OS10 Enterprise Edition User Guide Release 10.4.3.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. © 2019 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Getting Started............................................................................................................................................ 29 Supported Hardware....................................................................................................................................................... 29 Download OS10 image and license................................................................................................................................
batch............................................................................................................................................................................64 boot............................................................................................................................................................................. 65 commit.................................................................................................................................................
System banners................................................................................................................................................................97 Login banner............................................................................................................................................................... 97 MOTD banner.....................................................................................................................................................
Fibre Channel interfaces................................................................................................................................................152 Management interface ................................................................................................................................................. 153 VLAN interfaces..........................................................................................................................................................
interface vlan.............................................................................................................................................................182 link-bundle-utilization............................................................................................................................................... 182 mode..................................................................................................................................................................
member (alias)..........................................................................................................................................................233 member (zone).........................................................................................................................................................234 member (zoneset)...................................................................................................................................................
802.1X..............................................................................................................................................................................253 Port authentication..................................................................................................................................................254 EAP over RADIUS................................................................................................................................................
Static MAC Address................................................................................................................................................. 313 MAC Address Table.................................................................................................................................................. 313 Clear MAC Address Table........................................................................................................................................
VLAN commands..................................................................................................................................................... 373 Port monitoring...............................................................................................................................................................374 Local port monitoring...............................................................................................................................................
Neighbor fall-over.................................................................................................................................................... 445 Configure password.................................................................................................................................................446 Fast external fallover...............................................................................................................................................
Link-state advertisements.......................................................................................................................................531 Router priority.......................................................................................................................................................... 532 Shortest path first throttling.................................................................................................................................. 532 OSPFv2...
multicast snooping flood-restrict........................................................................................................................... 619 Internet Group Management Protocol........................................................................................................................620 Standards compliance............................................................................................................................................. 620 Important notes............
hardware overlay-routing-profile............................................................................................................................693 interface virtual-network........................................................................................................................................ 694 ip virtual-router address..........................................................................................................................................
VXLAN EVPN commands.......................................................................................................................................734 Example: VXLAN with BGP EVPN......................................................................................................................... 741 Controller-provisioned VXLAN......................................................................................................................................761 Configuration notes...............
boot protect disable username.............................................................................................................................. 802 boot protect enable username password............................................................................................................. 802 clear logging audit....................................................................................................................................................803 crypto ssh-key generate.......
tacacs-server vrf..................................................................................................................................................... 824 username password role......................................................................................................................................... 824 username sshkey.....................................................................................................................................................
show openflow switch controllers......................................................................................................................... 876 switch........................................................................................................................................................................ 877 OpenFlow-only mode commands................................................................................................................................
deny ip.......................................................................................................................................................................900 deny ipv6.................................................................................................................................................................. 900 deny tcp......................................................................................................................................................
seq deny ip................................................................................................................................................................ 927 seq deny ipv6............................................................................................................................................................927 seq deny tcp.......................................................................................................................................................
set extcommunity....................................................................................................................................................956 set local-preference.................................................................................................................................................956 set metric..................................................................................................................................................................
hardware deep-buffer-mode................................................................................................................................ 1000 match.......................................................................................................................................................................1000 match cos................................................................................................................................................................
show qos egress bufffers interface...................................................................................................................... 1021 show qos egress buffer-statistics-tracking.........................................................................................................1022 show qos egress buffer-stats interface...............................................................................................................
peer-routing-timeout............................................................................................................................................. 1060 primary-priority.......................................................................................................................................................1060 show spanning-tree virtual-interface .................................................................................................................. 1061 show vlt........
Configure iSCSI optimization.................................................................................................................................1105 iSCSI synchronization on VLT................................................................................................................................1107 iSCSI commands.....................................................................................................................................................
19 RESTCONF API....................................................................................................................................... 1144 Configure RESTCONF API...........................................................................................................................................1144 CLI commands for RESTCONF API........................................................................................................................... 1145 rest api restconf...............
Installation................................................................................................................................................................ 1198 Hardware..................................................................................................................................................................1199 Configuration..................................................................................................................................................
1 Getting Started Dell EMC Networking OS10 Enterprise Edition is a network operating system (OS) supporting multiple architectures and environments. The networking world is moving from a monolithic stack to a pick-your-own-world. The OS10 solution allows disaggregation of the network functionality.
• S5212F-ON, S5224F-ON, S5232F-ON, S5248F-ON, S5296F-ON • S6010-ON • Z9100-ON • Z9264F-ON NOTE: Starting from release 10.4.2.1, OS10 supports the S5148F-ON platform. Download OS10 image and license OS10 Enterprise Edition may come factory-loaded and is available for download from the Dell Digital Locker (DDL). A factory-loaded OS10 image includes a perpetual license. An OS10 image that you download has a 120-day trial license and requires a perpetual license to run beyond the trial period.
5 Select how to receive the license key — by email or downloaded to your local device. 6 Click Submit to download the License.zip file. 7 Select the Available Downloads tab. 8 Select the OS10 Enterprise Edition release to download, then click Download. 9 Read the Dell End User License Agreement. Scroll to the end of the agreement, then click Yes, I agree. 10 Select how to download the software files, then click Download Now. 11 After you download the OS10 Enterprise Edition image, unpack the .
• Automatic installation — ONIE discovers network information including the Dynamic Host Configuration Protocol (DHCP) server, connects to an image server, and downloads and installs an image automatically. • Manual installation — Manually configure your network information if a DHCP server is not available or if you install the OS10 software image using USB media. If OS10 is pre-installed on a switch, zero-touch deployment (ZTD) is enabled by default.
Example for automatic installation 1 Use the mv image_name onie-installer command to rename the image as onie-installer. mv PKGS_OS10-Base-10.3.1B.144-installer-x86_64.bin onie-installer 2 After renaming, the system enters the ONIE: Install mode. Enter the command onie-discovery-start, which automatically discovers the onie-installer image from the DHCP server. ONIE:/ # onie-discovery-start discover: installer mode detected. Running installer. Starting: discover... done.
4 Configure the IP addresses on the Management port, where x.x.x.x represents your internal IP address. After you configure the Management port, the response is up. $ ifconfig eth0 x.x.x.x netmask 255.255.0.0 up 5 Install the software on the device. The installation command accesses the OS10 software from the specified SCP, TFTP, or FTP URL, creates partitions, verifies installation, and reboots itself. $ onie-nos-install image_filename location For example, enter ONIE:/ # onie-nos-install ftp://a.b.c.
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Dell EMC Network Operating System (OS10) *-* *-* Copyright (c) 1999-2019 by Dell Inc. All Rights Reserved. *-* *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*This product is protected by U.S. and international copyright and intellectual property laws. Dell EMC and the Dell EMC logo are trademarks of Dell Inc. in the United States and/or other jurisdictions.
State Detail: Task Start: Task End: Transfer Progress: Transfer Bytes: File Size: Transfer Rate: 3 idle 2019-02-15T00:46:35Z 2019-02-15T00:46:36Z 100 % 3795 bytes 3795 bytes 8 kbps Verify that the license is present in the home directory of your system. OS10# dir home Directory contents for folder: home Date (modified) Size (bytes) Name --------------------- ------------ ----------------------2019-02-15T00:47:25Z 3795 7B900Q2-NOSEnterprise-License.
Zero-touch deployment Zero-touch deployment (ZTD) allows OS10 users to automate switch deployment: • Upgrade an existing OS10 image. • Execute a CLI batch file to configure the switch. • Execute a post-ZTD script to perform additional functions. ZTD is enabled by default when you boot up a switch with a factory-installed OS10 for the first time or when you perform an ONIE: OS Install from the ONIE boot menu.
Use only common Linux commands, such as curl, and common Python language constructs. OS10 only provides a limited set of Linux packages and Python libraries. • ZTD is disabled by default on automatically provisioned switch fabrics, such as Isilon backend, PowerEdge MX, and VxRail. Cancel ZTD in progress To exit ZTD mode and manually configure a switch by entering CLI commands, stop the ZTD process by entering the ztd cancel command.
ZTD DHCP server configuration For ZTD operation, configure a DHCP server in the network by adding the required ZTD options; for example: option domain-name "example.org"; option domain-name-servers ns1.example.org, ns2.example.org; option ztd-provision-url code 240 = text; default-lease-time 600; max-lease-time 7200; subnet 50.0.0.0 netmask 255.255.0.0 { range 50.0.0.10 50.0.0.254; option routers rtr-239-0-1.example.org, rtr-239-0-2.example.
# # #################################################################### ########## UPDATE THE BELOW CONFIG VARIABLES ACCORDINGLY ########### ########## ATLEAST ONE OF THEM SHOULD BE FILLED #################### IMG_FILE=”http://50.0.0.1/OS10.bin” CLI_CONFIG_FILE="http://50.0.0.1/cli_config" POST_SCRIPT_FILE="http://50.0.0.1/no_post_script.py" ################### DO NOT MODIFY THE LINES BELOW ####################### sudo os10_ztd_start.
Post-ZTD script As a general guideline, use a post-ZTD script to perform any additional functions required to configure and operate the switch. In the ZTD provisioning script, specify the post-ZTD script path for the POST_SCRIPT_FILE variable. You can use a script to notify an orchestration server that the ZTD configuration is complete. The server can then configure additional settings on the switch.
Reason : ZTD process completed successfully at Mon Jul 16 19:31:57 2018 ----------------------------------OS10# show ztd-status ----------------------------------ZTD Status : disabled ZTD State : failed Protocol State : idle Reason : ZTD process failed to download post script file ----------------------------------- Supported Releases • ZTD Status — Current operational status: enabled or disabled.
2 Enter admin for both the default user name and password to log into OS10. You are automatically placed in EXEC mode. OS10# Remote access Linux shell ssh linuxadmin@ip-address password: linuxadmin Configure Management IP address To remotely access OS10, assign an IP address to the management port. The management interface is used for out-of-band (OOB) management purposes. 1 Configure the management interface from CONFIGURATION mode.
• managementethernet — Configures the Management port as the interface for the route, and associates the route with the Management interface. Configure management route OS10(config)# management route 10.10.20.0/24 10.1.1.1 OS10(config)# management route 172.16.0.0/16 managementethernet Configure user name and password To set up remote access to OS10, create a new user name and password after you configure the management port and default route. The user role is a mandatory entry.
Key CLI features Consistent command names Commands that provide the same type of function have the same name, regardless of the portion of the system on which they are operating. For example, all show commands display software information and statistics, and all clear commands erase various types of system information. Available commands Information about available commands is provided at each level of the CLI command hierarchy.
CLI command hierarchy CLI commands are organized in a hierarchy. Commands that perform a similar function are grouped together under the same level of hierarchy. For example, all commands that display information about the system and the system software are grouped under the show system command, and all commands that display information about the routing table are grouped under the show ip route command.
1 Enter ? to view the commands available in EXEC mode.
host-description hostname interface ip ipv6 iscsi lacp line link-bundle-utilization lldp load-balancing logging login mac management monitor no ntp nve openflow password-attributes policy-map qos-map radius-server parameters rest route-map router scale-profile sflow snmp-server spanning-tree support-assist system tacacs-server parameters track trust uplink-state-group username userrole virtual-network vlt-domain vrrp wred Set the system host description Set the system hostname Select an interface Global IP
• diff Display differences between two configuration set discovered-expanders discovered expanders info dot1x Show dot1x information environment Show the environmental information of the system errdisable Show errdisable information eula-consent Shows eula-consent for various modules evpn Show Ethernet Virtual Private Network exec-timeout Show the timeout value of CLI session (in seconds) fcoe show fcoe file Display file content in specified location fips Show fips mode status hardware Show hardware inform
4 5 6 7 8 9 10 11 12 13 14 15 Thu Thu Thu Thu Thu Thu Thu Thu Thu Thu Thu Fri Apr Apr Apr Apr Apr Apr Apr Apr Apr Apr Apr Apr 20 20 20 20 20 20 20 20 20 20 20 21 19:47:03 19:47:16 19:47:16 19:47:18 19:47:20 19:47:22 19:47:24 19:47:26 19:47:28 19:47:30 19:47:32 12:35:31 UTC UTC UTC UTC UTC UTC UTC UTC UTC UTC UTC UTC 2017 2017 2017 2017 2017 2017 2017 2017 2017 2017 2017 2017 system general info system-version view admin terminal length 0 terminal datadump %abc switchshow cmsh show version cmsh show v
The candidate configuration allows you to avoid introducing errors during an OS10 configuration session. You can make changes and then check them before committing them to the active, running configuration on the network device. To check differences between the running configuration and the candidate configuration, use the show diff command. After comparing the two, decide if you will commit the changes to the running configuration. To delete uncommitted changes, use the discard command.
storm-control support-assist switch-operating-mode system tech-support terminal trace track uplink-state-group uptime users the session id version virtual-network vlan vlt vrrp ztd-status Show storm control configuration Show information about the support assist module Switch operating mode Show system status information Collection of show commands Show terminal configurations for this session Show trace messages Show object tracking information Display the uplink state group configurations Show the system
switchport access vlan 1 no shutdown ! interface vlan 1 no shutdown ! interface mgmt1/1/1 ip address dhcp no shutdown ipv6 enable ipv6 address autoconfig ! support-assist ! policy-map type application policy-iscsi ! class-map type application class-iscsi View compressed running configuration OS10# show running-configuration compressed interface breakout 1/1/1 map 40g-1x interface breakout 1/1/2 map 40g-1x interface breakout 1/1/3 map 40g-1x interface breakout 1/1/4 map 40g-1x interface breakout 1/1/5 map 4
no shutdown ipv6 enable ipv6 address autoconfig ! support-assist ! policy-map type application policy-iscsi ! class-map type application class-iscsi Show difference between candidate and running configurations OS10# show diff candidate-configuration running-configuration OS10# NOTE: If the show command does not return output, the candidate-configuration and running-configuration files match.
Copy running configuration The running configuration contains the current OS10 system configuration and consists of a series of OS10 commands. Copy the running configuration to a remote server or local directory as a backup or for viewing and editing. The running configuration is copied as a text file, which you can view and edit with a text editor. To copy the running configuration to the startup configuration file, enter the copy running-configuration startup-configuration command.
Reload system image Reboot the system manually using the reload command in EXEC mode. You are prompted to confirm the operation. OS10# reload System configuration has been modified. Save? [yes/no]:yes Saving system configuration Proceed to reboot the system? [confirm yes/no]:yes To configure the OS10 image loaded at the next system boot, enter the boot system command in EXEC mode. boot system {active | standby} • Enter active to load the primary OS10 image stored in the A partition.
• Non-persistent mode — The alias is used only within the current session. After you close the session, the alias is removed from the switch. The aliases created in Exec mode are non-persistent. NOTE: You cannot use existing keywords, parameters, and short form of keywords as alias names, nor can you create a shortcut for the alias command. The alias name is case-sensitive and can have a maximum of 20 characters.
View alias information OS10# show alias Name ---govlt goint shconfig showint shver Type ---Config Config Local Local Local Number of config aliases : 2 Number of local aliases : 3 View alias information brief. Displays the first 10 characters of the alias value. OS10# show alias brief Name Type ------govlt Config goint Config shconfig Local showint Local shver Local Value ----"vlt-domain..." "interface ..." "show runni..." "show inter..." "show versi...
• Use the no form of the command to delete an alias in CONFIGURATION mode. no alias alias-name You can modify an existing multi-line alias by entering the corresponding ALIAS mode.
---mTest ---Config ----line 1 "interface ..." line 2 "no shutdow..." line 3 "show confi..." default 1 "ethernet" default 2 "1/1/1" Number of config aliases : 1 Number of local aliases : 0 View alias detail. Displays the entire alias value.
interface ethernet1/1/1 no shutdown no switchport ip address 172.17.4.1/24 Linux shell commands You can execute a single command, or a series of commands, using a batch file from the Linux shell. • Use the -c option to run a single command. admin@OS10:/opt/dell/os10/bin$ clish -c "show version" New user admin logged in at session 10 Dell EMC Networking OS10 Enterprise Copyright (c) 1999-2019 by Dell Inc. All Rights Reserved. OS Version: 10.4.3.0 Build Version: 10.4.3.
Dell EMC Networking OS10 Enterprise Copyright (c) 1999-2019 by Dell Inc. All Rights Reserved. OS Version: 10.4.3.0 Build Version: 10.4.3.85 Build Time: 2019-02-18T17:06:10-0800 System Type: S4048-ON Architecture: x86_64 Up Time: 2 days 05:58:01 OS9 environment commands You can configure commands in an OS9 environment using the feature config-os9-style command.
Default Not configured Command Mode EXEC CONFIGURATION Usage Information Use this command to create a shortcut to long commands along with arguments. Use the numbers 1 to 9 along with the $ to provide input parameters. The no version of this command deletes an alias. Example In this example, when you enter showint status, note that the text on the CLI changes to show interface status. The alias changes to the actual command that you have specified in the alias definition.
alias (multi-line) Creates a mulit-line command alias. Syntax alias alias-name Parameters alias-name — Enter the name of the multi-line alias. A maximum of up to 20 characters. Default Not configured Command Mode CONFIGURATION Usage Information Use this command to save a series of multiple commands in an alias. The switch enters ALIAS mode when you create an alias. You can enter the series of commands to be executed using the line command. The no version of this command deletes an alias.
boot Configures which OS10 image to use the next time the system boots up. Syntax Parameters boot system [active | standby] • active — Reset the running partition as the next boot partition. • standby — Set the standby partition as the next boot partition. Default Not configured Command Mode EXEC Usage Information Use this command to configure the location of the OS10 image used to reload the software at boot time. Use the show boot command to view the configured next boot image.
Example OS10# configure terminal OS10(config)# Supported Releases 10.2.0E or later copy Copies the current running configuration to the startup configuration and transfers files between an OS10 switch and a remote device.
Example (copy startup configuration) OS10# dir config Directory contents for Date (modified) --------------------2017-02-15T20:38:12Z startup.xml folder: config Size (bytes) Name ------------ -----------54525 OS10# copy config://startup.xml scp://os10user:os10passwd@10.11.222.1/home/os10/ backup.xml Example (retrieve backed-up configuration) OS10# copy scp://os10user:os10passwd@10.11.222.1/home/os10/backup.xml home:// config.
Parameters • config://filepath — (Optional) Delete from the configuration directory. • coredump://filepath — (Optional) Delete from the coredump directory. • home://filepath — (Optional) Delete from the home directory. • image://filepath — (Optional) Delete from the image directory. • startup-configuration — (Optional) Delete the startup configuration. • supportbundle://filepath — (Optional) Delete from the support-bundle directory.
dir Displays files stored in available directories. Syntax Parameters dir {config | coredump | home | image | supportbundle | usb} • config — (Optional) Folder containing configuration files. • coredump — (Optional) Folder containing coredump files. • home — (Optional) Folder containing files in user's home directory. • image — (Optional) Folder containing image files. • supportbundle — (Optional) Folder containing support bundle files. • usb — (Optional) Folder containing files on a USB drive.
do Executes most commands from all CONFIGURATION modes without returning to EXEC mode. Syntax do command Parameters command — Enter an EXEC-level command. Default Not configured Command Mode INTERFACE Usage Information None Example OS10(config)# interface ethernet 1/1/7 OS10(conf-if-eth1/1/7)# no shutdown OS10(conf-if-eth1/1/7)# do show running-configuration ... ! interface ethernet1/1/7 no shutdown ! ... Supported Releases 10.2.
Default Not configured Command Mode All Usage Information None Example OS10(conf-if-eth1/1/1)# exit OS10(config)# Supported Releases 10.2.0E or later hostname Sets the system host name. Syntax hostname name Parameters name — Enter the host name of the switch, up to 64 characters. Default OS10 Command Mode CONFIGURATION Usage Information The host name is used in the OS10 command-line prompt. The no version of this command resets the host name to OS10.
Example OS10# license install scp://user:userpwd/10.1.1.10/CFNNX42-NOSEnterpriseLicense.lic License installation success. Supported Releases 10.3.0E or later line (alias) Configures the commands to be executed in a multi-line alias. Syntax line nn command Parameters • nn — Enter the line number, from 1 to 99. The commands are executed in the order of the line numbers. • command — Enter the command to be executed enclosed in double quotes.
Parameters • ipv4-address/mask — Enter an IPv4 network address in dotted-decimal format (A.B.C.D), then a subnet mask in prefix-length format (/xx). • ipv6-address/prefix-length — Enter an IPv6 address in x:x:x:x::x format with the prefix length in /xxx format. The prefix range is /0 to /128. • forwarding-router-address — Enter the next-hop IPv4/IPv6 address of a forwarding router (gateway) for network traffic from the Management port.
no Disables or deletes commands in EXEC mode. Syntax no [alias | debug | support-assist-activity | terminal] Parameters • alias — Remove an alias definition. • debug — Disable debugging. • support-assist-activity — SupportAssist-related activity. • terminal — Reset terminal settings. Default Not configured Command Mode EXEC Usage Information Use this command in EXEC mode to disable or remove a configuration. Use the no ? in CONFIGURATION mode to view available commands.
Default None Command Mode EXEC Usage Information None Example OS10# show alias Name Type ------govlt Config goint Config mTest Config shconfig Local showint Local shver Local Number of config aliases : 3 Number of local aliases : 3 Example (brief — displays the first 10 characters of the alias value)) OS10# show alias brief Name Type ------govlt Config goint Config mTest Config shconfig showint shver Local Local Local Value ----"vlt-domain..." "interface ..." line 1 "interface ...
Command Mode EXEC Usage Information The Next-Boot field displays the partition that the next reload uses. Example OS10# show boot Current system image information: =================================== Type Boot Type Active Standby Next-Boot ----------------------------------------------------------------------------------Node-id 1 Flash Boot [A] 10.4.3E [B] 10.4.
• ospf — (Optional) Current candidate OSPF configuration. • ospfv3 — (Optional) Current candidate OSPFv3 configuration. • policy-map — (Optional) Current candidate policy-map configuration. • prefix-list — (Optional) Current candidate prefix-list configuration. • qos-map — (Optional) Current candidate qos-map configuration. • radius-server — (Optional) Current candidate RADIUS server configuration. • route-map — (Optional) Current candidate route-map configuration.
snmp-server contact http://www.dell.com/support snmp-server location "United States" logging monitor disable ip route 0.0.0.0/0 10.11.58.1 ! interface range ethernet 1/1/1-1/1/32 switchport access vlan 1 no shutdown ! interface vlan 1 no shutdown ! interface mgmt1/1/1 ip address 10.11.58.145/8 no shutdown ipv6 enable ipv6 address autoconfig ! support-assist ! policy-map type application policy-iscsi ! class-map type application class-iscsi Supported Releases 10.2.
show inventory Displays system inventory information. Syntax show inventory Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show inventory Product Description Software version Product Base Product Serial Number Product Part Number : S4048ON : S4048-ON 48x10GbE, 6x40GbE QSFP+ Interface Module : 10.4.3.
show ipv6 management-route Displays the IPv6 routes used to access the Management port. Syntax show ipv6 management-route [all | connected | summary] Parameters • all — (Optional) Display the IPv6 routes that the Management port uses. • connected — (Optional) Display only routes directly connected to the Management port. • summary — (Optional) Display the number of active and non-active management routes and their remote destinations. • static — (Optional) Display non-active Management routes.
Software : OS10-Enterprise Version : 10.4.3.0 License Type : PERPETUAL License Duration: Unlimited License Status : Active License location: /mnt/license/FFD7VS1.lic --------------------------------------------------------Supported Releases 10.3.0E or later show running-configuration Displays the configuration currently running on the device.
• trust-map — (Optional) Current operating trust-map configuration. • users — (Optional) Current operating users configuration. • vlt — (Optional) Current operating VLT domain configuration. Default Not configured Command Mode EXEC Usage Information None Example OS10# show running-configuration ! Version 10.2.9999E ! Last configuration change at Apr 11 01:25:02 2017 ! username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/ VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH.
ipv6 address autoconfig ! support-assist ! policy-map type application policy-iscsi ! class-map type application class-iscsi Supported Releases 10.2.0E or later show startup-configuration Displays the contents of the startup configuration file. Syntax show startup-configuration [compressed] Parameters compressed — (Optional) View a compressed version of the startup configuration file.
no shutdown ! interface vlan 1 no shutdown ! interface mgmt1/1/1 ip address 10.11.58.145/8 no shutdown ipv6 enable ipv6 address autoconfig ! support-assist ! policy-map type application policy-iscsi ! class-map type application class-iscsi Supported Releases 10.2.0E or later show system Displays system information. Syntax show system [brief | node-id] Parameters • brief — View an abbreviated list of the system information. • node-id — View the node ID number.
-- Fan Status -FanTray Status AirFlow Fan Speed(rpm) Status ---------------------------------------------------------------1 up NORMAL 1 10108 up 2 10069 up Example (node-id) 2 up NORMAL 1 2 9954 10108 up up 3 up NORMAL 1 2 9867 9867 up up OS10# show system node-id 1 fanout-configured Interface Breakout capable Breakout state ----------------------------------------------------Eth 1/1/1 No BREAKOUT_1x1 Eth 1/1/2 No BREAKOUT_1x1 Eth 1/1/3 No BREAKOUT_1x1 Eth 1/1/4 No BREAKOUT_1x1 Eth 1/1/5 No B
Eth Eth Eth Eth Example (brief) 1/1/51 1/1/52 1/1/53 1/1/54 Yes Yes Yes Yes BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 OS10# show system brief Node Id MAC : 1 : 34:17:eb:f2:9a:c4 -- Unit -Unit Status ReqType CurType Version ---------------------------------------------------------------1 up S4048 S4048 10.4.
start Activates Transaction-Based Configuration mode for the active session. Syntax start transaction Parameters transaction - Enables the transaction-based configuration. Default Not configured Command Mode EXEC Usage Information Use this command to save changes to the candidate configuration before applying configuration changes to the running configuration. NOTE: Before you start a transaction, you must lock the session using the lock command in EXEC mode.
Example OS10# configure terminal OS10(config)# system-cli disable Supported Releases 10.4.3.0 or later system identifier Sets a non-default unit ID in a non-stacking configuration. Syntax system identifier system-identifier-ID Parameters system-identifier-ID — Enter the system identifier ID, from 1 to 9. Default Not configured Command Mode CONFIGURATION Usage Information The system ID displays in the stack LED on the switch front panel.
• host — Enter the host to trace packets from. • -i interface — (Optional) Enter the IP address of the interface through which traceroute sends packets. By default, the interface is selected according to the routing table. • -m max_ttl — (Optional) Enter the maximum number of hops, the maximum time-to-live value, that traceroute probes. The default is 30. • -p port — (Optional) Enter a destination port: – For UDP tracing, enter the destination port base that traceroute uses.
unlock Unlocks a previously locked candidate configuration file. Syntax unlock Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# unlock Supported Releases 10.2.0E or later write Copies the current running configuration to the startup configuration file. Syntax write {memory} Parameters memory — Copy the current running configuration to the startup configuration.
2 System management OS10 upgrade Provides information to upgrade the OS10 software image, see Upgrade commands. System banners Provides information about how to configure a system login and message of the day (MOTD) text banners, see System banners. User session management Provides information about how to manage the active user sessions, see User session management. Telnet server Provides information about how to set up Telnet TCP/IP connections on the switch, see Telnet server.
8 (Optional) Check whether the next boot partition has changed to standby in EXEC mode. show boot detail 9 Reload the new software image in EXEC mode. reload Image download OS10# image download sftp://admin:passwd@10.1.1.1/home/admin/images/OS10EE.bin Image install OS10# image install image://OS10EE.bin Show version TR2# show version Dell EMC Networking OS10 Enterprise Copyright (c) 1999-2019 by Dell Inc. All Rights Reserved. OS Version: 10.4.3.0 Build Version: 10.4.3.
----------------------------------------------------------------------------------Node-id 1 Flash Boot [A] 10.4.3E [B] 10.4.3E [A] active Upgrade commands boot system Sets the boot partition to use during the next reboot. Syntax Parameters boot system {active | standby} • active — Reset the running partition as the next boot partition. • standby — Set the standby partition as the next boot partition.
Command Mode EXEC Usage Information Duplicate the active, running software image to the standby image location. Example OS10# image copy active-to-standby Supported Releases 10.2.0E or later image download Downloads a new software image to the local file system. Syntax image download file-url Parameters file-url — Set the path to the image file: • ftp://userid:passwd@hostip:/filepath — Enter the path to copy from the remote FTP server.
Parameters • file-url — Location of the image file: – ftp://userid:passwd@hostip:/filepath — Enter the path to install from a remote FTP server. – http[s]://hostip:/filepath — Enter the path to install from the remote HTTP or HTTPS server. – scp://userid:passwd@hostip:/filepath — Enter the path to install from a remote SCP file system. – sftp://userid:passwd@hostip:/filepath — Enter the path to install from a remote SFTP file system.
Standby Build Date/Time: Next-Boot: Supported Releases 2019-02-17T15:36:08Z active[A] 10.2.0E or later show image status Displays image transfer and installation information.
Architecture: x86_64 Up Time: 2 days 05:58:01 Supported Releases 10.2.0E or later System banners You can configure a system login and message of the day (MOTD) text banners. The system login banner displays before you log in. The MOTD banner displays immediately after a successful login. You can reset the banner text to the Dell EMC default banner or disable the banner display. Login banner Configure a system login banner that displays before you log in using interactive mode.
To delete a MOTD banner and reset it to the Dell EMC default MOTD banner, enter the no banner motd command. To disable MOTD banner display after login, enter the banner motd disable command. System banner commands banner login Configures a login banner that displays before you log in to the system. Syntax banner login delimiter banner-text banner-text ...
Default The Dell EMC default MOTD banner is displayed after you log in. Command Mode CONFIGURATION Usage Information • To enter a MOTD banner text, use the interactive mode. Enter the command with the delimiter character and press Enter. Then enter each line and press Enter. Complete the banner configuration by entering a line that contains only the delimiter character. Starting and ending double-quotes are not necessary.
Parameters timeout-value — Enter the timeout value in seconds, from 0 to 3600. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command disables the timeout. Example OS10(config)# exec-timeout 300 OS10(config)# Supported Releases 10.3.1E or later kill-session Terminate a user session. Syntax kill-session session-ID Parameters session-ID — Enter the user session ID.
Telnet server To allow Telnet TCP/IP connections to an OS10 switch, enable the Telnet server. The OS10 Telnet server uses the Debian telnetd package. By default, the Telnet server is disabled. When you enable the Telnet server, connect to the switch using the IP address configured on the management or any front-panel port. The Telnet server configuration is persistent and is maintained after you reload the switch. To verify the Telnet server configuration, enter the show running-configuration command.
Parameters • management — Configures the management VRF used to reach the Telnet server. • vrf vrf-name — Enter the keyword vrf followed by the name of the VRF to configure the non-default VRF instance used to reach the Telnet server. Default The Telnet server is reachable on the default VRF. Command Mode CONFIGURATION Usage Information By default, the Telnet server is disabled. To enable the Telnet server, use the telnet enable command.
Module Standard IP-FORWARD-MIB RFC 4292 IP-MIB RFC 4293 LLDP-EXT-DOT1-MIB IEEE 802.1AB LLDP-EXT-DOT3-MIB IEEE 802.1AB LLDP-MIB IEEE 802.1AB OSPF-MIB RFC 4750 OSPFV3-MIB RFC 5643 Q-BRIDGE-MIB IEEE 802.1Q RFC1213-MIB RFC 1213 SFLOW-MIB RFC 3176 SNMP-FRAMEWORK-MIB RFC 3411 SNMP-MPD-MIB RFC 3412 SNMP-TARGET-MIB RFC 3413 SNMP-USER-BASED-SM-MIB RFC 3414 SNMP-VIEW-BASED-ACM-MIB RFC 3415 SNMPv2-MIB RFC 3418 TCP-MIB RFC 4022 UDP-MIB RFC 4113 Dell EMC Enterprise MIBs: Table 2.
– User authentication only – User authentication and message encryption SNMPv3 SNMP version 3 (SNMPv3) provides an enhanced security model for user authentication and encryption of SNMP messages. User authentication requires that SNMP packets come from an authorized source. Message encryption ensures that packet contents cannot be viewed by an unauthorized source. To configure SNMPv3-specific security settings — user authentication and message encryption — use the snmp-server user command.
• Assign users to groups and configure SNMPv3-specific authentication and encryption settings, and optionally, localized security keys and ACL-based access. Configuring SNMP consists of these tasks in any order: • Configure SNMP engine ID • Configure SNMP views • Configure SNMP groups • Configure SNMP users Configure SNMP engine ID The engine ID identifies the SNMP local agent on a switch. The engine ID is an octet colon-separated number; for example, 80:00:02:b8:04:61:62:63 .
Configure read-write view OS10(config)# snmp-server view rwView 1.3.6.1.2.1.31.1.1.1.6 included OS10(config)# snmp-server view rwView 1.3.6.1.2.1.31.0.0.0.0 excluded Display SNMP views OS10# show snmp-server view view name : readview OID : 1.3.6.5 excluded : True Configure SNMP groups Configure an SNMP group with the views allowed for the members of the group. Specify the read-only, read-write, and/or notification access to the SNMP agent.
Configure SNMP users Configure user access to the SNMP agent on the switch using group membership. Assign each user to a group and configure SNMPv3specific authentication and encryption settings, and optionally, localized security keys and ACL-based access. Re-enter the command multiple times to configure SNMP security settings for all users.
show snmp community Displays the SNMP communities configured on the switch. Syntax show snmp community Parameters None Defaults None Command Mode EXEC Usage Information To configure an SNMP community, use the snmp-server community command. Example OS10# show snmp community Community : public Access : read-only Community Access ACL Supported Releases : dellOS10 : read-write : dellacl 10.4.2.
Defaults None Command Mode EXEC Usage Information To configure an SNMP group, use the snmp-server group command. Example OS10# show snmp group groupname version notifyview readview : : : : v2group 2c GetsSets readview groupname version security level notifyview readview writeview : : : : : : v3group 3 priv alltraps readview writeview Supported Releases 10.4.2.
OID excluded Supported Releases : 1.3.6.5 : True 10.4.2.0 or later snmp-server community Configures an SNMP user community. Syntax snmp-server community name {ro | rw} [acl acl-name] Parameters • community name — Set the community name string to act as a password for SNMPv1 and SNMPv2c access. A maximum of 20 alphanumeric characters. • ro — Set read-only access for the SNMP community. • rw — Set read-write access for the SNMP community.
snmp-server enable traps Enables SNMP traps on a switch. Syntax Parameters snmp-server enable traps [notification-type] [notification-option] • notification-type notification-option — Enter an SNMP notification type, and optionally, a notification option for the type. Table 3. Notification types and options Notification type Notification option entity — Enable entity change traps. None envmon — Enable SNMP environmental monitor traps. – fan — Enable fan traps.
snmp-server engineID Configures the local and remote SNMP engine IDs. Syntax snmp-server engineID [local engineID] [remote ip-address {[udp-port portnumber] remote-engineID}] Parameters • local engineID — Enter the engine ID that identifies the local SNMP agent on the switch as an octet colon-separated number. A maximum of 27 characters. • remote ip-address — Enter the IPv4 or IPv6 address of a remote SNMP device that accesses the local SNMP agent.
• v3 security-level — SNMPv3 provides optional user authentication and encryption for SNMP messages, configured with the snmp-server user command. • security-level — (SNMPv3 only) Configure the security level for SNMPv3 users: – auth — Authenticate users in SNMP messages. – noauth — Do not authenticate users or encrypt SNMP messages; send messages in plain text. – priv — Authenticate users and encrypt/decrypt SNMP messages.
◦ auth-password — Enter a text string used to generate the authentication key that identifies the user. A maximum of 32 alphanumeric characters. For an encrypted password, enter the encrypted string instead of plain text. – priv — (SNMPv3 only) Configure encryption for SNMPv3 messages sent to the host: ◦ aes — Encrypt messages using an AES 128-bit algorithm. ◦ des — Encrypt messages using a DES 56-bit algorithm.
snmp-server user Authorizes a user to access the SNMP agent and receive SNMP messages. Syntax Parameters snmp-server user user-name group-name security-model [[noauth | auth {md5 | sha} auth-password] [priv {des | aes} priv-password]] [localized] [access aclname] [remote ip-address udp-port port-number]] • user-name — Enter the name of the user. A maximum of 32 alphanumeric characters. • group-name — Enter the name of the group to which the user belongs. A maximum of 32 alphanumeric characters.
an encrypted cypher-text password. In either case, the password stores in the configuration in an encrypted form and displays as encrypted in the show running-config snmp output. A localized authentication or privacy key is more complex and provides greater privacy protection. To display the localized authentication and privacy keys in an SNMPv3 user configuration, use the show runningconfiguration snmp command. To limit user access to the SNMP agent on the switch, enter an access acl-name value.
Parameters None Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command disables the SNMP agent from receiving the SNMP traps. Example OS10(config)# snmp-server vrf management Supported Releases 10.4.1.0 or later System clock OS10 uses the network time protocol (NTP) to synchronize the system clock with a time-serving host. If you do not use NTP, set the system time and the timezone.
clock set Sets the system time. Syntax clock set time year-month-day Parameters time Enter time in the format hour:minute:second, where hour is 1 to 24; minute is 1 to 60; second is 1 to 60. For example, enter 5:15 PM as 17:15:00. year-month-day Enter year-month-day in the format YYYY-MM-DD, where YYYY is a four-digit year, such as 2016; MM is a month from 1 to 12; DD is a day from 1 to 31.
Usage Information The universal time coordinated (UTC) value is the number of hours that your time zone is later or earlier than UTC/ Greenwich mean time. Example OS10# show clock 2017-01-25T11:00:31.68-08:00 Supported Releases 10.2.1E or later Network Time Protocol Network Time Protocol (NTP) synchronizes timekeeping among a set of distributed time servers and clients. The protocol coordinates time distribution in a large, diverse network.
Enable NTP NTP is disabled by default. To enable NTP, configure an NTP server where the system synchronizes. To configure multiple servers, enter the command multiple times. Multiple servers may impact CPU resources. • Enter the IP address of the NTP server where the system synchronizes in CONFIGURATION mode.
Source IP address Configure one interface IP address to include in all NTP packets. The source address of NTP packets is the interface IP address the system uses to reach the network by default. • Configure a source IP address for NTP packets in CONFIGURATION mode. ntp source interface – ethernet — Enter the keyword and node/slot/port information. – port-channel — Enter the keyword and number. – vlan — Enter the keyword and VLAN number, from 1 to 4093.
Configure NTP OS10(config)# OS10(config)# OS10(config)# OS10(config)# OS10(config)# ntp ntp ntp ntp ntp authenticate trusted-key 345 authentication-key 345 mdf 0 5A60910FED211F02 server 1.1.1.1 key 345 master 7 View NTP configuration OS10(config)# do show running-configuration ! ntp authenticate ntp authentication-key 345 mdf 0 5A60910FED211F02 ntp server 1.1.1.1 key 345 ntp trusted-key 345 ntp master 7 ... Sample NTP configuration Following example shows an NTP master(11.0.0.2), server(10.0.0.
OS10(conf-if-eth1/1/5)# ip address 11.0.0.1/24 OS10(conf-if-eth1/1/5)# exit OS10(config)# b Configure NTP master IP in NTP server OS10(config)# ntp server 11.0.0.2 OS10(config)# do show running-configuration ntp ntp server 11.0.0.2 OS10(config)# NOTE: NTP master 11.0.0.2 is reachable only through red VRF. c Configure NTP in red VRF instance.
c Configure NTP in red VRF instance. OS10(config)# ntp enable vrf red “% Warning: NTP server/client will be disabled in default VRF and enabled on a red VRF” Do you wish to continue? (y/n): y OS10(config)# do show running-configuration ntp ntp master 8 ntp enable vrf red OS10(config)# 4 Verify NTP client(10.0.0.2) is connected to NTP server(10.0.0.1) running in red VRF.
NTP commands ntp authenticate Enables authentication of NTP traffic between the device and the NTP time serving hosts. Syntax ntp authenticate Parameters None Default Not configured Command Mode CONFIGURATION Usage Information You must also configure an authentication key for NTP traffic using the ntp authentication-key command. The no version of this command disables NTP authentication. Example OS10(config)# ntp authenticate Supported Releases 10.2.
Default Not configured Command Mode INTERFACE Usage Information The no version of this command disables broadcast. Example OS10(conf-if-eth1/1/1)# ntp broadcast client Supported Releases 10.2.0E or later ntp disable By default, NTP is enabled on all interfaces. Prevents an interface from receiving NTP packets.
Default 8 Command Mode CONFIGURATION Usage Information The no version of this command resets the value to the default. Example OS10(config)# ntp master 6 Supported Releases 10.2.0E or later ntp server Configures an NTP time-serving host. Syntax Parameters ntp server {hostname | ipv4-address | ipv6-address} [key keyid] [prefer] • hostname — Enter the host name of the server. • ipv4–address | ipv6–address — Enter the IPv4 address in A.B.C.
Example OS10(config)# ntp source ethernet 1/1/24 Supported Releases 10.2.0E or later ntp trusted-key Sets a key to authenticate the system to which NTP synchronizes with. Syntax ntp trusted-key number Parameters number — Enter the trusted key ID (1 to 4294967295). Default Not configured Command Mode CONFIGURATION Usage Information The number parameter must be the same number as the number parameter in the ntp authenticationkey command.
Example • delay — Time interval or delay for a packet to complete a round-trip to the NTP time source in milliseconds. • offset — Relative time of the NTP peer’s clock to the network device clock in milliseconds. • disp — Dispersion. OS10# show ntp associations remote ref clock st when poll reach delay offset disp ============================================================= 10.10.120.5 0.0.0.0 16 - 256 0 0.00 0.000 16000.0 *172.16.1.33 127.127.1.0 11 6 16 377 -0.08 -1499.9 104.16 172.31.1.33 0.0.0.
reference time: system flags: jitter: stability: broadcastdelay: authdelay: OS10# ddc78084.f17ea38b ntp kernel stats 0.000000 s 0.000 ppm 0.000000 s 0.000000 s Tue, Nov 28 2017 6:28:20.943 OS10# show ntp status vrf red associd=0 status=0618 leap_none, sync_ntp, 1 event, no_sys_peer, system peer: 11.0.0.2:123 system peer mode: client leap indicator: 00 stratum: 10 log2 precision: -24 root delay: 0.338 root dispersion: 1136.790 reference ID: 11.0.0.2 reference time: dbc7a951.
Figure 3. DHCP Packet Format The table shows common options using DHCP packet formats.
network mask, default gateway, and name server address. DHCP IP address allocation works on a client/server model where the server assigns the client reusable IP information from an address pool. DHCP automates network-parameter assignment to network devices. Even in small networks, DHCP makes it easier to add new devices to the network. The DHCP access service provides a centralized, server-based setup to add clients to the network.
Address lease time Use the lease {days [hours] [minutes] | infinite} command to configure an address lease time (default 24 hours). OS10(config)# ip dhcp server OS10(conf-dhcp)# pool Dell OS10(conf-dhcp-Dell)# lease 36 Default gateway Ensure the IP address of the default router is on the same subnet as the client. 1 Enable DHCP server-assigned dynamic addresses on an interface in CONFIGURATION mode. ip dhcp server 2 Create an IP address pool and provide a name in DHCP mode.
NetBIOS WINS address resolution DHCP clients can be one of four types of NetBIOS nodes — broadcast, peer-to-peer, mixed, or hybrid. Dell EMC recommends using hybrid as the NetBIOS node type. 1 Enable DHCP server-assigned dynamic addresses on an interface in DHCP mode. ip dhcp server 2 Create an IP address pool and enter the pool name in DHCP mode. pool name 3 Enter the NetBIOS WINS name servers in order of preference that are available to DHCP clients in DHCP mode.
With a fixed host configuration, also known as manual binding, you must configure a network pool with a matching subnet. The static hostto-MAC address mapping pool inherits the network mask from the network pool with subnet configuration, which includes the host’s address range. Consider the following example: OS10# show running-configuration interface ethernet 1/1/2 ! interface ethernet1/1/2 no shutdown no switchport ip address 100.1.1.
OS10(config-vrf)#ip address dhcp ip address dhcp OS10(config)#interface 2/1/1 OS10(config-2/1/1)#ip vrf forwarding vrf-TEST OS10(config-vrf-TEST)#ip address dhcp . DHCP relay agent A DHCP relay agent relays DHCP messages to and from a remote DHCP server, even if the client and server are on different IP networks. You can configure the IP address of the remote DHCP server. You can configure a device either as a DHCP server or a DHCP relay agent — but not both.
INTERFACE CONFIGURATION OS10(config-inf)#ip helper-address ip-address vrf-name ip helper-address 20.1.1.1 vrf-test OS10(config)#interface 2/1/1 OS10(config-2/1/1)#ip helper-address 20.1.1.1 vrf-test View DHCP Information Use the show ip dhcp binding command to view the DHCP binding table entries. View DHCP Binding Table OS10# show ip dhcp binding IP Address Hardware address Lease expiration Hostname +-------------------------------------------------------------------------11.1.1.
OS10(config)# ip domain-list vrf-vrfblue dns3 OS10(config)# ip domain-list vrf vrf-blue dns4 OS10(config)# ip domain-list vrf vrf-blue dns5 View local system domain name information OS10# show running-configuration ! Version 10.2.9999E ! Last configuration change at Feb 20 04:50:33 2017 ! username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/VKx8SloIhp4NoGZs0I/ UNwh8WVuxwfd9q4pWIgNs5BKH. aaa authentication system:local ip domain-name dell.com ip domain-list f10.com ip name-server 1.1.
Usage Information The no version of this command enables the DHCP server. Example OS10(conf-dhcp)# no disable Supported Releases 10.2.0E or later dns-server address Assigns a DNS server to clients based on the address pool. Syntax Parameters dns-server address [address2...address8] • address — Enter the DNS server IP address that services clients on the subnet in A.B.C.D or A::B format. • address2...address8 — (Optional) Enter up to eight DNS server addresses, in order of preference.
Example OS10(conf-dhcp-static)# hardware-address 00:01:e8:8c:4d:0a Supported Releases 10.2.0E or later host Assigns a host to a single IPv4 or IPv6 address pool for manual configurations. Syntax host A.B.C.D/A::B Parameters A.B.C.D/A::B — Enter the host IP address in A.B.C.D or A::B format. Default Not configured Command Mode DHCP-POOL Usage Information The host address is the IP address used by the client machine for DHCP. Example OS10(conf-dhcp-Dell)# host 20.1.1.
Usage Information The DHCP server is available on L3 interfaces only. The no version of this command returns the value to the default.The client-facing and server-facing interfaces must be in the same VRF. Example (IPv4) OS10(config)# interface eth 1/1/22 OS10(conf-if-eth1/1/22)# ip helper-address 20.1.1.1 vrf blue Supported Releases 10.2.0E or later ipv6 helper-address Configure the DHCPv6 server address. Forwards UDP broadcasts received from IPv6 clients to the DHCPv6 server.
Supported Releases 10.2.0E or later netbios-name-server address Configures a NetBIOS WINS server which is available to DHCP clients. Syntax netbios-name-server ip-address [address2...address8] Parameters ip-address — Enter the address of the NetBIOS WINS server. address2...address8 — (Optional) Enter additional server addresses. Default Not configured Command Mode DHCP-POOL Usage Information Configure up to eight NetBIOS WINS servers available to a Microsoft DHCP client, in order of preference.
Command Mode DHCP-POOL Usage Information Use this command to configure a range of IPv4 or IPv6 addresses. Example OS10(config-dhcp-Dell)# network 20.1.1.1/24 Supported Releases 10.2.0E or later pool Creates an IP address pool name. Syntax pool pool-name Parameters pool-name — Enter the DHCP server pool name. Default Not configured Command Mode CONFIGURATION Usage Information Use this command to create an IP address pool name.
Parameters None Default Not configured Command Mode EXEC Usage Information Use this command to view the DHCP binding table. Example OS10# show ip dhcp binding IP Address Hardware address Lease expiration Hostname +----------------------------------------------------11.1.1.254 00:00:12:12:12:12 Jan 27 2016 06:23:45 Total Number of Entries in the Table = 1 Supported Releases 10.2.0E or later DNS commands OS10 supports the configuration of a DNS host and domain parameters.
Command Mode CONFIGURATION Usage Information This domain appends to incomplete DNS requests. The no version of this command returns the value to the default. Example OS10(config)# ip domain-name jay dell.com Supported Releases 10.2.0E or later ip host Configures mapping between the host name server and the IP address.
show hosts Displays the host table and DNS configuration. Syntax show hosts [vrf vrf-name] Parameters vrf vrf-name — Enter vrf then the name of the VRF to display DNS host information corresponding to that VRF. Default Not configured Command Mode EXEC Usage Information None Example OS10# show hosts Default Domain Name : dell.com Domain List : abc.com Name Servers : 1.1.1.
System management 147
3 Interfaces You can configure and monitor physical interfaces (Ethernet), port-channels, and virtual local area networks (VLANs) in Layer 2 (L2) or Layer 3 (L3) modes. Table 4.
Figure 4. S4148U-ON unified port groups To enable Ethernet interfaces in a unified port group: 1 Configure a unified port group in CONFIGURATION mode. Enter 1/1 for node/slot. The port-group range depends on the switch. port-group node/slot/port-group 2 Activate the unified port group for Ethernet operation in PORT-GROUP mode. To activate a unified port group in Fibre Channel mode, see Fibre Channel interfaces. The available options depend on the switch.
Each pair of odd and even numbered ports is configured as a port group. For example: hybrid-group port-group1/1/1 profile restricted port-group1/1/2 restricted port-group1/1/3 restricted . . .
OS10(conf-pg-1/1/2)# exit OS10(config)# interface ethernet 1/1/3:2 OS10(conf-if-eth1/1/3:2)# View the interface OS10(config)# interface ethernet 1/1/3:2 OS10(conf-if-eth1/1/3:2)# show configuration ! interface ethernet1/1/3:2 no shutdown L2 mode configuration Each physical Ethernet interface uses a unique MAC address. Port-channels and VLANs use a single MAC address. By default, all the interfaces operate in L2 mode.
2 Configure L3 routing in INTERFACE mode. Add secondary to configure backup IP addresses. ip address address [secondary] 3 Enable the interface for L3 traffic transmission in INTERFACE mode. no shutdown L3 interface configuration OS10(config)# interface OS10(conf-if-eth1/1/9)# OS10(conf-if-eth1/1/9)# OS10(conf-if-eth1/1/9)# ethernet 1/1/9 no switchport ip address 10.10.1.92/24 no shutdown View L3 configuration error OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ip address 1.1.1.
5 (Optional) Reconfigure the interface speed in INTERFACE mode. speed {8 | 16 | 32 | auto} 6 Apply vfabric configuration on the interface. For more information about vfabric configuration, see Virtual fabric. vfabric fabric-ID 7 Enable the FC interface in INTERFACE mode.
3 Configure an IP address and mask on the Management interface in INTERFACE mode. ip address A.B.C.D/prefix-length 4 Enable the Management interface in INTERFACE mode. no shutdown Configure management interface OS10(config)# interface OS10(conf-if-ma-1/1/1)# OS10(conf-if-ma-1/1/1)# OS10(conf-if-ma-1/1/1)# mgmt 1/1/1 no ip address dhcp ip address 10.1.1.10/24 no shutdown VLAN interfaces VLANs are logical interfaces and are, by default, in L2 mode.
OS10(config)# do show vlan Codes: * - Default VLAN, M - Management VLAN, R - Remote Port Mirroring VLANs Q: A - Access (Untagged), T - Tagged NUM Status Description Q Ports 1 down * 10 up A Eth1/1/1-1/1/25,1/1/29,1/1/31-1/1/54 VLAN scale profile When you scale the number of VLANs on a switch, use the VLAN scale profile. This consumes less memory. Enable the scale profile before you configure VLANs on the switch.
Port-channel interfaces Port-channels are not configured by default. Link aggregation (LA) is a method of grouping multiple physical interfaces into a single logical interface — a link aggregation group (LAG) or port-channel. A port-channel aggregates the bandwidth of member links, provides redundancy, and load balances traffic. If a member port fails, the OS10 device redirects traffic to the remaining ports. A physical interface can belong to only one port-channel at a time.
• If you globally disable a spanning-tree operation, L2 interfaces that are LACP-enabled port-channel members may flap due to packet loops. Add port member — static LAG A static port-channel LAG contains member interfaces that you manually assign using the channel-group mode on command. OS10(config)# interface port-channel 10 Aug 24 4:5:38: %Node.1-Unit.1:PRI:OS10 %dn_ifm %log-notice:IFM_ASTATE_UP: Interface admin state up.:port-channel10 Aug 24 4:5:38: %Node.1-Unit.
– secondary-ip-address — Specify a secondary IP address in dotted-decimal A.B.C.D format, which acts as the interface’s backup IP address. Assign Port Channel IP Address OS10# configure terminal OS10(config)# interface port-channel 1 OS10(conf-if-po-1)# ip address 1.1.1.1/24 OS10(conf-if-po-1)# Remove or disable port-channel You can delete or disable a port-channel. 1 Delete a port-channel in CONFIGURATION mode.
Configure load balancing OS10(config)# load-balancing ip-selection destination-ip source-ip Change hash algorithm The load-balancing command selects the hash criteria applied to traffic load balancing on port-channels. If you do not obtain even traffic distribution, use the hash-algorithm command to select the hash scheme for LAG. Rotate or shift the L2-bit LAG hash until you achieve the desired traffic distribution.
no shutdown switchport access vlan 1 Configure range of VLANs OS10(config)# interface range vlan 1-100 OS10(conf-range-vl-1-100)# Configure range of port channels OS10(config)# interface range port-channel 1-25 OS10(conf-range-po-1-25)# Switch-port profiles A port profile determines the enabled front-panel ports and supported breakout modes on Ethernet and unified ports. Change the port profile on a switch to customize uplink and unified port operation, and the availability of front-panel data ports.
profile-5 profile-6 S4148-ON Series port profiles On the S4148-ON Series of switches, port profiles determine the available front-panel Ethernet ports and supported breakout interfaces on uplink ports. In the port profile illustration, blue boxes indicate the supported ports and breakout interfaces. Blank spaces indicate ports and speeds that are not available. • • • • • 10GE mode is an SFP+ 10GE port or a 4x10G breakout of a QSFP+ or QSFP28 port. 25GE is a 4x25G breakout of a QSFP28 port.
S4148U-ON unified port modes—SFP+ ports 1-24 and QSFP28 ports 25-26 and 29-30: • 10GE is an SFP+ port in Ethernet mode or a 4x10G breakout of a QSFP+ or QSFP28 port in Ethernet mode. • 25GE is a 4x25G breakout of a QSFP28 Ethernet port. • 40GE is a QSFP+ or QSFP28 Ethernet port that uses QSFP+ 40GE transceivers. • 50GE is a 2x50G breakout of a QSFP28 Ethernet port. • 100GE is a QSFP28 Ethernet port. • 4x8GFC are breakout interfaces in an SFP+ or QSFP28 FC port group.
• To configure breakout interfaces on a unified port, use the mode {FC | Eth} command in Port-Group Configuration mode. The mode {FC | Eth} command configures a unified port to operate at line rate and guarantees no traffic loss. • To configure breakout interfaces on a QSFP+ Ethernet port, use the interface breakout command in global Configuration mode. 1GE mode: Only SFP+ ports support 1GE; QSFP+ and QSFP28 ports 25 to 30 do not support 1GE.
Enable breakout auto-configuration OS10(config)# feature auto-breakout Display breakout auto-configuration Before you plug a cable in Ethernet port 1/1/25: OS10# show interface status -----------------------------------------------------------------Port Description Status Speed Duplex Mode Vlan Tagged-Vlans -----------------------------------------------------------------Eth 1/1/1 down 0 auto Eth 1/1/2 down 0 auto A 1 Eth 1/1/25 down 0 auto A 1 Eth 1/1/29 down 0 auto A 1 After you enter feature auto-breakou
LineSpeed 100G, Auto-Negotiation on FEC is cl91-rs, Current FEC is cl91-rs Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 60 Last clearing of "show interface" counters: 00:00:17 Queuing strategy: fifo Input statistics: 7 packets, 818 octets 2 64-byte pkts, 0 over 64-byte pkts, 5 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 7 Multicasts, 0 Broadcasts, 0 Unicasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 0 discarded Output statistics: 15 packets, 1330 oct
Enable EEE OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# eee Disable EEE OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# no eee Clear EEE counters You can clear EEE counters on physical Ethernet interfaces globally or per interface.
View EEE statistics on all interfaces OS10# show interface eee statistics Port EEE TxEventCount TxDuration(us) RxEventCount RxDuration(us) -----------------------------------------------------------------------------Eth 1/1/1 off 0 0 0 0 ... Eth 1/1/47 on 0 0 0 0 Eth 1/1/48 on 0 0 0 0 Eth 1/1/49 n/a ... Eth 1/1/52 n/a EEE commands clear counters interface eee Clears all EEE counters.
eee Enables or disables energy-efficient Ethernet (EEE) on physical ports. Syntax eee Parameters None Default Enabled on Base-T devices and disabled on S3048-ON and S4048T-ON switches. Command Mode Interface Usage Information To disable EEE, use the no version of this command. Example (Enable EEE) OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# eee Example (Disable EEE) OS10(config)# interface ethernet 1/1/2 OS10(conf-if-eth1/1/2)# no eee Supported Releases 10.3.
Command Mode EXEC Example OS10# show interface eee statistics Port EEE TxEventCount TxDuration(us) RxEventCount RxDuration(us) -----------------------------------------------------------------------------Eth 1/1/1 off 0 0 0 0 ... Eth 1/1/47 on 0 0 0 0 Eth 1/1/48 on 0 0 0 0 Eth 1/1/49 n/a ... Eth 1/1/52 n/a Supported Releases 10.3.0E or later show interface ethernet eee Displays the EEE status for a specified interface.
View interface configuration To view basic interface information, use the show interface, show running-configuration, and show interface status commands. Stop scrolling output from a show command by entering CTRL+C. Display information about a physical or virtual interface in EXEC mode, including up/down status, MAC and IP addresses, and input/output traffic counters. show interface [type] • phy-eth node/slot/port[:subport] — Display information about physical media connected to the interface.
Internet address is not set Mode of IPv4 Address Assignment: not set Interface IPv6 oper status: Enabled Link local IPv6 address: fe80::20c:29ff:fe66:6b94/64 MTU 1532 bytes, IP MTU 1500 bytes LineSpeed 40G, Auto-Negotiation on Configured FEC is off, Negotiated FEC is off Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 60 Last clearing of "show interface" counters: 02:46:35 Queuing strategy: fifo Input statistics: 0 packets, 0 octets 0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255
shutdown ... View L3 interfaces OS10# show ip interface brief Interface Name IP-Address OK Method Status Protocol ========================================================================================= Ethernet 1/1/1 unassigned NO unset up down Ethernet 1/1/2 unassigned YES unset up up Ethernet 1/1/3 3.1.1.1/24 YES manual up up Ethernet 1/1/4 4.1.1.
Digital optical monitoring The digital optical monitoring (DOM) feature monitors the digital optical media for temperature, voltage, bias, transmission power (Tx), and reception power (Rx). This feature also generates event logs, alarms, and traps for any fluctuations, when configured thresholds are reached.
Enable DOM and DOM traps To generate DOM alarms, do the following. 1 Enable DOM. OS10(config)# dom enable 2 Enable DOM traps. OS10(config)# snmp-server enable traps dom You can run the show alarms command in EXEC mode to view any alarms that are generated. View DOM alarms OS10# show alarms Index ----0 Severity -------major Name ------------------EQM_MEDIA_TEMP_HIGH Raise-time Source ----------------------- -----Tue 06-04-2019 12:32:07 Node.1-Unit.
Interface commands channel-group Assigns an interface to a port-channel group. Syntax Parameters channel-group channel-number mode {active | on | passive} • channel-number — Enter a port-channel number, from 1 to 128. • mode — Sets LACP Actor mode. • active — Sets Channeling mode to Active. • on — Sets Channeling mode to static. • passive — Sets Channeling mode to passive.
no shutdown switchport access vlan 10 ! interface ethernet1/1/2 no shutdown switchport access vlan 10 ! interface ethernet1/1/3 no shutdown switchport access vlan 10 ! interface ethernet1/1/4 no shutdown switchport access vlan 10 Supported Releases 10.4.0E(R1) or later description (Interface) Configures a textual description of an interface. Syntax description string Parameters string — Enter a text string for the interface description. A maximum of 240 characters.
Usage Information You can only use this command on the Management port. The no version of this command removes the duplex mode configuration from the management port. Example OS10(conf-if-ma-1/1/1)# duplex auto Supported Releases 10.3.0E or later enable dom Enables or disables the DOM feature. Syntax dom enable Parameters None Default Disabled Command Mode CONFIGURATION Usage Information The no version of this command disables digital optical monitoring.
feature auto-breakout Enables front-panel Ethernet ports to automatically detect SFP media and autoconfigure breakout interfaces. Syntax feature auto-breakout Parameters None Default Not configured Command mode CONFIGURATION Usage information After you enter the feature auto-breakout command and plug a supported breakout cable in a QSFP+ or QSFP28 port, the port autoconfigures breakout interfaces for media type and speed. Use the interface breakout command to manually configure breakout interfaces.
interface breakout Splits a front-panel Ethernet port into multiple breakout interfaces. Syntax Parameters interface breakout node/slot/port map {100g-1x | 40g-1x | 25g-4x | 10g-4x | 25g-4x} • node/slot/port — Enter the physical port information. • 100g-1x — Reset a QSFP28 port to 100G speed. • 40g-1x — Set a QSFP28 port to use with a QSFP+ 40GE transceiver. • 25g-4x — Split a QSFP28 port into four 25GE interfaces.
Parameters id — Enter the Loopback interface ID number, from 0 to 16383. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes the Loopback interface. Example OS10(config)# interface loopback 100 OS10(conf-if-lo-100)# Supported Releases 10.2.0E or later interface mgmt Configures the Management port. Syntax interface mgmt node/slot/port Parameters node/slot/port — Enter the physical port interface information for the Management interface.
interface port-channel Creates a port-channel interface. Syntax interface port-channel channel-id Parameters channel-id — Enter the port-channel ID number, from 1 to 128. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes the interface. Example OS10(config)# interface port-channel 10 OS10(conf-if-po-10)# Supported Releases 10.2.
interface vlan Creates a VLAN interface. Syntax interface vlan vlan-id Parameters vlan-id — Enter the VLAN ID number, from 1 to 4093. Default VLAN 1 Command Mode CONFIGURATION Usage Information FTP, TFTP, MAC ACLs, and SNMP operations are not supported. IP ACLs are supported on VLANs only. The no version of this command deletes the interface. Example OS10(config)# interface vlan 10 OS10(conf-if-vl-10)# Supported Releases 10.2.
– 25g-8x fabric-expander-mode — Split a QSFP28-DD port into eight 25GE interfaces for connection to a Fabric Expander. – 25g-8x — Split a port group into eight 25GE interfaces. – 25g-4x — Split a port group into four 25GE interfaces. – 10g-8x — Split a port group into eight 10GE interfaces. – 10g-4x — Split a port group into four 10GE interfaces. • mode FC — Configure a port group in Fibre Channel mode and set the speed to: – 32g-4x — Split a port group into four 32GFC interfaces.
Command Mode INTERFACE VLAN Usage Information To configure the VLAN scale profile, use the scale-profile vlan command. The scale profile globally applies L2 mode on all VLANs you create and disables L3 transmission. To enable L3 routing traffic on a VLAN, use the mode L3 command. Example OS10(config)# interface vlan 10 OS10(conf-if-vl-10)# mode L3 Supported Releases 10.4.0E(X2) or later mtu Sets the link maximum transmission unit (MTU) frame size for an Ethernet L2 or L3 interface.
– 50g-2x — Split a port into two 50GE interfaces. – 40g-1x — Set a port to 40GE mode for use with a QSFP+ 40GE transceiver. – 25g-4x — Split a port into four 25GE interfaces. – 10g-4x — Split a port into four 10GE interfaces. Default 100g-1x Command mode PORT-GROUP Usage information To view the currently active ports and subports, use the show port-group command. The no version of the command resets port-group interfaces to the default Ethernet port mode/speed.
Parameters • restricted — Applies only to the odd-numbered port within the port group. The even-numbered port in the port group is disabled. Supported speeds are: – 100g-1x – 40g-1x – 25g-4x – 10g-4x • unrestricted — Applies to both the odd-numbered and even-numbered ports within the port group. Supported speeds are: – 100g-1x – 50g-2x – 40g-1x Default Unrestricted Command mode PORT-GROUP Usage information Enter the profile command to configure breakout interfaces.
• phy-eth node/slot/port[:subport] — Display information about physical ports connected to the interface. • status — Display interface status. • ethernet node/slot/port[:subport] — Display Ethernet interface information. • loopback id — Display Loopback IDs, from 0 to 16383. • mgmt node/slot/port — Display Management interface information. • null — Display null interface information. • port-channel id-number — Display port channel interface IDs, from 1 to 128.
Minimum number of links to bring Port-channel up is 1 Maximum active members that are allowed in the portchannel is 5 Members in this channel: ARP type: ARPA, ARP Timeout: 60 OS10# show interface port-channel summary LAG Mode Status Uptime Ports 22 L2 up 20:38:08 Eth 1/1/10 (Up) Eth 1/1/11 (Down) Eth 1/1/12 (Inact) 23 L2 up 20:34:32 Eth 1/1/20 (Up) Eth 1/1/21 (Up) Eth 1/1/22 (Up) Supported Releases 10.2.0E or later show inventory media Displays installed media in switch ports.
Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show link-bundle-utilization Link-bundle trigger threshold - 60 Supported Releases 10.2.0E or later show port-channel summary Displays port-channel summary information.
show port-group Displays the current port-group configuration on a switch. Syntax show port-group Parameters None Default None Command Mode EXEC Usage Information To view the ports that belong to each port-group, use the show port-group command. To configure a portgroup, use the port-group command.
port-group1/1/8 Supported Releases restricted 1/1/14 1/1/15 • 10.3.1E or later • 10.4.3.0 or later—Z9264F-ON platform support added Eth Disabled Eth 10g-4x show switch-port-profile Displays the current and default port profile on a switch. Syntax Parameters show switch-port-profile node/slot • node/slot — Enter the switch information. For a standalone switch, enter 1/1.
-- Unit 1 -Status : up System Identifier : 1 Down Reason : user-triggered Digital Optical Monitoring : disable Supported Releases 10.4.3.0 or later show vlan Displays the current VLAN configuration. Syntax show vlan [vlan-id] Parameters vlan-id — (Optional) Enter a VLAN ID, from 1 to 4093.
speed (Fibre Channel) Configures the transmission speed of a Fibre Channel interface. Syntax speed {8 | 16 | 32 | auto} Parameters Set the speed of a Fibre Channel interface to: • 8 — 8GFC • 16 — 16GFC • 32 — 32GFC • auto — Set the port speed to the speed of the installed media. Defaults Auto Command Mode INTERFACE Usage Information The speed command is supported only on Management and Fibre Channel interfaces. This command is not supported on Ethernet interfaces.
• The no version of this command resets the port speed to the default value auto. Example OS10(conf-if-ma-1/1/1)# speed auto Supported Releases 10.3.0E or later switch-port-profile Configures a port profile on the switch. The port profile determines the available front-panel ports and breakout modes. Syntax switch-port-profile node/unit profile Parameters • node/unit — Enter switch information. For a standalone switch, enter 1/1. • profile — Enter the name of a platform-specific profile.
◦ QSFP28 unified ports 26 and 30 operate in Ethernet 40GE mode by default and support 4x10G breakouts. QSFP28 ports 26 and 30 support 1x32GFC, 2x16GFC, and 4x8GFC in FC mode. ◦ QSFP+ Ethernet ports operate at 40GE by default and support 4x10G breakouts. ◦ SFP+ Ethernet ports operate at 10GE. – profile-2 — SFP+ unified ports (1-24), QSFP28 unified ports (25-26 and 29-30), QSFP+ Ethernet ports (27-28), and SFP+ Ethernet ports (31-54) are enabled.
OS10(config)# do write memory OS10(config)# do reload Supported Releases 10.3.0E or later switchport access vlan Assigns access VLAN membership to a port in L2 Access or Trunk mode. Syntax switchport access vlan vlan-id Parameters vlan vlan-id — Enter the VLAN ID number, from 1 to 4093. Default VLAN 1 Command Mode INTERFACE Usage Information This command enables L2 switching for untagged traffic and assigns a port interface to default VLAN1.
Supported Releases 10.2.0E or later switchport trunk allowed vlan Configures the tagged VLAN traffic that a L2 trunk interface can carry. An L2 trunk port has no tagged VLAN membership and does not transmit tagged traffic. Syntax switchport trunk allowed vlan vlan-id-list Parameters vlan-id-list — Enter the VLAN numbers of the tagged traffic that the L2 trunk port can carry. Commaseparated and hyphenated VLAN number ranges are supported.
4 Fibre Channel OS10 switches with Fibre Channel (FC) ports operate in one of the following modes: Direct attach (F_Port), NPIV Proxy Gateway (NPG), or FIP Snooping Bridge (FSB). In the FSB mode, you cannot use the FC ports. F_Port Fibre Channel fabric port (F_Port) is the switch port that connects the FC fabric to a node. S4148U-ON switches support F_Port. Enable Fibre Channel F_Port mode globally using the feature fc domain-ID domain-ID command in CONFIGURATION mode.
Terminology ENode End Node or FCoE node FC Fibre Channel FC ID A 3-byte address used by FC to identify the end points FC Map A 3-byte prefix configured per VLAN, used to frame FCoE MAC address FCF Fibre Channel Forwarder FCoE Fibre Channel over Ethernet FCoE MAC Unique MAC address used to identify an FCoE session. This is a combination of FC ID and FC Map.
6 (Optional) Add a name to the vfabric using the name vfabric-name command. 7 Apply the vfabric to FC interfaces using the vfabric fabric-ID command in FC INTERFACE mode.
fibrechannel1/1/30:3 ========================================== To configure a vfabric in NPG mode: 1 Configure a vfabric using the vfabric fabric-ID command in CONFIGURATION mode. The switch enters vfabric CONFIGURATION mode. 2 Associate a VLAN ID to the vfabric with the vlan vlan-ID command. 3 Add FCoE parameters with the fcoe {fcmap fc-map | fcf-priority fcf-priority-value | fka-adv-period adv-period | vlan-priority vlan-priority-value | keep-alive} command.
Fibre Channel zoning Fibre Channel (FC) zoning partitions a FC fabric into subsets to restrict unnecessary interactions, improve security, and manage the fabric more effectively. Create zones and add members to the zone. Identify a member by an FC alias, world wide name (WWN), or FC ID. A zone can have a maximum of 255 unique members. Create zonesets and add the zones to a zoneset. A switch can have multiple zonesets, but you can activate only one zoneset at a time in a fabric.
50:00:d3:10:00:ec:f9:1b 50:00:d3:10:00:ec:f9:05 50:00:d3:10:00:ec:f9:1f 20:35:78:2b:cb:6f:65:57 View FC zoneset configuration OS10(conf-fc-zoneset-set)# show configuration ! fc zoneset set member hba1 member hba2 OS10# show fc zoneset active vFabric id: 100 Active Zoneset: set ZoneName ZoneMember ================================================ hba2 *20:01:00:0e:1e:e8:e4:99 20:35:78:2b:cb:6f:65:57 50:00:d3:10:00:ec:f9:05 50:00:d3:10:00:ec:f9:1b 50:00:d3:10:00:ec:f9:1f hba1 *10:00:00:90:fa:b8:22:19 *21:00:0
Pinning FCoE traffic to a specific port of a portchannel You can isolate FIP and FCoE traffic by configuring a pinned port at the FCoE LAG. FCoE LAG is the port-channel used for FIP and FCoE traffic in the intermediate switches between server and storage devices. VLT provides Active/Active LAN connectivity on converged links by forwarding traffic in multiple paths to multiple upstream devices without STP blocking any of the uplinks.
Fibre Channel 205
Sample FSB configuration on VLT network 1 Enable the FIP snooping feature globally. OS10(config)# feature fip-snooping 2 Create the FCoE VLAN. OS10(config)#interface vlan 1001 OS10(conf-if-vl-1001)# fip-snooping enable 3 Configure the VLTi interface. OS10(config)# interface ethernet 1/1/27 OS10(conf-if-eth1/1/27)# no shutdown OS10(conf-if-eth1/1/27)# no switchport 4 Configure the VLT. OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.151.
OS10(conf-if-eth1/1/2)# service-policy input type network-qos PFC OS10(conf-if-eth1/1/2)# priority-flow-control mode on OS10(config)# interface OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# ethernet 1/1/3 description downlink_port_channel_member1 no shutdown channel-group 20 mode active fcoe-pinned-port no switchport service-policy input type network-qos PFC priority-flow-control mode o
FCoE sessions: Enode MAC Enode Interface FCF MAC FCF interface VLAN FCoE MAC FC-ID PORT WWPN PORT WWNN -------------------------------------------------------------------------------------------------------------------------------------------------------f4:e9:d4:a4:7d:c3 Po20(Eth 1/1/3) 14:18:77:20:78:e0 Po 10(Eth 1/1/1) 1001 0e:fc:00:01:00:00 01:34:02 20:01:f4:e9:d4:a4:7d:c3 20:00:f4:e9:d4:a4:7d:c3 Pinned port status: OS10# show fcoe pinned-port Interface pinned-port FCoE Status ----------------- ---------
10 Apply the PFC configuration on the downlink interfaces. Include the interfaces to the port-channel and configure one of the interfaces as pinned-port.
OS10(config-pmap-c-nqos)# pause OS10(config-pmap-c-nqos)# pfc-cos 3 5 Create uplink and downlink port-channels, and configure the FCF facing port.
--------------------------------------------------------f4:e9:d4:a4:7d:c3 Po20(Eth 1/1/3) 14:18:77:20:78:e0 Po 10(Eth 1/1/1) 1001 0e:fc:00:01:00:00 01:34:02 20:01:f4:e9:d4:a4:7d:c3 20:00:f4:e9:d4:a4:7d:c3 Pinned port status: OS10# show fcoe pinned-port Interface pinned-port FCoE Status ----------------- ---------------- ----------------Po 10 Eth 1/1/1 Up Po 20 Eth 1/1/3 Up Sample FC Switch configuration on non-VLT network 1 Enable the F_PORT mode.
View configuration Name server entries: OS10# show fc ns switch brief Total number of devices = 2 Intf# Domain port-channel10(Eth 1/1/9) 1 20:00:f4:e9:d4:a4:7d:c3 fibrechannel1/1/26 1 0e FC-ID 01:00:00 Enode-WWPN 20:01:f4:e9:d4:a4:7d:c3 Enode-WWNN 01:68:00 21:00:00:24:ff:7c:ae:0e 21:00:00:24:ff:7c:ae: Zoneset details: vFabric id: 1 Active Zoneset: zonesetA ZoneName ZoneMember =========================================================== zoneA *20:01:f4:e9:d4:a4:7d:c3 *21:00:00:24:ff:7c:ae:0e Pinned por
long time to identify the issue and to recover from it. At times, interface flapping occurs and might require manual intervention to recover. To recover automatically, FSB sends a Clear Virtual Link (CVL) frame from the FCF to the ENode. Configuration notes • If you configure FSB with port pinning on the uplink or downlink side, you must configure the FCF-facing interface as FCF port mode.
d Create class-maps. L2switch(config)# class-map type network-qos c3 L2switch(config-cmap-nqos)# match qos-group 3 L2switch(config)# class-map type queuing q0 L2switch(config-cmap-queuing)# match queue 0 L2switch(config-cmap-queuing)# exit L2switch(config)# class-map type queuing q3 L2switch(config-cmap-queuing)# match queue 3 L2switch(config-cmap-queuing)# exit e Create policy-maps.
b Enable FIP snooping with cvl option. FSB1(config)# feature fip-snooping with-cvl c Enable DCBX. FSB1(config)# dcbx enable d Create an FCoE VLAN and configure FIP snooping on the FCoE VLAN. FSB1(config)# interface vlan 777 FSB1(conf-if-vl-777)# fip-snooping enable e Create class-maps.
FSB1(conf-if-eth1/1/5)# switchport trunk allowed vlan 777 FSB1(config)# interface ethernet 1/1/2 FSB1(conf-if-eth1/1/2)# switchport mode trunk FSB1(conf-if-eth1/1/2)# switchport trunk allowed vlan 777 j Configure FIP snooping port mode on the L2 DCBX switch connected interface and FSB2 connected interface. The default port mode is ENode. Hence, CNA1-connected interface does not require additional configuration.
FSB2(conf-if-eth1/1/2)# FSB2(conf-if-eth1/1/2)# FSB2(conf-if-eth1/1/2)# FSB2(conf-if-eth1/1/2)# trust-map dot1p default qos-map traffic-class tc-q-map1 service-policy input type network-qos nqpolicy service-policy output type queuing ets_policy FSB2(config)# interface ethernet 1/1/13 FSB2(conf-if-eth1/1/13)# priority-flow-control mode on FSB2(conf-if-eth1/1/13)# ets mode on FSB2(conf-if-eth1/1/13)# trust-map dot1p default FSB2(conf-if-eth1/1/13)# qos-map traffic-class tc-q-map1 FSB2(conf-if-eth1/1/13)# se
FCF(config)# class-map type queuing q3 FCF(config-cmap-queuing)# match queue 3 FCF(config-cmap-queuing)# exit FCF(config)# policy-map type network-qos nqpolicy FCF(config-pmap-network-qos)# class c3 FCF(config-pmap-c-nqos)# pause FCF(config-pmap-c-nqos)# pfc-cos 3 FCF(config)# policy-map type queuing ets_policy FCF(config-pmap-queuing)# class q0 FCF(config-pmap-c-que)# bandwidth percent 30 FCF(config-pmap-c-que)# class q3 FCF(config-pmap-c-que)# bandwidth percent 70 i Create a qos-map.
14:18:77:20:86:ce 2 Eth 1/1/2 F 777 0e:fc:00 8000 FSB2# show fcoe fcf FCF MAC FCF Interface VLAN FC-MAP FKA_ADV_PERIOD No. of Enodes FCF Mode ------------------------------------------------------------------------------------------------------------14:18:77:20:86:ce Eth 1/1/13 777 0e:fc:00 8000 0 FT • To verify the list of FCoE sessions, use the show fcoe sessions command.
In this topology: • FSB1 and FSB2—access FSBs. • FSB3 and FSB4—core FSBs. • VLT is configured between FSB1 and FSB2, and requires port-pinning for VLT port channels configured between access FSBs and core FSBs. The port modes are: – Directly-connected CNA ports—ENode – Ports connected to FSB3 and FSB4—FCF • VLT is configured between FSB3 and FSB4, and requires port-pinning for VLT port channels configured between access and core FSBs.
FSB1/FSB2 FSB3/FSB4 FCF1/FCF2 8 9 10 11 8 9 10 11 7 8 9 10 12 Configure VLTi interface member links. Configure VLT domain. Configure VLAN. Apply QoS configurations on uplink (FSB3/FSB4) and downlink interfaces (CNA-1/CNA-2). Configure the uplink interface as pinned-port. Configure FIP snooping port mode on the uplink interface. 12 Configure VLTi interface member links. Configure VLT domain. Configure VLAN. Apply QoS configurations on the uplink (FCF1/FCF2) and downlink interfaces (FSB1/FSB2).
8 Configure VLTi interface member links.
2 Enable DCBX. FSB2(config)# dcbx enable 3 Create FCoE VLAN and configure FIP snooping. FSB2(config)#interface vlan1001 FSB2(conf-if-vl-1001)# fip-snooping enable FSB2(conf-if-vl-1001)# no shutdown FSB2(config)#interface vlan1002 FSB2(conf-if-vl-1002)# fip-snooping enable FSB2(conf-if-vl-1002)# no shutdown 4 Create class-maps.
10 Configure VLAN on FSB2.
5 Create policy-maps. FSB3(config)# policy-map type network-qos nqpolicy FSB3(config-pmap-network-qos)# class c3 FSB3(config-pmap-c-nqos)# pause FSB3(config-pmap-c-nqos)# pfc-cos 3 FSB3(config)# policy-map type queuing ets_policy FSB3(config-pmap-queuing)# class q0 FSB3(config-pmap-c-que)# bandwidth percent 30 FSB3(config-pmap-c-que)# class q3 FSB3(config-pmap-c-que)# bandwidth percent 70 6 Create a qos-map.
FSB3(conf-if-eth1/1/36)# FSB3(conf-if-eth1/1/36)# FSB3(conf-if-eth1/1/36)# FSB3(conf-if-eth1/1/36)# FSB3(conf-if-eth1/1/36)# FSB3(conf-if-eth1/1/36)# 12 ets mode on trust-map dot1p default qos-map traffic-class tc-q-map1 service-policy input type network-qos nqpolicy service-policy output type queuing ets_policy fcoe-pinned-port Configure FIP snooping port mode on the port channel and the interface connected to FCF1.
FSB4(conf-if-eth1/1/34)# no switchport FSB4(conf-if-eth1/1/34)# channel-group 10 FSB4(config)# interface ethernet1/1/37 FSB4(conf-if-eth1/1/37)# no shutdown FSB4(conf-if-eth1/1/37)# no switchport FSB4(conf-if-eth1/1/37)# channel-group 10 9 Configure VLT domain. FSB4(config)# vlt-domain 3 FSB4(conf-vlt-2)# discovery-interface ethernet1/1/40 FSB4(conf-vlt-2)# vlt-mac 1a:2b:3c:2a:1b:1c 10 Configure VLAN on FSB4.
6 Enable DCBX. FCF1(config)# dcbx enable 7 Create class-maps. FCF1(config)# class-map type network-qos c3 FCF1(config-cmap-nqos)# match qos-group 3 FCF1(config)# class-map type queuing q0 FCF1(config-cmap-queuing)# match queue 0 FCF1(config-cmap-queuing)# exit FCF1(config)# class-map type queuing q3 FCF1(config-cmap-queuing)# match queue 3 FCF1(config-cmap-queuing)# exit 8 Create policy-maps.
5 Create vfabric and activate the zoneset. FCF2(config)# vfabric 2 FCF2(conf-vfabric-2)# vlan 1002 FCF2(conf-vfabric-2)# fcoe fcmap 0xEFC00 FCF2(conf-vfabric-2)# zoneset activate zonesetB 6 Enable DCBX. FCF2(config)# dcbx enable 7 Create class-maps.
------------------------------------------------------------------------------------------------------------------------------f4:e9:d4:f9:fc:42 Eth 1/1/31 14:18:77:20:86:ce Po 10(Eth 1/1/36) 1001 0e:fc:00:02:02:00 02:02:00 23:05:22:11:0d:64:67:11 22:04:22:13:0d:64:67:00 FSB1# show fcoe fcf FCF MAC FCF Interface VLAN FC-MAP FKA_ADV_PERIOD No.
FCFs Enodes Sessions : 1 : 1 : 1 FSB4 FSB4# show fcoe sessions Enode MAC Enode Interface FCF MAC FCF interface VLAN FCoE MAC FC-ID PORT WWPN PORT WWNN ---------------------------------------------------------------------------------------------------------------------------------------------00:0e:1e:f1:f1:84 Po 10(Eth 1/1/37) 14:18:77:20:80:ce Eth 1/1/42 1002 0e:fc: 00:02:01:00 02:01:00 20:01:00:0e:1e:f1:f1:84 20:00:00:0e:1e:f1:f1:84 FSB4# show fcoe fcf FCF MAC FCF Interface VLAN FC-MAP FKA_ADV_PERIOD No.
Configuration guidelines When configuring different modes; for example, F_Port, NPG, or FSB, consider the following: • F_Port, NPG, and FSB modes are mutually exclusive. You can enable only one at a time. • You can enable the mode-specific commands only after enabling the specific feature. • Before you disable the F_Port and NPG features, delete the mode-specific configurations. When you disable FSB, the system automatically removes the configurations.
fc zoneset Creates an FC zoneset and adds the existing FC zones to the zoneset. Syntax fc zoneset zoneset-name Parameters zoneset-name — Enter a name for the FC zoneset. The name must start with a letter and may contain these characters: A-Z, a-z, 0-9, $, _, -, ^ Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the FC zoneset. Example OS10(config)# fc zoneset set OS10(conf-fc-zoneset-set)# member hba1 Supported Releases 10.3.
Usage Information The no version of this command removes the member from the FC alias. Example OS10(config)# fc alias test OS10(config-fc-alias-test)# member wwn 21:00:00:24:ff:7b:f5:c9 OS10(config-fc-alias-test)# member wwn 20:25:78:2b:cb:6f:65:57 Supported Releases 10.3.1E or later member (zone) Adds members to existing zones. Identify a member by an FC alias, a world wide name (WWN), or an FC ID.
show fc alias Displays the details of a FC alias and its members. Syntax show fc alias [alias-name] Parameters alias-name — (Optional) Enter the FC alias name. Default Not configured Command Mode EXEC Usage Information None Example OS10# show fc alias Alias Name Alias Member ============================================== test 21:00:00:24:ff:7b:f5:c9 20:25:78:2b:cb:6f:65:57 OS10# Supported Releases 10.3.
Usage Information None Example OS10# show fc ns switch Total number of devices = 1 Switch Name 10:00:14:18:77:13:38:28 Domain Id 4 Switch Port port-channel10(Eth 1/1/9) FC-Id 04:00:00 Port Name 50:00:d3:10:00:ec:f9:05 Node Name 50:00:d3:10:00:ec:f9:00 Class of Service 8 Symbolic Port Name Compellent Port QLGC FC 8Gbps; Slot=06 Port=01 in Controller: SN 60665 of Storage Center: DEVTEST 60665 Symbolic Node Name Compellent Storage Center: DEVTEST 60665 Port Type N_PORT Registered with NameServer Yes Registe
21:00:00:24:ff:7f:ce:ee 21:00:00:24:ff:7f:ce:ef Supported Releases 10.3.1E or later show fc zoneset Displays the FC zonesets, the zones in the zoneset, and the zone members. Syntax show fc zoneset [active | zoneset-name] Parameters zoneset-name — Enter the FC zoneset name.
21:00:00:24:ff:7f:ce:ee 21:00:00:24:ff:7f:ce:ef Example (with zoneset name) OS10# show fc zoneset set ZoneSetName ZoneName ZoneMember ================================================================== set hba1 21:00:00:24:ff:7b:f5:c8 10:00:00:90:fa:b8:22:19 21:00:00:24:ff:7f:ce:ee 21:00:00:24:ff:7f:ce:ef hba2 Supported Releases 20:01:00:0e:1e:e8:e4:99 50:00:d3:10:00:ec:f9:1b 50:00:d3:10:00:ec:f9:05 50:00:d3:10:00:ec:f9:1f 20:35:78:2b:cb:6f:65:57 10.3.
Example OS10(config)# vfabric 100 OS10(conf-vfabric-100)# zoneset activate set Supported Releases 10.3.1E or later NPG commands The following commands are supported on NPG mode: fc port-mode F Configures port mode on Fibre Channel interfaces. Syntax fc port-mode F Parameters None Defaults N_Port Command Mode Fibre Channel INTERFACE Usage Information Configure the port mode when the port is in Shut mode and when NPG mode is enabled.
Parameters None Default Not configured Command Mode EXEC Usage Information Use the brief option to display minimum details.
fcoe Adds FCoE parameters to the vfabric. Syntax Parameters Defaults fcoe {fcmap fc-map | fcf-priority fcf-priority-value | fka-adv-period advperiod | vlan-priority vlan-priority-value | keep-alive} • fc-map — Enter the FC map ID, from 0xefc00 to 0xefcff. • fcf-priority-value — Enter the FCF priority value, from 1 to 255. • adv-period — Enter the FCF keepalive advertisement period, from 8 to 90 seconds. • vlan-priority-value — Enter the VLAN priority value, from 0 to 7.
show fc statistics Displays the FC statistics. Syntax show fc statistics {vfabric vfabric-ID | interface fibrechannel} Parameters • vfabric-ID — Enter the vfabric ID. • fibrechannel — Enter the Fibre Channel interface name.
show running-config vfabric Displays the running configuration for the vfabric. Syntax show running-config vfabric Parameters None Defaults Not configured Command Mode EXEC Usage Information None Example OS10# show running-configuration vfabric ! vfabric 10 vlan 100 fcoe fcmap 0xEFC00 fcoe fcf-priority 140 fcoe fka-adv-period 13 Supported Releases 10.4.0E(R1) or later show vfabric Displays vfabric details.
Supported Releases 10.3.1E or later vfabric Configures a vfabric. Syntax vfabric fabric-ID Parameters fabric-ID — Enter the fabric ID, from 1 to 255. Defaults Not configured Command Mode CONFIGURATION Usage Information Enable the F_Port or NPG feature before configuring a vfabric. You can configure only one vfabric in F_Port mode. The vfabric becomes active only when you configure the vfabric with a valid VLAN and FC map. Do not use spanned VLAN as vfabric VLAN.
Defaults Not configured Command Mode Vfabric CONFIGURATION Usage Information Create the VLAN ID before associating it to the vfabric. Do not use spanned VLAN as vfabric VLAN. The no version of this command removes the VLAN ID from the vfabric. Example OS10(config)# interface vlan 1023 OS10(conf-if-vl-1023)# exit OS10(config)# vfabric 100 OS10(conf-vfabric-100)# vlan 1023 Supported Releases 10.3.
Parameters None Defaults Disabled Command Mode VLAN INTERFACE Usage Information Enable FIP snooping on a VLAN only after enabling the FIP snooping feature globally using the feature fipsnooping command. OS10 supports FIP snooping on a maximum of 12 VLANs. The no version of this command disables FIP snooping on the VLAN. Example OS10(config)# interface vlan 3 OS10(conf-if-vl-3)# fip-snooping enable Supported Releases 10.4.
You cannot disable FIP snooping when the port mode is set to a non-default value (enode-transit, fcf, or fcftransit). If you want to change the port mode from one value to another, you can directly use the fip-snooping port mode command. You do not have to explicitly use the no form of the command. The no version of this command resets the port mode to ENode. Example OS10(config)# interface ethernet 1/1/32 OS10(conf-if-eth1/1/32)# fip-snooping port-mode fcf Supported Releases 10.4.0E(R1) or later10.4.3.
Example OS10# clear fcoe statistics interface ethernet 1/1/1 OS10# clear fcoe statistics interface port-channel 5 Supported Releases 10.4.0E(R1) or later fcoe-pinned-port Marks a port as a pinned port in the port-channel. This configuration is supported on FSB, Ethernet LAG in NPG, and F_Port mode. It is not supported on a VLTi LAG. Syntax fcoe-pinned-port Parameters node/slot/port[:subport]—Enter the interface type details.
Default 0x08 Command Mode CONFIGURATION Usage Information You can configure only one PFC priority at a time. The no version of this command returns the configuration to default value. Example OS10(config)# fcoe priority-bits 0x08 Supported Releases 10.4.0E(R3) or later lldp tlv-select dcbxp-appln fcoe Enables FCoE application TLV for an interface.
show fcoe fcf Displays details of the FCFs connected to the switch. Syntax show fcoe [fcf-mac-address] Parameters fcf-mac-address — (Optional) Enter the MAC address of the FCF. This option displays details of the specified FCF.
show fcoe sessions Displays the details of the established FCoE sessions. Syntax show fcoe sessions [interface vlan vlan-id] Parameters vlan-id — (Optional) Enter the VLAN ID. This option displays the sessions established on the specified VLAN. Default Not configured Command Mode EXEC Usage Information None Example Enode MAC FCoE MAC aa:bb:cc:00:00:00 0e:fc:00:01:00:01 aa:bb:cc:00:00:00 0e:fc:00:01:00:02 Supported Releases 10.4.
Supported Releases 10.4.0E(R1) or later show fcoe system Displays system information related to the FCoE. Syntax show fcoe system Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show fcoe system Mode: FIP Snooping Bridge CVL Status: Enabled FCOE VLAN List (Operational) FCFs Enodes Sessions Supported Releases : : : : 1, 100 1 2 17 10.4.0E(R1) or later show fcoe vlan Displays details of FIP-snooping VLANs.
5 Layer 2 802.1X Verifies device credentials before sending or receiving packets using the Extensible Authentication Protocol (EAP), see 802.1X Commands. Link Aggregation Control Protocol (LACP) Exchanges information between two systems and automatically establishes a link aggregation group (LAG) between the systems, see LACP Commands.
NOTE: OS10 supports only RADIUS as the back-end authentication server. The authentication process involves three devices: • Supplicant — The device attempting to access the network performs the role of supplicant. Regular traffic from this device does not reach the network until the port associated to the device is authorized. Before that, the supplicant can only exchange 802.1x messages (EAPOL frames) with the authenticator.
6 If the identity information the supplicant provides is valid, the authentication server sends an Access Accept frame that specify the network privileges. The authenticator changes the port state to authorize and forwards an EAP Success frame. If the identity information is invalid, the server sends an Access Reject frame. If the port state remains unauthorized, the authenticator forwards an EAP Failure frame. EAP over RADIUS 802.
Enable 802.1X 1 Enable 802.1X globally in CONFIGURATION mode. dot1x system-auth-control 2 Enter an interface or a range of interfaces in INTERFACE mode. interface range 3 Enable 802.1X on the supplicant interface only in INTERFACE mode. dot1x port-control auto Configure and verify 802.
Identity retransmissions If the authenticator sends a Request Identity frame but the supplicant does not respond, the authenticator waits 30 seconds and then retransmits the frame. There are several reasons why the supplicant might fail to respond — the supplicant maybe booting when the request arrived, there may be a physical layer problem, and so on.
Failure quiet period If the supplicant fails the authentication process, the authenticator sends another Request Identity frame after 30 seconds by default. The quiet period is a transmit interval time after a failed authentication. The Request Identity Retransmit interval is for an unresponsive supplicant. You can configure the interval for a maximum of 10 times for an unresponsive supplicant.
force-authorized (default) This is an authorized state. A device connected to this port does not use the authentication process but can communicate on the network. Placing the port in this state is the same as disabling 802.1X on the port. forceauthorized is the default mode. force-unauthorized This is an unauthorized state. A device connected to a port does not use the authentication process but is not allowed to communicate on the network.
Configure and verify reauthentication time period OS10(config)# interface range ethernet 1/1/7-1/1/8 OS10(conf-range-eth1/1/7-1/1/8)# dot1x re-authentication OS10(conf-range-eth1/1/7-1/1/8)# dot1x timeout re-authperiod 3600 OS10(conf-range-eth1/1/7-1/1/8)# show dot1x interface ethernet 1/1/7 802.
Port Auth Status: Re-Authentication: Tx Period: Quiet Period: Supplicant Timeout: Server Timeout: Re-Auth Interval: Max-EAP-Req: Host Mode: Auth PAE State: Backend State: UNAUTHORIZED Enable 120 seconds 120 seconds 45 seconds 60 seconds 3600 seconds 5 MULTI_HOST Initialize Initialize View interface running configuration OS10(conf-range-eth1/1/7-1/1/8)# do show running-configuration interface ...
dot1x max-req Changes the maximum number of requests that the device sends to a supplicant before restarting 802.1X authentication. Syntax dot1x max-req retry-count Parameters max-req retry-count — Enter the retry count for the request sent to the supplicant before restarting 802.1X reauthentication, from 1 to 10. Default 2 Command Mode INTERFACE Usage Information The no version of this command resets the value to the default.
Example OS10(conf-range-eth1/1/7-1/1/8)# dot1x re-authentication Supported Releases 10.2.0E or later dot1x timeout quiet-period Sets the number of seconds that the device remains in the quiet state following a failed authentication exchange with a supplicant. Syntax dot1x timeout quiet-period seconds Parameters quiet period seconds — Enter the number of seconds for the 802.1X quiet period timeout, from 1 to 65535.
Supported Releases 10.2.0E or later dot1x timeout supp-timeout Sets the number of seconds that the device waits for the supplicant to respond to an EAP request frame before the device retransmits the frame. Syntax dot1x timeout supp-timeout seconds Parameters supp-timeout seconds — Enter the number of seconds for the 802.1X supplicant timeout, from 1 to 65535. Default 30 seconds Command Mode INTERFACE Usage Information The no version of this command resets the value to the default.
Supported Releases 10.2.0E or later show dot1x interface Displays 802.1X configuration information. Syntax show dot1x interface ethernet node/slot/port[:subport] Parameters ethernet node/slot/port[:subport] — Enter the Ethernet interface information. Command Mode EXEC Usage Information Use this command to view the dot1x interface configuration for a specific interface. Example OS10# show dot1x interface 802.
FEFD helps detect far-end failure when the following problems occur: • • Only one side receives packets although the physical layer (L1) of the link is up on both sides. Transceivers are not connected to the correct ports. FEFD states FEFD comprises the following four states: • Idle—FEFD is disabled. • Unknown—Shown when FEFD is enabled and changes to bi-directional after successful handshake with the peer. Also shown if the peer goes down in normal mode.
If the interface state changes to err-disabled, use the fefd reset [interface] global command to reset these interfaces. The unknown or err-disabled state brings the line protocol down so that the protocols above it can detect that the peer link is down. Table 7.
• Configure FEFD Aggressive mode globally using the fefd-global mode aggressive command in CONFIGURATION mode. OS10(Config)# fefd-global mode aggressive 2 (Optional) Configure the FEFD interval using the fefd-global interval command in CONFIGURATION mode and enter the interval in seconds. The range is from 3 to 255 seconds. OS10(Config)# fefd-global interval 20 3 (Optional) Disable FEFD on a specific interface if required using the fefd disable command in INTERFACE mode.
The following is a sample output of FEFD information for an interface: rt-maa-s4248FBL-3# show fefd ethernet 1/1/1 FEFD is globally 'ON', interval is 15 seconds, mode is Normal. INTERFACE MODE INTERVAL STATE ============================================================ eth1/1/1 NA NA Idle (Not running) FEFD Commands debug fefd Enables debugging of FEFD. Syntax Parameters debug fefd {all | events | packets} [interface] • all—Enter the keyword to view all FEFD debug information.
To disable FEFD on an interface when FEFD globally enabled, use the fefd disable command on the interface. To unconfigure FEFD on an interface, use either the no fefd command or the no fefd mode command. To return to the default FEFD interval, use the no fefd interval command. Example OS10(conf-if-eth1/1/9)# fefd OS10(conf-if-eth1/1/9)# fefd mode aggressive OS10(conf-if-eth1/1/9)# fefd mode interval 10 Supported Releases 10.4.3.0 or later fefd-global Configures FEFD globally.
Default Not configured Command Mode EXEC Usage Information If you do not enter the interface name, this command resets the error-disabled state of all interfaces because FEFD is set to Aggressive mode. Example OS10# fefd reset OS10# fefd reset ethernet 1/1/2 Supported Releases 10.4.3.0 or later show fefd Displays FEFD information globally or for a specific interface. Syntax Parameters show fefd [interface] • (Optional) interface—Enter the interface information.
eth1/1/4 eth1/1/5 eth1/1/6 eth1/1/7 eth1/1/8 eth1/1/9 eth1/1/10 Supported Releases Normal Normal Normal Normal Normal Aggressive Normal 22 22 22 22 22 22 22 Unknown Unknown Unknown Unknown Unknown Err-disabled Unknown 10.4.3.0 or later Link Aggregation Control Protocol Group Ethernet interfaces to form a single link layer interface called a LAG or port-channel.
Configuration LACP is enabled globally by default. You can configure aggregated ports with compatible active and passive LACP modes to automatically link them. 1 Configure the system priority in CONFIGURATION mode (1 to 65535; the higher the number, the lower the priority; default 32768). lacp system-priority priority-value 2 Configure the LACP port priority in INTERFACE mode (1 to 65535; the higher the number, the lower the priority; default 32768).
OS10(conf-if-eth1/1/11)# no switchport OS10(conf-if-eth1/1/11)# channel-group 10 mode active Rates Protocol data units (PDUs) are exchanged between port-channel (LAG) interfaces to maintain LACP sessions. PDUs are transmitted at either a slow or fast transmission rate, depending on the LACP timeout value. The timeout value is the amount of time that a LAG interface waits for a PDU from the remote system before bringing the LACP session down. By default, the LACP rate is normal (long timeout).
Alpha LAG configuration summary OS10(config)# interface port-channel 1 OS10(conf-if-po-1)# exit OS10(config)# interface ethernet 1/1/29 OS10(conf-if-eth1/1/29)# no switchport OS10(conf-if-eth1/1/29)# channel-group 1 mode active OS10(conf-if-eth1/1/29)# interface ethernet 1/1/30 OS10(conf-if-eth1/1/30)# no switchport OS10(conf-if-eth1/1/30)# channel-group 1 mode active OS10(conf-if-eth1/1/30)# interface ethernet 1/1/31 OS10(conf-if-eth1/1/31)# no switchport OS10(conf-if-eth1/1/31)# channel-group 1 mode activ
Interface index is 16866812 Internet address is not set Mode of IPv4 Address Assignment : not set MTU 1532 bytes, IP MTU bytes LineSpeed auto Flowcontrol rx tx ARP type: ARPA, ARP Timeout: 240 Last clearing of show "interface" counters : Queuing strategy : fifo Input statistics: 466 packets, 45298 octets 224 64-byte pkts,1 over 64-byte pkts, 241 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 466 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 4
LACP LAG ID 1 is an aggregatable link A E I L O - Active LACP, B - Passive LACP, C - Short Timeout, D - Long Timeout Aggregatable Link, F - Individual Link, G - IN_SYNC, H - OUT_OF_SYNC, Collection enabled, J - Collection disabled, K - Distribution enabled, Distribution disabled, M - Partner Defaulted, N - Partner Non-defaulted, Receiver is in expired state, P - Receiver is not in expired state Port ethernet1/1/29 is Enabled, LACP is enabled and mode is lacp Actor Admin: State Key 1 Priority 32768 Oper:
LACP fallback LACP fallback allows downstream devices, like Servers, connected to ports of a switch configured as LACP to establish a link when the system is not able to finalize the LACP handshake. For example, when servers boot in PXE mode, the server cannot exchange LACP PDUs and the switch does not enable the ports. Whenever a PXE server reboots, both the port-channel and ports go down. While rebooting, the ports come up, but not the port-channel.
OS10(conf-if-po-1)# lacp fallback enable OS10(conf-if-po-1)# lacp fallback timeout 20 OS10(conf-if-po-1)# lacp fallback preemption enable View LACP fallback configuration OS10# show port-channel summary Flags: D - Down I - member up but inactive P - member up and active U - Up (port-channel) F - Fallback enabled -------------------------------------------------------------------------------Group Port-Channel Type Protocol Member Ports ---------------------------------------------------------------------
LACP fallback in VLT domain In a VLT domain, LACP fallback enables rebooting of ToR or server connected to VLT nodes through VLT port-channel. The other end of the VLT nodes are connected to a DHCP/PXE server, as shown in the following illustration: In the above scenario, LACP fallback works as follows: 1 The ToR/server boots up. 2 One of the VLT peers takes care of controlling the LACP fallback mode.
Parameters • number — Enter the port-channel group number (1 to 128). The maximum number of port-channels is 128. The maximum physical port/maximum NPU is supported. • mode — Enter the interface port-channel mode. • active — Enter to enable the LACP interface. The interface is in the Active Negotiating state when the port starts negotiations with other ports by sending LACP packets. • on — Enter so that the interface is not part of a dynamic LAG but acts as a static LAG member.
lacp fallback enable Enables LACP fallback mode. Syntax lacp fallback enable Parameters None Default Disabled Command Mode Port-channel INTERFACE Usage Information The no version of this command disables LACP fallback mode. Example OS10# configure terminal OS10(config)# interface port-channel 1 OS10(conf-if-po-1)# lacp fallback enable Supported Releases 10.3.2E(R3) or later lacp fallback preemption Enables or disables LACP fallback port preemption.
lacp fallback timeout Configures LACP fallback time out period. Syntax lacp fallback timeout timer-value Parameters timer-value—Enter the timer values in seconds, ranging from 0 to 100 seconds. Default 15 seconds Command Mode Port-channel INTERFACE Usage Information The no version of this command returns the timer to default value. Example OS10# configure terminal OS10(config)# interface port-channel 1 OS10(conf-if-po-1)# lacp fallback timeout 20 Supported Releases 10.3.
Supported Releases 10.2.0E or later lacp rate Sets the rate at which LACP sends control packets. Syntax lacp rate {fast | normal} Parameters • fast — Enter the fast rate of 1 second. • normal — Enter the default rate of 30 seconds. Default 30 seconds Command Mode INTERFACE Usage Information Change the LACP timer rate to modify the duration of the LACP timeout. The no version of this command resets the rate to the default value.
Example OS10# show lacp counter interface port-channel 1 LACPDUs Marker Marker Response LACPDUs Port Sent Recv Sent Recv Sent Recv Pkts Err ---------------------------------------------------------------port-channel1 Ethernet1/1 554 536 0 0 0 0 0 Ethernet1/2 527 514 0 0 0 0 0 Ethernet1/3 535 520 0 0 0 0 0 Ethernet1/4 515 502 0 0 0 0 0 Ethernet1/5 518 505 0 0 0 0 0 Ethernet1/6 540 529 0 0 0 0 0 Ethernet1/7 541 530 0 0 0 0 0 Ethernet1/8 547 532 0 0 0 0 0 Ethernet1/9 544 532 0 0 0 0 0 Ethernet1/10 513 501 0 0
Neighbor: 178 MAC Address=00:00:00:00:00:00 System Identifier=,00:00:00:00:00:00 Port Identifier=0,00:01:e8:8a:fd:9e Operational key=1 LACP_Activity=passive LACP_Timeout=Long Timeout(30s) Synchronization=IN_SYNC Collecting=true Distributing=true Partner Admin State=BCEGIKNP Partner Oper State=BDEGIKMO Supported Releases 10.2.0E or later show lacp neighbor Displays information about LACP neighbors.
Usage Information All channel groups display if you do not enter the channel-number parameter.
Protocol data units LLDP devices exchange system information represented as type, length, and value (TLV) segments: Type Information included in the TLV. Length Value in bytes of the TLV after the Length field. Value System information the agent advertises. tlv segment LAN devices transmit LLDPDUs, which encapsulate TLVs, to neighboring LAN devices.
Optional TLVs OS10 supports basic TLVs, IEEE 802.1, and 802.3 organizationally-specific TLVs, and TIA-1057 organizationally-specific TLVs. A basic TLV is an optional TLV sub-type. This kind of TLV contains essential management information about the sender. A professional organization or vendor defines organizationally-specific TLVs. They have two mandatory fields, in addition to the basic TLV fields. Organizationally-specific TLVs Table 8.
Table 9. 802.1x organizationally-specific TLVs (Type – 127, OUI – 00-80-C2) TLV Subtype Description Link aggregation 7 Indicates whether the link associated with the port on which the LLDPDU is transmitted is aggregated. Also indicates whether the link is currently aggregated and provides the aggregated port identifier if the link is aggregated. Port VLAN ID 1 Untagged VLAN to which a port belongs. Protocol identity 4 Not supported. Table 10. 802.
TLV Subtype Description Chassis model 8 Model name of the chassis. (Applicable only to blade servers.) IOM service tag 9 Service tag ID of the IOM device. (Applicable only to blade servers.) IOM model name 10 Model name of the IOM device. (Applicable only to blade servers.) IOM slot label 11 Slot label of the IOM device. For example, A1, B1, A2, B2, and so on (applicable only to blade servers). IOM port number 12 Port number of the NIC. For example, 1, 2, 3, and so on. Table 12.
Table 13. Service tag TLV (Type – 127, OUI – 0xF8-0xB1-0x56) TLV Subtype Description Service tag 21 Indicates the service tag associated with the device. Table 14. Solution ID TLVs (Type – 127, OUI – 0xF8-0xB1-0x56) TLV Subtype Description Product base 22 Indicates the product base. Product serial number 23 Indicates the product serial number. Product part number 24 Indicates the product part number.
127/4 — Extended power-via-MDI • Civic address LCI • Emergency call services ELIN Power requirements, priority, and power status. LLDP-MED capabilities TLV The LLDP-MED capabilities TLV communicates the types of TLVs that the endpoint device and network-connectivity device support. The value of the LLDP-MED capabilities field in the TLV is a 2–octet bitmap. Each bit represents an LLDP-MED capability. LLDP-MED is enabled by default on an interface.
Network policies TLVs A network policy in the context of LLDP-MED is a device’s VLAN configuration and associated L2 and L3 configurations. LLDP-MED network policies TLV include: • • • • VLAN ID VLAN tagged or untagged status L2 priority DSCP value An integer represents the application type the Type integer shown in the following table, which indicates a device function where a unique network policy is defined.
• Define the LLDP-MED network policy in CONFIGURATION mode.
5 Disable LLDP TLV in INTERFACE mode. no lldp tlv-select 6 Disable LLDP globally in CONFIGURATION mode.
Advertise TLVs Configure the system to advertise TLVs from all interfaces or specific interfaces. If you configure an interface, only the interface sends LLDPDUs with the specified TLVs. 1 Enable basic TLVs attributes to transmit and receive LLDP packets in INTERFACE mode. lldp tlv-select basic-tlv {port-description | system-name | system-description | systemcapabilities | management-address} 2 Enable dot3 TLVs to transmit and receive LLDP packets in INTERFACE mode.
Configure advertise LLDP-MED network policies OS10(conf-if-eth1/1/5)# lldp-med network-policy add 1 Fast start repeat count Fast start repeat count enables a network-connectivity device to advertise itself at a faster rate for a limited amount of time. The fast start timer starts when a network-connectivity device receives the first LLDP frame from a newly detected endpoint.
Total Total Total Total Total Frames In : 0 Frames Received In Error : 0 Frames Discarded : 0 TLVS Unrecognized : 0 TLVs Discarded : 0 View LLDP interface traffic OS10# show lldp traffic interface ethernet 1/1/1 LLDP Traffic Statistics: Total Frames Out : 0 Total Entries Aged : 0 Total Frames In : 0 Total Frames Received In Error : 0 Total Frames Discarded : 0 Total TLVS Unrecognized : 0 Total TLVs Discarded : 0 LLDP MED Traffic Statistics: Total Med Frames Out : Total Med Frames In : Total Med Frames Dis
MAC PHY Configuration: Auto-neg supported: 1 Auto-neg enabled: 1 Auto-neg advertised capabilities: 10BASE-T half duplex mode, 10BASE-T full duplex mode, 100BASE-TX half duplex mode, 100BASE-TX full duplex mode MED Capabilities: Supported: LLDP-MED Capabilities, Network Policy, Location Identification, Extended Power via MDI - PSE, Extended Power via MDI - PD, Inventory Management Current: LLDP-MED Capabilities, Network Policy, Location Identification, Extended Power via MDI - PD, Inventory Management Device
Configure TTL OS10(config)# lldp holdtime-multiplier 2 Return multiplier value OS10(config)# no lldp holdtime-multiplier LLDP commands clear lldp counters Clears LLDP and LLDP-MED transmit, receive, and discard statistics from all physical interfaces. Syntax clear lldp counters Parameters None Default Not configured Command Mode EXEC Usage Information The counter default value resets to zero for all physical interfaces. Example OS10# clear lldp counters Supported Releases 10.2.
Usage Information This command enables LLDP globally for all Ethernet PHY interfaces, except on those interfaces where you manually disable LLDP. The no version of this command disables LLDP globally irrespective of whether you manually disable LLDP on an interface. Example OS10(config)# lldp enable Supported Releases 10.3.1E or later lldp holdtime-multiplier Configures the multiplier value for the hold time in seconds.
Command Mode INTERFACE Usage Information LLDP-MED communicates the types of TLVs that the endpoint device and network-connectivity device support. Use the no lldp med or lldp med disable command to disable LLDP-MED on a specific interface. Example OS10(conf-if-eth1/1/1)# lldp med disable Supported Releases 10.2.0E or later lldp med network-policy Manually defines an LLDP-MED network policy.
Parameters • add — Attach the network policy to an interface. • remove — Remove the network policy from an interface. • number — Enter a network policy index number, from 1 to 32. Default Not configured Command Mode INTERFACE Usage Information Attach only one network policy for per interface. Example OS10(conf-if-eth1/1/5)# lldp med network-policy add 1 Supported Release 10.2.0E or later lldp med tlv-select Configures the LLDP-MED TLV type to transmit or receive.
lldp receive Enables or disables the LLDP packet reception on a specific interface. Syntax lldp receive Parameters None Default Not configured Command Mode INTERFACE Usage Information Enable LLDP globally on the system before using the lldp receive command. The no version of this command disables the reception of LLDP packets. Example OS10(conf-if-eth1/1/3)# lldp receive Supported Releases 10.2.
lldp tlv-select basic-tlv Enables or disables TLV attributes to transmit and receive LLDP packets. Syntax lldp tlv-select basic-tlv {port-description | system-name | system-description | system-capabilities | management-address [ipv4 | ipv6]} Parameters • port-description — Enable or disable the port description TLV. • system-name — Enable or disable the system TLV. • system-description — Enable or disable the system description TLV.
lldp tlv-select dot3tlv Enables or disables the dot3 TLVs to transmit in LLDP packets. Syntax Parameters lldp tlv-select dot3tlv {macphy-config | max-framesize} • macphy-config — Enable the port VLAN ID TLV. • max-framesize — Enable maximum frame size TLV. Default Enabled Command Mode INTERFACE Usage Information The no version of this command disables TLV transmission. Example OS10(conf-if-eth1/1/3)# lldp tlv-select dot3tlv macphy-config Supported Releases 10.2.
Example OS10# show lldp interface ethernet 1/1/5 ethernet1/1/5 Tx State : Enabled Rx State : Enabled Tx SEM State : initialize Rx SEM State : wait-port-operational Notification Status : Disabled Notification Type : mis-configuration DestinationMacAddr : 01:80:c2:00:00:0e Example (Local Device) OS10# show lldp interface ethernet 1/1/1 local-device Device ID: 00:0c:29:e5:aa:f4 Port ID: ethernet1/1/1 System Name: OS10 Capabilities: Bridge Router System description: Dell networking Operating system Port desc
Usage Information Use the show lldp interface command to view MED information for a specific interface.
Remote Chassis ID Subtype: Mac address (4) Remote Chassis ID: 00:50:56:a6:29:54 Remote Port Subtype: Interface alias (1) Remote Port ID: ethernet1/1/1 Remote Port Description: ethernet1/1/1 Local Port ID: ethernet1/1/1 Locally assigned remote Neighbor Index: 2 Remote TTL: 120 Information valid for next 99 seconds Time since last information change of this neighbor: 15:51:41 Remote System Name: OS10 Remote System Desc: OS10 Existing System Capabilities: Repeater, Bridge, Router Enabled System Capabilities: R
show lldp tlv-select interface Displays the TLVs enabled for an interface. Syntax show lldp tlv-select interface ethernet node/slot/port[:subport] Parameters ethernet node/slot/port[:subport] — Enter the Ethernet interface information, from 1 to 253.
LLDP MED Traffic Statistics: Total Med Frames Out : Total Med Frames In : Total Med Frames Discarded : Total Med TLVS Discarded : Total Med Capability TLVS Discarded: Total Med Policy TLVS Discarded : Total Med Inventory TLVS Discarded : Supported Releases 2 1 0 0 0 0 0 10.2.0E or later show nework-policy profile Displays the network policy profiles. Syntax show network-policy profile [profile number] Parameters profile number — (Optional) Enter the network policy profile number, from 1 to 32.
Static MAC Address You manually configure a static MAC address entry. A static entry is not subject to aging. • Create a static MAC address entry in the MAC address table in CONFIGURATION mode. mac-address-table static nn:nn:nn:nn:nn vlan vlan-id interface [ethernet node/slot/ port[:subport] | port-channel channel-number] Set Static MAC Address OS10(config)# mac address-table static 34:17:eb:f2:ab:c6 vlan 10 interface ethernet 1/1/5 MAC Address Table OS10 maintains a list of MAC address table entries.
– all — (Optional) Clear all dynamic entries. – address mac_address — (Optional) Clear a MAC address entry. – vlan vlan-id — (Optional) Clear a MAC address table entry from a VLAN number, from 1 to 4093. – ethernet node/slot/port[:subport] — (Optional) Clear an Ethernet interface entry. – port—channel number — (Optional) Clear a port-channel number, from 1 to 128.
Command Mode CONFIGURATION Usage Information Set the aging timer to zero (0) to disable MAC address aging for all dynamic entries. The aging time counts from the last time that the device detected the MAC address. Example OS10(config)# mac address-table aging-time 3600 Supported Releases 10.2.0E or later mac address-table static Configures a static entry for the L2 MAC address table.
– port-channel channel-number — Displays MAC address table information for a port-channel interface, from 1 to 128. • static — (Optional) Displays static MAC address table entries only. • vlan vlan-id — (Optional) Displays VLAN information only, from 1 to 4093. Default Not configured Command Mode EXEC Usage Information The network device maintains static MAC address entries saved in the startup configuration file, and reboots and deletes dynamic entries.
Configuring MST is a four-step process: 1 Enable MST, if the current running spanning tree protocol (STP) version is not MST. 2 (Optional) Map the VLANs to different instances to achieve load balancing. 3 Ensure the same region name is configured in all the bridges running MST. 4 (Optional) Configure the revision number. Configure MSTP When you enable MST globally, all L2 physical, port-channel, and VLAN interfaces automatically assign to MSTI zero (0).
Create instances You can create multiple MSTP instances and map VLANs. A single MSTI provides no more benefit than RSTP. To take full advantage of the MSTP, create multiple MSTIs and map VLANs to them. 1 Enter an instance number in CONFIGURATION mode. spanning tree mst configuration 2 Enter the MST instance number in MULTIPLE-SPANNING-TREE mode, from 0 to 63. instance instance-number 3 Enter the VLAN and IDs to participate in the MST instance in MULTIPLE-SPANNING-TREE mode, from 1 to 4096.
ethernet1/1/17 128.324 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.324 ethernet1/1/18 128.328 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.328 ethernet1/1/19 128.332 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.332 ethernet1/1/20 128.336 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.336 ethernet1/1/21 128.340 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.340 ethernet1/1/22 128.344 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.344 ethernet1/1/23 128.348 128 200000000 BLK 0 32768 90b1.1cf4.a523 128.
Non-Dell EMC hardware OS10 supports only one MST region. For a bridge to be in the same MST region as another, the three unique name, revision, and VLAN-toinstance-mapping attributes must match. The default values for the name and revision number match on all Dell EMC hardware. If you have non-Dell EMC hardware that participates in MST, ensure these values match on all devices. A region is a combination of three unique attributes: • Name — A mnemonic string you assign to the region.
4 Change the max-hops parameter in CONFIGURATION mode, from 1 to 40, default 20.
Boundary: Yes, Bpdu-filter: Disable, Bpdu-Guard: Disable, Shutdown-on-Bpdu-Guard-violation: No Root-Guard: Disable, Loop-Guard: Disable Bpdus (MRecords) Sent: 69, Received: 0 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ---------------------------------------------------------------------ethernet1/1/7 0.284 0 1 FWD 0 32768 90b1.1cf4.9b8a 0.
Root guard Avoids bridging loops and preserves the root bridge position during network transitions. STP selects the root bridge with the lowest priority value. During network transitions, another bridge with a lower priority may attempt to become the root bridge and cause unpredictable network behavior. To avoid such an attempt and preserve the position of the root bridge, configure the spanning-tree guard root command. Root guard is enabled on ports that are designated ports.
Name PortID Prio Cost Sts Cost Bridge ID PortID -------------------------------------------------------------------------ethernet1/1/4 128.272 128 500 BLK 500 32769 90b1.1cf4.a911 128.
disabled, the port remains shut down indefinitely. You must manually bring up the port using the shutdown and no shutdown commands. The no version of the command disables the recovery option.
You can enable the MAC flush optimization feature by setting the MAC flush timer to a non-zero value. This feature is enabled by default with a default timer value of 200 centi-seconds. To disable MAC flush optimization, configure the MAC flush timer value to 0. When you configure the MAC flush timer to a non-zero value and the threshold to zero, the system invokes instance-based flush once and starts the timer. When the timer expires, the system invokes an instance-based flush again.
MST commands errdisable detect cause bpduguard Configures the port to be shut down or moves the port to blocked state on detecting a BPDU guard violation. Syntax errdisable detect cause bpduguard Parameters None Default Enabled Command Mode CONFIGURATION Usage Information This command applies only to STP-enabled ports. The command takes effect only when BPDU guard is configured on a port. When the detect cause option is enabled, the port is shut down whenever there is a BPDU guard violation.
Supported Releases 10.4.2.0 or later errdisable recovery interval Configures recovery interval timer to delay the recovery of ports when there is a BPDU Guard violation. Syntax errdisable recovery interval interval-value Parameters interval-value—Enter the time interval in seconds. The range is from 30 to 65535. Default 300 seconds Command Mode CONFIGURATION Usage Information This command applies only to STP-enabled ports. The command takes effect only when BPDU guard is configured on a port.
Default System MAC address Command Mode MULTIPLE-SPANNING-TREE Usage Information By default, the MST protocol assigns the system MAC address as the region name. Two MST devices within the same region must share the same region name, including matching case. Example OS10(conf-mst)# name my-mst-region Supported Releases 10.2.0E or later revision Configures a revision number for the MSTP configuration.
Parameters • enable — Enables the BPDU guard filter on an interface. • disable — Disables the BPDU guard filter on an interface. Default Disabled Command Mode INTERFACE Usage Information BPDU guard prevents a port from receiving BPDUs. If the port receives a BPDU, it is placed in the Error-Disabled state. Example OS10(conf-if-eth1/1/4)# spanning-tree bpduguard enable Supported Releases 10.2.
spanning-tree link-type Sets the spanning-tree link type for faster convergence. Syntax Parameters spanning-tree link-type {auto | point-to-point | shared} • auto — Enter the keyword to sets the link type based on the duplex setting of the interface. • point-to-point—Specifies that the interface is a point-to-point or full-duplex link. • shared—Specifies that the interface is a half-duplex medium. Default Auto Command Mode INTERFACE Usage Information As specified in IEEE 802.
spanning-tree mode Enables an STP type: RSTP, Rapid-PVST+, or MST. Syntax spanning-tree mode {rstp | mst | rapid-pvst} Parameters • rstp — Sets STP mode to RSTP. • mst — Sets STP mode to MST. • rapid-pvst — Sets STP mode to RPVST+. Default RPVST+ Command Mode CONFIGURATION Usage Information All STP instances stop in the previous STP mode, and restart in the new mode. You can also change to RSTP/MST mode.
spanning-tree msti Configures the MSTI, cost, and priority values for an interface. Syntax Parameters spanning-tree msti instance {cost cost | priority value} • msti instance — Enter the MST instance number, from 0 to 63. • cost cost — (Optional) Enter a port cost value, from 1 to 200000000.
spanning-tree mst disable Disables spanning tree on the specified MST instance. Syntax spanning-tree mst instance-number disable Parameters instance-number—Enter the instance number, from 0 to 63. Default Enabled Command Mode CONFIGURATION Usage Information The no version of this command enables spanning tree on the specified MST instance. Example OS10(config)# spanning-tree mst 10 disable Supported Releases 10.4.
spanning-tree mst hello-time Sets the time interval between generation and transmission of MSTP BPDUs. Syntax spanning-tree mst hello-time seconds Parameters seconds — Enter a hello-time interval value in seconds, from 1 to 10. Default 2 seconds Command Mode CONFIGURATION Usage Information Dell EMC recommends increasing the hello-time for large configurations, especially configurations with multiple ports. The no version of this command resets the value to the default.
Usage Information The no version of this command resets the value to the default. Example OS10(config)# spanning-tree mst max-age 10 Supported Releases 10.2.0E or later spanning-tree mst max-hops Configures the maximum hop count for a BPDU to travel before it is discarded. Syntax spanning-tree mst max-hops number Parameters number — Enter a maximum hop value, from 6 to 40.
Default None Command Mode EXEC Usage Information None Example OS10# show errdisable detect Error-Disable Cause Detect Status ----------------------------------------------bpduguard Enabled OS10# show errdisable recovery Error-Disable Recovery Timer Interval: 300 seconds Error-Disable Reason Recovery Status --------------------------------------------------bpduguard Enabled Recovery Time left Interface Errdisable Cause (seconds) --------------------------------------------------------------------ether
Parameters • instance-number — (Optional) Displays MST instance information, from 0 to 63. • brief — (Optional) Displays MST instance summary information. • guard — (Optional) Displays which guard is enabled and the current port state. • virtual-interface—(Optional) Displays MST information specific to VLT. • interface interface—(Optional) Displays interface type information: – ethernet node/slot/port[:subport] — Enter the Ethernet port information, from 1 to 48.
Name Instance Sts Guard Type -----------------------------------------ethernet1/1/1 MSTI 1 FWD root ethernet1/1/2 MSTI 1 FWD loop ethernet1/1/3 MSTI 1 BLK none ethernet1/1/4 MSTI 1 FWD none ethernet1/1/5 MSTI 1 BLK none ethernet1/1/6 MSTI 1 BLK none ethernet1/1/7 MSTI 1 BLK none ethernet1/1/8 MSTI 1 BLK none ...
Load balance and root selection All VLANs use the same forwarding topology — R2 is elected as the root and all 10G Ethernet ports have the same cost. RPVST+ changes the bridge priority of each bridge so that a different forwarding topology generates for each VLAN. To achieve RPVST+ load balancing, assign a different priority on each bridge. Enable RPVST+ By default, RPVST+ is enabled and creates an instance only after you add the first member port to a VLAN.
-------------------------------------------------------------ethernet1/1/5 Root 128.276 128 500 FWD 0 AUTO No ethernet1/1/6 Altr 128.280 128 500 BLK 0 AUTO No Select root bridge RPVST+ determines the root bridge. Assign one bridge a lower priority to increase the likelihood that it becomes the root bridge. The show spanning-tree brief command displays information about all ports regardless of the operational status.
ethernet1/1/10 128.296 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/11 128.300 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/12 128.304 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/13 128.308 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/14 128.312 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/15 128.316 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/16 128.320 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/17 128.324 128 200000000 FWD 0 32769 0000.0000.
Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ---------------------------------------------------------------------ethernet1/1/5 128.276 128 500 FWD 0 24577 90b1.1cf4.a523 128.276 ethernet1/1/6 128.280 128 500 LRN 0 24577 90b1.1cf4.a523 128.280 Interface Name Role PortID Prio Cost Sts Cost Link-type Edge ------------------------------------------------------------ethernet1/1/5 Desg 128.
• Modify the max-age (in seconds) in CONFIGURATION mode, from 6 to 40, default 20. spanning-tree vlan vlan-id max-age seconds View RPVST+ global parameters OS10# show spanning-tree active Spanning tree enabled protocol rapid-pvst with force-version rstp VLAN 1 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32769, Address 90b1.1cf4.a523 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32769, Address 90b1.1cf4.
Parameters • interface — Enter the interface type: – ethernet node/slot/port[:subport] — Deletes the spanning-tree counters from a physical port. – port-channel number — Deletes the spanning-tree counters for a port-channel interface, from 1 to 128. Default Not configured Command Mode EXEC Usage Information Clear all STP counters on the device per the Ethernet interface or port-channel. Example OS10# clear spanning-tree counters interface port-channel 10 Supported Releases 10.2.
Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32769, Address 74e6.e2f5.bb80 We are the root of VLAN 1 Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ---------------------------------------------------------------------------ethernet1/1/1 128.260 128 200000000 FWD 0 32769 0000.0000.0000 128.260 ethernet1/1/2 128.264 128 200000000 FWD 0 32769 0000.0000.0000 128.264 ethernet1/1/3 128.
Supported Releases 10.2.0E or later spanning-tree disable Disables Spanning-Tree mode configured with the spanning-tree mode command globally on the switch or on specified interfaces. Syntax spanning-tree disable Parameters None Default Not configured. Usage Information The no version of this command re-enables STP and applies the currently configured spanning-tree settings.
Default Auto Command Mode INTERFACE Usage Information As specified in IEEE 802.1w, OS10 assumes a port that runs in full duplex mode as a point-to-point link. A point-topoint link transitions to forwarding state faster. By default, OS10 derives the link type of a port from the duplex mode. You can override the duplex mode using the spanning-tree link-type command. As half-duplex mode is considered as a shared link, the fast transition feature is not applicable for shared links.
Example (RSTP) OS10(config)# spanning-tree mode rstp Example (MST) OS10(config)# spanning-tree mode mst Supported Releases 10.2.0E or later spanning-tree port Sets the port type as the EdgePort. Syntax spanning-tree port type edge Parameters None Default Not configured Command Mode INTERFACE Usage Information When you configure an EdgePort on a device running STP, the port immediately transitions to the Forwarding state. Only configured ports connected to end hosts act as EdgePorts.
spanning-tree vlan disable Disables spanning tree on a specified VLAN. Syntax spanning-tree vlan vlan-id disable Parameters vlan-id — Enter the VLAN ID number, from 1 to 4093. Default Enabled Command Mode CONFIGURATION Usage Information The no version of this command enables spanning tree on the specified VLAN. Example OS10(config)# spanning-tree vlan 100 disable Supported Releases 10.4.
spanning-tree vlan hello-time Sets the time interval between generation and transmission of RPVST BPDUs. Syntax Parameters spanning-tree vlan vlan-id hello-time seconds • vlan-id — Enter the VLAN ID number, from 1 to 4093. • seconds — Enter a hello-time interval value in seconds, from 1 to 10. Default 2 seconds Command Mode CONFIGURATION Usage Information Dell EMC recommends increasing the hello-time for large configurations, especially configurations with multiple ports.
Command Mode CONFIGURATION Usage Information None Example OS10(config)# spanning-tree vlan 10 max-age 10 Supported Releases 10.2.0E or later spanning-tree vlan priority Sets the priority value for RPVST+. Syntax spanning-tree vlan vlan-id priority priority value Parameters priority priority value — Enter a bridge-priority value in increments of 4096, from 0 to 61440.
• secondary — Designate the bridge as the secondary or secondary root bridge. Default Not configured Command Mode CONFIGURATION Usage Information None Example OS10(config)# spanning-tree vlan 1 root primary Supported Releases 10.2.0E or later Rapid Spanning-Tree Protocol Rapid Spanning-Tree Protocol (RSTP) is similar to STP, but provides faster convergence and interoperability with devices configured with STP and MSTP. RSTP is disabled by default.
View all port participating in RSTP OS10# show spanning-tree Spanning tree enabled protocol rstp with force-version rstp Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 3417.4455.667f Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 90b1.1cf4.
ethernet1/1/28 128.368 128 200000000 BLK 0 0 0000.0000.0000 ethernet1/1/29 128.372 128 200000000 BLK 0 0 0000.0000.0000 ethernet1/1/30 128.376 128 200000000 BLK 0 0 0000.0000.0000 ethernet1/1/31 128.380 128 200000000 BLK 0 0 0000.0000.0000 ethernet1/1/32 128.384 128 200000000 BLK 0 0 0000.0000.0000 Interface Name Role PortID Prio Cost Sts Cost Link-type Edge ------------------------------------------------------------------------ethernet1/1/1 Disb 128.260 128 200000000 BLK 0 AUTO No ethernet1/1/2 Disb 128.
Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ------------------------------------------------------------------ethernet1/1/1 244.128 128 500 BLK 0 32768 90b1.1cf4.9b8a 128.244 ethernet1/1/2 248.128 128 500 BLK 0 32768 90b1.1cf4.9b8a 128.248 ethernet1/1/3 252.128 128 500 FWD 0 32768 90b1.1cf4.9b8a 128.252 ethernet1/1/4 256.128 128 500 BLK 0 32768 90b1.1cf4.9b8a 128.
Root bridge selection RSTP determines the root bridge. Assign one bridge a lower priority to increase the likelihood that it is selected as the root bridge. • Assign a number as the bridge priority or designate it as the primary or secondary root bridge in CONFIGURATION mode. Configure the priority value range, from 0 to 65535 in multiples of 4096, default 32768. The lower the number assigned, the more likely the bridge becomes the root bridge.
Spanning-tree extensions STP extensions ensure efficient network convergence by securely enforcing the active network topology. OS10 supports BPDU filtering, BPDU guard, loop guard, and root guard STP extensions. BPDU filtering Protects the network from unexpected flooding of BPDUs from an erroneous device. Enabling BPDU Filtering instructs the hardware to drop BPDUs and prevents flooding from reaching the CPU. BPDU filtering is enabled by default on Edge ports. All BPDUs received on the Edge port drop.
violation :disable RootGuard: enable LoopGuard disable Bpdus (MRecords) sent 134, received 138 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID -------------------------------------------------------------------------ethernet1/1/4 128.272 128 500 BLK 500 32769 90b1.1cf4.a911 128.
To fasten the spanning-tree state transitions, you can set the link type to point-to-point. To set the link type to point-to-point: • Use the following command in INTERFACE mode. spanning-tree link-type point-to-point MAC flush optimization OS10 offers a MAC address clearing technique that optimizes the number of MAC flush calls sent by the Spanning Tree Protocol (STP) module. For more information about this feature, see MAC flush optimization.
show spanning-tree active Displays the RSTP configuration and information for RSTP-active interfaces. Syntax show spanning-tree active Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show spanning-tree active Spanning tree enabled protocol rstp with force-version rstp Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 90b1.1cf4.
Designated root has priority 32768, address 34:17:44:55:66:7f Designated bridge has priority 32768, address 34:17:44:55:66:7f Designated port id is 151.128, designated path cost Timers: message age 0, forward delay 0, hold 0 Number of transitions to forwarding state 1 Link type is point-to-point by default, auto PVST Simulation is enabled by default BPDU sent 3, received 7 Supported Releases 10.2.0E or later spanning-tree bpdufilter Enables or disables BPDU filtering on an interface.
Parameters None Default Not configured. Usage Information The no version of this command re-enables STP and applies the currently configured spanning-tree settings. Command Mode CONFIGURATION INTERFACE Example OS10(config)# interface ethernet 1/1/4 OS10(config-if-eth1/1/4)# spanning-tree disable Supported Releases 10.3.0E or later spanning-tree guard Enables or disables loop guard or root guard on an interface.
As half-duplex mode is considered as a shared link, the fast transition feature is not applicable for shared links. If you designate a port as a shared link, you cannot use the fast transition feature, regardless of the duplex setting. Example OS10(config)# spanning-tree link-type point-to-point Supported Releases OS10 legacy command. spanning-tree mac-flush-timer Enables or disables MAC flush optimization.
spanning-tree port Sets the port type as the EdgePort. Syntax spanning-tree port type edge Parameters None Default Not configured Command Mode INTERFACE Usage Information When you configure an EdgePort on a device running STP, the port immediately transitions to the Forwarding state. Only configured ports connected to end hosts act as EdgePorts. Example OS10(config)# spanning-tree port type edge Supported Releases 10.2.
spanning-tree rstp hello-time Sets the time interval between generation and transmission of RSTP BPDUs. Syntax spanning-tree rstp hello-time seconds Parameters seconds — Enter a hello-time interval value in seconds, from 1 to 10. Default 2 seconds Command Mode CONFIGURATION Usage Information Dell EMC recommends increasing the hello-time for large configurations, especially configurations with multiple ports. Example OS10(config)# spanning-tree rstp hello-time 5 Supported Releases 10.2.
Example OS10(config)# spanning-tree rstp max-age 10 Supported Releases 10.2.0E or later spanning-tree rstp Sets the priority value for RSTP. Syntax spanning-tree rspt priority priority value Parameters priority priority value — Enter a bridge-priority value in increments of 4096, from 0 to 61440. Valid priority values are: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440. All other values are rejected.
Default VLAN configuration OS10# show vlan Codes: * - Default VLAN, G-GVRP VLANs, R-Remote Port Mirroring VLANs, P-Primary, C-Community, IIsolated Q: A-Access (Untagged), T-Tagged x-Dot1x untagged, X-Dot1x tagged G-GVRP tagged, M-Vlan-stack, H-VSN tagged i-Internal untagged, I-Internal tagged, v-VLT untagged, V-VLT tagged NUM Status Description Q Ports * 1 up A Eth1/1/1-1/1/54 Create or remove VLANs You can create VLANs and add physical interfaces or port-channel LAG interfaces to the VLAN as tagged or unt
View configured VLANs OS10(config)# do show interface vlan Vlan 1 is up, line protocol is up Address is , Current address is Interface index is 69208865 Internet address is not set MTU 1532 bytes LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 240 Last clearing of "show interface" counters Queueing strategy: fifo Time since last interface status change: Vlan 200 is up, line protocol is up Address is , Current address is Interface index is 69209064 Internet address is not set MTU 1532 b
Show running configuration OS10# show running-configuration ... ! interface ethernet1/1/5 ... switchport access vlan 604 no shutdown ! interface vlan1 no shutdown ... Trunk mode A trunk port can be a member of multiple VLANs set up on an interface. A trunk port transmits traffic for all VLANs. To transmit traffic on a trunk port with multiple VLANs, OS10 uses tagging or the 802.1q encapsulation method. 1 Configure a port in INTERFACE mode.
NOTE: However, the zero-touch deployment (ZTD) application requires this functionality. While ZTD is in progress, the system assigns an IP address to the default VLAN to establish connectivity. After ZTD is complete, the system removes the IP address assigned to the default VLAN. You can place VLANs and other logical interfaces in L3 mode to receive and send routed traffic. 1 Create a VLAN in CONFIGURATION mode, from 1 to 4093.
• • View the VLAN interface configuration in EXEC mode. show interfaces vlan View the VLAN interface configuration for a specific VLAN ID in EXEC mode.
LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 240 Last clearing of "show interface" counters Queueing strategy: fifo Time since last interface status change: VLAN commands description (VLAN) Adds a description to the selected VLAN. Syntax description description Parameters description — Enter a text string to identify the VLAN. A maximum of 80 characters.
Usage Information Use this command to view VLAN configuration information for a specific VLAN ID. Example OS10(config)# do show vlan Codes: * - Default VLAN, M - Management VLAN, R - Remote Port Mirroring VLANs Q: A - Access (Untagged), T - Tagged NUM Status Description Q Ports * 1 Active A Eth1/1/15 A Po100 2101 Active T Eth1/1/1,1/1/3 T Po100 2102 Active T Eth1/1/1,1/1/3 Supported Releases 10.2.
In the State field, true indicates that the port is enabled. In the Reason field, Is UP indicates that hardware resources are allocated. OS10# show monitor session all S.
• • • To associate with the source session, the reserved VLAN can have up to four member ports. To associate with the destination session, the reserved VLAN can have multiple member ports. The reserved VLAN cannot have untagged ports. Reserved L2 VLAN • • • MAC address learning in the reserved VLAN is automatically disabled. There is no restriction on the VLAN IDs used for the reserved remote monitoring VLAN. Valid VLAN IDs are from 2 to 4093. The default VLAN ID is not supported.
View monitoring session OS10(conf-mon-rpm-source-10)# do show monitor session all S.Id Source Destination Dir SrcIP DstIP DSCP TTL State Reason --------------------------------------------------------------1 vlan10 vlan 100 rx N/A N/A N/A N/A true Is UP Encapsulated remote port monitoring You can also have the monitored traffic transmitted over an L3 network to a remote analyzer.
Create monitoring session OS10(config)# monitor session 10 type erpm-source OS10(conf-mon-erpm-source-10)# Configure source port, source and destination IP addresses, and protocol type OS10(conf-mon-erpm-source-10)# OS10(conf-mon-erpm-source-10)# OS10(conf-mon-erpm-source-10)# OS10(conf-mon-erpm-source-10)# OS10(conf-mon-erpm-source-10)# source interface ethernet 1/1/2 source-ip 1.1.1.1 destination-ip 3.3.3.
OS10(conf-mac-acl)# deny any any capture session 1 OS10(conf-mac-acl)# exit OS10(config)# interface ethernet 1/1/9 OS10(conf-if-eth1/1/9)# mac access-group mac1 in OS10(conf-if-eth1/1/9)# end OS10# show mac access-lists in Ingress MAC access-list mac1 Active on interfaces : ethernet1/1/9 seq 10 deny any any capture session 1 count (0 packets) Remote port monitoring on VLT In a network, devices you configure with peer VLT nodes are considered as a single device.
Scenario Recommendation flow-based enable source interface ethernet1/1/1 (ICL lag member) ! Mirror a VLAN with VLTi LAG as a member to any orphan port on the same VLT device. The packet analyzer connects to the local VLT device through the orphan port. The recommended configuration on the VLT device: 1 Create an L2 ACL for the local session and attach it to the VLTi LAG interface.
Port monitoring commands description Configures a description for the port monitoring session. The monitoring session can be: local, RPM, or ERPM. Syntax description string Parameters string — Enter a description of the monitoring session. A maximum of 255 characters. Default Not configured Command Mode MONITOR-SESSION Usage Information The no version of this command removes the description text.
flow-based Enables flow-based monitoring. The monitoring session can be: local, RPM, or ERPM. Syntax flow-based enable Parameters None Default Disabled Command Mode MONITOR-SESSION Usage Information The no version of this command disables the flow-based monitoring. Example OS10(conf-mon-local-1)# flow-based enable OS10(conf-mon-rpm-source-2)# flow-based enable OS10(conf-mon-erpm-source-3)# flow-based enable Supported Releases 10.2.
Default local Command Mode CONFIGURATION Usage Information The no version of this command removes the monitor session. Example OS10(config)# monitor session 1 OS10(conf-mon-local-1)# Example (RPM) OS10(config)# monitor session 5 type rpm-source OS10(conf-mon-rpm-source-5)# Example (ERPM) OS10(config)# monitor session 10 type erpm-source OS10(conf-mon-erpm-source-10)# Supported Releases 10.2.0E or later show monitor session Displays information about a monitoring session.
Default Disabled Command Mode MONITOR-SESSION Usage Information The no version of this command enables the monitoring session. Example OS10(config)# monitor session 1 OS10(conf-mon-local-1)# no shut OS10(config)# monitor session 5 type rpm-source OS10(conf-mon-rpm-source-5)# no shut OS10(config)# monitor session 10 type erpm-source OS10(conf-mon-erpm-source-10)# no shut Supported Releases 10.2.0E or later source Configures a source for port monitoring.
Parameters • source ip-address — Enter the source IP address. • destination ip-address — Enter the destination IP address. • protocol-value — Enter the GRE protocol value, from 1 to 65535, default: 35006. Default Not configured Command Mode MONITOR-SESSION Usage Information None Example OS10(config)# monitor session 10 OS10(conf-mon-erpm-source-10)# source-ip 10.16.132.181 destination-ip 172.16.10.11 gre-protocol 35006 Supported Releases 10.4.
6 Layer 3 Bidirectional Provides rapid failure detection in links with adjacent routers (see BFD commands). forwarding detection (BFD) Border Gateway Protocol (BGP) Provides an external gateway protocol that transmits inter-domain routing information within and between autonomous systems (see BGP Commands). Equal Cost MultiPath (ECMP) Provides next-hop packet forwarding to a single destination over multiple best paths (see ECMP Commands).
Configure management VRF OS10(config)# ip vrf management OS10(conf-vrf)# interface management You can enable various services in both management or default VRF instances. The services supported in the management and default VRF instances are: Table 16.
Application Management VRF Default VRF Non-default VRF VLT backup link Yes Yes No VRRP Yes Yes Yes Configure a static route for a management VRF instance • Configure a static route that directs traffic to the management interface. CONFIGURATION management route ip-address mask managementethernet or management route ipv6-address prefixlength managementethernet You can also configure the management route to direct traffic to a physical interface. For example: management route 10.1.1.
no switchport 3 Assign the interface to a non-default VRF. INTERFACE CONFIGURATION ip vrf forwarding vrf-test Before assigning an interface to a VRF instance, ensure that no IP address is configured on the interface. 4 Assign an IPv4 address to the interface. INTERFACE CONFIGURATION ip address 10.1.1.1/24 5 Assign an IPv6 address to the interface. INTERFACE CONFIGURATION ipv6 address 1::1/64 You can also auto configure an IPv6 address using the ipv6 address autoconfig command.
Assign an interface back to the default VRF instance Table 17. Configurations to be removed CONFIGURATION MODE COMMAND IP address — In interface configuration mode, undo the IP address configuration. INTERFACE CONFIGURATION OS10(conf-if-eth1/1/10:1)#no ip address ipv4-address or no ipv6 address ipv6– address Port — In interface configuration mode, INTERFACE CONFIGURATION remove the interface association corresponding to the VRF instance that you want to delete.
• Delete a non-default VRF instance using the following command: CONFIGURATION no ip vrf vrf-name NOTE: You cannot delete the default VRF instance. Configure a static route for a non-default VRF instance • Configure a static route in a non-default VRF instance. Static routes contain IP addresses of the next-hop neighbors that are reachable through the non-default VRF. These IP addresses could also belong to the interfaces that are part of the non-default VRF instance.
Figure 6. Setup VRF Interfaces Router 1 ip vrf blue ! ip vrf orange ! ip vrf green ! interface ethernet 1/1/1 no ip address no switchport no shutdown ! interface ethernet1/1/2 no shutdown no switchport ip vrf forwarding blue ip address 20.0.0.1/24 ! interface ethernet1/1/3 no shutdown no switchport ip vrf forwarding orange ip address 30.0.0.
no shutdown no switchport ip vrf forwarding green ip address 40.0.0.1/24 ! interface vlan128 mode L3 no shutdown ip vrf forwarding blue ip address 1.0.0.1/24 ! interface vlan192 mode L3 no shutdown ip vrf forwarding orange ip address 2.0.0.1/24 ! ! interface vlan256 mode L3 no shutdown ip vrf forwarding green ip address 3.0.0.1/24 ! ip route vrf green 30.0.0.0/24 3.0.0.
interface vlan256 mode L3 no shutdown ip vrf forwarding green ip address 3.0.0.1/24 ! ip route vrf green 31.0.0.0/24 3.0.0.
Vlan128 default Mgmt1/1/1 Vlan1,24-25,200 green Eth1/1/7 Vlan256 orange Eth1/1/6 Vlan192 OS10# show ip route vrf blue Codes: C - connected S - static B - BGP, IN - internal BGP, EX - external BGP O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, * - candidate default, + - summary route, > - non-active route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change -------------------
Static route leaking Route leaking enables routes that are configured in a default or non-default VRF instance to be made available to another VRF instance. You can leak routes from a source VRF instance to a destination VRF instance. The routes need to be leaked in both source as well as destination VRFs in order to achieve end-to-end traffic flow. If there are any connected routes in the same subnet as statically leaked routes. then the connected routes take precedence.
ip route vrf src-vrf-name route nexthop-interface OS10(config)#interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ip vrf forwarding VRF1 OS10(conf-if-eth1/1/1)# ip address 120.0.0.1/24 OS10(config)#interface ethernet 1/1/2 OS10(conf-if-eth1/1/1)# ip vrf forwarding VRF2 OS10(conf-if-eth1/1/1)# ip address 140.0.0.1/24 OS10(config)#ip route vrf VRF1 140.0.0.0/24 interface ethernet 1/1/2 OS10(config)#ip route vrf VRF2 120.0.0.
After you configure the source IP address in a leaked VRF, if ping is initiated without -I option, then the source IP address will be that of loopback interface. Route leaking using route targets You can leak routes in one VRF instance to another using route targets. NOTE: You can leak routes using route targets only on the default and non-default VRF instance. You cannot leak routes using route targets on the management VRF instance.
route-map route-map-name route-map xyz 4 Associate the prefix list to the route-map. CONFIGURATION route-map route-map-name {permit | deny} rule match ip address prefix-list prefix-list-name route-map xyz permit 10 match ip address prefix-list abc or route-map xyz deny 10 match ip address prefix-list abc 5 Export the routes from a VRF instance using route maps.
Parameters None Default Not configured Command Mode VRF CONFIGURATION Usage Information The no version of this command removes the management interface from the management VRF instance. Example OS10(config)# ip vrf management OS10(conf-vrf)# interface management Supported Releases 10.4.0E(R1) or later ip domain-list vrf Configures a domain list for the management VRF instance or any non-default VRF instance that you create.
Example OS10(config)# ip domain-name vrf management dell.com or OS10(config)# ip domain-name vrf blue dell.com Supported Releases 10.4.0E(R1) or later ip vrf Create a non-default VRF instance. Syntax Parameters ip vrf vrf-name • vrf-name—Enter the name of the non-default VRF that you want to create. Enter a VRF name that is not greater than 32 characters in length.
ip host vrf Configures a host name for the management VRF instance or a non-default VRF instance and maps the host name to an IPv4 or IPv6 address. Syntax ip host vrf {management | vrf-name} hostname {IP-address | Ipv6–address} Parameters • management—Enter the keyword management to configure a host name for the management VRF instance. • vrf-name—Enter the name of the non-default VRF instance to configure a host name for that VRF instance. • hostname—Enter the host name.
Parameters • management—Enter the keyword management to configure a DNS name server for the management VRF instance. • vrf-name—Enter the name of the non-default VRF instance to configure a DNS name server for that VRF instance. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the name server from the management or non-default VRF instance.
Use the no form of this command to undo the configuration. Example OS10(conf-vrf)# ip route-export 1:1 ==> No route-map attached OS10(conf-vrf)# ip route-export 1:1 route-map abc ==> Route-map abc attached to filter export routes Supported Releases 10.4.3.0 or later ipv6 route-import Imports an IPv6 static route into a VRF instance from another VRF instance. Syntax [no] ipv6 route-import route-target Parameters • route-target — Enter the route-target of the VRF instance.
ip scp vrf Configures an SCP connection for the management or non-default VRF instance. Syntax Parameters ip scp vrf {management | vrf vrf-name} • management — Enter the keyword to configure an SCP connection for the management VRF instance. • vrf vrf-name — Enter the keyword then the name of the VRF to configure an SCP connection for that VRF instance.
Command Mode CONFIGURATION Usage Information The no version of this command removes the management VRF instance configuration from the TFTP client. Example OS10(config)# ip tftp vrf management OS10(config)# ip tftp vrf vrf-blue Supported Releases 10.4.0E(R1) or later ip vrf management Configures the management VRF instance.
show ip vrf Displays the VRF instance information. Syntax Parameters show ip vrf [management | vrf-name] • management—Enter the keyword management to display information corresponding to the management VRF instance. • vrf-name—Enter the name of the non-default VRF instance to display information corresponding to that VRF instance.
BFD provides forwarding-path failure detection in milliseconds instead of seconds. Because BFD is independent of routing protocols, it provides consistent network failure detection. BFD eliminates multiple protocol-dependent timers and methods. Networks converge is faster because BFD triggers link-state changes in the routing protocol sooner and more consistently. BFD is a simple hello mechanism. Two neighboring routers running BFD establish a session using a three-way handshake.
BFD three-way handshake A BFD session requires a three-way handshake between neighboring routers. In the following example, the handshake assumes: • One router is active, and the other router is passive. • This is the first session established on this link. • The default session state on both ports is Down. 1 The active system sends a steady stream of control packets to indicate that its session state is Down until the passive system responds.
BFD configuration Before you configure BFD for a routing protocol, first enable BFD globally on both routers in the link. BFD is disabled by default. • OS10 supports: – 64 BFD sessions at 100 minimum transmit and receive intervals with a multiplier of 4 – 100 BFD sessions at 200 minimum transmit and receive intervals with a multiplier of 3 • OS10 does not support Demand mode, authentication, and Echo function. • OS10 does not support BFD on multi-hop and virtual links.
2 • multiplier number — Enter the number of consecutive packets that must not be received from a BFD peer before the session state changes to Down, from 3 to 50; default 3. • role {active | passive} — Enter active if the router initiates BFD sessions. Both BFD peers can be active at the same time. Enter passive if the router does not initiate BFD sessions, and only responds to a request from an active BFD to initialize a session. The default is active. Enable BFD globally in CONFIGURATION mode.
• Establish BFD sessions with all neighbors discovered by BGP using the bfd all-neighbors command. For example: Router 1 OS10(conf)# bfd enable OS10(conf)# router bgp 1 OS10(config-router-bgp-1)# neighbor 2.2.4.
OR Configure BFD sessions with all neighbors discovered by the BGP in ROUTER-BGP mode. The BFD session parameters you configure override the global session parameters configured in Step 1. bfd all-neighbors [interval milliseconds min_rx milliseconds multiplier number role {active | passive}] • interval milliseconds — Enter the time interval for sending control packets to BFD peers, from 100 to 1000; default 200. Dell EMC recommends using more than 100 milliseconds.
---------------------------------------------------------------------------* 150.150.1.2 150.150.1.1 vlan10 up 1000 1000 5 default bgp OS10# show bfd neighbors detail Session Discriminator: 1 Neighbor Discriminator: 2 Local Addr: 150.150.1.2 Local MAC Addr: 90:b1:1c:f4:ab:fd Remote Addr: 150.150.1.
Allow local AS number 0 times in AS-PATH attribute Prefixes ignored due to: Martian address 0, Our own AS in AS-PATH 0 Invalid Nexthop 0, Invalid AS-PATH length 0 Wellknown community 0, Locally originated 0 Local host: 20.1.1.2, Local port: 179 Foreign host: 20.1.1.1, Foreign port: 58248 BFD for OSPF You can configure BFD to monitor and notify reachability status between OSPF neighbors.
INTERFACE CONFIGURATION Mode Establishing BFD sessions with OSPFv2 neighbors in a non-default VRF instance To establish BFD sessions with OSPFv2 neighbors in a non-default VRF instance: 1 Enable BFD globally bfd enable CONFIGURATION Mode 2 Enter INTERFACE CONFIGURATION mode interface interface-name CONFIGURATION Mode 3 Associate a non-default VRF with the interface you have entered. ip vrf forwarding vrf1 INTERFACE CONFIGURATION Mode 4 Assign an IP address to the VRF.
In this example OSPF is enabled in non-default VRF red. BFD is enabled globally at the router OSPF level and all the interfaces associated with this VRF OSPF instance inherit the global BFD configuration. However, this global BFD configuration does not apply to interfaces in which the interface level BFD configuration is already present. Also, VLAN 200 takes the interface level BFD configuration as interface-level BFD configuration takes precedent over the global OSPF-level BFD configuration.
1 Enable BFD Globally. 2 Establish sessions with OSPFv3 neighbors. Establishing BFD sessions with OSPFv3 neighbors To establish BFD sessions with OSPFv3 neighbors: 1 Enable BFD globally bfd enable CONFIGURATION Mode 2 Enter ROUTER-OSPF mode router ospfv3 ospfv3-instance CONFIGURATION 3 Establish sessions with all OSPFv3 neighbors. bfd all-neighbors ROUTER-OSPFv3 Mode 4 Enter INTERFAC E CONFIGURATION mode.
ipv6 ospf bfd all-neoghbors VRF CONFIGURATION Mode 7 Enter ROUTER-OSPF mode in a non-default VRF instance. router ospf ospf-instance vrf vrf-name CONFIGURATION Mode 8 Establish BFD sessions with all OSPFv2 instances in a non-default VRF. bfd all-neighbors Changing OSPFv3 session parameters Configure BFD sessions with default intervals and a default role. The parameters that you can configure are: desired tx interval, required min rx interval, detection multiplier, and system role.
BFD for Static route The static Route BFD feature enables association of static routes with a BFD session in order to monitor the static route reachability. Depending on the status of the BFD session the static routes are added to or removed from the Routing Information Base (RIB). When BFD is configured, the nexthop reachability is dependent on the BFD state of the BFD session corresponding to the specified next hop.
ip route bfd interval milliseconds min_rx milliseconds multiplier value role [active | passive] CONFIGURATION Mode NOTE: By default, OSPF uses the following BFD parameters for it's neighbors: min_tx = 200 msec, min_rx = 200 msec, multiplier = 3, role = active. The values are configured in milliseconds Disabling BFD for IPv4 Static Routes If you disable BFD, all static route BFD sessions are torn down.
ipv6 route bfd interval milliseconds min_rx milliseconds multiplier value role [active | passive] CONFIGURATION Mode NOTE: By default, OSPF uses the following BFD parameters for it's neighbors: min_tx = 200 msec, min_rx = 200 msec, multiplier = 3, role = active. The values are configured in milliseconds Disabling BFD for IPv6 Static Routes To disable BFD for IPv6 static routes, use the following command. Disable BFD for static routes.
Supported releases 10.4.1.0 or later bfd all-neighbors Configures all BFD session parameters established between neighbors discovered by an L3 protocol. Syntax Parameters Default bfd all-neighbors [milliseconds min_rx milliseconds multiplier number role {active | passive}] • interval milliseconds — Enter the time interval for sending control packets to BFD peers, from 100 to 1000. Dell EMC recommends using more than 100 milliseconds.
Usage Information Use the neighbor ip-address command in ROUTER-BGP mode to specify a neighbor. Use the bfd disable command to disable BFD sessions with the neighbor. Example OS10(conf)# router bgp 1 OS10(config-router-bgp-1)# neighbor 10.1.1.1 OS10(config-router-neighbor)# bfd disable Supported releases 10.4.1.0 or later bfd enable Enables BFD on all interfaces on the switch. Syntax bfd enable Parameters None Default BFD is disabled.
Usage Information Use the bfd interval command to configure global BFD session settings. To configure the BFD parameters used in sessions established with neighbors discovered by an L3 protocol, use the bfd all-neighbors command. To remove the configured global settings and return to the default values, enter the no version of the command. Example OS10(config)# bfd interval 250 min_rx 300 multiplier 4 role passive Supported releases 10.4.1.
To disable default BFD parameters for all OSPFv3 neighbors using the no ipv6 ospf bfd all-neighbors. Parameters Default • disable — Disables the BFD session on an interface alone. • interval milliseconds — Enter the time interval for sending control packets to BFD peers, from 100 to 1000. You cannot configure a value that is less than 100 milliseconds. • min_rx milliseconds — Enter the maximum waiting time for receiving control packets from BFD peers, from 100 to 1000.
• Default role {active | passive} — Enter active if the router initiates BFD sessions. Both BFD peers can be active at the same time. Enter passive if the router does not initiate BFD sessions, and only responds to a request from an active BFD to initialize a session. The time interval for sending control packets to BFD peers is 200 milliseconds. The maximum waiting time for receiving control packets from BFD peers is 200 milliseconds.
Usage Information • This command can be used to enable or disable BFD for all the configured IPv6 static route for specified VRF. If VRF name is not specified the command will be applicable for default VRF. Example OS10(config)# ipv6 route bfd interval 250 min_rx 250 multiplier 4 role active Supported releases 10.4.2E or later show bfd neighbors Displays information about BFD neighbors from all interfaces using the default VRF.
Supported releases 10.4.1.0 or later Border Gateway Protocol Border Gateway Protocol (BGP) is an interautonomous system routing protocol that transmits interdomain routing information within and between autonomous systems (AS). BGP exchanges network reachability information with other BGP systems. BGP adds reliability to network connections by using multiple paths from one router to another. Unlike most routing protocols, BGP uses TCP as its transport protocol.
In an AS, a BGP network must be in full mesh for routes received from an internal BGP peer to send to another IBGP peer. Each BGP router talks to all other BGP routers in a session. For example, in an AS with four BGP routers, each router has three peers; in an AS with six routers, each router has five peers. Sessions and peers A BGP session starts with two routers communicating using the BGP. The two end-points of the session are called peers. A peer is also called a neighbor.
Routers B, C, D, E, and G are members of the same AS—AS100. These routers are also in the same route reflection cluster, where Router D is the route reflector. Routers E and G are client peers of Router D, and Routers B and C and nonclient peers of Router D. 1 Router B receives an advertisement from Router A through EBGP. Because the route is learned through EBGP, Router B advertises it to all its IBGP peers — Routers C and D.
• Next-hop Communities BGP communities are sets of routes with one or more common attributes. Communities assign common attributes to multiple routes at the same time. Duplicate communities are not rejected. Selection criteria Best path selection criteria for BGP attributes: 1 Prefer the path with the largest WEIGHT attribute, and prefer the path with the largest LOCAL_PREF attribute.
Weight and local preference The weight attribute is local to the router and does not advertise to neighboring routers. If the router learns about more than one route to the same destination, the route with the highest weight is preferred. The route with the highest weight is installed in the IP routing table. The local preference — LOCAL_PREF represents the degree of preference within the entire AS. The higher the number, the greater the preference for the route.
MEDs are nontransitive attributes. If AS 100 sends the MED to AS 200, AS 200 does not pass it on to AS 300 or AS 400. The MED is a locally relevant attribute to the two participating AS — AS 100 and AS 200. The MEDs advertise across both links—if a link goes down, AS 100 has connectivity to AS 300 and AS 400. Origin The origin indicates how the prefix came into BGP. There are three origin codes—IGP, EGP, and INCOMPLETE. IGP Prefix originated from information learned through an IGP.
arrive, and selects the best paths. Paths for active routes are grouped in ascending order according to their neighboring external AS number. OS10 follows deterministic MED to select different best paths from a set of paths. This may depend on the order the different best paths are received from the neighbors — MED may or may not get compared between adjacent paths. BGP best path selection is deterministic by default.
Advertise cost As the default process for redistributed routes, OS10 supports IGP cost as MED. Both auto-summarization and synchronization are disabled by default.
Router A, Router B, and Router C belong to AS 100, 200, and 300, respectively. Router A acquired Router B — Router B has Router C as its client. When Router B is migrating to Router A, it must maintain the connection with Router C without immediately updating Router C’s configuration. Local-AS allows Router B to appear as if it still belongs to Router B’s old network, AS 200, to communicate with Router C.
MED 0 Route flap dampening parameters • half-life = 15 minutes • max-suppress-time = 60 minutes • reuse = 750 • suppress = 2000 • keepalive = 60 seconds • holdtime = 180 seconds Timers Add-path Disabled Enable BGP Before enabling BGP, assign a BGP router ID to the switch using the following command: • In the ROUTER BGP mode, enter the router-id ip-address command. Where in, ip-address is the IP address corresponding to a configured L3 interface (physical, loopback, or LAG).
OS10(config-router-bgp-100)# template t1 OS10(config-router-template)# description peer_template_1_abcd View BGP summary with 2-byte AS number OS10# show ip bgp summary BGP router identifier 202.236.164.86 local AS number 64901 Neighbor AS MsgRcvd MsgSent Up/Down State/Pfx 120.10.1.1 64701 664 662 04:47:52 established 12000 View BGP summary with 4-byte AS number OS10# show ip bgp summary BGP router identifier 11.1.1.
Configuring BGP in a non-default VRF instance To configure BGP in a non-default VRF instance. 1 Assign an AS number, and enter ROUTER-BGP mode from CONFIGURATION mode (1 to 65535 for 2-byte, 1 to 4294967295 for 4byte). Only one AS number is supported per system. If you enter a 4-byte AS number, 4-byte AS support is enabled automatically. router bgp as-number 2 Enter ROUTER-BGP-VRF mode to configure BGP in a non-default VRF instance. vrf vrf-name 3 Enter a neighbor in CONFIG-ROUTER-VRF mode.
(RTM) receives route updates from one or more routing protocols for a single destination, it chooses the best route based on the administrative distance.
1 Enable BGP and assign the AS number to the local BGP speaker in CONFIGURATION mode, from 1 to 65535 for 2 byte, 1 to 4294967295 | 0.1 to 65535.65535 for 4 byte, or 0.1 to 65535.65535 in dotted format. router bgp as-number 2 Create a peer template by assigning a neighborhood name to it in ROUTER-BGP mode. template template-name 3 (Optional) Add a text description for the template in ROUTER-TEMPLATE mode. description text 4 Enter Address Family mode in ROUTER-NEIGHBOR mode.
OS10(config-router-bgp-64601)# neighbor 100.5.1.1 OS10(config-router-neighbor)# inherit template leaf_v4 OS10(config-router-neighbor)# remote-as 64802 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# exit OS10(config-router-bgp-64601)# neighbor 100.6.1.
Peer templates for a non-default VRF instance You can create peer templates to add multiple neighbors at a time to the non-default VRF instance that you create. 1 Enable BGP, and assign the AS number to the local BGP speaker in CONFIGURATION mode, from 1 to 65535 for 2 byte, 1 to 4294967295 | 0.1 to 65535.65535 for 4 byte, or 0.1 to 65535.65535 in dotted format. router bgp as-number 2 Enter the CONFIG-ROUTER-VRF mode to create a peer template for the non-default VRF instance that you create.
OS10(config-router-vrf)# neighbor 3.1.1.1 OS10(config-router-neighbor)# inherit template ebgppg OS10(config-router-neighbor)# no shutdown Neighbor fall-over The BGP neighbor fall-over feature reduces the convergence time while maintaining stability. When you enable fall-over, BGP tracks IP reachability to the peer remote address and the peer local address. When remote or peer local addresses become unreachable, BGP brings the session down with the peer.
4_OCTET_AS(65) Prefixes accepted 3, Prefixes advertised 0 Connections established 1; dropped 0 Last reset never For address family: IPv4 Unicast Allow local AS number 0 times in AS-PATH attribute Prefixes ignored due to: Martian address 0, Our own AS in AS-PATH 0 Invalid Nexthop 0, Invalid AS-PATH length 0 Wellknown community 0, Locally originated 0 For address family: IPv6 Unicast Allow local AS number 0 times in AS-PATH attribute Local host: 3.1.1.3, Local port: 58633 Foreign host: 3.1.1.
Peer 1 in ROUTER-NEIGHBOR mode OS10# configure terminal OS10(config)# interface ethernet 1/1/5 OS10(conf-if-eth1/1/5)# no switchport OS10(conf-if-eth1/1/5)# ip address 11.1.1.1/24 OS10(conf-if-eth1/1/5)# router bgp 10 OS10(config-router-bgp-10)# neighbor 11.1.1.
f785498c228f365898c0efdc2f476b4b27c47d972c3cd8cd9b91f518c14ee42d OS10(config-router-template)# exit OS10(config-router-bgp-20)# neighbor 11.1.1.1 OS10(config-router-neighbor)# inherit template pass View password configuration in peer 2 OS10(config-router-neighbor)# show configuration ! neighbor 11.1.1.1 password 9 0fbe1ad397712f74f4df903b4ff4b7b6e22cc377180432d7523a70d403d41565 remote-as 20 no shutdown OS10(config-router-neighbor)# do show running-configuration bgp ! router bgp 20 neighbor 11.1.1.
View fast external fallover unconfiguration OS10(config-router-bgp-300)# do show running-configuration bgp ! router bgp 300 no fast-external-fallover ! neighbor 3.1.1.1 remote-as 100 no shutdown ! neighbor 3::1 remote-as 100 no shutdown ! address-family ipv6 unicast activate OS10(config-router-bgp-300)# OS10(conf-if-eth1/1/1)# do clear ip bgp * OS10# show ip bgp summary BGP router identifier 11.11.11.
4 Enable peer listening and enter the maximum dynamic peers count in ROUTER-BGP-TEMPLATE mode (1 to 4294967295). listen neighbor ip-address limit Only after the peer template responds to an OPEN message sent on the subnet does the state of its BGP change to ESTABLISHED. After the peer template is ESTABLISHED, the peer template is the same as any other peer template, see Peer templates. If you do not configure a BGP device in Peer-Listening mode, a session with a dynamic peer comes up.
AS number limit Sets the number of times an AS number occurs in an AS path. The allow-as parameter permits a BGP speaker to allow the AS number for a configured number of times in the updates received from the peer. The AS-PATH loop is detected if the local AS number is present more than the number of times in the command. 1 Enter the neighbor IP address to use the AS path in ROUTER-BGP mode. neighbor ip address 2 Enter Address Family mode in ROUTER-NEIGHBOR mode.
Path source: I - internal, a - aggregate, c - confed-external, r - redistributed/network, S - stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight *>I 55::/64 172:16:1::2 0 0 0 *>I 55:0:0:1::/64 172:16:1::2 0 0 0 *>I 55:0:0:2::/64 172:16:1::2 0 0 0 Path 100 200 300 400 i 100 200 300 400 i 100 200 300 400 i Redistribute routes Add routes from other routing instances or protocols to the BGP process.
2 Change the best path MED selection in ROUTER-BGP mode. bestpath med {confed | missing-as-best} • confed—Selects the best path MED comparison of paths learned from BGP confederations. • missing-as-best—Treats a path missing an MED as the most preferred one. • missing-as-worst—Treats a path missing an MED as the least preferred one.
View route-map OS10(conf-route-map)# do show route-map route-map bgproutemap, permit, sequence 1 Match clauses: Set clauses: local-preference 500 metric 400 origin incomplete Weight attribute You can influence the BGP routing based on the weight value. Routes with a higher weight value have preference when multiple routes to the same destination exist. 1 Assign a weight to the neighbor connection in ROUTER-BGP mode.
2 Enter Address Family mode in ROUTER-NEIGHBOR mode. address-family {[ipv4 | ipv6] [unicast]} 3 Create a route-map and assign a filtering criteria in ROUTER-BGP-NEIGHBOR-AF mode, then return to CONFIG-ROUTER-BGP mode. route-map map-name {in | out} exit • in—Enter a filter for incoming routing updates. • out—Enter a filter for outgoing routing updates. 4 Enter a peer template name in ROUTER-BGP mode. template template-name 5 Enter Address Family mode.
OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-102)# template zanzibar OS10(conf-router-template)# route-reflector-client Aggregate routes OS10 provides multiple ways to aggregate routes in the BGP routing table. At least one route of the aggregate must be in the routing table for the configured aggregate route to become active. AS_SET includes AS_PATH and community information from the routes included in the aggregated route. 1 Assign an AS number in CONFIGURATION mode.
Configure BGP confederations OS10(config)# router bgp 65501 OS10(conf-router-bgp-65501)# confederation identifier 100 OS10(conf-router-bgp-65501)# confederation peers 65502 65503 65504 OS10(conf-router-bgp-65501)# neighbor 1.1.1.2 OS10(conf-router-neighbor)# remote-as 65502 OS10(conf-router-neighbor)# no shutdown OS10(conf-router-neighbor)# exit OS10(conf-router-bgp-65501)# neighbor 2.1.1.
• • 2 suppress — Number compares to the flapping route’s penalty value. If the penalty value is greater than the suppress value, the flapping route no longer advertises and is suppressed (1 to 20000, default 2000). max-suppress-time — Maximum number of minutes a route is suppressed (1 to 255, default is four times the half-life value or 60 minutes). View all flap statistics or for specific routes meeting the criteria in EXEC mode.
neighbor 32.1.1.2 remote-as 103 timers 61 181 no shutdown Neighbor soft-reconfiguration BGP soft-reconfiguration allows for fast and easy route changes. Changing routing policies requires a reset of BGP sessions or the TCP connection, for the policies to take effect. Resets cause undue interruption to traffic due to the hard reset of the BGP cache, and the time it takes to re-establish the session. BGP soft-reconfiguration allows for policies to apply to a session without clearing the BGP session.
activate Enables the neighbor or peer group to be the current address-family identifier (AFI). Syntax activate Parameters None Default Not configured Command Mode ROUTER-BGP-NEIGHBOR-AF Usage Information This command exchanges IPv4 or IPv6 address family information with an IPv4 or IPv6 neighbor. IPv4 unicast Address family is enabled by default. To activate IPv6 address family for IPv6 neighbor, use the activate command.
• ipv6 unicast — Enter an IPv6 unicast address family. Default None Command Mode ROUTER-BGP Usage Information This command applies to all IPv4 or IPv6 peers belonging to the template or neighbors only. The no version of this command removes the subsequent address-family configuration.
aggregate-address Summarizes a range of prefixes to minimize the number of entries in the routing table. Syntax aggregate-address address/mask [as-set] [summary-only] [advertise-map map-name] {attribute-map route-map-name] [suppress-map route-map-name] Parameters • address/mask — Enter the IP address and mask. • as-set — (Optional) Generates AS set-path information. • summary-only — (Optional) Filters more specific routes from updates.
always-compare-med Compares MULTI_EXIT_DISC (MED) attributes in the paths received from different neighbors. Syntax always-compare-med Parameters None Default Disabled Command Mode ROUTER-BGP Usage Information After you use this command, use the clear ip bgp * command to recompute the best path. The no version of this command resets the value to the default.
bestpath as-path Configures the AS path selection criteria for best path computation. Syntax bestpath as-path {ignore | mutlipath-relax} Parameters • ignore — Enter to ignore the AS PATH in BGP best path calculations. • mutlipath-relax — Enter to include prefixes received from different AS paths during multipath calculation. Default Enabled Command Mode ROUTER-BGP Usage Information To enable load-balancing across different EBGP peers, configure the mutlipath-relax option.
bestpath router-id Ignores comparing router-id information for external paths during best-path selection. Syntax bestpath router-id {ignore} Parameters ignore — Enter to ignore AS path for best-path computation. Default Enabled Command Mode ROUTER-BGP Usage Information If you do not receive the same router ID for multiple paths, select the path that you received first. If you received the same router ID for multiple paths, ignore the path information.
Parameters • * — Enter to clear all BGP sessions. • vrf vrf-name — (OPTIONAL) Enter the vrf then the name of the VRF to clear BGP session information corresponding to that VRF. • ipv4 unicast — Enter to clear IPv4 unicast configuration. • ipv6 unicast — Enter to clear IPv6 unicast configuration. • soft — (Optional) Enter to configure and activate policies without resetting the BGP TCP session — BGP soft reconfiguration. • in — (Optional) Enter to activate only ingress (inbound) policies.
• ipv6–prefix — (Optional) Enter an IPv6 prefix to clear the flap counts of the given prefix. Default Not configured Command Mode EXEC Usage Information None Example (All Prefixes) OS10# clear ip bgp flap-statistics Example (IPv4) OS10# clear ip bgp 1.1.15.4 flap-statistics Example (Given Prefix) OS10# clear ip bgp flap-statistics 1.1.15.0/24 Supported Releases 10.3.0E or later connection-retry-timer Configures the timer to retry the connection to BGP neighbor or peer group.
autonomous system is fully meshed and contains a few connections to other autonomous systems. The next-hop (MED) and local preference information is preserved throughout the confederation. The system accepts confederation EBGP peers without a LOCAL_PREF attribute. OS10 sends AS_CONFED_SET and accepts AS_CONFED_SET and AS_CONF_SEQ. The no version of this command deletes the confederation configuration.
Command Mode ROUTER-BGP Usage Information If a cluster contains only one route reflector, the cluster ID is the route reflector’s router ID. For redundancy, a BGP cluster may contain two or more route reflectors. Without a cluster ID, the route reflector cannot recognize route updates from the other route reflectors within the cluster. The default format to display the cluster ID is A.B.C.D format. If you enter the cluster ID as an integer, an integer displays.
description Configures a description for the BGP neighbor or for peer template. Syntax description text Parameters text — Enter a description for the BGP neighbor or peer template. Default None Command Mode ROUTER-BGP-NEIGHBOR ROUTER-BGP-TEMPLATE Usage Information The no version of this command removes the description. Example OS10# configure terminal OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 8.8.8.
Parameters route-map route-map-name—(Optional) Enter a route-map name. A maximum of 140 characters. Default Enabled Command Mode ROUTER-BGP-NEIGHBOR-AF ROUTER-TEMPLATE-AF Usage Information The no version of this command removes the default route. Example OS10(conf-router-bgp-10)# template lunar OS10(conf-router-bgp-template)# address-family ipv6 unicast OS10(conf-router-template-af)# default-originate route-map rmap-bgp Supported Releases 10.4.1.
OS10(config-router-bgp-100)# address-family ipv6 unicast OS10(configure-router-bgpv6-af)# distance bgp 10 200 210 Non-default VRF OS10(config-router-bgp-100)# vrf blue OS10(config-router-bgp-100-vrf)# address-family ipv4 OS10(configure-router-bgpv4-vrf-af)# distance bgp 21 OS10(config-router-bgp-100-vrf)# address-family ipv6 OS10(configure-router-bgpv6-vrf-af)# distance bgp 21 Supported Releases unicast 200 200 unicast 201 250 10.4.2.
Supported Releases 10.3.0E or later ebgp-multihop Allows EBGP neighbors on indirectly connected networks. Syntax ebgp-multihop hop count Parameters hop count — Enter a value for the number of hops, from 1 to 255. Default 1 Command Mode ROUTER-NEIGHBOR Usage Information This command avoids installation of default multihop peer routes to prevent loops and creates neighbor relationships between peers. Networks indirectly connected are not valid for best path selection.
Default Disabled Command Mode ROUTER-NEIGHBOR Usage Information Configure the BGP fast fall-over on a per-neighbor or peer-group basis. When you enable this command on a template, it simultaneously enables on all peers that inherit the peer group template. When you enable fall-over, BGP tracks IP reachability to the peer remote address and the peer local address.
listen Enables peer listening and sets the prefix range for dynamic peers. Syntax Parameters listen ip-address [limit count] • ip-address—Enter the BGP neighbor IP address. • limit count—(Optional) Enter a maximum dynamic peer count, from 1 to 4294967295. Default Not configured Command Mode ROUTER-TEMPLATE Usage Information Enables a passive peering session for listening. The no version of this command disables a passive peering session. Example OS10(conf-router-template)# listen 1.1.0.
Usage Information OS10 saves logs which includes the neighbor operational status and reset reasons. To view the logs, use the show bgp config command. The no version of this command disables the feature. NOTE: To configure these settings for a non default VRF instance, you must first enter the ROUTERCONFIG-VRF sub mode using the following commands: 1 Enter the ROUTER BGP mode using the router bgp as-number command. 2 From the ROUTER BGP mode, enter the ROUTER BGP VRF mode using the vrf vrf-name command.
• warning-only — (Optional) Enter to set the router to send a warning log message when the maximum limit is exceeded. If you do not set this parameter, the router stops peering when the maximum prefixes limit exceeds. Default 75% threshold Command Mode ROUTER-BGP-NEIGHBOR-AF Usage Information If you configure this command and the neighbor receives more prefixes than the configuration allows, the neighbor goes down. To view the prefix information, use the show ip bgp summary command.
Example OS10(conf-router-neighbor-af)# next-hop-self Supported Releases 10.3.0E or later non-deterministic-med Compares paths in the order they arrive. Syntax non-deterministic-med Parameters None Default Disabled Command Mode ROUTER-BGP Usage Information Paths compare in the order they arrive. OS10 uses this method to choose different best paths from a set of paths, depending on the order they are received from the neighbors. MED may or may not be compared between adjacent paths.
Example OS10(conf-router-bgp-10)# outbound-optimization Supported Releases 10.3.0E or later password Configures a password for message digest 5 (MD5) authentication on the TCP connection between two neighbors. Syntax Parameters password {9 encrypted password-string| password-string} • 9 encrypted password-string—Enter 9 then the encrypted password. • password-string—Enter a password for authentication. A maximum of 128 characters.
Example (Static — IPv4) OS10(conf-router-bgp-102)# address-family ipv4 unicast OS10(conf-router-bgpv4-af)# redistribute static route-map mapbgp2 Example (Static — IPv6) OS10(conf-router-bgp-102)# address-family ipv6 unicast OS10(conf-router-bgpv6-af)# redistribute static Example (OSPF — IPv4) OS10(conf-router-bgp-102)# address-family ipv4 unicast OS10(conf-router-bgpv4-af)# redistribute ospf 1 Example (OSPF — IPv6) OS10(conf-router-bgp-102)# address-family ipv6 unicast OS10(conf-router-bgpv6-af)# red
Supported Releases 10.4.1.0 or later route-map Applies an established route-map to either incoming or outbound routes of a BGP neighbor or peer group. Syntax Parameters route-map route-map-name {in | out} • route-map-name — Enter the name of the configured route-map. • in — attaches the route-map as the inbound policy • out— attaches the route-map as the outbound policy Defaults None Command Modes ROUTER-BGP-TEMPLATE-AF Usage Information The no version of this command removes the route-map.
• 1 to 4294967295 in 4-byte Default None Command Mode CONFIGURATION Usage Information The AS number can be a 16-bit integer. The no version of this command resets the value to the default. Example OS10(config)# router bgp 3 OS10(conf-router-bgp-3)# Supported Releases 10.3.0E or later router-id Assigns a user-given ID to a BGP router. Syntax router-id ip-address Parameters ip-address — Enter an IP address in dotted decimal format.
Supported Releases 10.3.0E or later sender-side-loop-detection Enables the sender-side loop detection process for a BGP neighbor. Syntax sender-side-loop-detection Parameters None Default Enabled Command Mode ROUTER-BGP-NEIGHBOR-AF Usage Information This command helps detect routing loops, based on the AS path before it starts advertising routes. To configure a neighbor to accept routes use the neighbor allowas-in command.
show ip bgp dampened-paths Displays BGP routes that are dampened or non-active. Syntax show ip bgp [vrf vrf-name] dampened-paths Parameters None Default Not configured Command Mode EXEC Usage Information Example • vrf vrf-name — (OPTIONAL) Enter vrf and then the name of the VRF to view routes that are affected by a specific community list corresponding to that VRF. • Network — Displays the network ID where the route is dampened.
Example OS10# show ip bgp flap-statistics BGP local router ID is 80.1.1.1 Status codes: s suppressed, S stale, d dampened, h history, * valid, > best Origin codes: i - IGP, e - EGP, ? - incomplete Network From Flaps Duration Reuse Path *> 3.1.2.0/24 80.1.1.2 1 00:00:11 00:00:00 800 9 8 i *> 3.1.3.0/24 80.1.1.2 1 00:00:11 00:00:00 800 9 8 i *> 3.1.4.0/24 80.1.1.2 1 00:00:11 00:00:00 800 9 8 i *> 3.1.5.0/24 80.1.1.2 1 00:00:11 00:00:00 800 9 8 i *> 3.1.6.0/24 80.1.1.
• denied-routes — (Optional) Displays the configured IPv6 denied routes. Default Not configured Command Mode EXEC Usage Information None Example OS10# show BGP router Neighbor 80.1.1.2 Supported Releases 10.3.0E or later ip bgp ipv6 unicast summary identifier 80.1.1.1 local AS number 102 AS MsgRcvd MsgSent Up/Down State/Pfx 800 8 4 00:01:10 5 show ip bgp neighbors Displays information that BGP neighbors exchange.
• Foreign host — Displays the peering address of the neighbor and the TCP port number. Although the status codes for routes received from a BGP neighbor may not display in the show ip bgp neighbors ip-address received-routes output, they display correctly in the show ip bgp output. Example OS10# show ip bgp neighbors BGP neighbor is 80.1.1.2, remote AS 800, local AS 102 external link BGP version 4, remote router ID 12.12.0.
D 55::/64 172:16:1::2 55:0:0:1::/64 172:16:1::2 55:0:0:2::/64 172:16:1::2 D 55:0:0:3::/64 172:16:1::2 D 55:0:0:4::/64 172:16:1::2 D 55:0:0:5::/64 172:16:1::2 D 55:0:0:6::/64 172:16:1::2 55:0:0:7::/64 172:16:1::2 D 55:0:0:8::/64 172:16:1::2 D 55:0:0:9::/64 172:16:1::2 Total number of prefixes: 10 OS10# 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 i i i i i i i i i i Example deniedroutes OS10# show ip bgp ipv6 unicast neighbors 172:16:1::2 denied-routes BGP local router ID is 100.1.1.
Example • Administratively shut — Displays the peer group’s status if you do not enable the peer group. If you enable the peer group, this line does not display. • BGP version — Displays the BGP version supported. • Description — Displays the descriptive name configured for the BGP peer template. This field is displayed only when the description is configured. • For address family — Displays IPv4 unicast as the address family. • BGP neighbor — Displays the name of the BGP neighbor.
The suppressed status of aggregate routes may not display in the command output. Example OS10# show BGP router Neighbor 80.1.1.2 Supported Releases 10.2.0E or later ip bgp summary identifier 80.1.1.1 local AS number 102 AS MsgRcvd MsgSent Up/Down State/Pfx 800 24 23 00:09:15 5 show ip route Displays information about IPv4 BGP routing table entries.
soft-reconfiguration inbound Enables soft-reconfiguration for a neighbor. Syntax soft-reconfiguration inbound Parameters None Default Not configured Command Modes ROUTER-BGP-NEIGHBOR-AF Usage Information This command is not supported on a peer-group level. To enable soft-reconfiguration for peers in a peer-group, you must enable this command at a per-peer level. With soft-reconfiguration inbound, all updates received from this neighbor are stored unmodified, regardless of the inbound policy.
timers Adjusts BGP keepalive and holdtime timers. Syntax timers keepalive holdtime Parameters • keepalive—Enter the time interval, in seconds, between keepalive messages sent to the neighbor routers, from 1 to 65535. • holdtime—Enter the time interval, in seconds, between the last keepalive message and declaring a router dead, from 3 to 65535.
Usage Information The path with the highest weight value is preferred in the best-path selection process. The no version of this command resets the value to the default. Example OS10(conf-router-bgp-neighbor)# weight 4096 Supported Releases 10.3.0E or later Equal cost multi-path ECMP is a routing technique where next-hop packet forwarding to a single destination occurs over multiple best paths. When you enable ECMP, OS10 uses a hash algorithm to determine the next-hop.
In this section, the term, "member link" refers to either a member physical port, in the case of port channels or next hop in the case of ECMP groups. With resilient hashing, when a member link goes down, the existing flows are not affected; they do not remap. Resilient hashing reassigns the traffic from the failed link to another member link without remapping the other existing flows. However, minimal re-mapping occurs when a new member link is added.
Examples Normal traffic flow without resilient hashing Traffic flow with resilient hashing enabled When you enable resilient hashing for ECMP groups, the flow-map table is created with 64 paths (the OS10 default maximum number of ECMP paths) and traffic is equally distributed. In the following example, traffic 1 maps to next hop 'A'; traffic 2 maps to next hop 'C'; and traffic 3 maps to next hop 'B.
Member link is added However, when a new member link is added, resilient hashing completes minimal remapping for better load balancing, as shown: Important notes • Resilient hashing on port channels applies only for unicast traffic.
• For resilient hashing on ECMP groups, the ECMP path must be in multiples of 64. Before you enable resilient hashing, ensure that the maximum ECMP path is set to a multiple of 64. You can configure this value using the ip ecmp-group maximum-paths command. Maximum ECMP groups and paths The maximum number of ECMP groups supported on the switch depends on the maximum ECMP paths configured on the switch. To view the maximum number of ECMP groups and paths, use the show ip ecmp-group details command.
hash-algorithm Changes the hash algorithm that distributes traffic flows across ECMP paths and the link aggregation group (LAG). Syntax hash-algorithm {ecmp | lag | seed {seed-value}} {crc | crc16cc | crc32LSB | crc32MSB | xor | xor1 | xor2 | xor4 | xor8 | random} Parameters NOTE: The S5148F-ON platform supports only the crc parameter. • ecmp—Enables the ECMP hash configuration. • lag—Enables the LAG hash configuration for Layer 2 (L2) only.
Usage Information To save the new ECMP settings, use the write memory command, then reload the system for the new settings to take effect. The no version of this command returns the value to the default. Example OS10# configure terminal OS10(config)# ip ecmp-group maximum-paths 2 OS10(config)# exit OS10# write memory OS10# reload Supported Releases 10.4.3.0 or later link-bundle-utilization trigger-threshold Configures a threshold value to trigger traffic monitoring distribution on an ECMP link bundle.
Default Command Mode Usage Information • ethertype — Enables Ethernet type information in the hash calculation.
show hash-algorithm Displays hash-algorithm information. Syntax show hash-algorithm Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show hash-algorithm EcmpAlgo - crc LabAlgo - crc Supported Releases 10.3.0E or later show ip ecmp-group details Displays the number of ECMP groups and paths.
IPV6 Load Balancing Enabled IPV6 FIELDS : source-ipv6 dest-ipv6 vlan protocol L4-source-port L4-dest-port Mac Load Balancing Enabled MAC FIELDS : source-mac dest-mac vlan ethertype mac-in-mac header based hashing is disabled TcpUdp Load Balancing Enabled Supported Releases 10.3.0E or later IPv4 routing OS10 supports IPv4 addressing including variable-length subnetting mask (VLSM), Address Resolution Protocol (ARP), static routing, and routing protocols.
Wavelength is 64 SFP receive power reading is 0.
ethernet 1/1/5 has IP address on subnet 100.0.0.0/8, and if 10.1.1.0/24 recursively resolves to 100.1.1.1, the system installs the static route: • When the interface goes down, OS10 withdraws the route. • When the interface comes up, OS10 reinstalls the route. • When the recursive resolution is broken, OS10 withdraws the route. • When the recursive resolution is satisfied, OS10 reinstalls the route.
– port-channel — Port-channel identifier. – vlan — VLAN identifier. – loopback — Loopback interface identifier. – virtual-network vn-id — Virtual network ID. • ip ip-address — (Optional) Specify the IP address of the ARP entry to clear. • no-refresh — (Optional) Delete the ARP entry from CAM. You can also use this option with interface or ip ip-address to specify which dynamic ARP entries to delete.
Example OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ip address 10.1.1.0/24 Supported Releases 10.3.0E or later ip address dhcp Enables DHCP client operations on the interface. Syntax ip address dhcp Parameters None Defaults None Command Mode INTERFACE Usage Information The no version of this command disables DHCP operations on the interface. Example OS10(config)# interface mgmt 1/1/1 OS10(conf-if-ma-1/1/1)# ip address dhcp Supported Releases 10.3.
Usage Information When a reply to a gratuitous ARP request is received, it indicates an IP address conflict in the network. The no version of this command disables the ARP cache updates for gratuitous ARP. Example OS10(conf-if-eth1/1/6)# ip arp gratuitous update OS10(conf-if-eth1/1/6)# ip arp gratuitous request Supported Releases 10.2.0E or later ip route Assigns a static route on the network device.
• dynamic — (Optional) Enter the keyword to display dynamic ARP entries. • summary — (Optional) Enter the keyword to display a summary of all ARP entries. Default Not configured Command Mode EXEC Usage Information This command shows both static and dynamic ARP entries. Example (IP Address) OS10# show ip arp 192.168.2.2 Address Hardware address Interface Egress Interface -------------------------------------------------------------------192.168.2.
Command Mode EXEC Usage Information None Example OS10# show ip route Codes: C - connected S - static B - BGP, IN - internal BGP, EX - external BGP O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, > - non-active route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change -----------------------------------------------------------------C 10.1.1.0/24 via 10.1.1.
• IPv6 forwarding is permanently disabled on the management Ethernet interface so that it remains in Host mode and does not operate as a router regardless of the ipv6 address autoconfig setting. If necessary, you can manually disable IPv6 processing on an interface so that the configured IPv6 addresses do not take effect. The IPv6 addresses take effect again when you re-enable IPv6.
• 2001:0db8:0000:0000:0000::1428:57ab • 2001:0db8:0:0:0:0:1428:57ab • 2001:0db8:0:0::1428:57ab • 2001:0db8::1428:57ab • 2001:db8::1428:57ab Write IPv6 networks using CIDR notation. An IPv6 network or subnet is a contiguous group of IPv6 addresses which must be a power of two. The initial bits of addresses, which are identical for all hosts in the network, are the network's prefix.
Configure network prefix OS10(config)# interface ethernet 1/1/8 OS10(conf-if-eth1/1/8)# ipv6 address 2001:FF21:1:1::/64 eui64 Configure link-local address OS10(config)# interface ethernet 1/1/8 OS10(conf-if-eth1/1/8)# ipv6 address FE80::1/64 link-local Stateless autoconfiguration When an interface comes up, OS10 uses stateless autoconfiguration to generate a unique link-local IPv6 address with a FE80::/64 prefix and an interface ID generated from the MAC address.
To enable RA messages, the switch must be in Router mode with IPv6 forwarding enabled and stateless autoconfiguration disabled using the no ipv6 address autoconfig command. Enable router advertisement messages 1 Enable IPv6 neighbor discovery and sending ICMPv6 RA messages in Interface mode. ipv6 nd send-ra 2 (Optional) Configure IPv6 neighbor discovery options in Interface mode.
Configure neighbor discovery OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ipv6 nd mtu 1500 OS10(conf-if-eth1/1/1)# ipv6 nd send-ra Configure advertised IPv6 prefixes OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ipv6 nd prefix default lifetime infinite infinite OS10(conf-if-eth1/1/1)# ipv6 nd prefix 2002::/64 Duplicate address discovery To determine if an IPv6 unicast address is unique before assigning it to an interface, an OS10 switch sends a neighbor solicitation messa
Configure IPv6 static routing and view configuration OS10(config)# ipv6 route 2111:dddd:0eee::22/128 2001:db86:0fff::2 OS10(config)# do show ipv6 route static Codes: C - connected S - static B - BGP, IN - internal BGP, EX - external BGP O - OSPF,IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, > - non-active route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ---------------------------
View IPv6 static information OS10# show ipv6 route static Codes: C - connected S - static B - BGP, IN - internal BGP, EX - external BGP O - OSPF,IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, > - non-active route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change -----------------------------------------------------------------S 2111:dddd:eee::22/12via 2001:db86:fff::2 ethernet1/1/1 1/1 00
Parameters • vrf vrf-name — (Optional) Enter vrf then the name of the VRF to clear the IPv6 routes corresponding to that VRF. • *— Clears all routes and refreshes the IPv6 routing table. Traffic flow for all the routes in the switch is affected. • A::B/mask — Removes the IPv6 route and refreshes the IPv6 routing table. Traffic flow in the switch is affected only for the specified route.
command disables IPv6 forwarding. Addresses are configured depending on the prefixes received in RA messages. • The no version of this command disables IPv6 address autoconfiguration, resets the interface in Router mode, and re-enables IPv6 forwarding. Example OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# no switchport OS10(conf-if-eth1/1/1)# ipv6 address autoconfig OS10(conf-if-eth1/1/1)# Supported Releases 10.3.
ipv6 address eui-64 Configures a global IPv6 address on an interface by entering only the network prefix and length. Syntax ipv6 address ipv6-prefix/prefix-length eui-64 Parameters ipv6-prefix — Enter an IPv6 prefix in x:x::y/mask format. Defaults None Command Mode INTERFACE Usage Information Use this command to manually configure an IPv6 address in addition to the link-local address generated with stateless autoconfiguration. Specify only the network prefix and length.
Usage Information • Use this command to enable local processing of IPv6 packets with hop-by-hop options in conformance with the RFC 8200, IPv6 Specification. • The no version of this command disables IPv6 processing of hop-by-hop header options. Example: Disable hop-by-hop option processing OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# no ipv6 hop-by-hop Supported Releases 10.4.0E(R1) or later ipv6 nd dad Disables or re-enables IPv6 duplicate address discovery (DAD).
Usage Information The configured hop limit is advertised in RA messages and included in IPv6 data packets sent by the router. 0 indicates that no hop limit is specified by the router. Example OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# ipv6 nd hop-limit 100 Supported Releases 10.4.0E(R1) or later ipv6 nd managed-config-flag Sends RA messages that tell hosts to use stateful address autoconfiguration, such as DHCPv6, to obtain IPv6 addresses.
Command Mode INTERFACE Usage Information The no version of this command restores the default MTU value advertised in RA messages. Example OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# ipv6 nd mtu 2500 Supported Releases 10.4.0E(R1) or later ipv6 nd other-config-flag Sends RA messages that tell hosts to use stateful autoconfiguration to obtain nonaddress-related information.
seconds (4 hours). The infinite setting allows addresses that are autoconfigured using the prefix to be preferred with no time limit. Defaults All prefixes in IPv6 subnets configured on an interface advertise. Command Mode INTERFACE Usage Information Examples • By default, all prefixes configured in IPv6 addresses on an interface advertise. To advertise all default parameters in the subnet prefixes on an interface, enter the default keyword.
Parameters • reachable-time milliseconds — Enter the reachable time in milliseconds, from 0 to 3600000. Defaults 0 Command Mode INTERFACE Usage Information The no version of this command restores the default reachable time. 0 indicates that no reachable time is sent in RA messages. Example OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# ipv6 nd reachable-time 1000 Supported Releases 10.4.
ipv6 route Configures a static IPv6 static route. Syntax Parameters ipv6 route [dst-vrf vrf-name] ipv6–prefix mask {next-hop | interface interfacetype [route-preference]} • dst-vrf vrf-name — (Optional) Enter vrf then the name of the VRF to install IPv6 routes in that VRF. • ipv6-prefix — Enter the IPv6 address in x:x:x:x::x format. • mask — Enter the mask in slash prefix-length /x format. • next-hop — Enter the next-hop IPv6 address in x:x:x:x::x format.
show ipv6 neighbors Displays IPv6 discovery information. Entering the command without options shows all IPv6 neighbor addresses stored on the control processor (CP). Syntax show ipv6 neighbors [vrf vrf-name] [ipv6-address| interface interface] Parameters • vrf vrf-name — (Optional) Enter vrf then the name of the VRF to display the neighbors corresponding to that VRF. If you do not specify this option, neighbors corresponding to the default VRF display.
• summary—(Optional) Displays the IPv6 route summary.
Example (Brief) OS10# show ipv6 interface brief Interface admin/ IPV6 Address/ IPv6 Oper Name protocol Link-Local Address Status ============================================================ Management 1/1/1 up/up fe80::20c:29ff:fe54:c852/64 Enabled Vlan 1 up/up fe80::20c:29ff:fe54:c8bc/64 Enabled Ethernet 1/1/2 up/up fe80::20c:29ff:fe54:c853/64 100::1/64 1001:1:1:1:20c:29ff:fe54:c853/64 Enabled Ethernet 1/1/3 up/up fe80::4/64 3000::1/64 4000::1/64 Disabled Ethernet 1/1/4 up/up fe80::4/64 4::1/64 5::1/64 En
Areas, networks, and neighbors The backbone of the network is Area 0, also called Area 0.0.0.0, the core of any AS. All other areas must connect to Area 0. An OSPF backbone distributes routing information between areas. It consists of all area border routers and networks not wholly contained in any area and their attached routers. The backbone is the only area with a default area number. You configure all other areas Area ID. If you configure two nonbackbone areas, you must enable the B bit in OSPF.
Each router has a unique ID, written in decimal A.B.C.D format. You do not have to associate the router ID with a valid IP address. To make troubleshooting easier, ensure the router ID is identical to the router’s IP address. Backbone router A backbone router (BR) is part of the OSPF Backbone, Area 0, and includes all ABRs. The BR includes routers connected only to the backbone and another ABR, but are only part of Area 0—shown as Router I in the example.
Designated router Maintains a complete topology table of the network and sends updates to the other routers via multicast. All routers in an area form a slave/master relationship with the DR. Every time a router sends an update, the router sends it to the DR and BDR. The DR sends the update to all other routers in the area. Backup designated router Router that takes over if the DR fails. Each router exchanges information with the DR and BDR. The DR and BDR relay information to other routers.
The LSA header is common to LSA types. Its size is 20 bytes. One of the fields of the LSA header is the link-state ID. Each router link is defined as one of four types—type 1, 2, 3, or 4. The LSA includes a link ID field that identifies the object this link connects to, by the network number and mask. Depending on the type, the link ID has different meanings.
• If no topology change occurs, an SPF calculation is performed and the hold timer is reset to its configured value. Set the start, hold, and wait timers according to the stability of the OSPF network topology. Enter the values in milliseconds (ms). If you do not specify a start-time, hold-time, or max-wait value, the default values are used. OSPFv2 and OSPFv3 instances support SPF throttling. By default, SPF timers are disabled in an OSPF instance.
OSPFv2 OSPFv2 supports IPv4 address families. OSPFv2 routers initially exchange hello messages to set up adjacencies with neighbor routers. The hello process establishes adjacencies between routers of the AS. It is not required that every router within the AS areas establish adjacencies. If two routers on the same subnet agree to become neighbors through this process, they begin to exchange network topology information in the form of LSAs.
Enable OSPFv2 in a non-default VRF instance To enable OSPFv2 in a non-default VRF instance: 1 Create a non-default VRF instance in which you want to enable OSPFv2: ip vrf vrf-name 2 Enable OSPF and configure an OSPF instance in VRF CONFIGURATION mode. router ospf instance-number vrf vrf-name 3 Enter the interface information to configure the interface for OSPF in INTERFACE mode. interface ethernet node/slot/port[:subport] 4 Enable the interface in INTERFACE mode.
Assign router ID OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# router-id 10.10.1.5 View OSPFv2 status OS10# show ip ospf 10 Routing Process ospf 10 with ID 10.10.1.5 Supports only single TOS (TOS0) routes It is an Autonomous System Boundary Router It is Flooding according to RFC 2328 Convergence Level 0 Min LSA origination 0 msec, Min LSA arrival 1000 msec Min LSA hold time 5000 msec, Max LSA wait time 5000 msec Number of area in this router is 1, normal 1 stub 0 nssa 0 Area (0.0.0.
Passive interfaces A passive interface does not send or receive routing information. Configuring an interface as a passive interface suppresses both receiving and sending routing updates. Although the passive interface does not send or receive routing updates, the network on that interface is included in OSPF updates sent through other interfaces. 1 Enter an interface type in INTERFACE mode. interface ethernet node/slot/port[:subport] 2 Configure the interface as a passive interface in INTERFACE mode.
Routing Process ospf 65535 with ID 99.99.99.
View OSPF interface configuration OS10(conf-if-eth1/1/1)# do show ip ospf interface ethernet1/1/1 is up, line protocol is up Internet Address 11.1.1.1/24, Area 0.0.0.0 Process ID 65535, Router ID 99.99.99.99, Network Type broadcast, Cost: 1 Transmit Delay is 200 sec, State BDR, Priority 1 Designated Router (ID) 150.1.1.1, Interface address 11.1.1.2 Backup Designated router (ID) 99.99.99.99, Interface address 11.1.1.
Summary address You can configure a summary address for an ASBR to advertise one external route as an aggregate, for all redistributed routes that are covered by specified address range. • Configure the summary address in ROUTER-OSPF mode. summary-address ip-address/mask [not-advertise | tag tag-value] Configure summary address OS10(config)# router ospf 100 OS10(config-router-ospf-100)# summary-address 10.0.0.
no no ip ip switchport shutdown ospf 100 area 0.0.0.0 ospf authentication-key sample Configure MD5 authentication OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ip ospf message-digest-key 2 md5 sample12345 View MD5 authentication OS10(conf-if-eth1/1/1)# show configuration ! interface ethernet1/1/1 ip address 10.10.10.2/24 no switchport no shutdown ip ospf 100 area 0.0.0.
OSPFv2 commands area default-cost Sets the metric for the summary default route generated by the ABR and sends it to the stub area. Syntax area area-id default-cost cost Parameters • area-id — Enter the OSPF area in dotted decimal A.B.C.D format or enter a number, from 0 to 65535. • cost — Enter a cost for the stub area’s advertised external route metric, from 0 to 65535. Default Cost is 1 Command Mode ROUTER-OSPF Usage Information The cost is also referred as reference-bandwidth or bandwidth.
• no-advertise — (Optional) Set the status to Do Not Advertise. The Type 3 summary-LSA is suppressed and the component networks remain hidden from other areas. Default Not configured Command Mode ROUTER-OSPF Usage Information The no version of this command disables the route summarizations. Example OS10(conf-router-ospf-10)# area 0 range 10.1.1.4/8 no-advertise Supported Releases 10.2.0E or later area stub Defines an area as the OSPF stub area.
Parameters • instance-number — Enter an OSPF instance number, from 1 to 65535. • vrf vrf-name — Enter the keyword vrf followed by the name of the VRF to reset the OSPF process configured in that VRF. Default Not configured Command Mode EXEC Usage Information This command clears all entries in the OSPF routing table. Example OS10# clear ip ospf 3 vrf vrf-test process Supported Releases 10.2.0E or later clear ip ospf statistics Clears OSPF traffic statistics.
default-metric Assigns a metric value to redistributed routes for the OSPF process. Syntax default-metric number Parameters number — Enter a default-metric value, from 1 to 16777214. Default Not configured Command Mode ROUTER-OSPF Usage Information The no version of this command disables the default-metric configuration. Example OS10(conf-router-ospf-10)# default-metric 2000 Supported Releases 10.2.
ip ospf area Attaches an interface to an OSPF area. Syntax ip ospf process-id area area-id Parameters • process-id — Set an OSPF process ID for a specific OSPF process, from 1 to 65535. • area area-id — Enter the OSPF area ID in dotted decimal A.B.C.D format or enter an area ID number, from 1 to 65535. Default Not configured Command Mode INTERFACE Usage Information The no version of this command removes an interface from an OSPF area.
Supported Releases 10.2.0E or later ip ospf dead-interval Sets the time interval since the last hello-packet was received from a router. After the interval elapses, the neighboring routers declare the router dead. Syntax ip ospf dead-interval seconds Parameters seconds — Enter the dead interval value in seconds, from 1 to 65535. Default 40 seconds Command Mode INTERFACE Usage Information The dead interval is four times the default hello-interval by default.
Example OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ip ospf message-digest-key 2 md5 sample12345 Supported Releases 10.3.0E or later ip ospf mtu-ignore Enables OSPF MTU mismatch detection on receipt of DBD packets. Syntax ip ospf mtu-ignore Parameters None Default Not configured Command Mode INTERFACE Usage Information When neighbors exchange DBD packets, the OSPF process checks if the neighbors are using the same MTU on a common interface.
NOTE: As loopback interfaces are implicitly passive, the configuration to suppress sending and receiving of OSPF routing updates does not take effect on the loopback interfaces. However, network information corresponding to these loopback interfaces is still announced in OSPF LSAs that are sent through other interfaces configured for OSPF. Example OS10(conf-if-eth1/1/6)# ip ospf passive Supported Releases 10.2.
Example OS10(conf-if-eth1/1/4)# ip ospf transmit-delay 5 Supported Releases 10.2.0E or later log-adjacency-changes Enables logging of syslog messages regarding changes in the OSPF adjacency state. Syntax log-adjacency-changes Parameters None Default Disabled Command Mode ROUTER-OSPF Usage Information The no version of this command resets the value to the default. Example OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# log-adjacency-changes Supported Releases 10.2.
redistribute Redistributes information from another routing protocol or routing instance to the OSPFv2 process. Syntax Parameters redistribute {bgp as-number| connected | static} [route-map map-name] • as-number — Enter an autonomous number to redistribute BGP routing information throughout the OSPF instance, from 1 to 4294967295. • connected — Enter the information from the connected active routes on interfaces to redistribute.
• vrf vrf-name — Enter the keyword vrf followed by the name of the VRF to configure an OSPF instance in that VRF. Default Not configured Command Mode CONFIGURATION Usage Information Assign an IP address to an interface before using this command. The no version of this command deletes an OSPF instance. Example OS10(config)# router ospf 10 vrf vrf-test Supported Releases 10.2.0E or later show ip ospf Displays OSPF instance configuration information.
Usage Information You can isolate problems with external routes. External OSPF routes are calculated by adding the LSA cost to the cost of reaching the ASBR router. If an external route does not have the correct cost, this command determines if the path to the originating router is correct. ASBRs that are not in directly connected areas display. You can determine if an ASBR is in a directly connected area by the flags. For ASBRs in a directly connected area, E flags are set.
Summary Network (Area 0.0.0.0) Supported Releases 10.2.0E or later show ip ospf database asbr-summary Displays information about AS boundary LSAs. Syntax show ip ospf [process-id] database asbr-summary Parameters • process-id—(Optional) Displays the AS boundary LSA information for a specified OSPF process ID. If you do not enter a process ID, this applies only to the first OSPF process.
Parameters • process-id—(Optional) Displays AS external Type 5 LSA information for a specified OSPF process ID. If you do not enter a process ID, this command applies only to the first OSPF process. • vrf vrf-name — (Optional) Displays AS external (Type 5) LSA information for a specified OSPF Process ID corresponding to a VRF. Default Not configured Command Mode EXEC Usage Information Example • LS Age — Displays the LS age.
Default Not configured Command Mode EXEC Usage Information Example • LS Age—Displays the LS age. • Options—Displays optional capabilities. • LS Type—Displays the LS type. • Link State ID—Identifies the router ID. • Advertising Router—Identifies the advertising router’s ID. • LS Seq Number—Identifies the LS sequence number. This identifies old or duplicate LSAs. • Checksum—Displays the Fletcher checksum of an LSA’s complete contents. • Length—Displays the LSA length in bytes.
• Example Advertising Router — Identifies the advertising router’s ID. • LS Seq Number — Identifies the LS sequence number. This identifies old or duplicate LSAs. • Checksum — Displays the Fletcher checksum of an LSA’s complete contents. • Length — Displays the LSA length in bytes. • Network Mask—Identifies the network mask implemented on the area. • TOS—Displays the ToS options. The only option available is zero. • Metric—Displays the LSA metric.
Checksum: 0xB0F6 Length: 36 Network Mask: /24 Metric Type: 2 TOS: 0 Metric: 20 Forward Address: 0.0.0.0 External Route Tag: 0 LS age: 65 Options: (No TOS-Capability, No DC, No Type 7/5 translation) LS type: NSSA External Link State ID: 14.1.1.0 Advertising Router: 2.2.2.2 LS Seq Number: 0x80000001 Checksum: 0xA303 Length: 36 Network Mask: /24 Metric Type: 2 TOS: 0 Metric: 20 Forward Address: 0.0.0.0 External Route Tag: 0 Supported Releases 10.2.
LS type: Type-10 Area Local Opaque Link State ID: 8.1.1.2 Advertising Router: 2.2.2.2 LS Seq Number: 0x80000008 Checksum: 0x83B8 Length: 28 Opaque Type: 8 Opaque ID: 65794 !! ! Supported Releases 10.2.0E or later show ip ospf database opaque-as Displays information about the opaque-as Type 11 LSAs. Syntax show ip ospf [process-id] opaque—as Parameters process-id — (Optional) Displays opaque-as Type 11 LSA information for a specified OSPF process ID.
show ip ospf database opaque-link Displays information about the opaque-link Type 9 LSA. Syntax show ip ospf [process-id] [vrf vrf-name] database opaque-link Parameters • process-id — (Optional) Displays the opaque-link Type 9 LSA information for an OSPF process ID. If you do not enter a process ID, this command applies only to the first OSPF process. • vrf vrf-name — (Optional) Displays the opaque-link Type 9 LSA information for an OSPF process ID corresponding to a VRF.
Default Not configured Command Mode EXEC Usage Information Output: Example • LS age—Displays the LS age. • Options—Displays optional capabilities. • LS Type—Displays the LS type. • Link State ID—Identifies the router ID. • Advertising Router—Identifies the advertising router’s ID. • LS Seq Number—Identifies the LS sequence number. This identifies old or duplicate LSAs. • Checksum—Displays the Fletcher checksum of an LSA’s complete contents. • Length—Displays the LSA length in bytes.
Parameters • process-id—(Optional) Displays LSA information for a specific OSPF process ID. If you do not enter a process ID, this command applies only to the first OSPF process. • vrf vrf-name — (Optional) Displays LSA information for a specified OSPF process ID corresponding to a VRF. Default Not configured Command Mode EXEC Usage Information Example • LS Age—Displays the LS age. • Options—Displays the optional capabilities available on the router. • LS Type—Displays the LS type.
– vlan — Enter the VLAN interface number, from 1 to 4093. Default Not configured Command Mode EXEC Example OS10# show ip ospf 10 interface ethernet1/1/1 is up, line protocol is up Internet Address 110.1.1.1/24, Area 0.0.0.0 Process ID 10, Router ID 1.1.1.1, Network Type broadcast, Cost: 10 Transmit Delay is 1 sec, State WAIT, Priority 1 BFD enabled(Interface level) Interval 300 Min_rx 300 Multiplier 3 Role Active Designated Router (ID) , Interface address 0.0.0.
– port-channel number — Enter the port-channel interface number, from 1 to 128. – vlan vlan-id — Enter the VLAN ID number, from 1 to 4093. Default Not configured Command Mode EXEC Usage Information This command displays OSPFv2 traffic statistics for a specified instance or interface, or for all OSPFv2 instances and interfaces.
112.112.112.1 112.112.112.2 Supported Releases -/B/-/ -/B/-/ 2 2 110.1.1.2 110.1.1.2 Vl 3050 Vl 3050 0 0 10.2.0E or later summary-address Configures a summary address for an ASBR to advertise one external route as an aggregate for all redistributed routes covered by a specified address range. Syntax Parameters summary-address ip-address/mask [not-advertise | tag tag-value] • ip-address/mask—Enter the IP address to summarize along with the mask.
Default • max-wait — Sets the maximum wait time between two SPF calculations in milliseconds, from 1 to 600000; default 10000. • start-time — 1000 milliseconds • hold-time — 10000 milliseconds • max-wait — 10000 milliseconds Command Mode ROUTER-OSPF Usage Information By default, SPF timers are disabled in an OSPF instance. Use SPF throttling to delay SPF calculations during periods of network instability. In an OSPF network, a topology change event triggers an SPF calculation after a start time.
• max-interval — 5000 milliseconds Command Mode ROUTER-OSPF Usage Information The no version of this command removes the LSA transmit timer. Example OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# timers throttle lsa all 100 300 1000 Supported Releases 10.2.0E or later OSPFv3 OSPFv3 is an IPv6 link-state routing protocol that supports IPv6 unicast address families (AFs). OSPFv3 is disabled by default. You must configure at least one interface, either physical or Loopback.
3 Enter the interface information to configure the interface for OSPFv3 in INTERFACE mode. interface ethernet node/slot/port[:subport] 4 Enable the interface in INTERFACE mode. no shutdown 5 Disable the default switchport configuration and remove it from an interface or a LAG port in INTERFACE mode. no switchport 6 Associate the interface with the non-default VRF instance that you created earlier. ip vrf forwarding vrf-name 7 Enable the OSPFv3 on an interface.
Number of interface in SPF algorithm executed Area (0.0.0.1) Number of interface in SPF algorithm executed this area is 1 42 times this area is 1 42 times Configure Stub Areas Type 5 LSAs are not flooded into stub areas. The ABR advertises a default route into the stub area where it is attached. Stub area routers use the default route to reach external destinations. 1 Enable OSPFv3 routing and enter ROUTER-OSPFv3 mode, from 1 to 65535.
-------------------------------------------------------------199.205.134.103 42 0x80000001 12 ethernet1/1/3 202.254.156.15 54 0x80000001 12 ethernet1/1/3 Enable Passive Interfaces A passive interface is one that does not send or receive routing information. Configuring an interface as a passive interface suppresses both the receiving and sending routing updates.
Change OSPFv3 Interface Parameters OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# ethernet 1/1/1 ipv6 ospf hello-interval 5 ipv6 ospf dead-interval 20 ipv6 ospf priority 4 View OSPFv3 Interface Parameters OS10# show ipv6 ospf interface ethernet1/1/1 is up, line protocol is up Link Local Address fe80::20c:29ff:fe0a:d59/64, Interface ID 5 Area 0.0.0.0, Process ID 200, Instance ID 0, Router ID 10.0.0.
• There is no maximum AH or ESP header length because the headers have fields with variable lengths. Configure IPsec authentication on interfaces Prerequisite: Before you enable IPsec authentication on an OSPFv3 interface, first enable IPv6 unicast routing globally, then enable OSPFv3 on the interface, and assign it to an area. The SPI value must be unique to one IPsec authentication or encryption security policy on the router.
– authentication-type key — Enter the encryption authentication MD5 or SHA1 algorithm to use. – key — Enter the text string used in the authentication algorithm. All neighboring OSPFv3 routers must share the key to exchange information. Only a non-encrypted key is supported. For MD5 authentication, the non-encrypted key must be 32 plain hex digits. For SHA1 authentication, the non-encrypted key must be 40 hex digits. An encrypted key is not supported.
– key — Enter the text string used in the encryption algorithm. All neighboring OSPFv3 routers must share the key to decrypt information. Only a non-encrypted key is supported. Required lengths of the non-encrypted key are: 3DES — 48 hex digits; DES — 16 hex digits; AES-CBC — 32 hex digits for AES-128 and 48 hex digits for AES-192. – authentication-type — Enter the encryption authentication MD5 or SHA1 algorithm to use. – key — Enter the text string used in the authentication algorithm.
area authentication Configures authentication for an OSPFv3 area. Syntax Parameters area area-id authentication ipsec spi number {MD5 | SHA1} key • area area-id — Enter an area ID as a number or IPv6 prefix. • ipsec spi number — Enter a unique security policy index (SPI) value, from 256 to 4294967295. • md5 — Enable MD5 authentication. • sha1 — Enable SHA1 authentication. • key — Enter the text string used in the authentication type. Default OSPFv3 area authentication is not configured.
• All OSPFv3 routers in the area must share the same authentication key to exchange information. Only a nonencrypted key is supported. For MD5 authentication, the non-encrypted key must be 32 plain hex digits. For SHA1 authentication, the non-encrypted key must be 40 hex digits. An encrypted key is not supported. Example OS10(config-router-ospfv3-100)# area 1 encryption ipsec spi 401 esp des 1234567812345678 md5 12345678123456781234567812345678 Supported Releases 10.4.
• vrf vrf-name — (Optional) Enter the keyword vrf followed by the name of the VRF to clear OSPFv3 processes in that VRF. Default Not configured Command Mode EXEC Usage Information None Example OS10# clear ipv6 ospf 3 process Supported Releases 10.3.0E or later clear ipv6 ospf statistics Clears OSPFv3 traffic statistics. Syntax Parameters clear ipv6 ospf [instance-number] [vrf vrf-name] statistics • instance-number — (Optional) Enter an OSPFv3 instance number, from 1 to 65535.
Parameters • process-id—Enter an OSPFv3 process ID for a specific OSPFv3 process, from 1 to 65535. • area-id—Enter the OSPFv3 area ID in dotted decimal A.B.C.D format or enter an area ID number, from 1 to 65535. Default Not configured Command Mode INTERFACE Usage Information The no version of this command removes an interface from an OSPFv3 area. Example OS10(config)# interface vlan 10 OS10(conf-if-vl-10)# ipv6 ospf 10 area 1 Supported Releases 10.3.
Parameters cost — Enter a value as the OSPFv3 cost for the interface, from 1 to 65335. Default Based on bandwidth reference Command Mode INTERFACE Usage Information If not configured, the interface cost is based on the auto-cost command. This command configures OSPFv3 over multiple vendors to ensure that all routers use the same cost value. The no version of this command removes the IPv6 OSPF cost configuration.
ipv6 ospf authentication ipsec command. To configure encryption, you must first delete the authentication policy. Example • All neighboring OSPFv3 routers must share the same encryption key to decrypt information. Only a nonencrypted key is supported. Required lengths of the non-encrypted key are: 3DES — 48 hex digits; DES — 16 hex digits; AES-CBC — 32 hex digits for AES-128 and 48 hex digits for AES-192. • All neighboring OSPFv3 routers must share the same authentication key to exchange information.
ipv6 ospf passive Configures an interface as a passive interface and suppresses both receiving and sending routing updates to the passive interface. Syntax ipv6 ospf passive Parameters None Default Not configured Command Mode INTERFACE Usage Information You must configure the interface before setting the interface to passive mode. The no version of the this command disables Passive interface configuration.
Supported Releases 10.3.0E or later maximum-paths Enables forwarding of packets over multiple paths. Syntax maximum—paths number Parameters number —Enter the number of paths for OSPFv3, from 1 to 128. Default Disabled Command Mode ROUTER-OSPFv3 Usage Information The no version of this command resets the value to the default. Example OS10(config)# router ospfv3 OS10(config-router-ospfv3-100)# maximum-paths 1 Supported Releases 10.3.
Usage Information Configure an arbitrary value in the IP address format for each router. Each router ID must be unique. Use the fixed router ID for the active OSPFv3 router process. Changing the router ID brings down the existing OSPFv3 adjacency. The new router ID becomes effective immediatley. The no version of this command disables the router ID configuration. Example OS10(config)# router ospfv3 10 OS10(config-router-ospfv3-100)# router-id 10.10.1.5 Supported Releases 10.3.
Number of interface in this area is 1 SPF algorithm executed 3 times Supported Releases 10.3.0E or later show ipv6 ospf database Displays all LSA information. You must enable OSPFv3 to generate output. Syntax show ipv6 ospf process-id [vrf vrf-name] database Parameters • process-id — Enter the OSPFv3 process ID to view a specific process. If you do not enter a process ID, the command applies to all the configured OSPFv3 processes.
Supported Releases 10.3.0E or later show ipv6 ospf interface Displays the configured OSPFv3 interfaces. You must enable OSPFv3 to display the output. Syntax Parameters show ipv6 ospf interface interface [vrf vrf-name] • interface — (Optional) Enter the interface information: – ethernet — Physical interface, from 1 to 48. – port-channel — Port-channel interface, from 1 to 128. – vlan — VLAN interface, from 1 to 4093.
------------------------------------------------------------------2.2.2.2 1 Full/DR 00:00:30 5 ethernet1/1/1 Supported Releases 10.3.0E or later show ipv6 ospf statistics Displays OSPFv3 traffic statistics. Syntax show ipv6 ospf [instance-number] statistics [interface interface] Parameters • instance-number — (Optional) Enter an OSPFv3 instance number, from 1 to 65535.
Default • hold-time — Sets the additional hold time between two SPF calculations in milliseconds, from 1 to 600000; default 10000. • max-wait — Sets the maximum wait time between two SPF calculations in milliseconds, from 1 to 600000; default 10000. • start-time — 1000 milliseconds • hold-time — 10000 milliseconds • max-wait — 10000 milliseconds Command Mode ROUTER-OSPFv3 Usage Information OSPFv2 and OSPFv3 support SPF throttling. By default, SPF timers are disabled in an OSPF instance.
Figure 7. Object tracking Interface tracking You can create an object that tracks the line-protocol state of an L2 interface, and monitors its operational up or down status. You can configure up to 500 objects. Each object is assigned a unique ID. When the link-level status goes down, the tracked resource status is also considered Down. If the link-level status goes up, the tracked resource status is also considered Up.
• mgmt — Management interface 1 Configure object tracking in CONFIGURATION mode, from 1 to 500. track object-id 2 (Optional) Enter interface object tracking on the line-protocol state of an L2 interface in OBJECT TRACKING mode. interface interface line-protocol 3 (Optional) Configure the time delay used before communicating a change to the status of a tracked interface in OBJECT TRACKING mode, from 0 to 80 seconds; default 0.
1 changes, Last change 2017-04-26T06:45:31Z OS10 (conf-track-2)# Configure IPv6 host tracking OS10 (conf-track-2)# track 3 OS10 (conf-track-3)# ipv6 20::20 reachability OS10 (conf-track-3)# delay up 20 OS10 (conf-track-3)# do show track 3 IP Host 20::20 reachability Reachability is DOWN 1 changes, Last change 2017-04-26T06:47:04Z OS10 (conf-track-3)# Set tracking delays You can configure an optional Up or Down timer for each tracked object.
View interface object tracking information OS10# show track interface TrackID Resource Parameter Status LastChange --------------------------------------------------------------------------------1 line-protocol ethernet1/1/1 DOWN 2017-02-03T08:41:25Z1 OS10# show track ip TrackID Resource Parameter Status LastChange --------------------------------------------------------------------------------2 ipv4-reachablity 1.1.1.
• mgmt — Enter the Management interface. Defaults Not configured Command Mode CONFIGURATION Usage Information None Example OS10(conf-track-100)# interface ethernet line-protocol Supported Releases 10.3.0E or later ip reachability Configures an object to track a specific next-hop host's reachability. Syntax ip host-ip-address reachability Parameters host-ip-address — Enter the IPv4 host address.
Command Mode CONFIGURATION Usage Information Set the interval to 0 to disable the refresh. Example OS10(conf-track-100)# reachability-refresh 600 Supported Releases 10.3.0E or later show track Displays tracked object information. Syntax Parameters show track [brief] [object-id] [interface] [ip | ipv6] • brief — (Optional) Displays brief tracked object information. • object-id — (Optional) Displays tracked object information for a specific object ID.
Policy-based routing PBR provides a mechanism to redirect IPv4 and IPv6 data packets based on the policies defined to override the switch’s forwarding decisions based on the routing table. Policy-based route-maps A route-map is an ordered set of rules that controls the redistribution of IP routes into a protocol domain. When you enable PBR on an interface, all IPv4 or IPv6 data packets process based on the policies that you define in the route-maps.
Apply match and set parameters to IPv4 route-map OS10(conf-route-map)# route-map map1 OS10(conf-route-map)# match ip address acl5 OS10(conf-route-map)# set ip next-hop 10.10.10.10 Apply match and set parameters to IPv6 route-map OS10(conf-route-map)# route-map map1 OS10(conf-route-map)# match ipv6 address acl8 OS10(conf-route-map)# set ipv6 next-hop 20::20 Assign route-map to interface You can assign a route-map to an interface for IPv4 or IPv6 policy-based routing to an interface.
Policy routing matches: 84 packets Policy-based routing per VRF Configure PBR per VRF instance for both IPv4 and IPv6 traffic flows. Policy-based routing (PBR) enables packets with certain match criteria, such as packets from specific source and destination addresses, to be re-directed to a different next-hop. You can also use PBR to re-direct packets arriving on a VRF instance to a next-hop that is reachable through a different VRF instance.
Match clauses: ip address (access-lists): acl1 Set clauses: ip vrf red next-hop 1.1.1.1 track-id 200 Sample configuration Consider a scenario where traffic from source IP address 1.1.1.1 ingresses through VLAN40 that is part of VRF RED. The egress interface for this traffic is also on the same VRF RED with IP address 4.4.4.4, as shown. Using the following PBR configuration, you can re-direct traffic ingresssing to VRF RED to a destination that is reachable through the nexthop IP address 2.2.2.
track track-id OS10(config)# track 200 2 Configure reachability of the next-hop address through the VRF instance. ip ip-address reachablility vrf vrf-name OS10(conf-track-200)# OS10(conf-track-200)# ip 1.1.1.1 reachability vrf red OS10(conf-track-200)#exit 3 Configure the route-map. route-map route-map-name OS10(config-route-map)# OS10(config-route-map)# match ip address acl1 4 Set the track ID configured in step 1 to the route-map.
seq 30 deny tcp 10.99.0.0/16 10.0.0.0/8 eq 21 seq 40 deny icmp 10.99.0.0/16 10.0.0.0/8 • Create a route-map to block specific traffic from PBR processing. route-map TEST-RM deny 5 match ip address TEST-ACL-DENY • Create a route-map to permit traffic for PBR processing. route-map TEST-RM permit 10 match ip address TEST-ACL set ip next-hop 10.0.40.235 • Apply the policy to the previously created interface.
clear route-map pbr-statistics Clears all PBR counters. Syntax clear route-map [map-name] pbr-statistics Parameters map-name—Enter the name of a configured route-map. A maximum of 140 characters. Defaults None Command Mode EXEC Usage Information None Example OS10# clear route-map map1 pbr-statistics Supported Releases 10.3.0E or later match address Matches the access-list to the route-map. Syntax match {ip | ipv6} address [name] Parameters name—Enter the name of an access-list.
route-map pbr-statistics Enables counters for PBR statistics. Syntax route-map [map-name] pbr-statistics Parameters map-name—Enter the name of a configured route-map. A maximum of 140 characters. Defaults Not configured Command Mode CONFIGURATION Usage Information None Example OS10(config)# route-map map1 pbr-statistics Supported Releases 10.3.0E or later set next-hop Sets an IPv4 or IPv6 next-hop address for policy-based routing.
• track-id—(Optional) Enter the track ID of the PBR object. Defaults Not configured Command Mode ROUTE-MAP Usage Information You must configure next-hop IP address tracking and PBR next-hop with the same VRF instance. For next-hop reachability in the same VRF instance, you must configure both PBR per VRF and object tracking. Missing either the next-hop IP address tracking or PBR next-hop configuration in a VRF instance results in an erroneous configuration.
Virtual Router Redundancy Protocol VRRP allows you to form virtual routers from groups of physical routers on your local area network (LAN). These virtual routing platforms — master and backup pairs — provide redundancy in case of hardware failure. VRRP also allows you to easily configure a virtual router as the default gateway to all your hosts and avoids the single point of failure of a physical router.
The example shows a typical network configuration using VRRP. Instead of configuring the hosts on network 10.10.10.0 with the IP address of either Router A or Router B as the default router, the default router of all hosts is set to the IP address of the virtual router. When any host on the LAN segment requests Internet access, it sends packets to the IP address of the virtual router.
2 Set the switch with the highest priority to vrrp version 3. 3 Set all switches from vrrp version 2 to vrrp version 3.
Verify virtual IP address OS10# show running-configuration ! Version 10.1.9999P.2281 ! Last configuration change at Jul ! aaa authentication system:local ! interface ethernet1/1/1 ip address 10.1.1.1/24 no switchport no shutdown ! vrrp-group 10 virtual-address 10.1.1.
interface interface-id VRF CONFIGURATION Mode 3 Remove the interface from L2 switching mode. no switchport INTERFACE CONFIGURATION Mode 4 Assign the interface to the non-default VRF that you have created. ip vrf forwarding vrf-name INTERFACE CONFIGURATION Mode 5 Assign an IP address to the interface. ip address ip-address INTERFACE CONFIGURATION Mode 6 Configure a VRRP group. vrrp-group group-id INTERFACE CONFIGURATION Mode 7 Configure virtual IP address for the VRRP ID.
Virtual MAC Address : 00:00:5e:00:01:01 Version : version-3 Priority : 200 Preempt : Hold-time : Authentication : no-authentication Virtual IP address : 10.1.1.1 master-transitions : 1 advertise-rcvd : 0 advertise-interval-errors : 0 ip-ttl-errors : 0 priority-zero-pkts-rcvd : 0 priority-zero-pkts-sent : 0 invalid-type-pkts-rcvd : 0 address-list-errors : 0 pkt-length-errors : 0 Authentication Simple authentication of VRRP packets ensures that only trusted routers participate in VRRP processes.
View running configuration OS10(conf-eth1/1/5-vrid-254)# do show running-configuration ! Version 10.2.0E ! Last configuration change at Sep 24 07:17:45 2016 ! debug radius false snmp-server contact http://www.dell.com/support/softwarecontacts snmp-server location "United States" username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/VKx8SloIhp4NoGZs0I/ UNwh8WVuxwfd9q4pWIgNs5BKH. aaa authentication system:local ! interface ethernet1/1/5 ip address 1.1.1.
ip address 10.1.1.1/16 no switchport no shutdown ! vrrp-group 1 advertisment-interval centisecs 200 priority 200 virtual-address 10.1.1.1 ! interface ethernet1/1/2 switchport access vlan 1 no shutdown Interface/object tracking You can monitor the state of any interface according to the virtual group. OS10 supports a maximum of 10 track groups and each track group can track only one interface.
interface ethernet1/1/1 ip address 10.1.1.1/16 no switchport no shutdown ! vrrp-group 1 priority 200 virtual-address 10.1.1.1 ! interface ethernet1/1/2 switchport access vlan 1 no shutdown ! interface ethernet1/1/3 switchport access vlan 1 no shutdown ! interface ethernet1/1/4 switchport access vlan 1 no shutdown ! interface ethernet1/1/5 switchport access vlan 1 no shutdown ! interface ethernet1/1/6 switchport access vlan 1 no shutdown ! ..... .....
Usage Information Dell EMC recommends keeping the default setting for this command. If you change the time interval between VRRP advertisements on one router, change it on all routers. The no version of this command sets the VRRP advertisements timer interval back to its default value, 1 second or 100 centisecs. Example OS10(conf-eth1/1/6-vrid-250)# advertise-interval 120 centisecs 100 Supported Releases 10.2.0E or later authentication-type Enables authentication of VRRP data exchanges.
Default 100 Command Mode INTERFACE-VRRP Usage Information To guarantee that a VRRP group becomes master, configure the priority of the VRRP group to the 254, which is the highest priority. If you set the priority to 254 and the virtual-address is not equal to the interface’s primary IP address, the system displays an error message. The no version of this command resets the value to the default of 100. Example OS10(conf-eth1/1/5-vrid-254)# priority 200 Supported Releases 10.2.
track Assigns a unique identifier to track an object. Syntax track track-id [priority cost [value]] Parameters • track-id — Enter the object tracking resource ID number, from 1 to 500. • priority cost value — (Optional) Enter a cost value to subtract from the priority value, from 1 to 254. Default 10 Command Mode INTERFACE-VRRP Usage Information If you disable the interface, the cost value subtracts from the priority value and forces a new master election.
Parameters • ip-address1 — Enter the IP address of a virtual router in A.B.C.D format. The IP address must be on the same subnet as the interface’s primary IP address. • ip-address2...ip-address10 — (Optional) Enter up to nine additional IP addresses of virtual routers, separated by a space. The IP addresses must be on the same subnet as the interface’s primary IP address.
Supported Releases 10.2.0E or later vrrp-ipv6-group Assigns a VRRP group identification number to an IPv6 interface. Syntax vrrp-ipv6–group vrrp-id Parameters vrrp-id — Enter a VRRP group identification number, from 1 to 255. Default Not configured Command Mode INTERFACE-VRRP Usage Information The VRRP group only becomes active and sends VRRP packets when you configure a virtual IP address. When you delete the virtual address, the VRRP group stops sending VRRP packets.
7 Multicast Multicast is a technique that allows networking devices to send data to a group of interested receivers in a single transmission. For instance, this technique is widely used for streaming videos. Multicast allows you to more efficiently use network resources, specifically for bandwidth-consuming services such as audio and video transmission.
Unknown multicast flood control The unknown multicast flood control feature enables the system to forward unknown multicast packets only to a multicast router (mrouter). When you enable multicast snooping, OS10 forwards multicast frames, whose destination is already learned, to their intended recipients. When the system receives multicast frames whose destination is not known, it floods the frames for all ports on the specific VLAN. All hosts that receive these multicast frames must process them.
Enable multicast flood control Multicast flood control is enabled on OS10 by default. If it is disabled, use the following procedure to enable multicast flood control: 1 Configure IGMP snooping. To know how to configure IGMP snooping, see the IGMP snooping section. 2 Configure MLD snooping. To know how to configure MLD snooping, see the MLD Snooping section. 3 Enable the multicast flood control feature.
Usage Information Multicast snooping flood control, IGMP snooping, and MLD snooping are enabled by default. For multicast flood restrict to be effective on a VLAN, IGMP snooping and MLD snooping must be enabled at both global and VLAN levels. To disable multicast snooping flood control, use the no multicast snooping flood-restrict command. Example OS10(config)# multicast snooping flood-restrict Supported Releases 10.4.3.
• OS10 uses version 3 as the default IGMP version. Version 3 is backwards compatible with versions 1 and 2. Important notes • • OS10 systems cannot serve as an IGMP host or an IGMP version 1 querier. OS10 automatically enables IGMP on interfaces where you enable PIM sparse mode. Supported IGMP versions IGMP has three versions. Version 3 obsoletes and is backwards-compatible with version 2; version 2 obsoletes version 1. OS10 supports the following IGMP versions: • • Router—IGMP versions 2 and 3.
The querier advertises the maximum response time in the query. Lowering this value decreases leave latency but increases response burstiness because all host membership reports are sent before the maximum response time expires. Inversely, increasing this value decreases burstiness, but increases leave latency.
IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP IGMP is enabled on interface version is 3 query interval is 60 seconds querier timeout is 130 seconds last member query response interval is 1000 ms max response time is 10 seconds immediate-leave is disabled on this interface joins count: 0 querying router is 3.1.1.1 Vlan121 is up, line protocol is up Internet address is 121.1.1.
• OS10 learns the multicast router interface dynamically based on the interface on which IGMP membership query is received. To assign a multicast router interface statically, use the ip igmp snooping mrouter interface interface—type command in VLAN INTERFACE mode. NOTE: IGMP snooping dynamically detects the mrouter interface based on IGMP queries that it receives.
IGMP snooping is enabled on interface IGMP snooping query interval is 60 seconds IGMP snooping querier timeout is 130 seconds IGMP snooping last member query response interval is 1000 ms IGMP Snooping max response time is 10 seconds IGMP snooping fast-leave is disabled on this interface IGMP snooping querier is disabled on this interface Multicast flood-restrict is enabled on this interface show ip igmp snooping mrouter Interface Router Ports Vlan 100 ethernet 1/1/32 IGMP commands clear ip igmp groups Clea
ip igmp last-member-query-interval Changes the last member query interval, which is the maximum response time included in the group-specific queries sent in response to leave group messages. This last-member-query-interval is the interval between group-specific query messages. Syntax ip igmp last-member-query-interval milliseconds Parameters milliseconds—Enter the amount of time in milliseconds to configure the time interval between group-specific query messages. The range is from 100 to 65535.
Example OS10# configure terminal OS10# interface vlan14 OS10(conf-if-vl-14)# ip igmp query-max-resp-time 20 Supported Releases 10.4.3.0 or later ip igmp snooping enable Enables IGMP snooping globally. Syntax ip igmp snooping enable Parameters None Default Enabled Command Mode CONFIGURATION Usage Information The no version of this command disables IGMP snooping. Example OS10(config)# ip igmp snooping enable Supported Releases 10.4.
Example OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# ip igmp snooping fast-leave Supported Releases 10.4.1.0 or later ip igmp snooping last-member-query-interval Configures the time interval between group-specific IGMP query messages. Syntax ip igmp snooping last-member-query-interval query-interval-time Parameters query-interval-time—Enter the query time interval in milliseconds, from 100 to 65535.
Supported Releases 10.4.0E(R1) or later ip igmp snooping query-interval Configures time interval for sending IGMP general queries. Syntax ip igmp snooping query-interval query-interval-time Parameters query-interval-time—Enter the interval time in seconds, from 2 to 18000. Default 60 seconds Command Mode VLAN INTERFACE Usage Information The no version of this command resets the query interval to the default value.
show ip igmp groups Displays the IGMP groups. Syntax show ip igmp [vrf vrf-name] groups [group-address [detail] | detail | interface-name [group-address [detail]]] Parameters • vrf vrf-name—Enter the keyword vrf, then the name of the VRF. • group-address—Enter the group address in dotted decimal format to view specific group information. • interface-name—Enter the interface name.
Parameters • vrf vrf-name—Enter the keyword vrf, then the name of the VRF. • interface name—Enter the keyword interface, then the interface name. Default None Command Mode EXEC Usage Information None Example OS10# show ip igmp interface Vlan103 is up, line protocol is up Internet address is 2.1.1.
Member-ports :port-channel51,ethernet1/1/51:1,ethernet1/1/52:1 225.1.0.3 vlan3031 IGMPv2-Compat Member-ports :port-channel51,ethernet1/1/51:1,ethernet1/1/52:1 225.1.0.4 vlan3031 IGMPv2-Compat Member-ports :port-channel51,ethernet1/1/51:1,ethernet1/1/52:1 225.1.0.5 vlan3031 IGMPv2-Compat Member-ports :port-channel51,ethernet1/1/51:1,ethernet1/1/52:1 225.1.0.6 vlan3031 IGMPv2-Compat Member-ports :port-channel51,ethernet1/1/51:1,ethernet1/1/52:1 225.1.0.
port-channel51 ethernet1/1/51:1 ethernet1/1/52:1 Include Include Include 1d:20:26:07 1d:20:26:05 1d:20:26:08 00:01:41 00:01:46 00:01:46 Uptime 1d:20:26:07 Expires 00:01:41 OS10# show ip igmp snooping groups vlan 3041 detail Interface vlan3041 Group 232.11.0.0 Source List 101.41.0.21 Member Port Mode Uptime port-channel51 Include 1d:20:26:07 ethernet1/1/51:1 Include 1d:20:26:05 ethernet1/1/52:1 Include 1d:20:26:08 Expires 00:01:41 00:01:46 00:01:46 Interface vlan3041 Group 232.11.0.1 Source List 101.
Usage Information The multicast flood control feature is not available on the S4248FB-ON, S4248FBL-ON, and S5148-ON devices.
IGMP snooping querier timeout is 130 seconds IGMP snooping last member query response interval is 1000 ms IGMP Snooping max response time is 10 seconds IGMP snooping fast-leave is disabled on this interface IGMP snooping querier is enabled on this interface Multicast snooping flood-restrict is enabled on this interface Supported Releases 10.4.0E(R1) or laterUpdated the command to display the multicast flood restrict status on 10.4.3.
MLD snooping MLD snooping enables switches to use the information in MLD packets and generate a forwarding table that associates ports with multicast groups. When switches receive multicast frames, they forward them to their intended receivers. OS10 supports MLD snooping on VLAN interfaces. Effective with OS10 release 10.4.3.0, MLD snooping is enabled by default. Configure MLD snooping • Enable MLD snooping globally with the ipv6 mld snooping enable command in the CONFIGURATION mode.
Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::2 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::3 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::4 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::5 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff02::2 vlan3532 Exclude 00:01:47 ff0
Command Mode VLAN INTERFACE Usage Information When you enable MLD snooping globally, the configuration is applied to all the VLAN interfaces. You can disable the MLD snooping on specified VLAN interfaces. The no version of this command disables the MLD snooping on the specified VLAN interface. Example OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# no ipv6 mld snooping Supported Releases 10.4.1.0 or later ipv6 mld snooping enable Enables MLD snooping globally.
Default 1000 milliseconds Command Mode VLAN INTERFACE Usage Information The no version of this command resets the last member query interval time to the default value. Example OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# ipv6 mld snooping last-member-query-interval 2500 Supported Releases 10.4.1.0 or later ipv6 mld snooping mrouter Configures the specified VLAN member port as a multicast router interface.
Usage Information The no version of this command resets the query interval to the default value. Example OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# ipv6 mld snooping query-interval 120 Supported Releases 10.4.1.0 or later ipv6 mld query-max-resp-time Configures the maximum time for responding to a query advertised in MLD queries. Syntax ipv6 mld snooping query-max-resp-time query-response-time Parameters query-response-time—Enter the query response time in seconds, ranging from 1 to 25.
Usage Information None Example OS10# show ipv6 mld snooping groups Total Number of Groups: 280 MLD Connected Group Membership Group Address Interface Mode Expires ff02::2 vlan3531 Exclude 00:01:38 ff0e:225:1:: vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::1 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 ff0e:225:1::2 vlan3531 MLDv1-Compat 00:01:52 Member-ports :port-channel41,ethernet1/1/51,ethernet1/1/52 f
show ipv6 mld snooping groups detail Displays the MLD source information along with detailed member port information. Syntax show ipv6 mld snooping groups [vlan vlan-id] [group ipv6-address] detail Parameters • vlan-id—(Optional) Enter the VLAN ID, ranging from 1 to 4093. • ipv6-address—(Optional) Enter the IPv6 address of the multicast group.
Member Port port-channel31 ethernet1/1/51:1 ethernet1/1/52:1 --more-- Mode Include Include Include Uptime 2d:11:50:17 2d:11:50:36 2d:11:50:36 Expires 00:01:29 00:01:25 00:01:38 Example (with VLAN OS10# show ipv6 mld snooping groups vlan 3041 ff3e:232:b:: detail Interface vlan3041 and multicast IP Group ff3e:232:b:: address) Source List 2001:101:29::1b Member Port Mode Uptime Expires port-channel31 Include 2d:11:50:53 00:02:01 ethernet1/1/51:1 Include 2d:11:51:11 00:02:01 ethernet1/1/52:1 Include 2d:11:5
show ipv6 mld snooping mrouter Displays the details of multicast router ports. Syntax show ipv6 mld snooping mrouter [vlan vlan-id] Parameters vlan-id—(Optional) Enter the VLAN ID, ranging from 1 to 4093. Default Not configured Command Mode EXEC Usage Information None Example OS10# show ipv6 mld snooping mrouter vlan 11 Interface Router Ports Vlan 11 ethernet 1/1/32 Supported Releases 10.4.1.
Terminology Definition Outgoing interface (OIF) The OIF is the interface through which a multicast packet is sent out towards the receiver. Incoming interface (IIF) The IIF is the interface through which a multicast packet is received towards the source or the RP. Reverse path forwarding (RPF) The RPF is the path the router uses to reach the RP or the multicast source.
Advantages of PIM-SSM Advantages of PIM-SSM include the following: • PIM-SSM forwards multicast traffic from a single source to a subnet. Other versions of PIM requires the receiver to subscribe to a group. The receiver receives traffic not just from the source that it is interested in, but from all the sources that send to that group. PIM-SSM requires the receiver to specify the sources in which they are interested in to avoid receiving unnecessary traffic.
To configure a static RP: OS10# configure terminal OS10(config)# ip pim rp-address 171.1.1.1 group-address 225.1.1.3/32 Designated router Multiple PIM-SM routers can connect to a single local area network (LAN) segment. One of these routers is elected as the designated router (DR). The DR is elected using hello messages. Each PIM router learns about its neighbors by periodically sending a hello message out of each PIM-enabled interface.
Usage Information After you enable IP multicast, enable IGMP and PIM on an interface. To do this, use the ip pim sparse-mode command in INTERFACE mode. The no form of the command disables IP multicast forwarding. Example OS10# configure terminal OS10(config)# ip multicast-routing Supported Releases 10.4.3.0 or later ip pim dr-priority Changes the designated router (DR) priority for the interface. Syntax ip pim dr-priority priority-value Parameters priority-value—Enter a number from 0 to 4294967295.
ip pim rp-address Configures a static PIM RP address for a group. Syntax Parameters ip pim [vrf vrf-name] rp-address address {group-address group-address mask} • vrf vrf-name—Enter the keyword vrf, then the name of the VRF. • rp-address address—Enter the keyword address, then the RP address in dotted-decimal format (A.B.C.D). • group-address group-address mask—Enter the keyword group-address, then the groupaddress mask in dotted-decimal format (/xx) to assign the group address to the RP.
ip pim sparse-mode sg-expiry-timer Enables expiry timers globally for all sources. Syntax ip pim [vrf vrf-name] sparse-mode sg-expiry-timer seconds Parameters • vrf vrf-name—Enter the keyword vrf, then the name of the VRF. • seconds—Enter the number of seconds the S, G entries are retained. The range is from 211 to 65535 seconds. Default 210 seconds Command Mode CONFIGURATION Usage Information This command configures the expiry timers for all S, G entries.
Usage Information The show ip pim interface command displays the following: • Address—IP addresses of the IP PIM-enabled interfaces • Interface—Interface type with slot/port information or VLAN/Port Channel ID • Version/Mode—PIM version number and mode; v2 for PIM version 2 and S for PIM sparse mode • Nbr Count—Active neighbor count on the PIM-enabled interface • Query interval—Query interval for router query messages on that interface • DR priority—Designated router priority value configured on
Default None Command Mode EXEC Usage Information This command displays the following: • Neighbor address—IP addresses of the PIM neighbor • Interface—Interface type with slot/port information or VLAN/Port Channel ID of the PIM neighbor • Uptime/expires—Amount of time that the PIM neighbor has been up • Version—PIM version number; v2 for PIM version 2 • DR priority/Mode—Designated router priority value and mode.
show ip pim ssm-range Displays the non-default groups added using the SSM range feature. Syntax show ip pim [vrf vrf-name] ssm-range Parameters vrf vrf-name—Enter the keyword vrf, then the name of the VRF. Default None Command Mode EXEC Usage Information None Example OS10# show ip pim ssm-range Group Address / MaskLen 224.1.1.1 / 32 Supported Releases 10.4.3.0 or later show ip pim summary Displays information about PIM-SM operation.
0/0 pim-assert messages sent/received 404/110 register messages sent/received Supported Releases 10.4.3.0 or later show ip pim tib Displays the PIM tree information base (TIB). Syntax show ip pim [vrf vrf-name] tib [group-address [source-address]] Parameters • vrf vrf-name—Enter the keyword vrf, then the name of the VRF. • group-address—Enter the group address in dotted-decimal format (A.B.C.D). • source-address—Enter the source address in dotted-decimal format (A.B.C.D).
show ip rpf Displays reverse path forwarding (RPF) information. Syntax Parameters show ip rpf [vrf vrf-name] [source-address] [summary] • vrf vrf-name—Enter the keyword vrf, then the name of the VRF. • source-address—Enter the source address in dotted-decimal format (A.B.C.D). • summary—RPF summary. Default None Command Mode EXEC Usage Information Use static mroutes to control the reachability of the multicast sources.
Sample configuration in FHR node: FHR# configure terminal FHR(config)# FHR(config)# ip multicast-routing FHR(config)# interface ethernet 1/1/31 FHR(conf-if-eth1/1/31)# no switchport FHR(conf-if-eth1/1/31)# ip address 3.3.3.2/24 FHR(conf-if-eth1/1/31)# ip pim sparse-mode FHR(conf-if-eth1/1/31)# ip ospf 1 area 0 FHR(conf-if-eth1/1/31)# exit FHR(config)# FHR(config)# interface ethernet 1/1/17 FHR(conf-if-eth1/1/17)# FHR(conf-if-eth1/1/17)# no switchport FHR(conf-if-eth1/1/17)# ip address 2.2.2.
The show ip pim rp mapping command displays the multicast groups to RP mapping and information about how RP is learned. FHR# show ip pim rp mapping Group(s) : 224.0.0.0/4, Static RP : 192.168.1.25, v2 Sample configuration in RP node: RP# configure terminal RP(config)# ip multicast-routing RP(config)# interface ethernet 1/1/31 RP(conf-if-eth1/1/31)# no switchport RP(conf-if-eth1/1/31)# ip address 3.3.3.
LHR(conf-if-eth1/1/29)# exit LHR(config)# LHR(config)# ip pim rp-address 192.168.1.25 group-address 224.0.0.0/4 LHR(config)# end LHR(config)# interface vlan 2001 LHR(conf-if-vl-2001)# no shutdown LHR(conf-if-vl-2001)# ip address 15.1.1.
The show ip pim mcache command output displays multicast route entries. FHR# show ip pim mcache PIM Multicast Routing Cache Table (22.1.1.10,224.1.1.
(22.1.1.10,224.1.1.1) Incoming interface : ethernet1/1/17 Outgoing interface list : vlan2001 PIM-SSM sample configuration This section describes how to enable PIM-SSM using the topology show in the following illustration.
R1(conf-if-lo-0)# R1(conf-if-lo-0)# R1(conf-if-lo-0)# R1(conf-if-lo-0)# ip address 2.2.2.
R2(config)# interface port-channel 11 R2(conf-if-po-11)# no switchport R2(conf-if-po-11)# interface port-channel 11 R2(conf-if-po-11)# ip vrf forwarding red R2(conf-if-po-11)# ip address 193.1.1.2/24 R2(conf-if-po-11)# ip pim sparse-mode R2(conf-if-po-11)# no shutdown R2(conf-if-po-11)# end R2# configure terminal R2(config)# interface Lo0 R2(conf-if-lo-0)# ip vrf forwarding red R2(conf-if-lo-0)# ip address 4.4.4.
Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (201.1.1.1, 224.1.1.1), uptime 00:19:42, expires 00:00:47, flags: T Incoming interface: ethernet1/1/7, RPF neighbor 0.0.0.0 Outgoing interface list: port-channel11 Forward/Sparse 00:00:37/00:02:52 The show ip pim vrf red mcache command output displays multicast route entries. R1# show ip pim vrf red mcache PIM Multicast Routing Cache Table (201.1.1.1, 224.1.1.
Multicast VRF sample configuration This section describes how to configure IPv4 multicast in a non-default VRF instance using the topology shown in the following illustration. Perform the following configuration on each of the nodes, R1, R2, R3, and R4.
R1(conf-if-po-11)# ip vrf forwarding red R1(conf-if-po-11)# end R1# configure terminal R1(config)# interface ethernet 1/1/6 R1(conf-if-eth1/1/6)# no ip vrf forwarding R1(conf-if-eth1/1/6)# no switchport R1(conf-if-eth1/1/6)# channel-group 11 R1(conf-if-eth1/1/6)# end R1# configure terminal R1(config)# interface ethernet 1/1/7 R1(conf-if-eth1/1/7)# no switchport R1(conf-if-eth1/1/7)# interface ethernet 1/1/7 R1(conf-if-eth1/1/7)# ip vrf forwarding red R1(conf-if-eth1/1/7)# ip address 201.1.1.
R1# configure terminal R1(config)# ip pim vrf red rp-address 182.190.168.224 group-address 224.0.0.
Sample configuration on R3: R3# configure terminal R3(config)# ip vrf red R3(conf-vrf)# end R3# configure terminal R3(config)# interface vlan 1001 R3(conf-if-vl-1001)# ip vrf forwarding red R3(conf-if-vl-1001)# end R3# configure terminal R3(config)# interface ethernet 1/1/12 R3(conf-if-eth1/1/12)# no ip vrf forwarding R3(conf-if-eth1/1/12)# switchport mode trunk R3(conf-if-eth1/1/12)# switchport trunk allowed vlan 1001 R3(conf-if-eth1/1/12)# end R3# configure terminal R3(config)# interface port-channel 12 R
R3(config)# router ospf 100 vrf red R3(config-router-ospf-100)# interface Lo1 R3(conf-if-lo-1)# ip ospf 100 area 0 R3(conf-if-lo-1)# end R3# configure terminal R3(config)# ip multicast-routing vrf red R3(config)# end R3# configure terminal R3(config)# interface Lo1 R3(conf-if-lo-1)# ip vrf forwarding red R3(conf-if-lo-1)# ip address 182.190.168.224/32 R3(conf-if-lo-1)# ip pim sparse-mode R3(conf-if-lo-1)# no shutdown R3(conf-if-lo-1)# end R3# configure terminal R3(config)# ip pim vrf red rp-address 182.190.
R4(conf-if-vl-2001)# no shutdown R4(conf-if-vl-2001)# end R4# configure terminal R4(config)# interface port-channel 11 R4(conf-if-po-11)# no switchport R4(conf-if-po-11)# interface port-channel 11 R4(conf-if-po-11)# ip vrf forwarding red R4(conf-if-po-11)# ip address 193.1.1.
191.1.1.2 193.1.1.2 ethernet1/1/9 port-channel11 02:13:21/00:01:25 v2 02:15:29/00:01:22 v2 1/ DR S 1/ DR S R1# show ip pim vrf red tib PIM Multicast Routing Table Flags: S - Sparse, C - Connected, L - Local, P - Pruned, R - RP-bit set, F - Register Flag, T - SPT-bit set, J - Join SPT, K - Ack-Pending state Timers: Uptime/Expires Interface state: Interface, next-Hop, State/Mode (201.1.1.1, 224.1.1.1), uptime 00:00:33, expires 00:02:56, flags: FT Incoming interface: ethernet1/1/7, RPF neighbor 0.0.0.
RPF route/mask: 0.0.0.0/0.0.0.0 RPF type: Unicast R3# show ip pim vrf red rp mapping Group(s) : 224.0.0.0/4, Static RP : 182.190.168.224, v2 R3# show ip pim vrf red rp Group RP --------------------------------224.1.1.1 182.190.168.224 R3# show ip pim vrf red rp Group RP --------------------------------224.1.1.1 182.190.168.
224.1.1.1 00:02:07 208.1.1.1 vlan2001 IGMPv2-Compat 00:00:18 R4# show ip rpf vrf red RPF information for 182.190.168.224 RPF interface: port-channel12 RPF neighbor: 194.1.1.1 RPF route/mask: 182.190.168.224/255.255.255.
0/0 pim-assert messages sent/received 0/0 register messages sent/received Multicast support on VLT OS10 supports multicast in a VLT domain in active-standby mode. In a VLT domain that is in active-standby mode, the designated router (DR) routes multicast traffic (Layer 3) and the other peer VLT node switches (Layer 2) incoming multicast traffic over VLTi links. In last hop router (LHR), the DR is responsible for triggering upstream PIM joins, but the traffic from RP can reach any one of the VLT peers.
Traffic flow: 1 R4: Traffic from source is switched to VLT LAG, through VLAN 2 11, and arrives at R2 which is the designated router (DR). 3 R2: a The (S, G) entry is created. b Traffic is routed to VLAN 12, VLAN 13, and VLAN 14 for receivers R12, R13, and R14. c Traffic is routed to ICL through VLAN 13, and switched to ICL through VLAN 11. R1: Traffic floods on VLAN 13.
Traffic flow: 1 R4: Traffic from source is switched to VLT LAG towards the non-designated router (R1). 2 R1: Traffic is switched to ICL through VLAN 11. 3 R2: 4 Traffic floods on VLAN 13. a The (S, G) entry is created. b Traffic is routed to VLAN 12, VLAN 13, and VLAN 14. c Traffic is routed to ICL through VLAN 13. Source connected to RP In the following illustration, the source is connected to the rendezvous point (RP).
Traffic flow: 1 R3: Traffic from source is routed to R2. 3 Traffic floods on VLAN 13. VLT LAG down on one side In the following illustration, VLT LAG is down on one side. 676 Multicast 2 R2: a The (S1, G) entry is created. b Traffic is routed to VLAN 11, VLAN 13, and VLAN 14. c Traffic is routed to ICL through VLAN 11 as well as VLAN 13.
Traffic flow: 1 3 R3: Traffic from source is routed to R2. 2 R2: a The (S1, G) entry is created. b Traffic is routed to VLAN 11, VLAN 13, and VLAN 14. c Traffic is routed to ICL through VLAN 11 as well as VLAN 13. Traffic floods on VLAN 13. Source on spanned non-VLT VLAN In the following illustration, the source is connected to a router in a spanned non-VLT VLAN.
Traffic flow: 1 R1: Traffic floods to ICL through VLAN 13. 678 Multicast 2 R2: a The (S1, G) entry is created. b Traffic is routed to VLAN 11, VLAN 12, and VLAN 14. c Traffic is routed to ICL through VLAN 11.
8 VXLAN A virtual extensible LAN (VXLAN) extends Layer 2 (L2) server connectivity over an underlying Layer 3 (L3) transport network in a virtualized data center. A virtualized data center consists of virtual machines (VMs) in a multi-tenant environment. OS10 supports VXLAN as described in RFC 7348. VXLAN provides a L2 overlay mechanism on an existing L3 network by encapsulating the L2 frames in L3 packets.
Virtual extensible LAN (VXLAN) A type of network virtualization overlay that encapsulates a tenant payload into IP UDP packets for transport across the IP underlay network. VXLAN network identifier (VNI) A 24-bit ID number that identifies a tenant segment and transmits in a VXLAN-encapsulated packet. VXLAN tunnel endpoint (VTEP) A switch with connected end hosts that are assigned to virtual networks. The virtual networks map to VXLAN segments.
VXLAN is a type of encapsulation used as an NVO solution. VXLAN encapsulates a tenant payload into IP UDP packets for transport across the IP underlay network. In OS10, each virtual network is assigned a 24-bit number that is called a VXLAN network identifier (VNI) that the VXLAN-encapsulated packet carries. The VNI uniquely identifies the tenant segment on all VTEPs. OS10 sets up ASIC tables to: • Enables creation of a L2 bridge flooding domain across a L3 network.
Configure a VXLAN virtual network To create a VXLAN, assign a VXLAN segment ID (VNI) to a virtual network ID (VNID) and configure a remote VTEP. A unique 2-byte VNID identifies a virtual network. You cannot assign the same VXLAN VNI to more than one virtual network. Manually configure VXLAN tunnel endpoints in a static VXLAN or use BGP EVPN to automatically discover the VXLAN tunnel endpoints. 1 Create a virtual-network bridge domain in CONFIGURATION mode. Valid VNID numbers are from 1 to 65535.
a Configure interfaces as trunk members in Interface mode. interface ethernet node/slot/port[:subport] switchport mode trunk exit b Assign a trunk member interface as a Port,VLAN ID pair to the virtual network in VIRTUAL-NETWORK mode. All traffic sent and received for the virtual network on the interface carries the VLAN tag. Multiple tenants connected to different switch interfaces can have the same vlan-tag VLAN ID.
Enable overlay routing between virtual networks The previous sections described how a VTEP switches traffic between hosts within the same L2 tenant segment, the virtual network, and transports traffic over an IP underlay fabric. This section describes how a VTEP enables hosts in different L2 segments belonging to the same tenant VRF communicate with each other. NOTE: On the S4248-ON switch, IPv6 overlay routing between virtual networks is not supported with static VXLAN.
Configuration notes for virtual-network routing: • VXLAN overlay routing includes routing tenant traffic on the ingress VTEP and bridging the traffic on the egress VTEP. The ingress VTEP learns ARP entries and associates all destination IP addresses of tenant VMs with the corresponding VM MAC addresses in the overlay. On the ingress VTEP, configure a virtual network for each destination IP subnet even if there are no locally attached hosts for an IP subnet.
Table 21. IP address on the virtual-network interface on each VTEP Virtual network VTEP Virtual-network IP address Anycast gateway IP address VNID 11 VTEP 1 10.10.1.201 10.10.1.254 VTEP 2 10.10.1.202 10.10.1.254 VTEP 3 10.10.1.203 10.10.1.254 VTEP 1 10.20.1.201 10.20.1.254 VTEP 2 10.20.1.202 10.20.1.254 VTEP 3 10.20.1.203 10.20.1.254 VTEP 1 10.30.1.201 10.30.1.254 VTEP 2 10.30.1.202 10.30.1.254 VTEP 3 10.30.1.203 10.30.1.
Configure the same VLTi VLAN ID on both VLT peers. You cannot use the ID of an existing VLAN on a VLT peer or the reserved untagged VLAN ID. You can use the VLTi VLAN ID to assign tagged or untagged access interfaces to a virtual network. virtual-network vn-id vlti-vlan vlan-id • Although a VXLAN virtual network has no access port members that connect to downstream servers, you must configure a switchscoped VLAN or VLTi VLAN.
OS10 Switch Overlay nexthop entries Underlay nexthop entries Overlay L3 RIF entries Underlay L3 RIF entries scaled-overlay-routing 40960 8192 8192 10240 S52xx-ON series: default-overlay-routing — — — — 8192 57344 2048 14336 0 65536 0 16384 32768 32768 8192 8192 53248 12288 12288 4096 — 20480 — — — 110592 4096 28672 disable-overlay-routing balanced-overlay-routing scaled-overlay-routing S4248-ON: default-overlay-routing NOTE: The S4248-ON switch supports only one defaul
that acts as a DHCP relay must have its virtual-network IP address installed using a route leaking mechanism as a route to the underlay and advertised to all underlay routers, including the spine switches. Similarly, the DHCP server in the underlay VRF must be reachable from the client tenant VRF in the overlay. Configure a static route for the DHCP server subnet in the underlay default VRF, and leak the static route to the client tenant VRF in the overlay.
View the VXLAN virtual-network statistics OS10# show virtual-network counters Virtual-Network Input (Packets/Bytes) 1000 857/8570 2000 457/3570 Output (Packets/Bytes) 257/23709 277/13709 OS10# show virtual-network counters interface 1/1/3 vlan 100 Virtual-Network Input (Packets/Bytes) Output (Packets/Bytes) 1000 857/8570 257/23709 2000 457/3570 277/13709 NOTE: Using flex counters, OS10 may display additional packets in the Output field number, but the additional packets do not transmit.
O - OSPF, IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, * - candidate default, + - summary route, > - non-active route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change ------------------------------------------------------------------------C 100.1.0.0/16 via 100.1.1.4 virtual-network60000 0/0 00:36:24 C 100.33.0.0/16 via 100.33.1.4 virtual-network60032 0/0 00:36:23 C 100.65.0.
Command Description interface ethernet node/slot/port:subport: Displays only MAC addresses learned on the specified interface. interface port-channel number: Displays only MAC addresses learned on the specified port channel. show mac address-table extended [address macaddress | interface {ethernet node/slot/ port:subport | port-channel number} | static | dynamic] Displays MAC addresses learned on all VLANs and VXLANs (default).
Command Description show mac address-table count extended [interface ethernet node/slot/port:subport | port-channel number]} Displays the number of MAC addresses learned on all VLANs and VXLAN virtual networks. interface ethernet node/slot/port:subport: Displays the number of MAC addresses learned from VLANs and VXLANs on the specified interface. port-channel number: Displays the number of MAC addresses learned from VLANs and VXLANs on the specified port channel. Clear VXLAN MAC addresses Table 24.
disableoverlayrouting Default • S4100-ON series: 24576 entries • S5200-ON series switches: 53248 entries Allocate 0 next-hop entries for overlay routing and all next-hop entries for underlay routing. S4048T-ON and S6010-ON switches reserve 8192 ARP table entries. S4100-ON series switches reserve 4096 ARP table entries. S5200-ON series switches reserve 8192 ARP table entries.
ip virtual-router address Configures an anycast gateway IP address for a VXLAN virtual network. Syntax Parameters ip virtual-router address ip-address address ipaddress Enter the IP address of the anycast L3 gateway. Default Not configured Command mode INTERFACE-VIRTUAL-NETWORK Usage information Configure the same anycast gateway IP address on all VTEPs in a VXLAN virtual network.
Parameters ethernet node/ slot/ port[:subport] Assign the specified interface to a virtual network. port-channel number Assign the specified port channel to a virtual network. untagged Assign untagged traffic on an interface or port channel to a virtual network. vlan-tag vlanid Assign tagged traffic on the specified VLAN to a virtual network.
Usage information After you configure the remote VTEP, the VXLAN virtual network is enabled to start sending server traffic. You can configure multiple remote VTEPs. All broadcast, multicast, and unknown unicast (BUM) traffic received on an access interface is replicated on remote VTEPs. The no version of this command removes the configured value. Example OS10(config-vn-vxlan-vni)# remote-vtep 20.20.20.1 OS10(config-vn-vxlan-vni-remote-vtep)# exit OS10(config-vn-vxlan-vni)# remote-vtep 30.20.20.
Usage information Use this command to display the virtual-network IP address used for routing traffic in a virtual network. Traffic counters also display. Example show interface virtual-network 102 Virtual-network 102 is up, line protocol is up Address is 14:18:77:25:6f:84, Current address is 14:18:77:25:6f:84 Interface index is 66 Internet address is 12.12.12.
show nve remote-vtep counters Displays VXLAN packet statistics for a remote VTEP. Syntax Parameters show nve remote-vtep [ip-address] counters • ip-address — Enter IP address of a remote VTEP. Default Not configured Command mode EXEC Usage information Use this command to display input and output statistics for VXLAN traffic on a remote VTEP. A VTEP is identified by its IP address. Use the clear nve remote-vtep [ip-address] counters command to clear VXLAN packet statistics.
Parameters vn-id Enter a virtual-network ID, from 1 to 65535. Default Not configured Command mode EXEC Usage information Use this command to display the VNID, port members, source interface, and remote tunnel endpoints of a VXLAN virtual network.
slot/ port[:subport] interface port-channel number Enter a port-channel number, from 1 to 128. vlan vlan-id (Optional) Enter a VLAN ID, from 1 to 4093. Default Not configured Command mode EXEC Usage information Use this command to monitor the packet throughput on a port interface that is a member of a VXLAN virtual network. Assign a VLAN member interface to only one virtual network.
show virtual-network vlan Displays the VXLAN virtual networks where a VLAN is assigned. Syntax show virtual-network vlan vlan-id Parameters vlan vlan-id Enter a VLAN ID, from 1 to 4093. Default Not configured Command mode EXEC Usage information Use this command to verify the VXLAN virtual networks where a VLAN is assigned, including the port members connected to downstream servers.
Parameters loopback number Enter the Loopback interface used as the source interface of a VXLAN virtual tunnel, from 0 to 16383. Default Not configured Command mode NVE-INSTANCE Usage information The IP address of the Loopback interface serves as the source IP address in encapsulated packets transmitted from the switch as an NVE VTEP. • The Loopback interface must have an IP address configured. The Loopback IP address must be reachable from the remote VTEP.
Usage information The untagged VLAN ID is used internally for all untagged member interfaces that belong to virtual networks. You cannot use the reserved untagged VLAN ID for a simple VLAN bridge or for tagged traffic on member interfaces of virtual networks. The no version of this command removes the configured value. Example OS10(config)# virtual-network untagged-vlan 10 Supported releases 10.4.2.0 or later vxlan-vni Assigns a VXLAN ID to a virtual network.
clear mac address-table dynamic virtual-network Clears MAC addresses learned on all or a specified VXLAN virtual network. Syntax Parameters clear mac address-table dynamic virtual-network [interface {ethernet node/slot/ port:subport | port-channel number} | local | vn-id [address mac-address | local]] interface ethernet node/ slot/ port[:subport] Clear all MAC addresses learned on the specified interface. interface port-channel number Clear all MAC addresses learned on the specified port channel.
interface port-channel number Display the number of MAC addresses learned on all VLANs and VXLANs on the specified port channel. Default Not configured Command mode EXEC Usage information Use this command to display the number of MAC address entries learned on all VLANs and VXLAN virtual networks. Example OS10# show mac address-table count extended MAC Entries for all vlans : Dynamic Address Count : 10 Static Address (User-defined) Count : 2 Total MAC Addresses in Use: 12 Supported releases 10.4.
show mac address-table count virtual-network Displays the number of MAC addresses learned on virtual networks. Syntax Parameters show mac address-table count virtual-network [dynamic | local | remote | static | interface {ethernet node/slot/port:subport | port-channel number} | vn-id] dynamic Display the number of local dynamically-learned MAC addresses. local Display the number of local MAC addresses. remote Display the number of MAC addresses learned from remote VTEPs.
interface port-channel number Display only MAC addresses learned on the specified port channel. static Display only static MAC addresses. dynamic Display only dynamic MAC addresses. Default Not configured Command mode EXEC Usage information By default, MAC learning from a remote VTEP is enabled. Use this command to verify the MAC addresses learned both on VXLAN virtual networks and VLANs on the switch.
OS10# show mac address-table nve vxlan-vni 9999 Virtual-Network VNI MAC Address Type Remote-VTEP --------------------------------------------------------------10000 9999 00:00:00:00:00:77 dynamic VxLAN(32.1.1.1) Supported releases 10.4.2.0 or later show mac address-table virtual-network Displays the MAC addresses learned on all or a specified virtual network.
Example: VXLAN with static VTEP This example uses a typical Clos leaf-spine topology with static VXLAN tunnel endpoints (VTEPs) in VLT dual-homing domains. The individual switch configuration shows how to set up an end-to-end VXLAN. The underlay IP network routes advertise using OSPF. • On VTEPs 1 and 2, access ports are assigned to the virtual network using a switch-scoped VLAN configuration. • On VTEPs 3 and 4, access ports are assigned to the virtual network using a port-scoped VLAN configuration.
VTEP 1 Leaf Switch 1. Configure the underlay OSPF protocol Do not configure the same IP address for the router ID and the source loopback interface in Step 2. OS10(config)# router ospf 1 OS10(config-router-ospf-1)# router-id 172.16.0.1 OS10(config-router-ospf-1)# exit 2. Configure a Loopback interface OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.1.1/32 OS10(conf-if-lo-0)# ip ospf 1 area 0.0.0.0 OS10(conf-if-lo-0)# exit 3.
OS10(config)# interface port-channel20 OS10(conf-if-po-20)# no shutdown OS10(conf-if-po-20)# switchport access vlan 200 OS10(conf-if-po-20)# exit OS10(config)# interface OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# ethernet1/1/6 no shutdown channel-group 20 mode active no switchport exit 7.
Configure UFD with uplink VLT ports and downlink network ports OS10(config)# uplink-state-group OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# 1 enable downstream ethernet1/1/1-1/1/2 upstream port-channel10 upstream port-channel20 exit 9.
OS10(config-vn-vxlan-vni)# remote-vtep OS10(config-vn-vxlan-vni-remote-vtep)# OS10(config-vn-vxlan-vni)# exit OS10(config-vn-10000)# exit OS10(config)# virtual-network 20000 OS10(config-vn-20000)# vxlan-vni 20000 OS10(config-vn-vxlan-vni)# remote-vtep OS10(config-vn-vxlan-vni-remote-vtep)# OS10(config-vn-vxlan-vni)# exit OS10(config-vn-20000)# exit 192.168.2.1 exit 192.168.2.1 exit 5.
Configure a dedicated L3 underlay path to reach the VLT Peer in case of network failure OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.2/30 OS10(config-if-vl-4000)# ip ospf 1 area 0.0.0.
OS10(config-if-vn-20000)# OS10(config-if-vn-20000)# OS10(config-if-vn-20000)# OS10(config-if-vn-20000)# ip address 10.2.0.232/16 ip virtual-router address 10.2.0.100 no shutdown exit VTEP 3 Leaf Switch 1. Configure the underlay OSPF protocol Do not configure the same IP address for the router ID and the source loopback interface in Step 2. OS10(config)# router ospf 1 OS10(config-router-ospf-1)# router-id 172.18.0.1 OS10(config-router-ospf-1)# exit 2.
OS10(conf-if-po-20)# exit OS10(config)# interface OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# OS10(conf-if-eth1/1/6)# ethernet1/1/6 no shutdown channel-group 20 mode active no switchport exit 7.
Configure VLTi member links OS10(config)# interface OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# ethernet1/1/3 no shutdown no switchport exit OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# ethernet1/1/4 no shutdown no switchport exit Configure a VLT domain OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.150.
2. Configure a Loopback interface OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.2.1/32 OS10(conf-if-lo-0)# ip ospf 1 area 0.0.0.0 OS10(conf-if-lo-0)# exit 3. Configure the Loopback interface as the VXLAN source tunnel interface OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 4.
8. Configure upstream network-facing ports OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# ethernet1/1/1 no shutdown no switchport mtu 1650 ip address 172.19.1.0/31 ip ospf 1 area 0.0.0.
Configure UFD with uplink VLT ports and downlink network ports OS10(config)# uplink-state-group OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# 1 enable downstream ethernet1/1/1-1/1/2 upstream port-channel10 upstream port-channel20 exit 10.
OS10(conf-if-eth1/1/4)# ip ospf 1 area 0.0.0.0 OS10(conf-if-eth1/1/4)# exit 2. Configure the underlay OSPF protocol OS10(config)# router ospf 1 OS10(config-router-ospf-1)# router-id 172.200.0.1 OS10(config-router-ospf-1)# exit Spine Switch 2 1. Configure downstream ports on underlay links to leaf switches OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# ethernet1/1/1 no shutdown no switchport ip address 172.16.
Benefits of a BGP EVPN-based VXLAN • Eliminates the flood-and-learn method of VTEP discovery by enabling control-plane learning of end-host L2 and L3 reachability information. • Minimizes network flooding of unknown unicast and broadcast traffic through EVPN-based MAC and IP route advertisements on local VTEPs. • Provides support for host mobility.
Figure 10. BGP EVPN topology Leaf nodes Leaf nodes are typically top-of-rack (ToR) switches in a data center network. They act as the VXLAN tunnel endpoints and perform VXLAN encapsulation and decapsulation. Leaf nodes also participate in the MP-BGP EVPN to support control plane and data plane functions. Control plane functions include: • • • Initiate and maintain route adjacencies using any routing protocol in the underlay network. Advertise locally learned routes to all MP-BGP EVPN peers.
Control plane functions include: • Initiate BGP peering with all neighbor leaf nodes. • Advertise BGP routes to all BGP peers. • Initiate and maintain routing adjacencies with all leaf and spine nodes in the underlay network. Data plane functions include: • Perform only underlay route processing based on the outer header in VXLAN encapsulated packets. • Does not perform VXLAN encapsulation or decapsulation.
– Type: 1 – D-ID: 0 – Service-ID: VNI • For a 4-byte ASN, OS10 can auto-configure RTs for both 2-byte and 4-byte ASNs. The RT type is set to 0202 (Type 2 in RFC 4364). The RT value is encoded in the format: 4-octet-ASN: 2-octet-number, where the 2-octet-number field contains the EVI ID. In auto-EVI mode, the EVI ID is the same as the virtual network ID (VNID). Therefore, in 4-byte ASN deployment, OS10 supports RT autoconfiguration if the VNID-to-VNI mapping is the same on all VTEPs.
i Return to ROUTER-BGP mode. exit For each BGP peer session in the overlay network: a Configure the BGP peer using its Loopback IP address on the VTEP in ROUTER-BGP mode. neighbor loopback-ip-address b Assign the BGP neighbor Loopback address to the autonomous system in ROUTER-BGP-NEIGHBOR mode. The neighbor Loopback IP address is the source interface on the remote VTEP.
2 • Enable auto-EVI creation for overlay virtual networks in EVPN mode. Auto-EVI creation is supported only if BGP EVPN is used with 2-byte AS numbers and if at least one BGP instance is enabled with the EVPN address family. No further manual configuration is allowed in auto-EVI mode. auto-evi Manual EVI configuration mode 1 Enable the EVPN control plane in CONFIGURATION mode. evpn 2 Manually create an EVPN instance in EVPN mode. The range is from 1 to 65535.
304 keepalives, 0 route refresh requests Sent 307 messages 4 opens, 0 notifications, 2 updates 301 keepalives, 0 route refresh requests Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Capabilities received from neighbor for IPv4 Unicast: MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) 4_OCTET_AS(65) MP_L2VPN_EVPN Capabilities advertised to neighbor for IPv4 Unicast: MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) 4_OCTET_AS(
associated with EVIs belonging to the same tenant on a VTEP. IETF draft draft-ietf-bess-evpn-inter-subnet-forwarding-05 describes EVPN inter-subnet forwarding, Integrated Routing and Bridging (IRB), and how to use EVPN with IP routing between L2 tenant domains.
kept operationally down at bootup to allow the dataplane to set up and forward traffic, resulting in minimal traffic loss as the VLT peer node boots up and joins the VLT domain. For a sample BGP EVPN VLT configuration, see Example: VXLAN with BGP EVPN. Figure 11.
activate (l2vpn evpn) Enables the exchange of L2 VPN EVPN address family information with a BGP neighbor or peer group. Syntax activate Parameters None Default Not configured Command Mode ROUTER-BGP-NEIGHBOR-AF Usage Information Use this command to exchange L2 VPN EVPN address information for VXLAN host-based routing with a BGP neighbor. The IPv4 unicast address family is enabled by default. Use the no version of this command to disable an address family with a neighbor.
Example (IPv4) OS10(config-router-neighbor)# address-family ipv4 unicast OS10(conf-router-bgp-neighbor-af)# allowas-in 5 Example (IPv6) OS10(conf-router-template)# address-family ipv6 unicast OS10(conf-router-bgp-template-af)# allowas-in 5 Supported Releases 10.3.0E or later sender-side-loop-detection Enables the sender-side loop detection process for a BGP neighbor.
Network Next Hop Weight Path *>r Route distinguisher: 110.111.170.102:65447 [3]:[0]:[32]:[110.111.170.102]/152 110.111.170.102 32768 ? *> Route distinguisher: 110.111.170.107:64536 [3]:[0]:[32]:[110.111.170.107]/152 110.111.170.107 0 100 101 ? OS10# show BGP router Neighbor 3.3.3.3 4.4.4.4 5.5.5.5 6.6.6.6 Metric LocPrf 0 100 0 100 ip bgp l2vpn evpn summary identifier 2.2.2.
auto-evi Creates an EVPN instance automatically, including Route Distinguisher (RD) and Route Target (RT) values. Syntax auto-evi Parameters None Default Not configured Command mode EVPN Usage information In deployments running BGP with 2-byte or 4-byte autonomous systems, auto-EVI automatically creates EVPN instances when you create a virtual network on a VTEP in the overlay network.
evpn Enables the EVPN control plane for VXLAN. Syntax evpn Parameters None Default Not configured Command mode CONFIGURATION Usage information Enabling EVPN triggers BGP to advertise EVPN capability with AFI=25 and SAFI=70 to all BGP peers in an autonomous system. The no version of this command disables EVPN on the switch. Example OS10(config)# evpn OS10(config-evpn)# Supported releases 10.4.2.0 or later rd Configures the Route Distinguisher (RD) value EVPN routes use. Syntax rd {A.B.C.
• The 4-octet ASN or number is 1 to 4294967295. auto Configure the RT import and export values to automatically generate. asn4 (Optional) Advertises a 4-byte AS number in RT values. Default Not configured Command mode EVPN-EVI Usage information A RT determines how EVPN routes distribute among EVPN instances. Configure each RT with an import and export value. When the EVPN routes advertise, the RT export value configured for export attaches to each route.
show evpn mac Displays BGP EVPN routes for host MAC addresses. Syntax show evpn mac {count | mac-address nn.nn.nn.nn | evi id [mac-address nn.nn.nn.nn | count | next-hop ip-address count]} Parameters • count — Displays the total number of local and remote host MAC addresses in EVPN instances. • mac-address nn.nn.nn.nn — Displays the BGP EVPN routes for a specific 48-bit host MAC address. • evi id — Displays the host MAC addresses and next hops in a specified EVPN instance, from 1 to 65535.
• next-hop ip-address — Enter the IP address of a next-hop switch. Default Not configured Command mode EXEC Usage information Use this command to view the MAC-IP address binding for host communication in VXLAN tenant segments.
Supported releases 10.4.3.0 or later show evpn vrf Displays the VRF instances used to forward EVPN routes in VXLAN overlay networks. Syntax show evpn vrf [vrf-name] Parameters vrf-name — (Optional) Enter the name of a non-default tenant VRF instance. Default Not configured Command mode EXEC Usage information Use this command to verify the tenant VRF instances used in EVPN instances to exchange BGP EVPN routes in VXLANs.
Default Not configured Command mode EVPN-EVI Usage information Use this command in EVPN-EVI mode to configure an EVPN instance with RD and RT values to an overlay VXLAN virtual network. Example OS10(config)# evpn OS10(config-evpn)# evi 10 OS10(config-evpn-evi)# vni 10000 Supported releases 10.4.2.0 or later Example: VXLAN with BGP EVPN The following VXLAN with BGP EVPN example uses a Clos leaf-spine topology with VXLAN tunnel endpoints (VTEPs).
Figure 12. VXLAN BGP EVPN use case VTEP 1 Leaf Switch 1. Configure a Loopback interface for the VXLAN underlay using same IP address as the VLT peer OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.1.
2. Configure the Loopback interface as the VXLAN source tunnel interface OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 3. Configure VXLAN virtual networks OS10(config)# virtual-network 10000 OS10(config-vn)# vxlan-vni 10000 OS10(config-vn-vxlan-vni-10000)# exit OS10(config-vn)# exit OS10(config)# virtual-network 20000 OS10(config-vn)# vxlan-vni 20000 OS10(config-vn-vxlan-vni-20000)# exit OS10(config-vn)# exit 4.
OS10(conf-if-eth1/1/1)# mtu 1650 OS10(conf-if-eth1/1/2)# ip address 172.16.2.0/31 OS10(conf-if-eth1/1/2)# exit 7. Configure eBGP OS10(config)# router bgp 100 OS10(config-router-bgp-100)# address-family ipv4 unicast OS10(configure-router-bgpv4-af)# redistribute connected OS10(configure-router-bgpv4-af)# exit 8. Configure eBGP for the IPv4 point-to-point peering OS10(config-router-bgp-100)# neighbor 172.16.1.
OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 11. Configure EVPN Configure the EVPN instance, RD, and RT using auto-EVI mode: OS10(config)# evpn OS10(config-evpn)# auto-evi OS10(config-evpn)# exit 12. Configure VLT Configure a dedicated L3 underlay path to reach the VLT Peer in case of a network failure OS10(config)# interface vlan4000 OS10(config-if-vl-4000)# no shutdown OS10(config-if-vl-4000)# ip address 172.16.250.0/30 OS10(config-if-vl-4000)# ip 1 area 0.0.0.
13. Configure IP switching in the overlay network Create a tenant VRF OS10(config)# ip vrf tenant1 OS10(conf-vrf)# exit Configure an anycast gateway MAC address OS10(config)# ip virtual-router mac-address 00:01:01:01:01:01 Configure routing on the virtual networks OS10(config)# interface OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# OS10(conf-if-vn-10000)# virtual-network10000 ip vrf forwarding tenant1 ip address 10.1.0.231/16 ip virtual-router address 10.
5.
9. Configure a Loopback interface for BGP EVPN peering different from VLT peer IP address OS10(config)# interface loopback1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 172.17.0.1/32 OS10(conf-if-lo-1)# exit 10. Configure BGP EVPN peering OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 172.201.0.
Configure VLTi member links OOS10(config)# interface ethernet1/1/3 OS10(conf-if-eth1/1/3)# no shutdown OS10(conf-if-eth1/1/3)# no switchport OS10(conf-if-eth1/1/3)# exit OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# ethernet1/1/4 no shutdown no switchport exit Configure the VLT domain OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.150.
VTEP 3 Leaf Switch 1. Configure a Loopback interface for the VXLAN underlay using same IP address as the VLT peer OS10(config)# interface loopback0 OS10(conf-if-lo-0)# no shutdown OS10(conf-if-lo-0)# ip address 192.168.2.1/32 OS10(conf-if-lo-0)# exit 2. Configure the Loopback interface as the VXLAN source tunnel interface OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 3.
7. Configure upstream network-facing ports OS10(config)# interface OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/1)# ethernet1/1/1 no shutdown no switchport mtu 1650 ip address 172.18.1.0/31 exit OS10(config)# interface OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/2)# OS10(conf-if-eth1/1/2)# ethernet1/1/2 no shutdown no switchport mtu 1650 ip address 172.18.2.0/31 exit 8.
OS10(config-router-neighbor)# remote-as 101 OS10(config-router-neighbor)# ebgp-multihop 4 OS10(config-router-neighbor)# send-community extended OS10(config-router-neighbor)# update-source loopback1 OS10(config-router-neighbor)# no shutdown OS10(config-router-neighbor)# address-family ipv4 unicast OS10(config-router-neighbor-af)# no activate OS10(config-router-neighbor-af)# exit OS10(config-router-neighbor)# address-family l2vpn evpn OS10(config-router-neighbor-af)# activate OS10(config-router-neighbor-af)#
OS10(conf-if-eth1/1/4)# no switchport OS10(conf-if-eth1/1/4)# exit Configure the VLT domain OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# backup destination 10.16.150.
2. Configure the Loopback interface as the VXLAN source tunnel interface OS10(config)# nve OS10(config-nve)# source-interface loopback0 OS10(config-nve)# exit 3. Configure the VXLAN virtual networks OS10(config)# virtual-network 10000 OS10(config-vn)# vxlan-vni 10000 OS10(config-vn-vxlan-vni-10000)# exit OS10(config-vn)# exit OS10(config)# virtual-network 20000 OS10(config-vn)# vxlan-vni 20000 OS10(config-vn-vxlan-vni-20000)# exit OS10(config-vn)# exit 4.
OS10(conf-if-eth1/1/2)# ip address 172.19.2.0/31 OS10(conf-if-eth1/1/2)# exit 8. Configure eBGP OS10(config)# router bgp 100 OS10(config-router-bgp-100)# address-family ipv4 unicast OS10(configure-router-bgpv4-af)# redistribute connected OS10(configure-router-bgpv4-af)# exit 9. Configure eBGP for the IPv4 point-to-point peering OS10(config-router-bgp-100)# neighbor 172.19.1.
OS10(config-router-neighbor)# exit OS10(config-router-bgp-100)# exit 12.
Configure UFD with uplink VLT ports and downlink network ports OS10(config)# uplink-state-group OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# OS10(conf-uplink-state-group-1)# 1 enable downstream ethernet1/1/1-1/1/2 upstream port-channel10 upstream port-channel20 exit Configure iBGP IPv4 peering between the VLT peers OS10(config)# router bgp 100 OS10(config-router-bgp-100)# neighbor 172.16.250.
OS10(conf-if-eth1/1/4)# no switchport OS10(conf-if-eth1/1/4)# ip address 172.19.1.1/31 OS10(conf-if-eth1/1/4)# exit 2. Configure eBGP OS10(config)# router bgp 101 OS10(config-router-bgp-101)# address-family ipv4 unicast OS10(config-router-bgp-101)# redistribute connected 3. Configure eBGP IPv4 peer sessions on the P2P links OS10(conf-router-bgp-101)# neighbor 172.16.1.
OS10(conf-router-bgp-101)# neighbor 172.17.0.
2. Configure eBGP OS10(config)# router bgp 101 OS10(config-router-bgp-101)# address-family ipv4 unicast OS10(config-router-bgp-101)# redistribute connected 3. Configure eBGP IPv4 peer sessions on the P2P links OS10(conf-router-bgp-101)# neighbor 172.16.1.
OS10(conf-router-neighbor)# update-source loopback1 OS10(conf-router-neighbor)# no shutdown OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-neighbor-af)# no activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-neighbor)# address-family l2vpn evpn OS10(conf-router-neighbor-af)# no sender-side-loop-detection OS10(conf-router-neighbor-af)# activate OS10(conf-router-neighbor-af)# exit OS10(conf-router-bgp-101)# neighbor 172.18.0.
The NSX controller communicates with the OS10 VTEP using the OVSDB management protocol over an Secure Sockets Layer (SSL) connection. Establishing the communication between the controller and VTEP involves generating the SSL certificate at a VTEP and copying the certificate to the NSX controller. After SSL authentication, a secure connection over SSL is established between the controller and the VTEP, and the VTEP receives and processes the configuration data from the controller.
• Underlay reachability to VTEP peers is provisioned or learned using existing routing protocols. • The OS10 VTEP sends MAC addresses addition or deletion events at the VXLAN access port to the NSX controller through OVSDB protocol. The controller then propagates the information to the other VTEPs so that the VTEPs program their forwarding tables accordingly.
Assign interfaces to be managed by the controller In a VTEP, explicitly assign interfaces for an OVSDB controller to manage. Before you assign the interface, consider the following: • • • The interface must be in Switchport Trunk mode. The interface must not be a member of any VLAN The interface must not be a member of a port-channel When the above conditions are not met when assigning the interfaces to be managed by the controller, the system returns error messages.
The following shows BUM traffic replication in the controller-provisioned VXLAN environment: Since VTEP relies on service nodes to replicate BUM traffic, we need a mechanism to monitor the connectivity between the VTEP and the service nodes. BFD can be used monitors the connectivity between the VTEP and service nodes, and detects failures. The NSX controller provides parameters, such as the minimum TX and RX interval, and the multiplier, to initiate the BFD session between the VTEP and the service nodes.
2.2.2.3 2.2.2.2 • Up Up Show output with details about the replicators available for the VNID. OS10# show nve replicators vnid 10009 Codes: * - Active Replicator BFD Status:Enabled Replicators State ----------------------2.2.2.3 Up 2.2.2.2* Up *— indicates the replicator to which the VTEP sends the BUM traffic for the specific VNID. Configure and control VXLAN from VMware vCenter You can configure and control VXLAN from the VMware vCenter GUI.
If successfully establishing connectivity between the VTEP and the NSX controller, the console displays the current connection status between the controller and the management IP address of the VTEP. 3 Create a logical switch. You can create a logical network that acts as the forwarding domain for virtualized and nonvirtualized server workloads on the physical and virtual infrastructure. The following steps configure the logical switch for NSX controller management.
4 Create a logical switch port that provides a logical connection point for a VM interface (VIF) and a L2 gateway connection to an external network. 5 (Optional) Enable or disable BFD globally. The following steps enable or disable BFD configuration in the controller. a Click Service Definitions from the left navigation pane. b Click the Hardware Devices tab. c Click the Edit button in the BFD Configuration.
After you configure a VMware NSX controller on a server VM, connect to the controller from the VXLAN gateway switch. For more information about the NSX controller configuration in the VTEP, see Configure a connection to an OVSDB controller. For more information about NSX controller configuration, see the NSX User Guide from VMware. Example: VXLAN with a controller configuration This example shows a simple NSX controller and an hardware OS10 VTEP deployed in VXLAN environment.
To configure an NSX controller-provisioned VXLAN: • Configure the controller and the interfaces to be managed by the controller, in the OS10 VTEPs • Configure the NSX controller in VMware vCenter. For more information about configuring the NSX controller using the GUI, see the Configure and control VXLAN from the VMware vCenter. You must configure an OS10 VTEP with the controller configuration so that the VTEP can communicate with the NSX controller.
4 Specify the NSX controller reachability information. OS10(config-nve)# controller ovsdb OS10(config-nve-ovsdb)# ip 10.16.140.182 port 6640 ssl OS10(config-nve-ovsdb)# max-backoff 10000 OS10(config-nve-ovsdb)# exit 5 Assign interfaces to be managed by the controller. OS10(config)# interface ethernet 1/1/54:3 OS10(config-if-eth1/1/54:3)# switchport mode trunk OS10(config-if-eth1/1/54:3)# no switchport access vlan OS10(config-if-eth1/1/54:3)# nve-controller 6 (Optional) Enable BFD.
Verify the controller configuration VTEP 1 To view controller-based information on the VTEP 1, use the show nve controller command. OS10# show nve controller Management IP Gateway IP Max Backoff Configured Controller Controller Cluster IP 10.16.140.182 10.16.140.183 10.16.140.181 Port 6640 6640 6640 : : : : 10.16.140.11/16 200.0.0.1 10000 10.16.140.
VTEP 2 OS10# show nve controller Management IP Gateway IP Max Backoff Configured Controller Controller Cluster IP 10.16.140.182 10.16.140.183 10.16.140.181 Port 6640 6640 6640 : : : : 10.16.140.13/16 202.0.0.1 10000 10.16.140.
controller ovsdb Changes the mode to CONFIGURATION-NVE-OVSDB from where you can configure the controller parameters. Syntax controller ovsdb Parameters None Default None Command mode CONFIGURATION-NVE Usage information The controller configuration initiates the OVSDB service on the OS10 switch. The no version of this command stops the OVSDB service. The no version command fails if any ports are configured as controller-managed ports or IP address configuration.
max-backoff Configures a time interval, in milliseconds (ms). This is the duration the switch waits between the connection attempts to the controller. Syntax max-backoff interval Parameters interval—Enter the amount of time, in ms. This is the duration the switch waits between the connection attempts to the controller, from 1000 to 180000 ms.
Default None Command mode EXEC Usage information This command is available only for the sysadmin and secadmin roles. This command generates the SSL certificate and restarts the OVSDB server to start using the newly generated certificate. Example OS10# nve controller ssl-key-generate Supported releases 10.4.3.0 or later show nve controller Displays information about the controller and the controller-managed interfaces.
YTE7MDkGA1UEAwwyT1ZTIHN3aXRjaGNhIENBIENlcnRpZmljYXRlICgyMDE4IFNl cCAyMyAwMzo0NzoyMCkwHhcNMTgwOTI0MTYzMDUyWhcNMjgwOTIxMTYzMDUyWjCB iTELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMRUwEwYDVQQKDAxPcGVuIHZTd2l0 Y2gxHzAdBgNVBAsMFk9wZW4gdlN3aXRjaCBjZXJ0aWZpZXIxNTAzBgNVBAMMLGRl bGwgaWQ6MGVlZmUwYWMtNGJjOC00MmVmLTkzOTEtN2RlMmMwY2JmMTJjMIIBIjAN BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMlD4c4fWwy+5t6VScjizlkFsNzE BOK5PJyI3B6ReRK/J14Fdxio1YmzG0YObjxiwjpUYEsqPL3Nvh0f10KMqwqJVBdf 6sXWHUVw+9A7cIfRh0aRI+HIYyUC4YD48GlnVnaCqhxYaA0tcMzJm4r2k
show ovsdb-tables mac-local-ucast Displays information about local MAC address entries including each MAC address, IP address, local switch name, and VNID. Syntax show ovsdb-tables mac-local-ucast Parameters None Default None Command mode EXEC Usage information This command is available only for netadmin, sysadmin, and secadmin roles.
Usage information This command is available only for netadmin, sysadmin, and secadmin roles. Example OS10# show ovsdb-tables manager Count : 3 Manager table _uuid inactivity_probe is_connected max_backoff other_config status target ------------------------------------ ---- ------------ ---------------------- ------------------------------478ec8ca-9c5a-4d29-9069-633af6c48002 [] false 1000 {} {state=BACKOFF} "ssl: 10.16.140.
9 UFT modes A switch in a Layer 2 (L2) network may require a larger MAC address table size, while a switch in a Layer 3 (L3) network may require a larger routing table size. Unified forwarding table (UFT) offers the flexibility to configure internal L2/L3 forwarding table sizes. OS10 supports several UFT modes for the forwarding tables. By default, OS10 selects a UFT mode that provides a reasonable size for all tables.
Table 29. UFT Modes — Table Size for Z9100-ON UFT Mode L2 MAC Table Size L3 Host Table Size L3 Routes Table Size Scaled-l2–switch 139264 8192 16384 Scaled-l3–hosts 8192 139264 16384 Scaled-l3–routes 8192 8192 131072 Default 73728 73728 16384 Table 30.
Configure UFT modes Available UFT modes include L2 MAC table, L3 host table, or L3 route table sizes. Save the configuration and reload the switch for the configuration changes to take effect. • Select a mode to initialize the maximum table size in CONFIGURATION mode. hardware forwarding-table mode [scaled-l2 | scaled-l3-routes | scaled-l3-hosts] • Disable UFT mode in CONFIGURATION mode.
Configuration after reload: OS10# show hardware l3 Current Settings IPv6 Extended Prefix Entries: 2048 Next-boot Settings 2048 The no version of the command removes the IPv6 extended prefix route configuration. Save and Reload the switch to remove the configuration. OS10(config)# no hardware l3 ipv6-extended-prefix % Warning: Un-configuring IPv6 Extended Prefix will be applied only after a save and reload.
% Warning: IPv6 Extended Prefix Installation will be applied only after a save and reload. OS10(config)# do write memory OS10(config)# reload Supported Releases 10.4.1.0 or later show hardware forwarding-table mode Displays the current hardware forwarding table mode, and the mode after the next boot.
Parameters None Defaults None Command Mode EXEC Usage Information None Example OS10# show hardware l3 Current Settings IPv6 Extended Prefix Entries: 2048 Supported Releases Next-boot Settings 2048 10.4.1.
10 Security Authentication, authorization, and accounting (AAA) services secure networks against unauthorized access. In addition to local authentication, OS10 supports remote authentication dial-in user service (RADIUS) and terminal access controller access control system (TACACS+) client/server authentication systems. For RADIUS and TACACS+, an OS10 switch acts as a client and sends authentication requests to a server that contains all user authentication and network service access information.
aaa authentication login default local aaa authentication login console local User re-authentication To prevent users from accessing resources and performing tasks for which they are not authorized, OS10 allows you to require users to reauthenticate by logging in again when an authentication method or server changes, such as: • Adding or removing a RADIUS server using the radius-server host command • Adding or removing an authentication method using the aaa authentication login {console | default} {loca
OS10 supports four pre-defined roles: sysadmin, secadmin, netadmin, and netoperator. Each user role assigns permissions that determine the commands a user can enter, and the actions a user can perform. RBAC provides an easy and efficient way to administer user rights. If a user’s role matches one of the allowed user roles for a command, command authorization is granted. The OS10 RBAC model provides separation of duty as well as greater security.
• To disable bootloader protection, use the boot protect disable username command. This command allows you to disable bootloader protection by username. boot protect disable username OS10# boot protect disable username root • To display information about the current list of users configured for bootloader protection, use the show boot protect command.
Disabling or locking the linuxadmin user: To disable or lock the linuxadmin user, enter CONFIGURATION mode and execute the command system-user linuxadmin disable. OS10(config)# system-user linuxadmin disable OS10(config)# Enabling or unlocking the linuxadmin user: To enable or unlock the linuxadmin user, enter CONFIGURATION mode and execute the command no system-user linuxadmin disable.
OS10(config)# radius-server timeout 10 OS10(config)# ip radius source-interface mgmt 1/1/1 Configure RADIUS server for non-default VRFs OS10(config)# ip vrf blue OS10(conf-vrf)# exit OS10(config)# radius-server vrf blue View RADIUS server configuration OS10# show running-configuration ... radius-server host 1.2.4.5 key 9 3a95c26b2a5b96a6b80036839f296babe03560f4b0b7220d6454b3e71bdfc59b radius-server retransmit 10 radius-server timeout 10 ip radius source-interface mgmt 1/1/1 ...
Configure RADIUS over TLS authentication server OS10(config)# radius-server host 1.2.4.5 tls security-profile radius-prof key radsec OS10(config)# radius-server retransmit 10 OS10(config)# radius-server timeout 10 TACACS+ authentication Configure a TACACS+ authentication server by entering the server IP address or host name. You must also enter a text string for the key used to authenticate the OS10 switch on a TACACS+ host. The Transmission Control Protocol (TCP) port entry is optional.
Delete TACACS+ server OS10# no tacacs-server host 1.2.4.5 Unknown user role When a RADIUS or TACACS+ server authenticates a user, it may return an unknown user role, or the role may be missing. In these cases, OS10 assigns the netoperator role and associated permissions to the user by default. You can reconfigure the default assigned role. In addition, you can configure an unknown RADIUS or TACACS+ user-role name to inherit the permissions of an existing OS10 system-defined role.
• Configure the SSH server to be reachable on the management VRF using the ip ssh server vrf command. • Configure the SSH login timeout using the ip ssh server login-grace-time seconds command, from 0 to 300; default 60. To reset the default SSH prompt timer, use the no ip ssh server login-grace-time command. • Configure the maximum number of authentication attempts using the ip ssh server max-auth-tries number command, from 0 to 10; default 6.
OS10(config-ipv4-acl)# exit OS10(config)# line vty OS10(config-line-vty)# ip access-class permit10 OS10(config-line-vty)# View VTY ACL configuration OS10(config-line-vty)# show configuration ! line vty ip access-class permit10 ipv6 access-class deny10 OS10(config-line-vty)# Enable AAA accounting To record information about all user-entered commands, use the AAA accounting feature — not supported for RADIUS accounting.
Limit concurrent login sessions To avoid an unlimited number of active sessions on a switch for the same user ID, you can limit the number of console and remote connections. Log in from a console connection by cabling a terminal emulator to the console serial port on the switch. Log in to the switch remotely through a virtual terminal line (VTY), such as Telnet and SSH. • Configure the maximum number of concurrent login sessions in CONFIGURATION mode.
To disable login statistics, use the no login-statistics enable command. Privilege levels overview Providing terminal access control to a switch is one method of securing the device and network. To increase security, you can allow users to access a subset of commands using privilege levels. With OS10, you can configure privilege levels, add commands to them, and restrict access to the terminal line with passwords. The system supports 16 privilege levels.
2 Privilege mode CLI mode router router-bgp or router-ospf line line-vty • priv-lvl—Enter the keyword and then the privilege number, from 2 to 14. • command-string—Enter the specific command. Create a user name and password and assign a privilege level. CONFIGURATION username username password password role role [ priv-lvl privilege-level] • username username—Enter a text string. A maximum of 32 alphanumeric characters; one character minimum. • password password—Enter a text string.
• mode—Enter the privilege mode where you are configuring the specific command.
To disable audit logging, enter the no logging audit enable command. View audit log • Display audit log entries in EXEC mode. By default, 24 entries are displayed, starting with the oldest event. Enter reverse to display entries starting with the most recent events. You can change the number of entries displayed. show logging audit [reverse] [number] Clear audit log • Clear all events in the audit log in CONFIGURATION mode.
• none — No accounting notices are sent. • logging — Logs all accounting notices in syslog. • group tacacs+ — Logs all accounting notices on the first reachable TACACS+ server. Default AAA accounting is disabled. Command Mode CONFIGURATION Usage Information You can enable the recording of accounting events in both the syslog and on TACACS+ servers. The no version of the command disables AAA accounting.
Parameters None Default Disabled Command Mode EXEC Usage Information • After you enable user re-authentication and change the authentication method or server, users are logged out of the switch and are prompted to log in again to re-authenticate. User re-authentication is triggered by: – Adding or removing a RADIUS server as a configured server host with the radius-server host command. – Adding or removing an authentication method with the aaa authentication [local | radius] command.
Example OS10# boot protect enable username root password calvin Supported Releases 10.4.3.0 or later clear logging audit Deletes all events in the audit log. Syntax clear logging audit Parameters None Defaults Not configured Command Mode EXEC Usage Information To display the contents of the audit log, use the show logging audit command. Example OS10# clear logging audit Proceed to clear all audit log messages [confirm yes/no(default)]:yes Supported Releases 10.4.3.
disable Lowers the privilege level. Syntax disable privilege-level Parameters • privilege-level—Enter the privilege level, from 0 to 15. Defaults 1 Command Mode Privileged EXEC Usage Information If you do not specify a privilege level, the system assigns level 1. Example OS10# disable OS10# disable 6 Supported Releases 10.4.3.0 or later enable Enables a specific privilege level. Syntax enable privilege-level Parameters • privilege-level—Enter the configured privilege level, from 0 to 15.
enable password Set a password for a specific privilege level. Syntax Parameters enable password encryption-type password-string priv-lvl privilege-level • encryption-type—Enter the encryption type. The system supports the following encryption types: – 0—Specifies an unencrypted password follows – sha-256—Specifies a SHA-256 encrypted password follows – sha-512—Specifies a SHA-512 encrypted password follows • priv-lvl—Enter the keyword and then the privilege number, from 1 to 15.
ip radius source-interface Specifies the interface whose IP address is used as the source IP address for user authentication with a RADIUS server. Syntax ip radius source-interface interface Parameters interface: • ethernet node/slot/port[:subport] — Enter a physical Ethernet interface. • loopback number — Enter a Loopback interface, from 0 to 16383. • mgmt 1/1/1 — Enter the management interface. • port-channel channel-id — Enter a port-channel ID, from 1 to 28.
ipv6 access-class Filters connections based on an IPv6 access list in virtual terminal line. Syntax ipv6 access-class access-list-name Parameters access-list-name—Enter the access list name. Default Not configured Command Mode LINE VTY CONFIGURATION Usage Information The no version of this command removes the filter. Example OS10(config)# line vty OS10(config-line-vty)# ipv6 access-class permit10 Supported Releases 10.4.
Default • aes256-gcm@openssh.com • blowfish-cbc • cast128-cbc • chacha20-poly1305@opens • aes128-ctr • aes192-ctr • aes256-ctr • aes128-gcm@openssh.com • aes256-gcm@openssh.com • chacha20-poly1305@opens Command Mode CONFIGURATION Usage Information The no version of this command removes the configuration. Example OS10(config)# ip ssh server cipher 3des-cbc aes128-cbc Supported Releases 10.3.0E or later ip ssh server enable Enable the SSH server.
ip ssh server kex Configure the list of Key Exchange algorithms in the SSH server. Syntax ip ssh server kex key-exchange-algorithm Parameters key-exchange-algorithm — Enter the list of Key Exchange algorithms separated by space.
Default • umac-64@openssh.com • umac-128@openssh.com • hmac-md5-etm@openssh.com • hmac-md5-96-etm@openssh.com • hmac-ripemd160-etm@openssh.com • hmac-sha1-etm@openssh.com • hmac-sha1-96-etm@openssh.com • hmac-sha2-256-etm@openssh.com • hmac-sha2-512-etm@openssh.com • umac-64-etm@openssh.com • umac-128-etm@openssh.com • hmac-sha1 • hmac-sha2-256 • hmac-sha2-512 • umac-64@openssh.com • umac-128@openssh.com • hmac-sha1-etm@openssh.com • hmac-sha2-256-etm@openssh.
ip ssh server port Configure the SSH server listening port. Syntax ip ssh server port port-number Parameters port-number — Enter the listening port number, from 1 to 65535. Default 22 Command Mode CONFIGURATION Usage Information The no version of this command removes the configuration. Example OS10(config)# ip ssh server port 255 Supported Releases 10.3.0E or later ip ssh server pubkey-authentication Enable public key authentication in an SSH server.
Supported Releases 10.4.0E(R1) or later line vty Enters the virtual terminal line mode to access the virtual terminal (VTY). Syntax line vty Parameters None Default Not configured Command Mode CONFIGURATION Usage Information None Example OS10(config)# line vty OS10(config-line-vty)# Supported Releases 10.4.0E(R1) or later logging audit enable Enable the recording of configuration and security events in the audit log.
The no version of the command disables the configured number of allowed login sessions. Example OS10(config)# login concurrent-session limit 7 Supported Releases 10.4.1.0 or later login-statistics enable Enables the display of login statistics to users. Syntax login-statistics enable Parameters None Default Disabled Command Mode CONFIGURATION Usage Information Only the sysadmin and secadmin roles have access to this command.
Command Mode Usage Information EXEC • By default, the password you configure with the username password command must be at least nine alphanumeric characters. • Use this command to increase password strength. When you enter the command, at least one parameter is required. When you enter the character-restriction parameter, at least one option is required. • To reset parameters to their default values, enter the no password-attributes command.
Privilege mode CLI mode configure class-map, DHCP, logging, monitor, openflow, policy-map, QOS, support-assist, telemetry, CoS, Tmap, UFD, VLT, VN, VRF, WRED, or alias interface Ethernet, FC, loopback, mgmt, null, port-group, lag, breakout, range, port-channel, VLAN route-map route-map router router-bgp or router-ospf line line-vty • priv-lvl—Enter the keyword and then the privilege number, from 2 to 14. • command-string—Enter the specific command.
Usage Information The authentication key must match the key configured on the RADIUS server. You cannot enter spaces in the key. The show running-configuration output displays both unencrypted and encrypted keys in encrypted format. Configure global settings for the timeout and retransmit attempts allowed on RADIUS servers using the radius-server retransmit and radius-server timeout commands. The no version of this command removes a RADIUS server configuration. Example OS10(config)# radius-server host 1.
radius-server retransmit Configures the number of authentication attempts allowed on RADIUS servers. Syntax radius-server retransmit retries Parameters retries — Enter the number of retry attempts, from 0 to 100. Default An OS10 switch retransmits a RADIUS authentication request three times. Command Mode CONFIGURATION Usage Information Use this command to globally configure the number of retransmit attempts allowed for authentication requests on RADIUS servers.
The no version of this command removes the RADIUS server from the management VRF instance. Example OS10(config)# radius-server vrf management OS10(config)# radius-server vrf blue Supported Releases 10.4.0E(R1) or later show boot protect Displays the current list of configured users that have access to bootloader protection.
+8aJtCoJKbcYaduMjmhVNrNUW5TUXoCnp1XNRpkJzgS7Lt47yi86rqrTCAQW4eSYJIJs4 +4ql9b4MF2D3499Ofn8uS82Mjtj0Nl01lbTbP3gsF4YYdBWaFqp root@OS10 Supported Releases 10.4.1.0 or later show ip ssh Displays the SSH server information. Syntax show ip ssh Parameters None Default Not configured Command Mode EXEC Usage Information Use this command to view information about the established SSH sessions.
Example OS10# show logging audit 4 <14>1 2019-02-14T13:15:06.283337+00:00 OS10 audispd - - - Node.1-Unit.1:PRI [audit], Dell EMC (OS10) node=OS10 type=USER_END msg=audit(1550150106.277:597): pid=7908 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:session_close acct="admin" exe="/bin/su" hostname=? addr=? terminal=??? res=success' <110>1 2019-02-14T13:15:16.331515+00:00 OS10 .clish 7412 - - Node.1-Unit.
User Role changed since last login Failures since last login Time-frame in days Failures in time period Successes in time period Last Login Time Last Login Location : : : : : : : : mltest False 0 25 0 1 2017-11-01T15:42:07Z 1001:10:16:210::4001 Supported Releases 10.4.0E(R1) or later show privilege Displays your current privilege level. Syntax show privilege Parameters None Defaults Not configured Command Mode EXEC Example OS10# show privilege Current privilege level is 15.
Command Mode EXEC Usage Information None Example OS10# show users Index ----1 2 Supported Releases Line -----pts/0 pts/1 User ----admin netad Role Application Idle Login-Time Location Privilege --------------- ---- -------------------------sysadmin bash >24h 2018-09-08 T06:51:37Z 10.14.1.91 [ssh] 15 netadmin bash >24h 2018-09-08 T06:54:33Z 10.14.1.91 [ssh] 10 10.2.0E or laterUpdated the command to display the privilege levels of all users on OS10 version 10.4.3.0 or later.
tacacs-server host Configures a TACACS+ server and the key used to authenticate the switch on the server. Syntax Parameters tacacs-server host {hostname | ip-address} key {0 authentication-key | 9 authentication-key | authentication-key} [auth-port port-number] • hostname — Enter the host name of the TACACS+ server. • ip-address — Enter the IPv4 (A.B.C.D) or IPv6 (x:x:x:x::x) address of the TACACS+ server. • key 0 authentication-key — Enter an authentication key in plain text.
tacacs-server vrf Creates an association between a TACACS server group and a VRF and source interface. Syntax tacacs-server vrf {management | vrf-name} Parameters • management — Enter the keyword to associate TACACS servers to the management VRF instance. This option restricts the TACACS server association to the management VRF only. • vrf-name — Enter the keyword then the name of the VRF to associate TACACS servers with that VRF. Defaults None.
Default Command Mode Usage Information • User name and password entries are in clear text. • There is no default user role. CONFIGURATION • By default, the password must be at least nine alphanumeric characters. Only the following special characters are supported: ! # % & ' ( ) ; < = > [ ] * + - . / : ^ _ Enter the password in clear text. It is converted to SHA-512 format in the running configuration. For backward compatibility with OS10 releases 10.3.
role sysadmin username user10 sshkey abcd Supported Releases 10.4.1.0 or later username sshkey filename Enables SSH password-less login for remote clients using multiple public keys. A remote client is not prompted to enter a password. Syntax username user_name sshkey filename file_path Parameters • user_name — Enter an OS10 user name who logs in on a remote client. This value is the user name configured with the username password role command.
• name inherit — Enter the name of the RADIUS or TACACS+ user role that inherits permissions from an OS10 user role; 32 characters maximum. • existing-role-name — Assign the permissions associated with an OS10 user role: – sysadmin — Full access to all commands in the system, exclusive access to commands that manipulate the file system, and access to the system shell. A system administrator can create user IDs and user roles.
X.509v3 concepts Certificate Certificate authority (CA) A document that associates a network device with its public key. When exchanged between participating devices, certificates are used to validate device identity and the public key associated with the device. A PKI uses the following certificate types: • CA certificate: The certificate of a CA that is used to sign host certificates. A CA certificate may be issued by other CAs or be self-signed.
3 OS10 switches generate private keys and create CSRs using the crypto cert generate request command. A switch uploads a CSR to an intermediate CA. To store the private key in a local hidden location, Dell EMC Networking recommends using the keyfile private parameter with the command. 4 Download and install a CA certificate on a host using the crypto ca-cert install command.
Version: 3 (0x2) Serial Number: 95:48:23:17:76:9d:05:e1 Signature Algorithm: sha256WithRSAEncryption Issuer: C = US, ST = California, L = Santa Clara, O = Dell EMC, OU = Networking, CN = Dell_rootCA1 Validity Not Before: Jul 25 18:21:50 2018 GMT Not After : Jul 20 18:21:50 2038 GMT Subject: C = US, ST = California, L = Santa Clara, O = Dell EMC, OU = Networking, CN = Dell_rootCA1 Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:cd:9d:ca:10:6b:b1:54:81:10:92:42:
70:18:7e:76:66:ca:13:1c:e3:9c:4d:aa:d3:67:96:be:d9:49: 5c:69:10:75:26:53:f7:50:39:06:15:d1:3a:87:47:f6:92:a2: d4:91:35:29:b7:4b:ea:56:4c:13:5e:32:7f:c7:3f:4c:46:67: 54:8d:67:60:38:98:75:da:24:f2:64:b9:24:a1:e3:5b:42:66: 4c:c7:cb:ee:c3:ca:bd:87:1b:7a:fc:35:53:2d:74:68:db:a7: 47:db:03:a3:30:52:af:67:7f:54:a4:de:60:ca:ae:94:43:f8: 98:85:fc:18:9b:b1:db:81:44:57:0b:be:6a:56:9d:2f:7d:75: c2:22:a4:7c:d7:ee:f8:de:10:11:26:60:35:1c:4c:87:2e:a2: fb:1f:5f:30:6c:11:c1:fa:f2:5b:46:02:0a:18:2f:02:a4:99: f2:43:29:cf:e6:5b
If you do not specify the cert-file option, you are prompted to fill in the other parameter values for the certificate interactively; for example: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank. For some fields there will be a default value; if you enter '.', the field will be left blank.
– If you enter fips after using the key-file private option in the crypto cert generate request command, a FIPScompliant private key is stored in a hidden location in the internal file system that is not visible to users. If the certificate installation is successful, the file name of the host certificate and its common name are displayed. Use the filename to configure the certificate in a security profile (crypto security-profile command).
Public-Key: (2048 bit) Modulus: 00:e7:81:4b:4a:12:8d:ce:88:e6:73:3f:da:19:03: c6:56:01:19:b2:02:61:3f:5b:1e:33:28:a1:ed:e3: 85:bc:56:fb:18:d5:16:2e:a0:e7:3a:f9:34:b4:df: 37:97:93:a9:b9:94:b2:9f:69:af:fa:31:77:68:06: 89:7b:6d:fc:91:14:4a:c8:7b:23:93:f5:44:5a:0a: 3f:ce:9b:af:a6:9b:49:29:fd:fd:cb:34:40:c4:02: 30:95:37:28:50:d8:81:fb:1f:83:88:d9:1f:a3:0e: 49:a1:b3:df:90:15:d4:98:2b:b2:38:98:6e:04:aa: bd:92:1b:98:48:4d:08:49:69:41:4e:6a:ee:63:d8: 2a:9f:e6:15:e2:1d:c3:89:f5:f0:d0:fb:c1:9c:46: 92:a9:37:b9:2f:a0:73
If you do specify the cert-file option, you are prompted to enter the other parameter values for the certificate interactively; for example: You are about to be asked to enter information that will be incorporated in your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank. For some fields there will be a default value; if you enter '.', the field will be left blank.
| Installed FIPS certificates | -------------------------------------OS10# show crypto cert DellHost.pem ------------ Non FIPS certificate ----------------Certificate: Data: Version: 3 (0x2) Serial Number: 245 (0xf5) Signature Algorithm: sha256WithRSAEncryption Issuer: emailAddress = admin@dell.com Validity Not Before: Feb 11 20:10:12 2019 GMT Not After : Feb 11 20:10:12 2020 GMT Subject: emailAddress = admin@dell.
3 Use the security profile to configure X.509v3-based service; for example, to configure RADIUS over TLS authentication using an X.
CommonName = GeoTrust Universal CA IssuerName = GeoTrust Universal CA 2. Generate a CSR, copy the CSR to a CA server, download the signed certificate, and install the host certificate. OS10# crypto cert generate request cert-file home://s4048-001.csr key-file home://tsr6.key cname "Top of Rack 6" altname "IP:10.0.0.6 DNS:tor6.dell.com" email admin@dell.com organization "Dell EMC" orgunit Networking locality "Santa Clara" state California country US length 1024 Processing certificate ...
When you install a certificate-key pair, both take the name of the certificate. Enter the certificate-key pair name without an extension as the certificate-name value. The no form of the command removes the certificatekey pair from the profile. Example OS10# crypto security-profile secure-radius-profile OS10(config-sec-profile)# certificate Dell_host1 Supported releases 10.4.3.0 or later cluster security-profile Creates a security profile for a cluster application.
crypto ca-cert install Installs a certificate from a Certificate Authority that is copied to the switch. Syntax crypto ca-cert install ca-cet-filepath [filename] Parameters • ca-cert-filepath — Enter the local path where the downloaded CA certificate is stored; for example, home://CAcert.pem or usb://CA-cert.pem. • filename — (Optional) Enter the filename that the CA certificate is stored under in the OS10 trust store directory. Enter the filename in the filename.crt format.
crypto cert generate Creates a certificate signing request (CSR) or a self-signed certificate. Syntax Parameters crypto cert generate {request | self-signed} [cert-file cert-path key-file {private | keypath}] [country 2-letter code] [state state] [locality city] [organization organization-name] [orgunit unit-name] [cname common-name] [email email-address] [validity days] [length length] [altname alt-name] • request — Create a certificate signing request to copy to a CA.
If you do not specify the cert-file option, you are prompted to fill in the other parameter values for the certificate interactively; for example: You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank. For some fields there will be a default value; if you enter '.', the field will be left blank.
Command mode EXEC Usage information Before using the crypto cert install command, copy a CA-signed certificate to the home directory on the switch using a secure connection, such as HTTPS, SCP, or SFTP, and (optionally) the private key. To delete a trusted certificate, use the crypto cert delete command. A successful installation of a trusted certificate requires that: • The downloaded certificate is correctly formatted. • The downloaded certificate’s public key corresponds to the private key.
Usage information To delete a CA certificate, use the crypto ca-cert delete command. Enter the filename as shown in the show crypto ca-certs output. Example OS10# show crypto ca-certs -------------------------------------| Locally installed certificates | -------------------------------------Dell_interCA1.crt Dell_rootCA1.crt OS10# show crypto ca-certs Dell_interCA1.
Usage information To delete a certificate, use the crypto cert delete filename command. Example OS10# show crypto cert -------------------------------------| Installed non-FIPS certificates | -------------------------------------Dell_host1_CA1.pem -------------------------------------| Installed FIPS certificates | -------------------------------------OS10# show crypto cert Dell_host1_CA1.
Example: Configure RADIUS over TLS with X.509v3 certificates This example shows how to install a trusted X.509v3 CA and a host certificate-key pair that supports RADIUS over TLS authentication. 1. Install a trusted CA certificate. OS10# copy tftp://CAadmin:secret@172.11.222.1/GeoTrust_Universal_CA.crt home:// GeoTrust_Universal_CA.crt OS10# crypto ca-cert install home://GeoTrust_Universal_CA.crt Processing certificate ...
11 OpenFlow Switches implement the control plane and data plane in the same hardware. Software-defined network (SDN) decouples the software (control plane) from the hardware (data plane). A centralized SDN controller handles the control plane traffic and hardware configuration for data plane flows. The SDN controller is the "brain" of an SDN.
NOTE: Do not use the no openflow or no mode openflow-only command. OS10# delete startup-configuration OS10# reload OpenFlow logical switch instance In OpenFlow-only mode, you can configure only one logical switch instance. After you enable OpenFlow mode, create a logical switch instance. The logical switch instance is disabled by default. When the logical switch instance is enabled, the OpenFlow application starts the connection with the configured controller.
Port types Support (Required) ANY Supported (Optional) LOCAL Not supported (Optional) NORMAL Not supported (Optional) FLOOD Not supported Flow table An OpenFlow flow table consists of flow entries. Each flow table entry contains the following fields: Table 35.
Action set An action set associates with each packet. Table 37. Supported action sets Action set Support copy TTL inwards Not supported pop Not supported push-MPLS Not supported push-VLAN Not supported copy TTL outwards Not supported decrement TTL Not supported set Supported (selective fields) qos Not supported group Not supported output Supported Action types An action type associates with each packet. Table 38.
Counters Counters are used for statistical purposes. Table 39.
Required/Optional Counter Bits Support Optional Packet count 64 Not supported Optional Byte count 64 Not supported Required Duration (seconds) 32 Not supported Optional Duration (nanoseconds) 32 Not supported Optional Packet count 64 Not supported Optional Byte count 64 Not supported Optional Flow count 32 Not supported Optional Input packet count 64 Not supported Optional Input byte count 64 Not supported Required Duration (seconds) 32 Not supported Optional Dur
Table 41. Supported asynchronous types Asynchronous types Supported/Not supported Packet-in Supported Flow-removed Supported Port-status Supported Error Supported Symmetric Table 42. Supported symmetric types Symmetric types Supported/Not supported Hello Supported Echo Supported Experimenter Not supported Connection setup TCP Table 43.
Flow table modification messages Supported/Not supported OFPFC_MODIFY_STRICT=2 Supported OFPFC_DELETE=3 Supported OFCPC_DELETE_STRICT=4 Supported Message types Table 45.
Message Type Meters and rate limiters configuration messages Message Support OFPT_SET_ASYNC=28 Not supported OFPT_METER_MOD=29 Not supported Flow match fields Table 46.
Flow match fields Supported/Not supported OFPXMT_OFB_ARP_OP = 21 Not supported OFPXMT_OFB_ARP_SPA = 22 Not supported OFPXMT_OFB_ARP_TPA = 23 Not supported OFPXMT_OFB_ARP_SHA = 24 Not supported OFPXMT_OFB_ARP_THA = 25 Not supported OFPXMT_OFB_IPV6_SRC = 26 Not supported OFPXMT_OFB_IPV6_DST = 27 Not supported OFPXMT_OFB_IPV6_FLABEL = 28 Not supported OFPXMT_OFB_ICMPV6_TYPE = 29 Not supported OFPXMT_OFB_ICMPV6_CODE = 30 Not supported OFPXMT_OFB_IPV6_ND_TARGET = 31 Not supported OFPXMT_O
Action structures Supported/Not supported OFPAT_PUSH_VLAN = 17 Not supported OFPAT_POP_VLAN = 18 Not supported OFPAT_PUSH_MPLS = 19 Not supported OFPAT_POP_MPLS = 20 Not supported OFPAT_SET_QUEUE = 21 Not supported OFPAT_GROUP = 22 Not supported OFPAT_SET_NW_TTL = 23 Not supported OFPAT_DEC_NW_TTL = 24 Not supported OFPAT_SET_FIELD = 25 Supported OFPAT_PUSH_PBB = 26 Not supported OFPAT_POP_PBB = 27 Not supported Capabilities supported by the data path Table 48.
Message type description Individual flow statistics Request/Reply Body • The reply body is struct ofp_desc • The request body is struct ofp_flow_stats_request The reply body is an array of struct ofp_flow_stats • Aggregate flow statistics • • Flow table statistics Port statistics • • The request body is empty The reply body is an array of struct ofp_table_stats • The request body is struct ofp_port_stats_request The reply body is an array of struct ofp_port_stats • Queue statistics for a port
Message type description Request/Reply Body • Table features • • Port description • • Message Support The reply body is struct ofp_meter_features OFPMP_TABLE_FEATURES = The request body is empty or 12 contains an array of struct ofp_table_features that includes the controller's desired view of the switch.
Property type Supported/Not supported OFPTFPT_APPLY_ACTIONS_MISS = 7 Not supported OFPTFPT_MATCH = 8 Supported OFPTFPT_WILDCARDS = 10 Supported OFPTFPT_WRITE_SETFIELD = 12 Supported OFPTFPT_WRITE_SETFIELD_MISS = 13 Not supported OFPTFPT_APPLY_SETFIELD = 14 Supported OFPTFPT_APPLY_SETFIELD_MISS = 15 Not supported Group configuration Table 52.
Flow-removed reasons Table 55. Supported reasons Flow-removed reasons Supported/Not supported OFPRR_IDLE_TIMEOUT = 0 Supported OFPRR_HARD_TIMEOUT = 1 Supported OFPRR_DELETE = 2 Supported OFPRR_GROUP_DELETE = 3 Not supported Error types from switch to controller Table 56.
Error types Supported/Not supported OFPBRC_BAD_TYPE = 1 Supported OFPBRC_BAD_MULTIPART = 2 Not supported OFPBRC_BAD_EXPERIMENTER = 3 Not supported OFPBRC_BAD_EXP_TYPE = 4 Not supported OFPBRC_EPERM = 5 Not supported OFPBRC_BAD_LEN = 6 Supported OFPBRC_BUFFER_EMPTY = 7 Not supported OFPBRC_BUFFER_UNKNOWN = 8 Not supported OFPBRC_BAD_TABLE_ID = 9 Supported OFPBRC_IS_SLAVE = 10 Not supported OFPBRC_BAD_PORT = 11 Supported OFPBRC_BAD_PACKET = 12 Not supported OFPBRC_MULTIPART_BUFFER_OV
Error types Supported/Not supported OFPBAC_BAD_SET_TYPE = 13 Not supported OFPBAC_BAD_SET_LEN = 14 Not supported OFPBAC_BAD_SET_ARGUMENT = 15 Supported Bad instruction code OFPBIC_UNKNOWN_INST = 0 Not supported OFPBIC_UNSUP_INST = 1 Not supported OFPBIC_BAD_TABLE_ID = 2 Not supported OFPBIC_UNSUP_METADATA = 3 Not supported OFPBIC_UNSUP_METADATA_MASK = 4 Not supported OFPBIC_BAD_EXPERIMENTER = 5 Not supported OFPBIC_BAD_EXP_TYPE = 6 Not supported OFPBIC_BAD_LEN = 7 Not supported OFPBI
Error types Supported/Not supported OFPFMFC_UNKNOWN = 0 Supported OFPFMFC_TABLE_FULL = 1 Supported OFPFMFC_BAD_TABLE_ID = 2 Supported OFPFMFC_OVERLAP = 3 Supported OFPFMFC_EPERM = 4 Not supported OFPFMFC_BAD_TIMEOUT = 5 Not supported OFPFMFC_BAD_COMMAND = 6 Supported OFPFMFC_BAD_FLAGS = 7 Not supported Group modification failed code OFPGMFC_GROUP_EXISTS = 0 Not supported OFPGMFC_INVALID_GROUP = 1 Not supported OFPGMFC_WEIGHT_UNSUPPORTED = 2 Not supported OFPGMFC_OUT_OF_GROUPS = 3 No
Error types Supported/Not supported OFPPMFC_BAD_CONFIG = 2 Not supported OFPPMFC_BAD_ADVERTISE = 3 Not supported OFPPMFC_EPERM = 4 Not supported Table modification failed code OFPTMFC_BAD_TABLE = 0 Supported OFPTMFC_BAD_CONFIG = 1 Not supported OFPTMFC_EPERM = 2 Not supported Queue operation failed code OFPQOFC_BAD_PORT = 0 Supported OFPQOFC_BAD_QUEUE = 1 Not supported OFPQOFC_EPERM = 2 Not supported Switch configuration failed code OFPSCFC_BAD_FLAGS = 0 Not supported OFPSCFC_BAD_LEN =
OpenFlow use cases OS10 OpenFlow protocol support allows the flexibility of using vendor-neutral applications and to use applications that you create. For example, the OS10 OpenFlow implementation supports L2 applications similar to the ones found in the following websites: • https://github.com/osrg/ryu/tree/master/ryu/app (only L2 applications are supported) • https://github.com/osrg/ryu/tree/master/ryu/app NOTE: OS10 supports applications based on OpenFlow versions 1.0 and 1.3.
2 b 4 Configure the logical switch instance, of-switch-1. OS10# configure terminal OS10 (config)# openflow OS10 (config-openflow)# switch of-switch-1 Option 2; for in-band management: 1 Configure one of the front-panel ports as the management port. OS10# configure terminal OS10 (config)# openflow OS10 (config-openflow)# in-band-mgmt interface ethernet 1/1/1 OS10 (config-openflow)# 2 Configure an IPv4 address on the front-panel management port.
where server-ip refers to the server where you have stored the certificates, and username and password refers to the credentials you need to access the server with the certificates. 3 Perform the steps described in the Configure OpenFlow protocol on the switch topic to configure OpenFlow. OpenFlow commands controller Configures an OpenFlow controller that the logical switch instance connects to.
dpid-mac-address Specifies the MAC address bits of the datapath ID (DPID) of the logical switch instance. Syntax dpid-mac-address MAC-address Parameters MAC-address—48-bit MAC address in hexadecimal notation, nn:nn:nn:nn:nn:nn Default MAC address Command Mode OPENFLOW SWITCH CONFIGURATION Usage Information The controller uses the DPID to identify the logical switch instance. The DPID is a 64-bit number that is sent to the controller in the features_reply message.
OS10 (config-openflow)# in-band-mgmt interface ethernet 1/1/1 OS10 (config-openflow)# no shutdown Supported Releases 10.4.1 or later max-backoff Configures the time interval, in seconds, that the logical switch instance waits after requesting a connection with the OpenFlow controller. Syntax max-backoff interval Parameters interval—Enter the amount of time, in seconds, that the logical switch instance waits after it attempts to establish a connection with the OpenFlow controller, from 1 to 65,535.
openflow Enters OPENFLOW configuration mode. Syntax openflow Parameters None Default None Command Mode CONFIGURATION Usage Information All OpenFlow configurations are performed in this mode. The no form of this command prompts a switch reload. If you enter yes, the system deletes all OpenFlow configurations and the switch returns to the normal mode after the reload. Example OS10# configure terminal OS10(config)# openflow OS10 (config-openflow)# Supported Releases 10.4.
• negotiate—Enter the keyword to negotiate versions 1.0 or 1.3 with the controller. The highest of the supported versions is selected. • 1.0—Specify the logical switch instance OpenFlow protocol version as 1.0. • 1.3—Specify the logical switch instance OpenFlow protocol version as 1.3. Default negotiate Command Mode OPENFLOW SWITCH CONFIGURATION Usage Information Example NOTE: Only use this command should be run when the logical switch instance is disabled.
The no form of this command disables rate limiting on the controller connection. NOTE: This command is a software rate limiting command and applies only to the OpenFlow channel connection between the controller and the logical switch instance. This command is not related to the switch's data-plane rate limits. Example The following example configures a logical switch instance, of-switch-1, with an OpenFlow controller at a rate of 1000 PPS and packet bursts of 300 packets.
show openflow flows Displays OpenFlow flows for a specific logical switch instance. Syntax show openflow switch logical-switch-name flows Parameters logical-switch-name—Enter the logical switch instance name to view flow information.
Interface Name of-port ID TYPE ethernet1/1/1 1 COPPER ethernet1/1/2 5 COPPER ethernet1/1/3:1 9 FIBER ethernet1/1/3:2 10 FIBER ethernet1/1/3:3 11 FIBER ethernet1/1/3:4 12 FIBER ethernet1/1/4 13 COPPER ethernet1/1/5:1 17 FIBER ethernet1/1/5:2 18 FIBER ethernet1/1/5:3 19 FIBER ethernet1/1/5:4 20 FIBER ethernet1/1/6 21 NONE ethernet1/1/7 25 NONE ethernet1/1/8 29 COPPER ethernet1/1/9 33 NONE ethernet1/1/10 37 NONE ethernet1/1/11 41 COPPER ethernet1/1/12 45 COPPER ethernet1/1/13 49 NONE ethernet1/1/14 53 NONE eth
NONE ethernet1/1/29 NONE ethernet1/1/30 NONE ethernet1/1/31 NONE ethernet1/1/32 NONE Supported Releases 113 PORT_UP(CLI) LINK_DOWN 0MB FD NO 117 PORT_UP(CLI) LINK_DOWN 0MB FD NO 121 PORT_UP(CLI) LINK_DOWN 0MB FD NO 125 PORT_UP(CLI) LINK_DOWN 0MB FD NO 10.4.1 or later show openflow switch Displays OpenFlow parameters for the switch instance.
Command Mode EXEC Usage Information None Example OS10# show openflow switch of-switch-1 controllers Logical switch name: of-switch-1 Total Controllers: 1 Controller: 1 Target: 10.16.208.150:6633 Protocol: TCP Connected: NO Role: Equal Last_error: Network is unreachable State: BACKOFF sec_since_disconnect: 0 Supported Releases 10.4.1 or later switch Creates a logical switch instance or modifies an existing logical switch instance.
NOTE: • The ntp subcommand under the interface command is not applicable when the switch is in OpenFlow mode. • The ip and ipv6 subcommands under the interface command are applicable only when you configure the interface as the management port using the in-band-mgmt command. • The ip and ipv6 commands must be used only in In-Band mode (using the in-band-mgmt command). Table 57.
Mode Available CLI commands radius-server rest scale-profile support-assist system tacacs-server trust username userrole EXEC All commands The following debug commands are not available: • debug iscsi • debug radius • debug tacacs+ LAG INTERFACE CONFIGURATION LAG is not supported. LOOPBACK INTERFACE CONFIGURATION Loopback interface is not supported. INTERFACE CONFIGURATION description end exit ip mtu negotiation ntp show shutdown VLAN INTERFACE CONFIGURATION VLAN is not supported.
12 Access Control Lists OS10 uses two types of access policies — hardware-based ACLs and software-based route-maps. Use an ACL to filter traffic and drop or forward matching packets. To redistribute routes that match configured criteria, use a route-map. ACLs ACLs are a filter containing criterion to match; for example, examine internet protocol (IP), transmission control protocol (TCP), or user datagram protocol (UDP) packets, and an action to take such as forwarding or dropping packets at the NPU.
• Source and destination UDP port number For ACL, TCP, and UDP filters, match criteria on specific TCP or UDP ports. For ACL TCP filters, you can also match criteria on established TCP sessions. When creating an ACL, the sequence of the filters is important. You can assign sequence numbers to the filters as you enter them or OS10 can assign numbers in the order you create the filters. The sequence numbers display in the show running-configuration and show ip access-lists [in | out] command output.
To configure control-plane ACLs, use the existing ACL template and create the appropriate rules to permit or deny traffic as needed, similar to creating an access list for VTY ACLs. However, when you apply this control-plane ACL, you must apply it in CONTROL-PLANE mode instead of VTY mode. For example: OS10# configure terminal OS10(config)# control-plane OS10(config-control-plane)# ip access-group acl_name in where acl_name is the name of the control-plane ACL, a maximum of 140 characters.
IP fragments ACL When a packet exceeds the maximum packet size, the packet is fragmented into a number of smaller packets that contain portions of the contents of the original packet. This packet flow begins with an initial packet that contains all of the L3 and Layer 4 (L4) header information contained in the original packet, and is followed by a number of packets that contain only the L3 header information.
Permit all packets from host OS10(config)# ip access-list ABC OS10(conf-ipv4-acl)# permit tcp host 10.1.1.1 any eq 24 OS10(conf-ipv4-acl)# deny ip any any fragment Permit only first fragments and non-fragmented packets from host OS10(config)# ip access-list ABC OS10(conf-ipv4-acl)# permit tcp host 10.1.1.1 any eq 24 OS10(conf-ipv4-acl)# permit tcp host 10.1.1.
Assign sequence number to filter OS10(config)# ip access-list acl1 OS10(conf-ipv4-acl)# seq 5 deny tcp any any capture session 1 count View ACLs and packets processed through ACL OS10# show ip access-lists in Ingress IP access-list acl1 Active on interfaces : ethernet1/1/5 seq 5 permit ip any any count (10000 packets) Delete ACL rule Before release 10.4.2, deleting ACL rules required a sequence number. After release 10.4.
Table 58. L2 and L3 targeted traffic L2 ACL / L3 ACL Targeted traffic Deny / Deny L3 ACL denies Deny / Permit L3 ACL permits Permit / Deny L3 ACL denies Permit / Permit L3 ACL permits Assign and apply ACL filters To filter an Ethernet interface, a port-channel interface, or a VLAN, assign an IP ACL filter to a physical interface. The IP ACL applies to all traffic entering a physical or port-channel interface.
• Apply the ACL as an inbound or outbound ACL on an interface in CONFIGURATION mode, and view the number of packets matching the ACL. show ip access-list {in | out} Ingress ACL filters To create an ingress ACL filter, use the ip access-group command in EXEC mode. To configure ingress, use the in keyword. Apply rules to the ACL with the ip access-list acl-name command. To view the access-list, use the show access-lists command. 1 Apply an ingress access-list on the interface in INTERFACE mode.
ethernet1/1/29 seq 10 deny ip any any fragment count (100 packets) Clear access-list counters Clear IPv4, IPv6, or MAC access-list counters for a specific access-list or all lists. The counter counts the number of packets that match each permit or deny statement in an access-list. To get a more recent count of packets matching an access-list, clear the counters to start at zero. If you do not configure an access-list name, all IP access-list counters clear.
Route-maps Route-maps are a series of commands that contain a matching criterion and action. They change the packets meeting the matching criterion. ACLs and prefix-lists can only drop or forward the packet or traffic while route-maps process routes for route redistribution. For example, use a route-map to filter only specific routes and to add a metric. • Route-maps also have an implicit deny.
View route-map configuration OS10(conf-router-bgp-neighbor-af)# do show route-map route-map test1, deny, sequence 10 Match clauses: ip address prefix-list p1 Set clauses: route-map test2, permit, sequence 10 Match clauses: ip address prefix-list p1 Set clauses: route-map test3, deny, sequence 10 Match clauses: ip address prefix-list p2 Set clauses: route-map test4, permit, sequence 10 Match clauses: ip address prefix-list p2 Set clauses: Match routes Configure match criterion for a route-map.
• Enter an ORIGIN attribute in ROUTE-MAP mode. set origin {egp | igp | incomplete} • Enter a tag value for the redistributed routes in ROUTE-MAP mode, from 0 to 4294967295. set tag tag-value • Enter a value as the route’s weight in ROUTE-MAP mode, from 0 to 65535. set weight value Check set conditions OS10(config)# route-map ip permit 1 OS10(conf-route-map)# match metric 2567 Continue clause Only BGP route-maps support the continue clause.
If you configure the flow-based enable command and do not apply an ACL on the source port or the monitored port, both flow-based monitoring and port mirroring do not function. Flow-based monitoring is supported only for ingress traffic. The show monitor session session-id command displays output that indicates if a particular session is enabled for flowmonitoring. View flow-based monitoring OS10# show monitor session 1 S.
View monitor sessions OS10(conf-if-eth1/1/1)# show monitor session all S.Id Source Destination Dir SrcIP DstIP DSCP TTL State Reason ---------------------------------------------------------------------------1 ethernet1/1/1 ethernet1/1/4 both N/A N/A N/A N/A true Is UP View ACL table utilization report The show acl-table-usage detail command shows the ingress and egress ACL tables for the various features and their utilization.
1024 USER_IPV4_ACL Shared:1 G2 2 3 1021 1024 USER_IPV6_ACL Shared:2 G4 1 2 510 512 PBR_V6 Shared:2 G10 1 1 511 512 SYSTEM_FLOW Shared:2 G0 49 49 975 1024 ISCSI_SNOOPING Shared:1 G8 12 12 500 512 FCOE Shared:2 G6 55 55 457 512 -----------------------------------------------------------------------------------------------------Egress ACL utilization Hardware Pools -----------------------------------------------------------------------------------------------------Pool ID App(s) Used rows Free rows Max rows --
ACL logging You can configure ACLs to filter traffic, drop or forward packets that match certain conditions. The ACL logging feature allows you to get additional information about packets that match an access control list entry (ACE) applied on an interface in inbound direction. OS10 creates a log message that includes additional information about the packet, when a matching packet hits a log-enabled ACL entry.
Parameters access-list-name — (Optional) Enter the name of the IP access-list to clear counters. A maximum of 140 characters. Default Not configured Command Mode EXEC Usage Information If you do not enter an access-list name, all IPv6 access-list counters clear. The counter counts the number of packets that match each permit or deny statement in an access-list. To get a more recent count of packets matching an access list, clear the counters to start at zero.
Supported Releases 10.2.0E or later deny Configures a filter to drop packets with a specific IP address. Syntax Parameters deny [protocol-number | icmp | ip | tcp | udp] [A.B.C.D | A.B.C.D/x | any | host ip-address] [A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | count | dscp value | fragment | log] • protocol-number — (Optional) Enter the protocol number identified in the IP header, from 0 to 255. • icmp — (Optional) Enter the ICMP address to deny.
• icmp — (Optional) Enter the ICMP address to deny. • ipv6 — (Optional) Enter the IPv6 address to deny. • tcp — (Optional) Enter the TCP address to deny. • udp — (Optional) Enter the UDP address to deny. • A::B — Enter the IPv6 address in dotted decimal format. • A::B/x — Enter the number of bits to match to the IPv6 address. • any — (Optional) Enter the keyword any to specify any source or destination IP address.
Example OS10(config)# mac access-list macacl OS10(conf-mac-acl)# deny any any cos 7 OS10(conf-mac-acl)# deny any any vlan 2 Supported Releases 10.2.0E or later deny icmp Configures a filter to drop all or specific Internet Control Message Protocol (ICMP) messages. Syntax Parameters deny icmp [A.B.C.D | A.B.C.D/x | any | host ip-address] [[A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | count | dscp value | fragment | log] • A.B.C.
• count — (Optional) Count packets the filter processes. • byte — (Optional) Count bytes the filter processes. • dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63. • fragment — (Optional) Use ACLs to control packet fragments. • log — (Optional) Enables ACL logging. Information about packets that match an ACL rule are logged.
Parameters • A::B — (Optional) Enter the source IPv6 address from which the packet was sent and the destination address. • A::B/x — (Optional) Enter the source network mask in /prefix format (/x) and the destination mask. • any — (Optional) Set all routes which are subject to the filter: – capture — (Optional) Capture packets the filter processes. – dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63. – fragment — (Optional) Use ACLs to control packet fragments.
– neq — Not equal to – range — Range of ports, including the specified port numbers. Default Not configured Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes; when you use the count byte options, only bytes increment. The no version of this command removes the filter. The count, byte, and log options are not supported on the S5148F-ON platform. Example OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# deny tcp any any capture session 1 Supported Releases 10.
Example OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# deny tcp any any capture session 1 Supported Releases 10.2.0E or later deny udp Configures a filter to drop User Datagram Protocol (UDP) packets meeting the filter criteria. Syntax Parameters deny udp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | count | dscp value | fragment | log] • A.B.C.
deny udp (IPv6) Configures a filter to drop UDP IPv6 packets that match filter criteria. Syntax deny udp [A::B | A::B/x | any | host ipv6-address [operator]] [A::B | A:B/x | any | host ipv6-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | count | dscp value | fragment | log] Parameters • A::B — Enter the IPv6 address in hexadecimal format separated by colons. • A::B/x — Enter the number of bits to match to the IPv6 address.
description Configures an ACL description. Syntax description text Parameters text — Enter the description text string. A maximum of 80 characters. Default Disabled Command Modes IPV4-ACL, IPV6-ACL, MAC-ACL Usage Information The no version of this command deletes the ACL description. Example OS10(conf-ipv4-acl)# description ipacltest Supported Releases 10.2.0E or later ip access-group Configures an IPv4 access group.
Parameters access-list-name — Enter the name of an IPv4 access list. A maximum of 140 characters. Default Not configured Command Mode CONFIGURATION Usage Information None Example OS10(config)# ip access-list acl1 Supported Releases 10.2.0E or later ip as-path access-list Create an AS-path ACL filter for BGP routes using a regular expression. Syntax ip as-path access-list name {deny | permit} regexp-string Parameters • name — Enter an access list name.
• no-export — BGP does not advertise this route outside a BGP confederation boundary. • internet — BGP does not advertise this route to an Internet community. Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the community list. Example OS10(config)# ip community-list standard STD_LIST deny local-AS Supported Release 10.3.0E or later ip community–list standard permit Creates a standard community list for BGP to permit access.
Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the extended community list. Example OS10(config)# ip extcommunity-list standard STD_LIST deny 4byteas-generic transitive 1.65534:40 Supported Release 10.3.0E or later ip extcommunity-list standard permit Creates an extended community list for BGP to permit access.
ip prefix-list deny Creates a prefix list to deny route filtering from a specified network address. Syntax Parameters ip prefix-list name deny [A.B.C.D/x [ge | le]] prefix-len • name — Enter the name of the prefix list. • A.B.C.D/x — (Optional) Enter the source network address and mask in /prefix format (/x). • ge — Enter to indicate the network address is greater than or equal to the range specified. • le — Enter to indicate the network address is less than or equal to the range specified.
Parameters • name — Enter the name of the prefix list. • num — Enter the sequence list number. • A.B.C.D/x — Enter the source network address and mask in /prefix format (/x). • ge — Enter to indicate the network address is greater than or equal to the range specified. • le — Enter to indicate the network address is less than or equal to the range specified. • prefix-len — Enter the prefix length.
Default Not configured Command Mode INTERFACE CONTROL-PLANE Usage Information Use this command in the CONTROL-PLANE mode to apply a control-plane ACL. Control-plane ACLs are only applied on the ingress traffic. By default, the control-plane ACL is applied to the front-panel ports as well as the management port. The no version of this command deletes an IPv6 ACL configuration.
Example OS10(config)# ipv6 prefix-list TEST deny AB10::1/128 ge 10 le 30 Supported Release 10.3.0E or later ipv6 prefix-list description Configures a description of an IPv6 prefix-list. Syntax ipv6 prefix-list name description Parameters • name — Enter the name of the IPv6 prefix-list. • description — Enter the description for the named prefix-list. Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the specified prefix list.
Parameters • name — (Optional) Enter the name of the IPv6 prefix-list. • num — Enter the sequence number of the specified IPv6 prefix-list. • A::B/x — Enter the IPv6 address and mask in /prefix format (/x). • ge — Enter to indicate the network address is greater than or equal to the range specified. • le — Enter to indicate the network address is less than or equal to the range specified. • prefix-len — Enter the prefix length.
Default Not configured Command Mode CONFIGURATION CONTROL-PLANE Usage Information Use this command in the CONTROL-PLANE mode to apply a control-plane ACL. Control-plane ACLs are only applied on the ingress traffic. By default, the control-plane ACL is applied to the front-panel ports. The no version of this command resets the value to the default.
• host ip-address — (Optional) Enter the IPv4 address to use a host address only. • capture — (Optional) Capture packets the filter processes. • count — (Optional) Count packets the filter processes. • byte — (Optional) Count bytes the filter processes. • dscp value — (Optional) Permit a packet based on the DSCP values, from 0 to 63. • fragment — (Optional) Use ACLs to control packet fragments. • log — (Optional) Enables ACL logging. Information about packets that match an ACL rule are logged.
Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter. The count, byte, and log options are not supported on the S5148F-ON platform. Example OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# permit udp any any capture session 1 Supported Releases 10.2.0E or later permit (MAC) Configures a filter to allow packets with a specific MAC address.
• byte — (Optional) Count bytes the filter processes. • dscp value — (Optional) Permit a packet based on the DSCP values, from 0 to 63. • fragment — (Optional) Use ACLs to control packet fragments. • log — (Optional) Enables ACL logging. Information about packets that match an ACL rule are logged. Default Not configured Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment.
permit ip Configures a filter to permit all or specific packets from an IPv4 address. Syntax permit ip [A.B.C.D | A.B.C.D/x | any | host ip-address] [[A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | count | dscp value | fragment | log] Parameters • A.B.C.D — Enter the IPv4 address in dotted decimal format. • A.B.C.D/x — Enter the number of bits to match to the dotted decimal address. • any — (Optional) Enter the keyword any to specify any source or destination IP address.
• log — (Optional) Enables ACL logging. Information about packets that match an ACL rule are logged. Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter. The count, byte, and log options are not supported on the S5148F-ON platform. Example OS10(conf-ipv6-acl)# permit ipv6 any any count capture session 1 Supported Releases 10.2.
NOTE: The control-plane ACLs support only the eq operator. Default Not configured Command Mode IPV4–ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter. The count, byte, and log options are not supported on the S5148F-ON platform. Example OS10(conf-ipv4-acl)# permit tcp any any capture session 1 Supported Releases 10.2.
permit udp Configures a filter that allows UDP packets meeting the filter criteria. Syntax Parameters permit udp [A.B.C.D | A.B.C.D/x | any | host ip-address [eq | lt | gt | neq | range]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [eq | lt | gt | neq | range] ] [ack | fin | psh | rst | syn | urg] [capture | count | dscp value | fragment | log] • A.B.C.D — Enter the IPv4 address in dotted decimal format. • A.B.C.D/x — Enter the number of bits that must match the dotted decimal address.
permit udp (IPv6) Configures a filter to permit UDP packets meeting the filter criteria. Syntax permit udp [A::B | A::B/x | any | host ipv6-address [operator]] [A::B | A:B/x | any | host ipv6-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | count | dscp value | fragment | log] Parameters • A::B — Enter the IPv6 address in hexadecimal format separated by colons. • A::B/x — Enter the number of bits that must match the IPv6 address.
remark Specifies an ACL entry description. Syntax remark description Parameters description — Enter a description. A maximum of 80 charaters. Default Not configured Command Mode IPV4-ACL Usage Information Configure up to 16777214 remarks for a given IPv4, IPv6, or MAC. The no version of the command removes the ACL entry description. Supported Releases 10.2.0E or later seq deny Assigns a sequence number to deny IPv4 addresses while creating the filter.
Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. The count, byte, and log options are not supported on the S5148F-ON platform. Example OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# seq 10 deny tcp any any capture session 1 log Supported Releases 10.2.
Supported Releases 10.2.0E or later seq deny (MAC) Assigns a sequence number to a deny filter in a MAC access list while creating the filter. Syntax Parameters seq sequence-number deny {nn:nn:nn:nn:nn:nn [00:00:00:00:00:00] | any} {nn:nn:nn:nn:nn:nn [00:00:00:00:00:00] | any} [protocol-number | capture | cos | vlan] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • nn:nn:nn:nn:nn:nn — Enter the source MAC address.
• byte — (Optional) Count bytes the filter processes. • dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63. • fragment — (Optional) Use ACLs to control packet fragments. • log — (Optional) Enables ACL logging. Information about packets that match an ACL rule are logged. Default Not configured Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment.
Supported Releases 10.2.0E or later seq deny ip Assigns a sequence number to deny IPv4 addresses while creating the filter. Syntax Parameters seq sequence-number deny ip [A.B.C.D | A.B.C.D/x | any | host ip-address] [A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | count | dscp value | fragment | log] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A.B.C.D — Enter the IPv4 address in dotted decimal format. • A.
• A::B/x — Enter the number of bits that must match the IPv6 address. • any —(Optional) Enter the keyword any to specify any source or destination address. • host ip-address — (Optional) Enter the IPv6 address to use a host address only. • capture — (Optional) Capture packets the filter processes. • count — (Optional) Count packets the filter processes. • byte — (Optional) Count bytes the filter processes. • dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63.
• operator — (Optional) Enter a logical operator to match the packets on the specified port number. The following options are available: – eq — Equal to – gt — Greater than – lt — Lesser than – neq — Not equal to – range — Range of ports, including the specified port numbers. Default Not configured Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment.
– gt — Greater than – lt — Lesser than – neq — Not equal to – range — Range of ports, including the specified port numbers. Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. The count, byte, and log options are not supported on the S5148F-ON platform.
– neq — Not equal to – range — Range of ports, including the specified port numbers. Default Not configured Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. The count, byte, and log options are not supported on the S5148F-ON platform.
Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. The count, byte, and log options are not supported on the S5148F-ON platform.
seq permit (IPv6) Assigns a sequence number to permit IPv6 packets, while creating a filter. Syntax Parameters seq sequence-number permit protocol-number [A::B | A::B/x | any | host ipv6address] [A::B | A:B/x | any | host ipv6-address] [capture | count | dscp value | fragment | log] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • protocol-number — (Optional) Enter the protocol number, from 0 to 255.
• 00:00:00:00:00:00 — (Optional) Enter which bits in the MAC address must match. If you do not enter a mask, a mask of 00:00:00:00:00:00 applies. • any — (Optional) Set all routes to be subject to the filter: – protocol-number — (Optional) Enter the protocol number identified in the MAC header, from 600 to ffff. – capture — (Optional) Enter the capture packets the filter processes. – cos — (Optional) Enter the CoS value, from 0 to 7. – vlan — (Optional) Enter the VLAN number, from 1 to 4093.
The count, byte, and log options are not supported on the S5148F-ON platform. Example OS10(config)# ip access-list egress OS10(conf-ipv4-acl)# seq 5 permit icmp any any capture session 1 log Supported Releases 10.2.0E or later seq permit icmp (IPv6) Assigns a sequence number to allow ICMP messages while creating the filter.
Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A.B.C.D — Enter the IPv4 address in dotted decimal format. • A.B.C.D/x — Enter the number of bits that must match the dotted decimal address. • any — (Optional) Enter the keyword any to specify any source or destination IP address. • host ip-address — (Optional) Enter the IPv4 address to use a host address only.
Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. The count, byte, and log options are not supported on the S5148F-ON platform.
Default Not configured Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. The count, byte, and log options are not supported on the S5148F-ON platform.
Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. The count, byte, and log options are not supported on the S5148F-ON platform.
Default Not configured Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. The count, byte, and log options are not supported on the S5148F-ON platform.
Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. The count, byte, and log options are not supported on the S5148F-ON platform.
Supported Releases 10.2.0E or later; 10.4.1 or later (control-plane ACL) show access-lists Displays IP, MAC, or IPv6 access-list information. Syntax show {ip | mac | ipv6} access-lists {in | out} access-list-name Parameters • ip — View IP access list information. • mac — View MAC access list information. • ipv6 — View IPv6 access list information. • access-lists in | out — Enter either access lists in or access lists out. • access-list—name — Enter the name of the access-list.
seq 10 permit any any Ingress IPV6 access list ggg Active on interfaces : ethernet 1/1/3 seq 5 permit ipv6 11::/32 any log Example (IPv6 Out) OS10# show ipv6 access-lists out Egress IPV6 access list bbb Active on interfaces : ethernet1/1/1 ethernet1/1/2 seq 10 permit any any Egress IPV6 access list ggg Active on interfaces : ethernet 1/1/1 seq 5 permit ipv6 11::/32 any Example (IP In Control-plane ACL) OS10# show ip access-lists in Ingress IP access-list aaa-cp-acl Active on interfaces : control-plane da
Examples Z9100-ON platform OS10# show acl-table-usage detail Ingress ACL utilization - Pipe 0 Hardware Pools -------------------------------------------------------------------Pool ID App(s) Used rows Free rows Max rows -------------------------------------------------------------------0 SYSTEM_FLOW 98 414 512 1 SYSTEM_FLOW 98 414 512 2 SYSTEM_FLOW 98 414 512 3 USER_IPV4_ACL 4 508 512 4 USER_IPV4_ACL 4 508 512 5 FREE 0 512 512 6 USER_IPV6_ACL 4 508 512 7 USER_IPV6_ACL 4 508 512 8 USER_IPV6_ACL 4 508 512 9
3 USER_IPV4_ACL 0 512 512 4 USER_IPV4_ACL 0 512 512 5 FREE 0 512 512 6 USER_IPV6_ACL 0 512 512 7 USER_IPV6_ACL 0 512 512 8 USER_IPV6_ACL 0 512 512 9 USER_L2_ACL 0 512 512 10 USER_L2_ACL 0 512 512 11 FREE 0 512 512 ---------------------------------------------------------------------------------------Service Pools ---------------------------------------------------------------------------------------App Allocated pools App group Configured rules Used rows Free r ----------------------------------------------
Pool ID App(s) Used rows Free rows Max rows ------------------------------------------------------------------0 SYSTEM_FLOW 49 975 1024 1 SYSTEM_FLOW 49 975 1024 2 USER_IPV4_ACL 3 1021 1024 3 USER_L2_ACL 2 1022 1024 4 USER_IPV6_ACL 2 510 512 5 USER_IPV6_ACL 2 510 512 6 FCOE 55 457 512 7 FCOE 55 457 512 8 ISCSI_SNOOPING 12 500 512 9 FREE 0 512 512 10 PBR_V6 1 511 512 11 PBR_V6 1 511 512 ---------------------------------------------------------------------------------------Service Pools ----------------------
Defaults None Command Mode EXEC Usage Information None Example OS10# show ip as-path-access-list ip as-path access-list hello permit 123 deny 35 Supported Releases 10.3.0E or later show ip community-list Displays the configured IP community lists in alphabetic order. Syntax show ip community-list [name] Parameters name — (Optional) Enter the name of the standard IP community list. A maximum of 140 characters.
show ip prefix-list Displays configured IPv4 or IPv6 prefix list information. Syntax show {ip | ipv6} prefix-list [prefix-name] Parameters • ip | ipv6—(Optional) Displays information related to IPv4 or IPv6. • prefix-name — Enter a text string for the prefix list name. A maximum of 140 characters. Defaults None Command Mode EXEC Usage Information None Example OS10# show ip prefix-list ip prefix-list hello: seq 10 deny 1.2.3.4/24 seq 20 permit 3.4.4.
continue Configures the next sequence of the route map. Syntax continue seq-number Parameters seq-number — Enter the next sequence number, from 1 to 65535. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes a match. Example OS10(config)# route-map bgp OS10(conf-route-map)# continue 65535 Supported Releases 10.3.0E or later match as-path Configures a filter to match routes that have a certain AS path in their BGP paths.
Supported Releases 10.3.0E or later match extcommunity Configures a filter to match routes that have a certain EXTCOMMUNITY attribute in their BGP path. Syntax match extcommunity extcommunity-list-name [exact-match] Parameters • extcommunity-list-name — Enter the name of a configured extcommunity list. • exact-match — (Optional) Select only those routes with the specified extcommunity list name.
• access-list-name — Enter the name of the configured access list. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes a match. Example OS10(config)# route-map bgp OS10(conf-route-map)# match ip address Supported Releases prefix-list test10 10.3.0E or later match ip next-hop Configures a filter to match based on the next-hop IP addresses specified in IP prefix lists.
match ipv6 next-hop Configures a filter to match based on the next-hop IPv6 addresses specified in IP prefix lists. Syntax match ipv6 next-hop prefix-list prefix-list Parameters prefix-list — Enter the name of the configured prefix list. A maximum of 140 characters. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes the match.
Supported Releases 10.3.0E or later match route-type Configures a filter to match routes based on how the route is defined. Syntax Parameters match route-type {{external {type-1 | type-2} | internal | local } • external — Match only on external OSPF routes. Enter the keyword then one of the following: – type–1 — Match only on OSPF Type 1 routes. – type–2 — Match only on OSPF Type 2 routes. • • internal — Match only on routes generated within OSPF areas.
• sequence-number — (Optional) Enter the number to identify the route-map for editing and sequencing number from 1 to 65535. The default is 10. • permit — (Optional) Set the route-map default as permit. • deny — (Optional) Set the route default as deny. Default Not configured Command Mode CONFIGURATION Usage Information NOTE: Exercise caution when you delete route-maps — if you do not enter a sequence number, all route-maps with the same map-name are deleted.
the insertion set community command . To add communities in a community list to the COMMUNITY attribute in a BGP route, use the set comm-list add command. Example OS10(config)# route-map bgp OS10(conf-route-map)# set comm-list comlist1 delete Supported Releases 10.3.0E or later set community Sets the community attribute in BGP updates. Syntax Parameters set community {none | community-number} • none — Enter to remove the community attribute from routes meeting the route map criteria.
set extcomm-list delete Remove communities in the specified list from the EXTCOMMUNITY attribute in a matching inbound or outbound BGP route. Syntax set extcomm-list extcommunity-list-name delete Parameter extcommunity-list-name — Enter the name of an established extcommunity list. A maximum of 140 characters. Defaults None Command Mode ROUTE-MAP Usage Information To add communities in an extcommunity list to the EXTCOMMUNITY attribute in a BGP route, use the set extcomm-list add command.
Command Mode ROUTE-MAP Usage Information This command changes the LOCAL_PREF attribute for routes meeting the route map criteria. To change the LOCAL_PREF for all routes, use the bgp default local-preference command. The no version of this command removes the LOCAL_PREF attribute. Example OS10(conf-route-map)# set local-preference 200 Supported Releases 10.2.0E or later set metric Set a metric value for a routing protocol.
Affects BGP behavior only in outbound route maps and has no effect on other types of route maps. If the route map contains both a set metric-type and a set metric clause, the set metric clause takes precedence. If you enter the internal metric type in a BGP outbound route map, BGP sets the MED of the advertised routes to the IGP cost of the next hop of the advertised route. If the cost of the next hop changes, BGP is not forced to readvertise the route.
• incomplete — Enter to not advertise to peers. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes the set clause from a route map. Example OS10(conf-route-map)# set origin egp Supported Releases 10.2.0E or later set tag Sets a tag for redistributed routes. Syntax set tag tag-value Parameters tag-value — Enter a tag number for the route to redistribute, from 0 to 4294967295.
Command Mode EXEC Usage Information None Example OS10# show route-map route-map abc, permit, sequence 10 Match clauses: ip address (access-lists): hello as-path abc community hello metric 2 origin egp route-type external type-1 tag 10 Set clauses: metric-type type-1 origin igp tag 100 Supported Releases 10.3.
13 Quality of service Quality of service (QoS) reserves network resources for highly critical application traffic with precedence over less critical application traffic. QoS prioritizes different types of traffic and ensures quality of service. You can control the following traffic flow parameters: Delay, Bandwidth, Jitter, and Drop. Different QoS features control the traffic flow parameters, as the traffic traverses a network device from ingress to egress interfaces.
Configuring QoS is a three-step process: 1 2 Create class-maps to classify the traffic flows. The following are the different types of class-maps: • qos (default)—Classifies ingress data traffic. • queuing —Classifies egress queues. • control-plane—Classifies control-plane traffic. • network-qos—Classifies traffic-class IDs for ingress buffer configurations. • application —Classifies application-type traffic. The reserved policy-map policy-iscsi defines the actions for class-iscsi traffic.
• Apply queuing policies in the output direction on physical interfaces or in System-Qos mode. • Apply a application type policy-map in System-Qos mode. When you apply a policy on a system, the policy is effective on all the ports in the system. However, the interface-level policy takes precedence over the system-level policy. Ingress traffic classification Ingress traffic can either be data or control traffic.
2 Define the set of dot1p values mapped to traffic-class, the qos-group ID. OS10(config-tmap-dot1p-map)# qos-group 3 dot1p 0-4 OS10(config-tmap-dot1p-map)# qos-group 5 dot1p 5-7 3 Verify the map entries. OS10# show qos maps type trust-map-dot1p dot1p-trust-map DOT1P Priority to Traffic-Class Map : dot1p-trust-map Traffic-Class DOT1P Priority ------------------------------- 4 3 0-4 5 5-7 Apply the map on a specific interface or on system-qos, global level.
DSCP values TC id Color 24-27 3 G 28-31 3 Y 32-35 4 G 36-39 4 Y 40-43 5 G 44-47 5 Y 48-51 6 G 52-55 6 Y 56-59 7 G 60-62 7 Y 63 7 R User–defined DCSP trust map Override the default mapping by creating a user-defined DSCP trust map. All the unspecified DSCP entries mapp to the default traffic class ID 0. Configure user–defined DSCP trust map 1 Create a DSCP trust map.
1 Create a default DSCP trust map. OS10(config)# trust dscp-map default OS10(config-tmap-dscp-map)# 2 Apply the map on a specific interface or on system-qos global level. • Interface level OS10(conf-if-eth1/1/1)# trust-map dscp default • System-qos level OS10(config-sys-qos)# trust-map dscp default ACL based classification Classify the ingress traffic by matching the packet fields using ACL entries. Classify the traffic flows based on QoS-specific fields or generic fields, using IP or MAC ACLs.
• Pre-defined IP access-list OS10(config-cmap-qos)# match ip access-group name ip-acl-1 • Pre-defined IPv6 access-list OS10(config-cmap-qos)#match ipv6 access-group name ACLv6 • Pre-defined MAC access-list OS10(config-cmap-qos)# match mac access-group name mac-acl-1 3 Create a qos-type policy-map to refer the classes to. OS10(config)# policy-map cos-policy 4 Refer the class-maps in the policy-map and define the required action for the flows.
Control-plane policing Control-plane policing (CoPP) increases security on the system by protecting the route processor from unnecessary traffic and giving priority to important control plane and management traffic. CoPP uses a dedicated control plane configuration through the QoS CLIs to set rate-limiting capabilities for control plane packets.
By default, CoPP traffic towards the CPU is classified into different queues as shown below. Table 61. CoPP: Protocol mappings to queues - prior to release 10.4.2 Queue Protocol 0 IPv6 1 — 2 IGMP 3 VLT, NDS 4 ICMPv6, ICMPv4 5 ARP Request, ICMPV6-RS-NS, ISCSI snooping, ISCSI-COS 6 ICMPv6-RA-NA, SSH, TELNET, TACACS, NTP, FTP 7 RSTP,PVST, MSTP,LACP 8 Dot1X,LLDP, FCOE-FPORT 9 BGPv4, OSPFv6 10 DHCPv6, DHCPv4, VRRP 11 OSPF Hello, OpenFlow Table 62.
Queue Protocols Minimum rate limit Maximum rate (in pps) limit (in pps) Minimum guaranteed buffer (in bytes) Static shared limit (in bytes) 10 LACP 600 1000 1664 48880 11 STP, RSTP, MSTP 400 400 1664 48880 12 DOT1X, LLDP 500 500 1664 48880 13 IPv6 OSPF 600 1000 1664 48880 14 IPv4 OSPF 600 1000 1664 48880 15 BGP 600 1000 1664 48880 16 IPv4 DHCP, IPv6 DHCP 500 500 1664 48880 17 VRRP 600 1000 1664 48880 18 BFD 700 700 1664 48880 19 Remote CPS 700 10
6 Configure rate policing on incoming traffic in POLICY-MAP-CLASS-MAP mode. police {cir committed-rate | pir peak-rate} • cir committed-rate—Enter a committed rate value in pps, from 0 to 4000000. • pir peak rate — Enter a peak-rate value in pps, from 0 to 40000000.
set qos-group 6 police cir 200 bc 100 pir 200 be 100 View CoPP information OS10# show control-plane info Queue Min Rate Limit(in pps) Max Rate Limit(in pps) Protocols 0 600 600 ISCSI UNKNOWN UNICAST 1 1000 1000 SFLOW 2 400 400 IGMP MLD PIM 3 600 1000 VLT NDS 4 500 1000 IPV6_ICMP IPV4_ICMP 5 500 1000 ICMPV6_RS ICMPV6_NS ICMPV6_RA ICMPV6_NA 6 500 1000 ARP_REQ SERVICEABILITY 7 500 1000 ARP_RESP 8 500 500 SSH TELNET TACACS NTP FTP 9 600 600 FCOE 10 600 1000 LACP 11 400 400 RSTP PVST MSTP 12 500 500 DOT1X LLDP 1
2 System-qos-level map 3 Default map Table 63. Default mapping of traffic class ID to queue Traffic class ID Queue ID 0 0 1 1 2 2 3 3 4 4 5 5 6 6 7 7 User–defined QoS map You can override the default mapping by creating a QoS map. Configure user–defined QoS map 1 Create a QoS map. OS10(config)# qos-map traffic-class tc-q-map 2 Define the set of traffic class values mapped to a queue. OS10(config-qos-map)# queue 3 qos-group 0-3 3 Verify the map entries.
In addition, use policing to color the traffic: • When traffic arrives at a rate less than the committed rate, the color is green. • When traffic propagates at an average rate greater than or equal to the committed rate and less than peak-rate, the color is yellow. • When the traffic rate is above the configured peak-rate, the traffic drops to guarantee a bandwidth limit for an ingress traffic flow.
2 Create a QoS type policy-map to color the traffic flow. OS10(config)# policy-map ect-color OS10(config-pmap-qos)# class cmap-dscp-3-ect OS10(config-pmap-c-qos)# set qos-group 3 OS10(config-pmap-c-qos)# set color yellow Modify packet fields You can modify the value of CoS or DSCP fields. 1 Create a QoS type class-map to match a traffic flow. OS10(config)# class-map cmap-dscp-3 OS10(config-cmap-qos)# match ip dscp 3 2 Modify the policy-map to update the DSCP field.
4 Create a queuing type policy-map and configure a policy-map name in CONFIGURATION mode. policy-map type queuing policy-map-name 5 Configure a queuing class in POLICY-MAP mode. class class-name 6 Assign a bandwidth percent, from 1 to 100 to nonpriority queues in POLICY-MAP-CLASS-MAP mode.
1 Define a policy-map and create a policy-map name CONFIGURATION mode. policy-map type queuing policy-map-name 2 Create a QoS class and configure a name for the policy-map in POLICY-MAP mode. class class-map-name 3 Set the scheduler as strict priority in POLICY-MAP-CLASS-MAP mode. priority Apply policy-map 1 Apply the policy-map to the interface in INTERFACE mode or all interfaces in SYSTEM-QOS mode.
• Payload—variable • Cyclic redundancy check—4 bytes • Inter-frame gap—variable The rate adjustment feature is disabled by default. To enable rate adjustment, use the qos-rate-adjust value_of_rate_adjust command. For example: qos-rate-adjust 8 If you have configured WDRR and shaping on a particular queue, the queue can become congested. You should configure the QoS rate adjust value considering the overhead field size to avoid traffic drops on uncongested queues.
Buffer-usage accounting happens for ingress packets on ingress pools and egress packets on egress pool. You can configure ingress-packet buffer accounting per priority-group and egress-packet buffer accounting per queue level. Configure ingress buffer In default ingress buffers, all traffic classes map to the default priority group. The buffers are reserved per default priority group ID 7. All buffers are part of the default pool and all ports share buffers from the default pool.
NOTE: The supported speed varies for different platforms. After the reserved buffers are used, each PFC starts consuming shared buffers from the lossless pool with the alpha value determining the threshold. You can override the default priority group settings when you enable LLFC or PFC. 1 Create a network-qos type class-map to match the traffic classes. For LLFC, match all the traffic classes from 0 to 7. For PFC, match the required traffic class.
Restrictions Deep Buffer mode and network QoS configurations cannot coexist. Enable Deep Buffer mode only when the network QoS configurations; for example LLFC and PFC are disabled. To configure Deep Buffer mode, disable all network QoS related configurations. Configure Deep Buffer mode You must disable all the network QoS configurations; for example, PFC and LLFC, before configuring the Deep Buffer mode. Deep Buffer mode is disabled by default. 1 Enable Deep Buffer mode in CONFIGURATION mode.
Next-boot Settings : Enabled Congestion avoidance Congestion avoidance anticipates and takes necessary actions to avoid congestion. The following mechanisms avoid congestion: • Tail drop—Packets are buffered at traffic queues. When the buffers are exhausted or reach the configured threshold, excess packets drop. By default, OS10 uses tail drop for congestion avoidance. • Random early detection (RED)—In tail drop, different flows are not considered in buffer utilization.
5 Exit WRED CONFIGURATION mode. OS10(config-wred)#exit 6 Enter QOS POLICY-MAP mode and create a queuing policy type. OS10(config)#policy-map type queuing pol-map-1 7 Create a QoS class for the queuing policy type. OS10(config-pmap-queuing)#class default 8 Assign a WRED profile to the specified queue. OS10(config-pmap-c-que)#random-detect prof1 9 Exit CLASS MAP and POLICY MAP modes. OS10(config-pmap-c-que)#exit OS10(config-pmap-queuing)#exit 10 Enter SYSTEM QOS mode.
To enable RRoCE, configure the QoS service policy on the switch in ingress and egress directions on all the interfaces. For more information about this configuration, see Configure RoCE on the switch. Configure RoCE on the switch The following example describes the steps to configure RoCE on the switch. This configuration example uses priority 3 for RoCE. 1 Enter CONFIGURATION mode. OS10# configure terminal OS10 (config)# 2 Enable the Data Center Bridging Exchange protocol (DCBX).
f Enable ETS on the interface. OS10 (conf-if-eth1/1/1)# ets mode on g Apply the qos-map for ETS configurations on the interface. OS10 (conf-if-eth1/1/1)# qos-map traffic-class 2Q h Enable PFC on the interface. OS10 (conf-if-eth1/1/1)# priority-flow-control mode on Configure RoCE on the interfaces The following example describes the steps that you need to perform to configure RoCE on the all the interfaces that the switch uses. This configuration example uses priority 3 for RoCE.
The following examples show each device in this network and their respective configuration: SW1 configuration VXLAN configuration — SW1 OS10# configure terminal OS10(config)# interface vlan 3000 OS10(conf-if-vl-3000)# exit OS10(config)# interface vlan 200 OS10(conf-if-vl-200)# exit OS10(config)# interface loopback 1 OS10(conf-if-lo-1)# ip address 1.1.1.1/32 OS10(conf-if-lo-1)# exit OS10(config)# router ospf 1 OS10(config-router-ospf-1)# router-id 8.8.8.
OS10(conf-if-eth1/1/1)# exit OS10(config)# interface ethernet 1/1/2 OS10(conf-if-eth1/1/2)# switchport mode trunk OS10(conf-if-eth1/1/2)# switchport trunk allowed vlan 3000 OS10(conf-if-eth1/1/2)# exit OS10(config)# configure terminal OS10(config)# nve OS10(conf-nve)# source-interface loopback 1 OS10(conf-nve)# exit OS10(config)# virtual-network 5 OS10(conf-vn-5)# vxlan-vni 1000 OS10(conf-vn-vxlan-vni)# remote-vtep 2.2.2.
OS10(config)# interface range ethernet OS10(conf-range-eth1/1/1,1/1/2,1/1/3)# OS10(conf-range-eth1/1/1,1/1/2,1/1/3)# OS10(conf-range-eth1/1/1,1/1/2,1/1/3)# OS10(conf-range-eth1/1/1,1/1/2,1/1/3)# 1/1/1,1/1/2,1/1/3 flowcontrol transmit on flowcontrol receive on service-policy input type network-qos llfc end WRED and ECN configuration — SW1 OS10# configure terminal OS10(config)# wred w1 OS10(config-wred)# random-detect ecn OS10(config-wred)# random-detect color green minimum-threshold 100 maximum-threshold 5
OS10(conf-if-vl-3000)# ip address 5.5.5.2/24 OS10(conf-if-vl-3000)# exit OS10(config)# interface vlan 200 OS10(conf-if-vl-200)# exit OS10(config)# interface loopback1 OS10(conf-if-lo-1)# no shutdown OS10(conf-if-lo-1)# ip address 2.2.2.2/11 OS10(conf-if-lo-1)# exit OS10(config)# router ospf 1 OS10(config-router-ospf-1)# router-id 9.9.9.
OS10(conf-range-eth1/1/1,1/1/20,1/1/31,1/1/32)# service-policy input type network-qos p5 OS10(conf-range-eth1/1/1,1/1/20,1/1/31,1/1/32)# trust-map dot1p t1 OS10(conf-range-eth1/1/1,1/1/20,1/1/31,1/1/32)# end LLFC configuration — VLT peer 1 Instead of PFC, you can configure LLFC as follows: OS10# configure terminal OS10(config)# class-map type network-qos llfc OS10(config-cmap-nqos)# match qos-group 0-7 OS10(config-cmap-nqos)# exit OS10(config)# policy-map type network-qos llfc OS10(config-pmap-network-qos)#
OS10(conf-vlt-1)# discovery-interface ethernet 1/1/11 OS10(conf-vlt-1)# discovery-interface ethernet 1/1/12 OS10(conf-vlt-1)# vlt-mac aa:bb:cc:dd:ee:ff OS10(conf-vlt-1)# end OS10# OS10# configure terminal OS10(config)# interface port-channel 2 OS10(conf-if-po-2)# vlt-port-channel 20 OS10(conf-if-po-2)# no shutdown OS10(conf-if-po-2)# exit VXLAN configuration — VLT peer 2 OS10(config)# configure terminal OS10(config)# interface vlan 3000 OS10(conf-if-vl-3000)# ip address 5.5.5.
OS10# configure terminal OS10(config)# class-map type network-qos c5 OS10(config-cmap-nqos)# match qos-group 5 OS10(config-cmap-nqos)# exit OS10(config)# policy-map type network-qos p5 OS10(config-pmap-network-qos)# class c5 OS10(config-pmap-c-nqos)# pause OS10(config-pmap-c-nqos)# pfc-cos 5 OS10(config-pmap-c-nqos)# end OS10# configure terminal OS10(config)# interface range ethernet 1/1/1,1/1/20,1/1/11,1/1/12 OS10(conf-range-eth1/1/1,1/1/20,1/1/11,1/1/12)# flowcontrol receive off OS10(conf-range-eth1/1/1,1
Enable DCBx — VLT peer 2 OS10# configure terminal OS10(config)# dcbx enable Configuration on ToR device System configuration — ToR device NOS# configure terminal NOS(config)# interface vlan 200 NOS(conf-if-vl-200)# no shutdown NOS(conf-if-vl-200)# exit NOS(config)# interface port-channel 2 NOS(conf-if-po-2)# no shutdown NOS(conf-if-po-2)# exit NOS(config)# interface range ethernet 1/1/1,1/1/2 NOS(conf-range-eth1/1/1,1/1/2)# channel-group 2 mode active NOS(conf-range-eth1/1/1,1/1/2)# end NOS# NOS# configure
Instead of PFC, you can configure LLFC as follows: NOS# configure terminal NOS(config)# class-map type network-qos llfc NOS(config-cmap-nqos)# match qos-group 0-7 NOS(config-cmap-nqos)# exit NOS(config)# policy-map type network-qos llfc NOS(config-pmap-network-qos)# class llfc NOS(config-pmap-c-nqos)# pause buffer-size 100 pause-threshold 50 resume-threshold 10 NOS(config-pmap-c-nqos)# end NOS# configure terminal NOS(config)# interface range ethernet 1/1/1,1/1/2,1/1/3 NOS(conf-range-eth1/1/1,1/1/2,1/1/3)# f
You can obtain a snapshot of the buffer statistics for the different buffer objects, such as a snapshot of all ingress priority-groups associated to a port, all egress unicast queues bound to a port, and so on. You can enable BST at the global level. OS10 tracks buffer utilization and provides the maximum peak statistics value over a period of time and the current value of the monitored BST counter.
Example OS10(conf-pmap-que)# bandwidth percent 70 Supported Releases 10.2.0E or later buffer-statistics-tracking Enables or disables buffer statistics tracking feature globally. Syntax buffer-statistics-tracking Parameters None Default Disabled Command Mode SYSTEM-QOS Usage Information The no form of the command disables buffer statistics tracking feature globally. After you disable BST, be sure to clear the counter using the clear qos statistics type buffer-statistics-tracking command.
class-map Creates a QoS class-map that filters traffic to match packets to the corresponding policy created for your network. Syntax Parameters Defaults class-map [type {qos | queuing | control-plane}] [{match-any | match-all}] class-map-name • type — Enter a class-map type. • qos — Enter a qos type class-map. • queuing — Enter a queueing type class-map. • control-plane — Enter a control-plane type class-map. • match-all — Determines how packets are evaluated when multiple match criteria exist.
clear qos statistics Clears all QoS-related statistics in the system. Syntax clear qos statistics Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# clear qos statistics Supported Releases 10.2.0E or later clear qos statistics type Clears all queue counters for control-plane, qos, and queueing.
control-plane Enters CONTROL-PLANE mode. Syntax control-plane Parameters None Default Not configured Command Mode CONTROL-PLANE Usage Information If you attach an access-list to the class-map type of control-plane, the access-list ignores the permit and deny keywords. Example (class-map) OS10(config)# class-map type control-plane match-any c1 OS10(conf-cmap-control-plane)# Example (policymap) OS10(config)# policy-map type control-plane p1 OS10(conf-pmap-control-plane)# Supported Releases 10.2.
NOTE: In S5148F-ON, when receive is turned on, it enables decoding of both LLFC and PFC frames on that port. • transmit — (Optional) Indicates the local port can send flow control packets to a remote device. • on — (Optional) When used with receive, allows the local port to receive flow control traffic. When used with transmit, allows the local port to send flow control traffic to the remote device.
• access-group name name — (Optional) Enter the IPv6 access-group name. • set dscp dscp-value — (Optional) Configure a DSCP value for L3 DSCP match criteria, from 0 to 63. • mac access-group name name — Enter an access-group name for the MAC access-list match criteria. A maximum of 140 characters. • set dscp dscp-value — Enter a DSCP value for marking the DSCP packets, from 0 to 63. • not — Enter the IP or CoS to negate the match criteria.
• dscp dscp-list | dscp-list — Enter a DSCP value in single numbers, comma separated, or a hyphenated range, from 0 to 63. Default Not configured Command Mode CLASS-MAP Usage Information You cannot enter two match statements with the same filter-type. If you enter two match statements with the same filter-type, the second statement overwrites the first statement. The match-all option in a class-map does not support ip-any. Select either ip or IPv6 for the match-all criteria.
Example OS10(conf-cmap-queuing)# match queue 1 Supported Releases 10.2.0E or later match vlan Configures a match criteria based on the VLAN ID number. Syntax match vlan vlan-id Parameters vlan-id — Enter a VLAN ID number, from 1 to 4093. Default Not configured Command Mode CLASS-MAP Usage Information You cannot enter two match statements with the same filter-type. If you enter two match statements with the same filter-type, the second statement overwrites the first statement.
• resume-threshold xon-size — (Optional) Enter the buffer limit for the port to stop or cancel sending a pause to the peer in KB . – Default values for PFC: 10G, 25G–87KB, 40G–183KB, 100G–214KB – Default values for LLFC: 10G,25G–9KB, 40G,100G–36KB Default See parameter values Command Mode POLICY-MAP-CLASS-MAP Usage Information Only use this command under the network-qos policy type. Buffer-size, pause-thresholds, and resumethresholds vary based on platform.
Example (global buffer/shared buffer) OS10(config)# policy-map type network-qos nqGlobalpolicy1 OS10(conf-cmap-nqos)# class CLASS-NAME OS10(conf-cmap-nqos-c)# pause buffer-size 45 pause-threshold 25 resumethreshold 10 OS10(conf-cmap-nqos-c)# pfc-cos 0-2 OS10(conf-cmap-nqos-c)# queue-limit 140 Supported Releases 10.3.0E or later pfc-max-buffer-size Configures the maximum buffer size for priority flow-control enabled flows.
Syntax pfc-shared-headroom-buffer-size headroom-buffer-size Parameters headroom-buffer-size — Enter the size of the priority flow-control headroom buffer in KB, from 1 to 3399. Default 1024 KB Command Mode SYSTEM-QOS Usage Information All PFC-enabled priority groups can use the shared headroom space. Headroom is the buffer space that absorbs the incoming packets after the PFC frames reach the sender. After the threshold is reached, PFC frames generate towards the sender.
– queuing — Create a queueing policy-map type. – control-plane — Create a control-plane policy-map type. – application — Create an application policy-map type. – network-qos — Create a network-qos policy-map type. Defaults qos = class-map type and match-any = class-map filter Command Mode CONFIGURATION Usage Information The no version of this command deletes a policy-map. Example OS10(config)# policy-map p1 Example (Queuing) OS10(config)# policy-map type queuing p1 Supported Releases 10.2.
qos-group dot1p Configures a dot1p trust map to the traffic class. Syntax qos-group tc-list [dot1p values] Parameters • qos-group tc-list — Enter the traffic single value class ID, from 0 to 7. • dot1p values — (Optional) Enter either single, comma-delimited, or a hyphenated range of dot1p values, from 0 to 7. Default 0 Command Mode TRUST-MAP Usage Information If the trust map does not define dot1p values to any traffic class, those flows map to the default traffic class 0.
Default 0 Command Mode CONFIGURATION Usage Information The no form of this command removes the rate adjustment configuration and is the same as using the qosrate-adjust 0 command. Example OS10(config)# qos-rate-adjust 10 Supported Releases 10.4.3.0 or later queue-limit Configures static or dynamic shared buffer thresholds.
Example (queue) OS10(config)# policy-map type queuing pmap1 OS10(config-pmap-queuing)# class cmap1 OS10(config-pmap-c-que)# queue-limit queue-len 100 OS10(config-pmap-c-que)# queue-limit thresh-mode static 50 Supported Releases 10.3.0E or later queue bandwidth Configures a bandwidth for a given queue on interface. Syntax queue queue-number bandwidth bandwidth-percentage Parameters • queue-number — Enter the queue number. • bandwidth-percentage — Enter the percentage of bandwidth.
Parameters wred-profile — Enter the name of an existing WRED profile. Default Not configured Command Mode INTERFACE Usage Information The no version of this command removes the WRED profile from the interface. Example OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# random-detect test_wred Supported Releases 10.4.0E(R1) or later random-detect (queue) Assigns a WRED profile to the specified queue.
random-detect ecn Enables explicit congestion notification (ECN) for the WRED profile. Syntax random-detect ecn Parameters None Default Not configured Command Mode WRED CONFIGURATION Usage Information The no version of this command disables ECN. Example OS10(config)# wred test_wred OS10(config-wred)# random-detect ecn Supported Releases 10.4.0E(R1) or later random-detect ecn Enables ECN for the system globally.
Example OS10(config)# system qos OS10(config-sys-qos)# random-detect pool 0 test_wred Supported Releases 10.4.0E(R1) or later random-detect weight Configures the exponential weight value used to calculate the average queue depth for the WRED profile. Syntax random-detect weight weight-value Parameters weight-value — Enter a value for the weight, from 1 to 15.
set cos Sets a cost of service (CoS) value to mark L2 802.1p (dot1p) packets. Syntax set cos cos-value Parameters cos-value — Enter a CoS value, from 0 to 7. Default Not configured Command Mode POLICY-MAP-CLASS-MAP Usage Information You cannot enter two set statements with the same action-type. If you enter two set statements with the same action-type, the second statement overwrites the first. When class-map type is qos, the qos-group corresponds to data queues 0 to 7.
Supported Releases 10.2.0E or later shape Shapes the outgoing traffic rate. Syntax Parameters shape {min {kbps | mbps} min-value [burst-size]} {max {kbps | mbps} max-value [max-burst-size]} • min — Enter the minimum committed rate in unit in kbps, mbps. • kbps — Enter the committed rate unit in kilobits per second, from 0 to 40000000. • mbps — Enter the committed rate unit in megabits per second, from 0 to 40000.
Example OS10# show class-map type qos c1 Class-map (qos): c1 (match-all) Match(not): ip-any dscp 10 Supported Releases 10.2.0E or later show control-plane buffers Displays the pool type, reserved buffer size, and the maximum threshold value for each of the CPU queues.
21 20800 22 Supported Releases lossy 1664 static lossy 1664 static 20800 10.4.2 and later show control-plane buffer-stats Displays the control plane buffer statistics for each of the CPU queues. Syntax show control-plane buffer-stats Parameters None Default A predefined default profile exists.
Usage Information Monitors statistics for the control-plane and to troubleshoot CoPP.
18 19 20 21 22 OS10# Supported Releases 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 10.2.0E or later show hardware deep-buffer-mode Displays the status of DeepB buffer mode in the current and next boot of the switch.
Usage Information None Example (Details) OS10# show interface priority-flow-control details TenGig 1/1: Admin Mode: On OperStatus: On PFC Priorites: 0,4,7 Total Rx PFC Frames: 300 Total Tx PFC Frames: 200 Cos Rx Tx ----------------------0 0 0 1 0 0 2 0 0 3 300 200 4 0 0 5 0 0 6 0 0 7 0 0 Supported Releases 10.3.0E or later show qos interface Displays the QoS configuration applied to a specific interface.
• network-qos — Displays all policy-maps configured of network-qos type. • control-plane — Displays all policy-maps of control-plane type. • policy-map-name — Displays the QoS policy-map name details. Default Not configured Command Mode EXEC Usage Information None Example OS10# show policy-map Service-policy(qos) input: p1 Class-map (qos): c1 set qos-group 1 Service-policy(qos) input: p2 Class-map (qos): c2 set qos-group 2 Supported Releases 10.2.
0 1 2 3 4 5 6 7 OS10# Supported Releases lossy lossy lossy lossy lossless lossy lossy lossy 1792 1792 1792 1792 0 1792 1792 1792 dynamic dynamic dynamic dynamic dynamic dynamic dynamic dynamic 8 8 8 8 10 8 8 8 10.3.0E or later show qos egress buffer-statistics-tracking Displays egress queue-level peak buffer usage count in bytes for queues on a given interface.
1 2 3 4 5 6 7 Supported Releases 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 10.3.0E or later show qos headroom-pool buffer-statistics-tracking Displays headroom-pool level peak buffer usage count in bytes. Syntax show qos headroom-pool buffer-statistics-tracking [detail] Parameters detail—Displays headroom-pool statistics per memory management unit (MMU) instance in platforms with multiple MMU instances.
Supported Releases 10.3.0E or later show qos ingress buffer-statistics-tracking Displays ingress priority group-level peak buffer usage count in bytes for the given priority group on a given interface. Syntax show qos ingress buffer-statistics-tracking interface ethernet [node/slot/port] [priority-group {0-7}] [detail] Parameters • node/slot/port—Enter the port information. • [priority-group {0-7}]—Enter the priority-group keyword, followed by the group number.
6 7 Supported Releases 0 0 0 0 10.3.0E or later show qos-rate-adjust Displays the status of the rate adjust limit for policing and shaping. Syntax show qos-rate-adjust Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show qos-rate-adjust QoS Rate adjust configured for Policer and Shaper (in bytes) : 10 Supported Releases 10.4.3.
Example OS10# show qos system ETS Mode : off ECN Mode : off shows whether the ECN is enabled globally or not Service-policy (Input) (qos) : policy1 Service-policy (Output)(queuing) : policy2 Supported Releases 10.4.1.0 or later show qos system buffers Displays the system buffer configurations and utilization.
Total buffers - 12187 Total lossless buffers - 0 Total shared lossless buffers - 0 Total used shared lossless buffers Total lossy buffers - 11567 Total shared lossy buffers - 9812 Total used shared lossy buffers - 0 Total CPU buffers - 620 Total shared CPU buffers - 558 Total used shared CPU buffers - 0 The following command is supported on Z9100-ON and Z9264F-ON platforms: OS10# show qos system egress buffer detail All values are in kb Total buffers Total lossless buffers Total shared lossless buffers Tota
1 5 2 6 3 7 OS10# show qos maps type trust-map-dot1p dot1p-trustmap1 DOT1P Priority to Traffic-Class Map : dot1p-trustmap1 Traffic-Class DOT1P Priority ------------------------------0 2 1 3 2 4 3 5 4 6 5 7 6 1 OS10# show qos maps type trust-map-dscp dscp-trustmap1 DSCP Priority to Traffic-Class Map : dscp-trustmap1 Traffic-Class DSCP Priority ------------------------------0 8-15 2 16-23 1 0-7 OS10# show qos maps Traffic-Class to Queue Map: queue-map1 Queue Traffic-Class -------------------------1 5 2 6 3 7
Default Traffic-Class to Queue Map Traffic-Class Queue number ------------------------------0 0 1 1 2 2 3 3 4 4 5 5 6 6 7 7 OS10# Example (dscp) OS10# show qos trust-map dscp new-dscp-map new-dscp-map qos-group Dscp Id ------------------0 0-7 1 8-15 2 16-23 3 24-31 4 32-39 5 40-47 6 48-55 7 56-63 Supported Releases 10.3.0E or later show qos wred-profile Displays the details of WRED profile configuration.
-------------|-----------------------|---------------------|--------------------|--------|-----| profile2 | | | | | On| |-----------------------|---------------------|--------------------|--------|-----| Color Blind ECN Thd| 100 1000 100 | -------------|-----------------------|---------------------|--------------------|--------|-----| Supported Releases show queuing statistics Displays QoS queuing statistics information.
Supported Releases 10.2.0E or later trust-map Configures trust map on an interface or on a system QoS. Syntax Parameters trust—map {dot1p | dscp} {default | trust-map-name} • dot1p — Apply dot1p trust map. • dscp — Apply dscp trust map. • default — Apply default dot1p or dscp trust map. • trust-map-name — Enter the name of trust map.
trust dscp-map Creates a user-defined trust map for DSCP flows. Syntax trust dscp-map map-name Parameters map-name — Enter the name of the DSCP trust map. A maximum of 32 characters. Default Not configured Command Mode CONFIGURATION Usage Information If you enable trust, traffic obeys this trust map. default-dscp-trust is a reserved trust-map name. The no version of this command returns the value to the default. Example OS10(config)# trust dscp-map dscp-trust1 Supported Releases 10.3.
Command Mode SYSTEM-QOS INTERFACE Usage Information Use the show qos maps type [tc-queue | trust-map-dot1p | trust-map-dscp] [string] command to view the current trust mapping. You must change the trust map only during no traffic flow. Verify the correct policy maps are applied. The no version of this command returns the value to the default. Example OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# trust-map dscp dscp-trustmap1 Supported Releases 10.4.1.
14 Virtual Link Trunking Virtual Link Trunking (VLT) is a Layer 2 (L2) aggregate protocol between end devices such as servers connected to different network devices. VLT reduces the role of Spanning Tree Protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distributions or core switches.
L3 VLAN connectivity Enable L3 VLAN connectivity, VLANs assigned with an IP address, on VLT peers by configuring a VLAN interface for the same VLAN on both devices. Optimized forwarding with VRRP To ensure the same behavior on both sides of the VLT nodes, VRRP requires state information coordination. VRRP Active-Active mode optimizes L3 forwarding over VLT. By default, VRRP Active-Active mode is enabled on all the VLAN interfaces.
VLT interconnect A VLT interconnect (VLTi) synchronizes states between VLT peers. OS10 automatically adds VLTi ports to VLANs spanned across VLT peers and does not add VLTi ports to VLANs configured on only one peer. • VLAN ID 4094 is reserved as an internal control VLAN for the VLT domain, and it is not user configurable. • The VLTi synchronizes L2 and L3 control-plane information across the two nodes.
The following shows a scenario where VLT Peer A is being reloaded or going down. Until LACP convergence happens, ToR 1 continues to forward traffic to VLT Peer A resulting in traffic loss for a longer time interval.
With graceful LACP, VLT Peer A sends graceful LACP PDUs out to all VLT member ports, as shown: 1038 Virtual Link Trunking
These PDUs notify ToR 1 to direct the traffic to VLT Peer B thereby minimizing traffic loss.
Configure VLT Verify that both VLT peer devices are running the same OS version. For VRRP operation, configure VRRP groups and L3 routing on each VLT peer. Configure the following settings on each VLT peer device separately. 1 (Optional) To prevent loops in VLT domain, enable the STP globally using the spanning-tree mode {rstp | rapid-pvst | mst} command. 2 Create a VLT domain by configuring the same domain ID on each peer using the vlt-domain command.
8 Configure VLT port-channels between VLT peers and an attached device using the vlt-port-channel command. Assign the same VLT port-channel ID from 1 to 1024 to interfaces on different peers that you bundle together. The peer interfaces appear as a single VLT LAG to downstream devices. 9 Connect peer devices in a VLT domain to an attached access device or server.
OS10(config)# spanning-tree mst configuration OS10(conf-mst)# instance 1 vlan 2-10 VLT Peer 2 confoguration OS10(config)# spanning-tree mode mst OS10(config)# spanning-tree mst configuration OS10(conf-mst)# instance 1 vlan 2-10 The following example shows MSTP information on VLT: OS10# show spanning-tree virtual-interface VFP(VirtualFabricPort) of MSTI 0 is Designated Forwarding Edge port: No (default) Link type: point-to-point (auto) Boundary: Yes, Bpdu-filter: Disable, Bpdu-Guard: Disable, Shutdown-on-Bpd
Configure RSTP — peer 1 OS10(config)# spanning-tree mode rstp Configure RSTP — peer 2 OS10(config)# spanning-tree mode rstp View VLT-specific STP information OS10# show spanning-tree virtual-interface VFP(VirtualFabricPort) of RSTP 1 is Designated Forwarding Edge port: No (default) Link type: point-to-point (auto) Boundary: No, Bpdu-filter: Disable, Bpdu-Guard: Disable, Shutdown-on-Bpdu-Guard-violation: No Root-Guard: Disable, Loop-Guard: Disable Bpdus (MRecords) Sent: 11, Received: 7 Interface Designated N
Name PortID Prio Cost Sts Cost Bridge ID PortID -----------------------------------------------------------------------------------------------------------VFP(VirtualFabricPort) 0.1 0 1 BLK 0 4196 90b1.1cf4.a602 0.1 View RPVST+ information on VLT in detail OS10# show spanning-tree virtual-interface detail Port 1 (VFP(VirtualFabricPort)) of vlan1 is designated Forwarding Port path cost 1, Port priority 0, Port Identifier 0.
Peer 1 OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# no switchport OS10(conf-if-eth1/1/1)# exit OS10(config)# interface ethernet 1/1/2 OS10(conf-if-eth1/1/2)# no switchport OS10(conf-if-eth1/1/2)# exit OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# discovery-interface ethernet1/1/1 OS10(conf-vlt-1)# discovery-interface ethernet1/1/2 Peer 2 OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# no switchport OS10(conf-if-eth1/1/1)# exit OS10(config)# interface ethernet 1/1/2 OS10(conf-
VLT backup VLT backup link is an additional link used to check the availability of the peer nodes in the VLT domain. When VLTi interface goes down, the backup link helps to differentiate the VLTi link failure from peer node failure. If the VLTi link fails, all the VLT nodes exchange node liveliness information through the backup link. Based on the node liveliness information, the VLT LAG/port is in up state in the primary VLT peer and in down state in the secondary VLT peer.
When VLT backup link is enabled, the secondary VLT peer 2 identifies the node liveliness through the backup link. If the primary is up, the secondary peer brings down the VLT LAG ports. Now the traffic from Host1 reaches VLT peer 1 and then reaches the destination, that is Host2. In this case the traffic is unicasted instead of flooding, as shown in the following illustration.
Prevention of loops during VLTi failure When VLTi is down, STP may fail to detect any loops in the system, which creates data loop in an L2 network. In the following illustration, STP is running in all the three switches. In the steady state, VLT peer 1 is elected as the root bridge. When VLTi is down, both the VLT nodes become primary. In this state, VLT peer 2 sends STP BPDU to TOR assuming that TOR sends BPDU to VLT peer 1.
When VLT backup link is enabled, the secondary VLT peer identifies the node liveliness of primary through the backup link. If the primary VLT peer is alive, the secondary VLT peer brings down the VLT LAG ports. In this scenario, the STP opens up the orphan port and there is no loop in the system as shown in the following illustration. Configure VLT port-channel A VLT port-channel links an attached device and VLT peer switches, also known as a virtual link trunk.
3 Repeat the steps on the VLT peer. Configure VLT LAG — peer 1 OS10(config)# interface port-channel 10 OS10(conf-if-po-10)# vlt-port-channel 1 Configure VLT LAG — peer 2 OS10(config)# interface port-channel 20 OS10(conf-if-po-20)# vlt-port-channel 1 VLT unicast routing VLT unicast routing enables optimized routing where packets destined for the L3 endpoint of the VLT peer are locally routed. IPv4 and IPv6 support VLT unicast routing. To enable VLT unicast routing, both VLT peers must be in L3 mode.
3 Repeat the steps on the VLT peer. Configure VRRP active-active mode — peer 1 OS10(conf-if-vl-10)# vrrp mode active-active Configure VRRP active-active mode — peer 2 OS10(conf-if-vl-10)# vrrp mode active-active View VRRP configuration OS10# show running-configuration interface vlan 10 ! interface vlan10 no shutdown vrrp mode active-active OS10# Migrate VMs across data centers OS10 switches support movement of virtual machines (VMs) across data centers using VRRP Active-Active mode.
• Server racks, Rack 1 and Rack 2, are part of data centers DC1 and DC2, respectively. • Rack 1 is connected to devices A1 and B1 in L2 network segment. • Rack 2 is connected to devices A2 and B2 in L2 network segment. • A VLT LAG is present between A1 and B1 as well as A2 and B2. • A1 and B1 connect to core routers, C1 and D1 with VLT routing enabled. • A2 and B2 connect to core routers, C2 and D2, with VLT routing enabled. • The data centers are connected through a direct link or eVLT.
• Configure VLT port channel for VLAN 100: C1(config)# interface port-channel 10 C1(conf-if-po-10)# vlt-port-channel 10 C1(conf-if-po-10)# switchport mode trunk C1(conf-if-po-10)# switchport trunk allowed vlan 100 C1(conf-if-po-10)# exit • Add members to port channel 10: C1(config)# interface ethernet 1/1/3 C1(conf-if-eth1/1/3)# channel-group 10 C1(conf-if-eth1/1/3)# exit C1(config)# interface ethernet 1/1/4 C1(conf-if-eth1/1/4)# channel-group 10 C1(conf-if-eth1/1/4)# exit • Configure OSPF on L3 side o
D1(conf-if-po-20)# switchport trunk allowed vlan 200 D1(conf-if-po-20)# exit • Add members to port channel 20: D1(config)# interface ethernet 1/1/5 D1(conf-if-eth1/1/5)# channel-group 20 D1(conf-if-eth1/1/5)# exit D1(config)# interface ethernet 1/1/6 D1(conf-if-eth1/1/6)# channel-group 20 D1(conf-if-eth1/1/6)# exit Sample configuration of C2: • Configure VRRP on L2 links between core routers: C2(config)# interface vlan 100 C2(conf-if-vl-100)# ip address 10.10.100.
• Add members to port channel 10: D2(config)# interface ethernet 1/1/3 D2(conf-if-eth1/1/3)# channel-group 10 D2(conf-if-eth1/1/3)# exit D2(config)# interface ethernet 1/1/4 D2(conf-if-eth1/1/4)# channel-group 10 D2(conf-if-eth1/1/4)# exit • Configure OSPF on L3 side of core router: D2(config)# router ospf 100 D2(conf-router-ospf-100)# exit D2(config)# interface vlan 200 D2(conf-if-vl-200)# ip ospf 100 area 0.0.0.
2 OS10# 34:17:eb:3a:c2:80 up View VLT role * indicates the local peer OS10# show vlt 1 role VLT Unit ID Role -----------------------* 1 primary 2 secondary View VLT mismatch — no mismatch OS10# show vlt 1 mismatch Peer-routing mismatch: No mismatch VLAN mismatch: No mismatch VLT VLAN mismatch: No mismatch Interface virtual-network Anycast-mac mismatch: No mismatch Interface virtual-network Anycast-IP mismatch: No mismatch View VLT mismatch — mismatch in VLT configuration OS10# show vlt 1 mismatch peer-ro
View VLT port details * indicates the local peer OS10# show vlt 1 vlt-port-detail VLT port channel ID : 1 VLT Unit ID Port-Channel Status Configured ports Active ports ---------------------------------------------------------------------* 1 port-channel1 down 2 0 2 port-channel1 down 2 0 VLT port channel ID : 2 VLT Unit ID Port-Channel Status Configured ports Active ports ---------------------------------------------------------------------* 1 port-channel2 down 1 0 2 port-channel2 down 1 0 VLT port channel
* 2 10.16.128.20 Virtual-network: 20 VLT Unit ID Anycast-IP ------------------------------------1 10.16.128.26 * 2 10.16.128.30 View VLT mismatch — Anycast IP addresses not configured on one of the virtual networks on both peers show vlt 1 mismatch virtual-network Interface virtual-network Anycast-IP mismatch: Virtual-network: 10 VLT Unit ID Anycast-IP ------------------------------------1 10.16.128.
Parameters • ip-address — Enter the IPv4 address of the backup link. • ipv6-address — Enter the IPv6 address of the backup link. • vrf management — (Optional) Configure the management VRF instance for the backup IPv4 or IPv6 address. • interval interval-time — (Optional) Enter the time in seconds to configure the heartbeat interval. Default Not configured Command Mode VLT-DOMAIN Usage Information The no version of this command removes the IP address from the backup link.
Example OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# discovery-interface ethernet 1/1/15 Example (range) OS10(config)# vlt-domain 2 OS10(conf-vlt-2)# discovery-interface ethernet 1/1/1-1/1/12 Supported Releases 10.2.0E or later peer-routing Enables or disables L3 routing to peers. Syntax peer-routing Parameters None Default Disabled Command Mode VLT-DOMAIN Usage Information The no version of this command disables L3 routing. Example OS10(conf-vlt-1)# peer-routing Supported Releases 10.2.
Default 32768. Command Mode VLT-DOMAIN Usage Information • After you configure a VLT domain on each peer switch and connect the two VLT peers on each side of the VLT interconnect, the system elects a primary and secondary VLT peer device. To configure the primary and secondary roles before the election process, use the primary-priority command. Enter a lower value on the primary peer and a higher value on the secondary peer.
Designated root priority: 32768, address: 00:78:76:14:60:62 Designated bridge priority: 32768, address: 00:78:76:14:60:62 Designated port ID: 0.1, designated path cost: 0 Number of transitions to forwarding state: 1 Edge port: No (default) Link Type: Point-to-Point BPDU Sent: 15, Received: 5 OS10# show spanning-tree virtual-interface detail Port 1 (VFP(VirtualFabricPort)) of vlan1 is designated Forwarding Port path cost 1, Port priority 0, Port Identifier 0.
Supported Releases 10.3.0E or later show vlt Displays information on a VLT domain. Syntax show vlt id Parameter id — Enter a VLT domain ID, from 1 to 255. Default Not configured Command Mode EXEC Usage Information None Example OS10# show vlt 255 Domain ID Unit ID Role Version Local System MAC address Role priority VLT MAC address IP address Delay-Restore timer Peer-Routing Peer-Routing-Timeout timer VLTi Link Status port-channel1000 : : : : : : : : : : : 255 1 primary 2.
show vlt mac-inconsistency Displays inconsistencies in dynamic MAC addresses learnt between VLT peers across spanned-vlans. Syntax show vlt mac-inconsistency Parameters None Default Not configured Command Mode EXEC Usage Information Use this command to check for a mismatch of MAC address table entries between VLT peers. To verify VLT configuration mismatch issues on peer switches, use the show vlt domain-name mismatch command. Example OS10# show vlt-mac-inconsistency Checking Vlan 228 ..
Usage Information The * in the mismatch output indicates a local node entry.
1 * 2 10,104 - Example (mismatch of VLTi and VLAN) OS10# show vlt all mismatch virtual-network Virtual Network: 100 VLT Unit ID Configured VLTi-Vlans ---------------------------------------------------------------------------1 101 * 2 100 Example (mismatch of VN mode) OS10# show vlt all mismatch virtual-network Virtual Network: 102 VLT Unit ID Configured Virtual Network Mode ---------------------------------------------------------------------------1 PV * 2 Attached Example (mismatch of port and VLAN
Virtual-network: 20 VLT Unit ID Anycast-IP ------------------------------------1 10.16.128.26 * 2 10.16.128.30 Example (Anycast IP addresses not configured on one of the virtual networks on both peers) show vlt 1 mismatch virtual-network Interface virtual-network Anycast-IP mismatch: Virtual-network: 10 VLT Unit ID Anycast-IP ------------------------------------1 10.16.128.25 * 2 ABSENT Virtual-network: 20 VLT Unit ID Anycast-IP ------------------------------------1 ABSENT * 2 10.16.128.
Example OS10# show vlt 1 role VLT Unit ID Role -----------------------* 1 primary 2 secondary Supported Releases 10.2.0E or later show vlt vlt-port-detail Displays detailed status information about VLT ports. Syntax show vlt id vlt-port-detail Parameters id — Enter a VLT domain ID, from 1 to 255. Default Not configured Command Mode EXEC Usage Information The * in the mismatch output indicates a local node entry.
vlt-port-channel Configures the ID used to map interfaces on VLT peers into a single VLT port-channel. Syntax vlt-port-channel vlt-lag-id Parameters vlt-lag-id — Enter a VLT port-channel ID, from 1 to 1024. Default Not configured Command Mode PORT-CHANNEL INTERFACE Usage Information Assign the same VLT port-channel ID to interfaces on VLT peers to create a VLT port-channel. The no version of this command removes the VLT port-channel ID configuration.
Command Mode VLAN INTERFACE Usage Information This command is applicable only for VLAN interfaces. In a non-VLT network, the backup VRRP gateway forwards L3 traffic. If you want to use VRRP groups on VLANs without VLT topology, disable the Active-Active functionality, to ensure that only the active VRRP gateway forwards L3 traffic. The no version of this command disables the configuration. Example OS10(conf-if-vl-10)# vrrp mode active-active Supported Releases 10.2.
15 Uplink Failure Detection Uplink failure detection (UFD) indicates the loss of upstream connectivity to servers connected to the switch. A switch provides upstream connectivity for devices, such as servers. If the switch loses upstream connectivity, the downstream devices also lose connectivity. However, the downstream devices do not generally receive an indication that the upstream connectivity was lost because connectivity to the switch is still operational. To solve this issue, use UFD.
Configure uplink failure detection Consider the following before configuring an uplink-state group: • You can assign a physical port or a port channel to an uplink-state group. • You can assign an interface to only one uplink-state group at a time. • You can designate the uplink-state group as either an upstream or downstream interface, but not both. • You can configure multiple uplink-state groups and operate them concurrently.
• If you do not assign upstream interfaces to an uplink-state group, the downstream interfaces are not disabled. Configuration: 1 Create an uplink-state group in CONFIGURATION mode. uplink-state-group group-id 2 Configure the upstream and downstream interfaces in UPLINK-STATE-GROUP mode. upstream {interface-type | interface-range[ track-vlt-status ] | VLTi} downstream {interface-type | interface-range} 3 (Optional) Disable uplink-state group tracking in UPLINK-STATE-GROUP mode.
Upstream Interfaces : eth1/1/35(Up) *po10(V:Up, ^P:Dwn) VLTi(NA) Downstream Interfaces : eth1/1/2(Up) *po20(V: Up,P: Up) OS10#show uplink-state-group 2 detail (Up): Interface up (Dwn): Interface down (Dis): Interface disabled (NA): Not Available *: VLT port-channel, V: VLT status, P: Peer Operational status ^: Tracking status Uplink State Group : 1 Name: iscsi_group, Status: Enabled, Up Upstream Interfaces : eth1/1/36(Up) *po30(^V:Up, P:Dwn) VLTi(Up) Downstream Interfaces : eth1/1/4(Up) *po20(V: Up,P: Up) O
Event VLT action on primary node VLT action on secondary node UFD action Reboot of VLT secondary peer No action After reboot, runs the delay restore timer. Both the upstream and downstream VLT portchannel remains disabled until the timer expires. UFD error-disables the downstream VLT port-channel as the upstream VLT portchannel is operationally down. After the timer expires, UFD receives operationally up of upstream VLT port-channel and sends clear errordisable of downstream VLT port-channel to IFM.
In the following example, the upstream member is part of VLT port-channel and the downstream member is an orphan port. The uplinkstate group includes the VLT port-channel, VLT node, and the downstream port. The configuration is symmetric on both the VLT nodes. In the following example, the downstream member is part of VLT port-channel and the upstream member is an orphan port. The uplinkstate group includes the VLT port-channel, VLT node, and the upstream port.
OS10 does not support adding a VLTi link member to the uplink-state group. You can add the VLTi link as upstream member to an uplinkstate group using the upstream VLTi command. If the VLTi link is not available in the system, OS10 allows adding the VLTi link as an upstream member. In this case, UFD starts tracking the operational status of the VLTi link when the link is available. Until the VLTi link is available, the show uplink-state-group details command displays the status of the link as NA.
clear ufd-disable Overrides the uplink-state group configuration and brings up the downstream interfaces. Syntax clear ufd-disable {interface interface-type | uplink-state-group group-id} Parameters • interface-type — Enter the interface type. • group-id — Enter the uplink state group ID, from 1 to 32. Default None Command Mode EXEC Usage Information This command manually brings up a disabled downstream interface that is in an UFD-disabled error state.
Command Mode UPLINK-STATE-GROUP Usage Information You cannot assign an interface that is already a member of an uplink-state group to another group. The no version of this command removes the interface from the uplink-state group. Example OS10(config)# uplink-state-group 1 OS10(conf-uplink-state-group-1)# downstream ethernet 1/1/1 Supported Releases 10.4.0E(R3) or later downstream auto-recover Enables auto-recovery of the disabled downstream interfaces.
Parameters None Default Disabled Command Mode UPLINK-STATE-GROUP Usage Information The no version of this command disables tracking of an uplink-state group. Example OS10(config)# uplink-state-group 1 OS10(conf-uplink-state-group-1)# enable Supported Releases 10.4.0E(R3) or later name Configures a descriptive name for the uplink-state group. Syntax name string Parameters string — Enter a description for the uplink-state group. A maximum of 32 characters.
show uplink-state-group Displays the configured uplink-state status. Syntax Parameters show uplink-state-group [group-id] [detail] • group-id — Enter the uplink group ID. The status of the specified group ID displays. • detail — Displays detailed information on the status of the uplink-state groups.
Available *: VLT port-channel, V: VLT status, P: Peer Operational status ^: Tracking status Uplink State Group : 1 Name: iscsi_group, Status: Enabled, Up Upstream Interfaces : eth1/1/36(Up) *po30(^V:Up, P:Dwn) VLTi(Up) Downstream Interfaces : eth1/1/4(Up) *po20(V: Up,P: Up) Supported Releases 10.4.0E(R3) or later uplink-state-group Creates an uplink-state group and enables upstream link tracking.
Supported Releases 10.4.
16 Converged data center services OS10 supports converged data center services, including IEEE 802.1 data center bridging (DCB) extensions to classic Ethernet. DCB provides I/O consolidation in a data center network. Each network device carries multiple traffic classes while ensuring lossless delivery of storage traffic with best-effort for local area network (LAN) traffic and latency-sensitive scheduling of service traffic. • 802.1Qbb — Priority flow control • 802.
PFC configuration notes • PFC is supported for 802.1p, dot1p priority traffic, from 0 to 7. FCoE traffic traditionally uses dot1p priority 3 — iSCSI storage traffic uses dot1p priority 4. • Configure PFC for ingress traffic by using network-qos class and policy maps, see Quality of Service. PFC-enabled traffic queues are treated as lossless queues. Configure the same network-qos policy map on all PFC-enabled ports.
Decide if you want to use the default 802.1p priority-to-traffic class (qos-group) mapping or configure a new map. By default, the qos class-trust class map is applies to ingress traffic. The class-trust class instructs OS10 interfaces to honor dot1p or differentiated services code point (DSCP) traffic. Dot1p Priority : 0 Traffic Class : 1 • 1 0 2 2 3 3 4 4 5 5 6 6 7 7 Apply the default trust map specifying that dot1p values are trusted in SYSTEM-QOS or INTERFACE mode.
Configure PFC PFC provides a pause mechanism based on the 802.1p priorities in ingress traffic. PFC prevents frame loss due to network congestion. Configure PFC lossless buffers, and enable pause frames for dot1p traffic on a per-interface basis. Repeat the PFC configuration on each PFC-enabled interface. PFC is disabled by default. Decide if you want to use the default dot1p-priority-to-traffic class mapping and the default traffic-class-to-queue mapping.
1 Apply the PFC service policy on an ingress interface or interface range in INTERFACE mode. interface ethernet node/slot/port:[subport] service-policy input type network-qos policy—map-name interface range ethernet node/slot/port:[subport]-node/slot/port[:subport] service-policy input type network-qos policy—map-name 2 Enable PFC without DCBX for FCoE and iSCSI traffic in INTERFACE mode. priority-flow-control mode on Configure PFC PFC is enabled on traffic classes with dot1p 3 and 4 traffic.
View PFC ingress buffer configuration OS10# show qos ingress buffers interface ethernet 1/1/1 Interface : ethernet1/1/1 Speed : 0 Priority-grp Reserved Shared-buffer Shared-buffer XOFF no buffer-size mode threshold threshol threshold --------------------------------------------------------------------------------------------------------------------------0 1 2 3 4 5 6 7 9360 static - XON d - - - - - - - - - - - - - - 12779520 - View PFC system buffer configuration OS10# show qos system ingr
4 5 6 7 0 0 0 0 0 0 0 0 0 0 0 0 PFC commands pause Configures the ingress buffer and pause frame settings used for PFC traffic classes. Syntax pause [buffer-size kilobytes pause-threshold kilobytes resume-threshold kilobytes] Parameters Defaults • buffer-size kilobytes — Enter the reserved (guaranteed) ingress-buffer size in kilobytes for PFC dot1p traffic, from 0 to 7787.
pfc-cos Configures the matching dot1p values used to send PFC pause frames. Syntax pfc-cos dot1p-priority Parameters dot1p-priority — Enter a single dot1p priority value for a PFC traffic class, from 1 to 7, a hyphen-separated range, or multiple dot1p values separated by commas.
priority-flow-control Enables PFC on ingress interfaces. Syntax priority-flow-control {mode on} Parameter mode on — Enable PFC for FCoE and iSCSI traffic on an interface without enabling DCBX. Default Disabled Command Mode INTERFACE Usage Information Before you enable PFC, apply a network-qos policy-class map with the specific PFC dot1p priority values to the interface.
Parameters None Default Not configured Command Mode EXEC Usage Information Use the details option to display PFC statistics on received/transmitted frames for each dot1p CoS value. Use the clear qos statistics interface ethernet 1/1/1 command to delete PFC statistics and restart the counter.
ETS configuration notes • ETS is supported on Layer2 (L2) 802.1p priority (dot1p 0 to 7) and Layer 3 (L3) DSCP (0 to 63) traffic. FCoE traffic uses dot1p priority 3 — iSCSI storage traffic uses dot1p priority 4. • Apply these maps and policies on interfaces: – Trust maps — OS10 interfaces do not honor the L2 and L3 priority fields in ingress traffic by default. Create a trust map to honor dot1p and DSCP classes of lossless traffic.
5 Create a queuing policy map in CONFIGURATION mode. Enter POLICY-CLASS-MAP mode and configure the percentage of bandwidth allocated to each traffic class-queue mapping. The sum of all DWRR-allocated bandwidth across ETS queues must be 100%, not including the strict priority queue. Otherwise, QoS automatically adjusts bandwidth percentages so that ETS queues always receive 100% bandwidth. The remaining non-ETS queues receive 1% bandwidth each.
OS10(config-pmap-queuing)# bandwidth percent 30 OS10(config-pmap-queuing)# exit OS10(config)# policy-map type queuing p2 OS10(config-pmap-queuing)# class c2 OS10(config-pmap-queuing)# bandwidth percent 70 OS10(config-pmap-queuing)# exit OS10(config)# system qos OS10(config-sys-qos)# trust-map dot1p dot1p_map1 OS10(config-sys-qos)# trust-map dscp dscp_map1 OS10(config-sys-qos)# qos-map traffic-class tc-q-map1 OS10(config-sys-qos)# ets mode on OS10(config-sys-qos)# service-policy input type qos pclass1 OS10(c
Data center bridging eXchange DCBX allows a switch to automatically discover and set up DCBX-enabled peers configured with compatible settings. In a converged data center network, DCBX provides plug-and-play capability for server, storage, and networking devices in an end-to-end solution. DCBX uses link layer discovery protocol (LLDP) to mediate automatic negotiation and device settings exchange, such as PFC and ETS.
• A DCBX-enabled port operates in a manual role by default. The port operates only with user-configured settings and does not autoconfigure with DCB settings received from a DCBX peer. When you enable DCBX, the port advertises its PFC and ETS configurations to peer devices but does not accept external, or propagate internal, DCB configurations. • DCBX detects misconfiguration on a peer device when DCB features are not compatibly configured with the local switch.
----------------DCBX Operational Version is 0 DCBX Max Version Supported is 0 Sequence Number: 14 Acknowledgment Number: 5 Protocol State: In-Sync Peer DCBX Status ----------------DCBX Operational Version is 0 DCBX Max Version Supported is 255 Sequence Number: 5 Acknowledgment Number: 14 220 Input PFC TLV pkts, 350 Output PFC TLV pkts, 0 Error PFC pkts 220 Input PG TLV Pkts, 396 Output PG TLV Pkts, 0 Error PG TLV Pkts 71 Input Appln Priority TLV pkts, 80 Output Appln Priority TLV pkts, 0 Error Appln Priorit
7 15 0% 0% SP SP Remote Parameters : ------------------Remote is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3 70% ETS 1 4,5,6,7 30% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP 15 0% SP Remote Willing Status is disabled Local Parameters : ------------------Local is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3 70% ETS 1 4,5,6,7 30% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP 15 0% SP Oper s
compatible settings. If you disable DCBX globally on a switch, you can re-enable it to ensure consistent operation of peers in a converged data center network. Example OS10(config)# dcbx Supported Releases 10.3.0E or later enable dcbx tlv-select Configures the DCB TLVs advertised by a DCBX-enabled port. Syntax Parameters dcbx tlv-select {[ets-conf] [ets-reco] [pfc]} • ets-conf — Advertise ETS configuration TLVs. • ets-reco — Advertise ETS recommendation TLVs. • pfc — Advertise PFC TLVs.
lldp tlv-select dcbxp Enables and disables DCBX on a port interface. Syntax lldp tlv-select dcbxp Parameters None Default Enabled interface level; disabled global level Command Mode INTERFACE Usage Information DCBX must be enabled at both the global and interface levels. Enable DCBX globally using the dcbx enable command to activate the exchange of DCBX TLV messages with PFC, ETS, and iSCSI configurations.
Peer Operating version is IEEEv2.
State Machine Type is Asymmetric Conf TLV Tx Status is enabled Reco TLV Tx Status is enabled 5 Input Conf TLV Pkts, 2 Output Conf TLV Pkts, 0 Error Conf TLV Pkts 5 Input Reco TLV Pkts, 2 Output Reco TLV Pkts, 0 Error Reco TLV Pkts Example (PFC detail) OS10# show lldp dcbx interface ethernet 1/1/15 pfc detail Interface ethernet1/1/15 Admin mode is on Admin is enabled, Priority list is 4,5,6,7 Remote is enabled, Priority list is 4,5,6,7 Remote Willing Status is disabled Local is enabled, Priority list is 4,5
In an iSCSI session, a switch connects CNA servers (iSCSI initiators) to a storage array (iSCSI targets) in a SAN or TCP/IP network. iSCSI optimization running on the switch uses dot1p priority-queue assignments to ensure that iSCSI traffic receives priority treatment. iSCSI configuration notes • Enable iSCSI optimization so the switch auto-detects and auto-configures Dell EMC EqualLogic storage arrays directly connected to an interface.
1 Configure an interface or interface range to detect a connected storage device. interface ethernet node/slot/port:[subport] 2 Enable the interface to support a storage device that is directly connected to the port and not automatically detected by iSCSI. Use this command for storage devices that do not support LLDP. The switch auto-detects and auto-configures Dell EMC EqualLogic storage arrays directly connected to an interface when you enable iSCSI optimization.
OS10(config)# OS10(config)# OS10(config)# OS10(config)# iscsi iscsi iscsi iscsi session-monitoring enable aging time 15 priority-bits 0x20 enable View iSCSI optimization OS10# show iscsi iSCSI Auto configuration is Enabled iSCSI session monitoring is Enabled iSCSI COS qos-group 4 remark dot1p 4 Session aging time 15 Maximum number of connections is 100 Port IP Address -----------------------3260 860 3261 10.1.1.
• If the iSCSI login request is received on a non-VLT interface, followed by a response from a VLT interface, the connection is associated with the VLT LAG interface and the information about the session synchronizes with the VLT peer. • When a VLT interconnect comes up, information about iSCSI sessions learnt on the VLT LAG exchanges between the VLT-peers. iSCSI commands iscsi aging Sets the aging time for monitored iSCSI sessions.
iscsi priority-bits Resets the priority bitmap advertised in iSCSI application TLVs. Syntax iscsi priority-bits {priority-bitmap} Parameter priority-bitmap — Enter a bitmap value for the dot1p priority advertised for iSCSI traffic in iSCSI application TLVs (0x1 to 0xff). Default 0x10 (dot1p 4) Command Mode CONFIGURATION Usage Information iSCSI traffic uses dot1p priority 4 in frame headers by default. Use this command to reconfigure the dot1p-priority bits advertised in iSCSI application TLVs.
Usage Information To configure the aging timeout in iSCSI monitoring sessions use the iscsi aging time command. To configure the TCP ports that listen for connected storage devices in iSCSI monitoring sessions use the iscsi target port command. The no version of this command disables iSCSI session monitoring. NOTE: When you enable iSCSI session monitoring, you can monitor a maximum of 100 connections. Example OS10(config)# iscsi session-monitoring enable Supported Releases 10.3.
show iscsi Displays currently configured iSCSI settings. Syntax show iscsi Parameters None Command Mode EXEC Usage Information This command output displays global iSCSI configuration settings. To view target and initiator information use the show iscsi session command.
IP Address TCP Port IP Address TCP Port ID ---------------------------------------------------------10.10.10.210 54835 10.10.10.40 3260 1 Supported Releases 10.3.0E or later show iscsi storage-devices Displays information about the storage arrays directly attached to OS10 ports. Syntax show iscsi storage-devices Parameters None Command Mode EXEC Usage Information The command output displays the storage device connected to each switch port and whether iSCSI automatically detects it.
2. PFC configuration (global) PFC is enabled on traffic classes with dot1p 4, 5, 6, and 7 traffic. All the traffic classes use the default PFC pause settings for shared buffer size and pause frames in ingress queue processing in the network-qos policy map. The pclass policy map honors (trusts) all dot1p ingress traffic. The reserved class-trust class map is configured by default. Trust does not modify ingress values in output flows.
OS10(config)# qos-map OS10(config-qos-map)# OS10(config-qos-map)# OS10(config-qos-map)# traffic-class tmap2 queue 0 qos-group 0 queue 1 qos-group 1 exit OS10(config)# class-map type queuing cmap1 OS10(config-cmap-queuing)# match queue 0 OS10(config-cmap-queuing)# exit OS10(config)# class-map type queuing cmap2 OS10(config-cmap-queuing)# match queue 1 OS10(config-cmap-queuing)# exit OS10(config)# policy-map type queuing pmap1 OS10(config-pmap-queuing)# class cmap1 OS10(config-pmap-c-que)# bandwidth percent
Port Role is Manual DCBX Operational Status is Enabled Is Configuration Source? FALSE Local DCBX Compatibility mode is IEEEv2.5 Local DCBX Configured mode is AUTO Peer Operating version is IEEEv2.
0 1 2 3 4 5 6 7 0,1,2,3, 4,5,6,7 30% 70% 0% 0% 0% 0% 0% 0% ETS ETS SP SP SP SP SP SP Remote Willing Status is disabled Local Parameters : ------------------Local is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3, 30% ETS 1 4,5,6,7 70% ETS 2 0% ETS 3 0% ETS 4 0% ETS 5 0% ETS 6 0% ETS 7 0% ETS Oper status is init ETS DCBX Oper status is Up State Machine Type is Asymmetric Conf TLV Tx Status is enabled Reco TLV Tx Status is enabled 2 Input Conf TLV Pkts, 27
After you enable iSCSI optimization, the iSCSI application priority TLV parameters are added in the show command output to verify a PFC configuration.
Peer DCBX Status ----------------DCBX Operational Version is 0 DCBX Max Version Supported is 0 Sequence Number: 1 Acknowledgment Number: 2 3 Input PFC TLV pkts, 3 Output PFC TLV pkts, 0 Error PFC pkts 3 Input PG TLV Pkts, 3 Output PG TLV Pkts, 0 Error PG TLV Pkts 3 Input Appln Priority TLV pkts, 3 Output Appln Priority TLV pkts, 0 Error Appln Priority TLV Pkts Total Total Total Total 0 DCBX DCBX DCBX DCBX Frames transmitted 3 Frames received 3 Frame errors 0 Frames unrecognized OS10(conf-if-eth1/1/53)# d
17 sFlow sFlow is a standard-based sampling technology embedded within switches and routers that monitors network traffic. It provides traffic monitoring for high-speed networks with many switches and routers.
Enable or disable sFlow on a specific interface • Enable sFlow in CONFIGURATION mode. sflow enable • Disable sFlow in CONFIGURATION mode.
sflow enable ! Collector configuration Configure the IPv4 or IPv6 address for the sFlow collector. When you configure the collector, enter a valid and reachable IPv4 or IPv6 address. You can configure a maximum of two sFlow collectors. If you specify two collectors, samples are sent to both. The agent IP address must be the same for both the collectors.
0 UDP packets dropped 0 sFlow samples collected Polling-interval configuration The polling interval for an interface is the number of seconds between successive samples of counters sent to the collector. You can configure the duration for polled interface statistics. Unless there is a specific deployment need to configure a lower polling interval value, configure the polling interval to the maximum value. • Change the default counter polling interval in CONFIGURATION mode, from 10 to 300.
Configure sFlow sampling rate OS10(config)# sflow sample-rate 4096 View sFlow packet header size OS10# show sflow sFlow services are enabled Management Interface sFlow services are disabled Global default sampling rate: 4096 Global default counter polling interval: 20 Global default extended maximum header size: 128 bytes Global extended information enabled: none 1 collector(s) configured Collector IP addr:10.16.151.245 Agent IP addr:10.16.132.
interface vlan1 no shutdown ! interface vlan10 no shutdown ip address 10.1.1.1/24 View sFlow details OS10# show sflow sFlow services are enabled Management Interface sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 30 Global default extended maximum header size: 128 bytes Global extended information enabled: none 2 collector(s) configured Collector IP addr:5.1.1.1 Agent IP addr:10.1.1.
sflow collector Configures an sFlow collector IP address where sFlow datagrams are forwarded. You can configure a maximum of two collectors. Syntax Parameters sflow collector {ipv4-address | ipv6-address} agent-addr {ipv4-address | ipv6address} [collector-port-number] [vrf vrf-name] • ipv4-address | ipv6-address — Enter an IPv4 or IPv6 address in A.B.C.D/A::B format. • agent-addr ipv4-address | ipv6-address — Enter the sFlow agent IP address.
Example (portchannel) OS10(config)# sflow enable OS10(config)# interface range port-channel 1-10 OS10(conf-range-po-1-10)# sflow enable Supported Releases 10.3.0E or later sflow max-header-size Sets the maximum header size of a packet. Syntax sflow max-header-size header-size Parameter header-size — Enter the header size in bytes, from 64 to 256. The default is 128.
Command Mode CONFIGURATION Usage Information Sampling rate is the number of packets skipped before the sample is taken. For example, if the sampling rate is 4096, one sample generates for every 4096 packets observed. The no version of the command resets the sampling rate to the default value. Example OS10(conf)# sflow sample-rate 4096 Supported Releases 10.3.0E or later sflow source-interface Configures an interface as source for sFlow.
Usage Information OS10 does not support statistics for UDP packets dropped and samples received from the hardware. Example OS10# show sflow sFlow services are enabled Management Interface sFlow services are disabled Global default sampling rate: 32768 Global default counter polling interval: 30 Global default extended maximum header size: 128 bytes Global extended information enabled: none 1 collector(s) configured Collector IP addr:10.16.151.245 Agent IP addr:10.16.132.
18 Telemetry Network health relies on performance monitoring and data collection for analysis and troubleshooting. Network data is often collected with SNMP and CLI commands using the pull mode. In pull mode, a management device sends a get request and pulls data from a client. As the number of objects in the network and the metrics grow, traditional methods limit network scaling and efficiency. Using multiple management systems further limits network scaling.
Table 70. BGP YANG Container Minimum sampling interval (milliseconds) bgp/bgp-oper/bgpPeerCount 15000 bgp/bgp-oper/bgpPrfxCntrsEntry 15000 BGP peers Table 71. BGP peers YANG Container Minimum sampling interval (milliseconds) infra-bgp/peer-state/peer-status 0 Buffer statistics Table 72.
Interface statistics Table 75. Interface statistics YANG Container Minimum sampling interval (milliseconds) if/interfaces-state/interface/statistics 15000 dell-base-if-cmn/if/interfaces-state/interface 15000 Port-channel (lag) member ports Table 76. Port-channel (lag) member ports YANG Container Minimum sampling interval (milliseconds) dell-base-if-cmn/if/interfaces 0 System statistics Table 77.
A sensor group defines the data that is collected and streamed to a destination. Use any of the pre-configured sensor groups to monitor system resources. To display the sensor paths for each group, use the show telemetry sensor-group command. Table 78.
• management 1/1/1 — Enter the management interface. • port-channel channel-id — Enter a port-channel ID, from 1 to 28. • vlan vlan-id — Enter a VLAN ID, from 1 to 4093. 5 Configure the gpb encoding format in which data is streamed in SUBSCRIPTION-PROFILE mode. OS10(conf-telemetry-sp-subscription)# encoding format 6 Configure the gRPC transport protocol used to stream data to a destination in SUBSCRIPTION-PROFILE mode.
bgp-peer buffer device environment interface lag system 0 15000 300000 300000 180000 0 300000 Encoding : gpb Transport : grpc TLS : disabled Source Interface : ethernet1/1/1 Active : true Reason : Connection summary: One or more active connections The connection 10.11.56.204:40001 is in connected state View destination group OS10# show telemetry destination-group Telemetry Status : enabled -- Telemetry Destination Groups -Group : dest1 Destination : 10.11.56.
-- Telemetry Subscription Profile -Name : subscription-1 Destination Groups(s) : dest1 Sensor-group Sample-interval ----------------------------------bgp 300000 bgp-peer 0 buffer 15000 device 300000 environment 300000 interface 180000 lag 0 system 300000 Encoding : gpb Transport : grpc TLS : disabled Source Interface : ethernet1/1/1 Active : true Reason : Connection summary: One or more active connections The connection 10.11.56.
Usage information When an error condition occurs, use the debug telemetry command to store telemetry data in a debug file. The telemetry debug file is stored at /var/log/grpc_server.log. Example OS10# debug telemetry Supported releases 10.4.3.0 or later destination Configures a destination management device that receives streaming telemetry. Syntax destination {ip-address | domain-name} port-number Parameters • ip-address — Enter the IPv4 or IPv6 address of the destination device.
destination-group (telemetry) Configures a destination group for streaming telemetry. Syntax destination-group group-name Parameters group-name — Enter the name of the destination group. A maximum of 32 characters maximum. Default Not configured Command mode TELEMETRY Usage information A destination group defines the destination servers to which streaming telemetry data is sent. The no version of this command removes the configured group.
sensor-group (subscription-profile) Assigns a sensor group with sampling interval to a subscription profile for streaming telemetry. Syntax sensor-group group-name sampling-interval Parameters • group-name — Enter the name for the sensor group. In release 10.4.3.0, only pre-configured sensor groups are supported: bgp, bgp-peer, buffer, device, environment, interface, lag, and system. • sampling-interval — Enter the interval in milliseconds used to collect data samples. The range is 0 to 4294967295.
sensor-path Configures the path to a YANG container from which data is streamed. NOTE: This command is not supported in release 10.4.3.0. Syntax sensor-path yang-path Parameters yang-path — Enter the YANG path. See YANG-modeled telemetry data for the YANG paths for telemetry data collection. Default Not configured Command mode SENSOR-GROUP Usage information The data in the specified YANG path is streamed to a configured destination at a specified interval or in near realtime when an event occurs.
-- Telemetry Sensor Groups -Group : bgp Sensor Path : bgp/bgp-oper/bgpPrfxCntrsEntry Sensor Path : bgp/bgp-oper/bgpPeerCount Group : bgp-peer Sensor Path : infra-bgp/peer-state/peer-status Group : buffer Sensor Path : base-qos/queue-stat Sensor Path : base-qos/priority-group-stat Sensor Path : base-qos/buffer-pool-stat Sensor Path : base-qos/buffer-pool Group : device Sensor Path : base-pas/chassis Sensor Path : base-pas/card Sensor Path : base-switch/switching-entities/switch-stats Group : environment Sens
source interface Configures the source interface used to stream telemetry data to a destination device. Syntax source interface interface Parameters interface — One of the following values: • ethernet node/slot/port[:subport] — Enter a physical Ethernet interface. • loopback number — Enter a Loopback interface, from 0 to 16383. • management 1/1/1 — Enter the management interface. • port-channel channel-id — Enter a port-channel ID, from 1 to 28. • vlan vlan-id — Enter a VLAN ID, from 1 to 4093.
Default Telemetry is disabled on the switch. Command mode CONFIGURATION Usage information Enable and disable streaming telemetry in Telemetry mode. Example OS10(config)# telemetry OS10(conf-telemetry)# Supported releases 10.4.3.0 or later transport Configures the transport protocol used to stream telemetry data to a remote management device. Syntax transport protocol [no-tls] Parameters • protocol — Enter the gRPC (Google remote procedure call) transport protocol used for telemetry sessions.
OS10(conf-telemetry-sp-subscription-1)# source-interface ethernet 1/1/1 OS10(conf-telemetry-sp-subscription-1)# end OS10# show telemetry Telemetry Status : enabled -- Telemetry Destination Groups -Group : dest1 Destination : 10.11.56.
19 RESTCONF API RESTCONF is a representational state transfer (REST)-like protocol that uses HTTPS connections. Use the OS10 RESTCONF API to set up the configuration parameters on OS10 switches using JavaScript Object Notation (JSON)-structured messages. Use any programming language to create and send JSON messages. The examples in this chapter use curl. The OS10 RESTCONF implementation complies with RFC 8040. You can use the RESTCONF API to configure and monitor an OS10 switch.
3 (Optional) Limit the ciphers that the switch uses in a RESTCONF HTTPS session to encrypt and decrypt data in CONFIGURATION mode. By default, all cipher suites installed on OS10 are supported. Separate multiple entries with a blank space. Valid cipher-suite values are: • dhe-rsa-with-aes-128-gcm-SHA256 • dhe-rsa-with-aes-256-gcm-SHA384 • ecdhe-rsa-with-aes-128-gcm-SHA256 • ecdhe-rsa-with-aes-256-gcm-SHA384 rest https cipher-suite 4 Enable RESTCONF API in CONFIGURATION mode.
• ecdhe-rsa-with-aes-256-gcm-SHA384 Default All cipher suites installed with OS10 are supported. Command Mode CONFIGURATION Usage Information • Use the rest https cipher-suite command to restrict the ciphers that a RESTCONF HTTPS session uses. • The no version of the command removes the cipher list and restores the default value. Example OS10(config)# rest https cipher-suite dhe-rsa-with-aes-128-gcm-SHA256 dhe-rsa-with-aes-256-gcm-SHA384 ecdhe-rsa-with-aes-256-gcm-SHA384 Supported Releases 10.
RESTCONF API tasks Using the RESTCONF API, you can provision OS10 switches using HTTPS requests. The examples in this section show how to access the OS10 RESTCONF API using curl commands. curl is a Linux shell command that generates HTTPS requests and is executed on an external server. curl Commands curl command options include: • -X specifies the HTTPS request type; for example, POST , PATCH, or GET. • -u specifies the user name and password to use for server authentication.
Locate the XML parameters values for the same JSON data arguments. For example, to configure VLAN 20 on an OS10 switch, enter the RESTCONF endpoint and JSON contents in the curl command. Note how the JSON type and name parameters are displayed in the XML structure of the interface vlan command.
System Configure system hostname RESTCONF endpoint /restconf/data/dell-system:system/hostname JSON content { } Parameters Example • "hostname":"MyHost" hostname string —Enter the hostname of the system. The default is OS10. curl -X PATCH -k -u admin:admin -H "Content-Type: application/json" https://10.11.86.
} Parameters Example 1150 • } "address": { "primary-addr":"6.6.6.6/24" } primary-addr ip-address/prefix-length — Enter the loopback IP address in dotted-decimal A.B.C.D/x format. curl -X POST -k -u admin:admin "https://10.11.86.113/restconf/data/interfaces/ interface/loopback1" -H "accept: application/json" -H "Content-Type: application/json" -d '{"dell-ip:ipv4":{"address": {"primary-addr":"6.6.6.
20 Troubleshoot OS10 Critical workloads and applications require constant availability. Dell EMC Networking offers tools to help you monitor and troubleshoot problems before they happen.
Unit Type Part Number Rev Piece Part ID Svc Tag Exprs Svc Code -----------------------------------------------------------------------------------------------* 1 S4048ON 0J09D3 X01 TW-0J09D3-28298-49Q-0119 FFD7VS1 335 809 304 65 1 S4048ON-PWR-2-UNKNOWN 0T9FNW X01 TW-0T9FNW-28298-49Q-0041 AEIOU## 226 457 410 55 1 S4048ON-FANTRAY-1 0MGDH8 X01 TW-0MGDH8-28298-49Q-0361 AEIOU## 226 457 410 55 1 S4048ON-FANTRAY-2 0MGDH8 X01 TW-0MGDH8-28298-49Q-0360 AEIOU## 226 457 410 55 1 S4048ON-FANTRAY-3 0MGDH8 X01 TW-0MGDH8-2
Tasks: 208 total, %Cpu(s): 9.7 us, KiB Mem: 3998588 KiB Swap: 399856 PID USER PR 9 root 20 819 snmp 20 30452 admin 20 1 root 20 2 root 20 3 root 20 5 root 0 7 root 20 8 root 20 10 root 20 11 root 20 12 root 20 13 root rt 14 root rt 15 root rt 16 root rt 17 root 20 19 root 0 20 root 0 21 root 20 22 root 0 23 root 20 24 root 0 25 root 25 --more-- 2 running, 204 sleeping, 0 stopped, 2 zombie 3.9 sy, 0.3 ni, 85.8 id, 0.0 wa, 0.0 hi, 0.3 si, 0.
Packet analysis Use the Linux tcpdump command to analyze network packets. Use filters to limit packet collection and output. You must be logged into the Linux shell to use this command. For more information, seeLog into OS10 Device. Use the Linux tcpdump command without parameters to view packets that flow through all interfaces. To write captured packets to a file, use the -w parameter. To read the captured file output offline, you can use open source software packages such as wireshark.
07:00.1 USB controller: Pericom Semiconductor PI7C9X442SL USB OHCI Controller (rev 01) 07:00.2 USB controller: Pericom Semiconductor PI7C9X442SL USB EHCI Controller (rev 01) 08:00.0 Ethernet controller: Intel Corporation 82574L Gigabit Network Connection Test network connectivity Use the ping and traceroute commands to test network connectivity. When you ping an IP address, you send packets to a destination and wait for a response. If there is no response, the destination is not active.
----------------------------------------------Hops Hostname Probe1 Probe2 Probe3 1 100::1 000.000 ms 000.000 ms 000.000 ms OS10# traceroute 3ffe:501:ffff:100:201:e8ff:fe00:4c8b Type Ctrl-C to abort. ----------------------------------------------Tracing the route to 3ffe:501:ffff:100:201:e8ff:fe00:4c8b, 64 hops max, 60 byte packets ----------------------------------------------Hops Hostname Probe1 Probe2 Probe3 1 3ffe:501:ffff:100:201:e8ff:fe00:4c8b 000.000 ms 000.000 ms 000.
Product Base : ECS Gen3 Product Serial Number : APM001123 Product Part Number : 900-590-0 View tech-support details OS10# show tech-support --------------------show inventory-----------------------------Product : S6000-ON Description : S6000-ON 32x40GbE QSFP+ Interface Module Software version : 10.4.
Product Serial Number : Product Part Number : Unit Type Part Number Rev Piece Part ID Svc Tag Exprs Svc Code -----------------------------------------------------------------------------------------------* 1 S4048ON 0J09D3 X01 TW-0J09D3-28298-49Q-0119 FFD7VS1 335 809 304 65 1 S4048ON-PWR-2-UNKNOWN 0T9FNW X01 TW-0T9FNW-28298-49Q-0041 AEIOU## 226 457 410 55 1 S4048ON-FANTRAY-1 0MGDH8 X01 TW-0MGDH8-28298-49Q-0361 AEIOU## 226 457 410 55 1 S4048ON-FANTRAY-2 0MGDH8 X01 TW-0MGDH8-28298-49Q-0360 AEIOU## 226 457 410
location-led interface Changes the location LED of the interface. Syntax Parameters location-led interface ethernet {chassis/slot/port[:subport]} {on | off} • chassis/slot/port[:subport] — Enter the ethernet interface number. • on | off — Set the interface LED to be on or off. Default Not configured Command Mode EXEC Usage Information Use this command to change the location LED for the specified interface.
• -4 — (Optional) Uses the IPv4 route over the IPv6 route when both IPv4 as well as IPv6 default routes are configured, you must use the following option in the ping command: -4. For example, OS10# ping vrf management -4 dell.com. • -a — (Optional) Audible ping. • -A — (Optional) Adaptive ping. An inter-packet interval adapts to the round-trip time so that one (or more, if you set the preload option) unanswered probe is present in the network.
Default Not configured Command Mode EXEC Usage Information This command uses an ICMP ECHO_REQUEST datagram to receive an ICMP ECHO_RESPONSE from a network host or gateway. Each ping packet has an IPv4 and ICMP header, then a time value and a number of ''pad'' bytes used to fill out the packet. A ping operation sends a packet to a specified IP address and then measures the time that it takes to get a response from the address or device.
• -F flowlabel — (Optional) Sets a 20-bit flow label on echo request packets. If value is zero, the kernel allocates a random flow label. • -h — (Optional) Displays help for this command. • -i interval — (Optional) Enter the interval in seconds to wait between sending each packet, the default is 1 second.
With the -I option, if you ping a reachable IP address using the IP address of a loopback interface as the source interface, the ping succeeds. However, if you ping a reachable IP address using the name of the loopback interface as the source interface, the ping fails. This is because the system considers the loopback interface as the egress interface. Example OS10# ping6 20::1 PING 20::1(20::1) 56 data bytes 64 bytes from 20::1: icmp_seq=1 ttl=64 time=2.07 ms 64 bytes from 20::1: icmp_seq=2 ttl=64 time=2.
show diag Displays diagnostic information for port adapters and modules. Syntax show diag Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show diag 00:00.0 Host bridge: Intel Corporation Atom processor C2000 SoC Transaction Router (rev 02) 00:01.0 PCI bridge: Intel Corporation Atom processor C2000 PCIe Root Port 1 (rev 02) 00:02.0 PCI bridge: Intel Corporation Atom processor C2000 PCIe Root Port 2 (rev 02) 00:03.
------------------------------------1 up 43 Thermal sensors Unit Sensor-Id Sensor-name Temperature -----------------------------------------------------------------------------1 1 CPU On-Board temp sensor 32 1 2 Switch board temp sensor 28 1 3 System Inlet Ambient-1 temp sensor 27 1 4 System Inlet Ambient-2 temp sensor 25 1 5 System Inlet Ambient-3 temp sensor 26 1 6 Switch board 2 temp sensor 31 1 7 Switch board 3 temp sensor 41 1 8 NPU temp sensor 43 Supported Releases 10.2.
1 1 Supported Releases S4048ON-FANTRAY-2 S4048ON-FANTRAY-3 0MGDH8 0MGDH8 X01 X01 TW-0MGDH8-28298-49Q-0360 TW-0MGDH8-28298-49Q-0359 AEIOU## AEIOU## 10.2.0E or later show processes View process CPU utilization information. Syntax show processes node-id node-id-number [pid process-id] Parameters • node-id-number — Enter the Node ID number as 1. • process-id — (Optional) Enter the process ID number, from 1 to 2147483647.
Supported Releases 10.3.0E or later show system Displays system information. Syntax Parameters show system [brief | node-id] • brief — View an abbreviated list of the system information. • node-id — View the node ID number.
Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Example (brief) 1/1/1 1/1/2 1/1/3 1/1/4 1/1/5 1/1/6 1/1/7 1/1/8 1/1/9 1/1/10 1/1/11 1/1/12 1/1/13 1/1/14 1/1/15 1/1/16 1/1/17 1/1/18 1/1/19 1/1/20 1/1/21 1/1/22 1/1/23 1/1/24 1/1/25 1/1/26 1/1/27 1/1/28 1/1/29 1/1/30 1/1/31 1/1/32 1/1/33 1/1/34 1/1/35 1/1/36 1/1/37 1/1/38 1/1/39 1/1/40 1/1/41 1
1 2 not-present up UNKNOWN NORMAL 1 10704 up -- Fan Status -FanTray Status AirFlow Fan Speed(rpm) Status ---------------------------------------------------------------1 up NORMAL 1 9929 up 2 9980 up Supported Releases 2 up NORMAL 1 2 10095 10082 up up 3 up NORMAL 1 2 9867 10173 up up 10.2.0E or later traceroute Displays the routes that packets take to travel to an IP address. Syntax Parameters traceroute [vrf {management | vrf-name}] host [-46dFITnreAUDV] [-f first_ttl] [-g gate,...
– --mtu — (Optional) Discovers the maximum transmission unit (MTU) from the path being traced. – --back — (Optional) Prints the number of backward hops when different from the forward direction. – host — (Required) Enter the name or IP address of the destination device. – packet_len — (Optional) Enter the total size of the probing packet. The default is 60 bytes for IPv4 and 80 for IPv6. Default Not configured Command Mode EXEC Usage Information None Example OS10# traceroute www.dell.
8 Verify linuxadmin user's password status and unlock, if locked (indicated by L, in the second column of passwd -S). root@OS10:~# passwd -S linuxadmin linuxadmin L 10/01/2018 0 99999 7 -1 root@OS10:~# passwd -u linuxadmin passwd: password expiry information changed. 9 Enter linuxadmin for the username at the system prompt. root@OS10: /# linuxadmin 10 Enter your password at the system prompt, then enter the new password twice.
Percent complete: 100% Erase complete. Deleting partition 6 from /dev/sda Erasing internal mass storage device: /dev/sda7 (12461MB) Percent complete: 100% Erase complete. Deleting partition 7 from /dev/sda Installing for i386-pc platform. Installation finished. No error reported. Uninstall complete. Rebooting... ONIE:/ # discover: Rescue mode detected. No discover stopped. Stopping: dropbear ssh daemon... done. Stopping: telnetd... done. Stopping: syslogd... done.
1 Enter SupportAssist mode from CONFIGURATION mode. support-assist 2 (Optional) Configure the SupportAssist server URL or IP address in SUPPORT-ASSIST mode. server url server-url 3 (Optional) Configure the interface used to connect to the SupportAssist server in SUPPORT-ASSIST mode. source-interface interface 4 (Optional) Configure the contact information for your company in SUPPORT-ASSIST mode.
Set company name You can optionally configure name, address and territory information. Although this information is optional, it is used by Dell EMC Technical Support to identify which company owns the device. 1 (Optional) Configure contact information in SUPPORT-ASSIST mode. contact-company name name 2 (Optional) Configure address information in SUPPORT-ASSIST mode. Use the no address command to remove the configuration.
Schedule activity Configure the schedule for a full transfer of data. The default schedule is a full data transfer weekly — every Sunday at midnight (hour 0 minute 0). • Configure full-transfer or log-transfer activities in EXEC mode. support-assist-activity {full—transfer} schedule {hourly | daily | weekly | monthly | yearly} – hourly min number — Enter the time to schedule an hourly task, from 0 to 59. – daily hour number min number — Enter the time to schedule a daily task, from 0 to 23 and 0 to 59.
Proxy username : Activity Enable State : Activity State -------------------------------coredump-transfer enabled event-notification enabled full-transfer enabled Scheduled Activity List : Activity Schedule Schedule created on -----------------------------------------------------------full-transfer weekly: on sun at 00:00 Sep 12,2016 18:57:40 Activity Status : Activity Status last start last success ------------------------------------------------------------------------coredump-transfer success Sep 12,2016
• full-transfer — Enables transfer of logs and technical support information. Default Enabled Command Mode SUPPORT-ASSIST Usage Information Use the no version of this command to remove the configuration. Example (Event) OS10(conf-support-assist)# activity event-notification enable Example (Full) OS10(conf-support-assist)# activity full-transfer enable Example (Turn Off) OS10(conf-support-assist)# no activity coredump-transfer enable Supported Releases 10.2.
email-address Configures the email address for the contact name. Syntax email—address address Parameters address — Enter the email address for the contact name. Default Not configured Command Mode SUPPORT-ASSIST Usage Information The no version of this command removes the configuration. Example OS10(conf-support-assist-Eureka-JohnJamesSmith)# email-address jjsmith@eureka.com Supported Releases 10.2.0E or later eula-consent Accepts or rejects the SupportAssist end-user license agreement (EULA).
• no-contact — Enter to select no-contact as the preferred contact method. Default No-contact Command Mode SUPPORT-ASSIST Usage Information The no version of this command removes the configuration. Example OS10(conf-support-assist-Eureka-JohnJamesSmith)# preferred-method email Supported Releases 10.2.0E or later proxy-server Configures a proxy IP address for reaching the SupportAssist server.
show support-assist eula Displays the EULA for SupportAssist. Syntax show support-assist eula Parameters None Default None Command Mode EXEC Usage Information Use the eula-consent support-assist accept command to accept the license agreement. Example OS10# show support-assist eula I accept the terms of the license agreement. You can reject the license agreement by configuring this command 'eula-consent support-assist reject.' By installing SupportAssist, you allow Dell, Inc.
Example OS10# show support-assist status EULA : Accepted Service : Enabled Contact-Company : DellCMLCAEOS10 Street Address : 7625 Smetana Lane Dr Bldg 7615 Cube F577 City : Minneapolis State : Minnesota Country : USA Zipcode : 55418 Territory : USA Contact-person : Michael Dale Email : abc@dell.com Primary phone : 555-123-4567 Alternate phone : Contact method : email Server(configured) : https://web.dell.
Example OS10(conf-support-assist)# source-interface ethernet 1/1/4 Supported Releases 10.4.0E(R1) or later street-address Configures the street address information for the company. Syntax street-address {address} Parameters address — Enter one or more addresses in double quotes. A maximum of 140 characters. Default Not configured Command Mode SUPPORT-ASSIST Usage Information Add spaces to the company street address by enclosing the address in quotes.
Usage Information The no version of this command removes the schedule activity. Example OS10# support-assist-activity full-transfer schedule daily hour 22 min 50 Supported Releases 10.2.0E or later territory Configures the territory for the company. Syntax territory territory Parameters territory — Enter the territory for the company. Default Not configured Command Mode CONFIG-SUPPORT-ASSIST Usage Information The no version of this command removes the company territory configuration.
sosreport generation start event May 11 22:9:43: collection task May 11 22:9:43: collection task %Node.1-Unit.1:PRI:OS10 %log-notice:SOSREPORT_GEN_STARTED: CLI completed; sosreport execution task started:All Plugin options %Node.1-Unit.1:PRI:OS10 %log-notice:SOSREPORT_GEN_STARTED: CLI completed; sosreport execution task started:All Plugin options output disabled output enabled Support bundle generation successful event Apr 19 bundle Apr 19 bundle 17:0:9: %Node.1-Unit.
• Informational — An informational error occurred but does not impact performance. Monitor an informational alarm until the condition changes. Triggered alarms are in one of these states: • Active — Alarms that are current and not cleared. • Cleared — Alarms that are resolved and the device has returned to normal operation. System logging You can change the system logging default settings using the severity level to control the type of system messages that log.
View system logs The system log-file contains system event and alarm logs. Use the show trace command to view the current syslog file. All event and alarm information is sent to the syslog server, if one is configured. The show logging command accepts the following parameters: • log-file — Provides a detailed log including both software and hardware saved to a file. • process-names — Provides a list of all processes currently running which can be filtered based on the process-name.
dn_mgmt_entity_ --More-- Environmental monitoring Monitors the hardware environment to detect temperature, CPU, and memory utilization.
alarm acknowledge Acknowledges an active alarm. Syntax alarm acknowledge sequence-number Parameters • sequence-number — Acknowledge the alarm corresponding to the sequence number. Default Not configured Command Mode EXEC Usage Information Use the show alarm command to view all active alarms. Use active alarm sequence numbers to acknowledge specific alarms. Example OS10# alarm acknowledge 1 Supported Releases 10.4.
show alarms details Displays details about active alarms.
5 6 Ack Cleared EQM_MORE_PSU_FAULT EQM_FANTRAY_FAULT Sun 10-07-2018 20:39:47 Sun 10-07-2018 22:39:47 /psu/1 /fantray/3 Example (Summary) OS10# show alarms history summary Alarm History Summary --------------------Total-count: 4 Raised-count: 3 Ack-count: 1 Cleared-count: 1 Stateless-count: 1 ------------------------------------------Supported Releases 10.4.3 or later show alarms sequence Displays information corresponding to the active alarm based on the sequence number that you specify.
Example OS10# show alarms index 1 Active-alarm details - 1 ------------------------------------------Index: 1 Sequence Number: 5 Severity: warning Type: 1081364 Source: Node.1-Unit.1 Name: EQM_THERMAL_WARN_CROSSED Description: Raise-time: Sep 20 0:16:52 Clear-time: New: true State: raised Supported Releases 10.2.0E or later show alarms severity Displays all active alarms corresponding to a specific severity level.
Raise-time: Ack-time: New: State: Sat 10-06-2018 0:1:5 Sun 10-07-2018 20:39:47 true raised Example (Minor) NOS# show alarms severity minor Active-alarm details - 1 ------------------------------------------Sequence Number: 4 Severity: minor Type: 1081375 Source: /psu/1 Name: EQM_MORE_PSU_FAULT Description: psu 2 is not working correctly Raise-time: Sun 10-07-2018 18:39:47 Ack-time: Sun 10-07-2018 20:39:47 New: true State: acknowledged ------------------------------------------- Supported Releases 10.4.
Command Mode EXEC Usage Information None Example OS10# clear logging log-file Proceed to clear the log file [confirm yes/no(default)]: Supported Releases 10.2.0E or later logging console Disables, enables, or configures the minimum severity level for logging to the console. Syntax logging console {disable | enable | severity} Parameters severity — Set the minimum logging severity level: • log-emerg — Set to unusable. • log-alert — Set to immediate action is needed.
Example OS10(config)# logging enable Supported Releases 10.2.0E or later logging log-file Disables, enables, or sets the minimum severity level for logging to the log file. Syntax logging log-file {disable | enable | severity} Parameters severity — Set the minimum logging severity level: • log-emerg — Set the system as unusable. • log-alert — Set to immediate action is needed. • log-crit — Set to critical conditions. • log-err — Set to error conditions.
• log-debug — Set to debug messages. Default Log-notice Command Mode CONFIGURATION Usage Information To reset the monitor severity to the default level, use the no logging monitor severity command. The default severity level is log-notice. Example OS10(config)# logging monitor severity log-info Supported Releases 10.2.0E or later logging server Configures the remote syslog server.
Supported Releases 10.2.0E or later show logging Displays system logging messages by log file, process-names, or summary. Syntax show logging {log-file [process-name | line-numbers] | process-names} Parameters • process-name — (Optional) Enter the process-name to use as a filter in syslog messages. • line-numbers — (Optional) Enter the number of lines to include in the logging messages, from 1 to 65535.
Example OS10# show trace May 23 17:10:03 OS10 base_nas: [NETLINK:NHEVENT]:ds_api_linux_neigh.c:nl_to_nei gh_info:109, Operation:Add-NH family:IPv4(2) flags:0x0 state:Failed(32) if-idx: 4 May 23 17:10:03 OS10 base_nas: [NETLINK:NHEVENT]:ds_api_linux_neigh.c:nl_to_nei gh_info:120, NextHop IP:192.168.10.
The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Dell EMC Network Operating System (OS10) *-* *-* Copyright (c) 1999-2017 by Dell Inc. All Rights Reserved.
Where can I find additional installation information for my specific device? See the Setup Guide shipped with your device or the platform-specific Installation Guide on the Dell EMC Support page at dell.com/ support.
Layer 2 How do I view the VLAN running configuration? Use the show vlan command to view all configured VLANs. Layer 3 How do I view IPv6 interface information? Use the show ipv6 route summary command. How do I view summary information for all IP routes? Use the show running-configuration command. How do I view summary information for the OSPF database? Use the show ip ospf database command. How do I view configuration of OSPF neighbors connected to the local router? Use the show ip ospf neighbor command.
How do I setup filters to automatically assign sequencer numbers for specific addresses? Use the seq deny or seq permit commands for specific packet filtering. How do I view access-list and access-group information? Use the show {ip | mac | ipv6} access-group and show {ip | mac | ipv6} access-list commands.
Use the show logging command to view messages by log file or process name.
21 Support resources The Dell EMC Support site provides a range of documents and tools to assist you with effectively using Dell EMC devices. Through the support site you can obtain technical information regarding Dell EMC products, access software upgrades and patches, download available management software, and manage your open cases. The Dell EMC support site provides integrated, secure access to these services. To access the Dell EMC Support site, go to www.dell.com/support/.