OS10 Enterprise Edition User Guide Release 10.3.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2017 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Getting Started.............................................................................................................................................18 Download OS10 image and license................................................................................................................................. 19 Installation......................................................................................................................................................................
feature config-os9-style........................................................................................................................................... 45 exit............................................................................................................................................................................... 46 license...........................................................................................................................................................
description (Interface)............................................................................................................................................... 74 duplex...........................................................................................................................................................................74 fec...............................................................................................................................................................
Organizationally-specific TLVs.................................................................................................................................112 Media endpoint discovery........................................................................................................................................ 113 Network connectivity device...................................................................................................................................
EdgePort forward traffic..........................................................................................................................................170 Spanning-tree extensions.........................................................................................................................................171 RSTP commands...................................................................................................................................................... 172 Virtual LANs.
Additional paths........................................................................................................................................................ 212 MED attributes..........................................................................................................................................................212 Local preference attribute.......................................................................................................................................
Troubleshoot OSPF.................................................................................................................................................. 271 OSPFv3..................................................................................................................................................................... 272 OSPF commands.....................................................................................................................................................
Source IP address.................................................................................................................................................... 349 Authentication..........................................................................................................................................................349 NTP commands.......................................................................................................................................................
Match routes.................................................................................................................................................................. 384 Set conditions................................................................................................................................................................ 384 continue Clause...........................................................................................................................................
permit (IPv6)............................................................................................................................................................406 permit (MAC)...........................................................................................................................................................406 permit icmp.............................................................................................................................................................
match ip address......................................................................................................................................................434 match ip next-hop................................................................................................................................................... 435 match ipv6 address.................................................................................................................................................
Control-plane policing.................................................................................................................................................... 461 Configure control-plane policing............................................................................................................................ 462 Assign service-policy...............................................................................................................................................
show interface priority-flow-control......................................................................................................................484 show qos interface.................................................................................................................................................. 484 show policy-map......................................................................................................................................................
9 Converged data center services................................................................................................................. 510 Priority flow control........................................................................................................................................................510 PFC configuration notes...........................................................................................................................................511 Configure PFC......
Restore factory defaults................................................................................................................................................ 571 SupportAssist................................................................................................................................................................. 572 Configure SupportAssist.........................................................................................................................................
1 Getting Started Dell EMC Networking OS10 Enterprise Edition is a network operating system supporting multiple architectures and environments. The networking world is moving from a monolithic stack to a pick-your-own-world. The OS10 solution is designed to allow disaggregation of the network functionality.
Download OS10 image and license OS10 Enterprise Edition is available for download from the Dell Digital Locker (DDL). Release 10.3.0E or later requires a perpetual license to run beyond the 120-day trial license period. See the Quick Start Guide shipped with your device and My Account FAQs for more information.
Once you download the OS10 Enterprise Edition image, unzip the .tar file. Some Windows unzip applications insert extra carriage returns (CR) or line feeds (LF) when they extract the contents of a .tar file, which may corrupt the downloaded OS10 binary image. Turn off this option if you use a Windows-based tool to untar an OS10 binary file. Once you unzip the OS10 Enterprise Edition and download the license, see Installation and Install license for complete installation and license information.
Automatic installation You can automatically (zero-touch) install an OS10 image on a Dell ONIE-enabled device. Once the device successfully boots to ONIE: Install OS, auto-discovery obtains the hostname, domain name, Management interface IP address, as well as the IP address of the DNS name server(s) on your network from the DHCP server and DHCP options. The ONIE automatic-discovery process locates the stored software image, starts installation, then reboots the device with the new software image.
The ONIE auto-discovery process discovers the image file at the specified USB path, loads the software image, and reboots. Log into OS10 To log in to OS10 Enterprise Edition, power up the device and wait for the system to perform a power-on self test (POST). Enter admin for both the default user name and user password. For better security, change the default admin password during the first OS10 login. The system saves the new password for future logins.
Verify license installation OS10# show license status System Information -----------------------------------------Vendor Name : DELL Product Name : S4048-ON Hardware Version: A00 Platform Name : S4048-ON PPID : CN0M68YC2829855M0133 Service Tag : CFNNX42 License Details ---------------Software : OS10-Enterprise Version : 10.3.0E License Type : PERPETUAL License Duration: Unlimited License Status : Active License location: /mnt/license/CFNNX42.
Configure Management IP address To remotely access OS10, assign an IP address to the Management port. • Configure the management interface from CONFIGURATION mode. interface mgmt node/slot/port • Configure an IPv4 or IPv6 address on the Management interface in INTERFACE mode. ip address A.B.C.D/mask ipv6 address A:B/prefix-length • Enable the Management interface in INTERFACE mode. no shutdown • Save the configuration.
Configure user name and password To set up remote access to OS10, create a new user name and password after you configure the Management port and default route. • Create a user name and password in CONFIGURATION mode. username username [encryption-type] password password • username username — Enter a text string (up to 63 alphanumeric characters). • encryption-type — (Optional) Enter an encryption type for the password: • • • 0 — Store the password as clear text (default).
Key CLI features Consistent command names Commands that provide the same type of function have the same name, regardless of the portion of the system on which they are operating. For example, all show commands display software information and statistics, and all clear commands erase various types of system information. Available commands Information about available commands is provided at each level of the CLI command hierarchy.
quit Leaves or exits the CLI. CONFIGURATION Mode When you initially log in to OS10, you are automatically placed in EXEC mode by default. To access CONFIGURATION mode, enter the configure terminal command. Use CONFIGURATION mode to manage interfaces, protocols, and features. Interface mode is a sub-mode of CONFIGURATION mode.
license location-led lock move no ping ping6 reload show support-assist-activity system terminal traceroute unlock validate write License and digital fulfillment commands Set location LED Lock candidate configuration Perform a file move/rename operation on local filesystem No commands under exec mode ping -h shows help ping6 -h shows help Reboot Dell EMC Networking Operating System Show running system information Support Assist related activity System command Set terminal settings traceroute --help shows h
vlt-domain vrrp VLT domain configurations Configure VRRP global attributes Check device status Use show commands to check the status of a device and monitor activities. • Enter show ? from EXEC mode to view a list of commands to monitor a device.
uptime users the session id version vlan vlt vrrp Show the system uptime Show the current list of users logged into the system , and show Show Vlan Show VRRP the software version on the system status and configuration VLT domain info group status • Enter show command-history from EXEC mode to view trace messages for each executed command.
Candidate configuration When you enter OS10 configuration commands, changes do not take effect immediately and are stored in a candidate configuration file. The configuration changes become active on the network device only after you commit the changes with the commit command. Changes in the candidate configuration are validated and applied to the running configuration. The candidate configuration allows you to avoid introducing errors during an OS10 configuration session.
interface breakout 1/1/14 map 40g-1x interface breakout 1/1/15 map 40g-1x interface breakout 1/1/16 map 40g-1x interface breakout 1/1/17 map 40g-1x interface breakout 1/1/18 map 40g-1x interface breakout 1/1/19 map 40g-1x interface breakout 1/1/20 map 40g-1x interface breakout 1/1/21 map 40g-1x interface breakout 1/1/22 map 40g-1x interface breakout 1/1/23 map 40g-1x interface breakout 1/1/24 map 40g-1x interface breakout 1/1/25 map 40g-1x interface breakout 1/1/26 map 40g-1x interface breakout 1/1/27 map 4
interface breakout 1/1/20 map 40g-1x interface breakout 1/1/21 map 40g-1x interface breakout 1/1/22 map 40g-1x interface breakout 1/1/23 map 40g-1x interface breakout 1/1/24 map 40g-1x interface breakout 1/1/25 map 40g-1x interface breakout 1/1/26 map 40g-1x interface breakout 1/1/27 map 40g-1x interface breakout 1/1/28 map 40g-1x interface breakout 1/1/29 map 40g-1x interface breakout 1/1/30 map 40g-1x interface breakout 1/1/31 map 40g-1x interface breakout 1/1/32 map 40g-1x ipv6 forwarding enable username
Backup or restore configuration The running configuration contains the current system configuration which can be copied to a server for backup and restore purposes. The startup configuration file is maintained in the config system folder and is called system.xml. When you make changes to configuration files, use the reload command to reboot OS10 with the updated configuration.
Type Boot Type Active Standby Next-Boot ------------------------------------------------------------------Node-id 1 Flash Boot [A] 10.2.9999E [B] 10.2.9999E [B] standby Filter show commands You can filter show command output to view specific information, or start the command output at the first instance of a regular expression or phrase. display-xml Displays in XML format.
Create alias OS10# alias showint "show interface $*" OS10(config)# alias goint "interface ethernet $1" OS10(config)# commit View alias status OS10# showint status --------------------------------------------------------------------------------Port Description Status Speed Duplex Mode Vlan Tagged-Vlans --------------------------------------------------------------------------------Eth 1/1/1 up 40G A 1 Eth 1/1/2 up 40G A 1 Eth 1/1/3 up 40G A 1 Eth 1/1/4 up 40G A 1 Eth 1/1/5 up 40G A 1 Eth 1/1/6 up 40G A 1 Eth
---govlt goint shconfig showint shver ---Config Config Local Local Local ----"vlt-domain..." "interface ..." "show runni..." "show inter..." "show versi...
ip address 172.17.4.1/24 no switchport no shutdown Linux shell commands You can execute a single command, or a series of commands using a batch file from the Linux shell. • Use the -c option to run a single command. admin@OS10:/opt/dell/os10/bin$ clish -c "show version" New user admin logged in at session 10 Dell Networking OS10-Enterprise Copyright (c) 1999-2017 by Dell Inc. All Rights Reserved. OS Version: 10.2.9999E Build Version: 10.2.9999E(3764) Build Time: 2017-02-09T06:02:58.
Dell EMC Networking OS10-Enterprise Copyright (c) 1999-2017 by Dell Inc. All Rights Reserved. OS Version: 10.3.0000E Build Version: 10.3.0000E(4181) Build Time: 2017-04-02T18:00:38.375-07:00 System Type: S6000-ON Architecture: x86_64 Up Time: 1 week 05:36:38 OS9 environment commands You can configure commands in an OS9 environment by using the feature config-os9-style command. The current release supports VLAN tagging and port-channel grouping commands.
Default Not configured Command Mode EXEC Usage Information Use this command to create a shortcut to long commands along with arguments. Use the numbers 1 to 9 along with the $ to provide input parameters. You need to commit the command aliases that you create or delete in the CONFIGURATION mode. The no version of this command deletes an alias. Use the do alias command in CONFIGURATION mode.
Command Mode EXEC Usage Information Use this command to create a batch command file on a remote machine. Copy the command file to your switch (for example, to your home directory). Enter the batch command to execute commands in the file in batch mode. OS10 automatically commits all commands in a batch file; you do not have to enter the commit command. To display the files stored in the home directory, enter dir home. Use the dir home command to view the files stored in the home directory.
Supported Releases 10.2.0E or later configure Enters CONFIGURATION mode from EXEC mode. Syntax configure {terminal} Parameters terminal — Enters CONFIGURATION mode from EXEC mode. Default Not configured Command Mode EXEC Usage Information Enter conf t for auto-completion. Example OS10# configure terminal OS10(config)# Supported Releases 10.2.0E or later copy Copies the current running configuration to the startup configuration and transfers files between an OS10 switch and a remote device.
2017-02-15_19-05-09.gz OS10# copy coredump://core.netconfd-pro.2017-02-15_19-05-09.gz scp:// os10user:os10passwd@10.11.222.1:/home/os10/core.netconfd-pro.2017-02 -15_19-05-09.gz Example (copy startup configuration) OS10# dir config Directory contents for Date (modified) --------------------2017-02-15T20:38:12Z startup.xml folder: config Size (bytes) Name ------------ -----------------------------------------54525 OS10# copy config://startup.xml scp://os10user:os10passwd@10.11.222.1:/home/ os10/backup.
Example OS10# delete startup-configuration Supported Releases 10.2.0E or later dir Displays files stored in available directories. Syntax dir [config | coredump | home | image | supportbundle | usb] Parameters • config — (Optional) Folder containing configuration files. • coredump — (Optional) Folder containing coredump files. • home — (Optional) Folder containing files in user's home directory. • image — (Optional) Folder containing image files.
do Executes most commands from all CONFIGURATION modes without returning to EXEC mode. Syntax do command Parameters command — Enter an EXEC-level command. Default Not configured Command Mode INTERFACE Usage Information None Example OS10(config)# interface ethernet 1/1/7 OS10(conf-if-eth1/1/7)# no shutdown OS10(conf-if-eth1/1/7)# do show running-configuration ... ! interface ethernet1/1/7 no shutdown ! ... Supported Releases 10.2.
exit Returns to the next higher command mode. Syntax exit Parameters None Default Not configured Command Mode All Usage Information None Example OS10(conf-if-eth1/1/1)# exit OS10(config)# Supported Releases 10.2.0E or later license Installs a license file from a local or remote location. Syntax license install [ftp: | http: | localfs: | scp: | sftp: | tftp: | usb:] filepath Parameters • ftp: — (Optional) Install from remote file system (ftp://userid:passwd@hostip/filepath).
lock Locks the candidate configuration to disable modification. Syntax lock Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# lock Supported Releases 10.2.0E or later management route Configures an IPv4/IPv6 static route used by the Management port. Repeat the command to configure multiple management routes.
move Moves or renames a file on the config or home system directories. Syntax move [config: | home: | usb:] Parameters • config: — Move from configuration directory (config://filepath). • home: — Move from home directory (home://filepath). • usb: — Move from USB file system (usb://filepath). Default Not configured Command Mode EXEC Usage Information Use the dir config command to view the directory contents. Example OS10# move config://startup.xml config://startup-backup.
reload Reloads the software and reboots the ONIE-enabled device. Syntax reload Parameters None Default Not configured Command Mode EXEC Usage Information Use caution while using this command, as it reloads the OS10 image and reboots the device. Example OS10# reload Proceed to reboot the system? [confirm yes/no]:y Supported Releases 10.2.0E or later show alias Displays configured alias commands available in both persistent and non-persistent modes.
Example (detail) OS10# show alias detail Name Type ------govlt Config goint Config shconfig Local showint Local shver Local Value ----"vlt-domain $1" "interface ethernet $1" "show running-configuration" "show interface $*" "show version" Number of config aliases : 2 Number of local aliases : 3 Supported Releases 10.3.0E or later show boot Displays detailed information about the boot image.
| prefix-list | qos-map | radius-server | route-map | sflow | snmp | spanningtree | support-assist | system-qos | trust-map | users | vlt] Parameters • aaa — (Optional) Current candidate AAA configuration. • access-list — (Optional) Current candidate access-list configuration. • as-path — (Optional) Current candidate as-path configuration. • bgp — (Optional) Current candidate BGP configuration. • class-map — (Optional) Current candidate class-map configuration.
interface ethernet1/1/1 switchport access vlan no shutdown ! interface ethernet1/1/2 switchport access vlan no shutdown ! interface ethernet1/1/3 switchport access vlan no shutdown ! interface ethernet1/1/4 switchport access vlan no shutdown ! interface ethernet1/1/5 switchport access vlan no shutdown ! --more-Example (compressed) 1 1 1 1 1 OS10# show candidate-configuration compressed username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/ VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgN
Command Mode EXEC Usage Information None Example OS10# show environment Unit State Temperature ------------------------------------1 up 43 Thermal sensors Unit Sensor-Id Sensor-name Temperature ---------------------------------------------------------1 1 T2 temp sensor 31 1 2 system-NIC temp sensor 21 1 3 Ambient temp sensor 24 1 4 NPU temp sensor 43 Supported Releases 10.2.0E or later show inventory Displays system inventory information.
• static — (Optional) Display non-active management routes. Default Not configured Command Mode EXEC Usage Information Use this command to view the IPv4 static routes configured for the management port. Use the management route command to configure an IPv4 or IPv6 management route. Example OS10# show ip management-route Destination Gateway State Source ----------------------------------------------------------------192.168.10.0/24 managementethernet Connected Connected Supported Releases 10.2.
Usage Information Use this command to view the show license status command to verify the current license for running OS10, its duration, and the service tag of the switch to which it is assigned.
• prefix-list — (Optional) Current operating prefix-list configuration. • qos-map — (Optional) Current operating qos-map configuration. • radius-server — (Optional) Current operating radius-server configuration. • route-map — (Optional) Current operating route-map configuration. • sflow — (Optional) Current operating sFlow configuration. • snmp — (Optional) Current operating SNMP configuration. • spanning-tree — (Optional) Current operating spanning-tree configuration.
logging monitor disable ip route 0.0.0.0/0 10.11.58.1 ! interface range ethernet 1/1/1-1/1/32 switchport access vlan 1 no shutdown ! interface vlan 1 no shutdown ! interface mgmt1/1/1 ip address 10.11.58.145/8 no shutdown ipv6 enable ipv6 address autoconfig ! support-assist ! policy-map type application policy-iscsi ! class-map type application class-iscsi ! class-map type qos class-trust Supported Releases 10.2.
switchport access vlan 1 no shutdown ! --more-Example (compressed) OS10# show startup-configuration compressed username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/ VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH. aaa authentication local snmp-server contact http://www.dell.com/support snmp-server location "United States" ip route 0.0.0.0/0 10.11.58.
System Location LED Required Type Current Type Hardware Revision Software Version Bios Version Physical Ports : : : : : : : off S6000 S6000 A02 10.2.9999E 3.20.0.
-- Unit -Unit Status ReqType CurType Version ---------------------------------------------------------------1 up S6000 S6000 10.2.
Command Mode EXEC Usage Information None Example OS10# system bash admin@OS10:~$ pwd /config/home/admin admin@OS10:~$ exit OS10# Supported Releases 10.2.0E or later terminal Sets the number of lines to display on the terminal and enables logging. Syntax Parameters terminal {length lines | monitor} • length lines — Enter the number of lines to display on the terminal (0 to 512, default 24). • monitor — Enables logging on the terminal.
• -q nqueries — (Optional) Enter the number of probe packets per hop (default 3). • -N squeries — (Optional) Enter the number of probe packets that are sent out simultaneously to accelerate traceroute (default 16). • -t tos — (Optional) For IPv4, enter the Type of Service (TOS) and Precedence values to use. 16 sets a low delay; 8 sets a high throughput. • -UL — (Optional) Use UDPLITE for tracerouting (default port is 53).
Example OS10# unlock Supported Releases 10.2.0E or later write Copies the current running configuration to the startup configuration file. Syntax write {memory} Parameters memory — Copy the current running configuration to the startup configuration. Default Not configured Command Mode EXEC Usage Information This command has the same effect as the copy running-configuration startup-configuration command.
2 Interfaces You can configure and monitor physical interfaces (Ethernet), port-channels, and VLANs in L2 or L3 modes. Table 1.
A trunk interface carries VLAN traffic that is tagged using 802.1q encapsulation. If an access interface receives a packet with an 802.1q tag in the header that is different from the access VLAN ID, it drops the packet. By default, a trunk interface carries only untagged traffic on the access VLAN — you must manually configure other VLANs for tagged traffic. 1 Select one of the two available options: • Configure L2 trunking in INTERFACE mode and the tagged VLAN traffic that the port can transmit.
Management interface The Management interface provides management access to the network device. You can configure the Management interface, but the configuration options on this interface are limited. You cannot configure gateway addresses and IP addresses if it appears in the main routing table, and proxy ARP is not supported on this interface. 1 Enter 1/1/1 to configure the Management interface in CONFIGURATION mode (1 to 6).
• Enter the loopback interface number in CONFIGURATION mode (0 to 16383). interface loopback number • Enter the loopback interface number to view the configuration in EXEC mode. show interface loopback number • Enter the loopback interface number to delete a loopback interface in CONFIGURATION mode. no interface loopback number View loopback interface OS10# show interface loopback 4 Loopback 4 is up, line protocol is up Hardware is unknown. Interface index is 102863300 Internet address is 120.120.120.
2 Ensure that the port-channel is active in PORT-CHANNEL mode. no shutdown 3 Save the configuration. do commit Create port-channel OS10(config)# interface port-channel 10 OS10(conf-if-po-10)# no shutdown OS10(conf-if-po-10)# do commit Add port member When you add a port interface to a port-channel: • The port-channel configuration and administrative status are applied to member interfaces. • A port-channel operates in either L2 (default) or L3 mode.
Minimum links Configure minimum links in a port-channel (LAG) that must be in oper up status to consider the port-channel to be in oper up status. 1 Enter the number of links in a LAG that must be in oper up status in PORT-CHANNEL mode (1 to 32, default 1). minimum-links number 2 Save the configuration.
For packets without a L3 header, OS10 automatically uses the load-balancing mac—selection destination-mac command for hash algorithms by default. Do not configure IP hashing or MAC hashing at the same time. If you configure an IP and MAC hashing scheme at the same time, the MAC hashing scheme takes precedence over the IP hashing scheme. 1 2 Select one or more methods of load balancing and replace the default IP 4-tuple method of balancing traffic over a port-channel in CONFIGURATION mode.
NOTE: Ensure that non-existing interfaces are excluded from the interface range during bulk interface configuration. When creating an interface range, interfaces appear in the order they were entered and are not sorted. Configure range of Ethernet addresses OS10(config)# interface range ethernet 1/1/7-1/1/8 OS10(conf-range-eth1/1/7-1/1/8)# Configure FEC Forward error correction (FEC) is a digital signal processing technique used to enhance data reliability.
• ethernet node/slot/port[:subport] — Display Ethernet interface information. • loopback id — Display loopback interface information (0 to 16383). • mgmt node/slot/port — Display Management interface information. • port-channel id-number — Display port-channel interface information (1 to 128). • vlan vlan-id — Display the VLAN interface information (1 to 4094).
no ip address shutdown ! interface Ethernet 2/7 no ip address shutdown ! interface Ethernet 2/8 no ip address shutdown ! interface Ethernet 2/9 no ip address shutdown ... View L3 interfaces OS10# show ip interface brief Interface IP-Address TenGigabitEthernet 1/1/1 unassigned TenGigabitEthernet 1/2/1 unassigned TenGigabitEthernet 1/3/1 unassigned TenGigabitEthernet 1/4/1 unassigned TenGigabitEthernet 1/5/1 unassigned TenGigabitEthernet 1/6/1 10.10.10.
Usage Information The no version of this command resets the value to the default, and unassigns the interface from the port-channel group. Example OS10(config)# interface ethernet 1/1/2:1 OS10(conf-if-eth1/1/2:1)# channel-group 20 mode active Supported Releases 10.3.0E or later description (Interface) Configures a textual description of an interface. Syntax description string Parameters string — Enter a text string for the interface description (up to 40 characters).
Supported Releases 10.3.0E or later fec Configures Forward Error Correction on 25G, 50G, and 100G interfaces. Syntax Parameters Defaults fec {CL74-FC | CL91-RS | CL108-RS | off} • CL74-FC — Supports 25G and 50G • CL91-RS — Supports 100G • CL108-RS — Supports 25G and 50G • off — Disables FEC • For 25G and 50G interfaces: off • For 100G interfaces: CL91-RS Command Mode CONFIGURATION Usage Information The no version of this command resets the value to the default.
interface ethernet Configures a physical Ethernet interface. Syntax interface ethernet node/slot/port:subport Parameters node/slot/port:subport — Enter the Ethernet interface information. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes the interface. Example OS10(config)# interface ethernet 1/1/10:1 OS10(conf-if-eth1/1/10:1)# Supported Releases 10.2.0E or later interface loopback Configures a loopback interface.
interface null Configures a null interface on the switch. Syntax interface null number Parameters number — Enter the interface number to set as null (0). Default 0 Command Mode CONFIGURATION Usage Information You cannot delete the Null interface. The only configuration command possible in a Null interface is ip unreachables. Example OS10(config)# interface null 0 OS10(conf-if-nu-0)# Supported Releases 10.3.0E or later interface port-channel Creates a port-channel interface.
Usage Information Enter up to six comma-separated interface ranges without spaces between commas. When creating an interface range, interfaces are not sorted and appear in the order entered. You cannot mix interface configuration such as Ethernet ports with VLANs. • Bulk configuration is created if at least one interface is valid. • Non-existing interfaces are excluded from the bulk configuration with a warning message.
Supported Releases 10.2.0E or later mgmt Configures the specified VLAN as the management VLAN. Syntax mgmt Parameters None Default Not configured Command Mode VLAN INTERFACE Usage Information Use the no version of this command to remove the configuration. Example OS10(config)# interface vlan 11 OS10(conf-if-vl-11)# mgmt Supported Releases 10.3.0E or later mtu Sets the link maximum transmission unit (MTU) frame size for an Ethernet L2 or L3 interface.
show interface Displays interface information Syntax show interface [type] Parameters interface type — Enter the interface type: • phy-eth node/slot/port[:subport] — Display information about physical ports connected to the interface. • status — Display interface status. • ethernet node/slot/port[:subport] — Display Ethernet interface information. • fibre-channel — Display fibre-channel interface information. • loopback id — Display loopback IDs (0 to 16383).
--more-Example (for port channel interface) OS10# show interface port-channel 1 Port-channel 1 is up, line protocol is down Address is 90:b1:1c:f4:a5:8c, Current address is 90:b1:1c:f4:a5:8c Interface index is 85886081 Internet address is not set Mode of IPv4 Address Assignment: not set MTU 1532 bytes LineSpeed 0 Minimum number of links to bring Port-channel up is 1 Maximum active members that are allowed in the portchannel is 5 Members in this channel: ARP type: ARPA, ARP Timeout: 60 OS10# show interface
Example OS10(conf-if-eth1/1/4)# do show port-channel summary Flags: D - Down I - member up but inactive P - member up and active U - Up (port-channel) Group Port-Channel Type Protocol Member Ports 22 port-channel22 (U) Eth STATIC 1/1/2(D) 1/1/3(P) 23 port-channel23 (D) Eth DYNAMIC 1/1/4(I) Example (Interface) OS10(conf-range-eth1/1/10-1/1/11,1/1/13,1/1/14)# do show port-channel summary Flags: D - Down U - member up but inactive P - member up and active U - Up (port-channel) Group Port-Channel Type Protoc
shutdown Disables an interface. Syntax shutdown Parameters None Default Disabled Command Mode INTERFACE Usage Information This command marks a physical interface as unavailable for traffic. Disabling a VLAN or a port-channel causes different behavior. When you disable a VLAN, the L3 functions within that VLAN are disabled, and L2 traffic continues to flow. Use the shutdown command on a port-channel to disable all traffic on the port-channel, and the individual interfaces.
switchport access vlan Assigns access VLAN membership to a port in L2 access or trunk mode. Syntax switchport access vlan vlan-id Parameters vlan vlan-id — Enter the VLAN ID number (1 to 4094). Default VLAN 1 Command Mode INTERFACE Usage Information This command enables L2 switching for untagged traffic and assigns a port interface to default VLAN 1. Use this command to change the assignment of the access VLAN that carries untagged traffic.
switchport trunk allowed vlan Configures the tagged VLAN traffic that a L2 trunk interface can carry. An L2 trunk port has no tagged VLAN membership and does not transmit tagged traffic. Syntax switchport trunk allowed vlan vlan-id-list Parameters vlan-id-list — Enter the VLAN numbers of the tagged traffic that the L2 trunk port can carry. Commaseparated and hyphenated VLAN number ranges are supported.
3 Layer 2 802.1X Verifies device credentials prior to sending or receiving packets using the extensible authentication protocol (see 802.1X Commands). Link Aggregation Control Protocol (LACP) Exchanges information between two systems and automatically establishes a LAG between the systems (see LACP Commands). Link Layer Discovery Enables a LAN device to advertise its configuration and receive configuration information from adjacent LLDPProtocol (LLDP) enabled infrastructure devices (see LLDP Commands).
NOTE: OS10 supports only RADIUS as the back-end authentication server. The authentication process involves three devices: • Supplicant — The device attempting to access the network performs the role of supplicant. Regular traffic from this device does not reach the network until the port associated to the device is authorized. Prior to that, only the supplicant can exchange 802.1x messages (EAPOL frames) with the authenticator.
6 If the identity information the supplicant provides is valid, the authentication server sends an Access Accept frame in which network privileges are specified. The authenticator changes the port state to authorize and forwards an EAP Success frame. If the identity information is invalid, the server sends an Access Reject frame. If the port state remains unauthorized, the authenticator forwards an EAP Failure frame. EAP over RADIUS 802.
Enable 802.1X 1 Enable 802.1X globally in CONFIGURATION mode. dot1x system-auth-control 2 Enter an interface or a range of interfaces in INTERFACE mode. interface range 3 Enable 802.1X on the supplicant interface only in INTERFACE mode. dot1x port-control auto 4 Save the configuration. do commit Configure and verify 802.
Identity retransmissions If the authenticator sends a Request Identity frame but the supplicant does not respond, the authenticator waits 30 seconds and then retransmits the frame. There are several reasons why the supplicant might fail to respond — the supplicant may have been booting when the request arrived, there may be a physical layer problem, and so on.
Failure quiet period If the supplicant fails the authentication process, the authenticator sends another Request Identity frame after 30 seconds by default. The quiet period is a transmit interval time after a failed authentication. The Request Identity Re-transmit interval is for an unresponsive supplicant. You can configure the interval for a maximum of 10 times for an unresponsive supplicant.
force-authorized (default) This is an authorized state. A device connected to this port does not use the authentication process but can communicate on the network. Placing the port in this state is same as disabling 802.1X on the port. forceauthorized is the default mode. force-unauthorized This is an unauthorized state. A device connected to a port does not use the authentication process but is not allowed to communicate on the network.
1 Re-authenticate the supplicant in INTERFACE mode (1 to 65535, default 3600). dot1x timeout re-authperiod seconds 2 Save the configuration. do commit Configure and verify reauthentication time period OS10(config)# interface range ethernet 1/1/7-1/1/8 OS10(conf-range-eth1/1/7-1/1/8)# dot1x re-authentication OS10(conf-range-eth1/1/7-1/1/8)# dot1x timeout re-authperiod 3600 OS10(conf-range-eth1/1/7-1/1/8)# do commit OS10(conf-range-eth1/1/7-1/1/8)# show dot1x interface ethernet 1/1/7 802.
Configure and verify server timeouts OS10(conf-range-eth1/1/7-1/1/8)# OS10(conf-range-eth1/1/7-1/1/8)# OS10(conf-range-eth1/1/7-1/1/8)# OS10(conf-range-eth1/1/7-1/1/8)# dot1x timeout supp-timeout 45 dot1x timeout server-timeout 60 do commit do show dot1x interface ethernet 1/1/7 802.
• multi-auth — Allows 802.1X authentication for each connected host. Default Multi-host Command Mode INTERFACE Usage Information The no version of this command resets the value to the default. Example OS10(conf-range-eth1/1/7-1/1/8)# dot1x host-mode multi-auth OS10(conf-range-eth1/1/7-1/1/8)# do commit Supported Releases 10.2.0E or later dot1x max-req Changes the maximum number of requests that the device sends to a supplicant before restarting 802.1X authentication.
dot1x re-authentication Enables periodic re-authentication of 802.1X supplicants. Syntax dot1x re-authentication Parameters None Default Disabled Command Mode INTERFACE Usage Information The no version of this command disables the periodic re-authentication of 8021.X supplicants. Example OS10(conf-range-eth1/1/7-1/1/8)# dot1x re-authentication OS10(conf-range-eth1/1/7-1/1/8)# do commit Supported Releases 10.2.
dot1x timeout server-timeout Sets the number of seconds that the device waits before retransmitting a packet to the authentication server. Syntax dot1x timeout server-timeout seconds Parameters server-timeout seconds — Enter the number of seconds for the 802.1X server timeout (1 to 65535). Default 30 seconds Command Mode INTERFACE Usage Information The no version of this command resets the value to the default.
show dot1x Displays global 802.1X configuration information. Syntax show dot1x Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show dot1x PAE Capability: Protocol Version: System Auth Control: Auth Server: Supported Releases Authenticator only 2 Enable Radius 10.2.0E or later show dot1x interface Displays 802.1X configuration information.
Example (when dot1x is not enabled globally) OS10# show dot1x interface 802.1x not enabled in the system OS10# Example (Ethernet) OS10# show dot1x interface ethernet 1/1/7 802.
• If a physical interface is a part of a dynamic LAG, the channel-group id command is rejected on that interface. • You cannot add static and dynamic members to the same LAG. • There is a difference between the shutdown and no interface port-channel commands: • • The shutdown command on LAG xyz disables the LAG and retains the user commands. • The no interface port-channel channel-number command deletes the specified LAG, including a dynamically created LAG.
3 Set the channel group mode to Active in INTERFACE mode. channel-group number mode active 4 Save the configuration.
Sample configuration This sample topology is based on two routers — Alpha and Bravo.
Port ethernet1/1/49 is Enabled, LACP is enabled and mode is lacp Actor Admin: State BCFHJKNO Key 1 Priority 32768 Oper: State BDEGIKNO Key 1 Priority 32768 Partner Admin: State BCEGIKNP Key 0 Priority 0 Oper: State BDEGIKNO Key 1 Priority 32768 Port ethernet1/1/50 is Enabled, LACP is enabled and mode is lacp Actor Admin: State BCFHJKNO Key 1 Priority 32768 Oper: State BDEGIKNO Key 1 Priority 32768 Partner Admin: State BCEGIKNP Key 0 Priority 0 Oper: State BDEGIKNO Key 1 Priority 32768 Port ethernet1/1/51 is
Queuing strategy :fifo Input statistics: 1388 packets, 135026 octets 666 64-byte pkts,1 over 64-byte pkts, 721 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 1388 Multicasts, 0 Broadcasts 0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 1387 discarded Output statistics: 2121444503 packets, 135773749275 octets 2121421152 64-byte pkts,4182 over 64-byte pkts, 19169 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 23351 Multicasts, 0 Broa
LACP_Activity=passive LACP_Timeout=Long Timeout(30s) Synchronization=IN_SYNC Collecting=true Distributing=true Partner information refresh timeout=Long Timeout(90s) Actor Admin State=BCFHJKNO Actor Oper State=BDEGIKNO Neighbor: 276 MAC Address=00:00:00:00:00:00 System Identifier=,00:00:00:00:00:00 Port Identifier=0,14:18:77:7a:2d:00 Operational key=1 LACP_Activity=passive LACP_Timeout=Long Timeout(30s) Synchronization=IN_SYNC Collecting=true Distributing=true Partner Admin State=BCEGIKNP Partner Oper State=
clear lacp counters Clears the statistics for all interfaces for LACP groups. Syntax clear lacp counters [interface port-channel channel-number] Parameters • interface port-channel — (Optional) Enter the interface port-channel number. • channel-number — (Optional) Enter the LACP port-channel number (1 to 128).
aggregating, or when you have more than eight ports configured for the channel group. When setting the priority, a higher number means a lower priority. The no version of this command returns the port priority to the default value. Example OS10(conf-range-eth1/1/7-1/1/8)# lacp port-priority 32768 OS10(conf-range-eth1/1/7-1/1/8)# do commit Supported Releases 10.2.0E or later lacp rate Sets the rate at which LACP sends control packets.
Parameters • interface port-channel — (Optional) Enter the interface port-channel. • channel-number — (Optional) Enter the LACP channel group number (1 to 128). Default Not configured Command Mode EXEC Usage Information All channel groups display if you do not enter the channel-number parameter.
System Identifier=32768,32768 Port Identifier=32768,32768 Operational key=1 LACP_Activity=passive LACP_Timeout=Long Timeout(30s) Synchronization=IN_SYNC Collecting=true Distributing=true Partner information refresh timeout=Long Timeout(90s) Actor Admin State=BCFHJKNO Actor Oper State=BDEGIKNO Neighbor: 178 MAC Address=00:00:00:00:00:00 System Identifier=,00:00:00:00:00:00 Port Identifier=0,00:01:e8:8a:fd:9e Operational key=1 LACP_Activity=passive LACP_Timeout=Long Timeout(30s) Synchronization=IN_SYNC Collec
show lacp port-channel Displays information about LACP port-channels. Syntax show lacp port-channel [interface port-channel channel-number] Parameters • interface port-channel — (Optional) Enter the interface port-channel. • channel-number — (Optional) Enter the port-channel number for the LACP neighbor (1 to 128). Default Not configured Command Mode EXEC Usage Information All channel groups display if you do not enter the channel-number parameter.
Link layer discovery protocol LLDP enables a LAN device to advertise its configuration and receive configuration information from adjacent LLDP-enabled LAN devices. • LLDP is enabled by default. • LLDP supports a maximum of 250 total neighbors per system. If the number of interfaces multiplied by eight exceeds the maximum, the system does not configure more than 250. • OS10 devices receive and periodically transmit link layer discovery protocol data units (LLDPDUs).
2 — Port ID Identifies a port through which TLVs send and receive. 3 — Time-to-live Number of seconds that the recipient LLDP agent considers the information associated with this MAP identifier to be valid. — Optional Includes sub-types of TLVs that advertise specific configuration information. These sub-types are Management TLVs, IEEE 802.1, IEEE 802.3, and TIA-1057 Organizationally-Specific TLVs. Optional TLVs OS10 supports basic TLVs, IEEE 802.1, and 802.
802.1X Organizationally-specific TLVs 127 — Port-VLAN ID Untagged VLAN to which a port belongs. 127 — Port Tagged VLAN to which a port belongs — untagged VLAN to which a port belongs. 127 — Protocol identity Not supported. 802.3 Organizationally-Specific TLVs 127 — MAC/PHY Indicates duplex and bit rate capability and the current duplex and bit rate settings of the sending device. Also configuration/status indicates whether the current settings are due to auto-negotiation or due to manual configuration.
127/1 — LLDP-MED • capabilities • • If the transmitting device supports LLDP-MED What LLDP-MED TLVs are supported LLDP device class 127/2 — Network policy Application type, VLAN ID, L2 priority, and DSCP value. 127/3 — Local identification Physical location of the device expressed in one of three formats: 127/4 — Extended power-via-MDI • Coordinate-based LCI • Civic address LCI • Emergency call services ELIN Power requirements, priority, and power status.
2 Endpoint class 2 3 Endpoint class 3 4 Network connectivity 5-255 Reserved Network policies TLVs A network policy in the context of LLDP-MED is a device’s VLAN configuration and associated Layer 2 and Layer 3 configurations.
Define network policies You can ,anually define LLDP-MED network policies. LLDP commands that you configure at CONFIGURATION level are global and affect all interfaces. LLDP commands you configure at INTERFACE level affect only the specific interface. Create up to 32 network policies and attach the LLDP-MED network policies to a port in CONFIGURATION mode. 1 Define the LLDP-MED network policy in CONFIGURATION mode.
Disable and re-enable LLDP By default, LLDP is enabled. You can disable LLDP on an interface. 1 Disable the LLDPDU transmit or receive in INTERFACE mode. no lldp transmit no lldp receive 2 Disable the LLDP holdtime multiplier value in CONFIGURATION mode. no lldp holdtime-multiplier 3 Disable the LLDP initialization in CONFIGURATION mode. no lldp reinit 4 Disable the LLDP MED in CONFIGURATION or INTERFACE mode. no lldp med 5 Disable LLDP TLV in INTERFACE mode.
Configure advertise TLVs OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/1)# OS10(conf-if-eth1/1/3)# OS10(conf-if-eth1/1/3)# lldp tlv-select basic-tlv system-name lldp tlv-select dot3tlv macphy-config max-framesize lldp tlv-select dot1tlv link-aggregation do commit Network policy advertisement LLDP-MED is enabled on all interfaces by default. Configure OS10 to advertise LLDP-MED TLVs out of configured interfaces. Define LLDPMED network policies before applying the policies to an interface.
Rapid availability is crucial for applications such as emergency call service location (E911). 1 Enable fast start repeat count which is the number of packets sent during activation in CONFIGURATION mode (1 to 10, default 3). lldp-med fast-start-repeat-count number 2 Save the configuration. do commit Configure fast start repeat count OS10(config)# lldp med fast-start-repeat-count 5 OS10(config)# do commit View LLDP configuration • View the LLDP configuration in EXEC mode.
Total Frames Discarded Total TLVS Unrecognized Total TLVs Discarded : 0 : 0 : 0 LLDP MED Traffic Statistics: Total Med Frames Out : Total Med Frames In : Total Med Frames Discarded : Total Med TLVS Discarded : Total Med Capability TLVS Discarded: Total Med Policy TLVS Discarded : Total Med Inventory TLVS Discarded : 0 0 0 0 0 0 0 Adjacent agent advertisements • • • View brief information about adjacent devices in EXEC mode.
Extended Power via MDI - PD, Inventory Management Current: LLDP-MED Capabilities, Network Policy, Location Identification, Extended Power via MDI - PD, Inventory Management Device Class: Endpoint Class 3 Network Policy: Application: voice, Tag: Tagged, Vlan: 50, L2 Priority: 6, DSCP Value: 46 Inventory Management: H/W Revision : 12.1.1 F/W Revision : 10.1.9750B S/W Revision : 10.1.
LLDP commands clear lldp counters Clears LLDP and LLDP-MED transmit, receive, and discard statistics from all the physical interfaces. Syntax clear lldp counters Parameters None Default Not configured Command Mode EXEC Usage Information The counter default value resets to zero for all physical interfaces. Example OS10# clear lldp counters Supported Releases 10.2.0E or later clear lldp table Clears LLDP neighbor information for all interfaces.
Supported Releases 10.2.0E or later lldp med fast-start-repeat-count Configures the number of packets sent during the activation of the fast start mechanism. Syntax lldp-med fast-start-repeat-count number Parameters number — Enter the number of packets sent during the activation of the fast start mechanism (1 to 10). Default 3 Command Mode CONFIGURATION Usage Information None Example OS10(config)# lldp med fast-start-repeat-count 5 Supported Releases 10.2.
• guest-voice — Guest voice network-policy application. • guestvoice-signaling — Guest voice signaling network policy application. • softphone-voice — SoftPhone voice network policy application. • streaming-video — Streaming video network-policy application. • video-conferencing — Voice conference network-policy application. • video-signaling — Video signaling network-policy application. • vlan vlan-id — Enter the VLAN number for the selected application (1 to 4094).
• inventory — Enable or disable the system TLV. Default Enabled Command Mode INTERFACE Usage Information None Example OS10(conf-if-eth1/1/3)# lldp med tlv-select network-policy Supported Releases 10.2.0E or later lldp receive Enables or disables the LLDP packet reception on a specific interface. Syntax lldp receive Parameters None Default Not configured Command Mode INTERFACE Usage Information Enable LLDP globally on the system before using the lldp receive command.
Command Mode CONFIGURATION Usage Information The no version of this command sets the LLDP timer back to its default value. Example OS10(config)# lldp timer 25 Supported Releases 10.2.0E or later lldp tlv-select basic-tlv Enables or disables TLV attributes to transmit and receive LLDP packets. Syntax lldp tlv-select basic-tlv {port-description | system-name | system-description | system-capabilities | management-address} Parameters • port-description — Enable or disable the port description TLV.
lldp tlv-select dot3tlv Enables or disables the dot3 TLVs to transmit in LLDP packets. Syntax Parameters lldp tlv-select dot3tlv {macphy-config | max-framesize} • macphy-config — Enable the port VLAN ID TLV. • max-framesize — Enable maximum frame size TLV. Default Enabled Command Mode INTERFACE Usage Information The no version of this command disables TLV transmission. Example OS10(conf-if-eth1/1/3)# lldp tlv-select dot3tlv macphy-config Supported Releases 10.2.
Example OS10# show lldp interface ethernet 1/1/5 ethernet1/1/5 Tx State : Enabled Rx State : Enabled Tx SEM State : initialize Rx SEM State : wait-port-operational Notification Status : Disabled Notification Type : mis-configuration DestinationMacAddr : 01:80:c2:00:00:0e Example (Local Device) OS10# show lldp interface ethernet 1/1/1 local-device Device ID: 00:0c:29:e5:aa:f4 Port ID: ethernet1/1/1 System Name: OS10 Capabilities: Bridge Router System description: Dell networking Operating system Port desc
Usage Information Use the show lldp interface command to view MED information for a specific interface.
Remote Chassis ID Subtype: Mac address (4) Remote Chassis ID: 00:13:21:57:ca:40 Remote Port Subtype: Interface name (5) Remote Port ID: ethernet1/1/10 Remote Port Description: Ethernet port 1 Local Port ID: ethernet1/1/1 Locally assigned remote Neighbor Index: 3 Remote TTL: 120 Information valid for next 105 seconds Time since last information change of this neighbor: 00:00:15 Remote System Name: LLDP-pkt-gen Remote Management Address (IPv4): 10.1.1.
Supported Releases 10.2.0E or later show lldp timers Displays the LLDP hold time, delay time, and update frequency interval configuration information. Syntax show lldp timers Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show lldp timers LLDP Timers: Holdtime in seconds: 120 Reinit-time in seconds: 6 Transmit interval in seconds: 30 Supported Releases 10.2.0E or later show lldp tlv-select interface Displays the TLVs enabled for an interface.
Default Not configured Command Mode EXEC Usage Information None Example OS10# show lldp traffic LLDP Traffic Statistics: Total Frames Out Total Entries Aged Total Frames In Total Frames Received In Error Total Frames Discarded Total TLVS Unrecognized Total TLVs Discarded Example (Interface) : : : : : : : OS10# show lldp traffic interface ethernet 1/1/2 LLDP Traffic Statistics: Total Frames Out : 45 Total Entries Aged : 1 Total Frames In : 33 Total Frames Received In Error : 0 Total Frames Discarde
Supported Releases 10.2.0E or later Media Access Control All Ethernet switching ports maintain media access control (MAC) address tables. Each physical device in your network contains a MAC address. OS10 devices automatically enter learned MAC addresses as dynamic entries in the MAC address table. Learned MAC address entries are subject to aging. Set the aging timer to zero (0) to disable MAC aging.
• interface port-channel number — (Optional) Displays port channel information (1 to 128). • count — (Optional) Displays the number of dynamic and static MAC address entries. • vlan vlan-id — (Optional) Displays information for a specified VLAN only (1 to 4094).
• vlan vlan-id — (Optional) Delete all entries based on the VLAN number from the address table (1 to 4094). • interface — (Optional) Clear the interface type: • ethernet node/slot/port[:subport] — Delete the Ethernet interface configuration from the address table. • port-channel channel-number — Delete the port-channel interface configuration from the address table (1 to 128).
Command Mode CONFIGURATION Usage Information The no version of this command resets the value to the default. Example (VLAN) OS10(config)# mac address-table static 34:17:eb:f2:ab:c6 vlan 1 interface ethernet 1/1/30 OS10(config)# do commit Example (PortChannel) OS10(config)# mac address-table static 34:17:eb:02:8c:33 vlan 10 interface port-channel 1 OS10(config)# do commit Supported Releases 10.2.0E or later show mac address-table Displays information about the MAC address table.
Example (Dynamic) OS10# show mac address-table dynamic VlanId Mac Address Type 1 90:b1:1c:f4:a6:8f dynamic Interface ethernet1/1/3 Example (Ethernet) OS10# show mac address-table interface ethernet 1/1/3 VlanId Mac Address Type Interface 1 66:38:3a:62:31:3a dynamic ethernet1/1/3 Supported Releases 10.2.0E or later Multiple spanning-tree protocol MST is a RSTP-based spanning-tree variation that improves on per-VLAN RPVST+.
Configure and verify MSTP OS10(config)# spanning-tree mode mst OS10(config)# do commit OS10(config)# do show spanning-tree show spanning-tree mst configuration Region Name: ravi Revision: 0 MSTI VID 0 1,7-4093 1 2 2 3 3 4 4 5 5 6 Add or remove interfaces By default, all interfaces are enabled in L2 switchport mode, and all L2 interfaces are part of spanning-tree. • Disable spanning-tree on an interface in INTERFACE mode. spanning-tree disable • Enable MST on an interface in INTERFACE mode.
View port forwarding/discarding state OS10# show spanning-tree msti 0 brief Spanning tree enabled protocol msti with force-version mst MSTI 0 VLANs mapped 1,31-4093 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 3417.4455.667f Root Bridge hello time 2, max age 20, forward delay 15, max hops 20 Bridge ID Priority 32768, Address 90b1.1cf4.a523 Configured hello time 2, max age 20, forward delay 15, max hops 20 CIST regional root ID Priority 32768, Address 90b1.1cf4.
1 Assign a bridge priority number to a specific instance in CONFIGURATION mode (0 to 61440 in increments of 4096, default 32768). Use a lower priority number to increase the likelihood of the bridge to become a root bridge. spanning-tree mst instance-number priority priority 2 Save the configuration.
Revision: 0 MSTI VID 1 100 2 200-300 Modify parameters The root bridge sets the values for forward-delay, hello-time, max-age, and max-hops and overwrites the values set on other MST bridges. Forward-time Time an interface waits in the Discarding state and Learning state before it transitions to the Forwarding state. Hello-time Interval in which the bridge sends MST BPDUs.
ethernet1/1/5 ethernet1/1/6 Root Altr 128.276 128.280 128 128 500 500 FWD BLK 0 0 AUTO AUTO No No Interface parameters Adjust two interface parameters to increase or decrease the likelihood that a port becomes a forwarding port. Port cost Value that is based on the interface type. The greater the port cost, the less likely the port is selected to be a forwarding port. Port priority Influences the likelihood that a port is selected to be a forwarding port if several ports have the same port cost.
Configure EdgePort OS10(conf-if-eth1/1/4)# spanning-tree port type edge OS10(conf-if-eth1/1/4)# do commit View interface status OS10# show spanning-tree interface ethernet 1/1/4 ethernet1/1/4 of MSTI 0 is designated Forwarding Edge port:yes port guard :none (default) Link type is point-to-point (auto) Boundary: YES bpdu filter :disable bpdu guard :disable bpduguard shutdown-onviolation :disable RootGuard: disable LoopGuard disable Bpdus (MRecords) sent 610, received 5 Interface Designated Name PortID Prio C
To clear Error Disabled state: 2 • Use the shutdown command on the interface. • Use the spanning-tree bpdufilter disable command to disable the BPDU guard on the interface. • Use the spanning-tree disable command to disable STP on the interface. Enable STP BPDU guard in INTERFACE mode. spanning-tree bpduguard enable • • • To shut down the port channel interface, all member ports are disabled in the hardware.
OS10(conf-if-eth1/1/4)# do commit OS10(conf-if-eth1/1/4)# do show spanning-tree interface ethernet 1/1/4 ethernet1/1/4 of vlan1 is root Forwarding Edge port:no (default) port guard :none (default) Link type is point-to-point (auto) Boundary: NO bpdu filter : bpdu guard : bpduguard shutdown-onviolation :disable RootGuard: disable LoopGuard enable Bpdus (MRecords) sent 7, received 20 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ----------------------------------------------------------
MST commands debug spanning-tree Enables STP debug and displays protocol information. Syntax debug spanning-tree {all | bpdu [tx | rx] | events} Parameters • all — Debugs all spanning tree operations. • bpdu — Enter transmit (tx) or receive (rx) to enable the debug direction. • events — Debugs PVST events. Default Not configured Command Mode EXEC Usage Information None Example OS10# debug spanning-tree bpdu rx Supported Releases 10.2.
Usage Information Dell EMC recommends increasing the hello-time for large configurations — especially configurations with multiple ports. The no version of this command resets the value to the default. Example OS10(config)# spanning-tree mst hello-time 5 Supported Releases 10.2.0E or later spanning-tree mst max-age Configures the time period the bridge maintains configuration information before refreshing the information by recomputing the MST topology.
• vlan range — Enter a VLAN range value (1 to 4094). Default Not configured Command Mode MULTIPLE-SPANNING-TREE Usage Information By default, all VLANs map to MST instance zero (0) unless you are using the vlan range command to map the VLANs to a non-zero instance. The no version of this command removes all the instance related configuration. Example OS10(conf-mst)# instance 1 vlan 2-10 OS10(conf-mst)# instance 2 vlan 11-20 OS10(conf-mst)# instance 3 vlan 21-30 Supported Releases 10.2.
Parameters number — Enter a revision number for the MSTP configuration (0 to 65535). Default 0 Command Mode MULTIPLE-SPANNING-TREE Usage Information To have a bridge in the same MST region as another, the default values for the revision number must match on all Dell hardware devices. If there are non-Dell devices, ensure the revision number value matches on all the devices (see Non-Dell Hardware). Example OS10(conf-mst)# revision 10 Supported Releases 10.2.
Usage Information View the MST instance information for a specific MST instance number in detail or brief, or view physical (Ethernet) port or port-channel information. Example (Brief) OS10# show spanning-tree msti 0 brief Spanning tree enabled protocol msti with force-version mst MSTI 0 VLANs mapped 1-99,101-199,301-4093 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 90b1.1cf4.
spanning-tree bpdufilter Enables or disables BPDU filtering on an interface. Syntax Parameters spanning-tree bpdufilter {enable | disable} • enable — Enables the BPDU filtering on an interface. • disable — Disables the BPDU filtering on an interface. Default Disabled Command Mode INTERFACE Usage Information Use the enable parameter to enable BPDU filtering. Example OS10(conf-if-eth1/1/4)# spanning-tree bpdufilter enable Supported Releases 10.2.
Usage Information Root guard and loop guard configurations are mutually exclusive. Configuring one overwrites the other from the active configuration. Command Mode INTERFACE Example OS10(conf-if-eth1/1/4)# spanning-tree guard root Supported Releases 10.2.0E or later spanning-tree mode Enables an STP type (RSTP, Rapid-PVST+, or MST). Syntax spanning-tree mode {rstp | mst | rapid-pvst} Parameters • rstp — Sets the STP mode to RSTP. • mst — Sets the STP mode to MST.
Example OS10(config)# spanning-tree mst 0 priority 0 OS10(config)# spanning-tree mst 2 root primary Supported Releases 10.2.0E or later spanning-tree mst force-version Configures a forced version of STP to transmit BPDUs. Syntax Parameters spanning-tree mst force-version {stp | rstp} • stp — Forces the version for the BPDUs transmitted by MST to STP. • rstp — Forces the version for the BPDUs transmitted by MST to RSTP.
Example OS10(conf-if-eth1/1/1)# spanning-tree msti 1 priority 0 OS10(conf-if-eth1/1/1)# spanning-tree msti 1 cost 3 Supported Releases 10.2.0E or later spanning-tree port Sets the port type as the EdgePort. Syntax spanning-tree port type edge Parameters None Default Not configured Command Mode INTERFACE Usage Information When you configure an EdgePort on a device running STP, the port immediately transitions to Forwarding state. Only configured ports connected to end hosts act as EdgePorts.
By default, each VLAN instance is assigned default bridge priority 32768. For example, all three instances have the same forwarding topology. Traffic load balancing is not achievable with this kind of priority assignment. You must assign each instance a different priority to achieve load balancing, as shown in Load Balancing with RPVST+. Load balance and root selection All VLANs use the same forwarding topology — R2 is elected as the root and all 10G Ethernet ports have the same cost.
-----------------------------------------------------------------------ethernet1/1/5 128.276 128 500 FWD 0 32768 3417.4455.667f 128.146 ethernet1/1/6 128.280 128 500 BLK 0 32768 3417.4455.667f 128.150 Interface Name Role PortID Prio Cost Sts Cost Link-type Edge -------------------------------------------------------------ethernet1/1/5 Root 128.276 128 500 FWD 0 AUTO No ethernet1/1/6 Altr 128.280 128 500 BLK 0 AUTO No Select root bridge RPVST+ determines the root bridge.
ethernet1/1/1 128.260 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/2 128.264 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/3 128.268 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/4 128.272 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/5 128.276 128 500 FWD 0 4097 90b1.1cf4.a523 ethernet1/1/6 128.280 128 500 FWD 0 4097 90b1.1cf4.a523 ethernet1/1/7 128.284 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/8 128.288 128 200000000 FWD 0 32769 0000.0000.0000 ethernet1/1/9 128.
Configure root bridge as primary OS10(config)# spanning-tree vlan 1 root primary OS10(config)# do commit Verify root bridge information OS10# show spanning-tree active Spanning tree enabled protocol rapid-pvst with force-version rstp VLAN 1 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 24577, Address 90b1.1cf4.a523 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 24577, Address 90b1.1cf4.
Forward-time Amount of time required for an interface to transition from the Discarding to the Learning state or from the Learning to the Forwarding state. Hello-time Time interval within which the bridge sends BPDUs. Max-age Length of time the bridge maintains configuration information before it refreshes information by recomputing the RPVST+ topology. • Modify the forward-time (in seconds) in CONFIGURATION mode (4 to 30, default 15).
clear spanning-tree detected-protocol Forces the MST ports to renegotiate with neighbors. Syntax clear spanning-tree detected-protocol [interface {ethernet node/slot/ port[:subport] | port-channel number}] Parameters • interface — Enter the interface type: • ethernet node/slot/port[:subport] — Enter the Ethernet interface information (1 to 48). • port-channel number — Enter the port-channel number (1 to 128).
Usage Information None Example OS10# show spanning-tree Spanning tree enabled protocol rapid-pvst VLAN 1 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32769, Address 74e6.e2f5.bb80 Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32769, Address 74e6.e2f5.
Command Mode INTERFACE Usage Information BPDU guard prevents a port from receiving BPDUs. If the port receives a BPDU, it is placed in the Error-Disabled state as a protective measure. Example OS10(conf-if-eth1/1/4)# spanning-tree bpduguard enable Supported Releases 10.2.0E or later spanning-tree guard Enables or disables loop guard or root guard on an interface. Syntax spanning-tree guard {loop | root | none} Parameters • loop — Enables loop guard on an interface.
spanning-tree port Sets the port type as the EdgePort. Syntax spanning-tree port type edge Parameters None Default Not configured Command Mode INTERFACE Usage Information When you configure an EdgePort on a device running STP, the port immediately transitions to Forwarding state. Only configured ports connected to end hosts act as EdgePorts. Example OS10(config)# spanning-tree port type edge Supported Releases 10.2.
• seconds — Enter the forward-delay time in seconds (4 to 30). Default 15 seconds Command Mode CONFIGURATION Usage Information None Example OS10(config)# spanning-tree vlan 10 forward-time 16 Supported Releases 10.2.0E or later spanning-tree vlan force-version Configures a forced version of spanning-tree to transmit BPDUs. Syntax spanning-tree vlan vlan-id force-version {stp | rstp} Parameters • stp — Forces the version for the BPDUs transmitted by RPVST+ to STP.
spanning-tree vlan max-age Configures the time period the bridge maintains configuration information before refreshing the information by recomputing RPVST. Syntax spanning-tree vlan vlan-id max-age seconds Parameters max-age seconds — Enter a maximum age value in seconds (6 to 40). Default 20 seconds Command Mode CONFIGURATION Usage Information None Example OS10(config)# spanning-tree vlan 10 max-age 10 Supported Releases 10.2.
spanning-tree vlan root Designates a device as primary or secondary root bridge. Syntax spanning-tree vlan vlan-id root {primary | secondary} Parameters • vlan-id — Enter a VLAN ID number (1 to 4094). • root — Designate the bridge as primary or secondary root. • primary — Designate the bridge as primary or root bridge. • secondary — Designate the bridge as secondary or secondary root bridge.
View all port participating in RSTP OS10# show spanning-tree Spanning tree enabled protocol rstp with force-version rstp Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 3417.4455.667f Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 90b1.1cf4.
ethernet1/1/28 128.368 128 200000000 BLK 0 0 0000.0000.0000 ethernet1/1/29 128.372 128 200000000 BLK 0 0 0000.0000.0000 ethernet1/1/30 128.376 128 200000000 BLK 0 0 0000.0000.0000 ethernet1/1/31 128.380 128 200000000 BLK 0 0 0000.0000.0000 ethernet1/1/32 128.384 128 200000000 BLK 0 0 0000.0000.0000 Interface Name Role PortID Prio Cost Sts Cost Link-type Edge ------------------------------------------------------------------------ethernet1/1/1 Disb 128.260 128 200000000 BLK 0 AUTO No ethernet1/1/2 Disb 128.
Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ------------------------------------------------------------------ethernet3/1/1 244.128 128 500 BLK 0 32768 90b1.1cf4.9b8a 128.244 ethernet3/1/2 248.128 128 500 BLK 0 32768 90b1.1cf4.9b8a 128.248 ethernet3/1/3 252.128 128 500 FWD 0 32768 90b1.1cf4.9b8a 128.252 ethernet3/1/4 256.128 128 500 BLK 0 32768 90b1.1cf4.9b8a 128.
1 Assign a number as the bridge priority or designate it as the primary or secondary root in CONFIGURATION mode. Configure the priority value range (0 to 65535 in multiples of 4096, default 32768). The lower the number assigned, the more likely this bridge becomes the root bridge. spanning-tree rstp priority priority-value 2 Save the configuration.
Spanning-tree extensions STP extensions ensure efficient network convergence by securely enforcing the active network topology. OS10 supports BPDU filtering, BPDU guard, loop guard, and root guard STP extensions. BPDU filtering Protects the network from unexpected flooding of BPDUs from an erroneous device. Enabling BPDU Filtering instructs the hardware to drop BPDUs and prevents flooding from reaching the CPU. BPDU filtering is enabled by default on Edge ports.
Boundary: NO bpdu filter : Enable bpdu guard : bpduguard shutdown-onviolation :disable RootGuard: enable LoopGuard disable Bpdus (MRecords) sent 134, received 138 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID -------------------------------------------------------------------------ethernet1/1/4 128.272 128 500 BLK 500 32769 90b1.1cf4.a911 128.
clear spanning-tree counters Clears the counters for STP. Syntax Parameters clear spanning-tree counters [interface {ethernet node/slot/port[:subport] | port—channel number}}] • interface — Enter the interface type: • ethernet node/slot/port[:subport] — Deletes the spanning-tree counters from a physical port. • port-channel number — Deletes the spanning-tree counters for a port-channel interface (1 to 128).
Supported Releases 10.2.0E or later show spanning-tree interface Displays spanning-tree interface information for Ethernet and port-channels. Syntax show spanning-tree interface {ethernet node/slot/port [:subport] | port-channel port-id} [detail] Parameters • ethernet node/slot/port[:subport] — Displays spanning-tree information for a physical interface. • port-channel port-id — Displays spanning-tree information for a port-channel number (1 to 128).
spanning-tree bpduguard Enables or disables BPDU guard on an interface. Syntax Parameters spanning-tree bpduguard {enable | disable} • enable — Enables the BPDU guard filter on an interface. • disable — Disables the BPDU guard filter on an interface. Default Disabled Command Mode INTERFACE Usage Information BPDU guard prevents a port from receiving BPDUs. If the port receives a BPDU, it is placed in the Error-Disabled state as a protective measure.
Command Mode CONFIGURATION Usage Information All STP instances are stopped in the previous STP mode, and are restarted in the new mode. You can also change to RSTP/MST mode. Example (RSTP) OS10(config)# spanning-tree mode rstp Example (MST) OS10(config)# spanning-tree mode mst Supported Releases 10.2.0E or later spanning-tree port Sets the port type as the EdgePort.
Default 15 seconds Command Mode CONFIGURATION Usage Information None Example OS10(config)# spanning-tree rstp forward-time 16 Supported Releases 10.2.0E or later spanning-tree rstp hello-time Sets the time interval between generation and transmission of RSTP BPDUs. Syntax spanning-tree rstp hello-time seconds Parameters seconds — Enter a hello-time interval value in seconds (1 to 10).
Command Mode CONFIGURATION Usage Information RSTP determines the root bridge but you can assign one bridge a lower priority to increase the probability it being the root bridge. A lower priority value increases the probability of the bridge becoming a root bridge. Example OS10(config)# spanning-tree rstp priority 200 Supported Releases 10.2.0E or later Virtual LANs VLAN segments a single flat L2 broadcast domain into multiple logical L2 networks.
Create or remove VLANs You can create VLANs and add physical interfaces or port-channel (LAG) interfaces to the VLAN as tagged or untagged members. You can add an Ethernet interface as a trunk port or as an access port, but it cannot be added as both at the same time.
Interface index is 69208865 Internet address is not set MTU 1532 bytes LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 240 Last clearing of "show interface" counters Queueing strategy: fifo Time since last interface status change: Vlan 200 is up, line protocol is up Address is , Current address is Interface index is 69209064 Internet address is not set MTU 1532 bytes LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 240 Last clearing of "show interface" counters Que
interface ethernet1/1/5 ... switchport access vlan 604 no shutdown ! interface vlan1 no shutdown ... Trunk mode A trunk port can be a member of multiple VLANs set up on an interface. A trunk port can transmit traffic for all VLANs. To transmit traffic on a trunk port with multiple VLANs, OS10 uses tagging or the 802.1q encapsulation method. 1 Configure a port in INTERFACE mode. interface ethernet node/slot/port[:subport] 2 Change the Switchport mode to Trunk mode in INTERFACE mode.
2 3 Assign an IP address and mask to the VLAN in INTERFACE-VLAN mode. ip address ip-address/prefix-length [secondary] • ip-address/prefix—length — Enter the IP address in dotted-decimal format (A.B.C.D/x). • secondary — Enter the interface backup IP address (up to eight secondary IP addresses). Save the configuration. do commit Assign IP address to VLAN OS10(config)# interface vlan 200 OS10(conf-if-vl-200)# ip address 10.1.15.
View VLAN configuration OS10# show vlan Codes: * - Default VLAN, G-GVRP VLANs, R-Remote Port Mirroring VLANs, P-Primary, C-Community, IIsolated Q: A-Access (Untagged), T-Tagged x-Dot1x untagged, X-Dot1x tagged G-GVRP tagged, M-Vlan-stack, H-VSN tagged i-Internal untagged, I-Internal tagged, v-VLT untagged, V-VLT tagged NUM Status Description Q Ports * 1 up A Eth1/1/1-1/1/32 A Po40 200 up T Eth1/1/3:2 T Po40 A Eth1/1/31 320 up T Eth1/1/25:4 1/1/32 T Po40 A Eth1/1/3:1 View interface VLAN configuration OS10# s
VLAN commands description (VLAN) Adds a description to the selected VLAN. Syntax description description Parameters description — Enter a text string to identify the VLAN (up to 80 characters). Default Not configured Command Mode INTERFACE-VLAN Usage Information None Example OS10(conf-if-vlan)# description vlan3 Supported Releases 10.2.0E or later interface vlan Creates a VLAN interface. Syntax interface vlan vlan-id Parameters vlan-id — Enter the VLAN ID number (1 to 4094).
Primary, C-Community, I-Isolated Q: A-Access (Untagged), T-Tagged x-Dot1x untagged, X-Dot1x tagged G-GVRP tagged, M-Vlan-stack, H-VSN tagged i-Internal untagged, I-Internal tagged, v-VLT untagged, V-VLT tagged NUM Status Description Q Ports * 1 up A Eth1/1/2-1/1/32 A Po40 200 up T Eth1/1/3:2 T Po40 A Eth1/1/31 320 up T Eth1/1/25:4 1/1/32 T Po40 A Eth1/1/3:1 Supported Releases 10.2.
In the State field, true indicates that the port is enabled. In the Reason field, Is UP indicates that hardware resources are allocated. OS10# show monitor session all S.Id Source Destination Dir SrcIP DstIP DSCP TTL State Reason ---------------------------------------------------------------------1 ethernet1/1/7 port-channel10 rx N/A N/A N/A N/A true Is UP Monitor session configuration The maximum number of port monitoring sessions, including local and remote sessions, is 18.
2 Return to CONFIGURATION mode. exit 3 Create an access list in CONFIGURATION mode. ip access-list access-list-name 4 Define access-list rules using seq, permit, and deny statements in CONFIG-ACL mode. The ACL rules describe the traffic you want to monitor. Flow monitoring is supported for IPv4 ACLs, IPv6 ACLs, and MAC ACLs.
Session and VLAN requirements Remote port mirroring requires a source session (monitored ports on different source devices), a reserved tagged VLAN for transporting mirrored traffic (configured on source, intermediate, and destination devices), and a destination session (destination ports connected to analyzers on destination devices).
• Use the default VLAN and native VLANs as a source VLAN. • You cannot configure the dedicated VLAN used to transport mirrored traffic as a source VLAN. Restrictions • When you use a source VLAN, enable flow-based monitoring (flow-based enable). • In a source VLAN, only received (rx) traffic is monitored. • You cannot configure a source port-channel or source VLAN in a source session if the port-channel or VLAN has a member port configured as a destination port in a remote port mirroring session.
--------------------------------------------------------------1 vlan10 vlan 100 rx N/A N/A N/A N/A true Is UP Port monitoring commands description (Port Monitoring) Configures a description for the port monitoring session. Syntax description string Parameters string — Enter a description of this session (up to 80 characters). Default Not configured Command Mode MONITOR-SESSION Usage Information The no version of this command resets the value to the default.
Command Mode MONITOR-SESSION Usage Information The no version of this command resets the value to the default. Example OS10(conf-mon-local-1)# flow-based enable Supported Releases 10.2.0E or later monitor session Creates a session for monitoring traffic with port monitoring. Syntax Parameters monitor session session-id [local | rspan-source] • session-id — Enter a monitor session ID (1 to 18). • local — (Optional) Enter a local monitoring session.
shut Enables port monitoring. Syntax shut Parameters None Default Disabled Command Mode MONITOR-SESSION Usage Information The no version of this command resets the value to disabled. Example OS10(config)# monitor session 10 OS10(conf-mon-local-10)# shut Supported Releases 10.2.0E or later source (Port Monitoring) Configures a source for port monitoring.
4 Layer 3 Border Gateway Protocol (BGP) Provides an external gateway protocol that transmits inter-domain routing information within and between autonomous systems (see BGP Commands). Equal Cost MultiPath (ECMP) Provides next-hop packet forwarding to a single destination over multiple best paths (see ECMP Commands). IPv4 Routing Provides forwarding of packets to a destination IP address, based on a routing table.
path to reach a router external to the AS. EBGP routers exchange information with other EBGP routers and IBGP routers to maintain connectivity and accessibility. Classless interdomain routing BGPv4 supports classless interdomain routing (CIDR) with aggregate routes and AS paths. CIDR defines a network using a prefix consisting of an IP address and mask, resulting in efficient use of the IPv4 address space. Using aggregate routes reduces the size of routing tables.
Established Keepalive messages exchange, and after a successful receipt, the router is in the Established state. Keepalive messages continue to send at regular periods. The keepalive timer establishes the state to verify connections. After the connection is established, the router sends and receives keepalive, update, and notification messages to and from its peer. Peer templates Peer templates allow BGP neighbors to inherit the same outbound policies.
Multiprotocol BGP Multiprotocol BGP (MBGP) is an extension to BGP that supports multiple address families—IPv4 and IPv6. MBGP carries multiple sets of unicast and multicast routes depending on the address family. You can enable the MBGP feature on a per router, per template, and/or a per peer basis. The default is the IPv4 unicast routes.
• A path with no AS_PATH configured has a path length of 0 • AS_CONFED_SET is not included in the AS_PATH length • AS_CONFED_SEQUENCE has a path length of 1 no matter how many ASs are in the AS_CONFED_SEQUENCE 4 Prefer the path with the lowest ORIGIN type—IGP is lower than EGP and EGP is lower than INCOMPLETE. 5 Prefer the path with the lowest multiexit discriminator (MED) attribute: • This comparison is only done if the first neighboring AS is the same in the two paths.
Multiexit discriminators If two autonomous systems connect in more than one place, use a multiexit discriminator (MED) to assign a preference to a preferred path. MED is one of the criteria used to determine best path—other criteria may also impact selection. One AS assigns the MED a value. Other AS uses that value to decide the preferred path. Assume that the MED is the only attribute applied and there are two connections between AS 100 and AS 200. Each connection is a BGP session.
The question mark (?) indicates an origin code of INCOMPLETE, and the lower case letter (i) indicates an origin code of IGP. Origin configuration OS10# show ip bgp BGP local RIB : Routes to be Added , Replaced , Withdrawn BGP local router ID is 30.1.1.
If you configure the bgp bestpath as-path ignore command and the bestpath as-path multipath-relax command at the same time, an error message displays—only enable one command at a time. More path support More path (Add-Path) reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing paths with new ones. By default, a BGP speaker advertises only the best path to its peers for a given address prefix.
4-Byte AS numbers OS10 supports 4-byte AS number configurations by default. The 4-byte support is advertised as a new BGP capability - 4-BYTE-AS, in the OPEN message. A BGP speaker that advertises 4-Byte-AS capability to a peer, and receives the same from that peer must encode AS numbers as 4-octet entities in all messages. If the AS number of the peer is different, the 4-byte speaker brings up the neighbor session using a reserved 2-byte ASN,23456 called AS_TRANS.
The Local-AS does not prepend the updates with the AS number received from the EBGP peer if you use the no prepend command. If you do not select no prepend, the default, the Local-AS adds to the first AS segment in the AS-PATH. If you use an inbound route-map to prepend the AS-PATH to the update from the peer, the Local-AS adds first. If Router B has an inbound route-map applied on Router C to prepend 65001 65002 to the AS-PATH, these events take place on Router B: • • • Receive and validate the update.
connected to the router. The BGP process first determines if all internal BGP peers are reachable, then it determines which peers outside the AS are reachable. 1 Assign an AS number, and enter ROUTER-BGP mode from CONFIGURATION mode (1 to 65535 for 2-byte, 1 to 4294967295 for 4byte). Only one AS number is supported per system. If you enter a 4-byte AS number, 4-byte AS support is enabled automatically. router bgp as-number 2 Enter a neighbor in ROUTER-BGP mode.
Prefixes accepted 3, Prefixes advertised 0 Connections established 3; dropped 2 Closed by neighbor sent 00:03:26 ago Local host: 5.1.1.2, Local port: 43115 Foreign host: 5.1.1.1, Foreign port: 179 View BGP running configuration OS10# show running-configuration router bgp 65123 router-id 192.168.10.2 ! address-family ipv4 unicast ! neighbor 10.10.21.1 remote-as 65123 no shutdown ! neighbor 10.10.32.3 remote-as 65123 no shutdown ! neighbor 100.10.92.9 remote-as 65192 no shutdown ! neighbor 192.168.10.
Peer templates To configure multiple BGP neighbors at one time, you can create and populate a BGP peer template. An advantage of configuring peer templates is that members of a peer template inherit the configuration properties of the template and share update policy. Always create a peer template and assign a name to it before adding members to the peer template. Create a peer template before configuring any route policies for the template.
OS10(config-router-template)# remote-as 100 OS10(config-router-template)# exit OS10(config-router-bgp-300)# neighbor 3.1.1.
Verify neighbor fall-over on neighbor OS10(config-router-neighbor)# do show ip bgp neighbors 3.1.1.1 BGP neighbor is 3.1.1.1, remote AS 100, local AS 100 internal link BGP version 4, remote router ID 3.3.3.
! remote-as 102 Fast external fallover Fast external fallover terminates EBGP sessions of any directly adjacent peer if the link used to reach the peer goes down. BGP does not wait for the hold-down timer to expire. Fast external fallover is enabled by default. To disable or re-enable it, use the [no] fast-external-fallover command.
OS10(config-router-bgp-300)# OS10(conf-if-eth1/1/1)# do clear ip bgp * OS10# show ip bgp summary BGP router identifier 11.11.11.11 local AS number 300 Neighbor AS MsgRcvd MsgSent Up/Down State/Pfx ----------------------------------------------------------------3.1.1.1 100 7 4 00:00:08 3 3::1 100 9 5 00:00:08 4 OS10# OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# shutdown OS10(conf-if-eth1/1/1)# do commit OS10(conf-if-eth1/1/1)# do show ip bgp summary BGP router identifier 11.11.11.
Local AS During BGP network migration, you can maintain existing AS numbers. Reconfigure your routers with the new information to disable after the migration. Network migration is not supported on passive peer templates. You must configure Peer templates before assigning it to an AS. 1 Enter a neighbor IP address, A.B.C.D, in ROUTER-BGP mode.
OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-bgp-neighbor-af)# allowas-in 5 View AS numbers in AS paths OS10# show running-configuration bgp ! router bgp 101 no fast-external-fallover ! address-family ipv4 unicast dampening ! neighbor 17.1.1.
Disable redistributed routes OS10(conf-router-bgp-af)# no redistribute ospf route-map ospf-to-bgp Enable redistributed routes OS10(conf-router-bgp-af)# redistribute ospf Additional paths The add-path command is disabled by default. 1 Assign an AS number in CONFIGURATION mode. router bgp as-number 2 Enter Address Family mode in ROUTER-BGP mode.
Modify MED attributes OS10(config)# router bgp 100 OS10(conf-router-bgp-100)# always-compare-med OS10(conf-router-bgp-100)# bestpath med confed OS10(conf-router-bgp-100)# do commit Local preference attribute You can change the value of the LOCAL_PREFERENCE attributes for all routes the router receives. To change the LOCAL_PREF value in ROUTER-BGP mode from 0 to 4294967295 with default 100, use the default local preference value command.
View route-map OS10(conf-route-map)# do show route-map route-map bgproutemap, permit, sequence 1 Match clauses: Set clauses: local-preference 500 metric 400 origin incomplete Weight attribute Influence the BGP routing based on the weight value. Routes with a higher weight value have preference when multiple routes to the same destination exist. 1 Assign a weight to the neighbor connection in ROUTER-BGP mode.
Route-map filters Filtering routes allows you to implement BGP policies. Use route-maps to control which routes the BGP neighbor or peer group accepts and advertises. 1 Enter the neighbor IP address to filter routes in ROUTER-BGP mode. neighbor ipv4-address 2 Enter Address Family mode in ROUTER-NEIGHBOR mode. address-family {[ipv4 | ipv6] [unicast]} 3 Create a route-map and assign a filtering criteria in ROUTER-BGP-NEIGHBOR-AF mode, then return to CONFIG-ROUTER-BGP mode.
6 Save the configuration. do commit When you enable a route reflector, the system automatically enables route reflection to all clients. To disable route reflection between all clients in this reflector, use the no bgp client-to-client reflection command in ROUTER-BGP mode. You must fully mesh all the clients before you disable route reflection. Configure BGP route reflector OS10(config)# router bgp 102 OS10(conf-router-bgp-102)# cluster-id 4294967295 OS10(conf-router-bgp-102)# neighbor 32.1.1.
Confederations Another way to organize routers within an AS and reduce the mesh for IBGP peers is to configure BGP confederations. As with route reflectors, Dell EMC recommends BGP confederations only for IBGP peering involving many IBGP peering sessions per router. When you configure BGP confederations, you break the AS into smaller sub-ASs. To devices outside your network, the confederations appear as one AS.
The constant router reaction to the WITHDRAWN and UPDATE notices causes instability in the BGP process. To minimize this instability, configure penalties (a numeric value) for routes that flap. When that penalty value reaches a configured limit, the route is not advertised, even if the route is up, the penalty value is 1024. As time passes and the route does not flap, the penalty value decrements or decays. If the route flaps again, it is assigned another penalty.
d* d* d* Total 3.1.4.0/24 80.1.1.2 3.1.5.0/24 80.1.1.2 3.1.6.0/24 80.1.1.2 number of prefixes: 5 00:00:12 00:00:12 00:00:12 800 9 8 i 800 9 8 i 800 9 8 i Timers To adjust the routing timers for all neighbors, configure the timer values using the timers command. If both the peers negotiate with different keepalive and hold time values, the final hold time value is the lowest values received. The new keepalive value is one-third of the accepted hold time value.
3 Configure soft-configuration for the neighbors belonging to the template. soft-reconfiguration inbound 4 Save the configuration. do commit 5 Clear all information or only specific details in EXEC mode. clear ip bgp {neighbor-address | AS Numbers | ipv4} [soft [in | out]] • * — Clears all peers. • neighbor-address — Clears the neighbor with this IP address. • AS Numbers — Peers’ AS numbers to clear. • ipv4 — Clears information for the IPv4 address family.
Parameters • both path count — Enter the number of paths to advertise to the peer, from 2 to 64. • receive — Receive multiple paths from the peer. • send path count — Enter the number of multiple paths to send multiple to the peer, from 2 to 64. Default Not configured Command Mode ROUTER-BGP-NEIGHBOR-AF Usage Information Advertising multiple paths to peers for the same address prefix without replacing the existing path with a new one reduces convergence times.
Default EBGP 30 seconds, IBGP 5 seconds Command Mode ROUTER-NEIGHBOR Usage Information The time interval applies to all peer group members of the template in ROUTER-TEMPLATE mode. The no version of this command resets the advertisement-interval value to the default. Example OS10(conf-router-neighbor)# advertisement-interval 50 Supported Releases 10.3.0E or later advertisement-start Delays initiating the OPEN message for the specified time.
Supported Releases 10.3.0E or later allowas-in Sets the number of times a local AS number appears in the AS path. Syntax allowas-in as-number Parameters as-number—Enter the number of occurrences for a local AS number, from 1 to 10. Default Disabled Command Mode ROUTER-BPG-TEMPLATE-AF Usage Information Use this command to enable the BGP speaker to allow the AS number to be present for the specified number of times in updates received from the peer.
Default Enabled Command Mode ROUTER-BGP Usage Information To enable load-balancing across different EBGP peers, configure the mutlipath-relax option. If you configure both ignore or multipath-relax options at the same time, a system-generated error message appears. The no version of this command disables configuration. Example OS10(conf-router-bgp-10)# bestpath as-path multipath-relax Supported Releases 10.3.
clear ip bgp Resets BGP IPv4 or IPv6 neighbor sessions. Syntax Parameters clear ip bgp {ipv4–address | ipv6–address | * } • IPv4–address — Enter an IPv4 address to clear a BGP neighbor configuration. • IPv6–address — Enter an IPv6 address to clear a BGP neighbor configuration. • * — Clears all BGP sessions. Default Not configured Command Mode EXEC Usage Information To reset BGP IPv4 or IPv6 neighbor sessions, use this command. Example OS10# clear ip bgp 1.1.15.4 Supported Releases 10.3.
• peers as-number—Enter an AS number for peers in the BGP confederation, from 1 to 4294967295. Default Not configured Command Mode ROUTER-BGP Usage Information Configure your system to accept 4-byte formats before entering a 4-byte AS number. All routers in the Confederation must be 4-byte or 2-byte identified routers. You cannot have a mix of 2-byte and 4-byte identified routers. The autonomous system number you configure in this command is visible to the EBGP neighbors.
cluster-id Assigns a cluster ID to a BGP cluster with multiple route reflectors. Syntax Parameters cluster-id {number | ip-address} • number—Enter a route reflector cluster ID as a 32-bit number, from 1 to 4294967295. • ip-address—Enter an IP address as the route-reflector cluster ID. Default Router ID Command Mode ROUTER-BGP Usage Information If a cluster contains only one route reflector, the cluster ID is the route reflector’s router ID.
Supported Releases 10.3.0E or later default-metric Assigns a default-metric of redistributed routes to locally originated routes. Syntax default-metric number Parameters number — Enter a number as the metric to assign to routes from other protocols, from 1 to 4294967295. Default Disabled Command Mode ROUTER-BGP Usage Information Assigns a metric for locally-originated routes such as redistributed routes.
Command Mode ROUTER-NEIGHBOR Usage Information This command avoids installation of default multihop peer routes to prevent loops and creates neighbor relationships between peers. Networks indirectly connected are not valid for best path selection. The no version of this command removes multihop session. Example OS10(conf-router-neighbor)# ebgp-multihop 2 Supported Releases 10.3.
fast-external-fallover Resets BGP sessions immediately when a link to a directly connected external peer fails. Syntax fast-external-fallover Parameters None Default Not configured Command Mode ROUTER-BGP Usage Information Fast external fall-over terminates the EBGP session immediately after the IP unreachability or link failure is detected. This only applies after you manually reset all existing BGP sessions. For the configuration to take effect, use the clear ip bgp command.
Supported Releases 10.2.0E or later local-as Configures a local AS number for a peer. Syntax Parameters local-as as-number [no-prepend] • as-number—Enter the local AS number, from 1 to 4294967295. • no-prepend—(Optional) Enter so that local AS values are not prepended to announcements from the neighbor. Default Disabled Command Mode ROUTER-NEIGHBOR or ROUTER-TEMPLATE Usage Information Facilitates the BGP network migration operation and allows you to maintain existing AS numbers.
• number—Enter the number of parallel paths, from 1 to 64. Default 64 paths Command Mode ROUTER-BGP Usage Information Dell EMC recommends not using multipath and add path simultaneously in a route reflector. To recompute the best path, use the clear ip bgp * command. The no version of this command resets the value to the default. Example (EBGP) OS10(conf-router-bgp-2)# maximum-paths ebgp 2 maxpaths Example (IBGP) OS10(conf-router-bgp-2)# maximum-paths ibgp 4 maxpaths Supported Releases 10.3.
Example OS10(conf-router-bgp-2)# neighbor 32.1.0.0 OS10(conf-router-neighbor)# Supported Releases 10.3.0E or later next-hop-self Disables the next-hop calculation for a neighbor. Syntax next-hop-self Parameters None Default Enabled Command Mode ROUTER-NEIGHBOR-AF Usage Information Influences next-hop processing of EBGP routes to IBGP peers. The no version of this command disables the nexthop calculation. Example OS10(conf-router-neighbor-af)# next-hop-self Supported Releases 10.3.
Usage Information Enable or disable outbound optimization dynamically to reset all neighbor sessions. When you enable outbound optimization, all peers receive the same update packets. The next-hop address chosen as one of the addresses of neighbor’s reachable interfaces is also the same for the peers. The no version of this command disables outbound optimization. Example OS10(conf-router-bgp-10)# outbound-optimization Supported Releases 10.3.
Example (Static — IPv6) OS10(conf-router-bgp-102)# address-family ipv6 unicast OS10(conf-router-bgpv6-af)# redistribute static Example (OSPF — IPv4) OS10(conf-router-bgp-102)# address-family ipv4 unicast OS10(conf-router-bgpv4-af)# redistribute ospf 1 Example (OSPF — IPv6) OS10(conf-router-bgp-102)# address-family ipv6 unicast OS10(conf-router-bgpv6-af)# redistribute ospf 1 Supported Releases 10.2.0E or later route-reflector-client Configures a neighbor as a member of a route-reflector cluster.
router-id Assigns a user-given ID to a BGP router. Syntax router-id ip-address Parameters ip-address — Enter an IP address in dotted decimal format. Default First configured IP address or random number Command Mode ROUTER-BGP Usage Information Change the router ID of a BGP router to reset peer-sessions. The no version of this command resets the value to the default. Example OS10(conf-router-bgp-10)# router-id 10.10.10.40 Supported Releases 10.3.
Example (IPv4) OS10(conf-router-bgp-102)# neighbor 3.3.3.1 OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-bgp-neighbor-af)# sender-side-loop-detection Example (IPv6) OS10(conf-router-bgp-102)# neighbor 32::1 OS10(conf-router-neighbor)# address-family ipv6 unicast OS10(conf-router-bgp-neighbor-af)# no sender-side-loop-detection Supported Releases 10.3.0E or later show ip bgp Displays information that BGP neighbors exchange.
Status codes: s suppressed, S stale, d dampened, h history, * valid, > best Origin codes: i - IGP, e - EGP, ? - incomplete Network From Reuse Path d* 3.1.2.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.3.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.4.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.5.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.6.0/24 80.1.1.2 00:00:12 800 9 8 i Total number of prefixes: 5 Supported Releases 10.3.0E or later show ip bgp flap-statistics Displays BGP flap statistics on BGP routes.
Command Mode EXEC Usage Information This command provides output which displays locally advertised BGPv4 routes configured using the network command. These routes show as r for redistributed/network-learned routes. Example OS10# show ip bgp ipv4 unicast summary BGP router identifier 80.1.1.1 local AS number 102 Neighbor AS MsgRcvd MsgSent Up/Down State/Pfx 80.1.1.2 800 8 4 00:01:10 5 Supported Releases 10.3.0E or later show ip bgp ipv6 unicast Displays route information for BGP IPv6 routes.
Command Mode Usage Information EXEC • BGP neighbor — Displays the BGP neighbor address and its AS number. The last phrase in the line indicates whether the link between the BGP router and its neighbor is an external or internal one. If they are located in the same AS, the link is internal; otherwise the link is external. • BGP version — Displays the BGP version (always version 4) and the remote router ID.
Example advertised- OS10# show ip bgp ipv6 unicast neighbors 192:168:1::2 advertised-routes BGP local router ID is 100.1.1.
Total number of prefixes: 10 OS10# Supported Releases 10.3.0E or later show ip bgp peer-group Displays information on BGP peers in a peer-group. Syntax show ip bgp peer-group peer-group-name Parameters peer-group-name — (Optional) Enter the peer group name to view information about that peer-group only. Default Not configured Command Mode EXEC Usage Information Example • Peer-group — Displays the peer group name. Minimum time displays the time interval between BGP advertisements.
• AS—Displays the AS number of the neighbor • MsgRcvd—Displays the number of BGP messages that the neighbor received. • MsgSent—Displays the number of BGP messages that the neighbor sent. • Up/Down—Displays the amount of time that the neighbor is in the Established stage. If the neighbor has never moved into the Established stage, the word never displays.
Command Mode ROUTER-BGP Usage Information Members of a peer-group template inherit the configuration properties of the template and share the same update policy. The no version of this command removes a peer-template configuration. Example OS10(conf-router-bgp-10)# template solar OS10(conf-router-bgp-template)# Supported Releases 10.3.0E or later timers Adjusts BGP keepalive and holdtime timers.
Equal cost multi-path ECMP is a routing technique where next-hop packet forwarding to a single destination occurs over multiple best paths. OS10 uses a hashing algorithm to determine the next-hop when you enable ECMP. The hashing algorithm makes hashing decisions based on values in various packet fields as well as some internal values. • Configure the hash algorithm in CONFIGURATION mode. hash-algorithm ecmp {crc | xor | random} • Save the configuration.
ECMP commands hash-algorithm Changes the hash algorithm that distributes traffic flows across ECMP paths and the LAG. Syntax hash-algorithm {ecmp | lag} [crc | xor | random] Parameters • ecmp — Enables ECMP hash configuration. • lag — Enables LAG hash configuration for L2 only. • crc — (Optional) Enables CRC polynomial for hash computation. • xor — (Optional) Enables upper 8 bits of CRC and lower 8 bits of XOR value for computation.
load-balancing Distributes or load balances incoming traffic using the default parameters in the hash algorithm.
Supported Releases 10.2.0E or later show hash-algorithm Displays the hash-algorithm information. Syntax show hash-algorithm Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show hash-algorithm EcmpAlgo - crc LabAlgo - xor Supported Releases 10.3.0E or later IPv4 routing OS10 supports IPv4 addressing including variable-length subnetting mask (VLSM), address resolution protocol (ARP), static routing, and routing protocols.
Assign interface IP address to interface OS10(config)# interface OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# OS10(conf-if-eth1/1/4)# ethernet 1/1/1 no shutdown no switchport ip address 10.10.1.
View configured static routes OS10# show ip route static Codes: C - connected S - static B - BGP, IN - internal BGP, EX - external BGP O - OSPF,IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, > - non-active route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change -----------------------------------------------------------------S 200.200.200.0/24 via 10.1.1.
IPv4 routing commands clear ip route Clears the specified routes from the IP routing table. Syntax Parameters clear ip route {* | ip-address} • *—Specify to clear the entire IP routing table. • ip-address —Specify the IP route to be removed from the IP routing table. Default Not configured Command Mode EXEC Usage Information This command does not remove the static routes from the routing table. Example OS10# clear ipv6 Supported Releases 10.3.0E or later route 10.1.1.
• route-preference — (Optional) Enter the range (1 to 255). Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes a static route configuration. Example OS10(config)# ip route 200.200.200.0/24 10.1.1.2 Supported Releases 10.2.0E or later show ip arp Displays the ARP table entries for specific a IP address or MAC address, static, dynamic, and a summary of all ARP entries.
Supported Releases 10.2.0E or later show ip route Displays IP route information. Syntax Parameters show ip route [all | bgp | connected | ospf process-id mask | summary] | static | ip-prefix/ • all — (Optional) Displays both active and non-active IP routes. • bgp — (Optional) Displays BGP route information. • connected — (Optional) Displays only the directly connected routes. • ospf process-id — (Optional) Displays route information for the OSPF process (1 to 65535).
Stateless autoconfiguration uses three mechanisms for IPv6 address configuration: Prefix advertisement Routers use router advertisement messages to announce the network prefix. Hosts use their interface-identifier MAC address to generate a valid IPv6 address. Duplicate address detection An IPv6 host node device checks whether that address is used anywhere on the network duplicate address detection (DAD) before configuring its IPv6 address.
Leading zeros in each field are optional. You can also use two colons (::) to represent successive hexadecimal fields of zeros, but you can use this short version only once in each address: 2001:db8::1428:57ab All addresses are all valid and equivalent: • 2001:0db8:0000:0000:0000:0000:1428:57ab • 2001:0db8:0000:0000:0000::1428:57ab • 2001:0db8:0:0:0:0:1428:57ab • 2001:0db8:0:0::1428:57ab • 2001:0db8::1428:57ab • 2001:db8::1428:57ab IPv6 networks are written using CIDR notation.
Link-local IPv6 addressing Before you configure an interface for IPv6 addressing, determine how the interface is intended to be used. Decide if you would like to use automatic IPv6 local-link interface addressing or per-interface link-local addressing. The no version of this command removes all manually configured IPv6 addresses. 1 (Optional) Enter the IPv6 address in x:x:x:x::x format, then the prefix length in /x format (/0 to /128) in INTERFACE mode to manually configure the link-local address.
B - BGP, IN - internal BGP, EX - external BGP O - OSPF,IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, > - non-active route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change -------------------------------------------------------------------------S 2111:dddd:eee::22/12via 2001:db86:fff::2 ethernet1/1/1 1/1 00:01:24 View IPv6 information Use the show ipv6 route command to view configuratio
Default Not configured Command Mode EXEC Usage Information This command does not remove the static routes from the routing table. Example OS10# clear ipv6 Supported Releases 10.3.0E or later route * ipv6 route Configures a static IPv6 static route. Syntax ipv6 route ipv6–prefix mask {next-hop | interface interface [route-preference]} Parameters • ipv6-prefix—Enter the IPv6 address in X:X:.X:X.
Example (All) OS10# show ipv6 route all Codes: C - connected S - static B - BGP, IN - internal BGP, EX - external BGP O - OSPF,IA - OSPF inter area, N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, > - non-active route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change --------------------------------------------------------- Example (Connected) OS10# show ipv6 route connected Codes: C - connected S - static B
Autonomous system areas OSPF operates in a type of hierarchy. The largest entity within the hierarchy is the autonomous system (AS). The AS is a collection of networks under a common administration that share a common routing strategy. OSPF is an intra-AS, interior gateway routing protocol that receives routes from and sends routes to other AS. You can divide an AS into several areas, which are groups of contiguous networks and attached hosts administratively grouped.
Configure all routers within an assigned stub area as stubby and do not generate LSAs that do not apply. For example, a Type 5 LSA is intended for external areas and the stubby area routers may not generate external LSAs. A virtual link cannot traverse stubby areas. Networks and neighbors As a link-state protocol, OSPF sends routing information to other OSPF routers concerning the state of the links between them. The up or down state of those links is important.
can connect to many areas in an AS and is considered a member of each area it connects to—shown as Router H in the example. Autonomous system The autonomous system border router (ASBR) connects to more than one AS and exchanges information with the border router routers in other ASs. The ASBR connects to a non-IGP such as BGP or uses static routes—shown as Router N in the example.
Type 7—NSSAExternal LSA (OSPFv2), Type-7 LSA (OSPFv3) Routers in an NSSA do not receive external LSAs from ABRs but send external routing information for redistribution. They use Type 7 LSAs to tell the ABRs about these external routes, which the ABR then translates to Type 5 external LSAs and floods as normal to the rest of the OSPF network. Type 8—Link LSA (OSPFv3) LSA carries the IPv6 address information of the local links.
OSPF route limit OS10 supports up to 16,000 OSPF routes. Within this range, the only restriction is on intra-area routes that scale only up to 100 routes. Other OSPF routes can scale up to 16 K. Enable OSPF OSPF is disabled by default. Configure at least one interface as either physical or LOOPBACK and assign an IP address to the interface. You can assign any area besides area 0 a number ID. The OSPF process starts automatically when you configure OSPF globally and enabled for one or more interfaces.
! interface ethernet1/1/2 ip ospf 65535 area 3 no switchport no shutdown ip address 160.1.1.2/24 ! interface ethernet1/1/3:1 ip ospf 65535 area 2 no switchport no shutdown ip address 140.1.1.1/24 ! interface ethernet1/1/29 channel-group 128 no switchport no shutdown ! interface ethernet1/1/31 switchport mode trunk switchport trunk allowed vlan 200 no shutdown ! interface vlan200 ip ospf 65535 area 0 no shutdown ip address 13.1.1.1/24 ! interface port-channel128 ip ospf 65535 area 0 ip address 12.1.1.
SPF algorithm executed 38 times Area ranges are Stub areas Type 5 LSAs are not flooded into stub areas. The ABR advertises a default route into the stub area to which it is attached. Stub area routers use the default route to reach external destinations. 1 Enable OSPF routing and enter ROUTER-OSPF mode, from 1 to 65535. router ospf instance number 2 Configure an area as a stub area in ROUTER-OSPF mode. area area-id stub [no-summary] • • 3 area-id—Enter the OSPF area ID as an IP address (A.B.C.
150.1.1.0 160.1.1.0 150.1.1.1 99.99.99.99 119 312 0x80000001 0x80000001 0x58D1 0x909B Summary ASBR (Area 0) Link ID ADV Router Age Seq# Checksum --------------------------------------------------10.15.0.1 150.1.1.1 80 0x80000001 0xC5E1 101.101.101.101 99.99.99.99 228 0x80000001 0x89AE Router (Area 2) Link ID ADV Router Age Seq# Checksum Link-count ----------------------------------------------------------10.1.0.1 10.1.0.1 343 0x80000002 0x4F91 11 99.99.99.99 99.99.99.
120.1.7.0 120.1.8.0 120.1.9.0 120.1.10.0 140.1.1.0 150.1.1.0 99.99.99.99 99.99.99.99 99.99.99.99 99.99.99.99 99.99.99.99 99.99.99.99 80 81 81 81 385 116 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x83F 0xFC49 0xF153 0xE65D 0x3BFE 0xC26C NSSA External (Area 3) Link ID ADV Router Age Seq# Checksum --------------------------------------------------0.0.0.0 99.99.99.99 320 0x80000001 0xBB0A 98.1.1.0 101.101.101.
Fast convergence Fast convergence sets the minimum origination and arrival LSA parameters to zero (0), allowing rapid route calculation. A higher convergence level can result in occasional loss of OSPF adjacency. Convergence level 1 meets most convergence requirements. The higher the number, the faster the convergence, and the more frequent the route calculations and updates. This impacts CPU utilization and may impact adjacency stability in larger topologies.
Interface parameters To avoid routing errors, interface parameter values must be consistent across all interfaces. For example, set the same time interval for the hello packets on all routers in the OSPF network to prevent misconfiguration of OSPF neighbors. 1 To change the OSPFv2 parameters in CONFIGURATION mode, enter the interface. interface interface-name 2 Change the cost associated with OSPF traffic on the interface in INTERFACE mode, from 1 to 65535. The default depends on the interface speed.
1 2 Enter which routes redistribute into the OSPF process in ROUTER-OSPF mode. redistribute {bgp | connected | static} [route-map map-name] • bgp | connected | static—Enter a keyword to redistribute those routes. • route-map map-name—Enter a name of a configured route map. Apply the configuration.
! router ospf 100 log-adjacency-changes OSPFv3 OSPFv3 is an IPv4 and IPv6 link-state routing protocol that supports IPv6 and IPv4 unicast address families (AFs). OSPFv3 is disabled by default. You must configure at least one interface, either physical or loopback, and assign an IP address to that interface. The OSPF process automatically starts when OSPFv3 is enabled for one or more interfaces. Any area besides area 0 can have any number ID assigned to it.
View OSPFv3 Status OS10(conf-router-ospf# do show ipv6 ospf Configure Stub Areas The Type 5 LSAs are not flooded into stub areas. The ABR advertises a default route into the stub area to which it is attached. Stub area routers use the default route to reach external destinations. 1 Enable OSPFv3 routing and enter ROUTER-OSPFv3 mode (1 to 65535). router ospfv3 instance number 2 Configure an area as a stub area in ROUTER-OSPFv3 mode.
ADV Router Age Seq# Link ID Interface -------------------------------------------------------------199.205.134.103 42 0x80000001 12 ethernet1/1/3 202.254.156.15 54 0x80000001 12 ethernet1/1/3 Enable Passive Interfaces A passive interface is one that does not send or receive routing information. Configuring an interface as a passive interface suppresses routing updates (both receiving and sending).
4 Change the time interval (in seconds) between hello-packet transmission in INTERFACE mode (1 to 65535, default 10). The hello interval must be the same on all routers in the OSPFv3 network. ipv6 ospf hello-interval seconds 5 Change the priority of the interface, which determines the DR for the OSPFv3 broadcast network in INTERFACE mode (0 to 255, default 1). ipv6 ospf priority number 6 Save the configuration.
ip ospf 100 area 0.0.0.0 ! router ospf 100 log-adjacency-changes OSPF commands area default-cost Sets the metric for the summary default route generated by the ABR and sends it to the stub area. Use the area default-cost command on the border routers at the edge of a stub area. Syntax area area-id default-cost cost Parameters • area-id — Enter the OSPF area in dotted decimal format (A.B.C.D.) or enter a number (0 to 65535).
area range Summarizes routes matching an address/mask at an area in ABRs. Syntax Parameters area area-id range ip-address [no-advertise] • area-id — Set the OSPF area ID as an IP address (A.B.C.D) or number (1 to 65535). • ip-address — (Optional) Enter an IP address/mask in dotted decimal format. • no-advertise — (Optional) Set the status to Do Not Advertise. The Type 3 summary-LSA is suppressed and the component networks remain hidden from other areas.
Usage Information The value set by the ipv6 ospf cost command in INTERFACE mode overrides the cost resulting from the auto-cost command. The no version of this command resets the value to the default.
Parameters number — Enter a default-metric value (1 to 16777214). Default Not configured Command Mode ROUTER-OSPF Usage Information The no version of this command disables the default-metric configuration. Example OS10(conf-router-ospf-10)# default-metric 2000 Supported Releases 10.2.0E or later fast-converge Sets the minimum LSA origination and arrival times to zero (0) allowing more rapid route computation so that convergence takes less time.
Parameters cost — Enter a value as the OSPF cost for the interface (1 to 65335). Default 1 Command Mode INTERFACE Usage Information Interface cost is based on the auto-cost command if not configured. This command configures OSPF over multiple vendors to ensure that all routers use the same cost. If you manually configure the cost, the calculated cost based on the reference bandwidth does not apply to the interface. The no version of this command removes the IP OSPF cost configuration.
ip ospf mtu-ignore Disables OSPF MTU mismatch detection on receipt of DBD packets. Syntax ip ospf mtu-ignore Parameters None Default Not configured Command Mode INTERFACE Usage Information When neighbors exchange DBD packets, the OSPF process checks if the neighbors are using the same MTU on a common interface. If the receiving MTU in the DBD packet is higher than the IP MTU configured on the incoming interface, OSPF adjacency does not establish.
Supported Releases 10.2.0E or later ip ospf priority Sets the priority of the interface to determine the designated router for the OSPF network. Syntax ip ospf priority number Parameters number — Enter a router priority number (0 to 255). Default 1 Command Mode INTERFACE Usage Information When two routers attached to a network attempt to become the designated router, the one with the higher router priority takes precedence. The no version of this command resets the value to the default.
Supported Releases 10.2.0E or later log-adjacency-changes Enables logging of syslog messages about changes in the OSPFv3 adjacency state. Syntax log-adjacency-changes Parameters None Default Disabled Command Mode ROUTER-OSPF and ROUTER-OSPFv3 Usage Information The no version of this command resets the value to the default. Example OS10(config)# router ospfv3 10 OS10(conf-router-ospf-10)# log-adjacency-changes Supported Releases 10.3.
redistribute Redistributes information from another routing protocol or routing instance to the OSPFv3 process. Syntax redistribute {bgp as-number route-map route-map name | connected | static} Parameters • as-number — Enter an autonomous number to redistribute BGP routing information throughout the OSPFv3 instance (1 to 4294967295). • route-map name — Enter the name of a configured route-map. • connected — Enter the information from connected (active) routes on interfaces to redistribute.
Parameters instance-number—Enter a router OSPF instance number, from 1 to 65535. Default Not configured Command Mode CONFIGURATION Usage Information Assign an IP address to an interface before using this command. The no version of this command deletes an OSPF instance. Example OS10(config)# router ospf 10 Supported Releases 10.2.0E or later router ospfv3 Enters Router OSPFv3 mode and configures an OSPFv3 instance.
Number of interface in this area is 1 SPF algorithm executed 42 times Area ranges are Supported Releases 10.2.0E or later show ip ospf asbr Displays all the ASBR visible to OSPF. Syntax show ip ospf [process-id] asbr Parameters process-id—(Optional) Displays information based on the process ID. Default Not configured Command Mode EXEC Usage Information You can isolate problems with external routes. External OSPF routes are calculated by adding the LSA cost to the cost of reaching the ASBR router.
112.2.1.1 112.112.112.1 112.112.112.2 112.2.1.1 112.112.112.1 112.112.112.2 1282 1305 1305 0x8000000b 0x0485 0x80000250 0xbab2 0x80000250 0xbeaa 3 1 1 Network (Area 0) Link ID 110.1.1.2 111.1.1.1 111.2.1.1 112.1.1.1 112.2.1.1 ADV Router 112.2.1.1 111.2.1.1 111.2.1.1 112.2.1.1 112.2.1.
120.1.5.0 120.1.6.0 120.1.7.0 120.1.8.0 120.1.9.0 120.1.10.0 150.1.1.0 160.1.1.0 99.99.99.99 99.99.99.99 99.99.99.99 99.99.99.99 99.99.99.99 99.99.99.99 99.99.99.99 99.99.99.99 79 79 79 79 79 79 114 313 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x80000001 0x96BA 0x8BC4 0x80CE 0x75D8 0x6AE2 0x5FEC 0x3BFB 0xAE7F Router (Area 3) Link ID ADV Router Age Seq# Checksum Link-count -------------------------------------------------------------------------99.99.99.99 99.99.99.
220.1.9.0 220.1.10.0 Supported Releases 10.15.0.1 10.15.0.1 18 18 0x800000CF 0x800000CF 0xE321 0xD82B 10.2.0E or later show ip ospf database asbr-summary Displays information about AS boundary LSAs. Syntax show ip ospf [process-id] database asbr-summary Parameters process-id—(Optional) Displays the AS boundary LSA information for a specified OSPF process ID. If you do not enter a process ID, this applies only to the first OSPF process.
Parameters process-id—(Optional) Displays AS external (Type 5) LSA information for a specified OSPF Process ID. If you do not enter a Process ID, this command applies only to the first OSPF process. Default Not configured Command Mode EXEC Usage Information Example • LS Age — Displays the LS age. • Options — Displays the optional capabilities available on the router. • LS Type — Displays the Link State type. • Link State ID — Identifies the router ID.
show ip ospf database network Displays information about network (Type 2) LSA information. Syntax show ip ospf [process-id] database network Parameters process-id — (Optional) Displays network (Type2) LSA information for a specified OSPF Process ID. If you do not enter a Process ID, this command applies only to the first OSPF process. Default Not configured Command Mode EXEC Usage Information Example • Link ID — Identifies the router ID. • ADV Router — Identifies the advertising router’s ID.
Parameters process-id — (Optional) Displays NSSA-External (Type7) LSA information for a specified OSPF Process ID. If you do not enter a Process ID, this command applies only to the first OSPF process. Default Not configured Command Mode EXEC Usage Information Example • LS Age — Displays the LS age. • Options — Displays the optional capabilities available on the router. • LS Type — Displays the Link State type. • Link State ID — Identifies the router ID.
Metric: 20 Forward Address: 0.0.0.0 External Route Tag: 0 LS age: 65 Options: (No TOS-Capability, No DC, No Type 7/5 translation) LS type: NSSA External Link State ID: 13.1.1.0 Advertising Router: 2.2.2.2 LS Seq Number: 0x80000001 Checksum: 0xB0F6 Length: 36 Network Mask: /24 Metric Type: 2 TOS: 0 Metric: 20 Forward Address: 0.0.0.0 External Route Tag: 0 LS age: 65 Options: (No TOS-Capability, No DC, No Type 7/5 translation) LS type: NSSA External Link State ID: 14.1.1.0 Advertising Router: 2.2.2.
Example OS10# show ip ospf database opague-area OSPF Router with ID (1.1.1.1) (Process ID 100) Type-10 Area Local Opaque (Area 0.0.0.1) LS age: 3600 Options: (No TOS-Capability, No DC) LS type: Type-10 Area Local Opaque Link State ID: 8.1.1.2 Advertising Router: 2.2.2.2 LS Seq Number: 0x80000008 Checksum: 0x83B8 Length: 28 Opaque Type: 8 Opaque ID: 65794 !! ! Supported Releases 10.2.0E or later show ip ospf database opaque-as Displays information about the opaque-as (Type 11) LSAs.
Opaque Type: 8 Opaque ID: 65795 Supported Releases 10.2.0E or later show ip ospf database opaque-link Displays information about the opaque-link (Type 9) LSA. Syntax show ip ospf [process-id] database opaque-link Parameters process-id — (Optional) Displays the opaque-link (Type 9) LSA information for an OSPF Process ID. If you do not enter a Process ID, this command applies only to the first OSPF process.
Default Not configured Command Mode EXEC Usage Information Example • Link ID — Displays the router ID • ADV Router — Displays the advertising router’s ID • Age — Displays the Link State age • Seq# — Displays the Link State sequence number (identifies old or duplicate LSAs) • Checksum — Displays the Fletcher checksum of an LSA’s complete contents to check the integrity of the data • Link count — Displays the number of interfaces for that router OS10# show ip ospf database router OSPF Router
Default Not configured Command Mode EXEC Usage Information Example • LS Age—Displays the LS age. • Options—Displays the optional capabilities available on the router. • LS Type—Displays the Link State type. • Link State ID—Identifies the router ID. • Advertising Router—Identifies the advertising router’s ID. • LS Seq Number—Identifies the LS sequence number (identifies old or duplicate LSAs). • Checksum—Displays the Fletcher checksum of an LSA’s complete contents.
Checksum: 0xAB87 Length: 28 Network Mask: /24 TOS: 0 Metric: 1 Supported Releases 10.2.0E or later show ip ospf interface Displays the configured OSPF interfaces. You must enable OSPF to display output. Syntax show ip ospf interface [process-id]interface or show ip ospf [process-id] interface [interface] Parameters • process-id — (Optional) Displays information for an OSPF Process ID. If you do not enter a Process ID, this command applies only to the first OSPF process.
• vlan — VLAN interface (1 to 4094). Default Not configured Command Mode EXEC Usage Information Use the keyword to sort the OSPF statistics display by a specified interface type.
timers lsa arrival Configures the LSA acceptance intervals. Syntax timers lsa arrival arrival-time Parameters arrival-time — Set the interval between receiving the LSA in milliseconds (0 to 600,000). Default 1000 milliseconds Command Mode ROUTER-OSPF Usage Information Setting the LSA arrival time between receiving the LSA repeatedly ensures that the system gets enough time to accept the LSA. The no version of this command resets the value to the default.
area stub Defines an area as the OSPF stub area. Syntax Parameters area area-id stub [no-summary] • area-id—Set the OSPFv3 area ID as an IP address (A.B.C.D) or number (1 to 65535). • no-summary—(Optional) Prevents an area border router from sending summary link advertisements into the stub area. Default Not configured Command Mode ROUTER-OSPF and ROUTER-OSPFv3 Usage Information The no version of this command deletes a stub area.
Parameters instance-number — Enter an OSPFv3 instance number (1 to 65535). Default Not configured Command Mode EXEC Usage Information None Example OS10# clear ipv6 ospf 3 process Supported Releases 10.3.0E or later log-adjacency-changes Enables logging of syslog messages about changes in the OSPFv3 adjacency state.
• area-id—Enter the OSPFv3 area ID in dotted decimal format (A.B.C.D) or enter an area ID number (1 to 65535). Default Not configured Command Mode INTERFACE Usage Information The no version of this command removes an interface from an OSPFv3 area. Example OS10(config)# interface vlan 10 OS10(conf-if-vl-10)# ipv6 ospf 10 area 1 Supported Releases 10.3.
ipv6 ospf hello-interval Sets the time interval between hello packets sent on an interface. Syntax ipv6 ospf hello-interval seconds Parameters seconds — Enter the hello-interval value in seconds (1 to 65535). Default 10 seconds Command Mode INTERFACE Usage Information All routers in a network must have the same hello time interval between the hello packets. The no version of the this command resets the value to the default.
Supported Releases 10.3.0E or later ipv6 ospf priority Sets the priority of the interface to determine the designated router for the OSPFv3 network. Syntax ipv6 ospf priority number Parameters number — Enter a router priority number (0 to 255). Default 1 Command Mode INTERFACE Usage Information When two routers attached to a network attempt to become the designated router, the one with the higher router priority takes precedence. The no version of this command resets the value to the default.
Default Not configured Command Mode ROUTER-OSPF and ROUTER-OSPFv3 Usage Information Configure an arbitrary value in the IP address format for each router. Each router ID must be unique. Use the fixed router ID for the active OSPFv3 router process. Changing the router ID brings down the existing OSPFv3 adjacency. The new router ID is effective at the next reload. The no version of this command disables the router ID configuration.
Number of area in this router is 1, normal 1 stub 0 nssa Area (0.0.0.0) Number of interface in this area is 1 SPF algorithm executed 3 times Supported Releases 10.3.0E or later show ipv6 ospf database Displays all LSA information. You must enable OSPFv3 to generate output. Syntax show ipv6 ospf process-id database Parameters process-id — Enter the OSPFv3 process ID to view a specific process. If you do not enter a process ID, the command applies only to the first OSPFv3 process.
show ipv6 ospf interface Displays the configured OSPFv3 interfaces. You must enable OSPFv3 to display the output. Syntax show ipv6 ospf interface interface Parameters interface — (Optional) Enter the interface information: • ethernet — Physical interface (1 to 48) • port-channel — Port-channel interface (1 to 128). • vlan — VLAN interface 1 to 4094).
Object tracking manager Object tracking manager (OTM) allows you to track the link status of Layer 2 interfaces, and the reachability of IP and IPv6 hosts. You can increase the availability of the network and shorten recovery time if an object state goes Down. Object tracking monitors the status of tracked objects and communicates any changes made to interested client applications. OTM client applications are VRRP and PBR.
Interface tracking You can create an object that tracks the line-protocol state of a Layer 2 or Layer 3 interface, and monitors its operational status (Up or Down). You can configure up to 500 objects. Each object is assigned a unique ID. The no version of this command deletes the tracked object from an interface. When the link-level status goes down, the tracked resource status is also considered Down. If the link-level status goes up, the tracked resource status is also considered Up.
A tracked host is reachable if there is an ARP cache entry for the router's next-hop address. An attempt to regenerate the ARP cache entry occurs if the next-hop address appears before considering the route Down. 1 Configure object tracking in CONFIGURATION mode. track object-id 2 Enter the host IP address for reachability of an IPv4 or IPv6 route in OBJECT TRACKING mode.
In VRRP object tracking, the sum of the priority costs for all tracked objects and interfaces cannot equal or exceed the priority of the VRRP group. View tracked objects You can view the status of currently tracked Layer 2 or Layer 3 interfaces, or the IPv4 or IPv6 hosts.
Example OS10(conf-track-100)# delay up 200 down 100 Supported Releases 10.3.0E or later interface line-protocol Configures an object to track a specific interface's line-protocol status. Syntax interface interface line-protocol Parameters interface — Enter the interface information: • ethernet — Physical interface. • port-channel — Enter the port-channel identifier. • vlan — Enter the VLAN identifier. • loopback — Enter the Loopback interface identifier.
Command Mode CONFIGURATION Usage Information None Example OS10(config)# track 200 OS10(conf-track-200)# ipv6 10::1 reachability Supported Releases 10.3.0E or later reachability-refresh Configures a polling interval for reachability tracking. Syntax reachability-refresh interval Parameters interval — Enter the polling interval value (up to 3600 seconds). Defaults 0 seconds Command Mode CONFIGURATION Usage Information Set the interval to 0 to disable the refresh.
track Configures and manages tracked objects. Syntax track object-id Parameters object-id — Enter the object ID to track (up to 500). Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes the tracked object from an interface. Example OS10# track 100 Supported Releases 10.3.
Configure IPv4 access-list to match route-map OS10(config)# ip access-list acl5 OS10(conf-ipv4-acl)# permit ip 10.10.10.0/24 any OS10(conf-ipv4-acl)# do commit Configure IPv6 access-list to match route-map OS10(config)# ipv6 access-list acl8 OS10(conf-ipv6-acl)# permit ipv6 10::10 any OS10(conf-ipv6-acl)# do commit Set address to match route-map You can set an IPv4 or IPv6 address to match a route-map. 1 Enter the IPv4 or IPv6 address to match and specify the access-list name in Route-Map mode.
1 View IPv4 or IPv6 PBR policy information in EXEC mode. show {ip | ipv6} policy name 2 View the current PBR statistics in EXEC mode. show route-map map-name pbr-statistics 3 Clear all policy statistics information in EXEC mode.
Command Mode ROUTE-MAP Usage Information None Example OS10(conf-route-map)# match ip address acl1 Supported Releases 10.3.0E or later policy route-map Assigns a route-map for IPv4 or IPV6 policy-based routing to the interface. Syntax {ip | ipv6} policy route-map [map-name] Parameters map-name—Enter the name of a configured route-map (up to 140 characters).
Example OS10(conf-route-map)# set ip next-hop 10.10.10.10 Supported Releases 10.3.0E or later set next-hop track Sets the next-hop IPv4 or IPv6 address to track the PBR object. Syntax Parameters set {ip | ipv6} next-hop address track track-id • address—Enter an IPv4 or IPv6 address. • track-id—(Optional) Enter the track ID of the PBR object. Defaults Not configured Command Mode ROUTE-MAP Usage Information None Example OS10(conf-route-map)# set ip next-hop 10.10.10.
Supported Releases 10.3.0E or later Virtual router redundancy protocol VRRP allows you to form virtual routers from groups of physical routers on your LAN. These virtual routing platforms — master and backup pairs — provide redundancy in case of hardware failure. VRRP also allows you to easily configure a virtual router as the default gateway to all your hosts and avoids the single point of failure of a physical router.
The example shows a typical network configuration using VRRP. Instead of configuring the hosts on network 10.10.10.0 with the IP address of either Router A or Router B as the default router, the default router of all hosts is set to the IP address of the virtual router. When any host on the LAN segment requests Internet access, it sends packets to the IP address of the virtual router.
Use the version both command in Configuration mode to migrate from VRRPv2 to VRRPv3. When you set the VRRP version to version both, the switch sends only VRRPv3 advertisements but can receive VRRPv2 or VRRPv3 packets. 1 Set the switch with the lowest priority to version both. 2 Set the switch with the highest priority to version 3. 3 Set all switches from version both to version 3.
3 Save the configuration. do commimt Configure virtual IP address OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# no switchport OS10(conf-if-eth1/1/1)# ip address 10.1.1.1/24 OS10(conf-if-eth1/1/1)# vrrp-group 10 OS10(conf-eth1/1/1-vrid-10)# virtual-address 10.1.1.8 OS10(conf-eth1/1/1-vrid-10)# do commit Verify virtual IP address OS10# show running-configuration ! Version 10.1.9999P.
Set group priority Set a virtual router priority to 255 to ensure that router is the owner virtual router for the VRRP group. The router which has the highest primary IP address of the interface becomes the master. The default priority for a virtual router is 100. If the master router fails, VRRP begins the election process to choose a new master router based on the next-highest priority. 1 Create a virtual router for the interface with the VRRP identifier in INTERFACE mode (1 to 255).
Configure VRRP authentication OS10(config)# interface ethernet 1/1/5 OS10(conf-if-eth1/1/5)# vrrp-group 250 OS10(conf-eth1/1/5-vrid-250)# authentication simple-text eureka OS10(conf-eth1/1/5-vrid-250)# do commit Verify VRRP authentication configuration OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# vrrp-group 1 OS10(conf-eth1/1/1-vrid-1)# authentication simple-text dell OS10(conf-eth1/1/1-vrid-1)# do commit Disable preempt Prevent the Backup router with the higher priority from becoming the
Advertisement interval By default, the Master router transmits a VRRP advertisement to all members of the VRRP group every one second, indicating it is operational and is the Master router. If the VRRP group misses three consecutive advertisements, the election process begins and the Backup virtual router with the highest priority transitions to Master.
If the tracked interface goes down, the VRRP group’s priority decreases by a default value of 10 — also known as cost. If the tracked interface’s state goes up, the VRRP group’s priority increases by priority-cost. The lowered priority of the VRRP group may trigger an election. As the Master/Backup VRRP routers are selected based on the VRRP group’s priority, tracking features ensure that the best VRRP router is the Master for that group.
switchport access vlan 1 no shutdown ! interface ethernet1/1/4 switchport access vlan 1 no shutdown ! interface ethernet1/1/5 switchport access vlan 1 no shutdown ! interface ethernet1/1/6 switchport access vlan 1 no shutdown ! ..... ..... interface vlan1 no shutdown ! interface mgmt1/1/1 no shutdown ! support-assist ! track 10 track-interface ethernet1/1/1 VRRP commands advertise-interval Sets the time interval between VRRP advertisements.
Parameters • simple-text password — Enter a simple text password. • auth-text — (Optional) Enter a character string up to eight characters long as a password. Default Disabled Command Mode INTERFACE-VRRP Usage Information With authentication enabled, OS10 ensures that only trusted routers participate in routing in an autonomous network. The no version of this command disables authentication of VRRP data exchanges.
show vrrp Displays VRRP group information. Syntax show vrrp {brief | vrrp-id | ipv6 group-id} Parameters • brief — Displays the configuration information for all VRRP instances in the system. • vrrp-id — Enter a VRRP group ID number to view the VRRP IPv4 group operational status information (1 to 255). • ipv6 group-id — (Optional) Enter a VRRP group ID number to view the specific IPv6 group operational status information (1 to 255).
Example OS10(conf-eth1/1/5-vrid-254)# track 400 Example (Priority Cost) OS10(conf-eth1/1/5-vrid-254)# track 400 priority-cost 20 Supported Releases 10.2.0E or later track-interface Monitors an interface and lowers the priority value of the VRRP group on that interface, if disabled. Syntax Parameters track-interface {ethernet node/slot/port[:subport]} [line-protocol] • ethernet node/slot/port[:subport] — (Optional) Enter the keyword and the interface information to track.
vrrp delay reload Sets the delay time for VRRP initialization after a system reboot. Syntax vrrp delay reload seconds Parameters seconds — Enter the number of seconds for the VRRP reload time (0 to 900). Default 0 Command Mode CONFIGURATION Usage Information VRRP delay reload time of zero seconds indicates no delays. This command configuration applies to all the VRRP configured interfaces. The no version of this command resets the value to the default.
Example OS10(conf-if-eth1/1/7)# vrrp-ipv6-group 250 Supported Releases 10.2.0E or later vrrp version Sets the VRRP protocol version for the IPv4 group. Syntax Parameters vrrp version {2 | both | 3} • 2 — Set to VRRP version 2. • both — Allows in-service migration from VRRP version 2 to VRRP version 3. • 3 — Set to VRRP version 3. Default Not configured Command Mode CONFIGURATION Usage Information Use the both parameter to migrate from VRRPv2 to VRRPv3.
5 System management Dynamic host configuration protocol Provides information to dynamically assign IP addresses and other configuration parameters to network hosts based on policies (see DHCP commands). Network time protocol Provides information about how to synchronize timekeeping between time servers and clients (see NTP commands). Security Provides information about role-based access control, RADIUS server, user roles, and user names (see Security eommands).
The table shows common options using DHCP packet formats.
DHCP automates network-parameter assignment to network devices. Even in small networks, DHCP is useful because it makes it easier to add new devices to the network. The DHCP access service minimizes the overhead required to add clients to the network by providing a centralized, server-based setup. This setup means you do not have to manually create and maintain IP address assignments for clients.
Address lease time Use the lease {days [hours] [minutes] | infinite} command to configure an address lease time (default 24 hours). OS10(config)# ip dhcp OS10(conf-dhcp)# pool OS10(conf-dhcp-Dell)# OS10(conf-dhcp-Dell)# server Dell lease 36 do commit Default gateway Ensure the IP address of the default router is on the same subnet as the client. 1 Enable DHCP server-assigned dynamic addresses on an interface in CONFIGURATION mode.
DNS address resolution OS10(config)# ip dhcp OS10(conf-dhcp)# pool OS10(conf-dhcp-Dell)# OS10(conf-dhcp-Dell)# OS10(conf-dhcp-Dell)# server Dell domain-name dell.com dns-server 192.168.1.1 do commit NetBIOS WINS address resolution DHCP clients can be one of four types of NetBIOS nodes — broadcast, peer-to-peer, mixed, or hybrid. Dell EMC recommends using hybrid as the NetBIOS node type. 1 Enable DHCP server-assigned dynamic addresses on an interface in DHCP mode.
OS10(conf-dhcp-static)# hardware-address 00:01:e8:8c:4d:0a OS10(conf-dhcp-static)# do commit View DHCP binding table OS10# show ip dhcp binding IP Address Hardware address Lease expiration Hostname +-------------------------------------------------------------------------11.1.1.254 00:00:12:12:12:12 Jan 27 2016 06:23:45 Total Number of Entries in the Table = 1 View DHCP Information Use the show ip dhcp binding command to view the DHCP binding table entries.
! Last configuration change at Feb 20 04:50:33 2017 ! username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/VKx8SloIhp4NoGZs0I/ UNwh8WVuxwfd9q4pWIgNs5BKH. aaa authentication system:local ip domain-name dell.com ip domain-list f10.com ip name-server 1.1.1.1 2::2 ip host dell-f10.com 10.10.10.10 snmp-server community public read-only snmp-server contact http://www.dell.
dns-server address Assigns a DNS server to clients based on the address pool. Syntax Parameters dns-server address [address2...address8] • address — Enter the DNS server IP address that services clients on the subnet in A.B.C.D or A::B format. • address2...address8 — (Optional) Enter up to eight DNS server addresses, in order of preference. Default Not configured Command Mode DHCP-POOL Usage Information None Example OS10(conf-dhcp-Dell)# dns-server 192.168.1.1 Supported Releases 10.2.
host Assigns a host to a single IPv4 or IPv6 address pool for manual configurations. Syntax host A.B.C.D/A::B Parameters A.B.C.D/A::B — Enter the host IP address in A.B.C.D or A::B format. Default Not configured Command Mode DHCP-POOL Usage Information The host address is the IP address used by the client machine for DHCP. Example OS10(conf-dhcp-Dell)# host 20.1.1.100 Supported Releases 10.2.0E or later ip dhcp server Enters DHCP mode.
lease Configures a lease time for the IP addresses in a pool. Syntax Parameters lease {infinite | days [hours] [minutes]} • infinite — Enter the keyword to configure a lease which never expires. • days — Enter the number of lease days (0 to 31). • hours — Enter the number of lease hours (0 to 23). • minutes — Enter the number of lease minutes (0 to 59). Default 24 hours Command Mode DHCP-POOL Usage Information The no version of this command removes the lease configuration.
• Hybrid — Enter h-node. • Mixed — Enter m-node. • Peer-to-peer — Enter p-node. Default Hybrid Command Mode DHCP-POOL Usage Information The no version of this command resets the value to the default. Example OS10(conf-dhcp-Dell)# netbios-node-type h-node Supported Releases 10.2.0E or later network Configures a range of IPv4 or IPv6 addresses in the address pool. Syntax network address/mask Parameters address/mask — Enter a range of IP addresses and subnet mask in A.B.C.
Default Not configured Command Mode EXEC Usage Information Use this command to view the DHCP binding table. Example OS10# show ip dhcp binding IP Address Hardware address Lease expiration Hostname +----------------------------------------------------11.1.1.254 00:00:12:12:12:12 Jan 27 2016 06:23:45 Total Number of Entries in the Table = 1 Supported Releases 10.2.0E or later DNS commands OS10 supports the configuration of a DNS host and domain parameters.
Supported Releases 10.2.0E or later ip host Configures mapping between the host name server and the IP address. Syntax ip host [host-name] address Parameters • host-name — (Optional) Enter the name of the host. • address — Enter an IPv4 or IPv6 address of the name server in A.B.C.D or A::B format. Default Not configured Command Mode CONFIGURATION Usage Information The name-to-IP address table uses this mapping information to resolve host names.
Default Not configured Command Mode EXEC Usage Information This command displays domain and host information. Example OS10# show hosts Default Domain Name : dell.com Domain List : abc.com Name Servers : 1.1.1.1 20::2 ============================================= Static Host to IP mapping Table ============================================= Host IP-Address --------------------------------------------dell-pc1 20.1.1.1 Supported Releases 10.2.
Enable NTP NTP is disabled by default. To enable NTP, configure an NTP server to which the system synchronizes. To configure multiple servers, enter the command multiple times. Multiple servers may impact CPU resources. 1 Enter the IP address of the NTP server to which the system synchronizes in CONFIGURATION mode. ntp server ip-address 2 Save the configuration.
Disable NTP broadcasts OS10(config)# interface ethernet 1/1/10 OS10(conf-if-eth1/1/10)# ntp disable Source IP address Configure one interface IP address to include in all NTP packets. The source address of NTP packets is the interface IP address the system uses to reach the network by default. 1 2 Configure a source IP address for NTP packets in CONFIGURATION mode. ntp source interface • ethernet — Enter the keyword and node/slot/port information. • port-channel — Enter the keyword and number.
• prefer — Enter the keyword to set this NTP server as the preferred server. 5 Configure the NTP master and enter the stratum number that identifies the NTP server hierarchy in CONFIGURATION mode (2 to 10, default 8). ntp master <2–10> 6 Save the configuration. do commit Configure NTP OS10(config)# OS10(config)# OS10(config)# OS10(config)# OS10(config)# OS10(config)# ntp authenticate ntp trusted-key 345 ntp authentication-key 345 mdf 0 5A60910FED211F02 ntp server 1.1.1.
• 0 — Set to unencrypted format (default). • 7 — Set to hidden encryption. • key — Enter the authentication key. Default 0 Command Mode CONFIGURATION Usage Information The authentication number must be the same as the number parameter configured in the ntp trusted-key command. Use the ntp authenticate command to enable NTP authentication. Example OS10(config)# ntp authentication-key 1200 md5 0 dell Supported Releases 10.2.
Parameters stratum — Enter the stratum number to identify the NTP server hierarchy (2 to 10). Default 8 Command Mode CONFIGURATION Usage Information The no version of this command resets the value to the default. Example OS10(config)# ntp master 6 Supported Releases 10.2.0E or later ntp server Configures an NTP time-serving host. Syntax ntp server {hostname | ipv4-address | ipv6-address} [key keyid] [prefer] Parameters • hostname — Enter the host name of the server.
Usage Information The no version of this command removes the configuration. Example OS10(config)# ntp source ethernet 1/1/24 Supported Releases 10.2.0E or later ntp trusted-key Sets a key to authenticate the system to which NTP synchronizes with. Syntax ntp trusted-key number Parameters number — Enter the trusted key ID (1 to 4294967295).
• disp — Dispersion. Example OS10# show ntp associations remote ref clock st when poll reach delay offset disp ============================================================= 10.10.120.5 0.0.0.0 16 - 256 0 0.00 0.000 16000.0 *172.16.1.33 127.127.1.0 11 6 16 377 -0.08 -1499.9 104.16 172.31.1.33 0.0.0.0 16 - 256 0 0.00 0.000 16000.0 192.200.0.2 0.0.0.0 16 - 256 0 0.00 0.000 16000.0 Supported Releases 10.2.0E or later show ntp status Displays NTP configuration information.
Set time and date OS10# clock set 18:30:10 2017-01-25 View system time and date OS10# show clock 2017-01-25T18:30:17.92+00:00 System Time and Date Commands clock set Sets the system time. Syntax Parameters clock set time year-month-day time Enter time in the format hour:minute:second, where hour is 1 to 24; minute is 1 to 60; second is 1 to 60. For example, enter 5:15 PM as 17:15:00.
Energy-efficient Ethernet Energy-efficient Ethernet (EEE) reduces power the consumption of physical layer devices (PHYs) during idle periods. EEE allows Dell Networking devices to conform to green computing standards. An Ethernet link consumes power when a link is idle. EEE allows for Ethernet links to use the regular power mode only during data transmission. EEE is enabled on devices that support LOW POWER IDLE (LPI) mode.
Clear counters for specific interface OS10# clear counters interface 1/1/48 eee Clear eee counters on ethernet1/1/48 [confirm yes/no]:yes View EEE status/statistics You can view the EEE status or statistics for a specified interface, or all interfaces, using show commands.
clear counters interface eee Clears all EEE counters. Syntax clear counters interface eee Parameters None Default Not configured Command Mode EXEC Usage Information Use this command to clear all EEE counters. Example OS10# clear counters interface eee Clear all eee counters [confirm yes/no]:yes Supported Releases 10.3.0E or later clear counters interface ethernet eee Clears EEE counters on a specified interface.
Supported Releases 10.3.0E or later show interface eee Displays the EEE status for all interfaces. Syntax show interface eee Parameters None Default Not configured Command Mode EXEC Example OS10# show interface eee Port EEE Status Speed Duplex --------------------------------------------Eth 1/1/1 off up 1000M ... Eth 1/1/47 on up 1000M Eth 1/1/48 on up 1000M Eth 1/1/49 n/a Eth 1/1/50 n/a Eth 1/1/51 n/a Eth 1/1/52 n/a Supported Releases 10.3.
Parameters node/slot/port[:subport]—Enter the interface information. Default Not configured Command Mode EXEC Example OS10# show interface ethernet 1/1/48 eee Port EEE Status Speed Duplex --------------------------------------------Eth 1/1/48 on up 1000M Supported Releases 10.3.0E or later show interface ethernet eee statistics Displays EEE statistics for a specified interface.
UFT Mode L2 MAC Table Size L3 Host Table Size L3 Routes Table Size Default 163840 147456 16384 Table 3. UFT Modes — Table Size for S3000 UFT Mode L2 MAC Table Size L3 Host Table Size L3 Routes Table Size Scaled-l2–switch 40960 2048 8192 Scaled-l3–hosts 8192 18432 8192 Default 28672 8192 8192 Table 4.
UFT commands hardware forwarding-table mode Select a mode to initialize the maximum scalability size. The available options are: scaled L2 MAC address table, scaled L3 routes table, or scaled L3 hosts table. Syntax hardware forwarding-table mode {scaled-l2 | scaled-l3-routes | scaled-l3-hosts} Use the no hardware forwarding-table mode command to set the UFT mode to default. Parameters • scaled-l2 —Maximize the MAC address table size. • scaled-l3-routes — Maximize the L3 routes table size.
show hardware forwarding-table mode all Displays table sizes for the available hardware forwarding table modes. Syntax show hardware forwarding-table mode all Parameters None Defaults None Command Mode EXEC Usage Information Use this command to view details of all the forwarding-table modes.
role, and many users can have the same role. When you enter a user role, you are authenticated and authorized. You do not need to enter an enable password because you are automatically placed in EXEC mode. OS10 supports the constrained RBAC model. With this model, you can inherit permissions when you create a new user role, restrict or add commands a user can enter, and set the actions the user can perform. This allows greater flexibility when assigning permissions for each command to each role.
2 Configure the number of times OS10 retransmits RADIUS requests in CONFIGURATION mode (0 to 100, default 3). radius-server retransmit retries 3 Configure the time interval in seconds OS10 waits for a RADIUS server host response in CONFIGURATION mode (0 to 1000, default 5). radius-server timeout seconds 4 Save the configuration.
----- ----- ------- -------- ----------- ----- ---------------------- ---1 ttyS0 admin sysadmin login/clish . 2016-04-14 02:06:00 Security commands aaa authentication Configures the AAA authentication method for user access. Syntax aaa authentication {local | radius} Parameters • local — Enter to use local (RBAC) access control. • radius — Enter to use the RADIUS server configured with the radius-server host command.
Supported Releases 10.2.0E or later radius-server key Configures the authentication key the RADIUS server uses. Syntax radius-server key value Parameters value — Enter the authentication key value known both to the RADIUS client and server. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command resets the value to the default. Example OS10(config)# radius-server key md5 Supported Releases 10.2.
show users Displays information for all users logged into OS10. Syntax show users Parameters None Default Not configured Command Mode EXEC Usage Information Use this command to view current OS10 users. Example OS10# show users Index Line User Role Application Idle Location Login-Time Lock ------------------------------------------------------------------1 ttyS0 admin sysadmin login/clish . 2016-04-29 01:02:00 Supported Releases 10.2.
SNMP commands SNMP traps: Enable SNMP notifications to be sent to network management host devices. snmp-server community Configures a new community string access. The management station is a member of the same community as the SNMP agent. Syntax Parameters snmp-server community community-name {ro} • community-name — Enter a text string to act as an SNMP password (up to 20 characters). • ro — Enter to set read-only permission.
Example OS10(config)# snmp-server location datacenter10 Supported Releases 10.2.0E or later OS10 image upgrade The image download command simply downloads the software image — it does not install the software on your device. The image install command downloads the image, and installs the image to the standby partition. The image upgrade command downloads, installs, changes the next boot partition, and reloads the new software image.
• standby — Sets the standby partition as the subsequent boot partition. View boot detail OS10# show boot detail Current system image information detail: ========================================== Type: Node-id 1 Boot Type: Flash Boot Active Partition: B Active SW Version: 10.2.EE.1965 Active Kernel Version: Linux 3.16.7-ckt20 Active Build Date/Time: 2016-04-28T02:50:10Z Standby Partition: A Standby SW Version: 10.2.EE.
Parameters None Default Not configured Command Mode EXEC Usage Information This command attempts to cancel an active file download in progress. Example OS10# image cancel Supported Releases 10.2.0E or later image copy Copies the entire image in the active partition to the standby partition (mirror image). Syntax image copy active-to-standby Parameters active-to-standby — Enter to copy the entire image in the active partition to the standby partition (mirror image).
image install Installs a new image, either from a previously downloaded file or from a remote location. Syntax Parameters image install file-url • file-url — Location of the image file: • ftp://userid:passwd@hostip/filepath — Enter the path to install from a remote FTP server. • http[s]://hostip/filepath — Enter the path to install from the remote HTTP or HTTPS server. • scp://userid:passwd@hostip/filepath — Enter the path to install from a remote SCP file system.
Example OS10# image upgrade ftp://10.206.28.174/PKGS_OS10-Enterprise-10.2.0E.190installer-x86_64.bin. Supported Releases 10.2.0E or later show boot Displays boot partition-related information. Syntax show boot [detail] Parameters detail — (Optional) Enter to display detailed information. Default Not configured Command Mode EXEC Usage Information Use the boot system command to set the boot partition for the next reboot.
Task Start: Task End: Transfer Progress: Transfer Bytes: File Size: Transfer Rate: 0000-00-00T00:00:00Z 0000-00-00T00:00:00Z 0 % 0 bytes 0 bytes 0 kbps Installation State: idle ----------------------------------------------State Detail: No install information available Task Start: 0000-00-00T00:00:00Z Task End: 0000-00-00T00:00:00Z Supported Releases 10.2.0E or later show version Displays software version information.
6 Access Control Lists OS10 uses two types of access policies — hardware-based ACLs and software-based route-maps. Use an ACL to filter traffic such as IP, transmission control protocol (TCP), or user datagram protocol (UDP) packets, and drop or forward matching packets. Use a route-map to redistribute routes that match configured criteria.
NOTE: Hot lock ACLs are supported for ingress ACLs only. MAC ACLs MAC ACLs filter traffic on the L2 header of a packet. This traffic filtering is based on: Source MAC packet address MAC address range (address mask in 3x4 dotted hexadecimal notation), and any to denote that the rule matches all source addresses. Destination MAC packet address MAC address range (address-mask in 3x4 dotted hexadecimal notation), and any to denote that the rule matches all destination addresses.
Permit all packets on interface OS10(config)# ip access-list ABC OS10(conf-ipv4-acl)# permit ip any 10.1.1.1/32 OS10(conf-ipv4-acl)# deny ip any 10.1.1.1/32 fragments L3 ACL rules Use ACL commands for Layer 3 (L3) packet filtering. TCP packets from host 10.1.1.1 with TCP destination port equal to 24 are permitted, and all others are denied. TCP packets that are first fragments or non-fragmented from host 10.1.1.
Assign sequence number to filter IP ACLs filter on source and destination IP addresses, IP host addresses, TCP addresses, TCP host addresses, UDP addresses, and UDP host addresses. Traffic passes through the filter by filter sequence. Configure the IP ACL by first entering IP ACCESS-LIST mode and then assigning a sequence number to the filter. User-provided sequence number • Enter IP ACCESS LIST mode by creating an IP ACL in CONFIGURATION mode.
• Egress L2 ACL L2 and L3 targeted traffic L2 ACL / L3 ACL Targeted traffic Deny / Deny L3 ACL denies Deny / Permit L3 ACL permits Permit / Deny L3 ACL denies Permit / Permit L3 ACL permits Assign and apply ACL filters You can assign an IP ACL filter to a physical interface to filter an Ethernet interface, a port-channel interface, or a VLAN.
seq 120 deny icmp 20.1.6.0/24 any fragment count (0 packets) seq 130 permit 150 any any dscp 63 count (0 packets) Use the count option when creating ACL entries to view the number of packets matching the ACL. • Create an ACL that uses rules with the count option (see Assign sequence number to filter). • Apply the ACL as an inbound or outbound ACL on an interface in CONFIGURATION mode, and view the number of packets matching the ACL.
Apply rules to ACL filter OS10(config)# interface ethernet 1/1/29 OS10(conf-if-eth1/1/29)# ip access-group egress out OS10(conf-if-eth1/1/29)# exit OS10(config)# ip access-list egress OS10(conf-ipv4-acl)# seq 10 deny ip any any count fragment OS10(conf-ipv4-acl)# do commit View IP ACL filter configuration OS10# show ip access-lists out Egress IP access-list abcd Active on interfaces : ethernet1/1/29 seq 10 deny ip any any fragment count (100 packets) Clear access-list counters Clear IPv4, IPv6, or MAC acce
• After a route matches a filter, the filter’s action applies and no additional filters apply to the route Use prefix-lists in processing routes for routing protocols such as OSPF, RTM, and BGP. To configure a prefix-list, use commands in PREFIX-LIST and ROUTER-BGP modes. Create the prefix-list in PREFIX-LIST mode and assign that list to commands in ROUTER-BGP modes.
• If a route matches a prefix-list set to permit, the route is denied View both IP prefix-list and route-map OS10(conf-router-bgp-neighbor-af)# do show ip prefix-list ip prefix-list p1: seq 1 deny 10.1.1.0/24 seq 10 permit 0.0.0.0/0 le 32 ip prefix-list p2: seq 1 permit 10.1.1.0/24 seq 10 permit 0.0.0.
• Enter an IPv6 address in A::B format of the next-hop for a BGP route update in ROUTE-MAP mode. set ipv6 next-hop address • Enter the range value for the BGP route’s LOCAL_PREF attribute in ROUTE-MAP mode (0 to 4294967295). set local-preference range-value • Enter a metric value for redistributed routes in ROUTE-MAP mode (0 to 4294967295). set metric {+ | - | metric-value} • Enter an OSPF type for redistributed routes in ROUTE-MAP mode.
You can activate flow-based mirroring of traffic by using the flow-based enable command. Traffic with particular flows that are traversing through the ingress interfaces are examined. Appropriate ACL rules apply in the ingress direction. By default, flow-based mirroring is not enabled. To enable the evaluation and replication of traffic traversing to the destination port, configure the monitor option with the permit, deny, or seq commands for ACLs assigned to the source or the monitored port (MD).
OS10(conf-ipv4-acl)# seq 10 permit ip 102.1.1.
Default Not configured Command Mode EXEC Usage Information If you do not enter an access-list name, all IP access-list counters clear. The counter counts the number of packets that match each permit or deny statement in an access-list. Clear the counters to start at zero to get a more recent count of packets matching an access-list. Use the show access-lists command to view access-list information. Example OS10# clear ipv6 access-list counters Supported Releases 10.2.
• • byte — (Optional) Count bytes the filter processes. • dscp value — (Optional) Deny a packet based on the DSCP values (0 to 63). • fragment — (Optional) Use ACLs to control packet fragments. host ip-address — (Optional) Enter the keyword and the IP address to use a host address only. Default Not configured Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes when you use the count byte options — only bytes increment.
deny (MAC) Configures a filter to drop packets with a specific MAC address. Syntax deny {nn:nn:nn:nn:nn:nn [00:00:00:00:00:00] | any} {nn:nn:nn:nn:nn:nn [00:00:00:00:00:00] | any} [protocol-number | capture | cos | count | vlan] Parameters • nn:nn:nn:nn:nn:nn — Enter the MAC address of the network from or to which the packets are sent. • 00:00:00:00:00:00 — (Optional) Enter which bits in the MAC address must match. If you do not enter a mask, a mask of 00:00:00:00:00:00 applies.
Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes when you use the count byte options — only bytes increment. The no version of this command removes the filter. Example OS10(config)# ip access-list egress OS10(conf-ipv4-acl)# deny icmp any any capture session 1 count Supported Releases 10.2.0E or later deny icmp (IPv6) Configures a filter to drop all or specific ICMP messages.
• • byte — (Optional) Count bytes the filter processes. • dscp value — (Optional) Deny a packet based on the DSCP values (0 to 63). • fragment — (Optional) Use ACLs to control packet fragments. host ip-address — (Optional) Enter the IP address to use a host address only. Default Not configured Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes when you use the count byte options — only bytes increment. The no version of this command removes the filter.
deny tcp Configures a filter that drops transmission control protocol (TCP) packets meeting the filter criteria. Syntax Parameters deny tcp [A.B.C.D | A.B.C.D/x | any | host ip-address [eq]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [eq]] [ack | fin | psh | rst | syn | urg] [capture |count [byte] | dscp value | fragment] • A.B.C.D — Enter the IP address in A.B.C.D format. • A.B.C.D/x — Enter the number of bits to match in A.B.C.D/x format.
• • capture — (Optional) Capture packets the filter processes. • count — (Optional) Count packets the filter processes. • byte — (Optional) Count bytes the filter processes. • dscp value — (Optional) Deny a packet based on the DSCP values (0 to 63). • fragment — (Optional) Use ACLs to control packet fragments. host ipv6-address — (Optional) Enter the IPv6 address to use a host address only.
Example OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# deny udp any any capture session 1 count Supported Releases 10.2.0E or later deny udp (IPv6) Configures a filter to drop UDP IPv6 packets that match filter criteria.
Default Disabled Command Modes IPV4-ACL, IPV6-ACL, MAC-ACL Usage Information The no version of this command deletes the ACL description. Example OS10(conf-ipv4-acl)# description ipacltest Supported Releases 10.2.0E or later ip access-group Assigns an IP access list (IP ACL) to an interface. Syntax ip access-group access-list-name {in | out} Parameters • access-list-name — Enter the name of an IPv4 access list (up to 140 characters). • in — Apply the ACL to incoming traffic.
Parameters • name — Enter the access list name (1 to 140). • ASNumber — Enter the AS number. Defaults Not configured Command Mode CONFIGURATION Usage Information You can specify an access list filter on both inbound and outbound BGP routes. Each filter is an access list based on regular expressions. If the regular expression matches the representation of the AS path of the route as an ASCII string, the permit or deny condition applies. The AS path does not contain the local AS number.
• internet — Enter the keyword for an Internet community. Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the community list. Example OS10(config)# ip community-list standard STD_LIST deny local-AS Supported Release 10.3.0E or later ip community–list standard permit Creates a standard community list for BGP to permit access.
Command Mode CONFIGURATION Usage Information The no version of this command removes the extended community list. Example OS10(config)# ip extcommunity-list standard STD_LIST deny 4byteas-generic transitive 1.65534:40 Supported Release 10.3.0E or later ip extcommunity-list standard permit Creates an extended community list for BGP to permit access.
ip prefix-list deny Creates a prefix list to deny route filtering from a specified network address. Syntax ip prefix-list name deny [A.B.C.D/x [ge | le]] prefix-len Parameters • name — Enter the name of the prefix list. • A.B.C.D/x — (Optional) Enter the source network address and mask in /prefix format (/x). • ge — Enter the keyword to indicate the network address is greater than or equal to the range specified.
Parameters • name — Enter the name of the prefix list. • num — Enter the sequence list number. • A.B.C.D/x — Enter the source network address and mask in /prefix format (/x). • ge — Enter the keyword to indicate the network address is greater than or equal to the range specified. • le — Enter the keyword to indicate the network address is less than or equal to the range specified. • prefix-len — Enter the prefix length.
Default Not configured Command Mode INTERFACE Usage Information The no version of this command deletes an IPv6 ACL configuration. Example OS10(conf-if-eth1/1/8)# ipv6 access-group test6 in Supported Releases 10.2.0E or later ipv6 access-list Creates an IP access list (IP ACL) to filter based on an IPv6 address. Syntax ipv6 access-list access-list-name Parameters access-list-name — Enter the name of an IPv6 access list (up to 140 characters).
ipv6 prefix-list description Configures a description of an IPv6 prefix-list. Syntax Parameters ipv6 prefix-list name description • name — Enter the name of the IPv6 prefix-list. • description — Enter the description for the named prefix-list. Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the specified prefix list. Example OS10(config)# ipv6 prefix-list TEST description TEST_LIST Supported Release 10.3.
• ge — Enter the keyword to indicate the network address is greater than or equal to the range specified. • le — Enter the keyword to indicate the network address is less than or equal to the range specified. • prefix-len — Enter the prefix length. Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the specified prefix-list. Example OS10(config)# ipv6 prefix-list TEST seq 65535 deny AB20::1/128 ge 10 Supported Release 10.3.
Example OS10(config)# mac access-group maclist in OS10(conf-mac-acl)# Supported Releases 10.2.0E or later mac access-list Creates a MAC access list (MAC ACL) to filter based on an MAC address. Syntax mac access-list access-list-name Parameters access-list-name — Enter the name of a MAC access list (up to 140 characters). Default Not configured Command Mode CONFIGURATION Usage Information None Example OS10(config)# mac access-list maclist Supported Releases 10.2.
Example OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# permit udp any any capture session 1 count Supported Releases 10.2.0E or later permit (IPv6) Configures a filter to allow packets with a specific IPv6 address.
• 00:00:00:00:00:00 — (Optional) Enter which bits in the MAC address must match. If you do not enter a mask, a mask of 00:00:00:00:00:00 applies. • any — (Optional) Set which routes are subject to the filter: • protocol-number — Enter the MAC protocol number identified in the MAC header (600 to ffff). • capture — (Optional) Enter the capture packets the filter processes. • count — (Optional) Enter the count packets the filter processes.
permit icmp (IPv6) Configures a filter to permit all or specific ICMP messages. Syntax permit icmp [A::B | A::B/x | any | host ipv6-address] [A::B | A:B/x | any | host ipv6-address] [capture | count [byte] | dscp value | fragment] Parameters • A::B — Enter the IPv6 address in hexadecimal format separated by colons. • A::B/x — Enter the number of bits that must match the IPv6 address.
Usage Information OS10 cannot count both packets and bytes when you use the count byte options — only bytes increment. Use the no version of this command to remove the filter. Example OS10(conf-ipv4-acl)# permit ip any any capture session 1 count Supported Releases 10.2.0E or later permit ipv6 Configures a filter to permit all or specific packets from an IPv6 address.
• • dscp value — (Optional) Permit a packet based on the DSCP values (0 to 63). • fragment — (Optional) Use ACLs to control packet fragments. • eq — (Optional) Permit packets which are equal to. • ack — (Optional) Set the bit as acknowledgement. • fin — (Optional) Set the bit as finish (no more data from sender). • psh — (Optional) Set the bit as push. • rst — (Optional) Set the bit as reset. • syn — (Optional) Set the bit as synchronize. • urg — (Optional) Set the bit set as urgent.
permit udp Configures a filter that allows UDP packets meeting the filter criteria. Syntax Parameters permit udp [A.B.C.D | A.B.C.D/x | any | host ip-address [eq | lt | gt | neq | range]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [eq | lt | gt | neq | range] ] [ack | fin | psh | rst | syn | urg] [capture |count [byte] | dscp value | fragment] • A.B.C.D — Enter the IP address in dotted decimal format. • A.B.C.D/x — Enter the number of bits that must match the dotted decimal address.
permit udp (IPv6) Configures a filter to permit UDP packets meeting the filter criteria. Syntax permit udp [A::B | A::B/x | any | host ipv6-address [eq]] [A::B | A:B/x | any | host ipv6-address [eq]] [ack | fin | psh | rst | syn | urg] [capture | count bytes | dscp value | fragment] Parameters • A::B — Enter the IPv6 address in hexadecimal format separated by colons. • A::B/x — Enter the number of bits that must match the IPv6 address.
Usage Information Use different sequence numbers for the remark and the ACL rule. Configure up to 4294967295 remarks for a given IPv4, IPv6, or MAC. Example OS10(conf-ipv4-acl)# remark 10 Deny rest of the traffic OS10(conf-ipv4-acl)# remark 5 Permit traffic from XYZ Inc. Supported Releases 10.2.0E or later seq deny Assigns a sequence number to deny IP addresses while creating the filter. Syntax Parameters seq sequence-number deny [protocol-number | icmp | ip | tcp | udp] [A.B.C.D | A.B.C.
seq deny (IPv6) Assigns a sequence number to deny IPv6 addresses while creating the filter. Syntax seq sequence-number deny [protocol-number icmp | ip | tcp | udp] [A::B | A::B/x | any | host ipv6-address] [A::B | A::B/x | any | host ipv6-address] [capture | count [byte] | dscp value | fragment] Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number (0 to 4294967295). • protocol-number — (Optional) Enter the protocol number (0 to 255).
• 00:00:00:00:00:00 — (Optional) Enter which bits in the MAC address must match. If you do not enter a mask, a mask of 00:00:00:00:00:00 applies. • any — (Optional) Set all routes which are subject to the filter: • protocol-number — Protocol number identified in the MAC header (600 to ffff). • capture — (Optional) Capture packets the filter processes. • cos — (Optional) CoS value (0 to 7). • count — (Optional) Count packets the filter processes.
Example OS10(config)# ip access-list egress OS10(conf-ipv4-acl)# seq 5 deny icmp any any capture session 1 count Supported Releases 10.2.0E or later seq deny icmp (IPv6) Assigns a sequence number to deny ICMP messages while creating the filter.
• • capture — (Optional) Capture packets the filter processes. • count — (Optional) Count packets the filter processes. • byte — (Optional) Count bytes the filter processes. • dscp value — (Optional) Deny a packet based on the DSCP values (0 to 63). • fragment — (Optional) Use ACLs to control packet fragments. host ip-address — (Optional) Enter the IP address to use a host address only.
seq deny tcp Assigns a filter to deny TCP packets while creating the filter. Syntax seq sequence-number deny tcp [A.B.C.D | A.B.C.D/x | any | host ip-address [eq]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [eq] ] [ack | fin | psh | rst | syn | urg] [capture |count [byte] | dscp value | fragment] Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number (0 to 4294967295). • A.B.C.D — Enter the IP address in dotted decimal format. • A.B.C.
Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number (0 to 4294967295). • A::B — Enter the IPv6 address in hexadecimal format separated by colons. • A::B/x — Enter the number of bits that must match the IPv6 address. • any — (Optional) Set all routes which are subject to the filter: • • capture — (Optional) Capture packets the filter processes. • count — (Optional) Count packets the filter processes.
• • fragment — (Optional) Use ACLs to control packet fragments. • eq — (Optional) Deny packets which are equal to. • ack — (Optional) Set the bit as acknowledgement. • fin — (Optional) Set the bit as finish (no more data from sender). • psh — (Optional) Set the bit as push. • rst — (Optional) Set the bit as reset. • syn — (Optional) Set the bit as synchronize. • urg — (Optional) Set the bit set as urgent. host ip-address — (Optional) Enter the IP address to use a host address only.
Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes — when you enter the count byte options, only bytes increment. Use the no version of this command to remove the filter, or use the no seq sequence-number command if you know the filter’s sequence number. Example OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# seq 10 deny udp any any capture session 1 count Supported Releases 10.2.
Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number (0 to 4294967295). • protocol-number — (Optional) Enter the protocol number (0 to 255). • A::B — Enter the IPv6 address in hexadecimal format separated by colons. • A::B/x — Enter the number of bits that must match the IPv6 address. • any — (Optional) Set all routes which are subject to the filter: • • capture — (Optional) Enter to capture packets the filter processes.
Usage Information OS10 cannot count both packets and bytes — when you configure the count byte options, only bytes increment. Use the no version of this command to remove the filter, or use the no seq sequence-number command if you know the filter’s sequence number. Example OS10(config)# mac access-list macacl OS10(conf-mac-acl)# seq 10 permit 00:00:00:00:11:11 00:00:11:11:11:11 any cos 7 OS10(conf-mac-acl)# seq 20 permit 00:00:00:00:11:11 00:00:11:11:11:11 any vlan 2 Supported Releases 10.2.
Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number (0 to 4294967295). • A::B — Enter the IPv6 address in hexadecimal format separated by colons. • A::B/x — Enter the number of bits that must match the IPv6 address. • any — (Optional) Set all routes which are subject to the filter: • • capture — (Optional) Capture packets the filter processes. • count — (Optional) Count packets the filter processes.
Usage Information OS10 cannot count both packets and bytes — when you enter the count byte options, only bytes increment. Use the no version of this command to remove the filter, or use the no seq sequence-number command if you know the filter’s sequence number. Example OS10(config)# ip access-list egress OS10(conf-ipv4-acl)# seq 5 permit ip any any capture session 1 count Supported Releases 10.2.0E or later seq permit ipv6 Assigns a sequence number to allow packets while creating the filter.
Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number (0 to 4294967295). • A.B.C.D — Enter the IP address in dotted decimal format. • A.B.C.D/x — Enter the number of bits that must match the dotted decimal address. • any — (Optional) Set all routes which are subject to the filter: • • capture — (Optional) Capture packets the filter processes. • count — (Optional) Count packets the filter processes.
• • fragment — (Optional) Use ACLs to control packet fragments. • eq — (Optional) Deny packets which are equal to. • ack — (Optional) Set the bit as acknowledgement. • fin — (Optional) Set the bit as finish (no more data from sender). • psh — (Optional) Set the bit as push. • rst — (Optional) Set the bit as reset. • syn — (Optional) Set the bit as synchronize. • urg — (Optional) Set the bit set as urgent. host ipv6-address — (Optional) Enter the IPv6 address to use a host address only.
Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes — when you enter the count byte options, only bytes increment. Use the no version of this command to remove the filter, or use the no seq sequence-number command if you know the filter’s sequence number. Example OS10(config)# ip access-list egress OS10(conf-ipv4-acl)# seq 5 permit udp any any capture session 1 count Supported Releases 10.2.
show access-group Displays IP, MAC, or IPv6 access-group information. Syntax Parameters show {ip | mac | ipv6} access-group name • ip — View IP access list information. • mac — View MAC access group information. • ipv6 — View IPv6 access group information. • access-group name — Enter the name of the access group.
Active on interfaces : ethernet 3/0 ethernet 3/1 seq 10 permit any any seq 20 permit 11:11:11:11:11:11 22:22:22:22:22:22 any monitor count bytes (0 bytes) Example (MAC Out) OS10# show mac access-lists out Egress MAC access list aaa Active on interfaces : ethernet 3/0 ethernet 3/1 seq 10 permit any any seq 20 permit 11:11:11:11:11:11 22:22:22:22:22:22 any monitor count bytes (0 bytes) Example (IP In) OS10# show ip access-lists in Ingress IP access list aaaa Active on interfaces : ethernet 3/0 ethernet 3/1 s
show ip as-path-access-list Displays the configured AS path access lists. Syntax show ip as-path-access-list [name] Parameters name — (Optional) Specify the name of the AS path access list. Defaults None Command Mode EXEC Usage Information None Example OS10# show ip as-path-access-list ip as-path access-list hello permit 123 deny 35 Supported Releases 10.3.0E or later show ip community-list Displays the configured IP community lists in alphabetic order.
permit RT:1:1 deny SOO:1:4 Supported Releases 10.3.0E or later show ip prefix-list Displays configured IPv4 or IPv6 prefix list information. Syntax show {ip | ipv6} prefix-list [prefix-name] Parameters • ip | ipv6—(Optional) Displays information related to IPv4 or IPv6. • prefix-name — Enter a text string for the prefix list name (up to 140 characters). Defaults None Command Mode EXEC Usage Information None Example OS10# show ip prefix-list ip prefix-list hello: seq 10 deny 1.2.3.
match as-path Configures a filter to match routes that have a certain AS path in their BGP paths. Syntax match as-path as-path-name Parameters as-path-name — Enter the name of an established AS-PATH ACL (up to 140 characters). Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes a match AS path filter. Example OS10(config)# route-map bgp OS10(conf-route-map)# match as-path pathtest1 Supported Releases 10.3.
Example OS10(config)# route-map bgp OS10(conf-route-map)# match extcommunity extcommlist1 exact-match Supported Releases 10.3.0E or later match interface Configures a filter to match routes whose next-hop is the configured interface. Syntax match interface interface Parameters interface — Interface type: • ethernet node/slot/port[:subport] — Enter the Ethernet interface information as the next-hop interface.
match ip next-hop Configures a filter to match based on the next-hop IP addresses specified in IP prefix lists. Syntax match ip next-hop prefix-list prefix-list Parameters prefix-list — Enter the name of the configured prefix list (up to 140 characters). Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes the match. Example OS10(config)# route-map bgp OS10(conf-route-map)# match ip next-hop Supported Releases prefix-list test100 10.3.
Supported Releases 10.3.0E or later match metric Configures a filter to match on a specific value. Syntax match metric metric-value Parameters metric-value — Enter a value to match the route metric against (0 to 4294967295). Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes the match. Example OS10(conf-route-map)# match metric 429132 Supported Releases 10.2.
• local — Match only on routes generated locally. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes the match. Example OS10(config)# route-map bgp OS10(conf-route-map)# match route-type external type-1 Supported Releases 10.3.0E or later match tag Configures a filter to redistribute only routes that match a specific tag value.
set comm-list delete Configure a filter to remove the specified community list from the BGP route’s COMMUNITY attribute. Syntax set comm-list {community-list-name} delete Parameters community-list-name — Enter the name of an established community list (up to 140 characters). Defaults None Command Mode ROUTE-MAP Usage Information The community list used in the set comm-list delete command must be configured so that each filter contains only one community.
Defaults None Command Mode ROUTE-MAP Usage Information The no version of this command inserts the community list into the EXTCOMMUNITY attribute. Example OS10(config)# route-map bgp OS10(conf-route-map)# set extcomm-list TestList delete Supported Releases 10.3.0E or later set extcommunity Sets the extended community attributes in a route map for BGP updates.
set metric Set a metric value for a routing protocol. Syntax set metric [+ | -] metric-value Parameters • + — (Optional) Add a metric value to the redistributed routes. • - — (Optional) Subtract a metric value from the redistributed routes. • metric-value — Enter a new metric value (0 to 4294967295). Default Not configured Command Mode ROUTE-MAP Usage Information To establish an absolute metric, do not enter a plus or minus sign before the metric value.
• external — Sets the cost of the external routes so that it is equal to the sum of all internal costs and the external cost. • internal — Sets the cost of the external routes so that it is equal to the external cost alone (default). The no version of this command removes the set clause from a route map. Example OS10(conf-route-map)# set metric-type internal Supported Releases 10.2.0E or later set next-hop Sets an IPv4 or IPv6 address as the next-hop.
set tag Sets a tag for redistributed routes. Syntax set tag tag-value Parameters tag-value — Enter a tag number for the route to redistribute (0 to 4294967295). Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes the set clause from a route map. Example OS10(conf-route-map)# set tag 23 Supported Releases 10.2.0E or later set weight Set the BGP weight for the routing table.
community hello metric 2 origin egp route-type external type-1 tag 10 Set clauses: metric-type type-1 origin igp tag 100 Supported Releases 10.3.
7 Quality of service Quality of service (QoS) manages the delay, jitter, bandwidth, and packet loss parameters on a network. OS10 devices examine each received packet and place the packet into different classes of service (CoS) by assigning a traffic class ID depending on the packet QoS parameters. QoS allows you to assign different behaviors to different traffic classes.
ingress policy actions include 802.1p or DSCP marking, rate-limiting (policing), enable honoring of 802.1p (CoS), or honoring of DSCP field of incoming packets. The policy actions executed for egress traffic are called egress policy actions. Allowed egress policy actions include scheduling, rateshaping, and WRED. You can define policies for a set of traffic classes with actions to be taken for each class. QoS-type policy-maps define policies for traffic classes created by the QoS-type class-maps.
If you apply a policy-map with L2 parameters (match criteria or marking is only for L2 header fields) only, and both L2 and L3 interfaces are configured on that system, OS10 displays an error message. If you apply an L2 policy-map on an L3 configured interface, OS10 also displays an error message. Class-map configuration You can implement classification or filtering packets into various traffic classes based on a packet match criteria using class-maps.
Show class-map OS10(conf-cmap-qos)# do show class-map type qos c1 Class-map (qos): c1 (match-cos) Create policy-map P1 for class C1 OS10(config)# policy-map p1 OS10(conf-pmap-qos)# class c1 OS10(conf-pmap-c-qos)# set qos-group 1 OS10(conf-pmap-c-qos)# do commit Show policy-map OS10(conf-pmap-c-qos)# do show policy-map Service-policy(qos) input: p1 Class-map (qos): c1 set qos-group 1 Interface policy-map You can apply policy-maps directly to interfaces.
Service-policy (Input)(qos): p1 Service-policy (Output)(queuing): p2 OS10(conf-if-eth1/1/1)# do show qos interface ethernet 1/1/1 Interface unknown-unicast-storm-control : Disabled multicast-storm-control : Disabled broadcast-storm-control : Disabled flow-control-rx : Disabled flow-control-tx : Disabled ets mode : Disabled Control-plane policy-map You can apply the policies created to the control-plane. 1 Enter CONTROL-PLANE configuration mode from CONFIGURATION mode.
View service policies OS10(conf-sys-qos)# do show qos system Service-policy (input)(qos): p1 Service-policy (output)(queuing): p2 Ingress traffic priorities By default, OS10 does not honor 802.1 p priorities on ingress traffic. Honoring 802.1p means assigning a traffic-class ID implicitly based on incoming packets. You can use the trust command only under the ingress QoS policy-type, and under the reserved class-map name class-trust to enable honoring of 802.1p priorities on ingress traffic.
DSCP/CP hex range (XXX)xxx DSCP definition / traditional IP precedence Internal queue ID / DSCP/CP decimal — 8-queue 000XXX BE, best effort / best effort 0 / 0-7 1 Create a policy-map, and configure a name for the policy-map in CONFIGURATION mode. policy-map [type qos] policy-map-name 2 Associate the class-trust class-map with the policy-map in POLICY-MAP-CLASS-MAP mode. class-map class-trust 3 Honor incoming IP packets to classify this packet to a traffic-class ID in POLICY-MAP mode.
3 Set the scheduler as the strict priority in POLICY-MAP-CLASS-MAP mode. priority 4 Save the configuration. do commit Apply policy-map 1 You can now apply the policy-map to the interface (INTERFACE mode) or all interfaces—SYSTEM-QOS mode. system qos OR interface ethernet node/slot/port[:subport] 2 Enter the output service-policy in SYSTEM-QOS mode or INTERFACE mode. service-policy {output} type {queuing} policy-map-name 3 Save the configuration.
2 Add the match criteria for the CoS values in CLASS-MAP mode. Configure dot1p values of incoming packets to match in single, comma-delimited, or hyphenated range - 0 to 7. match cos cos cos-value|cos-list|cos-range 3 Return to CONFIGURATION mode. exit 4 Enter a policy-map name and qos type in CONFIGURATION mode. policy-map type qos policy—map-name 5 Associate the policy-map with a class-map in POLICY-MAP mode.
Configure DSCP classification OS10(config)# class-map type qos bluedscp OS10(conf-cmap-qos)# match ip dscp 50 OS10(conf-cmap-qos)# exit OS10(config)# policy-map type qos reddscp OS10(conf-pmap-qos)# class bluedscp OS10(conf-pmap-c-qos)# set qos-group 7 OS10(conf-pmap-c-qos)# do commit View policy-map OS10(conf-pmap-c-qos)# do show policy-map Service-policy(qos) input: reddscp Class-map (qos): bluedscp set qos-group 7 MAC address classification Classify the QoS traffic based on the MAC access-list.
VLAN classification Classify traffic based on the VLAN ID to apply a specific QoS behavior. 1 Create a class-map of type qos and configure the class-map name in CONFIGURATION mode. class—map type qos class—map name 2 Apply the match criteria as the VLAN ID in CLASS-MAP mode (1 to 4094). match vlan vlan-id 3 Save the configuration and return to CONFIGURATION mode. do commit exit 4 Create a policy-map type as qos and configure the policy-name name in CONFIGURATION mode.
5 In POLICY-MAP mode, associate a policy-map with a class-map. class class-map-name 6 Enter a queue number for the matched flow as qos-group ID in POLICY-MAP-CLASS-MAP mode-0 to 7. set qos-group queue-number 7 Save the configuration.
6 Enter a queue number for matched flow as qos-group ID in POLICY-MAP-CLASS-MAP mode—0 to 7. set qos-group queue-number 7 Save the configuration.
Mark class of service OS10(config)# policy-map type qos platinum OS10(conf-pmap-qos)# class diamond OS10(conf-pmap-c-qos)# set cos 5 OS10(conf-pmap-c-qos)# set qos-group 7 OS10(conf-pmap-c-qos)# do commit View policy-map OS10(conf-pmap-c-qos)# do show policy-map Service-policy(qos) input: platinum Class-map (qos): diamond set cos 5 set qos-group 7 DSCP marking To tag an incoming packet with a DSCP value, or modify incoming packets, you can configure marking for DSCP.
2 Configure a QoS class in POLICY-MAP mode. class class-name 3 Configure marking for the QoS group in POLICY-MAP-CLASS-MAP mode. set qos-group queue-number 4 Save the configuration.
Bandwidth allocation You can allocate relative bandwidth to limit large flows and prioritize smaller flows. Allocate the relative amount of bandwidth to nonpriority queues when priorities queues are consuming maximum link bandwidth. Each egress queue of an interface can be scheduled as per Weighted Deficit Round Robin (WDRR) or by strict-priority (SP), which are both mutually exclusive.
2 Enter a class name to apply to the shape rate in POLICY-MAP-QUEUEING mode—up to 32 characters. class class-name 3 (Optional) If you need rate shaping on a specific queue, match the corresponding qos-group in the class-map. If you do not configure the match qos-group command, rate shaping applies to all queues. match qos-group queue-number 4 Enter a minimum and maximum shape rate value in POLICY-MAP-QUEUEING-CLASS mode.
• pir peak-rate—Enter a peak-rate value in kbps (0 to 40000000). • be peak-burst-size—(Optional) Enter a peak burst size in kbps (16 to 200000, default 200). 4 (Optional) Configure traffic policing for a specific queue in POLICY-MAP-CLASS-MAP mode. Queue number range is from 0 to 7 for qos policy map and 0 to 11 for control-plane policy map. set qos-group queue-number 5 Save the configuration.
Configure control-plane policing Rate-limiting the protocol CPU queues requires configuring control-plane type QoS policies. • • • Create QoS policies (class maps and policy maps) for the desired CPU-bound queue. Associate the QoS policy with a particular rate-limit. Assign the QoS service policy to control plane queues. By default, the pir and cir values are in pps for control plane.
2 Define a service-policy of type input and configure a name for the service policy in CONTROL-PLANE mode. service-policy input service-policy-name 3 Save the configuration.
6 7 8 9 10 11 0 32048 14140 0 0 0 0 2180484 2569184 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Congestion avoidance The weighted random early detection (WRED) congestion avoidance mechanism drops packets to prevent buffering resources from being consumed. Network traffic is a mixture of packets of different traffic types or flows, and the rate of some types of traffic is greater than others.
Queue management Queues share buffer memory space. All packets in a queue are transmitted, until the queue size reaches a minimum threshold. When the queue size reaches that minimum threshold, the system starts discarding packets with a certain probability. The probability of discard increases until the queue depth reaches the maximum threshold. After a queue depth exceeds the maximum threshold, all other packets that attempt to enter the queue are discarded.
Description Output Dropped Green Drop Yellow Drop Red Drop Packets 2811 0 0 0 0 Bytes 418309 0 0 0 0 View WRED statistics when packets counter is non-zero OS10# show queuing statistics interface ethernet 1/1/1 wred Interface ethernet1/1/1 (All queues) Description Packets Bytes Output 0 0 Dropped 0 0 Green Drop 123 NA Verify configuration You can view the QoS configuration information related to active class-maps, policy-maps, and match criteria.
View QoS system OS10# show qos system Service-policy (Input): p1 Service-policy (Output): p2 View QoS interface information OS10# show qos interface ethernet 1/1/5 View QoS class-map OS10# show class-map type qos c1 Class-map (qos): c1 (match-all) Match(not): ip-any dscp 10 View QoS policy-map OS10# show policy-map interface Service-policy (qos) input: p1 Class (qos): c1 set qos-group 1 Class (qos): c2 set qos-group 4 Class (qos): c3 set qos-group 7 Egress queue statistics Display egress-queue statistics o
bandwidth Assigns a percentage of weight to the queue. Syntax bandwidth percent value Parameters percent value — Enter the percentage assignment of bandwidth to the queue (1 to 100). Default Not configured Command Mode POLICY-MAP QUEUE Usage Information If you configure this command, you cannot use the priority command for the class. Example OS10(conf-pmap-que)# bandwidth percent 70 Supported Releases 10.2.0E or later class Creates a QoS class for a type of policy-map.
Defaults • class-map-name — Enter a class-map name (up to 32 characters). • qos — class-map type • match-any — class-map filter Command Mode CLASS-MAP-QOS Usage Information Apply match-any or match-all class-map filters to control-plane, qos, and queuing type class-maps. Example OS10(config)# class-map type qos match-all c1 OS10(conf-cmap-qos)# Command History 10.2.0E or later clear interface priority-flow-control Clears the priority flow control statistics per-port or for all ports.
clear qos statistics type Clears all queue counters for the control-plane, qos, and queueing. Syntax clear qos statistics type {{qos | queuing | control-plane} [interface ethernet node/slot/port[:subport]]} Parameters • qos — Clears qos type statistics. • queuing — Clears queueing type statistics. • control-plane — Clears control-plane type statistics.
flowcontrol Enables or disables link-level flow control on an interface. Syntax Parameters flowcontrol [receive | transmit] [on | off] • receive — (Optional) Indicates the port can receive flow control packets from a remote device. • transmit — (Optional) Indicates the local port can send flow control packets to a remote device. • on — (Optional) When used with receive, allows the local port to receive flow control traffic.
Example OS10(conf-cmap-qos)# match ip access-group name ag1 Supported Releases 10.2.0E or later match cos Matches a cost of service (CoS) value to L2 dot1p packets. Syntax match [not] cos cos-value Parameters • cos-value — Enter a CoS value (0 to 7). • not — Enter not to cancel the match criteria. Default Not configured Command Modes CLASS-MAP Usage Information You cannot have two match statements with the same filter-type.
match precedence Configures IP precedence values as a match criteria. Syntax Parameters match [not] {ip | ipv6 | ip-any} precedence precedence-list • not — Enter to cancel a previously applied match precedence rule. • ip — Enter to use IPv4 as the match precedence rule. • ipv6 — Enter to use IPv6 as the match precedence rule. • ip-any — Enter to use both IPv4 and IPv6 as the match precedence rule. • precedence precendence-list — Enter a precedence-list value (0 to 7).
Command Mode CLASS-MAP Usage Information You cannot enter two match statements with the same filter-type. If you enter two match statements with the same filter-type, the second statement overwrites the first statement. Example OS10(conf-cmap-qos)# match vlan 100 Supported Releases 10.2.0E or later mtu Calculates the buffer size allocation for matched flows. Syntax mtu size Parameters size — Enter the size of the buffer (1500 to 9216).
OS10(conf-cmap-nqos-c)# pause buffer-size 45 pause-threshold 30 resumethreshold 30 OS10(conf-cmap-nqos-c)# queue-limit thresh-mode static 150 NOTE: The 'thresh-mode" listed can either be static or dynamic. Please verify which one should be mentioned.
Usage Information The no version of this command returns the value to the default. Example OS10(conf-sys-qos)# pfc-shared-buffer-size 2000 Supported Releases 10.3.0E or later police Configures traffic policing on incoming traffic. Syntax police {cir committed-rate [bc committed-burst-size]} {pir peak-rate [be peakburst-size]} Parameters Defaults • cir committed-rate — Enter a committed rate value in kilo bits per second (0 to 4000000).
Example OS10(config)# policy-map p1 Example (Queuing) OS10(config)# policy-map type queuing p1 Supported Releases 10.2.0E or later priority Sets the scheduler as a strict-priority. Syntax priority Parameters None Default WDRR — when priority is mentioned, it moves to SP with default level 1 Command Mode POLICY-MAP-CLASS-MAP Usage Information If you use this command, bandwidth is not allowed. Only the egress QoS policy type supports this command.
• dot1p values — (Optional) Enter either single, comma-delimited, or a hyphenated range of dot1p values (0 to 7). Default 0 Command Mode TRUST-MAP Usage Information If the trust map does not define dot1p values to any traffic class, those flows are mapped to the default traffic class (0). If some of the dot1p values are already mapped to an existing traffic class, you will receive an error. You should have a 1:1 dot1p to traffic class mapping for PFC-enabled CoS values.
• • 0 = 1/128 • 1 = 1/64 • 2 = 1/32 • 3 = 1/16 • 4 = 1/8 • 5 = 1/4 • 6 = 1/2 • 7=1 • 8=2 • 9=4 • 10 = 8 static thresh-value — (Optional) Enter the static shared buffer threshold value (1 to 65535). Default Not configured Command Mode POLICY-MAP-CLASS-MAP Usage Information Use the queue-len value parameter to set the minimum guaranteed queue length for a queue. The no version of this command returns the value to the default.
random-detect Configures WRED parameters for the queue. Syntax random-detect minimum-threshold threshold-value maximum-threshold thresholdvalue drop-probability value percentage [weight value] [color {green | yellow}] [ecn] Parameters • minimum threshold threshold value — Enter the minimum buffer threshold (1 to 12480 KB). • maximum threshold threshold value — Enter the maximum buffer threshold (1 to 12480 KB). • drop probability percentage — Enter a drop probability rate in percentage (1 to 100).
Supported Releases 10.2.0E or later set cos Sets a cost of service (CoS) value to mark L2 802.1p (dot1p) packets. Syntax set cos cos-value Parameters cos-value — Enter a CoS value (0 to 7). Default Not configured Command Mode POLICY-MAP-CLASS-MAP Usage Information You cannot enter two set statements with the same action-type. If you enter two set statements with the same action-type, the second statement overwrites the first.
Default Not configured Command Mode POLICY-MAP-CLASS-MAP Usage Information The qos or control-plane ingress QoS policy type only supports this command. When class-map type is control-plane, the qos-group corresponds to CPU queues 0 to 11, and when the class-map type is qos, the qos-group corresponds to data queues 0 to 7. Example OS10(conf-pmap-c-qos)# set qos-group 7 Supported Releases 10.2.0E or later shape Shapes the outgoing traffic rate.
Default Not configured Command Mode EXEC Usage Information This command displays all class-maps of qos, queuing, or control-plane type. The class-map-name parameter displays all details of a configured class-map name. Example OS10# show class-map type qos c1 Class-map (qos): c1 (match-all) Match(not): ip-any dscp 10 Supported Releases 10.2.0E or later show control-plane info Displays control-plane queue mapping and rate limits.
1 2 3 4 5 6 7 8 9 10 11 Supported Releases 0 0 0 0 2 0 32048 14140 0 0 0 0 0 0 0 172 0 2180484 2569184 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 10.2.0E or later show interface priority-flow-control Displays the priority flow-control, operational status, CoS bitmap, and statistics per port. Syntax show interface ethernet 1/1/1 priority-flow-control [details] Parameters details — (Optional) Displays all priority flow control information for an interface.
Example OS10# show qos interface ethernet 1/1/10 Ethernet 1/1/10 unknown-unicast-storm-control : 100 pps multicast-storm-control : 200 pps broadcast-storm-control : Disabled flow-control-rx: Enabled flow-control-tx: Disabled Service-policy (Input)(qos): p1 Supported Releases 10.2.0E or later show policy-map Displays information on all existing policy-maps.
show qos egress bufffers interface Displays egress buffer configurations. Syntax show qos egress buffers interface [interface node/slot/port[:subport]] Parameters • interface — (Optional) Enter the interface type. • node/slot/port[:subport] — (Optional) Enter the port information.
6 7 OS10# Supported Releases 0 0 0 0 0 0 0 0 10.3.0E or later show qos ingress buffers interface Displays interface buffer configurations. Syntax Parameters show qos ingress buffers interface [interface node/slot/port[:subport]] • interface — (Optional) Enter the interface type. • node/slot/port[:subport] — (Optional) Enter the port information.
Command Mode EXEC Usage Information None Example OS10# show qos ingress buffer-stats interface ethernet 1/1/1 Interface : ethernet1/1/1 Speed : 0 Priority Used reserved Used shared Used HDRM Group buffers buffers buffers -----------------------------------------------0 0 0 0 1 0 0 0 2 0 0 0 3 0 0 0 4 0 0 0 5 0 0 0 6 0 0 0 7 0 0 0 OS10# Supported Releases 10.3.0E or later show queuing statistics Displays QoS queuing statistics information.
show qos system Displays the QoS configuration applied to the system. Syntax show qos system Parameters None Default Not configured Command Mode EXEC Usage Information View and verify system-level service-policy configuration information. Example OS10# show qos system Service-policy (Input) (qos) : policy1 Service-policy (Output)(queuing) : policy2 Supported Releases 10.2.0E or later show qos system buffers Displays the system buffer configurations and utilization.
show qos maps Displays the active system trust map. Syntax show qos maps type {tc-queue | trust-map-dot1p | trust-map dscp} trust-map-name Parameters • dot1p — Enter to view the dot1p trust map. • dscp — Enter to view the dscp trust map. • tc-queue—Enter to view the traffic class to queue map. • trust-map — Enter the name of the trust map.
DSCP Priority to Traffic-Class Map : dscp-trustmap1 Traffic-Class DSCP Priority ------------------------------0 8-15 2 16-23 1 0-7 Default Dot1p Priority to Traffic-Class Map Traffic-Class DOT1P Priority ------------------------------0 1 1 0 2 2 3 3 4 4 5 5 6 6 7 7 Default Dscp Priority to Traffic-Class Map Traffic-Class DSCP Priority ------------------------------0 0-7 1 8-15 2 16-23 3 24-31 4 32-39 5 40-47 6 48-55 7 56-63 Default Traffic-Class to Queue Map Traffic-Class Queue number ----------------------
Parameters None Default Not configured Command Mode SYSTEM-QOS Usage Information None Example OS10(config)# system qos OS10(config-sys-qos)# Supported Releases 10.2.0E or later trust Sets the dynamic classification to trust. Syntax trust {dot1p | diffserv} [fallback] Parameters • diffserv — Set the dynamic classification to trust DSCP. • dot1p — Set the dynamic classification to trust Dot1p.
trust dscp-map Creates user-defined trust map for dscp flows. Syntax trust dscp-map map-name Parameters map-name — Enter the name of the dscp trust map (up to 32 characters). Default Not configured Command Mode CONFIGURATION Usage Information default-dscp-trust is a reserved trust-map name. If trust is enabled, traffic obeys this trust map. The no version of this command returns the value to the default. Example OS10(config)# trust dscp-map dscp-trust1 Supported Releases 10.3.
INTERFACE Usage Information Use the show qos maps type [tc-queue | trust-map-dot1p | trust-map-dscp] [string] command to view the current trust mapping. You should change the trust map only during no traffic flow, and verify the correct policy maps are applied. The no version of this command returns the value to the default. Example OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# trust-map dscp dscp-trustmap1 OS10(conf-if-eth1/1/1)# commit Supported Releases 10.3.
8 Virtual link trunking Virtual link trunking (VLT) is a L2 aggregate protocol between end devices (servers) connected to different network devices. VLT reduces the role of spanning tree protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distribution or core switches and supporting a loop-free topology.
Features such as VRRP require state information coordination between the two VLT nodes. VLT configurations must be identical on both sides of a trunk to ensure the same behavior on both sides. The VLT switches appear as a single virtual switch from the point of view of an external switch or server supporting link aggregation control protocol (LACP). VLT physical ports 802.1p, 802.1q, LLDP, flow control, port monitoring, and jumbo frames are supported on VLT physical ports.
• ARP, IPv6 neighbors, and MAC tables synchronize between the VLT peer nodes. • VLT peer devices operate as a separate node with independent control and data planes for devices that attach to non-VLT ports. • One node in the VLT domain takes a primary role and the other node takes the secondary role. In a VLT domain with two nodes, VLT assigns the primary node role to the node with the highest MAC address. • In a VLT domain, the peer network devices must run the same OS10 software version.
RSTP configuration Only RSTP mode is supported on VLT ports. Before you configure VLT on peer switches, configure RSTP in the network. RSTP prevents loops during the VLT startup phase. • Enable RSTP on each peer node in CONFIGURATION mode. spanning-tree mode rstp • Save the configuration.
Link Type: Point-to-Point BPDU Sent: 15, Received: 5 Create VLT domain A VLT domain requires an ID number. Configure the same VLT domain ID on both peers (see VLT domain). Use the no vlt-domain command to disable the VLT. 1 Configure a VLT domain and enter VLT-DOMAIN mode. Configure the same VLT domain ID on each peer (1 to 255). vlt-domain domain-id 2 Commit the configuration. do commit 3 Repeat the steps on the VLT peer to create the VLT domain.
OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# discovery-interface ethernet1/1/1 OS10(conf-vlt-1)# discovery-interface ethernet1/1/2 OS10(conf-vlt-1)# do commit Configure VLT port-channel A VLT port-channel links an attached device and VLT peer switches, also known as a virtual link trunk. 1 Enter the port-channel ID number on the VLT peer in INTERFACE mode (1 to 1024).
Configure unicast routing — peer 2 OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# peer-routing OS10(conf-vlt-1)# do commit View unicast routing — peer 2 OS10(conf-vlt-1)# do show running-configuration vlt ! vlt-domain 1 peer-routing discovery-interface ethernet1/1/1 ethernet1/1/2 VRRP Optimized Forwarding To enable optimized L3 forwarding over VLT, use VRRP active-active mode. By default, VRRP active-active mode is enabled in the VLAN interfaces.
• View the current configuration of all VLT domains in EXEC mode. show running-configuration vlt View peer-routing information OS10# show vlt 1 Domain ID Unit ID Role Version Local System MAC address VLT MAC address IP address Delay-Restore timer Peer-Routing Peer-Routing-Timeout timer VLTi Link Status port-channel1000 : : : : : : : : : : 1 1 primary 1.
VLT VLAN mismatch: VLT ID : 1 VLT Unit ID Mismatch VLAN List -------------------------------* 1 1 2 2 VLT ID : 2 VLT Unit ID Mismatch VLAN List ---------------------------------* 1 1 2 2 View VLT port details * indicates the local peer OS10# show vlt 1 vlt-port-detail VLT port channel ID : 1 VLT Unit ID Port-Channel Status Configured ports Active ports ---------------------------------------------------------------------* 1 port-channel1 down 2 0 2 port-channel1 down 2 0 VLT port channel ID : 2 VLT Unit ID
Usage Information Use this command to delay the system from bringing up the VLT port for a brief period to allow Layer 3 routing protocols to converge. If the peer VLT device was up at the time the VLTi link failed, use this command after a VLT device is reloaded. The no version of this command resets the delay time to the default value. Example OS10(conf-vlt-1)# delay-restore 100 Supported Releases 10.3.
Parameters value — Enter the timeout value in seconds (0 to 65535). Default 0 Command Mode VLT-DOMAIN Usage Information Use this command to configure a timer to disable the peer-routing when the peer is not available. When the timer expires, the software checks to see if the VLT peer is available. If the VLT peer is not available, peer-routing is disabled on the peer. If you do not configure the timer, peer-routing is not disabled even when the peer is unavailable.
Default Not configured Command Mode EXEC Usage Information None Example OS10# show vlt 1 Domain ID Unit ID Role Version Local System MAC address VLT MAC address IP address Delay-Restore timer Peer-Routing Peer-Routing-Timeout timer VLTi Link Status port-channel1000 : : : : : : : : : : 1 1 primary 1.
No mismatch VLT VLAN mismatch: VLT ID : 1 VLT Unit ID Mismatch VLAN List ---------------------------------* 1 1 2 2 VLT ID : 2 VLT Unit ID Mismatch VLAN List ----------------------------------* 1 1 2 2 Example (mismatch peer routing) OS10# show vlt 1 mismatch peer-routing Peer-routing mismatch: VLT Unit ID Peer-routing ----------------------------------* 1 Enabled 2 Disabled Example (mismatch VLAN) OS10# show vlt 1 mismatch vlan VLT Unit ID Mismatch VLAN List ----------------------------------* 1 2 4 Ex
Supported Releases 10.2.0E or later show vlt vlt-port-detail Displays detailed status information about VLT ports. Syntax show vlt id vlt-port-detail Parameters id — Enter a VLT domain ID (1 to 255). Default Not configured Command Mode EXEC Usage Information The * in the mismatch output indicates a local node entry.
Parameters vlt-lag-id — Enter a VLT port-channel ID (1 to 1024). Default Not configured Command Mode PORT-CHANNEL INTERFACE Usage Information Assign the same VLT port-channel ID to interfaces on VLT peers to create a VLT port-channel. The no version of this command removes the VLT port-channel ID configuration. Example (peer 1) OS10(conf-if-po-10)# vlt-port-channel 1 Example (peer 2) OS10(conf-if-po-20)# vlt-port-channel 1 Supported Releases 10.2.
9 Converged data center services OS10 supports converged data center services, including IEEE 802.1 data center bridging (DCB) extensions to classic Ethernet. DCB provides I/O consolidation in a data center network. Each network device carries multiple traffic classes while ensuring lossless delivery of storage traffic with best-effort for LAN traffic and latency-sensitive scheduling of service traffic. • 802.1Qbb — Priority flow control • 802.1Qaz — Enhanced transmission selection • 802.
PFC configuration notes • PFC is supported for 802.1p priority traffic (dot1p 0 to 7). FCoE traffic traditionally uses dot1p priority 3 — iSCSI storage traffic uses dot1p priority 4. • Configure PFC for ingress traffic by using network-qos class and policy maps (see Quality of Service). The queues used for PFCenabled traffic are treated as lossless queues. Configure the same network-qos policy map on all PFC-enabled ports.
trust dot1p exit 2 Apply the qos trust policy to ingress traffic in SYSTEM-QOS or INTERFACE mode. service-policy input type qos trust-policy—map-name Configure a non-default dot1p-priority-to-traffic class mapping 1 Configure a trust map of dot1p traffic classes in CONFIGURATION mode. A trust map does not modify ingress dot1p values in output flows. Assign a qos-group to trusted dot1p values in TRUST mode using 1-to-1 mappings. Dot1p priorities are 0-7.
1 Create a network-qos class map to classify PFC traffic classes in CONFIGURATION mode (0 to 7). Specify the traffic classes using the match qos-group command. Qos-groups map 1:1 to traffic classes 0 to 7 (qos-group 1 corresponds to traffic class 1). Enter a single value, a hyphen-separated range, or multiple qos-group values separated by commas in CLASS-MAP mode.
PFC is enabled on traffic classes with dot1p 3 and 4 traffic. The two traffic classes require different ingress queue processing. In the network-qos pp1 policy map, class cc1 uses customized PFC buffer size and pause frame settings; class cc2 uses the default settings. In the pclass1 policy map, the class-trust class enables interfaces to honor dot1p or DSCP traffic.
group Reserved Shared buffer XOFF XON shared buffer id buffers MODE threshold threshold threshold -----------------------------------------------------------------------------0 4 4 35 DYNAMIC 9 9 8 1 3 3 35 DYNAMIC 9 9 8 2 0 STATIC 0 0 0 3 0 STATIC 0 0 0 4 0 STATIC 0 0 0 5 0 STATIC 0 0 0 6 0 STATIC 0 0 0 7 0-2,5-7 8 STATIC 0 0 0 View PFC system buffer configuration OS10(config)# show qos system ingress buffer All values are in kb Total buffers - 12187 Total PFC buffers - 877 Total shared PFC buffers - 832 T
Defaults • pause-threshold kilobytes — Enter the threshold used to send pause frames in kilobytes to a transmitting device (0 to 7787). • resume-threshold kilobytes — Enter the threshold used to request a transmitting device in kilobytes to resume sending traffic (0 to 7787). The default ingress-buffer size reserved for PFC traffic classes, and the pause and resume thresholds vary according to the interface type. The default egress buffer reserved for PFC traffic classes is 0 on all interface types.
pfc-cos Configures the matching dot1p values used to send PFC pause frames. Syntax pfc-cos dot1p-priority Parameters dot1p-priority — Enter a single dot1p priority value for a PFC traffic class (0 to 7), a hyphen-separated range, or multiple dot1p values separated by commas.
priority-flow-control Enables PFC on ingress interfaces. Syntax priority-flow-control {mode on} Parameter mode on — Enable PFC for FCoE and iSCSI traffic on an interface without enabling DCBX. Default Disabled Command Mode INTERFACE Usage Information Before you enable PFC, apply a network-qos policy-class map with the specific PFC dot1p priority values to the interface.
Parameters None Default Not configured Command Mode EXEC Usage Information Use the details option to display PFC statistics on received/transmitted frames for each dot1p (CoS) value, and use the clear interface priority-flow-control command to delete PFC statistics and restart the counter.
ETS configuration notes • ETS is supported on L2 802.1p priority (dot1p 0 to 7) and L3 DSCP (0 to 63) traffic. FCoE traffic uses dot1p priority 3 — iSCSI storage traffic uses dot1p priority 4. • Apply these maps and policies on interfaces: • Trust maps — OS10 interfaces do not honor the L2 and L3 priority fields in ingress traffic by default. Create a trust map to honor dot1p and DSCP classes of lossless traffic. A trust map does not change ingress dot1p and DSCP values in egress flows.
qos-group {0-7} dscp {0-63} exit 2 Configure a QoS map with trusted traffic-class (qos-group) to lossless-queue mapping in CONFIGURATION mode. Assign one or more qos-groups (0-7) to a specified queue in QOS-MAP mode. Enter multiple qos-group values in a hyphenated range or separated by commas. Enter multiple queue qos-group entries, if necessary. qos-map traffic-class queue-map-name queue {0-7} qos-group {0-7} exit 3 Create a service policy for the class-trust class in CONFIGURATION mode.
OS10(config)# trust dscp-map dscp_map1 OS10(config-trust-dscpmap)# qos-group 0 dscp 0-31 OS10(config-trust-dscpmap)# qos-group 1 dscp 32-63 OS10(config-trust-dscpmap)# exit OS10(config)# qos-map traffic-class tc-q-map1 OS10(config-qos-tcmap)# queue 0 qos-group 0 OS10(config-qos-tcmap)# queue 1 qos-group 1 OS10(config-qos-tcmap)# exit OS10(config)# policy-map OS10(config-pmap-c-qos)# OS10(config-pmap-c-qos)# OS10(config-pmap-c-qos)# pclass1 class-map class-trust trust dot1p exit OS10(config)# class-map typ
ETS commands ets mode on Enables ETS on an interface. Syntax ets mode on Parameter None Default Disabled Command Mode INTERFACE Usage Information Enable ETS on all switch interfaces in SYSTEM-QOS mode or on an interface or interface range in INTERFACE mode. The no version of this command disables ETS. Example OS10(config-sys-qos)# ets mode on OS10(conf-if-eth1/1/1)# do commit Supported Releases 10.3.
DCBX configuration notes • • • • • • • • • To exchange link-level configurations in a converged network, DCBX is a prerequisite for using DCB features, such as PFC and ETS. DCBX is also deployed in topologies that support lossless operation for FCoE or iSCSI traffic. In these scenarios, all network devices must be DCBX-enabled so that DCBX is enabled end-to-end. DCBX uses LLDP to advertise and automatically negotiate the administrative state and PFC/ETS configuration with directly connected DCB peers.
2 • auto — Automatically selects the DCBX version based on the peer response (default). • cee — Sets the DCBX version to CEE. • ieee — Sets the DCBX version to IEEE 802.1Qaz. (Optional) A DCBX-enabled port advertises all TLVs by default. If PFC or ETS TLVs are disabled, enter the command in INTERFACE mode to re-enable PFC or ETS TLV advertisements. dcbx tlv-select {ets-conf | ets-reco | pfc} • ets-conf — Enables ETS configuration TLVs. • ets-reco — Enables ETS recommendation TLVs.
Total DCBX Frame errors 0 Total DCBX Frames unrecognized 0 View DCBX PFC TLV status OS10# show lldp dcbx interface ethernet 1/1/15 pfc detail Interface ethernet1/1/15 Admin mode is on Admin is enabled, Priority list is 4,5,6,7 Remote is enabled, Priority list is 4,5,6,7 Remote Willing Status is disabled Local is enabled, Priority list is 4,5,6,7 Oper status is init PFC DCBX Oper status is Up State Machine Type is Feature PFC TLV Tx Status is enabled Application Priority TLV Parameters : --------------------
------------------Local is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3 70% ETS 1 4,5,6,7 30% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP 15 0% SP Oper status is init ETS DCBX Oper status is Up State Machine Type is Feature Conf TLV Tx Status is enabled Reco TLV Tx Status is disabled 220 Input Conf TLV Pkts, 396 Output Conf TLV Pkts, 0 Error Conf TLV Pkts DCBX commands dcbx enable Enables DCBX globally on all port interfaces.
• ets-reco — Advertise ETS recommendation TLVs. • pfc — Advertise PFC TLVs. Default DCBX advertises PFC, ETS Recommendation, and ETS Configuration TLVs. Command Mode INTERFACE Usage Information A DCBX-enabled port advertises all TLVs to DCBX peers by default. If PFC or ETS TLVs are disabled, enter the command to re-enable PFC or ETS TLV advertisements. You can enable multiple TLV options (ets-conf, ets-reco, and pfc) with the same command.
Supported Releases 10.3.0E or later show lldp dcbx interface Displays DCBX configuration and PFC or ETS TLV status on an interface. Syntax Parameters show lldp dcbx interface ethernet node/slot/port[:subport] [ets detail | pfc detail] • ets detail — Display ETS TLV status and operation with DCBX peers. • pfc detail — Display PFC TLV status and operation with DCBX peers. Default Not configured Command Mode EXEC Usage Information DCBX must be enabled before using this command.
2 3 4 5 6 7 0% 0% 0% 0% 0% 0% SP SP SP SP SP SP Remote Parameters : ------------------Remote is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3 70% ETS 1 4,5,6,7 30% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP Remote Willing Status is disabled Local Parameters : ------------------Local is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3 70% ETS 1 4,5,6,7 30% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7
Supported Releases 10.3.0E or later Internet small computer system interface iSCSI is a TCP/IP-based protocol for establishing and managing connections between servers and storage devices in a data center network. After you enable iSCSI, iSCSI optimization automatically detects Dell EqualLogic storage arrays directly attached to switch ports. To support storage arrays where auto-detection is not supported, manually configure iSCSI optimization.
In an iSCSI session, a switch connects CNA servers (iSCSI initiators) to a storage array (iSCSI targets) in a storage area network (SAN) or TCP/IP network. iSCSI optimization running on the switch uses dot1p priority-queue assignments to ensure that iSCSI traffic receives priority treatment. iSCSI configuration notes • When you enable iSCSI optimization, the switch auto-detects and auto-configures for Dell EqualLogic storage arrays directly connected to an interface.
9 (Optional) Reconfigure the dot1p priority bits advertised in iSCSI application TLVs in CONFIGURATION mode. The default bitmap is 0x10 (dot1p 4). The default dot1p 4 value is sent in iSCSI application TLVs only if you enabled the PFC pause for dot1p 4 traffic (pfc-cos dot1p-priority command). If you do not configure an iscsi priority-bits dot1p value and you configure a set cos value in Step 6, the set cos value is sent in iSCSI application TLVs.
Target:iqn.2001-05.com.equallogic:0-8a0906-01251a00c-8ab26939fbd510a1-518 Initiator:iqn.1991-05.com.microsoft:win-rlkpjo4jun2 Up Time:00:00:16:02(DD:HH:MM:SS) Time for aging out:29:23:59:35(DD:HH:MM:SS) ISID:400001370000 Initiator Initiator Target Target Connection IP Address TCP Port IP Address TCP Port ID ---------------------------------------------------------10.10.10.210 54835 10.10.10.
iscsi priority-bits Resets the priority bitmap advertised in iSCSI application TLVs. Syntax iscsi priority-bits {priority-bitmap} Parameter priority-bitmap — Enter a bitmap value for the dot1p priority advertised for iSCSI traffic in iSCSI application TLVs (0x1 to 0xff). Default 0x10 (dot1p 4) Command Mode CONFIGURATION Usage Information iSCSI traffic uses dot1p priority 4 in frame headers by default. Use this command to reconfigure the dot1p-priority bits advertised in iSCSI application TLVs.
Usage Information Use the iscsi aging time command to configure the aging timeout in iSCSI monitoring sessions, and use the iscsi target port command to configure the TCP ports that listen for connected storage devices in iSCSI monitoring sessions. The no version of this command disables iSCSI session monitoring. Example OS10(config)# iscsi session-monitoring enable Supported Releases 10.3.
show iscsi Displays currently configured iSCSI settings. Syntax show iscsi Parameters None Command Mode EXEC Usage Information This command output displays global iSCSI configuration settings. Use the show iscsi session command to view target and initiator information.
IP Address TCP Port IP Address TCP Port ID ---------------------------------------------------------10.10.10.210 54835 10.10.10.40 3260 1 Supported Releases 10.3.0E or later show iscsi storage-devices Displays information about the storage arrays directly attached to OS10 ports. Syntax show iscsi storage-devices Parameters None Command Mode EXEC Usage Information The command output displays the storage device connected to each switch port and whether iSCSI automatically detects it.
Configure DCBX globally on a switch to enable the exchange of DCBX TLV messages with PFC, ETS, and iSCSI configurations. OS10# configure terminal OS10(config)# dcbx enable OS10(config)# do commit 2. PFC configuration (global) PFC is enabled on traffic classes with dot1p 4, 5, 6, and 7 traffic. The traffic classes all use the default PFC pause settings for shared buffer size and pause frames in ingress queue processing in the network-qos policy map.
OS10(conf-if-eth1/1/53)# do commit OS10(conf-if-eth1/1/53)# end 4. ETS configuration (global) A trust dot1p-map assigns dot1p 0, 1, 2, and 3 traffic to qos-group 0, and dot1p 4, 5, 6, and 7 traffic to qos-group 1. A qos-map traffic-class map assigns the traffic class in qos-group 0 to queue 0, and qos-group 1 traffic to queue 1. A queuing policy map assigns 30% of interface bandwidth to queue 0, and 70% of bandwidth to queue 1. The pclass policy map applies trust to all dot1p ingress traffic.
OS10(config-sys-qos)# service-policy output type queuing pmap1 OS10(config-sys-qos)# ets mode on OS10(conf-sys-qos)# do commit 6. Verify DCB configuration OS10(conf-if-eth1/1/53)# show configuration ! interface ethernet1/1/53 switchport access vlan 1 no shutdown service-policy input type network-qos test service-policy input type qos pclass service-policy output type queuing pmap1 ets mode on qos-map traffic-class tmap2 trust-map dot1p tmap1 priority-flow-control mode on 7.
9.
iSCSI traffic uses priority 4. The iscsi priority-bits 0x40 command sets the advertised dot1p priority used by iSCSI traffic in application TLVs to 6. Hexadecimal 0x40 is binary 0 1 0 0 0 0 0 0. OS10(conf-if-eth1/1/53)# iscsi profile-storage compellent OS10(conf-if-eth1/1/53)# lldp tlv-select dcbxp-appln iscsi OS10(conf-if-eth1/1/53)# exit OS10(config)# iscsi target port 3261 ip-address 10.1.1.
qos-map traffic-class tmap2 trust-map dot1p tmap1 priority-flow-control mode on OS10(conf-if-eth1/1/53)# do show lldp dcbx interface ethernet 1/1/53 E-ETS Configuration TLV enabled e-ETS Configuration TLV disabled R-ETS Recommendation TLV enabled r-ETS Recommendation TLV disabled P-PFC Configuration TLV enabled p-PFC Configuration TLV disabled F-Application priority for FCOE enabled f-Application Priority for FCOE disabled I-Application priority for iSCSI enabled i-Application Priority for iSCSI disabled --
----------------------------------------------------------------------------------Interface ethernet1/1/53 Port Role is Manual DCBX Operational Status is Enabled Is Configuration Source? FALSE Local DCBX Compatibility mode is IEEEv2.5 Local DCBX Configured mode is IEEEv2.5 Peer Operating version is IEEEv2.
10 sFlow sFlow is a standard-based sampling technology embedded within switches and routers which is used to monitor network traffic. It is designed to provide traffic monitoring for high-speed networks with many switches and routers.
Enable sFlow on specific interface • Enable sFlow in CONFIGURATION mode. sflow enable • Disable sFlow in CONFIGURATION mode.
sflow enable ! Collector configuration Configure the IPv4 or IPv6 address for the sFlow collector. You can configure a maximum of two sFlow collectors. If you specify two collectors, the samples are sent to both, and the agent IP address must be the same for both the collectors. • Enter an IPv4 or IPv6 address for the sFlow collector, IPv4 or IPv6 address for the agent, UDP collector port number (default 6343), maximum datagram size (up to 1400), and the VRF instance number in CONFIGURATION mode.
interface ethernet1/1/1 sflow enable ! Sample-rate configuration Sampling rate is the number of packets skipped before the sample is taken. If the sampling rate is specified as 4096, then 1 sample is generated for every 4096 packets observed. • Set the sampling rate in CONFIGURATION mode (4096 to 65535; default 32768). sflow sample-rate sampling-size • Disable packet sampling in CONFIGURATION mode. no sflow sample-rate • View the sampling rate in EXEC mode.
0 UDP packets dropped 34026 sFlow samples collected • View sFlow configuration details on a specific interface in EXEC mode. OS10# show sflow interface port-channel 1 port-channel1 sFlow is enabled on port-channel1 Samples rcvd from h/w: 0 • View the sFlow running configuration in EXEC mode. OS10# show running-configuration sflow sflow enable sflow max-header-size 80 sflow polling-interval 30 sflow sample-rate 4096 sflow collector 10.16.150.1 agent-addr 10.16.132.
sflow enable Enables sFlow on a specific interface or globally on all interfaces. Syntax sflow enable [all-interfaces] Parameters all-interfaces — (Optional) Enter to enable sFlow globally. Default Disabled Command Mode CONFIGURATION Usage Information The no version of this command to disables sFlow.
Defaults 30 Command Mode CONFIGURATION Usage Information The polling interval for an interface is the number of seconds between successive samples of counters sent to the collector. You can configure the duration at which the interface statistics counter should be polled. Use the no version of the command to reset the interval time to the default value. Example OS10(conf)# sflow polling-interval 200 Supported Releases 10.3.0E or later sflow sample-rate Configures the sampling rate.
0 UDP packets dropped 34026 sFlow samples collected Example (portchannel) OS10# show sflow interface port-channel 1 port-channel1 sFlow is enabled on port-channel1 Samples rcvd from h/w: 0 Supported Releases 10.3.
11 Troubleshoot OS10 Critical workloads and applications require constant availability. Dell EMC Networking offers tools to help you monitor and troubleshoot problems before they happen.
* 1 1 1 1 1 S4148F-ON S4148F-ON-PWR-1-AC S4148F-ON-FANTRAY-1 S4148F-ON-FANTRAY-2 S4148F-ON-FANTRAY-3 0M68YC 0KTM6X 06MY5N 06MY5N 06MY5N A00 A00 A00 A00 A00 CN-0M68YC-28298-55M-0120 CN-0KTM6X-28298-55M-0120 CN-06MY5N-28298-55M-0093 CN-06MY5N-28298-55M-0096 CN-06MY5N-28298-55M-0095 42FQX42 AEIOU## AEIOU## AEIOU## AEIOU## 885 226 226 226 226 451 457 457 457 457 190 410 410 410 410 6 55 55 55 55 Boot partition and image Display system boot partition–related and image-related information.
3 root 5 root 7 root 8 root 10 root 11 root 12 root 13 root 14 root 15 root 16 root 17 root 19 root 20 root 21 root 22 root 23 root 24 root 25 root --more-- 20 0 20 20 20 20 20 rt rt rt rt 20 0 0 20 0 20 0 25 0 -20 0 0 0 0 0 0 0 0 0 0 -20 -20 0 -20 0 -20 5 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 S S R S S S S S S S S S S S S S S S S 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.
Capture packets from Ethernet interface $ tcpdump -i e101-003-0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on e101-003-0, link-type EN10MB (Ethernet), capture size 262144 bytes 01:39:22.457185 IP 3.3.3.1 > 3.3.3.4: ICMP echo request, id 5320, seq 26, length 64 01:39:22.457281 IP 3.3.3.1 > 3.3.3.
When you execute traceroute, the output shows the path a packet takes from your device to the destination IP address. It also lists all intermediate hops (routers) that the packet traverses to reach its destination, including the total number of hops traversed. Check IPv4 connectivity OS10# ping 172.31.1.255 Type Ctrl-C to abort. Sending 5, 100-byte ICMP Echos to 172.31.1.255, timeout is 2 seconds: Reply to request 1 from 172.31.1.208 0 ms Reply to request 1 from 172.31.1.
1 3ffe:501:ffff:100:201:e8ff:fe00:4c8b 000.000 ms 000.000 ms 000.000 ms View diagnostics View system diagnostic information using show commands. The show hash-algorithm command is used to view the current hash algorithms configured for LAG and ECMP.
View system information OS10# show system System Information -------------------------------------------Node Id: 1 MAC: ec:f4:bb:fc:66:a3 Number of MACs: 129 Vendor: DELL Product: S6000-ON -- Stack -Unit Status Up time Down Reason -------------------------------------------1 up -- Power Supplies -PSU-ID Status PowerType AirFlow Fan Speed(rpm) Status ----------------------------------------------------1 up AC NORMAL 1 19872 fail 2 up AC NORMAL 1 19552 up -- Fan Status -FanTray Status AirFlow Fan Speed(rpm) S
location-led system Changes the location LED of the system. Syntax Parameters location-led system {node-id | node-id/unit-id} {on | off} • node-id | node-id/unit-id — Enter the system ID. • on | off — Set the system LED to be on or off. Default Not configured Command Mode EXEC Usage Information Use the location-led system command to change the location LED for the specified system ID. Example OS10# location-led system 1 on OS10# location-led system 1 off Supported Releases 10.3.
• -l preload — (Optional) Enter the number of packets that ping sends before waiting for a reply. Only a super-user may preload more than 3. • -L — (Optional) Suppress the loopback of multicast packets for a multicast target address. • -m mark — (Optional) Tags the packets sent to ping a remote device (use with policy routing). • -M pmtudisc_option — (Optional) Enter the path MTU (PMTU) discovery strategy: • do prevents fragmentation, including local.
ping6 Tests network connectivity to an IPv6 device. Syntax Parameters ping6 [-aAbBdDfhLnOqrRUvV] [-c count] [-i interval] [-I interface] [-l preload] [-m mark] [-M pmtudisc_option] [-N nodeinfo_option] [-p pattern] [-Q tclass] [s packetsize] [-S sndbuf] [-t ttl] [-T timestamp_option] [-w deadline] [-W timeout] destination • -a — (Optional) Audible ping. • -A — (Optional) Adaptive ping.
• -T timestamp option — (Optional) Set special IP timestamp options. Valid values for timestamp option — tsonly (only timestamps), tsandaddr (timestamps and addresses) or tsprespec host1 [host2 [host3 [host4]]] (timestamp pre-specified hops). • -v — (Optional) Verbose output. • -V — (Optional) Display version and exit. • -w deadline — (Optional) Enter the time-out value, in seconds, before the ping exits regardless of how many packets are sent or received.
Active Partition: Active SW Version: Active Kernel Version: Active Build Date/Time: Standby Partition: Standby SW Version: Standby Build Date/Time: Next-Boot: Supported Releases B 10.2.0E Linux 3.16.7-ckt25 2016-10-03T23:11:14Z A 10.2.0E 2016-10-03T23:11:14Z active[B] 10.2.0E or later show diag Displays diagnostic information for port adapters and modules. Syntax show diag Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show diag 00:00.
Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show environment Unit State Temperature ------------------------------------1 up 43 Thermal sensors Unit Sensor-Id Sensor-name Temperature ---------------------------------------------------------1 1 T2 temp sensor 31 1 2 system-NIC temp sensor 21 1 3 Ambient temp sensor 24 1 4 NPU temp sensor 43 Supported Releases 10.2.0E or later show hash-algorithm Displays hash algorithm information.
---------------------------------------------------------------------------------------* 1 S6000-ON 07VJDK A02 CN-07VJDK-28298-52R-0032 5XYK0Z1 129 373 368 1 S6000-ON-PWR-1-AC 0T9FNW A00 CN-0T9FNW-28298-52R-0263 AEIOU## 226 457 410 1 S6000-ON-FANTRAY-1 0MGDH8 A00 CN-0MGDH8-28298-52R-0394 AEIOU## 226 457 410 1 S6000-ON-FANTRAY-2 0MGDH8 A00 CN-0MGDH8-28298-52R-0394 AEIOU## 226 457 410 1 S6000-ON-FANTRAY-3 0MGDH8 A00 CN-0MGDH8-28298-52R-0392 AEIOU## 226 457 410 Supported Releases 10.2.
1019 root OS10# Supported Releases 20 0 1829416 256080 73508 S 6.6 6.4 1212:36 base_nas 10.3.0E or later show system Displays system information. Syntax show system [brief | node-id stack-id fanout-configured] Parameters • brief — View abbreviated list of system information. • node-id — Node ID number.
Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Eth Example (brief) 1/1/2 1/1/3 1/1/4 1/1/5 1/1/6 1/1/7 1/1/8 1/1/9 1/1/10 1/1/11 1/1/12 1/1/13 1/1/14 1/1/15 1/1/16 1/1/17 1/1/18 1/1/19 1/1/20 1/1/21 1/1/22 1/1/23 1/1/24 1/1/25 1/1/26 1/1/27 1/1/28 1/1/29 1/1/30 1/1/31 1/1/32 Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No No Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes No No No No BREAKOUT_1x1 BREAKOUT_1x1 BREAKOUT_1x1 BREAK
traceroute Displays the routes that packets take to travel to an IP address. Syntax traceroute host [-46dFITnreAUDV] [-f first_ttl] [-g gate,...] [-i device] [-m max_ttl] [-N squeries] [-p port] [-t tos] [-l flow_label] [-w waittime] [-q nqueries] [-s src_addr] [-z sendwait] [--fwmark=num] host [packetlen] Parameters • host — Enter the host to trace packets from. • -i interface — (Optional) Enter the IP address of the interface through which traceroute sends packets.
ms 3.243 ms 7 0.xe-7-0-1.XL3.SJC7.ALTER.NET (152.63.48.254) 3.915 ms 3.603 ms 3.790 ms 8 TenGigE0-4-0-5.GW6.SJC7.ALTER.NET (152.63.49.254) 11.781 ms 10.600 ms 9.402 ms 9 23.73.112.54 (23.73.112.54) 3.606 ms 3.542 ms 3.773 ms Example (IPv6) OS10# traceroute 20::1 traceroute to 20::1 (20::1), 30 hops max, 80 byte packets 1 20::1 (20::1) 2.622 ms 2.649 ms 2.964 ms Supported Releases 10.2.0E or later Password recovery You may need to recovery your lost password. 1 Connect to the serial console port.
ONIE Rescue bypasses the installed operating system and boots the system into ONIE until you reboot the system. After ONIE Rescue completes, the system resets and boots to the ONIE console. 1 Use the up and down arrows to select the ONIE: Rescue, then press Enter. The highlight entry (*) runs automatically in the operating system.
2 (Optional) Configure the SupportAssist server URL or IP address in SUPPORT-ASSIST mode. server url server-url 3 (Optional) Configure the contact information for your company in SUPPORT-ASSIST mode. contact-company name {company-name} 4 (Optional) Configure a proxy to reach the SupportAssist server in SUPPORT-ASSIST mode. proxy-server ip {ipv4–address | ipv6–address} port port-number [username user-name password password] 5 Save the configuration.
1 (Optional) Configure contact information in SUPPORT-ASSIST mode. contact-company name name 2 (Optional) Configure address information in SUPPORT-ASSIST mode. Use the no address command to remove the configuration. address city name state name country name zipcode number 3 (Optional) Configure street address information in SUPPORT-ASSIST mode. Use double quotes to add spaces within an address. Use the no street-address command to remove the configuration.
2 • hourly min number — Enter the time to schedule an hourly task (0 to 59). • daily hour number min number — Enter the time to schedule a daily task (0 to 23 and 0 to 59). • weekly day-of—week number hour number min number — Enter the time to schedule a weekly task (0 to 6, 0 to 23, and 0 to 59). • monthly day number hour number min number — Enter the time to schedule a monthly task (1 to 31, 0 to 23, and 0 to 59).
Activity Schedule Schedule created on -----------------------------------------------------------full-transfer weekly: on sun at 00:00 Sep 12,2016 18:57:40 Activity Status : Activity Status last start last success ------------------------------------------------------------------------coredump-transfer success Sep 12,2016 20:48:41 Sep 12,2016 20:48:42 event-notification success Sep 12,2016 20:51:51 Sep 12,2016 20:51:51 full-transfer success Sep 12,2016 20:30:28 Sep 12,2016 20:30:52 View EULA license OS10# s
Example (Event) OS10(conf-support-assist)# activity event-notification enable Example (Full) OS10(conf-support-assist)# activity full-transfer enable Example (Turn Off) OS10(conf-support-assist)# no activity coredump-transfer enable Supported Releases 10.2.0E or later contact-company Configures the company contact information. Syntax contact-company name Parameters name — Enter the contact company name (up to 140 characters).
Default Not configured Command Mode SUPPORT-ASSIST Usage Information The no version of this command removes the configuration. Example OS10(conf-support-assist-Eureka-JohnJamesSmith)# email-address jjsmith@eureka.com Supported Releases 10.2.0E or later eula-consent Accepts or rejects the SupportAssist end-user license agreement (EULA). Syntax eula—consent {support-assist} {accept | reject} Parameters • support-assist — Enter to accept or reject the EULA for the service.
Supported Releases 10.2.0E or later proxy-server Configures a proxy IP address for reaching the SupportAssist server. Syntax Parameters proxy-server ip ipv4-address port number • ipv4-address— Enter the IPv4 address of the proxy server in a dotted decimal format (A.B.C.D). • number — Enter the port number (0 to 65535). Default Not configured Command Mode SUPPORT-ASSIST Usage Information You cannot use an IPv6 address with this command. Example OS10(conf-support-assist)# proxy-server ip 10.1.1.
Example OS10# show support-assist eula I accept the terms of the license agreement. You can reject the license agreement by configuring this command 'eula-consent support-assist reject.' By installing SupportAssist, you allow Dell, Inc. to save your contact information (e.g. name, phone number and/or email address) which would be used to provide technical support for your Dell, Inc. products and services. Dell, Inc. may use the information for providing recommendations to improve your IT infrastructure.
Contact method : email Server(configured) : https://web.dell.
• • • day-of-week number — Enter the keyword and number for the day of the week to schedule the task (0 to 6). • hour number — Enter the keyword and number of the hour to schedule the weekly task (0 to 23). monthly — Schedule a monthly task: • day number — Enter the number for the day of the month to schedule the task (1 to 31). • hour number — Enter the number for the hour of the day to schedule the task (0 to 23).
Use the delete supportbundle://sosreport-filename.tar.gz command to delete a generated support bundle. Event notifications Event notifications for the generate support-bundle command are processed at the start and end of the bundle they support, and reports either success or failure. Support bundle generation start event Apr 19 bundle Apr 19 bundle 16:57:55: execution 16:57:55: execution %Node.1-Unit.
System monitoring Monitor OS10 using system alarm and log information. System alarms Alarms alert you to conditions that might prevent normal device operation: • Critical — A critical condition exists and requires immediate action. A critical alarm may trigger if one or more hardware components have failed, or one or more hardware components exceeds temperature thresholds. • Major — A major error occurred and requires escalation or notification.
• Disable console logging and reset the minimum logging severity to the default in CONFIGURATION mode. no logging console severity • Disable log-file logging and reset the minimum logging severity to the default in CONFIGURATION mode. no logging log-file severity • Disable monitor logging and reset the minimum logging severity to the default in CONFIGURATION mode. no logging monitor severity • Disable server logging and reset the minimum logging severity to the default in CONFIGURATION mode.
View logging process names OS10# show logging process-names dn_alm dn_app_vlt dn_app_vrrp dn_bgp dn_dot1x dn_eqa dn_eqm dn_eth_drv dn_etl dn_i3 dn_ifm dn_infra_afs dn_issu dn_l2_services dn_l2_services_ dn_l2_services_ dn_l2_services_ dn_l2_services_ dn_l3_core_serv dn_l3_service dn_lacp dn_lldp dn_mgmt_entity_ --More-- Environmental monitoring Monitors the hardware environment to detect temperature, CPU, and memory utilization.
Configure Threshold level for link-bundle monitoring OS10(config)# link-bundle-trigger-threshold 10 View link-bundle monitoring threshold configuration OS10(config)# do show running-configuration link-bundle-trigger-threshold 10 ! ... Show link-bundle utilization OS10(config)# do show link-bundle-utilization Link-bundle trigger threshold - 10 Alarm commands alarm clear Clears the alarm based on the alarm index for a user-clearable alarm (a transient alarm).
show alarms details Displays details about active alarms. Syntax show alarms details Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show alarms details Active-alarm details - 0 ------------------------------------------Index: 0 Sequence Number: 1 Severity: critical Type: 1081367 Source: Node.1-Unit.
----0 1 2 -------minor major minor -----------------------EQM_THERMAL_MINOR_CROSSE EQM_THERMAL_MAJOR_CROSSE EQM_THERMAL_MINOR_CROSSE -------------Sep 20 0:8:24 Sep 20 0:16:28 Sep 20 0:15:39 -----Node.1-Unit.1 Node.1-Unit.1 Node.1-Unit.1 Example (Summary) OS10# show alarms history summary Alarm History Summary ------------------------------Total-count: 0 Critical-count: 0 Major-count: 0 Minor-count: 0 Warning-count: 0 ------------------------------Supported Releases 10.2.
• warning — Warning alarm severity. Default Not configured Command Mode EXEC Usage Information None Example (Warning) OS10# show alarms severity warning Active-alarm details - 1 ------------------------------------------Index: 1 Sequence Number: 5 Severity: warning Type: 1081364 Source: Node.1-Unit.
Warning-count: 2 ----------------------Supported Releases 10.2.0E or later Logging commands clear logging Clears messages in the logging buffer. Syntax clear logging log-file Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# clear logging log-file Proceed to clear the log file [confirm yes/no(default)]: Supported Releases 10.2.0E or later logging console Disables, enables, or configures the minimum severity level for logging to the console.
Example OS10(config)# logging console disable Example (Enable) OS10(config)# logging console enable Example (Severity) OS10(config)# logging console severity log-warning Supported Releases 10.2.0E or later logging enable Enables system logging. Syntax logging enable To disable the logging capability, use the no logging enable command. Parameters None Default Enabled Command Mode CONFIGURATION Usage Information The no version of this command disables all logging.
Example OS10(config)# logging log-file disable Example (Enable) OS10(config)# logging log-file enable Example (Severity) OS10(config)# logging log-file severity log-notice Supported Releases 10.2.0E or later logging monitor Set the minimum severity level for logging to the terminal lines. Syntax logging monitor severity severity-level To reset the monitor severity to the default level, use the no logging monitor severity command. The default severity level is log-notice.
• log-warning — Warning conditions. • log-notice — Normal but significant conditions (default). • log-info — Informational messages. • log-debug — Debug messages. Defaults Log-notice Command Mode CONFIGURATION Usage Information Starting from 10.3.0E or later, this command supports IPv6 addresses. The previous versions support only IPv4 addresses. The no version of this command deletes the syslog server. Example OS10# logging server dell.
dn_supportassis --More-Supported Releases 10.2.0E or later show trace Displays trace messages. Syntax show trace [number-lines] Parameters number-lines — (Optional) Enter the number of lines to include in log messages (1 to 65535). Default Enabled Command Mode EXEC Usage Information The output from this command is the /var/log/syslog file. Example OS10# show trace May 23 17:10:03 OS10 base_nas: [NETLINK:NHEVENT]:ds_api_linux_neigh.
Log into OS10 device Linux shell access is available for troubleshooting and diagnostic purposes only. Use linuxadmin for both the default user name and password. For security reasons, you must change the default linuxadmin password during the first login from the Linux shell. The system saves the new password for future logins. CAUTION: Changing the system state from the Linux shell can result in undesired and unpredictable system behavior.
• Quality of service contains information about quality of service including classification and marking, congestion management, policing and shaping, and so on. • Monitoring contains information about how to view alarms, events, logs, and so on. Installation How do I configure a default management route? Although the default management route was configured during installation, you can use the route add default gw command from the Linux shell to configure the default management IP address for routing.
• candidate-configuration is an intermediate temporary buffer that stores configuration changes prior to applying them to the runningconfiguration Security How do I add new users? Use the username commands to add new users. Use the show users command to view a list of current users. How do I view RADIUS transactions to troubleshoot problems? Use the debug radius command. How do I view the current DHCP binding information? Use the show ip dhcp binding command.
How can I view the software version? Use the show version command to view the currently running software version. How can I troubleshoot SNMP operation? Use the show ip traffic command to view IP and ICMP statistics. Access control lists How do I setup filters to deny or permit packets from on IPv4 or IPv6 address? Use the deny or permit commands to create ACL filters.
• % Error: Not enough buffers are available, to enable pause for all pfc-cos values in the policymap for this interface • % Warning: Not enough buffers are available, for lossy traffic. Expect lossy traffic drops, else reconfigure the pause buffers Monitoring How can I check if SupportAssist is enabled? Use the show support-assist status command to view current configuration information. How can I view a list of alarms? Use the show alarms details to view a list of all system alarms.
12 Support resources The Dell EMC Support site provides a range of documents and tools to assist you with effectively using Dell EMC devices. Through the support site you can obtain technical information regarding Dell EMC products, access software upgrades and patches, download available management software, and manage your open cases. The Dell EMC support site provides integrated, secure access to these services. To access the Dell EMC Support site, go to www.dell.com/support/.