command Modea Description switchport voice detect auto Enables the VoIP Profile on all the interfaces of GC or the switch. IC show switchport voice a. Displays the status of auto-voip on an interface PE or all interfaces. For the meaning of each Mode abbreviation, see Mode Types. CDP Interoperability Command Description Modea clear isdp counters Clears the ISDP counters. PE clear isdp table Clears entries in the ISDP table.
DHCP L2 Relay Command Description Modea dhcp l2relay (Global Configuration) Enables the Layer 2 DHCP Relay agent for an interface or globally. GC or IC dhcp l2relay (Interface Configuration) Enables DHCP L2 Relay for an interface. IC dhcp l2relay circuit-id Enables user to set the DHCP Option 82 Circuit ID for a VLAN. GC dhcp l2relay remote-id Enables user to set the DHCP Option 82 Remote ID for a VLAN. GC dhcp l2relay trust Configures an interface to trust a received DHCP Option 82.
DHCP Snooping Command Description Modea clear ip dhcp snooping binding Clears all DHCP Snooping entries. PE clear ip dhcp snooping statistics Clears all DHCP Snooping statistics. PE ip dhcp snooping Enables DHCP snooping globally or on a specific VLAN. GC or IC ip dhcp snooping binding Configures a static DHCP Snooping binding. GC ip dhcp snooping database Configures the persistent location of the DHCP GC snooping database.
Dynamic ARP Inspection Command Description Modea arp ip access-list Creates an ARP ACL. GC clear ip arp inspection statistics Resets the statistics for Dynamic ARP Inspection on all VLANs. PE ip arp inspection filter Configures the ARP ACL to be used for a single GC VLAN or a range of VLANs to filter invalid ARP packets. ip arp inspection limit Configures the rate limit and burst interval values for an interface.
Command Description Modea duplex Configures the duplex operation of a given Ethernet interface IC flowcontrol Configures the flow control on a given interface. GC or IC forward-error-correction Configures the forward error correction for 25G/50G/100G Ethernet interfaces IC interface Enters the interface configuration mode to configure parameters for an interface. GC or IC interface range Enters the interface configuration mode to execute a command on multiple ports at the same time.
Modea Command Description show statistics Displays statistics for one port or for the entire PE switch. show statistics switchport Displays detailed statistics for a specific port or PE for the entire switch. show storm-control Displays the storm control configuration. show storm-control action Displays the storm control action configuration PE for one or all interfaces. shutdown Disables interfaces. IC speed Configures the speed of a given Ethernet interface when not using auto-negotiation.
Command Description Modea ethernet cfm mep enable Enables a MEP at the specified level and direction. IC ethernet cfm mep active Activates a MEP at the specified level and direction. IC ethernet cfm mep archivehold-time Maintains internal information on a missing MEP. IC ethernet cfm mip level Creates a Maintenance Intermediate Point (MIP) at the specified level. IC ping ethernet cfm Generates a loopback message (LBM) from PE the configured MEP.
Ethernet Ring Protection 116 Command Description Modea ethernet ring g8032 profile Creates Ethernet ring profile and enters Ethernet ring profile configuration mode GC timer Configures the timer expiry values for an Ethernet ring profile. ERP non-revertive Enables non-revertive mode for an Ethernet ring profile.
a. Command Description Modea show ethernet ring g8032 configuration Shows the Ethernet Ring Protection configuration. PE, GC show ethernet ring g8032 brief Shows the operational overview of Ethernet ring protection. PE, GC show ethernet ring g8032 status Shows the status of Ethernet ring protection. PE, GC show ethernet ring g8032 port status Shows the status of Ethernet ring protection for the selected interface.
Command Description Modea PE show green-mode interface- Displays the green-mode configuration and id operational status of the port. This command is also used to display the per port configuration and operational status of the green-mode. The status is shown only for the modes supported on the corresponding hardware platform whether enabled or disabled. show green-mode Displays the green-mode configuration for the PE whole system.
a. For the meaning of each Mode abbreviation, see Mode Types. IGMP Snooping Modea Command Description ip igmp snooping In Global Configuration mode, Enables GC Internet Group Management Protocol (IGMP) snooping. show ip igmp snooping groups Displays multicast groups learned by IGMP snooping. UE show ip igmp snooping mrouter Displays information on dynamically learned multicast router interfaces.
IGMP Snooping Querier Modea Command Description ip igmp snooping Enables/disables IGMP Snooping Querier on GC or the system (Global Configuration mode) or on VC a VLAN. ip igmp snooping querier election participate Enables the Snooping Querier to participate in VC the Querier Election process when it discovers the presence of another Querier in the VLAN. ip igmp snooping querier query-interval Sets the IGMP Querier Query Interval time.
IP Addressing Command Description Modea clear host Deletes entries from the host name-to-address cache. PE clear ip address-conflictdetect Clears the address conflict detection status in the switch. PE interface out-of-band Enters into OOB interface configuration mode. GC ip address Configures an IP address on an in-band interface. ip address (Out-of-Band) Sets an IP address for the out-of-band interface.
Command Description Modea ipv6 enable (OOB Configuration) Enables IPv6 operation on the out-of-band interface. IC ipv6 gateway (OOB Configuration) Configures the address of the IPv6 gateway. IC show hosts Displays the default domain name, a list of UE name server hosts, static and cached list of host names and addresses. show ip address-conflict Displays the status information corresponding to the last detected address conflict.
IPv6 MLD Snooping Command Description Modea ipv6 mld snooping vlan groupmembership-interval Sets the MLD Group Membership Interval time on a VLAN or interface. VC ipv6 mld snooping vlan immediate-leave Enables or disables MLD Snooping immediate- VC leave admin mode on a selected interface or VLAN. ipv6 mld snooping vlan last- Sets the MLD Maximum Response time for an IC or listener-query-interval interface or VLAN.
Modea Command Description ipv6 mld snooping querier election participate Enables the Snooping Querier to participate in VC the Querier Election process when it discovers the presence of another Querier in the VLAN. ipv6 mld snooping querier query-interval Sets the MLD Querier Query Interval time. ipv6 mld snooping querier timer expiry Sets the MLD Querier timer expiration period. GC show ipv6 mld snooping querier Displays MLD Snooping Querier information. a.
Link Dependency Modea Command Description action Indicates if the link-dependency group should LD mirror or invert the status of the depended on interfaces. link-dependency group Enters the link-dependency mode to configure GC a link-dependency group. add Adds member gigabit Ethernet port(s) to the dependency list. LD depends-on Adds the dependent Ethernet ports or port channels list. LD show link-dependency Shows the link dependencies configured on a particular group. PE a.
Command Description Modea lldp receive Enables the LLDP receive capability. IC lldp timers Sets the timing parameters for local data transmission on ports enabled for LLDP. GC lldp transmit Enables the LLDP advertise capability. IC lldp tlv-select Specifies which optional TLVs in the 802.1AB IC basic management set will be transmitted in the LLDPDUs. show lldp Displays the current LLDP configuration summary. PE show lldp interface Displays the current LLDP interface state.
Command Description Modea show keepalive Displays the global loop protect configuration. PE show keepalive statistics Displays the loop protect status for one or all PE interfaces. a. For the meaning of each Mode abbreviation, see Mode Types. MLAG Command Description Modea clear vpc statistics Clears the counters for the keepalive messages transmitted and received by the MLAG switch. PE feature vpc Enables debug traces for the specified protocols. GC feature vpc Globally enables MLAG.
Command Description Modea show vpc consistencyparameters Displays MLAG-related configuration information in a format suitable for comparison with the other MLAG peer. PE show vpc consistencyfeatures Displays MLAG-related configuration information in a format suitable for comparison with the other MLAG peer. PE show vpc peer-keepalive Displays the peer MLAG switch’s IP address PE used by the dual control plane detection protocol.
Command Description Modea mvr mode Changes the MVR mode type. GC mvr querytime Sets the MVR query response time. GC mvr vlan Sets the MVR multicast VLAN. GC mvr immediate Enables MVR Immediate Leave mode. IC mvr type Sets the MVR port type. IC mvr vlan group Use to participate in the specific MVR group. IC show mvr Displays global MVR settings. PE show mvr members Displays the MVR membership groups allocated. PE show mvr interface Displays the MVR enabled interface configuration.
Command Description Modea show interfaces portchannel Displays port-channel information. PE show lacp Displays LACP information for ports. PE show statistics port-channel Displays port-channel statistics. a. PE For the meaning of each Mode abbreviation, see Mode Types. Port Monitor Command Description Modea destination Enters destination configuration mode on the source switch. ESSC destination interface Configures the destination interface on a destination switch.
Modea Command Description origin ip address Configures the ERSPAN GRE packet source ESSDC IP address on the source switch. source Configures the port on the source switch over which the GRE encapsulated packets are transmitted. ESSC remote-span Configures a VLAN as an RSPAN VLAN. VC source Enters ERSPAN Destination Session Source ESSC Configuration mode on the destination switch. source interface Selects the interface on the source switch from which packets are mirrored to the reflector port.
Command Description Modea classofservice trust Sets the class of service trust mode of an interface. GC or IC conform-color Specifies the precoloring of packets conforming PCMC to or exceeding the specified rate(s). The possible actions are drop, setdscp-transmit, setprec-transmit, or transmit. cos-queue min-bandwidth Specifies the minimum transmission bandwidth for each interface queue. GC or IC cos-queue random-detect Configures WRED packet drop policy on an interface CoS queue.
Modea Command Description match any Allows matching on any of the specified match CMC conditions. match dstip Adds to the specified class definition a match condition based on the destination IP address of a packet. CMC match dstip6 Adds to the specified class definition a match condition based on the destination IPv6 address of a packet.
Modea Command Description match srcip6 Adds to the specified class definition a match v6CMC condition based on the source IPv6 address of a packet. match srcl4port Adds to the specified class definition a match CMC condition based on the source layer 4 port of a packet using a single keyword, a numeric notation, or a numeric range notation. match vlan Adds to the specified class definition a match condition based on the value of the layer 2 VLAN Identifier field.
Modea Command Description show classofservice dot1pmapping Displays the current 802.1p priority mapping PE to internal traffic classes for a specific interface. show classofservice ip-dscp- Displays the current IP DSCP mapping to mapping internal traffic classes for a specific interface. PE show classofservice trust Displays the current trust mode setting for a specific interface. PE show diffserv Displays the DiffServ General Status information.
Spanning Tree Command Description Modea clear spanning-tree detected-protocols Restarts the protocol migration process on all interfaces or on the specified interface. PE exit (mst) Exits the MST configuration mode and applies MC configuration changes. instance (mst) Maps VLANs to an MST instance. MC name (MST) Defines the MST configuration name. MC revision (mst) Defines the configuration revision number. MC show spanning-tree Displays spanning tree configuration.
Command Description Modea spanning-tree loopguard Enables loop guard on all ports. GC spanning-tree max-age Configures the spanning tree bridge maximum GC age. spanning-tree max-hops Sets the MSTP Max Hops parameter to a new value for the common and internal spanning tree. GC spanning-tree mode Configures the spanning tree protocol. GC spanning-tree mst configuration Enables configuring an MST region by entering GC the multiple spanning-tree (MST) mode.
Command Description Modea spanning-tree vlan forward- Configures the spanning tree forward delay time GC time for a specified VLAN or a range of VLANs. spanning-tree vlan hellotime Configures the spanning tree hello time for a specified VLAN or a range of VLANs. GC spanning-tree vlan max-age Configures the spanning tree maximum age time for a set of VLANs. GC spanning-tree vlan root Configures the switch to become the root bridge or standby root bridge.
VLAN Modea Command Description interface vlan Enters the VLAN interface configuration mode. GC interface range vlan Enters the interface configuration mode to configure multiple VLANs. GC name (VLAN Configuration) Configures a name to a VLAN. IC private-vlan Defines a private VLAN association between the primary and secondary VLANs. VC protocol group Attaches a vlan-id to the protocol-based VLAN VC identified by groupid.
Command Description Modea switchport access vlan Configures the PVID VLAN ID when the interface is in access mode. IC switchport dot1q ethertype (Global Configuration) Defines additional QinQ tunneling TPIDs for matching in the outer VLAN tag of received frames. GC switchport general forbidden Forbids adding specific VLANs to a port. vlan IC switchport general acceptable-frame-type tagged-only Discards untagged frames at ingress.
Modea Command Description vlan makestatic Changes a GVRP dynamically created VLAN to GC a static VLAN. vlan protocol group Adds protocol-based VLAN groups to the system. GC vlan protocol group add protocol Adds a protocol to the protocol-based VLAN identified by groupid. GC vlan protocol group name Adds a group name to the protocol-based VLAN GC identified by groupid. vlan protocol group remove Removes the protocol-base VLAN group identified by groupid. a.
Command Description Modea show voice vlan Displays various properties of the voice VLAN. PE a. For the meaning of each Mode abbreviation, see Mode Types. Multiple MAC Registration Protocol Command Description Modea clear mmrp statistics Clears the MMRP statistics for an interface or all interfaces. PE mmrp Enables MMRP on a specific interface. IC, IR mmrp global Globally enables MMRP. GC mmrp periodic state machine Globally enables the MMRP periodic state machine.
Security Commands AAA Command Description Modea aaa accounting Creates an accounting method list GC aaa accounting delay-start Delays the sending of Acct-Start packets to RADIUS accounting server(s) GC aaa accounting update Enables the sending of interim accounting packets to RADIUS accounting server(s). GC aaa authentication dot1x default Specifies an authentication method for 802.1x clients.
Command Description Modea authentication enable Globally enables the Authentication Manager. GC authentication event server Configures the actions to take when no dead action authentication server is reachable. IC authentication event server Configures the actions to take when at least one IC alive action authentication server is reachable. authentication open Allows unauthenticated devices on 802.1X enabled interfaces access to network resources prior to authorization.
Command Description Modea mab Configures the switch to enable MAC Authentication Bypass (MAB) authentication for devices connected to the interface. IC password (AAA IAS User Configuration) Configures a password for a user. AAA password (User Exec) Specifies a user password UE show aaa ias-users Displays configured IAS users and their attributes. PE show aaa statistics Displays accounting statistics PE show accounting methods Displays the configured accounting method lists.
Modea Command Description username unlock Transfers local user passwords between devices GC without having to know the passwords. a. For the meaning of each Mode abbreviation, see Mode Types Administrative Profiles Command Description Modea admin-profile Creates an administrative profile. GC description (Administrative Adds a description to an administrative profile. APC Profile Configuration) rule Adds a rule to an administrative profile.
Command Description Modea logging email from-addr Configures the From address of the e-mail. GC logging email message-type Configures the subject. subject GC logging email logtime GC Configures the value of how frequently the queued messages are sent. logging email test message- Tests whether or not an e-mail is being sent to type an SMTP server.
Modea Command Description attribute 6 Configures processing of the RADIUS Service- R Type attribute. attribute 8 Configures the switch to send the RADIUS Framed-IP-Address attribute in the AccessRequest message sent to a specific RADIUS authentication server. R attribute 25 Enables the switch to send the RADIUS Class attribute as supplied by the RADIUS server in accounting messages sent to the specific accounting server.
Modea Command Description key Sets the authentication and encryption key for all R RADIUS communications between the switch and the RADIUS daemon. msgauth Enables the message authenticator attribute to R be used for the RADIUS Authenticating server being configured. name (RADIUS Server) Assigns a list name to a RADIUS server primary Specifies that a configured server should be the R primary server in the group of authentication servers which have the same server name.
Command Description Modea radius server attribute 168 Enables the switch to send the RADIUS Framed-IPv6-Address attribute in accounting messages sent to the RADIUS accounting server. GC radius server dead-criteria Configures the condition upon which a RADIUS server is considered unreachable (dead). GC radius server deadtime Improves RADIUS response times when servers GC are unavailable. Causes the unavailable servers to be skipped. radius server Specifies a RADIUS server host.
Command Description Modea show radius statistics Shows the statistics for an authentication or accounting server. UE or PE source-ip Specifies the source IP address to be used for communication with RADIUS servers. R timeout Sets the timeout value in seconds for the designated RADIUS server. R usage authmgr Specifies the usage type of the server. R a. For the meaning of each Mode abbreviation, see Mode Types.
802.1x Command Description Modea dot1x eapolflood Enables the flooding of received IEEE 802.1x frames in the VLAN. GC clear authentication sessions Begins the initialization sequence on the specified port. PE mab Enables MAB on an interface. IC default mab Configures the switch to transmit EAP, PAP, or IC CHAP credentials to the RADIUS server for MAB-authenticated devices connected to the interface.
Modea Command Description authentication periodic Enables periodic reauthentication of the client. IC clear dot1x statistics Clears the statistics for a specified interface or all interfaces. PE dot1x supplicant user Configures the shared secret used by the supplicant to authenticate. IC dot1x system-auth-control Enables 802.1x globally. GC authentication monitor Enables authentication monitor mode globally. GC dot1x timeout Sets the values of the various 802.1x state machine timers.
Command Description Modea show dot1x interface statistics Displays 802.1X statistics for the specified interface. PE clear authentication authentication–history Clears the authentication history table captured PE during successful and unsuccessful authentication. authentication event noresponse Sets the guest VLAN on a port. authentication event fail Specifies the unauthenticated VLAN on a port. IC show dot1x advanced Displays 802.1X advanced features for the switch or specified interface. a.
Command Description Modea interface Associates an interface with a captive portal configuration. CPI locale Associates an interface with a captive portal configuration. CPI name (Captive Portal) Configures the name for a captive portal configuration. CPI protocol Configures the protocol mode for a captive portal configuration. CPI redirect Enables the redirect mode for a captive portal configuration. CPI redirect-url Configures the redirect URL for a captive portal CPI configuration.
Modea Command Description show captive-portal user Displays all configured users or a specific user in PE the captive portal local user database. user group Associates a group with a captive portal user. CP user-logout Enables captive portal users to log out of the portal. CPI user name Modifies the user name for a local captive portal CP user. user password Creates a local user or changes the password for CP an existing user.
Command Description Modea dos-control icmp Enables Maximum ICMP Packet Size Denial of Service protections. GC dos-control l4port Enables L4 Port Denial of Service protection. GC dos-control sipdip Enables Source IP Address = Destination IP GC Address (SIP=DIP) Denial of Service protection. dos-control tcpflag Enables TCP Flag Denial of Service protections. GC dos-control tcpfrag Enables TCP Fragment Denial of Service protection.
Command Description Modea permit (management) Defines a permit rule. MA show management accessclass Displays the active management access-list. PE show management accesslist Displays management access-lists. PE a. For the meaning of each Mode abbreviation, see Mode Types. Password Management Command Description Modea passwords aging Implements aging on the passwords such that users are required to change passwords when they expire.
Command Modea Description passwords strength maxEnforces a maximum number of consecutive limit consecutive-characters characters that a password can contain. GC passwords strength maxlimit repeated-characters Enforces a maximum repeated characters that a GC password should contain. passwords strength minimum character-classes GC Enforces the minimum number of character classes (uppercase letters, lowercase letters, numeric characters and special characters) that a password must contain.
Modea Command Description ip ssh port Specifies the port to be used by the SSH server. GC ip ssh pubkey-auth Enables public key authentication for incoming GC SSH sessions. ip ssh server Enables the switch to be configured from a SSH GC server connection. key-string Manually specifies a SSH public key. ssh Establishes an outboard connection to a remote PE SSH server from the switch console. ssh session-limit Limits the number of outbound SSH sessions.
Command Description Modea mode Configures the selection of interfaces used to assign the IP address utilized for controller connections. OFC openflow Enables OpenFlow on the switch (if disabled) GC and enters into OpenFlow configuration mode. passive Sets the switch to wait for the controller to initiate the connection. OFC protocol-version Selects the version of the protocol in which to operate. OFC show openflow Displays OpenFlow configuration and status. PE, GC a.
Command Description Modea clear arp-cache management Removes all entries from the ARP cache learned PE from the management port. ip local-proxy-arp Enables proxying of ARP requests. IC ip proxy-arp Enables proxy ARP on a router interface. IC show arp Displays the Address Resolution Protocol (ARP) PE cache. a. For the meaning of each Mode abbreviation, see Mode Types. BFD Command Description Modea feature bfd Enables BFD on the router. GC bfd echo Enables BFD echo mode on an interface.
Command Description Modea address-family Configures policy parameters within a peer template to be applied to a specific address family PTC address-family ipv4 vrf Enters IPv4 VRF configuration mode for a particular VRF instance to configure the BGP VRF parameters. BR address-family ipv6 Specifies IPv6 configuration parameters. BR aggregate-address Configures a summary address for BGP.
Command Description Modea bgp listen Creates an IPv4 listen range and associates it with the specified peer template. BR, IPAF bgp log-neighbor-changes Enables logging of adjacency state changes. BR bgp maxas-limit Specifies a limit on the length of AS Paths that BR BGP accepts from its neighbors. bgp router-id Sets the BGP router ID. BR clear ip bgp Resets peering sessions with all of a subnet of BGP peers. PE clear ip bgp counters Resets all BGP counters to 0.
Command Description Modea distribute-list prefix out (IPv6 Address Family Configuration) Applies an IPv6 prefix list to IPv6 routes advertised via BGP. IPAF enable Globally enables BGP. BR ip as-path access-list Creates an AS path access list. GC ip bgp-community newformat Displays BGP standard communities in AA:NN GC format. ip bgp fast-external-fallover Configures fast external failover behavior for a specific routing interface.
Modea Command Description neighbor advertisementinterval (BGP Router Configuration) Configures the minimum time that must elapse BR between advertisements of the same route to a given neighbor. neighbor advertisementinterval (IPv6 Address Family Configuration) Controls the time between sending Update messages containing IPv6 routes. IPAF neighbor allowas-in Configures BGP to accept prefixes even if the local ASN is part of the AS_PATH.
Modea Command Description neighbor maximum-prefix (IPv6 Address Family Configuration) Specifies the maximum number of IPv6 prefixes IPAF that BGP will accept from a given neighbor. neighbor next-hop-self (BGP Router Configuration) Configures BGP to set the next hop attribute to BR a local IP address when advertising a route to an internal peer.
Command Description neighbor route-reflectorConfigures an internal peer as an IPv4 route client (IPv6 Address Family reflector client. Configuration) Modea IPAF neighbor send-community (BGP Router Configuration) Configures the local router to send the BGP BR communities attribute in UPDATE messages to a specific neighbor. neighbor send-community (IPv6 Address Family Configuration) Tells BGP to send the COMMUNITIES attribute with routes advertised to the peer.
Command Description Modea show bgp ipv6 Displays IPv6 routes in the BGP routing table. UE, PE, GC show bgp ipv6 aggregateaddress Displays the configured IPv6 aggregate addresses and indicates if each address is currently active. PE show bgp ipv6 community Displays the IPv6 routes that belong to the specified set of communities. PE show bgp ipv6 communitylist Displays the IPv6 routes that match a specified PE community list.
Command Description Modea show ip bgp aggregateaddress Lists the aggregate addresses that have been configured and indicates whether each is currently active. PE show ip bgp community Displays a BGP community. PE show ip bgp community-list Lists the routes that are allowed by the specified PE community list. show ip bgp extcommunity- Displays all the permit and deny attributes of list the given extended community list.
Command Description Modea show ip bgp vpn4 Displays the VPNv4 address information from the BGP table. PE, GC template peer Creates a BGP peer template and enters peer template configuration mode. BR timers bgp Configures the default keepalive and hold timers that BGP uses for all neighbors unless specifically overridden by the neighbor timers command.
Command Description Modea match ip address prefix-list Configures a route map to match based on a destination prefix. RM match ipv6 address prefixlist Configures a route map to match based on an IPv6 destination prefix. RM show ip as-path-access-list Displays the contents of AS path access lists. PE or GC show ip community-list Displays the contents of AS path access lists. PE or GC show ip prefix-list Displays the contents of IPv4 prefix lists.
DHCP Server and Relay Agent (IPv4) Modea Command Description ip dhcp pool Defines a DHCP address pool that can be used GC to supply addressing information to DHCP client. This command puts the user into DHCP Pool Configuration mode. bootfile Sets the name of the image for the DHCP client to load. DP clear ip dhcp binding Removes automatic DHCP server bindings. PE clear ip dhcp conflict Removes DHCP server address conflicts.
Command Description Modea netbios-name-server Configures the IPv4 address of the Windows® Internet Naming Service (WINS) for a Microsoft DHCP client. DP netbios-node-type Sets the NetBIOS node type for a Microsoft DHCP client. DP network Defines a pool of IPv4 addresses for distributing DP to clients. next-server Sets the IPv4 address of the TFTP server to be used during auto-install. option Supplies arbitrary configuration information to DP a DHCP client.
Command Modea Description domain-name (IPv6 DHCP Sets the DNS domain name which is provided Pool Config) to a DHCPv6 client by the DHCPv6 server. v6DP ipv6 dhcp pool Enters IPv6 DHCP Pool Configuration mode. GC ipv6 dhcp relay Configures an interface for DHCPv6 Relay functionality. IC ipv6 dhcp server Configures DHCPv6 server functionality on an IC interface. prefix-delegation Defines Multiple IPv6 prefixes within a pool for v6DP distributing to specific DHCPv6 Prefix delegation clients.
Command Description Modea ipv6 dhcp snooping database Configures the persistent location of the DHCP GC snooping database. ipv6 dhcp snooping database Configures the time period between successive GC write-delay writes of the binding database. ipv6 dhcp snooping limit Configures an interface to disable itself if the rate of received DHCP messages exceeds the configured limit. IC ipv6 dhcp snooping loginvalid Configures the port to log invalid received DHCP messages.
DVMRP Command Description Modea router bgp Sets the administrative mode of DVMRP in the router to active. GC or IC ip dvmrp metric Configures the metric for an interface. IC show ip dvmrp Displays the system-wide information for DVMRP. PE show ip dvmrp interface Displays the interface information for DVMRP PE on the specified interface. show ip dvmrp neighbor Displays the neighbor information for DVMRP.
IGMP Command Description Modea ip igmp last-member-querycount Sets the number of Group-Specific Queries sent before the router assumes that there are no local members on the interface. IC ip igmp last-member-queryinterval Configures the Maximum Response Time inserted in Group-Specific Queries which are sent in response to Leave Group messages. IC ip igmp mroute-proxy Configures downstream IGMP proxy on the selected VLAN interface associated with multicast hosts.
Command Description Modea show ip igmp interface stats Displays the IGMP statistical information for the interface. PE a. For the meaning of each Mode abbreviation, see Mode Types. IGMP Proxy Command Description Modea arp Enables the IGMP Proxy on the router. IC ip igmp proxy-service reset- Resets the host interface status parameters of status the IGMP Proxy router. IC ip igmp proxy-service unsolicit-rprt-interval Sets the unsolicited report interval for the IGMP Proxy router.
Command Description Modea ip dhcp relay information check Enables DHCP Relay to check that the relay agent information option in forwarded BOOTREPLY messages is valid. GC ip dhcp relay information check-reply Enables DHCP Relay to check that the relay agent information option in forwarded BOOTREPLY messages is valid. IC ip dhcp relay information option Enables the circuit ID option and remote agent GC ID mode for BootP/DHCP Relay on the system (also called option 82).
IP Routing Modea Command Description encapsulation Configures the link layer encapsulation type for IC the packet. ip icmp echo-reply Configures an IP address on an interface. GC ip icmp error-interval Limits the rate at which IPv4 ICMP error messages are sent. GC ip load-sharing Configures the hash algorithm for ECMP routes. GC ip directed-broadcast Enables the forwarding of network-directed IC ip policy route-map Applies a route map on an interface.
Modea Command Description match mac-list Configures MAC ACL match criteria for a route RM map. route-map Creates a policy based route map. GC set interface null0 Routes packets to interface null 0. RM set ip default next-hop Sets a list of default next-hop IP addresses RM to be used if no explicit route for the packet’s destination address appears in the routing table.
a. For the meaning of each Mode abbreviation, see Mode Types. IPv6 Routing Command Description Modea arp Clears all entries in the IPv6 neighbor table or an entry on a specific interface. PE clear ipv6 neighbors Clears all entries in the IPv6 neighbor table or an entry on a specific interface. PE, VRC clear ipv6 ospf Disables and reenables OSPF. PE, VRC clear ipv6 ospf configuration Resets the OSPF configuration to factory defaults.
Command Description Modea ipv6 mld last-memberquery-interval Sets the last member query interval for the MLD interface, which is the value of the maximum response time parameter in the group specific queries sent out of this interface. IC (VC) ipv6 mld host-proxy Enables MLD Proxy on the router. IC ipv6 mld host-proxy reset- Resets the host interface status parameters of IC status the MLD Proxy router.
Modea Command Description ipv6 nd nud retry Configures the exponential backoff multiple GC to be used in the calculation of the next timeout value for Neighbor Solicitation transmission during NUD (neighbor unreachabililty detection) following the exponential backoff algorithm. ipv6 nd other-config-flag Sets the other stateful configuration flag in router advertisements sent from the interface. ipv6 nd prefix Sets the IPv6 prefixes to include in the router IC advertisement.
Command Description Modea ipv6 unicast-routing Enables forwarding of IPv6 unicast datagrams. VRC ipv6 unreachables Enables the generation of ICMPv6 Destination Unreachable messages. IC show ipv6 brief Displays the IPv6 status of forwarding mode PE and IPv6 unicast routing mode. show ipv6 interface Shows the usability status of IPv6 interfaces. PE show ipv6 mld groups Displays information about multicast groups PE that MLD reported.
Command Description Modea show ipv6 traffic Shows traffic and statistics for IPv6 and ICMPv6. UE show ipv6 vlan Displays IPv6 VLAN routing interface addresses. PE traceroute ipv6 Discovers the routes that packets actually take when traveling to their destination through the network on a hop-by-hop basis. PE a. For the meaning of each Mode abbreviation, see Mode Types.
Command Description Modea vrf (IP SLA) Allows reachability monitoring within Virtual Private Networks (VPNs) using IP Service Level Agreements (SLAs). IPSLAE clear ip sla statistics Clears IP SLA statistical information for a given IP SLA operation or for all IP SLAs. PE show ip sla configuration Displays the configuration values (including UE, PE, all defaults) for a specified IP SLA operation GC or all operations.
Command Description Modea ip multicast-routing Sets the administrative mode of the IP multicast forwarder in the router to active. GC ip multicast ttl-threshold Applies a ttlvalue to a routing interface. IC ip pim Administratively configures PIM mode for IP multicast routing on a VLAN interface. IC ip pim bsr-border Administratively disables bootstrap router (BSR) messages from being sent or received through an interface.
Command Description Modea show ip multicast interface Displays the multicast information for the specified interface. PE show ip mroute Displays a summary or all the details of the multicast table. PE show ip mroute group Displays the multicast configuration settings of PE entries in the multicast mroute table. show ip mroute source Displays the multicast configuration settings of PE entries in the multicast mroute table.
Command Description Modea ipv6 pim (VLAN Interface config) Administratively enables PIM-SM multicast routing mode on a particular IPv6 router interface. IC ipv6 pim bsr-border Prevents bootstrap router (BSR) messages from IC being sent or received through an interface. ipv6 pim bsr-candidate Configures the router to announce its candidacy as a bootstrap router (BSR). GC ipv6 pim dense-mode Administratively configures PIM dense mode for IPv6 multicast routing.
Command Description Modea show ipv6 pim interface Displays interface config parameters. PE or GC show ipv6 pim neighbor Displays IPv6 PIMSM neighbors learned on the PE or routing interfaces. GC show ipv6 pim rp-hash Displays which rendezvous point (RP) is being selected for a specified group. show ipv6 pim rp mapping Displays all group-to-RP mappings of which the PE or router is aware (either configured or learned GC from the bootstrap router (BSR). a.
Command Description Modea area stub no-summary Prevents Summary LSAs from being advertised into the NSSA. ROSPF area virtual-link Creates the OSPF virtual interface for the specified area-id and neighbor router. ROSPF area virtual-link authentication Configures the authentication type and key for ROSPF the OSPF virtual interface identified by the area ID and neighbor ID.
Command Description Modea distance ospf Sets the route preference value of OSPF in the router. ROSPF distribute-list out Specifies the access list to filter routes received from the source protocol. ROSPF enable Resets the default administrative mode of OSPF ROSPF in the router (active). exit-overflow-interval Configures the exit overflow interval for OSPF. ROSPF external-lsdb-limit Configures the external LSDB limit for OSPF.
Command Description Modea maximum-paths Sets the number of paths that OSPF can report for a given destination. ROSPF network area Enables OSPFv2 on an interface and sets its area ROSPF ID if the IP address of an interface is covered by this network command. nsf Enables OSPF graceful restart. ROSPF nsf helper Allow OSPF to act as a helpful neighbor for a restarting router. ROSPF nsf helper strict-lsachecking Set an OSPF helpful neighbor exit helper mode whenever a topology change occurs.
Command Description Modea show ip ospf database database-summary Displays the number of each type of LSA in the database for each area and for the router. PE show ip ospf interface Displays the information for the IFO object or virtual interface tables. PE show ip ospf interface brief Displays brief information for the IFO object or virtual interface tables. PE show ip ospf interface stats Displays the statistics for a specific interface.
Modea Command Description area nssa (Router OSPFv3) Configures the specified areaid to function as an ROSV3 NSSA. area nssa default-infooriginate (Router OSPFv3 Config) Configures the metric value and type for the default route advertised into the NSSA. ROSV3 area nssa no-redistribute Configures the NSSA ABR so that learned external routes will not be redistributed to the NSSA. ROSV3 area nssa no-summary Configures the NSSA so that summary LSAs are ROSV3 not advertised into the NSSA.
Command Description Modea default-information originate (Router OSPFv3 Configuration) Controls the advertisement of default routes. ROSV3 default-metric Sets a default for the metric of distributed routes. ROSV3 distance ospf Sets the route preference value of OSPF in the router. enable Resets the default administrative mode of OSPF ROSV3 in the router (active). exit-overflow-interval Configures the exit overflow interval for OSPF.
Command Description Modea maximum-paths Sets the number of paths that OSPF can report for a given destination. ROSV3 nsf Enables OSPF graceful restart. ROSV3 nsf helper Allows OSPF to act as a helpful neighbor for a restarting router. ROSV3 nsf helper strict-lsachecking Requires that an OSPF helpful neighbor exit ROSV3 helper mode whenever a topology change occurs. nsf restart-interval Configures the length of the grace period on the ROSV3 restarting router.
Command Description Modea show ipv6 ospf database database-summary Displays the number of each type of LSA in the database and the total number of LSAs in the database. PE, VRC show ipv6 ospf interface Displays the information for the IFO object or virtual interface tables. PE, VRC show ipv6 ospf interface brief Displays brief information for the IFO object or virtual interface tables. PE, VRC show ipv6 ospf interface stats Displays the statistics for a specific interface.
Command Description Modea match ipv6 address Specifies an IPv6 address match criteria for a route map. RM set ipv6 next-hop Specifies an adjacent next-hop router in RM the path toward the destination to which the packets should be forwarded. set ipv6 default next-hop RM Specifies an adjacent default next-hop router in the path toward the destination to which the packets should be forwarded.
Modea Command Description show ip irdp Displays the router discovery information for all PE interfaces, or for a specified interface. a. For the meaning of each Mode abbreviation, see Mode Types. Routing Information Protocol Command Description Modea auto-summary Enables the RIP auto-summarization mode. RIP default-information originate (Router RIP Configuration) Controls the advertisement of default routes. RIP default-metric Sets a default for the metric of distributed routes.
Modea Command Description show ip rip interface Displays information related to a particular RIP PE interface. show ip rip interface brief Displays general information for each RIP interface. PE split-horizon Sets the RIP split horizon mode. RIP a. For the meaning of each Mode abbreviation, see Mode Types. Tunnel Interface Modea Command Description interface tunnel Enables the interface configuration mode for a GC tunnel.
Virtual Router Command Description Modea description Assigns descriptive text to the VRF instance. VR ip vrf Creates a virtual router with a specified name GC and enters Virtual Router Configuration mode. ip vrf forwarding Associates an interface with a VRF instance. maximum routes Reserves the number of routes allowed and sets VR the maximum limit on the number of routes for a virtual router instance in the total routing table space for the router.
Command Description Modea vrrp mode Enables the virtual router configured on an interface. Enabling the status field starts a virtual router. IC vrrp preempt Sets the preemption mode value for the virtual IC router configured on a specified interface. vrrp priority Sets the priority value for the virtual router configured on a specified interface. vrrp timers advertise Sets the frequency, in seconds, that an interface IC on the specified virtual router sends a virtual router advertisement.
Virtual Router Redundancy Protocol version 3 Commands 206 Command Description Modea fhrp version vrrp v3 Enables Virtual Router Redundancy Protocol version 3 (VRRPv3) configuration on the switch. VRRP vrrp Creates a Virtual Router Redundancy Protocol version 3 (VRRPv3) group and enter VRRPv3 Group Configuration mode.
a. Command Description Modea timers advertise Configures the interval between successive advertisements by the primary virtual router in a Virtual Router Redundancy Protocol version 3 (VRRPv3) group. VRRP shutdown Disables a Virtual Router Redundancy Protocol version 3 (VRRPv3) group configuration. VRRP address Sets the primary or secondary IP address of the switch within a Virtual Router Redundancy Protocol version 3 (VRRPv3) group.
Modea Command Description application start Schedules a Dell-supplied application for GC immediate execution on the management unit in the stack. application stop Stops a Dell-supplied application if the application is executing on the management unit in the stack. GC show application Displays installed applications and optionally displays application files. GC a. For the meaning of each Mode abbreviation, see Mode Types.
CLI Macro Command Description Modea macro name Creates a user-defined macro. GC macro global apply Use to apply a macro. GC macro global trace Applies and traces a macro. GC macro global description Appends a line to the global macro description. GC macro apply Use to apply a macro. IC macro trace Applies and traces a macro. IC macro description Appends a line to the macro description. IC show parser macro Displays information about defined macros. PE a.
Command Description Modea sntp unicast client enable Enables clients to use Simple Network Time Protocol (SNTP) predefined Unicast clients. GC clock timezone hours-offset Sets the offset to Coordinated Universal Time. GC no clock timezone Resets the time zone settings. clock summer-time recurring Sets the summertime offset to UTC recursively GC every year. clock summer-time date Sets the summertime offset to UTC. GC no clock summer-time Resets the summertime configuration.
Command Description Modea erase Erases the startup configuration, the backup configuration, or the backup image. PE filedescr Adds a description to a file. PE rename Renames the file present in flash. PE show backup-config Displays contents of a backup configuration file. PE show bootvar Displays the active system image file that the switch loads at startup. UE show running-config Displays the contents of the currently running configuration file.
Command Description Modea server Configures a HiveAgent server (HiveManager NG) and enter HiveAgent server configuration mode. HAC debug Enables HiveAgent debug capability. HAC enable Enables a HiveAgent server. HAC proxy-ip-address Configures a proxy server to be used to contact HAC the HiveManager NG.
Command Description Modea exec-banner Enables exec banner on the console, telnet or SSH connection. LC exec-timeout Configures the interval that the system waits for LC user input before Privileged Exec mode timeout. history Enables the command history function. history size Changes the command history buffer size for a LC particular line. line Identifies a specific line for configuration and enters the line configuration command mode.
key-server priority Configures the preference for an MKA key server. MP macsec-cipher-suite Configures the MACsec cipher suite for an MKA policy. MP confidentiality-offset Configures where to start encrypting the data MP packet. key chain Configures or modifies a key chain and enter GC Key Chain Configuration mode. key Configures a key and enter Keychain Key Configuration mode. GC cryptographic-algorithm Configures the cryptographic algorithm for the key. KK key-string Configures the key.
show macsec secy statistics Displays MACsec SecY statistics. PE, GC clear mka statistics Clears the MKA protocol statistics for an interface. PE clear macsec secy statistics Clears the MKA protocol statistics for an interface. PE a. For the meaning of each Mode abbreviation, see Mode Types. PHY Diagnostics Command Description Modea show copper-ports tdr Displays the last TDR (Time Domain Reflectometry) tests on specified ports.
power inline priority Configures the port priority level for the delivery of power to an attached device. IC (Ethernet) power inline reset Use to reset the port. IC power inline usagethreshold Configures the system power usage threshold level at which lower priority ports are disconnected. GC clear power inline statistics Clears the PoE statistics. PE show power inline Reports current PoE configuration and status.
Serviceability Tracing Command Description Modea debug aaa Enables debugging for accounting. PE debug arp Enables tracing of ARP packets. PE debug authentication interface Enables Authentication Manager debug traces for the interface. PE debug auto-voip Enables Auto VOIP debug messages. PE debug bfd Enables the display of BFD events or packets. PE debug cfm Enables CFM debugging. PE debug clear Disables all debug traces.
Command Description Modea debug ip pimsm packet Traces PIMSM packet reception and transmission. PE debug ip vrrp Enables debug tracing of VRRP events. PE debug ipv6 dhcp Displays debug information about DHCPv6 PE client activities and to trace DHCPv6 packets to and from the local DHCPv6 client. debug ipv6 mcache Traces MDATAv6 packet reception and transmission. debug ipv6 mld Traces MLD packet reception and transmission.
Command Description Modea debug spanning-tree Traces spanning tree BPDU packet reception and transmission. PE debug tacacs Enables debug tracing of TACACS+ debugging. PE debug transfer Enables debug tracing of file transfers. PE debug udld Enables the display of UDLD packets or event processing. PE debug vpc Enables debug traces for the specified protocols GC debug vrrp Enables VRRP debug protocol messages. PE exception core-file Configures the core dump file name.
sFlow Command Description Modea sflow destination Configures sFlow collector parameters (owner string, receiver timeout, ip address, and port). GC sflow polling Enables a new sflow poller instance for the data GC source if rcvr_idx is valid. sflow polling (Interface Mode) Enable a new sflow poller instance for this data IC source if rcvr_idx is valid. sflow sampling Enables a new sflow sampler instance for this data source if rcvr_idx is valid.
Command Description Modea show snmp user Displays the configuration of users. PE show snmp views Displays the configuration of views. PE show trapflags Displays SNMP traps globally or displays specific SNMP traps. PE snmp-server community Sets up the community access string to permit access to SNMP protocol. GC snmp-server communitygroup Maps SNMP v1 and v2 security models to the group name. GC snmp-server contact Sets up a system contact (sysContact) string.
Support Assist Modea Command Description eula-consent Accepts or rejects the end-user license GC agreement (EULA) for the SupportAssist server. contact-company Configures the contact information to be sent to the SupportAssist server. SAC contact-person Configures the contact information to be sent to the SupportAssist server. SAC enable Enables a SupportAssist server. SAC proxy-ip-address Configures a proxy server to be used to contact SAC the SupportAssist servers.
Command Description Modea logging cli-command Enables CLI command logging. GC logging Configures a SYSLOG server GC logging audit Enables switch auditing. GC logging buffered Enables logging to the in-memory log. GC logging console Enables logging to the console. GC logging facility Configures the facility to be used in SYSLOG messages. GC logging file Enables logging to the persistent (on flash) log.
System Management Command Description Modea asset-tag Specifies the switch asset-tag. GC banner exec Sets the message that is displayed after a successful login. GC banner login Sets the message that is displayed just before the login prompt. GC banner motd Specifies message-of-the-day banner. GC banner motd acknowledge Acknowledges message-of-the-day banner.
Command Description Modea nsf Specifies non-stop forwarding. GC ping Sends ICMP echo request packets to another node on the network. UE process cpu threshold Configures the rising and falling thresholds for GC the issuance of the CPU overload SNMP trap and notification via a SYSLOG message. quit Disconnects the serial connection to the remote UE unit on a stack member. reload Reloads the operating system. PE set description Associates a text description with a switch in the stack.
Command Description Modea show nsf Shows non-stop forwarding status. PE show power-usagehistory Shows the history of unit power consumption PE for the unit specified in the command and total stack power consumption. show process app-list Displays the system applications. show process appresource-list Lists the configured and in-use resources for PE or GC each application known to the Process Manager. show process cpu Checks the CPU utilization for each process currently running on the switch.
Command Description Modea show version Displays the system version information. UE stack Sets the mode to Stack Configuration mode. GC stack-port Sets the mode to Stack Configuration mode to GC configure Stack ports as either Stacking ports or as Ethernet ports. stack-port shutdown Enables or disable the stack port administratively. SC standby Configures the standby in the stack. SG switch renumber Changes the identifier for a switch in the stack.
Time Ranges Modea Command Description time-range [name] Creates a time range identified by name, GC consisting of one absolute time entry and/or one or more periodic time entries. absolute Adds an absolute time entry to a time range. TRC periodic Adds a periodic time entry to a time range. TRC show time-range Displays a time range and all the absolute/periodic time entries that are defined for the time range. PE a. For the meaning of each Mode abbreviation, see Mode Types.
Modea Command Description end Gets the CLI user control back to the privileged Any execution mode or user execution mode. exit Exits any configuration mode to the previously (All) highest mode in the CLI mode hierarchy. quit|exit|logout Closes an active terminal session by logging off UE the switch. a. For the meaning of each Mode abbreviation, see Mode Types. Web Server Command Description Modea common-name Specifies the common-name for the device. CR country Specifies the country.
Command Description Modea location Specifies the location or city name. CR no crypto certificate Deletes a certificate from the switch. GC organization-name Identifies the legal name of the organization requesting the certificate. CR organization-unit Specifies the organization-unit or department name. CR quit Exits from crypto certificate generate mode, crypto certificate import mode, or crypto certificate request mode without performing the action.
2 Using the CLI Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Introduction This section describes the basics of entering and editing the Dell EMC Networking N1100-ON, N1500, N2000, N2100-ON, N2200-ON, N3000-ON, N3100-ON, and N3200-ON Series Command Line Interface (CLI) commands and defines the command hierarchy. It also explains how to activate the CLI and implement its major functions.
command syntax requirements and in some instances parameters required to complete the command. The standard command to request context-sensitive help is the > key. Two instances where the help information can be displayed are: • Keyword lookup — The > key is entered in place of a command. A list of all valid commands and corresponding help messages is displayed. • Partial keyword lookup — A command is incomplete and the > key is entered in place of a parameter.
Table 2-1. History Buffer Keyword Source or Destination Up-arrow key Recalls commands in the history buffer, beginning with the most recent command. Repeats the key sequence to recall successively older commands. + Down-arrow key + Returns to more recent commands in the history buffer after recalling commands with the up-arrow key. Repeating the key sequence recalls more recent commands in succession.
console(config-if-Gi1/0/1)#show interface status Port Name Duplex Speed State Neg Link Status Flow Control --------- ------------------------- --------- ------------- --------- --------- -----------Gi1/0/1 N/A Unknown Auto Down Inactive Gi1/0/2 N/A Unknown Auto Down Inactive Gi1/0/3 N/A Unknown Auto Down Inactive Gi1/0/4 N/A Unknown Auto Down Inactive Gi1/0/5 N/A Unknown Auto Down Inactive Gi1/0/6 N/A Unknown Auto Down Inactive CLI Output Filtering Many CLI show commands inclu
• Output Filtering – “Grep”-like control for modifying the displayed output to only show the user-desired content. • Filter displayed output to only include lines containing a specified string match. • Filter displayed output to exclude lines containing a specified string match. • Filter displayed output to only include lines including and following a specified string match.
command. If the characters already entered are not enough for the system to identify a single matching command, the >key displays the available commands matching the characters already entered. Short Form Commands The CLI supports the short forms of all commands. As long as it is possible to recognize the entered command unambiguously, the CLI accepts the short form of the command as if the user typed the full command.
Table 2-2. CLI Shortcuts Keyboard Key Description Delete previous character + Go to beginning of line + Go to end of line + Go forward one character + Go backward one character + Delete current character + Delete to beginning of line + Delete to the end of the line.
) or a blank. In these cases, it may be necessary to enclose the entire string in double or single quotes for the command line parser to properly interpret the parameter. Command Scripting The CLI can be used as a programmable management interface. To facilitate this function, the exclamation point and any characters entered after the exclamation point up until the end of the line are treated as a comment and ignored by the CLI.
Table 2-3. CLI Command Notation Conventions Convention Example Description [ ] square brackets [value] In a command line, square brackets indicate an optional parameter that you can enter in place of the brackets and text inside them. { } curly braces {choice1|choice2} In a command line, inclusive brackets indicate a selection of compulsory parameters separated by the | character. You must select a parameter from the list of choices.
• Unit#/Slot#/Port# — Identifies a specific interface by the interface type tag followed by the Unit# followed by a / symbol, then the Slot# followed by a / symbol, and then the Port#. For example, gi2/0/10 identifies the Gigabit interface 10 in slot 0 within the second unit on a non-blade switch. Table 2-4 below lists the supported interface type tags.
Table 2-4.
Loopback Interfaces Loopback interfaces are represented in the CLI by the keyword loopback followed by the variable loopback-id, which can assume values from 0–7. Port Channel Interfaces Port-channel (or LAG) interfaces are represented in the CLI by the keyword port-channel followed by the variable port-channel-number. When listed in command line output, port channel interfaces are preceded by the characters Po.
to the left of the hyphen must always be less than or equal to the number to the right of the hyphen, e.g. interface range Gi1/0/10-1 is not valid. (#, #, #) — a list of interfaces. For example, (1/0/1, 1/0/1,1/0/3, 1/0/5) indicates that the operation applies to the Ethernet interfaces 1, 3, and 5 on unit 1. The interfaces may or may not be consecutive, nor must the interfaces be of the same type. (#, #-#, #) — ranges and non-consecutive interfaces listed together.
tunnel 7 loopback 3 Example #2 console(config-if-Gi1/0/23)#show vlan VLAN ----1 Name --------------default Ports ------------Po1-128, Gi1/0/1-24, Te1/0/1-2 Type -------------Default RSPAN Vlan --------------------------------------------------------------------None console(config-if-Gi1/0/23)#show slot 2/0 Slot.............................. Slot Status....................... Admin State....................... Power State....................... Configured Card: Model Identifier...............
Card Description............... Configured Card: Model Identifier............... Card Description............... Pluggable......................... Dell 24 Port 10G Fiber Dell Networking N3024F Dell 24 Port 10G Fiber No Entering Network Addresses MAC Addresses MAC addresses are specified in 3 groups of four upper or lower case hexadecimal characters separated by periods with no spaces, e.g. 0011.2233.FFee or by eight pairs of upper or lower case hexadecimal characters separated by colons, e.g.
Any host: 0000:0000:0000:0000:0000:0000:0000:0000 becomes :: The prefix length, if specified, ranges from 1 to 128 and is specified by a forward slash and a decimal number indicating the significant bits of the address, e.g. 3ffe:ffff:100:f101:0:0:0:/64. No spaces are allowed between the last address digit or colon and the forward slash.
CLI Command Modes Since the set of CLI commands is very large, the CLI is structured as a command-tree hierarchy, where related command sets are assigned to command modes for easier access. At each level, only the commands related to that level are available to the user and only those commands are shown in the context sensitive help for that level.
When starting a session, the initial mode is the User Exec mode (privilege level 0). Only a limited subset of commands is available in this mode. This level is reserved for tasks that do not change the configuration. To enter the next level, Privileged Exec mode (privilege level 1) may be required if configured by the administrator. Privileged Exec mode provides access to commands that can not be executed in the User Exec mode and permits access to Global Configuration mode.
Global Configuration Mode Global Configuration commands allow the operator to change the configuration of the switch. The Privileged Exec mode command configure (or configure terminal) is used to enter Global Configuration mode. console(config)# The following are the Global Configuration submodes: • SNMP v3 Host Configuration — Configures the parameters for the SNMP v3 server host. • SNMP Community Configuration — Configures the parameters for the SNMP server community.
• Policy Class — Use the class command to access the QoS Policy-class mode to attach or remove a diffserv class from a policy and to configure the QoS policy class. • Class-Map — This mode consists of class creation/deletion and matching commands. The class matching commands specify layer 2, layer 3 and general match criteria. Use the class-map class-map-name commands to access the QoS Class Map Configuration mode to configure QoS class maps.
Pre-configured capabilities become active only when enabled (typically via an admin mode control) or when the required hardware is present (or both). For example, a port can be pre-configured with both trunk and access mode information. The trunk mode information is applied only when the port is placed into trunk mode and the access mode information is only applied when the port is placed into access mode. Likewise, OSPF routing can be configured in the switch without being enabled on any port.
Identifying the Switch and Command Mode from the System Prompt The system prompt provides the user with the name of the switch (hostname) and identifies the command mode. The following is a formal description of the system command prompt: [device name][([command mode-[object]])][# | >] [device name] — is the name of the managed switch, which is typically the user-configured hostname established by the hostname command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Privileged Exec console# Use the enable command to enter into this mode. This mode is password protected. Use the exit command, or press + to return to the User Exec mode. Global Configuration console(config)# From Privileged Exec mode, use the configure command. Use the exit command, or press + to return to the Privileged Exec mode.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method IPv6 Address Family Configuration From BGP Router console (config-router-af)# Configuration mode, use the address-family ipv6 command. To exit to BGP Router Configuration mode, use the exit command, or press + to Privileged Exec mode. Management Access-List From Global Configuration mode, use the management access-list command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method MAC Access List From Global Configuration mode, use the mac access-list command. Command Prompt Exit or Access Previous Mode console(config-mac-accesslist)# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode. console(config-pubkeySSH Public Key- From Global chain)# Chain Configuration mode, use the crypto key pubkeychain ssh command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode RADIUS Server Configuration From Global Configuration mode, use the radius server host command. console(Config-authradius)# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode. RADIUS Dynamic Authorization console(config-radius-da)# From Global Configuration, use the aaa server radius dynamic-author command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode SNMP Community Configuration From Global Configuration mode, use the snmp-server community command. console(config-snmp)# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode Crypto Certificate Generation From Global Configuration mode, use the crypto certificate number generate command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Logging From Global Configuration mode, use the logging command. console(config-logging)# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode. MST From Global Configuration mode, use the spanning-tree mst configuration command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Virtual Router Config console(config-vrfFrom Global XXX)#where XXX is the VRF Configuration mode, use the ip vrf name. command. To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode Router RIP Config From Global Configuration mode, use the router rip command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Track Configuration Mode Switch (config-track)# From Global Configuration mode, use the track object-number ip sla operationnumber command. To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode. IP SLA Configuration Mode Switch (config-ip-sla)# From Global Configuration mode, use the ip sla operation-number command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode ERSPAN Destination Session Configuration Switch (config-erspan-src)# From Global Configuration mode, use the monitor session type erspandestination command to configure an ERSPAN destination session. To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode Gigabit Ethernet From Global Configuration mode, use the interface gigabitethernet command. Or, use the abbreviation interface gi. console (config-ifGiunit/slot/port# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode. 10 Gigabit Ethernet From Global Configuration mode, use the interface tengigabitethernet command.
Table 2-5. Navigating CLI Command Modes (continued) Command Mode Access Method Command Prompt Exit or Access Previous Mode VLAN From Global Configuration mode, use the interface vlan command. console(config-if-vlanvlanid)# To exit to Global Configuration mode, use the exit command, or press + to Privileged Exec mode. Tunnel From Global Configuration mode, use the interface tunnel command. Or, use the abbreviation interface tu.
3 When finished, exit the session with the quit or exit command. The switch can be managed over a direct connection to the switch console port or through a Telnet connection. If access is through a Telnet connection, the switch must have a defined IP address, corresponding management access granted, and a connection to the network. Using CLI Functions and Tools The CLI has been designed to manage the switch’s configuration file system and to manage switch security.
Copying Files The copy command not only provides a method for copying files within the file system, but also to and from remote servers. With the copy command and URLs to identify files, the user can back up images to local or remote systems or restore images from local or remote systems. To use the copy command, the user specifies the source file and the destination file.
• running-config — This file refers to the configuration file currently active in the system. It is possible to copy the running-config image to a backupconfig file or to the startup-config file. • startup-config — This file refers to the special configuration image stored in flash memory which is loaded when the system next reboots. The user may copy a particular configuration file (remote or local) to this special file name and reboot the system to force it to use a particular configuration.
• The serial session defaults to 9600 BAUD, eight data bits, one stop bit, no parity and no flow control (115200 for the N1100-ON, N2100-ON, N2200-ON, N3100-ON, and N3200-ON). User Accounts Management The CLI provides configuration of authentication for switch administrators or network users either through remote authentication servers supporting TACACS+ or RADIUS or through a set of locally managed user accounts.
User Access Control In addition to authenticating an administrator, the CLI also assigns the administrator access to one of two security levels. Privilege level 1 has readonly access. This level allows the administrator to read information but not configure the switch. The access to this level cannot be modified. Level 15 is the special access level assigned to the superuser of the switch. This level has full access to all functions within the switch.
SYSLOG The switch supports sending logging messages to a remote SYSLOG server. The administrator configures a remote log server to which SYSLOG messages are sent. The following rules apply: • The administrator configures a remote SYSLOG server to which system logging messages are sent. • Log messages are implementation-dependent but may contain debug messages, security or fault events. • The switch maintains at most the last 1000 system events in the inmemory log.
Management ACL In addition to user access control, the system also supports filtering of management protocol packets addressed to the switch over the in-band ports. This capability allows individual hosts or subnets to access the switch using specific management protocols. The administrator defines a management profile, which identifies management protocols such as the following: • Telnet. • SSH and the keying information to use for SSH. • HTTP. • HTTPS and the security certificate to be used.
Boot Message The boot message is a system message that is not user-configurable and is displayed when the system is booting. To start the normal booting process, select item 1 in the Boot Menu. The following is a sample log for booting information. Select startup option within 5 seconds, else Operational Code will start automatically... Operational Code Startup -- Main Menu 1 - Start Operational Code 2 - Display Boot Menu Select (1, 2)# active = /dev/mtd7 Extracting Operational Code from .stk file...done.
1 - Start Operational Code 2 - Display Boot Menu Select (1, 2)# 2 Boot Main Menu ============== 1 2 3 4 5 9 10 11 12 13 14 - Start Operational Code Select Baud Rate Retrieve Logs Load New Operational Code Display Operational Code Details Reboot Restore Configuration to Factory Defaults Activate Backup Image Start Password Recovery Boot ONIE (Rescue Mode) Boot Diagnostics Enter Choice# Creating tmpfs filesystem on /mnt/download for download...done.
active = /dev/mtd7 Extracting Operational Code from .stk file...done. Loading Operational Code...done. Decompressing Operational Code...done. Product Details:Operational Code Image File Name - N2000v6.0.0.8 Rel 6, Ver 0, Maint Lev 0, Bld No 8 Timestamp - Thu Aug 22 13:09:33 EDT 2013 Number of components - 1 Device 776 ImageFlags 1 L7_MODULE_LIST=linux-kernel-bde.ko linux-user-bde.ko Enter Choice# 10 Are sure you want to Erase Current Configuration? (Y/N): y Erasing Current Configuration...done.
4 START_OPR_CODE_PASSWD_RECOVERY MODE Uncompressing apps.lzma SyncDB Running... DMA pool size: 16777216 PCI unit 0: Dev 0xb842, Rev 0x02, Chip BCM56842_A1, Driver BCM56840_B0 SOC unit 0 attached to PCI device BCM56842_A1 hpc - No stack ports. Starting in stand-alone mode. <186> Jul 12 02:40:46 0.0.0.0-1 General[63446620]: bootos.c(179) 11 %% Event(0xaaaaaaaa) started! (Unit 1 - Waiting to select management unit)> Applying Global configuration, please wait ...
information, which may include but is not limited to configuration information, user supplied contact information, names of data volumes, IP addresses, access control lists, diagnostics & performance information, network configuration information, host/server configuration& performance information and related data (Collected Data) and transmits this information to Dell. By downloading SupportAssist and agreeing to be bound by the set terms and the Dell end user license agreement, available at: www.dell.
is entered into the running-config if the SupportAssist EULA Accept file exists on the management unit in the stack and contains the ‘EULA: Accepted’ text. Regardless of whether the administrator runs or does not run the Easy Setup wizard and if the HiveAgent is installed: eula-consent hiveagent accept is entered into the running-config if the HiveAgent EULA Accept file exists on the management unit in the stack and contains the ‘EULA: Accepted’ text.
Viewing System Messages System messages autonomously display information regarding occurrences that may affect switch operations. By default, system messages are not displayed on CLI sessions connected via telnet or SSH. Use the terminal monitor command to enable the autonomous display of system messages when connecting to the switch via telnet or SSH. System messages are always displayed on the serial console.
Using the CLI 278
Layer 2 Switching Commands 3 The sections that follow describe commands that conform to the OSI model data link layer (Layer 2). Layer 2 commands provide a logical organization for transmitting data bits on a particular medium. This layer defines the framing, addressing, and checksum functions for Ethernet packets.
Ethernet CFM Commands IPv6 MLD Snooping Commands Port Monitor Commands — Layer 2 Switching Commands 280
ACL Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Access to a switch or router can be made more secure through the use of Access Control Lists (ACLs) to control the type of traffic allowed into or out of specific ports. An ACL consists of a series of rules, each of which describes the type of traffic to be processed and the actions to take for packets that meet the classification criteria.
particular classifier rule. The ACL logging feature allows these hardware “hit” counts to be collected on a per-rule basis and reported periodically to the network administrator using the system logging facility and an SNMP trap. The Dell EMC Networking ACL syntax supports a log parameter that enables hardware hit count collection and reporting.
Table 3-1. Common EtherTypes EtherType Protocol 0x0800 Internet Protocol version 4 (IPv4) 0x0806 Address Resolution Protocol (ARP) 0x0842 Wake-on LAN Packet 0x8035 Reverse Address Resolution Protocol (RARP) 0x8100 VLAN tagged frame (IEEE 802.1Q) 0x86DD Internet Protocol version 6 (IPv6) 0x8808 MAC Control 0x8809 Slow Protocols (IEEE 802.3) 0x8870 Jumbo frames 0x888E EAP over LAN (EAPOL – 802.
ip access-list Use the ip access-list command in Global Configuration mode to create an Access Control List (ACL) that is identified by the parameter list-name and to enter IPv4-Access-List configuration mode. If parameterized with the name of an existing access list, additional match clauses are added to the end of the access list. Syntax ip access-list list-name [extended] no ip access-list list-name • list-name—Access-list name up to 31 characters in length.
Syntax [sequence-number]{deny | permit} {ipv4-protocol | 0-255 | every} {srcip srcmask | any | host srcip} [{range {portkey | startport} {portkey | endport}} | {eq | neq | lt | gt} {portkey | 0-65535} ] {dstip dstmask | any | host dstip} [{range {portkey | startport} {portkey | endport}} | {eq | neq | lt | gt} {portkey | 0-65535}] [flag [+fin | -fin] [+syn | -syn] [+rst | -rst] [+psh | -psh] [+ack | -ack] [+urg | -urg] [established]] [icmp-type icmptype [icmp-code icmp-code] | icmp-message icmp-message] [ig
• • [{{eq | neq | lt | gt} {portkey | number} | range startport endport}]— Specifies the layer 4 source or destination port match condition for the TCP/UDP ACL rule. When the protocol is SCTP, TCP or UDP, a source or destination port number, which ranges from 0-65535, or a portkey, which can be one of the following keywords: domain, echo, ftp, ftp-data, http, smtp, snmp, telnet, tftp, www, bgp, pop2, pop3, ntp, rip, time, who may be entered.
• [precedence precedence | tos tos [tosmask] | dscp dscp]—Specifies the TOS for an IP/TCP/UDP ACL rule depending on a match of precedence or DSCP values using the parameters dscp, precedence, or tos tosmask. • flag [+fin | -fin] [+syn | -syn] [+rst | -rst] [+psh | -psh] [+ack | -ack] [+urg | -urg] [established]—Specifies that the IP/TCP/UDP ACL rule matches on the TCP flags.
– IPv4 ICMP message types: echo echo-reply host-redirect mobileredirect net-redirect net-unreachable redirect packet-too-big portunreachable source-quench router-solicitation router-advertisement time-exceeded ttl-exceeded unreachable • igmp-type igmp-type—When igmp-type is specified, IP ACL rule matches on the specified IGMP message type (i.e., a number from 0 to 255). • fragments—Specifies the rule matches packets that are non-initial fragments (fragment bit asserted).
– Burst-size – the committed burst size in Kilobytes. Default Configuration No ACLs are configured by default. An implicit deny all condition is added by the system after the last MAC or IP/IPv6 access group if no route-map is configured on the interface. Command Mode Ipv4-Access-List Configuration mode User Guidelines Administrators are cautioned to specify permit and deny rule matches as fully as is possible in order to avoid false matches.
Ethertype Protocol 0x8906 Fibre Channel over Ethernet 0x8914 FCoE Initialization Protocol 0x9100 Q in Q In order to provide the greatest amount of flexibility in configuring ACLs, the permit/deny syntax allows combinations of matching criteria that may not make sense when applied in practice. Port ranges are not supported for ACLs configured in egress (out) accessgroups. This means that only the eq operator is supported in an egress (out) ACL.
If a permit|deny clause is entered with the same sequence number as an existing rule, an error is displayed and the existing rule is not updated with the new information. Command History Updated in 6.3.0.1 firmware. Description updated in the 6.4 release.
[sequence-number] {deny | permit} {{any | srcmac srcmacmask} {any | bpdu |dstmac dstmacmask}} [ethertypekey | [0x0600-0xFFFF] [vlan {eq 04095}] [secondary-vlan {eq 0-4095}] [cos 0-7] [log] [time-range time-rangename] [assign-queue queue-id] [{mirror | redirect} interface-id] [rate-limit rate burst-size] no sequence-number • sequence-number—Identifies the order of application of the permit/deny statement.
• time-range-name—Use the time-range parameter to impose a time limitation on the MAC ACL rule as defined by the parameter. • assign-queue—Specifies particular hardware queue for handling traffic that matches the rule. • queue-id —0-6, where n is number of user configurable queues available for that hardware platform. The queue ID is the internal queue number (traffic class), not the CoS value.
Every permit/deny rule that does not have a rate-limit parameter is assigned a counter. If counter resources become exhausted, a warning is issued and the rule is applied to the hardware without the counter. If a permit|deny clause is entered with the same sequence number as an existing rule, an error is displayed and the existing rule is not updated with the new information. Command History Updated in 6.3.0.1 firmware. Secondary VLAN option added in 6.3.5 release.
Default Configuration This command has no default configuration. Command Mode Global Configuration and Interface Configuration (Ethernet, VLAN, or Port Channel) modes User Guidelines The Global Configuration mode command configures the ACL on all Ethernet and port-channel interfaces, whereas the interface mode command does so for the selected interface. Dell EMC Networking switches support configuration of multiple access groups.
console(config)#interface te1/0/1 console(config-if-Te1/0/1)#ip access-group aclname out 2 console(config-if-Te1/0/1)#no ip access-group aclname out Command History Example and description updated in the 6.4 release. mac access-group Use the mac access-group command in Global Configuration or Interface Configuration mode to attach a specific MAC Access Control List (ACL) to an interface.
The ACLs in the access-group are configured in hardware when the interface becomes active. Resource contention issues will only become apparent at that time. It is recommended that ACLs be configured on an active interface as a check prior to deployment in the network. An optional sequence number may be specified to indicate the order of this access-list relative to the other access-lists already assigned to this interface and direction. A lower number indicates higher precedence order.
• name — Name of the access list. (Range: 1-31 characters) Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Use this command to create a mac access control list. The CLI mode is changed to Mac-Access-List Configuration when this command is successfully executed. Example The following example creates MAC ACL and enters MAC-Access-ListConfiguration mode.
User Guidelines Command fails if the new name is the same as the old one. Example The following example shows the mac access-list extended rename command. console(config)#mac access-list extended DELL1 console(config-mac-access-list)#exit console(config)#mac access-list extended rename DELL1 DELL2 remark Use the remark command to add a comment to an ACL rule. Use the no form of the command to remove a comment from an ACL rule.
User Guidelines The administrator can use the remark keyword to add comments to ACL rule entries belonging to an IPv4, IPv6, MAC or ARP ACL. Remarks are associated with the ACL rule that is created immediately after the remarks are created. When the ACL rule is removed, the associated remarks are also deleted. Remarks are shown only in show running-config and are not displayed in show ip access-lists. The no remark command removes the first matching remark from an ACL access-list.
Syntax service-acl input {blockcdp | blockvtp | blockdtp | blockudld | blockpagp | blocksstp | blockall} no service-acl input [blockcdp | blockvtp | blockdtp | blockudld | blockpagp | blocksstp | blockall] • blockcdp—To block CDP PDU’s from being forwarded. • blockvtp—To block VTP PDU’s from being forwarded. • blockdtp—To block DTP PDU’s from being forwarded. • blockudld—To block UDLD PDU’s from being forwarded. • blockpagp—To block PAgP PDU’s from being forwarded.
Syntax show service-acl interface {interface-id | all} • interface-id—An Ethernet interface identifier or a port channel interface identifier. See Interface Naming Conventions for interface representation. Default Configuration UDLD is blocked by default. No other protocol is blocked by default. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command is not supported on the N1500 Series switches.
• interface-id—The interface identifier (Ethernet, port-channel, or VLAN). • in—Show the ingress ACLs. • out—Show the egress ACLs. • control-plane—Show the control plane ACLs. Default Configuration No ACLs are configured by default. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command displays information about the attributes “icmp-type”, “icmpcode”, “igmp-type,” “fragments,” “routing,” and “source and destination L4 port ranges.” It displays the committed rate, committed burst size and the ACL rule hit count of packets matching the ACL rule. This matching packet counter value rolls over upon reaching the maximum value (18446744073709551615 or 264 -1).
TO_FRM UPLINKS Allow-192-168-0-x 2 5 3 437 0 7617636 Gi1/0/26 Gi1/0/26 Gi1/0/29 Inbound Outbound Inbound The following example displays the IP ACLs configured on a device. console#show ip access-lists asdasd IP ACL Name: asdasd Inbound Interface(s): Gi1/0/7 Rule Number: 1 Action......................................... Match All...................................... Protocol....................................... Source IP Address.............................. Source IP Mask...........................
The following examples show Dynamic ACLs configured for both the data and voice VLAN.
Default Configuration This command has no default configuration Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The hit counter applies to the ACL, not to the interface. It shows the sum of all matching packets across all interfaces to which the ACL is applied. For an ACL applied to multiple interfaces, the hit counter will be identical for all interfaces. Command History Updated in 6.3.0.1 firmware. Updated User Guidelines in 6.3.0.5 firmware.
Rule Number: 2 Action......................................... Source MAC Address............................. Source MAC Mask................................ EtherType...................................... VLAN........................................... ACL Hit Count.................................. permit 0000.1133.2244 FFFF.0000.
MAC Address Table Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Dell EMC Networking switches implement a MAC Learning Bridge is compliance with IEEE 802.1Q. The switches implement independent VLAN learning (IVL).
Syntax clear mac address-table dynamic [address mac-addr | interface interface-id | vlan vlan-id | notification] • mac-addr—Delete the specified MAC address. • interface-id—Delete all dynamic MAC addresses on the specified Ethernet port or port channel. • vlan-id—Delete all dynamic MAC addresses for the specified VLAN. The range is 1 to 4093. • notification — Clear the MAC notification counters. Default Configuration This command has no default configuration.
no mac address-table aging-time • 0—Disable aging time for the MAC Address Table. • 10-1000000—Set the number of seconds aging time for the MAC Address Table. Default Configuration 300 seconds Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example In this example the MAC Address Table aging time is set to 400.
• interface-list —Specify a comma separated list of interface identifiers, a range of interfaces, or a combination of both. Interface identifiers can be port channel interface identifiers or Ethernet interface identifiers. Embedded blanks are not allowed in the list. Default Configuration No forbidden addresses are defined. Command Mode Global Configuration mode User Guidelines Before defining forbidden ports, ensure that the multicast group is registered.
• interface-id—The interface to which the received packet is forwarded. Ethernet interface identifiers and port channel identifiers are valid for this command. Default Configuration No static addresses are defined. The default mode for an added address is permanent. Command Mode Global Configuration mode User Guidelines The MAC address may be a unicast or multicast MAC address. Static MAC addresses are never overridden by dynamically learned addresses.
no switchport port-security Default Configuration Port security is disabled by default. No MAC addresses are learned or configured by default. Command Mode Global Configuration mode User Guidelines Port security must be enabled globally and on the interface or VLAN in order to be active. Disabling port security globally does not remove sticky MAC address configuration from the running-config.
station movement occurs. Statically locked MAC addresses are not eligible for aging. If a packet arrives on a port with a source MAC address that is statically locked on another port, then the packet is discarded. Static locking allows the administrator to specify a list of host MAC addresses that are admitted on a port. The behavior of packets is the same as for dynamic locking: only packets with a known source MAC address can be admitted and forwarded.
Example Enable port security/MAC locking globally and on an interface. console(config)#switchport port-security console(config)#interface gi1/0/3 console(config-if-gi1/0/3)#switchport port-security Enable port security/MAC locking globally and on an interface, enable sticky mode on the interface and convert all dynamic addresses on the interface to sticky.
Convert all sticky MAC addresses on trunk port gi1/0/3 to sticky MAC addresses and save the running-config so the configuration will persist across reboots.
– protect—Protect the interface or VLAN by discarding MAC frames that are not learned (default) and issuing a log message and a trap. – shutdown—Protect the interface or VLAN by error disabling the interface and issuing a log message and a trap. If the MAC address limit is exceeded for a VLAN, the ports participating in the VLAN are shut down. Default Configuration By default, port security is not enabled and VLAN port security is not enabled.
address limit has been reached, the packet is discarded, the MAC address is not learned, and a violation is raised. The administrator can disable dynamic learning by setting the number of allowable dynamic entries to zero. This causes all packets with unknown MAC addresses to be considered as violations. When a port security enabled link goes down, all of the dynamically learned addresses are removed from the MAC forwarding database.
an interface on which a violation occurs using the switchport port-security violation shutdown command. Setting the port to shutdown mode also enables the sending of port-security traps. Enabling sticky mode configuration converts all the existing dynamically learned MAC addresses on an interface to sticky. It also converts the last violation MAC address to sticky, even if the dynamic limit is set to 0. These MAC addresses will not age out and will appear in the running-config.
Command History Updated in 6.3.0.1 firmware. Additional VLAN security parameters added in the 6.6.1 firmware release. Example Enable port security/MAC locking globally and on an interface. console(config)#switchport port-security console(config)#interface gi1/0/3 console(config-if-gi1/0/3)#switchport port-security Enable port security/MAC locking globally and on an interface, enable sticky mode on the interface and convert all dynamic addresses on the interface to sticky.
console(config)#vlan 33 console(config-vlan33)#interface gi1/0/3 console(config-if-Gi1/0/3)#switchport mode trunk console(config-if-Gi1/0/3)#switchport port-security mac-address sticky console(config)#do write Convert all sticky MAC addresses on trunk port 33 to sticky MAC addresses and save the running-config so the configuration will persist across reboots.
displayed. The vlan parameter requests display of entries associated with the specified VLAN. The format parameter requests that addresses be displayed in the specified format. The vlan, address, and format parameters may all be specified together. A MAC address can be displayed in IP format only if it is in the range 01:00:5e:00:00:00 through 01:00:5e:7f:ff:ff. Static multicast MAC addresses can be added via the mac address-table static command.
Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Use the show mac address-table multicast to display multicast MAC address entries along with forbidden multicast MAC entries. Example In this example, all classes of entries in the mac address-table are displayed. console#show mac address-table Aging time is 300 Sec Vlan ---0 1 1 10 90 Mac Address ---------------001E.C9AA.
• interface-id—Display information for a specific interface. Valid interfaces include Ethernet ports and port channels. • vlan-id—Display entries for the specific VLAN only. The range is 1 to 4093. Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example In this example, the mac address table entry for 0000.E26D.2C2A is displayed.
Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example In this example, all dynamic entries in the mac address-table are displayed. console#show mac address-table dynamic Aging time is 300 Sec Vlan Mac Address Type Port ---- -------------- ------- ------------1 0000.0001.0000 Dynamic Gi1/0/1 1 0000.8420.5010 Dynamic Gi1/0/1 1 0000.E26D.2C2A Dynamic Gi1/0/1 1 0000.E89A.596E Dynamic Gi1/0/1 1 0001.
User Guidelines This command has no user guidelines. Example In this example, all classes of entries in the bridge-forwarding database for Gigabit Ethernet interface 1/0/1 are displayed. console#show mac address-table interface gigabitethernet 1/0/1 Aging time is 300 Sec Vlan Mac Address Type Port ---- -------------- ---------------1 0000.0001.0000 Dynamic Gi1/0/1 1 0000.8420.5010 Dynamic Gi1/0/1 1 0000.E26D.2C2A Dynamic Gi1/0/1 1 0000.E89A.596E Dynamic Gi1/0/1 1 0001.02F1.
User Guidelines This command has no user guidelines. Example In this example, all static entries in the bridge-forwarding database are displayed. console#show mac address-table static Vlan Mac Address Type Port ---- -------------- --------1 0001.0001.0001 Static Gi1/0/1 show mac address-table vlan Use the show mac address-table vlan command in User Exec or Privileged Exec mode to display all entries in the bridge-forwarding database for the specified VLAN.
Aging time is 400 Sec Vlan Mac Address -------- --------------------1 1418.7715.1BAA 1 1418.7715.47E8 1 2047.47BA.F696 1 B8CA.3AD5.DF1A Type ----------Dynamic Management Dynamic Static Port --------------------Gi2/0/29 CPU Gi2/0/29 Gi2/0/29 show port-security Use the show ports security command to display port security (MAC locking) configuration.
Field Description Admin Mode The configured global administrative status of port MAC locking. This information is shown if only an interface parameter is given: Field Description Interface Identifier The interface identifier. Status The port security administrative status (enabled/disabled). Max-dynamic The dynamic MAC address limit. Max-static The static address limit. Protect Trap issued on violation (enabled/disabled). Frequency The frequency of trap issuance (in seconds).
Field Description Statically Configured MAC Address Statically configured MAC addresses. VLAN ID The VLAN identifier of the MAC address. Sticky Indicates if the secure MAC address is sticky. This information is shown if the violation parameter is given: Field Description MAC address The source MAC address of the last packet discarded on the interface. These are packets with unknown MAC addresses, e.g., as in the case of the dynamic limit set to 0.
MAC Notification Commands mac address-table notification change Use this command to enable and configure MAC address change notification. Use the no form of the command to return the configuration to the default. Syntax mac address-table notification change [history size | interval seconds ]> no mac address-table notification change • size — Configure the size of the MAC address table buffer. The range is 1 to 255. • seconds — Configure the SNMP trap notification interval.
The range of the index is 1..N+1 where N is the size of the history buffer. If a trap has not been sent with the information in the buffer by the time a new entry is added that overwrites an existing entry, the information is lost. If the history buffer size is reduced via configuration, the index is set to 1. If the history size is increased, exiting entries are not disturbed and the index is not adjusted (meaning some existing entries may be overwritten before the new empty entries are filled).
MAC notification traps are only sent when enabled on an interface using the snmp-trap mac-notification change command in addition to the Global Configuration mode snmp-server enable traps mac-notification change and mac address-table notification change commands. At least one SNMP host must be configured. Example This example sets the history buffer size to 10, the notification interval to 2 seconds and enables MAC address table change notification.
User Guidelines MAC notification traps are only sent when enabled on an interface using the snmp trap mac-notification change command, in addition to the Global Configuration mode snmp-server enable traps mac-notification change and mac address-table notification change commands. Example This example enables MAC notification, sets the buffer size to 255, and enables MAC notification traps for interface Gi1/0/3. This will send the MAC notification trap or inform to all configured SNMP hosts.
Command Mode Privileged Exec mode, Global Configuration mode and all sub-modes User Guidelines The following items are displayed in the table: Field Description Index The SNMP Dot1dBasePort index. MAC Address The MAC address in dotted quad format. Action Add (new MAC learned) or remove (MAC address aged out or cleared). Port The port identifier in standard format. VLAN The numeric VLAN identifier.
2 2 2 5 5 0000.0001.0000 0000.8420.5010 0000.E26D.2C2A 0000.E89A.596E 0001.02F1.0B33 Add Add Remove Add Remove Gi1/0/1 Gi1/0/1 Gi1/0/1 Gi1/0/3 Gi1/0/3 4093 4093 4093 1 1 console#show mac-address-table notification change interface gi1/0/1 MAC Notification is enabled MAC Notification Traps are enabled Interface ------------Gi1/0/1 MAC Added Trap MAC Removed Trap --------------- ---------------Enabled Disabled Command History Command introduced in version 6.7.0 firmware.
Auto-VoIP Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Voice over Internet Protocol (VoIP) allows network users to make telephone calls using a computer network over a data network like the Internet. With the increased prominence of delay-sensitive applications (voice, video, and other multimedia applications) deployed in networks today, proper QoS configuration ensures high-quality application performance.
Syntax show switchport voice [ interface-id ] • interface-id —An Ethernet or port channel interface identifier. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines See the debug auto-voip command for assistance in troubleshooting AutoVoIP issues. This command accepts an Ethernet interface identifier or a port channel identifier.
Gi1/0/16 Gi1/0/17 Gi1/0/18 Gi1/0/19 Gi1/0/20 Gi1/0/21 Gi1/0/22 Gi1/0/23 Gi1/0/24 Po1 Po2 Po3 Po4 Po5 Po6 Po7 Po8 Po9 Po10 Po11 Po12 Po13 Po14 Po15 Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 6 The following example shows command output when a port is specified: console#show switchport voice
switchport voice detect auto The switchport voice detect auto command is used to enable the VoIP Profile on all the interfaces of the switch (global configuration mode) or for a specific interface (interface configuration mode).Use the no form of the command to disable the VoIP Profile. Syntax switchport voice detect auto no switchport voice detect auto Default Configuration This feature is disabled by default.
CDP Interoperability Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Industry Standard Discovery Protocol (ISDP) is a proprietary Layer 2 network protocol which inter-operates with Cisco network equipment and is used to share information between neighboring devices. Dell EMC Networking switches participate in the ISDP protocol and are able to both discover and be discovered by devices that support the Cisco Discovery Protocol (CDP).
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode User Guidelines There are no user guidelines for this command. Example console#clear isdp table isdp advertise-v2 The isdp advertise-v2 command enables the sending of ISDP version 2 packets from the device. Use the no form of this command to send version 1 packets. Syntax isdp advertise-v2 no isdp advertise-v2 Default Configuration ISDP sends version 2 packets by default.
isdp enable The isdp enable command enables ISDP on the switch. User the “no” form of this command to disable ISDP. Use this command in global configuration mode to enable the ISDP function on the switch. Use this command in interface mode to enable sending ISDP packets on a specific interface. Syntax isdp enable no isdp enable Default Configuration ISDP is enabled. Command Mode Global Configuration mode. Interface Configuration (Ethernet) mode.
Syntax isdp holdtime time no isdp holdtime • time—The time in seconds (range 10–255 seconds). Default Configuration The default holdtime is 180 seconds. Command Mode Global Configuration mode User Guidelines This command specifies the amount of time the partner device should maintain the ISDP information. The local device uses the hold time in packets received from the partner device. Configuring the hold time locally does not change the amount of time displayed by the show isdp command.
Default Configuration The default timer is 30 seconds. Command Mode Global Configuration mode User Guidelines Configuring the timer to a low value on a large number interfaces may affect system processing due to CPU overload. Use the show process cpu command to examine the system load. Example The following example sets the isdp timer value to 40 seconds. console(config)#isdp timer 40 show isdp The show isdp command displays global ISDP settings.
Version 2 Advertisements............. Neighbors table last time changed.... Device ID............................ Device ID format capability.......... Device ID format..................... Enabled 0 days 00:06:01 QTFMPW82400020 Serial Number Serial Number show isdp entry The show isdp entry command displays ISDP entries. If a device id specified, then only the entry about that device is displayed. Syntax show isdp entry {all | deviceid} • all—Show ISDP settings for all devices.
Advertisement Version 2 Entry last changed time 0 days 00:13:50 Version: Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000 I9K91S-M), Version 12.2(25)EWA9, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc. Compiled Wed 21-Mar-07 12:20 by tinhuang show isdp interface The show isdp interface command displays ISDP settings for the specified interface.
Gi1/0/7 Gi1/0/8 Gi1/0/9 Enabled Enabled Enabled console#show isdp interface gigabitethernet 1/0/1 Interface --------------Gi1/0/1 Mode ---------Enabled show isdp neighbors The show isdp neighbors command displays the list of neighboring devices. Syntax show isdp neighbors [interface-id][detail] • interface-id—A Ethernet interface identifier. Default Configuration There is no default configuration for this command.
IP Address: 172.20.1.18 IP Address: 172.20.1.18 Capability Router IGMP Platform cisco WS-C4948 Interface Gi1/0/1 Port ID GigabitEthernet1/1 Native VLAN 234 Holdtime 162 Advertisement Version 2 Entry last changed time 0 days 00:55:20 Version: Cisco IOS Software, Catalyst 4000 L3 Switch Software (cat4000-I9K91S-M), Version 12.2(25)EWA9, RELEASE SOFTWARE (fc3) Technical Support: http://www.cisco.com/techsupport Copyright (c) 1986-2007 by Cisco Systems, Inc.
ISDP ISDP ISDP ISDP ISDP Checksum Error............................ Transmission Failure...................... Invalid Format............................ Table Full................................ Ip Address Table Full.....................
DHCP Layer 2 Relay Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches In the majority of network configurations, DHCP clients and their associated servers do not reside on the same IP network or subnet. Therefore, some kind of third-party agent is required to transfer DHCP messages between clients and servers. Such an agent is known as a DHCP Relay agent. The DHCP Relay agent accepts DHCP requests from any routed interface, including VLANs.
Example console(config)#dhcp l2relay dhcp l2relay (Interface Configuration) Use the dhcp l2relay command to enable DHCP L2 Relay for an interface. Use the no form of this command to disable DHCP L2 Relay for an interface. Syntax dhcp l2relay no dhcp l2relay Default Configuration DHCP L2Relay is disabled on all interfaces by default. Command Mode Interface Configuration (Ethernet, Port-channel). User Guidelines There are no user guidelines for this command.
• vlan-list —A list of VLAN IDs. List separate, non-consecutive VLAN IDs separated by commas (without spaces). Use a hyphen to designate a range of IDs. (Range: 1–4093) Default Configuration Setting the DHCP Option 82 Circuit ID is disabled by default. Command Mode Global Configuration User Guidelines There are no user guidelines for this command.
Command Mode Global Configuration. User Guidelines There are no user guidelines for this command. Example console(config)#dhcp l2relay remote-id dslforum vlan 10,20-30 dhcp l2relay trust Use the dhcp l2relay trust command to configure an interface to mandate Option-82 on receiving DHCP packets. Syntax dhcp l2relay trust no dhcp l2relay trust Default Configuration DHCP Option 82 is discarded by default. Configuration Mode Interface Configuration (Ethernet, Port-channel).
Syntax dhcp l2relay vlan vlan-list no dhcp l2relay vlan vlan-list • vlan-list — A list of VLAN IDs. List separate, non-consecutive VLAN IDs separated by commas (without spaces). Use a hyphen to designate a range of IDs. (Range: 1–4093) Default Configuration DHCP L2 Relay is disabled on all VLANs by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
User Guidelines There are no user guidelines for this command. Example console #show dhcp l2relay all DHCP L2 Relay is Enabled.
User Guidelines There are no user guidelines for this command. Command History Port-channel capability added in version 6.5 firmware. Example console#show dhcp l2relay interface all DHCP L2 Relay is Enabled. Interface L2RelayMode TrustMode ---------- ----------- -------------0/2 Enabled untrusted 0/4 Disabled trusted show dhcp l2relay stats interface Use the show dhcp l2relay stats interface command to display DHCP L2 Relay statistics specific to interfaces.
DHCP L2 Relay is Enabled. Interface UntrustedServer UntrustedClient TrustedServer TrustedClient MsgsWithOpt82MsgsWithOpt82 MsgsWithoutOpt82 MsgsWithoutOpt82 ------------------------------------ ---------------- ------------Gi1/0/1 0 0 0 0 Gi1/0/2 0 0 3 7 Gi1/0/3 0 0 0 0 show dhcp l2relay agent-option vlan Use the show dhcp l2relay agent-option vlan command to display DHCP L2 Relay Option-82 configuration specific to VLANs.
10 Enabled Disabled --NULL— show dhcp l2relay vlan Use the show dhcp l2relay vlan command to display whether DHCP L2 Relay is globally enabled on the specified VLAN or VLAN range. Syntax show dhcp l2relay vlan vlan-list • vlan-list—Show information for the specified VLAN range. List separate, nonconsecutive VLAN IDs separated by commas (without spaces). Use a hyphen to designate a range of IDs. (Range: 1–4093) Default Configuration This command has no default configuration.
• vlan-list—Show information for the specified VLAN range. List separate, nonconsecutive VLAN IDs separated by commas (without spaces). Use a hyphen to designate a range of IDs. (Range: 1–4093) Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show dhcp l2relay circuit-id vlan 300 DHCP L2 Relay is Enabled.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show dhcp l2relay remote-id vlan 200 DHCP L2 Relay is Enabled. VLAN ID Remote Id -------------------200 remote_22 clear dhcp l2relay statistics interface Use the show dhcp l2relay statistics interface command to reset the DHCP L2 Relay counters to zero.
DHCP Snooping Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches DHCP Snooping is a security feature that monitors DHCP messages between DHCP clients and DHCP server to filter harmful DHCP messages and build a bindings database of {MAC address, IP address, VLAN ID, interface} tuples that are considered authorized. The DHCP snooping application processes incoming DHCP messages.
Syntax clear ip dhcp snooping binding {* | interface interface-id} • *—Clear all DHCP Snooping entries. • interface-id—Clear all DHCP Snooping entries on the specified interface. The interface may be an Ethernet interface or a port-channel. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec User Guidelines There are no user guidelines for this command. Command History Port-channel capability added in version 6.5 firmware.
Example console#clear ip dhcp snooping statistics ip dhcp snooping Use the ip dhcp snooping command to enable DHCP snooping globally, or on a range of VLANs. Use the “no” form of this command to disable DHCP snooping. Syntax ip dhcp snooping [vlan vlan-list] no ip dhcp snooping Default Configuration DHCP Snooping is globally disabled by default. DHCP Snooping is not enabled on any VLAN by default.
console(config-if-vlan1)#exit console(config)#interface gi1/0/4 console(config-if-Gi1/0/4)#ip dhcp snooping trust ip dhcp snooping binding Use the ip dhcp snooping binding command to configure a static DHCP Snooping binding. Use the “no” form of this command to remove a static binding. Syntax ip dhcp snooping binding mac-address vlan vlan-id ip-address interface interface-id no ip dhcp snooping binding mac-address • mac-address —The client's MAC address.
ip dhcp snooping database Use the ip dhcp snooping database command to configure the persistent storage location of the DHCP snooping database. This can be local to the switch or on a remote machine. Syntax ip dhcp snooping database {local | tftp://hostIP/filename} • hostIP—The IP address of the remote host. • filename —The name of the file for the database on the remote host. The filename may contain any printable character except a question mark and is checked only when attempting to open the file.
ip dhcp snooping database write-delay Use the ip dhcp snooping database write-delay command to configure the interval in seconds at which the DHCP Snooping database will be stored in persistent storage. Use the “no” form of this command to reset the write delay to the default. Syntax ip dhcp snooping database write-delay seconds no ip dhcp snooping database write-delay • seconds—The write delay (Range: 15–86400 seconds). Default Configuration The write delay is 300 seconds by default.
• seconds —Interval over which to measure a burst of packets. (Range: 1–15 seconds). Default Configuration By default, DCHP messages do not cause an interface to be disabled. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines This command is available in Ethernet interface configuration mode or port channel interface configuration mode.
Syntax ip dhcp snooping log-invalid no ip dhcp snooping log-invalid Default Configuration Logging of filtered messages is disabled by default. Invalid DHCP messages are not logged by default. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines This command is available in Ethernet interface configuration mode or port channel configuration mode.
Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines Configuring an interface as trusted disables DHCP snooping validation of DHCP packets and exposes the port to IPv4 DHCP DoS attacks. Configuring an interface as untrusted indicates that the switch should firewall DHCP messages and act as if the port is connected to a device outside the DMZ.
User Guidelines There are no user guidelines for this command. Example console(config)#ip dhcp snooping verify mac-address show ip dhcp snooping Use the show ip dhcp snooping command to display the DHCP snooping global configuration. Syntax show ip dhcp snooping Default Configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
show ip dhcp snooping binding Use the show ip dhcp snooping binding command to display the DHCP snooping binding entries. Syntax show ip dhcp snooping binding [{static | dynamic}] [interface interface-id | port-channel port-channel-number] [vlan vlan-id] • static | dynamic—Use these keywords to filter by static or dynamic bindings. • interface-id —The Ethernet interface for which to show bindings. • port-channel-number—The port channel for which to show bindings.
show ip dhcp snooping database Use the show ip dhcp snooping database command to display the DHCP snooping configuration related to the database persistence. Syntax show ip dhcp snooping database Default Configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show ip dhcp snooping database agent url: write-delay: /10.
Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
User Guidelines The following fields are displayed by this command: Fields Description MAC Verify Failures The number of DHCP messages that were filtered on an untrusted interface because of source MAC address and client MAC address mismatch. Client Ifc Mismatch The number of DHCP release and Deny messages received on the different ports than previously learned. DHCP Server Msgs The number of DHCP server messages received on untrusted ports.
DHCPv6 Snooping Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches clear ipv6 dhcp snooping binding Use the clear ipv6 dhcp snooping binding command to clear all IPv6 DHCP Snooping entries. Syntax clear ipv6 dhcp snooping binding {* | interface interface-id} • *—Clears all snooping bindings. • interface-id—Clears all snooping bindings on a specified Ethernet interface. Default Configuration This command has no default configuration.
Default Configuration This command has no default configuration. Command Modes User Exec, Privileged Exec User Guidelines The IPv6 snooping statistics are also cleared by the clear counters command. Example (console)#clear ipv6 dhcp snooping statistics ipv6 dhcp snooping Use the ipv6 dhcp snooping command to globally enable IPv6 DHCP snooping. Use the no form of the command to globally disable IPv6 DHCP snooping.
MAC address to the DHCP client hardware address. If there is a mismatch, DHCP snooping logs a message and drops the packet. The network administrator can disable this option using the no ip v6 dhcp snooping verify mac-address for DHCPv6. DHCP snooping always forwards client messages on trusted interfaces within the VLAN. If DHCP relay or/and DHCP server are enabled simultaneously with DHCP snooping, the DHCP client message will be sent to the DHCP relay or/and DHCP server to process further.
console(config)#ipv6 dhcp snooping vlan 5-10,15,30 console(config)#interface Te1/0/1 console(config-if-Te1/0/1)#switchport mode access console(config-if-Te1/0/1)#switchport access vlan 10 console(config-if-Te1/0/1)#no ipv6 dhcp snooping trust ipv6 dhcp snooping binding Use the ipv6 dhcp snooping binding command to configure a static IPv6 DHCP snooping binding. Use the no form of the command to remove the entry from the binding database.
ipv6 dhcp snooping database Use the ipv6 dhcp snooping database command to configure the persistent location of the DHCP snooping database. This can be a local or remote file on a TFTP server. Syntax ipv6 dhcp snooping database {local | tftp://hostIP/filename} no ipv6 dhcp snooping database Default Configuration By default, the local database is used.
no ipv6 dhcp snooping write-delay • seconds—The period of time between successive writes of the binding database to persistent storage. (Range 15-86400 seconds.) Default Configuration By default, the write delay is 300 seconds. Command Modes Global Configuration mode User Guidelines The binding database is cached in memory and written to storage every writedelay seconds.
User Guidelines The switch hardware rate limits DHCP packets sent to the CPU from snooping enabled interfaces to 512 Kbps. To prevent DHCP packets from being used in a DoS attack when DHCP snooping is enabled, the snooping application allows configuration of rate limiting for received DHCP packets. DHCP snooping monitors the receive rate on each interface separately. If the receive rate exceeds the configured limit within the configured interval, DHCP snooping diagnostically disables the interface.
Logging invalid messages can use valuable CPU resources if the switch receives such messages at a high rate. To avoid allowing the switch to be vulnerable to a DoS attack, DHCP snooping only logs invalid messages if the user has enabled logging. Logging is enabled on individual interfaces so that only messages on interfaces of interest are logged. To further protect the system, invalid message logging is rate limited to 1 per second.
ipv6 dhcp snooping verify mac-address Use the ipv6 dhcp snooping verify mac-address command to enable the additional verification of the source MAC address with the client hardware address in the received DHCP message. Syntax ipv6 dhcp snooping verify mac-address no ipv6 dhcp snooping verify mac-address Default Configuration By default, MAC address verification is not enabled.
ipv6 verify binding Use the ipv6 verify binding command to configure a static IP source guard binding. Syntax ipv6 verify binding mac-address vlan vlan-id ip-address interface interface id no ipv6 verify binding mac-address vlan vlan-id ip-address interface interface id • mac-address —A valid mac address in standard format. • vlan-id —A configured VLAN id. (Range 1-4093. • ip-address —A valid IPv6 address. • interface-id—A valid interface ID in short or long format.
no ipv6 verify source • port-security — Enables filtering based upon source IP address, VLAN and MAC address. Default Configuration By default, no sources are blocked. Command Modes Interface Configuration mode (Ethernet and port-channel) User Guidelines DHCP snooping should be enabled on any interfaces for which ipv6 verify source is configured.
Command Modes User Exec, Privileged Exec (all show modes) User Guidelines This command has no user guidelines.
Default Configuration This command has no default configuration. Command Modes User Exec, Privileged Exec (all show modes) User Guidelines There are no user guidelines for this command.
Example (console)#show ipv6 dhcp snooping database agent url: /10.131.13.79:/sai1.txt write-delay: 5000 show ipv6 dhcp snooping interfaces Use the show ipv6 dhcp snooping interfaces command to show the DHCP Snooping status of IPv6 interfaces. Syntax show ipv6 dhcp snooping interfaces [interface id] • interface id—A valid Ethernet or port-channel interface. Default Configuration There is no default configuration for this command.
show ipv6 dhcp snooping statistics Use the show ipv6 dhcp snooping statistics command to display IPv6 dhcp snooping filtration statistics. Syntax show ipv6 dhcp snooping statistics Default Configuration This command has no default configuration. Command Modes User Exec, Privileged Exec (all show modes) User Guidelines The following statistics are displayed.
Gi1/0/6 0 0 0 show ipv6 source binding Use the show ipv6 source binding command to display the IPv6 Source Guard configurations on all ports, on an individual port, or on a VLAN. Syntax show ipv6 source binding [{dhcp-snooping | static}] [interface interface-id] [vlan vlan-id] • dhcp-snooping — Displays the DHCP snooping bindings. • static —Displays the statically configured bindings. Default Configuration This command has no default configuration.
Syntax show ipv6 verify [interface if-id] • if-id—A valid interface ID (Ethernet) Default Configuration There is no default configuration for this command.
show ipv6 verify source Use the show ipv6 verify source command to display the IPv6 Source Guard configurations on all ports. Syntax show ipv6 verify source Default Configuration There is no default configuration for this command. Command Modes User Exec, Privileged Exec (all show modes) User Guidelines If MAC address filtering is not configured on the interface, the MAC Address field is empty. If port security is disabled on the interface, the MAC Address field displays permit-all.
Dynamic ARP Inspection Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON/N3200-ON Series Switches Dynamic ARP Inspection (DAI) is a security feature that rejects invalid or malicious ARP packets. The feature prevents a class of man-in-the-middle attacks, where an unfriendly station intercepts traffic for other stations by poisoning the ARP caches of its neighbors. The attacker sends ARP requests or responses mapping another station IP address to its own MAC address.
Example console(config)#arp access-list tier1 clear ip arp inspection statistics Use the clear ip arp inspection statistics command to reset the statistics for Dynamic Address Resolution Protocol (ARP) inspection on all VLANs. Syntax clear ip arp inspection statistics Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines There are no user guidelines for this command.
Default Configuration No ARP ACL is configured. Command Mode Global Configuration mode User Guidelines If the static keyword is given, packets that do not match a permit statement are dropped without consulting the DHCP snooping bindings. Example console(config)#ip arp inspection filter tier1 vlan 2-10 static console(config)#ip arp inspection filter tier1 vlan 20-30 ip arp inspection limit Use the ip arp inspection limit command to configure the rate limit and burst interval values for an interface.
Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines If ARP packets are received on a port at a rate that exceeds the threshold for a specified time, that port will be diagnostically disabled. The threshold is configurable up to 300 pps, and the burst is configurable up to 15s long. The default is 15 pps and 1s burst. Use the no shut command to bring the port back in to service.
Example console(config-if-Gi1/0/3)#ip arp inspection trust ip arp inspection validate Use the ip arp inspection validate command to enable additional validation checks on received ARP packets. Syntax ip arp inspection validate {[src-mac] [dst-mac] [ip]} no ip arp inspection validate {[src-mac] [dst-mac] [ip]} • src-mac —For validating the source MAC address of an ARP packet. • dst-mac —For validating the destination MAC address of an ARP packet. • ip —For validating the IP address of an ARP packet.
Example console(config)#ip console(config)#ip console(config)#ip console(config)#ip arp arp arp arp inspection inspection inspection inspection validate validate validate validate src-mac dst-mac ip src-mac ip dst-mac ip ip ip arp inspection vlan Use the ip arp inspection vlan command to enable Dynamic ARP Inspection on a single VLAN or a range of VLANs. Use the no form of this command to disable Dynamic ARP Inspection on a single VLAN or a range of VLANs.
permit ip host mac host Use the permit ip host mac host command to configure an IP address and MAC address combination used in ARP packet validation. Use the “no” form of this command to delete the ARP ACL rule. Syntax permit ip host sender-ip mac host sender-mac no permit ip host sender-ip mac host sender-mac • sender-ip — Valid IP address used by a host. • sender-mac —Valid MAC address in combination with the above sender-ip used by a host.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show arp access-list ARP access list H2 permit ip host 1.1.1.1 mac host 00:01:02:03:04:05 permit ip host 1.1.1.2 mac host 00:03:04:05:06:07 ARP access list H3 ARP access list H4 permit ip host 2.1.1.
validation and invalid IP validation. List separate, non-consecutive VLAN IDs separated by commas (without spaces). Use a hyphen to designate a range of IDs. (Range: 1–4093) Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following information is displayed for each VLAN when a VLAN range is supplied: Field Description VLAN The VLAN-ID for each displayed row.
IP Address Validation................. Disabled VLAN ---1 Configuration Log Invalid ACL Name Static flag ------------- ----------- -------------------------------- ---------Disabled Enabled Following is an example of the show ip arp inspection interfaces command.
Field Description VLAN The VLAN-ID for each displayed row. Configuration Whether DAI is enabled on the VLAN. Log Invalid Whether logging of invalid ARP packets is enabled on the VLAN. ACL Name ARP ACL Name if configured on the VLAN. Static flag If the ARP ACL is configured static on the VLAN.
Ethernet Configuration Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Dell EMC Networking switches support a variety of configuration options to optimize network operations. Features such as flow-control and jumbo frames are supported along with a variety of commands to display traffic statistics as well as limit the effects of network loops or other network issues.
On a storm control enabled interface, if the ingress rate of that type of packet (L2 broadcast, multicast, or unicast) is greater than the configured threshold level (as a percentage of port speed or as an absolute packets-per-second rate), the switch forwarding-plane discards the excess traffic. The speed command controls interface link speeds and auto-negotiation. If speed is set to something other than auto, auto-negotiation is disabled on the interface.
Example In the following example, the counters for port Gi1/0/1 are cleared. console#clear counters gigabitethernet 1/0/1 description Use the description command in Interface Configuration mode to add a description to an interface. To remove the description use the no form of this command. Syntax description string no description • string — Comment or a description of the port attached to this interface.
Syntax default [interface-id] • interface-id—An Ethernet or port channel, loopback, tunnel or VLAN interface identifier. Default Configuration This command has no defaults. Command Mode Global Configuration mode User Guidelines This command returns an Ethernet, port channel, VLAN, tunnel or loopback interface to the interface defaults as follows: • Trunk and general mode configuration is removed. • The interface is set to access mode using VLAN 1. • The port is removed from all access-groups.
duplex Use the duplex command in Interface Configuration mode to configure the duplex operation of a given Ethernet interface. To restore the default, use the no form of this command. Syntax duplex {full | half | auto {full | half | both}} no duplex • auto—Enable auto-negotiation for the port and advertise the configured capabilities. • half—Enable half-duplex operation. • full—Enable full-duplex operation. • both—Enable auto-negotiation of full and half duplex operation.
To enable auto-negotiation on a port, and configure the speed or duplex, it is necessary to enter the speed or duplex command using the auto parameter. The port will negotiate the medium, speed, and duplex settings with the link partner. To disable auto-negotiation on a port, it is necessary to enter the speed command without using the auto parameter.
User Guidelines Dell EMC Networking switches implement receive flow control only. They never issue a flow control PAUSE frame when congested, but do respect received flow control PAUSE frames received from other switches. Disabling flow control causes the switch to ignore received PAUSE frames. Interface specific configuration overrides any global configuration. Changing the flow control setting on a copper port restarts auto-negotiation and causes a brief link-flap while auto-negotiation occurs.
Inherit enables BASE FEC or RS-FEC for 25G/50G/100G DACs, based on the technology ability and FEC capability. Enabling FEC with auto-negotiation advertises the FEC capability in the (F2, F3, F0, F1) bits D44:D47 of the base link codeword and, additionally for 25G/50G interfaces, in the F1/F2/F3/F4 bits in the Unformatted Next Page (UP-1). For 100GBASE-CR4 and 100GBASE-SR4 interfaces, inherit advertises Clause 91 RS-FEC.
interface Use this command to configure parameters for Ethernet and port-channel interfaces. While in Global Configuration mode, enter the interface command with a specific interface. To exit to Global Configuration mode, enter exit. To return to Privileged Exec mode, press Ctrl-Z or enter end. Additional forms of the interface command enable configuring VLANs, tunnels, the loopback interface, the out-of-band interface, and ranges of interfaces.
loss on other ports that are not congested or flow controlled. See http://www.ieee802.org/3/cm_study/public/september04/thaler_3_0904.pdf for more information. Example The following example enables Gigabit port 2 on stack member 1 for configuration. console(config)# interface gigabitethernet 1/0/2 interface range Use the interface range command in Global Configuration mode to execute a command on multiple ports at the same time.
Command Mode Global Configuration, Interface Range and Interface modes User Guidelines Commands under the interface range context are executed independently on each active interface in the range. If the command returns an error on one of the active interfaces, it does not stop executing commands on other active interfaces.
Syntax link debounce time [ timeout ] no link debounce time • timeout—An integer value in the range of 100–5000 milliseconds. The timeout value must be a multiple of 100. Default Configuration Ethernet interfaces do not have debounce enabled by default. Command Mode Interface (Ethernet) Configuration mode, Interface Range mode. User Guidelines The link bounce time configures a link bounce hysteresis on link loss of link. Loss of link signal starts a link bounce timer.
Example The following example disables the link debounce timer for interface gi1/0/1. switch# conf t console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#no link debounce time The following example sets the link debounce timer for interface gi1/0/1 to 500 ms. switch# conf t console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#link debounce time 500 rate-limit cpu Use the rate-limit cpu command to reduce the amount of unknown unicast/multicast packets forwarded to the CPU.
The rate limiting for unknown packets occurs on the internal CPU port and does not affect hardware based traffic routing/forwarding in any way. Typically, the switch examines the received packets in software to check if there is a forwarding entry, create a forwarding entry (e.g.
---------- ------------------- -------- -------- -------1129 osapiTimer 0.00% 0.00% 0.01% 1133 _interrupt_thread 0.09% 0.01% 0.00% 1137 bcmCNTR.0 0.24% 0.31% 0.31% 1142 bcmRX 23.00% 27.01% 18.01% 1147 ipMapForwardingTas 32.97% 37.11% 29.92% 1155 bcmLINK.0 0.34% 0.36% 0.36% 1156 cpuUtilMonitorTask 0.09% 0.05% 0.04% 1170 nim_t 0.09% 0.08% 0.07% 1208 dot1s_timer_task 0.00% 0.00% 0.01% 1222 snoopTask 0.00% 0.00% 0.01% 1291 RMONTask 0.00% 0.02% 0.03% 1293 boxs Req 0.00% 0.01% 0.
The link status field shows the hardware status followed by the keepalive status. The hardware status show “Up” when link is detected, “Down” when no link is detected, “Err-disable” when the port is error-disabled, and “Shut” when the port is administratively shut down. The keepalive status shows “None” when keepalives are disabled or the port is down, “Up” when keepalives are enabled and no loop is detected and “Down” when keepalives are enabled and a loop is detected.
Term Parameter Description Multicast Storm mcast-storm Multicast storm auto-recovery. SFP Mismatch sfp-mismatch SFP mismatch auto-recovery. SFP Plus Mismatch sfpplusmismatch SFP+ transceiver inserted in SFP port autorecovery. Spanning Tree spanning-tree Spanning-tree auto-recovery. UDLD udld UDLD auto-recovery. Unicast Storm ucast-storm Unicast storm auto-recovery. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Updated in version 6.
Transmit Percent Utilization: ................ Total Packets Received Without Errors......... Unicast Packets Received...................... Multicast Packets Received.................... Broadcast Packets Received.................... Total Packets Received with MAC Errors........ Jabbers Received.............................. Fragments/Undersize Received.................. Alignment Errors.............................. FCS Errors.................................... Overruns..................................
Syntax show interfaces advertise [{gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The priority resolution field indicates the auto-negotiated link speed and duplex. The clock field indicates whether the local interface has autonegotiated to clock primary or clock secondary.
Port: Gi1/0/1 Type: Gigabit - Level Link State: Down Auto Negotiation: Enabled 802.
show interfaces configuration Use the show interfaces configuration command in User Exec mode to display the configuration for all configured interfaces. Syntax show interfaces configuration [{gigabitethernet unit/slot/port| port-channel port-channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration.
console#show interfaces configuration gigabitethernet 1/0/1 Port Description Duplex Speed Neg MTU Admin State --------- ------------------------------ ------ ------- ---- ----- ----Gi1/0/1 Full 1000 Auto 1518 Up show interfaces counters Use the show interfaces counters command in User Exec mode to display traffic seen by the interface.
User Guidelines The following table describes the fields shown in the display: Field Description InOctets Counted received octets. InUcastPkts Counted received unicast packets. InMcastPkts Counted received multicast packets. InBcastPkts Counted received broadcast packets. OutOctets Counted transmitted octets. OutUcastPkts Counted transmitted unicast packets. OutMcastPkts Counted transmitted multicast packets. OutBcastPkts Counted transmitted broadcast packets.
Field Description Transmitted Pause Frames Counted MAC Control frames transmitted on this interface with an opcode indicating the PAUSE operation. Received PFC Frames A count of the received Priority Flow Control (PFC) frames. Transmitted PFC Frames A count of the transmitted PFC frames. Receive Packets Discarded Count of frames discarded on receipt due to any reason. Transmit Packets Discarded Count of packets queued for transmission and discarded for any reason.
Counters Description Rcv-Err Total packets received with MAC errors—Receive errors is the count of packets received with a MAC error. This indicate a physical layer issue between the MAC and PHY or transceiver as the PHY should discard malformed packets. UnderSize Fragments/undersize packets received— Fragments/undersize is the count of packets received which are less than 64 octets in length. Fragments are an artifact of 10/100m shared media operation.
Gi1/0/19 Gi1/0/20 0 0 0 0 0 0 0 0 Port OutTotalPkts OutUcastPkts OutMcastPkts OutBcastPkts --------- ---------------- ---------------- ---------------- --------------Gi1/0/1 0 0 0 0 Gi1/0/2 0 0 0 0 Gi1/0/3 0 0 0 0 Gi1/0/4 0 0 0 0 Gi1/0/5 0 0 0 0 Gi1/0/6 0 0 0 0 Gi1/0/7 0 0 0 0 Gi1/0/8 0 0 0 0 Gi1/0/9 0 0 0 0 Gi1/0/10 0 0 0 0 Gi1/0/11 0 0 0 0 Gi1/0/12 0 0 0 0 The following example displays counters for Ethernet port Te1/0/1.
show interfaces debounce Use the show interfaces debounce command to list the debounce information for one or multiple interfaces. If no parameter is given, all Ethernet interfaces are shown. Syntax show interfaces debounce [ interface-id ] • interface-id—An Ethernet interface identifier (i.e., a 1G, 10G, or 40G Ethernet interface) in standard interface format. Default Configuration Ethernet interfaces have a 100 ms debounce time enabled.
Syntax show interfaces description [gigabitethernet unit/slot/port | port-channel port-channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port] Default Configuration This command has no default configuration. Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the description for all interfaces.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays detailed status and configuration of the specified interface.
------------------------------------ ----------Forbidden VLANS: VLAN Name -----------------------------------Port Gi1/0/1 Enabled State: Disabled Role: Disabled Port id: 128.1 Port Cost: 0 Port Fast: No (Configured: no ) Root Protection: No Designated bridge Priority: 32768 Address: 1418.7715.2368 Designated port id: 0.
Field Description Port The port or port channel number. Oob means Out-of-Band Management Interface. Description Description of the port. This field may be truncated in the command output. Duplex Displays the port Duplex status. VLAN The VLAN membership for the port is enclosed in parentheses. The currently active PVID and Voice VLAN ID, if any, are also shown. In some cases, the PVID assigned may not be the configured PVID, for example, when RADIUS assigns a PVID to the interface.
Port Description Duplex Speed Link State --------- --------------- ------ ------- ---- -----Gi1/0/1 N/A Unknown Auto Down Gi1/0/2 N/A Unknown Auto Down Flow Ctrl ----Off Off Gi1/0/3 Gi1/0/4 N/A N/A Unknown Auto Down Unknown Auto Down Off Off Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 Gi1/0/9 N/A N/A N/A N/A N/A Unknown Unknown Unknown Unknown Unknown Off Off Off Off Off Oob Type --oob -----------------------------Out-Of-Band Neg Auto Auto Auto Auto Auto Down Down Down Down Down M VLAN - -----------
User Guidelines This command only supports the display of 10G and 40G transceivers. Example The following example shows the qualifications status of the optics on the switch. console#show interfaces transceiver Port ------------Te1/0/9 Te1/0/11 Te1/0/13 Te1/0/15 Te1/0/17 Dell EMC Qualified -----------------Yes Yes N/A No No The following example shows static parameters of the optics along with the qualifications status.
Default Configuration This command has no default configuration. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command displays Ethernet interfaces configured in trunk or general mode that are link up. Port channels are also shown if the port channel status is up.The fields displayed are as follows: • Port—The Ethernet or port channel interface name. • Description—The configured port description.
Gi1/0/6 Po1 Po1 T T (11)33-64 (11)33-64 11,33-64 11,33-64 show statistics Use the show statistics command to display detailed statistics for a specific port or for the internal CPU interface. Syntax show statistics {gigabitethernet unit/slot/port |switchport | port-channel port-channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port} • unit/slot/port—A valid Ethernet interface identifier. See Interface Naming Conventions for interface representation.
Frames Frames Frames Frames Frames Frames Frames Received Received Received Received Received Received Received 64 Octets..................... 65-127 Octets................. 128-255 Octets................ 256-511 Octets................ 512-1023 Octets............... 1024-1518 Octets.............. > 1518 Octets................. 0 0 0 0 0 0 0 Total Frames Received Without Errors.......... Unicast Frames Received....................... Multicast Frames Received.....................
Multiple Collision Frames..................... 0 Late Collision Frames......................... 0 Excessive Collision Frames.................... 0 Frames Frames Frames Frames Frames Frames Frames Frames Frames RX RX RX RX RX RX RX RX RX and and and and and and and and and TX TX TX TX TX TX TX TX TX 64 Octets.................... 65-127 Octets................ 128-255 Octets............... 256-511 Octets............... 512-1023 Octets.............. 1024-1518 Octets............. 1519-2047 Octets............
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines It is possible to enter interface configuration mode from global configuration mode or from interface configuration mode.
Packets Transmitted Without Errors............. Unicast Packets Transmitted.................... Multicast Packets Transmitted.................. Broadcast Packets Transmitted.................. Transmit Packets Discarded..................... 0 0 0 0 0 Most Address Entries Ever Used................. 3 Address Entries Currently in Use............... 3 Maximum VLAN Entries........................... Most VLAN Entries Ever Used.................... Static VLAN Entries............................
console#show storm-control 802.3x Flow Control Mode.......................
User Guidelines This command has no user guidelines. Examples console#show storm-control action all Bcast Mcast Ucast Port Action Action Action -------- ---------- ---------- ---------Gi1/0/1 Shutdown Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 shutdown Use the shutdown command in Interface Configuration mode to disable an interface. To restart a disabled interface, use the no form of this command. Syntax shutdown no shutdown Default Configuration The interface is enabled.
console(config-if-Gi1/0/5)# shutdown The following example reenables Gigabit Ethernet port 1/0/5. console(config)#interface gigabitethernet 1/0/5 console(config-if-Gi1/0/5)# no shutdown speed Use the speed command in Interface Configuration mode to configure the speed of a given Ethernet interface. To restore the default, use the no form of this command.
Command Mode Interface Configuration (Ethernet) mode User Guidelines Not all interfaces are capable of supporting all speeds. Refer to the Hardware Overview section of the Users Configuration Guide for a description of the capabilities of a particular interface. The speed command is only applicable to Ethernet ports. It gives an error if used on stacking ports or port-channels. Use the auto parameter to enable auto-negotiation on an interface.
negotiation enabled. The default behavior is to enable auto-negotiation when an SFP transceiver is inserted into an SFP+ port, unless a fixed speed is configured. Likewise, SFP+ ports connected via copper Direct Attach Cables must have auto-negotiation enabled if the link partner is also capable of performing auto-negotiation. If the link partner cannot perform auto-negotiation, then a fixed speed must be utilized. In all cases, the link partners need compatible settings, e.g.
Port protection occurs within a single switch. Protected port configuration does not affect traffic between ports on two different switches. No traffic forwarding is possible between two protected ports. Ports in a protected group will not forward traffic to other ports in the group. Syntax switchport protected groupid no switchport protected • groupid--Identifies which group this port will be protected in. (Range: 0-2) Default Configuration No protected switchports are defined.
Syntax switchport protected groupid name name no switchport protected groupid name • groupid — Identifies which group the port is to be protected in. (Range: 0–2) • name — Name of the group. (Range: 0-32 characters) Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example assigns the name “protected” to group 1.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example identifies test as the protected group. console#show switchport protected 0 Name......................................... test show system mtu Use the show system mtu command to display the configured MTU. The MTU is set using the global system jumbo mtu command. This command deprecates the show interfaces mtu command.
system jumbo mtu Use the system jumbo mtu command to globally configure the link Maximum Transmission Unit (MTU) on all interfaces, IP/IPv6 interfaces, VLAN interfaces, and port channel interfaces for forwarded and systemgenerated frames. The link MTU is the size of the largest Ethernet frame that can be transmitted on an interface without fragmentation. Frames received on an interface are dropped if they exceed the link MTU.
The allowed range is 1298 to 9216. This allows for configuration of an IPv4 and IPv6 MTU of 1280 to 9198. In conformance with RFC 2460, the system performs IPv6 path MTU discovery for IPv6 packets originated by the switch. This may result in individual connections using an IPv6 MTU less than that configured by the network operator.
Ethernet CFM Commands Dell EMC Networking N1500/N2200/N3200 Series Switches Connectivity Fault Management (CFM) is the OAM Protocol provision for end-to-end service layer OAM in carrier Ethernet networks. CFM provides mechanisms to support the operator in performing connectivity checks, fault detection, fault verification and isolation, and fault notification per service in the network domain of interest. Unlike Ethernet OAM defined in IEEE 802.
• domain-name—Name of the maintenance domain. Alphanumeric string of up to 43 characters. Default Configuration No CFM domains are preconfigured. Command Mode Global Configuration mode User Guidelines Each domain must have a unique name and level, for example, one cannot create a domain qwerty at level 2 if domain qwerty already exists at level 1. Likewise, one cannot create a domain dvorak at level 2 if a domain of any name exists at level 2.
Command Mode Maintenance Domain Configuration mode User Guidelines This command has no user guidelines. Example console(config-cfm-mdomain)#service serv1 vlan 10 ethernet cfm cc level Use the ethernet cfm cc level command in Global Configuration mode to initiate sending continuity checks (CCMs) at the specified interval and level on a VLAN monitored by an existing domain. Use the no form of the command to cease send CCMs.
Example console(config)#ethernet cfm cc level 1 vlan 15 interval 10 Command History Command introduced in firmware release 6.6.1. ethernet cfm mep level Use the ethernet cfm mep level command in Interface Configuration mode to create a Maintenance End Point (MEP) on an interface at the specified level and direction. MEPs are configured per Maintenance Association per Maintenance Domain. Use the no form of the command to delete a MEP.
ethernet cfm mep enable Use the ethernet cfm mep enable command in Interface Configuration mode to enable a MEP at the specified level and direction. Use the no form of the command to disable the MEP. Syntax ethernet cfm mep enable level 0-7 vlan vlan-id mpid 1-8191 • level—Maintenance association level • mpid—Maintenance entity identifier • vlan—VLAN on which the MEP operates. The range is 1-4093. Default Configuration No MEPs are preconfigured.
• mpid—Maintenance entity identifier • vlan—VLAN on which the MEP operates. The range is 1-4093. Default Configuration No MEPs are preconfigured. Command Mode Interface Configuration User Guidelines This command has no user guidelines. ethernet cfm mep archive-hold-time Use the ethernet cfm mep archive-hold-time command in Interface Configuration mode to maintain internal information on a missing MEP. Use the no form of the command to return the interval to the default value.
console(config)#ethernet cfm mep archive-hold-time 1200 ethernet cfm mip level Use the ethernet cfm mip level command in Interface Configuration mode to create a Maintenance Intermediate Point (MIP) at the specified level. The MEPs are configured per Maintenance Domain per interface. Use the no form of the command to delete a MIP. Syntax ethernet cfm mip level 0-7 • level—Maintenance association level Default Configuration No MIPs are preconfigured.
• mac-addr—The destination MAC address for which the connectivity needs to be verified. Either MEP ID or the MAC address option can be used. • remote-mpid—The MEP ID for which connectivity is to be verified; i.e. the destination MEP ID. • domain—Name of the maintenance domain (an alphanumeric string of up to 43 characters in length). • vlan-id—A VLAN associated with the maintenance domain. Range: 1-4093. • mpid—The MEP ID from which the loopback message needs to be transmitted.
• mac-addr—The destination MAC address for which the connectivity needs to be verified. Either MEP ID or the MAC address option can be used. • remote-mpid—The MEP ID for which connectivity is to be verified; i.e. the destination MEP ID. • domain—Name of the maintenance domain (an alphanumeric string of up to 43 characters in length). • vlan-id—A VLAN associated with the maintenance domain. Range: 1-4093. • mpid—The MEP ID from which the loopback message needs to be transmitted.
Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines • Level—The maintenance association level • SVID—The service identifier • MPID—The maintenance endpoint identifier • DefRDICcm—A remote MEP reported the RDI bit in a CCM. • DefMACStatus—Some remote MEP reported its Interface Status TLV as something other then isUp.
• domain—Name of the maintenance domain (an alphanumeric string of up to 43 characters in length). Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines Refer to IEEE 802.1ag for an explanation of the maintenance association level and MEP ID. Typically, these are assigned by the top level network service provider.
show ethernet cfm maintenance-points remote Use the show ethernet cfm maintenance-points remote command to display the configured remote maintenance points. Syntax show ethernet cfm maintenance-points remote {level 0-7 | domain domainname | detail [mac mac-address | mep mpid] [domain domain-name | level 0-7] [vlan vlan-id]} • domain—Name of the maintenance domain (an alphanumeric string of up to 43 characters in length).
• Service Id—The configured service identifier Example console# show ethernet cfm maintenance-points remove level 1 -----MEP Id -----1 ------RMEP Id ------2 ----- ----------------- ---- ----------------- ----------Level MAC VLAN Expiry Timer(sec) Service Id ----- ----------------- ---- ----------------- ----------1 00:11:22:33:44:55 10 25 serv1 show ethernet cfm statistics Use the show ethernet cfm maintenance-points remote command to display the CFM statistics.
• Bad MSDU Loopback Replies received—Count of the number of loopback replies received with a MAC Service Data Unit that did not match the corresponding LBM • Unexpected LTR's received—A count of the number of Link Trace Replies fore which no LTM was sent Example show Ethernet cfm statistics [domain | level <0-7>] Console# show ethernet cfm statistics -----------------------------------------------------------------Statistics for 'Domain: domain1, Level: 1, Vlan: 11, MEP Id: 1' ------------
Ethernet Ring Protection Commands Dell EMC Networking N1500/N2200/N3200 Series Switches only The Ethernet Ring Protection (ITU-T G.8032/Y.1344 (08/15) feature is a highly reliable and stable protection switching mechanism and a protocol for Ethernet layer network rings. Ethernet rings allow a wide-range of multipoint connectivity that is highly economic due to their reduced number of links.
Ethernet Ring Protection does not support Non-Stop Forwarding. A stack failover is destructive to the ring, even when configured on stack units that are not rebooted during the stack failover. Fault detection depends on the configured CCM transmission period. Fault detection may occur in milliseconds depending on the value of the CCM transmission period. Ethernet Ring Protection does not operate in a stack configuration. Do not configure Ethernet Ring Protection in a stack.
a defect still exists on the trail that started the timer. If it does, that defect will be reported to protection switching. Range: 0 to 10000 ms in increments of 100 ms, for example, a value of 500 implies 500 milliseconds. • wait-to-restore timer—When a fault condition is cleared, the traffic channel reverts after the expiry of a WTR timer (if no fault condition is present). This timer is used to avoid toggling protection states in case of intermittent defects. Range: 1 to 12 minutes.
Syntax non-revertive no non-revertive Default Configuration The default operational mode is revertive. Command Mode Ethernet Ring Profile Configuration mode User Guidelines Two operational modes are supported: revertive and non-revertive. In revertive mode, when all failures in the link are removed, traffic is restored to the working transport entity and the Ring Protection Link (RPL) is blocked.
no ethernet ring g8032 ring-name • ring-name—The name of an Ethernet ring to be configured (up to 32 characters) Default Configuration By default, no Ethernet rings are defined. Command Mode Global Configuration mode User Guidelines Map an Ethernet ring profile to an Ethernet ring using the profile command in Ethernet Ring Configuration mode. Configure the East/West links using the Port0/Port1 commands respectively. Set the ring scope using the ring-scope command.
Syntax port0 interface interface-id no port0 interface • interface-id—A physical (Ethernet) interface identifier. Default Configuration By default, there is no port0 configuration. Command Mode Ethernet Ring Configuration mode User Guidelines This command enables an Ethernet link to participate in Ethernet ring protection. In the ITU-T G.8032 standard, port0 and port1 are referred to as East and West ring links, respectively. The port0 interface should be an interface connected to a G.8032 ring.
no port1 • interface-id—A physical (Ethernet) interface identifier. • none—Configure the West interface as a local endpoint for an open ring. Default Configuration No port1 configuration is present by default. Command Mode Ethernet Ring Configuration mode User Guidelines This command enables an Ethernet link to participate in Ethernet ring protection. In the ITU-T G.8032 standard, port0 and port1 are referred to as East and West ring links, respectively.
Default Configuration Rings are closed by default. Command Mode Ethernet Ring Configuration mode User Guidelines This command configures the Ethernet ring as sub-ring. In a sub-ring, only one ring port may be configured per node. This command must be configured on every ring node in the sub-ring, not just on the interconnected nodes of the ring. Example This example configures an open ring node for interface Te1/0/1.
Command Mode Ethernet Ring Configuration mode User Guidelines Each ring node can participate in eight physical rings and each ring can have up to two Ethernet Ring Protection (ERP) instances. The total number of instances supported on a ring node are two. Each ERP instance is uniquely identified by the combination of instance ID and R-APS VLAN ID. All the ring nodes that are part of a logical ring should have the same instance ID and R-APS VLAN ID.
• profile-name—The name of an existing Ethernet ring protection profile. The maximum length of a profile name is 32 characters. Default Configuration There are no associated profiles by default. Command Mode Ethernet Ring Instance Configuration mode User Guidelines This command associates the Ethernet ring protection properties from the named profile with the Ethernet Ring instance. This command is optional.
Syntax rpl {port0 | port1} {owner | neighbor} no rpl • port0—Configure the East port as owner or neighbor. • port1—Configure the West port as RPL owner or neighbor. • neighbor—Assign port0 or port1 and the RPL owner. • owner—Assign port0 or port1 as the RPL owner. Default Configuration There are no associated RPLs by default. Command Mode Ethernet Ring Instance Configuration mode User Guidelines This command configures the Ethernet Ring Protection Link (RPL) and role.
console console console console (config-erp-ring1)#port0 interface te1/0/1 (config-erp-ring1)#port1 interface te1/0/2 (config-erp-ring1)#instance 1 (config-erp-inst-1)#rpl port1 owner console console console console console console (config)# ethernet ring g8032 ring1 (config-erp-ring1)#timer hold-off 500 (config-erp-ring1)#port0 interface te1/0/1 (config-erp-ring1)#port1 interface te1/0/2 (config-erp-ring1)#instance 1 (config-erp-inst-1)#rpl port0 neighbor On the adjacent switch: Command History Comman
User Guidelines This command configures the list of VLANs that are protected by the ERP instance. Only VLANs that are participating in both the ring ports of an instance are monitored by the ERP instance. A VLAN may only be configured for one instance. Configuring a VLAN in more than one ERP instance causes undefined behavior. Example This example configures a closed ring node for interface Te1/0/1 and Te1/0/2 using data VLANs 101-103. It assumes that VLANs 100-103 are already created.
ethernet tcn-propagation Use the ethernet tcn-propagation command to enable topology change notification from a sub-ring to the major ring. Use the no form of the command to disable TCN propagation. Syntax ethernet tcn-propagation g8032 to g8032 Default Configuration TCN propagation is disabled by default. Command Mode Interface (Ethernet) Configuration mode User Guidelines This command enables topology change propagation from sub-ring to a major ring.
console (config-if-Te1/0/2)#ethernet tcn-propagation g8032 to g8032 Command History Command introduced in firmware release 6.6.1. aps-channel Use the aps-channel command to enter into Ethernet Ring Protection APSchannel Configuration mode. Use the exit command to exit the APSChannel Configuration mode. Syntax aps-channel Default Configuration This command has no default configuration.
console console console console console console console console console console console console console console (config)#interface te1/0/1 (config-if-Te1/0/1)#switchport mode trunk (config-if-Te1/0/1)#interface Te1/0/2 (config-if-Te1/0/2)#switchport mode trunk (config-if-Te1/0/2)#exit (config)# ethernet ring g8032 ring1 (config-erp-ring1)#port0 interface te1/0/1 (config-erp-ring1)#port1 interface te1/0/2 (config-erp-ring1)#instance 1 (config-erp-inst-1)#rpl port1 owner (config-erp-inst-1)#inclusion-list vl
User Guidelines It is necessary to configure an Ethernet Maintenance CFM domain and associated MEPs between the links to be protected. Connectivity Fault Management CCMs must be configured to operate at the specified maintenance level to achieve protection switching from causes other than an interface down event. Example This example configures a closed ring node for interface Te1/0/1 and Te1/0/2 using data VLANs 101-103. It assumes that VLANs 100-103 are already created.
raps-vlan Use the raps-vlan command to associate the VLAN to be used for R-APS messages for the ERP instance. Use the no form of the command to disassociate the ERP instance from the VLAN. Syntax raps-vlan vlan-id no raps-vlan vlan-id • vlan-id—The ID of an existing VLAN. Default Configuration This command has no default configuration. Command Mode Ethernet Ring Instance APS Configuration mode User Guidelines It is strongly recommended that no other traffic be configured to use the APS VLAN.
console console console console console console console console console (config)# ethernet ring g8032 ring1 (config-erp-ring1)#port0 interface te1/0/1 (config-erp-ring1)#port1 interface te1/0/2 (config-erp-ring1)#instance 1 (config-erp-inst-1)#rpl port1 owner (config-erp-inst-1)#inclusion-list vlan-ids 101-103 (config-erp-inst-1)#aps-channel (config-erp-inst-1-aps)#level 7 (config-erp-inst-1-aps)#raps-vlan 100 Command History Command introduced in firmware release 6.6.1.
• Clear—The Clear command: a Clears an active local administrative command (for example, forced switch or manual switch). b Triggers reversion before the Wait-to-Restore (WTR) or Wait-toBlock (WTB) timer expires in case of revertive operation. c Triggers reversion in case of a non-revertive operation. • Forced switch—This action command attempts to forcefully cause a ring protection switch by applying a block on the ring port on the local switch.
Command Mode Privileged Exec mode, Global Configuration mode, and all Configuration submodes User Guidelines The following information is shown: Table 3-3.
Inclusion-list VLAN IDs………1500-1799 APS channel Level……………………………5 RAPS-VLAN……………………20 Oper State………………………TRUE console#show ethernet ring g8032 configuration Ethernet ring……………………ring1 Port0……………………………0/1 Port1……………………………0/2 Open-ring: no Instance ………………………..1 Profile…………………………..profile1 RPL…………………………….port0 RPL Owner Inclusion-list VLAN IDs………1000-1299 APS channel Level……………………………6 RAPS-VLAN…………………..10 OperState………………………TRUE Instance………………………..2 Profile………………………….erp RPL…………………………….
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode, and all Configuration submodes User Guidelines The following fields are displayed: Table 3-4. show ethernet ring g8032 brief command output Field Description RingName Ethernet ring name Instance Instance Identifier Node Type Ring node role (Owner, Neighbor, or None) Node State State of the ring node (Init, Idle, Protection, Pending, ForcedSwitch, and ManualSwitch).
show ethernet ring g8032 status Use the show ethernet ring g8032 status command to show the status of Ethernet ring protection. Syntax show ethernet ring g8032 status [ring-name] [ instance [instance-id]] • ring-name—The Ethernet ring name. • instance-id—The Ethernet ring instance. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode, and all Configuration submodes User Guidelines The following fields are displayed: Table 3-5.
Table 3-5. show ethernet ring g8032 status command output Field Description R-APS Level Level that is used in R-APS messages. Profile Profile that is mapped for the instance. If the profile is not configured, the command output displays Not Configured. Also displays the default values for timers and revertive mode. Example console#show ethernet ring g8032 status ring1 instance 1 Ethernet ring………………………..ring1 Instance……………………………1 Node Type …………………… ….
Remote R-APS…………………….NodeId 00:0a:f7:94:e4:0a, BPR: 0 R-APS Level………………………6 Profile………………………………profile1 WTR interval…………………….. 1 minutes Guard interval……………………..2000 milliseconds HoldOffTimer…………………….0 seconds Revertive mode…………………..Enabled Command History Command introduced in firmware release 6.6.1. show ethernet ring g8032 port status Use the show ethernet ring g8032 port status command to show the status of Ethernet ring protection for the selected interface.
Table 3-6. show ethernet ring g8032 port status command output Field Description Protected VLAN list A list of the protected VLANs. State State of the ring node (Init, Idle, Protection, Pending, ForcedSwitch, and ManualSwitch). Example console#show ethernet ring g8032 port status interface gigabitethernet 1/0/10 Port0.......................................... Ethernet Ring.................................. Instance....................................... Protected VLAN list..........................
Table 3-7. show ethernet ring g8032 profile command output Field Description Profile name The name of the profile. WTR interval When all faults are cleared, the period to wait before restoring the original traffic channel. Guard interval The period to wait before invoking a protection switch. Holdoff interval The period to wait before reporting a defect to protection switching. Revertive mode If enabled, revert to the original traffic channel when all faults are cleared.
console#show ethernet ring g8032 profile p1 Ethernet ring profile name..................... WTR interval................................. Guard interval............................... Holdoff interval............................. Revertive mode............................... p1 8 minutes 30 milliseconds 0 milliseconds Disabled Command History Command introduced in firmware release 6.6.1.
• FS—force switch • MS—manual switch • SF—R-APS signal fail Example console#show ethernet ring g8032 statistics Statistics for Ethernet ring r1 instance 1 FOP PM detected: 0 FOP TO detected: 1 R-APS Message Type Port0(Tx/Rx) Port1(Tx/Rx) ---------------------- --------------- --------------NR 566/770 546/766 NR,RB 0/0 0/0 FS 0/0 0/0 MS 0/0 0/0 SF 29/28 9/9 console# console#show ethernet ring g8032 statistics r1 instance 1 Statistics for Ethernet ring r1 instance 1 FOP PM detected: 0 FOP TO detected: 1
Syntax show ethernet ring g8032 summary Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode, and all Configuration submodes User Guidelines The following fields are displayed: Table 3-8. show ethernet ring g8032 summary command output Field Description NodeID The MAC address of the RPL owner node. Init The number of times the node entered the Init state. Idle The number of times the node entered the Idle state.
Manual Switch Forced Switch Pending 0 0 1 Command History Command introduced in firmware release 6.6.1.
Green Ethernet Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Dell EMC Networking switches support various Green Ethernet modes, i.e., power saving modes, namely: • Energy-Detect Mode • Energy Efficient Ethernet These modes can enable significant operational cost reductions through direct power savings and reducing cooling costs. Green mode commands are only valid for copper Ethernet interfaces.
green-mode energy-detect This command enables a Dell EMC proprietary mode of power reduction on ports that are not connected to another interface. Use the no form of the command to disable energy-detect mode on the interface(s). Syntax green-mode energy-detect no green-mode energy-detect Default Configuration On N1100-ON, N1500, N2000, N2100-ON, N2200-ON, N3000-ON, N3100ON, and N3200-ON switches, energy-detect is enabled by default on the 1G copper interfaces.
green-mode eee Use the green-mode eee command mode to enable EEE low power idle mode on an interface. Use the no form of the command to disable the feature. Syntax green-mode eee no green-mode eee Default Configuration EEE is enabled by default on capable interfaces. Command Mode Interface Configuration User Guidelines The command enables both send and receive sides of a link to disable some functionality for power savings when lightly loaded.
Use the no form of the command to return the configuration to the default. Syntax green-mode eee tx-idle-time <600-4294967295> green-mode eee tx-wake-time <0-65535> no green-mode eee {tx-idle-time|tx-wake-time} Default Configuration By default, the transmit idle time is 600 micro-seconds and the transmit wake time is 8 micro-seconds.
• The EEE LPI history table entries • The Cumulative Power savings estimates for a specified interface or for all the interfaces based upon the argument. Syntax clear green-mode statistics {interface-id | all} • interface-id—An Ethernet interface identifier. See Interface Naming Conventions for interface representation. • all—All Ethernet interfaces. Default Configuration This command has no default configuration. Command Mode Privileged Exec User Guidelines This command has no user guidelines.
Command Mode Global Configuration User Guidelines This value is applied globally on all interfaces on the stack. LPI history is only collected on combo ports when the copper port is enabled. Use the no form of the command to set the sampling interval or max-samples values to the default. Examples Use the command below to set the EEE LPI History sampling interval to the default.
User Guidelines This command is also used to display the per port configuration and operational status of the green-mode. The status is shown only for the modes supported on the corresponding hardware platform whether enabled or disabled. This command output provides the following information. Term Description Energy Detect Energy-detect admin mode Energy-detect mode is enabled or disabled. Energy-detect operational status Energy detect mode is currently active or inactive.
Term Description Rx Low Power Idle Duration (µSec) This field indicates duration of Tx LPI state in 10us increments. Shows the total duration of Tx LPI since the EEE counters are last cleared. Tw_sys_tx (µSec) Integer that indicates the value of Tw_sys that the local system can support. This value is updated by the EEE DLL Transmitter state diagram. This variable maps into the aLldpXdot3LocTxTwSys attribute.
Term Description Remote Fallback Tw_sys (µSec) Integer that indicates the value of fallback Tw_sys that the remote system is advertising.This attribute maps to the variable RemFbSystemValue as defined in 78.4.2.3. Tx_dll_enabled Initialization status of the EEE transmit Data Link Layer management function on the local system. Tx_dll_ready Data Link Layer ready: This variable indicates that the tx system initialization is complete and is ready to update/receive LLDPDU containing EEE TLV.
Remote Tw_sys_tx Echo(usec).......21 Remote Tw_sys_rx (usec)...........21 Remote Tw_sys_tx Echo(usec).......21 Remote fallback Tw_sys (usec).....21 Tx DLL enabled....................Yes Tx DLL ready......................Yes Rx DLL enabled....................Yes Rx DLL ready......................Yes Cumulative Energy Saving (W * H)..2.37 Time Since Counters Last Cleared..1 day 20 hr 47 min 34 sec show green-mode Use the show green-mode command to display the green-mode configuration for the whole system.
Term Description EEE EEE Config EEE Admin Mode is enabled or disabled. Example console#show green-mode Current Power Consumption (mW)................. 11545 Power Saving /Stack (%)........................ 3 Cumulative Energy Saving /Stack (W * H)........
Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines On combo ports, samples are only collected on the copper ports when enabled. The following fields are displayed by this command. Term Description Sampling Interval Interval at which EEE LPI statistics is collected. Total No. of Samples to Keep Maximum number of samples to keep.
------ -------------------3 00:00:00:09 2 00:00:00:40 1 00:00:01:11 -------------3 4 3 -------------3 7 10 Layer 2 Switching Commands 515
GMRP Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches The GARP Multicast Registration Protocol (GMRP) provides a mechanism that allows networking devices to dynamically register (and deregister) Group membership information with the MAC networking devices attached to the same segment, and for that information to be disseminated across all networking devices in the bridged LAN that support Extended Filtering Services.
This ensures that the networking device receives multicast frames from all ports but forwards them through only those ports for which GMRP has created Group registration entry (for that multicast address). Registration entries created by GMRP ensures that frames are not transmitted on LAN segments which neither have registered GMRP participants nor are in the path through the active topology between the sources of the frames and the registered group members.
Syntax clear gmrp statistics [{gigabitethernet unit/slot/port | port-channel portchannel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example clears all the GMRP statistics information on port Gi1/0/8.
User Guidelines This command has no user guidelines.
GVRP Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches GARP VLAN Registration Protocol (GVRP) is used to propagate VLAN membership information throughout the network. GVRP is based on the Generic Attribute Registration Protocol (GARP), which defines a method of propagating a defined attribute (that is, VLAN membership) throughout the network.
Example The following example clears all the GVRP statistics information on interface Gi1/0/8. console# clear gvrp statistics gigabitethernet 1/0/8 garp timer Use the garp timer command in Interface Configuration mode to adjust the GARP application join, leave, and leaveall GARP timer values. To reset the timer to default values, use the no form of this command. Syntax garp timer {join | leave | leaveall} timer_value no garp timer • join — Indicates the time in centiseconds that PDUs are transmitted.
User Guidelines This command is available in Ethernet interface configuration mode and port channel interface configuration mode. The following relationships for the various timer values must be maintained: • Leave time must be greater than or equal to three times the join time. • Leaveall time must be greater than the leave time. Set the same GARP timer values on all Layer 2-connected devices.
Example The following example globally enables GVRP on the device. console(config)#gvrp enable gvrp enable (Interface Configuration) Use the gvrp enable command in Interface Configuration mode to enable GVRP on an interface. To disable GVRP on an interface, use the no form of this command. Syntax gvrp enable no gvrp enable Default Configuration GVRP is disabled on all interfaces by default.
gvrp registration-forbid Use the gvrp registration-forbid command in Interface Configuration mode to deregister all VLANs on a port and prevent any dynamic registration on the port. To allow dynamic registering for VLANs on a port, use the no form of this command. Syntax gvrp registration-forbid no gvrp registration-forbid Default Configuration Dynamic registering and deregistering for each VLAN on the port is not forbidden.
Syntax gvrp vlan-creation-forbid no gvrp vlan-creation-forbid Default Configuration By default, dynamic VLAN creation is enabled. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines This command is available in Ethernet interface configuration mode and port channel interface configuration mode. Example The following example disables dynamic VLAN creation on port 1/0/8.
User Guidelines This command is valid for Ethernet and port-channel interfaces. If no interface-id parameter is given, all interfaces are shown.
Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines If no interface-id parameter is given, all interfaces are shown. Example The following example displays GVRP error statistics information.
Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example This example shows output of the show gvrp statistics command.
IGMP Snooping Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Snooping of Internet Group Management Protocol (IGMP) messages is a feature that allows Dell EMC Networking switches to forward multicast traffic intelligently on the switch. Multicast traffic is traffic that is destined to a host group. Host groups are identified by the destination MAC address, i.e.
and thus not detectable by the switch. If a query is not received on an interface within a specified length of time (multicast router present expiration time), that interface is removed from the list of interfaces with multicast routers attached. The multicast router present expiration time is configurable using management. The default value for the multicast router expiration time is zero, which indicates an infinite time-out (that is, no expiration).
Enabling IGMP snooping on a VLAN in which L3 multicast is enabled is recommended. If a multicast source is connected to a VLAN on which both L3 multicast and IGMP/MLD snooping are enabled, the multicast source is forwarded to the mrouter ports, including the internal mrouter port. If IGMP snooping is disabled, multicast data plane packets are flooded in the VLAN. IGMP snooping (and IGMP querier) validates IGMP packets. As part of the validation, IGMP checks for the router alert option.
Command Mode User Exec, Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console(config)#show ip igmp snooping Admin Mode..................................... IGMP Router-Alert check........................ Multicast Control Frame Count.................. SSM FDB Capacity............................... SSM FDB Current Entries........................ SSM FDB High Water Mark. ......................
Default Configuration This command has no default configuration. Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines To see the full multicast address table (including static addresses) use the show mac address-table command. Example This example shows IGMPv2 snooping entries console(config)#show ip igmp snooping groups Vlan ---1 Group ----------------------224-239.129|1.2.
Flooding Unregistered to All Ports............. Disabled Vlan 1: -------IGMP Snooping Admin Mode....................... Immediate Leave Mode........................... Group Membership Interval...................... Last Member Query Interval..................... Multicast Router Expiry Time................... Enabled Disabled 260 10 300 Report Suppression Mode........................
ip igmp snooping vlan immediate-leave This command enables or disables IGMP Snooping immediate-leave mode on a selected VLAN. Syntax ip igmp snooping vlan vlan-id immediate-leave no ip igmp snooping vlan vlan-id immediate-leave • vlan id — A VLAN identifier (range 1-4093). Default Configuration IGMP snooping immediate-leave mode is disabled on VLANs by default.
ip igmp snooping vlan groupmembership-interval This command sets the IGMP Group Membership Interval time on a VLAN. Syntax ip igmp snooping vlan vlan-id groupmembership-interval time no ip igmp snooping vlan vlan-id groupmembership-interval • vlan-id — A VLAN identifier (Range 1-4093). • time — IGMP group membership interval time in seconds. (Range: 2–3600) Default Configuration The default group membership interval time is 260 seconds.
Syntax ip igmp snooping vlan vlan-id last-member-query-interval time no ip igmp snooping vlan vlan-id last-member-query-interval • vlan-id — A VLAN identifier (Range 1-4093). • time — Number of seconds after which a host is considered to have left the group. (Range: 1-25) Default Configuration The default maximum response time is 10 seconds.
Syntax ip igmp snooping vlan vlan-id mcrtexpiretime time no ip igmp snooping vlan vlan-id mcrtexpiretime • vlan-id — A VLAN identifier (Range 1-4093). • time— Multicast router present expiration time. (Range: 1–3600) Default Configuration The default multicast router present expiration time is 300 seconds. Command Mode Global Configuration mode User Guidelines The expiry time is configured for an individual VLAN.
• vlan-id — A VLAN identifier (Range 1-4093). Default Configuration Report suppression is enabled by default. Command Mode Global Configuration mode User Guidelines When IGMP report suppression is enabled, the switch only sends the first report received for a group in response to a query. Report suppression is only applicable to IGMPv1 and IGMPv2. Example The following example sets the snooping report suppressions time to 10 seconds.
User Guidelines There is no equivalent MLD command since this setting applies to both protocols. Example console(config)#ip igmp snooping unregistered floodall ip igmp snooping vlan mrouter This command statically configures a port as connected to a multicast router for a specified VLAN. Use the no form of this command to remove the static binding.
multicast packets received in the VLAN. This behavior can be used to ensure that IGMP snooping will selectively forward IPv4 multicast data traffic in a VLAN even if no dynamically discovered IPv4 multicast router has been discovered. Multicast data plane traffic from multicast sources in a VLAN is always forwarded to the mrouter ports in the VLAN. Multicast control plane packets (those addressed to the reserved 224.0.0.
IGMP Snooping Querier Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches The IGMP Snooping Querier is an extension to the IGMP Snooping feature. IGMP Snooping Querier allows the switch to simulate an IGMP router in a Layer 2-only network, thus removing the need to have an IGMP Router to collect and refresh the multicast group membership information. The querier function simulates a small subset of the IGMP router functionality.
Default Configuration The IGMP Snooping Querier feature is globally disabled on the switch. When enabled, the IGMP Snooping Querier stops sending queries if it detects IGMP queries from a multicast-enabled router. The Snooping Querier periodically (querier timer expiry) wakes up and listens for IGMP queries, and if found, goes back to sleep. If no IGMP queries are heard, then the Snooping Querier will resume querying.
snooping (and snooping querier) will discard the packet. Use the no ip igmp snooping router-alert-check command to disable checking for the router alert option. Example The following example enables IGMP snooping querier in Global Configuration mode. console(config)#ip igmp snooping querier vlan 1 address 10.19.67.
to participate in the querier election but to stop sending queries as soon as it discovers the presence of another querier in the VLAN. If the switch detects another querier in the VLAN, it will cease sending queries for the querier timeout period. Example The following example configures the snooping querier to participate in the querier election on VLAN 10.
Example The following example sets the query interval to 1800: console(config)#ip igmp snooping querier query-interval 1800 ip igmp snooping querier timer expiry This command sets the IGMP querier timer expiration period which is the time period that the switch remains in non-querier mode after it has discovered that there is a multicast querier in the network. The no form of this command sets the IGMP querier timer expiration period to its default value.
ip igmp snooping querier version This command sets the IGMP version of the query that the snooping switch is going to send periodically. The no form of this command sets the IGMP Querier Version to its default value. Syntax ip igmp snooping querier version version no ip igmp snooping querier version • version — IGMP version. (Range: 1–2) Default Configuration The querier version default is 2. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all submodes User Guidelines When the optional argument vlan-id is not used, the command shows the following information. Parameter Description IGMP Snooping Querier Indicates whether or not IGMP Snooping Querier is active on the switch. IGMP Version Indicates the version of IGMP that will be used while sending out the queries.
Parameter Description VLAN Operational Indicates the time to wait before removing a Leave from a host Max Response Time upon receiving a Leave request. This value is calculated dynamically from the Queries received from the network. If the Snooping Switch is in Querier state, then it is equal to the configured value. Querier Election Participate Mode Indicates whether the IGMP Snooping Querier participates in querier election if it discovers the presence of a querier in the VLAN.
Interface Error Disable and Auto Recovery Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Interface error disable automatically disables an interface when an error is detected; no traffic is allowed until the interface is either manually re-enabled or, if auto recovery is configured, the configured auto recovery time interval has passed.
• link-flap — Link flap recovery. • loop-protect — Loop Protection auto-recovery. • port-security — Port security MAC locking auto-recovery. • mcast-storm — Multicast Storm auto-recovery. • sfp-mismatch — SFP mismatch auto-recovery. • sfpplus-mismatch — SFP+ transceiver inserted in SFP port auto-recovery. • spanning-tree — Spanning-tree auto-recovery. • udld — UDLD auto-recovery. • ucast-storm — Unicast Storm auto-recovery. Default Configuration No recovery causes are enabled by default.
Command History Implemented in version 6.3.0.1 firmware. Additional causes added in version 6.5 firmware. Updated in version 6.6 firmware to add 802.1x auto-recovery. Example The following example enables auto-recovery for all causes. console(config)#errdisable recovery cause all errdisable recovery interval Use the errdisable recovery interval command to configure the interval for error recovery of interfaces disabled due to any cause. Use the no form of the command to reset the interval to the default.
Interfaces recovered by auto-recovery issue a log message indicating that recovery is being attempted. <13> Sep 25 14:38:32 10.130.135.107-1 UDLD[nim_t]: udld_util.c(1829) 87 %% Interface Gi1/0/1 is restored from the error disabled state. Command History Implemented in version 6.3.0.1 firmware. Example The following example sets the error recovery timer to 30 seconds.
<13> Sep 25 14:38:32 10.130.135.107-1 UDLD[nim_t]: udld_util.c(1829) 87 %% Interface Gi1/0/1 is restored from the error disabled state. The following information is displayed. Term Parameter Description ARP inspection arp-inspection ARP inspection auto-recovery. BPDU Guard bpduguard BPDU guard auto-recovery. Broadcast Storm bcast-storm Broadcast storm auto-recovery. BPDU Storm bpdustorm BPDU storm auto-recovery. Denial of Service denial-ofservice Denial of Service auto-recovery.
Reason -----------------ARP Inspection BPDU Guard Broadcast Storm BPDU Storm Denial of Service DHCP Rate Limit Keep Alive Loop Protection Port Security Multicast Storm SFP Mismatch SFP Plus Mismatch Spanning Tree UDLD Unicast Storm Auto-recovery Status --------------------Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Interval for auto-recovery of error disabled interfaces: 300 seconds show interfaces status err-disab
When the interval expires, the system examines the error disabled interfaces and recovers them if recovery for the indicated cause is enabled. Only a single timer is used and recovery occurs when the timer expires, not when the interface time expires. The recovery delay time indicates the number of seconds until the interface is eligible for recovery if auto-recovery is enabled for the indicated cause. Interfaces recovered by auto-recovery issue a log message indicating that recovery is being attempted.
Command History Implemented in version 6.3.0.1 firmware. Modified in version 6.5 firmware.
IP Device Tracking Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches ip device tracking Use the ip device tracking command to enable device tracking for IPv4 hosts. Syntax ip device tracking no ip device tracking Default Configuration IP device tracking is disabled by default. Command Mode Global Configuration mode User Guidelines IP device tracking (IPDT) maintains a table of attached IPv4 host addresses.
For each device entry in the IPDT table, ARP probe is sent periodically to check the reachability of the device. If there are no ARP responses received for the configured number of retransmit ARP probes, the device entry is marked inactive. IPDT does not send ARP probes for entries already present in the ARP table until they age out and ARP packets are exchanged. When IPDT is enabled for the first time, it may take up to 20 minutes (or the configured ARP timeout) for the IPDT table to populate.
If the device entry is modified during that delay interval, the initial probe delay timer is canceled and the probe retransmit timer is started. Whenever the device entry is updated from ARP Snooping or DHCP Snooping, the probe retransmit timer is restarted. Entries in the IPDT table are added on the following events: • ARP snooping detected a new device. • DHCP snooping issued a new address binding.
• The state of associated interface changes from forwarding to nonforwarding. • If DHCP snooping is disabled, entries added via DHCP snooping are marked INACTIVE. • The DHCP lease associated with the table entry is terminated or deleted. Only ARP packets that are validated by Dynamic ARP Inspection (if enabled) are processed by IPDT.
Syntax ip device tracking probe no ip device tracking probe Default Configuration IP device tracking probes are enabled by default. Command Mode Global Configuration mode User Guidelines Invoking the no form of the command (no ip device tracking probe) causes all the ACTIVE state entries in the IPDT table to remain in the ACTIVE state until the port moves to non-forwarding state or lease of those entries are removed. Command History Command introduced in version 6.6.0 firmware.
Default Configuration The default probe interval is 30 seconds. Command Mode Global Configuration mode User Guidelines Systems with a large number of ports should consider the use of a larger probe interval. Command History Command introduced in version 6.6.0 firmware. Example This example globally enables IPDT and sets the probe interval to 1 minute.
User Guidelines Systems with a large number of ports should consider the use of a larger missed response count. Command History Command introduced in version 6.6.0 firmware. Example This example globally enables IPDT and sets the missed probe count to 6. console(config)#ip device tracking console(config)#ip device tracking probe count 6 ip device tracking probe delay Use the ip device tracking probe delay command to configure the time to wait after a link up event before sending an ARP probe.
User Guidelines Reducing the delay allows IPDT to discover devices more quickly. Reducing the delay to too small of a value may cause IPDT to query a device during the quiet period after the host has sent a gratuitous ARP. The ARP probe may confuse the host and require the host interface to be reset. Use of the ip device tracking probe auto-source fallback may help to ameliorate this issue. Some network implementations have had good results with the delay set to around 10 seconds.
Default Configuration The source IP address in the probe packet for non-routing interfaces is set to the 0.0.0.0 address. Command Mode Global Configuration mode User Guidelines This command only applies to non-routed interfaces. Command History Command introduced in version 6.6.0 firmware. Example This example globally enables IPDT and sets the source IP address in the ARP packet destined to 10.5.5.20 to 10.5.5.1.
Command Mode Interface (Ethernet or Port-Channel) Configuration mode User Guidelines Invoking the normal form of the command (ip device tracking maximum value) clears all the entries learned on a specified interface and sets the maximum entries to be learned on that interface. Configuring the maximum limit to 0 effectively disables IPDT on the interface.
• mac mac-address—Clears the entries matching the mac-address. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode User Guidelines After clearing the table entries, ARP probes are sent to repopulate the table. Command History Command introduced in version 6.6.0 firmware. Example This example clears the IPDT entries on interface Gi1/0/1.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all sub-modes User Guidelines The following fields are displayed: Field Description IP Address Learned IPv4 address of the device. MAC Address MAC address associated with the learned IPv4 address. VLAN VLAN identifier associated with an interface on which device is learned. Interface Interface name on which device is learned.
-----------------------------------------------------------------------------IP Address MAC Address Vlan Interface Time-left Time-since State Source to inactive inactive -----------------------------------------------------------------------------10.21.1.1 01:02:03:04:05:06 2 Gi1/0/1 30 0 ACTIVE ARP Total number interfaces enabled: 1 Enabled interfaces: Gi1/0/1 console#show ip device tracking all count IP Device Tracking ARP Entries Count .......... 40 IP Device Tracking DHCP Entries Count .........
-----------------------------------------------------------------------------IP Address MAC Address Vlan Interface Time-left Time-since State Source to inactive inactive -----------------------------------------------------------------------------10.21.1.1 01:02:03:04:05:06 2 Gi1/0/1 50 0 ACTIVE ARP 20.21.1.
IPv6 Access List Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Access to a switch or router can be made more secure through the use of Access Control Lists (ACLs) to control the type of traffic allowed into or out of specific ports. An ACL consists of a series of rules, each of which describes the type of traffic to be processed and the actions to take for packets that meet the classification criteria.
[sequence number] {deny | permit} {ipv6-protocol | number | every} {source-ipv6-prefix/prefix-length | any | host source-ipv6-address} [{range {portkey | startport} {portkey | endport} | {eq | neq | lt | gt} {portkey | 065535}] {destination-ipv6-prefix/prefix-length | any | host destination-ipv6address} [{range {portkey | startport} {portkey | endport} | {eq | neq | lt | gt} {portkey | 0-65535}] [flag [+fin | -fin] [+syn | -syn] [+rst | -rst] [+psh | -psh] [+ack | -ack] [+urg | -urg] [established]] [flow-la
data, http, ntp, pop2, pop3, rip, smtp, snmp, telnet, tftp, telnet, time, who and www. Each of these keywords translates into its equivalent destination port number. • – When “range” is specified, IPv6 ACL rule matches only if the layer 4 port number falls within the specified port range. The startport and endport parameters identify the first and last ports that are part of the port range. They have values from 0 to 65535. The ending port must have a value equal or greater than the starting port.
• • – When “+” is specified, a match occurs if specified flag is set in the TCP header. – When “-” is specified, a match occurs if specified flag is *NOT* set in the TCP header. – When “established” is specified, a match occurs if specified either RST or ACK bits are set in the TCP header. – This option is visible only if the protocol is tcp.
• fragments—Specifies the rule matches packets that are non-initial fragments (fragment bit asserted). Not valid for rules that match L4 information such as TCP port number since that information is carried in the initial packet. IPv6 fragments contain an IPv6 Fragment extension header. • routing—Specifies that IP ACL rule matches on routed packets. Routed packets contain an IPv6 “routing” extension header.
Command Mode IPv6-Access-List Configuration mode User Guidelines A rule may either deny or permit traffic according to the specified classification fields. At a minimum, either the every keyword or the protocol, source address, and destination address values must be specified. The source and destination IPv6 address fields may be specified using the keyword any to indicate a match on any value in that field.
The IPv6 “fragment” and “routing” keywords are not supported on egress (out) access groups. The log action is supported for both permit and deny rules. If a permit|deny clause is entered with the same sequence number as an existing rule, the configuration is denied with an error message. An implicit deny all condition is added by the system after the last MAC or IP/IPv6 access group if no route-map is configured on the interface.
Example The following example creates rules in an IPv6 ACL named "STOP_HTTP" to discard any HTTP traffic from the 2001:DB8::0/32 network, but allow all other traffic from that network: console(config)#ipv6 access-list STOP_HTTP console(Config-ipv6-acl)#deny tcp 2001:DB8::0/32 any eq http console(Config-ipv6-acl)#permit every ipv6 access-list The ipv6 access-list command creates an IPv6 Access Control List (ACL) consisting of classification fields defined for the IP header of an IPv6 frame.
console(config)#ipv6 access-list DELL_IP6 console(Config-ipv6-acl)# ipv6 access-list rename The ipv6 access-list rename command changes the name of an IPv6 Access Control List (ACL). This command fails if an IPv6 ACL with the new name already exists. Syntax ipv6 access-list rename name newname • name — the name of an existing IPv6 ACL. • newname — alphanumeric string from 1 to 31 characters uniquely identifying the IPv6 access list.
Syntax ipv6 traffic-filter name [in | out | control-plane][seq-num] no ipv6 traffic-filter name [in | out | control-plane] • name — Alphanumeric string of 1 to 31 characters uniquely identifying the IPv6 access list. • in — The access list is applied to ingress packets. • out—The access list is applied to egress packets. • control-plane—The access list is applied to ingress control plane packets. This parameter is only available in Global Configuration mode.
control list. To mitigate this behavior, permit rules must be added by the operator to allow the appropriate control plane packets to ingress the CPU (i.e., ARP, DHCP, LACP, STP BPDU, etc.). The control-plane keyword does not filter traffic received over the out-of-band port. Example The following example attaches an IPv6 access control list to an interface. console(config-if-Gi1/0/1)#ipv6 traffic-filter DELL_IP6 in Command History Syntax updated in the 6.4 release.
ACL Name Count ------------------------------------IPv6-ACL 43981900 asdasd 3981901 Rules Interface(s) Direction ----- ------------------------- --------- -1 Gi1/0/8 Inbound 2 Gi1/0/7 Inbound console#show ipv6 access-lists IPv6-ACL IPV6 ACL Name: IPv6-ACL Inbound Interface(s): Gi1/0/8 Rule Number: 1 Action......................................... Match All...................................... Protocol....................................... Source IPV6 Address............................
IPv6 MLD Snooping Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches In IPv6, Multicast Listener Discover (MLD) snooping performs functions similar to IGMP snooping in IPv4. With MLD snooping, IPv6 multicast data is selectively forwarded to a list of ports that want to receive the data, instead of being flooded to all ports in a VLAN. This list is constructed by snooping IPv6 multicast control packets.
• vlan-id — A VLAN identifier (Range 1-4093). • time — MLD group membership interval time in seconds. (Range: 23600) Default Configuration The default group membership interval time is 260 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console(config)#ipv6 mld snooping vlan 2 groupmembership-interval 1500 ipv6 mld snooping vlan immediate-leave This command enables or disables MLD Snooping immediate-leave mode on a selected VLAN.
User Guidelines Enabling immediate-leave allows the switch to immediately remove the Layer 2 LAN interface from its forwarding table entry upon receiving an MLD done message for that multicast group without first sending out MAC-based general queries to the interface. Enable immediate-leave admin mode only on VLANs where only one host is connected to each Layer 2 LAN port.
User Guidelines MLD listener message suppression is equivalent to IGMP report suppression. When MLD listener message suppression is enabled, the switch only sends the first report received for a group in response to a query. Listener message suppression is only applicable to MLDv1.
ipv6 mld snooping vlan mcrtrexpiretime The ipv6 mld snooping mcrtrexpiretime command sets the multicast router present expiration time. Syntax ipv6 mld snooping vlan vlan-id mcrtrexpiretime time no ipv6 mld snooping vlan vlan-id mcrtrexpiretime • vlan-id — A VLAN identifier (Range 1-4093). • time — Multicast router present expiration time in seconds. (Range: 1–3600) Default Configuration The default multicast router present expiration time is 300 seconds. Command Mode Global Configuration mode.
• vlan-id — A VLAN identifier (Range 1-4093). • interface-id— The next-hop interface to the multicast router. Default Configuration There are no multicast router ports configured by default. Command Mode Global Configuration mode. User Guidelines MLD snooping will forward IPv6 multicast data packets in the VLAN if a static mrouter port is configured.
User Guidelines Use this command without parameters to globally enable MLD Snooping. Use the no form of the command to disable MLD Snooping. Use the vlan parameter to enable MLD Snooping on a specific VLAN. It is recommended that IGMP snooping should be enabled whenever MLD snooping is enabled to ensure that unwanted pruning of multicast protocol packets used by other protocols does not occur. Enabling MLD snooping on an IPv6 L3 multicast router is recommended.
User Guidelines With no optional arguments, the command displays the following information: • Admin Mode — Indicates whether or not MLD Snooping is active on the switch. • Multicast Control Frame Count— Displays the total number of IGMP or PIM packets which have been received (same as IPv4). • Flooding Unregistered to All Ports—Indicates if Flooding Unregistered to All Ports is enabled.
Example console(config)#show ipv6 mld snooping Admin Mode..................................... Multicast Control Frame Count.................. SSM FDB Capacity............................... SSM FDB High Water Mark........................ SSM FDB Current Entries........................ Flooding Unregistered to All Ports............. Enable 6255 64 1 1 Disabled Vlan 1: -------MLD Snooping Admin Mode........................ Immediate Leave Mode........................... Group Membership Interval...........
User Guidelines This user guideline applies to all switch models.To see the full multicast address table (including static addresses) use the show mac address-table multicast command. Example This example shows MLDv2 snooping entries console#show ipv6 mld snooping groups Vlan ---1 Group ----------------------3333.0000.
User Guidelines MLD snooping forwards IPv6 multicast data plane packets to mrouter ports, including statically configured mrouter ports. If a static mrouter port is configured in a VLAN, MLD snooping will forward multicast data plane packets received on the VLAN even if the interface is down. This behavior can be used to ensure that MLD snooping will selectively forward IPv6 multicast data traffic even if no dynamically discovered IPv6 multicast router has been discovered.
IPv6 MLD Snooping Querier Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches The MLD Snooping Querier is an extension of the MLD snooping feature. MLD Snooping Querier allows the switch to simulate an MLD router in a Layer 2-only network, thus removing the need to have an MLD router to collect the multicast group membership information. The querier function simulates a small subset of the MLD router functionality.
User Guidelines It is not recommended the MLD Snooping Querier be enabled on a switch enabled for IPv6 multicast routing. Example console(config)#ipv6 mld snooping querier ipv6 mld snooping querier (VLAN mode) Use the ipv6 mld snooping querier command in VLAN mode to enable MLD Snooping Querier on a VLAN. Use the no form of this command to disable MLD Snooping Querier on a VLAN. Syntax ipv6 mld snooping querier vlanvlan-id no ipv6 mld snooping querier vlan vlan-id • vlan-id — A VLAN identifier.
Syntax ipv6 mld snooping querier address prefix[/prefix-length] no ipv6 mld snooping querier address • prefix — An IPv6 address prefix. • prefix-length — Designates how many of the high-order contiguous bits of the address make up the prefix. Default Configuration There is no global MLD Snooping Querier address configured by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
Command Mode Global Configuration mode User Guidelines When enabled, if there is another querier in the network and the local querier is in election mode, then the querier with the lower IP address is elected and the other querier stops querying. If the local querier is not in election mode and another querier is detected, the local querier stops querying.
ipv6 mld snooping querier timer expiry Use the ipv6 mld snooping querier timer expiry command to set the MLD Querier timer expiration period. Use the no form of this command to reset the timer expiration period to the default. Syntax ipv6 mld snooping querier timer expiry timer ipv6 mld snooping querier timer expiry • timer — The time that the switch remains in Non-Querier mode after it has discovered that there is a multicast querier in the network.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines When the optional argument vlan vlan-id is not used, the command shows the following information: Parameter Description MLD Snooping Querier Mode Indicates whether or not MLD Snooping Querier is active on the switch. Querier Address Shows the IP Address which will be used in the IPv6 header while sending out MLD queries.
Operational State Indicates whether MLD Snooping Querier is in “Querier” or “Non-Querier” state. When the switch is in Querier state it will send out periodic general queries. When in Non-Querier state it will wait for moving to Querier state and does not send out any queries. Operational Version Indicates the version of MLD that will be used while sending out the queries. This is defaulted to MLD v1 and it can not be changed.
IP Source Guard Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches IP Source Guard (IPSG) is a security feature that filters IP packets based on source ID. The source ID may either be source IP address or a {source IP address, source MAC address} pair. The network administrator configures whether enforcement includes the source MAC address. The network administrator can configure static authorized source IDs.
Default Configuration By default, no sources are blocked. Command Mode Interface Configuration mode (Ethernet and port channel) User Guidelines DHCP snooping should be enabled on any ports for which ip verify source is configured. If ip verify source is configured on an interface for which DHCP snooping is disabled, or for which DHCP snooping is enabled and the port is trusted, incoming traffic on the interface is dropped. Incoming traffic is filtered based on the source IP address and VLAN.
Default Configuration By default, there are no static bindings configured. Command Mode Global Configuration mode User Guidelines The configured IP address and MAC address are used to match the source IP address and source MAC address for packets received on the interface. Hosts sending packets using the configured source IP address and source MAC address are trusted on the interface. Example console(config)#ip verify binding 00:11:22:33:44:55 vlan 1 1.2.3.
• ip: IPv4 address filtering • ipv6: IPv6 address filtering • ipv6-mac: IPv6 plus MAC address filtering • N/A: No filtering is configured on the interface Example console(config-if-Gi1/0/5)#show ip verify Interface ----------Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 Gi1/0/9 Filter Type ----------ip ipv4-mac N/A N/A ipv4-mac N/A N/A N/A N/A console(config-if-Gi1/0/5)#show ip verify interface gi1/0/5 Interface ----------Gi1/0/5 Filter Type ----------ipv6-mac show ip verify so
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show ip verify source interface gigabitethernet 1/0/1 Interface Filter Type IP Address MAC Address Vlan ----------- ----------- --------------- ----------------- ----Gi1/0/1 ip 1.2.3.4 00:12:32:43:54:66 1 show ip source binding Use the show ip source binding command to display all bindings (static and dynamic).
iSCSI Optimization Commands Dell EMC Networking N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON/N3200-ON Series Switches iSCSI Optimization provides a means of performing configuration specific to storage traffic and optionally giving traffic between iSCSI initiator and target systems special Quality of Service (QoS) treatment. iSCSI Optimization is best applied to mixed-traffic networks where iSCSI packets constitutes a portion of overall traffic.
iSCSI Optimization borrows ACL lists from the global system pool. ACL lists allocated by iSCSI Optimization reduce the total number of ACLs available for use by the network operator. Enabling iSCSI Optimization uses one ACL list to monitor for iSCSI sessions for the application of any CoS treatment. iscsi cos Use the iscsi cos command in Global Configuration mode to set the quality of service profile that will be applied to iSCSI flows.
In general, the use of iSCSI CoS is not required. By default, iSCSI flows are assigned to the highest VPT/DSCP value that is mapped to the highest queue not used for stack management or the voice VLAN. Make sure you configure the relevant Class of Service parameters for the queue in order to complete the setting. Configuring the VPT/DSCP value sets the QoS profile which selects the egress queue to which the frame is mapped. The default setting for egress queues scheduling is Weighted Round Robin (WRR).
Default Configuration iSCSI is enabled by default. Command Mode Global Configuration mode User Guidelines This command modifies the running config to enable flow control on all interfaces. Monitoring for EqualLogic Storage arrays via LLDP is enabled by this command. Upon detection of an EQL array, the specific interface involved will have spanning-tree portfast enabled and unicast storm control disabled. These changes appear in the running config.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example The following example displays the iSCSI configuration.
Link Dependency Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Link dependency allows the link status of a group of interfaces to be made dependent on the link status of other interfaces. The effect is that the link status of a group that depends on another interface either mirrors or inverts the link status of the depended-on interface. Circular dependencies are not allowed. For example, if port-channel 1 in group 1 depends on port-channel 2.
Example console(config-depend-1)#action up link-dependency group Use the link-dependency group command to enter the link-dependency mode and configure a link-dependency group. Syntax link-dependency group GroupId no link-dependency group GroupId • GroupId — Link dependency group identifier. (Range: 1–72) Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The preference of a group is to remain in the up state.
• intf-list — List of Ethernet interface identifiers or port channel identifiers or ranges. Separate nonconsecutive ports with a comma and no spaces. Use a hyphen to designate the range of ports. Default Configuration This command has no default configuration. Command Mode Link Dependency mode User Guidelines Adding an interface to a dependency list brings the interface down until the depends-on command is entered. The link status will then follow the interface specified in the depends-on command.
Default Configuration This command has no default configuration. Command Mode Link Dependency mode User Guidelines Circular dependencies are not allowed, i.e. interfaces added to the group may not also appear in the depends-on list of the same group or a different group. If an interface appears in the add list of any group, the interfaces in the corresponding depends-on list may not refer back to the interfaces in the add group.
User Guidelines Configure a link dependency group prior to using this command. Example The following command shows link dependencies for all groups. console#show link-dependency GroupId Member Ports Ports Depended On Link Action Group State ------- ----------------------------------------------------1 Gi4/0/2-3,Gi4/0/5 Gi4/0/10-12 Link Up Up/Down The following command shows link dependencies for group 1 only.
LLDP Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches The IEEE 802.1AB standard defines the Link Layer Discovery Protocol (LLDP). This protocol allows stations residing on an IEEE802 LAN to advertise major capabilities, physical descriptions, and management information to physically adjacent devices, allowing a network management system (NMS) to access and display this information.
The receive function accepts incoming LLDPDU frames and stores information about the remote stations. Both local and remote data may be displayed by the user interface and retrieved using SNMP as defined in the LLDP MIB definitions. The component maintains one remote entry per physical network connection. The LLDP component manages a number of statistical parameters representing the operation of each transmit and receive function on a per-port basis.
Syntax clear lldp statistics Default Configuration By default, the statistics are only cleared on a system reset. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example displays how to reset all LLDP statistics. console#clear lldp statistics debug lldp Use the debug lldp command to display LLDP debug information. Use the no form of the command to halt the display of LLDP debug information.
User Guidelines Decode of LLDP packet information is limited. If possible, it is preferable to attach the Wireshark tool to the switch CPU to obtain a full decode, if an out-of-band port is available. Refer to the Remote Capture example in the User’s Configuration Guide. Command History Command introduced in version 6.5 firmware. lldp med This command is used to enable/disable LLDP-MED on an interface. By enabling MED, the transmit and receive functions of LLDP are effectively enabled.
Syntax lldp med confignotification no lldp med confignotification Command Mode Interface Configuration (Ethernet) mode Default Value By default, notifications are disabled on all Ethernet interfaces. User Guidelines There are no guidelines for this command. Example console(config)#lldp med confignotification lldp med faststartrepeatcount This command is used to set the value of the fast start repeat count.
Example console(config)# lldp med faststartrepeatcount 2 lldp med-tlv-select This command is used to specify which optional TLVs in the LLDP MED set are transmitted in the LLDPDUs. There are certain conditions that have to be met for a port to be MED compliant. These conditions are explained in the normative section of the ANSI/TIA-1057 specification. For example, the MED TLV 'capabilities' is mandatory. By disabling transmission of the MED capabilities TLV, MED is effectively disabled on the interface.
lldp notification Use the lldp notification command in Interface Configuration mode to enable remote data change notifications. To disable notifications, use the no form of this command. Syntax lldp notification no lldp notification Default Configuration By default, notifications are disabled on all supported interfaces. Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines.
• interval — The smallest interval in seconds at which to send remote data change notifications. (Range: 5–3600 seconds) Default Configuration The default value is 5 seconds. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to set the interval value to 10 seconds.
Example The following example displays how to enable the LLDP receive capability. console(config-if-Gi1/0/3)#lldp receive lldp timers Use the lldp timers command in Global Configuration mode to set the timing parameters for local data transmission on ports enabled for LLDP. To return any or all parameters to factory default, use the no form of this command.
Examples The following example displays how to configure LLDP to transmit local information every 1000 seconds. console(config)#lldp timers interval 1000 The following example displays how to set the timing parameter at 1000 seconds with a hold multiplier of 8 and a 5 second delay before reinitialization. console(config)#lldp timers interval 1000 hold 8 reinit 5 lldp transmit Use the lldp transmit command in Interface Configuration mode to enable the LLDP advertise (transmit) capability.
lldp tlv-select Use the lldp tlv-select command to specify which optional type-length-value settings (TLVs) in the 802.3 AB basic management set will be transmitted in the LLDPDUs. To disable transmission of an optional TLV, use the no form of this command. To return the configuration to the default, use the no form of the command with no arguments.
The string configured by the hostname command is transmitted by the system-name TLV. If no TLV argument is given, the configuration remains unchanged. Use the show lldp remote-device all command to see the advertised LLDP neighbor information. The management address TLV is type 8. The switch will send the address of the service port, if available, otherwise, the IP address of the switch, if defined, otherwise, the MAC address of the switch. The interface numbering subtype sent is always IfIndex.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the current LLDP configuration summary. console#show lldp LLDP Global Configuration Transmit Interval............................ Transmit Hold Multiplier..................... Reinit Delay................................. Notification Interval........................
User Guidelines This command has no user guidelines. Examples This example show how the information is displayed when you use the command with the all parameter.
Interface Link Transmit Receive Notify TLVs Mgmt --------- ---- -------- -------- -------- ------- ---Gi1/0/1 Up Enabled Enabled Enabled 0,1,2,4 Y TLV Codes: 0 – Port Description, 1 – System Name, 2 – System Description, 3 – System Capabilities, 4-Port VLAN show lldp local-device Use the show lldp local-device command to display the advertised LLDP local data. This command can display summary information or detail for each interface.
console# show lldp local-device detail Gi1/0/1 LLDP Local Device Detail Interface: Gi1/0/1 Chassis ID Subtype: MAC Address Chassis ID: 00:62:48:00:00:00 Port ID Subtype: Interface Name Port ID: Gi1/0/1 Port VLAN: 22 System Name: System Description: Routing Port Description: System Capabilities Supported: bridge, router System Capabilities Enabled: bridge Management Address: Type: IPv4 Address: 192.168.17.25 show lldp med This command displays a summary of the current LLDP MED configuration.
show lldp med interface This command displays a summary of the current LLDP MED configuration for a specific interface. Syntax show lldp med interface {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port| all} • all — Shows information for all valid LLDP interfaces.
Syntax show lldp med local-device detail {gigabitethernet unit/slot/port | tengigabitethernet unit/slot/port} Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes Default Value Not applicable Example Console#show lldp med local-device detail gi1/0/8 LLDP MED Local Device Detail Interface: Gi1/0/8 Network Policies Media Policy Application Type : voice Vlan ID: 10 Priority: 5 DSCP: 1 Unknown: False Tagged: True Media Policy Application Type : streamingvideo Vlan ID: 20 Pri
Extended POE Device Type: pseDevice Extended POE PSE Available: 0.3 watts Source: primary Priority: critical Extended POE PD Required: 0.2 watts Source: local Priority: low show lldp med remote-device This command displays the current LLDP MED remote data. This command can display summary information or detail for each interface.
Local Interface --------Gi1/0/13 Gi1/0/16 Gi1/0/23 RemoteID ---------1 2 6 Device Class -------------------Class I Class II Not Defined Console#show lldp med remote-device detail Gi1/0/1 LLDP MED Remote Device Detail Local Interface: 1/0/1 Capabilities MED Capabilities Supported: capabilities, networkpolicy, location, extendedpse MED Capabilities Enabled: capabilities, networkpolicy Device Class: Endpoint Class I Network Policies Media Policy Application Type : voice Vlan ID: 10 Priority: 5 DSCP: 1 Unkno
Device Type: pseDevice Extended POE PSE Available: 0.3 Watts Source: primary Priority: critical Extended POE PD Required: 0.2 Watts Source: local Priority: low show lldp remote-device Use the lldp remote-device command to display the current LLDP remote data. This command can display summary information or detail for each interface. Syntax show lldp remote-device {detail interface | interface | all} • detail — Includes detailed version of remote data.
Examples These examples show current LLDP remote data, including a detailed version.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples The following examples shows an example of the display of current LLDP traffic statistics. The output is abbreviated for the all form of the command. console#show lldp statistics all LLDP Device Statistics Last Update.................................. 0 days 22:58:29 Total Inserts.........
Total Drops.................................. 0 Total Ageouts................................ 0 Tx Rx TLV Interface Total Total Discards Errors Ageout Discards --------- ----- ----- -------- ------ ------ -------Gi1/0/7 2297 2298 0 0 0 0 TLV Unknowns -------0 TLV MED ---0 TLV 802.1 ----0 TLV 802.3 ----10 The following table explains the fields in this example. Fields Description Last Update The value of system of time the last time a remote data entry was created, modified, or deleted.
Fields Description TLV MED Number of OUI specific MED (Media Endpoint Device) TLVs received. TLV Number of OUI specific TLVs received. TLV 802.3 Number of OUI specific 802.3 specific TLVs received.
Loop Protection Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Loop protection detects physical and logical loops between Ethernet ports on a device. Loop protection must be enabled globally before it can be enabled at the interface level. keepalive (Interface Config) Use the keepalive command in Interface Configuration mode to enable loop protection on an interface. Use the no form of the command to return the configuration to the defaults.
• Data: 0 Since all switch ports share the same MAC address, if any interface receives CTP packets transmitted by the switch in excess of the configured limit, that interface is error disabled with a Loop Protection cause. Looped CTP packets received on a routed interface are ignored and will not error-disable the interface. This is because routed interfaces receiving a packet addressed to the router will not unicast flood the packet to the VLAN. The switch never sends a response to received CTP packets.
Syntax keepalive [ period [ count ] ] no keepalive • period – Configures the interval for the transmission of keepalive packets. Default: 10 seconds • count – Configures the number of consecutive CTP packets addressed to and received by the local switch before the interface is error disabled. Default: 3 packets. Default Configuration Loop protection is disabled globally by default. The default period is 10 seconds. The default count is 3 packets.
This example configures the CTP transmit interval to 5 seconds. If an interface receives two CTP packets, it error disables the interface. console(config)#keepalive 5 2 In the next example, if the CTP transmit interval is configured to 5 seconds, if an interface receives three CTP packets, it will error disable the interface. console(config)#no keepalive keepalive action Use the keepalive action command to configure the action taken when a loop is detected on an interface.
Command History Implemented in version 6.3.0.1 firmware. Syntax corrected in 6.4 release. Example The following example configures loop protection to log detected loop conditions without error disabling the port. console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#keepalive action log-only show keepalive Use the show keepalive command to display the global loop protect configuration. Syntax show keepalive Default Configuration There is no default configuration.
Command History Implemented in version 6.3.0.1 firmware. Example updated in 6.4 version. Example console#show keepalive Keepalive Service.............................. Enabled Transmit Interval.............................. 10 Retry Count.................................... 3 show keepalive statistics Use the show keepalive statistics command to display the loop protect status for one or all interfaces.
Loop Count The number of CTP packets detected. Time Since Last Loop The last time a loop was detected. Rx Action Action when a loop is detected (Error disable, Log). Port Status Current port status (Enable, Disable). Command History Implemented in version 6.3.0.1 firmware.
MLAG Commands Dell EMC Networking N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON/N3200-ON Series Switches MLAG enables a LAG to be created across two independent switches, so that some member ports of a MLAG can reside on one switch and the other members of a MLAG can reside on another switch. The partner switch on the remote side can be a MLAG-unaware unit. To the MLAG unaware switch, the MLAG appears to be a single LAG connected to a single switch.
Syntax feature vpc no feature vpc Default Configuration By default, the MLAG feature is not globally enabled. Command Modes Global Configuration mode User Guidelines The MLAG configuration is retained even when the feature is disabled. The peer link will not be enabled if the VPC feature is not enabled. MLAG role election occurs if the MLAG feature is enabled and the keepalive state machine is enabled.
Command Modes MLAG Domain Configuration mode User Guidelines Use of the Dual Control Plane Detection Protocol is optional. It provides a second layer of redundancy beyond that provided by the peer link protocol. System that operate without the DCPDP protocol enabled (and use static LAGs) run the risk of a split brain scenario in the case of peer link failure. Example console(config)#vpc domain 1 console(config-vpc 1)#peer-keepalive enable console(config-vpc 1)#peer-keepalive destination 192.168.0.
User Guidelines This command configures the DCPDP transmission and timeout values. If an MLAG switch does not receive DCPDP messages from the peer for the configured timeout value, it takes the decision to transition its role (if required). Command History Introduced in version 6.2.0.1 firmware.
User Guidelines Changes to the DCPDP configuration do not take effect until the protocol is disabled and then re-enabled. Both the local switch and the MLAG peer switch must be configured identically. The recommended procedure to update these parameters is to disable the DCPDP protocol on both switches, configure the new parameters on both switches, and then re-enable the DCPDP protocol on both switches. The Dual Control Plane Detection Protocol is a UDP-based protocol.
Syntax peer-keepalive enable no peer-keepalive enable Default Configuration The peer keepalive protocol is disabled by default. Command Modes MLAG Domain Configuration mode User Guidelines MLAG will not become operational until the peer keepalive protocol detects a peer and syncs the peer information. Peer keepalive timeout state transitions are suppressed if the Dual Control Plan Detection (DCPDP) is enabled and detects that the peer is still alive.
processes control traffic and sends LACP and BPDU packets with a unique source MAC address (the system MAC of the local switch). The MLAG connected devices become aware that they are connected to two devices and, if LACP is enabled, block the links to one of the peers as a new actor ID is received. STP re-convergence may also occur in this scenario. Example console(config)#vpc domain 1 console(config-vpc 1)#peer-keepalive enable console(config-vpc 1)#peer-keepalive destination 192.168.0.2 source 192.168.0.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-vpc 1)# peer-keepalive timeout 10 role priority Use the role priority command to configure the priority value used on a switch for primary/secondary role selection. The primary switch is responsible for maintaining and propagating spanning-tree and link-aggregation to the secondary switch. Use the no form of the command to return the switch priority to the default value.
Changes to the priority value are not preemptive. The keepalive role selection state machine is not restarted even if the keepalive priority is modified post election. This means that priority value changes in a running MLAG domain do not affect the selection of the primary and secondary switches. In order for changes to take effect, disable the VPC with the no feature vpc command and re-enable it.
Self member ports -----------------------Gi1/0/2 Gi1/0/6 Status --------Up Down show vpc brief Use the show vpc brief command to display the MLAG global status. The command displays the current MLAG operational mode as well as the peerlink and keepalive status is also displayed. The number of configured and operational MLAGs along with the system MAC and role are also displayed. Syntax show vpc brief Default Configuration There is no default configuration for this command.
Example console#show vpc brief VPC domain id is not configured. console#show vpc brief VPC Domain ID...................................2 VPC admin status................................Disabled Keepalive admin status..........................Disabled VPC operational status..........................Disabled Self role.......................................None Peer role.......................................None Peer detection admin status.....................Disabled Operational VPC MAC......................
Interface...................................... Po3 Configured Vlans............................... 1,10,11,12,13,14,15,16,17 VPC Interface State............................ Active show vpc consistency-parameters Use the show vpc consistency parameters on both MLAG peers to display MLAG related configuration information in a format suitable for comparison with the other MLAG peer.
VPC VPC VPC VPC VPC MST System MAC Address System Priority System MAC Address System Priority Domain ID VLAN Configuration Instance ------------1 2 4 32767 00:1E:C9:DE.
-----------Gi1/0/1 Gi1/0/2 --------100 100 -------Full Full MST VLAN Configuration Instance ------------1 2 Associated VLANS ----------------------------------7,8 4,5 RSTP-PV Configuration: STP Port Priority: VLAN ------ <0-240> Port Priority ----------------<0-240> Cost --------------------------Auto | <1- 200000000> show vpc consistency-features Use the show vpc consistency parameters on both MLAG peers to display MLAG related configuration information in a format suitable for comparison with
show vpc peer-keepalive Use the show vpc peer-keepalive command to display the peer MLAG switch’s IP address used by the Dual Control Plane Detection Protocol. The port used for the Dual Control Plane Detection Protocol is shown, as well as if peer detection is enabled or not. If enabled, the detection status is displayed. Syntax show vpc peer-keepalive Default Configuration There is no default configuration for this command.
Syntax show vpc role Default Configuration There is no default configuration for this command. Command Modes Privileged Exec mode and above User Guidelines A VPC domain ID must be configured for this command to display the VPC role. Example console# show vpc role Self ---VPC domain ID...................................1 Keepalive config mode.......................... Enabled Keepalive operational mode..................... Enabled Role Priority.................................. 100 Configured VPC MAC....
show vpc statistics Use the show vpc statistics command to display the counters for the keepalive messages transmitted and received by the MLAG switch. Syntax show vpc statistics {peer-keepalive | peer-link} Default Configuration There is no default configuration for this command. Command Modes Privileged Exec mode and above User Guidelines There are no user guidelines for this command. Example (console)# show vpc statistics peer-keepalive Total transmitted.......................................
Peer Peer Peer Peer Peer Peer Peer link link link link link link link BPDU’s Tx error.............................. BPDU’s received from peer.................... BPDU’s Rx error.............................. LACPDU’s transmitted to peer................. LACPDU’s Tx error............................ LACPDU’s received from peer.................. LACPDU’s Rx error............................ (console)#show vpc statistics peer-link Peer link control messages transmitted.........
User Guidelines The VPC domain MAC address must be the same on both MLAG peer devices. The MAC address is a unicast MAC address in aa:bb:cc:dd:ee:ff format and is not equal to the physical MAC address of either the primary VPC or secondary VPC device. The configured VPC domain MAC address is exchanged during role election and, if configured differently on the peer devices, VPC does not become operational.
User Guidelines The system priority must be configured identically on all VPC peers. If the configured VPC system priority is different on any VPC peer, the VPC will not come up. The system-priority is present in the LACP PDUs that are sent out on VPC member ports. When the VPC system priority is configured after a VPC primary device is elected, the already agreed operational VPC system priority is used in the LACP PDUs instead of the newly configured VPC system priority.
This configuration must be present on both the primary and secondary switches. The port channel number and VPC number can be different from each other but the mapping must be the same on the primary and secondary MLAG peers (i.e., the port channel number must map to the same VPC number on both MLAG peers). Command Modes Port-channel mode User Guidelines The peer keepalive protocol is required for MLAG operation. Configure a LAG between the two MLAG peers as an MLAG peer link before executing this command.
Default Configuration By default, no MLAG domains are configured. Command Modes Global Configuration mode User Guidelines Only one MLAG domain per MLAG is supported. This command creates a VPC domain with the specified domain-id and enters into the VPC domain configuration mode. Only one VPC domain can be created on a given device. The domain-id of the VPC domain should be equal to the one configured on the other VPC peer with this device wants to form a VPC pair.
Syntax vpc peer-link no vpc peer-link Default Configuration There are no peer links configured by default. Command Modes Port-channel configuration mode User Guidelines This configuration must the present on both the primary and secondary switches. The peer keepalive protocol is required for MLAG operation. Configure and enable a LAG between the two MLAG peers as an MLAG peer link before executing this command.
Multicast VLAN Registration Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Series Switches Multicast VLAN registration (MVR) is a method for consolidating multicast traffic from multiple VLANs onto a single VLAN. A typical usage scenario would be the distribution of a multicast group to a switch using a single VLAN where the switch has users in different VLANs subscribing to the multicast group.
mvr Use the mvr command in Global Configuration and Interface Configuration modes to enable MVR. Use the no form of this command to disable MVR. Syntax mvr no mvr Default Configuration The default value is Disabled. Command Mode Global Configuration, Interface Configuration User Guidelines MVR can only be configured on Ethernet interfaces. mvr group Use the mvr group command in Global Configuration mode to add an MVR membership group. Use the no form of the command to remove an MVR membership group.
Command Mode Global Configuration User Guidelines The following table lists the completion messages. Message Type Message Description Successful Completion Message None Error Completion Message • Not an IP multicast group address • Illegal IP multicast group address Example console(config)#mvr console(config)#mvr group 239.0.1.0 31 console(config)#mvr vlan 10 mvr mode Use the mvr mode command in Global Configuration mode to change the MVR mode type.
User Guidelines This command has no user guidelines. mvr querytime Use the mvr querytime command in Global Configuration mode to set the MVR query response time. The query time is the maximum time to wait for an IGMP membership report on a receiver port before removing the port from the multicast group after receiving a leave message. The query time only applies to receiver ports and is specified in tenths of a second. Use the no form of the command to set the MVR query response time to the default value.
console(config)#mvr mode dynamic console(config)#mvr querytime 10 mvr vlan Use the mvr vlan command in Global Configuration mode to set the MVR multicast VLAN. Use the no form of the command to set the MVR multicast VLAN to the default value. Syntax mvr vlan vlan-id no mvr vlan • vlan-id—Specifies the port on which multicast data is expected to be received. Source ports should belong to this VLAN. Default Configuration The default value is 1.
Syntax mvr immediate no mvr immediate Default Configuration The default value is Disabled. Command Mode Interface Configuration User Guidelines Immediate leave should only be configured on ports with a single receiver. When immediate leave is enabled, a receiver port will leave a group on receipt of a leave message. Without immediate leave, upon receipt of a leave message, the port sends an IGMP query and waits for an IGMP membership report.
• source—Configure the port as a source port. Source ports are ports over which multicast data is received or sent. Default Configuration The default value is None. Command Mode Interface Configuration User Guidelines The following table lists the completion messages. Message Type Message Description Successful Completion Message None Error Completion Message • Port is a Trunk port, operation failed. • Receiver port in mVLAN, operation failed.
Syntax mvr vlan vlan-id group A.B.C.D no mvr vlan vlan-id group A.B.C.D • vlan-id—The VLAN over which multicast data from the specified group is to be received. • A.B.C.D.—The multicast group for which multicast data is to be received over the specified VLAN. Default Configuration This command has no default configuration. Command Mode Interface Configuration User Guidelines This command statically configures a port to receive the specified multicast group on the specified VLAN.
Syntax show mvr Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines The following table lists the completion messages. Message Type Message Description Successful Completion Message None Error Completion Message MVR disabled The following table explains the output parameters. Parameter Description MVR Running MVR running state. It can be enabled or disabled.
MVR MVR MVR MVR MVR multicast VLAN....................... Max Multicast Groups................. Current multicast groups............. Global query response time........... Mode................................. 1200 64 1 10 (tenths of sec) compatible show mvr members Use the show mvr members command to display the MVR membership groups allocated. Syntax show mvr members [A.B.C.D] • A.B.C.D—A valid multicast address in IPv4 dotted notation.
Parameter Description Members The list of ports which participates in the specific MVR group. Examples console#show mvr members MVR Group IP Status -------------------------------224.1.1.1 INACTIVE Members --------------------Gi1/0/1, Gi1/0/2, Gi1/0/3 console#show mvr members 224.1.1.1 MVR Group IP Status -------------------------------224.1.1.
Message Type Message Description Error Completion Message MVR disabled The following table explains the output parameters. Parameter Description Port Interface number Type The MVR port type. It can be None, Receiver, or Source type. Status The interface status. It consists of two characteristics: 1 active or inactive indicating if port is forwarding. 2 inVLAN or notInVLAN indicating if the port is part of any VLAN Immediate Leave The state of immediate mode. It can be enabled or disabled.
Syntax show mvr traffic Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines The following table lists the completion messages. Message Type Message Description Successful Completion Message None Error Completion Message MVR disabled Examples The following table explains the output parameters. Parameter Description IGMP Query Received Number of received IGMP Queries.
console#show mvr traffic IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP Query Received............................ Report V1 Received........................ Report V2 Received........................ Leave Received............................ Query Transmitted......................... Report V1 Transmitted..................... Report V2 Transmitted..................... Leave Transmitted......................... Packet Receive Failures................... Packet Transmit Failures..................
Port Channel Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches A port channel is a set of one or more links that can be aggregated together to form a bonded channel (Link Aggregation Group or LAG or port channel). Individual conversations in a particular direction always travel over a single link in the port channel, however, in aggregate, the bandwidth usage of all of the links is fairly evenly distributed.
unable to buffer the requisite number of frames will show excessive frame discard. Configuring copper and fiber ports together in an aggregation group is not recommended. If a dynamic LAG member sees an LACPDU that contains information different from the currently configured default partner values, that particular member drops out of the LAG. This configured member does not aggregate with the LAG until all the other active members see the new information.
VLANs and LAGs When Ethernet interfaces are added to a LAG, they are removed from all existing VLAN membership and take on the VLAN membership of the LAG. When members are removed from a LAG, the members regain the Ethernet interface VLAN membership as per the configuration. LAG Thresholds In many implementations, a LAG is declared as up if any one of its member ports is active. This enhancement provides configurability for the minimum number of member links to be active to declare a LAG up.
• Source/Destination IP and source/destination TCP/UDP Port fields of the packet. Enhanced LAG Hashing Dell EMC Networking devices based on Broadcom XGS-IV silicon support configuration of hashing algorithms for each LAG interface. The hashing algorithm is used to distribute traffic load among the physical ports of the LAG while preserving the per-flow packet order. NOTE: Enhanced hashing mode is not supported on the N1100ON/N1500 Series switches.
Flexible Assignment of Ports to LAGs Assignment of interfaces to dynamic LAGs is based upon a maximum of 144 interfaces assigned to dynamic LAGs, a maximum of 128 dynamic LAGs and a maximum of 8 interfaces per dynamic LAG. For example, 128 LAGs may be assigned 2 interfaces each or 18 LAGs may be assigned 8 interfaces each. NOTE: The N1100-ON/N1500 Series switches support 64 port channels.
console(config-if-Gi1/0/5)# channel-group 1 mode on The following example shows how port gi1/0/6 is configured to port-channel 2 with LACP (dynamic LAG). console(config)# interface gigabitethernet 1/0/6 console(config-if-Gi1/0/6)# channel-group 2 mode active interface port-channel Use the interface port-channel command in Global Configuration mode to enter port-channel configuration mode. Syntax interface port-channel port-channel-number Default Configuration This command has no default configuration.
• port-channel-range — List of port-channels to configure. Separate nonconsecutive port-channels with a comma and no spaces. A hyphen designates a range of port-channels. (Range: valid port-channel) • all — All the channel-ports. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines Commands in the interface range context are executed independently on each interface in the range.
• 4 — Destination IP and destination TCP/UDP port • 5 — Source/destination MAC, VLAN, EtherType, and source MODID/port • 6 — Source/destination IP and source/destination TCP/UDP port • 7 — Enhanced hashing mode. This mode is not available on Dell EMC Networking N1100-ON/N1500 Series switches. Default Configuration The default hashing mode is 7—Enhanced hashing mode. On Dell EMC Networking N1100-ON/N1500 Series switches, the default hashing mode is 5.
Default Configuration The default port priority value is 1. Command Mode Interface Configuration (Ethernet) mode Interface Range mode User Guidelines Per IEEE 802.1AX-2008 Section 5.6, ports are selected for aggregation by each switch based upon the port priority assigned by the switch with the higher system priority, starting with the highest priority port of the switch with the higher switch priority, and working downward through the ordered list of port priority values for the ports.
no lacp system-priority • value — System priority value. (Range: 1–65535) Default Configuration The default system priority value is 1. Command Mode Global Configuration mode User Guidelines Per IEEE 802.1AX-2008 Section 5.
Syntax lacp timeout {long | short} no lacp timeout • long — Specifies a long timeout value. • short — Specifies a short timeout value. Default Configuration The default port timeout value is long. Command Mode Interface Configuration (Ethernet) mode Interface Range mode User Guidelines The LACP time-out setting indicates a local preference for the rate of LACPDU transmission and the period of time before invalidating received LACPDU information. This setting is negotiated with the link partner.
Syntax port-channel local-preference no port-channel local-preference Default Configuration By default, port channels are not configured with local preference. Command Mode Interface Configuration (port-channel) mode User Guidelines For a LAG that contains links distributed across stacking units, the default behavior is to distribute locally received ingress traffic across all LAG links in the stack per the selected hashing algorithm.
port-channel min-links Use the port-channel min-links command in Interface Configuration (portchannel) mode to set the minimum number of links that must be up in order for the port channel interface to be declared up. Use the no form of the command to return the configuration to the default value (1). Syntax port-channel min-links <1-8> no port-channel min-links • min-links—The minimum number of links that must be active before the link is declared up. Range 1-8. The default is 1.
Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines The command displays the following information. Parameter Description Channel Number of the port channel to show. This parameter is optional. If the port channel number is not given, all the channel groups are displayed. (Range: Valid port-channel number, 1 to 48). • Ports—The ports that are members of the port-channel.
show lacp Use this command to display LACP information for Ethernet ports. Syntax show lacp {gigabitethernet unit/slot/port| tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}[parameters | statistics] Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
port Admin priority: port oper priority: port Oper timeout: LACP Activity: Aggregation: synchronization: collecting: distributing: expired: port Gi1/0/1 LACP Statistics: LACP PDUs send: LACP PDUs received: 0 0 LONG PASSIVE NOTAGGREGATABLE FALSE FALSE FALSE FALSE 0 0 show statistics port-channel Use the show statistics port-channel command to display statistics about a specific port-channel.
Packets Packets Packets Packets Packets Packets Packets Packets Packets Packets Packets Packets Received 512-1023 Octets............... Received 1024-1518 Octets.............. Received > 1518 Octets................. RX and TX 64 Octets.................... RX and TX 65-127 Octets................ RX and TX 128-255 Octets............... RX and TX 256-511 Octets............... RX and TX 512-1023 Octets.............. RX and TX 1024-1518 Octets............. RX and TX 1519-2047 Octets.............
FCS Errors..................................... 0 Underrun Errors................................ 0 Total Transmit Packets Discarded............... Single Collision Frames........................ Multiple Collision Frames...................... Excessive Collision Frames..................... 0 0 0 0 802.3x Pause Frames Transmitted................ GVRP PDUs received............................. GVRP PDUs Transmitted.......................... GVRP Failed Registrations......................
Port Monitor Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Dell EMC Networking switches allow the user to monitor traffic with an external network analyzer. The external network analyzer can use any of the Ethernet ports as a probe port. The probe port transmits a mirror copy of the traffic being probed. SPAN and RSPAN encapsulation is supported.
• Once configured, there is no network connectivity on the probe (destination) port. The probe port does not forward any traffic and does not receive any traffic. The probe tool attached to the probe port is unable to ping the networking device or ping through the networking device, and no device is able to ping the probe tool.
Syntax destination interface interface-id no destination interface • interface-id — The interface on the destination switch over which the GRE encapsulated packets are transmitted to the packet sniffer. Default Configuration By default, there is no destination interface. Command Mode ERSPAN Source Destination Configuration mode User Guidelines A destination interface must be configured on the destination switch. The ERSPAN packets are transmitted on the destination interface encapsulated in GRE.
Syntax erspan-id erspan-flow-identifier no erspan-id • erspan-flow-identifier — The ERSPAN flow identifier. The range is 1 to 1023. Default Configuration This command has no default configuration. Command Mode ERSPAN Destination Source Configuration mode. ERSPAN Source Destination Configuration mode. User Guidelines ERSPAN encapsulates monitored traffic into GRE packets.
ip address Use this command to configure an ERSPAN destination on the source and destination switches. Syntax ip address ipv4-address no ip address • ipv4-address — The valid, reachable IPv4 address of the monitoring station. Default Configuration This command has no default configuration.
ip dscp Use this command to configure the DSCP value for the GRE packet on the source switch. Use the no form of the command to return the DSCP value to the default. Syntax ip dscp dscp-val no ip dscp • dscp-val — The DiffServ Code Point value. The range is 0 to 63. Default Configuration By default, a DSCP value of 0 is used. Command Mode ERSPAN Source Destination Configuration mode User Guidelines This command may be used to override the source TTL of the GRE packets.
Default Configuration By default, a precedence of 0 is used. Command Mode ERSPAN Source Destination Configuration mode User Guidelines This command may be used to override the IP precedence (first 3 bits of the IP TOS field) of the GRE packets. ERSPAN utilizes separate source and destination sessions. This command is configured on the source session switch. Command History Command introduced in version 6.7.
ERSPAN utilizes separate source and destination sessions. This command is configured on the source session switch. Command History Command introduced in version 6.7.0 firmware. monitor capture (Global Configuration) Use the monitor capture command to capture packets transmitted or received from the CPU. This facility captures switch control plane traffic and is useful in monitoring network control traffic and analyzing network security.
User Guidelines Packets that are transmitted or received by the switch CPU may be captured to the switch file system, to local memory, or sent to a WireShark client. Packets captured to the switch file system are stored in pcap format and may be copied from the system and opened with WireShark or TShark or other utilities. Packets sent to the console are written in ASCII hex format. When WireShark is configured and connected to the switch, packet capture is controlled by WireShark.
Syntax monitor capture {start [transmit | receive | all] | stop} • Transmit—Capture packets transmitted by the switch CPU. • Receive—Capture packets forwarded to the switch CPU. • All—Capture both transmitted and received packets. Default Configuration Capture is not enabled by default. By default, both transmitted and received packets are captured. Command Modes Privileged Exec mode User Guidelines In general, starting packet capture erases the previous capture buffer contents.
• file—Captured packets are sent to the file system. Default Configuration By default, remote capture is configured. Command Modes Global Configuration mode User Guidelines Only one file, remote, or line may be specified. Setting the mode takes effect immediately. Use the monitor capture start command to start the capture. Memory Capture: Captured packets can be displayed on the console using the show monitor capture packets command.
and saved into the RAM. Capturing packets can be stopped manually before 128 packets have been captured using the monitor capture stop command to halt packet capture. If capturing is in progress, the show monitor capture packets command displays only captured packets that have not yet been displayed during capturing session. If capturing is stopped, the first (after stopping) show monitor capture packets command displays packets which have not yet been displayed during capturing session.
If capturing is in progress, the show monitor capture packets command displays only the captured packets that have not yet been displayed during the capturing session. If capturing is stopped, the first (after stopping) show monitor capture packets command displays the packets that have not yet been displayed during the capturing session. The next show monitor capture packets command displays up to 128 captured packets.
The remote capture application listens on the configured TCP port for a connection request. Wireshark must send a request to that port to establish a connection. Once the socket connection to Wireshark has been established, captured CPU packets are written to the data socket. Wireshark receives the packets and processes them locally. This continues until the session is terminated by either end.
monitor session Use the monitor session command in Global Configuration mode to configure the source and destination for mirroring. Packets are copied from the source to the destination. Use the no form of the command to disable the monitoring session.
• mode—Enable session mirroring. Use the no form of the command to disable monitoring. • remove-rspan-tag—Remove the RSPAN tag from packets transmitted on the probe port. Default Configuration The default is to mirror both transmit and receive directions. If neither tx or rx is configured, both directions are monitored. Command Mode Global Configuration mode User Guidelines Use the source interlace parameter to specify the interface to monitor.
• Any other combination of up to 4 total ingress or egress mirroring may be active. Destination (probe) interfaces do not perform MAC learning and drop ingress traffic (forwarding is disabled and incoming packets are dropped). Routing, spanning-tree, and port channel configuration are operationally disabled on probe ports. Destination interfaces must be dedicated to the monitoring function (i.e., connected to a PC running WireShark or some other packet decoder).
Monitored traffic is encapsulated in the RSPAN VLAN on the reflector port on the source switch. On a source switch, when both an RSPAN VLAN and reflector port are configured on a trunk or general mode port with other VLANs, the interface can also carry traffic on the other VLANs. For example, an uplink interface (trunk port) can carry both the RSPAN traffic and other traffic. Do not configure the RSPAN VLAN as a native VLAN on interfaces other than the uplink/transit/downlink interfaces.
Bidirectional mirroring of multiple ports in a network may result in duplicate packets transmitted on the probe port (one copy for the receive side and another copy for the transmit side). Configuring the mirroring as rx only may help to reduce this issue. RSPAN VLANs must be configured with the remote-span command prior to configuration in an RSPAN session. RSPAN intermediate switches may also be configured with multiple sources feeding into an existing RSPAN VLAN.
console(config)#vlan 723 console(config-vlan723)#remote-span console(config-vlan723)#exit console(config)#interface Te1/0/1 console(config-if-Te1/0/1)#switchport mode trunk console(config-if-Te1/0/1)#exit console(config)#monitor session 1 source interface gi1/0/3 both console(config)#monitor session 1 destination remote vlan 723 reflector-port Te1/0/1 console(config)#monitor session 1 mode console(config)#show monitor session 1 Session Admin mode Type Source ports Both Destination port Destination RSPAN VLA
monitor session type erspan-source Use this command to configure an ERSPAN source session. Syntax monitor session session-id type erspan-source no monitor session session-id type erspan-source • session-id — The session identifier (Range 1 to 4). Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines ERSPAN encapsulates monitored traffic into GRE packets.
console(config)#monitor session 2 type erspan-source console(config-erspan-src)#source interface gi1/0/1 rx console(config-erspan-src)#destination console(config-erspan-src-dst)#erspan-id 200 console(config-erspan-src-dst)#ip address 10.10.10.11 console(config-erspan-src-dst)#origin ip address 11.10.10.10 console(config-erspan-src-dst)#reflector port te1/0/1 Command History Command introduced in version 6.7.0 firmware.
reflector-port Use this command to configure the port on the source switch over which the GRE encapsulated packets are transmitted. Use the no form of the command to remove the reflector port. Syntax reflector-port interface-id no reflector-port • interface-id — The interface identifier of the reflector interface. Default Configuration By default, no reflector port is configured.
Default Configuration There is no default configuration for this command. Command Modes VLAN Configuration mode. User Guidelines Remote-span VLANs must be configured as a tagged VLAN on trunk or general mode ports on RSPAN transit switches. Traffic in an RSPAN VLAN is always flooded as MAC address learning and link local protocols are disabled on RSPAN VLANs. VLANs on transit switches must be configured as remotespan VLANs in order to ensure delivery of all mirrored packets.
User Guidelines Configure the matching ERSPAN ID and IPv4 address of the source switch flow to be transmitted on the destination interface to the packet sniffer. ERSPAN utilizes separate source and destination sessions. This command is configured on the destination session switch. Command History Command introduced in version 6.7.0 firmware. source interface Use this command to select the interface on the source switch from which packets are mirrored to the reflector port.
Command History Command introduced in version 6.7.0 firmware show monitor capture Use this command to display captured packets transmitted or received from the CPU. Syntax show monitor capture [packets] Default Configuration This command has no default configuration. Command Modes Privileged Exec mode (all SHOW modes) User Guidelines This command has no user guidelines. Example console#show monitor capture Operational Status............................. Current Capturing Type.........................
0050 00 00 00 00 00 00 00 00 00 00 ff ff 00 00 =================== Gi1/0/1 Length = 94 [RECEIVE] =================== 02:29:24.0000 0000 33 33 00 00 00 01 00 11 88 0010 86 dd 60 00 00 00 00 24 00 0020 00 00 00 00 88 ff fe 2f 8e 0030 00 00 00 00 00 00 00 00 00 0040 01 00 82 00 43 62 27 10 00 0050 00 00 00 00 00 00 00 00 00 =================== Gi1/0/1 Length = 94 [RECEIVE] =================== 02:29:25.
• detail—Displays additional information. Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples The following example shows port monitor status.
Destination RSPAN VLAN : None IP access-group : a1 MAC access-group : None The following example shows the detailed status of a VLAN session on source switch, where session is span across multiple switches.
Default Configuration This command has no default configuration. Command Modes User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example shows the RSPAN VLANs configured on the switch.
QoS Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Quality of Service (QoS) technologies are intended to provide guaranteed timely delivery of specific application data to a particular destination. In contrast, standard IP-based networks are designed to provide best effort data delivery service. Best effort service implies that the network delivers the data in a timely fashion, although there is no guarantee.
ACLs can be configured to apply to a VLAN instead of an interface. Traffic tagged with a VLAN ID (either receive-tagged or tagged by ingress process such as PVID) is evaluated for a match regardless of the interface on which it is received. Layer 2 ACLs The Layer 2 ACL feature provides access list capability by allowing classification on the Layer 2 header of an Ethernet frame, including the 802.1Q VLAN tag(s).
CoS mapping tables, port default priority, and hardware queue parameters may be configured on LAG interfaces as well as Ethernet port interfaces. Queue Mapping The priority of a packet arriving at an interface is used to steer the packet to the appropriate outbound CoS queue through a mapping table. Network packets arriving at an ingress port are directed to one of n queues in an egress port(s) based on the translation of packet priority to CoS queue.
DiffServ Standard IP-based networks are designed to provide “best effort” data delivery service. Best effort service implies that the network delivers the data in a timely fashion, although there is no guarantee that it will meet the latency or bandwidth requirements. During times of congestion, packets may be delayed, sent sporadically, or dropped. For typical Internet applications, such as email and file transfer, a slight degradation in service is acceptable and in many cases unnoticeable.
User Guidelines The queue id is the internal queue number (traffic class), not the CoS value. Use the show classofservice command to display the assignment of CoS and DSCP values to internal queue numbers. Example The following example displays how to change the queue ID to 4 for the associated traffic stream.
Example The following example shows how to specify the DiffServ class name of “DELL.” console(config)#class-map match-all DELL console(config-classmap)#exit console(config)#policy-map DELL1 in console(config-policy-map)#class DELL class-map Use the class-map command in Global Configuration mode to define a new DiffServ class of type match-all. To delete an existing class, use the no form of this command.
Enter the class-map command with the match-all/match-any parameter and a nonexistent class-map-name to create a new class map. The class-mapname must not be the same as any other class map or access group name. Use the no class-map form of the command without a match-all/match-any parameter to delete an existing class map. The match-all parameter indicates that all of the match criteria configured in the class map must be met for the packet to be processed by the class map.
console(config-classmap)#match access-group name voice-pass console(config-classmap)#match access-group name voice-all console(config- classmap)#exit console(config)#class-map match-all port-default console(config-classmap)#match access-group name default console(config- classmap)#exit console(config)#policy-map inbound in console(config-policy-map)#class voice-all console(config-policy-classmap)#mark ip dscp af41 console(config-policy-classmap)#exit console(config-policy-map)#class port-default console(con
Example The following example displays how to change the name of a DiffServ class from “DELL” to “DELL1.” console(config)#class-map rename DELL DELL1 console(config)# classofservice dot1p-mapping Use the classofservice dot1p-mapping command in Global Configuration mode to map an IEEE 802.1p user priority to an internal traffic class. In Interface Configuration mode, the mapping is applied only to packets received on that interface. Use the no form of the command to remove mapping between an 802.
Command Mode Global Configuration or Interface Configuration (Ethernet, Port-channel) mode User Guidelines None Example The following example globally configures a mapping for user priority 1 and traffic class 2. If trust mode is enabled for 802.1p (classofservice trust dot1p), packets received on any interface marked with IEEE 802.1p priority 1 will be assigned to internal CoS queue 2.
IP DSCP Traffic Class (queue-id) 0(be/cs0) 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8(cs1) 0 9 0 10(af11) 0 11 0 12(af12) 0 13 0 14(af13) 0 15 0 16(cs2) 0 17 0 18(af21) 0 19 0 20(af22) 0 21 0 22(af23) 0 23 0 24(cs3) 1 25 1 26(af31) 1 Layer 2 Switching Commands 744
IP DSCP Traffic Class (queue-id) 27 1 28(af32) 1 29 1 30(af33) 1 31 1 32(cs4) 2 33 2 34(af41) 2 35 2 36(af42) 2 37 2 38(af43) 2 39 2 40(cs5) 2 41 2 42 2 43 2 44 2 45 2 46(ef) 2 47 2 48(cs6) 3 49 3 50 3 51 3 52 3 53 3 54 3 Layer 2 Switching Commands 745
IP DSCP Traffic Class (queue-id) 55 3 56(cs7) 3 57 3 58 3 59 3 60 3 61 3 62 3 63 3 Command Mode Global Configuration mode User Guidelines The switch may be configured to trust either DSCP or CoS values, but not both. Setting the trust mode does not affect ACL packet matching, e.g. it is still possible to use an ACL that matches on a received CoS value and assigns the packet to a queue even when DSCP is trusted.
Syntax classofservice trust {dot1p | untrusted | ip-dscp} no classofservice trust • dot1p — Specifies that the mode be set to trust IEEE 802.1p packet markings. • untrusted — Sets the Class of Service Trust Mode to Untrusted. • ip-dscp — Specifies that the mode be set to trust IP DSCP packet markings. Default Configuration By default, the switch trusts IEEE 802.1p markings.
Syntax conform-color {class-map-name} [exceed-color { class-map-name } ] Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines This command must be preceded by a police command. If the conform-color command is not entered, the police algorithm uses the color-blind version, meaning in the incoming color is ignored. The conform-color command can be used with any of the three police algorithms.
Example The following example uses a simple policer to color TCP packets that exceed an average rate of 1000 Kbps or a burst size of 16 Kbytes as red. Conforming packets (those in CoS queue 1) are pre-colored green prior to metering. After metering, non-conforming packets are colored red. Both green and red packets are transmitted, but may be subject to further color-based action on egress.
Command Mode Global Configuration mode or Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines This command changes the scheduling policy for packet transmission of the selected CoS queues. It does not change the packet buffering policy nor does it reserve packet buffers to a CoS queue. The maximum number of queues supported per interface is seven.
Syntax cos-queue {random-detect queue-id1 [queue-id2..queue-idn]} no cos-queue {random-detect queue-id1 [queue-id2..queue-idn]} • queue-id—An integer indicating the internal CoS queue-id which is to be enabled for WRED. Range 0-6. Up to 7 queues may be simultaneously specified. Default Configuration WRED queue management policy is disabled by default. Tail-drop queue management policy is enabled by default.
N1500 Series Switches N1500 Series switches support a simple RED capability. The N1500 Series switch does not support configuration of the maximum threshold nor can the threshold or drop probability be configured for non-TCP traffic. Only the minimum threshold (min-thresh) and drop probability (drop-prob-scale) may be configured for the TCP colors green/yellow/red. The maximum threshold may not be configured nor can the threshold or drop probability be configured for non-TCP traffic.
This example configures simple RED on an N1500 series switch. CoS queue 1 is globally configured for simple RED with a congestion threshold of 50% and a drop probability of 0.781% for green colored traffic.
Strict priority scheduling is most useful when it is desirable that low-bit-rate time-sensitive traffic be queued ahead of other traffic. The administrator must be careful to limit the bandwidth assigned to the strict priority queue to avoid potential denial of service attacks. See the “Enterprise Voice VLAN Configuration With QoS” section in the Users Configuration Guide for a rate limiting example.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to set the DiffServ operational mode to active. console(Config)#diffserv drop Use the drop command in Policy-Class-Map Configuration mode to specify that all packets for the associated traffic stream are to be dropped at ingress. NOTE: This command is not available on the N1500 Series switches. Syntax drop Default Configuration This command has no default configuration.
mark cos Use the mark cos command in Policy-Class-Map Configuration mode to mark all packets for the associated traffic stream with the specified class of service value in the user priority field of the 802.1p header. If the packet does not already contain this header, one is inserted. NOTE: This command is not available on the N1500 Series switches. Syntax mark cos cos-value • cos-value — Specifies the CoS value as an integer.
mark ip-dscp Use the mark ip-dscp command in Policy-Class-Map Configuration mode to mark all packets for the associated traffic stream with the specified IP DSCP value. NOTE: This command is not available on the N1500 Series switches.
mark ip-precedence Use the mark ip-precedence command in Policy-Class-Map Configuration mode to mark all packets for the associated traffic stream with the specified IP precedence value. NOTE: This command is not available on the N1500 Series switches. Syntax mark ip-precedence prec-value • prec-value — Specifies the IP precedence value as an integer. (Range: 0–7) Default Configuration This command has no default configuration. Command Mode Policy-Class-Map Configuration mode User Guidelines.
match access-group Use the match access-group command to add ACL match criteria to a class map. Use the no form of the command to remove the ACL match criteria. Syntax match access-group name name no match access-group name name • name—The name of an access-list. Only MAC, IPv4, and IPv6 access-lists are allowed. Default Configuration No access-lists are configured for a class-map.
If a packet matches a deny ACL class specified in a class-map, the packet does not match, no further matching is performed, and the class-map clause is not matched. No counters are instantiated for ACLs referenced in a class map. Command History Command introduced in version 6.5 firmware. Example The following example configures an access list arp-list with a policy that implements a simple policer for ARP packets coming from any of the hosts listed in the access list.
match class-map Use the match class-map command to add to the specified class definition the set of match conditions defined for another class. Use the no form of this command to remove from the specified class definition the set of match conditions defined for another class. NOTE: This command is not available on the N1500 Series switches.
• The total number of class rules formed by the complete reference class chain (including both predecessor and successor classes) must not exceed a platform-specific maximum. In some cases, each removal of a refclass rule reduces the maximum number of available rules in the class definition by one. Example The following example adds match conditions defined for the Dell class to the class currently being configured.
Example The following example displays adding a match condition to the specified class. console(config-classmap)#match cos 1 match destination-address mac Use the match destination-address mac command in Class-Map Configuration mode to add a match condition based on the destination MAC address of a packet. NOTE: This command is not available on the N1500 Series switches.
match any Use the match any command in Class-Map Configuration mode to allow matching on any of the specified match conditions. Use the no form of the command to remove the ACL match criteria and revert to match-all behavior. Syntax match any no match any Default Configuration The default matching for a class map is to match on all specified match conditions.
Example The following example configures a MAC access list arp-list with a policy that implements a simple policer for ARP packets coming from any of the hosts listed in the access list. Apply the policy to an interface using the servicepolicy in command in Interface Configuration mode. console(config)#mac access-list extended arp-list console(config-mac-access-list)#permit 00:01:02:03:04:05 0000.0000.0000 0x0806 console(config-mac-access-list)#permit 00:03:04:05:06:07 0000.0000.
Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines. Example The following example displays adding a match condition using the specified IP address and bit mask. console(config-classmap)#match dstip 10.240.1.1 255.255.255.1 match dstip6 The match dstip6 command adds a match condition based on the destination IPv6 address of a packet. NOTE: This command is not available on the N1500 Series switches.
Example console(config-classmap)#match dstip6 2001:DB8::0/32 match dstl4port Use the match dstl4port command in Class-Map Configuration mode to add a match condition based on the destination layer 4 port of a packet using a single keyword or a numeric notation. NOTE: This command is not available on the N1500 Series switches. Syntax match dstl4port {portkey | port-number} • portkey — Specifies one of the supported port name keywords. A match condition is specified by one layer 4 port number.
NOTE: This command is not available on the N1500 Series switches. Syntax match ethertype {keyword | 0x0600-0xffff} • keyword — Specifies either a valid keyword or a valid hexadecimal number. The supported keywords are appletalk, arp, ibmsna, ipv4, ipv6, ipx, mplsmcast, mplsucast, netbios, novell, pppoe, rarp. (Range: 0x0600–0xFFFF) Default Configuration This command has no default configuration. Command Mode Class-Map Configuration mode User Guidelines This command has no user guidelines.
Default Configuration There is no default configuration for this command. Command Mode Ipv6-Class-Map Configuration mode. User Guidelines There are no user guidelines for this command. Example The following example adds a rule to match packets whose IPv6 Flow Label equals 32312.
User Guidelines This DSCP field is defined as the high-order six bits of the Service type octet in the IP header. The low-order two bits are not checked. The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a slightly different user notation. To specify a match on all DSCP values, use the match ip tos tosbits tosmask command with tosbits set to “0” (zero) and tosmask set to hex “03.
User Guidelines The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a slightly different user notation. To specify a match on all precedence values, use the match ip tos tosbits tosmask command with tosbits set to “0” (zero) and tosmask set to hex “1F.” Example The following example displays adding a match condition based on the value of the IP precedence field.
User Guidelines The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a match criterion for the same Service Type field in the IP header but with a slightly different user notation. This specification is the free form version of the IP DSCP/Precedence/TOS match specification in that you have complete control of specifying which bits of the IP Service Type field are checked.
• igmp—Match IGMP protocol packets (Ethertype 0x0800 and IPv4 protocol 2).
Example The following example displays adding a match condition based on the “ip” protocol name keyword. console(config-classmap)#match protocol ip match source-address mac Use the match source-address mac command in Class-Map Configuration mode to add to the specified class definition a match condition based on the source MAC address of the packet. NOTE: This command is not available on the N1500 Series switches.
match srcip Use the match srcip command in Class-Map Configuration mode to add to the specified class definition a match condition based on the source IP address of a packet. NOTE: This command is not available on the N1500 Series switches. Syntax match srcip ipaddr ipmask • ipaddr — Specifies a valid IP address. • ipmask — Specifies a valid IP address bit mask. Note that although this IP address bit mask is similar to a subnet mask, it does not need to be contiguous.
Syntax match srcip6 source-ipv6-prefix/prefix-length • source-ipv6-prefix —IPv6 prefix in IPv6 global address format. • prefix-length —IPv6 prefix length value. Default Configuration There is no default configuration for this command. Command Mode Ipv6-Class-Map Configuration mode. User Guidelines There are no user guidelines for this command.
Command Mode Class-Map Configuration mode User Guidelines Only one srcl4port matching criteria can be specified. To remove the matching criteria, delete the class map. Example The following example displays how to add a match condition using the “snmp” port name keyword. console(config-classmap)#match srcl4port snmp match vlan Use the match vlan command in Class-Map Configuration mode to add to the specified class definition a match condition based on the value of the layer 2 VLAN Identifier field.
Example The following example displays adding a match condition for the VLAN ID “2.” console(config-classmap)#match vlan 2 mirror Use the mirror command in Policy-Class-Map Configuration mode to mirror all the data that matches the class defined to the destination port specified. NOTE: This command is not available on the N1500 Series switches. Syntax mirror interface • interface — Specifies the Ethernet port to which data needs to be copied.
Syntax police-simple {{rate-kbps | rate-percent} burstsize conform-action {drop | set-prec-transmit cos | set-dscp-transmit dscpval | transmit} [violate-action {drop | set-cos transmit cos | set-prec-transmit cos | set-dscp-transmit dscpval | transmit}]} • rate-kbps — Data rate in kilobits per second (Kbps). (Range: 1 to 4294967295) • rate-percent — Data rate expressed as percentage of the supported maximum rate on the link (Range: 1 to 100).
User Guidelines The simple form of the police command uses a single data rate and burst size, resulting in two outcomes: conform and violate. Conforming packets are colored green and non-conforming packets are colored red for use by the WRED mechanism. Only one style of police command (simple, single-rate or two-rate) is allowed for a given class instance in a particular policy. The conform-color command can be used to pre-color packets prior to policing.
• rate-percent — Data rate expressed as percentage of the supported maximum rate on the link (Range: 1 to 100). • burstsize—Burst size in kilobits per seconds (Kbps). (Range 1-128) • excess-burstsize—Excess burst size in kilobits per seconds (Kbps). (Range 1-128) • action—The action to take according to the color. Select one: – drop: Drop the packet. – set-prec-transmit ip-prec: Remark the IP precedence in the packet to ip-prec and transmit.
Data rate expressed as rate-percent self-adjusts to the speed the links comes up. For example, if the rate-percent is configured as 10%, the rate is 100 Mb/s if the link comes up with 1G speed and its 1000 Mb/s if the link negotiates and comes up with 10G speed. Example console(config-policy-classmap)#police-single-rate 100000000 32 64 conformaction set-cos-transmit 7 exceed-action set-prec-transmit 7 violate-action drop Command History Command syntax updated in version 6.7.0 firmware.
– set-dscp-transmit dscp-val— Remark the DSCP in the packet to dscpval and transmit. (Range 0-63) – set-cos-transmit 802.1p-priority— Remark the 802.1p priority in the packet to 802.1p-priority and transmit. (Range 0-7) – transmit— Transmit the packet unmodified. Default Configuration This command has no default configuration.
Interface...................................... Mac Address.................................... User Name...................................... VLAN Assigned Reason........................... Host Mode...................................... Method......................................... Control Mode................................... Session time................................... Session timeout ............................... Session Termination Action..................... Filter ID.......................
• out—The policy is applied on egress. Either “in” or “out” must be specified to create a new DiffServ policy. An existing policy may be selected without the “in” or “out” parameter. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The CLI mode is changed to Policy-Class-Map Configuration when this command is successfully executed.
Syntax random-detect queue-parms queue-id [queue-id] ... min-thresh minthreshgreen minthresh-yellow minthresh-red minthresh-nontcp max-thresh maxthresh-green max-thresh-yellow max-thresh-red maxthresh-nontcp dropprob-scale drop-scale-green drop-scale-yellow drop-scale-red drop-scalenontcp [ ecn ] no random-detect queue-parms queue-id [queue-id] ... • queue-id—The internal class of service queue (range 0-6). The queue-id is not the same as the CoS value received in incoming packets.
Queue ID WRED Minimum Threshold WRED Maximum Threshold WRED Drop Probability Scale ECN Enabled 0 40/30/20/100 100/ 90/ 80/100 10/ 10/ 10/ 10 No 1 40/30/20/100 100/ 90/ 80/100 10/ 10/ 10/ 10 No 2 40/30/20/100 100/ 90/ 80/100 10/ 10/ 10/ 10 No 3 40/30/20/100 100/ 90/ 80/100 10/ 10/ 10/ 10 No 4 40/30/20/100 100/ 90/ 80/100 10/ 10/ 10/ 10 No 5 40/30/20/100 100/ 90/ 80/100 10/ 10/ 10/ 10 No 6 40/30/20/100 100/ 90/ 80/100 10/ 10/ 10/ 10 No Command Mode Global Configuration
Configuring a queue with a drop probability of 0% effectively applies tail-drop behavior when the queue length exceeds the maximum threshold. If the max-thresh parameter is less than the corresponding min-thresh parameter, it is adjusted to be the min-thresh plus one. For a given network, the minimum and maximum WRED thresholds should be calculated to give a reasonable amount of buffering to TCP flows given the switch buffer capacity. WRED thresholds are applied individually to each physical interface.
Explicit Congestion Notification (ECN): ECN capability is an end-to-end feedback mechanism. Both ends of the TCP connection must participate. When ECN is enabled, packets marked as ECN capable and selected for discard by WRED are marked CE and are not dropped. In cases of extreme congestion, ECN capable packets may be dropped. Use the show interfaces traffic command to see color aware drops and congestion levels.
100%: 100 Examples This example configures simple RED on an N1500 series switch. CoS queue 1 is globally configured for simple RED with a congestion threshold of 50% and a drop probability of 0.781% for green colored traffic.
size to ½ the difference between the previous size and the current instantaneous queue size, set the weighting constant to 1. To update the current queue size to 1/4 the difference between the previous size and the current instantaneous queue size, set the weighting constant to 2, .... The average queue size is calculated for each physical interface independently.
service-policy Use the service-policy command in either Global Configuration mode (for all system interfaces) or Interface Configuration mode (for a specific interface) to attach a policy to an interface. To return to the system default, use the no form of this command. NOTE: This command is not available on the N1500 Series switches.
fail. Applying a policy globally applies the policy to all physical interfaces. The policy appears in the running-config as part of the individual interface configuration. Example The following example shows how to attach a service policy named “DELL” to all interfaces for packets ingressing the switch. console(config)#service-policy in DELL show class-map Use the show class-map command to display all configuration information for the specified class.
Class Name ------------------------------cee ipv4 stop_http_class Type ACL Identifier or Reference Class Name ----- -------------------------------------All acl (IP ) All Any console#show class-map ipv4 Class Name..................................... ipv4 Class Type..................................... All Match Rule Count............................... 1 Match Criteria Values ---------------------------- -------------------------------------------Source IP Address 2.2.2.2 (255.255.255.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines If the interface is specified, the IEEE 802.1p mapping table of the interface is displayed. If omitted, the global configuration settings are displayed. The following table lists the parameters in the example and gives a description of each. Parameter Description User Priority The 802.1p user priority value.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
28(af32) 29 30(af33) 31 32(cs4) 33 34(af41) 35 36(af42) 37 38(af43) 39 40(cs5) 41 42 43 44 45 46(ef) 47 48(cs6) 49 50 51 52 53 54 55 56(cs7) 57 58 59 60 61 62 63 1 1 1 1 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 3 show classofservice trust Use the show classofservice trust command to display the current trust mode setting for a specific interface.
Syntax show classofservice trust [{gigabitethernet unit/slot/port| port-channel portchannel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines If the interface is specified, the port trust mode of the interface is displayed. If omitted, the port trust mode for global configuration is shown.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the DiffServ information. console#show diffserv DiffServ Admin mode.......................... Class Table Size Current/Max................. Class Rule Table Size Current/Max............ Policy Table Size Current/Max................ Policy Instance Table Size Current/Max....... Policy Attribute Table Size Current/Max......
User Guidelines This command has no user guidelines. Example console#show diffserv service interface gigabitethernet 1/0/1 in DiffServ Admin Mode........................... Enable Interface..................................... Gi1/0/1 Direction..................................... In No policy is attached to this interface in this direction. show diffserv service brief Use the show diffserv service brief command to display all interfaces in the system to which a DiffServ policy has been attached.
Po47 Gi1/0/1 Po48 Gi1/0/2 In In In In Down Down Down Down DELL DELL DELL DELL show interfaces cos-queue Use the show interfaces cos-queue command to display the class-of-service queue configuration for the specified interface. Syntax show interfaces cos-queue [{gigabitethernet unit/slot/port | port-channel port-channel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration.
2 3 4 5 6 0 0 0 0 0 Weighted Weighted Weighted Weighted Weighted Tail Tail Tail Tail Tail Drop Drop Drop Drop Drop This example displays the COS configuration for the specified interface Gi1/0/1. console#show interfaces cos-queue gigabitethernet 1/0/1 Interface...................................... Gi1/0/1 Interface Shaping Rate......................... 0 Queue Id -------0 1 2 3 4 5 6 Min.
Parameter Description Minimum Bandwidth The minimum transmission bandwidth guarantee for the queue, expressed as a percentage. A value of 0 means bandwidth is not guaranteed and the queue operates using best-effort scheduling. This value is a configured value. Scheduler Type Indicates whether this queue is scheduled for transmission using a strict priority or a weighted scheme. This value is a configured value.
rate commands), all packets are colored green. Use the show interfaces cosqueue command to show the global or per interface scheduler type and queue management types. The N1500 Series switch does not support configuration of the maximum threshold nor can the threshold or drop probability be configured for nonTCP traffic. Example Example 1 This example shows ECN enabled for green color packets on CoS queues 0 and 1.
show interfaces traffic Use the show interfaces traffic command to display traffic information. Syntax show interfaces traffic [interface-id] interface-id—A valid Ethernet interface specifier. Port-channels are not allowed with this command as the queuing and drops occur on the individual interfaces and not on the port channel. Default Configuration The default is to show the global traffic class group configuration.
Field Description WRED TX Queue The instantaneous number of packets queued for transmission on the interface as smoothed by the exponential weighting function. The above counters are cleared by the clear counters command. The queue sizes cannot be cleared as they are instantaneous. The N1100-ON Series switches do not support accounting for color drops. The color drop counters are fixed at 0 on those switches.
User Guidelines This command displays interface transmit and receive utilization in bits/sec and packets/sec. The transmit utilization and transmit packet counts include packets generated by the CPU. Buffer utilization is the count of cells queued for transmission on a port. A buffer utilization value of less than 10 generally indicates that the port is not experiencing congestion and packets are transmitted as soon as they are queued for output.
Field Description Rx Util The receive utilization which is the link utilization in the receive direction as a percentage of operational speed (range 0-100). The utilization is derived by dividing the link speed by the number of bytes received averaged over the last sampling interval. Tx Util The transmit utilization. The link utilization in the transmit direction as a percentage of operational speed (range 0-100).
thresholds for buffering on the port are reached. A conscientious network operator might want to examine why the devices attached to Gi1/0/5 and Gi1/0/6 are sending so much traffic to Gi1/0/2 attached devices and either redistribute the devices, rate-limit traffic egressing the devices attached to Gi1/0/5 and Gi1/0/6, or increase the number of links available for the device attached to Gi1/0/2.
User Guidelines This command has no user guidelines. Example The following example displays the DiffServ information. console#show Policy Name ----------POLY1 DELL policy-map Policy Type ----------xxx xxx Class Members ------------DellClass DellClass show policy-map interface Use the show policy-map interface command to display policy-oriented statistics information for the specified interface. NOTE: This command is not available on the N1500 Series switches.
Example The following example displays the statistics information for port te1/0/1. console#show policy-map interface te1/0/1 in Interface..................................... Operational Status............................ Policy Name................................... Interface Summary: Class Name.................................... In Offered Packets............................ In Discarded Packets..........................
Gi1/0/3 Gi1/0/4 Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 Gi1/0/9 Gi1/0/10 Down Down Down Down Down Down Down Down DELL DELL DELL DELL DELL DELL DELL DELL traffic-shape Use the traffic-shape command in Global Configuration mode and Interface Configuration mode to specify the maximum transmission bandwidth limit for the interface as a whole. To restore the default interface shaping rate value, use the no form of this command.
Traffic shaping may cause congestion and packet loss if the aggregate ingress rate for an interface persistently exceeds the egress traffic shape rate. Example The following example rate limits interface gi1/0/1 to a maximum bandwidth of 1024 Kbps. console(config-if-Gi1/0/1)#traffic-shape 1024 Kbps vlan priority Use the vlan priority command to assign a default VLAN priority tag for untagged frames ingressing an interface. Syntax vlan priority cos-value • cos-value – A value ranging from 0-7.
Spanning Tree Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches The Multiple Spanning Tree Protocol (MSTP) component complies with IEEE 802.1 by efficiently segregating VLAN traffic over separate interfaces for multiple instances of Spanning Tree. IEEE 802.1D, Spanning Tree and IEEE w, Rapid Spanning Tree are supported through the IEEE 802.1s implementation. The difference between the RSTP and STP (IEEE 802.
port. In this way, the root guard enforces the position of the root bridge. In MSTP scenario the port may be designated in one of the instances while being alternate in the CIST, and so on. Root guard is a per port (not a per port per instance command) configuration so all the MSTP instances this port participates in should not be in root role. STP BPDU Filtering - STP BPDU filtering applies to all operational edge ports.
User Guidelines This feature is used only when working in RSTP or MSTP mode. Example The following example restarts the protocol migration process (forces the renegotiation with neighboring switches) on Gi1/0/1. console#clear spanning-tree detected-protocols gigabitethernet 1/0/1 exit (mst) Use the exit command in MST mode to exit the MST configuration mode and apply all configuration changes. Syntax exit Default Configuration MST configuration.
Syntax instance instance-id {add | remove} vlan vlan-list • instance-ID — ID of the MST instance. (Range: 1-4094) • vlan-list — VLANs to be added to the existing MST instance. To specify a range of VLANs, use a hyphen. To specify a series of VLANs, use a comma. (Range: 1-4094) Default Configuration VLANs are mapped to the common and internal spanning tree (CIST) instance (instance 0).
console(config)#spanning-tree mode mst console(config)#spanning-tree mst 1 priority 8192 console(config)#spanning-tree mst 2 priority 28672 console(config)#spanning-tree mst configuration console(config-mst)#instance 1 add vlan 2-199 console(config-mst)#instance 1 add vlan 350 console(config-mst)#instance 1 add vlan 400-449 console(config-mst)#instance 1 add vlan 500-1999 console(config-mst)#instance 1 add vlan 2200-2499 console(config-mst)#instance 1 add vlan 2600-2799 console(config-mst)#instance 1 add vl
Command Mode MST mode User Guidelines When configuring the switch in MSTP mode, be sure to configure the MST region name. For multiple switches to become members of the same region, the configuration name, the configuration revision and mapping of VLANs to MSTIs must be identical. Example The following example sets the configuration name to “region1”.
User Guidelines When configuring the switch in MSTP mode, be sure to configure the MST region name. For multiple switches to become members of the same region, the configuration name, the configuration revision and mapping of VLANs to MSTIs must be identical. Example The following example sets the configuration revision to 1. console(config)#spanning-tree mst configuration console(config-mst)#revision 1 show spanning-tree Use the show spanning-tree command to display the spanning-tree configuration.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Command History Modified in version 6.5 firmware. Examples The following examples display spanning-tree information. MST information is shown in this form of the command regardless of the spanning tree mode.
console#show spanning-tree gi1/0/1 Port: Gi1/0/1 Enabled State: Forwarding Port ID: 128.1 Port Fast: No Designated Bridge Priority: 32768 Designated Port ID: 128.1 CST Regional Root: 80:00:00:1E:C9:DE:D4:47 Root Guard..................................... Loop Guard..................................... TCN Guard...................................... Auto Portfast.................................. BPDU Filter Mode............................... Time Since Counters Last Cleared...............
State: Disabled Port ID: 128.3 Root Protection: No Designated Bridge Priority: 32768 Designated Port ID: 0.0 CST Regional Root: 80:00:00:1E:C9:DE:D4:47 BPDUs: Sent: 0, Received: 0 Role: Disabled Port Cost: 0 Address: 001E.C9DE.
console#show spanning-tree blockedports Spanning Tree: Enabled (BPDU Flooding: Disabled) Mode: rstp CST Regional Root: 80:00:00:1E:C9:DE:D4:47 Regional Root Path Cost: 0 ###### MST 0 Vlan Mapped: 1-10 ROOT ID Priority 32768 Address 001E.C9DE.D447 This Switch is the Root. Hello Time: 2s Max Age: 20s Forward Delay: 15s Interfaces Name State Prio.Nbr Cost Sts Role RestrictedPort --------- -------- --------- --------- ---- ----- -------------Te1/0/2 Enabled 128.
RLQ response PDUs received (all VLANs)......... 0 RLQ request PDUs sent (all VLANs).............. 0 RLQ response PDUs sent (all VLANs)............. 0 This example shows spanning-tree configured in mstp mode. Output is shown for each VLAN that is a member of an MST domain.
Interfaces Name --------Gi1/0/1 Gi1/0/2 This Switch is the Root. Hello Time: 2s Max Age: 20s Forward Delay: 15s State -------Enabled Enabled Prio.Nbr --------128.1 128.2 Cost --------20000 20000 Sts ---FWD FWD Role ----Desg Desg RestrictedPort -------------No No ###### MST 3 Vlan Mapped: 6-10 ROOT ID Priority 32768 Address 001E.C9DE.D447 This Switch is the Root. Hello Time: 2s Max Age: 20s Forward Delay: 15s Interfaces Name --------Gi1/0/1 Gi1/0/2 State -------Enabled Enabled Prio.Nbr --------128.
Gi1/0/5 Gi1/0/6 Gi1/0/7 Gi1/0/8 Enabled Enabled Enabled Enabled 128.5 128.6 128.7 128.8 0 0 0 0 DIS DIS DIS DIS Disb Disb Disb Disb No No No No This example shows spanning-tree configured in rstp mode. Output is shown for each interface.
Gi1/0/2 Enabled 128.2 20000 Forwarding Root Te1/0/1 Enabled 128.49 2000 Forwarding Designated Te1/0/2 Enabled 128.50 2000 Discarding Backup VLAN 2 RootID Priority 32770 Address 001E.C9DE.D447 Cost 0 Port This switch is the root Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec BridgeID Priority 32770 (priority 32768 sys-id-ext 2) Address 001E.C9DE.D447 Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec Aging Time 300 sec Interface State Prio.
Spanning Tree Admin Mode Enabled or disabled Spanning Tree Version Version of currently supported (IEEE 802.1s, IEEE 802.1w, or IEEE 802.1d) based upon the mode parameter. BPDU Protection Mode Enabled or disabled. BPDU Filter Mode Enabled or disabled. BPDU Flooding Mode Enabled or disabled. IndirectLink Rapid Convergence Backbone-fast for RSTP-PV is enabled or disabled. DirectLink Rapid Convergence Enables/Disables DRC by setting switch priority to 49152.
Configuration Format Selector..... 0 show spanning-tree vlan Use the show spanning-tree vlan command to display spanning tree information per VLAN and also list out the port roles and states as well as port cost. Syntax show spanning-tree vlan { vlan-list | all } • vlan-list — A list of VLANs or VLAN ranges separated by commas and with no embedded blank spaces. VLAN ranges are of the form X-Y where X and Y are valid VLAN identifiers and X < Y. • all—Show all VLANs.
Gi1/0/1 Gi1/0/2 Designated Forwarding Designated Forwarding 20000 20000 128.1 128.2 spanning-tree Use the spanning-tree command in Global Configuration mode to enable spanning-tree functionality. To disable spanning-tree functionality, use the no form of this command. Syntax spanning-tree no spanning-tree Default Configuration Spanning-tree is enabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
Default Configuration Auto portfast mode is enabled by default. Command Mode Interface Configuration (Ethernet, Port Channel) mode User Guidelines There are no user guidelines for this command. Example The following example enables spanning-tree functionality on Gigabit ethernet interface 4/0/1.
User Guidelines IRC can be configured even if the switch is configured for MST(RSTP) or RSTP-PV mode. It only has an effect when the switch is configured for STP-PV mode. If an IRC-enabled switch receives an inferior BPDU from its designated switch on a root or blocked port, it sets the maximum aging time on the interfaces on which it received the inferior BPDU if there are alternative (blocked) paths to the designated switch.
spanning-tree bpdu-protection Use the spanning-tree bpdu-protection command in Global Configuration mode to enable BPDU guard on a switch. Use the no form of this command to resume the default status of BPDU guard function. Syntax spanning-tree bpdu-protection no spanning-tree bpdu-protection Default Configuration BPDU guard is not enabled. Command Mode Global Configuration mode User Guidelines The administrator should ensure that interfaces on which BDPU guard is enabled are configured as edge ports.
console(config)#spanning-tree bpdu-protection spanning-tree cost Use the spanning-tree cost command in Interface Configuration mode to configure the externally advertised spanning-tree path cost for a port. To return to the default port path cost, use the no form of this command. The path cost is used in the selection of an interface for the forwarding or blocking states. Use the no form of the command to automatically select the path cost based upon the speed of the interface.
User Guidelines Dell EMC Networking spanning tree uses long values for spanning tree costs. The range for path cost for a port is 0-200,000,000. The range for path cost for a VLAN is 1-200,000,000. Use the no form of the command to calculate the cost based on the interface speed. A zero path cost causes the switch to calculate the path cost based upon the speed of the interface.
Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines This command has no user guidelines. Example The following example disables spanning-tree on Gi1/0/5.
2*(Forward-Time - 1) >= Max-Age. Example The following example configures spanning-tree bridge forward time to 25 seconds. console(config)#spanning-tree forward-time 25 spanning-tree guard The spanning-tree guard command selects whether loop guard or root guard is enabled on an interface. If neither is enabled, the port operates in accordance with the multiple spanning tree protocol. Use the “no” form of this command to disable loop guard or root guard on the interface.
spanning-tree loopguard Use the spanning-tree loopguard command to enable loop guard on all ports. Use the “no” form of this command to disable loop guard on all ports. Syntax spanning-tree loopguard default no spanning-tree loopguard default Default Configuration Loop guard is disabled by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example enables spanning-tree loopguard functionality on all ports.
Default Configuration The default max-age for IEEE STP is 20 seconds. Command Mode Global Configuration mode User Guidelines When configuring the Max-Age the following relationships should be satisfied: 2*(Forward-Time - 1) >= Max-Age Max-Age >= 2*(Hello-Time + 1) Example The following example configures the spanning-tree bridge maximum-age to 10 seconds.
User Guidelines There are no user guidelines for this command. Example console(config)#spanning-tree max-hops 32 spanning-tree mode Use the spanning-tree mode command in Global Configuration mode to configure the spanning-tree protocol. To return to the default configuration, use the no spanning-tree form of this command. Syntax spanning-tree mode {stp | rstp | mst | pvst | rapid-pvst} • stp — Spanning Tree Protocol (STP) is enabled. • rstp — Rapid Spanning Tree Protocol (RSTP) is enabled.
If configuring the switch to MSTP mode, be sure to configure the MST region name. For multiple switches to become members of the same region, the configuration name, the configuration revision and mapping of VLANs to MSTIs must be identical. In the STP-PV or RSTP-PV modes, BPDUs contain per-VLAN information instead of the common spanning-tree information (MST/RSTP). RSTP-PV maintains independent spanning tree information about each configured VLAN. RSTP-PV uses IEEE 802.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines For two or more switches to be in the same MST region, they must have the same VLAN mapping, the same configuration revision number and the same name. Example The following example configures an MST region.
The default configuration is: • Ethernet (10 Mbps) — 2,000,000 • Fast Ethernet (100 Mbps) — 200,000 • Gigabit Ethernet (1000 Mbps) — 20,000 • Port-Channel — 20,000 Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines Use the spanning-tree cost command to configure MST instance 0 (the common spanning tree instance). Use the show spanning-tree active command to display the spanning tree costs.
Default Configuration The default port-priority for IEEE STP is 128. The default priority for a portchannel is 96. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode User Guidelines The priority will be set to the nearest multiple of 4096 if not an exact multiple of 4096. Example The following example configures the port priority of Gigabit Ethernet interface 1/0/5 to 144.
Command Mode Global Configuration mode User Guidelines The priority value must be a multiple of 4096. The priority will be set to the nearest multiple of 4096 if not an exact multiple of 4096. Bridge priority configuration is given preference over the root primary/secondary configuration. Root primary/secondary configuration is given preference over the DRC configuration. The switch with the lowest priority is selected as the root of the spanning tree.
User Guidelines This command only applies to access ports. The command is to be used only with interfaces connected to end stations. Otherwise, an accidental topology loop could cause a data packet loop and disrupt switch and network operations. An interface with portfast mode enabled is moved directly to the spanning tree forwarding state when linkup occurs without waiting the standard forward-time delay. Example The following example enables portfast on Gi1/0/5.
A port enabled for BPDU filtering does not receive or send any BPDUs. It is possible that a network loop may result if BPDU filtering is enabled on a port connected to anything other than an end system. BPDU filtering is appropriate for configuration on portfast enabled interfaces that are connected to end system hosts where it is desired to not send BPDUs to the host or receive BPDUs from the host.
NOTE: This command should be used with care. An interface with portfast mode enabled is moved directly to the spanning tree forwarding state when linkup occurs without waiting for the standard forward-time delay. Setting a port connected to another switch into portfast mode may cause an accidental topology loop and disrupt switch and network operations. Example The following example enables portfast mode on all access ports.
User Guidelines If the VLAN parameter is given, the priority is configured only for the selected VLANs (applies only when pvst or rapid-pvst mode is selected). Configuration without the VLAN parameter configures the port priority for RSTP, STP-PV, and RSTP-PV. If an interface is configured with both the spanning-tree vlan vlan-id portpriority priority command and the spanning-tree port-priority priority command, the spanning-tree vlan vlan-id port-priority priority value is used as the port priority.
spanning-tree priority Use the spanning-tree priority command in Global Configuration mode to configure the spanning-tree priority. The priority value is used to determine which bridge is elected as the root bridge. To reset the default spanning-tree priority use the no form of this command. Syntax spanning-tree priority priority no spanning-tree priority • priority — Priority of the bridge. (Range: 0–61440) Default Configuration The default bridge priority for IEEE STP is 32768.
Syntax spanning-tree tcnguard no spanning-tree tcnguard Default Configuration TCN propagation is disabled by default. Command Mode Interface Configuration (Ethernet, Port Channel) mode User Guidelines There are no user guidelines for this command. Example The following example configures spanning-tree tcnguard on 4/0/1.
User Guidelines There are no user guidelines for this command. Example The following example sets the maximum number of BPDUs sent to 6. console(config)#spanning-tree transmit hold-count 6 spanning-tree uplinkfast Use the spanning-tree uplinkfast command to configure the rate at which gratuitous frames are sent (in packets per second) after a switchover to an alternate port on STP-PV and RSTP-PV configured switches and enable Direct Link Rapid Convergence on STP-PV switches.
priority to 49152. Path costs have an additional 3000 added when DRC is enabled. This reduces the probability that the switch will become the root switch. DRC immediately changes to an alternate root port on detecting a root port failure and change the new root port directly to the forwarding state. A TCN is sent for this event.
• vlan-list–A single VLAN ID or a list of VLAN IDs in comma delineated or range format with no embedded blanks. Range 1-4093. Default Configuration By default, each configured VLAN is automatically associated with a per VLAN spanning tree instance. If more than eight VLANs are configured, the excess VLANs do not participate in per VLAN spanning tree.
• forward-time — The interval (time spent in listening and learning states) before transitioning a port to the forwarding state. (Range: 4-30 seconds) Default Configuration The default forward delay time is 15. Command Modes Global Configuration Mode User Guidelines Set this value to a lower number to accelerate the transition to forwarding.
Command Modes Global Configuration Mode User Guidelines This command can be configured even if the switch is configured for MST(RSTP) mode. It is only used when the switch is configured for STP-PV or RSTP-PV modes. Set this value to a lower number to accelerate discovery of topology changes. Use the no form of the command to return the hello time to its default value.
User Guidelines Set this value to a lower number to accelerate discovery of topology changes. The network operator must take into account the end to end BPDU propagation delay and message age overestimate for their specific topology when configuring this value. The default setting of 20 seconds is suitable for a network of diameter 7, lost message value of 3, transit delay of 1, hello interval of 2 seconds, overestimate per bridge of 1 second, and a BPDU delay of 1 second.
Command Modes Global Configuration mode User Guidelines This command can be configured even if the switch is configured for MST (RSTP) mode. It is only used when the switch is configured for STP-PV or RSTP-PV modes. The logic sets the bridge priority to a value lower (primary) or next lower (secondary) than the lowest bridge priority for the specified VLAN or a range of VLANs. This command only applies when STP-PV or RSTP-PV is enabled.
Valid values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440. The default value is 32768. If the value configured is not among the specified values, it will be rounded off to the nearest valid value. Command Modes Global Configuration mode User Guidelines This command can be configured even if the switch is configured for MST(RSTP) mode. It is only used when the switch is configured for STP-PV or RSTP-PV modes.
UDLD Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches The UDLD feature detects unidirectional links on physical ports. A unidirectional link is a forwarding anomaly in a Layer 2 communication channel in which a bi-directional link stops passing traffic in one direction. UDLD must be enabled on the both sides of the link in order to detect a unidirectional link.
recognize only the sending failures on unidirectional links. If all devices in the network support UDLD, this functionality is enough to detect all unidirectional links. Processing UDLD Traffic from Neighbors Every UDLD-capable device collects information about all other UDLDcapable devices. Each device populates UDLD echo packets with collected neighbor information to help neighbors identify unidirectional links.
UDLD will put the port into the diagnostically disabled state in the following cases: a When there is a loopback, the device ID and port ID sent out on a port is received back. b UDLD PDU is received from a partner does not have its own details (echo). c Bidirectional connection is established and no UDLD packets are received from the partner device within three times the message interval. d In aggressive mode, when the partner does not respond to an ECHO within 7 seconds.
console(config)#udld enable udld reset Use the udld reset command to reset (enable) all interfaces disabled by UDLD. Syntax udld reset Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines The following commands will reset an interface disabled by UDLD: • Use udld reset to reset all interfaces disabled by UDLD. • The shutdown command followed by no shutdown interface configuration command.
Use the no form of the command to return the message transmission interval to the default value. Syntax udld message time message-interval no udld message time • message-interval—UDLD message transmit interval in seconds. Range is 7 to 90 seconds. Default Configuration The default message transmit interval is 15 seconds. Command Mode Global Configuration mode User Guidelines Lower message time values will detect the unidirectional links more quickly at the cost of higher CPU utilization.
no udld timeout interval • timeout-interval—UDLD timeout interval. Range is 5 to 60 seconds. Default Configuration The default timeout interval is 5 seconds. Command Mode Global Configuration mode User Guidelines This command sets the time interval used to determine if the link has bidirectional or unidirectional connectivity. If no ECHO replies are received within three times the message interval, then the link is considered to have unidirectional connectivity.
User Guidelines UDLD cannot be enabled on a port channel. Instead, enable UDLD on the physical interfaces of a port channel. Example This example enables UDLD on an interface. UDLD must also be enabled globally. console(config-if-Te1/0/1)#udld enable udld port Use the udld port command in Interface (physical) Configuration mode to select the UDLD operating mode on a specific interface. Use the no form of the command to reset the operating mode to the default (normal).
show udld Use the show udld command in User Exec or Privileged Exec mode to display the global settings for UDLD. Syntax show udld [interface-id|all] Default Configuration This command has no default setting. Command Mode Privileged Exec or User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines When no interface is specified, the following fields are shown: Field Description Admin Mode The global administrative mode of UDLD.
Field Description UDLD Status The status of the link as determined by UDLD. The options are: • Undetermined – UDLD has not collected enough information to determine the state of the port. • Not applicable – UDLD is disabled, either globally or on the port. • Shutdown – UDLD has detected a unidirectional link and shutdown the port. That is, the port is in the D-Disable state. • Bidirectional - UDLD has detected a bidirectional link.
VLAN Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Dell EMC Networking 802.1Q VLANs are an implementation of the Virtual Local Area Network, specification 802.1Q. Operating at Layer 2 of the OSI model, the VLAN is a means of parsing a single network into logical user groups or organizations as if they physically resided on a dedicated LAN segment of their own.
Double VLAN Mode An incoming frame is identified as tagged or untagged based on Tag Protocol Identifier (TPID) value it contains. The IEEE 802.1Q standard specifies a TPID value (0x8100) to recognize an incoming frame as tagged or untagged. Any valid Ethernet frame with a value of 0x8100 in the 12th and 13th bytes is recognized as a tagged frame. Dell EMC Networking N-Series switches can be configured to enable the port in double-VLAN (QinQ) mode.
Protocol Based VLANs The main purpose of Protocol-based VLANs (PBVLANs) is to selectively process packets based on their upper-layer protocol by setting up protocolbased filters. Packets are bridged through user-specified ports based on their protocol. In PBVLANs, the VLAN classification of a packet is based on its protocol (IP, IPX, NetBIOS, and so on). PBVLANs help optimize network traffic because protocol-specific broadcast messages are sent only to end stations using that protocol.
Private VLAN Commands The Dell EMC Networking Private VLAN feature separates a regular VLAN domain into two or more subdomains. Each subdomain is defined (represented) by a primary VLAN and a secondary VLAN. The primary VLAN ID is the same for all subdomains that belong to a private VLAN. The secondary VLAN ID differentiates subdomains from each another and provides Layer 2 isolation between ports of the same private VLAN.
traffic of multiple primary VLANs towards the upstream router as well as the traffic for regular VLANs. • Isolated trunk port Isolated trunk ports carry tagged traffic of multiple secondary (isolated) VLANs and regular VLANs to and from downstream devices that are private VLAN unaware. Downstream devices connected to isolated trunk ports communicate with the private VLAN aware switches using isolated VLANs and normal VLANs. Isolated trunk ports may be part of multiple private VLANs.
Figure 3-1. Private VLANs Isolated VLAN An endpoint connected over an isolated VLAN is allowed to communicate with endpoints connected to promiscuous ports only. Endpoints connected to adjacent endpoints over an isolated VLAN cannot communicate with each other. Community VLAN An endpoint connected over a community VLAN is allowed to communicate with the endpoints within the community and can also communicate with any configured promiscuous port.
In order to enable Private VLAN operation across multiple switches which are not stacked, the inter-switch links should carry VLANs which belong to a private VLAN. The trunk ports which connect neighbor switches have to be assigned to the primary, isolated, and community VLANs of a private VLAN. In regular VLANs, ports in the same VLAN switch traffic at L2. However for private VLAN, the promiscuous port is in the primary VLAN whereas the isolated or community ports are in the secondary VLAN.
Command Mode VLAN Configuration or Global Configuration modes User Guidelines Assigning an IP address to a VLAN interface enables Layer 3 on the VLAN interface. If IP routing is globally enabled and an IP address is assigned, the router will route packets to and from the VLAN. When an interface is enabled for routing using the interface vlan command, the port will no longer be operationally enabled as a protected port on the interface.
• vlan-id — A list of valid VLAN IDs to add. Separate nonconsecutive VLAN IDs with a comma and no spaces; use a hyphen to designate a range of IDs. (Range: 1–4093) • all — All existing static VLANs. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The VLANs in the interface range must by configured and enabled for routing prior to use in the vlan range command.
Syntax name vlan–name no name • vlan–name—The name of the VLAN. Must be 1–32 characters in length. Default Configuration The default VLAN name is default. Command Mode VLAN Configuration mode User Guidelines The VLAN name may include any alphanumeric characters including a space, underscore, or dash. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name.
• association—Defines an association between the primary VLAN and secondary VLANs. • primary—Specify that the selected VLAN is the primary VLAN. • community—Specify that the selected VLAN is the community VLAN. • isolated—Specify that the selected VLAN is the isolated VLAN. • add—Associates a secondary VLAN with the primary VLAN. • remove—Deletes the secondary VLAN association with the primary VLAN. • vlan-list—A list of secondary VLAN ids to be mapped to a primary VLAN.
console(config)# vlan console(config-vlan)# console(config-vlan)# console(config)# vlan console(config-vlan)# console(config-vlan)# console(config)# vlan console(config-vlan)# console(config-vlan)# console(config)# vlan console(config-vlan)# console(config-vlan)# 1001 private-vlan exit 1002 private-vlan exit 1003 private-vlan exit 20 private-vlan end isolated community community association 1001-1003 protocol group Use the protocol group command in VLAN Configuration mode to attach a VLAN ID to the pr
User Guidelines This command has no user guidelines. Example The following example displays how to attach the VLAN ID “100” to the protocol-based VLAN group “3.” console(config-vlan)#protocol group 3 100 protocol vlan group Use the protocol vlan group command in Interface Configuration mode to add the physical unit/slot/port interface to the protocol-based group identified by groupid. A group may have more than one interface associated with it.
Command Mode Interface Configuration (Ethernet) mode User Guidelines This command has no user guidelines. Example The following example displays how to add an Ethernet interface to the group ID of “2.” console(config-if-Gi1/0/1)#protocol vlan group 2 protocol vlan group all Use the protocol vlan group all command in Global Configuration mode to add all physical interfaces to the protocol-based group identified by groupid. A group may have more than one interface associated with it.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to add all physical interfaces to the protocol-based group identified by group ID “2.” console(config)#protocol vlan group all 2 show dot1q-tunnel Use the show dot1q-tunnel command to display the QinQ status for each interface.
Example console(config)#show dot1q-tunnel interface all Interface --------Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 Gi1/0/6 Mode ------Disable Disable Disable Disable Disable Disable EtherType -------------802.1 802.1 802.1 802.1 802.1 802.1 show interfaces switchport Use the show interfaces switchport command to display the complete switchport VLAN configuration for all possible switch mode configurations: access, dot1q-tunnel, general, trunk, and (private VLAN) host or (private VLAN) promiscuous.
The command displays the following information. Parameter Description Private-vlan hostassociation Displays the VLAN association for the private-VLAN host ports. Private-vlan mapping Displays the VLAN mapping for the private-VLAN promiscuous ports. Private-vlan trunk native VLAN Displays native VLAN for the promiscuous ports. Private-vlan trunk normal VLANs Displays a list of normal VLANs for the promiscuous trunk ports.
Default Priority: 0 Protected: Disabled Forbidden VLANS: VLAN Name -----------73 Out show port protocol Use the show port protocol command to display the Protocol-Based VLAN information for either the entire system or for the indicated group. Syntax show port protocol {group-id | all} • group-id — The protocol-based VLAN group ID, which is automatically generated when you create a protocol-based VLAN group with the vlan protocol group command. • all — Enter all to show all interfaces.
show switchport ethertype Use the show switchport ethertype to display the configured Ethertype for each interface. Syntax show switchport ethertype [ interface interface-id | all ] • interface-id—A physical interface or port channel. • all—All interfaces. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode and all Show modes User Guidelines Up to three additional TPIDs can be configured. The 802.
Interface EtherType Secondary TPIDs --------- --------- --------------Gi1/0/1 802.1 console(config-vlan10)#show switchport ethertype interface all console(config)#show switchport ethertype interface gi1/0/1 Interface --------Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 Gi1/0/5 EtherType Secondary TPIDs --------- --------------802.1 802.1 VMAN 802.1 802.1 802.1 show vlan Use the show vlan command to display detailed information, including interface information and dynamic VLAN type, for a specific VLAN or RSPAN VLAN.
• Ports—The port membership for the VLAN • Type—The type of VLAN (default, static, dynamic) Example This shows all VLANs and RSPAN VLANs. console#show vlan VLAN ----1 Name --------------default 10 Ports ------------Po1-128, Gi1/0/1-48 Type -------------Default Static RSPAN Vlan -----------------------------------------------------------------10 This example shows information for a specific VLAN ID.
show vlan association mac Use the show vlan association mac command to display the VLAN associated with a specific configured MAC address. If no MAC address is specified, the VLAN associations of all the configured MAC addresses are displayed. Syntax show vlan association mac [mac-address] • mac-address — Specifies the MAC address to be entered in the list. (Range: Any valid MAC address) Default Configuration This command has no default configuration.
Syntax show vlan association subnet [ip-address ip-mask] • ip-address — Specifies IP address to be shown • ip-mask — Specifies IP mask to be shown Default Configuration This command has no default configuration.
Default Configuration This command has no default setting. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Do not configure private VLANs on ports configured with any of these features: • Link Aggregation Control Protocol (LACP) • Multicast VLAN Registration (MVR) • Voice VLAN It is recommended that the private VLAN host ports be configured as spanning-tree portfast. The command displays the following information.
no switchport access vlan • vlan-id — The identifier of the VLAN associated with the access port. Default Configuration This command has no default values. Command Mode Interface Configuration (Ethernet and port channel) mode User Guidelines This command configures the interface access mode VLAN membership. The no form of the command sets the access mode VLAN membership to VLAN 1. It is possible to configure the access mode VLAN identifier when the port is in general or trunk mode.
switchport dot1q ethertype (Global Configuration) Use the switchport dot1q ethertype command to define additional QinQ tunneling TPIDs for matching in the outer VLAN tag of received frames. Use the no form of the command to remove the configured TPIDs. Syntax switchport dot1q ethertype { vman | custom 1-65535 } no switchport dot1q ethertype { vman | custom 1-65535 } • vman—Define the Ethertype as 0x88A8. • custom—Define the Ethertype as a 16 bit user defined value (in decimal).
Packets are always transmitted by the system using the primary TPID value in the outer VLAN tag. It is not possible to configure an inner VLAN TPID value. The inner VLAN TPID value is always 802.1Q (0x8100). Use the switchport dot1q ethertype Interface Configuration mode command to apply a configured TPID value to an interface.
switchport dot1q ethertype (Interface Configuration) Use the switchport dot1q ethertype command to apply previously defined QinQ tunneling TPIDs to a service provider interface. Use the no form of the command to remove the configured TPIDs. Syntax switchport dot1q ethertype { 802.1Q | vman | custom 0-65535 } [primarytpid] no switchport dot1q ethertype { 802.1Q |vman | custom 0-65535 } [primary-tpid] • 802.1Q—Allow ingress frames with Ethertype 0x8100. • vman—Define the Ethertype as 0x88A8.
The outer VLAN tag in tagged packets received on the interface is compared against the configured list of TPIDs. Frames that do not match any of the configured TPIDs are forwarded normally, i.e. without QinQ processing. Frames transmitted on the interface are always transmitted with the primary TPID inserted in the outer VLAN tag. Use the no form of the command to remove the TPID from an interface. Defining a new primary TPID command overwrites the existing primary TPID for an interface.
switchport general forbidden vlan Use the switchport general forbidden vlan command in Interface Configuration mode to forbid adding specific VLANs to a general mode port. To revert to allowing the addition of specific VLANs to the port, use the remove parameter of this command. Syntax switchport general forbidden vlan {add vlan-list | remove vlan-list} • add vlan-list — List of valid VLAN IDs to add to the forbidden list. Separate nonconsecutive VLAN IDs with a comma and no spaces.
switchport general acceptable-frame-type tagged-only Use the switchport general acceptable-frame-type tagged-only command in Interface Configuration mode to discard untagged frames at ingress. To enable untagged frames at ingress, use the no form of this command. Syntax switchport general acceptable-frame-type tagged-only no switchport general acceptable-frame-type tagged-only Default Configuration All frame types are accepted at ingress.
• add vlan-list — List of VLAN IDs to add. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of IDs. • remove vlan-list — List of VLAN IDs to remove. Separate nonconsecutive VLAN IDs with a comma and no spaces. Use a hyphen to designate a range of IDs. • tagged — Sets the port to transmit tagged packets for the VLANs. If the port is added to a VLAN without specifying tagged or untagged, the default is untagged.
Syntax switchport general ingress-filtering disable no switchport general ingress-filtering disable Default Configuration Ingress filtering is enabled. Command Mode Interface Configuration Ethernet and port-channel mode User Guidelines Ingress filtering, when enabled, discards received frames that are not tagged with a VLAN for which the port is a member. If ingress filtering is disabled, tagged frames from all VLANs are processed by the switch.
Default Configuration The default value for the vlan-id parameter is 1 when the VLAN is enabled. Otherwise, the value is 4093. Command Mode Interface Configuration Ethernet and port-channel mode User Guidelines Setting a new PVID does NOT remove the previously configured PVID VLAN from the port membership. Example The following example shows how to configure the PVID for 1/0/8, when the interface is in general mode.
configured with a native VLAN. A trunk port only transmits tagged packets for member VLANs other than the native VLAN and untagged packets for the native VLAN. • general—Full 802.1Q support VLAN interface. A general mode port is a combination of both trunk and access ports capabilities. It is possible to fully configure all VLAN features on a general mode port. Both tagged and untagged packets may be accepted and transmitted. Default Configuration The default switchport mode is access.
Command Mode Interface mode (Ethernet and port channel), Interface range mode (Ethernet and port channel) User Guidelines This command configures a customer edge (CE) port for QinQ tunneling. The dot1q-tunnel mode is an overlay on switchport access mode. In particular, configuring the access mode PVID sets the outer dot1q-tunnel VLAN ID. Changing the switchport mode to access, general, or trunk, effectively disables tunneling on the interface. Customer edge ports can be physical ports or port channels.
appear in the frame. Due to the internal processing of QinQ tagging, the TPID of ingress frames mirrored from the SP port will always be 0x8100. In addition, packets forwarded internally across a stacking link may have different tags applied than packets forwarded on a local egress port. This is due to the processing required for forwarding across a stack. Example This example configures ports Gi1/0/10 through Gi1/0/24 as CE ports using VLAN 10 as the service provider VLAN ID.
• trunk secondary—Configures an interface as a private VLAN isolated trunk port. These ports can carry traffic of several secondary VLANs and normal VLANs. Default Configuration This command has no default configuration. By default, a port is neither configured as promiscuous or host.
Syntax switchport private-vlan {host-association primary-vlan-id secondary-vlan-id| mapping primary-vlan-id {add|remove} secondary-vlan-list} | mapping trunk primary-vlan-id { secondary-vlan-list | add secondary-vlan-list | remove secondary-vlan-list } | trunk { native vlan vlan-if | allowed vlan vlanlist } | association trunk primary-vlan-id secondary-vlan-id} no switchport private-vlan {host-association|mapping | mapping trunk primary-vlan-id | trunk allowed vlan-list | trunk native vlan vlan-id | associa
• association trunk—Associates a primary VLAN with a secondary isolated VLAN. Multiple private VLAN pairs may be configured. Default Configuration This command has no default association or mapping configuration. Command Mode Interface Configuration (Ethernet or port-channel) User Guidelines The no switchport private-vlan mapping trunk primary-vlan-id syntax removes the mapping of the trunk port to the primary VLAN (and all the secondary VLANs) specified.
switchport trunk Use the switchport trunk command in Interface Configuration mode to configure VLAN membership for a trunk port or to set the native VLAN for an interface in Trunk Mode. Syntax switchport trunk {allowed vlan vlan–list | native vlan vlan–id} no switchport trunk { allowed | native } vlan • vlan–list—Set the list of allowed VLANs that can receive and send traffic on this interface in tagged format when in trunking mode. The default is all.
VLAN 1 is the default native VLAN on a trunk port. The default allowed VLAN membership on a trunk port is all VLANs. Command Mode Interface Configuration (gigabitethernet, port-channel, tengigabitethernet, fortygigabitethernet) mode Interface Range mode Port-Channel Range mode User Guidelines Untagged traffic received on a trunk port is forwarded on the native VLAN, if configured. To drop untagged traffic on a trunk port, remove the native VLAN from the trunk port. (Ex.
Default Configuration Dell EMC Networking switches use dot1q encapsulation on trunk ports by default. Command Mode Interface config mode, Interface range mode (including port-channels) User Guidelines This command performs no action. Dell EMC Networking switches always use dot1q encapsulation on trunk mode ports. Command History Introduced in version 6.2.0.1 firmware. Example This example demonstrates compatibility.
User Guidelines Deleting the VLAN assigned as the PVID on an access port will cause VLAN 1 to be assigned as the PVID for the access port. Deleting the VLAN assigned as the native VLAN for a trunk port will cause the trunk port to discard untagged frames received on the port. Creating a VLAN adds it to the allowed list for all trunk ports except those where it is specifically excluded. Ports and port channels can be configured with VLANs that do not exist. They will not forward traffic on nonexisting VLANs.
Example The following example associates MAC address with VLAN ID 1. console(config)# vlan 1 console(config-vlan-1)#vlan association mac 0001.0001.0001 vlan association subnet Use the vlan association subnet command in VLAN Configuration mode to associate a VLAN to a specific IP-subnet. Only packets with a matching source IP address are placed into the VLAN. Syntax vlan association subnet ip-address subnet-mask no vlan association subnet ip-address subnet-mask • ip-address — Source IP address.
vlan makestatic This command changes a dynamically created VLAN (one that is created by GVRP registration) to a static VLAN (one that is permanently configured and defined). The ID is a valid VLAN identification number. VLAN range is 24093. Syntax vlan makestatic vlan-id • vlan-id — Valid VLAN ID. Range is 2–4093. Default Configuration This command has no default configuration.
no vlan protocol group group-id • group-id — The protocol-based VLAN group ID, to create a protocolbased VLAN group. To see the created protocol groups, use the show port protocol all command. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines.
• ethertype value — The protocol you want to add. The ethertype value can be any valid hexadecimal number in the range 0x0600 to 0xffff. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example displays how to add the “ip” protocol to the protocol based VLAN group identified as “2.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console(config)# vlan protocol group name 1 usergroup vlan protocol group remove Use the vlan protocol group remove command in Global Configuration mode to remove the protocol-based VLAN group identified by groupid.
Switchport Voice VLAN Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Series Switches The Voice VLAN feature enables switch ports to carry voice traffic with an administrator-defined priority so as to enable prioritization of voice traffic over data traffic. Using Voice VLAN helps to ensure that the sound quality of an IP phone is protected from deterioration when the data traffic utilization on the port is high.
traffic to a queue and also remarks the CoS or DSCP values in the voice traffic. See the User Configuration Guide for more information. Voice VLAN is recommended for enterprise-wide deployment of voice services on the IP network. switchport voice vlan This command is used to enable the voice VLAN capability on the switch. Syntax switchport voice vlan no switchport voice vlan Command Mode Global Configuration User Guidelines Voice VLAN must be configured on access or general mode ports.
Syntax switchport voice vlan {vlan-id | dot1p priority | none | untagged | priority extend trust|override-authentication| dscp value} no switchport voice vlan [priority extend][override-authentication] • vlan-id—Configure an existing VLAN as the voice VLAN. This VLAN ID is also sent to the phone via LLDP-MED/CDP unless the none parameter is also specified. • dot1p—Enable LLDP-MED/CDP to configure the phone to send the specified 802.1p priority in voice packets.
User Guidelines Enable voice VLAN using the following steps: • Create one or more voice VLANs on the switch. • Configure the interface in access or general mode. • Enable voice VLAN globally and add a voice VLAN on the desired interfaces. • Optionally configure 802.1X MAC or port-based authentication on the interface and globally. If using MAC based authentication, also: • Configure one or more RADIUS servers on the switch.
In authentication host-mode multi-domain-multi-host, a voice packet is switched based on the source MAC address of the IP phone. If override authentication is enabled, voice packets received are switched regardless of the 802.1X authentication state. Likewise, voice packets from the switch are transmitted over the port regardless of the 802.1x authentication state when the override option is enabled.
Command History Description updated in 6.3.0.5 release. Syntax updated in release 6.5.1.0. Example This example configures an interface to use VLAN 100 as the voice VLAN and sends LLDP configuration in the Network Policy TLV to the phone to assign VLAN 100 to 802.1p priority 5. The data priority is trusted by default.
console(config-if-G11/0/10)#authentication host-mode multi-auth 5 Enable the voice VLAN feature on the interface. Voice packets are tagged using VLAN 25. console(config-if-Gi1/0/10)#switchport voice vlan 25 6 Allow access to the voice VLAN regardless of the 802.1X port authentication state. console(config-if-Gi1/0/10)#switchport voice vlan overrideauthentication console(config-if-Gi1/0/10)#show voice vlan interface gi1/0/10 Interface......................................
Default Value trust Example console(config)#interface gigabitethernet 1/0/1 console(config-if-Gi1/0/1)#voice vlan data priority untrust console(config-if-Gi1/0/1)#voice vlan data priority trust authentication event server dead action authorize voice Use the authentication event server dead action authorize voice command to allow voice VLAN access when no AAA server can be contacted. Use the no form of the command to disable voice VLAN access in such cases.
authenticating phones do not have access to the critical voice VLAN service. Only 802.1X-capable devices are eligible for critical voice VLAN treatment. This restriction is not enforced by configuration. Enable critical voice VLAN using the following steps: • Create the voice VLAN on the switch. • Configure the interface in access or general mode. • Configure MAC based authentication on the interface. • Configure one or more RADIUS servers on the switch and enable 802.1X globally.
Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines • When the interface parameter is not specified, only the global mode of the voice VLAN is displayed. • When the interface parameter is specified, the following is displayed: Output Description Interface The interface ID. Voice VLAN Interface Mode The admin mode of the voice VLAN on the interface. Voice VLAN ID The voice VLAN ID. Voice VLAN Priority The 802.
Multiple MAC Registration Protocol Commands Dell EMC Networking N2000/N2100X-ON/N2200X-ON/N3000EON/N3100X-ON/N3200-ON Series Switches This section covers commands related to Multiple MAC Registration Protocol (MMRP). MMRP is an implementation of IEEE 802.1ak. MMRP supports registration of MAC address/VLAN pairs in support of Audio-Visual Bridging. clear mmrp statistics This command clears the MMRP statistics for an interface or all interfaces.
Example This example clears the MMRP counters on port channel 1 console#clear mmrp statistics po1 mmrp This command enables MMRP on a specific interface. Use the no form of the command to disable MMRP on an interface. Syntax mmrp no mmrp Default Configuration By default, MMRP is disabled globally and on all interfaces. Command Mode Interface Configuration (Ethernet and port channel) and Interface Range (Ethernet and port channel) User Guidelines MMRP is not compatible with GVRP/GMRP.
Example This example enables MMRP on port channel 1. console(config)#interface po1 console(config-if-Po1)#mmrp mmrp global Use the mmrp global command to globally enable MMRP. Use the no form of the command to globally disable MMRP. Syntax mmrp global no mmrp global Default Configuration By default, MMRP is disabled globally and on all interfaces. Command Mode Global Configuration User Guidelines MMRP is not compatible with GVRP/GMRP. Do not enable MMRP on switches enabled for GVRP/GMRP.
Command History Introduced in version 6.2.0.1 firmware. Example This example enables MMRP globally. console(config)#mmrp global mmrp periodic state machine Use this command to globally enable the MMRP periodic state machine. Use the no form of the command to globally disable the MMRP periodic state machine. Syntax mmrp periodic state machine no mmrp periodic state machine Default Configuration By default, the MMRP periodic state machine is disabled globally.
show mmrp Use this command to display the MMRP configuration for an interface or globally. Syntax show mmrp [ summary | interface [ interface-id | summary ] ] • summary—Show the global MMRP configuration. • interface-id—Show the MMRP configuration for the specified interface. • interface summary—Show the per interface MMRP configuration for all interfaces. Default Configuration This command has no defaults.
--------Gi1/0/1 Gi1/0/2 Gi1/0/3 Gi1/0/4 --------Disabled Disabled Disabled Disabled show mmrp statistics Use this command to display the MMRP statistics for an interface or globally. Syntax show mmrp statistics {interface-id} • interface-id—Displays the MMRP statistics for the specified interface. Default Configuration By default, the global statistics are displayed. Command Mode Privileged Exec, Global Configuration, and all submodes User Guidelines MMRP is not compatible with GMRP.
Multiple VLAN Registration Protocol Commands Dell EMC Networking N2000/N2100X-ON/N2200X-ON/N3000EON/N3100X-ON/N3200-ON Series Switches This section covers commands related to Multiple VLAN Registration Protocol (MVRP). MVRP is an implementation of IEEE 802.1ak in support of Audio-Video Bridging. Dell EMC Networking MVRP supports registration (dynamic VLAN creation) and propagation of VLAN membership information.
Example This example clears the MVRP counters on port channel 1 console#clear mmrp statistics po1 mvrp This command enables MVRP on a specific interface. Use the no form of the command to disable MVRP on an interface. Syntax mvrp no mvrp Default Configuration By default, MVRP is disabled globally and on all interfaces. Command Mode Interface Configuration (Ethernet and port channel) and Interface Range (Ethernet and port channel) User Guidelines MVRP is not compatible with GVRP/GMRP.
Example This example enables MVRP on port channel 1 console(config)#interface po1 console(config-if-Po1)#mvrp mvrp global Use the mvrp global command to globally enable MVRP. Use the no form of the command to globally disable MVRP. Syntax mvrp global no mvrp global Default Configuration By default, MVRP is disabled globally and on all interfaces. Command Mode Global Configuration mode User Guidelines MVRP is not compatible with GVRP/GMRP. Do not enable MVRP on switches enabled for GVRP/GMRP.
If a VLAN is configured as forbidden on an interface and MVRP requests registration (dynamic creation) of the same VLAN, MVRP does not configure the port association. MVRP is only supported on trunk or general mode ports. This command is only available on the N4000 Series switches. Command History Introduced in version 6.2.0.1 firmware. Example This example enables MVRP globally. console(config)#mvrp global mvrp periodic state machine Use this command to globally enable the MVRP periodic state machine.
Command History Introduced in version 6.2.0.1 firmware. Example This example enables the MVRP periodic state machine. console(config)#mvrp periodic state machine show mvrp Use this command to display the MVRP configuration for an interface or globally. Syntax show mvrp [ summary | interface [ interface-id | summary ] ] • summary—Show the global MMRP configuration. • interface-id—Show the MMRP configuration for the specified interface.
console#show mvrp summary MVRP global state.............................. Disabled MVRP Periodic State Machine state.............. Disabled VLANs created via MVRP......................... 20-45, 3001-3050 The following shows example CLI display output for the command. (Switching) #show mvrp interface 0/12 MVRP interface state........................... Enabled VLANs declared................................. 20-45, 3001-3050 VLANs registered...............................
MVRP MVRP MVRP MVRP MVRP messages received with bad header......... messages received with bad format......... messages transmitted...................... messages failed to transmit............... Message Queue Failures.................... 0 0 16 0 0 The following shows example CLI display output for the command. (Switching) #show mvrp statistics 0/12 Port........................................... MVRP messages received......................... MVRP messages received with bad header.........
Layer 2 Switching Commands 942
4 Security Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Security commands enable network operators to administer security for administrator access to the switch management console or web interface as well as to configure restrictions of network access for network attached devices.
AAA Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Dell EMC Networking switches support authentication of network users and switch administrators via a number of methods. Management access to the switch is via telnet, HTTP, SSH, or the serial console (SNMP access is discussed in the SNMP Commands section).
To authenticate a switch administrator, the authentication methods in the APL for the access line are attempted in order until an authentication attempt returns a success or failure return code. If a method times out, the next method in the list is attempted. The component requesting authentication is unaware of the ultimate authentication source. If a method in the preference list does not support the concept of time-out, subsequent entries in the list are never attempted.
Accounting notification is sent when the administrator exits exec mode. The duration of the exec session is logged in the accounting notice. Accounting notifications are sent at the end of each administrator executed command. In the case of commands like reload, and clear config, an exception is made and the stop accounting notice is sent at the beginning of the command.
Command Authorization Dell EMC Networking switches support per command or enable authorization using a TACACS server. See the authorization command in this section for further information. Additionally, the RADIUS or TACACS server can be configured to assign an administrative profile to a switch administrator. The administrative profile identifies groups of commands which may be executed by the administrator. See the Administrative Profiles Commands section for further information on this capability.
The Internal Authentication Server feature provides support for the creation of users for IEEE 802.1x access only, i.e. without switch management access. This feature maintains a separate database of users allowed for 802.1x access. The authentication method ias is available in the list of methods supported by authentication to support user database lookup. The ias method cannot be added in the same authentication list that has other methods like local, radius and reject.
MAC Authentication Bypass (MAB) provides 802.1x unaware clients controlled access to the network using the devices’ MAC address as an identifier. This requires that the known and allowable MAC address and corresponding access rights be prepopulated in the authentication server. Port access by MAB clients is allowed via local authentication if the user database has corresponding entries added for the MAB clients with user name and password attributes set to the MAC address of MAB clients.
Unauthenticated VLAN The Unauthenticated VLAN feature allows a Dell EMC Networking switch to provide a distinguished service to unauthorized network devices that attempt and fail authentication. This feature provides a mechanism to allow network devices to have network access to an external network while restricting their ability to access the internal LAN. When a client network device that supports 802.1x is connected to an unauthorized port that is 802.
• exec—Provides accounting for a User Exec terminal sessions. • commands—Provides accounting for all user executed commands. • dot1x—Provides accounting for DOT1X user commands. Only the default method is available for dot1x. • default—The default list of methods for accounting services. • list-name—Character string used to name the list of accounting methods. • start-stop—Sends a start accounting notice at the beginning of a process, and a stop accounting notice at the end of a process.
• The same list-name can be used for both exec and commands accounting type • AAA Accounting for commands with RADIUS as the accounting method is not supported. • Start-stop or None are the only supported record types for RADIUS accounting. Start-stop enables accounting and None disables accounting. • RADIUS is the only accounting method type supported for 802.1X accounting.
This example shows how to enable dot1x accounting to RADIUS server for start, interim and stop reports. Interim reports are sent every 60 minutes. (console)#configure (console-config)#aaa accounting dot1x default start-stop radius (console-config)#aaa accounting update periodic 60 The following shows an example of the no version of the command.
If the switch discovers that the host has obtained an IPv4/IPv6 address, it may send the Acct-Start packet before the expiry of the delay period. The delay is accounted for in the Acct-Delay-Time attribute sent to the RADIUS accounting server. Use the show authentication clients command to display the discovered IPv4 address/IPv6 address received from RADIUS server, if any. Command History Command introduced in firmware release 6.5.2.
The Interim-Update packet contains the accounting information recorded for the user session since the last time an accounting record was sent. If both the periodic and newinfo keywords are configured, Interim-Update messages are sent whenever new information is available and when the periodic timer expires. Use the show authentication clients command to display the discovered IPv4 address/IPv6 address received from the RADIUS server, if any. Command History Command introduced in firmware release 6.5.2.
User Guidelines Only one default method may be configured. If the authentication method fails, for example, the user-supplied password does not match, the user is denied access. For the RADIUS authentication method, if no RADIUS server can be contacted, the supplicant fails authentication unless a critical voice or data VLAN is configured. The none method always allows access to the network and should therefore be used with caution.
Syntax aaa authentication enable {default | list-name} {method1 [method2...]} no aaa authentication enable {default | list-name} • default — Uses the listed authentication methods that follow this argument as the default list of methods, when using higher privilege levels. • list-name — Character string used to name the list of authentication methods activated, when using access higher privilege levels. (Range: 1-15 characters) • method1 [method2...
The additional methods of authentication are used only if the previous method returns an error, not if it fails to authenticate the administrator. Only the RADIUS or TACACS methods can return an error. For example, if none is specified as an authentication method after radius, no authentication is used if the RADIUS server is down. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line.
Keyword Source or destination enable Use the enable password for authentication. line Use the line password for authentication. local Use the local username database for authentication. none Use no authentication. radius Use the list of all RADIUS servers for authentication. tacacs Use the list of all TACACS+ servers for authentication. Default Configuration The default login lists are defaultList and networkList. defaultList is used by the console and only contains the method none.
Example The following example configures the default authentication login to attempt RADIUS authentication, then local authentication, then enable authentication, and then, if all the previous methods returned an error, allows the administrator access to the switch console (via the none method). console(config)# aaa authentication login default radius local enable none aaa authorization Use the aaa authorization command to enable authorization and optionally create an authorization method list.
– radius—Request authorization from the configured RADIUS servers. – tacacs—Request authorization from the configured TACACS+ servers. Default Configuration When authorization is enabled, the switch attempts to authorize the listed function using the configured method. Authorization is not enabled by default. Authorization supports Exec authorization and network authorization for RADIUS. Only TACACS is supported for command authorization.
When exec authorization is configured for a line mode, the use may not be required to use the enable command to enter Privileged Exec mode. If the authorization response indicates the user has privileges for Privileged Exec mode, then the switch bypasses User Exec mode entirely. If multiple authorization methods are listed, the switch will attempt communication with each method in order, until successful communication is established or all methods in the list have been tried.
Example Per command authorization example for telnet access using TACACS: Configure the Authorization Method list. console(config)#aaa authorization commands telnet-list tacacs Apply the AML to an access line mode (telnet): console(config)#line telnet console(config-telnet)#authorization commands telnet-list Exec authorization example for SSH using RADIUS with a fallback to the none method: Configure the Authorization Method list.
aaa authorization network default radius Use the aaa authorization network default radius command in Global Configuration mode to enable the switch to authorize VLAN assignment by the RADIUS server. Syntax aaa authorization network default radius no aaa authorization network default radius Default Configuration By default, the switch does not accept VLAN assignments by the RADIUS server.
Example The following example enables RADIUS-assigned VLANs. console(config)#aaa authorization network default radius aaa ias-user username Use the aaa ias-user username command in Global Configuration mode to configure IAS users and their attributes. Username and password attributes are supported. The ias-user name is composed of up to 64 alphanumeric characters. This command also changes the mode to a user Configuration mode.
Syntax aaa new-model Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example The following example configures the switch to use the new model command set. console(config)# aaa new-model aaa server radius dynamic-author Use this command to enter dynamic RADIUS server configuration mode.
IP-Address, NAS-IP-Address (if configured in switch), NAS-Port identifiers are maintained in the switch for 802.1X session identification. The switch ensures that a unique Acct-Session-ID is sent to the RADIUS server in all Access-Request packets. CoA-Request requests must contain at least one of the Acct-Session-Id, Framed-IP-Address, User-Name, or Calling-Station-Id for presentation to the NAS for CoA requests.
• Disable Host Port: The disable host port request may be useful when a port is causing issues on the network. It administratively disables the port by bringing the link down. The administrator may re-enable the port using the no shutdown command. If a valid and authenticated disable host port request is received from a configured CoA client and the session cannot be found, the switch returns a CoA-NAK message with the 503 Session Context Not Found response code.
Example The following example configures RADIUS servers at 1.1.1.1, 2.2.2.2, and 3.3.3.3 and CoA clients at 4.4.4.4 and 5.5.5.5. It sets the front panel ports to use multi-auth authentication. CoA is configured for two dynamic RADIUS servers located at 1.1.1.1 and 2.2.2.2 using a global shared secret and a third server using a server specific shared secret. CoA and disconnect requests are accepted from the CoA clients at 4.4.4.4 and 5.5.5.5.
authentication command Use the authentication command {bounce-port|disable-port} ignore to disable processing of RADIUS CoA requests to bounce the host port. The no form of this command honors RADIUS CoA bounce host port requests. Syntax authentication command { bounce-port | disable-port } ignore no authentication command { bounce-port | disable-port } ignore • bounce-port—Ignore CoA requests to disable the port for 10 seconds and then re-enable it.
A RADIUS CoA disable host port command administratively disables the port. A RADIUS CoA disabled port requires administrative intervention to reenable the port using the no shutdown command. The authentication command disable-port ignore disables processing of the CoA disable port request. If a valid and authenticated disable host port request is received from a configured CoA client and the session cannot be found, the switch returns a CoA-NAK message with the 503 Session Context Not Found response code.
Command Mode Interface (Ethernet) Configuration mode User Guidelines The following traffic is bidirectionally permitted on unauthenticated ports, regardless of the authentication state or control direction: LLDP, BOOTP, DHCP, DNS, and EAPOL. Example console(config-if-Fi1/0/1)#authentication control-direction in Command History Command introduced in version 6.7.0 firmware. authentication critical recovery Use the authentication critical recovery command to control the load placed on RADIUS servers.
User Guidelines This command configures the number of supplicants that are reauthenticated per second. This configuration is for the entire system across all the supplicants on all ports. This is used to control the system and network load when the number of supplicants to be re-authenticated is large. These re-authentications can be triggered due to reinitialize dead or alive server actions. Command History Syntax added in version 6.6 firmware.
Command History Syntax updated in version 6.6 firmware. Example The following example enables dynamic VLAN creation using the value provided in the Access-Accept message. console(config)# authentication dynamic-vlan enable authentication enable Use this command to globally enable the Authentication Manager. Interface configuration set with the authentication order command takes effect only if the Authentication Manager is enabled. Use the no form of this command to disable the Authentication Manager.
authentication event server dead action This command configures the actions to take when no authentication server is reachable. Use the no form of the command to set the interface configuration to the default. Syntax authentication event server dead action [{reinitialize | authorize}[vlan vlan-id ]] no authentication event server dead action • reinitialize—Re-authenticate hosts, potentially into the critical data VLAN.
When the dead server action is configured to authorize, the switch authorizes the authenticated supplicants into the critical data VLAN. Hosts on a RADIUS assigned VLAN, voice VLAN, unauthenticated VLAN or guest VLAN are not disturbed. Hosts authorized on the port PVID are reauthorized into the critical VLAN. Command History Syntax added in version 6.6 firmware.
User Guidelines When the alive action is configured to reinitialize, the switch triggers 802.1X reauthentication of all authenticated hosts on the port. Hosts on the voice VLAN, unauthenticated VLAN (authentication failed hosts) or guest VLAN are not disturbed. During re-authentication, if all the servers are still dead, the hosts are authenticated successfully into the critical data VLAN. Command History Syntax added in version 6.6 firmware.
User Guidelines This command allows devices on 802.1X enabled interfaces to access network resources. An administrator-configured ACL enabled on the interface may be used to restrict network access until the device is authorized. Command History Syntax added in version 6.6 firmware. Example The following example allows open access to all network resources when no ACL is configured and enabled on the interface.
The available authentication methods are dot1x, MAB, and captive portal. Ordering sets the order of authentication methods that the switch attempts when trying to authenticate a new device. If one method is unsuccessful or times out, the next method in the list is attempted. For a laptop or desktop and phone combination where both devices authenticate using IEEE 802.1X, it is recommended to configure both the order and priority as dot1x.
Each method can only be entered once. There are no restrictions on the ordering of priorities. For a laptop or desktop and phone combination where both devices authenticate using IEEE 802.1X, it is recommended to configure both the authentication priority and order as dot1x.
Example console(config-if-Gi1/0/1)# authentication timer restart 1800 console(config-if-Gi1/0/1)# no authentication timer restart authentication violation This command configures the actions to take when more than the AAAconfigured number of hosts attempts to authenticate on an interface. Use the no form of the command to set the interface configuration to the default.
console(config-if-Gi1/0/1)#authentication port-control auto console(config-if-Gi1/0/1)#authentication host-mode single-host console(config-if-Gi1/0/1)#authentication violation shutdown clear (IAS) Use the clear aaa ias-users command to delete all IAS users. Syntax clear aaa ias-users Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines There are no user guidelines for this command.
User Guidelines There are no user guidelines for this command. Example console(config)# clear authentication statistics Gi1/0/1 Are you sure you want to clear authentication manager port stats? (y/n) clear authentication authentication-history Use this command to clear all 802.1X and authentication history. Syntax clear authentication authentication-history {all|interface-id} • all—Clear all authentication history. • interface-id—A physical (Ethernet) interface identifier.
enable password Use the enable password command in Global Configuration mode to set a local password to control access to the privileged Exec mode. To remove the password requirement, use the no form of this command. Syntax enable password password [encrypted] no enable password • password — Password for this level (Range: 8- 64 characters). The special characters allowed in the password include ! # $ % & ‘ " ( ) * + , - . / : ; < = > @ [ \ ] ^ _ ` { | } ~.
Example The following example defines password “xxxyyyzzz” to control access to user and privilege levels. console(config)# enable password xxxyyyzzz ip admission proxy http redirect-url Use this command to configure a URL to which HTTP or HTTPS requests are directed. Syntax ip admission proxy http redirect-url url no ip admission proxy http redirect-url • url — An alphanumeric string (maximum length 255 characters) in HTTP URL format.
When authentication succeeds via 802.1X or MAB, the authentication server must send a dynamic ACL allowing access to the network. The dynamic ACL will replace the static ACL described in the preceding paragraph. The following meta characters may be configured in the URL string. The switch will substitute the listed information in the URL string. The size of the URL string with substitutions may not exceed 384 characters. • Host MAC address (\M) • Host IPv4 or IPv6 address (\H) • Switch port (ifIndex) (
Command Mode Global Configuration User Guidelines The switch redirects HTTP/HTTPS packets that are not addressed to the switch to the redirect address using the configured redirect URL with HTTP redirect code 302(Found) or 200 (OK). The IP address should match the address returned by DNS or the DNS hijack configured using the ip dns server address command. A redirect target is used with a redirect URL and a statically-configured ACL in authentication open mode.
Command Mode Global Configuration User Guidelines The switch will hijack DNS requests for the configured domain and return the IP addresses configured using the ip dns server address command. Installing a root certificate on the switch for the domain where the CNAME matches the domain parameter may avoid errors during redirection. Example console(config)#ip dns domain-list fqdn.dell.com console(config)#ip dns server address 192.168.1.4 192168.1.5 Command History Command introduced in version 6.7.
Command History Command introduced in version 6.7.0 firmware. ip http authentication Use the ip http authentication command in Global Configuration mode to specify authentication methods for http server users. To return to the default, use the no form of this command. Syntax ip http authentication {method1 [method2...]} no ip http authentication • method1 [method2...
User Guidelines The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line. For example, if none is specified as an authentication method after radius, no authentication is used if the RADIUS server is down. Example The following example configures the http authentication.
User Guidelines The additional methods of authentication are used only if the previous method returns an error, not if it fails. To ensure that the authentication succeeds even if all methods return an error, specify none as the final method in the command line. If none is specified as an authentication method after radius, no authentication is used if the RADIUS server is down.
User Guidelines This command is used to enable MAC Authentication Bypass (MAB) on an interface. MAB is a supplemental authentication mechanism that allows 802.1x unaware clients—such as printers, fax machines, and some IP phones, to authenticate to the network using the client MAC address as an identifier. However, MAB can also be used to authenticate 802.1x aware clients in some configurations.
• encrypted — Encrypted password to be entered, copied from another switch configuration. Default Configuration This command has no default configuration. Command Mode AAA IAS User Configuration User Guidelines IAS user accounts are distinct from user (administrator) accounts. IAS accounts give access to network resources (via 802.1X or MAB), whereas user accounts give administrative access to the switch.
NOTE: For commands that configure password properties, see Password Management Commands. Syntax password Default Configuration There is no default configuration for this command. Command Mode User Exec mode User Guidelines This command configures the password for a switch administrative user. Example The following example shows the prompt sequence for executing the password command.
Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines IAS users are distinct from switch administrative users. IAS users are allowed access to network resources. Example console#show aaa ias-users UserName ------------------Client-1 Client-2 show aaa statistics Use the show aaa statistics command to display accounting statistics. Syntax show aaa statistics Default Configuration This command has no default setting.
Number Errors Number Errors of Accounting Notifications sent at beginning of a command execution: 0 when sending Accounting Notifications at beginning of a command execution: 0 of Accounting Notifications sent at end of a command execution: 0 when sending Accounting Notifications at end of a command execution: 0 show accounting methods Use the show accounting methods command to display the configured accounting method lists.
show accounting update Use this command to show the configuration of accounting updates. Syntax show accounting update Default Configuration There is no default configuration for this command. Command Modes Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show accounting update aaa accounting aaa accounting update newinfo : Disabled update periodic : 5 minutes Command History Introduced in the 6.5.
Default Configuration There is no default configuration for this command. Command Modes Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The command displays the following information: Output Parameter Description Authentication Manager Status The administrative status of Authentication on the switch. This is a global configuration value. Interface The interface for which authentication configuration information is being displayed.
Output Parameter Description Maximum Users The maximum number of clients that can be authenticated on the interface if the interface is configured as multi-auth host mode. Guest VLAN ID The VLAN id to be used to authorize clients that time out or fail authentication due to invalid credentials. This is applicable only for 802.1x unaware clients. Unauthenticated VLAN ID The VLAN id to be used to authorize clients that that time out or fail authentication due to invalid credentials.
Configured method order........................ Enabled method order........................... undefined Configured method priority..................... Enabled method priority........................ undefined Reauthentication Period (secs)................. Reauthentication Enabled....................... Reauthentication Session timeout from server .. Maximum Users.................................. Guest VLAN ID.................................. Authentication retry attempts..................
Output Parameter Description Time Stamp Exact time at which the authentication event occurred. Interface Ethernet interface on which the authentication event occurred. MAC-Address Supplicant/Client MAC Address. Auth Status The final authentication status. Method The authentication method used. Command History Command syntax show dot1x authenticated-history deprecated in favor of show authentication authentication-history in version 6.6 firmware.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the authentication configuration.
Default Configuration There is no default configuration for this command. Command Modes Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example config# show authentication statistics gi1/0/1 Port........................................... 802.1x attempts................................ 802.1x failed attempts......................... Mab attempts................................... Mab failed attempts.......................
User Guidelines Command authorization is supported only for the line, telnet, and SSH access methods.
User Guidelines This command displays the configuration and status of MAB authenticated hosts. Command History Command introduced in version 6.6 firmware. Example The following example displays MAB information. console#show mab MAB Request Fmt Attr1 Groupsize... 2 MAB Request Fmt Attr1 Separator... legacy(:) MAB Request Fmt Attr1 Case........
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines User accounts are distinct from the IAS user accounts. IAS users are allowed access to network resources when authenticating via AAA. User accounts are switch administrators allowed access to the switch administrator console. The following fields are displayed by this command. Parameter Description UserName Local user account’s user name.
Syntax show users login-history [username|long] • username — name of user. (Range: 1-64 characters) • long — display only the user login name Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command displays switch administrative user information. Example The following example shows user login history outputs.
Syntax username name {nopassword|password password} [privilege level|adminprofile profile] [encrypted] no username name • name—The name of the user. Range: 1-64 printable characters. The special characters allowed in the username include ! # $ % & ‘ ( ) * + , - . / : ; < = > @ [ \ ] ^ _ ` { | } ~. Question marks are disallowed.User names can contain blanks if the name is surrounded by double quotes. • password—The authentication password for the user. Range: 8-64 characters.
• User accounts have an associated privilege level, a user name, and a user password. • The password is saved internally in hashed format and never appears in clear text anywhere in the UI. • An administrator (privilege level 15) may create additional administrator accounts and unlock locked accounts. • An administrator may delete or modify any or all accounts, including other administrator accounts or his own account.
Message Type Reason behind the failure Message Description 1 Exceeds Minimum Length of a Password. Password should be in the range of 8-64 characters in length. Set minimum password length to 0 by using the passwords min-length 0 command. 2 Password should contain Minimum uppercase-letters, lowercase-letters, numeric numbers, special characters and character classes and Maximum limit of consecutive alphabetic and numeric characters.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines This command applies to switch administrator (privilege level 15) accounts. Privilege level 0 cannot log into the switch. There is effectively no difference between privilege level 1 and 15.
Administrative Profiles Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches The administrative profiles capability provides the network administrator control over which commands a user (switch administrator) is allowed to execute. The administrator is able to group commands into a “profile” and assign a profile to a user upon authentication. This provides more granularity than simply allowing read-only and read-write users.
passes enable authentication, the user is permitted access to all commands. This is also true if none of the Administrative Profiles provided are configured on the switch. RADIUS and TACACS+ The network administrator may configure a custom attribute to be provided by the server during authentication. The RADIUS and TACACS+ applications process this custom attribute and provide this data to the User Manager for configuring the user profile.
Example console(config)#admin-profile qos console(admin-profile)# description (Administrative Profile Configuration) Use the description command in Administrative Profile Configuration mode to add a description to an administrative profile. Use the no form of this command to delete the description. Syntax description text no description • text—A description of, or comment about, the administrative profile. To include white space, enclose the description in quotes. Range: 1 to 128 printable characters.
rule Use the rule command to add a rule to an administrative profile. Use the no form of this command to delete a rule. Syntax rule number {deny|permit} {command command-string|mode modename} no rule number • number—The sequence number of the rule. Rules are applied from the highest sequence number to the lowest. Range: 1 to 256. • command-string—Specifies which commands to permit or deny. The command-string may contain spaces and regular expressions.
show admin-profiles Use the show admin-profiles command to show the administrative profiles. If the optional profile name parameter is used, only that profile will be shown. Syntax show admin-profiles [name profile-name] • profile-name—The name of the administrative profile to display. Default Configuration This command has no default configuration.
3 permit mode class-map show admin-profiles brief Use the show admin-profiles brief command to list the names of the administrative profiles defined on the switch. Syntax show admin-profiles brief Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines These are the generic mode names to be used in the rule command above. These are not the same as the prompt which is displayed in a particular mode.
E-mail Alerting Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches E-mail Alerting is an extension of the logging system. The Dell EMC Networking logging system allows the user to configure a variety of destinations for log messages. This feature adds e-mail configuration capabilities, by which the log messages are sent to a configured SMTP server such that an operator may receive the log in an e-mail account of their choice.
logging email Use the logging email command in Global Configuration mode to enable email alerting and set the lowest severity level for which log messages are emailed. Use the no form of the command to disable e-mail alerting. Syntax logging email [severity] no logging email • severity—If you specify a severity level, log messages at or above the severity level are e-mailed. The severity level may either be specified by keyword or as an integer from 0 to 7.
time specified in the logging email logtime command) and then e-mailed in a single e-mail message. If you set the non-urgent severity level to the same value as the urgent severity level, then no log messages are e-mailed nonurgently. See the logging email urgent command to specify the urgent severity level. The command no logging email disables all e-mail alerting.
Command Mode Global Configuration mode User Guidelines Log messages at or above this severity level are considered urgent. By default, Emergency and Alert log messages are considered urgent. Urgent log messages are e-mailed immediately, one log message per e-mail message, and do not wait for the log time to expire. Urgent log messages are not e-mailed unless you enable e-mail alerting with the logging email command.
Urgent | non-urgent | both—The priority with which the email is queued. Urgent email is sent immediately. Non-urgent email is queued and sent periodically. Example console(config)#logging email message-type urgent to-addr admin123@dell.com Command History Example added in the 6.4 release. logging email from-addr Use the logging email from-addr command in Global Configuration mode to configure the From address of the e-mail. Use the no form of this command to remove the e-mail source address.
logging email message-type subject Use the logging email message-type subject command in Global Configuration mode to configures subject of the e-mail. Use the no form of this command to remove the existing subject and return to the default subject. Syntax logging email message-type message-type subject subject no logging email message-type message-type subject Default Configuration This command has no default configuration.
• time duration—Time in minutes. Range: 30 – 1440. Default Configuration The default value is 30 minutes. Command Mode Global Configuration User Guidelines This command has no user guidelines. Example console(config)#logging email logtime 50 Command History Example added in the 6.4 release. logging email test message-type Use the logging email test message-type command in Global Configuration mode to test whether or not an e-mail is being sent to an SMTP server.
User Guidelines This command has no user guidelines. Example console(config)#logging email test message-type urgent message-body urgentlog Command History Example added in the 6.4 release. show logging email statistics Use the show logging email statistics command to show the statistics about the e-mails. The command displays information on how many e-mails are sent, how many e-mails failed, how long it has been since the last e-mail was sent.
clear logging email statistics Use the clear logging email statistics command to clear the e-mail alerting statistics. Syntax clear logging email statistics Default Configuration This command has no default configuration. Command Mode Privileged Exec User Guidelines This command has no user guidelines. Example console#clear logging email statistics Command History Example added in the 6.4 release.
Default Configuration The default value is disabled. Command Mode Mail Server Configuration User Guidelines This command has no user guidelines. Example console(config)#mail-server 10.131.1.11 console(mail-server)#security tlsv1 Command History Example added in the 6.4 release. mail-server ip-address | hostname Use the mail-server ip-address | hostname command in Global Configuration mode to configure the SMTP server IP address and change the mode to Mail Server Configuration mode.
Field Default Email Alert Security Protocol none Email Alert Username admin Email Alert Password admin Command Mode Global Configuration User Guidelines The server address can be in the IPv4, IPv6, or DNS FQDN name format. port (Mail Server Configuration Mode) Use the port command in Mail Server Configuration mode to configure the TCP port to use for communication with the SMTP server. The default for no security is 25 (SMTP). The port for TLSv1 is port 465. The range is 1025 to 65535.
console(mail-server)#port 1024 Command History Example added in the 6.4 release. Description updated in the 6.4 release. username (Mail Server Configuration Mode) Use the username command in Mail Server Configuration mode to configure the username required by the authentication. Use the no form of the command to revert the username to the default value. Syntax username username no username Default Configuration The default value for username is admin.
password (Mail Server Configuration Mode) Use the password command in Mail Server Configuration mode to configure the password required to authenticate to the e-mail server. Use the no form of the command to revert the password to the default value. Syntax password password no password Default Configuration The default value for password is admin. Command Mode Mail Server Configuration User Guidelines This command has no user guidelines. Example console(config)#mail-server 10.131.1.
Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show mail-server all Mail Servers Configuration: No of mail servers configured......................1 Email Email Email Email Email Alert Alert Alert Alert Alert Mail Server Address.................. 10.131.1.11 Mail Server Port........................ 465 SecurityProtocol.............
RADIUS Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Authentication of users in a large network can be significantly simplified by making use of a single database of accessible information supplied by an Authentication Server. These servers commonly use the Remote Authentication Dial In User Service (RADIUS) protocol as defined by RFC 2865.
assigned VLAN does not exist on the supplicant connected interface, the assigned VLAN is dynamically created. See the aaa authorization network default radius command for further information. This implies that the client can connect from any port and be assigned to the appropriate VLAN, which may be already configured on an uplink interface. This gives flexibility for clients to move around the network with out requiring the operator to perform additional provisioning for each network interface.
denied network access. Dell EMC Networking switches also support the proprietary VSA subscriber commands bounce-host-port, disable-host-port, and reauthenticate. If the session cannot be located, the device returns a Disconnect-NAK message with the “Session Context Not Found” error-code attribute. If the session is located, the device terminates the session. After the session has been completely removed, the device returns a Disconnect-ACK message.
acct-port Use the acct-port command to set the port on which the RADIUS accounting server listens for connections. Use the no form of this command to reset the port to the default. Syntax acct-port port no acct-port • port — The layer 4 port number of the accounting server (Range: 1 65535). Default Configuration The default value of the port number is 1813. Command Mode RADIUS Server Accounting mode User Guidelines There are no user guidelines for this command.
Default Configuration By default, the Service-Type is not included in the Access-Request message sent to the authentication server. Command Mode RADIUS Server Configuration User Guidelines on-for-login—If the on-for-login parameter is enabled, the Service-Type TLV is send in the Access-Request message. mandatory—If the mandatory parameter is enabled, the Service-Type attribute is required and validated in the Access-Accept packet received from the RADIUS server.
attribute 8 Use the attribute 8 command to configure the switch to send the RADIUS Framed-IP-Address attribute in the Access-Request message sent to a specific RADIUS authentication server. The switch sends the IP address of the host attempting to authenticate in the Framed-IP-Address attribute in the AccessRequest sent to the authentication server.
Syntax attribute 25 include-in-access-req no attribute 25 include-in-access-req Default Configuration By default, the Class attribute is included in the accounting messages sent to the accounting server if received in the Access-Accept from the RADIUS authentication server. Command Mode RADIUS Server Configuration User Guidelines The switch sends the Class attribute value supplied by the RADIUS server in the Access-Accept message if enabled.
Syntax attribute { 30 | 31 | 32 } mac format { ietf | unformatted | legacy } [lowercase | upper-case] no attribute { 30 | 31 | 32 } mac format • ietf—Format the MAC address as 18-DB-F2-25-B2-D4. The default is upper case. • unformatted—Format the MAC address as 18dbf225b2d4. The default is lower case. • legacy—Format the MAC address as 18:db:f2:25:b2:d4. The default is lower case. • lower-case—Format hexadecimal characters using the character set [0-9af].
This command overrides the global configuration for attribute 30, 31, or 32. Use the mab request format attribute 1 command to configure formatting the User-Name attribute. Use the radius server attribute mac format command to globally configure MAC address formatting. Command History Introduced in version 6.3.0.1 firmware. Updated in release 6.5.0 to remove formatting of the User-Name attribute. Updated in release 6.6.0 to add formatting of attributes 30 and 31.
Command Mode RADIUS Server Configuration mode User Guidelines The format parameter is a text string. Use quotes to include embedded spaces. Command History Command introduced in version 6.6.0.1 firmware. attribute 44 Use the attribute 44 command to enable sending the Acct-Session-ID in Access-Request messages. Use the no form of the command to cease sending the Acct-Session-ID in Access-Request messages.
attribute 168 Use the attribute 168 include-in-access-req command to enable the switch to send the RADIUS Framed-IPv6-Address attribute in Access-Request messages sent to the RADIUS authentication server. Syntax attribute 168 include-in-access-req no attribute 168 include-in-access-req Default Configuration By default, RADIUS attribute 168 is not sent. Command Mode RADIUS Server Configuration mode.
authentication event fail retry Use the authentication event fail retry command to select the number of times authentication is reattempted by the user for an IEEE 802.1X supplicant. Use the no form of the command to return the number of maximum attempts to the default value.
This command sets the limit for retring failed authentications for RADIUS. The switch attempts authentication based on the selected method and if authentication returns an error (as opposed to a failure), the next authentication method is attempted regardless of this setting.
Command Mode RADIUS Server Configuration mode User Guidelines User must enter the mode corresponding to a specific RADIUS Server Configuration before executing this command. Example The following example sets the port number 2412 for authentication requests. console(config)#radius server auth 192.143.120.123 console(config-auth-radius)#auth-port 2412 automate-tester Use the automate-tester command to configure liveness checking. Use the no form of the command to disable liveness checking.
User Guidelines RADIUS servers configured with a test username and a non-zero deadtime are tested periodically for liveness. Liveness of a server is determined by sending an Access-Request to the server using a configurable dummy login. If an Access-Reject is returned, the server is marked alive and is available for use for authentication. The radius deadtime configured retries and timeouts are applied. It is suggested that the configured values be the same as the normal RADIUS values.
Syntax deadtime deadtime • deadtime — The amount of time that the unavailable server is skipped over. (Range: 0-2000 minutes) Default Configuration The default deadtime interval is 0 minutes, that is, the server will never be marked dead. Command Mode RADIUS Server Configuration mode User Guidelines If only one RADIUS server is configured, it is recommended to use a deadtime interval of 0. Setting the deadtime to 0 indicates to the switch that the server should never be marked dead.
• 0—The key string that follows is the unencrypted shared secret. The length is 1–128 characters. • 7—The key string that follows is the encrypted shared secret. The length is exactly 256 characters. • key-string — The key string in encrypted or unencrypted form. In encrypted form, it must be 256 characters in length. In unencrypted form, it may be up to 128 characters in length. Default Configuration There is no key configured by default.
msgauth Use the msgauth command to enable the message authenticator attribute to be used for the RADIUS Authenticating server being configured. Use the “no” form of this command to disable the message authenticator attribute. Syntax msgauth no msgauth Default Configuration The message authenticator attribute is enabled by default. Command Mode RADIUS Server Configuration mode User Guidelines There are no user guidelines for this command.
Default Configuration The default RADIUS server group name is Default-RADIUS-Server. Command Mode RADIUS Server Configuration mode User Guidelines Assigning a name to multiple RADIUS servers associates the servers into a list. Server groups may be used to control which authentication servers are prioritized for traffic. Names may consist of alphanumeric characters and the underscore, dash and blanks. Embed the name in double quotes to use a name with blanks.
console(config-auth-radius)#no name primary Use the primary command to specify that a configured server should be the primary server in a server group. Syntax primary Default Configuration There is no primary authentication server by default. Command Mode RADIUS Server Configuration mode User Guidelines Multiple primary servers can be configured for each server group.
Default Configuration The default priority is 0. Command Mode RADIUS Server Configuration mode User Guidelines User must enter the mode corresponding to a specific RADIUS server before executing this command. The highest priority is 0, with higher values indicating progressively lower priorities. Example The following example specifies a priority of 10 for the designated server. console(config)#radius server auth 192.143.120.
Command Mode Global Configuration mode User Guidelines This command does not alter the address in the IP header in Access-Requests transmitted to the RADIUS server. It only configures the NAS-IP-Address attribute sent to the RADIUS server inside the RADIUS Access-Request packet. This capability is useful when configuring multiple RADIUS clients (switches) to simulate a single RADIUS client for scalability.
Command Mode Global Configuration User Guidelines on-for-login—This parameter globally configures the switch to send the RADIUS Service-Type attribute in the Access-Request message sent to all RADIUS authentication servers. The switch sends the Service-Type value Administrative (6) for administrators attempting to access the switch console and sends Service-Type value Login (1) for users attempting to access the network.
Default Configuration By default, RADIUS attribute 8 is not sent. Command Mode Global Configuration User Guidelines If accounting is enabled and the address is available to the switch, the switch will send the IPv4 address in the Access-Request, Acct-Start/AcctInterim/Acct-Stop messages sent to the RADIUS server. The switch discovers the client IPv4 address via its inclusion in the RADIUS Access-Accept, via DHCPv4 snooping.
Syntax radius server attribute 25 include-in-access-req no radius server attribute 25 include-in-access-req Default Configuration By default, the switch sends the Class attribute to the accounting server if received in the Access-Accept from the RADIUS authentication server. Command Mode Global Configuration User Guidelines The switch sends the Class attribute value supplied by the RADIUS server in the RADIUS Access-Accept message if enabled.
The format parameter is a text string of 2-128 characters and may include the following format specifiers: %m : NAS MAC address %i : NAS IP address %h : NAS host name %d : NAS domain name Default Configuration By default, the format specifier is %m. Command Mode Global Configuration User Guidelines The format parameter is a text string. Use quotes to include embedded spaces. The MAC address format may be altered by configuration of the radius server attribute 32 mac format command.
Syntax radius server attribute 44 include-in-access-request no radius server attribute 44 include-in-access-request Default Configuration By default, the Acct-Session-ID is not sent in Access-Request messages. Command Mode Global Configuration mode User Guidelines The Acct-Session-ID is the same as the session identifier used in accounting messages. Command History Command introduced in version 6.6.0.1 firmware.
• ietf—Format the MAC address as 18-DB-F2-25-B2-D4. The default is upper case. • unformatted—Format the MAC address as 18dbf225b2d4. The default is lower case. • legacy—Format the MAC address as 18:db:f2:25:b2:d4. The default is lower case. • lower-case—Format hexadecimal characters using the character set [0-9af]. • upper-case—Format hexadecimal characters using the character set [0-9AF].
Example This example globally configures the format of the MAC address sent in the Calling-Station-Id attribute to IETF lower case. It also configures interface Gi1/0/1 to use MAB. For this command to have any affect, MAB must be configured on the switch in an active authentication list, IEEE 802.1X must be configured, and a RADIUS server must also be configured.
After an Access-Accept has been received by the switch and the switch grants the host access to the network, it may take a few seconds before the DHCPv6 transaction completes. Use the aaa accounting delay-start command to delay the sending of the Acct-Start packet to the accounting server. Accounting messages are not sent for hosts placed in the Guest VLAN. Use the show authentication clients command to display the RADIUS Server supplied IPv6 address, if any.
User Guidelines Use this command in conjunction with the automate-tester command to enable testing of RADIUS servers. When all RADIUS servers have been declared dead, 802.1x authenticated clients may be migrated to the critical data VLAN or critical voice VLAN. Newly authenticating clients will be authenticated to the critical data or voice VLAN. Command History Command introduced in version 6.6.0.1 firmware. Example This example globally sets the dead criteria to two attempts with a 10 second timeout.
User Guidelines If only one RADIUS server is configured, it is recommended that the deadtime interval be left at 0. Setting the deadtime to 0 will cause the switch to always send a RADIUS request to the RADIUS server if the server is selected. If a RADIUS server is currently active and responsive, that server will be used until it no longer responds. RADIUS servers whose deadtime interval has not expired are skipped when searching for a new RADIUS server to contact.
User Guidelines RADIUS servers are keyed by the host name/IP address, therefore it is advisable to use unique server host names. Use the show aaa servers {accounting|authentication} command to display the hostname/IP address to list name mapping. Multiple authentication servers may be configured with the same name using the name command. Dell EMC Networking implements a two-level hierarchy for RADIUS servers. The top level is a list of servers which is alphabetically ordered by name.
Server IP address — 192.168.10.1 Server Name — name1 Type — primary console(config)#radius server 192.168.10.1 console(config-auth-radius)#name name1 console(config-auth-radius)#primary The following shows an example configuration with two servers (list1 and list2), each of which has a Primary and Secondary IP addresses: console(config)#show aaa servers authentication * Host Address ---- -----------1.2.3.1 4.3.2.2 4.3.2.1 1.2.3.5 1.2.3.
Default Configuration The default is an empty string. Command Mode Global Configuration User Guidelines In an Access-Request, encrypted passwords are sent using the RSA Message Digest algorithm (MD5). If no encryption parameter (7) is present, the key string is interpreted as an unencrypted shared secret. Keys are always displayed in their encrypted form in the running configuration. The encryption algorithm is the same across switches.
• acct—Configure load balancing for accounting servers. • radius—Configure load balancing for the default RADIUS server list. • name—Configure load balancing for the named server list. • least-outstanding—Configure least outstanding request load balancing. • batch-size—Configure the number of outstanding requests to send to a server. Default Configuration By default, all RADIUS servers are part of the Default-RADIUS-Server list. The default batch size is 25 requests.
Example This example globally sets load balancing for the default RADIUS list using a batch size of 5. Probes are sent to the RADIUS server after two minutes with no activity to that server. console(config)#radius server auth 4.3.2.4 console(config-auth-radius)#radius-server dead-criteria time 10 tries 2 console(config-auth-radius)#automate-tester username dummy idle-time 2 console(config-auth-radius)#exit console(config)#radius server auth 4.3.2.
Example The following example configures the number of times the RADIUS client attempts to retransmit requests to the RADIUS server to five attempts. console(config)#radius server retransmit 5 radius server source-ip Use the radius server source-ip command to specify the source IPv4 address used in the IP header for communication with RADIUS servers. To return to the default, use the no form of this command. 0.0.0.0 is interpreted as a request to use the IPv4 address of the outgoing IP interface.
radius server source-interface Use the radius server source-interface command to select the interface from which to use the IP address in the source IP address field of transmitted RADIUS packets. Use the no form of the command to revert to the default IP address. Syntax radius server source-interface {loopback loopback-id | vlan vlan-id} no radius server source-interface • loopback-id — A loopback interface identifier. • vlan-id—A VLAN identifier.
console(config-if-vlan1)#exit console(config)#radius server source-interface vlan 1 radius server timeout Use the radius server timeout command in Global Configuration mode to set the interval for which a switch waits for a server to reply. To restore the default, use the no form of this command. Syntax radius server timeout timeout no radius server timeout • timeout — Specifies the timeout value in seconds. (Range: 1–30) Default Configuration The default value is 15 seconds.
Default Configuration By default, VSA Attribute 26, Vendor ID 9, and Sub-type 1 are not processed by the switch. Command Mode Global Configuration mode User Guidelines This command does not affect processing of any VSA’s other than VSA Attribute :q1 26, Vendor ID 9, Sub-type 1. It does not affect processing of Voice VLAN or Admin/Login. Predefined ACL Selection using VSA Attribute 26 This method selects an ACL that is already configured on the switch.
ipv6:inacl=Named_IPv6_ACL Dynamic ACL Definition This method uses ACL syntax to create a new ingress ACL on the switch: ip:inacl[#number]={extended-access-control-list} ipv6:inacl[#number]={ extended-access-control-list} • The ip token indicates an IPv4 ACL definition follows the equals sign. • The ipv6 token indicates an IPv6 ACL definition follows the equals sign. • #number is the ACL sequence number in decimal format. Range 1– 2147483647.
"Interface X/X/X not authorized. Application of downloaded ACL did not complete due to invalid syntax XXXXX" is issued indicating that a received RADIUS rule is misconfigured with invalid syntax or configured with both ip:traffic-class and inacl rules and identifying the affected interface. If Accounting is enabled, the Acct-Start packet is not sent. An EAP-Failure is sent to the 802.1X client. Command History Command introduced in firmware version 6.5.2.
show aaa servers Use the show aaa servers command to display the list of configured RADIUS servers and the values configured for the global parameters of the RADIUS servers. Syntax show aaa servers [accounting | authentication] [name [servername]] • accounting—This optional parameter will cause accounting servers to be displayed. • authentication—This optional parameter will cause authentication servers to be displayed.
Field Description Named Accounting Server Groups The number of configured named accounting RADIUS server groups. Timeout The configured timeout value, in seconds, for request retransmissions. Retransmit The configured value of the maximum number of times a request packet is retransmitted. Dead Time The configured length of time an unavailable RADIUS server is skipped. RADIUS Accounting Mode A global parameter to indicate whether the accounting mode for all the servers is enabled or not.
Example console#show aaa servers IP address Usage ------------------10.130.50.107 10.130.50.107 Type Port TimeOut Retran. DeadTime Source IP Prio. ----- ----- ------- ------- -------- ------------- ----- -Auth Acct 1812 1813 Global N/A Global N/A Global N/A Global values -------------------------------------------Number of Configured Authentication Servers.... Number of Configured Accounting Servers........ Number of Named Authentication Server Groups... Number of Named Accounting Server Groups...
Number Number Number Number Number Number Number Radius of CoA ACK Responses Sent...................... of CoA NAK Responses Sent...................... of Coa Requests Ignored........................ of CoA Missing/Unsupported Attribute Requests. of CoA Session Context Not Found Requests..... of CoA Invalid Attribute Value Requests........ of Administratively Prohibited Requests........ Server VSA Authentication:.....................
User Guidelines The hostname parameter may be a fully or partially qualified domain name. A hostname consists of a series of labels separated by periods. Each label may be a maximum of 63 characters in length. The maximum length of the hostname parameter is 256 characters. Refer to RFC 1035 Section 2.3.1 for more information. The following fields are displayed for accounting servers: Field Description RADIUS Name of the accounting server. Accounting Server Name Server Host Address IP address of the host.
Field Description Unknown Types The number of packets unknown type which were received from this server on accounting port. Packets Dropped The number of RADIUS packets received from this server on accounting port and dropped for some other reason. The following fields are displayed for authentication servers: Field Description RADIUS Server Name Name of the authenticating server. Server Host Address IP address of the host.
Field Description Unknown Types The number of packets unknown type which were received from this server on the authentication port. Packets Dropped The number of RADIUS packets received from this server on authentication port and dropped for some other reason. Example console#show radius statistics accounting 192.168.37.200 RADIUS Accounting Server Name................. Host Address.................................. Round Trip Time............................... Requests...............................
source-ip Use the source-ip command in RADIUS Server Configuration mode to specify the source IP address to be used for communication with RADIUS servers. 0.0.0.0 is interpreted as a request to use the IP address of the outgoing IP interface. Syntax source-ip source • source — A valid source IP address. Default Configuration The IP address is of the outgoing IP interface.
Default Configuration The default value is 15 seconds. Command Mode RADIUS Server Configuration mode User Guidelines The administrator must enter the mode corresponding to a specific RADIUS server before executing this command. This command overrides the global configuration for the selected server. Example The following example specifies the timeout setting for the designated RADIUS Server. console(config)#radius server host 192.143.120.
User Guidelines The administrator must enter the auth or acct mode corresponding to a specific RADIUS server before executing this command. This command has no effect on accounting servers. Use this command to restrict the types of authentication sent to a particular RADIUS server. The login selection restricts authentication requests to switch administrator logins. The authmgr setting restricts authentication requests to 802.1x and MAB authentications. Command History Syntax updated in version 6.
TACACS+ Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches TACACS+ provides access control for networked devices via one or more centralized servers, similar to RADIUS this protocol simplifies authentication by making use of a single database that can be shared by many clients on a large network.
Syntax key [0|7] key-string no key • 0—The key string that follows is the unencrypted shared secret. The length is 1–128 characters. • 7—The key string that follows is the encrypted shared secret. The length is 256 characters. • key-string — Specifies the key string in encrypted or unencrypted form. It may be up to 128 characters in length in unencrypted format and 256 characters in length in encrypted format.
Example The following example sets the authentication encryption key. console(config-tacacs)#key “This is a key string” console(config-tacacs)#key 0 “This is a key string” port Use the port command in TACACS Configuration mode to specify a port number on which a TACACS server listens for connections. Syntax port [port-number] • port-number — The server port number. If left unspecified, the default port number is 49. (Range: 0–65535) Default Configuration The default port number is 49.
• priority — Specifies the priority for servers. 0 (zero) is the highest priority. (Range: 0–65535). Default Configuration If left unspecified, this parameter defaults to 0 (zero). Command Mode TACACS Configuration mode User Guidelines This command has no user guidelines. Example The following example shows how to specify a server priority of 10000. console(config-tacacs)#priority 10000 show tacacs Use the show tacacs command to display the configuration and statistics of a TACACS+ server.
Examples The following example displays TACACS+ server settings. console#show tacacs Global Timeout: 5 Server Address --------------10.254.24.162 Port ----49 Timeout ------Global Priority -------0 Source Interface ----------------Loopback 0 tacacs-server host Use the tacacs-server host command in Global Configuration mode to configure a TACACS+ server. This command enters into the TACACS+ configuration mode. To delete the specified hostname or IP address, use the no form of this command.
Example The following example specifies a TACACS+ host. console(config)#tacacs-server host 172.16.1.1 console(config-tacacs)# tacacs-server key Use the tacacs-server key command in Global Configuration mode to set the authentication and encryption key for all TACACS+ communications between the switch and the TACACS+ daemon. To disable the key, use the no form of this command.
If no encryption parameter is present, the key string is interpreted as an unencrypted shared secret. Keys are always displayed in their encrypted form in the running configuration. In an Access-Request, encrypted passwords are sent using the RSA Message Digest algorithm (MD5). The encryption algorithm is the same across switches. Encrypted passwords may be copied from one switch and pasted into another switch. Command History Updated in version 6.3.0.1 firmware.
Command Mode Global Configuration User Guidelines The source interface must have an assigned IP address (either manually or via another method such as DHCP). Loopback interfaces are not supported on the Dell EMC N1100-ON Series switches. Command History Introduced in version 6.3.0.1 firmware.
User Guidelines This command has no user guidelines. Example The following example sets the timeout value as 30. console(config)#tacacs-server timeout 30 timeout Use the timeout command in TACACS Configuration mode to specify the timeout value in seconds. If no timeout value is specified, the global value is used. Syntax timeout [timeout] • timeout — The timeout value in seconds. (Range: 1–30) Default Configuration If left unspecified, the timeout defaults to the global value.
802.1x NAS Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Local Area Networks (LANs) are often deployed in environments that permit the attachment of unauthorized devices. The networks also permit unauthorized users to attempt to access the LAN through existing equipment. In such environments, the administrator may desire to restrict access to the services offered by the LAN.
to be able to identify the short-comings in the configuration of a 802.1x authentication on the switch without affecting the network access to the users of the switch. There are three important aspects to this feature after activation: 1 To allow successful authentications using the returned information from authentication server.
Command Mode Global Configuration mode User Guidelines Local processing of IEEE 802.1x frames must be disabled (no dot1x systemauth-control) for this capability to be enabled. This capability is useful in situations where the authenticator device is placed one or more hops away from the authenticating host. The intervening switch will flood all received IEEE 802.1x frames in the VLAN. Flooding of IEEE 802.
When used with an interface parameter, this command clears all 802.1X sessions on the interface by removing the authentication information, reseting the 802.1X state machine, and denying network access to the authenticated device. Use with caution. Command History Syntax updated in version 6.6 firmware. default mab Use the default mab command to configure the switch to transmit EAP or CHAP or PAP credentials to the RADIUS server for MAB-authenticated devices connected to the interface.
1–User-Name—MAC address of MAB device. 3–CHAP-Password = Encrypted User Name. 4–NAS-IP-Address—IP address of the switch. 5–NAS-Port—Our internal port number. 6–Service-Type is set to 10 (Call-Check). 12–Framed-MTU—Port/switch MTU—header length (for example, 1500). 30–Called Station ID—MAC address of device (in xx:xx:xx:xx:xx:xx format). 31–Calling-Station ID—Switch MAC address. 60–CHAP-Challenge (if auth type is CHAP). 61–NAS-Port-Type (Ethernet 15). 87–NAS-Port-Id (e.g.
30–Called Station ID—MAC address of device (in xx:xx:xx:xx:xx:xx format). 31–Calling-Station ID—Switch MAC address. 61–NAS-Port-Type (Ethernet 15). The Calling Station ID is formatted per the attribute 31 command. The User-Name attribute is formatted per the attribute 1 command. The Access-Request attribute is formatted for PAP authentication. Command History Command introduced in version 6.5 firmware.
User Guidelines A MAC address consists of 12 hexadecimal digits. The MAC address of the authentication station is sent in the User-Name attribute in a RADIUS Access-Request for MAC Authentication Bypass configured stations. The following table shows some example formats: MAC Address Group Size Separator Case Formatted Address 18DBF225B2D4 1 . Lower 1.8.d.b.f.2.2.5.b.2.d.
User Guidelines Some authentication servers will not authenticate hosts where the username (attribute 1) information is the same as the password (attribute 2) information. This command globally configures MAB users to send the configured password in the password (2) attributes. The configured password is sent for all MAB authenticating hosts. Enclose the password in quotes to embed a blank in the password. This command overrides the default mab command settings.
User Guidelines This command limits the number of EAP Request/Identity messages. EAP Request/Identity messages are sent to identify if the connected host is 802.1X capable. This setting controls how long the switch will wait to identify non802.1X capable hosts on ports configured to authenticate with a method other than 802.1X. Use the dot1x max-req command to limit the number of EAP Request messages other than EAP Request/Identity. Command History Command introduced in version 6.5 firmware.
This command limits the number of times an EAP-Request is sent without receiving an EAP-Response. EAP-Requests are sent during the 802.1X authentication process to 802.1X aware hosts. Use the dot1x max-reauth-req command to limit the number of repeated EAP Request/Identity messages. Example The following example sets the number of times that the switch sends an EAP-request frame for which no EAP-Response is received to 6.
Command History Command introduced in version 6.7.0 firmware. dot1x pae Use this command to enable 802.1X on an interface and set the interface role. Syntax dot1x pae authenticator • authenticator—Set the port role as an 802.1X authenticator. Default Configuration The default role is authenticator. Command Mode Interface (Ethernet) Configuration mode User Guidelines This command has no user guidelines. Command History Command introduced in version 6.6 firmware. Example This command sets the 802.
Syntax authentication host-mode { multi-auth | multi-domain | multi-host | single-host | multi-domain-multi-host } no authentication host-mode • multi-auth—Allow multiple hosts to authenticate individually on the interface. • multi-domain—Allow one data device and one voice device to authenticate. • multi-host—Allow multiple hosts access to the network on an authenticated interface. One host must authenticate on the interface to allow access to other hosts.
access point also authenticate using the switch resources. The access point must be configured to transparently pass EAPOL traffic. Use switchport mode general to support RADIUS VLAN assignment for hosts. • multi-domain—In this mode, exactly one data client and one voice client may be authenticated. The switch enforces this restriction by examining the source MAC address of incoming packets. The typical use case is an IP phone connected to a NAS port and a laptop connected to the hub port of the IP phone.
network services behind the NAS. The voice and data domains are separated. Once the VM Controller is authenticated, it allows traffic from all the VMs hosted by the VM Controller. • single-host—Only allow a single authenticated device access to the network. No other hosts are allowed access to the network. Access is enforced via the MAC address of the authenticating host. The authenticated host must de-authenticate to allow a different host to authenticate.
Default Configuration By default, the maximum number of clients supported by the switch are allowed to authenticate on a port. For the N1100-ON and N1500 Series switches, the range is 1–32. Command Mode Interface Configuration (Ethernet) mode User Guidelines The maximum number of clients that can authenticate on a port is 64. For the N1100-ON and N1500 Series switches, the maximum number of clients is to 32.
• auto — Enables 802.1x authentication on the interface and causes the port to transition to the authorized or unauthorized state based on the 802.1x authentication exchange between the switch and the client. Once the first data client is authenticated, any other clients on the interface have access to the data VLAN. This is equivalent to IEEE 802.1X portbased mode. VLAN assignment is allowed on the port if it is not configured in trunk mode. This is the default port-control authentication method.
Command History Syntax added in version 6.6 firmware. Example The following command disables authentication on port 1/0/2 console(config)# interface gigabitethernet 1/0/2 console(config-if-Gi1/0/2)# authentication port-control force-unauthorized The following example configures an interface to ignore 802.1x authentication messages and allow access to the network.
Command History Command updated in version 6.6 firmware. Example The following example enables periodic reauthentication of the client. console(config)# interface gigabitethernet 1/0/16 console(config-if-Gi1/0/16)# authentication periodic clear dot1x statistics Use the clear dot1x statistics command to clear the statistics for a specified interface or all interfaces. Syntax clear dot1x statistics [interface ID] • interface ID—An Ethernet (physical) interface identifier.
Syntax dot1x supplicant user username no dot1x supplicant user • username — The name of the user with the required credential (password). Range: 1 to 64 printable characters. The special characters allowed in the username include ! # $ % & ‘ ( ) * +, - . / : ; < = > @ [ \ ] ^ _ ` { | } ~. Question marks are disallowed.User names can contain blanks if the name is surrounded by double quotes. Default Configuration There is no supplicant username configured by default.
dot1x system-auth-control Use the dot1x system-auth-control command in Global Configuration mode to enable 802.1x globally. To disable 802.1x globally, use the no form of this command. Syntax dot1x system-auth-control no dot1x system-auth-control Default Configuration The default for this command is disabled. Command Mode Global Configuration mode User Guidelines Devices connected to interfaces on which IEEE 802.
authentication monitor Use the authentication monitor command in Global Configuration mode to enable 801.1x monitor mode globally. To disable 802.1x monitor mode globally, use the no form of this command. Syntax authentication monitor no authentication monitor Default Configuration Authentication monitor mode is disabled. Command Mode Global Configuration mode User Guidelines Monitor mode is intended to test network access controls in a test environment.
dot1x timeout Use the dot1x timeout command in Interface Configuration mode to set the values of the various 802.1x state machine timers. To return to the default setting, use the no form of this command. Syntax dot1x timeout { quiet-period | tx-period | server-timeout | supp-timeout } {seconds} no dot1x timeout • quiet-period—The time, in seconds, during which the authenticator state machine will not attempt to acquire a supplicant.
User Guidelines Change the default value of the 802.1X/AAA timers only to adjust for unusual circumstances, such as unreliable links or specific behavioral problems with certain clients or authentication servers. Changing these values may result in RADIUS server timeouts, failed authentications or switch behavior that is not responsive to 802.1X clients, potentially including denial of network access.
Example The following command sets the number of seconds that the switch waits for a response to an EAP-request/identity frame to 60 seconds. A side effect of this setting is that a MAB device might take several minutes to be authenticated. console(config)# interface gigabitethernet 1/0/16 console(config-if-Gi1/0/16)# dot1x timeout tx-period 60 The following example sets the time for the retransmission to the authentication server to 90 seconds.
User Guidelines The re-authentication process sends an authentication message (EAPRequest/Identity)to authenticated supplicants asking them to reauthenticate themselves. If a supplicant fails re-authentication, it is denied access to switch resources. Re-authentication must be enabled for this setting to have any effect. Command History Syntax updated in version 6.6 firmware. Example The following example sets the number of seconds between re-authentication attempts to 300.
Default Configuration The default is to authenticate with all received session identification parameters. Command Modes Dynamic RADIUS Configuration User Guidelines This command specifies the session identification attributes to validate before acting on a CoA disconnect request. The any/all parameter only applies to the received attributes. It does not mandate which attributes must be contained in the received message.
• hostname—The fully qualified domain name (FQDN) of a CoA client. Maximum length of a host FQDN is 255 characters. • server-key —Sets the shared secret to verify client COA requests for this server. • 0—An unencrypted key is to be entered. • 7—An encrypted key is to be entered. • key-string—The key string in encrypted or unencrypted form. In encrypted form, it must be 256 characters in length. In unencrypted form, it may be up to 128 characters in length.
server using a server specific shared secret. CoA disconnect requests are accepted from these servers. Any session identification attribute is allowed for CoA disconnect requests.
• Server-key—Do not attempt to authenticate with the server key. Default Configuration The default is to authenticate using all parameters present in the received message as specified by the configured auth-type. Command Modes Dynamic RADIUS Configuration User Guidelines This command specifies the attributes to validate before acting on a CoA or disconnect request. If session-key is specified and the session ID is valid, authentication succeeds even if the session-key does not match.
Default Configuration The default is port 3799. Command Modes Dynamic RADIUS Configuration User Guidelines Only one port may be defined and it is used by all RADIUS CoA clients. Do not use a port number reserved for use by the switch. UDP, TCP and RAW Ports reserved by the switch and unavailable for use or configuration are: Ports 1, 17, 58, 255, 546, 547, 2222, 4567, 6343, 49160 Command History Introduced in version 6.2.0.1 firmware.
Default Configuration By default, no global server key is configured. Command Modes Dynamic RADIUS Configuration User Guidelines Only one global server key may be defined. Use the server-key parameter in the client command to configure a unique server key for each client. Command History Introduced in version 6.2.0.1 firmware. Example The following example configures RADIUS servers at 1.1.1.1, 2.2.2.2, and 3.3.3.3. It sets the front panel ports to use multi-auth authentication.
console(config-radius-da)# client 2.2.2.2 console(config-radius-da)# server-key 0 “Keep it. Keep it.” console(config-radius-da)# port 3799 console(config-radius-da)# auth-type any console(config-radius-da)# exit console(config)#dot1x system-auth-control console(config)#clear authentication sessions dot1x user Use this command to add an IAS or administrator user ID to the list of users allowed to authenticate on an interface.
Example This command creates IAS user Philip and allows authentication for Philip on Gi1/0/1 and Gi1/0/2 when using the IAS database for authentication.
Field Description Port The interface whose configuration is displayed. Protocol Version The protocol version associated with this port. The only possible value is 1, corresponding to the first version of the 802.1x specification. PAE Capabilities The port access entity (PAE) functionality of this port. Possible value is Authenticator. Quiet Period The timer used by the authenticator state machine on this port to define periods of time in which it will not attempt to acquire a supplicant.
Example The following shows example CLI display output for the global configuration. console#show dot1x Administrative Mode............... Enabled EAPOL Flood Mode.................. Disabled Software Version.................. 1 The following shows example CLI display output for the detail parameter. console #show dot1x detail gi1/0/3 Port........................................... Protocol Version............................... PAE Capabilities............................... Quiet Period (secs)............
show authentication authentication-history Use the show authentication authentication-history command to display the dot1x authentication events and information during successful and unsuccessful dot1x authentication processes. The command is available to display all events, or events per interface, or only failure authentication events in summary or in detail. Syntax show authentication authentication-history {interface-id | all} [failed-authonly] [detail] • interface-id— Any valid interface.
Parameter Description Reason Actual reason behind the successful or failure authentication. Result Age Time since last result. Filter Name The name of the assigned filter (policy map). Example console#show authentication authentication-history all detail Time Stamp.......................... Result Age.......................... Interface........................... MAC-Address......................... VLAN Assigned....................... VLAN Assigned Reason................ Filter Name................
Syntax show authentication clients {all|interface interface–id } • all—Display information for all interfaces on which an authenticated client is present. • interface–id—Display information for a single Ethernet (physical) interface identifier. See Interface Naming Conventions for interface representation. Default Configuration This command has no default configuration.
Field Description VLAN Assigned Reason This can take one of the following values: • Default VLAN—The client has been authenticated on the port default VLAN and the authentication server is not RADIUS. • RADIUS—RADIUS is used for authenticating the client. • Voice VLAN—The client is identified as a Voice device. • Critical VLAN—The client has been authenticated on the Critical VLAN. • Unauthenticated VLAN—The client has been authenticated on the unauthenticated VLAN.
Field Description Filter ID Identifies the Filter ID returned by the RADIUS server when the client was authenticated. This is a configured DiffServ policy name on the switch. DACL Identifies the Downloadable ACL returned by the RADIUS server when the client was authenticated. Acct Session ID The Accounting Session ID associated with the client session. Linksec Policy Displays the MACSEC-related Operational Linksec policy. Example The following shows example output for the command.
Method......................................... Control Mode................................... Session time................................... Session timeout ............................... Session Termination Action..................... Filter ID...................................... RADIUS Framed IPv4/IPv6 address................ DACL........................................... Redirect ACL................................... Redirect URL................................... Acct SessionId..................
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The command accepts Ethernet interface identifiers. The following describes the fields in the output.
Quiet Period................................... Transmit Period................................ Maximum Request-Identities..................... Maximum Requests............................... Max Users...................................... VLAN Assigned.................................. Supplicant Timeout............................. Guest-vlan Timeout............................. Server Timeout (secs).......................... MAB mode (configured).......................... MAB mode (operational)..........
Field Description Port The interface for which counters are displayed. EAPOL Frames Received The number of valid EAPOL frames of any type that have been received by this Authenticator. EAPOL Frames Transmitted The number of EAPOL frames of any type that have been transmitted by this Authenticator. EAPOL Start Frames Received The number of EAPOL Start frames that have been received by this Authenticator.
Port......................................... Gi1/0/2 EAPOL Frames Received.......................... 0 EAPOL Frames Transmitted....................... 0 EAPOL Start Frames Received.................... 0 EAPOL Logoff Frames Received................... 0 Last EAPOL Frame Version....................... 0 Last EAPOL Frame Source........................ 0000.0000.0000 EAP Response/Id Frames Received................ 0 EAP Response Frames Received................... 0 EAP Request/Id Frames Transmitted............
Example This examples clears all entries from the authentication log. console#clear authentication authentication-history 802.1x Advanced Features authentication event no-response Use the authentication event no-response command in Interface Configuration mode to set the guest VLAN on a port. The VLAN must be defined prior to use. The no form of this command sets the guest VLAN ID to zero, which disables the guest VLAN capability on the port.
Example The following example sets the guest VLAN on Gigabit Ethernet 1/0/2 to VLAN 10. console(config-if-Gi1/0/2)#authentication event no-response action authorize vlan 10 authentication event fail Use the authentication event fail command in Interface Configuration mode to specify the unauthenticated VLAN on a port. The VLAN must be defined prior to use. The no form of the command sets the unauthenticated VLAN ID to zero, which disables the authenticated VLAN on a port.
Example The following example sets the unauthenticated VLAN on Gi1/0/21/0/2 to VLAN 20. console(config-if-Gi1/0/2)# authentication event fail action authorize vlan 20 show dot1x advanced Use the show dot1x advanced command to display 802.1x advanced features for the switch or for the specified interface. Syntax show dot1x advanced [{gigabitethernet unit/slot/port| tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port}] Default Configuration This command has no default configuration.
Gi1/0/4 Gi1/0/5 Gi1/0/6 Disabled Disabled Disabled Disabled Disabled Disabled console#show dot1x advanced gigabitethernet 1/0/2 Port --------Gi1/0/2 Guest VLAN --------10 Unauthenticated Vlan --------------20 Security Commands 1143
Captive Portal Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches The Captive Portal feature is a software implementation that blocks both wired and wireless clients from accessing the network until user verification has been established. Verification can be configured to allow access for both guest and authenticated users. Authenticated users must be validated against a database of authorized Captive Portal users before access is granted.
Command Mode Captive Portal Configuration mode. User Guidelines If the user does not enter their credentials within the configured timeout, the user must initiate authentication again by sending another HTTP/HTTPS request. Example console(config-cp)#authentication timeout 600 console(config-cp)#no authentication timeout captive-portal Use the captive-portal command to enter the captive portal configuration mode.
Syntax enable no enable Default Configuration Captive Portal is disabled by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-cp)#enable http port Use the http port command to configure an additional HTTP port for captive portal to listen for connections. Use the “no” form of this command to remove the additional HTTP port from monitoring.
User Guidelines The port number should not be set to a value that might conflict with other wellknown protocol port numbers used on this switch. Do not configure HTTP captive portal on an interface for which front panel switch management is enabled using the default HTTP port number. Example console(config-cp)#http port 32768 console(config-cp)#no http port https port Use the https port command to configure an additional HTTPS port for captive portal to monitor.
console(config-cp)#no https port show captive-portal Use the show captive-portal command to display the status of the captive portal feature. Syntax show captive-portal Default Configuration There is no default configuration for this command Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show captive-portal Administrative Mode....................... Operational Status............
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show captive-portal status Additional HTTP Port........................... Additional HTTP Secure Port.................... Authentication Timeout......................... Supported Captive Portals...................... Configured Captive Portals..................... Active Captive Portals......................... Local Supported Users...
Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command. Example console(config-cp 2)#block configuration Use the configuration command to enter the captive portal instance mode. The captive portal configuration identified by CP ID 1 is the default CP configuration. The system supports a total of ten CP configurations. Use the “no” form of this command to delete a configuration. The default configuration (1) cannot be deleted.
enable Use the enable command to enable a captive portal configuration. Use the no form of this command to disable a configuration. Syntax enable no enable Default Configuration Configurations are enabled by default Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command. Example console(config-cp 2)#no enable group Use the group command to configure the group number for a captive portal configuration.
Default Configuration The default group number is 1. Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command. Example console(config-cp 2)#group 2 interface Use the interface command to associate an interface with a captive portal configuration. Use the no form of this command to remove an association. Syntax interface interface no interface interface • interface —An interface or range of interfaces.
locale The locale command is not intended to be a user command. The administrator must use the Web UI to create and customize captive portal web content. This command is primarily used by the show running-config command and process as it provides the ability to save and restore configurations using a text based format. Syntax locale web-id • web-id —The locale number (Range: 1–3) Default Configuration Locale 1 is configured by default. Command Mode Captive Portal Instance mode.
Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command. Example console(config-cp 2)#name cp2 protocol Use the protocol command to configure the protocol mode for a captive portal configuration. Syntax protocol {http | https} Default Configuration The default protocol mode is http. Command Mode Captive Portal Instance mode. User Guidelines There are no user guidelines for this command.
no redirect Default Configuration Redirect mode is disabled by default. Command Mode Captive Portal Instance mode. User Guidelines Enabling redirect mode will configure the redirect-url with an empty URL. Use the redirect-url command to configure the URL to be sent to the HTTP response. Example console(config-cp 2)#redirect redirect-url Use the redirect-url command to configure the redirect URL for a captive portal configuration.
User Guidelines The administrator must enable redirect mode before executing this command. It is not necessary to enter the http/https header information. Only enter the host name and other information that might be required to perform the redirect. HTTP to HTTPS redirection and HTTPS to HTTP redirection are not supported. Example console(config-cp 2)#redirect-url www.dell.com session-timeout Use the session-timeout command to configure the session timeout for a captive portal configuration.
Example console(config-cp 2)#session-timeout 86400 console(config-cp 2)#no session-timeout verification Use the verification command to configure the verification mode for a captive portal configuration. Syntax verification { guest | local | radius } • guest—Allows access for unauthenticated users (users that do not have assigned user names and passwords). • local—Authenticates users against the local user database. • radius—Authenticates users against a remote RADIUS database.
Captive Portal Client Connection Commands captive-portal client deauthenticate Use the captive-portal client deauthenticate command to deauthenticate a specific captive portal client. Syntax captive-portal client deauthenticate macaddr • macaddr —Client MAC address. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show captive-portal client status Client MAC Address Client IP Address Protocol ------------------ ----------------- -------0002.BC00.1290 10.254.96.47 https 0002.BC00.1291 10.254.96.48 https 0002.BC00.1292 10.254.96.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show captive-portal configuration client status CP ID CP Name Client MAC Address Client IP Address ----- --------------- ------------------ ----------------1 cp1 0002.BC00.1290 10.254.96.47 0002.BC00.1291 10.254.96.48 2 cp2 0002.BC00.1292 10.254.96.49 3 cp3 0002.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show captive-portal interface client status Client Client Intf Intf Description MAC Address IP Address ------ ----------------------------------- ----------------- --------------Gi1/0/1 Unit: 1 Slot: 0 Port: 1 Gigabit 0002.BC00.1290 10.254.96.47 0002.BC00.1291 10.
Syntax show captive-portal interface configuration [cp-id] status • cp-id —Captive Portal ID. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode. User Guidelines There are no user guidelines for this command. Example console#clear captive-portal users no user Use the no user command to delete a user from the local user database. If the user has an existing session, it is disconnected. Syntax no user user-id • user-id —User ID (Range: 1–128). Default Configuration There is no default configuration for this command.
show captive-portal user Use the show captive-portal user command to display all configured users or a specific user in the captive portal local user database. Syntax show captive-portal user [user-id] • user-id —User ID (Range: 1–128). Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
user group Use the user group command to associate a group with a captive portal user. Use the “no” form of this command to disassociate a group and user. A user must be associated with at least one group so the last group cannot be disassociated. Syntax user user-id group group-id • user-id —User ID (Range: 1–128). • group-id —Group ID (Range: 1–10). Default Configuration A user is associated with group 1 by default. Command Mode Captive Portal Configuration mode.
Default Configuration User-logout is disabled by default. Command Mode Captive-portal Instance mode User Guidelines There are no user guidelines for this command. Example In this example, all classes of entries in the mac address-table are displayed.
Example console(config-cp)#user 1 name johnsmith user password Use the user password command to create a local user or change the password for an existing user. Syntax user user-id password {password | encrypted enc-password} • user-id —User ID (Range: 1–128). • password —User password (Range: 8–64 characters). • enc-password —User password in encrypted form. Default Configuration There are no users configured by default. Command Mode Captive Portal Configuration mode.
no user user-id session-timeout • user-id —User ID (Range: 1–128). • timeout —Session timeout. 0 indicates use global configuration (Range: 0–86400 seconds). Default Configuration The global session timeout is used by default. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command.
User Guidelines There are no user guidelines for this command. Example console#show captive-portal configuration 1 CP ID..................................... 1 CP Name................................... cp1 Operational Status........................ Disabled Disable Reason............................ Administrator Disabled Blocked Status............................ Not Blocked Configured Locales........................ 1 Authenticated Users.......................
CP Name................................... cp1 Operational Block Interface Interface Description Status Status --------- ---------------------------------------- ------------ --------Gi1/0/1 Unit: 1 Slot: 0 Port: 1 Gigabit - Level Disabled Blocked console#show captive-portal configuration 1 interface gi1/0/1 CP ID..................................... 1 CP Name................................... cp1 Interface................................. Gi1/0/1 Interface Description.....................
en show captive-portal configuration status Use the show captive-portal configuration status command to display information about all configured captive portal configurations or about a specific captive portal configuration. Syntax show captive-portal configuration [ cp-id ] status • cp-id —Captive Portal ID. Default Configuration There is no default configuration for this command.
Captive Portal User Group Commands user group Use the user group command to create a user group. Use the no form of this command to delete a user group. The default user group (1) cannot be deleted. Syntax user group group-id no user group group-id group-id —Group ID (Range: 1–10). Default Configuration User group 1 is created by default and cannot be deleted. Command Mode Captive Portal Configuration mode. User Guidelines There are no user guidelines for this command.
Default Configuration There is no default configuration for this command. Command Mode Captive Portal Configuration mode User Guidelines The new group-id must already exist. Example console(config-cp)#user group 2 console(config-cp)#user 1 group 2 console(config-cp)#user group 2 moveusers 3 user group name Use the user group name command to configure a group name. Syntax user group group-id name name • group-id —Group ID (Range: 1–10). • name —Group name (Range: 1–32 alphanumeric characters).
Denial of Service Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches The Dell EMC Networking DoS capability supports a package of filters intended to provide network administrators the ability to reduce network exposure to common attack vectors. The following list shows the DoS attack detection Dell EMC Networking supports.
• – TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and – TCP Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and – TCP Sequence Number = 0 or TCP Flags SYN and FIN set. TCP Offset: – • TCP SYN: – • TCP Flags FIN and URG and PSH set and TCP Sequence Number = 0. ICMP V6: – • TCP Flags SYN and FIN set. TCP FIN & URG & PSH: – • TCP Flag SYN set. TCP SYN & FIN: – • Checks for TCP header offset =1. Limiting the size of ICMPv6 Ping packets.
Default Configuration Denial of Service is disabled. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines a minimum TCP header size of 20. Packets entering with a smaller header size are dropped. console(config)#dos-control firstfrag 20 dos-control icmp Use the dos-control icmp command in Global Configuration mode to enable Maximum ICMP Packet Size Denial of Service protections.
User Guidelines This command has no user guidelines. Example The following example activates the Maximum ICMP Packet Denial of Service protection with a maximum packet size of 1023. console(config)#dos-control icmp 1023 dos-control l4port Use the dos-control l4port command in Global Configuration mode to enable L4 Port Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack.
dos-control sipdip Use the dos-control sipdip command in Global Configuration mode to enable Source IP Address = Destination IP Address (SIP=DIP) Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress with SIP=DIP, the packets is dropped if the mode is enabled. Syntax dos-control sipdip no dos-control sipdip Default Configuration Denial of Service is disabled.
Syntax dos-control tcpflag no dos-control tcpflag Default Configuration Denial of Service is disabled. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example The following example activates TCP Flag Denial of Service protections. console(config)#dos-control tcpflag dos-control tcpfrag Use the dos-control tcpfrag command in Global Configuration mode to enable TCP Fragment Denial of Service protection.
User Guidelines This command has no user guidelines. Example The following example activates TCP Fragment Denial of Service protection. console(config)#dos-control tcpfrag rate-limit cpu Use the rate-limit cpu command to reduce the amount of unknown unicast/multicast packets forwarded to the CPU on CoS queues 0 and 1.
When the ARP or neighbor table is filled, the switch cannot accommodate new entries. In this case, there is no value in receiving the unresolved IPv4/IPv6 packets. Likewise, in cases of a L2 network re-convergence, a large number of neighbors may not be discovered but may be transmitting traffic. In the case of multicast data, certain multicast topologies using multi-access VLANs may result in packets being forwarded to the CPU with no associated PIM or MFDB state.
1137 bcmCNTR.0 0.19% 0.28% 0.30% 1142 bcmRX 18.00% 12.04% 11.10% 1155 bcmLINK.0 0.39% 0.37% 0.36% 1156 cpuUtilMonitorTask 0.09% 0.04% 0.04% 1170 nim_t 0.09% 0.07% 0.07% 1222 snoopTask 0.09% 0.02% 0.02% 1243 ipMapForwardingTask 27.30% 24.19% 29.06% 1257 tRtrDiscProcessingT 0.09% 0.01% 0.00% 1291 RMONTask 0.00% 0.02% 0.03% 1293 boxs Req 0.00% 0.01% 0.01% ------------------------------ -------- -------- -------Total CPU Utilization 55.91% 45.40% 48.
ICMP Mode.................................Disable Max ICMP Pkt Size.........................512 show system internal pktmgr Use the show system internal pktmgr command to display the configured CPU rate limit for unknown packets in packets per second. Syntax show system internal pktmgr internal control sw-rate-limit Default Configuration This command has no default configuration.
• rate — The configured rate in packets per second. (Range: 0-14880000) • action shutdown—Places the interface in the D-disable state if the threshold is exceeded. • action trap—Logs a message and issue a trap if the threshold is exceeded. Default Configuration By default, broadcast storm control is disabled on all Ethernet interfaces. The default threshold for broadcast traffic is 5% of link bandwidth. The default behavior is to rate limit (drop) traffic exceeding the configured threshold.
Example The following example configures any port to drop excess broadcast traffic and issue a log and trap if the received broadcast traffic exceeds 10% of link bandwidth: console(config)#interface range gi1/0/1-24 console(config-if)#storm-control broadcast level 10 console(config-if)#storm-control broadcast action trap console(config-if)#exit storm-control multicast Use the storm-control multicast command in Interface Configuration mode to enable multicast storm storm control for an interface.
User Guidelines Multicast storm control applies to unknown multicast (i.e., multicast groups that are not control plane traffic and are not currently active on any interface). This is multicast traffic that normally is flooded in the VLAN. Multicast storm control can issue a trap and drop traffic in excess of the configured rate (level), or shut down the ingress port if the rate is exceeded. Multicast storm control can only be enabled on Ethernet interfaces. It cannot be configured on port channels.
Syntax storm-control unicast [level level |rate rate|action{shutdown|trap}] no storm-control unicast [level | rate] • level— The configured rate as a percentage of link bandwidth (Range: 0100) • rate—The configured rate in packets per second. (Range: 0-14880000) • action—The configured action: shutdown or trap. Default Configuration By default, unicast storm control is not enabled on any interfaces. The default threshold for unicast traffic is 5% of link bandwidth.
Example The following example configures any port to rate limit DLF traffic rate to 5% of link bandwidth: console(config)#interface range gi1/0/1-24 console(config-if)#storm-control unicast level 5 console(config-if)#exit Security Commands 1188
Management ACL Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches In order to ensure the security of the switch management features, the administrator may elect to configure a management access control list. The Management Access Control and Administration List (ACAL) component is used to ensure that only known and trusted devices are allowed to remotely manage the switch via TCP/IP.
deny (management) Use the deny command in Management Access-List Configuration mode to set conditions for disallowing packets to flow to the switch management function. Syntax deny vlan vlan-id | [service service] [priority priority] deny ip-source ip-address [mask mask | prefix-length] [ vlan vlan-id ][service service] [priority priority] • vlan vlan-id — A valid VLAN identifier. • ip-address — Source IP address. • mask mask — Specifies the network mask of the source IP address.
console(config)# management access-list mlist console(config-macal)# deny management access-class Use the management access-class command in Global Configuration mode to restrict switch management connections. To disable any restrictions, use the no form of this command. Syntax management access-class {console-only | name} no management access-class • name — A valid access-list name. (Range: 1–32 characters) • console-only — The switch can be managed only from the console.
console(config)# management access-class mlist management access-list Use the management access-list command in Global Configuration mode to define an access list for management, and enter the access-list configuration mode for editing the access list conditions. Once in access-list configuration mode, access conditions are configured with the deny and permit commands. To remove an access list, use the no form of this command.
Examples The following example shows how to permit access to switch management via VLAN interface 9. Be sure to restrict access to this VLAN to the fewest ports possible remembering that, by default, trunk mode ports are members of all VLANs.
User Guidelines A rule with the specified priority-value must exist in order to be removed. Command History Command introduced in version 6.5 firmware. permit (management) Use the permit command in Management Access-List configuration mode to set conditions for allowing packets to flow to the switch management function.
Command Mode Management Access-list Configuration mode User Guidelines Rules with gigabitethernet, tengigabitethernet, fortygigabitethernet, vlan, and port-channel parameters are valid only if an IP address is defined on the appropriate interface. If the priority-value is not specified when inputing a rule, the system assigns the lowest numbered unused priority-value in the range 1–64. If a rule is input with an existing priority-value, the original rule is overwritten.
Syntax show management access-class Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the management access-list information.
User Guidelines This command has no user guidelines. Example The following example displays the active management access-list.
Password Management Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches The Password Management component supports configuration of strength checks intended to ensure that network operators utilize passwords that are difficult to crack. In addition, the administrator can age passwords, ensure that operators do not reuse passwords, and lock out operator accounts when multiple attempts to enter incorrect passwords are detected.
logging in must enter the correct password within that count. Otherwise, that user is locked out form further remote switch access. Only an administrator with read/write access can reactivate that user. The user lockout feature is disabled by default. The user lockout feature applies to all users on all ports. The administrator can access the serial port even if he/she is locked out and reset the password or clear the config to regain control of the switch.
• Maximum number of consecutive numbers (such as 1234). • Maximum number of repetition of characters or numbers (such as 1111 or aaaa). • Minimum password length. Configuring a minimum or maximum limit of 0 (as applicable) means the restriction is disabled. If enabled, the password strength feature applies to all login passwords (user, line, and enable). NOTE: To change a password, use the passwords command, which is described in AAA Commands.
console(config)#passwords aging 100 passwords history As administrator, use the passwords history command in Global Configuration mode to set the number of previous passwords that are stored for each user account. When a local user changes his or her password, the user is not able to reuse any password stored in password history. This setting ensures that users do not reuse their passwords often. The default is 0. Use the no form of this command to set the password history to the default value of 0.
read/write access can reactivate a locked user account. Password lockout does not apply to logins from the serial console. Use the no form of this command to set the password lockout count to the default value. Syntax passwords lock-out 1-5 no passwords lock-out Default Configuration The default value is 0 or no lockout count is enforced. Command Mode Global Configuration mode. User Guidelines Password lockout only applies to users with authentication configured to local.
Default Configuration By default, the minimum password length is 8 characters. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures user bob with password xxxyymmmm and user level 15. (config)# username bob password xxxyyymmm privilege 15 passwords strength-check Use the passwords strength-check command in Global Configuration mode to enable the Password Strength feature.
passwords passwords passwords passwords passwords passwords strength strength strength strength strength strength minimum lowercase-letters minimum special-characters minimum numeric-characters max-limit consecutive-characters max-limit repeated-characters minimum character-classes Minimum strength validation validates a password containing a character in the corresponding character class.
Syntax passwords strength minimum uppercase-letters 0–16 no passwords strength minimum uppercase-letters Default Configuration The default value is 1. Command Mode Global Configuration User Guidelines This limit is not enforced unless the passwords strength minimum uppercase-letters command is configured with a value greater than 0. In other words, with a configuration of 0, a password consisting entirely of upper case letters will pass the minimum strength check criteria.
User Guidelines This limit is not enforced unless the passwords strength minimum lowercaseletters command is configured with a value greater than 0. In other words, a password consisting entirely of lower case letters will pass the minimum strength check criteria. Example console(config)#passwords strength minimum lowercase-letters 6 passwords strength minimum numericcharacters Use this command to enforce a minimum number of numeric numbers that a password should contain. The valid range is 0–16.
passwords strength minimum special-characters Use this command to enforce a minimum number of special characters that a password may contain. The valid range is 0–16. The default is 1. A setting of 0 means no restriction. Special characters are one of the following characters (`! $ % ^ & * ( ) _ - + = { [ } ] : ; @ ' ~ # | \ < , > . / ) Use the no form of this command to reset the minimum special characters to the default value.
Examples of consecutive characters are ABCDEF or 123456 or !”#$%&’(). Use the no form of this command to reset the maximum consecutive characters accepted to the default value. Syntax passwords strength max-limit consecutive–characters 0–15 no passwords strength max-limit consecutive-characters Default Configuration The default value is 0. Command Mode Global Configuration User Guidelines This command has no user guidelines.
Default Configuration The default value is 0. Command Mode Global Configuration User Guidelines This command has no user guidelines. Example console(config)# passwords strength max-limit repeated-characters 3 passwords strength minimum character-classes Use this command to enforce a minimum number of character classes that a password must contain. Character classes are uppercase letters, lowercase letters, numeric characters and special characters. The valid range is 0-4. The default is 0.
User Guidelines This command is used to enable password character class checking using the parameters set by the following commands: • passwords strength minimum uppercase-letters • passwords strength minimum lowercase-letters • passwords strength minimum special-characters • passwords strength minimum numeric-characters A value greater than 0 specifies the minimum number of character class tests a password must contain.
no passwords strength exclude–keyword [string] Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines This command has no user guidelines. Example console(config)#passwords strength exclude-keyword dell enable password encrypted This command is used by an Administrator to transfer the enable password between devices without having to know the password.
Syntax show passwords configuration Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed by this command. Parameter Description Minimum Password Length Minimum number of characters required when changing passwords. Password History Number of passwords to store for reuse prevention. Password Aging Length in days that a password is valid.
Parameter Description Maximum Password Consecutive Characters Maximum number of consecutive characters required that the password should contain when configuring passwords. Maximum Password Repeated Characters Maximum number of repetition of characters that the password should contain when configuring passwords. Minimum Password Character Classes Minimum number of character classes (uppercase, lowercase, numeric and special) required when configuring passwords.
Syntax show passwords result Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the command output. console#show passwords result Last User whose password is set....................... dell Password strength check............................
SSH Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Management access to the switch is supported via telnet, SSH, or the serial console. The Dell EMC Networking supports secure shell (SSH) and secure sockets layer (SSL) to help ensure the security of network transactions. Keys and certificates can be generated externally (that is, offline) and downloaded to the target or generated directly by the Dell EMC Networking switch.
the private key is never displayed to the user. DSA keys, along with other switch credentials, are distributed to all units in a stack on a configuration save. Use the crypto key zeroize dsa command to remove the DSA key pair from the system. Private keys should never be shared with unauthorized users. This command generates the following private/public key pair in the ssh_host_dsa_key and ssh_host_dsa_key.pub files. Both the RSA and DSA keys must be generated to enable the SSH server.
Command History Command introduced in version 6.7.0 firmware. crypto key generate rsa Use the crypto key generate rsa command in Global Configuration mode to generate RSA key pairs for use by the SSH or HTTPS server. Use the crypto key zeroize form of the command to delete the private key from the local file system. Syntax crypto key generate rsa Default Configuration RSA key pairs do not exist. By default, 2048-bit RSA keys are generated.
Example The following example generates RSA key pairs. console(config)#crypto key generate rsa crypto key pubkey-chain ssh Use the crypto key pubkey-chain ssh command in Global Configuration mode to enter public key configuration mode in order to manually specify public keys for SSH clients or an individual user. Syntax crypto key pubkey-chain ssh user-key username {rsa|dsa|ecdsa} • rsa — RSA key. • dsa — DSA key. • ecdsa — Elliptic curve digital signature algorithm.
Key-string row AAAAB3NzaC1yc2EAAAABIwAAAQEAu7WHtjQDUygjSQXHVgyqdUby Key-string row dxUXEAiDHXcWHVr0R/ak1HDQitBzeEv1vVEToEn5ddLmRhtIgRdKUJHgBHJV Key-string row R2VaSN/WC0IK53j9re4B11AE+O3qAxwJs0KD7cTkvF9I+YdiXeOM8VE4skkw Key-string row AiyLDNVWXgNQ6iat8+8Mjth+PIo5t3HykYUCkD8B1v93nzi/sr4hHHJCdx7w Key-string row wRW3QtgXaGwYt2rdlr3x8ViAF6B7AKYd8xGVVjyJTD6TjrCRRwQHgB/BHsFr Key-string row z/Rl1SYa0vFjel/7/0qaIDSHfHqWhajYkMa4xPOtIye7oqzAOm1b76l28uTB Key-string row luBEoLQ+PKOKMiK8sQ== console(config-pubkey-key)#e
crypto key zeroize {rsa|dsa|ecdsa} Use the crypto key zeroize {rsa|dsa|ecdsa} command in Global Configuration mode to delete the RSA, DSA, or ECDSA public and private keys from the switch. Syntax crypto key zeroize {rsa|dsa|ecdsa} • rsa — RSA key. • dsa — DSA key. • ecdsa — Elliptic curve digital signature algorithm. Default Configuration There is no default configuration for this command. Command Mode Global Configuration mode.
Command History ECDSA parameter introduced in version 6.7.0 firmware. ip scp server enable Use the ip scp server enable command to enable SCP server functionality for SCP push operations on the switch, which allows files to be transferred from the host device to the switch using the SCP protocol. To allow the SCP file transfers from the host system to the switch, the SCP server must be enabled on the switch. Use the no form of the command to disable SCP server functionality.
Example These are examples of commands that may be used on a Linux host to send files to the switch. scp switch-config.txt user@10.27.6.122:startup-config scp icos-3.2.2.45.stk user@10.27.6.122:active scp icos-3.2.2.49.stk user@10.27.6.122:backup ip ssh port Use the ip ssh port command in Global Configuration mode to specify the TCP port to be used by the SSH server. To use the default port, use the no form of this command.
ip ssh pubkey-auth Use the ip ssh pubkey-auth command in Global Configuration mode to enable public key authentication for incoming SSH sessions. To disable this function, use the no form of this command. Syntax ip ssh pubkey-auth no ip ssh pubkey-auth Default Configuration The function is disabled. Command Mode Global Configuration mode User Guidelines Public key authentication allows administrators with an SSH client access to the switch without requiring a password.
Default Configuration The SSH server is disabled by default. Command Mode Global Configuration mode User Guidelines To generate SSH server keys, use the commands crypto key generate rsa and crypto key generate dsa commands. These keys are required to allow the SSH server to operate. Dell EMC Networking N-Series switches support the SSH service over IPv4 or IPv6. SSH is configured to require a password on accounts that attempt to log into the switch.
• key-string — The UU-encoded DER format is the same format as the authorized keys file used by OpenSSH. Default Configuration By default, the key-string is empty. Command Mode SSH Public Key Configuration mode User Guidelines The key string is the public key of the specified type (RSA or DSA) generated by the administrator. The administrator will need access to both the public and private key on the host to log in without authenticating via password. DSA is considered less secure than RSA.
ssh Use the ssh command to establish an outboard connection to a remote SSH server from the switch console. Syntax ssh [-l login-name] [-p port] {ip-address | hostname } • ip-address — An IP address in numeric format. Both IPv4 and IPv6 addresses are supported. • hostname — A hostname that can be resolved by the configured DNS. • login-name — The user identity configured on the target host. • port — The TCP port number configured on the target host for receiving SSH connections.
Syntax ssh session-limit • limit — The number of outbound SSH sessions supported. The range is 0 to 5. Default Configuration The default limit is 5 sessions. Command Mode Global Configuration mode User Guidelines Setting the limit to 0 disables establishment of new outbound SSH connections. Existing connections are not affected. Example This command disables new outbound SSH sessions. console(config)#ssh session-limit 0 Command History Command introduced in firmware release 6.6.2.
Command Mode Global Configuration mode User Guidelines This command terminates a session that is idle for the configured number of minutes. Idle means no keystrokes have been sent. Configuring the idleperiod to 0 disables idle session termination and is not recommended. Example This command configures the idle period to two minutes. console(config)#ssh time-out 2 Command History Command introduced in firmware release 6.6.2.
User Guidelines This command has no user guidelines. Example The following example displays the SSH public keys on the switch.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays all SSH public keys stored on the switch. console#show crypto key pubkey-chain ssh Username Fingerprint -------- ------------------------------------------------bob 9A:CC:01:C5:78:39:27:86:79:CC:23:C5:98:59:F1:86 john 98:F7:6E:28:F2:79:87:C8:18:F8:88:CC:F8:89:87:C8 The following example displays the SSH public called “dana.
User Guidelines The displayed information includes the following: Field Description Administrative Mode This field indicates whether the administrative mode of SSH is enabled or disabled. SSH Port The SSH port. Protocol Level The protocol level may have the values of version 1, version 2, or both version 1 and version 2. SSH Sessions Currently Active The number of SSH sessions currently active. Max SSH Sessions Allowed The maximum number of SSH sessions allowed.
SSH Timeout (mins): ........................... Keys Present: ................................. ECDSA(256) Key Generation In Progress: ................... SSH Public Key Authentication Mode: ........... SCP server Administrative Mode: ............... 5 DSA(1024) RSA(1024) None Disabled Disabled Command History Output updated in version 6.7.0 firmware. show ssh Use the show ssh command to display the outbound SSH configuration and session count.
5 Data Center Technology Commands Dell EMC Networking N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON/N3200-ON Series Switches The data center technology commands allow network operators to deploy centralized controllers capable of controlling network flows on an individualized basis.
OpenFlow Commands Dell EMC Networking N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON/N3200-ON Series Switches The OpenFlow feature configures the switch to be managed by a centralized OpenFlow Controller using the OpenFlow protocol. Openflow is not supported in a stacking environment. The OpenFlow agent has been validated with the Helium release of OpenDaylight (ODL). controller Use the controller command to configure a connection to an OpenFlow controller.
User Guidelines If connection to the controller over an interface other than the OOB interface is desired, use the OpenFlow mode command prior to issuing this command. Issuing the mode command after a connection has been established drops the connection. The connections are then re-attempted over the new interface as specified by the mode command. If the OOB interface is used to connect to the OpenFlow controllers, the controllers should be on the same subnet as the OOB interface.
hardware profile openflow Use the hardware profile openflow command to select the forwarding mode for the OpenFlow hybrid capability. Use the no form of the command to select the default forwarding capability. Syntax hardware profile openflow { full-match | layer2-match } no hardware profile openflow • full-match—Perform full matching when configured in OpenFlow 1.0 mode. • layer2-match—Perform L2 matching when configured in OpenFlow 1.0 mode.
Example The following example configures OpenFlow 1.0 full matching, configures a connection to the controller at IPv4 address 1.2.3.4 TCP port 3435 using SSL security, and enables OpenFlow 1.0 on the switch. console(config)#hardware profile openflow full-match console(config)#openflow WARNING! OpenFlow does not operate on stack members. Enable OpenFlow on stand-alone switches only. console(config-of-switch)#controller ipv4 1.2.3.4 port 3435 security ssl console(config-of-switch)#protocol-version 1.
Only IPv4 addresses are supported for OpenFlow controllers. OpenFlow operates on the management unit in the stack only. Flows may not be configured on stack members. Failover to the stack standby unit is not supported. OpenFlow should only be enabled on stand-alone switches and should not be enabled on stacks of switches. This restriction is not enforced. Command History Introduced in version 6.3.0.1 firmware. Example This example configures an interface using VLAN 10 with IPv4 address 1.2.3.
no mode • auto—Automatically select the switch IP address • static—Use the configured static IP address • oob—Use the OOB interface IP address Default Configuration By default, the switch selects an IP address automatically (auto mode). Command Mode OpenFlow Configuration User Guidelines This command configures the switch to select an IP address from a particular type of interface. The selected IP address is used as the local end-point of the IP connections to the OpenFlow controllers.
If the switch is configured in static mode, OpenFlow will remain operationally disabled until a static IPv4 address is configured, the IPv4 address matches exactly an IPv4 address on a VLAN interface, and the VLAN interface is operationally enabled. If the OOB interface is manually selected as the OpenFlow IP address then the Open Flow feature becomes enabled immediately, even if there is no IP address assigned to the service port.
openflow Use the openflow command to enable OpenFlow on the switch (if disabled) and enter into OpenFlow configuration mode. Use the exit command to return to Global Configuration mode. Syntax openflow no openflow Default Configuration The OpenFlow capability is disabled by default. No controllers are configured by default. OpenFlow 1.3 mode is selected by default when OpenFlow is enabled. The OpenFlow protocol operates over the OOB interface by default.
Example This example enables OpenFlow 1.3 on a switch and configures a connection the controller at IPv4 address 1.2.3.4 TCP port 3435 using SSL security. console(config)#openflow WARNING! OpenFlow does not operate on stack members. Enable OpenFlow on stand-alone switches only. console(config-of-switch)#controller ipv4 1.2.3.4 port 3435 security ssl passive Use the passive command to set the switch to accept connections initiated by a controller.
OpenFlow operates on the management unit in the stack only. Flows may not be configured on stack members. Failover to the stack standby unit is not supported. OpenFlow should only be enabled on stand-alone switches and should not be enabled on stacks of switches. This restriction is not enforced. Command History Introduced in version 6.3.0.1 firmware. Example This example configures a connection to the controller at IPv4 address 1.2.3.
Command Mode OpenFlow Configuration User Guidelines If the administrator changes the OpenFlow variant while the OpenFlow feature is enabled, the switch automatically disables and re-enables the OpenFlow feature causing all flows to be deleted and connections to the controllers to be dropped. OpenFlow operates on the management unit in the stack only. Flows may not be configured on stack members. Failover to the stack standby unit is not supported.
• switch controllers—Show information about configured controllers • switch flows—Show information regarding flows • switch groups—Show information regarding OpenFlow groups • switch tables—Show information regarding the switch tables Default Configuration When invoked with no parameters, the show openflow command shows summary information regarding OpenFlow. Command Mode Privileged Exec and Global Configuration User Guidelines OpenFlow operates on the management unit in the stack only.
Parameter Description OpenFlow Variant OpenFlow Protocol Variant. The OpenFlow protocol can be “OpenFlow 1.0” or “OpenFlow 1.3”. Default Table The Hardware Table used as the target for flows installed by an OpenFlow 1.0 controller which is not enhanced to handle multiple hardware tables. Passive Mode The OpenFlow passive mode set by the ‘passive’ command. When the switch tables parameter is given, the following information is displayed: Parameter Description Flow Table.
When the switch groups parameter is given, the following information is displayed: Parameter Description Group Type Type of Group: Indirect, All, Select, etc. Group Id Unique ID for the Group Reference Count This count indicates how many Select groups are referring to the current Indirect group. Reference Count is used only for Indirect groups. Duration The time since the group was created. Bucket Count Number of Buckets in the group.
Example This output shows an operationally disabled switch: console#show openflow Administrative Mode............................ Administrative Status.......................... Disable Reason................................. IP Address..................................... IP Mode........................................ Static IP Address.............................. Network MTU.................................... OpenFlow Variant............................... Default Table.................................
Flow Insertion Count.....................1 Flow Deletion Count......................0 Insertion Failure Count..................0 Flow Table Description: The forwarding database maps non-multicast MAC addresses and the ports on which these addresses are located. This example shows the output for OpenFlow 1.3 using the switch tables parameter: console#show openflow switch tables Flow Table..................................... 60 Flow Table Name................................ Openflow 1.3 Maximum Size.......
Group Id 12345678 type “Indirect” ================================= Ref Count 1 : Duration 8 : Bucket Count 1 Bucket Entry List: -----------------Bucket Index 25 : Output Port 1 Src MAC 00:00:00:00:00:AB : Dst MAC 00:00:00:00:00:CD VLAN 101 : Reference Group Id NA Group Id 23456789 type “All” ============================ Ref Count NA : Duration 10 : Bucket Count Bucket Entry List: -----------------Bucket Index Src MAC VLAN 26 : Output Port NA : Dst MAC 102 : Reference Group Id 2 NA NA Bucket Index
console#show openflow switch flows Flow: 00000000 Flow Table: 60 Match Criteria: Ingress port: Gi1/0/1 VLAN ID: Src MAC: Dst MAC: IP Protocol: Action: Drop Duration (secs): 55 Packet Count: 12321 Type: “1DOT0” Priority: 1 Type: Untagged MAC Egress Port: VLAN PCP: Src IP: Dst IP: TOS: EtherType: 0x0800 Src IP Port: Dst IP Port: DSCP: Idle (secs): 45 HW Priority: 2131 In HW: Yes This example shows the output for OpenFlow 1.
Action: Duration (secs): 2 Packet Count: 9879 Idle (secs): 0 HW Priority: 786743 In HW: Yes Data Center Technology Commands 1252
Layer 3 Routing Commands 6 The sections that follow describe commands that conform to the OSI model’s Network Layer (Layer 3). Layer 3 Routing commands enable routing protocols to perform a series of exchanges over various data links to route data between any two nodes in a network. These commands define the addressing and routing structure of the Internet. The Dell EMC N1100-ON Series switches do not support routing.
ARP Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000EON/N3100-ON/N3200-ON Series Switches When a host has an IP packet to send on an Ethernet network, it must encapsulate the IP packet in an Ethernet frame. The Ethernet header requires a destination MAC address. If the destination IP address is on the same network as the sender, the sender uses the Address Resolution Protocol (ARP) to determine the MAC address associated with destination IP address.
ARP Aging Dynamic entries in the ARP cache are aged. When an entry for a neighbor router reaches its maximum age, the system sends an ARP request to the neighbor router to renew the entry. Entries for neighbor routers should remain in the ARP cache as long as the neighbor continues to respond to ARP requests. ARP cache entries for neighbor hosts are renewed more selectively.
• interface-id—An optional IP numbered or unnumbered (VLAN) interface identifier. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. Only IPv4 addresses are supported with the vrf parameter. The vrf parameter is only available on the N3000-ON/N3100-ON/N3200-ON switches.
arp cachesize Use the arp cachesize command in Global Configuration mode to configure the maximum number of entries in the ARP cache. To return the maximum number of ARP cache entries to the default value, use the no form of this command. Syntax arp cachesize integer no arp cachesize • integer — Maximum number of ARP entries in the cache. Use the show sdm prefer command to display the supported ARP cache size. Default Configuration The switch defaults to using the maximum allowed cache size.
Syntax arp dynamicrenew no arp dynamicrenew Default Configuration The default state is enabled. Command Mode Global Configuration mode User Guidelines When an ARP entry reaches its maximum age, the system must decide whether to retain or delete the entry. If the entry has recently been used to forward data packets, the system will renew the entry by sending an ARP request to the neighbor. If the neighbor responds, the age of the ARP cache entry is reset to 0 without removing the entry from the hardware.
arp purge Use the arp purge command to cause the specified IP address to be removed from the ARP cache. Only entries of type dynamic or gateway are affected by this command. The arp purge command optionally removes a static ARP entry in the selected VRF. Syntax arp purge [vrf vrf-name] ip-address [ interface interface-id] • vrf-name—The name of the VRF associated with the ARP entry which is to be removed. If no VRF is specified, the ARP entry is associated with the global ARP table is removed.
Example The following example removes the specified IP address from arp cache. console#arp purge 192.168.1.10 arp resptime Use the arp resptime command in Global Configuration mode to configure the ARP request response time-out. To return the response time-out to the default value, use the no form of this command. Syntax arp resptime integer no arp resptime • integer — IP ARP entry response time out. (Range: 1-10 seconds) Default Configuration The default value is 1 second.
Syntax arp retries integer no arp retries • integer — The maximum number of requests for retries. (Range: 0-10) Default Configuration The default value is 4 retries. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines 6 as the maximum number of retries. console(config)#arp retries 6 arp timeout Use the arp timeout command in Global Configuration mode to configure the ARP entry age-out time.
User Guidelines This command has no user guidelines. Example The following example defines 900 seconds as the timeout. console(config)#arp timeout 900 clear arp-cache Use the clear arp-cache command to remove all ARP entries of type dynamic from the ARP cache. Syntax clear arp-cache [vrf vrf-name] [gateway] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, counters for the default (global) router instance is cleared.
clear arp-cache management Use the clear arp-cache management command to clear all entries that show as management arp entries in the show arp command. Syntax clear arp-cache management Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example In the example below, out-of-band management entries are shown, for example, those from the out-of-band interface. console#show arp Age Time (seconds)...........
ip local-proxy-arp Use the ip local proxy-arp command in Interface Configuration mode to enable proxying of ARP requests. This allows the switch to respond to ARP requests within a subnet where routing is not enabled. Syntax ip local-proxy-arp no ip local-proxy-arp Default Configuration Proxy arp is disabled by default. Command Mode Interface (VLAN) Configuration User Guidelines This command has no user guidelines. Example This example enables proxying of ARP requests on VLAN 10.
Syntax ip proxy-arp no ip proxy-arp Default Configuration Enabled is the default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The ip proxy-arp command is not available in interface range mode. Example The following example enables proxy arp for VLAN 15. (config)#interface vlan 15 console(config-if-vlan15)#ip proxy-arp show arp Use the show arp command to display all entries in the Address Resolution Protocol (ARP) cache.
Command Mode User Exec and Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines The show arp command will display static (user-configured) ARP entries regardless of whether they are reachable over an interface or not. The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100-ON/N3200ON series switches. Example The following example shows show arp command output.
Bidirectional Forwarding Detection Commands Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series Switches Bidirectional Forwarding Detection (BFD) verifies bidirectional connectivity between forwarding engines, which can be a single hop or multiple hops away. The protocol works over any underlying transmission mechanism and protocol layer with a wide range of detection times, especially in scenarios where fast failure detection is required in data plane level for multiple concurrent sessions.
The BFD feature provides notification to BGP or OSPF when an interface is detected to not be in a forwarding state. No other routing protocols are supported. BFD is supported in the default VRF only. BFD should be configured on routed interfaces only. BFD should not be configured on mirrored ports or on interfaces enabled for IEEE 802.1x. BFD is supported across link aggregation groups, but does not detect individual LAG member link failure. BFD does not operate on the out-of-band interface.
Command Mode Interface (VLAN) Configuration and Interface (VLAN) range mode. User Guidelines BFD echo mode enables fast sending and turnaround of BFD echo packets. Use the bfd slow-timer command to adjust the sending of BFD control plane packets when BFD echo mode is enabled. Command History Introduced in version 6.2.0.1 firmware.
• detection-time-multiplier—Specifies the number of BFD control packets which, if missed consecutively, will cause a session to be declared down. Its range is 3 to 50 with a default value of 3. Default Configuration The default transmit-interval is 100ms. The default minimum-receive-interval is 100ms. The default detection-time-multiplier is 3. Command Mode Interface (VLAN) mode. User Guidelines There are no user guidelines for this command. Command History Introduced in version 6.2.0.1 firmware.
Syntax bfd slow-timer receive-interval no bfd slow-timer • receive-interval—The slow transmission interval. Range 1000–30000 milliseconds. Default Configuration The default receive-interval is 2000 ms. Command Mode Global Configuration mode User Guidelines The argument receive-interval refers to the slow transmission interval for BFD Control packets. This timer is only used when the BFD echo function is enabled.
Default Configuration BFD is not enabled by default. Command Mode Interface (VLAN) Configuration mode User Guidelines BFD processing notifies OSPF of L3 connectivity issues with the peer. The interface must be a VLAN interface enabled for routing. BFD must also be enabled in OSPF router configuration mode in order to BFD processing to occur. Command History Introduced in version 6.3.0.1 firmware.
Default Configuration BFD is not enabled by default. Command Mode Interface (VLAN) Configuration mode User Guidelines BFD processing notifies OSPFv3 of level 3 connectivity issues with the peer. The interface must be a VLAN interfaced enabled for routing. BFD must also be enabled in OSPFv3 router configuration mode for BFD processing to occur. Command History Introduced in version 6.3.0.1 firmware.
• ipv6-address—The IPv6 address of a configured neighbor reachable over an IPv6 VLAN routing interface. • vlan-id—If specified, the VLAN on which the IPv6 address is configured. Default Configuration No BFD neighbors are configured by default. Command Mode Router BGP Configuration mode User Guidelines There are no user guidelines for this command. Command History Introduced in version 6.2.0.1 firmware. Example console(config)# router bgp console(config-router)# neighbor 172.16.11.
Command Mode User mode, Privileged Exec mode, Global Configuration mode, all show modes User Guidelines The local address displayed in the output is the IP address of the interface through which the neighbor is connected. Update is displayed in the format dd hh:mm:ss where: • dd is days • hh is hours • mm is minutes • ss is seconds The operational intervals are the intervals used as a result of negotiation with the BFD link partner. The following information is displayed.
Parameters Description Actual TX Echo interval The transmitting interval being used for echo packets. Minimum receive interval The minimum interval at which the system can receive BFD control packets. Detection interval multiplier The number of BFD control packets that must be missed in a row to declare a session down. My discriminator Unique Session Identifier for Local BFD Session. Your discriminator Unique Session Identifier for Remote BFD Session.
Rx Count....................................... 107 Drop Count.....................................
Border Gateway Protocol Commands Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series Switches This section describes the commands you use to view and configure Border Gateway Protocol (BGP), which is an exterior gateway routing protocol that you use to route traffic between autonomous systems. The BGP CLI commands are available in the N3000-ON/N3100-ON/N3200-ON Series switches. CAUTION: The commands in this section are in one of three functional groups.
Command Mode Global Configuration mode User Guidelines The no router bgp command disables BGP and all BGP configurations revert to default values. Alternatively, the administrator can use the no enable command in BGP router configuration mode to disable BGP globally without clearing the BGP configuration. ASNs 0, 56320–64511, and 65535 are reserved and cannot be used. Command History Introduced in version 6.2.0.1 firmware. Command updated in version 6.6 firmware.
Command Mode Peer Template Configuration mode User Guidelines This command enters address family configuration mode within the peer template. Policy commands configured within this mode apply to the address family.
console(config-router)# neighbor 172.20.1.2 remote-as 65001 console(config-router)# neighbor 172.20.2.
User Guidelines Commands entered in this mode enable peering with BGP neighbors in this VRF instance. All the neighbor specific commands are given in this mode as well. VRF configuration is disabled by default. Command History Introduced in version 6.3.0.1 firmware. Example console(config-router)# address-family ipv4 vrf Red address-family ipv6 Use the address-family ipv6 command to enter IPv6 family configuration mode to specify IPv6 configuration parameters.
ASNs 0, 56320–64511, and 65535 are reserved cannot be used. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)# address-family ipv6 address-family vpnv4 unicast Use the address-family vpnv4 unicast command to configure a BGP routing session to advertise VPN IPv4 prefixes. Use the no form of this command to delete the VPN IPv4 configuration.
• neighbor ip-address activate • neighbor ip-address send-community extended Command History Introduced in version 6.3.0.1 firmware. Example The following example shows how to enter the VPN-IPv4 address family mode and to distribute VPN4-IPv4 addresses to a neighbor with the extended community attribute: console(config)# router bgp 10 console(config-router)# neighbor 1.1.1.1 remote-as 5000 console(config-router)# address-family vpnv4 unicast console(config-router-af)# neighbor 1.1.1.
• prefix-length—The length of the IPv6 prefix given as part of the ipv6prefix. This is required if a prefix is specified. A decimal value in the range 0 to 128 that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address) in /length format. A slash must precede the decimal value in /length format. • as-set— If the as-set option is configured, the aggregate is advertised with a non-empty AS_PATH.
BGP accepts up to 128 summary addresses for each address family. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#aggregate-address 10.27.21.0 255.255.255.0 bgp aggregate-different-meds (BGP Router Configuration) Use the bgp aggregate-different-meds command to control the aggregation of routes with different multi-exit discriminator (MED) attributes. By default, BGP only aggregates routes that have the same MED value.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#bgp aggregate-different-meds bgp aggregate-different-meds (IPv6 Address Family Configuration) Use the bgp aggregate-different-meds command to allow IPv6 routes with different MEDs to be aggregated. Syntax bgp aggregate-different-meds no bgp aggregate-different-meds Default Configuration By default, all the routes aggregated by a given aggregate address must have the same MED value.
Example console(config-router-af)#bgp aggregate-different-meds bgp always-compare-med Use this command to compare MED values during the decision process in paths received from different autonomous systems. To revert to the default behavior, only comparing MED values from paths received from neighbors in the same AS, use the no form of this command.
Example console(config-router)#bgp always-compare-med bgp client-to-client reflection (BGP Router Configuration) Use the bgp client-to-client reflection command to enable client-to-client reflection. By default, a route reflector reflects routes received from its clients to its other clients. However, if a route reflector’s clients have a full iBGP mesh, the route reflector does not reflect to the clients.
In BGP Router Configuration mode, this command only affects advertisement of IPv4 routes. The same command is available in AddressFamily IPv6 Configuration mode for IPv6 routes. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#bgp client-to-client reflection bgp client-to-client reflection (IPv6 Address Family Configuration) Use the bgp client-to-client reflection command to enable client-to-client reflection.
effect is to fully mesh the clients within a cluster. When clients are fully meshed, there is no need for the cluster’s route reflectors to reflect client routes to other clients within the cluster. When client-to-client reflection is disabled, a route reflector continues to reflect routes from non-clients to clients and from clients to non-clients. The same command is available in BGP Router Configuration mode for IPv4 routes. Command History Introduced in version 6.2.0.1 firmware.
User Guidelines A route reflector and its clients form a cluster. Since a cluster with a single route reflector has a single point of failure, a cluster may be configured with multiple route reflectors. To avoid sending multiple copies of a route to a client, each route reflector in a cluster should be configured with the same cluster ID. Route reflectors with the same cluster ID must have the same set of clients; otherwise, some routes may not be reflected to some clients.
User Guidelines BGP assigns the default local preference to each path received from an external peer. (BGP retains the LOCAL_PREF on paths received from internal peers.) BGP also assigns the default local preference to locallyoriginated paths. If you change the default local preference, the local preference on paths previously received is not changed; it is only applied to paths received after the change.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)# bgp fast-external-fallover bgp fast-internal-fallover Use the bgp fast-internal-fallover command to configure BGP to immediately reset the adjacency with an internal peer when there is a loss of reachability to an internal peer. Syntax bgp fast-internal-fallover no bgp fast-internal-fallover Default Configuration By default, fast internal fallover is enabled.
bgp listen Use the bgp listen command to create an IPv4 listen range and associates it with the specified peer template. The bgp listen command also activates the IPv4 or IPv6 BGP dynamic neighbors feature. Use the no form of the command to remove an IPv4 or IPv6 listen range.
User Guidelines This command can be used to configure IPv4 BGP neighbors (BGP Router Configuration mode) as well as IPv6 BGP neighbors (IPv6 Address Family Configuration mode). Use the limit keyword and max-number argument to define the global maximum number of IPv4 BGP dynamic neighbors that can be created. BGP dynamic neighbors are configured using a range of IP addresses. Each range can be configured as a subnet IP address.
no bgp log-neighbor-changes Default Configuration Neighbor state changes are not logged by default. Command Mode BGP Router Configuration mode User Guidelines Both backward and forward adjacency state changes are logged. Forward state changes, except for transitions to the Established state, are logged at the Informational severity level. Backward state changes and forward changes to Established are logged at the Notice severity level Command History Introduced in version 6.2.0.1 firmware.
Command Mode BGP Router Configuration mode User Guidelines If BGP receives a path whose AS PATH attribute is longer than the configured limit, BGP sends a NOTIFICATION and resets the adjacency. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#bgp maxas-limit 1 bgp router-id Use the bgp router-id command to set the BGP router ID. Syntax bgp router-id router-id no bgp router-id • router-id—An IPv4 address in dotted quad notation.
BGP is enabled by default once the administrator has specified the local AS number with the router bgp command and configured a router ID with the bgp router-id command. BGP is not operable until a BGP router ID has been assigned. The BGP administrative state (as set by the enable command) has no operational effect until a router id is assigned to the BGP router. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#bgp router-id 10.27.21.
• listen range – Reset all adjacencies that are included in the listen subnet range. • soft—BGP resends all updates to the neighbors and reprocesses updates from the neighbors. • in | out—If the in keyword is given, updates from the neighbor are reprocessed. If the out keyword is given, updates are resent to the neighbor. If neither keyword is given, updates are reprocessed in both directions. Default Configuration There is no default configuration.
Syntax clear ip bgp [vrf vrf-name] counters • vrf-name—This optional parameter identifies the VRF for which to clear counters. If not given, the default VRF counters are cleared. Default Configuration There is no default configuration. Command Mode Privileged Exec mode User Guidelines There are no user guidelines. Command History Introduced in version 6.3.0.1 firmware.
Default Configuration By default BGP does not originate a default route. If a default route is redistributed into BGP, BGP does not advertise the default route unless the default-information originate command has been given. The always option is disabled by default. Command Mode BGP Router Configuration mode User Guidelines Origination of the default route is not subject to a prefix filter configured with the distribute-list out command. Command History Introduced in version 6.2.0.1 firmware.
Default Configuration By default BGP does not originate a default route. If a default route is redistributed into BGP, BGP does not advertise the default route unless the default-information originate command has been given. The always option is disabled by default. Command Mode IPv6 Address Family Configuration mode User Guidelines Origination of the default route is not subject to a prefix filter configured with the distribute-list out command. Command History Introduced in version 6.2.0.1 firmware.
Command Mode BGP Router Configuration mode User Guidelines There are no user guidelines. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#default-metric 1 default metric (IPv6 Address Family Configuration) This command sets the metric of redistributed IPv6 routes when a metric is not configured in the redistribute command. Syntax default-metric value no default-metric • value—The value to as the MED. The range is 1 to 4,294,967,295.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#default-metric 1 distance Use this command to set the preference (also known as administrative distance) of BGP routes to specific destinations. Syntax distance distance [ prefix wildcard-mask [prefix-list] ] no distance distance [ prefix wildcard-mask [prefix-list] ] • distance—The preference value for matching routes. The range is 1 to 255.
can be overlap between the prefix and mask configured for different commands. When there is overlap, the command whose prefix and wildcard mask are the longest match for a neighbor’s address is applied to routes from that neighbor. An ECMP route’s distance is determined by applying distance commands to the neighbor that provided the best path. The distance command is not applied to existing routes.
• external-distance—The preference value for routes learned from external peers. The range is 1 to 255. • internal-distance—The preference value for routes learned from internal peers. The range is 1 to 255. • local-distance—The preference value for locally-originated routes. The range is 1 to 255.
Syntax distance bgp external-distance internal-distance local-distance no distance bgp • external-distance—The preference value for routes learned from external peers. The range is 1 to 255. • internal-distance—The preference value for routes learned from internal peers. The range is 1 to 255. • local-distance—The preference value for locally-originated routes. The range is 1 to 255.
distribute-list prefix in Use this command to configure a filter that restricts the routes that BGP accepts from all neighbors based on destination prefix. Syntax distribute-list prefix list-name in no distribute-list prefix list-name in • list-name—A prefix list used to filter routes received from all peers based on destination prefix. Default Configuration No distribute lists are defined by default.
Syntax distribute-list prefix list-name out [ protocol | connected | static ] no distribute-list prefix list-name out [ protocol | connected | static ] • prefix list-name—A prefix list used to filter routes advertised to neighbors. • protocol|connected|static—(Optional) When a route source is specified, the distribute list applies to routes redistributed from that source. Only routes that pass the distribute list are redistributed. The protocol value may be either rip or ospf.
Syntax distribute-list prefix list-name out [ protocol | connected | static ] no distribute-list prefix list-name out [ protocol | connected | static ] • prefix list-name—A prefix list used to filter routes advertised to neighbors. • protocol|connected|static—(Optional) When a route source is specified, the distribute list applies to routes redistributed from that source. Only routes that pass the distribute list are redistributed. The protocol value may be either rip or ospf.
Syntax enable no enable Default Configuration By default, BGP is enabled once the administrator has specified the local AS number with the router bgp command and configured a router id with bgp router-id. Command Mode BGP Router Configuration mode User Guidelines When disabling BGP using no enable, BGP retains its configuration. The no router bgp command resets all BGP configuration to default values.
no ip as-path access-list as-path-list-number • as-path-list-number—A number from 1 to 500 uniquely identifying the list. All AS path access list commands with the same as-path-list-number are considered part of the same list. • permit—Permit routes whose AS Path attribute matches the regular expression. • deny—Deny routes whose AS Path attribute matches the regular expression.
Up to 128 AS path access lists can be configured, with up to 64 statements each. To enter the question mark within a regular expression, first enter CTRL-V to prevent the CLI from interpreting the question mark as a request for help. Special Character/Symbol Behavior asterisk * Matches zero or more sequences of the pattern. brackets [] Designates a range of single-character patterns. caret ^ Matches the beginning of the input string. dollar sign $ Matches the end of the input string.
console(config-router)# neighbor 172.20.1.1 remote-as 200 console(config-router)# neighbor 172.20.1.1 filter-list 1 in ip bgp-community new-format Use this command to display BGP standard communities in AA:NN format. To display BGP standard communities as 32-bit integers, use the no form of this command. Syntax ip bgp-community new-format no ip bgp-community new-format Default Configuration Standard communities are displayed in AA:NN format.
no ip bgp fast-external-fallover • permit—Enables fast external fallover on the interface, regardless of the global configuration of the feature. • deny—Disables fast external fallover on the interface, regardless of the global configuration of the feature. Default Configuration Fast external fallover is enabled globally by default. There is no default interface configuration.
• deny—Indicates that matching routes are denied. • community-number—From zero to sixteen community numbers formatted as a 32-bit integers or in AA:NN format, where AA is a 2-byte autonomous system number and NN is a 16 bit integer. The range is 1 to 4,294,967,295 (any 32-bit integer other than 0). Communities are separated by spaces. • no-advertise—The well-known standard community: NO_ADVERTISE (0xFFFFFF02), which indicates the community is not to be advertised.
If more than the maximum allowed communities are configured, the excess entries are ignored. Command History Introduced in version 6.2.0.1 firmware. Example console(config)# ip community-list standard test permit ip extcommunity-list Use the ip extcommunity-list command to create an extended community list to configure VRF route filtering. Use the no form of the command to configure VRF route filtering.
– 32-bit AS number: a 32-bit value (Ex: 65527:60110) Default Configuration No subnets are associated with a BGP listen subnet range, and the BGP dynamic neighbor feature is not activated. Command Mode Global Config mode User Guidelines This command is used to configure numbered extended community lists. Extended community attributes are used to filter routes for VRFs. All the standard rules of access lists apply to the configuration of extended community lists.
when a site is multi-homed. The SOO extended community attribute is configured using a route map in both outbound and inbound directions. The SOO should not be configured for stub sites or sites that are not multi-homed Command History Introduced in version 6.3.0.1 firmware. Command updated in version 6.6 firmware. Example The following example shows the creation of an extended community list that permits routes from route target 1:1 and site of origin 2:2 and denies routes from route target 3:3 and 4:4.
match extcommunity Use the match extcommunity command to match BGP extended community list attributes. Use the no form of this command to remove the match extcommunity from the configuration and BGP extended community list attribute entry. NOTE: This command is effective only if BGP is running on the router. Syntax match extcommunity standard-list no match extcommunity standard-list • standard-list—A standard list identifier that identifies one or more permit or deny groups of extended communities.
(R1)(config-route-map)# exit maximum-paths (BGP Router Configuration) Use this command to specify the maximum number of next hops BGP may include in an Equal Cost Multipath (ECMP) route derived from paths received from neighbors outside the local autonomous system. Syntax maximum-paths number-of-paths no maximum-paths • number-of-paths—The maximum number of next hops in a BGP route. The range is from 1 to 32 unless the platform or currently selected SDM template further restricts the range.
Example console(config-router)#maximum-paths 5 maximum-paths (IPv6 Address Family Configuration) Use this command to limit the number of ECMP next hops in IPv6 routes from external peers. Syntax maximum-paths number-of-paths no maximum-paths • number-of-paths—The maximum number of next hops in a BGP route. The range is from 1 to 32 unless the platform or SDM template further restricts the range. Default Configuration BGP advertises a single next hop by default.
Example console(config-router-af)#maximum-paths 5 maximum-paths ibgp (BGP Router Configuration) Use this command to specify the maximum number of next hops BGP may include in an Equal Cost Multipath (ECMP) route derived from paths received from neighbors within the local autonomous system. Syntax maximum-paths ibgp number-of-paths no maximum-paths ibgp • number-of-paths—The maximum number of next hops in a BGP router.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#maximum-paths ibgp 5 maximum-paths ibgp (IPv6 Address Family Configuration) Use this command to limit the number of ECMP next hops in IPv6 routes from internal peers. Syntax maximum-paths ibgp number-of-paths no maximum-paths ibgp • number-of-paths—The maximum number of next hops in a BGP router. The range is from 1 to 32 unless the platform or SDM template further restricts the range.
• N20xx 1-1 Configure the data-center version of the desired SDM template to increase the ECMP paths. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#maximum-paths ibgp 5 neighbor activate Use this command to enable the exchange of IPv6 routes with a neighbor. To disable the exchange of IPv6 addresses, use the no form of this command.
User Guidelines The neighbor address must be the same IP address used in the neighbor remote-as command to create the peer. When IPv6 is enabled or disabled for a neighbor, the adjacency is brought down and restarted to communicate to the change to the peer. Completely configure IPv6 policy for the peer before activating the peer. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware.
• seconds—The minimum time between route advertisement, in seconds. The range is 0 to 600 seconds. Default Configuration The default value is 30 seconds for external peers and 5 seconds for internal peers. Command Mode BGP Router Configuration mode User Guidelines RFC 4271 recommends the interval for internal peers be shorter than the interval for external peers to enable fast convergence within an autonomous system.
no neighbor { ipv6-address [interface interface-id]} advertisement-interval • interface-id—A routing interface identifier. • ipv6-address—The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. • seconds—The minimum time between route advertisement, in seconds. The range is 0 to 600 seconds. Default Configuration The default value is 30 seconds for external peers and 5 seconds for internal peers.
neighbor allowas-in Use the neighbor allowas-in command to accept prefixes even if local ASN is part of the AS_PATH attribute. Use the no form of the command to disable acceptance of prefixes if the local ASN is part of the AS_PATH.
Command History Introduced in version 6.3.0.1 firmware. Example console(config)# router console(config-router)# console(config-router)# console(config-router)# console(config-router)# bgp 65000 neighbor 172.20.1.2 remote-as 65001 neighbor 172.20.1.2 allowas-in 1 neighbor 2001::2 remote-as 65003 neighbor 2001::2 allowas-in 3 neighbor connect-retry-interval Use this command in to configure the initial connection retry time for a specific neighbor.
IPv4 Address Family Configuration mode User Guidelines If a neighbor does not respond to an initial TCP connection attempt, the switch retries three times. The first retry is after the retry interval configured with neighbor connect-retry-interval. Each subsequent retry doubles the previous retry interval. So by default, the TCP connection is retried after 2, 4, and 8 seconds. If none of the retries is successful, the adjacency is reset to the IDLE state and the IDLE hold timer is started.
Default Configuration No default is originated by default. Command Mode BGP Router Configuration mode User Guidelines By default, a neighbor-specific default has no MED and the Origin is IGP. Attributes may be set using an optional route map. A neighbor-specific default is only advertised if the Adj-RIB-Out does not include a default learned by other means, either from the default-information originate (BGP Router Configuration) command or a default learned from a peer.
neighbor default-originate (IPv6 Address Family Configuration) To configure BGP to originate a default IPv6 route to a specific neighbor, use the neighbor default-originate command in IPv6 Address Family configuration mode. Syntax neighbor { ip-address | ipv6-address [interface interface-id]} defaultoriginate [route-map map-name] • interface-id—A routing interface identifier (VLAN interface). • ip-address—The neighbor’s IPv4 address. • ipv6-address —The neighbor’s IPv6 address.
Origination of the default route is not subject to a prefix filter configured with the command distribute-list prefix out (BGP Router Configuration). A route map may be configured to set attributes on the default route sent to the neighbor. If the route map includes a match ip-address term, that term is ignored. If the route map includes match community or match as-path terms, the default route is not advertised. If there is no route map with the route map name given, the default route is not advertised.
Default Configuration No description is configured by default. Command Mode BGP Router Configuration mode IPv4 Address Family Configuration mode User Guidelines The VLAN interface must also be specified if a link-local address is specified. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware.
• interface interface-id —The local VLAN routing interface over which the IPv6 neighbor can be reached or is auto-detected. Use the vlan keyword and a VLAN ID. Range 1-4093. • autodetect interface interface-id — The VLAN routing interface on which the neighbor’s link local IPv6 address is auto detected. Use the vlan keyword and a VLAN ID. Range 1-4093. • hop-count — The maximum hop-count allowed to reach the neighbor. The allowed range is 1–255. Default Configuration The default hop count is 64.
The IPv6 Link Local Address Auto Detect feature eliminates the need for the network administrator to configure the link local IPv6 address of every neighbor. Instead of specifying the link local IPv6 address, the network administrator can use a special keyword “autodetect” to refer to the link local IPv6 address of the neighbor.
Syntax neighbor { ip-address | ipv6-address [ interface interface-id ]} filter-list aspath-list-number {in | out} no neighbor { ip-address | ipv6-address [ interface interface-id ]} filter-list as-path-list-number {in | out} • interface-id—A routing interface identifier (VLAN interface). • ip-address—The neighbor’s IPv4 address. • ipv6-address —The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified.
Example console(config-router)#neighbor FE80::0202:B3FF:FE1E:8329 interface vlan 10 filter-list 1 in neighbor filter-list (IPv6 Address Family Configuration) This command filters BGP to apply an AS path access list to UPDATE messages received from or sent to a specific neighbor. Filtering for IPv6 is independent of filtering configured for IPv4. If an UPDATE message includes both IPv4 and IPv6 NLRI, it could be filtered for IPv4 but accepted for IPv6 or vice versa.
User Guidelines If you assign a neighbor filter list to a nonexistent AS path access list, all routes are filtered. The VLAN interface must also be specified if a link-local address is specified. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#neighbor FE80::0202:B3FF:FE1E:8329 interface vlan 10 filter-list 1 in neighbor inherit peer To configure a BGP peer to inherit peer configuration parameters from a peer template, use the neighbor inherit peer command.
Command Mode BGP Router Configuration mode, IPv4 Address Family Configuration mode User Guidelines Neighbor session and policy parameters can be configured once in a peer template and inherited by multiple neighbors, eliminating the need to configure the same parameters for each neighbor. Parameters are inherited from the peer template specified and from any templates it inherits from. A neighbor can inherit directly from only one peer template. Command History Introduced in version 6.2.0.1 firmware.
• ip-address — The neighbor’s IPv4 address. • ipv6-address [ interface interface-id] — The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. • autodetect interface interface-id — The VLAN routing interface on which the neighbor’s link local IPv6 address is auto detected. • local-as as-number — The AS number to advertise as the local AS in the AS PATH sent to the neighbor.
• The router replaces the global AS of the router with the configured local-as when advertising the routes to the peer on which this command is configured. • As well the local-as is not prepended to the routes received from the neighbor on which this command is configured. This command is allowed only on external BGP neighbors. A neighbor can inherit this configuration from a peer template. When the local-as is configured for a peer, the BGP peer adjacency gets reset.
• interface-id—If the neighbor’s IPv6 address is a link local address, the local VLAN routing interface must also be specified. • maximum—The maximum number of prefixes BGP will accept from this neighbor. Range 0-4294967295. Values greater than the free space in the route table are not enforced. • threshold—The percentage of the maximum number of prefixes BGP configured for this neighbor.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#neighbor FE80::0202:B3FF:FE1E:8329 interface vlan 10 maximum-prefix unlimited neighbor maximum-prefix (IPv6 Address Family Configuration) In IPv6 address family configuration mode, the neighbor maximum-prefix command specifies the maximum number of IPv6 prefixes that BGP will accept from a given neighbor.
• unlimited—Do not enforce any prefix limit. Use this option when inbound filtering will reduce the number received prefixes such that they will fit in the routing table. Exceeding the capacity of the routing table will cause the adjacency to be shut down unless the warning-only option is configured. • warning-only—(Optional) If BGP receives more than the maximum number of prefixes, BGP writes a log message rather than shutting down the adjacency.
neighbor next-hop-self (BGP Router Configuration) The neighbor next-hop-self command configures BGP to set the next hop attribute to a local IP address when advertising a route to an internal peer. Normally, BGP retains the next hop attribute received from the external peer. Syntax neighbor { ip-address | ipv6-address [ interface interface-id ]} next-hop-self no neighbor { ip-address | ipv6-address [ interface interface-id ]} next-hopself • ip-address – The neighbor’s IPv4 address.
Example console(config-router)#neighbor FE80::0202:B3FF:FE1E:8329 interface vlan 10 next-hop-self neighbor next-hop-self (IPv6 Address Family Configuration) In IPv6 address family configuration mode, the neighbor next-hop-self command configures BGP to use a local address as the IPv6 next hop when advertising IPv6 routes to a specific peer.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#neighbor FE80::0202:B3FF:FE1E:8329 interface vlan 10 next-hop-self neighbor password Use the neighbor password command to enable MD5 authentication of TCP segments sent to and received from a neighbor, and to configure an authentication key.
User Guidelines MD5 must either be enabled or disabled on both peers. The same password must be configured on both peers. After a TCP connection is established, if the password on one end is changed, then the password on the other end must be changed to match before the hold time expires. Using the default hold times, both passwords must be changed within 120 seconds to guarantee the connection is not dropped. The VLAN interface must also be specified if a link-local address is specified.
• out—Apply the prefix list to advertisements to be sent to this neighbor. Default Configuration No prefix list is configured. Command Mode BGP Router Configuration mode User Guidelines Only one prefix list may be defined for each neighbor in each direction. If a prefix list that does not exist is assigned, all prefixes are permitted. The VLAN interface must also be specified if a link-local address is specified. Command History Introduced in version 6.2.0.1 firmware.
• ipv6-address—The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. This command is available in IPv6 address family mode. • interface vlan vlan-id—The local interface/VLAN ID over which the IPv6 neighbor can be reached. Range: 1-4093. • in—Apply the prefix list to advertisements received from this neighbor. • out—Apply the prefix list to advertisements to be sent to this neighbor.
no neighbor { ip-address | ipv6-address [interface vlan vlan-id] | autodetect interface interface-id } remote-as • ip-address—The neighbor’s IPv4 address. For external peers, this address must be an IPv4 address on the link that connects the two peers. For internal peers, the neighbor address can be any address, such as the IPv4 address of a loopback interface. • ipv6-address—The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified.
Example console(config-router)#neighbor 10.130.14.55 remote-as 10 neighbor remove-private-as Use the neighbor remove-private-as command to remove private AS numbers when advertising IPv4 routes to an external peer. To stop removing private AS numbers, use the no form of this command.
range, it is treated as a private ASN when removing or replacing private ASNs. ASNs in the range 64496-64511 and 65536-65551 are for documentation purposes only and should never be used in a network. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#neighbor 10.130.14.55 remove-private-as neighbor rfc5549-support Use the neighbor rfc5549-support command to enable advertisement of IPv4 routes over IPv6 next hops selectively to an external BGP IPv6 peer.
When the Extended Next Hop Encoding capability is not received from a neighbor, Dell EMC Networking does not advertise the RFC 5549 routes to the neighbor. The Dell EMC Networking solution is interoperable with routers that do not support RFC 5549. Command History Introduced in version 6.3.0.1 firmware. Example The following example results in the connected IPv4 networks 1.1.1.0/24 and 2.2.2.0/24 advertised with next hop set to 2001::1 only to eBGP IPv6 peer 2001::2 and not to eBGP peer 2002::2.
no neighbor ip-address route-map map-name { in | out } • ip-address—The neighbor’s IP address. • route-map map-name—The name of the route map to be used to filter route updates on the specified interface. • in | out—Whether the route map is applied to incoming or outgoing routes. Default Configuration No route maps are applied by default. Command Mode A route map can be used to change the local preference, MED, or AS Path of a route.
Syntax neighbor { ip-address | ipv6-address [ interface vlan vlan-id ]} route-map map-name { in | out } no neighbor { ip-address | ipv6-address [ interface vlan vlan-id]} route-map map-name { in | out } • ip-address—The neighbor’s IP address. • ipv6-address—The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified. Valid in IPv6 address family mode.
Example console(config-router-af)#neighbor 10.130.14.55 route-map test in neighbor route-reflector-client (BGP Router Configuration) To configure an internal peer as an IPv4 route reflector client, use the neighbor route-reflector-client command. Syntax neighbor ip-address route-reflector-client no neighbor ip-address route-reflector-client • ip-address—The neighbor’s IPv4 address. Default Configuration Peers are not route reflector clients by default.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#neighbor 10.130.14.55 route-reflector-client neighbor route-reflector-client (IPv6 Address Family Configuration) To configure an internal peer as an IPv4 route reflector client, use the neighbor route-reflector-client command.
If you configure multiple route reflectors within a cluster, you must configure each route reflector in the cluster with the same cluster ID. Use the bgp cluster-id command to configure a cluster ID. An external peer may not be configured as a route reflector client. When reflecting a route, BGP ignores the set statements in an outbound route map to avoid causing the receiver to compute routes that are inconsistent with other routers in the AS. Command History Introduced in version 6.2.0.1 firmware.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#neighbor 10.130.14.55 send-community neighbor send-community (IPv6 Address Family Configuration) In IPv6 address family configuration mode, the neighbor send-community command tells BGP to send the COMMUNITIES attribute with routes advertised to the peer.
Example console(config-router-af)#neighbor 10.130.14.55 send-community neighbor shutdown Use the neighbor shutdown command to administratively disable communications with a specific BGP neighbor. The effect is to gracefully bring down the adjacency with the neighbor. If the adjacency is up when the command is given, the peering session is dropped and all route information learned from the neighbor is purged.
User Guidelines When a neighbor is shut down, BGP first sends a NOTIFICATION message with a Cease error code. When an adjacency is administratively shut down, the adjacency stays down until administratively re-enabled (using no neighbor shutdown). Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Example console(config-router)#neighbor 10.130.14.
• keepalive—The time, in seconds, between BGP KEEPALIVE packets sent to a neighbor. The range is 0 to 65,535 seconds. A small internal jitter is applied to the keepalive interval timer in order to reduce the CPU load that may occur when multiple timers expire simultaneously. • holdtime—The time, in seconds, that BGP continues to consider a neighbor to be alive without receiving a BGP KEEPALIVE or UPDATE packet from the neighbor.
Syntax neighbor { ip-address | ipv6-address [ interface vlan vlan-id ] | autodetect interface interface-id }} update-source interface no neighbor { ip-address | ipv6-address [ interface vlan vlan-id ] | autodetect interface interface-id }} update-source • ip-address—The neighbor’s IPv4 address. This is the IP address of the neighbor on the connected link. • ipv6-address—The neighbor’s IPv6 address. If the neighbor’s IPv6 address is a link local address, the local interface must also be specified.
It is common to use an IP address on a loopback interface as an update source because a loopback interface is always reachable as long as any routing interface is up. The peering session will stay up as long as the loopback interface remains reachable. If you use an IP address on a routing interface, then the peering session will go down if that interface goes down. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Example console(config-router)#neighbor 10.130.
• prefix-length—The length of the IPv6 prefix given as part of the ipv6prefix. Required if a prefix is specified. A decimal value in the range 1 to 128 that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address) in /length format. A slash mark must precede the decimal value in /length format. • rm-name—The name of a route map used to filter prefixes or set attributes of prefixes advertised by this network.
network (IPv6 Address Family Configuration) In IPv6 address family configuration mode, the network command identifies network IPv6 prefixes that BGP originates in route advertisements to its neighbors. Syntax network prefix mask network-mask [ route-map rm-name ] no network prefix mask network-mask [ route-map rm-name ] network ipv6-prefix/prefix-length [ route-map rm-name ] no network ipv6-prefix/prefix-length • prefix—An IPv4 address prefix in dotted decimal notation.
User Guidelines BGP supports up to 64 networks. The network command may also be used specify a default route (network 0.0.0.0 mask 0.0.0.0). If a route map is configured to set attributes on the advertised routes, match as-path and match community terms in the route map are ignored. A match ip-address prefix-list term is honored in this context. If the route map includes such a match term, the network is only advertised if the prefix list permits the network prefix.
Example console(config-router)#redistribute rip rd Use the rd command to configure a BGP routing session to advertise VPNIPv4 prefixes. Use the no form of this command to delete the VPN-IPv4 configuration. Syntax rd route-distinguisher no rd route-distinguisher— A 2-byte or an 8-byte value to be prepended to an IPv4 prefix to create a VPN IPv4 prefix.
Once an RD has been configured, it may not be reconfigured. Use the no form of the command to remove the RD before configuring a new RD value. This command is effective only if BGP is running on the router. Command History Introduced in version 6.3.0.1 firmware.
is configured for BGP (default metric command), the MED is set to the default metric. If both a default metric and a metric value are not configured, the prefix is advertised without an MED attribute. • match—(Optional) By default, if BGP is configured to redistribute OSPF routes, BGP only redistributes internal routes (OSPF intra-area and interarea routes). Use of the match option configures BGP to also redistribute specific types of external routes, or to disable redistribution of internal OSPF routes.
The RIP metric is a hop count. The metric for a redistributed route limits the distance the route can be redistributed in the RIP network. Since the maximum valid metric in a RIP network is 15, redistributing routes into RIP with a metric of 12 implies that the route can only be redistributed across 3 hops in the RIP network. In conformance with RFC 1475, information learned via BGP from peers within the same AS is not redistributed to OSPF.
• match—(Optional) By default, if BGP is configured to redistribute OSPF routes (redistribute ospf command), BGP only redistributes internal routes (OSPF intra-area and inter-area routes). Use of the match option configures BGP to also redistribute specific types of external or internal routes, or to disable redistribution of OSPF routes. The match option is only valid for OSPF originated routes. Successive redistribute commands are additive.
Command History Introduced in version 6.2.0.1 firmware. Example console(config-router-af)#redistribute rip route-target Use the route-target command to create a list of export, import, or both route target (RT) extended communities for the specified VRF instance. Use the no form of the command to remove the route target from a VRF instance.
Command Mode Privileged Exec mode User Guidelines Configure the route-target command once for each target extended community. Routes that are learned and carry a specific route-target extended community are imported into all VRFs configured with that particular extended community as an import route target. The configured export RT is advertised as an extended community in the MPBGP format to the eBGP peer. An RT is either: • ASN related – Composed of an autonomous system number and an arbitrary number.
Syntax set extcommunity rt value [additive] no set extcommunity rt • • value — Specifies the route target extended community value. This value can be entered in one of the following formats: – 16-bit AS number: a 32-bit value (Ex: 64496:11) – 32-bit IPv4 address: a 16-bit value (Ex: 10.1.1.1:22) – 32-bit AS number: a 32-bit value (Ex: 65537:60110) additive–Adds a route target to the existing route target list without replacing any existing route targets.
Example The following example shows how to set the extended community attribute for route target with route-maps. (R1)(Config)# ip extcommunity-list 10 permit rt 1:1 (R1)(config)# route-map SEND_OUT permit 10 (R1)(config-route-map)# match extcommunity 13 (R1)(config-route-map)# set extcommunity rt 10:10 additive (R1)(config-route-map)# exit set extcommunity soo Use the set extcommunity soo command to set BGP extended community attributes for the site of origin.
User Guidelines The site of origin (SOO) extended communities attribute is configured with the soo keyword. This attribute uniquely identifies the site from which the Provider Edge (PE) router learned the route. All routes learned from a particular site must be assigned the same SOO extended community attribute, whether a site is connected to a single PE router or multiple PE routers. Configuring this attribute prevents routing loops from occurring when a site is multi-homed.
• ipv6-prefix—An IPv6 network prefix. This argument must be in the form where the address is specified in hexadecimal using 16-bit values between 0x00 and 0xff and separated by colons. Limits the output to a specific prefix. • prefix-length—The length of the IPv6 prefix given as part of the ipv6prefix. This is required if a prefix is specified.
Status codes • s—The route is aggregated into an aggregate address configured with the summary-only option • *—Dell EMC Networking BGP never displays invalid routes; so this code is always displayed (to maintain consistency with the industry standard) • >—Indicates that BGP has selected this path as the best path to the destination • i—If the route is learned from an internal peer Network IPv6 Destination prefix Next Hop The route’s BGP next hop Metric Multi-Exit Discriminator LocPrf The local pref
Syntax show bgp ipv6 aggregate address-group Default Configuration There is no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed. Field Description Prefix/Len Destination prefix and prefix length. AS Set Indicates if an empty AS path is advertised with the aggregate address (N) or an AS SET is advertised with the set of AS numbers for the paths contributing to the aggregate (Y).
show bgp ipv6 community Use this command to display IPv6 routes that belong to the specified set of communities. This command replaces and deprecates the show ipv6 bgp community command Syntax show bgp ipv6 community communities [ exact-match ] • communities—A string of zero or more community values, which may be in either format and may contain the well-known community keywords noadvertise and no-export. The output displays routes that belong to every community specified in the command.
Status codes • s—The route is aggregated into an aggregate address configured with the summary-only option • *—Dell EMC Networking BGP never displays invalid routes; so this code is always displayed (to maintain consistency with the industry standard) • >—Indicates that BGP has selected this path as the best path to the destination • i—If the route is learned from an internal peer Network IPv6 Destination prefix Next Hop The route’s BGP next hop Metric Multi-Exit Discriminator LocPrf The local pref
• exact-match—Displays only routes that are an exact match for the set of communities in the matching community list statement. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed. Field Description BGP table version Each time phase 2 of the BGP decision process runs to select new BGP routes, this number is incremented.
Example BGP table version is 0, local router ID is 65.1.1.1 Status Codes: s suppressed, * valid, > best, i - internal Origin Codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPref Path ------------------ --------------- --------- ---------- ---------- show bgp ipv6 listen range Use the show bgp ipv6 listen range command to display information about IPv6 BGP listen ranges.
2001::20 0 ACTIVE Listen Range.................................. 2002::1/64 Inherited Template............................ template_2002 Member ASN State --------------------------------------- ----- ----------- show bgp ipv6 neighbors Use this command to display neighbors with IPv4 or IPv6 peer addresses that are enabled for the exchange of IPv6 prefixes. This command deprecates and replaces the show ipv6 bgp neighbors command.
• If the peer is configured as “autodetect”, the “Remote Address” shows detected IPv6 address or “Unresolved” in case if the peer is not detected by the autodetect feature. • “Autodetect status” is displayed only if the peer is configured as “autodetect”. The field shows one of the following statuses: • Peer is detected • Peer is not detected • Multiple peers are detected The following fields are displayed. Field Description Remote Address The neighbor’s IPv6 address.
IPv4 Unicast Support Indicates whether IPv4 unicast routes can be exchanged with this peer. Both indicates that IPv4 is active locally and the neighbor indicated support for IPv4 unicast in its OPEN message. Sent indicates that IPv4 unicast is active locally, but the neighbor did not include this AFI/SAFI pair in its OPEN message. IPv4 unicast is always enabled locally and cannot be disabled. IPv6 Unicast Support Indicates whether IPv6 unicast routes can be exchanged with this peer.
Prefix Limit The maximum number of prefixes this router is willing to accept from this neighbor. Prefix Warning Threshold Percentage of the prefix limit that causes a warning message to be logged. Warning Only on Prefix Limit Whether to shutdown a neighbor that exceeds the prefix limit. TRUE if the event is logged without shutting down the neighbor. Minimum Advertisement Interval The minimum time between UPDATE messages sent to this neighbor.
Prefixes Withdrawn A running count of the number of prefixes included in the Withdrawn Routes portion of UPDATE messages, to and from this neighbor. Prefixes Current The number of prefixes currently advertised to or received from this neighbor. For inbound prefixes, this count only includes prefixes that passed inbound policy. Prefixes Accepted The number of prefixes from this neighbor that are eligible to become active in the local RIB.
Configured Hold Time.......................... Configured Keep Alive Time.................... Negotiated Hold Time.......................... Keep Alive Time............................... MD5 Password.................................. 90 sec 30 sec 30 sec 10 sec password Last Error (Sent).............................. Last SubError.................................. Time Since Last Error.......................... Established Transitions........................ Established Time..............................
• ipv6-address [interface interface-id]—The IPv6 address of a BGP peer. If the peer address is an IPv6 link local address, the interface that defines the scope of the link local address must be given. • autodetect interface interface-id—(Optional) The routing interface on which the neighbor’s link local IPv6 address is auto detected. The interface ID must be a VLAN routing interface. Default Configuration There is no default configuration for this command.
Origin The value of the origin attribute. • i—IGP • e—EGP • ?—Incomplete Command History Introduced in version 6.2.0.1 firmware. Modified in version 6.3.0.1 firmware. Example console#show bgp ipv6 neighbors fe80::211:12ff:fe06:4 interface vl10 advertised-routes BGP table version is 10, local router ID is 0.0.0.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed. Field Description Neighbor The peer address of a neighbor. Policy A neighbor-specific BGP policy. Template If the policy is inherited from a peer template, this field lists the template name. Command History Introduced in version 6.2.0.1 firmware. Modified in version 6.3.0.
policy. The output and format as the same as for show IP bgp neighbors received-routes, except that they list IPv6 routes. Also, the command displays a list of IPv4 routes received from a specific neighbor with RFC5549. This command deprecates and replaces the show ipv6 bgp neighbors received-routes command.
Origin The value of the Origin attribute as received from the peer. Command History Introduced in version 6.2.0.1 firmware. Modified in version 6.3.0.1 firmware. Example console#show bgp ipv6 neighbors 1010:10::103 routes Local router ID is 0.0.0.
Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes. User Guidelines The following fields are displayed. Field Description Delta T How long since the decision process was run. hours:minutes:seconds if the elapsed time is less than 24 hours. Otherwise, days:hours. Phase The phase of the decision process that was run. Upd Grp Outbound update group ID. Only applies when phase 3 is run.
Modified in version 6.3.0.1 firmware.
Traps Whether BGP traps are enabled. Maximum Paths The maximum number of next hops in an external BGP route. Maximum Paths iBGP The maximum number of next hops in an internal BGP route. Default Keep Alive Time The configured keepalive time used by all peers that have not been configured with a peer-specific keepalive time. Default Hold Time The configured hold time used by all peers that have not been configured with a peer-specific hold time.
MsgSent The number of BGP messages sent to this neighbor State The adjacency state. One of IDLE, CONNECT, ACTIVE, OPEN SENT, OPEN CNFRM, EST Up/Down Time How long the adjacency has been in the ESTABLISHED state, or, if the adjacency is down, how long it has been down. In days:hours:minutes:seconds Pfx Rcvd The number of IPv6 prefixes received from the neighbor Command History Introduced in version 6.2.0.1 firmware. Modified in version 6.3.0.1 firmware.
show bgp ipv6 update-group Use this command to report the status of IPv6 outbound groups and their members. Output and format are the same as for show ip bgp update-group. This command deprecates and replaces the show ipv6 bgp update-group command. Syntax show bgp ipv6 update-group [ group-index | ipv4-address | ipv6-address [ interface interface-id ] | autodetect interface interface-id ] • group-index—If specified, this option restricts the output to a single update group.
Fields Description Version The update version. Delta T The amount of time elapsed since the update send process executed. hours::minutes::seconds. Duration How long the update send process took, in milliseconds UPD Built The number of UPDATE messages built. UPD Sent The number of UPDATE messages successfully transmitted to group members. Normally a copy of each UPDATE message built is sent to each group member. Paths Sent The number of paths advertised.
Update Version The number of times phase 3 of the BGP decision process has run for this group to determine which routes should be advertised to the group. Number of UPDATEs Sent The number of UPDATE messages that have been sent to this group. Incremented once for each UPDATE regardless of the number of group members. Time Since Last UPDATE Time since an UPDATE message was last sent to the group. If no UPDATE has been sent to the group, the status is “Never.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines If a route reflector client is configured with an outbound route map, the output warns that set statements in the route map are ignored when reflecting routes to this client. The following information is displayed. Field Description Cluster ID The cluster ID used by this router.
Clients: Non-client Internal Peers: show ip bgp To view routes in the BGP routing table, use the show ip bgp command. The output lists both the best and non-best paths to each destination.
Field Description BGP table version Each time phase 2 of the BGP decision process runs to select new BGP routes, this number is incremented.
show ip bgp aggregate-address Use the show ip bgp aggregate-address command to list the aggregate addresses that have been configured and indicates whether each is currently active. Syntax show ip bgp [vrf vrf-name] aggregate-address • vrf vrf-name — Displays the aggregate address information associated with the named VRF. Default Configuration By default, information about the global VRF is shown. Command Mode Privileged Exec mode, Global Configuration mode, and all sub-modes.
Example console#show ip bgp aggregate-address Prefix/Len ------------------1.2.3.0/24 10.10.10.0/24 AS Set -----N N Summary Only -----------N N Active -----N N show ip bgp community The show ip bgp community displays route information for the communities listed in the specified community. Syntax show ip bgp [vrf vrf-name] community communities [exact-match] • vrf vrf-name—Displays the aggregate address information associated with the named VRF.
Example console#show ip bgp community BGP table version is 0, local router ID is 65.1.1.1 Status Codes: s suppressed, * valid, > best, i - internal Origin Codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPref Path Origin ------------------ --------------- ---------- ---------- ------------- --- show ip bgp community-list The show ip bgp community-list command lists the routes that are allowed by the specified community list.
Example console(config)#show ip bgp community-list test BGP table version is 0, local router ID is 65.1.1.1 Status Codes: s suppressed, * valid, > best, i - internal Origin Codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPref Path Origin ------------------ --------------- ---------- --------- ------------- ------ show ip bgp extcommunity-list Use the show ip bgp extcommunity-list command to display all the permit and deny attributes of the given extended community list.
RT The route target extended community attribute. deny Denies access for a matching condition. Command History Introduced in version 6.3.0.1 firmware. Example console#show ip bgp extcommunity-list 1 Standard extended community-list list1 permit RT:1:100 RT:2:100 deny RT:6:600 permit RT:5:200 permit SOO:9:900 show ip bgp listen range Use the show ip bgp listen range command to display information about IPv4 BGP listen ranges.
Example console(config-router)#show ip bgp listen range Listen Range .................................. 10.27.0.0/16 Inherited Template ............................ template_10_27 Member ASN State ---------------- ----- ----------10.27.8.189 65001 OPENCONFIRM 10.27.128.235 0 ACTIVE Listen Range .................................. 15.15.0.0/24 Inherited Template ............................
User Guidelines Since IPv4 prefixes can only be exchanged over IPv4 peering, the neighboraddress parameter must be an IPv4 peer address. This option limits the output to show a single neighbor. If no neighbor address is specified, the command shows all neighbors enabled for IPv4 prefix exchange. If the vrf-name argument is specified, information pertaining to that VRF is displayed. The following fields are displayed.
Local Interface Address The IPv4 address used as the source IP address in packets sent to this neighbor. Configured Hold Time The time, in seconds, that this router proposes to this neighbor as the hold time Configured Keep Alive Time The configured KEEPALIVE interval for this neighbor. Negotiated Hold Time The minimum configured hold time and the hold time in the OPEN message received from this neighbor.
Time Elapsed Since Last Update How long since an UPDATE message has been received from this neighbor.
Path attribute length error A received path attribute has a length value that exceeds the remaining length of the path attributes field. Invalid ORIGIN code A received UPDATE message included an invalid ORIGIN code. Unexpected first ASN in AS path The AS Path attribute from an external peer did not include the peer’s AS number as the first AS. Invalid AS path segment type The AS Path includes a segment with an invalid segment type. Invalid BGP NEXT HOP The BGP NEXT HOP is not a valid unicast address.
Connection Retry Interval ..................... Neighbor Capabilities ......................... Next Hop Self ................................. IPv4 Unicast Support .......................... IPv6 Unicast Support .......................... Template Name ................................. Update Source ................................. Configured Hold Time .......................... Configured Keep Alive Time .................... Prefix Limit .................................. Prefix Warning Threshold .......
Neighbor Capabilities ......................... Next Hop Self ................................. Update Source.................................. Local Interface Address ....................... Configured Hold Time .......................... Configured Keep Alive Time..................... Negotiated Hold Time .......................... Keep Alive Time ............................... Prefix Limit................................... Prefix Warning Threshold....................... Warning Only On Prefix Limit....
Established Time .............................. secs 0 days 00 hrs 00 mins 10 show ip bgp neighbors advertised-routes The show ip bgp neighbors advertised-routes command displays the list of routes advertised to a specific neighbor. These are the routes in the adjacent RIB out for the neighbor’s outbound update group Syntax show ip bgp [vrf vrf-name] neighbors ip-address advertised-routes • ip-address—The IPv4 address of a neighbor.
Status codes p—The route has been updated in Adj-RIB-Out since the last UPDATE message was sent. Transmission of an UPDATE message is pending. Network Destination prefix Next Hop The BGP NEXT HOP as advertised to the peer. Local Pref The local preference. Local preference is never advertised to external peers. Metric The value of the Multi Exit Discriminator, if the MED is advertised to the peer. Path The AS path.
Syntax show ip bgp [vrf vrf-name]neighbors ip-address {receivedroutes|routes|rejected-routes} • vrf vrf-name — Displays the aggregate address information associated with the named VRF. • ip-address—The IPv4 address of a BGP neighbor. • Received-routes—Display the routes received by a particular neighbor prior to filtering. • Routes—Display both the received and advertised routes. • Rejected-routes—Display the routes rejected from the specified neighbor.
Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Example console #show ip bgp neighbors 172.20.101.100 received-routes local router ID is 20.1.1.1 Origin codes: i - IGP, e - EGP, ? - incomplete Network 172.20.1.0/24 20.1.1.0/24 Next Hop 172.20.101.1 172.20.101.1 Metric 10 Local Pref Path 100 20 10 100 20 Origin i ? console#show ip bgp neighbors 10.10.10.3 routes Local router ID is 0.0.0.
Command Mode Privileged Exec mode, Global Configuration mode and all sub-modes User Guidelines If the vrf-name argument is specified, information pertaining to that VRF is displayed. The following fields are displayed. Fields Description Neighbor The peer address of a neighbor. Policy A neighbor-specific BGP policy. Template If the policy is inherited from a peer template, this field lists the template name. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.
show ip bgp route-reflection This command displays all global configuration related to IPv4 route reflection, including the cluster ID and whether client-to-client route reflection is enabled, and lists all the neighbors that are configured as route reflector clients. Syntax show ip bgp [vrf vrf-name] route-reflection • vrf vrf-name — Displays the aggregate address information associated with the named VRF. Default Configuration By default, information about the global VRF is shown.
Clients A list of this router’s internal peers which have been configured as route reflector clients. Non-client Internal Peers A list of this router’s internal peers that are not configured as route reflector clients. Routes from nonclient peers are reflected to clients and vice-versa. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware. Example console # show ip bgp route-reflection Cluster ID........................ 1.1.1.
Default Configuration By default, information about the global VRF is shown. Command Mode User Exec mode, Privileged Exec mode, Global Config mode and all submodes. User Guidelines If the vrf-name argument is specified, information pertaining to that VRF is displayed. The following information is displayed. Fields Description Delta T How long since the decision process was run. hours:minutes:seconds if the elapsed time is less than 24 hours. Otherwise, days:hours.
Mods The number of routes modified. Always 0 for phase 1. Dels The number of routes deleted. Always 0 for phase 1. Command History Introduced in version 6.2.0.1 firmware. Updated in version 6.3.0.1 firmware.
The following information is displayed. Fields Description Admin Mode Whether BGP is globally enabled. BGP Router ID The configured router ID Local AS Number The router’s AS number Traps Whether BGP traps are enabled. Maximum Paths The maximum number of next hops in an external BGP route. Maximum Paths iBGP The maximum number of next hops in an internal BGP route.
Route Map The name of the route map used to filter redistributed routes. Neighbor The IP address of a neighbor. ASN The neighbor’s ASN. MsgRcvd The number of BGP messages received from this neighbor. MsgSent The number of BGP messages sent to this neighbor. State The adjacency state. One of IDLE, CONNECT, ACTIVE, OPEN SENT, OPEN CNFRM, EST. Up/Down Time How long the adjacency has been in the ESTABLISHED state, or, if the adjacency is down, how long it has been down.
ospf match: int Neighbor ASN MsgRcvd MsgSent State Up/Down Time Pfx Rcvd ---------------- ----- -------- -------- ------------- -------------- -----10.10.10.10 65000 2269 4666 ESTABLISHED 0:00:17:15 0 show ip bgp template The show ip bgp template command lists the routes that are allowed by the specified community list. Syntax show ip bgp template [ template-name ] • template-name—(Optional) Limits the output to a single template Default Configuration There is no default configuration for this command.
Example console#show ip bgp template Template Name ------------peer-grp1 IPv4 Configuration ----------------------------timers 5 15 password rivendell advertisement-interval 15 peer-grp2 IPv4 IPv4 IPv6 IPv6 prefix-list strider in maximum-prefix 100 prefix-list gandolf in maximum-prefix 200 peer-grp3 IPv6 send-community IPv4 update-source loopback 0 next-hop-self peer-grp4 AF ---- show ip bgp traffic The show ip bgp traffic command list the routes that are allowed by the specified community list
The output shows when BGP counters were last cleared (using clear ip bgp counters). Clearing counters resets all values in this output to 0 except for the high water mark for the work queues. The first table lists the number of BGP messages of each type that this router has sent and received. Following the table is a maximum send and receive UPDATE message rate. These rates report the busiest one-second interval. The queue statistics table reports information for BGP work queues.
MIB Queries 0 0 0 5 show ip bgp update-group This command reports the status of IPv4 outbound update groups and their members. Syntax show ip bgp [vrf vrf-name] update-group [group-index | peer-address ] • vrf vrf-name — Displays the aggregate address information associated with the named VRF. • group-index—(Optional) If specified, this option restricts the output to a single update group.
UPD Built The number of UPDATE messages built. UPD Sent The number of UPDATE messages successfully transmitted to group members. Normally a copy of each UPDATE message built is sent to each group member. Paths Sent The number of paths advertised. Pfxs Adv The number of prefixes advertised. Pfxs Wd The number of prefixes withdrawn. The following information is displayed. Fields Description Update Group ID Unique identifier for outbound update group.
Time Since Last UPDATE Time since an UPDATE message was last sent to the group. If no UPDATE has been sent to the group, the status is “Never.” Current Prefixes The number of prefixes currently advertised to the group. Current Paths The number of paths currently advertised to the group. Prefixes Advertised The total number of prefixes advertised to the group since the group was formed.
Version 10 11 12 13 14 15 16 17 18 19 Delta T Duration UPD Built UPD Sent Paths Sent Pfxs Adv 00:33:49 100 6 288 5 1250 00:33:49 0 4 192 3 750 00:33:49 0 2 96 1 250 00:33:49 0 2 96 1 250 00:33:49 0 1 48 0 0 00:33:49 100 8 384 7 1750 00:33:49 0 3 144 2 500 00:31:49 0 4 192 3 750 00:23:49 100 4 192 3 750 00:03:49 100 6 288 5 1250 Update Group ID............................ Peer Type.................................. Minimum Advertisement Interval............. Send Community.............................
• rd route-distinguisher—Displays the NLRI prefixes that match the named route distinguisher. • vrf vrf-name—Displays the NLRI prefixes associated with the named VRF instance. • ip-prefix/length — IP address of a network in the routing table and the length of the mask (0 to 32). The slash mark must be included. • statistics — Displays BGP VPNv4 statistics Default Configuration There is no default configuration.
The command output provides the following information. Term Description BGP table version Each time phase 2 of the BGP decision process runs to select new BGP routes, this number is incremented Status codes One of the following: • s: The route is aggregated into an aggregate address configured with the summary-only option. • *: BGP never displays invalid routes; so this code is always displayed (to maintain consistency with the industry standard).
Term Description Type Whether the path is received from an internal or external peer. IGP Cost The interior gateway cost (e.g., OSPF cost) to the BGP NEXT HOP. Peer (Peer ID) The IP address of the peer that sent this route, and its router ID. BGP Next Hop The BGP NEXT HOP attribute. Atomic Aggregate If the ATOMIC AGGEGATE attribute is attached to the path. Aggregator The AS number and router ID of the speaker that aggregated the route. Communities The BGP communities attached to the path.
*> 25.95.16.0/24 *> 25.14.8.0/24 120.10.1.1 120.10.1.1 10 10 Route Distinguisher *> 174.20.1.0/24 *> 26.95.16.0/24 *> 26.14.8.0/24 : 3:30 (for VRF yellow) 130.10.1.1 10 130.10.1.1 10 130.10.1.1 10 100 100 20 10 i 20 10 i 100 100 100 20 10 i 20 10 i 20 10 i The following example shows VPNv4 routing entries for VRF named red: (R1) # show ip bgp vpnv4 vrf red BGP table version is 5, local router ID is 20.1.1.
AS Path.................................... Origin..................................... Type....................................... IGP Cost................................... Peer (Peer ID)............................. BGP Next Hop............................... Extended Community......................... 18 50 27 Incomplete External 10 200.1.1.1 (18.24.1.3) 200.1.1.
• address-family • allowas-in • connect-retry-interval • description • ebgp-multihop • fall-over • local-as • password • remote-as • rfc5549-support • shutdown • timers • update-source See the associated neighbor commands for a description of parameters and keywords. Note that Dell EMC Networking does not support a remote-as asnumber command in this mode. The neighbor’s AS number must be specified when the neighbor is created. Command History Introduced in version 6.2.0.
console(config-rtr-tmplt)# exit console(config-router)# neighbor 172.20.1.2 console(config-router)# neighbor 172.20.2.2 console(config-router)# address-family ipv6 console(config-router)# neighbor 172.20.1.2 console(config-router)# neighbor 172.20.2.2 inherit peer AGGR inherit peer AGGR activate activate timers bgp The timers bgp command configures the default keepalive and hold timers that BGP uses for all neighbors unless specifically overridden by the neighbor timers command.
The new values are not applied to adjacencies already in the ESTABLISHED state. A new keepalive or hold time is applied the next time an adjacency is formed. Command History Introduced in version 6.2.0.1 firmware. Example console(config-router)#timers bgp 1000 500 timers policy-apply delay This command configures the delay after which any change to the global or per BGP neighbor inbound/outbound policies are applied.
For any change in the outbound policies applicable to a neighbor, the WITHDRAW packets are sent followed by the UPDATE packets when they are applied after the delay timeout. In case of changes to other neighbor attributes like send-community, remove-private-asn, etc. the WITHDRAW packets are not sent instead, the new UPDATEs are sent after the delay timeout. Command History Command introduced in version 6.6 firmware.
Command History Command introduced in version 6.6 firmware. graceful-restart-helper This command enables the graceful restart helper capability. Syntax graceful-restart-helper no graceful-restart-helper Default Configuration Graceful restart capability is disabled by default. Graceful restart helper capability is enabled by default.
BGP Routing Policy Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series Switches Exterior routing protocols like BGP use industry-standard routing policy to filter and modify routing information exchanged with peers.
• regexp—A regular expression used to match the AS path attribute of a BGP path where the AS path is treated as an ASCII string. Default Configuration No AS path lists are configured by default. There are no default values for any of the parameters of this command. Command Mode Global Configuration User Guidelines The AS path attribute is a list of the autonomous system numbers along the path to the destination. An AS path access list is an ordered sequence of statements.
Special Character Symbol Behavior caret ^ Matches the beginning of the input string. dollar sign $ Matches the end of the input string. hyphen – Separates the end points of a range. period . Matches any single character, including white space. plus sign + Matches 1 or more sequences of the pattern. question mark ? Matches 0 or 1 occurrences of the pattern.
Command Mode Global Configuration User Guidelines RFC 1997 specifies that the first two bytes of a community number are considered to be an autonomous system number. The new format displays a community number as the ASN followed by a 16-bit AS-specific number. Example console(config)#ip bgp-community new-format ip community-list To create or configure a BGP community list, use the ip community-list command in global configuration mode. To delete a community list, use the no form of this command.
• no-export-subconfed—The well-know standard community: NO_EXPORT_SUBCONFED (0xFFFFFF03), which indicates the routes are not to be advertised to external BGP peers. Default Configuration No community lists are configured by default. Command Mode Global Configuration User Guidelines A community list statement with no community values is considered a match for all routes, regardless of their community membership. So the statement ip community-list bullseye permit is a permit all statement.
• list-name—The text name of the prefix list. Up to 32 characters. • seq number—(Optional) The sequence number for this prefix list statement. Prefix list statements are ordered from lowest sequence number to highest and processed in that order. If a sequence number is not specified, the system automatically selects a sequence number five larger than the last sequence number in the list. Two statements may not be configured with the same sequence number. The value ranges from 1 – 4,294,967,294.
User Guidelines Prefix lists allow matching of route prefixes with those specified in the prefix list. Each prefix list includes of a sequence of prefix list entries ordered by their sequence numbers. A router sequentially examines each prefix list entry to determine if the route’s prefix matches that of the entry. An empty or nonexistent prefix list permits all prefixes. An implicit deny is assumed if a given prefix does not match any entries of a prefix list.
Syntax ip prefix-list list-name description text no ip prefix-list list-name description • list-name—The text name of the prefix list. • text—Text description of the prefix list. Up to 80 characters Default Configuration No description is configured by default. Command Mode Global Configuration User Guidelines There are no user guidelines for this command. Command History Introduced in version 6.2.0.1 firmware.
• seq number—(Optional) The sequence number for this prefix list statement. Prefix list statements are ordered from lowest sequence number to highest and applied in that order. If you do not specify a sequence number, the system automatically selects a sequence number five larger than the last sequence number in the list. Two statements may not be configured with the same sequence number. The sequence number ranges from 1 – 4,294,967,294.
Default Configuration No prefix lists are configured by default. Command Mode Global Configuration User Guidelines The ipv6 prefix-list command is used to create IPv6 prefix lists. These are similar to ip prefix lists except that the lists are IPv6 specific. An IPv6 prefix list can contain only IPv6 addresses. Prefix lists allow matching of route prefixes against those specified in the prefix list. Each prefix list includes of a sequence of prefix list entries ordered by sequence numbers.
Command History Introduced in version 6.2.0.1 firmware. Example The following example configures a prefix list that allows routes with one of two specific destination prefixes, 2001::/64 and 5F00::/48: console(config)# ipv6 prefix-list apple seq 10 permit 2001:: /64 console(config)# ipv6 prefix-list apple seq 20 permit 5F00:: FFFF:FFFF:FFFF:: The following example renumbers the apple prefix list beginning at sequence number 10.
User Guidelines If a new match as-path statement is entered in a route map statement that already has a match as-path statement, the AS path list numbers in the new statement are added to the existing match term, up to the maximum number of lists in a statement. A route is considered a match if it matches any one or more of the AS path access lists to which the statement refers. Command History Introduced in version 6.2.0.1 firmware.
User Guidelines If the community list returns a permit action, the route is considered a match. If the match statement refers to a community list that is not configured, no routes are considered to match the statement. no match community list exact-match removes the match statement from the route map. (It doesn’t simply remove the exact-match option.) The command no match community removes the match term and all its community lists. Command History Introduced in version 6.2.0.1 firmware.
User Guidelines If multiple prefix lists are specified in one statement, a match occurs if a prefix matches any one of the prefix lists. If a match ip address statement is configured within a route map section that already has a match ip address statement, the new prefix lists are added to the existing set of prefix lists, and a match occurs if any prefix list in the combined set matches the prefix. The command no match ip address prefix-list removes the match term and all its prefix lists.
User Guidelines If multiple prefix lists are specified in one statement, a match occurs if a prefix matches any one of the prefix lists. If a match ipv6 address statement is configured within a route map section that already has a match ipv6 address statement, the new prefix lists are added to the existing set of prefix lists, and a match occurs if any prefix list in the combined set matches the prefix. The command no match ip address prefix-list removes the match term and all its prefix lists.
User Guidelines There are no user guidelines for this command. Command History Introduced in version 6.2.0.1 firmware. Example console#show ip as-path-access-list AS path access list 1 deny _100_ deny ^100$ AS path access list 2 deny _200_ deny ^200$ show ip community-list This command displays the contents of AS path access lists. Syntax show ip community-list [community-list-name | detail [community-listname]] • community-list-name—(Optional) A standard community list name.
Command History Introduced in version 6.2.0.1 firmware. Example console#show ip community-list Standard community list buzz permit 100:200 permit 100:300 permit 100:400 Standard community list woody permit 200:1 permit 200:2 permit 200:3 show ip prefix-list This command displays the contents of IPv4 prefix lists.
Default Configuration No prefix lists are configured by default. Command Mode Privileged Exec mode, Global Configuration mode and all sub-modes.
Command History Introduced in version 6.2.0.1 firmware. Example console#show ip prefix-list fred ip prefix-list fred: count: 3, range entries: 3, sequences: 5 - 15, refcount: 0 seq 5 permit 10.10.1.1/20 ge 22 seq 10 permit 10.10.1.2/20 le 30 seq 15 permit 10.10.1.
• prefix-length - The length of the IPv6 prefix given as part of the ipv6-prefix. Required if a prefix is specified. A decimal value in the range 0 to 128 that indicates how many of the high-order contiguous bits of the address comprise the prefix (the network portion of the address) in /length format. A slash mark must precede the decimal value in /length format. • seq – (Optional) Applies the sequence number to the prefix list entry.
Command History Introduced in version 6.2.0.1 firmware.
Default Configuration No prefix lists are configured by default. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command is used to clear prefix-list hit counters. The hit count is a value indicating the number of matches to a specific prefix list entry. The counters are also cleared by the global clear counters command. Command History Introduced in version 6.2.0.1 firmware. Example console# clear ip prefix-list orange 20.0.0.
Default Configuration No prefix lists are configured by default. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command is used to clear the IPv6 prefix-list hit counters. The hit count is a value indicating the number of matches to a specific prefix list entry. The counters are also cleared by the global clear counters command. Command History Introduced in version 6.2.0.1 firmware.
User Guidelines This command is used to clear the community list hit counters. The hit count is a value indicating the number of matches to a specific list entry. The counters are also cleared by the global clear counters command. Command History Introduced in version 6.2.0.1 firmware. Example The command below clears the counters only for the matching community apple.
User Guidelines This command is normally used to insert one or more instances of the local AS number at the beginning of the AS_PATH attribute of a BGP route. Doing so increases the AS path length of the route. The AS path length has a strong influence on BGP route selection. Changing the AS path length can influence route selection on the local router or on routers to which the route is advertised.
Default Configuration No communities are removed from UPDATE messages by default. Command Mode Route Map Configuration User Guidelines A route map with this set command can be used to remove selected communities from inbound and outbound routes. When a community list is applied to a route for this purpose, each of the route’s communities is submitted to the community list one at a time. Communities permitted by the list are removed from the route.
• community-number—One to sixteen community numbers, either as a 32bit integers or in AA:NN format. Communities are separated by spaces. The well-known communities no-advertise and no-export are also accepted. • no-advertise—The well-known standard community: NO_ADVERTISE (0xFFFFFF02) which indicates the community is not to be advertised. • no-export—The well-known standard community: NO_EXPORT, (0xFFFFFF01), which indicates the routes are not to be advertised outside the community.
set ipv6 next-hop (BGP) To set the IPv6 next hop of a route, use the set ipv6 next-hop command in route-map configuration mode. To remove a set command from a route map, use the no form of this command. Syntax set ipv6 next-hop ipv6-address no set ipv6 next-hop • ipv6-address—The IPv6 address set as the Network Address of Next Hop field in the MP_NLRI attribute of an UPDATE message.
set local-preference To set the local preference of specific BGP routes, use the set local-preference command in route-map configuration mode. To remove a set command from a route map, use the no form of this command. Syntax set local-preference value no set local-preference value • value—A local preference value, from 0 to 4,294,967,295 (any 32 bit integer). Default Configuration There is no default configuration for this command.
Syntax set metric value no set metric value • value—A local preference value, from 0 to 4,294,967,295 (any 32 bit integer). Default Configuration There is no default configuration for this command. Command Mode Route Map Configuration User Guidelines This command sets the Multi Exit Discriminator (MED) when used in a BGP context.
DVMRP Commands Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series Switches Distance Vector Multicast Routing Protocol (DVMRP) is a dense mode multicast protocol and is most appropriate for use in networks where bandwidth is relatively plentiful and there is at least one multicast group member in each subnet. DVMRP assumes that all hosts are part of a multicast group until it is informed of multicast group changes.
User Guidelines PIM must be disabled before DVMRP can be enabled. This command enables IGMP/MLD. Disabling IGMP/MLD may operationally disable multicast routing. Dell EMC Networking switches support IP/IPv6 unnumbered interfaces. DVMRP is capable of operating over unnumbered interfaces. Example The following example sets VLAN 15’s administrative mode of DVMRP to active.
console(config)#interface vlan 15 console(config-if-vlan15)#ip dvmrp metric 5 show ip dvmrp Use the show ip dvmrp command to display the system-wide information for DVMRP. Syntax show ip dvmrp Default Configuration This command has no default condition. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays system-wide information for DVMRP.
Syntax show ip dvmrp interface vlan vlan-id • vlan-id — Valid VLAN ID. Default Configuration This command has no default condition. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays interface information for VLAN 11 DVMRP. console(config)#show ip dvmrp interface vlan 11 Interface Mode................................. Interface Metric...............................
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the neighbor information for DVMRP. console(config)#show ip dvmrp neighbor No neighbors available. show ip dvmrp nexthop Use the show ip dvmrp nexthop command to display the next hop information on outgoing interfaces for routing multicast datagrams.
-------------- -------------- --------- ------ show ip dvmrp prune Use the show ip dvmrp prune command to display the table that lists the router’s upstream prune information. Syntax show ip dvmrp prune Default Configuration This command has no default condition. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Default Configuration This command has no default. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the multicast routing information for DVMRP.
IGMP Commands Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series Switches The Dell Network N1500/N2000/N2100-ON/N2200-ON Series switches support limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. Internet Group Management Protocol (IGMP) is the multicast group membership discovery protocol used for IPv4 multicast groups. Three versions of IGMP exist. Versions one and two are widely deployed.
IGMPv3 is a major revision of the protocol and provides improved group membership latency. When a host joins a new multicast group on an interface, it immediately sends an unsolicited IGMP Report message for that group. IGMPv2 introduced a Leave Group message, which is sent by a host when it leaves a multicast group for which it was the last host to send an IGMP Report message.
Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets 10 as the number of VLAN 2 Group-Specific Queries.
Example The following example configures 2 seconds as the Maximum Response Time inserted in VLAN 15’s Group-Specific Queries. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp last-member-query-interval 20 ip igmp mroute-proxy This command configures downstream IGMP proxy on the selected VLAN interface associated with multicast hosts.
A multicast routing protocol (e.g. PIM) should be enabled whenever IGMP is enabled. L3 IP multicast must be enabled for IGMP to operate. Example The following example globally enables IGMP the IGMP proxy service on VLAN 1. console(config)#ip multicast-routing console(config)#interface vlan 1 console(config-if-vlan1)#ip igmp mroute-proxy ip igmp query-interval Use the ip igmp query-interval command in Interface Configuration mode to configure the query interval for the specified interface.
console(config-if-vlan15)#ip igmp query-interval 10 ip igmp query-max-response-time Use the ip igmp query-max-response-time command in Internet Configuration mode to configure the maximum response time interval for the specified interface. It is the maximum query response time advertised in IGMPv2 queries on this interface. The time interval is specified in seconds. Syntax ip igmp query-max-response-time seconds no ip igmp query-max-response-time • seconds — Maximum response time.
Syntax ip igmp robustness robustness no ip igmp robustness • robustness — Robustness variable. (Range: 1-255) Default Configuration The default robustness value is 2. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example configures a robustness value of 10 for VLAN 15.
Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines. Example The following example sets for VLAN 15 the number of queries sent out on startup at 10. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp startup-query-count 10 ip igmp startup-query-interval Use the ip igmp startup-query-interval command in Interface Configuration mode to set the interval between general queries sent at startup on the interface.
console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp startup-query-interval 10 ip igmp version Use the ip igmp version command in Interface Configuration mode to configure the version of IGMP for an interface. Syntax ip igmp version version • version — IGMP version. (Range: 1-3) Default Configuration The default version is 3. Command Mode Interface Configuration (VLAN) mode User Guidelines This command has no user guidelines.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays system-wide IGMP information. console#show ip igmp IGMP Admin Mode............................. Enabled IGMP Router-Alert check.....................
User Guidelines This command has no user guidelines. Example The following example displays the registered multicast groups for VLAN 3. console#show ip igmp groups vlan 3 detail Multicast IP Address --------------225.0.0.5 REGISTERED MULTICAST GROUP DETAILS Version1 Version2 Group Last Up Expiry Host Host Compat Reporter Time Time Timer Timer Mode ------------ ---------- --------- -------------- ----1.1.1.
console#show ip igmp interface vlan 11 Interface..................................... 11 IGMP Admin Mode............................... Enable Interface Mode................................ Enable IGMP Version.................................. 3 Query Interval (secs)......................... 125 Query Max Response Time (1/10 of a second).... 100 Robustness..................................... 2 Startup Query Interval (secs)................. 31 Startup Query Count............................
show ip igmp interface stats Use the show ip igmp interface stats command in User Exec mode to display the IGMP statistical information for the interface. The statistics are only displayed when the interface is enabled for IGMP. Syntax show ip igmp interface stats vlan vlan-id • vlan-id — Valid VLAN ID Default Configuration This command has no default configuration.
IGMP Proxy Commands Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series Switches IGMP Proxy is used by the router on IPv4 systems to enable the system to issue IGMP host messages on behalf of hosts that the system discovered through standard IGMP router interfaces, thus acting as proxy to all its hosts residing on its router interfaces. Dell EMC Networking supports IGMP Version 3, Version 2 and Version 1. Version 3 adds support for source filtering [SSM] is interoperable with Versions 1 and 2.
User Guidelines This command enables IGMP proxy on the VLAN interface. Use this command to enable sending of IGMP messages received on interfaces configured with the ip igmp mroute-proxy command to an attached multicast router. PIM and DVMRP are not compatible with IGMP proxy. Disable PIM/DVMRP before enabling IGMP proxy. Multicast routing must be enabled for the IGMP proxy service to become operationally enabled. This command enables IGMP/MLD.
Example The following example resets the host interface status parameters of the IGMP Proxy router. console(config)#interface vlan 15 console(config-if-vlan15)#ip igmp proxy-service reset-status ip igmp proxy-service unsolicit-rprt-interval Use the ip igmp proxy-service unsolicit-rprt-interval command in Interface Configuration mode to set the unsolicited report interval for the IGMP Proxy router. This command is valid only if IGMP Proxy on the interface is enabled.
Syntax show ip igmp proxy-service Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays a summary of the host interface status parameters. console#show ip igmp proxy-service Interface Index............................... vlan13 Admin Mode.................................... Enable Operational Mode....
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example fails to display status parameters because IGMP Proxy is not enabled. console#show ip igmp proxy-service interface Interface Index................................
User Guidelines This command has no user guidelines. Example The following example attempts to display a table of information about multicast groups that IGMP Proxy reported. console#show ip igmp proxy-service groups Interface Index................................ vlan13 Group Address Last Reporter Up Time Member State ------------- --------------- -----------------225.0.1.1 13.13.13.1 7 DELAY-MEMBER 225.0.1.2 13.13.13.
------------225.0.1.1 225.0.1.2 --------------13.13.13.1 13.13.13.
IP Helper/DHCP Relay Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000EON/N3100-ON/N3200-ON Series Switches The IP Helper feature provides the ability for a router to forward configured UDP broadcast packets to a particular IP address over a routed interface. This allows applications to reach servers on non-local subnets.
Table 6-1. UDP Destination Ports Protocol UDP Port Number IEN-116 Name Service 42 DNS 53 NetBIOS Name Server 137 NetBIOS Datagram Server 138 TACACS Server 49 Time Service 37 DHCP 67 Trivial File Transfer Protocol 69 ISAKAMP 500 Mobile IP 434 NTP 123 PIM Auto RP 496 RIP 520 Certain pre-existing DHCP relay options do not apply to relay of other protocols. The administrator may optionally set a DHCP maximum hop count or minimum wait time.
configuration for the destination UDP port. If so, the relay agent unicasts the packet to the configured server IP addresses. Otherwise the packet is not relayed. The relay agent only relays packets that meet the following conditions: • The destination MAC address must be the all-ones broadcast address (FF:FF:FF:FF:FF:FF). • The destination IP address must be the IPv4 broadcast address (255.255.255.255) or a directed broadcast address for the receiving interface.
Command Mode Global Configuration mode, Virtual Router Configuration mode. User Guidelines Enable DHCP Relay using the ip helper enable command. When in Virtual Router Configuration mode, this command operates within the context of the virtual router instance. When in Global Configuration mode, the command operates on the global router instance. Virtual Router Configuration mode is only available on the N3000ON/N3100-ON/N3200-ON switches. Example The following example defines a maximum hopcount of 6.
Command Mode Global Configuration mode, Virtual Router Configuration mode User Guidelines Enable DHCP Relay using the ip helper enable command. When the BOOTP relay agent receives a BOOTREQUEST message, it might use the seconds-since-client- began-booting field of the request as a factor in deciding whether to relay the request or not. When in Virtual Router Configuration mode, this command operates within the context of the virtual router instance.
User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. Example console#clear ip helper statistics ip dhcp relay information check Use the ip dhcp relay information check command to enable DHCP Relay to check that the relay agent information option in forwarded BOOTREPLY messages is valid. If an invalid message is received, the relay agent drops it.
Virtual Router Configuration mode is only available on the N3000ON/N3100-ON/N3200-ON switches. Example The following example enables relay information check globally: console(config)#ip dhcp relay information check ip dhcp relay information check-reply Use the ip dhcp relay information check-reply command to enable DHCP Relay to check that the relay agent information option in forwarded BOOTREPLY messages is valid. If an invalid message is received, the relay agent drops it.
Example The following example enables relay information check on the interface: console(config)#interface vlan 10 console(config-if-vlan10)#ip dhcp relay information check-reply ip dhcp relay information option Use the ip dhcp relay information option command in Global Configuration mode to globally enable insertion of the circuit ID option and remote agent ID mode for BootP/DHCP Relay on the system (also called option 82).
Example The following example enables the circuit ID and remote agent ID options. console(config)#ip dhcp relay information option ip dhcp relay information option-insert Use the ip dhcp relay information option-insert command in Interface Configuration mode to enable the circuit ID option and remote agent ID mode for BootP/DHCP Relay on the interface (also called option 82). Use the no form of the command to return the configuration to the default.
ip dhcp relay information option server-override Use the ip dhcp relay information option server-override command to enable sending sub-option 5 (link-election) and sub-option 11 (server override) in option 82. Syntax ip dhcp relay information option server-override no ip dhcp relay information option server-override Default Configuration Sending of sub-option 5 (link-selection) and sub-option 11 (server-override) is not enabled globally, nor or any interface.
Configuring the command globally enables server-override globally (on all routing interfaces). Any DHCP packet received from a DHCP Client will have sub-option 5 and sub-option 11 for option 82 added to the packet. When this command is issued in interface config mode, server-override is enabled for that interface only. Configure this option on the DHCPDISCOVER incoming interface, that is, the DHCP host facing interface. Refer to RFC 5107 DHCP Server Identifier Override Suboption for further information.
• IPv4-address—A valid, reachable IPv4 address on the switch. Default Configuration No DHCP Relay source interface is configured by default. Command Mode Global Configuration mode, Interface Configuration mode User Guidelines The ip dhcp relay source-interface command is used to specify an interface whose IP address is passed as relay agent IP address. When the command is used in global configuration mode, the source interface is set globally.
• dest-udp-port — A destination UDP port number from 1 to 65535. This parameter need not be configured for DHCP. It must be configured for all other protocols which are to be relayed. • port-name — The destination UDP port may be optionally specified by its name. Whether a port is specified by its number or its name has no effect on behavior.
console#config console(config)#ip helper-address 10.1.1.1 dhcp console(config)#ip helper-address 10.1.2.1 dhcp To relay UDP packets received on any interface for all default ports (see Table 6-1) to the server at 20.1.1.1, use the following commands: console#config console(config)#ip helper-address 20.1.1.1 Command History Description revised in 6.3.5 release.
netbios-dgm (port 138), netbios-ns (port 137), ntp (port 123), pim-autorp (port 496), rip (port 520), tacacs (port 49), tftp (port 69), and time (port 37). Other ports must be specified by number. Default Configuration No helper addresses are configured. Command Mode Interface Configuration (VLAN) mode.
This command takes precedence over an ip helper-address command given in global configuration mode. With the following configuration, the relay agent relays DHCP packets received on any interface other than VLAN 5 and VLAN 6 to 192.168.40.1, relays DHCP and DNS packets received on VLAN 5 to 192.168.40.2, relays SNMP traps (port 162) received on interface VLAN 6 to 192.168.23.1, and drops DHCP packets received on VLAN 6: console#config console(config)#ip helper-address 192.168.40.
This command replaces the bootpdhcprelay enable command, but affects not only relay of DHCP packets, but also relay of any other protocols for which an IP helper address has been configured. When in Virtual Router Configuration mode, this command operates within the context of the virtual router instance. When in Global Configuration mode, the command operates on the global router instance. Virtual Router Configuration mode is only available on the N3000ON/N3100-ON/N3200-ON switches.
The VRF parameter is only available on the N3000-ON/N3100-ON/N3200ON series switches. The following output is shown: Field Description Interface The relay configuration is applied to packets that arrive on this interface. This field is set to “any” for global IP helper entries. UDP Port The relay configuration is applied to packets whose destination UDP port is this port. Entries whose UDP port is identified as “any” are applied to packets with the destination UDP ports listed in Table 6-1.
• vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. • vlan-id—A valid VLAN identifier. Default Configuration The command has no default configuration. Command Mode User Exec and Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned.
Syntax show ip helper statistics [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned.
UDP client messages received The number of valid UDP packets received. This count includes DHCP messages and all other protocols relayed. Conditions are similar to those for the first statistic in this table. UDP client messages relayed The number of UDP packets relayed. This count includes DHCP messages relayed as well as all other protocols. The count is incremented for each server to which a packet is sent.
Packets with expired TTL....................... 0 Packets that matched a discard entry...........
IP Routing Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000EON/N3100-ON/N3200-ON Series Switches The Dell Network N1500/N2000/N2100-ON/N2200-ON series supports limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. Dell EMC Networking routing provides the base Layer 3 support for Local Area Network (LAN) and Wide Area Network (WAN) environments.
The addition of a preference option has a side benefit. The preference option allows the operator to control the preference of individual static routes relative to routes learned from other sources (such as OSPF). When routes from different sources have the same preference, Dell EMC Networking routing prefers a static route over a dynamic route.
User Guidelines This command has no user guidelines. Example The following example applies SNAP encapsulation for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#encapsulation snap ip icmp echo-reply Use the ip icmp echo-reply command to enable or disable the generation of ICMP Echo Reply messages. Use the no form of this command to prevent the generation of ICMP Echo Replies.
ip icmp error-interval Use the ip icmp error-interval command to limit the rate at which IPv4 ICMP error messages are sent. The rate limit is configured as a token bucket with two configurable parameters: Burst-size and burst-interval. To disable ICMP rate limiting, set burst-interval to zero. Use the no form of this command to return burst-interval and burst-size to their default values.
ip load-sharing Use the ip load-sharing command to configure the hash algorithm for ECMP routes. Syntax ip load-sharing mode {inner|outer} no ip load-sharing • mode—Load sharing mode (range 1 to 6) The possible hashing modes are: 1 Source IP address. 2 Destination IP address. 3 Source and destination IP address. 4 Source IP address and source TCP/UDP port number. 5 Destination IP address and destination TCP/UDP port number.
Example In the following example, the load sharing mode is configured to use the destination IP addresses. This might be appropriate for distributing traffic destined to be a set of servers with different IP addresses but deploying identical services as determined by the destination port number.
Command History Command syntax updated in version 6.7.0 firmware. ip policy route-map Use this command to apply a route map on an interface. Use the no form of this command to delete a route map from the interface. Syntax ip policy route-map map-tag no ip policy route-map map-tag • map-tag—Name of the route map to use for policy based routing. It must match a map tag specified by the route-map command. Default Configuration No route maps are configured by default.
A route-map statement must contain eligible match/set conditions for policy based routing in order to be applied to hardware Valid match conditions are: match ip address , match mac-list, match length Valid set conditions are: set ip next-hop, set ip default next-hop, set ip precedence A route-map statement must contain at least one of the match and one of the set conditions specified above in order it to be eligible to be applied to hardware. If not, the route-map is not applied to hardware.
no ip redirects Default Configuration ICMP Redirect messages are enabled by default. Command Mode Global Configuration mode, Virtual Router Configuration mode, Interface Configuration (VLAN) mode User Guidelines When in virtual router configuration mode, this command operates within the context of the virtual router instance. When in global config mode, the command operates on the global router instance. Virtual Router Configuration mode is only available on the N3000ON/N3100-ON/N3200-ON switches.
• subnetmask—A 32 bit dotted-quad subnet mask. Enabled bits in the mask indicate the corresponding bits of the network address are significant. Enabled bits in the mask must be contiguous. • prefix-length—A forward slash followed by an integer number ranging from 1-32 (e.g., /24). The integer number indicates the number of significant bits in the address beginning with the leftmost (most significant) bit. • nexthopip—The next-hop IPv4 address is specified in the argument nexthopip.
dynamic routing protocols. The preference also controls whether a static route is more or less preferred than other static routes to the same destination. The ip route command optionally configures a route in the selected VRF. The IP route command can set a value for the route preference. Among routes to the same destination, the route with the lowest preference value is the route entered into the forwarding database.
Enter a track track-number in the ip route command to specify that the static route is installed only if the configured SLA tracking object is up. When the track object is down, the route is removed from the Route Table. Only one tracking object can be associated with a static route. Configuring a different tracking object replaces the previously configured tracking object. To display the tracked IPv4 static routes, use the show ip route track-table command. Command History Command updated in version 6.
ip vrf forwarding red-1 ip address 1.1.1.1 255.255.255.255 exit Route Leaking Example 2 Subnetwork 9.0.0.0/24 is a directly connected subnetwork on VLAN 10 in the default routing table. Subnet 8.0.0.0/24 is a directly connected subnetwork in VLAN 30 in virtual router Red. Subnet 66.6.6.x is reachable via VLAN 30 in vrf Red. The first ip route command below leaks the 66.6.6.x subnet from vrf Red into the default routing table. The second ip route command configures a gateway for the default routing table.
interface Gi1/0/3 switchport access vlan 30 exit console(config)#show ip route Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, S - Static B - BGP Derived, E - Externally Derived, IA - OSPF Inter Area E1 - OSPF External Type 1, E2 - OSPF External Type 2 N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2 S U - Unnumbered Peer, L - Leaked Route * Indicates the best (lowest metric) route for the subnet. Default Gateway is 9.0.0.2 S *0.0.0.0/0 [253/0] via 9.0.0.2, Vl10 C *9.0.0.
• vrf-name—The name of the VRF associated with the routing table context used by the command. If no vrf is specified, the global routing table context is used. • next-hop-ip — IP address of the next hop router. • preference — Specifies the preference value, a.k.a administrative distance, of an individual static route. (Range: 1-255) Default Configuration Default value of preference is 1.
This command is only available on the N3000-ON/N3100-ON/N3200-ON switches. Example The following example identifies the next-hop-ip and a preference value of 200. console(config)#ip route default 192.168.10.1.200 ip route distance Use the ip route distance command in Global Configuration mode to set the default distance (preference) for static routes. Lower route preference values are preferred when determining the best route.
User Guidelines Lower route distance values are preferred when determining the best route. The VRF identified in the parameter must have been previously created or an error is returned. Only IPv4 addresses are supported with the vrf parameter. This command is only available on the N3000-ON/N3100-ON/N3200-ON switches. Example The following example sets the default route metric to 80.
Enable IPv4 routing on a VLAN by entering interface vlan mode for the desired VLAN and assigning an IP address to the VLAN. Use the no interface vlan command to disable routing on an interface. Ensure that statically assigned addresses do not conflict with any configured subnets. Subnet overlap is not allowed. Virtual Router Configuration mode is only available on the N3000ON/N3100-ON/N3200-ON switches.
The interface should be configured as able to borrow an IP address, i.e. a routing interface with no IP address. The loopback interface is the numbered interface providing the borrowed address. The providing loopback interface cannot be unnumbered. The loopback interface is identified by its loopback interface number. It is a misconfiguration for two routers, R1 and R2, to be connected by a link where R1’s interface is unnumbered and R2’s interface is numbered.
no ip unnumbered gratuitous-arp accept Default Configuration The default mode is accept. Command Mode Interface (VLAN) Configuration User Guidelines IP unnumbered interfaces are supported in the default VRF only. The interface should be configured as able to borrow an IP address, i.e. a routing interface with no IP address. Normally, the static ARP entry is only installed if the IP address matches one of the local subnets.
Default Configuration ICMP Destination Unreachable messages are enabled. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config-if-vlan10)#ip unreachables match ip address Use this command to specify IP address match criteria for a route map. Use the no form of this command to delete a match statement from a route map.
Actions in the IP ACL configuration are applied with other actions present in the route-map. If an IP ACL referenced by a route-map is removed or rules are added or deleted from the ACL, the configuration is rejected. If a list of IP access lists is specified in this command and a packet matches at least one of these access list match criteria, the corresponding set of actions in the route map are applied to the packet. Duplicate IP access list names are ignored.
console(config)#route-map equal-access permit 10 console(config-route-map)#match ip address R1 console(config-route-map)#set ip default next-hop 192.168.6.6 console(config-route-map)#exit console(config)#route-map equal-access permit 20 console(config-route-map)#match ip address R2 console(config-route-map)#set ip default next-hop 172.16.7.7 console(config-route-map)#exit console(config)#interface vlan 11 console(config-if-vlan11)#ip address 10.1.1.1 255.255.255.
console#configure console(config)#route-map madan console(route-map)#match ip address 1 2 3 4 5 madan console(route-map)#match mac-list madan mohan goud console(route-map)#exit console(config)#exit console #show route-map route-map madan permit 10 Match clauses: ip address (access-lists) : 1 2 3 4 5 madan mac-list (access-lists) : madan mohan goud Set clauses: console(config)#access-list 2 permit every Request denied. Another application using this ACL restricts the number of rules allowed.
Default Configuration There is no default configuration for this command. Command Mode Route Map mode User Guidelines The match criteria specified by this command acts on the packet length as it appears in the IP header and is not necessarily correlated with the frame length as it appears on the wire. Example console(config-route-map)#match length 64 1500 match mac-list Use this command to configure MAC ACL match criteria for a route map.
Actions in the MAC ACL configuration are applied with other actions configured in the route map. When a MAC ACL referenced by a route map is removed, the route map rule is also removed. Example console(config-route-map)#match mac-list mac-test route-map Use this command to create a policy based route map. Use the no form of this command to delete a route map or one of its statements.
User Guidelines Apply an ACL rule on the VLAN interface to perform policy based routing based on the VLAN ID as a matching criteria for incoming packets. Packets matching a deny rule or a deny route-map are routed using the routing table. There is no implicit deny all at the end of a route map. Packets not matching any clause are routed using the routing table. Route maps with no set clause are ignored. One use of a route map is to limit the redistribution of routes to a specified range of route prefixes.
set interface null0 Use this command to drop a packet instead of reverting to normal routing for packets that do not match the route map criteria. This command should be configured as the last entry in the route-map as no further set clauses will operate on a dropped packet. Use the no form of this command to remove the set clause from a route map. Syntax set interface null0 no set interface null0 • null0—Specifies the null0 interface used to drop packets.
set ip default next-hop Use this route map clause to override default entries in the routing table. Packets that can routed by an active explicit route in the routing table are not affected by this clause. Use this command to set a list of default next-hop IP addresses to be used if no explicit route for the packet’s destination address appears in the routing table. If more than one IP address is specified, the reachable address in the list is used.
set ip next-hop Use this command to specify an adjacent next-hop router in the path toward the destination to which the packets should be forwarded. Use the no form of this command to remove a set command from a route map. Syntax set ip next-hop ip-address [ip-address] no set ip next-hop ip-address [ip-address] • ip-address—The IP address of the next hop to which packets are routed. It must be the address of an adjacent router (i.e., the next hop must be in a subnet configured on the local router).
set ip precedence Use this command to set the three IP precedence bits in the IP packet header on ingress. Values 0 through 7 are supported. This precedence value may be used by other QoS services in the network such as weighted fair queuing (WFQ) or weighted random early detection (WRED). Use the no form of this command to remove a set clause from a route map. Syntax set ip precedence 0-7 no set ip precedence • 0—Sets the routine precedence. • 1—Sets the priority precedence.
show ip brief Use the show ip brief command to display all the summary information of the IP. Syntax show ip brief [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default configuration.
show ip interface Use the show ip interface command to display information about one or more IP interfaces. The output shows how each IP address was assigned. Syntax show ip interface [vrf vrf-name] [type number] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. • type—Interface type (loopback, out-of-band, or VLAN) • number—Interface number. Valid only for loopback and VLAN types.
Example console#show ip interface Default Gateway................................ 0.0.0.0 L3 MAC Address................................. 001E.C9DE.B546 Routing Interfaces: Interface ---------Vl1 Vl2 State IP Address IP Mask Method --------------------------------------Down 0.0.0.0 0.0.0.0 None Up unnumbered -->loopback 2 N/A console# console#show ip interface vlan 1 Routing interface status....................... Unnumbered - numbered interface................ Unnumbered - gratuitous ARP accept..........
• map-name—The name of a specific route map. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console#show ip policy Interface Vl10 Route map pbr-map show ip protocols Use the show ip protocols command to display a summary of the configuration and status for each unicast routing protocol.
User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100-ON/N3200ON series switches. The command displays the following information. Parameter Description BGP Section: Routing Protocol BGP. Router ID The router ID configured for BGP. Local AS Number The AS number that the local router is in. BGP Admin Mode Whether BGP is globally enabled or disabled.
Parameter Description OSPF Admin Mode Whether OSPF is enabled or disabled globally. Maximum Paths The maximum number of next hops in an OSPF route. Routing for Networks The address ranges configured with an OSPF network command. Distance The administrative distance (or “route preference”) for intraarea, inter-area, and external routes. Default Route Advertise Whether OSPF is configured to originate a default route.
Parameter Description Default Metric The metric assigned to redistributed routes. Default Route Advertise Whether this router is originating a default route. Distance The administrative distance for RIP routes. Interface The interfaces where RIP is enabled and the version sent and accepted on each interface. Example The following shows example CLI display output for the command. console# show ip protocols Routing Protocol.......................... Router ID.................................
192.168.75.0 0.0.0.255 area 2 Distance.................................. Intra 110 Inter 110 Ext 110 Default Route Advertise................... Always.................................... Metric.................................... Metric Type............................... Redist Source --------static connected Metric ------default 10 Metric Type ----------2 2 Disabled FALSE Not configured External Type 2 Subnets ------Yes Yes Dist List --------None 1 Number of Active Areas....................
• prefix-length—Length of prefix, in bits. Must be preceded with a forward slash (/). (Range: 0-32 bits.) • longer-prefixes—Indicates that the ip-address and subnet-mask pair becomes the prefix, and the command displays the routes to the addresses that match that prefix. • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. • static—Display statically configured routes.
show ip route 192.168.2.0 If the longer-prefixes option is specified, then the subnets within an aggregate are displayed. For example: show ip route 192.168.2.0 /23 longer-prefixes The numbers in the brackets indicate the route preference (administrative distance) and metric respectively. The metric is specific to the originating protocol. Connected routes have a preference of 0 and static routes have a preference of 1. Command History Command updated in version 6.6 firmware.
Reject Routes.................................. 0 Total routes................................... 324 Best Routes (High)............................. Alternate Routes............................... Leaked Routes.................................. RFC5549 Routes - IPv4 with IPv6 nexthop........ Route Adds..................................... Route Modifies................................. Route Deletes.................................. Unresolved Route Adds.......................... Invalid Route Adds........
Syntax show ip route preferences Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Route preferences are used in determining the best route. Lower router preference values are preferred over higher router preference values. This command displays the route preferences for each possible route origin. Example The following example displays IP route preferences.
Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the IP route summary. console#show ip route summary Connected Routes............................... Static Routes.................................. Kernel Routes.................................. Unnumbered Peer Routes.........................
Unique Next Hops (High)........................ Next Hop Groups (High)......................... ECMP Groups (High)............................. ECMP Routes.................................... Truncated ECMP Routes.......................... ECMP Retries................................... Routes with 1 Next Hop......................... Routes with 2 Next Hops........................ Routes with 3 Next Hops........................
Example The following example displays IP route preferences. console>show ip traffic IpInReceives................................... IpInHdrErrors.................................. IpInAddrErrors................................. IpForwDatagrams................................ IpInUnknownProtos.............................. IpInDiscards................................... IpInDelivers................................... IpOutRequests.................................. IpOutDiscards..............................
show ip vlan Use the show ip vlan command to display the VLAN routing information for all VLANs with routing enabled. Syntax show ip vlan Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays VLAN routing information.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example For each route map, the match count is shown in terms of number of packets and number of bytes. This counter displays the match count in packets and bytes when a route map is applied. When a route map is created/removed from interface, this count is shown as zero.
console console console console #configure (Config)#interface Te1/0/2 (config-if-Te1/0/2)#ip policy simplest (config-if-Te1/0/2)#show route-map simplest route-map simplest permit 10 Match clauses: ip address (access-lists) : 1 Set clauses: ip next-hop 3.3.3.3 ip precedence 3 Policy routing matches: 5387983 packets, 344831232 bytes route-map simplest permit 20 Match clauses: ip address (access-lists) : 1 Set clauses: ip default next-hop 4.4.4.
ip address prefix-list a1 as-path 1 community s1 exact-match Set clauses: metric 23 local-preference 34 as-path prepend 2 3 4 5 6 comm-list d1 delete community no-export ipv6 next-hop aa::bb Policy routed: 0 packets, 0 bytes The following example shows a route map test1 that is configured with extended community attributes: console# show route-map test route-map test1, permit, sequence 10 Match clauses: extended community list1 Set clauses: extended community RT:1:100 RT:2:200 show routing heap summary Us
Parameter Description Heap Size The amount of memory, in bytes, allocated at startup for the routing heap. Memory In Use The number of bytes currently allocated. Memory on Free List The number of bytes currently on the free list. When a chunk of memory from the routing heap is freed, it is placed on a free list for future reuse. Memory Available in The number of bytes in the original heap that have never been Heap allocated.
IPv6 Routing Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON/N3200-ON Series Switches The Dell Network N1500/N2000/N2100-ON/N2200-ON series supports limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. The IPv6 version of the routing table manager provides a repository for IPv6 routes learned by dynamic routing protocols or static configuration.
Command Mode Privileged Exec mode, VRF Configuration User Guidelines This command has no user guidelines. Example The following example clears all entries in the IPv6 neighbor table. console(config)#clear ipv6 neighbors Command History Syntax to support VRFs added in version 6.7.0 firmware. clear ipv6 ospf Use this command to disable and reenable OSPF. Syntax clear ipv6 ospf [vrf vrf-name] • vrf-name — The name of an existing VRF instance.
clear ipv6 ospf configuration Use this command to reset the OSPF configuration to factory defaults. Syntax clear ipv6 ospf configuration [vrf vrf-name] • vrf-name — The name of an existing VRF instance. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, VRF Configuration User Guidelines This command has no user guidelines. Command History Syntax to support VRFs added in version 6.7.0 firmware.
User Guidelines This command has no user guidelines. Command History Syntax to support VRFs added in version 6.7.0 firmware. clear ipv6 ospf neighbor Use this command to drop the adjacency with all OSPF neighbors. On each neighbor’s interface, send a one-way hello. Adjacencies may then be reestablished. Syntax clear ipv6 ospf neighbor [vrf vrf-name] [nbr-router-id | interface vlan vlan-id [nbr-router-id]] • vrf-name — The name of an existing VRF instance.
clear ipv6 ospf redistribution Use this command to flush all self-originated external LSAs. Re-apply the redistribution configuration and re-originate prefixes as necessary. Syntax clear ipv6 ospf redistribution [vrf vrf-name] • vrf-name —The name of an existing VRF instance. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, VRF Configuration User Guidelines This command has no user guidelines.
Command Mode Privileged Exec mode, VRF Configuration User Guidelines OSPF only exits stub router mode if it entered stub router mode because of a resource limitation or if it is in stub router mode at startup. This command has no effect if OSPF is configured to be in stub router mode permanently. The VRF identified in the parameter must have been previously created or an error is returned. Command History Syntax to support VRFs added in version 6.7.0 firmware.
Example The following example clears IPv6 statistics for VLAN 11. console(config)#clear ipv6 statistics vlan 11 ipv6 address Use the ipv6 address command in Interface Configuration mode to configure an IPv6 address on an interface (including VLAN, tunnel and loopback interfaces) and to enable IPv6 processing on this interface. Multiple globally reachable addresses can be assigned to an interface by using this command.
Default Configuration By default, a link-local address is assigned by SLAAC or DHCPv6. No static link-local address is configured. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode. User Guidelines Configuring a static link local address replaces any previously configured address, including the automatically generated address. Command History Command updated in version 6.6 firmware. Example The following example configures an IPv6 address and enables IPv6 processing.
User Guidelines This command has no user guidelines. Example The following example enables IPv6 routing, which has not been configured with an explicit IPv6 address. console(config)#vlan 15 console(config-vlan)#interface vlan 15 console(config-if-vlan15)#ipv6 enable ipv6 hop-limit Use the ipv6 hop-limit command to configure the hop limit used in IPv6 PDUs originated by the router. Use the no form of the command to return the hop limit to the default setting.
ipv6 host The ipv6 host command is used to define static host name-to- ipv6 address mapping in the host cache. Syntax ipv6 host name ipv6-address no ipv6 host name • name — Host name. • ipv6-address — IPv6 address of the host. Default Configuration No IPv6 hosts are defined. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines.
• burst-interval — How often the token bucket is initialized (Range: 0–2147483647 milliseconds). • burst-size — The maximum number of messages that can be sent during a burst interval (Range: 1–200). Default Configuration Rate limiting is enabled by default. The default burst-interval is 1000 milliseconds. The default burst-size is 100 messages. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command.
Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 mld last-member-query-count 5 ipv6 mld last-member-query-interval The ipv6 mld last-member-query-interval command sets the last member query interval for the MLD interface, which is the value of the maximum response time parameter in the group-specific queries sent out of this interface.
ipv6 mld host-proxy This command enables MLD and MLD Proxy on the specified interface. PIM and DVMRP are not compatible with MLD proxy. Disable PIM/DVMRP before enabling MLD proxy. Multicast routing must be enabled for the MLD proxy service to become operationally enabled Also, ensure that there are no other multicast routing protocols enabled on the router and that IP multicast routing is globally enabled. Use the “no” form of this command to disable MLD Proxy globally.
Command Mode Interface Configuration (VLAN) mode. Default Configuration There is no default configuration for this command. User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 mld host-proxy reset-status ipv6 mld host-proxy unsolicit-rprt-interval Use the ipv6 mld host-proxy unsolicit-rprt-interval command to set the unsolicited report interval for the MLD Proxy router. This command is only valid when MLD Proxy is enabled on the interface.
Example console(config-if-vlan3)#ipv6 mld host-proxy unsolicit-rprt-interval 10 ipv6 mld query-interval The ipv6 mld query-interval command sets the MLD router's query interval for the interface. The query-interval is the amount of time between the general queries sent when the router is querying on that interface. Use the “no” form of this command to set the query interval to the default.
Syntax ipv6 mld query-max-response-time query-max-response-time no ipv6 mld query-max-response-time • query-max-response-time — Maximum query response time (Range: 1–65535 milliseconds). Default Configuration The default query maximum response time is 10 seconds. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command.
User Guidelines This command has no user guidelines. Example The following example sets at 10 the number of duplicate address detection probes transmitted while doing neighbor discovery. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 nd dad attempts 10 ipv6 nd ra hop-limit unspecified Use the ipv6 nd ra hop-limit unspecified command to configure the hop limit sent in router alert messages. Use the no form of the command to send the default hop limit of 64.
ipv6 nd managed-config-flag Use the ipv6 nd managed-config-flag command in Interface Configuration mode to set the “managed address configuration” flag in router advertisements. When the value is true, end nodes use DHCPv6. When the value is false, end nodes automatically configure addresses. Syntax ipv6 nd managed-config-flag no ipv6 nd managed-config-flag Default Configuration False is the default configuration.
• milliseconds — Interval duration. (Range: 0, 1000–4294967295) Default Configuration 0 is the default value for milliseconds. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Example The following example sets the interval between router advertisements for advertised neighbor solicitations at 5000 ms.
User Guidelines Increase this value when neighbors are not being discovered or large numbers of neighbors are present. Command History Introduced in version 6.2.0.1 firmware. Syntax updated to include Virtual Router Configuration mode in version 6.7.0 firmware. Example console (config)#ipv6 nud max-multicast-solicits 5 ipv6 nud max-unicast-solicits Configures the maximum number of unicast neighbor solicitations sent during neighbor resolution or during NUD (neighbor unreachability detection).
Command History Introduced in version 6.2.0.1 firmware. Syntax updated to include Virtual Router Configuration mode in version 6.7.0 firmware. ipv6 nd nud retry This command configures the exponential backoff multiple to be used in the calculation of the next timeout value for Neighbor Solicitation transmission during NUD (neighbor unreachability detection) following the exponential backoff algorithm. Use the no form of the command to return the backoff multiple to the default.
When NUD is triggered, neighbor solicitation PROBE packets (unicast and multicast) are sent periodically, separated by exponential binary values instead of the normal 1 second interval. This ensures that when the network (not just our router but more routers in the network) is congested, the NUD process for the existing STALE entries takes enough time before ultimately removing the cache entry through garbage collection.
no ipv6 nd other-config-flag Default Configuration False is the default configuration. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines.
• off-link—Do not use Prefix for onlink determination. Default Configuration 604800 seconds is the default value for valid-lifetime, 2592000 seconds for preferred lifetime. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines The router advertises its global IPv6 prefixes in its router advertisements (RAs). An RA only includes the prefixes of the IPv6 addresses configured on the interface where the RA is transmitted.
Syntax ipv6 nd raguard attach-policy no ipv6 nd raguard attach-policy Default Configuration By default, no RA guard policies are applied to any interface. Command Mode Interface Configuration (Ethernet, port-channel) User Guidelines RA Guard drops all incoming IPv6 router advertisement and router redirect messages. RA Guard may be configured on L2 or L3 interfaces. Command History Introduced in version 6.2.0.1 firmware.
Syntax ipv6 nd ra-interval maximum minimum no ipv6 nd ra-interval • maximum — The maximum interval duration (Range: 4–1800 seconds). • minimum — The minimum interval duration (Range: 3 – (0.75 * maximum) seconds). Default Configuration 600 is the default value for seconds. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines The minimum interval cannot be larger than 75% of the maximum interval.
Default Configuration 1800 is the default value for seconds. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Example The following example sets at 1000 seconds the value that is placed in the Router Lifetime field of the router advertisements.
Example The following example sets the router advertisement time at 5000 milliseconds to consider a neighbor reachable after neighbor discovery confirmation. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 nd reachable-time 5000 ipv6 nd suppress-ra Use the ipv6 nd suppress-ra command in Interface Configuration mode to suppress router advertisement transmission on an interface. Syntax ipv6 nd suppress-ra no ipv6 nd suppress-ra Default Configuration Disabled is the default configuration.
The no version of the command removes a static IPv6 neighbor with the given IPv6 address and MAC address on a routing interface. Syntax ipv6 neighbor [vrf vrf-name]ipv6address {vlan 1-4093} macaddr no ipv6 neighbor [vrf vrf-name]ipv6address {vlan 1-4093} macaddr • vrf-name — The name of an existing VRF instance. • ipv6address — The IPv6 address of the neighbor. • vlan — The VLAN for the interface. The range is 1 to 4093. • macaddr — The MAC address for the neighbor.
Default Configuration IPv6 ICMP redirects are enabled by default. Command Mode Interface VLAN Configuration mode User Guidelines In general, an IPv6 ICMP redirect is sent if: • The packet is not addressed to the router. • The packet will be forwarded over the interface on which it was received. • The router determines that a better first-hop resides on the same VLAN as the source of the packet.
no ipv6 route [vrf vrf-name] ipv6-prefix/prefix-length {next-hop-address | Null0 | vlan vlan-id | tunnel tunnel-id} [track ] no ipv6 route [vrf vrf-name] ipv6-prefix/prefix-length ipv6-address preference no ipv6 route [vrf vrf-name] ipv6-prefix/prefix-length interface-type ipv6address no ipv6 route [vrf vrf-name] ipv6-prefix/prefix-length interface • vrf-name — The name of an existing VRF instance.
User Guidelines Enter a track track-number in the ipv6 route command to specify that the static route is installed in the routing table only if the configured SLA tracking object is up. When the track object is down, the route is removed from the Route Table. Only one tracking object can be associated with a static route at a time. Configuring a different tracking object replaces the previously configured tracking object.
• vrf-name — The name of an existing VRF instance. • integer — Specifies the distance (preference) of an individual static route. (Range 1-255) Default Configuration Default value of integer is 1. Command Mode Global Configuration mode User Guidelines Lower route distance values are preferred when determining the best route. Example The following example sets the default distance to 80. console(config)#ipv6 route distance 80 Command History Syntax to support VRFs added in version 6.7.0 firmware.
User Guidelines This command has no user guidelines. Example The following example globally enables Ipv6 unicast datagram forwarding. console(config)#ipv6 unicast-routing console(config)#no ipv6 unicast-routing Command History Syntax to support VRFs added in version 6.7.0 firmware. Syntax updated to include Virtual Router Configuration mode in version 6.7.0 firmware. ipv6 unreachables Use the ipv6 unreachables command to enable the generation of ICMPv6 Destination Unreachable messages.
show ipv6 brief Use the show ipv6 brief command to display the IPv6 status of forwarding mode and IPv6 unicast routing mode. Syntax show ipv6 brief [vrf vrf-name] • vrf-name — The name of an existing VRF instance. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
show ipv6 interface Use the show ipv6 interface command to show the usability status of IPv6 interfaces. The output of the command includes the method of assignment for each IPv6 address that is either autoconfigured or leased from a DHCP server. Global addresses with no annotation are assumed to be manually configured. Syntax show ipv6 interface [vrf vrf-name][brief] [loopback loopback-id | tunnel tunnel-id | vlan vlan-id [prefix]] • interfaces—Displays the interfaces associated with the VRF.
Field Description Auto The IPv6 address is automatically generated using IPv6 auto address configuration (RFC 2462). Config The IPv6 address is manually configured. DHCP The IPv6 address is leased from a DHCP server. TENT Tentative address. The long form of the command includes the same annotations and shows whether address autoconfiguration or DHCP client are enabled on the interface.
console#show ipv6 interface vlan2 IPv6 is enabled IPv6 Prefix is ................................ FE80::211:88FF:FE2A:3E3C/128 2017::A42A:26DB:1049:43DD/128 [DHCP] Routing Mode................................... Enabled Administrative Mode............................ Enabled IPv6 Routing Operational Mode.................. Enabled Bandwidth...................................... 100000 Kbps Interface Maximum Transmit Unit................ 1500 Router Duplicate Address Detection Transmits...
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed as a table when vlan vlan-id is specified: Field Description Number of (*, G) entries Displays the number of groups present in the MLD Table. Number of (S, G) entries Displays the number of include and exclude mode sources present in the MLD Table. Group Address The address of the multicast group.
Compatibility Mode The compatibility mode of the multicast group on this interface. The values it can take are MLDv1 and MLDv2. Version 1 Host Timer The time remaining until the router assumes there are no longer any MLD version-1 Hosts on the specified interface. The following table is displayed to indicate all the sources associated with this group: Field Description Source Address The IP address of the source. Uptime Time elapsed in seconds since the source has been known.
Up Time (hh:mm:ss).......................... 00:04:23 Expiry Time (hh:mm:ss)........................ -----Group Address................................ FF1E::4 Interface..................................... vlan 6 Up Time (hh:mm:ss).......................... 00:04:23 Expiry Time (hh:mm:ss)........................ ------ show ipv6 mld interface The show ipv6 mld interface command is used to display MLD related information for an interface.
Query Interval This field indicates the configured query interval for the interface. Query Max Response Time This field indicates the configured maximum query response time (in seconds) advertised in MLD queries on this interface. Robustness This field displays the configured value for the tuning for the expected packet loss on a subnet attached to the interface. Startup Query Interval This value indicates the configured interval between General Queries sent by a Querier on startup.
Number of Groups The current number of membership entries for this interface. Example console#show ipv6 mld interface vlan 2 Interface................................... vlan 2 MLD Global Admin Mode....................... Enabled MLD Interface Admin Mode.................... Disabled MLD Operational Mode........................ Disabled MLD Version................................. 2 Query Interval (secs)....................... 100 Query Max Response Time(milli-secs)........ 1111 Robustness..................
Admin Mode Indicates whether MLD Proxy is enabled or disabled. This is a configured value. Operational Mode Indicates whether MLD Proxy is operationally enabled or disabled. This is a status parameter. Version The present MLD host version that is operational on the proxy interface. Number of Multicast Groups The number of multicast groups that are associated with the MLD-Proxy interface.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines The following parameters are displayed by this command: Field Description Interface The MLD Proxy interface. Group Address The IP address of the multicast group.
show ipv6 mld host-proxy groups detail Use the show ipv6 mld host-proxy groups detail command to display information about multicast groups that MLD Proxy reported. Syntax show ipv6 mld host-proxy groups detail Default Configuration There is no default configuration for this command.
Group Source List The list of IP addresses of the sources attached to the multicast group. Expiry Time The time left for a source to get deleted. Example console#show ipv6 mld host-proxy groups Interface................................ vlan 10 Group Address Last Reporter Up Time Member State Filter Mode Sources ------------- ---------------- --------- ----------------- ------------- --FF1E::1 FE80::100:2.
Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines The following parameters are displayed only when MLD Proxy is enabled: Parameter Description Interface The MLD Proxy interface. The column headings of the table associated with the interface are as follows: Parameter Description Ver The MLD version. Query Rcvd Number of MLD queries received. Report Rcvd Number of MLD reports received. Report Sent Number of MLD reports sent.
Syntax show ipv6 mld traffic Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed: Field Description Valid MLD Packets Received The number of valid MLD packets received by the router. Valid MLD Packets Sent The number of valid MLD packets sent by the router. Queries Received The number of valid MLD queries received by the router.
Queries Received............................... Queries Sent................................... Reports Received............................... Reports Sent................................... Leaves Received................................ Leaves Sent.................................... Bad Checksum MLD Packets....................... Malformed MLD Packets..........................
console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#switchport access vlan 10 console(config-if-Gi1/0/1)#exit console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#ipv6 nd raguard attach-policy console(config-if-Gi1/0/1)#show ipv6 nd raguard policy Ipv6 RA-Guard Configured Interfaces Interface --------------Gi1/0/1 Role ------Host show ipv6 neighbors Use the show ipv6 neighbors command to display information about the IPv6 neighbors.
Command History Syntax to support VRFs added in version 6.7.0 firmware. show ipv6 protocols Use the show ipv6 protocols command to display information about the configured IPv6 routing protocols Syntax show ipv6 protocols [vrf vrf-name] • vrf-name — The name of an existing VRF instance. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode, all Configuration submodes.
Source Metric Dist List Route Map --------- ---------- -------------------------------- ------------------------------connected Networks Originated: Neighbors: 2001::1 Filter List In ............................ 1 Filter List Out ........................... 1 Routing Protocol .............................. Router ID ..................................... OSPF Admin Mode ............................... Maximum Paths ................................. Routing for networks .......................... Distance ...
• ipv6-prefix/ prefix-length—Specifies an IPv6 network for which the matching route would be displayed. • best—Specifies that only the best routes are displayed. If the connected keyword is selected for protocol, the best option is not available because there are no best or non-best connected routes. • all—Display all routes. • track-table—Display the tracked IPv6 static routes for the selected VRF or the global routing instance. • preferences—Display the routing preferences.
Default gateway is 10.1.20.1 S C C 0.0.0.0/0 [254/0] via 10.1.20.1 10.1.20.0/24 [0/1] directly connected, 20.1.20.0/24 [0/1] directly connected, vlan2 vlan4 The following example shows a tracked route: console#show ipv6 route track-table ipv6 route 2001:B66::/32 4001::1 track 15 state is [up] Command History Command updated in version 6.6 firmware. Syntax to support VRFs added in version 6.7.0 firmware.
console#show ipv6 route preferences Local.......................................... Static......................................... OSPF Intra-area routes......................... OSPF Inter-area routes......................... OSPF External routes........................... BGP External................................... BGP Internal................................... BGP Local...................................... 0 1 110 110 110 20 200 200 Command History Syntax to support VRFs added in version 6.7.
Connected Routes...............................32 Static Routes.................................. 0 6To4 Routes.................................... 0 BGP Routes..................................... 10 External..................................... 0 Internal..................................... 10 Local........................................ 0 OSPF Routes.................................... 0 Intra Area Routes............................ 0 Inter Area Routes............................
Example console(config-if-vlan10)#show ipv6 snooping counters IPv6 Dropped Messages RA (Router Advertisement – ICMP type 134), REDIR (Router Redirect – ICMP type 137) Interface RA REDIR --------------- ------------------Gi1/0/1 0 0 Gi1/0/2 431 6599 show ipv6 traffic Use the show ipv6 traffic command in User Exec mode to show traffic and statistics for IPv6 and ICMPv6.
console> show ipv6 traffic IPv6 STATISTICS Total Datagrams Received........................... 0 Received Datagrams Locally Delivered.......................................... 0 Received Datagrams Discarded Due To Header Errors.. 0 Received Datagrams Discarded Due To MTU............ 0 Received Datagrams Discarded Due To No Route....... 0 Received Datagrams With Unknown Protocol........... 0 Received Datagrams Discarded Due To Invalid Address.0 Received Datagrams Discarded Due To Truncated Data.
show ipv6 vlan Use the show ipv6 vlan command to display IPv6 VLAN routing interface addresses. Syntax show ipv6 vlan Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays IPv6 VLAN routing interface addresses.
• ipv6-address | hostname—The target IP address or host to ping. • out-of-band—Send the ping over the out-of-band interface. • vlan-id—The VLAN over which to send the echo request. • loopback-id—Use the source address from the selected loopback. (Range 0-7) • count—The number of echo request packets to send for each ttl value. (Range 1-10. Default 3). • interval—The time (in seconds) between successive echo requests. Default 3.
Example (console)# traceroute ipv6 2001::2 init-ttl 1 max-ttl 4 max-fail 0 interval 1 count 3 port 33434 size 43 Traceroute to 2001::2, 4 hops max, 43 byte packets: 1 2001::2 708 msec 41 msec 11 msec 2 2001::2 12 msec 13 msec 12 msec 3 2001::2 14 msec 9 msec 11 msec Command History Syntax to support VRFs added in version 6.7.0 firmware.
Loopback Interface Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000EON/N3100-ON/N3200-ON Series Switches Dell EMC Networking provides for the creation, deletion, and management of loopback interfaces. They are dynamic interfaces that are created and deleted by user configuration. A loopback interface is always expected to be up. As such, it provides a means to configure a stable IP address on the device which may be referred to by other switches in the network.
Example The following example enters the Interface Loopback 1 configuration mode. console(config)#interface loopback 1 console(config-if-loopback0)#ip address 192.168.22.1 255.255.255.255 console(config-if-loopback0)#exit console(config)#ex console#ping 192.168.22.1 Pinging 192.168.22.1 with 0 bytes of data: Reply Reply Reply Reply From From From From 192.168.22.1: 192.168.22.1: 192.168.22.1: 192.168.22.1: icmp_seq icmp_seq icmp_seq icmp_seq = = = = 0. 1. 2. 3.
1 loopback 1 0.0.0.0 0 0 console# show interfaces loopback 1 Interface Link Status.......................... Up IP Address..................................... 0.0.0.0 0.0.0.0 MTU size.......................................
IP Multicast Commands Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series Switches The Dell Network N1500/N2000/N2100-ON/N2200-ON Series switches support limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. The Dell EMC Networking multicast component is best suited for video and audio traffic requiring multicast packet control for optimal operation.
mandatory. Discovering the local domain-name server is the intended use of multicast messages on remote networks when there is less than one server per network. • Applications used for datacasting: Since multimedia transmission has become increasingly popular, multicast transmission use has increased. Multicast transmission may be used to efficiently accommodate this type of communication. For instance, the audio and video signals are captured, compressed and transmitted to a group of receiving stations.
Example The following example deletes all entries from the IP multicast routing table: console# clear ip mroute * The following example deletes from the IP multicast routing table all entries that match the given multicast group address (239.1.2.1), irrespective of which source is sending for this group: console# clear ip mroute 239.1.2.1 The following example deletes from the IP multicast routing table all entries that match the given multicast group address (239.1.2.
Example The following example adds an administrative scope multicast boundary. console(config)#interface vlan 15 console(config-if-vlan15)#ip multicast boundary 239.5.5.5 255.255.255.255 ip mroute Use the ip mroute command to create a static multicast route for a source range. Use the no form of this command to delete a static multicast route. Syntax ip mroute source-address mask rpf-address preference no ip mroute source-address mask • source-address — The IP address of the multicast data source.
ip multicast-routing Use the ip multicast-routing command in Global Configuration mode to set the administrative mode of the IP multicast forwarder in the router to active. It enables both IPv4 and IPv6 multicast routing. For multicast routing to become operational, IGMP must be currently enabled. Enabling PIM or DVMRP enables IGMP. Syntax ip multicast-routing no ip multicast-routing Default Configuration This command has no default configuration.
This command enables both IPv4 and IPv6 multicast routing. Multicast source data is flooded/forwarded by default in the VLAN on which it is received. For this reason, multi-access VLANs are not recommended for multicast routing interfaces. Example The following example enables IP multicast on the router. console#configure console(config)#ip multicast-routing Command History User Guidelines updated in release 6.3.5. User Guidelines updated in release 6.4 release.
Example The following example applies a ttlvalue of 5 to the VLAN 15 routing interface. console(config)#interface vlan 15 console(config-if-vlan15)#ip multicast ttl-threshold 5 ip pim Use the ip pim command in Interface (VLAN) Configuration mode to administratively configure PIM mode for IP multicast routing on a VLAN interface. Enabling or disabling PIM mode concurrently enables/disables IGMP. Use the no form of the command to disable PIM on the interface.
ip pim bsr-border The ip pim bsr-border command is used in Interface (VLAN) Configuration mode to administratively disable bootstrap router (BSR) messages on the interface. Use the no form of this command to return the configuration to the default. Syntax ip pim bsr-border no ip pim bsr-border Default Configuration BSR messages are enabled on the interface by default. Command Mode Interface (VLAN) Configuration mode User Guidelines This command only has an effect if sparse mode is enabled.
• hash-mask-length —Length of the BSR hash to be ANDed with the multicast group address. (Range 0–32 bits). Default 0. • bsr-priority—The advertised priority of the BSR candidate. Range 0-255. Default 0. • interval—(Optional) Indicates the RP candidate advertisement interval. The range is from 1 to 16383 seconds. The default value is 60 seconds. Default Configuration None - the router does not advertise itself as a BSR candidate.
User Guidelines Only one of sparse or dense mode can be configured on a router. IGMP is automatically enabled if PIM is enabled and disabled when PIM is disabled. ip multicast-routing may be operationally enabled or disabled by this command. PIM is not compatible with DVMRP. DVMRP must be disabled before enabling PIM.
Example console(if-vlan10)#ip pim dr-priority 32768 ip pim hello-interval The ip pim hello-interval command in Interface (VLAN) Configuration mode to administratively configure the frequency of PIM Hello messages on the specified interface. Use the no form of this command to return the configuration to the default. Syntax ip pim hello-interval interval no ip pim hello-interval • interval — The number of seconds between successive hello transmissions. Range: 0–18000 seconds. Default is 30.
Syntax ip pim join-prune-interval interval no ip pim join-prune-interval • interval — The number of seconds between successive join-prune transmissions. Range: 0–18000 seconds. Default is 60. Default Configuration The default join/prune interval is 60 seconds. Command Mode Interface (VLAN) Configuration mode User Guidelines This command only has an effect if sparse mode is enabled.
• override—A flag indicating that the static entry should override dynamically learned entries for the configured multicast group. Default Configuration None —no static multicast groups are configured for an RP. Command Mode Global Configuration mode User Guidelines A maximum of 32 multicast group ranges may be defined for each rendezvous point. The configured ranges may not overlap. Command History Updated guidelines in version 6.5 firmware. Example console(config)#ip pim rp-address 192.168.21.1 239.
• interval—(Optional) Indicates the RP candidate advertisement interval. The range is from 1 to 16383 seconds. The default value is 60 seconds. Default Configuration None - the router does not advertise itself as an RP candidate by default. Command Mode Global Configuration mode User Guidelines There are no user guidelines for this command. Example console(config)#ip pim rp-candidate vlan 10 239.1.0.0 255.255.0.
IP multicast must be enabled for PIM to operate. ip multicast-routing is not disabled or enabled by this command. It is recommended that IGMP snooping be disabled if IP multicast is enabled unless specifically required. PIM is not compatible with DVMRP. DVMRP must be disabled before enabling PIM.
Example console(config)#ip pim ssm 239.0.10.0 255.255.255.0 show ip mfc Use the show ip mfc command to display the multicast forwarding cache. Syntax show ip mfc Default Configuration This command does not have a default configuration. Command Mode Privileged Exec mode, Global Config mode, all sub-modes. User Guidelines This command display both the IPv4 and IPv6 MFC entries. The following information is displayed. Field Description MFC IPv4 Mode Enabled when IPv4 multicast routing is operational.
MFC IPv4 Mode.................................. Disabled MFC IPv6 Mode.................................. Disabled MFC Entry Count................................ 0 Current multicast IPv4 protocol................ PIMSM Current multicast IPv6 protocol................ No protocol enabled. Total software forwarded packets...............
show ip pim boundary Use the show ip pim boundary command to display all the configured administrative scoped multicast boundaries. Syntax show ip pim boundary {vlan vlan-id | all} • vlan-id — Valid VLAN ID. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
• type number—Interface type and number for which to display IP multicast information. VLAN Vlan-ID is the only supported type and number. Default Configuration Show information for all multicast interfaces. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the multicast information for VLAN 15.
User Guidelines This command has no user guidelines. Example console#show ip mroute IP Multicast route table Expiry Up Time Source IP Group IP (mm:ss) (hh:mm:ss) RPF Neighbor Flags --------------- --------------- -------- ----------- --------------- ----192.168.0.11 239.0.5.7 3:03 15:54:12 192.168.0.
show ip mroute source Use the show ip mroute source command to display the multicast configuration settings such as flags, timer settings, incoming and outgoing interfaces, RPF neighboring routers, and expiration times of all the entries in the multicast mroute table containing the sourceipaddr or sourceipaddr | groupipaddr pair value(s). Syntax show ip mroute source sourceipaddr {summary} • sourceipaddr — IP address of source. Default Configuration This command has no default configuration.
• sourceipaddr — IP address of source. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the static routes configured in the static mcast table. console#show ip mroute static MULTICAST STATIC ROUTES Source IP Source Mask RPF Address Preference --------------- --------------- --------------- ---------1.1.1.
User Guidelines The following information is displayed: Field Description PIM Mode The routers that are enabled for PIM. Example console#show ip pim PIM Mode............................. None If no routers are enabled for PIM, the following message is displayed. None of the routing interfaces are enabled for PIM. show ip pim bsr-router The show ip pim bsr-router command displays information about a bootstrap router (BSR).
BSR address IP address of the BSR. BSR Priority The configured BSR priority. BSR Hash Mask Length The configured hash mask length (32 bits maximum). Next Bootstrap Message Time remaining (in hours, minutes, and seconds) until a in BSR message is sent. Next Candidate RP Advertisement Time remaining (in hours, minutes, and seconds) until the next RP advertisement is sent. Example console#show ip pim bsr-router BSR Address............................. 192.168.10.1 BSR Priority............................
Field Description Join-prune Interval Join-prune interval value DR Priority DR Priority configured on this interface BSR Border Whether or not this interface is configured as a BSR Border Neighbor Count Number of PIM Neighbors learned on this interface Designated-Router IP address of the elected DR on the interface Default Configuration There is no default configuration for this command.
show ip pim neighbor Use the show ip pim neighbor command in User Exec or Privileged Exec modes to display PIM neighbors discovered by PIMv2 Hello messages. If the interface number is not specified, this command displays the neighbors discovered on all the PIM-enabled interfaces. Syntax show ip pim neighbor [vlan vlan-id] • vlan-id — A valid VLAN ID for which multicast routing has been enabled. Default Configuration This command has no default configuration.
--------------- --------192.168.10.2 VLAN0001 192.168.20.2 VLAN0010 ----------- ----------00:02:55 00:01:15 00:03:50 00:02:10 If no neighbors are learned on any of the interfaces, the following message is displayed. No neighbors are learned on any interface. show ip pim rp-hash The show ip pim rp-hash command displays the rendezvous point (RP) selected for the specified group address. Syntax show ip pim rp-hash group-address • group-address — A valid multicast address supported by RP.
show ip pim rp mapping The show ip pim rp mapping command is used in User Exec and Privileged Exec modes to display the mappings for the PIM group to the active rendezvous points. Syntax show ip pim rp mapping [rp-address |candidate|static] rp-address — An RP address. Default configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed.
No RP-Group mappings exist on this router. If no static RP Group mapping exists on the router, the following message is displayed: No Static RP-Group mappings exist on this router. show ip pim statistics Use the show ip pim statistics command to display the count of PIM sparse mode received control packets per VLAN. Syntax show ip pim statistics [vlan vlan-id] vlan-id — The VLAN for which PIM sparse mode statistics are displayed. Default configuration There is no default configuration for this command.
Field Description Assert Number of PIM Assert messages CRP Number of PIM Candidate RP Advertisement messages.
IPv6 Multicast Commands Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series Switches The Dell Network N1500/N2000/N2100-ON/N2200-ON Series switches support limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. clear ipv6 mroute This command is used to selectively clear dynamic IPv6 multicast entries from the cache.
Example The following example deletes all entries from the IPv6 multicast routing table: console# clear ipv6 mroute * The following example deletes from the IPv6 multicast routing table all entries that match the given multicast group address (FF4E::1), irrespective of which source is sending for this group: console# clear ipv6 mroute FF4E::1 The following example deletes from the IPv6 multicast routing table all entries that match the given multicast group address (FF4E::1) and the multicast source addre
Example console(config-if-vlan3)#ipv6 pim ipv6 pim bsr-border Use the ipv6 pim bsr-border command to prevent bootstrap router (BSR) messages from being sent or received through an interface. Use the no form of this command to disable the interface from being the BSR border. Syntax ipv6 pim bsr-border no ipv6 pim bsr-border Default Configuration BSR-border is disabled by default. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command.
• hash-mask-len —The length of a mask that is to be ANDed with the group address before the hash function is called. All groups with the same seed hash correspond to the same RP. For example, if this value is 24, only the first 24 bits of the group addresses matter. This allows you to get one RP for multiple groups. (Range 0–128 bits). • priority —The priority of the candidate BSR. The BSR with the higher priority is preferred.
no ipv6 pim Default Configuration PIM dense mode is disabled by default. Command Mode Global Configuration mode User Guidelines Only one of sparse or dense mode can be configured on a router. DVMRP must be disabled before enabling PIM. Example console(config)#ipv6 pim dense ipv6 pim dr-priority Use the ipv6 pim dr-priority command to set the priority value for which a router is elected as the designated router (DR). Use the no form of this command to set the priority to the default.
Example console(config-if-vlan3)#ipv6 pim dr-priority 10 ipv6 pim hello-interval Use the ipv6 pim hello-interval command to configure the PIM-SM Hello Interval for the specified interface. Use the no form of this command to set the hello interval to the default. Syntax ipv6 pim hello-interval interval no ipv6 pim hello-interval • interval—The hello interval (Range: 0–18000 seconds). Default Configuration The default hello interval is 30 seconds.
Default Configuration The default join/prune interval is 60 seconds. Command Mode Interface Configuration (VLAN) mode User Guidelines There are no user guidelines for this command. Example console(config-if-vlan3)#ipv6 pim join-prune-interval 90 ipv6 pim register-threshold Use the ipv6 pim register-threshold command to configure the Register Threshold rate for the RP router to switch to the shortest path. Use the no form of this command to set the register threshold rate to the default.
ipv6 pim rp-address Use the ipv6 pim rp-address command to statically configure the RP address for one or more multicast groups. The optional keyword override indicates that if there is a conflict, the RP configured with this command prevails over the RP learned by BSR. Use the no form of this command to remove the RP address for one or more multicast groups.
Syntax ipv6 pim rp-candidate vlan vlan-id group-address/prefixlength [interval c_rp_interval ] no ipv6 pim rp-candidate vlan vlan-id • vlan-id—A valid VLAN ID value. • group-address—The group address to display. • prefixlength—This parameter specifies the prefix length of the IP address for the media gateway. (Range: 1–128) • c_rp_interval—The Candidate RP advertisement interval (range 1-16383 seconds, default 60 seconds).
Default Configuration IPv6 PIM sparse mode is disabled by default. Command Mode Global Configuration mode User Guidelines Only one of sparse or dense mode can be configured on a router. DVMRP must be disabled before enabling PIM. Example console(config)#ipv6 pim sparse-mode ipv6 pim ssm Use the ipv6 pim ssm command to define the Source Specific Multicast (SSM) range of multicast addresses.
Example console(config)#ipv6 pim ssm ff1e::/64 show ipv6 pim Use the show ipv6 pim command to display global status of IPv6 PIMSM and its IPv6 routing interfaces. Syntax show ipv6 pim Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console(config)#show ipv6 pim PIM Mode.......................................
• candidate—Show the IPv6 PIM candidate bootstrap router information. • elected—Show the IPv6 elected PIM bootstrap router information. Default Configuration There is no default configuration for this command. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines Field descriptions are shown in the following table.
show ipv6 mroute Use the show ipv6 mroute command to display a summary or all the details of the multicast table. Syntax show ipv6 mroute [group groupip [summary] | source sourceip [summary] | static summary] • group—Show the multicast route information for the specified multicast group. • source—Show the multicast route information for the specified multicast source. • static—Show the multicast route information for the specified static multicast group. • summary—Summarize the information.
Multicast Route Table Summary Source IP Group IP Protocol IIF OIF Expiry --------------- --------------- -------- --------- --------- ------* FF43::5 PIMSM Vl11 Vl13 2001::5 FF43::5 PIMSM Vl12 Vl11 Vl13 console#show ipv6 mroute source 2001::5 ? | summary Press enter to execute the command. Output filter options. Display the IPV6 multicast routing table summary.
Source IP Group IP Protocol IIF OIF Expiry --------------- --------------- -------- --------- --------- ------* FF43::5 PIMSM Vl11 Vl13 2001::5 FF43::5 PIMSM Vl12 Vl11 Vl13 show ipv6 mroute group Use the show ipv6 mroute group command to display the multicast configuration settings such as flags, timer settings, incoming and outgoing interfaces, RPF neighboring routers, and expiration times of all the entries in the multicast mroute table containing the groupipaddr value.
* 2001::5 FF43::5 FF43::5 00:00 02:54 00:01:00 00:00:35 :: 2001::5 RPT SPT console#show ipv6 mroute group FF43::5 summary Multicast Route Table Summary Source IP Group IP Protocol IIF OIF Expiry --------------- --------------- -------- --------- --------- -----* FF43::5 PIMSM Vl11 Vl13 2001::5 FF43::5 PIMSM Vl12 Vl11 Vl13 show ipv6 mroute source Use the show ipv6 mroute source command to display the multicast configuration settings such as flags, timer settings, incoming and outgoing interfaces, RPF
| summary Press enter to execute the command. Output filter options. Display the IPV6 multicast routing table summary.
Example console#show ipv6 pim interface vlan 6 Slot/Port...................................... IP Address..................................... Hello Interval (secs).......................... Join Prune Interval (secs)..................... Neighbor Count................................. Designated Router.............................. DR Priority.................................... BSR Border.....................................
show ipv6 pim rp-hash Use the show ipv6 pim rp-hash command to display which rendezvous point (RP) is being selected for a specified group. Syntax show ipv6 pim rp-hash group-address group-address —Group IP address supported by RP. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command.
• static—Show static rendezvous point mappings. Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no user guidelines for this command. Example console#show ipv6 pim rp mapping Group Address.................................. RP Address..................................... origin......................................... Group Address................................
User Guidelines This command only displays output if pim sparse-mode is enabled. The following counters are displayed in the output. Field Description Stat Rx: Packets received. Tx: Packets transmitted. Interface The PIM enabled routing interface. Hello Number of PIM Hello messages. Register Number of PIM Register messages. Reg-Stop Number of PIM Register-Stop messages. Join/Pru Number of PIM Join/Prune messages. BSR Number of PIM Boot Strap messages. Assert Number of PIM Assert messages.
===================================================================== Vl10 Rx 0 0 0 0 0 0 0 Tx 2 0 0 0 0 0 0 Invalid Packets Received - 0 --------------------------------------------------------------------- Layer 3 Routing Commands 1696
IP Service Level Agreement Commands Dell EMC Networking N2000E/N2100E-ON/N2200-ON/N3000-ON Series Switches The IP service-level agreement (SLA) feature allows users to monitor network performance between routers or from a router to a remote IP device. N2000/N2100-ON/N2200-ON/N3000E-ON Series supports the following measurement capabilities: • Remote IP reachability tracking. • Round-trip-time threshold monitoring These metrics are collected by measuring ICMP response time and connectivity.
User Guidelines Start configuring an IP SLA operation by using the ip sla command. This command specifies an identification number for the operation. Once this command is entered, the router enters IP SLA configuration mode. At a minimum, an SLA consists of an operation, a tracking object and one or more routes. Routes are associated with a tracking object which is mapped to an operation. Operations may be scheduled.
ip sla schedule Use the ip sla schedule command to start an IP SLA. Use the no form of the command to stop an IP SLA operation. Syntax ip sla schedule operation-number no ip sla schedule operation-number • operation-number—The number used to identify an IP SLA operation. The range is 1 to 128. Default Configuration By default, there are no operations configured.
After an IP SLA has been scheduled, the configuration may not be modified. To modify the configuration of the operation, first stop the operation by using the no ip schedule command and then modify the configuration. Alternatively, delete the IP SLAs operation (using the no ip sla command) and then reconfigure the operation with the new operation parameters. Command History Command introduced in version 6.6 firmware.
Default Configuration By default, there are no tracking objects configured. The default tracking type is reachability. Command Mode Global Configuration mode User Guidelines An operation return-code value is maintained by every IP SLA operation. This return code is interpreted by the associated tracking object. The return code may return OK, OverThreshold, or Timeout. Two facets of an IP SLAs operation can be tracked: reachability and state.
console(config)# track 2 ip sla 5 state In the following example, the tracking process is configured to track the reachability of IP SLAs operation 6: console(config)# track 3 ip sla 6 reachability delay Use the delay command to configure a delay for acting upon tracking object reachability state changes. Use the no form of the command to return the delay time to the default.
Example In the following example, SLA 55 is created with an ICMP echo to 172.16.1.175 and then scheduled. Tracking object 10 is created using the default reachability test and is associated with IP SLAs operation 55 and then an up delay of 5 seconds and a down delay of 3 seconds is configured: console(config)#ip sla 55 console(config-ip-sla)#icmp-echo 172.16.1.
The type of IP operation (ICMP echo) must be configured before any other operational parameter. To change the operation values (destination-ipaddress or source-interface-name) of an existing scheduled IP SLAs ICMP echo operation, stop the IP SLA operation using the no ip sla schedule operation-number or delete the IP SLA operation (using the no ip sla global configuration command) and then reconfigure the operation with the desired values.
no frequency • seconds —Number of seconds between the IP SLAs operations. The range is 1 to 3600. Default Configuration The default is 60 seconds. Command Mode IP SLA ICMP Echo Configuration mode (config-ip-sla-echo). User Guidelines The IP SLA operation will repeat at a given frequency for the lifetime of the operation. For example, the ICMP Echo operation with a frequency of 60 sends an ICMP Echo Request packet once every 60 seconds for the lifetime of the operation.
Example The following example shows how to configure an IP SLAs ICMP echo operation (operation 11) to repeat every 80 seconds. This example shows the frequency (IP SLA) command being used in an IPv4 network in ICMP echo configuration mode within IP SLA configuration mode. console(config)#ip sla 11 console(config-ip-sla)#icmp-echo 152.15.10.
The recommended guidelines for configuring the frequency, timeout and threshold commands of the IP SLAs ICMP Echo operation are: (frequency seconds) > (timeout milliseconds) > (threshold milliseconds) This command is supported in IPv4 networks and also for IPv6 networks where IPv6 addresses are supported. Command History Command introduced in version 6.6 firmware.
User Guidelines The value specified for this command must not be greater than the value specified for the timeout command. The threshold value configured by this command is used only to calculate network monitoring statistics created by an IP SLA’s operation. For the IP SLA’s ICMP Echo operation, the threshold (IP SLA) command sets the upper threshold value for the round-trip time (RTT) measurement.
Default Configuration By default, IP SLA operations occur in the Default VRF. Command Mode IP SLA ICMP Echo Configuration mode (config-ip-sla-echo). User Guidelines This command identifies the VPN for the operation being configured. The vrf (IP SLA) command is supported only for IPv4 networks. This command is not supported in IPv6 networks to configure an IP SLAs operation that supports IPv6 addresses. Command History Command introduced in version 6.6 firmware.
clear ip sla statistics Use the clear ip sla statistics command to clear IP SLA statistical information for a given IP SLA operation or for all IP SLAs. Syntax clear ip sla statistics [operation-number] • operation-number—(Optional) IP SLA number of a specific operation whose statistics need to be cleared. Default Configuration By default, IP SLA operation statistics are cleared. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines.
• operation-number—(Optional) IP SLA number of a specific operation associated with the statistics to display. Default Configuration By default, IP SLA operation configurations are shown. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all submodes User Guidelines This command has no user guidelines. Command History Command introduced in version 6.6 firmware. Example IP SLAs Internet Control Message Protocol (ICMP) echo operations support both IPv4 and IPv6 addresses.
Entry number: 3 Type of operation: echo Target address/Source address: 2001:DB8:100::1/2001:0DB8:200::FFFE Operation timeout (milliseconds): 5000 Vrf Name: Schedule: Next Scheduled Start Time: Pending Trigger Operation frequency (seconds): 60 Life: Forever Threshold (milliseconds): 5000 show ip sla statistics Use the show ip sla statistics command to see the statistics and the current operational status of a specified IP SLA operation or of all operations.
Example console# show ip sla statistics details Round Trip Time (RTT) for Index 1 Type of operation: icmp-echo Latest RTT: 1 ms Latest operation start time: 47 milliseconds Latest operation return code: OK Over thresholds occurred: FALSE Number of successes: 14 Number of failures: 0 Operation time to live: Forever Operational state of entry: Active show track Use the show track to display detailed information for all tracking objects or for a specific track-object.
User Guidelines The show track brief command shows limited information in a tabular format. The other invocations of the command display more detailed information. Command History Command introduced in version 6.6 firmware. Example The example below shows detailed information for all track objects.
Latest RTT (millisecs) 1500 The example below shows brief information for all track objects associated with IP SLA operation 1. console#show track ip sla 1 Track 10 13 Object ip sla ip sla 1 1 Parameter reachability state Value Last Change Up 01:12:36 Up 00:34:08 The example below shows brief information for all track objects.
OSPF Commands Dell EMC Networking N2000/N2100-ON/N2200-ON/N3000EON/N3100-ON/N3200-ON Series Switches The Dell Network N1500/N2000/N2100-ON/N2200-ON series support limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. OSPF is a link-state protocol. Dell EMC Networking OSPF supports variablelength subnet masks. Dell EMC Networking OSPF only operates over VLAN interfaces. OSPF operates within a hierarchy.
The Dell EMC Networking routing OSPF NSSA feature supports RFC 3101, The OSPF Not-So-Stubby Area (NSSA) Option.
• Configured Statically: If an operator configures multiple static routes to the exact same destination but with different next hops, those routes are treated as a single route with two next hops. • Learned Dynamically: Routing protocols can learn ECMP routes. For example, if OSPF is configured on both links connecting Router A to Router B with interface addresses 10.1.1.2 and 10.1.2.2 respectively, and Router B advertises its connection to 20.0.0.0/ 8, then Router A computes an OSPF route to 20.0.0.
Passive Interfaces The passive interface feature is used to disable sending OSPF routing updates on an interface. An OSPF adjacency will not be formed on such an interface. On a passive interface, subnet prefixes for IP addresses configured on the interface will continue to be advertised as stub networks. Graceful Restart The Dell EMC Networking implementation of OSPFv2 supports graceful restart as specified in RFC 3623.
Default Configuration 10 is the default configuration for integer. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example identifies a stub area of 10 and default cost of 100. console(config)#router ospf console(config-router)#area 10 default-cost 100 area nssa (Router OSPF) Use the area nssa command in Router OSPF Configuration mode to configure the specified area ID to function as an NSSA.
– • • A metric type of nssa-external 2 (default) role—The translator role where role is one of the following: – always - The router assumes the role of the translator when it becomes a border router. – candidate - The router to participate in the translator election process when it attains border router status. interval—The period of time that an elected translator continues to perform its duties after it determines that its translator status has been deposed by another router.
area nssa default-info-originate (Router OSPF Config) Use the area nssa default-info-originate command in Router OSPF Configuration mode to configure the metric value and type for the default route advertised into the NSSA. The metric type can be comparable (nssaexternal 1) or noncomparable (nssa-external 2). Use the no form of the command to return the metric value and type to the default value.
area nssa no-redistribute Use the area nssa no-redistribute command in Router OSPF Configuration mode to configure the NSSA Area Border router (ABR) so that learned external routes are not redistributed to the NSSA. Syntax area area-id nssa no-redistribute no area area-id nssa no-redistribute • area-id — Identifies the OSPF NSSA to configure. (Range: IP address or decimal from 0–4294967295) Default Configuration This command has no default configuration. Command Mode Router OSPF Configuration mode.
Default Configuration This command has no default configuration. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the NSSA so that summary LSAs are not advertised into the NSSA. console(config-router)#area 20 nssa no-summary area nssa translator-role Use the area nssa translator-role command in Router OSPF Configuration mode to configure the translator role of the NSSA.
User Guidelines This command has no user guidelines. Example The following example configures the translator role of the NSSA. console(config-router)#area 20 nssa translator-role always area nssa translator-stab-intv Use the area nssa translator-stab-intv command in Router OSPF Configuration mode to configure the translator stability interval of the NSSA. Syntax area area-id nssa translator-stab-intv integer no area area-id nssa translator-stab-intv • area-id — Identifies the OSPF NSSA to configure.
area range (Router OSPF) Use the area range command in Router OSPF Configuration mode to configure a summary prefix that an area border router advertises for a specific area. There are two types of area ranges. An area range can be configured to summarize intra-area routes. An ABR advertises the range rather than the specific intra-area route as a type 3 summary LSA. Also, an area range can be configured at the edge of an NSSA to summarize external routes reachable within the NSSA.
type 3 summary LSA is not advertised, but contained networks are suppressed. This behavior is equivalent to specifying the not-advertise option. If the range is configured for type 7 to type 5 translation, a type 5 LSA is sent if the metric is set to 16,777,215; however, other routers will not compute a route from a type 5 LSA with this metric. Default Configuration No area ranges are configured by default. No cost is configured by default.
If the user tries to configure both types of ranges for the same prefix and area: A T3 range with the same prefix is already configured on this area. If the network mask is invalid: console (config-router)#area 1 range 0.0.0.0 0.0.0.0 summarylink An area range mask must have contiguous ones and be no longer than 31 bits. If the prefix is not a valid area range prefix: console (config-router)#area 1 range 0.0.0.0 255.0.0.0 summarylink Cannot create this area range because it represents a default route.
External LSAs and Summary LSAs can significantly reduce the link state database of routers within the stub area. Use the no form of the command to remove the stub area. Syntax area area-id stub no area area-id stub • area-id — Identifies the area identifier of the OSPF stub. (Range: IP address or decimal from 0–4294967295) Default Configuration This command has no default configuration. Command Mode Router OSPF Configuration mode.
no area area-id stub no-summary • area-id — Identifies the OSPF area to configure. (Range: IP address or decimal from 0–4294967295) Default Configuration Disabled is the default configuration. Command Mode Router OSPF Configuration mode. User Guidelines This command creates a totally stubby area when used in conjunction with the area stub command. Example The following example prevents the Summary LSA from being advertised into the area 3 NSSA. Area 3 will be configured as a totally stubby area.
no area area-id virtual-link router-id [authentication [message-digest | null]] [hello-interval] [retransmit-interval] [transmit-delay] [dead-interval] [[authentication-key] | [message-digest-key]] • area-id—Identifies the OSPF stub area to configure. (Range: IP address or decimal from 0-4294967295) • router-id—Valid IP address. • authentication—Specifies authentication type. • message-digest —Specifies that message-digest authentication is used. • null—No authentication is used.
Parameter Default hello-interval seconds 10 seconds retransmit-interval seconds 5 seconds transmit-delay seconds 1 second dead-interval seconds 40 seconds authentication-key key No key is predefined. message-digest-key key-id md5 key No key is predefined. Command Mode Router OSPF Configuration mode. User Guidelines Unauthenticated interfaces cannot be configured with an authentication key. Use the area virtual-link authentication command to enable configuration of an authentication key.
area virtual-link authentication Use the area virtual-link authentication command in Router OSPF Configuration mode to configure the authentication type and key for the OSPF virtual interface identified by the area ID and neighbor ID. Use the no form of the command to return the authentication type to the default value.
console(config-router)#area 10 virtual-link 192.168.2.7 authentication console(config-router)#area 10 virtual-link 192.168.2.7 authentication encrypt test123 1001010 area virtual-link dead-interval Use the area virtual-link dead-interval command in Router OSPF Configuration mode to configure the dead interval for the OSPF virtual interface on the virtual interface identified by area-id and neighbor router. Use the no form of the command to return the dead interval to the default value.
area virtual-link hello-interval Use the area virtual-link hello-interval command in Router OSPF Configuration mode to configure the hello interval for the OSPF virtual interface on the virtual interface identified by the area ID and neighbor ID. Use the no form of the command to return the hello interval to the default value. Syntax area area-id virtual-link neighbor-id hello-interval seconds no area area-id virtual-link neighbor-id hello-interval • area-id — Identifies the OSPF area to configure.
area virtual-link retransmit-interval Use the area virtual-link retransmit-interval command in Router OSPF Configuration mode to configure the retransmit interval for the OSPF virtual interface on the virtual interface identified by the area ID and neighbor ID. Use the no form of the command to return the retransmit interval to the default value.
area virtual-link transmit-delay Use the area virtual-link transmit-delay command in Router OSPF Configuration mode to configure the transmit delay for the OSPF virtual interface identified by the area ID and neighbor ID. Use the no form of the command to return the transmit delay to the default value. Syntax area area-id virtual-link neighbor-id transmit-delay seconds no area area-id virtual-link neighbor-id transmit-delay • area-id — Identifies the OSPF area to configure.
bandwidth is defined by the “bandwidth” command. Because the default reference bandwidth is 100 Mbps, OSPF uses the same default link cost for all interfaces whose bandwidth is 100 Mbps or greater. To change the reference bandwidth, use the auto-cost command, specifying the reference bandwidth in megabits per second. The different reference bandwidth can be independently configured for OSPFv2 and OSPFv3.
Syntax bandwidth bw • bw — Interface bandwidth in Kbps (Range: 1–10000000). Default Configuration The default reference bandwidth is 10 Mbps Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command. Example The following example configures the interface bandwidth to 500000 Kbps. console(config-if-vlan1)#bandwidth 500000 bfd Use the bfd command to enable processing of BFD events by OSPF on all interfaces enabled for BFD.
User Guidelines BFD processing notifies OSPF of layer 3 connectivity issues with the peer. The interface must be a VLAN interface enabled for routing. BFD event notification must also be enabled in VLAN interface mode in order for processing of BFD events to occur. Command History Introduced in version 6.3.0.1 firmware. Example The following example console#configure console(config)#ip routing console(config)#interface vlan 3 console(config-if-vlan3)#ip address 192.168.0.
User Guidelines There are no user guidelines for this command. Example console(config-router)#capability opaque clear ip ospf Use the clear ip ospf command to reset specific OSPF states. If no parameters are specified, OSPF is disabled and then re-enabled. Syntax clear ip ospf [{configuration | redistribution | counters | neighbor [interface vlan vlan id [neighbor id]]}] [vrf vrf-name] • configuration — Reset the OSPF configuration to factory defaults.
User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. Example The following example shows the options for the clear ip ospf command. console#clear ip ospf ? Press enter to execute the command.
compatible rfc1583 Use the compatible rfc1583 command in Router OSPF Configuration mode to enable OSPF 1583 compatibility. Use the no form of the command to disable it. Syntax compatible rfc1583 no compatible rfc1583 Syntax Description This command has no arguments or keywords. Default Configuration Compatible with RFC 1583. Command Mode Router OSPF Configuration mode.
Syntax default-information originate [always] [metric metric-value] [metric-type type-value] no default-information originate [metric] [metric-type] • always—Always advertise default routes. • metric-value—The metric (or preference) value of the default route. (Range: 1–16777214) • type-value—One of the following: 1 External type-1 route. 2 External type-2 route. Default Configuration The default configuration is no default-information originate. The default metric is none and the default type is 2.
default-metric Use the default-metric command in Router OSPF Configuration mode to set a default for the metric of distributed routes. Use the no form of the command to remove the metric from the distributed routes. If the area has not been previously created, it is created by this command. If the area already exists, the default-metric information is added or modified. Syntax default-metric metric-value no default-metric • metric-value — The metric (or preference) value of the default route.
Syntax distance ospf {[intra-area dist1] [inter-area dist2] [external dist3]} no distance ospf {intra-area | inter-area | external} • intra-area dist1—Used to select the best path within an area when there are two or more routes to the same destination from two different routing protocols (Range: 1–255). • inter-area dist2—Used to select the best path from one area to another area when there are two or more routes to the same destination from two different routing protocols (Range: 1–255).
Syntax distribute-list name out {bgp | rip | static | connected} no distribute-list name out {bgp | rip | static | connected} • name—The name used to identify an existing ACL. The range is 1–31 characters. • bgp—Apply the specified access list when BGP is the source protocol. • rip—Apply the specified access list when RIP is the source protocol. • static—Apply the specified access list when packets come through the static route.
Syntax enable no enable Default Configuration Disabled is the default configuration. Command Mode Router OSPF Configuration mode. User Guidelines The no form of the enable command removes the OSPF router configuration from the running config. It does not, however, reset the OSPF configuration. For example, following no enable with the enable command restores the OSPF configuration to the running config. OSPF must be disabled in order to assign or change the router ID.
Default Configuration 0 seconds is the default configuration. Command Mode Router OSPF Configuration mode. User Guidelines This command has no user guidelines. Example The following example sets the exit overflow interval for OSPF at 10 seconds. console(config-router)#exit-overflow-interval 10 external-lsdb-limit Use the external-lsdb-limit command in Router OSPF Configuration mode to configure the external LSDB limit for OSPF. If the value is -1, then there is no limit.
User Guidelines The external LSDB limit MUST be set identically in all routers attached to the OSPF backbone and/or any regular OSPF area. Example The following example configures the external LSDB limit for OSPF with the number of non-default AS-external-LSAs set at 20. console(config-router)#external-lsdb-limit 20 ip ospf area The ip ospf area command enables OSPFv2 and sets the area ID of an interface. This command supersedes the effects of network area command.
ip ospf authentication Use the ip ospf authentication command in the Interface Configuration mode to set the OSPF Authentication Type and Key for the specified interface. Use the no form of the command to return the authentication type to the default value. Syntax ip ospf authentication {none | {simple key} | {encrypt key key-id}} no ip ospf authentication • encrypt — MD5 encrypted authentication key. • key — Authentication key for the specified interface.
ip ospf cost Use the ip ospf cost command in Interface Configuration mode to configure the cost on an OSPF interface. Use the no form of the command to return the cost to the default value. Syntax ip ospf cost interface-cost no ip ospf cost • interface-cost — Specifies the cost (link-state metric) of the OSPF interface. (Range: 1–65535) Default Configuration 10 is the default link-state metric configuration. Command Mode Interface Configuration (VLAN) mode.
Default Configuration By default, LSAs are flooded on all interfaces in a routed VLAN. Command Mode Interface Configuration mode User Guidelines This command is only applicable to OSPFv2 routing configurations. ip ospf dead-interval Use the ip ospf dead-interval command in Interface Configuration to set the OSPF dead interval for the specified interface. Use the no form of the command to return the interval to the default value.
console(config-if-vlan1)#ip ospf dead-interval 30 ip ospf hello-interval Use the ip ospf hello-interval command in Interface Configuration mode to set the OSPF hello interval for the specified interface. Use the no form of the command to return the interval to the default value. Syntax ip ospf hello-interval seconds no ip ospf hello-interval • seconds — Number of seconds to wait before sending Hello packets from the interface. (Range: 1–65535) Default Configuration 10 is the default number of seconds.
Database Description packet is rejected and the OSPF adjacency is not established. Use the no form of the command to enable OSPF maximum transmission unit (MTU) mismatch detection. Syntax ip ospf mtu-ignore no ip ospf mtu-ignore Default Configuration This command has no default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example disables OSPF MTU mismatch detection on VLAN interface 15.
Default Configuration Interfaces operate in broadcast mode by default. Command Mode Interface Configuration (VLAN) mode. User Guidelines OSPF treats interfaces as broadcast interfaces by default. Loopback interfaces have a special loopback network type, which cannot be changed. When there are only two routers on the network, OSPF can operate more efficiently by treating the network as a point-to-point network.
Command Mode Interface Configuration (VLAN) mode. User Guidelines A value of 1 is the highest router priority. A value of 0 indicates that the interface is not eligible to become the designated router on this network. Example The following example sets the OSPF priority for the VLAN 15 router at 100.
Example The following example sets the OSPF retransmit Interval for VLAN 15 at 50 seconds. console(config-if-vlan1)#ip ospf retransmit-interval 50 ip ospf transmit-delay Use the ip ospf transmit-delay command in Interface Configuration mode to set the OSPF Transit Delay for the specified interface. Use the no form of the command to return the delay to the default value.
Use the no form of the command to disable state change logging. Syntax log-adjacency-changes [detail] no log-adjacency-changes [detail] • detail—(Optional) When this keyword is specified, all adjacency state changes are logged. Otherwise, OSPF only logs transitions to FULL state and when a backwards transition occurs. Default Configuration Adjacency changes are not logged by default. Command Mode OSPFv2 Router Configuration mode User Guidelines State changes are logged with INFORMATIONAL severity.
• metric—(Optional) Metric to send in summary LSAs when in stub router mode. Range is 1 to 16,777,215. Default is 16,711,680 (0xFF0000). Default Configuration By default, OSPF is not in stub router mode. Command Mode OSPFv2 Global Configuration mode User Guidelines When OSPF is in stub router mode, as defined by RFC 3137, OSPF sets the metric in the non-stub links in its router LSA to LsInfinity. Other routers therefore compute very long paths through the stub router, and prefer any alternate path.
may issue the command no max-metric router-lsa on-startup. The command no max-metric router-lsa summary-lsa causes OSPF to send summary LSAs with metrics computed using normal procedures defined in RFC 2328. maximum-paths Use the maximum-paths command in Router OSPF Configuration mode to set the number of paths that OSPF can report for a given destination. Use the no form of the command to reset the number to the default value.
Example The following example sets the number of paths at 2 that OSPF can report for a given destination. console(config-router)#maximum-paths 2 network area The network area command enables OSPFv2 on an interface and sets its area ID if the ip-address of an interface is covered by this network command. Use the “no” form of this command to disable OSPFv2 on an interface.
OSPF only advertises IP subnets for secondary IP addresses if the secondary address is within the range of a network area command for the same area as the primary address on the same interface. When a network area command is deleted, matching interfaces are reevaluated against all remaining network area commands. Ones in the wildcard mask indicate “don't care” bits in the network address. Example console(config-router)#network 10.50.50.0 0.0.0.
executes a graceful restart, it informs its neighbors that the OSPF control plane is restarting, but that it will be back shortly. Helpful neighbors continue to advertise to the rest of the network that they have full adjacencies with the restarting router, avoiding announcement of a topology change and everything that goes with that (i.e., flooding of LSAs, SPF runs). Helpful neighbors continue to forward packets through the restarting router.
nsf helper strict-lsa-checking Use the nsf-helper strict-lsa-checking command to require that an OSPF helpful neighbor exit helper mode whenever a topology change occurs. Use the “no” form of this command to allow OSPF to continue as a helpful neighbor in spite of topology changes. Syntax nsf [ietf] helper strict-lsa-checking no nsf [ietf] helper strict-lsa-checking • ietf —This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations.
Syntax nsf [ietf] restart-interval seconds no nsf [ietf] restart-interval • ietf — This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations. Since the IETF implementation is the only one supported, this keyword is optional. • seconds — The number of seconds that the restarting router asks its neighbors to wait before exiting helper mode. The restarting router includes the restart interval in its grace LSAs (range 1–1800 seconds).
Default Configuration Global passive mode is disabled by default. Command Mode Router OSPF Configuration mode. User Guidelines There are no user guidelines for this command. Example console(config-router)#passive-interface passive-interface Use the passive-interface command to set the interface as passive. It overrides the global passive mode that is currently effective on the interface. Use the “no” form of this command to set the interface as non-passive.
redistribute (OSPF) Use the redistribute command in Router OSPF Configuration mode to configure OSPF protocol to allow redistribution of routes from the specified source protocol/routers. Use the no version of the command to disable redistribution from the selected source or to reset options to their default values.
User Guidelines When redistributing a route metric, the receiving protocol must understand the metric. The OSPF metric is a cost value equal to 108/ link bandwidth in bits/sec. For example, the OSPF cost of GigabitEthernet is 108/108 = 1. The RIP metric is a hop count with a maximum value of 15 (infinity). If no metric value is specified, the metric redistributed for a type 1 route is the sum of the external cost and the internal cost used to reach that route.
User Guidelines The router-id must be set in order for OSPF to become operationally enabled. It is recommended that the router ID be set to the IP address of a loopback interface to ensure that the router remains up internally. Example The following example defines the router ID as 5.5.5.5. console(config)#router ospf console(config-router)#router-id 5.5.5.5 router ospf Use the router ospf command in Global Configuration mode to enter Router OSPF mode and globally enable OSPF.
The no form of the command removes all OSPF configuration (including interface configuration) for the specified VRF Example The following example enters into router OSPF mode. console(config)#router ospf console(config-router)# show ip ospf Use the show ip ospf command to display information relevant to the OSPF router. This command has been modified to show additional fields. Syntax show ip ospf [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates.
Some of the information below displays only if you enable OSPF and configure certain features. The following fields may be displayed: Field Description Router ID A 32-bit integer in dotted decimal format identifying the router about which information is displayed. This is a configured value. OSPF Admin Mode Shows whether OSPF is administratively enabled or disabled.
Default Passive Setting When enabled, OSPF interfaces are passive by default. Maximum Paths Shows the maximum number of paths that OSPF can report for a given destination. Default Metric Default metric for redistributed routes. Stub Router Configuration One of Always, Startup, or None. Stub Router Startup Time Configured value in seconds. This row is only listed if OSPF is configured to be a stub router at startup.
Stub Router Time The remaining time until OSPF exits stub router mode. This Remaining row is only listed if OSPF is in startup stub router mode. External LSDB Overflow OSPF enters this state when the number of external LSAs exceeds a configured limit, as described in RFC 1765. External LSA Count Shows the number of external (LS type 5) link-state advertisements in the link-state database.
NSF Restart Interval The number of seconds a helpful neighbor allows a restarting router to complete its graceful restart. NSF Restart Status Whether the router is currently performing a graceful restart. NSF Restart Age The number of seconds until a graceful restart expires. Only non-zero when the router is in graceful restart. NSF Restart Exit Reason The reason the previous graceful restart ended. Possible values are Not attempted, In progress, Completed, Timed out, Topology change, and Manual clear.
Maximum Paths............................ Default Metric........................... Default Metric........................... Stub Router Configuration................ Summary LSA Metric Override.............. 4 Not configured Not configured None Disabled BFD Enabled.............................. NO Default Route Advertise.................. Always................................... Metric................................... Metric Type..............................
Exit Overflow Interval......................... 0 Spf Delay Time................................. 5 Spf Hold Time.................................. 10 Flood Pacing Interval.......................... 33 ms LSA Refresh Group Pacing Time.................. 60 sec Opaque Capability.............................. Enable AutoCost Ref BW................................ 100 Mbps Default Passive Setting........................ Disabled Maximum Paths.................................. 4 Default Metric...................
Syntax show ip ospf abr [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned.
• vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned.
Translator Role................................ Candidate Translator Stability Interval.................. 2000 Translator State............................... Disabled Example #3 The following example shows the length of the area’s flood queue for LSAs waiting to be flooded within the area. console #show ip ospf area 1 AreaID......................................... External Routing............................... Spf Runs....................................... Area Border Router Count......................
User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100-ON/N3200ON series switches. Example console#show ip ospf asbr Type Router Id Cost Area ID ----INTRA INTRA ---------1.1.1.1 4.4.4.4 ---1 10 -------0.0.0.1 0.0.0.1 Next Hop Next Hop Intf ----------- ----------10.1.12.1 vlan10 10.1.24.
• summary — Display the LSA database summary information. • ls-id — Specifies the link state ID (LSID). (Range: IP address or an integer in the range of 0–4294967295) • adv-router — Display the LSAs that are restricted by the advertising router. To specify a router, enter the IP address of the router. • self-originate — Display the LSAs in that are self-originated. • opaque-area— Display the area opaque LSAs. • opaque-as— Display AS opaque LSAs. • opaque-link— Display link opaque LSAs.
Network Link States (Area 0.0.0.0) Link Id Adv Router Age Sequence Chksm Options Rtr Opt --------------- --------------- ----- -------- ------ ------- ----2.2.2.2 20.20.20.20 1165 80000005 f86d -E--O- Network Summary States (Area 0.0.0.0) Link Id Adv Router Age Sequence Chksm Options Rtr Opt --------------- --------------- ----- -------- ------ ------- ----5.2.0.0 0.0.0.0 1360 80000007 242e -----Summary ASBR States (Area 0.0.0.
show ip ospf database database-summary Use the show ip ospf database database-summary command to display the number of each type of LSA in the database for each area and for the router. The command also displays the total number of LSAs in the database. This command has been modified. Syntax show ip ospf database database-summary [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown.
Summary ASBR Shows Number of summary ASBR LSAs in the database. Type-7 Ext Shows Total number of Type-7 external LSAs in the database. SelfOriginated Type-7 Shows Total number of self originated AS external LSAs in the OSPFv3 link state database. Opaque Link Shows Number of opaque link LSAs in the database. Opaque Area Shows Number of opaque area LSAs in the database. Subtotal Shows Number of entries for the identified area. Opaque AS Shows Number of opaque AS LSAs in the database.
Type-7 Ext..................................... Opaque Link.................................... Opaque Area.................................... Type-5 Ext..................................... Self-Originated Type-5 Ext..................... Opaque AS...................................... Total.......................................... 0 0 0 0 0 0 0 show ip ospf interface Use the show ip ospf interface command to display the information for the VLAN or loopback interface.
Subnet Mask.................................... Secondary IP Address(es)....................... OSPF Admin Mode................................ OSPF Area ID................................... OSPF Network Type.............................. Router Priority................................ Retransmit Interval............................ Hello Interval................................. Dead Interval.................................. LSA Ack Interval............................... Iftransit Delay Interval........
show ip ospf interface brief Use the show ip ospf interface brief command to display brief information for the IFO object or virtual interface tables. Syntax show ip ospf interface brief [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. Default Configuration This command has no default configuration.
show ip ospf interface stats Use the show ip ospf interface stats command to display the statistics for a specific interface. The information is only displayed if OSPF is enabled. Syntax show ip ospf interface stats vlan vlan-id • vlan-id — Valid VLAN ID. Default Configuration This command has no default configuration. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Syntax show ip ospf lsa-group [vrf vrf-name] • vrf-name—The name of the VRF instance from which to display the selforiginated LSA groups. Default Configuration There are no self-originated LSA groups by default. Command Mode Privileged Exec mode, Global Configuration mode, and all sub-modes User Guidelines The following fields are displayed: Field Description Total selforiginated LSAs The number of LSAs the router is currently originating.
Pacing group limit: 400 Number of self-originated LSAs within each LSA group... Group Start Age 0 60 120 180 240 300 360 420 480 540 600 660 720 780 840 900 960 1020 1080 1140 1200 1260 Group End Age 59 119 179 239 299 359 419 479 539 599 659 719 779 839 899 959 1019 1079 1139 1199 1259 1319 Count 96 88 102 95 95 92 48 58 103 99 119 110 106 122 110 99 135 101 94 115 110 111 show ip ospf neighbor Use the show ip ospf neighbor command to display locally derived information about OSPF neighbors.
Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100-ON/N3200ON series switches. The following information is output. Field Description Interface The name of the interface on which the adjacency is formed.
Field Description Retransmission Queue Length The number of LSAs sent to the neighbor's retransmit queue waiting for the neighbor to acknowledge. Restart Helper Status One of two values: • Helping — This router is acting as a helpful neighbor to this neighbor. A helpful neighbor does not report an adjacency change during graceful restart, but continues to advertise the restarting router as a FULL adjacency.
Field Description Restart Helper Exit Reason One of the following values: • Restart Reason — When the router is in helpful neighbor mode, the output includes the restart reason the restarting router sent in its grace LSA. The Restart Reason is the value in the Graceful Restart Reason TLV in the grace LSA sent by the restarting router.
console#show ip ospf neighbor 3.3.3.3 Interface...................................... 0/25 Neighbor IP Address............................ 172.20.25.3 Interface Index................................ 25 Area Id........................................ 0.0.0.0 Options........................................ 0x2 Router Priority................................ 1 Dead timer due in (secs)....................... 10 Up Time........................................ 4 days 3 hrs 33 mins 36 secs State...................
The VRF parameter is only available on the N3000-ON/N3100-ON/N3200ON series switches. The following information is displayed. Field Description Prefix The summary prefix. Subnet Mask The subnetwork mask of the summary prefix. Type S (Summary Link) or E (External Link) Action Advertise or Suppress Cost Metric to be advertised when the range is active. If a static cost is not configured, the field displays Auto. If the action is Suppress, the field displays N/A.
Default Configuration This command has no default configuration. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100-ON/N3200ON series switches. This command outputs the following.
Example console# show ip ospf statistics Area 0.0.0.
User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100-ON/N3200ON series switches. Example The following example displays the OSPF stub table. console(config)#show ip ospf stub table AreaId TypeofService Metric Val Import SummaryLSA ------------- ------------0.0.0.
User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100-ON/N3200ON series switches. The clear ip ospf counters command does not clear the message queue high water marks. The following is output. Parameter Description OSPFv2 Packet Statistics The number of packets of each type sent and received since OSPF counters were last cleared.
LSAs Retransmitted................0 LS Update Max Receive Rate........20 pps LS Update Max Send Rate...........10 pps Number of LSAs Received T1 (Router).......................10 T2 (Network)......................0 T3 (Net Summary)..................300 T4 (ASBR Summary).................15 T5 (External).....................20 T7 (NSSA External)................0 T9 (Link Opaque)..................0 T10 (Area Opaque).................0 T11 (AS Opaque)...................0 Total.............................
Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100-ON/N3200ON series switches. OSPF must be enabled for this command to display the virtual interfaces. Example The following example displays the OSPF Virtual Interface information for area 10 and its neighbor.
Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines OSPF must be enabled for this command to display the virtual interface information. Example The following example displays the OSPF Virtual Interface information in the system. console#show ipv6 ospf virtual-link brief Hello Dead Retransmit Area ID Neighbor Interval Interval Interval ------- --------------- -------- ---------0.0.0.2 5.5.5.
User Guidelines OSPF distributes routing information in Link State Advertisements (LSAs), which are bundled into Link State Update (LS Update) packets. To reduce the likelihood of sending a neighbor more packets than it can buffer, OSPF rate limits the transmission of LS Update packets. By default, OSPF sends up to 30 updates per second on each interface (1/the pacing interval). Use this command to adjust the LS Update transmission rate.
Command History Command introduced in version 6.5 firmware. Example console(config-router6)#timers pacing lsa-group 90 timers spf Use the timers spf command to configure the SPF delay and hold time. Use the no form of the command to reset the numbers to the default value. Syntax timers spf delay-time hold-time no timers spf • delay-time — SPF delay time. (Range: 0–65535 seconds) • hold-time — SPF hold time. (Range: 0–65535 seconds) Default Configuration The default value for delay-time is 5.
OSPFv3 Commands Dell EMC Networking N2200-ON/N3000E-ON/N3100-ON/N3200-ON Series Switches The Dell Network N1500/N2000/N2100-ON series support limited routing and multicast capabilities. See the Users Configuration Guide section “Feature Limitations and Platform Constants” for supported capabilities. area default-cost (Router OSPFv3) Use the area default-cost command in Router OSPFv3 Configuration mode to configure the monetary default cost for the stub area.
console(config)#ipv6 router ospf console(config-rtr)#area 1 default-cost 100 area nssa (Router OSPFv3) Use the area nssa command in Router OSPF Configuration mode to configure the specified area ID to function as an NSSA. If the area has not been previously created, this command creates the area and then applies the NSSA distinction. If the area already exists, the NSSA distinction is added or modified. Use the no form of the command to remove the NSSA distinction from the area.
Default Configuration If no metric is defined, 10 is the default configuration. The default role is candidate. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures not-so-stubby-area 10 as an NSSA.
• metric — Metric value for default route. (Range: 1-16777214) • comparable — Metric Type (nssa-external 1). • non-comparable — Metric Type (nssa-external 2). Default Configuration If no metric is defined, 10 is the default configuration. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the default metric value for the default route advertised into the NSSA.
Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example configures the area 1 NSSA ABR so that learned external routes will not be redistributed to the NSSA. console(config)#ipv6 router ospf console(config-rtr)#area 1 nssa no-redistribute area nssa no-summary Use the area nssa no-summary command in Router OSPFv3 Configuration mode to configure the NSSA so that summary LSAs are not advertised into the NSSA.
console(config)#ipv6 router ospf console(config-rtr)#area 1 nssa no-summary area nssa translator-role Use the area nssa translator-role command in Router OSPFv3 Configuration mode to configure the translator role of the NSSA. Use the no form of the command to remove the configuration. Syntax area areaid nssa translator-role {always | candidate} no area areaid nssa translator-role • areaid — Valid OSPF area identifier.
area nssa translator-stab-intv Use the area nssa translator-stab-intv command in Router OSPFv3 Configuration mode to configure the translator stability interval of the NSSA. The stability interval is the period of time that an elected translator continues to perform its duties after it determines that its translator status has been deposed by another router. Syntax area areaid nssa translator-stab-intv seconds no area areaid nssa translator-stab-intv • areaid — Valid OSPF area identifier.
configured to summarize intra-area routes. An ABR advertises the range rather than the specific intra-area route as a type 3 summary LSA. Also, an area range can be configured at the edge of an NSSA to summarize external routes reachable within the NSSA. The range is advertised as a type 5 external LSA. Use the no form of the command to remove the summary prefix configuration for routes learned in the specified area.
area stub Use the area stub command in Router OSPFv3 Configuration mode to create a stub area for the specified area ID. If the area has not been previously created, this command creates the area and then applies the stub distinction. A stub area is characterized by the fact that AS External LSAs are not propagated into the area. Removing AS External LSAs and Summary LSAs can significantly reduce the size of the link state database of routers within the stub area.
Syntax area area-id stub no-summary no area area-id stub no-summary • area-id — Valid OSPFv3 area identifier. • so-summary — Disable the import of Summary LSAs for the stub area identified by area-id. Default Configuration This command has no default configuration. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example prevents Summary LSAs from being advertised into the area 1 NSSA.
no area area-id virtual-link router-id id [hello-interval] [retransmit-interval] [transmit-delay] [dead-interval] • area-id—Valid OSPFv3 area identifier (or decimal value in the range of 04294967295). • router-id—Identifies the Router ID or valid IP address of the neighbor. • hello-interval seconds—Number of seconds to wait before sending hello packets to the OSPF virtual interface.
User Guidelines This command has no user guidelines. Example The following example creates the OSPF virtual interface for area 1 and its neighbor router. console(config)#ipv6 router ospf console(config-rtr)#area 1 virtual-link 2 The following example configures a 20-second dead interval, a hello interval of 20 seconds, a retransmit interval of 20 seconds, and a 20-second transmit delay for the OSPF virtual interface on the virtual interface identified by area 1 and its neighbor.
User Guidelines This command has no user guidelines. Example The following example configures a 20-second dead interval for the OSPF virtual interface on the virtual interface identified by area 1 and its neighbor.
console(config-rtr)#area 1 virtual-link 2 hello-interval 20 area virtual-link retransmit-interval Use the area virtual-link retransmit-interval command in Router OSPFv3 Configuration mode to configure the retransmit interval for the OSPF virtual interface on the virtual interface identified by areaid and neighbor. Syntax area areaid virtual-link neighbor retransmit-interval seconds no area areaid virtual-link neighbor retransmit-interval • areaid — Valid OSPFv3 area identifier.
Syntax area areaid virtual-link neighbor transmit-delay seconds no area areaid virtual-link neighbor transmit-delay • areaid — Valid OSPFv3 area identifier. • neighbor — Router ID of neighbor. • seconds — Transmit delay interval. (Range: 0-3600) Default Configuration 1 is the default value for seconds. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines.
• always—Always advertise default routes. • metric-value— • type-value—The metric (or preference) value of the default route. (Range: 1–16777214) • One of the following: 1 External type-1 route. 2 External type-2 route. Default Configuration The default metric is none and the default type is 2. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines.
Default Configuration This command has no default configuration. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines. Example The following example sets a default of 100 for the metric of distributed routes. console(config)#ipv6 router ospf console(config-rtr)#default-metric 100 distance ospf The distance ospf command sets the preference values of OSPF route types in the router. Lower route preference values are preferred when determining the best route.
Router OSPFv3 Configuration mode. User Guidelines There are no user guidelines for this command. Example The following example sets a route preference value of 100 for intra OSPF in the router. console(config)#ipv6 router ospf console(config-rtr)#distance ospf intra 100 enable Use the enable command in Router OSPFv3 Configuration mode to enable administrative mode of OSPF in the router (active). Syntax enable no enable Default Configuration Disabled is the default state.
exit-overflow-interval Use the exit-overflow-interval command in Router OSPFv3 Configuration mode to configure the exit overflow interval for OSPF. It describes the number of seconds after entering Overflow state that a router will wait before attempting to leave the Overflow State. This allows the router to originate non-default AS-external-LSAs again. When set to 0, the router will not leave Overflow State until restarted.
non-default AS-external- LSAs in it database. The external LSDB limit MUST be set identically in all routers attached to the OSPF backbone and/or any regular OSPF area. Syntax external-lsdb-limit limit no external-lsdb-limit • limit — External LSDB limit for OSPF (Range: -1-2147483647) Default Configuration -1 is the default value for limit. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines.
Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode User Guidelines This command has no user guidelines. Example The following example enables OSPF on VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf ipv6 ospf area Use the ipv6 ospf area areaid command in Interface Configuration mode to set the OSPF area to which the specified router interface belongs.
console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf area 100 ipv6 ospf cost Use the ipv6 ospf cost command in Interface Configuration mode to configure the cost on an OSPF interface. Use the no form of the command to return the cost to the default value. Syntax ipv6 ospf cost interface-cost no ipv6 ospf cost • interface-cost — Specifies the cost (link-state metric) of the OSPF interface. (Range: 1–65535) Default Configuration 10 is the default link-state metric configuration.
no ipv6 ospf dead-interval • seconds — A valid positive integer, which represents the length of time in seconds that a router's Hello packets have not been seen before its neighbor routers declare that the router is down. The value for the length of time must be the same for all routers attached to a common network. This value should be some multiple of the Hello Interval (i.e. 4). (Range: 1-65535) Default Configuration 40 seconds is the default value of seconds.
Default Configuration 10 seconds is the default value of seconds. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode. User Guidelines This command has no user guidelines. Example The following example sets the OSPF hello interval at 15 seconds. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf hello-interval 15 ipv6 ospf mtu-ignore Use the ipv6 ospf mtu-ignore command in Interface Configuration mode to disable OSPF maximum transmission unit (MTU) mismatch detection.
the neighbor. By default, if the MTU is larger than the router can accept, the Database Description packet is rejected and the OSPF adjacency is not established. Example The following example disables OSPF maximum transmission unit (MTU) mismatch detection. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf mtu-ignore ipv6 ospf network Use the ipv6 ospf network command in Interface Configuration mode to change the default OSPF network type for the interface.
network type eliminates the overhead of the OSPF designated router election. It is normally not useful to set a tunnel to OSPF network type broadcast. Example The following example changes the default OSPF network type to point-topoint. console(config)#interface vlan 15 console(config-if-vlan15)#ipv6 ospf network point-to-point ipv6 ospf priority Use the ipv6 ospf priority command in Interface Configuration mode to set the OSPF priority for the specified router interface.
ipv6 ospf retransmit-interval Use the ipv6 ospf retransmit-interval command in Interface Configuration mode to set the OSPF retransmit interval for the specified interface. Syntax ipv6 ospf retransmit-interval seconds no ipv6 ospf retransmit-interval • seconds — The number of seconds between link-state advertisement retransmissions for adjacencies belonging to this router interface. This value is also used when retransmitting database description and link-state request packets.
• seconds — OSPF transmit delay for the specified interface. In addition, it sets the estimated number of seconds it takes to transmit a link state update packet over this interface. (Range: 1 to 3600 seconds) Default Configuration No default value. Command Mode Interface Configuration (VLAN, Tunnel, Loopback) mode. User Guidelines This command has no user guidelines. Example The following example sets the OSPF Transmit Delay at 100 seconds for VLAN 15.
User Guidelines This command has no user guidelines. Example Use the following command to enable OSPFv3. console(config)#ipv6 router ospf Command History Syntax to support VRFs added in version 6.7.0 firmware. maximum-paths Use the maximum-paths command in Router OSPFv3 Configuration mode to set the number of paths that OSPF can report for a given destination. Syntax maximum-paths maxpaths no maximum-paths • maxpaths — Number of paths that can be reported.
nsf Use this command to enable OSPF graceful restart. Use the no form of this command to disable graceful restart. Syntax nsf [ietf] [planned-only] no nsf [ietf] • ietf — This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations. Since the IETF implementation is the only one supported, this keyword is optional. • planned-only — This keyword indicates that OSPF should only perform a graceful restart when the restart is planned (i.e.
nsf helper Use the nsf-helper to allow OSPF to act as a helpful neighbor for a restarting router. Use the no form of this command to prevent OSPF from acting as a helpful neighbor. Syntax nsf helper[planned-only] no nsf helper • planned-only — This keyword indicates that OSPF should only help a restarting router performing a planned restart.
no nsf [ietf] helper strict-lsa-checking • ietf —This keyword is used to distinguish the IETF standard implementation of graceful restart from other implementations. Since the IETF implementation is the only one supported, this keyword is optional. Default Configuration A helpful neighbor exits helper mode when a topology change occurs. Command Mode Router OSPFv3 Configuration mode User Guidelines The restarting router is unable to react to topology changes.
• seconds — The number of seconds that the restarting router asks its neighbors to wait before exiting helper mode. The restarting router includes the restart interval in its grace LSAs (range 1–1800 seconds). Default Configuration The default restart interval is 120 seconds.
User Guidelines There are no user guidelines for this command. Example console(config-router)#passive-interface vlan 1 passive-interface default The passive-interface default command enables the global passive mode by default for all interfaces. It overrides any interface level passive mode. Use the “no” form of this command to disable the global passive mode by default for all interfaces. Any interface previously configured to be passive reverts to nonpassive mode.
Syntax redistribute protocol [metric metric-value] [tag tag-value] [route-map routetag] no redistribute protocol • protocol —One of the following: – static—Specifies that static routes are to be redistributed. – connected—Specifies that connected routes are to be redistributed. – bgp—Specifies BGP originated routes are to be redistributed. • metric-value — Metric value used for default routes. (Range: 0-16777214) • tag-value— Insert the specified tag value into redistributed routes.
router-id Use the router-id command in Router OSPFv3 Configuration mode to set a 4-digit dotted-decimal number uniquely identifying the Router OSPF ID. Syntax router-id router-id • router-id — Router OSPF identifier. (Range: 0-4294967295) Default Configuration This command has no default configuration. Command Mode Router OSPFv3 Configuration mode. User Guidelines This command has no user guidelines.
Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes, VRF Configuration User Guidelines Some of the information below displays only if you enable OSPF and configure certain features. The following fields may be displayed: Field Description Router ID A 32-bit integer in dotted decimal format identifying the router about which information is displayed. This is a configured value.
Metric Shows the metric for the advertised default routes. If the metric is not configured, this field is not configured. Metric Type Shows whether the metric for the default route is advertised as External Type 1 or External Type 2. Number of Active Areas The number of OSPF areas to which the router is attached on interfaces that are up. ABR Status Shows whether the router is an OSPF Area Border Router. ASBR Status Indicates whether the router is an autonomous system border router.
LSA High Water Mark The maximum number of LSAs that have been in the link state database since OSPF began operation. Retransmit List Entries The current number of entries on all neighbors’ retransmit lists. Maximum Number The maximum number of entries that can be on neighbors’ of Retransmit retransmit lists at any given time. This is the sum for all Entries neighbors.
Distribute-List Shows the access list used to filter redistributed routes. Example The following example enables OSPF traps. console#show ipv6 ospf Router ID...................................... OSPF Admin Mode................................ ASBR Mode...................................... ABR Status..................................... Exit Overflow Interval......................... External LSA Count............................. External LSA Checksum.......................... New LSAs Originated.......
Command Mode User Exec mode, Global Configuration mode and all Configuration submodes, VRF Configuration User Guidelines This command has no user guidelines. Example console#show ipv6 ospf abr Type Router Id Cost Area ID ---INTRA INTRA Next Hop Next Hop Intf -------- ---- -------- ----------------------- ----3.3.3.3 10 0.0.0.1 FE80::211:88FF:FE2A:3CB3 vlan11 4.4.4.4 10 0.0.0.1 FE80::210:18FF:FE82:8E1 vlan12 Command History Syntax to support VRFs added in version 6.7.0 firmware.
Example The following example displays information about area 1. console#show ipv6 ospf area 1 AreaID........................................ External Routing.............................. Spf Runs...................................... Area Border Router Count...................... Area LSA Count................................ Area LSA Checksum............................. Stub Mode..................................... Import Summary LSAs........................... 0.0.0.
---INTRA INTRA --------1.1.1.1 4.4.4.4 ---10 10 -------0.0.0.1 0.0.0.1 Intf ----------------------- ------FE80::213:C4FF:FEDB:6C41 vlan10 FE80::210:18FF:FE82:8E1 vlan12 Command History Syntax to support VRFs added in version 6.7.0 firmware. show ipv6 ospf border-routers Use the show ipv6 ospf command to display internal OSPFv3 routes to reach Area Border Routers (ABR) and Autonomous System Boundary Routers (ASBR). This command takes no options.
• area-id — Identifies a specific OSPF area for which link state database information will be displayed. • vrf-name — The name of an existing VRF instance. • external — Displays the external LSAs. • inter-area — Displays the inter-area LSAs. • link — Displays the link LSAs. • network — Displays the network LSAs. • nssa-external — Displays NSSA external LSAs. • prefix — Displays intra-area Prefix LSA. • router — Displays router LSAs.
Router Link States (Area 0.0.0.0) Adv Router Link Id Age Sequence Csum Options Rtr Opt -------------- --------------- ----- -------- ---- ------- ------1.1.1.1 0 4 80000034 54BD V6E--R- ----B 2.2.2.2 0 2 80000044 95A5 V6E--R- ----B Network Link States (Area 0.0.0.0) Adv Router Link Id Age Sequence Csum Options Rtr Opt -------------- --------------- ----- -------- ---- ------- ------2.2.2.2 636 636 80000001 8B0D V6E--RInter Network States (Area 0.0.0.
-------------- --------------- ----- -------- ---- ------- ------1.1.1.1 634 441 80000003 B877 V6E--R2.2.2.2 634 433 80000003 FE6E V6E--RIntra Prefix States Adv Router Link Id Age -------------- --------------- ----1.1.1.1 0 6 2.2.2.2 0 1 1.1.1.1 10634 434 (Area 0.0.0.1) Sequence Csum Options Rtr Opt -------- ---- ------- ------8000003A 37C4 8000004F 439A 80000002 440A Command History Syntax to support VRFs added in version 6.7.0 firmware.
OSPF Router with ID (0.0.0.2) Router database summary Router......................................... Network........................................ Inter-area Prefix.............................. Inter-area Router.............................. Type-7 Ext..................................... Link........................................... Intra-area Prefix.............................. Link Unknown................................... Area Unknown................................... AS Unknown................
User Guidelines This command has no user guidelines. Example The following example displays the information in VLAN 11’s virtual interface tables. console#show ipv6 ospf interface vlan 11 IP Address..................................... ifIndex........................................ OSPF Admin Mode................................ OSPF Area ID................................... Router Priority................................ Retransmit Interval............................ Hello Interval.....................
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes, VRF Configuration User Guidelines This command has no user guidelines. Example The following example displays brief ospf interface information. console#show ipv6 ospf interface brief Admin Interface Mode Area ID --------- -------- -------- Hello Dead Retrax LSA Router Int. Int. Int. Retrax Ack Prior. Cost Val. Val. Val.
User Guidelines This command has no user guidelines. Example The following example displays the interface statistics for VLAN 5. console>show ipv6 ospf interface stats vlan 5 OSPFv3 Area ID................................. 0.0.0.1 Spf Runs....................................... 265 Area Border Router Count....................... 1 AS Border Router Count......................... 0 Area LSA Count................................. 6 IPv6 Address...................................
Syntax show ipv6 ospf interface {vlan vlan-id | brief [vrf vrf-name]} • vlan-id — Valid VLAN ID. Range is 1-4093. • brief — Displays a snapshot of configured interfaces. • vrf-name — The name of an existing VRF instance. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes, VRF Configuration User Guidelines This command has no user guidelines.
show ipv6 ospf lsa-group Use this command to display the number of self-originated LSAs within each LSA group. Syntax show ipv6 ospf lsa-group [vrf vrf-name] • vrf-name — The name of an existing VRF instance. • Total self-originated LSAs — The number of LSAs the router is currently originating. • Average LSAs per group — The number of self-originated LSAs divided by the number of LSA groups.
240 300 360 420 480 540 600 660 720 780 840 900 960 1020 1080 1140 1200 1260 1320 1380 1440 1500 1560 1620 1680 1740 1800 1860 299 359 419 479 539 599 659 719 779 839 899 959 1019 1079 1139 1199 1259 1319 1379 1439 1499 1559 1619 1679 1739 1799 1859 1919 95 92 48 58 103 99 119 110 106 122 110 99 135 101 94 115 110 111 111 99 102 96 106 111 106 80 0 0 Command History Syntax to support VRFs added in version 6.7.0 firmware.
• neighbor-id—Valid IP address of the neighbor about which information is displayed. Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes, VRF Configuration User Guidelines This command has no user guidelines. Examples The following examples display information about OSPF neighbors, in the first case in a summary table, and in the second in a table specific to tunnel 1.
show ipv6 ospf range Use the show ipv6 ospf range command to display information about the area ranges for the specified area identifier. Syntax show ipv6 ospf range areaid [vrf vrf-name] • areaid — Identifies the OSPF area whose ranges are being displayed. • vrf-name — The name of an existing VRF instance. Default Configuration This command has no default configuration.
• vrf-name — The name of an existing VRF instance. Command Mode User Exec, Privileged Exec mode, VRF Configuration User Guidelines The command displays the following information with the most recent statistics displayed at the end of the table. • Delta T — The time since the routing table was computed. The time is in the format hours, minutes, and seconds (hh:mm:ss). • Intra — The time taken to compute intra-area routes, in milliseconds.
Area 0.0.0.0: SPF algorithm executed 10 times Delta T Intra 23:32:46 23:32:09 23:32:04 23:31:44 23:31:39 23:29:57 23:29:52 04:07:23 04:07:23 04:07:18 04:07:14 0 0 0 0 0 0 0 0 0 0 0 Summ 0 0 0 0 0 3 14 9 9 0 1 Ext 0 0 0 0 0 7 29 23 23 0 0 SPF Total 0 0 0 0 0 10 43 33 33 1 1 RIB Update 0 0 0 0 1 131 568 117 117 485 3 Reason R, IP R, N, IP R R, N, IP R R SN SN SN SN X Command History Syntax to support VRFs added in version 6.7.0 firmware.
Example The following example displays the OSPF stub table. console#show ipv6 ospf stub table AreaId TypeofService Metric Val ------------ ---------------------0.0.0.10 Normal 1 Import SummaryLSA ----------------Enable Command History Syntax to support VRFs added in version 6.7.0 firmware. show ipv6 ospf virtual-link Use the show ipv6 ospf virtual-link command to display the OSPF Virtual Interface information for a specific area and neighbor or for all areas in the system.
Example The following example displays the OSPF Virtual Interface information for area 1 and its neighbor. console#show ipv6 ospf virtual-link 1 1.1.1.1 Area ID........................................ Neighbor Router ID............................. Hello Interval................................. Dead Interval.................................. Iftransit Delay Interval....................... Retransmit Interval............................ State.......................................... Metric.................
console(config)#show ipv6 ospf virtual-link brief Hello Dead Retransmit Transit Area ID Neighbor Interval Interval Interval Delay ----------- ----------- ---------- ---------- ---------- -------- Command History Syntax to support VRFs added in version 6.7.0 firmware. timers throttle spf Use the timers throttle spf command to throttle the link-state-packets. Use the no form of the command to return the configured parameters to their default values.
User Guidelines The timers throttle command throttles the generation of link-state packets (LSPs). Receipt of an LSP will initiate an SPF calculation in the router. LSP throttling reduces route flapping and the load on other OSPF routers in the network. The initial wait interval is set to the value of spf-hold. If an SPF calculation is not initiated during the current wait interval, the next SPF calculation is scheduled spf-start milliseconds later.
IPv6 Policy-Based Routing Commands Dell EMC Networking N3000E/N3100E-ON/N3200-ON Series Switches Use IPv6 Policy-Based Routing commands to configure and view policy-based routing for IPv6. ipv6 policy route-map Use this command to identify a route map to use for policy-based IPv6 routing on an interface. Syntax ipv6 policy route-map route-map-name no ipv6 policy route-map route-map-name • route-map-name—The name of the route map to use for policy-based routing.
the entire sequence of route-maps needs to be removed from the interface and added back again in order to have the changed route-map configuration be effective. If the administrator removes match or set terms in a route-map intermittently, the counters corresponding to the removed match term are reset to zero. A route-map statement must contain eligible match/set conditions for policy based routing in order to be applied to hardware.
match ipv6 address Use this command to specify IPv6 address match criteria for a route map. Use the no form of this command to delete a match statement from a route map. Syntax match ip address access-list-name [access-list-name] no match ip address access-list-name [access-list-name] • access-list-name—The access-list name that identifies the named IPv6 ACL. The name can be up to 31 characters in length. Default Configuration This command has no default configuration.
• Route maps do not have a implicit deny all at the end of the list. Instead, non-matching packets for a permit route map use the routing table. Command History Command introduced in version 6.6 firmware. Example The following sequence shows how to create a route-mao with a match clause using an IPv6 ACL and applies the route map to an interface. This example presumes VLAN 10 is already created and ipv6 routing is globally enabled.
• vlan-id—The VLAN over which the IPv6 link-local address may be reached. • link-local-address—The IPv6 link-local address of the adjacent router. Default Configuration This command has no default configuration. Command Mode Route Map mode. User Guidelines The set ipv6 next-hop command affects all incoming packet types and is always used if configured and the next hop is resolved. A check is made periodically to see if the next-hop is resolved.
• ipv6-address—The IPv6 address of the next hop to which packets are routed. It must be the address of an adjacent router (for example, the next hop must be in a subnet configured on the local router). A maximum of 16 next-hop IPv6 addresses can be specified. • vlan-id—The VLAN over which the IPv6 link-local address may be reached. • link-local-address—The IPv6 link-local address of the adjacent router. Default Configuration This command has no default configuration. Command Mode Route Map mode.
no set ipv6 precedence 0-7 Parameter Description 0 Sets the routine precedence. 1 Sets the priority precedence. 2 Sets the immediate precedence. 3 Sets the Flash precedence. 4 Sets the Flash override precedence. 5 Sets the critical precedence. 6 Sets the internetwork control precedence. 7 Sets the network control precedence. Default Configuration This command has no default configuration. Command Mode Route Map mode.
Syntax show ipv6 policy Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all sub-modes. User Guidelines This command has no user guidelines. Command History Command introduced in version 6.6 firmware.
Router Discovery Protocol Commands Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series Switches Routers can be configured to periodically send router discovery messages to announce their presence to locally attached hosts. The router discovery message advertises one or more IP addresses on the router that hosts can use as their default gateway.
• minadvertinterval seconds—Minimum time in seconds allowed between sending router advertisements from the interface. (Range: 3 to value of maximum advertisement interval in seconds) • preference number—Preference of the address as a default router address, relative to other router addresses on the same subnet. (Range: 2147483648 to 2147483647) • address address—IP address for router discovery advertisements. (Range: 224.0.0.1 [all-hosts IP multicast address] or 255.255.255.
Syntax ip irdp holdtime integer no ip irdp holdtime • integer — Integer value in seconds of the holdtime field of the router advertisement sent from this interface. The holdtime must be no less than the maximum advertisement interval and cannot be greater than 9000 seconds. Default Configuration The holdtime defaults to 3 times the maximum advertisement interval. Command Mode Interface Configuration (VLAN) mode.
• integer — Maximum time in seconds allowed between sending router advertisements from the interface. (Range: 4 or the minimum advertisement interval, whichever is greater, and 1800 seconds) Default Configuration 600 seconds is the default value. Command Mode Interface Configuration (VLAN) mode. User Guidelines The default values of the minimum advertisement interval and the holdtime depend on the value of the maximum advertisement interval.
no ip irdp minadvertinterval • integer — Minimum time in seconds allowed between sending router advertisements from the interface. (Range: 3 to value of maximum advertisement interval in seconds) Default Configuration The default value is 0.75 times the maximum advertisement interval. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example sets minimum advertisement interval at 100 seconds for VLAN 15.
Command Mode Interface Configuration (VLAN) mode User Guidelines If a subnet includes any hosts that do not accept IP multicast packets, send router advertisements to the limited broadcast address.
Example The following example sets the ip irdp preference to 1000 for VLAN 15. console(config)#interface vlan 15 console(config-if-vlan15)#ip irdp preference 1000 show ip irdp Use the show ip irdp command to display the router discovery information for all interfaces, or for a specified interface. Syntax show ip irdp [vlan vlan-id ] • vlan-id — Valid VLAN ID Default Configuration This command has no default configuration.
Routing Information Protocol Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000EON/N3100-ON/N3200-ON Series Switches The Routing Information Protocol (RIP) has been a long-standing protocol used by routers for exchanging route information. RIP is a distance vector protocol whereby each route is characterized by the number of gateways, or hops, a packet must traverse to reach its intended destination.
Example console(config-router)#auto-summary default-information originate (Router RIP Configuration) Use the default-information originate command in Router RIP Configuration mode to control the advertisement of default routes. Syntax default-information originate no default-information originate Default Configuration The default configuration is no default-information originate. Command Mode Router RIP Configuration mode.
• number-value — Metric for the distributed routes. (Range: 1-15) Default Configuration Default metric is not configured by default. Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines. Example The following example sets a default of 12 for the metric of distributed routes. console(config-router)#default-metric 12 distance rip Use the distance rip command in Router RIP Configuration mode to set the route preference value of RIP in the router.
User Guidelines This command has no user guidelines. Example The following example sets the route preference value of RIP in the router at 100. console(config-router)#distance rip 100 distribute-list out Use the distribute-list out command in Router RIP Configuration mode to specify the access list to filter routes received from the source protocol. Use the no form of the command to remove the access list from the specified source protocol.
User Guidelines The access list has an implicit deny all, so it is advisable to have a permit statement somewhere on the access list. The BGP parameter is only available in firmware versions enabled for BGP. Example The following example elects access list ACL40 to filter routes received from the source protocol. console(config-router)#distribute-list ACL40 out static enable Use the enable command in Router RIP Configuration mode to reset the default administrative mode of RIP in the router (active).
hostroutesaccept Use the hostroutesaccept command in Router RIP Configuration mode to enable the RIP hostroutesaccept mode. Use the no form of the command to disable the RIP hostroutesaccept mode. Syntax hostroutesaccept no hostroutesaccept Default Configuration Enabled is the default configuration. Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines.
Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example console(config-if-vlan2)#ip rip console(config-if-vlan2)#no ip rip ip rip authentication Use the ip rip authentication command in Interface Configuration Mode to set the RIP Version 2 Authentication Type and Key for the specified VLAN. Use the no form of the command to return the authentication to the default value.
Example The following example sets the RIP Version 2 Authentication Type and Key for VLAN 11. console(config-if-vlan11)#ip rip authentication encrypt pass123 35 ip rip receive version Use the ip rip receive version command in Interface Configuration mode to configure the interface to allow RIP control packets of the specified version(s) to be received. Use the no form of the command to return the version to the default value.
ip rip send version Use the ip rip sent version command in Interface Configuration mode to configure the interface to allow RIP control packets of the specified version to be sent. Use the no form of the command to return the version to the default value. Syntax ip rip send version {rip1 | rip1c | rip2 | none} no ip rip send version • rip1 — Send RIP version 1 formatted packets. • rip1c — Send RIP version 1 compatibility mode, which sends RIP version 2 formatted packets via broadcast.
Syntax redistribute ospf [metric integer] [match [internal] [external 1] [external 2] [nssa-external 1] [nssa-external 2]] no redistribute [ospf | bgp | static | connected] redistribute {bgp | connected | static} [metric integer] • metric integer — Specifies the metric to use when redistributing the route. Range: 0-15. • match internal — Adds internal matches to any match types presently being redistributed.
Dell EMC Networking RIP does not support sending a tag value. Redistribution of BGP-originated routes is only available on BGP-enabled routers. Redistribution of BGP-originated routes into RIP is not recommended. Example console(config-router)#redistribute ospf metric 10 match nssa-external 1 console(config-router)#redistribute connected metric 1 router rip Use the router rip command in Global Configuration mode to enter Router RIP mode.
Syntax show ip rip Default Configuration The command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays information relevant to the RIP router. console#show ip rip RIP Admin Mode................................. Split Horizon Mode............................. Auto Summary Mode.............................. Host Routes Accept Mode..............
Syntax show ip rip interface vlan vlan-id • vlan-id — Valid VLAN ID. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays information related to the VLAN 15 RIP interface. console#show ip rip interface vlan 15 Interface...................................... IP Address.....................................
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays general information for each RIP interface. console#show ip rip interface brief Send Receive Interface IP Address Version Version ---------- ----------------- ----------vlan1 0.0.0.0 RIP-2 Both vlan2 0.0.0.
Command Mode Router RIP Configuration mode. User Guidelines This command has no user guidelines. Example The following example does not use split horizon.
Tunnel Interface Commands Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series Switches Dell EMC Networking provides for the creation, deletion, and management of tunnel interfaces. They are dynamic interfaces that are created and deleted by user configuration. Tunnel interfaces are used for the following purposes. • IPv4 tunnels • IPv6 tunnels Each router interface (port or VLAN interface) may have associated tunnel interfaces. Each interface can have multiple tunnel interfaces.
Default Configuration This command has no default configuration. Command Mode Global Configuration mode. User Guidelines This command has no user guidelines. Example The following example enables the interface configuration mode for tunnel 1. console(config)#interface tunnel 1 console(config-if-tunnel1)# show interfaces tunnel Use the show interfaces tunnel command to display the parameters related to tunnel such as tunnel mode, tunnel source address and tunnel destination address.
Examples The following examples show the parameters related to an individual tunnel and to all tunnel interfaces. console#show interfaces tunnel 1 Interface Link Status.......................... down MTU size....................................... 1480 bytes console#show interfaces tunnel TunnelId Interface TunnelMode ------------------------1 tunnel 1 IPv6OVER4 2 tunnel 2 IPv6OVER4 SourceAddress ------------10.254.25.14 DestinationAddress ---------------10.254.25.10 10.254.20.
tunnel mode ipv6ip Use the tunnel mode ipv6ip command in Interface Configuration mode to specify the mode of the tunnel. Syntax tunnel mode ipv6ip [6to4] no tunnel mode • 6to4 — Sets the tunnel mode to automatic. Default Configuration This command has no default configuration. Command Mode Interface Configuration (Tunnel) mode. User Guidelines This command has no user guidelines. Example The following example specifies ipv6ip mode for tunnel 1.
• interface-type—Valid interface type. VLAN is the only type supported. • interface-number—Valid interface number. Default Configuration This command has no default configuration. Command Mode Interface Configuration (Tunnel) mode. User Guidelines This command has no user guidelines. Example The following example specifies VLAN 11 as the source transport address of the tunnel.
Unicast Reverse Path Forwarding Commands Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series Switches Unicast Reverse Path Forwarding (uRPF) is a powerful security tool that helps limit the problems that are caused by malformed or spoofed IP source addresses by discarding IP packets that lack a verifiable IP source address. For example, DoS attacks like Smurf and Tribe Flood Network (TFN) forge or rapidly change source IP addresses to cause a flood of useless packets that choke the network.
Command Mode Global Configuration mode User Guidelines This command enables the uRPF feature in hardware. When the uRPF check is enabled, the route table is checked for source and destination IP match in parallel. For this reason, the route table capacity is reduced once this feature is enabled. A message to this effect is displayed to the user. This command enables the mode for both v4 and v6.
Unicast RPF strict mode may be used on interfaces for which all packets received on an interface are guaranteed to originate from the subnet assigned to the interface. For example, a subnet composed only of end stations fulfills this requirement. Likewise, an access layer network or a branch office where there is only one path into and out of the network meets the requirement. In general, uRPF should be deployed on the downstream interfaces, preferably at the edge of the network.
When allow-default is set in loose mode (any), if the source IP address is not found but a default route is present in the table, the uRPF check will pass. When allow-default is set in strict mode (rx), it will prevent the incoming packet's source IP address to have a route out of a different interface than received. The strict mode option with the default route is used typically on the upstream interface. Default Configuration By default uRPF checking is disabled on interfaces.
console(config-Gi10/7)#ip verify unicast source reachable-via rx console(config-Gi10/7)#no ip verify unicast source reachable-via Layer 3 Routing Commands 1906
Virtual Router Commands Dell EMC Networking N3000E-ON/N3100-ON/N3200-ON Series Switches Dell EMC Networking VRF is an implementation of Virtual Routing and Forwarding (VRF). Virtual Routing and Forwarding allows multiple independent instances for the forwarding plane to exist simultaneously. This allows the administrator to segment the network without incurring the costs of multiple routers. Each VRF operates as an independent VPN. The IP addresses assigned to each VPN may overlap.
console(config-vlan100-109)#exit 3 Assign the VLAN to an interface. console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#switchport access vlan 100 console(config-if-Gi1/0/1)#exit 4 Create the VRF and enable routing. console(config)#ip vrf red console(config-vrf-red)#ip routing console(config-vrf-red)#exit 5 Assign IP addresses to the interfaces. console(config)#interface vlan 100 console(config-if-vlan100)#ip address 192.168.0.1 /24 6 Put the VLAN interface into the VRF.
• text—Descriptive text. Enclose the description in quotes if embedded blanks are desired. Default Configuration No descriptive text is assigned. Command Mode Virtual Router Configuration User Guidelines There are no user guidelines for this command. Example The following example shows the assignment of descriptive text to a VRF.
Default Configuration A single global VRF is created when routing is enabled. Command Mode Global Configuration mode User Guidelines This command is only available on the N3000-ON/N3100-ON/N3200-ON switches. Up to 12 VRFs may be configured on the N3000-ON, N3100-ON, and N3200ON. If sufficient resources requested by the VRF instance, such as routes, are not available to create the router instance, a warning is shown and the VRF is not created.
• vrf-name—The name of the VRF with which to associate the interface. Default Configuration All interfaces are members of the global routing instance. Command Mode Interface (VLAN) Configuration mode, Interface Range (VLAN) Configuration mode, Interface (Loopback) Configuration mode User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. This command is only available on the N3000-ON/N3100-ON/N3200-ON switches.
maximum routes This command reserves the number of routes allowed and sets the maximum limit on the number of routes for a virtual router instance in the total routing table space for the router, provided there is enough free space in the router’s total routing table. Syntax maximum routes {limit | warn threshold} no maximum routes [warn] • limit—Reserve this number of routes for the VRF instance.
Example The following example reserves 100 routes for VRF Red. console(config)#ip vrf Red console(config-vrf-Red)#ip routing console(config-vrf-Red)#maximum routes 100 console(config-vrf-Red)#exit show ip vrf This command shows the interfaces associated with a VRF instance. Syntax show ip vrf [interfaces] show ip vrf [vrf-name] [detail] • interfaces—Displays the interfaces associated with the VRF. • vrf-name—The name of the VRF for which information is displayed.
Example console(config)#show ip vrf Number of VRs.........3 Name Identifier Route Distinguisher --------- -------------- ------------------Red 2 2:200 Blue 4 4:400 Green 3 3:300 console(config)#show ip vrf Red detail VRF Identifier.................... Description....................... Route Distinguisher............... Maximum Routes.................... Warning-only...................... 1 Test network 2:200 512 TRUE Route table size.................. 2 Number of interfaces..............
• vrf-name—The name of the VRF for which information is displayed. If no VRF is specified, all VRFs are shown. The VRF name must match the configured VRF name exactly, including capitalization. • detail—Displays detailed information regarding the VRF. Default Configuration There are no IPv6 VRFs by default. Command Mode User Exec mode, Privileged Exec mode, and all show modes User Guidelines The VRF identified in the parameter must have been previously created, or an error is returned.
Virtual Router Redundancy Protocol Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON/N3200-ON Series Switches An end station running IP needs to know the address of its first hop router. While some network administrators choose to install dynamic router discovery protocols such as DHCP, others prefer to statically allocate router addresses. If the router identified by such a statically allocated address goes down, the end station loses connectivity.
RFC defines a new configuration option that allows the router to accept any packet sent to a VRRP address, regardless of whether the VRRP Primary is the address owner. The Pingable VRRP Interface feature, when enabled, allows the VRRP primary to respond to both fragmented and unfragmented ICMP echo requests packets destined to a VRRP address (or addresses). A virtual router in backup state discards these.
Interface Tracking For interface tracking, VRRP is a routing event client. When a routing interface goes up or down (or routing is disabled globally, implying all routing interfaces are down), VRRP checks if the interface is tracked. If so, it adjusts the priority. Interface tracking is useful for tracking interfaces that are not configured for VRRP. Only IP interfaces are tracked. Route Tracking The network operator may perform this task to track the reachability of an IP route.
User Guidelines This command has no user guidelines. Example The following example enables VRRP protocol on the router. console(config)#ip vrrp vrrp accept-mode Use the vrrp accept-mode command in Interface (VLAN) Configuration mode to enable the VRRP Primary to accept ping packets sent to one of the virtual router’s IP addresses from an external device. Use the no form of the command to disable responding to ping packets.
Syntax vrrp group authentication {none | simple key} no vrrp group authentication • group—The virtual router identifier. (Range: 1-255) • none—Indicates authentication type is none. • simple—Authentication type is a simple text password. • key—The key for simple authentication. (Range: String values) Default Configuration None is the default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines.
Default Configuration No description is present. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command accepts any printable characters for the name other than a question mark. Descriptions containing spaces must be enclosed in quotes. Example The following example creates virtual router group 5 on VLAN 15 and configures its description.
Command Mode Interface Configuration (VLAN) mode. User Guidelines The virtual router IP addresses must be a valid host address on the local subnet based on the IP address and subnet mask configured on the VLAN interface. The VRRP IP address cannot be either the broadcast address or a network address. To configure vrrp, perform the following steps: 1 Enable ip routing in global configuration mode. 2 Enable ip vrrp globally. 3 Set an IP address on the desired interface where VRRP is to be configured.
• vr-id — The virtual router identifier. (Range: 1-255) Default Configuration Disabled is the default configuration. Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example enables the virtual router for VLAN 15.
User Guidelines As per the VRRP RFC, when preemption is enabled, the backup router discards the advertisements until the primary-downtimer starts. This feature requires immediate sending of advertisements when the preemption case occurs and the delay is 0. This is a violation according to the RFC 3768. Delay, if configured, will cause the VRRP router to wait the specified number of seconds before issuing an advertisement claiming primary ownership.
User Guidelines The VRRP router with the highest numerical value for priority will become the VR primary. When the VRRP priorities are equal, the router with the numerically highest IP address will win the election and become primary. If the VRRP router is the owner of the VR IP address, its priority will be 255, and this value cannot be changed. Example The following example sets the priority value for the virtual router 5 on VLAN 15.
Example The following example sets the frequency at which the VLAN 15 virtual router 5 sends a virtual router advertisement. console(config-if-vlan15)#vrrp 5 timers advertise 10 vrrp timers learn Use the vrrp timers learn command in Interface Configuration mode to configure the router, when it is acting as backup virtual router for a Virtual Router Redundancy Protocol (VRRP) group, to learn the advertisement interval used by the primary virtual router.
vrrp track interface Use the vrrp track interface command in Interface Configuration mode to alter the priority of the VRRP router based on the availability of its interfaces. It is useful for tracking interfaces that are not configured for VRRP. Only routing interfaces may be tracked. A tracked interface is up if routing on that interface is up. Otherwise, the tracked interface is down.
Command Mode Interface Configuration (VLAN) mode. User Guidelines This command has no user guidelines. Example The following example adds VLAN 2 to the virtual router tracked list (with a priority decrement value of 20.) (config-if-vlan10)#vrrp 1 track interface vlan 2 decrement 20 vrrp track ip route Use the vrrp track ip route command to track the route reachability. When the tracked route is deleted, the priority of the VRRP router is decremented by the value specified in the priority argument.
Default Configuration There are no routes tracked by default. The default decrement priority is 10. Command Mode Interface Configuration (VLAN) mode. User Guidelines There are no user guidelines for this command. Example The following example adds the route 2.2.2.0/24 to the virtual router tracked list (with a priority decrement value of 20). console(config-if-vlan10)#vrrp 1 track ip route 2.2.2.
User Guidelines This command has no user guidelines. Example The following example displays detailed VRRP status. console# show vrrp Admin Mode..................................... Router Checksum Errors......................... Router Version Errors.......................... Router VRID Errors............................. Vlan 7 – Group 1 Primary IP Address............................. VMAC Address................................... Authentication Type............................ Priority.................
Track Track Track Track Track Track Interface................................ Interface State ......................... Interface DecrementPriority ............. Route (pfx/len) ......................... Route Reachable ......................... Route DecrementPriority ................. vlan 3 Down 20 10.10.10.0/24 False 20 console#show vrrp brief Interface Grp Prio IP Address Mode State --------- --- ---- -------------- ------ -----------V1 1 2 60 0.0.0.0 Disable Initialize V1 2 5 70 192.168.5.
Example The following example displays all configuration information about the VLAN 15 virtual router. console#show vrrp interface vlan 15 Vlan 7 – Group 1 Primary IP Address........................... 192.168.5.55 VMAC Address................................ 0000.5E00.0101 Authentication Type............................ None Priority....................................... 100 Configured Priority............................ 100 Advertisement Interval (secs).................. 10 Accept Mode..................
Virtual Router Redundancy Protocol v3 Commands Dell EMC Networking N1500/N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON/N3200-ON Series Switches VRRPv3 provides address redundancy for both IPv4 and IPv6 router addresses. VRRPv3 support is similar to VRRP support. Table 6-3 provides a summary of the differences. Table 6-3. VRRPv2 and VRRPv3 Differences VRRPv2 VRRPv3 Supports redundancy to IPv4 addresses. Supports redundancy to IPv4 and IPv6 addresses. Supports authentication.
fhrp version vrrp v3 Use the fhrp version vrrp v3 command to enable Virtual Router Redundancy Protocol version 3 (VRRPv3) configuration on the switch. To disable the VRRPv3 and possibly enable VRRPv2, use the no form of this command. Syntax fhrp version vrrp v3 no fhrp version vrrp v3 Default Configuration VRRPv3 is not enabled by default.
Syntax vrrp group-id address-family {ipv4 | ipv6} no vrrp group-id address-family {ipv4 | ipv6} • group-id—Virtual router group number. The range is from 1 to 255. • address-family—Specifies the address-family for this VRRP group. • ipv4—(Optional) Specifies IPv4 address. • ipv6—(Optional) Specifies IPv6 address. Default Configuration This command has no default configuration.
• ipv6—(Optional) Indicates the Virtual router group belongs to the IPv6 address family. • vlan vlan-id—(Optional) Indicates the VLAN number to which the Virtual router belongs. • vr-id—(Optional) VRRPv3 Virtual router group number. The range is from 1 to 255. Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
V3 Down 222 Track Route(pfx/len) --------------------14.14.14.0/24 Reachable --------True Decrement-Priority -----------------14 accept-mode Use this command to control whether a virtual router in primary state will accept packets addressed to the address owner’s Virtual IP address as its own if it is not the Virtual IP address owner. By default this mode is disabled. To disable this function, use the no form of this command.
preempt Use this command to configure the virtual router to preemptively take over as primary virtual router for a Virtual Router Redundancy Protocol version 3 (VRRPv3) group if it has higher priority than the current primary virtual router. To disable preemption, use the no form of the command. Syntax preempt [delay minimum centiseconds] no preempt • delay minimum centiseconds—(Optional) Number of seconds that the device will delay before issuing an advertisement claiming primary ownership.
priority Use this command to set the priority level of the device within a Virtual Router Redundancy Protocol version 3 (VRRPv3) group. The priority level controls which device becomes the primary virtual router. To set the priority to the default, use the no form of this command. Syntax priority level no priority • level—Priority of the device within the VRRP group. The range is from 1 to 254. Default Configuration The default priority is 100.
timers advertise Use this command to configure the interval between successive advertisements by the primary virtual router in a Virtual Router Redundancy Protocol version 3 (VRRPv3) group. To restore the default value, use the no form of this command. Syntax timers advertise centiseconds no timers advertise • centiseconds—Time interval between successive advertisements by the primary virtual router. The unit of the interval is in centiseconds. The valid range is 1 to 4095 centiseconds.
console(config-if-vrrp)#timers advertise 50 shutdown Use the shutdown command to disable a Virtual Router Redundancy Protocol version 3 (VRRPv3) group configuration. Syntax shutdown no shutdown Default Configuration VRRPv3 Groups are disabled by default. Command Mode VRRPv3 Group Configuration mode User Guidelines Use the no shutdown command to update the virtual router state after completing configuration. Command History Command introduced in version 6.6 firmware.
no address ip-address secondary • ip-address—IPv4 or IPv6 address, it can be specified in one of the following formats: ipv4-address, ipv6-link-local-address, ipv6address/prefix-len. • primary—(Optional) Set primary IP address of the VRRPv3 group. • secondary—(Optional) Set additional IP address of the VRRPv3 group. Default Configuration No address is configured by default. If the primary or secondary option is not specified, the primary IP address is set.
console(config)#fhrp version vrrp v3 console(config)#interface gi1/0/1 console(config-if-Gi1/0/1)#vrrp group 1 address-family ipv4 console(config-if-vrrp)# address 101.1.0.10 primary console(config-if-vrrp)#no shutdown track interface Use this command to configure tracking of an IP interface for the device within a Virtual Router Redundancy Protocol version 3 (VRRPv3) group. To disable interface tracking, use the no form of the command.
decrease the priority of the device within the VRRPv3 group when the BFD session goes down. Similarly, the priority is increased when the BFD session comes up. The default decrement is 10. The overall state of a track object is only when both the interface and BFD session are up. The increment and decrement is performed based on the overall state of the track object. Command History Command introduced in version 6.6 firmware. BFD tracking introduced in version 6.7.0 firmware.
User Guidelines Once interface tracking is enabled, the VRRPv3 feature receives notifications when an interface changes state. The decrement option decreases the priority of the switch within a VRRPv3 group by the specified value when an interface goes down. Command History Command introduced in version 6.6 firmware.
User Guidelines If the clear vrrp statistics command is issued without the optional arguments, then the global statistics for all virtual routers (both IPv4 and IPv6) are reset. If the optional arguments are specified, the statistics are reset for the virtual router corresponding to the given (IP address family, interface and VR-ID) combination. Command History Command introduced in version 6.6 firmware.
Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines If the show vrrp statistics command is issued without the optional arguments, then the global statistics are displayed. If the optional arguments are specified, the statistics are displayed for the virtual router corresponding to the given (IP address family, interface and VRID) combination. Command History Command introduced in version 6.6 firmware.
Layer 3 Routing Commands 1948
Switch Management Commands 7 Switch management commands are applicable to all Dell EMC Networking.
Application Deployment This section contains commands to manage Dell-supplied or end-user generated applications. application install Use the application install command to install or remove an application. Syntax application install filename [start-on-boot] [auto-restart] [cpu-sharing percent] [max-megabytes max-megabytes] no application install filename • • • • • filename — Name of the file containing the executable or script that is started as a Linux process for the application.
Command Mode Global Configuration User Guidelines Application names may be up to 16 characters in length. The name specified in the application-name parameter must match the filename output of the show application command exactly. Application names are case sensitive. Command History Introduced in version 6.3.0.1 firmware. Example console(config)#no application install support-assist This action will terminate the support-assist agent and remove it permanently from the switch.
Application names may be up to 16 characters in length. The name specified in the application-name parameter must match the filename output of the show application command exactly. Application names are case sensitive. Example console#application start support-assist Command History Introduced in version 6.3.0.1 firmware. Example added in the 6.4 release. application stop Use the application stop command to stop an application if the application is executing on the management unit in the stack.
Command History Introduced in version 6.3.0.1 firmware. Example console#application stop support-assist This action will terminate the support-assist agent. Are you sure you wish to continue (Y/N): show application Use the show application command to display installed applications and optionally display application files. Syntax show application [files] • files — Displays the files present in the application directory of the switch’s file system. These applications may or may not be installed.
Max-CPU-Util Configured application CPU utilization limit expressed as a percentage. “None” if unlimited. Max-memory Configured application memory limit in megabytes. “None” if unlimited. The show application files command format displays the following information: Parameter Definition filename Name of the application file. File size Number of bytes the file occupies in the file system. Directory Size Number of bytes for all the files in the application directory.
Auto-Install Commands Auto-Install provides automatic update of the image and configuration of Dell EMC Networking devices on boot up from a TFTP server as controlled by received DHCP options. It plays a critical role in the Dell EMC Networking offering of touchless or low-touch provisioning, in which configuration and imaging of a device is greatly simplified. This is highly desirable as device can be setup with minimum interaction from a skilled technician.
boot auto-copy-sw Use the boot auto-copy-sw command to enable or disable Stack Firmware Synchronization. Use the no form of the command to disable Stack Firmware Synchronization. Syntax boot auto-copy-sw no boot auto-copy-sw Default Configuration Stack firmware synchronization is disabled by default. Command Mode Global Config User Guidelines The configuration on the primary switch controls the stack as if it is a single switch.
Command Mode Global Configuration User Guidelines The configuration on the management unit in the stack controls the stack as if it is a single switch. A stack member with a different version of firmware is not allowed to join the stack. No configuration steps need to be taken on the member switches to downgrade the firmware version. Configuration migration during a downgrade is not assured.
Command Mode Global Configuration mode User Guidelines The configuration on the primary switch controls the stack as if it is a single switch. No configuration steps need to be taken on the member switches to enable rebooting the member switches after auto-install downloads a new firmware version.
User Guidelines A configuration file (CLI commands) may be downloaded during the AutoInstall process via DHCP configuration or via UCSB configuration. Refer to the DHCP and USB Auto-Configuration topic in the User’s Configuration Guide for more information. Example console# console#configure console(config)#boot host auto-save console(config)#no boot host auto-save boot host dhcp Use the boot host dhcp command in Global Configuration mode to enable Auto-Install and Auto Configuration on the switch.
Example console# console#configure console(config)#boot host dhcp console(config)#no boot host dhcp boot host retry-count The boot host retry-count command sets the number of attempts to download a configuration. Use the no form of this command to reset the number of attempts to download a configuration to the default. Syntax boot host retry-count count no boot host retry-count • count —The number of attempts to download a configuration (Range: 1–6).
Syntax show auto-copy-sw Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The show switch command also displays the switch firmware synchronization status.
User Guidelines This command has no user guidelines. Example console#show boot Auto-Install Mode.............................. Enabled AutoInstall Operational Mode................... Disabled Auto-Install State............................. AutoInstall is completed. The host retry count value is: 6 Auto Save mode is Disabled Auto Reboot mode is Enabled.
CLI Macro Commands CLI Macros provides a convenient way to save and distribute common configurations. A CLI macro is a set of the CLI commands having a unique name. When a CLI macro is applied, the CLI commands contained within the macro are executed and added to the Running Configuration File. When the macro is applied to an interface, the existing configuration is not lost; the new commands are added configuration.
• profile-compellent-nas, the interface configuration, used when connecting the switch to a Dell Compellent NAS. macro name Use the macro name command in Global Configuration mode to create a user-defined macro. Use the no form of the command to delete a macro. Syntax macro name name no macro name name • name—The name of the macro. A macro name can consist of any printable characters, including blanks and excluding question marks. A macro name may be up to 31 characters in length.
Macro Context Name Service global profile-compellent-nas Configure a port for connection to a Compellent NAS. Command Mode Global Configuration mode User Guidelines The predefined macros are useful in globally configuring the switch or a specific interface in the configuration context indicated. The macros contain a short series of commands with suggested settings for the switch or interface when used in a particular type of service. Macros consist of text commands with one command per line.
Default Configuration No parameters are substituted unless supplied on the command line. Command Mode Global Configuration mode User Guidelines Commands applied are additive in nature. That is, they do not remove existing configuration information by default. macro global trace Use the macro global trace command in Global Configuration mode to apply and trace a macro. The trace command will display each line of the macro as it is executed and list any errors encountered.
Commands applied are additive in nature. That is, they do not remove existing configuration information by default. macro global description Use the macro global description command in Global Configuration mode to append a line to the global macro description. Use the no form of the command to clear the description. Syntax macro global description line • line—The macro description. All text up to the new line is included in the description. Default Configuration There is no description by default.
• value—The string to be substituted within the macro for the specified parameter name. Default Configuration No parameters are substituted unless supplied on the command line. Command Mode Interface Configuration mode User Guidelines Commands applied are additive in nature. That is, they do not remove existing configuration information by default. macro trace Use the macro trace command in Interface Configuration mode to apply and trace a macro.
User Guidelines The line number of the first error encountered is printed. The script is aborted after the first error. Commands applied are additive in nature. That is, they do not remove existing configuration information by default. macro description Use the macro description command in Interface Configuration mode to append a line to the macro description. Use the no form of the command to clear the description. Syntax macro description line • line—The macro description.
• • • • • brief—Shows the list of defined macros and their type. description—Shows the macro descriptions. name—Shows an individual macro, including its contents. macro—The name of the macro to display. interface-id—The interface for which to show the macro description. Default Configuration No parameters are substituted unless supplied on the command line.
Clock Commands Real-time Clock The Dell EMC Networking supports a real-time clock that maintains the system time across reboots. The system time is used to timestamp messages in the logging subsystem as well as for the application of time based ACLs. The administrator has the ability to configure and view the current time, time zone, and summer time settings. The earliest date that can be configured is Jan 1, 2010.
show sntp configuration Use the show sntp configuration command to show the configuration of the Simple Network Time Protocol (SNTP). Syntax show sntp configuration Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Loopback interfaces are not supported on the N1100-ON Series switches. Example The following example displays the current SNTP configuration of the device.
Syntax show sntp server Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Examples console#show sntp server Server Server Server Server Server Server Server Host Address: Type: Stratum: Reference Id: Mode: Maximum Entries: Current Entries: 2001::01 IPv6 2 NTP Srv: 158.108.96.
Last Update Time: Dec 22 07:30:31 2009 Last Attempt Time: Dec 22 07:32:41 2009 Last Update Status: Server Unsynchronized Total Unicast Requests: 157 Failed Unicast Requests: 2 show sntp status Use the show sntp status command to show the status of the Simple Network Time Protocol (SNTP). Syntax show sntp status Default Configuration This command has no default configuration.
sntp authenticate Use the sntp authenticate command in Global Configuration mode to require server authentication for received Network Time Protocol (NTP) traffic. To disable the feature, use the no form of this command. Syntax sntp authenticate no sntp authenticate Default Configuration No authentication. Command Mode Global Configuration mode User Guidelines The command is relevant for both Unicast and Broadcast.
• value—value (Range: 1-8 characters) Default value No authentication is defined. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Examples The following examples define the authentication key for SNTP.
Example The following example enables a Simple Network Time Protocol (SNTP) Broadcast client. console(config)# sntp broadcast client enable sntp client poll timer Use the sntp client poll timer command in Global Configuration mode to set the polling time for the Simple Network Time Protocol (SNTP) client. To return to the default settings, use the no form of this command. Syntax sntp client poll timer seconds no sntp client poll timer • seconds — Polling interval.
sntp server Use the sntp server command in Global Configuration mode to configure an SNTP server address or a host name. The server address can be either an IPv4 address or an IPv6 address. Use the no form of this command to unconfigure an SNTP server address or a host name. Syntax sntp server {ip-address | ipv6-address | hostname} [priority priority][key key_id][poll] no sntp server {ip-address | ipv6-address | hostname} • • • • • ip-address — IP address of the server. hostname — Hostname of the server.
Example The following example configures the device to accept Simple Network Time Protocol (SNTP) traffic from the server at IP address 192.1.1.1. console(config)# sntp server 192.1.1.1 sntp source-interface Use the sntp source-interface command to select the interface from which to use the IP address in the source IP address field of transmitted SNTP packets. Use the no form of the command to revert to the default IP address.
Example console#conf console(config)#interface vlan 1 console(config-if-vlan1)#ip address dhcp console(config-if-vlan1)#exit console(config)#sntp source-interface vlan 1 sntp trusted-key Use the sntp trusted-key command in Global Configuration mode to authenticate the identity of a system to which Simple Network Time Protocol (SNTP) will synchronize. To disable authentication of the identity of the system, use the no form of this command.
sntp unicast client enable Use the sntp unicast client enable command in Global Configuration mode to enable a client to use Simple Network Time Protocol (SNTP) predefined Unicast clients. To disable an SNTP Unicast client, use the no form of this command. Syntax sntp unicast client enable no sntp unicast client enable Default Configuration The SNTP Unicast client is disabled. Command Mode Global Configuration mode User Guidelines Use the sntp server command to define SNTP servers.
Command Mode Global Configuration User Guidelines It is advisable to set both the time and date. Examples console(config)#clock set 19:20:31 console(config)#clock set 04/01/2019 clock timezone hours-offset Use the clock timezone [hours-offset] [minutes minutes-offset] [zone acronym] command to set the offset to Coordinated Universal Time (UTC). If the optional parameters are not specified, they will be read as either '0' or '\0, as appropriate.
no clock timezone Use the no clock timezone command to reset the time zone settings. Syntax no clock timezone Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines This command has no specific user guidelines.
• offset — Number of minutes to add during the summertime. (Range:1–1440) • acronym — The acronym for the time zone to be displayed when summertime is in effect.
• acronym — The acronym for the time zone to be displayed when summertime is in effect. (Range: Up to four upper or lower case alphabetic characters) Default Configuration This command has no default configuration.
Example console(config)#no clock summer-time show clock Use the show clock command to display the time and date from the system clock. Use the show clock detail command to show the time zone and summertime configuration. Syntax show clock [detail] Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Begins at first Sunday of April at 2:00. Ends at last Sunday of October at 2:00. Offset is 60 minutes.
Command Line Configuration Scripting Commands The Configuration Scripting feature allows the user to generate textformatted files representing the current system configuration. These configuration script files can be uploaded to a computer and edited, then downloaded to the system and applied to the system. This feature allows the flexibility of creating command configuration scripts that can be applied to several switches with minor or no modifications.
Example The following example applies the config.scr script to the switch. console#script apply config.scr script delete Use the script delete command to delete a specified script. Syntax script delete {scriptname | all} • scriptname — Script name of the file being deleted. (Range 1-31 characters) Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example displays all scripts present on the switch. console#script list Configuration Script Name Size(Bytes) -------------------------------- ----------0 configuration script(s) found. 2048 Kbytes free. script show Use the script show command to display the contents of a script file.
Example The following example displays the contents of the script file config.scr. console#script show config.scr interface gigabitethernet 1/0/1 ip address 176.242.100.100 255.255.255.0 exit script validate Use the script validate command to validate a script file by parsing each line in the script file.The validate option is intended for use as a tool in script development. Validation identifies potential problems though it may not identify all problems with a given script.
CLI Output Filtering Commands show xxx|include “string” The command xxx is executed and the output is filtered to only show lines containing the “string” match. All other non-matching lines in the output are suppressed. Syntax show xxx|include “string” Default Configuration This command has no default configuration. User Guidelines This command has no user guidelines. Command History Command introduced in version 6.6.0 firmware. Example The following shows an example of the CLI command.
Syntax show xxx|include “string” exclude “string2” Default Configuration This command has no default configuration. User Guidelines This command has no user guidelines. Command History Command introduced in version 6.6.0 firmware. Example The following shows example of the CLI command.
Command History Command introduced in version 6.6.0 firmware. Example The following shows an example of the CLI command. (Routing) #show interface 0/1 Packets Received Without Error................. Packets Received With Error.................... Broadcast Packets Received..................... Receive Packets Discarded...................... Packets Transmitted Without Errors............. Transmit Packets Discarded..................... Transmit Packet Errors......................... Collision Frames........
Command History Command introduced in version 6.6.0 firmware. Example The following shows an example of the CLI command.
(Routing) #show running-config | section “interface 0/1” interface 0/1 no spanning-tree port mode exit show xxx|section “string” “string2” The command xxx is executed and the output is filtered to only show lines included within the section(s) identified by lines containing the “string” match and ending with the first line containing the “string2” match. If multiple sessions matching the specified string match criteria are part of the base output, then all instances are displayed.
Default Configuration This command has no default configuration. User Guidelines This command has no user guidelines. Command History Command introduced in version 6.6.0 firmware.
Configuration and Image File Commands File System Commands CLI commands allow the user to show the contents of the current directory in the flash file system (dir command). These files may also be deleted from the flash using the delete command or renamed with the rename command. Also, the syntax of the copy command has been changed slightly to add additional flash targets and sources for the above commands.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines Use the show bootvar command to find out which image is the active image. Example console#boot system ? active backup Unit to be used for this command executes on this Marks the given image as re-boots. Marks the given image as re-boots. operation. If absent, node. active for subsequent active for subsequent console#show version Machine Description............... System Model ID...
Syntax clear config Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example restores the switch to its default configuration. console#clear config copy Use the copy command to copy files within the switch and to upload and download files from and to the switch.
Parameter Description source-url The location URL or or reserved keyword of the source file being copied. (Range: 1-160 characters.) List of valid source parameters for uploading from the switch: backup-config Uploads Backup Config file. active|backup Uploads code file. log-files Uploads the system logs. operational-log Uploads Operational Log file. running-config Uploads system config file. script Uploads Configuration Script file. startup-config Uploads Startup Config file.
Parameter Description destination-url The URL or reserved keyword of the destination file. (Range: 1-160 characters. List of valid destination parameters for downloading to the switch: application [filename] Download a PYTHON application. backup-config Downloads a backup config file using FTP, SFTP, or TFTP. ca-root [index] A Certificate Authority (CA) root or intermediate X.509 PEM-encoded certificate file. The contents of the source URL are copied into the CAindex.pem file on the switch.
Parameter Description destination-url openflow-ssl-cert (cont.) An OpenFlow client certificate file. The contents of the source URL are copied into the of-cert.pem file on the switch. script Downloads a configuration script by FTP, SFTP, or TFTP. sshkey-dsa Downloads the ssh RSA key file to the switch. sshkey-rsa Downloads the ssh DSA key file to the switch. startup-config Downloads a startup configuration file using FTP or TFTP. ias-users Downloads the ias-users database file.
• filepath — The path to the file on the server or USB drive or an absolute or relative path on the switch. This is an optional parameter that should only be entered if needed. • filename — The name of the file on the server or USB drive (source-url). The filename parameter is required for the tftp, ftp, scp, sftp, flash and usb destination URLs. For an application, if the optional filename parameter is given for an archive in the destination url, it must have a .tar or .tgz extension.
Reserved Keyword Description active|backup Represents the software image file. When “backup” is the target of a copy command, it refers to the backup image. When “active” is the source of a copy command, it refers to the active image. If the switch is the destination, the file will be distributed to all units in the stack. ftp: Source or destination URL for an FTP network server. The syntax for this alias is ftp://ipaddr/filepath/filename image.
When copying scripts to the switch, use the script target syntax. Internally, all scripts, including the startup-config and backup-config, are stored with a header. The header is added when the script is downloaded to the switch and removed when the script is uploaded from the switch.
When copying files to or from a USB stick, do not remove the USB stick during file transfer. Use the unmount command to cleanly detach the USB stick before physical removal. After running the unmount command, the USB stick must be physically removed and re-inserted before accessing again. An ONIE firmware image may be copied onto the management unit in the stack using the onie-fw-update destination URL. ONIE firmware updates are distributed to the stack member automatically and are executed on stack reboot.
Attempting to send the STK file to other units in the stack... File transfer operation completed successfully. console#show bootvar Image Descriptions active : backup : Images currently available on Flash unit active backup current-active next-active ----- ------------ ------------ ----------------- ----------------1 6.0.0.8 6.0.1.3 6.0.0.8 6.0.0.8 After the file transfer completes, use the boot system command to select the new image to run.
console#copy flash://crashlogs/crash.0 usb://crash.0 Example – Crash Log This example copies the most recent crash log from stack unit 5 to the TFTP server located at 10.27.9.99. The crash dump is transferred to the TFTP server into subdirectory ~/jcm and is named crashlog.txt console#copy core-dump 0 unit 5 tftp://10.27.9.99/jcm/crashlog.txt Example – Application Install Install a single application file named hiveagent_pr_s into the user-apps directory: console#copy tftp://172.25.122.
3729 saStartUpl.pyc 8707 saSubmitTop.pyc 16358 saUtil.
File transfer in progress. Management access will be blocked for the duration of the transfer. Please wait... TFTP ONIE Firmware update transfer starting... Purging all pending firmware updates. Removing pending firmware update: onie-fw-update.bin Staging firmware update: /mnt/onie-boot/onie/tools/bin/onie-fw-update.bin 29103991 bytes transferred Attempting to send the ONIE update image to other units in the stack... Command History Description and options revised in 6.3.5 release.
User Guidelines The file name may optionally include the path to the file, e.g., delete crashlogs/crash.0. Example console#delete file1.scr Delete file1.scr (Y/N)?y dir Use the dir command to print the contents of the flash file system or of a subdirectory. Syntax dir [subdir] Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines.
-rw-rw- 0 2497 Jan 28 2022 23:05:12 Jan 21 2022 22:37:38 olog0.txt fastpath.cfg Total Size: 1001914368 Bytes Used: 128319488 Bytes Free: 873594880 erase Use the erase command to erase the startup configuration, the backup configuration, or the backup image, or a Dell-supplied application. Syntax erase {filename | startup-config | backup | backup-config | application filename} • • • • • filename—The name of a file on the flash drive.
Syntax filedescr {active | backup} description no filedescr {active | backup} • • active | backup—Image file. description—Block of descriptive text. (Range: 0-128 characters) Default Configuration No description is attached to the active or backup image. Use the show bootvar command to display the image description. Command Mode Privileged Exec mode User Guidelines The description accepts any printable characters except a question mark.
• dest — Destination file name Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines Renaming the image1 or image2 files may cause the switch to not boot. Example console#rename file1.scr file2.scr show backup-config Use the show backup-config command to display the contents of the backup configuration file. Syntax show backup-config Default Configuration This command has no default configuration.
!Current Configuration: !System Description “Dell Networking N4032, 6.0.0.0, Linux 2.6.32.9" !System Software Version 6.0.0.0 !Cut-through mode is configured as disabled ! configure slot 1/0 1 ! Dell Networking N4032 stack member 1 1 ! N4032 exit interface vlan 1 exit snmp-server engineid local 800002a203001122334455 exit show bootvar Use the show bootvar command in User Exec mode to display the active system image file that the device loads at startup. Syntax show bootvar [unit] • unit —Unit number.
Image Descriptions active : backup : Images currently available on Flash unit active backup current-active next-active ----- ------------ ------------ ----------------- ----------------1 6.0.0.0 9.25.16.57 6.0.0.0 6.0.0.0 show running-config Use the show running-config command to display the contents of the currently running configuration file, including banner configuration.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example This example shows the truncated output for the configuration of interface Gi1/0/1. Since the all parameter is given, both the non-default and the default values are shown.
show startup-config Use the show startup-config command to display the startup configuration file contents. Syntax show startup-config Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the contents of the startup-config file.
write Use the write command to copy the running configuration image to the startup configuration. Syntax write Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command is equivalent to the copy running-config startup-config command functionally.
DHCP Client Commands Dell EMC Networking switches support an embedded DHCP client. Any IP interface can use DHCP to obtain an IP address. The DHCP client can run on multiple interfaces simultaneously. For IPv4, an IP interface can either use manually configured addresses or be enabled for DHCP. The options are mutually exclusive. When the operator enables DHCPv4 on an IP interface, all manually configured IP addresses on that interface are removed from the running configuration.
Default Configuration This command has no default configuration. Command Mode Privileged Exec User Guidelines The DHCP client sends a DHCP RELEASE message telling the DHCP server that it no longer needs the IP address, and that the IP address can be reassigned to another client. The interface method does not change and will still be DHCP even after issuing this command.
Default Configuration This command has no default configuration. Command Mode Privileged Exec User Guidelines If the interface has a leased IPv4 address when this command is issued, the DHCP client sends a DHCP REQUEST message telling the DHCP server that it wants to continue using the IP address.
Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command lists all IPv4 addresses currently leased from a DHCP server on an IP interface. This command only applies to IP interfaces. To see the IPv4 address leased on the out-of-band interface, use the command Maximum Next Hops.............................. 16 out-of-band. This command output provides the following information.
Lease: 2 days 23 hrs 47 mins 24 secs Renewal: 1 days 11 hrs 47 mins 24 secs Rebind: 2 days 14 hrs 47 mins 24 secs Retry count: 0 Switch Management Commands 2025
DHCP Server Commands Dell EMC Networking N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON/N3200-ON Series Switches DHCP is based on the Bootstrap Protocol (BOOTP). It also captures the behavior of BOOTP relay agents and DHCP participants can inter operate with BOOTP participants. The host RFC’s standardize the configuration parameters which can be supplied by the DHCP server to the client. After obtaining parameters via DHCP, a DHCP client should be able to exchange packets with any other host in the Internet.
• Using DHCP a centralized management policy can be implemented as the DHCP server keeps information about all the subnets. This allows a system operator to update a single server when configuration changes take place. ip dhcp pool Use the ip dhcp pool command in Global Configuration mode to define a DHCP address pool that can be used to supply addressing information to DHCP clients. Upon successful completion, this command puts the user into DHCP Pool Configuration mode.
In DHCP Pool Configuration mode, the administrator can configure the address space and other parameters to be supplied to DHCP clients. By default, the DHCP server assumes that all addresses specified are available for assignment to clients. Use the ip dhcp excluded-address command in Global Configuration mode to specify addresses that should never be assigned to DHCP clients.
console(config)#service dhcp console (config)#ip dhcp pool “Printer LP32 R1-101” console(config-dhcp-pool)#client-identifier 00:23:12:43:23:54 console(config-dhcp-pool)#host 10.1.1.1 255.255.255.255 console(config-dhcp-pool)#client-name PRT_PCL_LP32_R1-101 Example 2 – Dynamic Address Pool console(config)#service dhcp console(config)#ip dhcp pool “Windows PCs” console(config-dhcp-pool)#network 192.168.21.0 /24 console(config-dhcp-pool)#domain-name power-connect.com console(config-dhcp-pool)#dns-server 192.
clear ip dhcp binding Use the clear ip dhcp binding command to remove automatic DHCP server bindings. Syntax clear ip dhcp binding [* {[vrf vrf-name | pool name] [ip-address]}] • * — Clear all automatic dhcp bindings. • vrf-name — The name of an existing VRF instance. • ip-address — Clear a specific binding. Default Configuration The command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example console#clear ip dhcp binding 1.
• ip-address—Clear a specific address conflict. Default Configuration The command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example console#clear ip dhcp conflict * client-identifier Use the client-identifier command in DHCP Pool Configuration mode to identify a Microsoft DHCP client to be manually assigned an address. Use the no form of the command to remove the client identifier configuration.
User Guidelines For Microsoft DHCP clients, the identifier consists of the media type followed by the MAC address of the client. The media type 01 indicates Ethernet media. Use the show ip dhcp pool command to display pool configuration parameters. Example console(config-dhcp-pool)#client-identifier 01:03:13:18:22:33:11 console(config-dhcp-pool)#host 192.168.21.34 32 client-name Use the client-name command in DHCP Pool Configuration mode to specify the host name of a DHCP client.
Example console(config-dhcp-pool)#client-identifier 01:03:13:18:22:33:11 console(config-dhcp-pool)#host 192.168.21.34 32 console(config-dhcp-pool)#client-name Line_Printer_Hallway default-router Use the default-router command in DHCP Pool Configuration mode to set the IPv4 address of one or more routers for the DHCP client to use. Use the no form of the command to remove the default router configuration. Use the show ip dhcp pool command to display pool configuration parameters.
Syntax dns-server ip-address1 no dns-server • ip-address1—A valid IPv4 address. Default Configuration This command has no default configuration. Command Mode IP DHCP Pool Configuration mode User Guidelines This command has no user guidelines. domain-name (IP DHCP Pool Config) Use the domain-name command in IP DHCP Pool Configuration mode to set the DNS domain name which is provided to a DHCP client by the DHCP server. The DNS name is an alphanumeric string up to 255 characters in length.
hardware-address Use the hardware-address command in DHCP Pool Configuration mode to specify the MAC address of a client to be manually assigned an address. Use the no form of the command to remove the MAC address assignment. Syntax hardware-address hardware-address no hardware-address • hardware-address—MAC address of the client. Either the XXXX.XXXX.XXXX or XX:XX:XX:XX:XX:XX form of MAC address may be used where X is a hexadecimal digit.
no host • ip-address—IPv4 address to be manually assigned to the host identified by the client identifier. • netmask—An IPv4 address indicating the applicable bits of the address, typically 255.255.255.255. • prefix-length—A decimal number ranging from 1-30. Default Configuration The default is a 1 day lease. Command Mode DHCP Pool Configuration mode User Guidelines Use the client-identifier or hardware-address command prior to using this command for an address pool.
Default Configuration Automatic BOOTP client address assignment is disabled by default. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example console#ip dhcp bootp automatic ip dhcp conflict logging Use the ip dhcp conflict logging command in Global Configuration mode to enable DHCP address conflict detection. Use the no form of the command to disable DHCP conflict logging.
ip dhcp excluded-address Use the ip dhcp excluded-address command in Global Configuration mode to exclude one or more DHCP addresses from automatic assignment. Use the no form of the command to allow automatic address assignment for the specified address or address range. Syntax ip dhcp excluded-address [vrf vrf-name] low-address {high-address} no ip dhcp excluded-address [vrf vrf-name] low-address {high-address} • vrf-name — The name of an existing VRF instance.
ip dhcp ping packets Use the ip dhcp ping packets command in Global Configuration mode to configure the number of pings sent to detect if an address is in use prior to assigning an address from the DHCP pool. If neither ping is answered, the DHCP server presumes the address is not in use and assigns the selected IP address. Syntax ip dhcp ping packets {0, 2-10} no ip dhcp ping packets • count—The number of ping packets sent to detect an address in use. The default is 2 packets. Range 0, 2-10.
Syntax lease {days[hours][minutes]|infinite} no lease • days—The number of days for the lease duration. Range 0-59. Default is 1. • hours—The number of hours for the lease duration. Range 0-23. There is no default. • minutes—The number of minutes for the lease duration. Range 0-59. There is no default. • infinite—The lease expires in 60 days. Default Configuration The default lease is 1 day.
netbios-name-server Use the netbios-name-server command in DHCP Pool Configuration mode to configure the IPv4 address of the Windows Internet Naming Service (WINS) for a Microsoft DHCP client. Use the no form of the command to remove the NetBIOS name server configuration. Syntax netbios-name-server ip-address [ip-address2...ip-address8] no netbios-name-server • ip-address—IPv4 address Default Configuration There is no default name server configured.
no netbios-node-type • type—The NetBIOS node type can be b-node, h-node, m-node or p-node. Default Configuration There is no default NetBIOS node type configured. Command Mode DHCP Pool Configuration mode User Guidelines Use the show ip dhcp pool command to display pool configuration parameters. The NetBIOS node type information is conveyed in the Option 46 TLV of the DHCP OFFER, DHCP ACK, DHCP INFORM ACK and DHCP BOOTREPLY messages.
Default Configuration This command has no default configuration. Command Mode IP DHCP Pool Configuration mode next-server Use the next-server command in DHCP Pool Configuration mode to set the IPv4 address of the TFTP server to be used during auto-install. Use the no form of the command to remove the next server configuration. Syntax next-server ip-address no next-server • ip-address—The IPv4 address of the TFTP server to use during autoconfiguration.
option Use the option command in DHCP Pool Configuration mode to supply arbitrary configuration information to a DHCP client. Use the no form of the command to remove the option configuration. Use the show ip dhcp pool command to display pool configuration parameters. Syntax option code {ascii string1|hex[string1...string8]|ip[ip-address1...ipaddress8]} no option code • code—The DHCP TLV option code. • ascii string1—An ASCII character string.
Option 125 strings must conform to the relevant TLV format as specified in RFC 3925 beginning with a 2 byte pad filled in by the switch (option code 125 and option length), the 2 byte enterprise number, the data length and the sub-option values. For example, option 125 might be written on the command line as: option 125 hex 0000.02a2.1205.1061.7574.6f69.6e73.7461.6c6c.5f64.6863.
Table 7-1.
Table 7-1.
Table 7-1. Option Codes and Lengths (continued) Option Code Fixed Length Minimum Length Multiple Of 68 (Mobile IP Home Agent) – 0 4 69 (SMTP Server) – 4 4 70 (POP3 Server) – 4 4 71 (NNTP Server) – 4 4 72 (WWW Server) – 4 4 73 (Finger Server) – 4 4 74 (IRC Server) – 4 4 75 (Streettalk Server) – 4 4 76 (STDA Server) – 4 4 Options 19, 20, 27, 29, 30, 31, 34, 36, and 39 only accept hex 00 or hex 01 values.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. sntp Use the sntp command in DHCP Pool Configuration mode to set the IPv4 address of the NTP server to be used for time synchronization of the client. Use the no form of the command to remove the NTP server configuration. Syntax sntp ip-address no sntp • ip-address—The IPv4 address of the NTP server to use for time services. Default Configuration There is no default IPv4 NTP server configured.
Syntax show ip dhcp binding [all | {[vrf vrf-name] [address]}] • vrf-name — The name of an existing VRF instance. • address—A valid IPv4 address Default Configuration The command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example console(config)# show ip dhcp binding IP address Hardware Address Expires ----------------------------------10.10.10.
Default Configuration The command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. show ip dhcp global configuration Use the show ip dhcp global configuration command to display the DHCP global configuration. Syntax show ip dhcp server statistics Default Configuration This command has no default configuration.
Syntax show ip dhcp pool [all | poolname] • poolname—Name of the pool. (Range: 1-32 characters) Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. show ip dhcp server statistics Use the show ip dhcp server statistics command to display the DHCP server binding and message counters.
Malformed Bindings............................. 0 Messages Received ------------------DHCP DISCOVER.................................. 132 DHCP REQUEST................................... 132 DHCP DECLINE................................... 0 DHCP RELEASE................................... 32 DHCP INFORM.................................... 0 Messages Sent --------------DHCP OFFER..................................... 132 DHCP ACK....................................... 132 DHCP NACK..............................
DHCPv6 Server Commands Dell EMC Networking N2000/N2100-ON/N2200-ON/N3000ON/N3100-ON/N3200-ON Series Switches clear ipv6 dhcp Use the clear ipv6 dhcp command to clear DHCPv6 statistics for all interfaces or for a specific interface. Syntax clear ipv6 dhcp {statistics | interface vlan vlan-id statistics} • vlan-id — Valid VLAN ID. • statistics — Indicates statistics display if VLAN is specified. Default Configuration This command has no default configuration.
Syntax dns-server ipv6-address no dns-server ipv6-address • ipv6-address —Valid IPv6 address. Default Configuration This command has no default configuration. Command Mode IPv6 DHCP Pool Configuration mode User Guidelines This command has no user guidelines. domain-name (IPv6 DHCP Pool Config) Use the domain-name command in IPv6 DHCP Pool Configuration mode to set the DNS domain name which is provided to a DHCPv6 client by the DHCPv6 server. DNS domain name is configured for stateless server support.
Example The following example sets the DNS domain name “test”, which is provided to a DHCPv6 client by the DHCPv6 server. console(config)#ipv6 dhcp pool addrpool console(config-dhcp6s-pool)#domain-name test console(config-dhcp6s-pool)#no domain-name test ipv6 dhcp pool This capability requires the IPv6 DHCP service to be enabled. Use the service dhcpv6 command to enable the DHCPv6 service. Use the ipv6 dhcp pool command in Global Configuration mode to enter IPv6 DHCP Pool Configuration mode.
ipv6 dhcp relay Use the ipv6 dhcp relay command in Interface Configuration mode to configure an interface for DHCPv6 relay functionality. Syntax ipv6 dhcp relay {destination relay-address [interface vlan vlan-id] | interface vlan vlan-id} | remote-id {duid-ifid | user-defined-string} no ipv6 dhcp relay • destination — Keyword that sets the relay server IPv6 address. • relay-address — An IPv6 address of a DHCPv6 relay server. • interface — Sets the relay server interface. • vlan-id — A valid VLAN ID.
Up to 10 relay destinations may be configured per interface. If a destination relay address has global scope, then the interface option (option 18) is not required. If the destination relay address scope is link local (FE80::) or multicast (FF00::/8), then the destination interface option (Option 18) must be configured. If no relay destination is configured, then a relay interface must be configured and the DHCPV6-ALLAGENTS multicast address (i.e.
Command Mode Interface Configuration (VLAN, Tunnel) mode User Guidelines This feature requires the IPv6 DHCP service. Enable the IPv6 DHCP service using the service dhcpv6 command. The ipv6 dhcp server command enables DHCP for IPv6 service on a specified interface using the pool for prefix delegation and other configuration through that interface. The rapid-commit keyword enables the use of the two-message exchange for prefix delegation and other configuration.
prefix-delegation Use the prefix-delegation command in IPv6 DHCP Pool Configuration mode to define multiple IPv6 prefixes within a pool for distributing to specific DHCPv6 Prefix delegation clients. Syntax prefix-delegation ipv6-prefix/prefix-length client-DUID [name hostname] [valid-lifetime {valid-lifetime | infinite}] [preferred-lifetime {preferredlifetime | infinite}] no prefix-delegation ipv6-prefix/prefix-length • prefix/prefix-length—Delegated IPv6 prefix. • client-DUID—Client DUID (e.g.
Example The following example defines a Multiple IPv6 prefix and client DUID within a pool for distributing to specific DHCPv6 Prefix delegation clients. console(config)#ipv6 dhcp pool addrpool console(config-dhcp6s-pool)#prefix-delegation 2020:1::1/64 00:01:00:09:f8:79:4e:00:04:76:73:43:76 The following example defines a unique local address prefix with the MAC address 00:1D:BA:06:37:64 converted to EUI-64 format and a preferred lifetime of 5 days.
show ipv6 dhcp Use the show ipv6 dhcp command to display the DHCPv6 server name and status. Syntax show ipv6 dhcp Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines The DUID value of the server will only appear in the output when a DHCPv6 lease is active. Example The following example displays the DHCPv6 server name and status.
Command Mode Privileged Exec and User Exec modes, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the configured DHCP pool based on the entered IPv6 address. console#show ipv6 dhcp binding 2020:1:: show ipv6 dhcp interface Use the show ipv6 dhcp interface command in User Exec or Privileged Exec mode to display configuration and status information about an IPv6 DHCP specified interface or all interfaces.
The command output provides the following information for an interface configured in client mode. Not all fields will be shown for an inactive client. Term Description Mode Displays whether the specified interface is in Client, Relay, or Server mode. State State of the DHCPv6 Client on this interface. The valid values are: INACTIVE, SOLICIT, REQUEST, ACTIVE, RENEW, REBIND, RELEASE. Server DUID DHCPv6 Unique Identifier of the DHCPv6 Server on this interface.
Examples The following examples display DHCPv6 information for VLAN 11 when configured in relay mode. console#show ipv6 dhcp interface tunnel IPv6 Interface................................. Mode........................................... Relay Addresses................................ Relay Remote ID................................ Option Flags................................... tunnel 5 Relay :: vlan 110 lvl7india console#show ipv6 dhcp interface vlan 2047 IPv6 Interface.................................
IPv6 Interface................................. Mode........................................... State.......................................... Server DUID.................................... 00:03:00:01:00:13:c4:db:6c:00 T1 Time........................................ T2 Time........................................ Interface IAID................................. Leased Address................................. Preferred Lifetime............................. Valid Lifetime.................................
Total DHCPv6 Packets Transmitted............... 0 console#show ipv6 dhcp interface vlan 10 statistics DHCPv6 Client Interface Vl10 Statistics --------------------------------------------------------DHCPv6 Advertisement Packets Received................. 0 DHCPv6 Reply Packets Received......................... 0 Received DHCPv6 Advertisement Packets Discarded....... 0 Received DHCPv6 Reply Packets Discarded............... 0 DHCPv6 Malformed Packets Received.....................
console#show ipv6 dhcp pool test DHCPv6 Pool: test show ipv6 dhcp statistics Use the show ipv6 dhcp statistics command in User Exec mode to display the global DHCPv6 server and relay statistics. Syntax show ipv6 dhcp statistics Default Configuration This command has no default configuration. Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the DHCPv6 server name and status.
DHCPv6 Relay-reply Packets Transmitted......... 0 DHCPv6 Relay-forward Packets Transmitted....... 0 Total DHCPv6 Packets Transmitted...............
HiveAgent Commands The commands in this section enable configuration of the Dell HiveAgent. HiveAgent commands are not supported on the N2200 or N3200 Series switches. eula-consent Use the eula-consent command to accept or decline the end-user license agreement (EULA) for the hive agent. If accepted, the latest version of the HiveAgent starts. If declined, all Hive Agent applications are stopped.
This command can be executed multiple times. It overwrites the previous information each time. The collected information is stored in the runningconfig. The administrator must write the configuration in order to persist it across reboots. If the administrator clears the config, this information must be reconfigured. Command History Introduced in version 6.3.0.1 firmware.
Command Mode Global Configuration User Guidelines This command enters HiveAgent Configuration mode. It allows the administrator to configure HiveAgent information. The configured information is stored in the running config. Use the write command to save the information into the startup-config. Command History Introduced in version 6.3.0.1 firmware. Example In this example, the HiveAgent EULA has been accepted.
server-name — The name of the server. The server name has a maximum length of 20 characters. Any printable character other than a question mark may be used in the server name. Enclose the server name in quotes if an embedded blank is desired in the server name. Default Configuration The default server HiveManagerNG is configured. Command Mode HiveAgent Configuration User Guidelines The server-name is used as a reference only and is not required to be used as part of a URL definition.
Command Mode HiveAgent Configuration mode User Guidelines This command enables HiveAgent debug. Command History Command introduced in version 6.5 firmware. Example console(config)#hiveagent console(conf-hiveagent)#debug enable Use the enable command to enable a HiveAgent server. Use the no form of the command to disable a HiveAgent server. Syntax enable no enable Default Configuration By default, the default server is enabled. It may be disabled using the no enable form of the command.
Example console(config)# hiveagent console(conf-hiveagent)#server HiveManagerNG console(conf-hiveagent-HiveManagerNG)#enable proxy-ip-address Use the proxy-ip-address command to configure a proxy server to be used to contact the HiveManager NG. Use the no form of the command to remove the proxy server information.
User Guidelines Passwords are always stored and displayed as encrypted, even if entered in unencrypted format. Example console(config)#support-assist console(conf-support-assist)#server 10.0.0.1 console(conf-support-assist-10.0.0.1)#proxy-ip-address 10.0.0.2 port 1025 username admin password 0 password Command History Introduced in version 6.3.0.1 firmware.
Command History Command introduced in version 6.5 firmware. Example console(config)#interface vlan 1 console(conf-vlan1)#ip address 172.16.32.11 /24 console(conf-vlan1)#exit console(config)#hiveagent console(conf-hiveagent)#source interface vlan-id 1 url Use the url command to configure the URL to reach on HiveManager NG. Use the no form of the command to remove the URL information.
Example console(config)#hiveagent console(conf-hiveagent)" server HiveManagerNG console(conf-hiveagent-HiveManagerNG)#url cloud-rd.aerohive.com show hiveagent debug Use the show hiveagent debug command to view information on HiveAgent debug configuration. Status may also be obtained from the HiveManager NG web page. Syntax show hiveagent debug Default Configuration This command has no defaults.
Default Configuration This command has no defaults. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The source VLAN must have an IP address assigned for it to be used by HiveAgent. Command History Command introduced in version 6.5 firmware. Example console(config)# hiveagent console(conf-hiveagent)#source interface vlan-id 1 show hiveagent status Use the show hiveagent status command to display information on the HiveAgent configuration.
Command History Introduced in version 6.3.0.1 firmware. Example console# show hiveagent status HiveAgent: Enabled EULA: Accepted HiveManager Server Name: HiveManagerNG HiveManager NG (enabled): HiveAgent Version.............................. HiveAgent Status............................... HiveAgent AssociationUrl....................... HiveAgent AssociationMethod.................... HiveAgent PollUrl.............................. HiveAgent RedirectorFQDN....................... HiveAgent RedirectorResponse.
Command History Introduced in version 6.3.0.1 firmware. Example console#show eula-consent hiveagent HiveAgent EULA has been: Accepted This switch includes a feature that enables it to work with HiveManager (an optional management suite), by sending the switch’s service tag number to HiveManager to authenticate your entitlement to use HiveManager.
IP Addressing Commands Dell EMC Networking N1100-ON/N1500/N2000/N2100-ON/N2200ON/N3000-ON/N3100-ON/N3200-ON Series Switches Interfaces on the Dell EMC Networking switches support a variety of capabilities to support management of the switch. In addition to performing switching and routing of network traffic, Dell EMC Networking switches act as a host for management of the switch.
Command Mode Privileged Exec mode User Guidelines This command has no user guidelines. Example The following example deletes all entries from the host name-to-address cache. console#clear host * clear ip address-conflict-detect Use the clear ip address-conflict-detect command to clear the address conflict detection status in the switch. Syntax clear ip address-conflict-detect [vrf vrf-name] • vrf-name—The name of the VRF instance on which the command operates.
interface out-of-band Use the interface out-of-band command to enter into OOB interface configuration mode. Syntax interface out-of-band Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines This command is not available on the N1100-ON/N1500/N2000/N2100ON/N2200-ON Series switches.
• subnet-mask — Subnet mask of the interface • prefix-length — Length of the prefix. Must be preceded by a forward slash (/). (Range: 1-30 bits) • secondary — Indicates the IP address is a secondary address. Default Configuration The N1100/N1500/N2000/N2100-ON/N2200-ON default IPv4 address assignment method is DHCP on VLAN 1. The N3000-ON/N3100-ON/N3200-ON default IPv4 address assignment method on VLAN 1 is none, and the default address assignment on the outof-band port is DHCP.
A VLAN interface configured for DHCP address assignment will send the following text string in DHCP Option 60 of the DHCPDISCOVER message to assist the DHCP server in identification of the switch: "DellEMC;;;". The left and right angle brackets and quotation marks are not sent. An example option 60 string might be: DellEMC;N2128PX-ON;6.5.2.0;TW06G93K282986CR0040 IP addresses assigned to Ethernet interfaces support up to 31 bit subnet masks.
Command Mode Interface (Out-of-Band) Configuration mode User Guidelines When setting the netmask/prefix length on an IPv4 address, a space is required between the address and the mask or prefix length. Setting an IP address on the out-of-band port enables switch management over the out-ofband port. The ip address none command clears the currently assigned IPv4 address and sets the IP address configuration method to none.
ip address-conflict-detect run Use the ip address-conflict-detect run command in Global Configuration mode to trigger the switch to run active address conflict detection by sending gratuitous ARP packets for IPv4 addresses on the switch. Syntax ip address–conflict–detect run Default Configuration This command has no default configuration. Command Mode Global Configuration mode, Virtual Router Configuration mode.
Default Configuration DHCPv4 is disabled by default on routing interfaces. Command Mode Interface (VLAN) Configuration mode User Guidelines This command only applies to VLAN routing interfaces. When DHCP is enabled on a routing interface, the system automatically deletes all manually configured IPv4 addresses on the interface. • The command no ip address removes the interface’s primary address (Manual/DHCP) including the secondary addresses, if configured, and sets the Interface method to None.
Examples To enable DHCPv4 on vlan 2: console#config console(config)#interface vlan 2 console(config-if-vlan2)#ip address dhcp ip default-gateway Use the ip default-gateway command to configure a default gateway (router). Syntax ip default-gateway ip-address no ip default-gateway ip-address • ip-address—Valid IPv4 address of an attached router. Default Configuration No default gateway is defined.
Virtual Router Configuration mode is only available on the Dell EMC Networking N3000-ON/N3100-ON/N3200-ON switches. Setting a default gateway on the in-band network may make indirectly connected hosts on the out-of-band network unreachable. Dell EMC N1100ON switches support configuration of a single default gateway. If a subsequent gateway is configured, the prior configuration is overwritten. Dell EMC N1100-ON switches do not support routing. Example The following example sets the default-gateway to 10.1.
ip domain-name Use the ip domain-name command in Global Configuration mode to define a default domain name used to complete unqualified host names. To delete the default domain name, use the no form of this command. Syntax ip domain-name name no ip domain-name • name — Default domain name used to complete an unqualified host name. Do not include the initial period that separates the unqualified host name from the domain name (Range: 1-255 characters).
• name — Host name. • address — IP address of the host. Default Configuration No host is defined. Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example defines a static host name-to-address mapping in the host cache. console(config)#ip host accounting.dell.com 176.10.23.1 ip name-server Use the ip name-server command in Global Configuration mode to define available IPv4 or IPv6 name servers.
User Guidelines Server preference is determined by entry order. Up to eight servers can be defined in one command or by using multiple commands. Use the show hosts command to display the configured name servers. Example The following example sets the available name server. console(config)#ip name-server 176.16.1.
User Guidelines The source interface must have an assigned IP address (assigned either manually or via another method such as DHCP). The use of a source interface allows firewalls devices to identify DNS packets as coming from a specific switch. If the source interface is not specified, the primary address of the outbound interface is used as the source interface. If the specified interface is down, the DNS client falls back to it’s original (unconfigured) behavior.
Syntax ipv6 address {prefix/prefix-length [eui64] | autoconfig | dhcp} no ipv6 address • prefix —The IPv6 address to be configured. • prefix-length —Designates how many of the high-order contiguous bits of the address make up the prefix. • eui64—The optional EUI-64 field designates that IPv6 processing on the interfaces is enabled using an EUI-64 interface ID in the low order 64 bits of the address. If this option is used, the value of prefix_length must be 64 bits.
The optional eui64 parameter indicates that the IPv6 address is configured to use the EUI-64 interface ID in the low order 64 bits of the address. If this parameter is specified, the prefix-length must be 64. Example Configure IPv6 routing on vlan 10 and obtain an address via DHCP. Assumes vlan 10 already exists.
• dhcp—Obtain the prefix via DHCP. Default Configuration No address is assigned to the out-of-band interface by default. Command Mode Interface (out-of-band) Configuration mode User Guidelines When DHCPv6 is enabled on the Out-of-Band interface, the system automatically deletes all manually configured IPv6 addresses on the interface. DHCPv6 can be enabled on the Out-of-Band interface only when IPv6 auto configuration or DHCPv6 is not enabled on any of the in-band management interfaces.
Command Mode Interface (VLAN) Configuration mode User Guidelines This command only applies to VLAN routing interfaces. When DHCPv6 is enabled on a VLAN routing interface, the system automatically deletes all manually configured IPv6 addresses on the interface. Use the no ipv6 address dhcp command to release a leased address and to disable DHCPv6 on an interface. The command no ipv6 address does not disable the DHCPv6 client on the interface.
User Guidelines Command execution automatically configures the interface with a link-local address. This command is not required if an IPv6 global address is configured on the interface. Example The following example enables IPv6 routing on a VLAN which has not been configured with an explicit IPv6 address.
ipv6 gateway (OOB Configuration) Use the ipv6 gateway command in Interface (out-of-band) Configuration mode to configure the address of the IPv6 gateway. The gateway is used as a default route for packets addressed to network devices not present on the local subnet. Use the no form of the command to remove the gateway configuration. Syntax ipv6 gateway ipv6-address no ipv6 gateway • ipv6-address—An IPv6 address (not a prefix). Default Configuration By default, no IPv6 gateway is configured.
Default Configuration This command has no default configuration. Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays information about IP hosts. console>show hosts Host name: dellswitch Default domain: dell.com Name/address lookup is enabled DNS source interface: loopback 1 Name servers (Preference order): 176.16.1.18 176.16.1.
Default Configuration This command has no default configuration. Command Mode User Exec, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The VRF identified in the parameter must have been previously created or an error is returned. The VRF parameter is only available on the N3000-ON/N3100-ON/N3200ON series switches. The command provides the following information.
show ip helper-address Use the show ip helper-address command to display IP helper addresses configuration. Syntax show ip helper-address [vrf vrf-name][intf-address] • vrf-name—The name of the VRF instance on which the command operates. If no VRF parameter is given, information for the default (global) router instance is shown. • intf-address — IP address of a routing interface in dotted quad notation. (Range: Any valid IP address) Default Configuration This command has no default configuration.
Any dhcp No 0 192.168.40.1 show ipv6 dhcp interface out-of-band statistics Use the show ipv6 dhcp interface out-of-band statistics command to display IPv6 DHCP statistics for the out-of-band interface. Syntax show ipv6 dhcp interface out-of-band statistics Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command is only supported on platforms equipped with an out-of-band port.
show ipv6 interface out-of-band Use the show ipv6 interface out-of-band command to show the IPv6 out-ofband port configuration. Syntax show ipv6 interface out-of-band Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines This command is only available on switches equipped with an out-of-band interface. Example console(config-if)#show ipv6 interface out-of-band IPv6 Administrative Mode......
Line Commands Authentication commands related to line configuration mode are in DHCP Client Commands. accounting Use the accounting command in Line Configuration mode to apply an accounting method to a line config. Use the no form of the command to return the accounting for the line mode to the default. Syntax accounting {exec|commands} [default|list-name] no accounting • • • • exec—Provides accounting for a user Exec terminal session. commands—Provides accounting for all user-executed commands.
Examples Use the following command to enable exec type accounting for telnet. console(config)#line telnet console(config-telnet)# accounting exec default authorization Use the authorization command to apply a command authorization method to a line config. Use the no form of the command to return the authorization for the line mode to the default.
command and responds with either a PASS or FAIL response. If approved, the command is executed. Otherwise, the command is denied and an error message is shown to the user. If contact with the authorization method fails, then the next method in the list is attempted. Examples Use the following command to enable TACACS command authorization for telnet.
Example The following example specifies the default authentication method when accessing a higher privilege level console. console(config)# line console console(config-line)# enable authentication default exec-banner Use the exec-banner command to enable exec banner on the console, telnet or SSH connection. To disable, use the no form of the command. Syntax exec-banner no exec-banner • MESSAGE — Quoted text Default Configuration This command has no default configuration.
Syntax exec-timeout minutes [seconds] no exec-timeout • • minutes — Integer that specifies the number of minutes. (Range: 0–65535) seconds — Additional time intervals in seconds. (Range: 0–59) Default Configuration The default configuration is 10 minutes. Command Mode Line (telnet, console, ssh) Configuration mode User Guidelines To specify no timeout, enter the exec-timeout 0 command.
Command Mode Line Interface mode User Guidelines This command has no user guidelines. Example The following example disables the command history function for the current terminal session. console(config-line)# no history history size Use the history size command in Line Configuration mode to change the command history buffer size for a particular line. To reset the command history buffer size to the default setting, use the no form of this command.
console(config-line)#history size 20 line Use the line command in Global Configuration mode to identify a specific line for configuration and enter the line configuration command mode. Syntax line {console | telnet | ssh} • • • console — Console terminal line. telnet — Virtual terminal for remote console access (Telnet). ssh — Virtual terminal for secured remote console access (SSH). Default Configuration This command has no default configuration.
console(config)#line telnet console(config-line)# login authentication Use the login authentication command in Line Configuration mode to specify the login authentication method list for a line (console, telnet, or SSH). To return to the default specified by the authentication login command, use the no form of this command. Syntax login authentication {default | list-name} no login authentication • default — Uses the default list created with the aaa authentication login command.
login-banner Use the login-banner command to enable login banner on the console, telnet or SSH connection. To disable, use the no form of the command. Syntax login-banner no login-banner • MESSAGE — Quoted text Default Configuration This command has no default configuration. Command Mode Line Configuration User Guidelines This command has no user guidelines. Example console(config-telnet)# no login-banner motd-banner Use the motd-banner command to enable motd on the console, telnet or SSH connection.
Command Mode Line Configuration User Guidelines This command has no user guidelines. Example console(config-telnet)# motd-banner password (Line Configuration) Use the password command in Line Configuration mode to specify a password on a line. To remove the password, use the no form of this command. NOTE: For commands that configure password properties, see Password Management Commands. Syntax password password [encrypted] no password • • password — Password for this level.
Example The following example specifies a password “mcmxxyyy” on a line. console(config-line)# password mcmxxyyy show line Use the show line command to display line parameters. Syntax show line [console | telnet | ssh] • • • console — Console terminal line. telnet — Virtual terminal for remote console access (Telnet). ssh — Virtual terminal for secured remote console access (SSH). Default Configuration This command has no default configuration.
History:....................................... 10 SSH configuration: Remote Connection Login Timeout(mins)(secs).... 10 minutes 0 seconds History:....................................... 10 speed Use the speed command in Line Configuration mode to set the line BAUD rate. Use the no form of the command to restore the default settings. Syntax speed {bps} no speed • bps — BAUD rate in bits per second (bps). The options are 2400, 9600, 19200, 38400, 57600, and 115200.
terminal length Use the terminal length command to set the terminal length. Use the no form of the command to reset the terminal length to the default. Syntax terminal length value no terminal length • value — The length in number of lines. Range: 0–512 Default Configuration This default value is 24. Command Mode Privileged Exec mode User Guidelines Setting the terminal length to 0 disables paging altogether.
MACsec Commands mka policy (Global Config) Use this command to create or configure a Media Access Control Security (MACsec) Key Agreement (MKA) Protocol policy and to enter MACsec policy configuration mode (config-macsec-policy). Syntax mka policy {policy-name} no mka policy {policy-name} • policy-name — The name of the desired MACsec policy. The policy name is a maximum of 16 alphanumeric characters. Default Configuration There are no policies configured by default.
Syntax key-server priority value no key-server priority • value — The MKA key server priority. The range is 0 to 255. Default Configuration The default priority is 16. Command Mode MACsec Policy Configuration mode User Guidelines Lower numerical values indicate a higher preference. Command History Command introduced in version 6.7.0 firmware. macsec-cipher-suite Use this command to configure the MACsec cipher suite for an MKA policy. To set the default cipher suite, use the no form of the command.
Default Configuration The default cipher suite is gcm-aes-128. Command Mode MACsec Policy Configuration mode User Guidelines The first part of the cipher suite label indicates the cipher mode of operation, for example, Galois Counter Mode (GCM). The second part of the label indicates the cipher suite, that is, Advanced Encryption Standard (AES). XPH, if present, indicates extended packet numbering is used. The number suffix indicates the key length. Command History Command introduced in version 6.7.
User Guidelines The confidentiality offset allows multiple point-to-point services to operate over a link by transmitting the VLAN tag and other information, such as CoS, in the clear. Both link partners must support the confidentiality offset capability and the offset must be configured identically. Command History Command introduced in version 6.7.0 firmware. key chain Use this command to configure or modify a key chain and enter Key Chain Configuration mode.
Key chains are used only for switch-to-switch MACsec. Command History Command introduced in version 6.7.0 firmware. key Use this command to configure a key and enter Keychain Key Configuration mode. Use the no form of the command to remove the key configuration. Syntax key key-id no key key-id • key-id — The hexadecimal identifier of the key. Maximum length of 64 characters. The key-id must be an even number of characters. Default Configuration This command has no defaults.
Syntax cryptographic-algorithm {gcm-aes-128 | gcm-aes-256} no cryptographic-algorithm • • gcm-aes-128 — Galois counter mode of the Advanced Encryption Standard using a 128-bit key. gcm-aes-256 — Galois counter mode of the Advanced Encryption Standard using a 256-bit key. Default Configuration The default cryptographic algorithm is gcm-aes-128.
Default Configuration There is no key configured by default. Command Mode Keychain Key Configuration mode User Guidelines The key string is stored in encrypted format in the running config and the stored config. The key string must contain an even number of characters. Command History Command introduced in version 6.7.0 firmware. time-range Use this command to configure the key lifetime. Use the no form of the command to return to the default configuration.
User Guidelines When configuring multiple keys in a key chain with differing start/end times, it is recommended to configure the lifetimes to overlap to ensure that the session is not torn down and traffic dropped. Command History Command introduced in version 6.7.0 firmware. macsec [network-link] Use this command to enable MACsec on an interface. Use the no form of the command to disable MACsec on the interface.
mka policy (Interface Config) Use this command to apply a MACsec Key Agreement (MKA) policy to an interface. Use the no form of the command to remove the MKA policy from the interface. Syntax mka policy {policy-name} no mka policy • policy-name — The name of a previously configured MKA policy. Default Configuration No MKA policy is applied to an interface.
Default Configuration No MKA policy is applied to an interface. Command Mode Interface (Ethernet) Configuration mode User Guidelines If an MKA policy or key chain is to be used, configure and apply the policy or key chain prior to enabling MACsec. Command History Command introduced in version 6.7.0 firmware. macsec replay-protection Use this command to enable and configure MACsec replay protection on an interface. Use the no form of the command to disable replay protection on the interface.
When replay protection is disabled, packets must be received in order. Out of order packets are dropped. Command History Command introduced in version 6.7.0 firmware. authentication linksec policy Use this command to enable and configure MACsec linksec policy on an interface. Use the no form of the command to revert to default linksec policy on the interface.
show macsec Use this command to display general information about the MACsec configuration or status for an interface. Syntax show macsec {interface {interface-id}| status {interface-id}} • interface-id — An Ethernet interface identifier. User Guidelines The output field descriptions for the show macsec interface command are the following: Field Description MACsec Mode Switch-to-switch or switch-to-host. MKA Policy MKA policy configured on the interface.
Receive SA Next PN Next packet number of the Rx SA. Receive SA AN Association number of Rx SA. Operational LinkSec Policy Operational LinkSec policy. Command History Command introduced in version 6.7.0 firmware. show mka policy Use this command to display a summary of all defined MKA protocol policies or to display a summary of a specified policy. Syntax show mka policy [policy-name] • policy-name — The name of an MKA policy.
Command History Command introduced in version 6.7.0 firmware. show mka sessions Use this command to display a summary of all MACsec sessions or to display a session on a specified interface. Syntax show mka sessions [ interface interface-id [detail]] • • interface-id — Displays status information for active MKA sessions on an interface. detail — Displays detailed information about the active MKA sessions on the specified interface.
CKN The connectivity association key (CAK) name. The output field descriptions for the show mka session detail command are the following: Field Description Status The secured status of the MKA session. Local-TxSCI Tx SCI of the local MKA instance. Interface MAC Address MAC address of the local interface. MKA Port Identifier MACsec logical port identifier. Interface Name Physical interface on which MKA is operational. CAK Name (CKN) Name of CAK used for the CA.
MACsec Desired MACsec desired parameter for the CA. # of MACsec Capable Live Peers The number of live MKA peers. # of MACsec Capable Potential Peers The number of potential MKA peers. Live Peers List The live MKA peer list. Potential Peers List The potential MKA peer list. Command History Command introduced in version 6.7.0 firmware. show key chain Use this command to display a summary of all configured MKA key chains or a specific key chain.
Time Range The configured time range. Command History Command introduced in version 6.7.0 firmware. show mka statistics Use this command to display MACsec session operational data. Syntax show mka statistics • interface interface-id — Display information for active sessions on an interface.
Field Description MKA Sessions Secured The number of MKA sessions secured. MKA Sessions Deleted The number of MKA sessions deleted. SAKs Generated The number of SAKs generated. SAKs Rekeyed The number of SAKs refreshed or rekeyed. SAKs Received The number of SAKs received from the key server. MKPDUs Validated and Rx The number of valid MKPDUs received. MKPDUs Transmitted The number of MKPDUs transmitted. Received SAKs The number of SAKs received.
Tx SC Installation Failures The number of Tx SC installation failures. MKPDU Tx Failures The number of MKPDU Tx failures. MKPDU Rx Validation Failures The number of MKPDU Rx validation failures. MKPDU Rx Bad Peer The number of MKPDU Rx bad peer message number. MN Command History Command introduced in version 6.7.0 firmware. show macsec secy statistics Use this command to display MACsec SecY statistics.
Command History Command introduced in version 6.7.0 firmware. clear mka statistics Use this command to clear the MKA protocol statistics for an interface. Syntax clear mka statistics [interface {interface-id | all}] • • interface interface-id — Clear statistics for an MKA session on a physical (Ethernet) interface. interface all — Clear statistics for an MKA session on all MACsecenabled interfaces. Command Mode Privileged Exec mode User Guidelines This command has no user guidelines.
• • • txSc interface interface-id — Clear statistics for each SecY's transmit SC on the given physical interface. This option clears the interface statistics as defined in MIB -- IEEE8021-SECY-MIB; Table secyTxSCStatsTable. rxSc interface interface-id — Clear statistics for each SecY's receive SC on the given physical interface. This option clears the interface statistics as defined in MIB -- IEEE8021-SECY-MIB; Table secyRxSCStatsTable.
User Guidelines When enabled globally, the announcements are sent as part of the MKA policy exchange on MACsec interfaces, even when explicitly not enabled in the policy config using the command send-secure-announcements, available in the MACsec Policy Configuration mode. Command History Command introduced in version 6.7.0 firmware. send-secure-announcements Use this command to configure specific MKA policy to send Secure Announcements. Use the no form of the command to disable sending the announcements.
eapol announcements Use this command to configure sending unsecure announcements on specific physical interfaces. Use the no form of the command to disable sending the announcements. Syntax eapol announcements no eapol announcements Default Configuration Sending secure announcements is disabled. Command Mode Interface (Ethernet) Configuration mode User Guidelines When enabled on the interface, the eapol announcements are sent out on the physical interfaces.
PHY Diagnostics Commands show copper-ports tdr Use the show copper-ports tdr command to display the stored information regarding cable lengths. Syntax show copper-ports tdr [interface] • interface — A valid Ethernet interface identifier. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The copper-related commands do not apply to the stacking or 10GBaseT ports.
show fiber-ports optical-transceiver Use the show fiber-ports optical-transceiver command to display the optical transceiver diagnostics. Syntax show fiber-ports optical-transceiver [interface] • interface — A valid SFP, XFP or SFP+ port. Default Configuration This command has no default configuration.
Syntax test copper-port tdr interface • interface — A valid Ethernet port. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines. This command prompts the user to shut down the port for the duration of the test. Passive or active direct attach SFP/SFP+ cables are not based on 1000BaseT technology and do not support TDR testing. Use the show copper-ports tdr command to view the test results.
Power Over Ethernet Commands Dell EMC Networking PoE N1100P-ON, N1108EP-ON, N1524P, N1548P, N2024P, N2048P, N2124PX-ON, N2148PX-ON, N300EP-ON, N3132PX-ON switches implement the PoE, PoE+, or PoE 60W for power sourcing equipment (PSE), depending on the switch model. IEEE 802.3at allows power to be supplied to Class 4 powered devices (PD) that require power up to 30 Watts or PoE 60W (UPoE) to Class 4 devices on certain ports. This allows deployment of powered devices that require more power than the IEEE 802.
The static power management feature allows operators to reserve a guaranteed amount of power for a PoE port. This is useful for powering up devices which draw variable amounts of power and provide them an assured power range within which to operate. Class based power management allocates power at class limits as opposed to user defined limits. In the Dynamic Power management feature, power is not reserved for a given port at any point of time.
User Guidelines Auto enables the switch to deliver power to the powered device. The power inline management parameter should be set to class-based mode to enable power negotiation via LLDP-MED. Dell EMC Networking PoE-enabled ports should not be connected to other Power Sourcing Equipment (PSE) with PoE enabled. If the switch detects PSE equipment supplying power to a port, PoE power is disabled on the port.
• dot3bt+legacy —Enable 802.3bt, 802.3at, 802.3af and pre-9802.3af device detection. This is only available on the N2200PX-ON/N3200PON/N3200PX-ON/N3200PXE-ON switches. Default Configuration The default value is dot3at+legacy. IEEE 802.3bt+legacy detection is enabled by default for the N2200PX-ON/N3200P-ON/N3200PXON/N3200PXE-ON switches. Command Mode Global Configuration mode User Guidelines If no unit number is specified, the entire stack is configured.
power inline four-pair forced Use this command to force 4-pair power feed on an interface. Use the no form of the command to use the default 2-pair power feed. Syntax power inline four-pair forced no power inline four-pair forced Default Configuration The default detection and power feed is four-pair power for ports that are capable of 60W power delivery. The default detection and power feed is Alt-A two-pair power for ports that are not capable of feeding four-pair power.
Example This example configures forced 60W 4-pair power mode on interface Gi1/0/1 console#configure console(config)#interface gi/10/1 console(config-if-Gi1/0/1)#power inline four-pair forced power inline limit Use the power inline limit command to configure a specific power limit for a port. Use the no form of this command to set the power limit to the default.
The maximum configurable power limit is 30000 milliwatts for two-pair power. The maximum configurable power limit is 60000 milliwatts for fourpair power. The actual power delivered in two-pair or four-pair mode may exceed the user-defined limit. Refer to the Class Power Limits and Margin table in the Dell EMC Networking User’s Configuration Guide for more information. Example This example configures interface Gi1/0/1 to deliver 60W four-pair power.
Temperature (C)................................. 39 Command History Description revised in 6.3.5 release. Command updated in firmware release 6.6.1. power inline management Use the power inline management command in Global Configuration mode to set the power management type. Use the no form of this command to set the management mode to the default.
If no unit is specified, all members of the stack are configured. Static, dynamic and class-based modes differ in how the available power is calculated and how much power may be delivered to the Powered Device. Refer to the PoE section in the User’s Configuration Guide for information on Powered Device detection, power allocation methods, and the PoE guard band. Example In the following example, no port is specified so the command displays global configuration and status of all the ports.
power inline poe-ha Use the power inline poe-ha command to enable Perpetual PoE. Syntax power inline poe-ha [unit unit-id] no power inline poe-ha [unit unit-id] Default Configuration Perpetual PoE is disabled by default. Fast PoE is enabled by default and cannot be disabled. Command Mode Global Configuration mode User Guidelines Perpetual PoE Perpetual PoE allows the switch to supply power to PDs during reboot.
Fast PoE is only available on the N1100EP-ON, N2200PX-ON, N3200P-ON, N3200PX-ON, and N3200PXE-ON Series switches. Command History Command introduced in version 6.4.3 firmware. Command updated in firmware release 6.6.1. Example This example enables Perpetual PoE. console(config)#power inline poe-ha power inline powered-device The power inline powered-device command adds a comment or description of the powered device type to enable the user to remember what is attached to the interface.
power inline priority The power inline priority command configures the port priority level, for the delivery of power to an attached device. The switch may not be able to supply power to all connected devices, so the port priority is used to determine which ports will supply power if adequate power capacity is not available for all enabled ports. For ports that have the same priority level, the lower-numbered port has higher priority.
Syntax power inline reset Default Configuration This command has no default configuration. Command Mode Interface Configuration User Guidelines This command is useful if the port is stuck in an Error state. Power to the powered devices may be interrupted as the port is reset. power inline usage-threshold The power inline usage-threshold command configures the system power usage threshold level at which lower priority ports are disconnected.
User Guidelines If no unit number is specified, all stack members are configured. The power limit beyond which ports are disconnected has a configurable range as a percentage of total available power for the individual unit. The maximum power available is given in the table shown in the power inline management command. The usage threshold check calculates the actual consumed power and compares it against the (unit power maximum multiplied by the threshold)/100.
show power inline Use the show power inline command to report current PoE configuration and status. If no port is specified, the command displays global configuration and status of all the ports. If a port is specified, then the command displays the details for the single port. Use the detailed parameter to show power limits, detection type and high power mode for the interface. The detailed parameter is not available on N2200 and N3200 devices.
Admin Displays the requested power delivery state, which is either Auto or Never. Status Displays the operational state which is one of Off, Searching, On, Faulty, Testing, TestFail, Requesting, or Overload. Class Displays the class power range for a single interface or the (Measured/Assigned) class, which is one of Class0, Class1, Class2, Class3, Class4, Class5, Class6, Class7, Class8, or Unknown. Total Power The switch input power (watts).
Temperature The temperature as detected on the PoE chip (degrees centigrade). If the reported temperature is greater than 205°C, the real temperature is 256°C—the reported temperature. Examples console#show power inline Unit Status =========== Unit........................................... Power.......................................... Total Power.................................... Threshold Power................................ Consumed Power................................. Usage Threshold...........
Short Counter.................................. Denied Counter................................. Absent Counter................................. Invalid Signature Counter...................... Output Voltage (Volts)......................... Output Current (mAmps)......................... Temperature (C)................................ 0 0 0 0 53 0 39 Command History Example updated in 6.4 release. Description and outputs updated in firmware release 6.6.2.
RMON Commands The Dell EMC Networking SNMP component includes an RMON (remote monitoring) agent. RMON is a base technology used by network management applications to manage a network. Troubleshooting and network planning can be accomplished through the network management applications. The network monitor monitors traffic on a network and records selected portions of the network traffic and statistics. The collected traffic and statistics are retrieved using SNMP.
• • • • • event-number—The index of the Event that is used when a rising or falling threshold is crossed. (Range: 1- 65535) delta—The sampling method for the selected variable and calculating the value to be compared against the thresholds. If the method is delta, the selected variable value at the last sample is subtracted from the current value, and the difference compared with the thresholds.
• • • Falling threshold — 10 Rising threshold event index — 1 Falling threshold event index — 1 console(config)#rmon alarm 1 1.3.6.1.2.1.2.2.1.1.10.5 10 50000 10 1 1 rmon collection history Use the rmon collection history command in Interface Configuration mode to enable a Remote Monitoring (RMON) MIB history statistics group on an interface. To remove a specified RMON history statistics group, use the no form of this command. Also see the show rmon collection history command.
User Guidelines This command cannot be executed on multiple ports using the interface range command. Example The following example enables a Remote Monitoring (RMON) MIB history statistics group on port 1/0/8 with the index number “1” and a polling interval period of 2400 seconds. console(config)#interface gigabitethernet 1/0/8 console(config-if-Gi1/0/8)#rmon collection history 1 interval 2400 rmon event Use the rmon event command in Global Configuration mode to configure an event.
Command Mode Global Configuration mode User Guidelines This command has no user guidelines. Example The following example configures an event with the trap index of 10. console(config)#rmon event 10 log rmon hcalarm Use the rmon hcalarm to configure high capacity alarms.Use the no form of the command to remove the alarm.
• falling-threshold-high value-64—Falling threshold value (−(263) to 263 − 1) • falling-event-index—Event to trigger when the rising threshold is crossed (1–65535). startup {rising|falling|rising-falling]—The event that is sent when this entry is first set to active. If the first sample after this entry is configured is greater than or equal to the rising threshold and startup rising or startup rising-falling is configured, a single rising event is generated.
Default Configuration This command has no default configuration. Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays RMON 1 alarms. console> show rmon alarm 1 Alarm 1 ------OID: 1.3.6.1.2.1.2.2.1.10.
Field Description Sample Type The method of sampling the variable and calculating the value compared against the thresholds. If the value is absolute, the value of the variable is compared directly with the thresholds at the end of the sampling interval. If the value is delta, the value of the variable at the last sample is subtracted from the current value, and the difference compared with the thresholds. Startup Alarm The alarm that may be sent when this entry is first set.
Command Mode User Exec, Privileged Exec modes, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the alarms summary table: console> show rmon alarms Index OID -------------------------1 1.3.6.1.2.1.2.2.1.10.1 2 1.3.6.1.2.1.2.2.1.10.1 3 1.3.6.1.2.1.2.2.1.10.
Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following table describes the significant fields shown in the display: Field Description Index An index that uniquely identifies the entry. Interface The sampled Ethernet interface. Interval The interval in seconds between samples. Requested Samples The requested number of samples to be saved. Granted Samples The granted number of samples to be saved.
Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following table describes the significant fields shown in the display: Field Description Index An index that uniquely identifies the event. Description A comment describing this event. Type The type of notification that the device generates about this event. Can have the following values: none, log, trap, log-trap. In the case of log, an entry is made in the log table for each event.
• number—The alarm index (Range: 1-65535) Default Configuration This command has no default configuration. Command Modes Privileged Exec (all show modes) User Guidelines This command has no user guidelines. Example console#show rmon hcalarm 2 Alarm 2 ---------OID: ifInOctets.
Syntax show rmon history index [throughput | errors | other] [period seconds] • • • • • index — The requested set of samples. (Range: 1–65535) throughput — Displays throughput counters. errors — Displays error counters. other — Displays drop and collision counters. period seconds — Specifies the requested period time to display. (Range: 0–2147483647) Default Configuration This command has no default configuration.
Field Description CRC Align The number of packets received during this sampling interval that had a length (excluding framing bits but including FCS octets) between 64 and 1518 octets, inclusive, but had either a bad Frame Check Sequence (FCS) with an integral number of octets (FCS Error) or a bad FCS with a non-integral number of octets (Alignment Error).
Maximum table size: 270 Time Octets Packets Broadcast -------------------- --------- ----------- -----09-Mar-2005 18:29:32 303595962 357568 3289 09-Mar-2005 18:29:42 287696304 275686 2789 Multicast % -------- -7287 19 5878 20 The following example displays RMON Ethernet Statistics history for errors on index number 1.
Command Mode User Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following table describes the significant fields shown in the display: Field Description Event An index that uniquely identifies the event. Description A comment describing this event. Time The time this entry was created. Example The following examples display the RMON logging table.
Syntax show rmon statistics {gigabitethernet unit/slot/port| port-channel portchannel-number | tengigabitethernet unit/slot/port | fortygigabitethernet unit/slot/port} Default Configuration This command has no default configuration.
Field Description Undersize Pkts The total number of packets received less than 64 octets long (excluding framing bits, but including FCS octets) and otherwise well formed. Oversize Pkts The total number of packets received longer than 1518 octets (excluding framing bits, but including FCS octets) and otherwise well formed.
Example The following example displays RMON Ethernet Statistics for port Te1/0/1.
Serviceability Commands Debug commands cause the output of the enabled trace to display on a serial port or telnet console. Note that the output resulting from enabling a debug trace always displays on the serial port. The output resulting from enabling a debug trace displays on all login sessions for which any debug trace has been enabled. The configuration of a debug command remains in effect the whole login session.
no debug aaa { accounting | coa | pod } • • • accounting—Trace events for RADIUS accounting server interactions. coa—Trace events for RADIUS CoA server interactions (such as, RADIUS bounce host port, disable host port, …). pod—Trace events for RADIUS POD (RADIUS Disconnect-Request) server instructions. Default Configuration No debug tracing is enabled by default. Command Mode Global Configuration mode User Guidelines Debug commands should be used with caution.
debug arp Use the debug arp command to enable tracing of ARP packets. Use the no form of this command to disable tracing of ARP packets. Use of the optional vrf parameter executes the command within the context of the VRF specific routing table. Syntax debug arp [vrf vrf-name] no debug arp • vrf-name—The name of the VRF associated with the routing table context used by the command. If no vrf is specified, the global routing table context is used.
debug authentication interface Use this command to enable Authentication Manager debug traces for the interface.Use the no form of this command to set the debug trace to factory default value. Syntax debug authentication {event | all} interface-id no debug authentication {event | all} interface-id • • • event—Traces Authentication Manager debug events. all—Enables all Authentication Manager debugs. interface-id—The interface to trace. Default Configuration Default value is disabled.
no debug auto-voip [H323 | SCCP | SIP] Default Configuration Auto VOIP tracing is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug auto-voip debug bfd Use this command to enable the display of BFD events or packets.
User Guidelines Debug commands should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred by enabling debug output. Example console# configure console(config)# vlan 100 console(config-vlan100)# exit console(config)# interface vlan 100 console(config-if-vlan100)# bfd interval 100 min_rx 100 multiplier 5 debug cfm Use the debug cfm command to enable CFM debugging. Use the no form of the command to disable debugging.
User Guidelines Debug commands should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred by enabling debug output. Example The following examples enables display of CFM events on the console. console#debug cfm event debug clear Use the debug clear command to disable all debug traces. Syntax debug clear Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode.
Syntax debug console Default Configuration Display of debug traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug console debug crashlog Use this command to display the crash log contents on the console.
• add-param— Default Configuration By default, this command displays all crash logs for the specified index. Command Modes Privileged Exec mode, User Config mode, all show modes User Guidelines There are no user guidelines for this command. Command History Introduced in version 6.2.0.1 firmware. Example This example displays the most recent crash log for the management unit in the stack.
Registers (hex) at r01: r05: 00000000 r06: r10: 00000000 r11: r15: 00000000 r16: r20: 00000000 r21: r25: 00000000 r26: r30: 00000000 r31: time of fault: 00000000 r02: 00000000 00000000 r07: 00000000 00000000 r12: 00000000 00000000 r17: 00000000 00000000 r22: 00000000 00000000 r27: 00000000 00000000 r03: r08: r13: r18: r23: r28: 00000000 00000000 00000000 00000000 00000000 00000000 r04: r09: r14: r19: r24: r29: 00000000 00000000 00000000 00000000 00000000 00000000 $0x083da883$ $0x083c9955$ $0x0804b8f6$
$0839b295$ ewaNetTelnetDataInternal + 0x959 $0839a928$ ewaNetTelnetData + 0x30 $083a7b73$ ewsTelnetParse + 0x2b9 $08387592$ ewsParse + 0x162a $08372fbc$ ewsRun + 0x149 $08395caf$ ewmain + 0x17c $083996de$ emweb_main + 0x1a3 $083d6f71$ osapi_task_wrapper + 0xa6 $00134e99$ ????? $0021873e$ ????? ----------------------------------------- debug dhcp packet Use the debug dhcp packet command to display debug information about DHCPv4 client activities and to trace DHCPv4 packets to and from the local DHCPv4 clien
console#debug dhcp packet The second example is for transmit flow. console#debug dhcp packet transmit The third example is for receive flow. console#debug dhcp packet receive debug dhcp server packet Use this command to trace DHCPv4 packets to and from the local DHCPv4 server. To disable debugging, use the no form of this command. Syntax debug dhcp server packet no debug dhcp server packet Default Configuration DHCP server packet tracing is disabled by default.
Syntax debug dot1x packet [receive | transmit] no debug dot1x packet [receive | transmit] Default Configuration Display of dot1x traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug.
User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug igmpsnooping packet debug ip acl Use the debug ip acl command to enable debug of IP Protocol packets matching the ACL criteria. Use the “no” form of this command to disable IP ACL debugging. Syntax debug ip acl acl no debug ip acl acl • acl — The number of the IP ACL to debug.
debug ip bgp To enable debug tracing of BGP events, use the debug ip bgp command. To disable debug tracing, use the no form of this command.
Default Configuration Debug tracing is not enabled by default. By default, debug capability for the the global VRF is configured. Command Mode Global Configuration mode User Guidelines Debug messages are sent to the system log at the DEBUG severity level. To print them on the console, enable console logging at the DEBUG level (logging console debug). The debug options enabled for a specific peer are the union of the options enabled globally and the options enabled specifically for the peer.
Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode User Guidelines Debug messages are sent to the system log at the DEBUG severity level. To display them on the console, enable console logging at the DEBUG level (logging console debug). Command History Command introduced in version 6.6.0 firmware. debug ip dvmrp Use the debug ip dvmrp to trace DVMRP packet reception and transmission.
User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug ip dvmrp packet debug ip igmp Use the debug ip igmp command to trace IGMP packet reception and transmission. The receive option traces only received IGMP packets and the transmit option traces only transmitted IGMP packets. When neither keyword is used in the command, then all IGMP packet traces are dumped.
debug ip mcache Use the debug ip mcache command for tracing MDATA packet reception and transmission. The receive option traces only received data packets and the transmit option traces only transmitted data packets. When neither keyword is used in the command, then all data packet traces are dumped. Vital information such as source address, destination address, packet length, and the interface on which the packet is received or transmitted is displayed on the console.
Use the no form of this command to disable debug tracing of PIMDM packet reception and transmission. Syntax debug ip pimdm packet [receive | transmit] no debug ip pimdm packet [receive | transmit] Default Configuration Display of PIMDM traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug.
Default Configuration Display of PIMSM traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug ip pimsm packet debug ip vrrp To enable debug tracing of VRRP events, use the debug ip vrrp command in Privileged Exec mode. To disable debug tracing, use the no form of the command.
The debug options enabled for a specific peer are the union of the options enabled globally and the options enabled specifically for the peer. Enabling one of the packet type options enables packet tracing in both the inbound and outbound directions. Command History Command introduced in version 6.6 firmware. debug ipv6 dhcp Use the debug ipv6 dhcp command to display debug information about DHCPv6 client activities and to trace DHCPv6 packets to and from the local DHCPv6 client.
debug ipv6 mcache Use the debug ipv6 mcache command to trace MDATAv6 packet reception and transmission. The receive option traces only received data packets and the transmit option traces only transmitted data packets. When neither keyword is used in the command, then all data packet traces are dumped. Vital information such as source address, destination address, packet length, and the interface on which the packet is received or transmitted is displayed on the console.
packet length, and the interface on which the packet is received or transmitted is displayed on the console. Use the “no” form of this command to disable MLD tracing. Syntax debug ipv6 mld packet [receive | transmit] no debug ipv6 mld packet [receive | transmit] Default Configuration Display of MLD traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution.
Command Mode Privileged Exec mode, VRF Configuration User Guidelines Debug output should be used with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug output. Use of debug-level logging when performing operations such as switch failover is not recommended. Debug messages are sent to the system log at the DEBUG severity level. To print them on the console, enable console logging at the DEBUG level (logging console debug).
Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug ipv6 pimdm packet debug ipv6 pimsm Use the debug ipv6 pimsm command to trace PIMSMv6 packet reception and transmission. The receive option traces only received PIMSMv6 packets and the transmit option traces only transmitted PIMSMv6 packets.
Example console#debug ipv6 pimsm packet debug ipv6 ping Use this command to enable tracing of ICMPv6 echo requests and responses. This command traces pings on the network port and on the routing interfaces. Use the no form of this command to disable tracing of ICMPv6 echo requests and responses. Use of the optional vrf parameter executes the command within the context of the VRF-specific routing table.
debug isdp Use the debug isdp command to trace ISDP packet reception and transmission. The receive option traces only received ISDP packets and the transmit option traces only transmitted ISDP packets. When neither keyword is used in the command, then all ISDP packet traces are dumped. Vital information such as source address, destination address, control packet type, packet length, and the interface on which the packet is received or transmitted is displayed on the console.
no debug lacp packet Default Configuration Display of LACP traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug lacp packet debug mldsnooping Use the debug mldsnooping command to trace MLD snooping packet reception and transmission.
Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug mldsnooping debug ospf Use the debug ospf command to enable tracing of OSPF packets received and transmitted by the switch. Use the no form of this command to disable tracing of OSPF packets.
Only IPv4 addresses are supported with the vrf parameter. This command is only available on the N3000-ON/N3100-ON/N3200-ON switches. Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug ospf packet debug ospfv3 packet Use the debug ospfv3 packet command to enable tracing of OSPFv3 packets received and transmitted by the switch.
Example console#debug ospfv3 packet Command History Command introduced in firmware release 6.6.1. debug ping Use the debug ping command to enable tracing of ICMP echo requests and responses. This command traces pings on the network port and on the routing interfaces. Use the no form of this command to disable tracing of ICMP echo requests and responses. Use of the optional vrf parameter executes the command within the context of the VRF specific routing table.
Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example The following example displays. console#debug ping packet debug rip Use the debug rip command to enable tracing of RIP requests and responses. Use the no form of this command to disable tracing of RIP requests and responses. Syntax debug rip packet no debug rip packet Default Configuration Display of RIP traces is disabled by default.
Syntax debug sflow packet no debug sflow packet Default Configuration Display of sFlow traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug sflow packet debug spanning-tree Use the debug spanning-tree command to trace spanning tree BPDU packet reception and transmission.
Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. Example console#debug spanning-tree bpdu debug tacacs Use the debug tacacs command to enable debug tracing of TACACS+ debugging.
Debug messages are sent to the system log at the DEBUG severity level. To print them on the console, enable console logging at the DEBUG level (logging console debug). Command History Command introduced in firmware release 6.6.1. debug transfer Use the debug transfer command to enable debug tracing of file transfers. Syntax debug transfer no debug transfer Default Configuration This command has no default configuration.
debug udld Use the debug udld command to enable the display of UDLD packets or event processing. Use the no form of the command to disable debugging. Syntax debug udld {packet [receive|transmit]|events} no debug udld {packet [receive|transmit]|events} • • • • Packet—Display transmitted and received UDLD packets. Receive—Debug packets received by the switch. Transmit—Debug packets transmitted by the switch. Events—Display UDLD events. Default Configuration By default, debugging is disabled.
no debug vpc [{peer-keepalive [packet]| peer-link {control-message | datamessage} | peer detection | core] • • • • peer-keepalive—Displays the debug traces for the keepalive state machine transitions. The packet option enables debug traces for the keepalive packets exchanged between the MLAG peer devices on the peer link. peer-link—In error cases, enables the debug traces for the control messages or data messages exchanged between the MLAG devices on the peer link.
Syntax debug vrrp all no debug vrrp all Default Configuration The display of VRRP traces is disabled by default. Command Mode Privileged Exec mode. User Guidelines Debug output should be enabled with caution. Switch behavior may be adversely affected by the additional processing load incurred from enabling debug. exception core-file Use the exception core-file command to configure the core dump file name. Use the no form of the command the reset the core file name to the default.
Command Modes Global Configuration mode User Guidelines The configuration parameters are not validated when this command is entered. Use the write core test command to validate the configured parameters and that the core dump is likely to succeed. An average core file is around 450 KB. Example copy times are as follows: • • TFTP: 13mins (different subnet) USB: 3 mins Administrators should ensure that a cleanly formatted USB flash drive of at least 1G is used for collection of a the full core dump.
• • • • • • • ftp-server—Transfer the core information to an FTP server. username—The login id on the FTP server nopassword—The user id configured on the FTP server does not require a password. password—The user id configured on the FTP server requires a password. file-path—The directory to prepend to the core file name. protocol dhcp—Obtain the out-of-band port address via DHCP for core dump transfer.
If no DHCP server is available for assignment of addresses to switches, the exception dump stack-ip-address protocol static add command should be used once for each member of the stack. It is recommended that these addresses be unique in the network. The management unit in the stack will distribute the addresses to the stack members for use on the out-of-band port only during crash dump transfer.
• • • • • password – the user id configured on the FTP server requires a password. password—The password associated with the user id on the FTP server. ip address—The IPv4 address of an FTP or TFTP server. usb — Store the core dump on a USB device. A USB device must be inserted into the switch front panel. none — Core dumps are disabled. Stack-ip-address parameters: • • • • • ipv4-address—The address used by the of the out-of-band port of the switch during crash dump transfer.
addresses be unique in the network. The management unit in the stack will distribute the addresses to the stack members for use on the out-of-band port only during crash dump transfer. In addition, for the purposes of transferring the core file to the server, a unique MAC address is assigned to the stack unit. As crash dump retrieval is not reliable on the front panel ports, the TFTP and FTP parameters are not available on the N1100-ON/N1500/N2000/N2100ON/N2200-ON series switches.
exception switch-chip-register Use the exception switch-chip-register command to enable dumping the switch chip registers in case of an exception. The register dump is taken only for the primary unit and not for the stack member units. Use the no form of the command to disable dumping of the switch-chip registers. Syntax exception switch-chip-register no exception switch-chip-register Default Configuration By default, switch register dumps are disabled.
Default Configuration The default values are as follows: • • idle—180 seconds. Range: 1-3600 life—1800 seconds. Range: 1-86400 Command Mode Global Configuration User Guidelines This command configures the timeout for both HTTP and HTTPS sessions. Changes to the parameters affect existing sessions. Reducing the time parameters may close existing sessions. The idle timeout closes sessions in which no activity is detected (e.g., no commands are entered).
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Enabled packet tracing configurations are displayed. Example console#show debugging Authentication manager all debug traces enabled on Gi1/0/1 show exception Use the show exception command to display the core dump configuration parameters, the current or previous exception log, or the core dump file listing.
User Guidelines An exception log or core dump file is generated in the rare event that the switch firmware fails. Dell support personnel may ask administrators to provide the exception log information to assist in issue resolution.
Protocol....................................... Switch-chip-register........................... Compression mode............................... Stack IP Address Protocol...................... Stack IP Address: IP Address Net Mask Gateway --------------- --------------- --------------- none False TRUE dhcp Assigned Unit --------------- show supported mibs Use the show supported mibs command to display the implemented SNMP MIBs.
HCNUM-TC DELL-REF-MIB SNMP-COMMUNITY-MIB SNMP-FRAMEWORK-MIB SNMP-MPD-MIB SNMP-NOTIFICATION-MIB SNMP-TARGET-MIB SNMP-USER-BASED-SM-MIB SNMP-VIEW-BASED-ACM-MIB USM-TARGET-TAG-MIB DELL-POWER-ETHERNET-MIB POWER-ETHERNET-MIB SFLOW-MIB DELL-SFLOW-MIB DELL-ISDP-MIB DELL-UDLD-MIB DELL-BOXSERVICES-PRIVATE-MIB DIFFSERV-DSCP-TC IANA-ADDRESS-FAMILY-NUMBERS-MIB DELL-DHCPSERVER-PRIVATE-MIB DELL-DHCPCLIENT-PRIVATE-MIB DELL-DNS-RESOLVER-CONTROL-MIB DELL-DENIALOFSERVICE-PRIVATE-MIB DELL-GREENETHERNET-PRIVATE-MIB Ethernet
LLDP-MIB LLDP-EXT-DOT3-MIB LLDP-EXT-MED-MIB DELL-LLPF-PRIVATE-MIB DISMAN-PING-MIB DNS-SERVER-MIB DNS-RESOLVER-MIB SMON-MIB DELL-TIMERANGE-MIB DELL-TIMEZONE-PRIVATE-MIB DISMAN-TRACEROUTE-MIB LAG-MIB RFC 1213 - RFC1213-MIB RFC 1493 - BRIDGE-MIB RFC 2674 - P-BRIDGE-MIB RFC 2674 - Q-BRIDGE-MIB RFC 2737 - ENTITY-MIB RFC 2863 - IF-MIB RFC 3635 - Etherlike-MIB DELL-SWITCHING-MIB DELL-INVENTORY-MIB Management Information Base module for LLDP configuration, statistics, local system data and remote systems data
DELL-PORTSECURITY-PRIVATE-MIB INET-ADDRESS-MIB IANAifType-MIB DELL-LOGGING-MIB MAU-MIB DELL-MVR-PRIVATE-MIB DELL-SNTP-CLIENT-MIB DELL-VPC-MIB IEEE8021-PAE-MIB DELL-DOT1X-ADVANCED-FEATURES-MIB Advanced DELL-DOT1X-AUTHENTICATION-SERVERMIB DELL-RADIUS-AUTH-CLIENT-MIB RADIUS-ACC-CLIENT-MIB RADIUS-AUTH-CLIENT-MIB TACACS-CLIENT-MIB DELL-CAPTIVE-PORTAL-MIB DELL-AUTHENTICATION-MANAGER-MIB DELL-MGMT-SECURITY-MIB RFC 1724 - RIPv2-MIB RFC 1850 - OSPF-MIB RFC 1850 - OSPF-TRAP-MIB RFC 2787 - VRRP-MIB DELL-ROUTING-MIB I
DELL-BGP-MIB DELL-QOS-MIB DELL-QOS-ACL-MIB DELL-QOS-COS-MIB DELL-QOS-AUTOVOIP-MIB DELL-QOS-DIFFSERV-PRIVATE-MIB DELL-QOS-ISCSI-MIB RFC 2932 - IPMROUTE-MIB draft-ietf-magma-mgmd-mib-03 RFC 5060 - PIM-STD-MIB RFC 5240 - PIM-BSR-MIB DVMRP-STD-MIB IANA-RTPROTO-MIB DELL-MULTICAST-MIB IPMROUTE-STD-MIB MGMD-STD-MIB DELL-NSF-MIB configure RFC 2465 - IPV6-MIB RFC 2466 - IPV6-ICMP-MIB RFC 3419 - TRANSPORT-ADDRESS-MIB DELL-ROUTING6-MIB DELL-DHCP6SERVER-PRIVATE-MIB DELL-IPV6-LOOPBACK-MIB DELL-IPV6-TUNNEL-MIB Dell-LAN-
be integrated into Dell ITA management system. snapshot bgp Use the snapshot bgp command in support mode to dump the current state of BGP for use by support personnel. Syntax snapshot bgp Default Configuration There is no default configuration. Command Mode Support mode User Guidelines This command has no user guidelines. Command History Introduced in version 6.2.0.1 firmware.
Default Configuration This command has no default configuration. Command Modes Privileged Exec mode User Guidelines Using the write core command reboots the switch. The write core command is useful when the device malfunctions, but has not crashed. The write core test command is useful for validating the core dump setup. For example, if the protocol is configured as tftp, the command write core test communicates with the tftp server and informs the administrator if the tftp server can be contacted.
Sflow Commands sFlow® is the standard for monitoring high-speed switched and routed networks. sFlow technology is built into network equipment and gives complete visibility into network activity, enabling effective management and control of network resources. The sFlow monitoring system consists of an sFlow Agent (embedded in a switch or router or in a stand-alone probe) and a central sFlow Collector. The sFlow Agent uses sampling technology to capture traffic statistics from the device it is monitoring.
• • • owner_string —The identity string for the receiver. A receiver is not enabled until the owner string is assigned. The default is an empty string. The identity string must be set before assigning a receiver to a sampler or poller. (Range: 1–127 characters). rcvr_timeout —The time, in seconds, remaining before the sampler or poller is released and stops sending samples to the receiver. Setting a value of 0 for the timeout value permanently configures the sflow receiver.
Example console(config)#sflow 1 destination owner 1 timeout 2000 console(config)#sflow 1 destination maxdatagram 500 console(config)#sflow 1 destination 30.30.30.1 560 sflow polling Use the sflow polling command to enable a new sflow poller instance for this data source if rcvr_idx is valid. An sflow poller sends counter samples to the receiver. Use the “no” form of this command to reset poller parameters to the defaults.
Example console(config)#sflow 1 polling gigabitethernet 1/0/1-10 200 sflow polling (Interface Mode) Use the sflow polling command in Interface Mode to enable a new sflow poller instance for this interface if rcvr_idx is valid. An sflow poller sends counter samples to the receiver. Use the no form of this command to reset poller parameters to the defaults. Syntax sflow rcvr-index polling poll-interval no sflow rcvr-index polling • rcvr-index — The sFlow Receiver associated with the poller (Range: 1 8).
sflow sampling Use the sflow sampling command to enable a new sflow sampler instance for this data source if rcvr_idx is valid. An sflow sampler collects flow samples to send to the receiver. Use the “no” form of this command to reset sampler parameters to the default.
Lowering the sampling rate (higher numerical value) will help to ensure that all collected samples can be sent to the receiver. The sflow instance must be configured using the sflow destination owner command before this command can successfully execute. Example console(config)#sflow 1 sampling gigabitethernet 1/0/2 1500 50 sflow sampling (Interface Mode) Use the sflow sampling command in Interface Mode to enable a new sflow sampler instance for this data source if rcvr_idx is valid.
User Guidelines Lower sampling numbers cause more samples to be collected and increase the load on the CPU. Setting a sampling rate of 1024 on a large number of ports may tax the CPU beyond it's ability to deliver the packets to the receiver. Lowering the sampling rate (higher numerical value) will help to ensure that all collected samples can be sent to the receiver.
User Guidelines The source interface must have an assigned IP address (either manually or via another method such as DHCP). Use the show sflow source-interface command to display the assigned source interface. This command is not supported on Dell EMC N1100-ON switches. Dell EMC N1100-ON switches support configuration of a single IP address in interface vlan configuration mode. That IP address is used as the source interface address for this function.
sFlow Version Uniquely identifies the version and implementation of this MIB. The version string must have the following structure: MIB Version; Organization; Software Revision where: MIB Version: 1.3, the version of this MIB. Organization: Dell Corp. Revision: 1.0 IP Address The IP address associated with this agent. Example console#show sflow agent sFlow Version.......................... 1.3;Dell Inc.;10.23.18.28 IP Address............................. 10.27.21.
Owner String The identity string for receiver, the entity making use of this sFlowRcvrTable entry. Time Out The time (in seconds) remaining before the receiver is released and stops sending samples to sFlow receiver. IP Address The destination IP address (the sFlow receiver host). Address Type 1 for IPv4 and 2 for IPv6. Port The destination Layer4 UDP port for sFlow datagrams. Datagram Version The sFlow record format version. For example, 5 indicates sFlow version 5.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed: Poller Data Source The sFlowDataSource (unit/slot/port) for this sFlow sampler. This agent will support Ethernet ports only. Receiver Index The sFlowReceiver associated with this sFlow counter poller.
Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed: Sampler Data Source The sFlowDataSource (unit/slot/port) for this sFlow sampler. This agent will support Ethernet ports only. Receiver Index The sFlowReceiver configured for this sFlow sampler. Packet Sampling Rate The statistical sampling rate for packet sampling from this source.
Command Mode Privileged Exec, Global Configuration, and all sub-modes User Guidelines Use the sflow source-interface command to assign an IP address other than the default for transmitted sFlow packets. This command is not supported on Dell EMC N1100-ON switches. Dell EMC N1100-ON switches support configuration of a single IP address in interface vlan configuration mode. That IP address is used as the source interface address for this function.
SNMP Commands The SNMP component provides a machine-to-machine interface for the Dell EMC Networking product family. This includes the ability to configure the network device, view settings and statistics, and upload or download code or configuration images. The agent includes a get-bulk command to reduce network management traffic when retrieving a sequence of Management Information Base (MIB) variables and an elaborate set of error codes for improved reporting to the network control station.
Example The following example displays the SNMP communications status. console(config)#show snmp Community-String Community-Access View Name IP Address IP Mask -------------------- ---------------- ---------------- ----------- -------private Read/Write Default All All public Read Only Default 1.1.1.1 255.255.255.
Syntax show snmp engineid Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The SNMP engine ID uniquely identifies the SNMP agent to other SNMPv3 stations. The SNMP engine ID is not cleared by the clear config command. The SNMP engine ID must be unique for the administrative domain. Example The following example displays the SNMP engine ID.
User Guidelines Per RFC 2573, an implicit exclude all filter is present at the beginning of every filter list. This implicit filter is not shown in the output of this command. Example The following examples display the configuration of filters with and without a filter name specification. console # show snmp filters Name OID Tree Type ------------------- --------------------------------user-filter1 1.3.6.1.2.1.1 Included user-filter1 1.3.6.1.2.1.1.7 Excluded user-filter2 1.3.6.1.2.1.2.2.1.*.
User Guidelines The group name accepts any printable characters except a question mark. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name. The CLI does not filter illegal characters and may accept entries up to the first illegal character or reject the entry entirely. The following table contains field descriptions.
Prefix Model Level Read Write Notify --------------------- ---------- ----- ------------- -------- -------- ------DefaultWrite "" V1 NoAuth-NoPriv Default Default Default DefaultWrite "" V2 NoAuth-NoPriv Default Default Default DefaultWrite "" V3 NoAuth-NoPriv Default Default Default DefaultWrite "" V3 Auth-NoPriv Default Default Default DefaultWrite "" V3 Auth-Priv Default Default Default Command History The example was updated in release 6.4.
Console # show snmp user Name Group Name Auth Priv Meth Meth Remote Engine ID --------------- --------------- ---- ---- ------------------bob user-group MD5 DES 800002a20300fce3900106 john user-group SHA DES 800002a20300fce3900106 Console # show snmp users bob Name Group Name Auth Priv Meth Meth Remote Engine ID --------------- --------------- ---- ---- ------------------bob user-group MD5 DES 800002a20300fce3900106 show snmp views Use the show snmp views command to display the configuration of views.
----------- ----------------------- --------- user-view1 1.3.6.1.2.1.1 Included user-view1 1.3.6.1.2.1.1.7 Excluded user-view2 1.3.6.1.2.1.2.2.1.*.1 Included show trapflags Use the show trapflags command to display the trap settings. Syntax show trapflags [vrf {vrf-name}][ospf|ospfv3|captive-portal] • • • • vrf-name—The name of an existing VRF instance. ospf—Display OSPFv2 specific trap settings. ospfv3—Display OSPFv3 specific trap settings.
Mbuf Threshold Traps........................... CPU Threshold Traps............................ Spanning Tree Traps............................ VRRP Traps..................................... ACL Traps...................................... BGP Traps...................................... DVMRP Traps.................................... OSPFv2 Traps................................... PIM Traps...................................... OSPFv3 traps................................... Captive Portal Traps............
• • • • • • community-string—The SNMP community identifier. See SNMPCOMMUNITY-MIB for further information. (Range: 1-20 printable characters other than an at sign, a backslash, or a question mark.) ro—Indicates read-only access. rw—Indicates read-write access. su—Indicates SNMP administrator access. ip-address—Specifies the IP address or subnet of the management station(s). If no IP address is specified, all management stations are permitted. Both IPv4 and IPv6 addresses are accepted.
• The internal group name for SNMPv1 and SNMPv2 security models is mapped to a view name. If ro is specified, then read-view and notifyview are mapped. If rw is specified, then read-view, notify-view, and write-view are mapped. The community name may include any printable characters except a question mark, an at sign, or a backslash. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name.
• ip-address — Specifies the IP address or subnet of the management station(s). If no IP address is specified, all management stations are permitted. Both IPv4 and IPv6 addresses are accepted. If a subnet is specified, it may be entered in the form of an IPv4 address, followed by a space and a forward slash, followed by the decimal number of significant bits with no intervening spaces, or the IP address may be followed by an IPv4 mask in dotted quad notation.
snmp-server contact Use the snmp-server contact command in Global Configuration mode to set up a system contact (sysContact) string. To remove the system contact information, use the no form of the command. Syntax snmp-server contact text no snmp-server contact • text — Character string, 1 to 255 characters, describing the system contact information. Default Configuration This command has no default configuration.
Syntax snmp-server enable traps [acl | all | auto-copy-sw | bgp state-changes limited |buffers |captive-portal cp-type | cpu |dhcp-snooping |dot1q | dvrmp | link | port-security [trap-rate] | multiple-users | [vrf vrf-name] ospf ospftype | ospfv3 ospfv3type |pim |poe | snmp authentication | spanningtree | vrrp | mac-notification] no snmp-server enable traps [acl | all|auto-copy-sw | bgp state-changes limited |buffers | captive-portal cp-type | cpu |dhcp-snooping| dot1q | dvrmp | link | port-security [trap-r
• • • • • • • • • • • • • • • • • • • bgp state-changes limited—Enable standard traps defined in RFC 4273. port-security—Enable traps on port security violations. port-security trap-rate—Configure the interval at which port security traps are issued. Range 1-1000000 seconds. Default 30 seconds. buffers—Enables sending of a trap on the internal message buffer count exceeding the rising threshold. cpu threshold—Enables sending of a trap on the CPU occupancy exceeding the rising threshold.
User Guidelines Not all parameters are available on all switch models. The selection of parameters is based upon the capabilities of the switch firmware and hardware. Use the command with no parameters to globally enable sending of traps. Use the no form of the command with no parameters to globally disable sending of traps without changing the configured traps.
ospf ospfv3 pim port-security snmp spanning-tree vrf vrrp Enable/Disable OSPF Traps. Enable/Disable OSPFv3 Traps. Enable/Disable traps for protocol-independent multicast. Enable/Disable switch level Maclock Violation trap flag. Enable SNMP traps. Configure spanning tree traps. Specify VPN Routing/Forwarding instance. Enable/Disable VRRP trap. The following example enables MAC notification, sets the buffer size to 255, and enables MAC notification traps.
• default — The engineID is created automatically, based on the device MAC address. Default Configuration The engineID is generated using the switch MAC address. Command Mode Global Configuration mode User Guidelines If you want to use SNMPv3, an engine ID is required for the switch. You can specify your own ID or use the default string that is generated using the MAC address of the device.
snmp-server filter Use the snmp-server filter command in Global Configuration mode to create or update a Simple Network Management Protocol (SNMP) server filter entry. To remove the specified SNMP server filter entry, use the no form of this command. Syntax snmp-server filter filter-name oid-tree {included | excluded} no snmp-server filter filter-name [oid-tree] • filter-name — Specifies the label for the filter record that is being updated or created. The name is used to reference the record.
The filter name may include any printable characters except a question mark. Enclose the string in double quotes to include spaces within the name. The surrounding quotes are not used as part of the name. The CLI does not filter illegal characters and may accept entries up to the first illegal character or reject the entry entirely. Per RFC 2573, configuring a filter adds an implicit exclude-all as the first entry in a filter record.
• • • • • • auth — Indicates authentication of a packet without encrypting it. Applicable only to the SNMP Version 3 security model. priv — Indicates authentication of a packet with encryption. Applicable only to the SNMP Version 3 security model. contextname — Provides different views of the system and provides the user a way of specifying that context. notifyview — Defines a string that is the name of the view that enables specifying an inform or a trap.
snmp-server host Use the snmp-server host command in Global Configuration mode to specify the recipient of Simple Network Management Protocol notifications. To remove the specified host, use the no form of this command. This command enters the user into SNMP-host configuration mode.
Default Configuration The default configuration is 3 retries, and 15 seconds timeout. No hosts are configured by default. No notifications are sent by default. If you enter this command with no keywords, the default is to send all trap types to the host in SNMPv1 format. No informs are sent to the host. If no version keyword is present, the default is Version 1.
Command History Added documentation updates in the 6.6.1 firmware release. Syntax updated in version 6.7.0 firmware. snmp-server location Use the snmp-server location command in Global Configuration mode to set the system location string. To remove the location string, use the no form of this command. Syntax snmp-server location text no snmp-server location • text — Character string describing the system location. (Range: 1 to 255 characters.
Syntax snmp-server user username groupname [remote engineid-string] [ { authmd5 password | auth-sha password | auth-md5-key md5-key | auth-sha-key sha-key } [priv-des password | priv-des-key des-key | priv-aes128 password | priv-aes128-key aes-key ] ] no snmp-server user username • username — Specifies the name of the user on the host that connects to the agent. (Range: 1-32 characters.) • groupname — Specifies the name of the group to which the user belongs. (Range: 1-40 characters.
Default Configuration No user entry exists. Command Mode Global Configuration mode User Guidelines If the SNMP local engine ID is changed, configured users will no longer be able to connect and will need to be re-configured (deleted from the configuration and added back). Use of MD5 authentication in conjunction with AES privacy is discouraged as it results in a weak cypher. Utilize SHA authentication when using AES privacy.
no snmp-server view view-name [oid-tree ] • view-name — Specifies the label for the view record that is being created or updated. The name is used to reference the record. (Range: 1-30 characters.) • oid-tree — Specifies the object identifier of the ASN.1 subtree to be included or excluded from the view. To identify the subtree, specify a text string consisting of numbers, such as 1.3.6.2.4, or a word, such as system.
console(config)# snmp-server view user-view ifEntry.*.1 included console(config)#snmp-server view "A beautiful view!" 1.1.2.1 included snmp-server v3-host Use the snmp-server v3-host command in Global Configuration mode to specify the recipient of Simple Network Management Protocol Version 3 (SNMPv3) notifications. To remove the specified host, use the no form of this command.
• • port — UDP port of the host to use. The default is 162. (Range: 165535.) filtername — A string that is the name of the filter that define the filter for this host. If unspecified, does not filter anything. (Range: 1-30 characters.) Default Configuration The default configuration is 3 retries and 15 seconds timeout. Command Mode Global Configuration mode User Guidelines The username can include any printable characters except a question mark.
snmp-server source-interface Use the snmp-server source-interface command to select the interface from which to use the IP address in the source IP address field of transmitted SNMP traps and informs. Use the no form of the command to revert to the default IP address. Syntax snmp-server source-interface { loopback loopback-id | vlan vlan-id } no snmp-server source-interface • • loopback-id — A loopback interface identifier. vlan-id — A VLAN identifier.
console(config-if-vlan1)#exit console(config)#snmp-server source-interface vlan 1 Switch Management Commands 2281
SupportAssist Commands The commands in this section enable configuration of SupportAssist. eula-consent Use the eula-consent command to accept or reject the end-user license agreement (EULA) for the SupportAssist service. Syntax eula-consent {support-assist} {accept | reject} • • • support-assist—Enter the keyword support-assist to either accept or reject the EULA for the SupportAssist service. accept — Accepts the EULA for the specified service. reject — Rejects the EULA for the specified service.
Example Example 1 console(config)# eula-consent support-assist accept I accept the terms of the license agreement. You can reject the license agreement by configuring this command 'eula-consent support-assist reject'. By installing SupportAssist, you allow Dell to save your contact information (e.g. name, phone number and/or email address) which would be used to provide technical support for your Dell products and services.
contact-company Use the contact-company command to configure the contact information to be sent to the SupportAssist server. Use the no form of the command to remove the contact information. Syntax contact-company name company street-address streetaddress address city city country country postcode postcode • company — The company for the technical contact person. Maximum of 256 printable characters. • streetaddress — The street address for the technical contact person.
Command History Introduced in version 6.3.0.1 firmware. Example console(config)# support-assist console(conf-support-assist)#contact-company name “Dell Inc.“ street-address “5 Round Rock Way“ city “Round Rock, TX“ country USA postcode 78665 contact-person Use the contact-person command to configure the contact information to be sent to the SupportAssist server. Use the no form of the command to remove the contact information.
User Guidelines The email address must conform to RFC 5322 sections 3.2.3 and 3.4.1 and RFC 5321. Additionally, the character set is further restricted to ASCII characters. This information is transmitted to Dell if the SupportAssist service is enabled. This command can be executed multiple times. It overwrites the previous information each time. The collected information is stored in the runningconfig. The administrator must write the configuration in order to persist it across reboots.
User Guidelines Only one SupportAssist server may be enabled. If contact with the server fails, the switch sleeps for the quiet period (default 1 hour) before attempting contact again. Command History Introduced in version 6.3.0.1 firmware. Example console(config)# support-assist console(conf-support-assist)#server New-Server console(conf-support-assist-NewServer)#enable proxy-ip-address Use the proxy-ip-address command to configure a proxy server to be used to contact the SupportAssist servers.
Default Configuration By default, no proxy is configured. By default, passwords are entered as unencrypted and are always displayed and stored encrypted Command Mode Support Assist Configuration User Guidelines Passwords are always stored and displayed as encrypted, even if entered in unencrypted format. Command History Introduced in version 6.3.0.1 firmware. server Use the server command to configure a SupportAssist server and enter SupportAssist server configuration mode.
Command Mode Support Assist Configuration User Guidelines The server-name is used as a reference only and is not required to be used as part of a URL definition. Up to four additional servers may be configured. Use the exit command to exit from Support Assist Server configuration mode. Command History Introduced in version 6.3.0.1 firmware.
Command History Introduced in version 6.3.0.1 firmware. Example console#show eula-consent support-assist SupportAssist EULA has been: Accepted Additional information about the SupportAssist EULA is as follows: By installing SupportAssist, you allow Dell to save your contact information (e.g. name, phone number and/or email address) which would be used to provide technical support for your Dell products and services.
Default Configuration This command has no defaults. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines There are no guidelines for this command. Command History Introduced in version 6.3.0.1 firmware. Example console# show support-assist status SupportAssist: Enabled SupportAssist Server: https://stor.g3.ph.dell.com (resolved) EULA: Accepted Proxy Server: 172.167.33.
Default Configuration By default, a server named “default” is configured. It may be disabled by the administrator. Command Mode Global Configuration User Guidelines This command enters support-assist-conf mode. It allows the administrator to configure SupportAssist information. The configured information is stored in the running config. Use the write command to save the information into the startup-config. Command History Introduced in version 6.3.0.1 firmware.
Syntax url uniform-resource-locator no url uniform-resource-locator — A text string for the URL using one of the following formats: http://[username:password@]:/ https://[username:password@]:/ Default Configuration By default, no URL is configured. Command Mode Support Assist Configuration User Guidelines The hostip for the server may be specified as an IPv4 address, an IPv6 address or as a DNS hostname.
SYSLOG Commands The Dell EMC Networking supports a centralized logging service with support for local in-memory logs, crash dump logs, and forwarding messages to SYSLOG servers. All switch components use the logging service.
<189> Oct 24 02:10:26 10.27.23.197-1 CMDLOGGER[emWeb]: cmd_logger_api.c(83) 438 %% NOTE CLI:EIA-232::logging buffered info If enabled, the CLI command logger subsystem begins to log commands immediately after the user is authenticated. After authentication, the CLI generates an explicit message and invokes the command logger. The format of the message at login is: <189> Jan 10 18:58:56 10.27.21.22-2 CMDLOGGER[209809328]: cmd_logger_api.c(83) 361 %% NOTE CLI:10.27.21.
clear logging file Use the clear logging file command to clear messages from the logging file. Syntax clear logging file Default Configuration There is no default configuration for the command. Command Mode Privileged Exec User Guidelines This command has no user guidelines. Example The following example shows the clear logging file command and confirmation response.
Command Mode Logging mode User Guidelines After entering the view corresponding to a specific SYSLOG server, the command can be executed to set the description of the server. Example The following example sets the SYSLOG server description. console(config-logging)#description "syslog server 1" level Use the level command in Logging mode to specify the severity level of SYSLOG messages. To reset to the default value, use the no form of the command.
is voluminous, cryptic, and because of the large number of messages generated, can adversely affect switch operations. Only set the logging level to debug under the direction of support personnel. Example The following example sets the SYSLOG message severity level to alert. console(config-logging)#level alerts logging cli-command Use the logging cli-command in Global Configuration mode to enable CLI command logging.
File Logging: Level emergencies. Messages : 0 logged, 323 ignored Switch Auditing : enabled CLI Command Logging: disabled Web Session Logging : disabled SNMP Set Command Logging : disabled Logging facility level : local7 0 Messages dropped due to lack of resources Buffer Log: <189> Jan 10 18:59:09 10.27.21.22-2 CMDLOGGER[209809328]: cmd_logger_api.c(83) 367 %% NOTE CLI:EIA-232:----:configure <190> Jan 10 18:59:17 10.27.21.22-2 CLI_WEB[209809328]: cmd_logger_api.
• • anon—Use anonymous authentication (that is, anonymous mode with no authentication). x509—Use mutual authentication (both client and server side). An optional certificate index can be used to identify a specific server and client certificate pair. Default Configuration When enabling x509 authentication, a default (non-indexed) certificate pair is used if present and no certificate index has been specified. The default SYSLOG server port number is 514.
<190> Jan 01 00:00:06 0.0.0.0-1 General[fp_main_task]: bootos.
Sequence Number The message sequence number for this stack component. Sequence numbers may be skipped because of filtering but are always monotonically increasing on a per stack member basis. Severity The message severity. One of: EMER - Emergency, ALRT Alert, CRIT - Critical, ERR - Error, WARN - Warning, NOTE Notice, INFO - Informational, DBG - Debug Message An informative message regarding the event. Example The following example configures the named server as an available SYSLOG server.
Syntax logging buffered [severity–level] no logging buffered • severity–level—(Optional) The number or name of the desired severity level. Range: – [0 | emergencies] – [1 | alerts] – [2 | critical] – [3 | errors] – [4 | warnings] – [5 | notifications] – [6 | informational] – [7 | debugging] Default Configuration The default value for level is informational. Command Mode Global Configuration mode User Guidelines All the SYSLOG messages are logged to the internal buffer.
logging console Use the logging console command in Global Configuration mode to limit messages logged to the console based on severity. To disable logging to the console terminal, use the no form of this command. Syntax logging console [severity–level] no logging console • severity–level—(Optional) The number or name of the desired severity level.
Example The following example limits messages logged to the console based on severity level “alerts”. console(config)#logging console alerts logging facility Use the logging facility command in Global Configuration mode to configure the facility to be used in log messages. Syntax logging facility facility no logging facility • facility—The facility that will be indicated in the message. (Range: local0, local1, local2, local3, local4, local5, local6, local7).
Syntax logging file [severity–level-number | type] no logging file • severity–level—(Optional) The number or name of the desired severity level. Range: – [0 | emergencies] – [1 | alerts] – [2 | critical] – [3 | errors] – [4 | warnings] – [5 | notifications] – [6 | informational] – [7 | debugging] Default Configuration The default severity level is emergencies.
Example The following example limits SYSLOG messages stored in the logging file to severity level “warnings” and above (numerically lower). console(config)#logging file warnings logging monitor Use the logging monitor command in Global Configuration mode to enable logging messages to telnet and SSH sessions at the specified severity level. Use the no logging monitor command to disable logging messages.
User Guidelines Use the terminal monitor command to enable the asynchronous display of system messages within an individual telnet or SSH session. Use the logging monitor command to globally configure the severity of logged messages within all telnet/SSH sessions. Messages logged telnet and SSH sessions are filtered based on severity. Selecting a severity level will log that severity and higher (numerically lower) level messages.
logging protocol Use this command to log messages in RFC5424 format, including time zone and subsecond resolution time stamps. Use the no form of this command to set the logging to the default format. Syntax logging protocol {protocol-selector} no logging protocol • protocol-selector—One of the following: – 0 – Generate RFC3164 format messages – 1 – Generate RFC5424 format messages Default Configuration Messages are logged in RFC3164 format by default (logging protocol 0).
console(config)#logging protocol 0 console(config)# <190> Oct 18 07:09:15 0.0.0.0-1 RADIUS[radius_task]: radius_api.c(10450) 58 %% INFO RADIUS: Sending RADIUS server state change event to interested users: 1 <189> Oct 18 07:09:15 0.0.0.0-1 TRAPMGR[trapTask]: traputil.c(721) 26 %% NOTE Unit 1 is the new management unit in the stack, Old management unit in the stack unit is 0 The following example shows the logging format when logging protocol is set to 1.
no logging snmp Default Configuration By default, logging snmp is disabled. Command Mode Global Configuration mode User Guidelines To see SNMP Set command logs use the show logging command. Example console(config)#logging snmp logging source-interface Use the logging source-interface command to select the interface from which to use the IP address in the source IP address field of transmitted SYSLOG packets. Use the no form of the command to revert to the default IP address.
User Guidelines This command is not supported on Dell EMC N1100-ON switches. Dell EMC N1100-ON switches support configuration of a single IP address in interface vlan configuration mode. That IP address is used as the source interface address for this function.. Command History Introduced in version 6.3.0.1 firmware.
– info (6) – debug (7) Default Configuration The default severity level is info(6). Command Mode Global Configuration mode User Guidelines You can filter log messages that appear in the buffered log by severity level. You can specify the severity level of log messages that are e-mailed.
Example console(config)#logging web-session <133> Jan 12 13:51:55 10.130.185.29-6 CLI_WEB[emWeb]: cmd_logger_api.c(140) 9788 %% NOTE WEB:10.130.65.150:admin:session[0] created <133> Jan 12 13:51:55 10.130.185.29-6 CLI_WEB[emWeb]: cmd_logger_api.c(140) 9789 %% NOTE WEB:10.130.65.150:admin:User admin logged in port Use the port command in Logging Configuration mode to specify the port number of a SYSLOG server to which SYSLOG messages are sent. To reset to the default value, use the no form of the command.
show logging Use the show logging command to display all logging information, including auditing status and logging protocol version. Syntax show logging Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Command History Updated output in version 6.5.
SYSLOG Server Details: 0.0.0.0 : Level informational. Messages : 0 dropped 0 Messages dropped due to lack of resources Buffer Log: <186> Oct 18 07:09:12 0.0.0.0-1 General[fp_main_task]: bootos.c(191) 10 %% CRIT Event(0xaaaaaaaa) <189> Oct 18 07:09:12 0.0.0.0-1 BSP[fp_main_task]: bootos.c(175) 9 %% NOTE BSP initialization complete, starting switch firmware. <190> Oct 18 07:09:12 0.0.0.0-1 OSAPI[fp_main_task]: osapi_crash.c(1297) 8 %% INFO Oldest crashlog (5) will be deleted if another crash happens.
Syntax show logging file Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the state of logging messages sorted in the logging file.
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines. Example The following example displays the SYSLOG server settings. console#show syslog-servers IP address Port Severity Description ---------------------------------------------192.180.2.275 14 Info 7 192.180.2.
User Guidelines Use the terminal monitor command enables system messages to be displayed in a Telnet or SSH session. Use the no terminal monitor command to disable the display of system messages on the terminal for Telnet and SSH sessions. Use the logging monitor command to display logging messages in a Telnet or SSH session. Terminal monitor and logging monitor are enabled on console sessions by default.
System and Stack Management Commands asset-tag Use the asset-tag command in Global Configuration mode to specify the switch asset tag. To remove the existing asset tag, use the no form of the command. Syntax asset-tag [unit] tag no asset-tag [unit] • • unit — Switch number. (Range: 1–) tag — The switch asset tag. Default Configuration No asset tag is defined by default.
console(config)# asset-tag 1qwepot banner exec Use the banner exec command to set the message that is displayed after a successful login. Use the no form of the command to remove the set message. Syntax banner exec MESSAGE no banner exec • MESSAGE — Quoted text Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The exec message may consist of multiple lines. Enter a quote to complete the message and return to configuration mode.
no banner login • Message — Quoted text Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The login banner can consist of multiple lines. Enter a quote to end the banner text and return to the configuration prompt. Up to 2000 characters may be entered into a banner. Each line entered will consume an extra two characters to account for the carriage return and line feed.
Command Mode Global Configuration User Guidelines The motd banner can consist of multiple lines. Enter a quote to end the banner text and return to the configuration prompt. Up to 2000 characters may be entered into a banner. Each line entered will consume an extra two characters to account for the carriage return and line feed. The motd banner is usually displayed prior to logging into the switch, although some protocols, for example SSH, may enforce different behavior.
User Guidelines Various terminal emulators exhibit different behaviors with regards to the MOTD and the acknowledge prompt, for example, TeraTerm and putty. There are also different behaviors based upon the protocol used (SSH versus telnet). See below for some examples where the MOTD prompt occurs either before or after the acknowledge prompt. The banner motd in this example is “If you need to utilize this device or otherwise make changes to the configuration, you may contact Kevin at x911.
[root@kevin ~]# ssh 192.168.12.84 -l dellradius If you need to utilize this device or otherwise make changes to the configuration, you may contact Kevin at x911. Please, be advised this unit is under test by Kevin. dellradius@192.168.12.84's password: Press 'y' to continue (within 30 seconds) (y/n) Welcome to the N3024 in the Bottom Chassis - 192.168.12.190. This unit is located in A2 and is currently under test.
Syntax buffers {rising-threshold rising-threshold-val | falling-threshold fallingthreshold-val | severity severity-level} no buffers {rising-threshold | falling-threshold | severity } • • • rising-threshold-val—The rising message buffer threshold over which a trap will be issued. This is a percentage of messages buffers utilized and ranges from 0 to 100. falling-threshold-val—The falling threshold value.
The falling-threshold-val should be configured to be less than or equal to the rising-threshold-val. Command History Introduced in version 6.2.0.1 firmware. Example console(config)#buffers rising-threshold 90 clear checkpoint statistics Use the clear checkpoint statistics command to clear the statistics for the checkpointing process. Syntax clear checkpoint statistics Default Configuration This command has no default configuration.
Syntax clear counters stack-ports Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines This command resets all statistics shown by the show switch stack-ports counters and the show switch stack-ports diag commands. Example console#clear counters stack-ports connect Use this command to connect the serial console of a different stack member to the local unit.
User Guidelines This command is available from the Unit prompt on a member unit serial port. The user need not be currently connected over the serial port to connect to another unit. The stack member being connected to must be up and running and connected as part of the stack. This command connects the the serial console from the target stack member to the local unit. There is only one console session allowed per stack.
Command Mode Privileged Exec mode. User Guidelines This command forcibly logs out and disconnects a Telnet, SSH, HTTP or HTTPs session. Use the show sessions command to display the session identifier. The session identifier ranges from 0-42. The all parameter disconnects all telnet, SSH, HTTP or HTTPs sessions. It is not possible to disconnect the EIA-232 (serial console) session. exit Use this command to disconnect the serial connection to a remote unit.
To disconnect a remote session to a stack member established from the stack manager. Stack-Primary#connect 2 Remote session started. Type “exit” to exit the session. (Unit 2 - CLI unavailable - please connect to primary on Unit 1)>exit Stack-Primary# Example 2: To disconnect a remote session to the management unit in the stack established from a stack member.
hardware profile portmode {1x100g | 2x50g | 4x25g } no hardware profile portmode The available modes depend on the platform. N2200 only: • • 1x40g: Configure the port as a single 40G port using four lanes. 4x10g: Configure the port as four 10G ports, each on a separate lane. N3200 only: • • • • 1x100g: Configure the port as a single 1x100G port using one lane. 2x50g: Configure the port as two 50G ports, each on a separate lane. AN is not supported.
On the N3200, AN is supported in 25G and 100G modes only. The port will not link up if configured for 2x50G breakout with AN enabled. NOTE: This command does not operate in interface range mode. NOTE: This command is only valid on the N2200-ON and N3200-ON switches. It issues an error response if used on any other switch model. On the N2200, the switch must be rebooted for the command to take effect. Example Change N3200 2x50G stacking ports to 100G Ethernet.
Command History Command updated in firmware release 6.6.2. 40G ports removed in release 6.7.0 firmware. hostname Use the hostname command in Global Configuration mode to specify or modify the switch host name. To restore the default host name, use the no form of the command. Syntax hostname name no hostname • name — The name of the host. (Range: 1–255 characters) The command allows spaces in the host name when specified in double quotes. For example, #snmp-server v3-host “host name”.
initiate failover To manually force a failover from the management unit to the backup unit in a stack, use the initiate failover command in Stack Configuration mode. The initiate failover command checks for stack port errors and NSF synchronization prior to initiating failover. If stack port errors are found, or if the NSF status is not synchronized, a message is displayed and the user is prompted to continue or abort the operation (see example, below).
Example-Stack Port Errors console(config-stack)#initiate failover Warning! Stack errors detected on the following interfaces: Interface ---------------Gi1/0/1 Gi1/0/3 Error Count ---------------12 22 NSF Status: Not synchronized Stack port errors or lack of NSF synchronization may indicate a non-redundant stack topology exists. Fail-over on a non-redundant topology may cause the stack to split! Management unit will be reloaded.
User Guidelines This command has no user guidelines. Example console(config-if-Gi1/0/1)#load-interval 150 locate Use the locate command to locate a switch by LED blinking. Syntax locate [switch unit] [time time] • • switch unit—If multiple devices are stacked, you can choose which switch to identify. time time —LED blinking duration in seconds. Range 1-3600 seconds. Default Configuration Default value is 20 seconds.
logout Use this command to disconnect the serial connection to the remote unit on the stack member. Syntax logout Default Configuration There is no default configuration for this command. Command Modes User Exec mode on the management unit in the stack. Unit prompt on the stack member. User Guidelines This command is available in User Exec mode on the primary unit serial port and from the Unit prompt on member unit serial ports.
Stack-Primary>logout (Unit 2 - CLI unavailable - please connect to primary on Unit 1)> member Use the member command in Stack Configuration mode to preconfigure a switch stack member. Execute this command on the Management Switch. To remove a stack-member configuration from the stack, use the no form of the command. The no form of the command may not be used if the member is present in the stack.
console(config-stack)# member 2 1 memory free low-watermark Use the memory free low-watermark command to configure the notification of a low memory condition on the switch. for the issuance of the CPU overload SNMP trap and notification via a SYSLOG message. Use the no form of the command to return the threshold to its default value.
Example This example sets the notification for low memory at 1 megabyte. A notice message and trap will be issued if free memory falls below 1M and another notice message and trap will be issued when free memory rises above 1M. console(config)#memory free low-watermark processor 1000 nsf Use this command to enable non-stop forwarding. The no form of the command will disable NSF. Syntax nsf no nsf Default Configuration Non-stop forwarding is enabled by default.
Syntax ping [vrf vrf-name] {[ ip ]ip-address | hostname | { ipv6 { interface interface-id | vlan vlan-id | loopback loopback-id | out-of-band | tunnel tunnel-id} link-local-address | ipv6-address | hostname} [count count] [ interval interval] [ size size] [source { ip-address | ipv6-address | interface-id | vlan vlan-id | out-of-band}] • • • • • • • • • • • • • • ip-address—The IPv4 address to ping. ipv6-address—The IPv6 address to ping. link-local-address — The link local IPv6 address to ping.
Default Configuration The default mode is IPv4. The command defaults to an IPv4 address. The default ping count is 4. The default interval is 1 second. The default packet size is 0 data bytes. The packet size is specified in bytes and refers to the packet payload, not the frame size. Packets are padded to extend the frame to the minimum legal frame length by default.
If a host name is specified, a DNS server must be configured locally on the switch and the host name must resolve to an IPv4/IPv6 address as appropriate for the syntax entered. The command allows spaces in the host name when specified in double quotes, even though host names may only consist of letters, numbers and the hyphen character. The hostname parameter may be a fully or partially qualified domain name. A hostname consists of a series of labels separated by periods.
Reply From 2030:1::1: icmp_seq = 2. time <10 msec. Reply From 2030:1::1: icmp_seq = 3. time <10 msec. process cpu threshold Use the process cpu threshold command to configure the rising and falling thresholds for the issuance of the CPU overload SNMP trap and notification via a SYSLOG message. Use the no form of the command to return the thresholds to their default values.
EMWA(current_period) = EMA(prev_period) + (currentUtilization – EMA(prev_period)) * weight where weight = 2 / ((TotalTimePeriod/samplePeriod) + 1). The sample period is 5 seconds. The utilization monitoring time period can be configured from 5 secs to 86400 seconds in multiples of 5 seconds. Setting a threshold or interval to 0 disables that individual function. The falling-threshold percentage should be configured to be less than or equal to the rising-threshold percentage.
Default Configuration There is no default configuration for this command. Command Modes User Exec mode on the management unit in the stack. Unit prompt on the stack member. User Guidelines This command is available in User Exec mode on the primary unit serial port and from the Unit prompt on member unit serial ports. The user need not be currently connected over the serial port to connect to another unit. The stack member being connected to must be up and running and connected as part of the stack.
The reload command checks for stack port errors prior to reloading stack members and after the check for unsaved configuration changes. If stack port errors are found, a message is displayed. Syntax reload [stack–member–number] • stack–member–number—The stack member to be reloaded. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode User Guidelines If no unit is specified, all units in a stack are reloaded.
Warning! Stack port errors detected on the following interfaces: Interface Error Count ---------------- ---------------Gi1/0/1 12 Gi1/0/3 22 Stack port errors may indicate a non-redundant stack topology exists. Failover on a non-redundant topology may cause the stack to split! Are you sure you want to reload the stack? (y/n) service unsupported-transceiver Use this command to avoid the following on using an unsupported optic. • • Logging of a message. Generation of SNMP trap.
Example The following example bypasses logging of a message and trap generation on inserting or removing an optics not qualified by Dell. console(config)# service unsupported-transceiver set description Use the set description command in Stack Configuration mode to associate a text description with a switch in the stack. Syntax set description unit description • • unit — The switch identifier. (Range: 1–) description — The text description.
supported cardtype) indicating the type of card being preconfigured in the specified slot. The card index is a 32-bit integer. If a card is currently present in the slot that is unconfigured, the configured information will be deleted and the slot will be reconfigured with default information for the card.
Default Configuration This command has no default configuration. Command Mode Global Configuration User Guidelines The card index (CID) can be obtained by executing the show supported cardtype command. Administrators may issue multiple consecutive slot commands addressing a particular unit/slot without issuing an intervening no slot command. Example console(config)#slot 1/3 3 console(config)#slot 1/3 4 show banner Use the show banner command to display banner information.
Line Console...................... Enable Line SSH.......................... Disable Line Telnet....................... Enable ===exec===== Banner:Login Line Console...................... Enable Line SSH.......................... Enable Line Telnet....................... Disable ===login===== Banner:MOTD Line Console...................... Enable Line SSH.......................... Enable Line Telnet.......................
Command History Introduced in version 6.2.0.1 firmware. Example console#show buffers Message Buffer Utilization -------------------------0 of 246 total buffers used Receive Attempts Failures %Failure ------------------------------------------------Norm 0 0 0% Mid2 0 0 0% Mid1 0 0 0% Mid0 0 0 0% High 0 0 0% Transmit Attempts Failures %Failure ------------------------------------------------All 145 0 0% Monitoring Parameters --------------------Rising Threshold................................
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines When nonstop forwarding is enabled on a stack, the stack's management unit checkpoints operational data to the backup unit. If the backup unit takes over as the management unit, the control plane on the new management unit uses the checkpointed data when initializing its state. Checkpoint statistics track the amount of data checkpointed from the management unit to the backup unit.
User Guidelines This command is not available on N1100-ON/N1500/N2000/N2100ON/N2200-ON/N3000-ON/N3100-ON/N3200-ON switches. Example Console#show cut-through mode Current mode : Enable Configured mode : Disable (This mode is effective on next reload) show hardware profile portmode Use the show hardware profile portmode command to display the hardware profile information for the hardware configurable ports.
40G Interfaces -----------Fo1/0/25-28 10G Interfaces -----------Te1/0/25-28 Cfg Mode -----4x10G Running Mode ------1x100G console#show hardware profile portmode on1/0/1 100G Interfaces -------------On1/0/25-28 1x100G 50G 40G 25G 10G Cfg Running Interfaces Interfaces Interfaces Interfaces Mode Mode ------------ ------------ ------------ ------------ ------ ---Fi1/0/25-28 Fo1/0/25-28 Tw1/0/25-28 Te1/0/25-28 1x100G Command History N2200 capability added in the 6.6.1 firmware release.
Example The following example shows the optic parameters in user readable format. console#show idprom interface tengigabitethernet 1/0/9 Type.............................. Media............................. Serial Number..................... Dell EMC Qualified................ SFP+ 10GBASE-LRM ANF0L5J Yes The following example shows the optic parameters, but not the IDPROM content as the entered activation code in incorrect. console#show idprom interface tengigabitethernet 1/0/9 debug abc Type.............
Input/output rate statistics are collected every 10 seconds. The RX and TX utilization (sum of the individual active links) is shown for port-channels. The utilization is measured in kilobits per second. Command History Updated examples and guidelines in version 6.5 firmware. Example The following example shows the output for a 1G interface: console#show interfaces gi1/0/1 Interface Name : .............................. Gi1/0/1 SOC Hardware Info :............................ BCM56342_A0 Link Status : ....
Total Received Packets Not Forwarded........... Total Packets Transmitted Successfully......... Unicast Packets Transmitted.................... Multicast Packets Transmitted.................. Broadcast Packets Transmitted.................. Transmit Packets Discarded..................... Total Transmit Errors.......................... Total Transmit Packets Discarded............... Single Collision Frames........................ Multiple Collision Frames...................... Excessive Collision Frames......
Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command is only applicable to firmware upgradable interfaces. 1G interfaces are never shown in the command output. Some 10G interfaces may show as not firmware upgradable.
Example console#show memory cpu Total Memory........................... 262144 KBytes Available Memory Space................. 121181 KBytes show msg-queue Use the show msg-queue command to display the internal message queue allocations. Syntax show msg-queue Default Configuration This command has no default configuration. Command Mode Privileged Exec, Global Configuration mode, and all sub-modes User Guidelines The following information is displayed.
Command History Command introduced in firmware release 6.6.1. show nsf Use the show nsf command to show the status of non-stop forwarding. Syntax show nsf Default Configuration This command has no default configuration.
Parameter Description Range Default Last Startup Reason The type of activation that caused the software to start the last time. There are four options. “Power-On” means that the switch rebooted. This could have been caused by a power cycle or an administrative “Reload” command. “Administrative Move” means that the administrator issued a command for the stand-by manager to take over.
Parameter Description Range Time Since Last Copy When the running configuration was last copied from the management unit to the backup unit. Time Stamp Time Until Next Copy 0 - 120 seconds The number of seconds until the running configuration will be copied to the backup unit. This line only appears when the running configuration on the backup unit is Stale. Default Example The show nsf command is used to display which unit is the management unit and which is the backup unit.
Syntax show power-usage-history • unit-id—Stack unit for which to display the power history. Range 1–. Default Configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines Power draw is measured at the power supplies. Power draw is not measured at the interfaces. This command is not available on the Dell EMC Networking N1100-ON Series switches.
Syntax show process app-list Default Configuration This command does not have a default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed. Fields Description ID Application ID assigned by the Process Manager. Name Application Name PID Application Linux Process ID. Admin-Status Flag indicating if the application is administratively enabled.
2 syncdb-test 0 Disabled Disabled Stopped show process app-resource-list This command lists the configured and in-use resources for each application known to the Process Manager. Syntax show process app-resource-list Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed.
Command History Introduced in version 6.2.0.1 firmware. Example console#show process app-resource-list Memory CPU Memory Max Mem ID Name PID Limit Share Usage Usage ---------------------------------------------------------------------1 switchdrvr 280 Unlimited Unlimited 256MB 280MB 2 syncdb-test 0 10MB 20% 0MB 0MB show process cpu Use the show process cpu command to check the CPU utilization for each process currently running on the switch.
CPU Utilization: PID Name 5 Sec 1 Min 5 Min --------------------------------------------------------328bb20 tTffsPTask 0.00% 0.00% 0.02% 3291820 tNetTask 0.00% 0.00% 0.01% 3295410 tXbdService 0.00% 0.00% 0.03% 347dcd0 ipnetd 0.00% 0.00% 0.01% 348a440 osapiTimer 1.20% 1.43% 1.21% 358ee70 bcmL2X.0 0.40% 0.30% 0.12% 359d2e0 bcmCNTR.0 0.80% 0.42% 0.50% 3b5b750 bcmRX 0.00% 0.13% 0.12% 3d3f6d0 MAC Send Task 0.00% 0.07% 0.10% 3d48bd0 MAC Age Task 0.00% 0.00% 0.03% 40fdbf0 bcmLINK.0 0.00% 0.14% 0.
Syntax show process proc-list Default Configuration There is no default configuration for this command. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The following fields are displayed. Fields Description PID Application Linux Process ID Process-Name Linux process name Application ID-VRID-Name Name of the application that started the process and the application ID assigned by the Process Manager.
Command History Introduced in version 6.2.0.1 firmware. Example console##show process proc-list Process Application VM Size VM Peak PID Name ID-VRID-Name Child (KB) (KB) FD Count ----------------------------------------------------------------280 switchdrvr 1-0-switchdrvr No 220992 230724 36 281 syncdb 2-0-syncdb No 2656 2656 8 281 proctest 3-55-proctest No 2656 2656 8 show router-capability Use this command to display the router capabilities of the loaded firmware image.
This example displays the capabilities of an N3000-ONBGPv6.3.x.x firmware mixed stacking build. console#show router-capability This firmware supports a stack of up to eight switches. MVRP/MMRP capabilities are not available. show sessions Use the show sessions command to display a list of the open sessions from remote hosts. Syntax show sessions Default Configuration This command has no default configuration.
Field Description Session ID The session identifier. Use with the disconnect command. User Name The login ID associated with the session. Connection from The origin of the connection. Idle Time The elapsed time since session activity was last detected. Session Time The elapsed time since the session was connected. Session Type The type of connection (Serial, Telnet, SSH, HTTP, HTTPS).
The following table explains the output parameters. Parameter Description Slot The slot identifier in a slot/port format. Slot Status The slot is empty, full, or has encountered an error. Admin State The slot administrative mode is enabled or disabled. Power State The slot power mode is enabled or disabled. Configured Card Model Identifier The model identifier of the card preconfigured in the slot. Model identifier is a 32-character field used to identify a card.
1/0 1/1 Full Empty Enable Enable Dell Networking N4032 Disable Disable No Yes Command History Description updated in the 6.4 release. show supported cardtype Use the show supported cardtype command to display information about all card types supported in the system. Syntax show supported cardtype [cardindex] • cardindex — Displays the index into the database of the supported card types. This index is used when preconfiguring a slot. Default Configuration This command has no default configuration.
Parameter Description Card Index (CID) The index into the database of the supported card types. This index is used when preconfiguring a slot. Card Model Identifier The model identifier for the supported card type. If you supply a value for cardindex, the following additional information appears as shown in the table below. Parameter Description Card Type The 32-bit numeric card type for the supported card. Model Identifier The model identifier for the supported card type.
Command History Description updated in the 6.4 release. show supported switchtype Use the show supported switchtype command to display information about all supported switch types. Syntax show supported switchtype [switchindex] • switchindex — Specifies the index into the database of the supported switch types, indicating the type of the switch being preconfigured. The switch index is a 32-bit integer. (Range: 0–65535) Default Configuration This command has no default configuration.
Field Description Code Version This field displays the code load target identifier of the switch type. The following table describes the fields in the second example. Field Description Switch Type This field displays the 32-bit numeric switch type for the supported switch. Model Identifier This field displays the model identifier for the supported switch type. Switch Description This field displays the description for the supported switch type.
Slot........................... 1 Card Index (CID)............... 6 Model Identifier............... Dell SFP+ Card Slot........................... 1 Card Index (CID)............... 7 Model Identifier............... Dell 10GBase-T Card show switch Use the show switch command to display information about units in the stack.
Command Mode User Exec, Privileged Exec, Global Configuration mode and all Configuration submodes User Guidelines The show switch command shows the configuration and status of the stacking units, including the active and standby stack management units, the pre-configured model identifier, the plugged in model identifier, the switch status and the current code version.
Unit Description Switch This field displays the unit identifier assigned to the switch. Management Status This field indicates whether the switch is the Management Switch, a stack member, or the status is unassigned. Switch Type This field displays the 32-bit numeric switch type. Preconfigured Model Identifier This field displays the model identifier for this switch. Model Identifier is a 32-character field assigned by Dell to identify the switch.
Unit Description Up Time This field displays the system up time. The additional fields in the all units example are as follows: Unit Description Switch This field displays the unit identifier assigned to the switch. Management Status This field indicates whether the switch is the Management Switch, a stack member, or the status is unassigned. Standby Status This field indicates whether the switch is the Standby Switch.
Examples Example – Stack Status for the Switch console#show switch 1 Switch............................ Management Status................. Switch Type....................... Preconfigured Model Identifier.... Plugged-in Model Identifier....... Switch Status..................... Switch Description................ Detected Code Version............. Detected Code in Flash............ SFS Last Attempt Status........... Serial Number..................... Up Time...........................
Example-Stacking Links Path This command tracks the path a packet may take when traversing stacking links. The command shows active paths only, not those that may be taken after a stack failover or stack reconvergence. console#show switch stack-ports stack-path 3 1 Packet-path from unit 3 to unit 1: 1 2 unit-3 port gi3/0/49 to unit-2 unit-2 port gi2/0/49 to unit-1 Example – Switch Firmware Stack Status The following example displays the Switch Firmware stack status information for the switch.
--- ---------- --------- ------------- ------------- ------------- --------1 Mgmt Sw N4032F N4032F SDM Mismatch 10.7.14.21 Example – show switch stack–ports diag { verbose } console#show switch stack-ports diag 1 verbose ----------------------------------------HPC RPC statistics/counters from unit 1 ----------------------------------------Registered functions........................... Client requests................................ Server requests................................
Transmit pending count......................... Current number of TX waits..................... Rx transactions created........................ Rx transactions freed.......................... Rx transactions freed(raw)..................... Tx transactions created........................ BET Rx dropped pkts count...................... ATP Rx dropped pkts count...................... Failed to add key pkt count.................... Source lookup failure count....................
Tx failed pkt count............................ 0 --------------------------------------RLink statistics/counters from unit 1 --------------------------------------State initialization........................... L2 notify in pkts.............................. L2 notify in pkts discarded.................... L2 notify out pkts ............................ L2 notify out pkts discarded................... Linkscan in pkts............................... Linkscan in pkts discarded.....................
RFCS RJBR size RUND TFCS : : 2 : : Received Frame Check Sequence Errors Received Jabber Errors to 63 bytes Received Undersize Packets Transmit Frame Check Sequence Errors RFRG : Received Fragment Errors RUNT : Received Packets with ROVR : Received Oversize Packets TERR : Transmit Errors 1 - Tw1/0/1: RBYT:4132621 RPKT:6525 TBYT:3108325 TPKT:6395 RFCS:0 RFRG:0 RJBR:0 RUND:0 RUNT:0 TFCS:0 TERR:0 1 - Tw1/0/2: RBYT:0 RPKT:0 TBYT:0 TPKT:0 RFCS:0 RFRG:0 RJBR:0 RUND:0 RUNT:0 TFCS:0 TERR:0 Command History Synt
Example console#show system System Description: Dell Networking Switch System Up Time: 0 days, 03h:02m:30s System Contact: System Name: System Location: Burned In MAC Address: 001E.C9DE.B41B System Object ID: 1.3.6.1.4.1.674.10895.
---------------------Device Not Present show system fan Use the show system fan command to explicitly display the fan status. Syntax show system fan Default Configuration This command has no default configuration. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines This command has no user guidelines.
Default Configuration This command has no default configuration. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The tag information is on a switch by switch basis. Example The following example displays the system service tag information.
User Guidelines This command is only available on switches with a power monitoring circuit. It is not available on the Dell EMC Networking N1100-ON Series switches. Examples console#show system power Power Supplies: Unit Description ---1 1 1 ----------System PS-1 PS-2 Status Average Power (Watts) ----------- ---------Non-critical 39.8 Failure No Power N/A Current Power (Watts) -------39.
a range, the fans run at a reduced speed for the lower temperature part of the range and an increased speed for the higher temperature part of the range. Each range runs the fans at increasingly higher speeds for increasingly higher temperatures. Above the Critical status upper limit, the system is shut down. Typically, the shutoff temperature for the switch is 90-105° C.
• • • • • • • • • • • • • show switch stack-port counters show nsf show slot show interfaces advertise show interfaces advanced firmware show lldp remote-device all show interfaces counters errors show fiber-ports optical-transceiver show process cpu show ethernet cfm errors (N2200/N3000-ON/N3100-ON/N3200-ON series only) show power inline firmware-version show version show interfaces transceiver properties Syntax show tech-support [ bgp | bgp-ipv6 | ospf | ospfv3 | bfd ] [file | usb] • • • • • • • bgp —
User Guidelines The output of the show tech-support command combines the output of the following commands at a minimum: • • • • • • • • • • • • • • • show interfaces transceiver show power inline show switch stack-port counters show nsf show slot show interfaces advertise show interfaces advanced firmware show lldp remote-device all show interfaces counters errors show fiber-ports optical-transceiver show process cpu show ethernet cfm errors (N2200/N3000-ON/N3100-ON/N3200-ON series only) show power inline
***************** Show Version ****************** Switch: 1 System Description................ Dell Networking N4032, 6.0.0.0, Linux 2.6.32.9 Machine Description............... System Model ID................... Machine Type...................... Serial Number..................... Manufacturer...................... Operating System.................. Burned In MAC Address............. System Object ID.................. CPU Version....................... SOC Version....................... HW Version..........
The following example writes the tech-support output to a file on a USB stick. console#show tech-support usb Command History Description updated in the 6.4 release. show users Use the show users command to display information about the active users. Syntax show users [long] Default Configuration This command has no default configuration.
Administrative Profile(s): network-admin 1 ----False Administrative Profile(s): network-operator user show version Use the show version command in User Exec mode to displays the system version information. Syntax show version [unit ] • unit — The unit number. Default Configuration This command has no default configuration.
Software Capability............... Stack Limit = 12, VLAN Limit = 4093 unit active backup current-active next-active ---- ----------- ----------- -------------- -------------1 6.0.0.1 5.1.0.1 6.0.0.1 5.1.0.1 console#show version 2 SOC Version....................... HW Version........................ CPLD Version...................... Boot Version...................... BCM56842_B1 1 14 v1.0.
Default Configuration This command has no default mode. Command Mode Global Configuration mode User Guidelines If no stack configuration appears in the saved config, it is built at runtime and appears in the running config. The operator can save the stack configuration. Switches that do not match the saved config (are of a different type than as configured) after a reboot will show a config mismatch and do not join the stack. Units that do not join the stack will show their interfaces as detached.
Default Configuration By default, Ethernet ports are configured to operate in Ethernet mode. By default, stacking ports are configured to operate in stacking mode. The default port speed on the Dell EMC Networking N2100/N2200/N3000E/N3100 Series stacking ports is 21 Gigabit. The default speed on the Dell EMC Networking N2200 stacking ports is 40 Gigabit. The default speed on the N3200 stacking ports is 2 × 50 Gigabit.
The N3000-ON/N3100-ON/N3200-ON Series switches support up to twelve units configured in a stack and can only utilize the rear panel mini-SAS ports for stacking. The N2000/N2100-ON/N2200-ON Series switches support up to eight units configured in a stack using the fixed stacking ports. The N1100ON and N1500 Series switches support stacking up to four units in a stack and can utilize pairs of SFP+ ports for stacking.
Syntax stack-port interface-id shutdown no stack-port interface-id shutdown • interface-id—The stacking interface identifier. Default Configuration There no default configuration for this command. Command Modes Stack Configuration mode User Guidelines This command must be used with caution, as disabling a stack port causes the stack to attempt to reconverge. Ensure that the stack is in an active ring topology in order to avoid a stack split.
Syntax standby unit no standby • unit — Valid unit number in the stack. (Range: 1 - ) (less on stacks with a restricted stack size, for example, AdvLite). The range is limited to the number of units available on the stack. Default Configuration The default configuration is to allow the software to automatically select a standby unit. Command Mode Stack Configuration mode User Guidelines This unit comes up as the primary when the stack failover occurs.
• • oldunit — The current switch identifier. (Range: Dependent on Series/Model) newunit — The updated value of the switch identifier. (Range: Dependent on Series/Model) Command Mode Global Configuration mode User Guidelines Upon execution, the switch is configured with the configuration information for the new switch if any is available. The old switch configuration information is retained; however, the original switch will be operationally detached.
Syntax telnet {ip-address | hostname} [port] [keyword1......] • • • • ip-address—Valid IPv4 address of the destination host. hostname—Hostname of the destination host. (Range: 1–256 characters). port—A decimal TCP port number. keyword—One or more keywords from the keywords table in the user guidelines (see Keywords Table below). Keywords Table Options Description /debug Enable telnet debugging mode. /line Enable telnet linemode. /localecho Enable telnet localecho.
console#telnet 176.213.10.50 Trying 176.213.10.50... Connected to 176.213.10.50 Entering character mode... Escape character is'^^'. traceroute Use the traceroute command to discover the routers that packets traverse when traveling to their destination.
• • • • • port—The destination UDP port of the probe. This should be an unused port on the remote destination system (Range: 1–65535). size—The size, in bytes, of the payload of the Echo Requests sent (Range: 0–39936 bytes). src-ip-address—The IPv4 source address to use in the ICMP echo request packets. vlan-id—A valid VLAN interface. loopback-id—A configured loopback ID Default Configuration The default count is 3 probes. The default interval is 3 seconds. The default size is 0 data bytes.
The hostname parameter may be a fully or partially qualified domain name. A hostname consists of a series of labels separated by periods. Each label may be a maximum of 63 characters in length. The maximum length of the hostname parameter is 256 characters. Refer to RFC 1035 Section 2.3.1 for more information. Only IPv4 addresses are supported with the vrf parameter. The vrf parameter is only available on the N3000-ON/N3100-ON/N3200-ON switches.
• initTtl—The initial time-to-live (TTL); the maximum number of router hops between the local and remote system (Range: 1–255). the default is 1. • maxTtl—The largest TTL value that can be used (Range:1–255). The default is 30. This must be larger or equal to the value specified in initTtl. maxFail—Terminate the traceroute after failing to receive a response for this number of consecutive probes (Range: 1–255). interval—The timeout period.
Command Mode Privileged Exec mode User Guidelines Traceroute operates by sending a sequence of Internet Control Message Protocol (ICMP) echo request packets. The time-to-live (TTL) value, is used in determining the intermediate routers through which the packet flows toward the destination address. Routers decrement a packet’s TTL value and discard packets whose TTL equals 0. On discarding a packet, the router returns an ICMP time exceeded message to the source.
Syntax update bootcode [unit ] • unit —Unit number. Default Configuration By default, all units in the stack are updated. Command Mode Privileged Exec mode User Guidelines This command applies to the N1100/N1500/N2000/N2100-ON/N2200ON/N3000/N3100-ON/N3200-ON Series switches only. It is not required to update the boot code unless directed to do so in the release notes. Dell EMC Networking switches utilize a universal boot loader and do not contain version specific dependencies in the boot loader.
Telnet Server Commands The Telnet protocol (outlined in RFC 854) allows users (clients) to connect to multiuser computers (servers) on the network. Telnet is often employed when a user communicates with a remote login service. Telnet is the terminal emulation protocol in the TCP/IP suite. Telnet uses TCP as the transport protocol to initiate a connection between server and client.
Press 'y' to continue (within 30 seconds) (y/n) Welcome to the N3024 in the Bottom Chassis - 192.168.12.190. This unit is located in A2 and is currently under test. console 2 SSH (Linux Terminal): [root ~]# ssh 192.168.12.84 -l dellradius If you need to utilize this device or otherwise make changes to the configuration, you may contact the owner at x38525. Please, be advised this unit is under test. dellradius@192.168.12.
ip telnet server disable The ip telnet server disable command is used to enable/disable the Telnet service on the switch. Syntax ip telnet server disable no ip telnet server disable Command Mode Global Configuration User Guidelines No specific guidelines. Default Value This feature is enabled by default. Dell EMC Networking N-Series switches support the Telnet service over IPv4 and IPv6.
Command Mode Global Configuration User Guidelines The Telnet server TCP port should not be set to a value that might conflict with other well-known protocol port numbers used on this switch.
Time Ranges Commands Time ranges are used with time-based ACLs to restrict their application due to specific time slots. time-range [name] Use the time-range command with no parameter to globally enable or disable the event notification service of the time range component. Use the time range command with a parameter to create a new time range or edit an existing time range. Use the no form of the command with no parameter to disable the event notification service.
Use the optional name parameter to create a time range consisting of one absolute time entry and/or one or more periodic time entries. If a time range with the name already exists, the command enters Time-Range Configuration mode to allow updating the named time range entries. Adding a conflicting periodic time range to an absolute time range will cause the time range to become inactive. For example, consider an absolute time range from 8:00 AM Tuesday March 1st 2011 to 10 PM Tuesday March 1st 2011.
Default Configuration This command has no default configuration. Command Mode Time Range Configuration User Guidelines Only one absolute time entry is allowed per time-range. The time parameter is referenced to the currently configured time zone. Adding a conflicting periodic time range to an absolute time range will cause the time range to become inactive. For example, consider an absolute time range from 8:00 AM Tuesday March 1st 2011 to 10 PM Tuesday March 1st 2011.
Other possible values are: • – daily -- Monday through Sunday – weekdays -- Monday through Friday – weekend -- Saturday and Sunday – If the ending days of the week are the same as the starting days of the week, they can be omitted. time—The first occurrence of this argument is the starting hours:minutes which the configuration that referenced the time range starts going into effect.
Thursday, Friday) but with after-work hours (9pm to 11pm). The administrator wants to permit/deny HTTP traffic for this time-range, but the entire time-range is invalid due to conflicting entries. The absolute entry is forced to inactive because the periodic entry time is not yet in effect.
Parameter Description Number of Time Ranges Number of time ranges configured in the system. Time Range Name Name of the time range. Time Range Status Status of the time range (active/inactive). Absolute start Start time and day for absolute time entry. Absolute end End time and day for absolute time entry. Periodic Entries Number of periodic entries in a time-range. Periodic start Start time and day for periodic entry. Periodic end End time and day for periodic entry.
USB Flash Drive Commands When available, a USB flash drive can be used to configure, upgrade and provide consistency to a switching network. A USB flash drive can be plugged in sequentially to a set of routers/switches to upgrade to newer software versions without depending on the network to upgrade the switches with new firmware. New switches can be preloaded with configuration prior to deployment. The USB Configuration Port provides access to an optional secondary storage capability to the switch.
Files downloaded from USB flash drive are not copied to RAM to perform validations. Instead, the file is directly read from the USB flash device and copied to buffers to perform the necessary validations. Downloading and Uploading of Files After the file validations are successful, the switch proceeds with downloading of files from the USB flash device to the switch or uploading of files from the switch to the USB flash drive. The status of file download / upload is shown on the console.
show usb Use the show usb command to display the USB flash device details. Syntax show usb device Default Configuration This command has no default configuration. Command Mode Privileged Exec User Guidelines The following table explains the output parameters. Parameter Description Device Status This field specifies the current status of device. • Active if device is plugged-in and the device is recognized by the switch. • Inactive if device is not mounted.
Example The following example is the output if the device is plugged into the USB slot. console#show usb device Device Status.................................. Manufacturer................................... Product Name................................... Device Serial Number........................... Class Code..................................... Subclass Code.................................. Protocol....................................... Vendor ID...................................... Product ID......
User Guidelines Only the first 32 characters of the file name are displayed, even if the file name is longer. Examples console#dir usb Attr Size(bytes) drwx 2640 drwx 0 -rw96 -rw14363703 drwx 1024 Total Size: Bytes Used: Bytes Free: console#dir Creation Time Feb 02 2022 00:26:43 Feb 19 2014 15:22:53 Jan 28 2022 23:05:45 Jan 22 2022 03:36:08 Jan 22 2022 03:36:08 Name . .. snmpOprData.cfg image1.
recover The recover command is implemented as a u-boot environment variable. It mounts the USB stick, copies the image from the USB root level directory into RAM, and executes the image. Syntax recover • image-name—The name of a valid firmware stack file located in the root of the mounted USB stick. Default Configuration This command has no default configuration. Command Mode u-boot mode User Guidelines There is no validation of the image.
User Interface Commands configure terminal Use the configure terminal command to enter Global Configuration mode. This command is equivalent to the configure command with no terminal argument. Syntax configure [terminal] Default Configuration This command has no default configuration.
• line — Command to be executed. It must be an unambiguous command from the Privileged Exec mode. Commands such as configure are forbidden. Command line completion for the line parameter is supported. Users may only execute commands for which they have the appropriate privileges. Default Configuration This command has no default configuration. Command Mode All modes except Privileged Exec and User Exec modes. User Guidelines Command completion using the space bar is available when using this command.
erase exit filedescr help locate logout monitor ping quit release reload rename renew script show telnet terminal test traceroute udld unmount write Delete a file. Exit privileged exec mode. Set a text description for an image file. Display help for various special keys. Blink the locator LED. Exit this session. Any unsaved changes are lost. Configure packet monitoring. Send ICMP echo packets to a specified IP address. Exit this session. Any unsaved changes are lost.
User Guidelines If there is no authentication method defined for enable, then a privilege level 1 user is not allowed to execute this command. Example The following example shows how to enter privileged mode. console>enable console# end Use the end command to return the CLI command mode back to the privileged execution mode or user execution mode. Syntax end Default Configuration This command has no default configuration.
Syntax exit Default Configuration This command has no default configuration. Command Mode All command modes. In User Exec mode, this command behaves identically to the quit command. User Guidelines There are no user guidelines for this command. Example The following example changes the configuration mode from Interface Configuration mode to User Exec mode to the login prompt.
User Guidelines There are no user guidelines for this command. Example The following example closes an active terminal session.
Web Server Commands If enabled, the Dell EMC Networking is manageable via industry standard web browsers. User privilege levels are the same as for the CLI. Over 95% of the management functions are available via the web interface, including configuration and firmware upgrades. Web Sessions The HTTP protocol does not provide support for persistent connections. Connections are constantly made and broken so there is no way to know who is accessing the web interface or for how long they are doing so.
common-name Use the common-name command in Crypto Certificate Generation or Crypto Certificate Request mode to specify the common-name for the switch. Syntax common-name common-name • common-name —Specifies the fully qualified URL or IP address of the switch. If left unspecified, this parameter defaults to the lowest IP address of the switch when the certificate is generated. (Range: 1–64 characters.) Default Configuration This command has no default configuration.
• country — Specifies the country name. (Range: 2 characters) Default Configuration This command has no default configuration. Command Mode Crypto Certificate Generation or Crypto Certificate Request mode User Guidelines This command mode is entered using the crypto certificate request or crypto certificate generate command. The user can enter any two printable characters other than a question mark. Example The following example displays how to specify the country as “us.
User Guidelines This command is not saved in the router switch configuration; however, the certificate and keys generated by this command are saved in the private configuration. If the RSA keys do not exist, the key-generate command in Crypto Certificate Generation mode must be used. The key-generate subcommand regenerates the RSA key pair. At least the common name must be configured for a certificate to be valid.
Example The following example generates a self-signed HTTPS certificate. The exit command attempts to generate the self-signed certificate. Use the end command to exit Crypto Certificate Generate mode without generating a certificate. console(config)#crypto certificate 1 generate console(config-crypto-cert)#key-generate console(config-crypto-cert)#common-name DELL-Switch101 console(config-crypto-cert)#country US console(config-crypto-cert)#duration 3650 console(config-crypto-cert)#email no-reply@dell.
YDi3nj9rk3XjyT5pq5VR4YnECfGKcvKsz5fDAgMBAAGgADANBgkqhkiG9w0BAQUF AAOBgQCd7MvbUt2yb0+piCazzvwyEpfXZckgY8B9tFaUgxD6plc88xbfRDIKQXor K85z4bDogjxDZuYTnvZV4aZJLshGUmUZS4cin2TaxHHIf5gI597x5FFYBFTKqSl4 YhfgJtA2BJ/W23xmCrIT00ZINIfwf+PN6cDt2R3ag3hC/+otXw== -----END CERTIFICATE REQUEST----- crypto certificate import Use the crypto certificate import command in Global Configuration mode to import a certificate signed by a Certification Authority for HTTPS.
Depending on the browser, browser version, and level of checking, it may be possible to use the switch generated self-signed certificate to enable HTTPS connections. First generate the certificate using the switch fully-qualified domain name for the certificate common name. For example, if the switch FQDN is dhcp-1-23-4.dns.dell.com, set the certificate common name to dhcp-1-2-34.dns.dell.com when generating the certificate. Add the certificate to the host and/or browser trusted certificate store.
Certificate imported successfully console(config)#show crypto certificate mycertificate 1 -----BEGIN CERTIFICATE----MIIDBDCCAewCCQCP5mFCRmauaDANBgkqhkiG9w0BAQUFADCBkTELMAkGA1UEBhMC VVMxCzAJBgNVBAgMAk5DMRAwDgYDVQQHDAdSYWxlaWdoMRIwEAYDVQQKDAlEZWxs LEluYy4xEzARBgNVBAsMCk5ldHdvcmtpbmcxGDAWBgNVBAMMD0RlbGwgTmV0d29y a2luZzEgMB4GCSqGSIb3DQEJARYRbm9yZXBsYXlAZGVsbC5jb20wHhcNMTYwNjA5 MTc0NjAyWhcNMTcxMDIyMTc0NjAyWjB6MQ0wCwYDVQQDDARERUxMMRgwFgYDVQQL DA9EZWxsIE5ldHdvcmtpbmcxEzARBgNVBAcMClJvdW5kIFJvY2sxCzAJBgNVBAgM AlRYMQ
Command Mode Privileged Exec mode User Guidelines Use this command to generate a certificate request to send to a Certification Authority. The certificate request is generated in Base64-encoded X.509 format. Before generating a certificate request, you must first generate a self-signed certificate using the crypto certificate generate command in order to sign the certificate request.
-----END CERTIFICATE REQUEST----- duration Use the duration command in Crypto Certificate Generation mode to specify the duration of certificate validity. Syntax duration days • days — Specifies the number of days a certification would be valid. If left unspecified, the parameter defaults to 365 days. (Range: 30–3650 days) Default Configuration This command defaults to 365 days.
• address—A valid email address conforming to the addr-spec in RFC 5322. Default Configuration By default, no email address is configured. Command Mode Crypto Certificate Generation or Crypto Certificate Request mode User Guidelines An email address consists of a local-port, an @ symbol, and a case-sensitive domain name. Embedded spaces are not supported. The domain name should be a fully-qualified domain name. The email address is not validated by the switch.
User Guidelines The HTTP TCP port should not be set to a value that might conflict with other well-known protocol port numbers used on this switch. Example The following example shows how the http port number is configured to 10013. console(config)#ip http port 10013 ip http server Use the ip http server command to enable the switch to allow HTTP access to the switch. To disable this function use the no form of this command.
ip http secure-certificate Use the ip http secure-certificate command to configure the active certificate for HTTPS. To return to the default setting, use the no form of this command. Syntax ip http secure-certificate number no ip http secure-certificate • number—Specifies the certificate number. (Range: 1–2) Default Configuration The default value of the certificate number is 1.
• port-number— Port number for use by the secure HTTP server. (Range: 1025–65535) Default Configuration This default port number is 443. Command Mode Global Configuration mode User Guidelines The HTTPS TCP port should not be set to a value that might conflict with other well known protocol port numbers used on this switch. It is not possible for the administrator to directly configure the port number to 443 as 443 is out of range.
User Guidelines The switch must be configured with RSA and DSA keys (crypto key generate) prior to enabling the HTTP server. Optionally, the switch may be provisioned with up to two signed certificates. Dell EMC Networking N-Series switches support HTTPS over IPv4 and IPv6. Example The following example enables the switch to be configured from a browser using HTTPS. console(config)#ip http secure-server ip scp server enable Use the ip scp server enable command to enable the internal SCP server.
Command History Command introduced in version 6.6 firmware. Example This example shows the command used on a host computer to copy the startup configuration onto the switch located at 192.168.0.1 using the admin account. key-generate Use the key-generate command in Crypto Certificate Generation mode to generate a new RSA key prior to generating the certificate key.
Example The following example displays how to generate the SSL RSA key 2048 bytes in length. console(config-crypto-cert)#key-generate 2048 location Use the location command in Crypto Certificate Generation or Crypto Certificate Request mode to specify the location or city name. Syntax location location • location — Specifies the location or city name. (Range: 1–64 characters) Default Configuration This command has no default configuration.
• • number— The number of the SSH certificate to remove(between 1 to 2). openflow—Remove the openflow certificate and associated information. Default Configuration This command has no default configuration. Command Mode Global Configuration mode User Guidelines The no crypto certificate openflow command erases the Certificate Authority certificates used for validating the OpenFlow Controllers from the switch. Issuing this command automatically disables and re-enables the OpenFlow feature.
Command Mode Crypto Certificate Generation or Crypto Certificate Request mode User Guidelines The name should not be abbreviated and should contain suffixes, such as Inc., Corp., or LLC. Enclose the parameter in quotes to embed spaces within the name. The organization name is not validated by the switch. organization-unit Use the organization-unit command in Crypto Certificate Generation or Crypto Certificate Request mode to specify the organization unit.
quit Use the quit command to exit from crypto certificate generate mode, crypto certificate import mode, or crypto certificate request mode without performing the action. Syntax quit Default Configuration This command has no default configuration. Command Mode Crypto Certificate Request, Crypto Certificate Generate User Guidelines This command exits from the crypto certificate request or crypto certificate generate mode and discards any information entered.
Default configuration This command has no default configuration. Command Mode Privileged Exec mode, Global Configuration mode and all Configuration submodes Example The following example displays the SSL certificate of a sample switch.
Syntax show ip http server status Default Configuration This command has no default configuration. Command Mode User Exec mode, Privileged Exec mode, Global Configuration mode and all Configuration submodes User Guidelines The displayed information includes the following: Field Description HTTP Mode The unsecure HTTP server administrative mode. HTTP Port The HTTP server port number. Java Mode The Java applet administrative mode which applies to both secure and unsecure web connections.
Command History Output updated in version 6.7.0 firmware. show ip http server secure status Use the show ip http server secure status command to display the HTTP secure server status information. Syntax show ip http server secure status Default Configuration This command has no default configuration.
Active Certificate Displays the active certificate configured for secure HTTP. Certificate Generation Status Indicates whether certificate generation is currently in progress. Example The following shows example CLI display output for the command. console#show ip http server secure status HTTPS Mode (Secure): ............................... Disabled Secure Port: .............................. 443 Secure Protocol: .......................... TLS1 Maximum Allowable HTTPS Sessions: .........
Command Mode Crypto Certificate Generation or Crypto Certificate Request mode User Guidelines This command mode is entered using the crypto certificate request or crypto certificate generate command. Example The following example shows how to specify the state of “TX.” console(config-crypto-cert)#state TX subject-alternative-name Use this command to add a subject alternative name to a certificate request. Syntax subject-alternative-name san • san — A list of one or more subject alternative names.
The following sample SAN formats are supported. DNS:example.com DNS:*.example.com IP:10.10.20.1 DNS:xyz.com,IP:10.10.20.1 DNS.1:myserver.com,DNS.2:xyz.com,IP:10.10.32.1 Example console(config-crypto-cert-req)#subject-alternative-name ? Subject Alternative name {(DNS:, (IP:)}. Command History Command introduced in version 6.7.0 firmware.
Switch Management Commands 2462
Appendix A: List of Commands A aaa accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 950 aaa accounting delay-start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 953 aaa accounting update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 954 aaa authentication dot1x default . . . . . . . . . . . . . . . . . . . . . . . . . . . . 955 aaa authentication enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
area nssa no-summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1723, 1810 area nssa translator-role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1724, 1811 area nssa translator-stab-intv . . . . . . . . . . . . . . . . . . . . . . . . . . 1725, 1812 area range (Router OSPF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1726 area range (Router OSPFv3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1812 area stub . . . . . . . . . . . . . .
authentication event server alive action . . . . . . . . . . . . . . . . . . . 972, 976 authentication event server dead action . . . . . . . . . . . . . . . . . . . . . . . 975 authentication event server dead action authorize voice . . . . . . . . . 926 authentication host-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1105 authentication linksec policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2130 authentication max-users . . . . . . . . . . . . . . . . . . .
bgp fast-external-fallover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . bgp fast-internal-fallover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . bgp listen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . bgp log-neighbor-changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . bgp maxas-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . bgp router-id . . . . . . . .
clear counters stack-ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2327 clear dhcp l2relay statistics interface . . . . . . . . . . . . . . . . . . . . . . . . . 363 clear dot1x statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1112 clear gmrp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517 clear green-mode statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
clear logging email statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1027 clear logging file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2296 clear mac address-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309 clear macsec secy statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2139 clear mmrp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
crypto key zeroize pubkey-chain . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1219 cryptographic-algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2124 cut-through mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2329 D deadtime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1047 debug (HiveAgent) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
debug ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2212 debug ospfv3 packet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2213 debug ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2214 debug rip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2215 debug sflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
dhcp l2relay trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356 dhcp l2relay vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356 diffserv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 754 dir . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2012 dir usb . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
E eapol announcements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2142 enable . . . . . . . . . . . . . 1145, 1151, 1311, 1747, 1823, 1886, 2074, 2432 enable authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2109 enable password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 984 enable password encrypted . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1211 encapsulation . . . . . . . . . .
flowcontrol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412 forward-error-correction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413 frequency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1704 G g8032 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489 garp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
interface loopback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1642 interface port-channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 691 interface range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 416 interface range port-channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 691 interface range vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ip dhcp relay information option . . . . . . . . . . . . . . . . . . . . . . . . . . . 1514 ip dhcp relay information option server-override . . . . . . . . . . . . . . . 1516 ip dhcp relay information option-insert . . . . . . . . . . . . . . . . . . . . . . 1515 ip dhcp relay maxhopcount . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1509 ip dhcp relay minwaittime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1510 ip dhcp relay source-interface . . . . . . . . . . . .
ip igmp proxy-service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1500 ip igmp proxy-service reset-status . . . . . . . . . . . . . . . . . . . . . . . . . . . 1501 ip igmp proxy-service unsolicited-report-interval . . . . . . . . . . . . . . 1502 ip igmp query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1491 ip igmp query-max-response-time . . . . . . . . . . . . . . . . . . . . . . . . . . 1492 ip igmp robustness . . . . . . . . . . . . .
ip ospf bfd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1271 ip ospf cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1752 ip ospf database-filter all out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1752 ip ospf dead-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1753 ip ospf hello-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ip ssh pubkey-auth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1223 ip ssh server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1223 ip telnet port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2416 ip telnet server disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2416 ip ttl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ipv6 mld snooping (Global) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 589 ipv6 mld snooping listener-message-suppression . . . . . . . . . . . . . . . . 586 ipv6 mld snooping querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 595 ipv6 mld snooping querier (VLAN mode) . . . . . . . . . . . . . . . . . . . . . 596 ipv6 mld snooping querier address . . . . . . . . . . . . . . . . . . . . . . . . . . . 596 ipv6 mld snooping querier election participate . . . . . . .
ipv6 pim (VLAN Interface config) . . . . . . . . . . . . . . . . . . . . . . . . . . 1676 ipv6 pim bsr-border . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1677 ipv6 pim bsr-candidate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1677 ipv6 pim dense-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1678 ipv6 pim dr-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
key-server priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2120 key-string . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1224, 2125 L lacp port-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 693 lacp system-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 694 lacp timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
logging facility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . logging file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . logging monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . logging on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . logging protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
match access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 759 match any . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 764 match as-path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1460 match class-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 761 match community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
mmrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 930 mmrp global . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 931 mmrp periodic state machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 932 mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1238 monitor capture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
neighbor filter-list (IPv6 Address Family Configuration) . . . . . . . . 1340 neighbor inherit peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1341 neighbor local-as . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1342 neighbor maximum-prefix (BGP Router Configuration) . . . . . . . . 1344 neighbor maximum-prefix (IPv6 Address Family Configuration) . 1346 neighbor next-hop-self (BGP Router Configuration) . . . . . . . . . . .
nsf restart-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1765, 1837 O openflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1241 open-ring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477 option . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2044 organization-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ping ethernet cfm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462 police-simple . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 778 police-single-rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 780 police-two-rate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 782 policy-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
radius server attribute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1053 radius server attribute 168 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1061 radius server attribute 25 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1056 radius server attribute 32 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1057 radius server attribute 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
revision (mst) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 819 rmon alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2164 rmon collection history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2166 rmon event . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2167 rmon hcalarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
set ip default next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1557 set ip next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1558 set ip precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1559 set ipv6 default next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1871 set ipv6 next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show bgp ipv6 listen range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1388 show bgp ipv6 neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1389 show bgp ipv6 neighbors advertised-routes . . . . . . . . . . . . . . . . . . . 1394 show bgp ipv6 neighbors policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1396 show bgp ipv6 neighbors received-routes . . . . . . . . . . . . . . . . . . . . . 1397 show bgp ipv6 route-reflection . . . . . . . . . .
show dhcp l2relay remote-id vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . 362 show dhcp l2relay stats interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359 show dhcp l2relay vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361 show dhcp lease . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2023 show diffserv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show hosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2101 show idprom interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2357 show idprom interface interface-id . . . . . . . . . . . . . . . . . . . . . . . . . . . 424 show interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 421, 2358 show interfaces advanced firmware . . . . . . . . . . . . . . . . . . . . . . . . . .
show ip bgp update-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1436 show ip bgp vpn4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1439 show ip brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1560 show ip community-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1465 show ip device tracking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show ip interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . show ip irdp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . show ip mcast mroute static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . show ip mroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . show ip mroute group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . show ip mroute source . . . . . .
show ip route preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1570 show ip route static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1570 show ip route summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1571 show ip sla configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1710 show ip sla statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show ipv6 mroute group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1689 show ipv6 mroute source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1690 show ipv6 neighbors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1630 show ipv6 ospf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1841 show ipv6 ospf abr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show ipv6 vrf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1914 show iscsi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 610 show iscsi sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 611 show isdp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347 show isdp entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show management access-class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1195 show management access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1196 show memory cpu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2361 show mka policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2132 show mka sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2133 show mka statistics . .
show rmon log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2178 show rmon statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2179 show route-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1575 show router-capability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1444 show routing heap summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show switchport voice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339 show syslog-servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2317 show system . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2389 show system fan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2391 show system id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
show xxx|include “string” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1992 show xxx|include “string” exclude “string2” . . . . . . . . . . . . . . . . . . 1992 show xxx|section “string” . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1995 show xxx|section “string” “string2” . . . . . . . . . . . . . . . . . . . . . . . . . 1996 show xxx|section “string” include “string2” . . . . . . . . . . . . . . . . . . 1996 shutdown . . . . . . . . . . . . . . . . . . . . . . . .
spanning-tree cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 835 spanning-tree disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 836 spanning-tree forward-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 837 spanning-tree guard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 838 spanning-tree loopguard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
storm-control unicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1186 subject-alternative-name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2460 support-assist . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2291 switch renumber . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2405 switchport access vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
test copper-port tdr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2144 threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1707 timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1083, 1094, 1706 timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472 time-range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
user session-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . user-logout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . username . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . username (Mail Server Configuration Mode) . . . . . . . . . . . . . . . . . username unlock . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Printed in the U.S.A. w w w .d e ll. co m | sup p or t .d e ll.