OS10 Enterprise Edition User Guide Release 10.4.
Notes, cautions, and warnings NOTE: A NOTE indicates important information that helps you make better use of your product. CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the problem. WARNING: A WARNING indicates a potential for property damage, personal injury, or death. Copyright © 2017 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Contents 1 Getting Started............................................................................................................................................ 20 Download OS10 image and license................................................................................................................................. 21 Installation......................................................................................................................................................................
delete...........................................................................................................................................................................49 description (alias).......................................................................................................................................................50 dir............................................................................................................................................................
Add port member....................................................................................................................................................... 78 Minimum links............................................................................................................................................................. 78 Assign Port Channel IP Address...............................................................................................................................
show switch-port-profile......................................................................................................................................... 107 show vlan...................................................................................................................................................................108 shutdown..................................................................................................................................................................
clear fcoe statistics.................................................................................................................................................. 134 fcoe max-sessions-per-enodemac......................................................................................................................... 135 feature fip-snooping.................................................................................................................................................
Fast start repeat count............................................................................................................................................ 172 View LLDP configuration......................................................................................................................................... 173 Adjacent agent advertisements.............................................................................................................................. 174 Time to live.......
VLAN commands.....................................................................................................................................................239 Port monitoring.............................................................................................................................................................. 240 Local port monitoring..............................................................................................................................................
Timers........................................................................................................................................................................276 Neighbor soft-reconfiguration................................................................................................................................276 BGP commands........................................................................................................................................................
Set address to match route-map...........................................................................................................................400 Assign route-map to interface............................................................................................................................... 400 View PBR information.............................................................................................................................................400 PBR commands.................
UFT commands........................................................................................................................................................449 Security...........................................................................................................................................................................450 User re-authentication...........................................................................................................................................
clear ipv6 access-list counters...............................................................................................................................486 clear mac access-list counters............................................................................................................................... 487 deny...........................................................................................................................................................................
permit udp................................................................................................................................................................. 510 permit udp (IPv6)......................................................................................................................................................511 remark...............................................................................................................................................................
route-map................................................................................................................................................................. 538 set comm-list add....................................................................................................................................................539 set comm-list delete................................................................................................................................................
View statistics.......................................................................................................................................................... 564 Configure WRED profile................................................................................................................................................565 Verify configuration....................................................................................................................................................
show class-map....................................................................................................................................................... 585 show control-plane info.......................................................................................................................................... 585 show control-plane statistics.................................................................................................................................
show vlt mac-inconsistency.....................................................................................................................................611 show vlt mismatch.................................................................................................................................................... 611 show vlt role..............................................................................................................................................................
Boot partition and image........................................................................................................................................ 660 Monitor processes...................................................................................................................................................660 LED settings..............................................................................................................................................................
1 Getting Started Dell EMC Networking OS10 Enterprise Edition is a network operating system supporting multiple architectures and environments. The networking world is moving from a monolithic stack to a pick-your-own-world. The OS10 solution is designed to allow disaggregation of the network functionality.
Download OS10 image and license OS10 Enterprise Edition may come factory-loaded and is available for download from the Dell Digital Locker (DDL). A factory-loaded OS10 image has a perpetual license installed. An OS10 image that you download has a 120-day trial license and requires a perpetual license to run beyond the trial period. See the Quick Start Guide shipped with your device and My Account FAQs for more information.
Once you download the OS10 Enterprise Edition image, unzip the .tar file. Some Windows unzip applications insert extra carriage returns (CR) or line feeds (LF) when they extract the contents of a .tar file, which may corrupt the downloaded OS10 binary image. Turn off this option if you use a Windows-based tool to untar an OS10 binary file. Once you unzip the OS10 Enterprise Edition and download the license, see Installation and Install license for complete installation and license information.
Automatic installation You can automatically (zero-touch) install an OS10 image on a Dell ONIE-enabled device. Once the device successfully boots to ONIE: Install OS, auto-discovery obtains the hostname, domain name, Management interface IP address, as well as the IP address of the DNS name server(s) on your network from the DHCP server and DHCP options. The ONIE automatic-discovery process locates the stored software image, starts installation, then reboots the device with the new software image.
The ONIE auto-discovery process discovers the image file at the specified USB path, loads the software image, and reboots. Log into OS10 To log in to OS10 Enterprise Edition, power up the device and wait for the system to perform a power-on self test (POST). Enter admin for both the default user name and user password. For better security, change the default admin password during the first OS10 login. The system saves the new password for future logins.
Install license OS10# license install scp://user:userpwd@10.1.1.10/CFNNX42-NOSEnterprise-License.xml License installation success. Verify license installation OS10# show license status System Information -----------------------------------------Vendor Name : DELL Product Name : S4048-ON Hardware Version: A00 Platform Name : S4048-ON PPID : CN0M68YC2829855M0133 Service Tag : CFNNX42 License Details ---------------Software : OS10-Enterprise Version : 10.3.
Remote access Linux shell ssh linuxadmin@ip-address password: linuxadmin Configure Management IP address To remotely access OS10, assign an IP address to the Management port. 1 Configure the management interface from CONFIGURATION mode. interface mgmt node/slot/port 2 Configure an IPv4 or IPv6 address on the Management interface in INTERFACE mode. ip address A.B.C.D/mask ipv6 address A:B/prefix-length 3 Enable the Management interface in INTERFACE mode.
Configure user name and password To set up remote access to OS10, create a new user name and password after you configure the management port and default route. The user role is a mandatory entry. Enter the password in clear text. It is converted to SHA-512 format in the running configuration. A password must have at least nine alphanumeric and special characters, and at least five different characters from the password previously used for the same username. For backward compatibility with OS10 releases 10.
User accounts OS10 defines two categories of user accounts — use admin for both the username and password to log into the CLI, or use linuxadmin to log into the Linux shell. Key CLI features Consistent command names Commands that provide the same type of function have the same name, regardless of the portion of the system on which they are operating. For example, all show commands display software information and statistics, and all clear commands erase various types of system information.
CLI command hierarchy CLI commands are organized in a hierarchy. Commands that perform a similar function are grouped together under the same level of hierarchy. For example, all commands that display information about the system and the system software are grouped under the show system command, and all commands that display information about the routing table are grouped under the show route-map command.
From CONFIGURATION mode, you can also configure L2 and L3 protocols with a specific protocol-configuration mode, such as spanningtree protocol (STP) or border gateway protocol (BGP). Command help To view a list of valid commands for any CLI mode, enter ? or the help command. 1 Enter ? to view the commands available in EXEC mode.
hash-algorithm help host-description hostname interface ip ipv6 iscsi lacp link-bundle-utilization lldp load-balancing logging mac management monitor no ntp policy-map qos-map radius-server pa rameters route-map router sflow snmp-server spanning-tree support-assist system track trust username vlt-domain vrrp Hash algorithm configurations Display available commands Set the system host description Set the system hostname Select an interface Global IP configuration subcommands Configure ipv6 enable iscsi glob
• • • • ipv6 Display IPv6 neighbor information iscsi Show iscsi lacp Show LACP information license Show license and digital fulfillment related information link-bundle-utilization Display the link-bundle utilization for the interfaces in the bundle lldp Show lldp load-balance Show global traffic load-balance configuration logging Show logging messages mac MAC forwarding table monitor Show port monitoring sessions network-policy Show network policy ntp NTP associations parser-tree Show parser tree policy-m
-- Unit 1 -Status System Identifier Down Reason System Location LED Required Type Current Type Hardware Revision Software Version Bios Version Physical Ports BIOS System CPLD Master CPLD Slave CPLD : : : : : : : : : : : : : : up 1 user-triggered off S6000 S6000 A01 10.2.9999E None 32x40GbE 3.33.0.2 0.3 0.4 0.
logging monitor ospf ospfv3 policy-map prefix-list qos-map radius-server route-map sflow snmp spanning-tree support-assist system-qos trust-map users vlt Current Current Current Current Current Current Current Current Current Current Current Current Current Current Current Current Current candidate candidate candidate candidate candidate candidate candidate candidate candidate candidate candidate candidate candidate candidate candidate candidate candidate logging configuration monitor session configurati
ipv6 enable ipv6 address autoconfig ! support-assist ! policy-map type application policy-iscsi ! class-map type application class-iscsi ! class-map type qos class-trust View compressed running configuration OS10# show running-configuration compressed interface breakout 1/1/1 map 40g-1x interface breakout 1/1/2 map 40g-1x interface breakout 1/1/3 map 40g-1x interface breakout 1/1/4 map 40g-1x interface breakout 1/1/5 map 40g-1x interface breakout 1/1/6 map 40g-1x interface breakout 1/1/7 map 40g-1x interfa
! class-map type application class-iscsi ! class-map type qos class-trust Show difference between candidate and running configurations OS10# show diff candidate-configuration running-configuration OS10# NOTE: If the OS10# prompt does not return output, the candidate-configuration and running-configuration files match. Prevent configuration changes You can prevent configuration changes on sessions other than the current CLI session using the lock command.
Copy running configuration The running configuration contains the current OS10 system configuration and consists of a series of OS10 commands. Copy the running configuration to a remote server or local directory as a backup or for viewing and editing. The running configuration is copied as a text file, which you can view and edit with a text editor.
Reload system image Reboot the system manually using the reload command in EXEC mode. You are prompted to confirm the operation. OS10# reload System configuration has been modified. Save? [yes/no]:yes Saving system configuration Proceed to reboot the system? [confirm yes/no]:yes To configure the OS10 image loaded at the next system boot, enter the boot system command in EXEC mode. boot system {active | standby} • Enter active to load the primary OS10 image stored in the A partition.
• Non-persistent mode — The alias can be used only within the current session. Once the session is closed, the alias is removed from the system. The aliases created in Exec mode are non-persistent. NOTE: You cannot use existing keywords, parameters, and short form of keywords as alias names, nor can you create a shortcut for the alias command. • Create an alias in EXEC or CONFIGURATION mode — EXEC mode for non-persistent and CONFIGURATION mode for persistent aliases.
View alias information OS10# show alias Name ---govlt goint shconfig showint shver Type ---Config Config Local Local Local Number of config aliases : 2 Number of local aliases : 3 View alias information brief (displays the first 10 characters of the alias value) OS10# show alias brief Name Type ------govlt Config goint Config shconfig Local showint Local shver Local Value ----"vlt-domain..." "interface ..." "show runni..." "show inter..." "show versi...
• Use the no form of the command to delete an alias in the CONFIGURATION mode. no alias alias-name You can modify the existing multi-line alias by entering the corresponding ALIAS mode.
---mTest ---Config ----line 1 "interface ..." line 2 "no shutdow..." line 3 "show confi...
no switchport no shutdown Linux shell commands You can execute a single command, or a series of commands using a batch file from the Linux shell. • Use the -c option to run a single command. admin@OS10:/opt/dell/os10/bin$ clish -c "show version" New user admin logged in at session 10 Dell Networking OS10-Enterprise Copyright (c) 1999-2017 by Dell Inc. All Rights Reserved. OS Version: 10.2.9999E Build Version: 10.2.9999E(3764) Build Time: 2017-02-09T06:02:58.
Copyright (c) 1999-2017 by Dell Inc. All Rights Reserved. OS Version: 10.3.0000E Build Version: 10.3.0000E(4181) Build Time: 2017-04-02T18:00:38.375-07:00 System Type: S6000-ON Architecture: x86_64 Up Time: 1 week 05:36:38 OS9 environment commands You can configure commands in an OS9 environment by using the feature config-os9-style command. The current release supports VLAN tagging and port-channel grouping commands.
Command Mode EXEC CONFIGURATION Usage Information Use this command to create a shortcut to long commands along with arguments. Use the numbers 1 to 9 along with the $ to provide input parameters. The no version of this command deletes an alias.
Command Mode CONFIGURATION Usage Information Use this command to save a series of multiple commands in an alias. The switch enters the ALIAS mode when you create an alias. You can enter the series of commands to be executed using the line command. The no version of this command deletes an alias. Example OS10(config)# alias mTest OS10(config-alias-mTest)# line 1 "interface $1 $2" OS10(config-alias-mTest)# line 2 "no shutdown" OS10(config-alias-mTest)# line 3 "show configuration" Supported Releases 10.
Example OS10# boot system standby Supported Releases 10.2.0E or later commit Commits changes in the candidate configuration to the running configuration. Syntax commit Parameters None Default Not configured Command Mode EXEC Usage Information Use this command to save changes to the running configuration. Use the do commit command to save changes in CONFIGURATION mode. Example OS10# commit Example (configuration) OS10(config)# do commit Supported Releases 10.2.
• config://filepath — (Optional) Copy from configuration directory. • coredump://filepath — (Optional) Copy from the coredump directory. • ftp://userid:passwd@hostip/filepath — (Optional) Copy from a remote FTP server. • home://username/filepath — (Optional) Copy from the home directory. • scp://userid:passwd@hostip/filepath — (Optional) Copy from a remote SCP server. • sftp://userid:passwd@hostip/filepath — (Optional) Copy from a remote SFTP server.
default (alias) Configures default values for input parameters in multi-line alias. Syntax Parameters default n value • n — Enter the number of the argument (1 to 9). • value — Enter the value for the input parameter. Default Not configured Command Mode ALIAS Usage Information To use special characters in the input parameter value, enclose the string in double quotes. The no version of this command removes the default value.
description (alias) Configures a textual description for a multi-line alias. Syntax description string Parameters string — Enter a text string for the alias description. Default Not configured Command Mode ALIAS Usage Information • To use special characters as a part of the description string, enclose the string in double quotes. • Spaces between characters are not preserved after entering this command unless you enclose the entire description in quotation marks (“text description”).
--------------------2017-04-26T15:23:46Z Supported Releases -----------26704 ----------startup.xml 10.2.0E or later discard Discards any changes made to the candidate configuration file. Syntax discard Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# discard Supported Releases 10.2.0E or later do Executes most commands from all CONFIGURATION modes without returning to EXEC mode.
Command Mode CONFIGURATION Usage Information Once you enable the feature to configure the commands in OS9 format, log out of the session. In the next session, you can configure the commands in OS9 format. The current release supports VLAN tagging and Port channel grouping commands. This feature does not have any impact on the show commands. Use the no form of the command to disable the feature.
Default Not configured Command Mode EXEC Usage Information Use this command to install the Enterprise Edition license file (see Download OS10 image and license for more information). OS10 requires a perpetual license to run beyond the 120-day trial license period. The license file is installed in the /mnt/license directory. Example OS10# license install scp://user:userpwd/10.1.1.10/CFNNX42-NOSEnterpriseLicense.lic License installation success. Supported Releases 10.3.
management route Configures an IPv4/IPv6 static route used by the Management port. Repeat the command to configure multiple management routes. Syntax management route {ipv4-address/mask | ipv6-address/prefix-length} {forwardingrouter-address | managementethernet} Parameters • ipv4-address/mask — Enter an IPv4 network address in dotted-decimal format (A.B.C.D), then a subnet mask in /prefix-length format (/xx).
Directory contents for Date (modified) --------------------2017-04-26T15:23:46Z Supported Releases folder: config Size (bytes) Name ------------ ----------26704 startup.xml 10.2.0E or later no Disables or deletes commands in EXEC mode. Syntax Parameters no [alias | debug | support-assist-activity | terminal] • alias — Remove an alias definition. • debug — Disable debugging. • support-assist-activity — SupportAssist-related activity. • terminal — Reset terminal settings.
Parameters • brief — Displays brief information of aliases. • detail — Displays detailed information of aliases.
show boot Displays detailed information about the boot image. Syntax show boot [detail] Parameters None Default Not configured Command Mode EXEC Usage Information The Next-Boot field displays where the OS10 image is stored and which partition will be used with the boot system command.
• compressed — (Optional) Current candidate configuration in compressed format. • control-plane — (Optional) Current candidate control-plane configuration. • dot1x — (Optional) Current candidate dot1x configuration. • extcommunity-list — (Optional) Current candidate extcommunity-list configuration. • interface — (Optional) Current candidate interface configuration. • lacp — (Optional) Current candidate LACP configuration. • lldp — (Optional) Current candidate LLDP configuration.
switchport access vlan 1 no shutdown ! interface ethernet1/1/5 switchport access vlan 1 no shutdown ! --more-Example (compressed) OS10# show candidate-configuration compressed username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/ VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH. aaa authentication local snmp-server contact http://www.dell.com/support snmp-server location "United States" logging monitor disable ip route 0.0.0.0/0 10.11.58.
1 1 1 1 Supported Releases 1 2 3 4 T2 temp sensor system-NIC temp sensor Ambient temp sensor NPU temp sensor 31 21 24 43 10.2.0E or later show inventory Displays system inventory information. Syntax show inventory Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show inventory Product : S6000-ON Description : S6000-ON 32x40GbE QSFP+ Interface Module Software version : 10.2.
----------------------------------------------------------------192.168.10.0/24 managementethernet Connected Connected Supported Releases 10.2.2E or later show ipv6 management-route Displays the IPv6 routes used to access the management port. Syntax Parameters show ipv6 management-route [all | connected | summary | static] • all — (Optional) Display the IPv6 routes that the management interface uses. • connected — (Optional) Display only routes directly connected to the management interface.
License Details ---------------Software : OS10-Enterprise Version : 10.2.9999E License Type : EVALUATION License Duration: 120 days License Status : 94 day(s) left License location: /mnt/license/5XYK0Z1.lic ------------------------------------------------Supported Releases 10.3.0E or later show running-configuration Displays the configuration currently running on the device.
• trust-map — (Optional) Current operating trust-map configuration. • users — (Optional) Current operating users configuration. • vlt — (Optional) Current operating VLT domain configuration. Default Not configured Command Mode EXEC Usage Information None Example OS10# show running-configuration ! Version 10.2.9999E ! Last configuration change at Apr 11 01:25:02 2017 ! username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/ VKx8SloIhp4NoGZs0I/UNwh8WVuxwfd9q4pWIgNs5BKH.
ipv6 address autoconfig ! support-assist ! policy-map type application policy-iscsi ! class-map type application class-iscsi ! class-map type qos class-trust Supported Releases 10.2.0E or later show startup-configuration Displays the contents of the startup configuration file. Syntax show startup-configuration [compressed] Parameters compressed — (Optional) View a compressed version of the startup configuration file.
interface range ethernet 1/1/1-1/1/32 switchport access vlan 1 no shutdown ! interface vlan 1 no shutdown ! interface mgmt1/1/1 ip address 10.11.58.145/8 no shutdown ipv6 enable ipv6 address autoconfig ! support-assist ! policy-map type application policy-iscsi ! class-map type application class-iscsi ! class-map type qos class-trust Supported Releases 10.2.0E or later show system Displays system information.
---------------------------------------------------------------1 up AC NORMAL 1 6688 up 2 fail -- Fan Status -FanTray Status AirFlow Fan Speed(rpm) Status ---------------------------------------------------------------1 up NORMAL 1 7201 up 2 6874 up Example (node-id) 2 up NORMAL 1 2 6698 7168 up up 3 up NORMAL 1 2 7149 7104 up up OS10# show system node-id 1 fanout-configured Interface Breakout capable Breakout state ----------------------------------------------------Eth 1/1/1 Yes BREAKOUT_1
2 fail -- Fan Status -FanTray Status AirFlow Fan Speed(rpm) Status ---------------------------------------------------------------1 up NORMAL 1 6710 up 2 7136 up Supported Releases 2 up NORMAL 1 2 6767 7155 up up 3 up NORMAL 1 2 6785 7040 up up 10.2.0E or later show version Displays software version information.
system Executes a Linux command from within OS10. Syntax system command Parameters command — Enter the Linux command to execute. Default Not configured Command Mode EXEC Usage Information None Example OS10# system bash admin@OS10:~$ pwd /config/home/admin admin@OS10:~$ exit OS10# Supported Releases 10.2.0E or later system identifier Sets a non-default unit ID in a non-stacking configuration.
Example OS10# terminal monitor Supported Releases 10.2.0E or later traceroute Displays the routes that packets take to travel to an IP address. Syntax Parameters traceroute [vrf management] host [-46dFITnreAUDV] [-f first_ttl] [-g gate,...] [-i device] [-m max_ttl] [-N squeries] [-p port] [-t tos] [-l flow_label] [-w waittime] [-q nqueries] [-s src_addr] [-z sendwait] [--fwmark=num] host [packetlen] • vrf management— (Optional) Traces the route to an IP address in the management VRF instance.
Example OS10# traceroute www.dell.com traceroute to www.dell.com (23.73.112.54), 30 hops max, 60 byte packets 1 10.11.97.254 (10.11.97.254) 4.298 ms 4.417 ms 4.398 ms 2 10.11.3.254 (10.11.3.254) 2.121 ms 2.326 ms 2.550 ms 3 10.11.27.254 (10.11.27.254) 2.233 ms 2.207 ms 2.391 ms 4 Host65.hbms.com (63.80.56.65) 3.583 ms 3.776 ms 3.757 ms 5 host33.30.198.65 (65.198.30.33) 3.758 ms 4.286 ms 4.221 ms 6 3.GigabitEthernet3-3.GW3.SCL2.ALTER.NET (152.179.99.173) 4.428 ms 2.593 ms 3.243 ms 7 0.xe-7-0-1.XL3.SJC7.
2 Interfaces You can configure and monitor physical interfaces (Ethernet), port-channels, and VLANs in L2 or L3 modes. Table 1.
Figure 1. S4148U-ON unified port groups To enable Ethernet interfaces in a unified port group: 1 Configure a unified port group in CONFIGURATION mode. Enter 1/1 for node/slot. The port-group range is 1–10. port-group node/slot/port-group 2 Activate the unified port group for Ethernet operation in PORT-GROUP mode. mode Eth {100g-1x | 50g-2x | 40g-1x | 25g-4x | 10g-4x} • • • • • 10g-4x — Split a QSFP28 or QSFP+ port into four 10G interfaces. 25g-4x — Split a QSFP28 port into four 25G interfaces.
By default, a trunk interface carries only untagged traffic on the access VLAN — you must manually configure other VLANs for tagged traffic. 1 2 Select one of the two available options: • Configure L2 trunking in INTERFACE mode and the tagged VLAN traffic that the port can transmit. By default, a trunk port is not added to any tagged VLAN. You must create a VLAN before you can assign the interface to it.
Figure 2. S4148U-ON port groups On a S4148U-ON, the activated FC interfaces depend on the currently configured port profile. For more information, see S4148U-ON port profiles. To enable a fibre channel interface: 1 Configure a unified port group in CONFIGURATION mode. Enter 1/1 for node/slot. The port-group range is 1–10. port-group node/slot/port-group 2 Activate the unified port group for FC operation in PORT-GROUP mode.
Address is 14:18:77:20:8d:fc, Current address is 14:18:77:20:8d:fc Pluggable media present, QSFP-PLUS type is QSFPPLUS_4X16_16GBASE_FC_SW Wavelength is 850 Receive power reading is 0.
Configure VLAN OS10(config)# interface vlan 10 OS10(conf-if-vl-10)# ip address 1.1.1.2/24 You cannot simultaneously use egress rate shaping and ingress rate policing on the same VLAN. User-configured default VLAN By default, VLAN 1 serves as the default VLAN for switching untagged L2 traffic on OS10 ports in trunk or access mode. The default VLAN is used for untagged protocol traffic sent and received between switches, such as spanning-tree protocols.
Hardware is unknown. Interface index is 102863300 Internet address is 120.120.120.
Add port member When you add a port interface to a port-channel: • The port-channel configuration and administrative status are applied to member interfaces. • A port-channel operates in either L2 (default) or L3 mode. To place a port-channel in L2 mode, use the switchport mode command. To place a port-channel in L3 mode and remove L2 configuration before you configure an IP address, use the no switchport command. • All interfaces should have the same speed (recommended).
Configure minimum operationally up links OS10(config)# interface po 1 OS10(conf-if-po-1)# minimum-links 5 Assign Port Channel IP Address You can assign an IP address to a port channel and use port channels in L3 routing protocols. • Configure an IP address and mask on the interface in INTERFACE mode. ip address ip-address mask [secondary] • ip-address mask — Specify an IP address in dotted-decimal format (A.B.C.D) and the mask in slash format (/24).
• tcp-upd-selection [l4–destination-port | l4–source-port] — Uses the Layer 4 destination IP address, or Layer 4 source IP address in the hash calculation. • ip-selection [destination-ip | source-ip | protocol | vlan-id | l4–destination-port | l4– source-port] — Uses the destination IP address, source IP address, protocol, VLAN ID, Layer 4 destination IP address, or Layer 4 source IP address in the hash calculation.
interface ethernet1/1/2 no shutdown switchport access vlan ! interface ethernet1/1/3 no shutdown switchport access vlan ! interface ethernet1/1/4 no shutdown switchport access vlan ! interface ethernet1/1/5 no shutdown switchport access vlan 1 1 1 1 Configure range of VLANs OS10(config)# interface range vlan 1-100 OS10(conf-range-vl-1-100)# Configure range of port channels OS10(config)# interface range port-channel 1-25 OS10(conf-range-po-1-25)# Switch-port profiles A port profile determines the enabl
| Node/Unit | Current | Next-boot | Default | |-------------+-------------------+-------------------| | 1/1 | profile-2 | profile-2 | profile-1 | Supported Profiles: profile-1 profile-2 profile-3 profile-4 profile-5 profile-6 S4148-ON series port profiles On the S4148-ON series, port profiles determine the available front-panel Ethernet ports and supported breakout interfaces on uplink ports. In the port profile illustration, blue boxes indicate the supported ports and breakout interfaces.
S4148U-ON port profiles S4148U-ON port profiles determine the available front-panel unified and Ethernet ports and supported breakout interfaces. In the port profile illustration, blue boxes indicate the supported Ethernet port modes and breakout interfaces. Brown boxes indicate the supported Fibre Channel port modes and breakout interfaces. Blank spaces indicate ports and speeds that are not available. Unified port groups are numbered 1–10.
**Oversubscription: Configure oversubscription to support bursty storage traffic on a Fibre Channel interface. Oversubscription allows a port to operate faster, but may result in traffic loss. To support oversubscription, use the speed command in Interface configuration mode. This command is not supported on an Ethernet interface. In S4148U-ON port profiles: • SFP+ and QSFP28 port groups in 4x8GFC mode support 16GFC oversubscription on member interfaces.
Breakout auto-configuration You can globally enable front-panel Ethernet ports to automatically detect SFP pluggable media in a QSFP+ or QSFP28 port. The port autoconfigures breakout interfaces for media type and speed. For example, if you plug a 40G DAC cable with 4x10G far-side transceivers into a QSFP28 port, the port autoconfigures in 10g-4x Interface-breakout mode. enable auto-breakout RJ-45 ports and ports that are members of a port group do not support breakout auto-configuration.
OS10(conf-vlt-10)# exit OS10(config)# default interface ethernet 1/1/1 Proceed to cleanup the interface config? [confirm yes/no]:y % Error: Discovery Interface mode must not be in switchport mode Configuration 1 From CONFIGURATION mode, enter INTERFACE mode and view the currently configured settings. interface {ethernet | fibrechannel} node/slot/port[:subport] show config 2 Return to CONFIGURATION mode. exit 3 Reset an interface to its default configuration in CONFIGURATION mode.
OS10(config)# do show running-configuration interface fibrechannel 1/1/1 interface fibrechannel1/1/1 shutdown Forward error correction Forward error correction (FEC) is a digital signal processing technique used to enhance data reliability. It does this by introducing redundant data, called error correcting code, prior to data transmission or storage. FEC provides the receiver with the ability to correct errors without a reverse channel to request the retransmission of data.
Auto-negotiation performs at power-up, on command from the LAN controller, on detection of a PHY error, or following Ethernet cable reconnection. During the link establishment process, both link partners indicate their EEE capabilities. If EEE is supported by both link partners for the negotiated PHY type, the EEE function is used independently in either direction. Changing the EEE configuration resets the interface because the device restarts Layer 1 auto-negotiation.
Eth ...
clear counters interface ethernet eee Clears EEE counters on a specified interface. Syntax clear counters interface ethernet node/slot/port[:subport] eee Parameters node/slot/port[:subport]—Enter the interface information. Default Not configured Command Mode EXEC Usage Information Use this command to clear EEE counters on a specified Ethernet interface. Example OS10# clear counters interface 1/1/48 eee Clear eee counters on ethernet1/1/48 [confirm yes/no]:yes Supported Releases 10.3.
Eth Eth Eth Eth Eth Supported Releases 1/1/48 1/1/49 1/1/50 1/1/51 1/1/52 on n/a n/a n/a n/a up 1000M 10.3.0E or later show interface eee statistics Displays EEE statistics for all interfaces. Syntax show interface eee statistics Parameters None Default Not configured Command Mode EXEC Example OS10# show interface eee statistics Port EEE TxEventCount TxDuration(us) RxEventCount RxDuration(us) -----------------------------------------------------------------------------Eth 1/1/1 off 0 0 0 0 ..
Parameters node/slot/port[:subport]—Enter the interface information. Default Not configured Command Mode EXEC Example OS10# show interface ethernet 1/1/48 eee statistics Eth 1/1/48 EEE : on TxIdleTime(us) : 2560 TxWakeTime(us) : 5 Last Clearing : 18:45:53 TxEventCount : 0 TxDuration(us) : 0 RxEventCount : 0 RxDuration(us) : 0 Supported Releases 10.3.
0 64-byte pkts, 0 over 64-byte pkts, 0 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 0 Multicasts, 0 Broadcasts, 0 Unicasts 0 throttles, 0 discarded, 0 Collisions, 0 wreddrops Rate Info(interval 299 seconds): Input 0 Mbits/sec, 0 packets/sec, 0% of line rate Output 0 Mbits/sec, 0 packets/sec, 0% of line rate Time since last interface status change: 3 weeks 1 day 20:30:38 --more-View specific interface information OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1
Q: A - Access (Untagged), T - Tagged NUM Status Description * 1 up Eth1/1/5-1/1/8,1/1/27-1/1/28,1/1/31-1/1/54 1002 down Q Ports A Interface commands channel-group Assigns an interface to a port-channel group. Syntax channel-group channel-number mode {active | on | passive} Parameters • channel-number — Enter a port-channel number (1 to 128). • mode — Sets the LACP actor mode. • active — Sets channeling mode to active. • on — Sets channeling mode to static.
The default interface command removes all software settings and all L3, VLAN, VXLAN, and port-channel configurations on a physical interface. You must manually remove configured links to the interface from other software features — for example, if you configure an Ethernet interface as a discovery interface in a VLT domain. Enter multiple interfaces in a comma-separated string or a port range using the default interface range command. There is no undo for this command.
no shutdown switchport access vlan 1 ! interface ethernet1/1/25:3 no shutdown switchport access vlan 1 ! interface ethernet1/1/25:4 no shutdown switchport access vlan 1 Supported releases 10.4.0E(R1) or later default vlan-id Reconfigures the VLAN ID of the default VLAN. Syntax default vlan-id vlan-id Parameters vlan-id — Enter the default VLAN ID number (1 to 4093).
description (Interface) Configures a textual description of an interface. Syntax description string Parameters string — Enter a text string for the interface description (up to 240 characters). Default Not configured Command Mode INTERFACE Usage Information • To use special characters as a part of the description string, enclose the string in double quotes.
enable auto-breakout Enables front-panel Ethernet ports to automatically detect SFP pluggable media and autoconfigure breakout interfaces. Syntax enable auto-breakout Parameters None Default Not configured Command mode CONFIGURATION Usage information After you enter the enable auto-breakout command and plug a supported breakout cable in a QSFP+ or QSFP28 port, the port autoconfigures breakout interfaces for media type and speed. The no version of this command disables the auto-breakout feature.
interface breakout Splits a front-panel Ethernet port into multiple breakout interfaces. Syntax Parameters interface breakout node/slot/port map {10g-4x | 25g-4x | 40g-1x | 50g-2x | 100g-1x} • node/slot/port — Enter the physical port information. • 10g-4x — Split a QSFP28 or QSFP+ port into four 10G interfaces • 25g-4x — Split a QSFP28 port into four 25G interfaces. • 40g-1x — Set a QSFP28 port for use with a QSFP+ 40GE transceiver. • 50g-2x — Split a QSFP28 port into two 50G interfaces.
interface loopback Configures a loopback interface. Syntax interface loopback id Parameters id — Enter the loopback interface ID number (0 to 16383). Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes the loopback interface. Example OS10(config)# interface loopback 100 OS10(conf-if-lo-100)# Supported Releases 10.2.0E or later interface mgmt Configures the Management port.
Supported Releases 10.3.0E or later interface port-channel Creates a port-channel interface. Syntax interface port-channel channel-id Parameters channel-id — Enter the port-channel ID number (1 to 128). Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes the interface. Example OS10(config)# interface port-channel 10 OS10(conf-if-po-10)# Supported Releases 10.2.
Supported Releases 10.2.0E or later interface vlan Creates a VLAN interface. Syntax interface vlan vlan-id Parameters vlan-id — Enter the VLAN ID number (1 to 4094). Default VLAN 1 Command Mode CONFIGURATION Usage Information FTP, TFTP, MAC ACLs, and SNMP operations are not supported — IP ACLs are supported on VLANs only. The no version of this command deletes the interface. Example OS10(config)# interface vlan 10 OS10(conf-if-vl-10)# Supported Releases 10.2.
Supported Releases 10.3.0E or later mode Configures a front-panel unified port group to operate in Fibre Channel or Ethernet mode with the specified speed on activated interfaces. Syntax Parameters mode {Eth {100g-1x | 50g-2x | 40g-1x | 25g-4x | 10g-4x} | FC {32g-2x | 32g-1x | 16g-2x |8g-4x}} • • mode Eth — Configure a unified port group in Ethernet mode and set the speed to: • 10g-4x — Split a QSFP28 or QSFP+ port into four 10G interfaces. • 25g-4x — Split a QSFP28 port into four 25G interfaces.
Parameters value — Enter the maximum frame size in bytes (1280 to 65535). Maximum frame size for an S3000-ON is 12000, and S4000-ON/S6000-ON is 9216. Default 1532 bytes Command Mode INTERFACE Usage Information To return to the default MTU value, use the no mtu command. If an IP packet includes a Layer 2 header, the IP MTU must be at least 32 bytes smaller than the L2 MTU. • • Port-channels • All members must have the same link MTU value and the same IP MTU value.
Parameters interface type — Enter the interface type: • phy-eth node/slot/port[:subport] — Display information about physical ports connected to the interface. • status — Display interface status. • ethernet node/slot/port[:subport] — Display Ethernet interface information. • loopback id — Display loopback IDs (0 to 16383). • mgmt node/slot/port — Display Management interface information. • null — Display null interface information.
Mode of IPv4 Address Assignment: not set MTU 1532 bytes LineSpeed 0 Minimum number of links to bring Port-channel up is 1 Maximum active members that are allowed in the portchannel is 5 Members in this channel: ARP type: ARPA, ARP Timeout: 60 OS10# show interface port-channel summary LAG Mode Status Uptime Ports 22 L2 up 20:38:08 Eth 1/1/10 (Up) Eth 1/1/11 (Down) Eth 1/1/12 (Inact) 23 L2 up 20:34:32 Eth 1/1/20 (Up) Eth 1/1/21 (Up) Eth 1/1/22 (Up) Supported Releases 10.2.
Example (Interface) OS10(conf-range-eth1/1/10-1/1/11,1/1/13,1/1/14)# do show port-channel summary Flags: D - Down U - member up but inactive P - member up and active U - Up (port-channel) Group Port-Channel Type Protocol Member Ports 22 port-channel22 (U) Eth STATIC 1/1/10(P) 1/1/11(P) 1/1/12(P) 1/1/13(P) 1/1/14(P) 1/1/15(P) 1/1/16(P) 1/1/17(P) 1/1/18(P) 1/1/19(P) 23 port-channel23 (D) Eth STATIC OS10(config)# interface range e1/1/12-1/1/13,1/1/15,1/1/17-1/1/18 OS10(conf-range-eth1/1/12-1/1/13,1/1/15,1/1/1
Parameters • node/slot — Enter the switch information. For a standalone switch, enter 1/1. Default profile-1 Command Mode EXEC Usage Information A switch-port profile determines the available front-panel ports and breakout modes on Ethernet and unified ports. To display the current port profile, enter the show switch-port-profile command. To reset the switch to the default port profile, enter the no switch-port-profile node/slot command.
Command Mode INTERFACE Usage Information This command marks a physical interface as unavailable for traffic. Disabling a VLAN or a port-channel causes different behavior. When you disable a VLAN, the L3 functions within that VLAN are disabled, and L2 traffic continues to flow. Use the shutdown command on a port-channel to disable all traffic on the port-channel, and the individual interfaces. Use the no shutdown command to enable a port-channel on the interface.
• 100 — 100M • 1000 — 1000M • auto — Set the port to auto-negotiate speed with a connected device. Defaults Auto Command Mode INTERFACE Usage Information The speed command is supported only on the Management and Fibre Channel interfaces. This command is not supported on Ethernet interfaces. • When you manually configure the management port speed, match the speed of the remote device. Dell EMC highly recommends using auto-negotiation for the management port.
• profile-6 — SFP+ 10G ports (1-24 and 31-54), QSFP+ 40G ports (27-28), QSFP28 ports with 40G capability (26 and 30), and QSFP28 ports with 40G and 100G capability (25 and 29) are enabled. QSFP+ ports support 40GE and 4x10G breakouts. QSFP28 ports 26 and 30 support 40GE and 4x10G breakouts with QSFP+ transceivers. QSFP28 ports 25 and 29 support 100GE and 2x50G breakouts with QSFP28 transceivers, and 40GE and 4x10G breakouts with QSFP+ transceivers.
• System hostname • Unified Forwarding Table (UFT) mode • ECMP maximum paths You must manually reconfigure other settings on a switch after you apply a new port profile and reload the switch. Example OS10(config)# switch-port-profile 1/1 profile-1 Warning: Switch port profile will be applied only after a save and reload. All management port configurations will be retained but all other configurations will be wiped out after the reload.
• The access parameter automatically adds an interface to default VLAN 1 to transmit untagged traffic. Use the switchport access vlan command to change the access VLAN assignment. • The trunk parameter configures an interface to transmit tagged VLAN traffic. You must manually configure VLAN membership for a trunk port with the switchport trunk allowed vlan command. • Use the no switchport command to remove all L2 configuration when you configure an interface in L3 mode.
3 Fibre channel F_Port Fibre channel fabric port (F_Port) is the switch port that connects the Fibre Channel (FC) fabric to a node. S4148U-ON switches support F_Port. Enable Fibre channel F_Port mode globally using the feature fc domain-ID domain-ID command in CONFIGURATION mode.
Configure FIP snooping 1 Enable the FIP snooping feature globally using the feature fip-snooping command in CONFIGURATION mode. 2 Before applying FIP snooping to a VLAN, ensure that the VLAN already contains Ethernet or LAG members that are enabled with FCF port mode. You can enable FCF mode on an Ethernet or port-channel using the fip-snooping port-mode fcf command in INTERFACE mode. 3 Enable FIP snooping on the VLAN using the fip-snooping enable command in VLAN INTERFACE mode.
Number of VN Port Session Timeouts :0 Number of Session failures due to Hardware Config :0 OS10# show fcoe vlan * = Default VLAN VLAN FC-MAP FCFs Enodes ---- ------ ---- -----*1 100 0X0EFC00 1 2 Sessions -------17 OS10# show fcoe system Mode: FIP Snooping Bridge FCOE VLAN List (Operational) FCFs Enodes Sessions : : : : 1, 100 1 2 17 OS10# show fcoe sessions Enode MAC Enode Interface FCF MAC FCF interface ID PORT WWPN PORT WWNN ----------------- ---------------- ----------------- -------------------- --
Zoning allows you to increase network security by partitioning the devices connected to the vfabric into subsets. Partitioning restricts unnecessary interactions between the members of vfabric. See also Fibre Channel zoning. After configuring a vfabric ID, you can create a name, associate a VLAN to carry traffic to the vfabric, configure FCoE parameters, configure the default zone, and activate the zoneset. NOTE: Do not associate a VLAN that is already in use, as a vfabric VLAN.
fibrechannel1/1/2 fibrechannel1/1/3 fibrechannel1/1/4 fibrechannel1/1/5 fibrechannel1/1/6 fibrechannel1/1/7 fibrechannel1/1/8 fibrechannel1/1/9 fibrechannel1/1/10 fibrechannel1/1/11 fibrechannel1/1/12 fibrechannel1/1/15 fibrechannel1/1/17 fibrechannel1/1/18 fibrechannel1/1/19 fibrechannel1/1/20 fibrechannel1/1/21 fibrechannel1/1/22 fibrechannel1/1/23 fibrechannel1/1/24 fibrechannel1/1/25:1 fibrechannel1/1/29:1 fibrechannel1/1/30:1 fibrechannel1/1/30:3 ========================================== Configure vfa
Vlan priority 3 FCF Priority 128 FKA-Adv-Period Enabled,8 Config-State ACTIVE Oper-State DOWN ========================================== Members ========================================== OS10# show running-configuration vfabric ! vfabric 10 name 10 vlan 100 fcoe fcmap 0xEFC01 fcoe fcf-priority 128 fcoe fka-adv-period 8 fcoe vlan-priority 3 Fibre Channel zoning Fibre channel (FC) zoning partitions a FC fabric into subsets to restrict unnecessary interactions, improve security, and manage the fabric more ef
View FC zone configuration OS10(config-fc-zone-hba1)# show configuration ! fc zone hba1 member wwn 21:00:00:24:ff:7b:f5:c8 member wwn 10:00:00:90:fa:b8:22:19 OS10# show fc zone Zone Name Zone Member ================================================= hba1 21:00:00:24:ff:7b:f5:c8 10:00:00:90:fa:b8:22:19 hba2 20:01:00:0e:1e:e8:e4:99 50:00:d3:10:00:ec:f9:1b 50:00:d3:10:00:ec:f9:05 50:00:d3:10:00:ec:f9:1f 20:35:78:2b:cb:6f:65:57 View FC zoneset configuration OS10(conf-fc-zoneset-set)# show configuration ! fc zo
You can apply the configured vfabric to multiple Ethernet interfaces. You can also add the Ethernet interfaces to a port-channel and apply the vfabric to the port-channel.
fcoe deny unicast-solicit Configures to deny the unicast discovery solicit from ENode. Syntax fcoe deny unicast-solicit Parameters None Defaults Not configured Command Mode Vfabric CONFIGURATION Usage Information The no version of this command disables the configuration. Example OS10(config)# fcoe deny unicast-solicit Supported Releases 10.4.0E(R1) or later fc zone Creates an FC zone and adds members to the zone. An FC zone can have a maximum of 527 unique members.
Example OS10(config)# fc zoneset set OS10(conf-fc-zoneset-set)# member hba1 Supported Releases 10.3.1E or later fcoe Adds FCoE parameters to vfabric. Syntax fcoe {fcmap fc-map | fcf-priority fcf-priority-value | fka-adv-period advperiod | vlan-priority vlan-priority-value | keep-alive} Parameters — Enter the FC map ID, ranging from 0xefc00-0xefcff. Defaults • fc-map — Enter the FC map ID, ranging from 0xefc00-0xefcff. • fcf-priority-value — Enter the FCF priority value, ranging from 1 to 255.
Usage Information The no version of this command disables the F_Port. You can disable the F_Port only when vfabric and zoning configurations are not available. Before disabling the F_Port, remove the vfabric and zoning configurations. Example OS10(config)# feature fc domain-id 100 Supported Releases 10.3.1E or later feature fc npg Enables the NPG mode globally.
member (zone) Adds members to existing zones. Identify a member by an FC alias, a World Wide Name (WWN), or an FC ID. Syntax Parameters member {alias-name alias-name | wwn wwn-ID | fc-id fc-id} • alias-name — Enter the FC alias name. • wwn-ID — Enter the WWN name. • fc-id — Enter the FC ID name. Defaults Not configured Command Mode Zone CONFIGURATION Usage Information The no version of this command removes the member from the zone.
Usage Information The no version of this command removes the vfabric name.. Example OS10(config)# vfabric 100 OS10(conf-vfabric-100)# name test_vfab Supported Releases 10.3.1E or later show fc alias Displays the details of a FC alias and its members. Syntax show fc alias [alias-name] Parameters alias-name — (Optional) Enter the FC alias name.
Example (brief) Supported Releases Registered with NameServer Registered for SCN Yes Yes Switch Name Domain Id Switch Port FC-Id Port Name Node Name Class of Service Symbolic Port Name Symbolic Node Name Port Type Registered with NameServer Registered for SCN 10:00:14:18:77:20:8d:cf 100 fibrechannel1/1/29 64:74:00 21:00:00:24:ff:7b:f5:c8 20:00:00:24:ff:7b:f5:c8 8 QLogic Port0 WWPN 21:00:00:24:ff:7b:f5:c8 QLE2742 FW:v8.03.05 DVR:v9.2.3.
Number of FDISC Rejects Number of FLOGO Accepts Number of FLOGO Rejects Supported Releases : 0 : 0 : 0 10.3.1E or later show fc switch Displays the FC switch parameters. Syntax show fc switch Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show fc switch Switch Mode : FPORT Switch WWN : 10:00:14:18:77:20:8d:cf Supported Releases 10.3.1E or later show fc zone Displays the FC zones and the zone members.
21:00:00:24:ff:7f:ce:ee 21:00:00:24:ff:7f:ce:ef Supported Releases 10.3.1E or later show fc zoneset Displays the FC zonesets, the zones in the zoneset, and the zone members. Syntax show fc zoneset [active | zoneset-name] Parameters zoneset-name — Enter the FC zoneset name.
21:00:00:24:ff:7f:ce:ee 21:00:00:24:ff:7f:ce:ef Example (with zoneset name) OS10# show fc zoneset set ZoneSetName ZoneName ZoneMember ================================================================== set hba1 21:00:00:24:ff:7b:f5:c8 10:00:00:90:fa:b8:22:19 21:00:00:24:ff:7f:ce:ee 21:00:00:24:ff:7f:ce:ef hba2 Supported Releases 20:01:00:0e:1e:e8:e4:99 50:00:d3:10:00:ec:f9:1b 50:00:d3:10:00:ec:f9:05 50:00:d3:10:00:ec:f9:1f 20:35:78:2b:cb:6f:65:57 10.3.
show running-config vfabric Displays the running configuration for vfabric. Syntax show running-config vfabric Parameters None Defaults Not configured Command Mode EXEC Usage Information None Example OS10# show running-configuration vfabric ! vfabric 10 vlan 100 fcoe fcmap 0xEFC00 fcoe fcf-priority 140 fcoe fka-adv-period 13 Supported Releases 10.4.0E(R1) or later show vfabric Displays vfabric details.
fibrechannel1/1/6 fibrechannel1/1/7 fibrechannel1/1/8 fibrechannel1/1/9 fibrechannel1/1/10 fibrechannel1/1/11 fibrechannel1/1/12 fibrechannel1/1/15 fibrechannel1/1/17 fibrechannel1/1/18 fibrechannel1/1/19 fibrechannel1/1/20 fibrechannel1/1/21 fibrechannel1/1/22 fibrechannel1/1/23 fibrechannel1/1/24 fibrechannel1/1/25:1 fibrechannel1/1/29:1 fibrechannel1/1/30:1 fibrechannel1/1/30:3 ==================================== Supported Releases 10.3.1E or later vfabric Configures a virtual fabric (vfabric).
Example OS10(config)# interface fibrechannel 1/1/1 OS10(conf-if-fc1/1/1)# vfabric 100 Supported Releases 10.3.1E or later vlan Associate an existing VLAN ID to the vfabric to carry traffic. Create the VLAN ID before associating it to the vfabric. Do not use spanned VLAN as vfabric VLAN. Syntax vlan vlan-ID Parameters vlan-ID — Enter an existing VLAN ID.
Defaults Not configured Command Mode Vfabric CONFIGURATION Usage Information The no version of this command deactivates the zoneset. After you disable an active zoneset, the zone default-zone permit command configuration takes effect. Based on this configuration, the default zone allows or denies access between all the logged-in FC nodes of the vfabric. Example OS10(config)# vfabric 100 OS10(conf-vfabric-100)# zoneset activate set Supported Releases 10.3.
Example OS10# clear fcoe statistics interface ethernet 1/1/1 OS10# clear fcoe statistics interface port-channel 5 Supported Releases 10.4.0E(R1) or later fcoe max-sessions-per-enodemac Configures the maximum number of sessions allowed for an ENode. Syntax fcoe max-sessions-per-enodemac max-session-number Parameters max-session-number — Enter the maximum number of sessions to be allowed, ranging from 1 to 64.
You can enable FIP snooping on a VLAN only after enabling the FIP snooping feature globally using the feature fip-snooping command. OS10 supports FIP snooping on a maximum of 12 VLANs. Example OS10(config)# interface vlan 3 OS10(conf-if-vl-3)# fip-snooping enable Supported Releases 10.4.0E(R1) or later fip-snooping fc-map Configure the FC map value for specific VLAN. Syntax fip-snooping fc-map fc-map Parameters fc-map — Enter the FC map ID, ranging from 0xefc00 to 0xefcff.
show fcoe enode Displays the details of ENodes connected to the switch. Syntax show fcoe enode [enode-mac-address] Parameters enode-mac-address — (Optional) Enter the MAC address of ENode. This option displays details pertaining to the specified ENode.
Example OS10# show fcoe sessions Enode MAC Enode Interface FCF MAC FCF interface VLAN FCoE MAC FC-ID PORT WWPN PORT WWNN ----------------- ---------------- ----------------- ------------- ----------------------- -------- ----------------------- ----------------------aa:bb:cc:00:00:00 ethernet1/1/54 aa:bb:cd:00:00:00 port-channel5 100 0e:fc:00:01:00:01 01:00:01 31:00:0e:fc:00:00:00:00 21:00:0e:fc:00:00:00:00 aa:bb:cc:00:00:00 ethernet1/1/54 aa:bb:cd:00:00:00 port-channel5 100 0e:fc:00:01:00:02 01:00:02 31:0
Default Not configured Command Mode EXEC Usage Information None Example OS10# show fcoe system Mode: FIP Snooping Bridge FCOE VLAN List (Operational) FCFs Enodes Sessions Supported Releases : : : : 1, 100 1 2 17 10.4.0E(R1) or later show fcoe vlan Displays the details of FIP snooping operational VLANs and the attributes.
4 Layer 2 802.1X Verifies device credentials prior to sending or receiving packets using the extensible authentication protocol (see 802.1X Commands). Link Aggregation Control Protocol (LACP) Exchanges information between two systems and automatically establishes a LAG between the systems (see LACP Commands). Link Layer Discovery Enables a LAN device to advertise its configuration and receive configuration information from adjacent LLDPProtocol (LLDP) enabled infrastructure devices (see LLDP Commands).
NOTE: OS10 supports only RADIUS as the back-end authentication server. The authentication process involves three devices: • Supplicant — The device attempting to access the network performs the role of supplicant. Regular traffic from this device does not reach the network until the port associated to the device is authorized. Prior to that, only the supplicant can exchange 802.1x messages (EAPOL frames) with the authenticator.
6 If the identity information the supplicant provides is valid, the authentication server sends an Access Accept frame in which network privileges are specified. The authenticator changes the port state to authorize and forwards an EAP Success frame. If the identity information is invalid, the server sends an Access Reject frame. If the port state remains unauthorized, the authenticator forwards an EAP Failure frame. EAP over RADIUS 802.
Enable 802.1X 1 Enable 802.1X globally in CONFIGURATION mode. dot1x system-auth-control 2 Enter an interface or a range of interfaces in INTERFACE mode. interface range 3 Enable 802.1X on the supplicant interface only in INTERFACE mode. dot1x port-control auto Configure and verify 802.
Identity retransmissions If the authenticator sends a Request Identity frame but the supplicant does not respond, the authenticator waits 30 seconds and then retransmits the frame. There are several reasons why the supplicant might fail to respond — the supplicant may have been booting when the request arrived, there may be a physical layer problem, and so on.
Failure quiet period If the supplicant fails the authentication process, the authenticator sends another Request Identity frame after 30 seconds by default. The quiet period is a transmit interval time after a failed authentication. The Request Identity Re-transmit interval is for an unresponsive supplicant. You can configure the interval for a maximum of 10 times for an unresponsive supplicant.
force-authorized (default) This is an authorized state. A device connected to this port does not use the authentication process but can communicate on the network. Placing the port in this state is same as disabling 802.1X on the port. forceauthorized is the default mode. force-unauthorized This is an unauthorized state. A device connected to a port does not use the authentication process but is not allowed to communicate on the network.
Configure and verify reauthentication time period OS10(config)# interface range ethernet 1/1/7-1/1/8 OS10(conf-range-eth1/1/7-1/1/8)# dot1x re-authentication OS10(conf-range-eth1/1/7-1/1/8)# dot1x timeout re-authperiod 3600 OS10(conf-range-eth1/1/7-1/1/8)# show dot1x interface ethernet 1/1/7 802.
Port Auth Status: Re-Authentication: Tx Period: Quiet Period: Supplicant Timeout: Server Timeout: Re-Auth Interval: Max-EAP-Req: Host Mode: Auth PAE State: Backend State: UNAUTHORIZED Enable 120 seconds 120 seconds 45 seconds 60 seconds 3600 seconds 5 MULTI_HOST Initialize Initialize View interface running configuration OS10(conf-range-eth1/1/7-1/1/8)# do show running-configuration interface ...
Supported Releases 10.2.0E or later dot1x max-req Changes the maximum number of requests that the device sends to a supplicant before restarting 802.1X authentication. Syntax dot1x max-req retry-count Parameters max-req retry-count — Enter the retry count for the request sent to the supplicant before restarting 802.1X reauthentication (1 to 10). Default 2 Command Mode INTERFACE Usage Information The no version of this command resets the value to the default.
Example OS10(conf-range-eth1/1/7-1/1/8)# dot1x re-authentication Supported Releases 10.2.0E or later dot1x timeout quiet-period Sets the number of seconds that the device remains in quiet state following a failed authentication exchange with a supplicant. Syntax dot1x timeout quiet-period seconds Parameters quiet period seconds — Enter the number of seconds for the 802.1X quiet period timeout (1 to 65535).
dot1x timeout supp-timeout Sets the number of seconds that the device waits for the supplicant to respond to an EAP request frame before the device retransmits the frame. Syntax dot1x timeout supp-timeout seconds Parameters supp-timeout seconds — Enter the number of seconds for the 802.1X supplicant timeout (1 to 65535). Default 30 seconds Command Mode INTERFACE Usage Information The no version of this command resets the value to the default.
show dot1x interface Displays 802.1X configuration information. Syntax show dot1x interface ethernet node/slot/port[:subport] Parameters ethernet node/slot/port[:subport] — Enter the Ethernet interface information. Command Mode EXEC Usage Information Use this command to view the dot1x interface configuration for a specific interface. Example OS10# show dot1x interface 802.1x information on ethernet1/1/1 ------------------------------------Dot1x Status: Enable 802.
Link aggregation control protocol Group Ethernet interfaces to form a single link layer interface called a LAG or port-channel. Aggregating multiple links between physical interfaces creates a single logical LAG, which balances traffic across the member links within an aggregated Ethernet bundle and increases the uplink bandwidth. If one member link fails, the LAG continues to carry traffic over the remaining links.
Configure LACP OS10(config)# lacp system-priority 65535 OS10(config)# interface range ethernet 1/1/7-1/1/8 OS10(conf-range-eth1/1/7-1/1/8)# lacp port-priority 4096 OS10(conf-range-eth1/1/7-1/1/8)# lacp rate fast Verify LACP configuration OS10(conf-range-eth1/1/7-1/1/8)# do show running-configuration ... ! interface ethernet1/1/7 lacp port-priority 4096 lacp rate fast no shutdown ! interface ethernet1/1/8 lacp port-priority 4096 lacp rate fast no shutdown ! ...
Configure LACP timeout OS10(conf-if-eth1/1/29)# lacp rate fast View port status OS10# show lacp port-channel Port-channel 20 admin up, oper up, mode lacp Actor System ID: Priority 32768, Address f8:b1:56:00:02:33 Partner System ID: Priority 4096, Address 10:11:22:22:33:33 Actor Admin Key 20, Oper Key 20, Partner Oper Key 10 LACP LAG ID 20 is an aggregatable link A - Active LACP, B - Passive LACP, C - Short Timeout, D - Long Timeout E - Aggregatable Link, F - Individual Link, G - IN_SYNC, H - OUT_OF_SYNC, I
Bravo LAG configuration summary OS10(config)# interface port-channel 1 OS10(conf-if-po-1)# exit OS10(config)# interface ethernet 1/1/49 OS10(conf-if-eth1/1/49)# no switchport OS10(conf-if-eth1/1/49)# channel-group 1 mode active OS10(conf-if-eth1/1/49)# interface ethernet 1/1/50 OS10(conf-if-eth1/1/50)# no switchport OS10(conf-if-eth1/1/50)# channel-group 1 mode active OS10(conf-if-eth1/1/50)# interface ethernet 1/1/51 OS10(conf-if-eth1/1/51)# no switchport OS10(conf-if-eth1/1/51)# channel-group 1 mode activ
0 runts, 0 giants, 0 throttles 0 CRC, 0 overrun, 465 discarded Output statistics: 7840 packets, 938965 octets 0 64-byte pkts,1396 over 64-byte pkts, 6444 over 127-byte pkts 0 over 255-byte pkts, 0 over 511-byte pkts, 0 over 1023-byte pkts 7840 Multicasts, 0 Broadcasts,0 Unicasts 0 throttles, 0 discarded, 0 Collisions, 0 wreddrops Rate Info(interval 299 seconds): Input 0 Mbits/sec, 0 packets/sec, 0% of line rate Output 0 Mbits/sec, 1 packets/sec, 0% of line rate Time since last interface status change : 01:2
Actor Admin: State Key 1 Priority 32768 Oper: State Key 1 Priority 32768 Partner Admin: State Key 0 Priority 0 Oper: State Key 1 Priority 32768 Port ethernet1/1/31 is Enabled, LACP is enabled and mode is lacp Actor Admin: State Key 1 Priority 32768 Oper: State Key 1 Priority 32768 Partner Admin: State Key 0 Priority 0 Oper: State Key 1 Priority 32768 Verify LAG membership OS10# show lacp interface ethernet 1/1/29 Interface ethernet1/1/29 is up Channel group is 1 port channel is po1 PDUS sent: 17 PDUS rcvd:
• active — Enter to enable the LACP interface. The interface is in the Active Negotiating state when the port starts negotiations with other ports by sending LACP packets. • on — Enter so that the interface is not part of a dynamic LAG but acts as a static LAG member. • passive — Enter to only enable LACP if it detects a device. The interface is in the Passive Negotiation state when the port responds to the LACP packets that it receives but does not initiate negotiation until it detects a device.
Default 32 Command Mode INTERFACE Usage Information The no version of this command resets the maximum bundle size to the default value. Example OS10(conf-if-po-10)# lacp max-bundle 10 Supported Releases 10.2.0E or later lacp port-priority Sets the priority for the physical interfaces for LACP. Syntax lacp port-priority priority Parameters priority — Enter the priority for the physical interfaces (0 to 65535).
lacp system-priority Sets the system priority of the device for LACP. Parameters priority — Enter the priority value for physical interfaces (0 to 65535). Default 32768 Command Mode CONFIGURATION Usage Information Each device that runs LACP has an LACP system priority value. LACP uses the system priority with the MAC address to form the system ID and also during negotiation with other systems. The system ID is unique for each device.
show lacp interface Displays information about specific LACP interfaces. Syntax show lacp interface ethernet node/slot/port Parameters node/slot/port — Enter the interface information. Default Not configured Command Mode EXEC Usage Information The LACP_activity field displays if you configure the link in Active or Passive port-channel mode. The Port Identifier field displays the port priority as part of the information including the port number.
Parameters • interface port-channel — (Optional) Enter the interface port-channel. • channel-number — (Optional) Enter the port-channel number for the LACP neighbor (1 to 128). Default Not configured Command Mode EXEC Usage Information All channel groups display if you do not enter the channel-number parameter.
show lacp system-identifier Displays the LACP system identifier for a device. Syntax show lacp system-identifier Parameters None Default Not configured Command Mode EXEC Usage Information The LACP system ID is a combination of the configurable LACP system priority value and the MAC address. Each system that runs LACP has an LACP system priority value. The default value is 32768 or configure a value between 1 and 65535.
LAN devices transmit LLDPDUs, which encapsulate TLVs, to neighboring LAN devices. LLDP is a one-way protocol and LAN devices (LLDP agents) transmit and/or receive advertisements but they cannot solicit and do not respond to advertisements. There are three mandatory TLVs followed by zero or more optional TLVs and the end of the LLDPDU TLV.
Organizationally-specific TLVs There are eight TLV types defined by the 802.1 and 802.3 working groups as a basic part of LLDP. Configure OS10 to advertise any or all of these TLVs. Optional TLVs 4 — Port description User-defined alphanumeric string that describes the port. 5 — System name User-defined alphanumeric string that identifies the system. 6 — System description Detailed description of all components of the system. 7 — System capabilities Determines the capabilities of the system.
Media endpoint discovery LLDP media endpoint discovery (LLDP-MED) provides additional organizationally-specific TLVs to allow endpoint devices and network connectivity devices to advertise their characteristics and configuration information. LLDP-MED endpoint devices are located at the IEEE 802 LAN network edge and participate in IP communication service using the LLDPMED framework, such as IP phones and conference bridges.
LLDP-MED capabilities Bit 0 LLDP-MED capabilities Bit 1 Network policy Bit 2 Location ID Bit 3 Extended power via MDI-PSE Bit 4 Extended power via MDI-PD Bit 5 Inventory Bits 6-15 Reserved LLDP-MED device types 0 Type not defined 1 Endpoint class 1 2 Endpoint class 2 3 Endpoint class 3 4 Network connectivity 5-255 Reserved Network policies TLVs A network policy in the context of LLDP-MED is a device’s VLAN configuration and associated Layer 2 and Layer 3 configurations.
0 — Reserved — 1 — Voice Used for dedicated IP telephony handsets and other appliances supporting interactive voice services. 2 — Voice signaling Used only if voice control packets use a separate network policy than voice data. 3 — Guest voice Used only for a separate limited voice service for guest users with their own IP telephony handsets and other appliances supporting interactive voice services.
2 Enter the multiplier value for the hold time in CONFIGURATION mode. lldp holdtime-multiplier 3 Enter the delay (in seconds) for LLDP initialization on any interface in CONFIGURATION mode.
Enable LLDP OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# lldp transmit OS10(conf-if-eth1/1/1)# lldp receive Disable LLDP globally OS10(config)# no lldp enable Disable and re-enable LLDP on management ports By default, LLDP is enabled on management ports. You can disable or enable the following LLDP configurations on management ports. 1 Disable the LLDPDU transmit or receive. no lldp transmit no lldp receive 2 Disable LLDP TLVs.
Configure advertise TLVs OS10(conf-if-eth1/1/3)# lldp tlv-select basic-tlv system-name OS10(conf-if-eth1/1/1)# lldp tlv-select dot3tlv macphy-config max-framesize OS10(conf-if-eth1/1/3)# lldp tlv-select dot1tlv link-aggregation Network policy advertisement LLDP-MED is enabled on all interfaces by default. Configure OS10 to advertise LLDP-MED TLVs out of configured interfaces. Define LLDPMED network policies before applying the policies to an interface. Attach only one network policy per interface.
• Enable fast start repeat count which is the number of packets sent during activation in CONFIGURATION mode (1 to 10, default 3). lldp-med fast-start-repeat-count number Configure fast start repeat count OS10(config)# lldp med fast-start-repeat-count 5 View LLDP configuration • View the LLDP configuration in EXEC mode. show running-configuration • View LLDP error messages in EXEC mode. show lldp errors • View LLDP timers in EXEC mode. show lldp timers • View the LLDP traffic in EXEC mode.
Total Total Total Total Total Total Med Med Med Med Med Med Frames In : Frames Discarded : TLVS Discarded : Capability TLVS Discarded: Policy TLVS Discarded : Inventory TLVS Discarded : 0 0 0 0 0 0 Adjacent agent advertisements • • • View brief information about adjacent devices in EXEC mode. show lldp neighbors View all information that neighbors are advertising in EXEC mode. show lldp neighbors detail View all interface-specific information that neighbors are advertising in EXEC mode.
Extended Power via MDI - PD, Inventory Management Device Class: Endpoint Class 3 Network Policy: Application: voice, Tag: Tagged, Vlan: 50, L2 Priority: 6, DSCP Value: 46 Inventory Management: H/W Revision : 12.1.1 F/W Revision : 10.1.9750B S/W Revision : 10.1.9750B Serial Number : B11G152 Manufacturer : Dell Model : S6000 Asset ID : E1001 Power-via-MDI: Power Type: PD Device Power Source: Local and PSE Power Priority: Low Power required: 6.
clear lldp counters Clears LLDP and LLDP-MED transmit, receive, and discard statistics from all the physical interfaces. Syntax clear lldp counters Parameters None Default Not configured Command Mode EXEC Usage Information The counter default value resets to zero for all physical interfaces. Example OS10# clear lldp counters Supported Releases 10.2.0E or later clear lldp table Clears LLDP neighbor information for all interfaces.
lldp holdtime-multiplier Configures the multiplier value for the hold time (in seconds). Syntax lldp holdtime-multiplier integer Parameters integer — Enter the holdtime-multiplier value in seconds (2 to 10). Default 4 seconds Command Mode CONFIGURATION Usage Information Hold time is the amount of time (in seconds) that a receiving system waits to hold the information before discarding it. Formula: Hold Time = (Updated Frequency Interval) X (Hold Time Multiplier).
Supported Releases 10.2.0E or later lldp med network-policy Manually defines an LLDP-MED network policy. Syntax lldp-med network-policy number app {voice | voice-signaling | guest-voice | guestvoice-signaling | softphone-voice | streaming-video | video-conferencing | video-signaling} {vlan vlan-id vlan-type {tag | untag} priority priority dscp dscp value} Parameters • number — Enter a network policy index number (1 to 32).
Command Mode INTERFACE Usage Information Attach only one network policy for per interface. Example OS10(conf-if-eth1/1/5)# lldp med network-policy add 1 Supported Release 10.2.0E or later lldp med tlv-select Configures the LLDP-MED TLV type to transmit or receive. Syntax Parameters lldp med tlv-select {network—policy | inventory} • network-policy — Enable or disable the port description TLV. • inventory — Enable or disable the system TLV.
Usage Information The no version of this command resets the value to the default. Example OS10(config)# lldp reinit 5 Supported Releases 10.2.0E or later lldp timer Configures the rate (in seconds) at which LLDP packets send to the peers. Syntax lldp timer seconds Parameters seconds — Enter the LLDP timer rate in seconds (5 to 254). Default 30 seconds Command Mode CONFIGURATION Usage Information The no version of this command sets the LLDP timer back to its default value.
• link-aggregation — Enable the link aggregation TLV. Default Enabled Command Mode INTERFACE Usage Information The lldp tlv-select dot1tlv link-aggregation command advertises link aggregation as a dot1 TLV in the LLDPDUs. The no version of this command disables TLV transmissions. Example (Port) OS10(conf-if-eth1/1/3)# lldp tlv-select dot1tlv port-vlan-id Example (Link Aggregation) OS10(conf-if-eth1/1/3)# lldp tlv-select dot1tlv link-aggregation Supported Releases 10.2.
show lldp interface Displays the LLDP information advertised from a specific interface. Syntax show lldp interface ethernet node/slot/port[:subport] [med | local—device] Parameters • ethernet node/slot/port[:subport] — Enter the Ethernet interface information. • med — Enter the interface to view the MED information. • local-device — Enter the interface to view the local-device information.
Example OS10# Total Total Total Supported Release 10.2.0E or later show lldp errors Memory Allocation Failures: 0 Input Queue Overflows: 0 Table Overflows: 0 show lldp med Displays the LLDP MED information for all the interfaces. Syntax show lldp med Parameters None Default Not configured Command Mode EXEC Usage Information Use the show lldp interface command to view MED information for a specific interface.
show lldp neighbors Displays the status of the LLDP neighbor system information. Syntax show lldp neighbors [detail | interface ethernet node/slot/port[:subport]] Parameters • detail — View LLDP neighbor detailed information. • interface ethernet node/slot/port[:subport] — Enter the Ethernet interface information. Command Mode EXEC Usage Information This command status information includes local port ID, remote host name, remote port ID, and remote node ID.
Inventory Management: H/W Revision : 12.1.1 F/W Revision : 10.1.9750B S/W Revision : 10.1.9750B Serial Number : B11G152 Manufacturer : Dell Model : S6000 Asset ID : E1001 Power-via-MDI: Power Type: PD Device Power Source: Local and PSE Power Priority: Low Power required: 6.
Usage Information None Example OS10# show lldp tlv-select interface ethernet 1/1/4 port-description system-name system-description system-cababilities management-address port-vlan mac-phy-config link-aggregation max-frame-size Supported Releases 10.2.0E or later show lldp traffic Displays LLDP traffic information including counters, packets transmitted and received, discarded packets, and unrecognized TLVs.
show nework-policy profile Displays the network policy profiles. Syntax show network-policy profile [profile number] Parameters profile number — (Optional) Enter the network policy profile number (1 to 32). Default Not configured Command Mode EXEC Usage Information If you do not enter the network profile ID, all configured network policy profiles display.
Set Static MAC Address OS10(config)# mac address-table static 34:17:eb:f2:ab:c6 vlan 10 interface ethernet 1/1/5 MAC Address Table OS10 maintains a list of MAC address table entries. • View the contents of the MAC address table in EXEC mode.
Clear MAC Address Table OS10# clear mac address-table dynamic vlan 20 interface ethernet 1/2/20 MAC Commands clear mac address-table dynamic Clears L2 dynamic address entries from the MAC address table. Syntax Parameters clear mac address-table dynamic {all | address mac_addr | vlan vlan-id | interface {ethernet node/slot/port[:subport] | port-channel number}} • all — (Optional) Delete all MAC address table entries.
mac address-table static Configures a static entry for the L2 MAC address table. Syntax mac address-table static mac-address vlan vlan-id interface {ethernet node/ slot/port[:subport] | port-channel number} Parameters • mac-address — Enter the MAC address to add to the table in nn:nn:nn:nn:nn:nn format. • vlan vlan-id — Enter the VLAN to apply the static MAC address to (1 to 4094). • interface — Enter the interface type: • ethernet node/slot/port[:subport] — Enter the Ethernet information.
Usage Information The network device maintains static MAC address entries saved in the startup configuration file, and reboots and flushes dynamic entries.
2 (Optional) Map the VLANs to different instances to achieve load balancing. 3 Ensure the same region name is configured in all the bridges running MST. 4 (Optional) Configure the revision number. Configure MST protocol When you enable MST globally, all L2 physical, port-channel, and VLAN interfaces are automatically assigned to MST instance (MSTI) zero (0). Within an MSTI, only one path from any one bridge to another is enabled for forwarding. • Enable MST in CONFIGURATION mode.
View VLAN instance mapping OS10# show spanning-tree mst configuration Region Name: force10 Revision: 100 MSTI VID 0 1,31-4093 1 2-10 2 11-20 3 21-30 View port forwarding/discarding state OS10# show spanning-tree msti 0 brief Spanning tree enabled protocol msti with force-version mst MSTI 0 VLANs mapped 1,31-4093 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 3417.4455.
ethernet1/1/9 ethernet1/1/10 Disb Disb 128.292 128.296 128 128 200000000 BLK 200000000 BLK 0 AUTO No Root selection MSTP determines the root bridge according to the lowest bridge ID. Assign a lower bridge priority to increase its likelihood of becoming the root bridge. • Assign a bridge priority number to a specific instance in CONFIGURATION mode (0 to 61440 in increments of 4096, default 32768). Use a lower priority number to increase the likelihood of the bridge to become a root bridge.
• Change the region revision number in MULTIPLE-SPANNING-TREE mode (0 to 65535, default 0). revision number Configure and verify region name OS10(conf-mstp)# name my-mstp-region OS10(conf-mstp)# do show spanning-tree mst config MST region name: my-mstp-region Revision: 0 MSTI VID 1 100 2 200-300 Modify parameters The root bridge sets the values for forward-delay, hello-time, max-age, and max-hops and overwrites the values set on other MST bridges.
ethernet1/1/6 128.280 128 500 BLK 0 32768 3417.4455.667f Interface Name Role PortID Prio Cost Sts Cost Link-type Edge -----------------------------------------------------------------ethernet1/1/5 Root 128.276 128 500 FWD 0 AUTO No ethernet1/1/6 Altr 128.280 128 500 BLK 0 AUTO No 128.150 Interface parameters Adjust two interface parameters to increase or decrease the likelihood that a port becomes a forwarding port. Port cost Value that is based on the interface type.
Configure EdgePort OS10(conf-if-eth1/1/4)# spanning-tree port type edge View interface status OS10# show spanning-tree interface ethernet 1/1/4 ethernet1/1/4 of MSTI 0 is designated Forwarding Edge port:yes port guard :none (default) Link type is point-to-point (auto) Boundary: YES bpdu filter :disable bpdu guard :disable bpduguard shutdown-onviolation :disable RootGuard: disable LoopGuard disable Bpdus (MRecords) sent 610, received 5 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ----
To clear Error Disabled state: 2 • Use the shutdown command on the interface. • Use the spanning-tree bpdufilter disable command to disable the BPDU guard on the interface. • Use the spanning-tree disable command to disable STP on the interface. Enable STP BPDU guard in INTERFACE mode. spanning-tree bpduguard enable • To shut down the port channel interface, all member ports are disabled in the hardware.
Boundary: NO bpdu filter : bpdu guard : bpduguard shutdown-onviolation :disable RootGuard: disable LoopGuard enable Bpdus (MRecords) sent 7, received 20 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ------------------------------------------------------------------------ethernet1/1/4 128.272 128 500 FWD 0 32769 90b1.1cf4.9d3b 128.
debug spanning-tree Enables STP debug and displays protocol information. Syntax debug spanning-tree {all | bpdu [tx | rx] | events} Parameters • all — Debugs all spanning tree operations. • bpdu — Enter transmit (tx) or receive (rx) to enable the debug direction. • events — Debugs PVST events. Default Not configured Command Mode EXEC Usage Information None Example OS10# debug spanning-tree bpdu rx Supported Releases 10.2.
Usage Information By default, MST protocol assigns system MAC as the region name. Two MST devices within the same region must share the same region name, including matching case. Example OS10(conf-mst)# name my-mst-region Supported Releases 10.2.0E or later revision Configures a revision number for the MSTP configuration. Syntax revision number Parameters number — Enter a revision number for the MSTP configuration (0 to 65535).
Default Disabled Command Mode INTERFACE Usage Information BPDU guard prevents a port from receiving BPDUs. If the port receives a BPDU, it is placed in the Error-Disabled state as a protective measure. Example OS10(conf-if-eth1/1/4)# spanning-tree bpduguard enable Supported Releases 10.2.0E or later spanning-tree guard Enables or disables loop guard or root guard on an interface. Syntax spanning-tree guard {loop | root | none} Parameters • loop — Enables loop guard on an interface.
spanning-tree mst Configures an MST instance and determines root and bridge priorities. Syntax Parameters spanning-tree mst instance number priority | root {primary | secondary} • instance number — Enter an MST instance number (0 to 63). • priority priority value — Set a bridge priority value in increments of 4096 (0 to 61440). Valid priority values are: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440. All other values are rejected.
Usage Information The cost is a value based on the interface type. The greater the cost value, the less likely the port is selected to be a forwarding port. The priority influences the likelihood that a port is selected to be a forwarding port if several ports have the same cost. Example OS10(conf-if-eth1/1/1)# spanning-tree msti 1 priority 0 OS10(conf-if-eth1/1/1)# spanning-tree msti 1 cost 3 Supported Releases 10.2.
Command Mode CONFIGURATION Usage Information Forces a bridge that supports MST to operate in a STP-compatible mode. Example OS10(config)# spanning-tree mst force-version Supported Releases 10.2.0E or later spanning-tree mst forward-time Configures a time interval for the interface to wait in the Blocking state or the Learning state before moving to the Forwarding state.
Command Mode CONFIGURATION Usage Information The no version of this command removes the threshold value. Example OS10(config)# spanning-tree mst 10 mac-flush-threshold 255 Supported Releases 10.4.0E(R1) or later spanning-tree mst max-age Configures the time period the bridge maintains configuration information before refreshing the information by recomputing the MST topology. Syntax max-age seconds Parameters seconds — Enter a maximum age value in seconds (6 to 40).
Command Mode INTERFACE Usage Information When you configure an EdgePort on a device running STP, the port immediately transitions to Forwarding state. Only configured ports connected to end hosts act as EdgePorts. Example OS10(config)# spanning-tree port type edge Supported Releases 10.2.0E or later show spanning-tree mst Displays MST configuration information.
MSTI 0 VLANs mapped 1-99,101-199,301-4093 Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 90b1.1cf4.9b8a Root Bridge hello time 2, max age 20, forward delay 15, max hops 20 Bridge ID Priority 32768, Address 90b1.1cf4.9b8a We are the root of MSTI 0 Configured hello time 2, max age 20, forward delay 15, max hops 20 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ---------------------------------------------------------------ethernet1/1/1 132.
Configuring Rapid-PVST+ is a four-step process: 1 Ensure the interfaces are in L2 mode. 2 Place the interfaces in VLANs. By default, switchport interfaces are members of the default (VLAN1). 3 Enable Rapid-PVST+ (only required if another variation of STP is present). 4 (Optional) Select a non-default bridge-priority for the VLAN for load balancing. By default, each VLAN instance is assigned default bridge priority 32768. For example, all three instances have the same forwarding topology.
To achieve RPVST+ load balancing, assign a different priority on each bridge. Enable RPVST+ By default, RPVST+ is enabled and creates an instance only after you add the first member port to a VLAN. Port-channel or physical interfaces must be a member of a VLAN to participate in RPVST+. Add all physical and port-channel interfaces to the default VLAN (VLAN1). • Enable the Rapid-PVST+ mode in CONFIGURATION mode.
Bridge ID Priority 4097, Address 90b1.1cf4.a523 We are the root of VLAN 1 Configured hello time 2, max age 20, forward delay 15 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID --------------------------------------------------------------------ethernet1/1/5 128.276 128 500 FWD 0 4097 90b1.1cf4.a523 128.276 ethernet1/1/6 128.280 128 500 FWD 0 4097 90b1.1cf4.a523 128.
ethernet1/1/7 ethernet1/1/8 ethernet1/1/9 ethernet1/1/10 ethernet1/1/11 Disb Disb Disb Disb Disb 128.284 128.288 128.292 128.296 128.300 128 128 128 128 128 200000000 200000000 200000000 200000000 200000000 FWD FWD FWD FWD FWD 0 0 0 0 0 AUTO AUTO AUTO AUTO AUTO No No No No No Root assignment RPVST+ assigns the root bridge according to the lowest bridge ID. Assign one bridge as root bridge and the other as a secondary root bridge.
Port enabled with loop guard conditions • Loop guard is supported on any STP-enabled port or port-channel interface in RPVST+ mode. • You cannot enable root guard and loop guard at the same time on an STP port — the loop guard configuration overwrites an existing root guard configuration and vice versa. • Enabling BPDU guard and loop guard at the same time on a port results in a port that remains in a Blocking state and prevents traffic from flowing through it.
Parameters • interface — Enter the interface type: • ethernet node/slot/port[:subport] — Deletes the spanning-tree counters from a physical port. • port-channel number — Deletes the spanning-tree counters for a port-channel interface (1 to 128). Default Not configured Command Mode EXEC Usage Information Clear all STP counters on the device per Ethernet interface or port-channel. Example OS10# clear spanning-tree counters interface port-channel 10 Supported Releases 10.2.
Example OS10# debug spanning-tree bpdu rx Supported Releases 10.2.0E or later show spanning-tree vlan Displays RPVST+ status and configuration information by VLAN ID.
Example OS10(conf-if-eth1/1/4)# spanning-tree bpdufilter enable Supported Releases 10.2.0E or later spanning-tree bpduguard Enables or disables BPDU guard on an interface. Syntax spanning-tree bpduguard {enable | disable} Parameters • enable — Enables the BPDU guard filter on an interface. • disable — Disables the BPDU guard filter on an interface. Default Disabled Command Mode INTERFACE Usage Information BPDU guard prevents a port from receiving BPDUs.
• mst — Sets the STP mode to MST. • rapid-pvst — Sets the STP mode to RPVST+. Default RPVST+ Command Mode CONFIGURATION Usage Information All STP instances are stopped in the previous STP mode, and are restarted in the new mode. You can also change to RSTP/MST mode. Example (RSTP) OS10(config)# spanning-tree mode rstp Example (MST) OS10(config)# spanning-tree mode mst Supported Releases 10.2.0E or later spanning-tree port Sets the port type as the EdgePort.
Usage Information The media speed of a LAN interface determines the STP port path cost default value. Example OS10(conf-if-eth1/1/4)# spanning-tree vlan 10 cost 1000 Supported Releases 10.2.0E or later spanning-tree vlan disable Disables spanning tree on specified VLAN. Syntax spanning-tree vlan vlan-id disable Parameters vlan-id — Enter the VLAN ID number, ranging from 1 to 4094.
Usage Information Forces a bridge that supports RPVST+ to operate in a STP-compatible mode. Example OS10(config)# spanning-tree mst force-version Supported Releases 10.2.0E or later spanning-tree vlan hello-time Sets the time interval between generation and transmission of RPVST BPDUs. Syntax Parameters spanning-tree vlan vlan-id hello-time seconds • vlan-id — Enter the VLAN ID number (1 to 4094). • seconds — Enter a hello-time interval value in seconds (1 to 10).
Command Mode CONFIGURATION Usage Information None Example OS10(config)# spanning-tree vlan 10 max-age 10 Supported Releases 10.2.0E or later spanning-tree vlan priority Sets the priority value for RPVST+. Syntax spanning-tree vlan vlan-id priority priority value Parameters priority priority value — Enter a bridge-priority value in increments of 4096 (0 to 61440).
• primary — Designate the bridge as primary or root bridge. • secondary — Designate the bridge as secondary or secondary root bridge. Default Not configured Command Mode CONFIGURATION Usage Information None Example OS10(config)# spanning-tree vlan 1 root primary Supported Releases 10.2.0E or later Rapid spanning-tree protocol RSTP is similar to STP but provides faster convergence and interoperability with devices configured with STP and MSTP. RSTP is disabled by default.
View all port participating in RSTP OS10# show spanning-tree Spanning tree enabled protocol rstp with force-version rstp Executing IEEE compatible Spanning Tree Protocol Root ID Priority 32768, Address 3417.4455.667f Root Bridge hello time 2, max age 20, forward delay 15 Bridge ID Priority 32768, Address 90b1.1cf4.
ethernet1/1/28 128.368 128 200000000 BLK 0 0 0000.0000.0000 ethernet1/1/29 128.372 128 200000000 BLK 0 0 0000.0000.0000 ethernet1/1/30 128.376 128 200000000 BLK 0 0 0000.0000.0000 ethernet1/1/31 128.380 128 200000000 BLK 0 0 0000.0000.0000 ethernet1/1/32 128.384 128 200000000 BLK 0 0 0000.0000.0000 Interface Name Role PortID Prio Cost Sts Cost Link-type Edge ------------------------------------------------------------------------ethernet1/1/1 Disb 128.260 128 200000000 BLK 0 AUTO No ethernet1/1/2 Disb 128.
Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID ------------------------------------------------------------------ethernet3/1/1 244.128 128 500 BLK 0 32768 90b1.1cf4.9b8a 128.244 ethernet3/1/2 248.128 128 500 BLK 0 32768 90b1.1cf4.9b8a 128.248 ethernet3/1/3 252.128 128 500 FWD 0 32768 90b1.1cf4.9b8a 128.252 ethernet3/1/4 256.128 128 500 BLK 0 32768 90b1.1cf4.9b8a 128.
Root bridge selection RSTP determines the root bridge. Assign one bridge a lower priority to increase the likelihood that it is selected as the root bridge. • Assign a number as the bridge priority or designate it as the primary or secondary root in CONFIGURATION mode. Configure the priority value range (0 to 65535 in multiples of 4096, default 32768). The lower the number assigned, the more likely this bridge becomes the root bridge.
Spanning-tree extensions STP extensions ensure efficient network convergence by securely enforcing the active network topology. OS10 supports BPDU filtering, BPDU guard, loop guard, and root guard STP extensions. BPDU filtering Protects the network from unexpected flooding of BPDUs from an erroneous device. Enabling BPDU Filtering instructs the hardware to drop BPDUs and prevents flooding from reaching the CPU. BPDU filtering is enabled by default on Edge ports.
violation :disable RootGuard: enable LoopGuard disable Bpdus (MRecords) sent 134, received 138 Interface Designated Name PortID Prio Cost Sts Cost Bridge ID PortID -------------------------------------------------------------------------ethernet1/1/4 128.272 128 500 BLK 500 32769 90b1.1cf4.a911 128.
clear spanning-tree counters Clears the counters for STP. Syntax clear spanning-tree counters [interface {ethernet node/slot/port[:subport] | port—channel number}}] Parameters • interface — Enter the interface type: • ethernet node/slot/port[:subport] — Deletes the spanning-tree counters from a physical port. • port-channel number — Deletes the spanning-tree counters for a port-channel interface (1 to 128).
Supported Releases 10.2.0E or later show spanning-tree interface Displays spanning-tree interface information for Ethernet and port-channels. Syntax Parameters show spanning-tree interface {ethernet node/slot/port [:subport] | port-channel port-id} [detail] • ethernet node/slot/port[:subport] — Displays spanning-tree information for a physical interface. • port-channel port-id — Displays spanning-tree information for a port-channel number (1 to 128).
spanning-tree bpduguard Enables or disables BPDU guard on an interface. Syntax spanning-tree bpduguard {enable | disable} Parameters • enable — Enables the BPDU guard filter on an interface. • disable — Disables the BPDU guard filter on an interface. Default Disabled Command Mode INTERFACE Usage Information BPDU guard prevents a port from receiving BPDUs. If the port receives a BPDU, it is placed in the Error-Disabled state as a protective measure.
Command Mode CONFIGURATION Usage Information All STP instances are stopped in the previous STP mode, and are restarted in the new mode. You can also change to RSTP/MST mode. Example (RSTP) OS10(config)# spanning-tree mode rstp Example (MST) OS10(config)# spanning-tree mode mst Supported Releases 10.2.0E or later spanning-tree port Sets the port type as the EdgePort.
Default 15 seconds Command Mode CONFIGURATION Usage Information None Example OS10(config)# spanning-tree rstp forward-time 16 Supported Releases 10.2.0E or later spanning-tree rstp hello-time Sets the time interval between generation and transmission of RSTP BPDUs. Syntax spanning-tree rstp hello-time seconds Parameters seconds — Enter a hello-time interval value in seconds (1 to 10).
Command Mode CONFIGURATION Usage Information None Example OS10(config)# spanning-tree rstp max-age 10 Supported Releases 10.2.0E or later spanning-tree rstp Sets the priority value for RSTP. Syntax spanning-tree rspt priority priority value Parameters priority priority value — Enter a bridge-priority value in increments of 4096 (0 to 61440). Valid priority values are: 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440.
When you assign a port to a non-default VLAN in Trunk mode, the interface remains an untagged member of the default VLAN and a tagged member of the new VLAN. When you assign a port to a non-default VLAN in Access mode, it removes from the default VLAN and is assigned to the new VLAN as an untagged member of the new VLAN. • VLAN 1 is the default VLAN. • You cannot change or delete the default VLAN. • You cannot assign an IP address to the default VLAN.
1 Create a VLAN and enter the VLAN number in INTERFACE mode (1 to 4094). interface vlan vlan-id 2 Delete a VLAN in CONFIGURATION mode.
2 Set the interface to Switchport mode as access in INTERFACE mode. switchport mode access 3 Enter the VLAN number for the untagged port in INTERFACE mode. switchport access vlan vlan-id Configure port in access mode OS10(config)# interface ethernet 1/1/9 OS10(config-if-eth1/1/9)# switchport mode access OS10(config-if-eth1/1/9)# switchport access vlan 604 Show running configuration OS10# show running-configuration ... ! interface ethernet1/1/5 ...
Assign IP address You can assign an IP address to each VLAN to make it a L3 VLAN — the ports in that VLAN belong to that particular IP subnet. The traffic between the ports in different VLANs route using the IP address. Configure the L3 VLAN interface to remain administratively UP or DOWN using the shutdown and no shutdown commands. This provisioning only affects the L3 traffic across the members of a VLAN and does not affect the L2 traffic. You cannot assign an IP address to the default VLAN (VLAN 1).
View VLAN configuration You can view configuration information related to VLANs using show commands. • • • View the VLAN status and configuration information in EXEC mode. show vlan View the VLAN interface configuration in EXEC mode. show interfaces vlan View the VLAN interface configuration for a specific VLAN ID in EXEC mode.
Last clearing of "show interface" counters Queueing strategy: fifo Time since last interface status change: View interface configuration for specific VLAN OS10# show interface vlan 320 Vlan 320 is up, line protocol is up Address is , Current address is Interface index is 69209184 Internet address is not set MTU 1532 bytes LineSpeed auto Flowcontrol rx off tx off ARP type: ARPA, ARP Timeout: 240 Last clearing of "show interface" counters Queueing strategy: fifo Time since last interface status change: VLAN
show vlan Displays VLAN configurations. Syntax show vlan vlan-id Parameters vlan-id — (Optional) Enter a VLAN ID number (1 to 4094). Default Not configured Command Mode EXEC Usage Information Use this command to view VLAN configuration information for a specific VLAN ID.
Configure local monitoring session 1 Verify that the intended monitoring port has no configuration other than no shutdown and no switchport. show running-configuration 2 Create a monitoring session in CONFIGURATION mode. monitor session session-id [local] 3 Enter the source and direction of monitored traffic in MONITOR-SESSION mode. source interface interface-type {both | rx | tx} 4 Enter the destination of traffic in MONITOR-SESSION mode.
Session and VLAN requirements Remote port mirroring requires a source session (monitored ports on different source devices), a reserved tagged VLAN for transporting mirrored traffic (configured on source, intermediate, and destination devices), and a destination session (destination ports connected to analyzers on destination devices).
Restrictions • When you use a source VLAN, enable flow-based monitoring (flow-based enable). • In a source VLAN, only received (rx) traffic is monitored. • You cannot configure a source port-channel or source VLAN in a source session if the port-channel or VLAN has a member port configured as a destination port in a remote port mirroring session. • You cannot use a destination port for remote port mirroring as a source port, including the session the port functions as the destination port.
• OS10 does not support ERPM destination session and decapsulation of ERPM packets at the destination switch. • You can configure a maximum of 4 ERPM sessions with a maximum of 128 source ports in each session. You can configure the 4 ERPM sessions in one of the following methods: • Single directional with either 4 ingress or 4 egress sessions. • Bidirectional with 2 ingress and 2 egress sessions. 1). • You can monitor a source VLAN only through flow-based monitoring.
1 Enable flow-based monitoring for a monitoring session in MONITOR-SESSION mode. flow-based enable 2 Return to CONFIGURATION mode. exit 3 Create an access list in CONFIGURATION mode. ip access-list access-list-name 4 Define access-list rules using seq, permit, and deny statements in CONFIG-ACL mode. The ACL rules describe the traffic you want to monitor. Flow monitoring is supported for IPv4 ACLs, IPv6 ACLs, and MAC ACLs.
description (Port Monitoring) Configures a description for the port monitoring session. The monitoring session can be one of the following: local, RPM, or ERPM. Syntax description string Parameters string — Enter a description of the monitoring session (up to 255 characters). Default Not configured Command Mode MONITOR-SESSION Usage Information The no version of this command removes the description text.
Usage Information The no version of this command disables the flow-based monitoring. Example OS10(conf-mon-local-1)# flow-based enable OS10(conf-mon-rspan-source-2)# flow-based enable OS10(conf-mon-erpm-source-3)# flow-based enable Supported Releases 10.2.0E or later ip Configures the IP time to live (TTL) value and the differentiated services code point (DSCP) value for the ERPM traffic.
Example (ERPM) OS10(config)# monitor session 10 type erpm-source OS10(conf-mon-erpm-source-10)# Supported Releases 10.2.0E or later show monitor session Displays information about a monitoring session. Syntax show monitor session {session-id | all} Parameters • session-id — Enter the session ID number (1 to 18). • all — View all monitoring sessions. Default All Command Mode EXEC Usage Information In the State field, true indicates that the port is enabled.
Example OS10(config)# monitor session 1 OS10(conf-mon-local-1)# no shut OS10(config)# monitor session 5 type rspan-source OS10(conf-mon-rspan-source-5)# no shut OS10(config)# monitor session 10 type erpm-source OS10(conf-mon-erpm-source-10)# no shut Supported Releases 10.2.0E or later source (Port Monitoring) Configures a source for port monitoring. The monitoring session can be one of the following: local, RPM, or ERPM.
Default Not configured Command Mode MONITOR-SESSION Usage Information None Example OS10(config)# monitor session 10 OS10(conf-mon-erpm-source-10)# source-ip 10.16.132.181 destination-ip 172.16.10.11 gre-protocol 35006 Supported Releases 10.4.
5 Layer 3 Border Gateway Protocol (BGP) Provides an external gateway protocol that transmits inter-domain routing information within and between autonomous systems (see BGP Commands). Equal Cost MultiPath (ECMP) Provides next-hop packet forwarding to a single destination over multiple best paths (see ECMP Commands). IPv4 Routing Provides forwarding of packets to a destination IP address, based on a routing table.
path to reach a router external to the AS. EBGP routers exchange information with other EBGP routers and IBGP routers to maintain connectivity and accessibility. Classless interdomain routing BGPv4 supports classless interdomain routing (CIDR) with aggregate routes and AS paths. CIDR defines a network using a prefix consisting of an IP address and mask, resulting in efficient use of the IPv4 address space. Using aggregate routes reduces the size of routing tables.
Established Keepalive messages exchange, and after a successful receipt, the router is in the Established state. Keepalive messages continue to send at regular periods. The keepalive timer establishes the state to verify connections. After the connection is established, the router sends and receives keepalive, update, and notification messages to and from its peer. Peer templates Peer templates allow BGP neighbors to inherit the same outbound policies.
Multiprotocol BGP Multiprotocol BGP (MBGP) is an extension to BGP that supports multiple address families—IPv4 and IPv6. MBGP carries multiple sets of unicast and multicast routes depending on the address family. You can enable the MBGP feature on a per router, per template, and/or a per peer basis. The default is the IPv4 unicast routes.
• A path with no AS_PATH configured has a path length of 0 • AS_CONFED_SET is not included in the AS_PATH length • AS_CONFED_SEQUENCE has a path length of 1 no matter how many ASs are in the AS_CONFED_SEQUENCE 4 Prefer the path with the lowest ORIGIN type—IGP is lower than EGP and EGP is lower than INCOMPLETE. 5 Prefer the path with the lowest multiexit discriminator (MED) attribute: • This comparison is only done if the first neighboring AS is the same in the two paths.
Multiexit discriminators If two autonomous systems connect in more than one place, use a multiexit discriminator (MED) to assign a preference to a preferred path. MED is one of the criteria used to determine best path—other criteria may also impact selection. One AS assigns the MED a value. Other AS uses that value to decide the preferred path. Assume that the MED is the only attribute applied and there are two connections between AS 100 and AS 200. Each connection is a BGP session.
The question mark (?) indicates an origin code of INCOMPLETE, and the lower case letter (i) indicates an origin code of IGP. Origin configuration OS10# show ip bgp BGP local RIB : Routes to be Added , Replaced , Withdrawn BGP local router ID is 30.1.1.
If you configure the bgp bestpath as-path ignore command and the bestpath as-path multipath-relax command at the same time, an error message displays—only enable one command at a time. More path support More path (Add-Path) reduces convergence times by advertising multiple paths to its peers for the same address prefix without replacing existing paths with new ones. By default, a BGP speaker advertises only the best path to its peers for a given address prefix.
4-Byte AS numbers OS10 supports 4-byte AS number configurations by default. The 4-byte support is advertised as a new BGP capability - 4-BYTE-AS, in the OPEN message. A BGP speaker that advertises 4-Byte-AS capability to a peer, and receives the same from that peer must encode AS numbers as 4-octet entities in all messages. If the AS number of the peer is different, the 4-byte speaker brings up the neighbor session using a reserved 2-byte ASN,23456 called AS_TRANS.
The Local-AS does not prepend the updates with the AS number received from the EBGP peer if you use the no prepend command. If you do not select no prepend, the default, the Local-AS adds to the first AS segment in the AS-PATH. If you use an inbound route-map to prepend the AS-PATH to the update from the peer, the Local-AS adds first. If Router B has an inbound route-map applied on Router C to prepend 65001 65002 to the AS-PATH, these events take place on Router B: • • • Receive and validate the update.
connected to the router. The BGP process first determines if all internal BGP peers are reachable, then it determines which peers outside the AS are reachable. 1 Assign an AS number, and enter ROUTER-BGP mode from CONFIGURATION mode (1 to 65535 for 2-byte, 1 to 4294967295 for 4byte). Only one AS number is supported per system. If you enter a 4-byte AS number, 4-byte AS support is enabled automatically. router bgp as-number 2 Enter a neighbor in ROUTER-BGP mode.
Prefixes accepted 3, Prefixes advertised 0 Connections established 3; dropped 2 Closed by neighbor sent 00:03:26 ago Local host: 5.1.1.2, Local port: 43115 Foreign host: 5.1.1.1, Foreign port: 179 View BGP running configuration OS10# show running-configuration router bgp 65123 router-id 192.168.10.2 ! address-family ipv4 unicast ! neighbor 10.10.21.1 remote-as 65123 no shutdown ! neighbor 10.10.32.3 remote-as 65123 no shutdown ! neighbor 100.10.92.9 remote-as 65192 no shutdown ! neighbor 192.168.10.
peer template and assign a name to it before adding members to the peer template. Create a peer template before configuring any route policies for the template. NOTE: An outbound filter policy, distribute list or route map, is not supported on a peer group member. 1 Enable BGP, and assign the AS number to the local BGP speaker in CONFIGURATION mode, from 1 to 65535 for 2 byte, 1 to 4294967295 | 0.1 to 65535.65535 for 4 byte, or 0.1 to 65535.65535 in dotted format.
Minimum time between advertisement runs is 30 seconds For address family: Unicast BGP neighbor is ebgppg, peer-group external Update packing has 4_OCTET_AS support enabled Number of peers in this group 1 Peer-group members: View running configuration OS10(config-router-neighbor)# do show running-configuration bgp ! router bgp 300 ! neighbor 3.1.1.
Received 23 messages 1 opens, 0 notifications, 1 updates 21 keepalives, 0 route refresh requests Sent 21 messages 1 opens, 0 notifications, 0 updates 20 keepalives, 0 route refresh requests Minimum time between advertisement runs is 30 seconds Minimum time before advertisements start is 0 seconds Capabilities received from neighbor for IPv4 Unicast: MULTIPROTO_EXT(1) ROUTE_REFRESH(2) CISCO_ROUTE_REFRESH(128) 4_OCTET_AS(65) Capabilities advertised to neighbor for IPv4 Unicast: MULTIPROTO_EXT(1) ROUTE_REFRESH
Fast external fallover is enabled by default. To disable or re-enable it, use the [no] fast-external-fallover command. For the fast-external-fallover command to take effect on an established BGP session, you must reset the session using the clear ip bgp {* | peer-ipv4-address | peer-ipv6-address} command. View fast external fallover configuration OS10(config)# do show running-configuration bgp ! router bgp 300 ! neighbor 3.1.1.
BGP router identifier 11.11.11.11 local AS number 300 Neighbor AS MsgRcvd MsgSent Up/Down State/Pfx ----------------------------------------------------------------3.1.1.1 100 7 4 00:00:29 3 3::1 100 9 5 00:00:29 4 OS10(conf-if-eth1/1/1)# OS10(config-router-bgp-neighbor-af)# Apr 27 01:39:03 OS10 dn_sm[2065]: Node.1-Unit.1:PRI:alert [os10:event], %Dell EMC (OS10) %BGP_NBR_BKWD_STATE_CHG: Backward state change occurred Hold Time expired for Nbr:3.1.1.3 VRF:default Apr 27 01:39:03 OS10 dn_sm[2065]: Node.
2 Enter a local-as number for the peer, and the AS values not prepended to announcements from the neighbors in ROUTERNEIGHBOR mode (1 to 4294967295). local-as as number [no prepend] 3 Return to ROUTER-BGP mode. exit 4 Enter a template name to assign to the peer-groups in ROUTER-BGP mode (up to 16 characters). template template-name 5 Enter a local-as number for the peer in ROUTER-TEMPLATE mode.
neighbor 17.1.1.
1 Assign an AS number in CONFIGURATION mode. router bgp as-number 2 Enter a neighbor and IP address (A.B.C.D) in ROUTER-BGP mode. neighbor ip-address 3 Enter Address Family mode in ROUTER-NEIGHBOR mode. address-family {[ipv4 | ipv6] [unicast]) 4 Allow the specified neighbor to send or receive multiple path advertisements in ROUTER-BGP mode. The count parameter controls the number of paths that are advertised — not the number of paths received.
4 Enter the neighbor to apply the route map configuration in ROUTER-BGP mode. neighbor {ip-address} 5 Apply the route map to the neighbor’s incoming or outgoing routes in ROUTER-BGP-NEIGHBOR-AF mode. route-map map-name {in | out) 6 Enter the peer group to apply the route map configuration in ROUTER-BGP mode. template template-name 7 Apply the route map to the peer group’s incoming or outgoing routes in CONFIG-ROUTER-TEMPLATE-AF mode.
OS10(config-router-bgp-10)# template zanzibar OS10(config-router-template)# weight 200 Enable multipath You can have one path to a destination by default, and enable multipath to allow up to 64 parallel paths to a destination. The show ip bgp network command includes multipath information for that network. • Enable multiple parallel paths in ROUTER-BGP mode.
Configure clusters of routers where one router is a concentration router and the others are clients who receive their updates from the concentration router. 1 Assign an ID to a router reflector cluster in ROUTER-BGP mode. You can have multiple clusters in an AS. cluster-id cluster-id 2 Assign a neighbor to the router reflector cluster in ROUTER-BGP mode. neighbor {ip-address} 3 Configure the neighbor as a route-reflector client in ROUTER-NEIGHBOR mode, then return to ROUTER-BGP mode.
! neighbor 32.1.1.2 remote-as 104 no shutdown ! address-family ipv4 unicast Confederations Another way to organize routers within an AS and reduce the mesh for IBGP peers is to configure BGP confederations. As with route reflectors, Dell EMC recommends BGP confederations only for IBGP peering involving many IBGP peering sessions per router. When you configure BGP confederations, you break the AS into smaller sub-ASs. To devices outside your network, the confederations appear as one AS.
Route dampening When EBGP routes become unavailable, they “flap” and the router issues both WITHDRAWN and UPDATE notices. A flap occurs when a route is withdrawn, readvertised after being withdrawn, or has an attribute change. The constant router reaction to the WITHDRAWN and UPDATE notices causes instability in the BGP process. To minimize this instability, configure penalties (a numeric value) for routes that flap.
View dampened paths OS10# show ip bgp dampened-paths BGP local router ID is 80.1.1.1 Status codes: s suppressed, S stale, d dampened, h history, * valid, > best Origin codes: i - IGP, e - EGP, ? - incomplete Network From Reuse Path d* 3.1.2.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.3.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.4.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.5.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.6.0/24 80.1.1.
1 Enable soft-reconfiguration for the BGP neighbor and BGP template in ROUTER-BGP mode. BGP stores all the updates that the neighbor receives but does not reset the peer-session. Entering this command starts the storage of updates, which is required to do inbound soft reconfiguration. neighbor {ip-address} soft-reconfiguration inbound 2 Enter Address Family mode in ROUTER-NEIGHBOR mode. address-family {[ipv4 | ipv6] [unicast]} 3 Configure soft-configuration for the neighbors belonging to the template.
• receive — Receive multiple paths from the peer. • send path count — Enter the number of multiple paths to send multiple to the peer, from 2 to 64. Default Not configured Command Mode ROUTER-BGP-NEIGHBOR-AF Usage Information Advertising multiple paths to peers for the same address prefix without replacing the existing path with a new one reduces convergence times. The no version of this command disables the multiple path advertisements for the same destination.
Usage Information The time interval applies to all peer group members of the template in ROUTER-TEMPLATE mode. The no version of this command resets the advertisement-interval value to the default. Example OS10(conf-router-neighbor)# advertisement-interval 50 Supported Releases 10.3.0E or later advertisement-start Delays initiating the OPEN message for the specified time.
allowas-in Sets the number of times a local AS number appears in the AS path. Syntax allowas-in as-number Parameters as-number—Enter the number of occurrences for a local AS number, from 1 to 10. Default Disabled Command Mode ROUTER-BPG-TEMPLATE-AF Usage Information Use this command to enable the BGP speaker to allow the AS number to be present for the specified number of times in updates received from the peer. You cannot set this configuration for a peer associated with a peer group.
Command Mode ROUTER-BGP Usage Information To enable load-balancing across different EBGP peers, configure the mutlipath-relax option. If you configure both ignore or multipath-relax options at the same time, a system-generated error message appears. The no version of this command disables configuration. Example OS10(conf-router-bgp-10)# bestpath as-path multipath-relax Supported Releases 10.3.0E or later bestpath med Changes the best path MED attributes during MED comparison for path selection.
Parameters • IPv4–address — Enter an IPv4 address to clear a BGP neighbor configuration. • IPv6–address — Enter an IPv6 address to clear a BGP neighbor configuration. • * — Clears all BGP sessions. Default Not configured Command Mode EXEC Usage Information To reset BGP IPv4 or IPv6 neighbor sessions, use this command. Example OS10# clear ip bgp 1.1.15.4 Supported Releases 10.3.0E or later clear ip bgp * Resets BGP sessions.
Usage Information Configure your system to accept 4-byte formats before entering a 4-byte AS number. All routers in the Confederation must be 4-byte or 2-byte identified routers. You cannot have a mix of 2-byte and 4-byte identified routers. The autonomous system number you configure in this command is visible to the EBGP neighbors. Each autonomous system is fully meshed and contains a few connections to other autonomous systems.
cluster-id Assigns a cluster ID to a BGP cluster with multiple route reflectors. Syntax cluster-id {number | ip-address} Parameters • number—Enter a route reflector cluster ID as a 32-bit number, from 1 to 4294967295. • ip-address—Enter an IP address as the route-reflector cluster ID. Default Router ID Command Mode ROUTER-BGP Usage Information If a cluster contains only one route reflector, the cluster ID is the route reflector’s router ID.
Supported Releases 10.3.0E or later default-metric Assigns a default-metric of redistributed routes to locally originated routes. Syntax default-metric number Parameters number — Enter a number as the metric to assign to routes from other protocols, from 1 to 4294967295. Default Disabled Command Mode ROUTER-BGP Usage Information Assigns a metric for locally-originated routes such as redistributed routes.
Command Mode ROUTER-NEIGHBOR Usage Information This command avoids installation of default multihop peer routes to prevent loops and creates neighbor relationships between peers. Networks indirectly connected are not valid for best path selection. The no version of this command removes multihop session. Example OS10(conf-router-neighbor)# ebgp-multihop 2 Supported Releases 10.3.
fast-external-fallover Resets BGP sessions immediately when a link to a directly connected external peer fails. Syntax fast-external-fallover Parameters None Default Not configured Command Mode ROUTER-BGP Usage Information Fast external fall-over terminates the EBGP session immediately after the IP unreachability or link failure is detected. This only applies after you manually reset all existing BGP sessions. For the configuration to take effect, use the clear ip bgp command.
Supported Releases 10.2.0E or later local-as Configures a local AS number for a peer. Syntax local-as as-number [no-prepend] Parameters • as-number—Enter the local AS number, from 1 to 4294967295. • no-prepend—(Optional) Enter so that local AS values are not prepended to announcements from the neighbor. Default Disabled Command Mode ROUTER-NEIGHBOR or ROUTER-TEMPLATE Usage Information Facilitates the BGP network migration operation and allows you to maintain existing AS numbers.
• number—Enter the number of parallel paths, from 1 to 64. Default 64 paths Command Mode ROUTER-BGP Usage Information Dell EMC recommends not using multipath and add path simultaneously in a route reflector. To recompute the best path, use the clear ip bgp * command. The no version of this command resets the value to the default. Example (EBGP) OS10(conf-router-bgp-2)# maximum-paths ebgp 2 maxpaths Example (IBGP) OS10(conf-router-bgp-2)# maximum-paths ibgp 4 maxpaths Supported Releases 10.3.
Example OS10(conf-router-bgp-2)# neighbor 32.1.0.0 OS10(conf-router-neighbor)# Supported Releases 10.3.0E or later next-hop-self Disables the next-hop calculation for a neighbor. Syntax next-hop-self Parameters None Default Enabled Command Mode ROUTER-NEIGHBOR-AF Usage Information Influences next-hop processing of EBGP routes to IBGP peers. The no version of this command disables the nexthop calculation. Example OS10(conf-router-neighbor-af)# next-hop-self Supported Releases 10.3.
Usage Information Enable or disable outbound optimization dynamically to reset all neighbor sessions. When you enable outbound optimization, all peers receive the same update packets. The next-hop address chosen as one of the addresses of neighbor’s reachable interfaces is also the same for the peers. The no version of this command disables outbound optimization. Example OS10(conf-router-bgp-10)# outbound-optimization Supported Releases 10.3.
Example (Static — IPv6) OS10(conf-router-bgp-102)# address-family ipv6 unicast OS10(conf-router-bgpv6-af)# redistribute static Example (OSPF — IPv4) OS10(conf-router-bgp-102)# address-family ipv4 unicast OS10(conf-router-bgpv4-af)# redistribute ospf 1 Example (OSPF — IPv6) OS10(conf-router-bgp-102)# address-family ipv6 unicast OS10(conf-router-bgpv6-af)# redistribute ospf 1 Supported Releases 10.2.0E or later route-reflector-client Configures a neighbor as a member of a route-reflector cluster.
router-id Assigns a user-given ID to a BGP router. Syntax router-id ip-address Parameters ip-address — Enter an IP address in dotted decimal format. Default First configured IP address or random number Command Mode ROUTER-BGP Usage Information Change the router ID of a BGP router to reset peer-sessions. The no version of this command resets the value to the default. Example OS10(conf-router-bgp-10)# router-id 10.10.10.40 Supported Releases 10.3.
Example (IPv4) OS10(conf-router-bgp-102)# neighbor 3.3.3.1 OS10(conf-router-neighbor)# address-family ipv4 unicast OS10(conf-router-bgp-neighbor-af)# sender-side-loop-detection Example (IPv6) OS10(conf-router-bgp-102)# neighbor 32::1 OS10(conf-router-neighbor)# address-family ipv6 unicast OS10(conf-router-bgp-neighbor-af)# no sender-side-loop-detection Supported Releases 10.3.0E or later show ip bgp Displays information that BGP neighbors exchange.
Status codes: s suppressed, S stale, d dampened, h history, * valid, > best Origin codes: i - IGP, e - EGP, ? - incomplete Network From Reuse Path d* 3.1.2.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.3.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.4.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.5.0/24 80.1.1.2 00:00:12 800 9 8 i d* 3.1.6.0/24 80.1.1.2 00:00:12 800 9 8 i Total number of prefixes: 5 Supported Releases 10.3.0E or later show ip bgp flap-statistics Displays BGP flap statistics on BGP routes.
Command Mode EXEC Usage Information This command provides output which displays locally advertised BGPv4 routes configured using the network command. These routes show as r for redistributed/network-learned routes. Example OS10# show ip bgp ipv4 unicast summary BGP router identifier 80.1.1.1 local AS number 102 Neighbor AS MsgRcvd MsgSent Up/Down State/Pfx 80.1.1.2 800 8 4 00:01:10 5 Supported Releases 10.3.0E or later show ip bgp ipv6 unicast Displays route information for BGP IPv6 routes.
Command Mode Usage Information EXEC • BGP neighbor — Displays the BGP neighbor address and its AS number. The last phrase in the line indicates whether the link between the BGP router and its neighbor is an external or internal one. If they are located in the same AS, the link is internal; otherwise the link is external. • BGP version — Displays the BGP version (always version 4) and the remote router ID.
Example advertised- OS10# show ip bgp ipv6 unicast neighbors 192:168:1::2 advertised-routes BGP local router ID is 100.1.1.
Total number of prefixes: 10 OS10# Supported Releases 10.3.0E or later show ip bgp peer-group Displays information on BGP peers in a peer-group. Syntax show ip bgp peer-group peer-group-name Parameters peer-group-name — (Optional) Enter the peer group name to view information about that peer-group only. Default Not configured Command Mode EXEC Usage Information Example • Peer-group — Displays the peer group name. Minimum time displays the time interval between BGP advertisements.
• AS—Displays the AS number of the neighbor • MsgRcvd—Displays the number of BGP messages that the neighbor received. • MsgSent—Displays the number of BGP messages that the neighbor sent. • Up/Down—Displays the amount of time that the neighbor is in the Established stage. If the neighbor has never moved into the Established stage, the word never displays.
Command Mode CONFIG-ROUTER-BGP Usage Information Members of a peer-group template inherit the configuration properties of the template and share the same update policy. The no version of this command removes a peer-template configuration. Example OS10(conf-router-bgp-10)# template solar OS10(conf-router-bgp-template)# Supported Releases 10.3.0E or later timers Adjusts BGP keepalive and holdtime timers.
Equal cost multi-path ECMP is a routing technique where next-hop packet forwarding to a single destination occurs over multiple best paths. OS10 uses a hashing algorithm to determine the next-hop when you enable ECMP. The hashing algorithm makes hashing decisions based on values in various packet fields as well as some internal values. • Configure the hash algorithm in CONFIGURATION mode.
hash-algorithm Changes the hash algorithm that distributes traffic flows across ECMP paths and the LAG. Syntax Parameters hash-algorithm {ecmp | lag} [crc | xor | random] • ecmp — Enables ECMP hash configuration. • lag — Enables LAG hash configuration for L2 only. • crc — (Optional) Enables CRC polynomial for hash computation. • xor — (Optional) Enables upper 8 bits of CRC and lower 8 bits of XOR value for computation.
source-ip | protocol | vlan-id | l4–destination-port | l4–source-port] | [macselection destination-mac | source-mac | ethertype | vlan-id]} Parameters Default Command Mode Usage Information • ingress-port enable — Enables load-balancing on ingress ports. • tcp-udp-selection — Enables the TCP UDP port for load-balancing configuration. • ip-selection — Enables IPv4 key parameters to use in the hash computation. • ipv6-selection — Enables IPV6 key parameters to use in hash computation.
Default Not configured Command Mode EXEC Usage Information None Example OS10# show hash-algorithm EcmpAlgo - crc LabAlgo - xor Supported Releases 10.3.0E or later IPv4 routing OS10 supports IPv4 addressing including variable-length subnetting mask (VLSM), address resolution protocol (ARP), static routing, and routing protocols. With VLSM, you can configure one network with different masks. You can also use supernetting, which increases the number of subnets.
Wavelength is 64 SFP receive power reading is 0.
ethernet 1/1/5 has IP address on subnet 100.0.0.0/8, and if 10.1.1.0/24 recursively resolves to 100.1.1.1, the system installs the static route: • When the interface goes down, OS10 withdraws the route. • When the interface comes up, OS10 reinstalls the route. • When the recursive resolution is broken, OS10 withdraws the route. • When the recursive resolution is satisfied, OS10 reinstalls the route.
• A.B.C.D/mask —Specify the IP route to be removed from the IP routing table. This option refreshes all the routes in the routing table, but the traffic flow is affected only for the specified route in the switch. Default Not configured Command Mode EXEC Usage Information This command does not remove the static routes from the routing table. Example OS10# clear ipv6 Supported Releases 10.3.0E or later route 10.1.1.0/24 ip address Configures IP address to an interface.
Default Not configured Command Mode INTERFACE Usage Information Do not use Class D (multicast) or Class E (reserved) IP addresses. Zero MAC addresses (00:00:00:00:00:00) are also invalid. The no version of this command disables IP ARP configuration. Example OS10(conf-if-eth1/1/6)# ip arp 10.1.1.5 08:00:20:b7:bd:32 Supported Releases 10.2.0E or later ip route Assigns a static route on the network device.
• summary — (Optional) Enter the keyword to display a summary of all ARP entries. Default Not configured Command Mode EXEC Usage Information This command shows both static and dynamic ARP entries. Example (IP Address) OS10# show ip arp ip 192.168.2.2 Example (Static) OS10# show ip arp summary Protocol Address Age(min) Hardware Address Interface VLAN CPU ---------------------------------------------------------Internet 192.168.2.
N2 - OSPF NSSA external type 2, E1 - OSPF external type 1, E2 - OSPF external type 2, > - non-active route Gateway of last resort is not set Destination Gateway Dist/Metric Last Change -----------------------------------------------------------------C 10.1.1.0/24 via 10.1.1.1 vlan100 0/0 01:16:56 B EX 10.1.2.0/24 via 10.1.2.1 vlan101 20/0 01:16:56 O 10.1.3.0/24 via 10.1.3.1 vlan102 110/2 01:16:56 B IN 10.1.4.0/24 via 10.1.4.1 vlan103 200/0 01:16:56 Supported Releases 10.2.
=================================================================================== Ethernet 1/1/1:1 up / up fe80::eef4:bbff:fefb:f9f0/64 2017::1/64 Enabled Ethernet 1/1/20 up / up fe80::eef4:bbff:fefb:fa30/64 2020::1/64 Enabled Management 1/1/1 up / up fe80::eef4:bbff:fefb:f9ef/64 Enabled Vlan 1 up / up fe80::eef4:bbff:fefb:fa59/64 Enabled IPv6 addresses An IPv6 address consists of a 48-bit global routing prefix, optional 16-bit subnet ID, and a 64-bit interface identifier in the extended universal identi
The no ipv6 address autoconfig command disables IPv6 global address autoconfiguration, and sets the interface to Router mode with IPv6 forwarding enabled. DHCP-assigned addresses As an alternative to stateless autoconfiguration, you can enable a network host to obtain IPv6 addresses using a DHCP server via stateful autoconfiguration using the ipv6 address dhcp command. A DHCPv6 server uses a prefix pool to configure a network address on an interface. The interface ID is automatically generated.
only. Neighbor Discovery (ND) messages advertise so the neighbor can use the information to auto-configure its address. Received ND messages are not used to create an IPv6 address. Inconsistencies in router advertisement values between routers are logged.
3 Configure the IPv6 prefixes that are advertised by IPv6 neighbor discovery in Interface mode. ipv6 nd prefix {ipv6-prefix | default} [no-advertise] [no-autoconfig] [no-rtr-address] [off-link] [lifetime {valid-lifetime seconds | infinite} {preferred-lifetime seconds | infinite}] • ipv6-prefix — Enter an IPv6 prefix in x:x::y/mask format to include the prefix in RA mesages. Include prefixes that are not already in the subnets configured on the interface.
Disable duplicate address discovery OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ipv6 nd dad disable Disable IPv6 for duplicate link-local address OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ipv6 nd dad disable-ipv6-on-dad-failure Static IPv6 routing To define an explicit route between two IPv6 networking devices, configure a static route on an interface.
IPv6 hop-by-hop options A hop-by-hop header extension in an IPv6 packet contains options that are processed by all IPv6 routers in the packet's path. By default, hop-by-hop header options in an IPv6 packet are not processed locally. To enable local processing of IPv6 hop-by-hop options on an interface, use the ipv6 hop-by-hop command.
Parameters • *— Clears all routes and refreshes the IPv6 routing table. Traffic flow for all the routes in the switch is affected. • A::B/mask — Removes the IPv6 route and refreshes the IPv6 routing table. Traffic flow in the switch is affected only for the specified route. Default Not configured Command Mode EXEC Usage Information This command does not remove the static routes from the routing table. Example OS10# clear ipv6 Supported Releases 10.3.
• The no version of this command disables IPv6 address autoconfiguration, resets the interface in Router mode, and re-enables IPv6 forwarding. Example OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# no switchport OS10(conf-if-eth1/1/1)# ipv6 address autoconfig OS10(conf-if-eth1/1/1)# Supported Releases 10.3.0E or later ipv6 address dhcp Enables DHCP client operations on the interface.
Parameters ipv6-prefix — Enter an IPv6 prefix in x:x::y/mask format. Defaults None Command Mode INTERFACE Usage Information Use this command to manually configure an IPv6 address in addition to the link-local address generated with stateless autoconfiguration. Specify only the network prefix and length. The 64-bit interface ID is automatically computed from the MAC address. This command enables IPv6 processing on the interface. The no version of this command removes the IPv6 address configuration.
Example: Disable hop-by-hop option processing OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# no ipv6 hop-by-hop Supported Releases 10.4.0E(R1) or later ipv6 nd dad Disables or re-enables IPv6 duplicate address discovery (DAD). Syntax Parameters ipv6 nd dad {disable | enable | disable-ipv6-on-dad-failure} • disable — Disable duplicate address discovery on the interface. • enable — Re-enable IPv6 duplicate address discovery if you have disabled it.
Example OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# ipv6 nd hop-limit 100 Supported Releases 10.4.0E(R1) or later ipv6 nd managed-config-flag Sends RA messages that tell hosts to use stateful address autoconfiguration, such as DHCPv6, to obtain IPv6 addresses. Syntax ipv6 nd managed-config-flag Parameters None Defaults Not configured Command Mode INTERFACE Usage Information The no version of this command disables the managed-config-flag option in RA messages.
Example OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# ipv6 nd mtu 2500 Supported Releases 10.4.0E(R1) or later ipv6 nd other-config-flag Sends RA messages that tell hosts to use stateful autoconfiguration to obtain nonaddress-related information. Syntax ipv6 nd other-config-flag Parameters None Defaults Not configured Command Mode INTERFACE Usage Information The no version of this command disables the other-config-flag option in RA messages.
Command Mode Usage Information Examples INTERFACE • By default, all prefixes configured in IPv6 addresses on an interface are advertised. To advertise all default parameters in the subnet prefixes on an interface, enter the default keyword. • If you configure a prefix with valid or preferred lifetime values, the ipv6 nd prefix default no autoconfig command does not apply the default prefix values. • On-link determination is used to forward IPv6 packets to a destination IPv6 address.
Defaults 0 Command Mode INTERFACE Usage Information The no version of this command restores the default reachable time. 0 indicates that no reachable time is sent in RA messages. Example OS10(config)# interface ethernet 1/2/3 OS10(conf-if-eth1/2/3)# ipv6 nd reachable-time 1000 Supported Releases 10.4.0E(R1) or later ipv6 nd retrans-timer Sets the time between retransmitting neighbor solicitation messages.
ipv6 route Configures a static IPv6 static route. Syntax ipv6 route ipv6–prefix mask {next-hop | interface interface-type [routepreference]} Parameters • ipv6-prefix — Enter the IPv6 address in x:x:x:x::x format • mask — Enter the mask in slash prefix-length format (/x) • next-hop — Enter the next-hop IPv6 address in x:x:x:x::x format. • interface interface-type — Enter the interface type then the slot/port or number information.
show ipv6 route Displays IPv6 routes. Syntax Parameters show ipv6 route [all | bgp | connected | static | A::B/mask | summary] • all—(Optional) Displays all routes including nonactive routes. • bgp—(Optional) Displays BGP route information. • connected—(Optional) Displays only the directly connected routes. • static—(Optional) Displays all static routes. • A::B/mask—(Optional) Enter the IPv6 destination address and mask. • summary—(Optional) Displays the IPv6 route summary.
show ipv6 interface brief Displays IPv6 interface information. Syntax show ipv6 interface brief [interface interface] Parameters • brief — Displays a brief summary of IPv6 interface information.
• (Optional) You can disable IGMP snooping on specific VLANs using the no ip igmp snooping enable command in the VLAN INTERFACE mode. • IGMP snooping functions in a network with a multicast router that generates IGMP queries. The tables created are associated with the IGMP querier. Enable IGMP and MLD querier on a VLAN with the ip igmp snooping querier command in the VLAN INTERFACE mode. • You need to connect the multicast router to a physical port that is a member of the VLAN.
IGMP snooping last member query response interval is 1000 ms IGMP snooping fast-leave is disabled on this interface IGMP snooping querier is enabled on this interface --more-<
IGMP snooping commands ip igmp snooping enable Enables IGMP and MLD snooping globally. Syntax ip igmp snooping enable Parameters None Default Disabled Command Mode CONFIGURATION Usage Information The no version of this command disables the IGMP and MLD snooping. Example OS10(config)# ip igmp snooping enable Supported Releases 10.4.0E(R1) or later ip igmp snooping enable (VLAN) Enables IGMP and MLD snooping on the specified VLAN.
Example OS10(config)# interface vlan 100 OS10(conf-if-vl-100)# ip igmp snooping mrouter interface ethernet 1/1/1 Supported Releases 10.4.0E(R1) or later ip igmp snooping querier Enables IGMP and MLD querier processing for the specified VLAN interface. Syntax ip igmp snooping querier Parameters None Default Not configured Command Mode VLAN INTERFACE Usage Information The no version of this command disables the IGMP and MLD querier processing on the VLAN.
Member Ports: ethernet1/1/6:1 225.1.0.9 Member Ports: ethernet1/1/6:1 --more-- vlan3031 IGMPv2-Compat <
IGMP snooping querier is enabled on this interface Vlan3032 is up, line protocol is up IGMP snooping is enabled on interface IGMP snooping query interval is 125 seconds IGMP snooping querier timeout is 255 seconds IGMP snooping last member query response interval is 1000 ms IGMP snooping fast-leave is disabled on this interface IGMP snooping querier is enabled on this interface Vlan3033 is up, line protocol is up IGMP snooping is enabled on interface IGMP snooping query interval is 125 seconds IGMP snooping
vlan3049 vlan3050 vlan3051 vlan3052 --more-- port-channel31 port-channel31 port-channel31 port-channel31 <
Member Ports: port-channel31 ff02::1:ff00:b Member Ports: port-channel31 ff02::1:ff00:c Member Ports: port-channel31 ff02::1:ff00:f Member Ports: ethernet1/1/6:1 ff02::1:ff00:11 Member Ports: port-channel31 ff02::1:ff0c:86c9 Member Ports: port-channel31 ff02::1:ff31:0 Member Ports: port-channel31, ff02::1:ffaa:9bcc Member Ports: port-channel31 ff0e:225:1:: Member Ports: port-channel31, ff0e:225:1::1 Member Ports: port-channel31, ff0e:225:1::2 Member Ports: port-channel31, ff0e:225:1::3 Member Ports: port-ch
Areas allow you to further organize routers within the AS with one or more areas within the AS. Areas are valuable in that they allow subnetworks to hide within the AS—minimizing the size of the routing tables on all routers. An area within the AS may not see the details of another area’s topology. An area number or the router’s IP address identifies AS areas. Areas, networks, and neighbors The backbone of the network is Area 0, also called Area 0.0.0.0, the core of any AS.
Router types Router types are attributes of the OSPF process—multiple OSPF processes may run on the same router. A router connected to more than one area, receiving routing from a BGP process connected to another AS, acts as both an area border router and an autonomous system border router. Each router has a unique ID, written in decimal format—A.B.C.D. You do not have to associate the router ID with a valid IP address.
Designated and backup designated routers OSPF elects a designated router (DR) and a backup designated router (BDR). The DR is responsible for generating LSAs for the entire multiaccess network. Designated routers allow a reduction in network traffic and in the size of the topological database. Designated router Maintains a complete topology table of the network and sends updates to the other routers via multicast. All routers in an area form a slave/master relationship with the DR.
(OSPFv2), IntraArea Prefix LSA (OSPFv3) Type 11—Grace LSA Link-local opaque LSA for OSPFv3 only is sent during a graceful restart by an OSPFv3 router. (OSPFv3) The LSA header is common to LSA types. Its size is 20 bytes. One of the fields of the LSA header is the link-state ID. Each router link is defined as one of four types—type 1, 2, 3, or 4. The LSA includes a link ID field that identifies the object this link connects to, by the network number and mask.
Shortest path first throttling Use shortest path first (SPF) throttling to delay SPF calculations during periods of network instability. In an OSPF network, a topology change event triggers an SPF calculation that is performed after a start time. When the start timer finishes, a hold time can delay the next SPF calculation for an additional time.
SPF schedule delay 1345 msecs, Hold time between two SPFs 2324 msecs Min LSA origination 5000 msec, Min LSA arrival 1000 msec Min LSA hold time 0 msec, Max LSA wait time 0 msec Number of area in this router is 1, normal 1 stub 0 nssa Area (0.0.0.1) Number of interface in this area is 1 SPF algorithm executed 2 times OSPFv2 OSPFv2 supports IPv4 address families. OSPFv2 routers initially exchange hello messages to set up adjacencies with neighbor routers.
router ospf 100 ... Assign router identifier For managing and troubleshooting purposes, you can assign a router ID for the OSPFv2 process. Use the router’s IP address as the router ID. • Assign the router ID for the OSPFv2 process in ROUTER-OSPF mode router-id ip-address Assign router ID OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# router-id 10.10.1.5 View OSPFv2 status OS10# show ip ospf 10 Routing Process ospf 10 with ID 10.10.1.
112.112.112.1 112.112.112.2 112.112.112.1 112.112.112.2 1305 1305 0x80000250 0x80000250 0xbab2 0xbeaa Seq# 0x80000008 0x80000008 0x80000008 0x80000008 0x80000008 Checksum 0xd2b1 0x1b8f 0x198f 0x287c 0x267c 1 1 Network (Area 0.0.0.0) Link ID 110.1.1.2 111.1.1.1 111.2.1.1 112.1.1.1 112.2.1.1 ADV Router 112.2.1.1 111.2.1.1 111.2.1.1 112.2.1.1 112.2.1.1 Age 1287 1458 1458 1372 1372 Summary Network (Area 0.0.0.0) Passive interfaces A passive interface does not send or receive routing information.
When you disable fast-convergence, origination and arrival LSA parameters are set to 0 msec and 1000 msec, respectively. Setting the convergence parameter from 1 to 4 indicates the actual convergence level. Each convergence setting adjusts the LSA parameters to zero, but the convergence-level parameter changes the convergence speed. The higher the number, the faster the convergence. • Enable OSPFv2 fast-convergence and enter the convergence level in ROUTER-OSPF mode from 1 to 4.
5 Change the priority of the interface, which determines the DR for the OSPF broadcast network in INTERFACE mode, from 0 to 255. The default priority of the interface is 1. ip ospf priority number 6 Change the retransmission interval time, in seconds, between LSAs in INTERFACE mode, from 1 to 3600. The default retransmission interval time is 5. The retransmit interval must be the same on all routers in the OSPF network.
Default route You can generate an external default route and distribute the default information to the OSPFv2 routing domain. • To generate the default route, use the default-information originate [always] command in ROUTER-OSPF mode.
OSPFv2 authentication You can enable OSPF authentication either with clear text or with MD5. • • Set a clear text authentication scheme on the interface in INTERFACE mode. ip ospf authentication-key key Set MD5 authentication in INTERFACE mode.
• View summary information for the OSPF database in EXEC mode. show ip ospf database • View the configuration of OSPF neighbors connected to the local router in EXEC mode. show ip ospf neighbor • View routes that OSPF calculates in EXEC mode. show ip ospf routes prefix View OSPF configuration OS10# show running-configuration ospf ! interface ethernet1/1/1 ip ospf 100 area 0.0.0.
Usage Information The no version of this command deletes an NSSA. Example OS10(conf-router-ospf-10)# area 10.10.1.5 nssa Supported Releases 10.2.0E or later area range Summarizes routes matching an address/mask at an area in ABRs. Syntax area area-id range ip-address [no-advertise] Parameters • area-id — Set the OSPF area ID as an IP address (A.B.C.D) or number (1 to 65535). • ip-address — (Optional) Enter an IP address/mask in dotted decimal format.
Default 100000 Command Mode ROUTER-OSPF Usage Information The value set by the ipv6 ospf cost command in INTERFACE mode overrides the cost resulting from the auto-cost command. The no version of this command resets the value to the default. Example OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# auto-cost reference-bandwidth 150 Supported Releases 10.2.0E or later clear ip ospf process Clears all OSPF routing tables.
Example OS10(config)# router ospf 10 OS10(config-router-ospf-10)# default-information originate always Supported Releases 10.3.0E or later default-metric Assigns a metric value to redistributed routes for the OSPF process. Syntax default-metric number Parameters number — Enter a default-metric value (1 to 16777214). Default Not configured Command Mode ROUTER-OSPF Usage Information The no version of this command disables the default-metric configuration.
Supported Releases 10.3.0E or later ip ospf area Attaches an interface to an OSPF area. Syntax Parameters ip ospf process-id area area-id • process-id — Set an OSPF process ID for a specific OSPF process (1 to 65535) • area area-id — Enter the OSPF area ID in dotted decimal format (A.B.C.D.) or enter an area ID number (1 to 65535). Default Not configured Command Mode INTERFACE Usage Information The no version of this command removes an interface from an OSPF area.
Example OS10(config)# interface vlan 10 OS10(conf-if-vl-1)# ip ospf cost 10 Supported Releases 10.2.0E or later ip ospf dead-interval Sets the time interval since the last hello-packet was received from a router. After the interval elapses, the neighboring routers declare the router dead. Syntax ip ospf dead-interval seconds Parameters seconds — Enter the dead interval value in seconds (1 to 65535).
Example OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ip ospf message-digest-key 2 md5 sample12345 Supported Releases 10.3.0E or later ip ospf mtu-ignore Disables OSPF MTU mismatch detection on receipt of DBD packets. Syntax ip ospf mtu-ignore Parameters None Default Not configured Command Mode INTERFACE Usage Information When neighbors exchange DBD packets, the OSPF process checks if the neighbors are using the same MTU on a common interface.
Example OS10(conf-if-eth1/1/6)# ip ospf passive Supported Releases 10.2.0E or later ip ospf priority Sets the priority of the interface to determine the designated router for the OSPF network. Syntax ip ospf priority number Parameters number — Enter a router priority number (0 to 255). Default 1 Command Mode INTERFACE Usage Information When two routers attached to a network attempt to become the designated router, the one with the higher router priority takes precedence.
log-adjacency-changes Enables logging of syslog messages about changes in the OSPF adjacency state. Syntax log-adjacency-changes Parameters None Default Disabled Command Mode ROUTER-OSPF Usage Information The no version of this command resets the value to the default. Example OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# log-adjacency-changes Supported Releases 10.2.
redistribute Redistributes information from another routing protocol or routing instance to the OSPFv2 process. Syntax redistribute {bgp as-number| connected | static} [route-map map-name] Parameters • as-number — Enter an autonomous number to redistribute BGP routing information throughout the OSPF instance (1 to 4294967295). • connected — Enter the information from connected (active) routes on interfaces to redistribute.
Command Mode CONFIGURATION Usage Information Assign an IP address to an interface before using this command. The no version of this command deletes an OSPF instance. Example OS10(config)# router ospf 10 Supported Releases 10.2.0E or later show ip ospf Displays OSPF instance configuration information.
Supported Releases 10.2.0E or later show ip ospf database Displays all LSA information. You must enable OSPF to generate output. Syntax show ip ospf [process-id] database Parameters process-id — (Optional) View LSA information for a specific OSPF process ID. If you do not enter a process ID, the command applies only to the first OSPF process. Default Not configured Command Mode EXEC Usage Information Example • Link ID — Identifies the router ID.
Usage Information Example • LS Age—Displays the LS age. • Options—Displays optional capabilities. • LS Type—Displays the Link State type. • Link State ID—Identifies the router ID. • Advertising Router—Identifies the advertising router’s ID. • LS Seq Number—Identifies the LS sequence number (identifies old or duplicate LSAs). • Checksum—Displays the Fletcher checksum of an LSA’s complete contents. • Length—Displays the LSA length in bytes.
• Example Metric — Displays the LSA metric. OS10# show ip ospf 10 database external OSPF Router with ID (111.2.1.1) (Process ID 10) Type-5 AS External LS age: 1424 Options: (No TOS-capability, No DC, E) LS type: Type-5 AS External Link State ID: 110.1.1.0 Advertising Router: 111.2.1.1 LS Seq Number: 0x80000009 Checksum: 0xc69a Length: 36 Network Mask: /24 Metric Type: 2 TOS: 0 Metric: 20 Forward Address: 110.1.1.1 External Route Tag: 0 Supported Releases 10.2.
Advertising Router: 112.2.1.1 LS Seq Number: 0x80000008 Checksum: 0xd2b1 Length: 32 Network Mask: /24 Attached Router: 111.2.1.1 Attached Router: 112.2.1.1 Supported Releases 10.2.0E or later show ip ospf database nssa external Displays information about the NSSA-External (Type 7) LSA. Syntax show ip ospf [process-id]database nssa external Parameters process-id — (Optional) Displays NSSA-External (Type7) LSA information for a specified OSPF Process ID.
Network Mask: /0 Metric Type: 1 TOS: 0 Metric: 0 Forward Address: 0.0.0.0 External Route Tag: 0 LS age: 65 Options: (No TOS-Capability, No DC, No Type 7/5 translation) LS type: NSSA External Link State ID: 12.1.1.0 Advertising Router: 2.2.2.2 LS Seq Number: 0x80000001 Checksum: 0xBDEA Length: 36 Network Mask: /24 Metric Type: 2 TOS: 0 Metric: 20 Forward Address: 0.0.0.0 External Route Tag: 0 LS age: 65 Options: (No TOS-Capability, No DC, No Type 7/5 translation) LS type: NSSA External Link State ID: 13.1.1.
Usage Information Example • LS Age — Displays the LS age. • Options — Displays the optional capabilities available on the router. • LS Type — Displays the Link State type. • Link State ID — Identifies the router ID. • Advertising Router — Identifies the advertising router’s ID. • LS Seq Number — Identifies the LS sequence number (identifies old or duplicate LSAs). • Checksum — Displays the Fletcher checksum of an LSA’s complete contents. • Length — Displays the LSA length in bytes.
• Example Opaque ID — Identifies the Opaque type-specific ID (the remaining 24 bits of the LS ID). OS10# show ip ospf 100 database opaque-as OSPF Router with ID (1.1.1.1) (Process ID 100) Type-11 AS Opaque LS age: 3600 Options: (No TOS-Capability, No DC) LS type: Type-11 AS Opaque Link State ID: 8.1.1.3 Advertising Router: 2.2.2.2 LS Seq Number: 0x8000000D Checksum: 0x61D3 Length: 36 Opaque Type: 8 Opaque ID: 65795 Supported Releases 10.2.
Opaque Type: 8 Opaque ID: 65793 Supported Releases 10.2.0E or later show ip ospf database router Displays information about the router (Type 1) LSA. Syntax show ip ospf process-id database router Parameters process-id — (Optional) Displays the router (Type 1) LSA for an OSPF Process ID. If you do not enter a Process ID, this command applies only to the first OSPF process. Default Not configured Command Mode EXEC Usage Information Output: Example • LS age—Displays the LS age.
(Link ID) Designated Router address: 111.2.1.1 (Link Data) Router Interface address: 111.2.1.1 Number of TOS metric: 0 TOS 0 Metric: 1 Supported Releases 10.2.0E or later show ip ospf database summary Displays the network summary (Type 3) LSA routing information. Syntax show ip ospf [process-id] database summary Parameters process-id—(Optional) Displays LSA information for a specific OSPF process ID. If you do not enter a process ID, this command applies only to the first OSPF process.
Parameters • process-id — (Optional) Displays information for an OSPF Process ID. If you do not enter a Process ID, this command applies only to the first OSPF process. • interface — (Optional) Enter the interface information: • ethernet — Enter the Ethernet interface information (1 to 48) • port channel — Enter the port-channel interface number (1 to 128). • vlan — Enter the VLAN interface number (1 to 4094).
Parameters • instance-number — (Optional) Enter an OSPF instance number (1 to 65535). • interface interface — (Optional) Enter the interface information: • ethernet node/slot/port[:subport] — Enter an Ethernet port interface. • port-channel number — Enter the port-channel interface number (1 to 128). • vlan vlan-id — Enter the VLAN ID number (1 to 4094).
111.111.111.2 112.2.1.1 112.112.112.1 112.112.112.2 Supported Releases -/B/-/ E/-/-/ -/B/-/ -/B/-/ 1 1 2 2 111.2.1.2 110.1.1.2 110.1.1.2 110.1.1.2 Vl Vl Vl Vl 3053 3050 3050 3050 0 0 0 0 10.2.0E or later summary-address Configures a summary address for an ASBR to advertise one external route as an aggregate, for all redistributed routes covered by specified address range.
Default • max-wait — Sets the maximum wait time between two SPF calculations in milliseconds (1 to 600000; default 10000). • start-time — 1000 milliseconds • hold-time — 10000 milliseconds • max-wait — 10000 milliseconds Command Mode ROUTER-OSPF Usage Information OSPFv2 and OSPFv3 support SPF throttling. By default, SPF timers are disabled in an OSPF instance. Use SPF throttling to delay SPF calculations during periods of network instability.
• max-interval — 5000 milliseconds Command Mode ROUTER-OSPF Usage Information The no version of this command removes the LSA transmit timer. Example OS10(config)# router ospf 10 OS10(conf-router-ospf-10)# timers throttle lsa all 100 300 1000 Supported Releases 10.2.0E or later OSPFv3 OSPFv3 is an IPv6 link-state routing protocol that supports IPv6 unicast address families (AFs). OSPFv3 is disabled by default. You must configure at least one interface, either physical or loopback.
Assign router ID OS10(config)# router ospfv3 100 OS10(config-router-ospfv3-100)# router-id 10.10.1.5 View OSPFv3 Status OS10# show ipv6 ospf Routing Process ospfv3 100 with ID 10.10.1.5 It is an Area Border Router Min LSA origination 5000 msec, Min LSA arrival 1000 msec Min LSA hold time 0 msec, Max LSA wait time 0 msec Number of area in this router is 2, normal 2 stub 0 nssa Area (0.0.0.0) Number of interface in this area is 1 SPF algorithm executed 42 times Area (0.0.0.
ADV Router Age Seq# Prefix ----------------------------------------------------------------202.254.156.15 93 0x80000001 ::/0 Intra Area Prefix Link States (Area 0.0.0.2) ADV Router Age Seq# Link ID Ref-lstype Ref-LSID ------------------------------------------------------------------202.254.156.15 34 0x80000003 65536 0x2002 12 Link (Type-8) Link States (Area 0.0.0.2) ADV Router Age Seq# Link ID Interface -------------------------------------------------------------199.205.134.
Interface OSPFv3 Parameters Interface parameter values must be consistent across all interfaces to avoid routing errors. For example, set the same time interval for the hello packets on all routers in the OSPF network to prevent misconfiguration of OSPF neighbors. 1 Enter the interface to change the OSPFv3 parameters in CONFIGURATION mode. interface interface-name 2 Change the cost associated with OSPFv3 traffic on the interface in INTERFACE mode (1 to 65535, default depends on the interface speed).
OSPFv3 IPsec authentication and encryption Unlike OSPFv2, OSPFv3 does not have authentication fields in its protocol header to provide security. To provide authentication and confidentiality, OSPFv3 uses IP Security (IPsec) — a collection of security protocols for authenticating and encrypting data packets. OS10 OSPFv3 supports IPsec using the IPv6 authentication header (AH) or IPv6 encapsulating security payload (ESP).
OS10(conf-if-eth1/1/1)# show configuration ! interface ethernet1/1/1 ipv6 ospf authentication ipsec spi 400 md5 12345678123456781234567812345678 no switchport no shutdown ipv6 address 1::1/64 IPsec encryption on interfaces Prerequisite: Before you enable IPsec encryption on an OSPFv3 interface, enable IPv6 unicast routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign it to an area.
To delete an IPsec area authentication policy, use the no area area-id authentication ipsec spi number command. Configure IPsec authentication for an OSPfv3 area OS10(config-router-ospfv3-100)# area 1 authentication ipsec spi 400 md5 12345678123456781234567812345678 OS10(config-router-ospfv3-100)# show configuration ! router ospfv3 100 area 0.0.0.
Troubleshooting OSPFv3 with show Commands • View a summary of all OSPF process IDs enabled in EXEC mode. show running-configuration ospfv3 • View summary information of IP routes in EXEC mode. show ipv6 route summary • View summary information for the OSPF database in EXEC mode. show ipv6 ospf database • View the configuration of OSPF neighbors connected to the local router in EXEC mode. show ipv6 ospf neighbor • View routes that OSPF calculates in EXEC mode.
area encryption Configures encryption for an OSPFv3 area. Syntax Parameters area area-id encryption ipsec spi number esp encryption-type key authentication-type key • area area-id — Enter an area ID as a number or IPv6 prefix. • ipsec spi number — Enter a unique security policy index number (256 to 4294967295). • esp encryption-type — Enter the encryption algorithm used with ESP (3DES, DES, AES-CBC, or NULL). For AES-CBC, only the AES-128 and AES-192 ciphers are supported.
Supported Releases 10.3.0E or later auto-cost reference-bandwidth Calculates default metrics for the interface based on the configured auto-cost reference bandwidth value. Syntax auto-cost reference-bandwidth value Parameters value — Enter the reference bandwidth value to calculate the OSPFv3 interface cost in megabits per second (1 to 4294967).
default-information originate Generates and distributes a default external route information to the OSPFv3 routing domain. Syntax default-information originate [always] Parameters always — (Optional) Always advertise the default route. Defaults Disabled Command Mode ROUTER-OSPFv3 Usage Information The no version of this command disables the distribution of default route.
Usage Information • Before you enable IPsec authentication on an OSPFv3 interface, you must enable IPv6 unicast routing globally, configure an IPv6 address and enable OSPFv3 on the interface, and assign it to an area. • The SPI value must be unique to one IPsec security policy (authentication or encryption) on the router. You cannot configure the same SPI value on another interface even if it uses the same authentication or encryption algorithm.
ipv6 ospf encryption Configures OSPFv3 encryption on an IPv6 interface. Syntax Parameters ipv6 ospf encryption ipsec spi number esp encryption-type key authenticationtype key • area area-id — Enter an area ID as a number or IPv6 prefix. • ipsec spi number — Enter a unique security policy index number (256 to 4294967295). • esp encryption-type — Enter the encryption algorithm used with ESP (3DES, DES, AES-CBC, or NULL). For AES-CBC, only the AES-128 and AES-192 ciphers are supported.
Supported Releases 10.3.0E or later ipv6 ospf network Sets the network type for the interface. Syntax ipv6 ospf network {point-to-point | broadcast} Parameters • point-to-point — Sets the interface as part of a point-to-point network. • broadcast — Sets the interface as part of a broadcast network. Default Broadcast Command Mode INTERFACE Usage Information The no version of this command resets the value to the default.
Supported Releases 10.3.0E or later log-adjacency-changes Enables logging of syslog messages about changes in the OSPFv3 adjacency state. Syntax log-adjacency-changes Parameters None Default Disabled Command Mode ROUTER-OSPFv3 Usage Information The no version of this command resets the value to the default. Example OS10(config)# router ospfv3 100 OS10(config-router-ospfv3-100)# log-adjacency-changes Supported Releases 10.3.
Example OS10(config)# router ospfv3 100 OS10(config-router-ospfv3-100)# redistribute bgp 4 route-map dell1 Example (Connected) OS10((config-router-ospfv3-100)# redistribute connected route-map dell2 Supported Releases 10.3.0E or later router-id Configures a fixed router ID for the OSPFv3 process. Syntax router-id ip-address Parameters ip-address — Enter the IP address of the router as the router ID.
Example Supported Releases OS10# show ipv6 ospf Routing Process ospfv3 200 with ID 1.1.1.1 It is an Area Border Router Min LSA origination 5000 msec, Min LSA arrival 1000 Min LSA hold time 0 msec, Max LSA wait time 0 msec Number of area in this router is 2, normal 2 stub 0 Area (0.0.0.0) Number of interface in this area is 1 SPF algorithm executed 42 times Area (0.0.0.1) Number of interface in this area is 1 SPF algorithm executed 42 times OS10# show ipv6 ospf 200 Routing Process ospfv3 200 with ID 10.0.
1.1.1.1 1615 0x80000125 5 ethernet1/1/1 2.2.2.2 1369 0x8000011B 5 ethernet1/1/1 10.0.0.2 1044 0x80000001 5 ethernet1/1/1 Type-5 AS External Link States ADV Router Age Seq# Prefix -------------------------------------------------------------------------3.3.3.3 3116 0x80000126 400::/64 3.3.3.3 3116 0x80000124 34::/64 Supported Releases 10.3.0E or later show ipv6 ospf interface Displays the configured OSPFv3 interfaces. You must enable OSPFv3 to display the output.
• Interface ID—Displays the neighbor interface ID Example OS10(conf-if-eth1/1/1)# show ipv6 ospf neighbor Neighbor ID Pri State Dead Time Interface ID Interface ------------------------------------------------------------------2.2.2.2 1 Full/DR 00:00:30 5 ethernet1/1/1 Supported Releases 10.3.0E or later show ipv6 ospf statistics Displays OSPFv3 traffic statistics.
timers spf (OSPFv3) Enables shortest path first (SPF) throttling to delay an SPF calculation when a topology change occurs. Syntax timers spf [start-time [hold-time [max-wait]]] Parameters Default • start-time — Sets the initial SPF delay in milliseconds (1 to 600000; default 1000). • hold-time — Sets the additional hold time between two SPF calculations in milliseconds (1 to 600000; default 10000).
a tracked object changes state. You can also optionally specify a time delay before changes in a tracked object's state are reported to a client application. VRRP can subscribe to a track object which tracks the interface line protocol state. It can use the tracked object status to determine the priority of the VRRP router in a VRRP group. If a tracked state, or interface goes down, VRRP updates the priority based on what you configure the new priority to be for the tracked state.
When the link-level status goes down, the tracked resource status is also considered Down. If the link-level status goes up, the tracked resource status is also considered Up. For logical interfaces (port-channels or VLANs), the link-protocol status is considered to be Up if any physical interface under the logical interface is Up.
4 Track the host by checking the reachability periodically in OBJECT TRACKING mode. reachability-refresh interval 5 View the tracking configuration and the tracked object status in EXEC mode. show track object-id Configure IPv4 host tracking OS10 (conf-track-1)# track 2 OS10 (conf-track-2)# ip 1.1.1.1 reachability OS10 (conf-track-2)# do show track 2 IP Host 1.1.1.
View brief object tracking information OS10# show track brief TrackID Resource Parameter Status LastChange --------------------------------------------------------------------------------1 line-protocol ethernet1/1/1 DOWN 2017-02-03T08:41:25Z1 2 ipv4-reachablity 1.1.1.
interface line-protocol Configures an object to track a specific interface's line-protocol status. Syntax interface interface line-protocol Parameters interface — Enter the interface information: • ethernet — Physical interface. • port-channel — Enter the port-channel identifier. • vlan — Enter the VLAN identifier. • loopback — Enter the Loopback interface identifier. • mgmt — Enter the Management interface.
Example OS10(config)# track 200 OS10(conf-track-200)# ipv6 10::1 reachability Supported Releases 10.3.0E or later reachability-refresh Configures a polling interval for reachability tracking. Syntax reachability-refresh interval Parameters interval — Enter the polling interval value (up to 3600 seconds). Defaults 0 seconds Command Mode CONFIGURATION Usage Information Set the interval to 0 to disable the refresh. Example OS10(conf-track-100)# reachability-refresh 600 Supported Releases 10.3.
Parameters object-id — Enter the object ID to track (up to 500). Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes the tracked object from an interface. Example OS10# track 100 Supported Releases 10.3.0E or later Policy-based routing Policy-based routing (PBR) provides a mechanism to redirect IPv4 and IPv6 data packets based on the policies defined to override the switch’s forwarding decisions based on the routing table.
Set address to match route-map You can set an IPv4 or IPv6 address to match a route-map. 1 Enter the IPv4 or IPv6 address to match and specify the access-list name in Route-Map mode. match {ip | ipv6} address access-list-name 2 Set the next-hop IP address in Route-Map mode.
Verify IPv6 PBR configuration OS10# show ipv6 policy abc Interface Route-map ------------------------ethernet1/1/1 abc ethernet1/1/3 abc vlan100 abc show route-map pbr-sample pbr-statistics route-map pbr-sample, permit, sequence 10 Policy routing matches: 84 packets PBR commands clear route-map pbr-statistics Clears all PBR counters. Syntax clear route-map [map-name] pbr-statistics Parameters map-name—Enter the name of a configured route-map (up to 140 characters).
Parameters map-name—Enter the name of a configured route-map (up to 140 characters). Defaults Not configured Command Mode INTERFACE Usage Information None Example OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# ip policy route-map map1 Supported Releases 10.3.0E or later route-map pbr-statistics Enables counters for PBR statistics. Syntax route-map [map-name] pbr-statistics Parameters map-name—Enter the name of a configured route-map (up to 140 characters).
Defaults Not configured Command Mode ROUTE-MAP Usage Information None Example OS10(conf-route-map)# set ip next-hop 10.10.10.10 track-id 12 Supported Releases 10.3.0E or later show policy Displays policy information. Syntax show {ip | ipv6} policy [map-name] Parameters map-name — (Optional) Enter the name of a configured route map (up to 140 characters). Defaults None Command Mode EXEC Usage Information None Example OS10# show ip policy map-name Supported Releases 10.3.
Configure management VRF You can add only the management interfaces to the management VRF instance. Before you assign the management interface to the management VRF instance, remove all the configured settings, including the IP address, on the management interface. 1 Enter the ip vrf management command in the CONFIGURATION mode. 2 Add the management interface by using the interface management command in the VRF CONFIGURATION mode.
TFTP client Yes Yes Traceroute Yes Yes VLT backup link Yes Yes VRRP Yes Yes VRF commands interface management Adds management interface to the management VRF instance. Syntax interface management Parameters None Default Not configured Command Mode VRF CONFIGURATION Usage Information The no version of this command removes the management interface from the management VRF instance. Example OS10(config)# ip vrf management OS10(conf-vrf)# interface management Supported Releases 10.4.
Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the host name from the management VRF instance. Example OS10(config)# ip domain-name vrf management dell.com Supported Releases 10.4.0E(R1) or later ip ftp vrf Configures an FTP client for the management VRF instance.
Command Mode CONFIGURATION Usage Information The no version of this command removes the management VRF instance configuration from the HTTP client. Example OS10(config)# ip http vrf management Supported Releases 10.4.0E(R1) or later ip name-server vrf Configures a name server for the management VRF instance.
Supported Releases 10.4.0E(R1) or later ip tftp vrf Configures a TFTP client for the management VRF instance. Syntax ip tftp vrf management Parameters None Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the management VRF instance configuration from the TFTP client. Example OS10(config)# ip tftp vrf management Supported Releases 10.4.0E(R1) or later ip vrf management Configures the management VRF instance.
----------------------------------------------------------------------------------google.com 172.217.160.142 yahoo.com 98.139.180.180 Supported Releases 10.4.0E(R1) or later show ip vrf Displays the VRF instance information.
Configuration VRRP specifies a master (active) router that owns the next hop IP and MAC address for end stations on a LAN. The master router is chosen from the virtual routers by an election process and forwards packets sent to the next hop IP address. If the master router fails, VRRP begins the election process to choose a new master router which continues routing traffic. VRRP packets are transmitted with the virtual router MAC address as the source MAC address.
Create virtual router VRRP uses the VRID to identify each virtual router configured. Before using VRRP, you must configure the interface with the primary IP address and enable it. • Create a virtual router for the interface with the VRRP identifier in INTERFACE mode (1 to 255). vrrp-group vrrp-id • Delete a VRRP group in INTERFACE mode.
Set backup switches to VRRPv3 OS10_backup_switch1(config)# version 3 OS10_backup_switch2(config)# version 3 Virtual IP addresses Virtual routers contain virtual IP addresses configured for that VRRP group (VRID). A VRRP group does not transmit VRRP packets until you assign the virtual IP address to the VRRP group. To activate a VRRP group on an interface, configure at least one virtual IP address for a VRRP group.
interface ethernet1/1/2 switchport access vlan 1 no shutdown ! interface ethernet1/1/3 switchport access vlan 1 no shutdown ! interface ethernet1/1/4 switchport access vlan 1 --more-View VRRP information When the VRRP process completes initialization, the State field contains either master or backup. OS10# show vrrp brief Interface Group Priority Preemption State Master-addr Virtual addr(s) ---------------------------------------------------------------------------ethernet1/1/1 IPv4 10 100 true master 10.1.
Virtual IP address : 10.1.1.1 master-transitions : 1 advertise-rcvd : 0 advertise-interval-errors : 0 ip-ttl-errors : 0 priority-zero-pkts-rcvd : 0 priority-zero-pkts-sent : 0 invalid-type-pkts-rcvd : 0 address-list-errors : 0 pkt-length-errors : 0 Authentication Simple authentication of VRRP packets ensures that only trusted routers participate in VRRP processes. When you enable authentication, OS10 includes the password in its VRRP transmission.
! Last configuration change at Sep 24 07:17:45 2016 ! debug radius false snmp-server contact http://www.dell.com/support/softwarecontacts snmp-server location "United States" username admin password $6$q9QBeYjZ$jfxzVqGhkxX3smxJSH9DDz7/3OJc6m5wjF8nnLD7/VKx8SloIhp4NoGZs0I/ UNwh8WVuxwfd9q4pWIgNs5BKH. aaa authentication system:local ! interface ethernet1/1/5 ip address 1.1.1.1/16 no switchport no shutdown ! vrrp-group 254 priority 125 virtual-address 1.1.1.
advertisment-interval centisecs 200 priority 200 virtual-address 10.1.1.1 ! interface ethernet1/1/2 switchport access vlan 1 no shutdown Interface/object tracking You can monitor the state of any interface according to the virtual group. OS10 supports a maximum of 10 track groups and each track group can track a maximum of five interfaces. If the tracked interface goes down, the VRRP group’s priority decreases by a default value of 10 — also known as cost.
ip address 10.1.1.1/16 no switchport no shutdown ! vrrp-group 1 priority 200 virtual-address 10.1.1.1 ! interface ethernet1/1/2 switchport access vlan 1 no shutdown ! interface ethernet1/1/3 switchport access vlan 1 no shutdown ! interface ethernet1/1/4 switchport access vlan 1 no shutdown ! interface ethernet1/1/5 switchport access vlan 1 no shutdown ! interface ethernet1/1/6 switchport access vlan 1 no shutdown ! ..... .....
Example OS10(conf-eth1/1/6-vrid-250)# advertise-interval 120 centisecs 100 Supported Releases 10.2.0E or later authentication-type Enables authentication of VRRP data exchanges. Syntax authentication-type simple-text password [auth-text] Parameters • simple-text password — Enter a simple text password. • auth-text — (Optional) Enter a character string up to eight characters long as a password.
Usage Information To guarantee that a VRRP group becomes master, configure the VRRP group’s virtual address with same IP address as the interface’s primary IP address, and change the priority of the VRRP group to 255. If you set this command to 255 and the virtual-address is not equal to the interface’s primary IP address, the system displays an error message. The no version of this command resets the value to the default (100). Example OS10(conf-eth1/1/5-vrid-254)# priority 200 Supported Releases 10.
• priority cost value — (Optional) Enter a cost value to subtract from the priority value (1 to 254) Default 10 Command Mode INTERFACE-VRRP Usage Information If the interface is disabled, the cost value subtracts from the priority value and forces a new Master election. This election process is applicable when the priority value is lower than the priority value in the Backup virtual router. The no version of this command resets the value to the default.
enter or delete the virtual-address command. To guarantee that a VRRP group becomes Master, configure the VRRP group’s virtual address with the same IP address as the interface’s primary IP address and change the priority of the VRRP group to 255. You can ping the virtual addresses configured in all VRRP groups. The no version of this command deletes one or more virtual-addresses configured in the system. Example OS10(conf-eth1/1/5-vrid-254)# virtual address 10.1.1.15 Supported Releases 10.2.
Default Not configured Command Mode INTERFACE-VRRP Usage Information The VRRP group only becomes active and sends VRRP packets when you configure a virtual IP address. When you delete the virtual address, the VRRP group stops sending VRRP packets. The no version of this command removes the vrrp-ipv6–group configuration. Example OS10(conf-if-eth1/1/7)# vrrp-ipv6-group 250 Supported Releases 10.2.0E or later vrrp version Sets the VRRP protocol version for the IPv4 group.
6 System management Dynamic host configuration protocol Provides information to dynamically assign IP addresses and other configuration parameters to network hosts based on policies (see DHCP commands). Network time protocol Provides information about how to synchronize timekeeping between time servers and clients (see NTP commands). Security Provides information about role-based access control, RADIUS server, user roles, and user names (see Security eommands).
The table shows common options using DHCP packet formats.
DHCP automates network-parameter assignment to network devices. Even in small networks, DHCP is useful because it makes it easier to add new devices to the network. The DHCP access service minimizes the overhead required to add clients to the network by providing a centralized, server-based setup. This setup means you do not have to manually create and maintain IP address assignments for clients.
Address lease time Use the lease {days [hours] [minutes] | infinite} command to configure an address lease time (default 24 hours). OS10(config)# ip dhcp server OS10(conf-dhcp)# pool Dell OS10(conf-dhcp-Dell)# lease 36 Default gateway Ensure the IP address of the default router is on the same subnet as the client. 1 Enable DHCP server-assigned dynamic addresses on an interface in CONFIGURATION mode. ip dhcp server 2 Create an IP address pool and provide a name in DHCP mode.
NetBIOS WINS address resolution DHCP clients can be one of four types of NetBIOS nodes — broadcast, peer-to-peer, mixed, or hybrid. Dell EMC recommends using hybrid as the NetBIOS node type. 1 Enable DHCP server-assigned dynamic addresses on an interface in DHCP mode. ip dhcp server 2 Create an IP address pool and enter the pool name in DHCP mode. pool name 3 Enter the NetBIOS WINS name servers in order of preference that are available to DHCP clients in DHCP mode.
View DHCP Information Use the show ip dhcp binding command to view the DHCP binding table entries. View DHCP Binding Table OS10# show ip dhcp binding IP Address Hardware address Lease expiration Hostname +-------------------------------------------------------------------------11.1.1.
DHCP commands default-router address Assigns a default gateway to clients based on the IP address pool. Syntax Parameters default-router address [address2...address8] • address — Enter an IPv4 or IPv6 address to use as the default gateway for clients on the subnet in A.B.C.D or A::B format. • address2...address8 — (Optional) Enter up to eight IP addresses, in order of preference.
Command Mode DHCP-POOL Usage Information None Example OS10(conf-dhcp-Dell)# dns-server 192.168.1.1 Supported Releases 10.2.0E or later domain-name Configures the name of the domain where the device is located. Syntax domain-name domain-name Parameters domain-name — Enter the name of the domain (up to 32 characters). Default Not configured Command Mode DHCP-POOL Usage Information This is the default domain name that appends to hostnames that are not fully qualified.
Example OS10(conf-dhcp-Dell)# host 20.1.1.100 Supported Releases 10.2.0E or later ip dhcp server Enters DHCP mode. Syntax ip dhcp server Parameters None Default Not configured Command Mode CONFIGURATION Usage Information This command is used to enter DHCP mode. Example OS10(config)# ip dhcp server OS10(conf-dhcp)# Supported Releases 10.2.0E or later ip helper-address Forwards UDP broadcasts received on an interface to the DHCP server.
Default 24 hours Command Mode DHCP-POOL Usage Information The no version of this command removes the lease configuration. Example OS10(conf-dhcp-Dell)# lease 2 5 10 Example (Infinite) OS10(conf-dhcp-Dell)# lease infinite Supported Releases 10.2.0E or later netbios-name-server address Configures a NetBIOS WINS server which is available to DHCP clients. Syntax netbios-name-server ip-address [address2...address8] Parameters ip-address — Enter the address of the NetBIOS WINS server. address2...
network Configures a range of IPv4 or IPv6 addresses in the address pool. Syntax network address/mask Parameters address/mask — Enter a range of IP addresses and subnet mask in A.B.C.D/x or A::B/x format. Default Not configured Command Mode DHCP-POOL Usage Information Use this command to configure a range of IPv4 or IPv6 addresses. Example OS10(config-dhcp-Dell)# network 20.1.1.1/24 Supported Releases 10.2.0E or later pool Creates an IP address pool name.
DNS commands OS10 supports the configuration of a DNS host and domain parameters. ip domain-list Adds a domain name to the DNS list. This domain name appends to incomplete hostnames in DNS requests. Syntax ip domain-list [server-name] name Parameters • server-name — (Optional) Enter the server name to add a domain name to the DNS list. • name — Enter the name of the domain to append to the DNS list.
Default Not configured Command Mode CONFIGURATION Usage Information The name-to-IP address table uses this mapping information to resolve host names. The no version of this command disables the mapping. Example OS10(config)# ip host dell 1.1.1.1 Supported Releases 10.2.0E or later ip name-server Configures up to a three IPv4 or IPv6 addresses used for network name servers.
--------------------------------------------dell-pc1 20.1.1.1 Supported Releases 10.2.0E or later Network time protocol NTP synchronizes timekeeping among a set of distributed time servers and clients. The protocol coordinates time distribution in a large, diverse network. NTP clients synchronize with NTP servers that provide accurate time measurement. NTP clients choose from several NTP servers to determine which offers the best available source of time and the most reliable transmission of information.
View system clock state OS10(config)# do show system peer: system peer mode: leap indicator: stratum: precision: root distance: root dispersion: reference ID: reference time: system flags: jitter: stability: broadcastdelay: authdelay: ntp status 0.0.0.0 unspec 11 16 -22 0.00000 s 1.28647 s [73.78.73.84] 00000000.00000000 Mon, Jan monitor ntp kernel stats 0.000000 s 0.000 ppm 0.000000 s 0.000000 s 1 1900 0:00:00.
• vlan — Enter the keyword and VLAN number (1 to 4094). • loopback — Enter the keyword and number (0 to 16383). • mgmt — Enter the keyword and node/slot/port information (default 1/1/1). Configure source IP address OS10(config)# ntp source ethernet 1/1/10 View source IP configuration OS10(config)# do show running-configuration | grep source ntp source ethernet1/1/1 Authentication NTP authentication and the corresponding trusted key provide a reliable exchange of NTP packets with trusted time sources.
NTP commands ntp authenticate Enables authentication of NTP traffic between the device and the NTP time serving hosts. Syntax ntp authenticate Parameters None Default Not configured Command Mode CONFIGURATION Usage Information You must also configure an authentication key for NTP traffic using the ntp authentication-key command. The no version of this command disables NTP authentication. Example OS10(config)# ntp authenticate Supported Releases 10.2.
Default Not configured Command Mode INTERFACE Usage Information The no version of this command disables broadcast. Example OS10(conf-if-eth1/1/1)# ntp broadcast client Supported Releases 10.2.0E or later ntp disable By default, NTP is enabled on all interfaces. Prevents an interface from receiving NTP packets.
Usage Information The no version of this command resets the value to the default. Example OS10(config)# ntp master 6 Supported Releases 10.2.0E or later ntp server Configures an NTP time-serving host. Syntax Parameters ntp server {hostname | ipv4-address | ipv6-address} [key keyid] [prefer] • hostname — Enter the host name of the server. • ipv4–address | ipv6–address — Enter the IPv4 address (A.B.C.D) or IPv6 address (A::B) of the NTP server.
ntp trusted-key Sets a key to authenticate the system to which NTP synchronizes with. Syntax ntp trusted-key number Parameters number — Enter the trusted key ID (1 to 4294967295). Default Not configured Command Mode CONFIGURATION Usage Information The number parameter must be the same number as the number parameter in the ntp authenticationkey command. If you change the ntp authentication-key command, you must also change this command. The no version of this command removes the key.
*172.16.1.33 127.127.1.0 11 6 16 172.31.1.33 0.0.0.0 16 - 256 192.200.0.2 0.0.0.0 16 - 256 377 -0.08 -1499.9 104.16 0 0.00 0.000 16000.0 0 0.00 0.000 16000.0 OS10# show ntp associations vrf management remote local st poll reach delay offset disp ======================================================================= *1.1.1.2 1.1.1.1 3 64 1 0.00027 0.000056 0.43309 Supported Releases 10.2.0E or later show ntp status Displays NTP configuration information.
System clock OS10 uses NTP to synchronize the system clock with a time-serving host. If you do not use NTP, set the system time in EXEC mode. The hardware-based real-clock time (RTC) is reset to the new system time. You can set the current time and date after you disable NTP. When NTP is enabled, it overwrites the system time. • Enter the time and date in EXEC mode.
show clock Displays the current system clock settings. Syntax show clock Parameters None Default Not configured Command Mode EXEC Usage Information The universal time coordinated (UTC) value is the number of hours that your time zone is later than or earlier than UTC/Greenwich mean time. Example OS10# show clock 2017-01-25T11:00:31.68-08:00 Supported Releases 10.2.
Parameters timeout-value — Enter the timeout value in seconds (0 to 3600). Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command disables the timeout. Example OS10(config)# exec-timeout 300 OS10(config)# Supported Releases 10.3.1E or later kill-session Terminate a user session. Syntax kill-session session-ID Parameters session-ID — Enter the user session ID.
Telnet server To allow Telnet TCP/IP connections to an OS10 switch, enable the Telnet server. The OS10 Telnet server uses the Debian telnetd package. By default, the Telnet server is disabled. When the Telnet server is enabled, connect to the switch using the IP address configured on the management or any front-panel port. The Telnet server configuration is persistent and is maintained after you reload the switch. To verify the Telnet server configuration, enter the show running-configuration command.
Parameters • management — Configures the management VRF to be used to reach the Telnet server. Default The Telnet server is reachable on the default VRF. Command Mode CONFIGURATION Usage Information By default, the Telnet server is disabled. To enable the Telnet server, enter the telnet enable command. To configure the Telnet server to be reachable on the management VRF instance, use the ip telnet server vrf management command.
UFT Mode L2 MAC Table Size L3 Host Table Size L3 Routes Table Size Default 81920 69632 131072 Configure UFT modes Available UFT modes include L2 MAC table, L3 host table, or L3 route table sizes. • Select a mode to initialize the maximum table size in CONFIGURATION mode. hardware forwarding-table mode [scaled-l2 | scaled-l3-routes | scaled-l3-hosts] • Disable UFT mode in CONFIGURATION mode.
Example OS10(config)# hardware forwarding-table mode scaled-l3-hosts Supported Releases 10.3.0E or later show hardware forwarding-table mode Displays the current hardware forwarding table mode, and the mode after the next boot. Syntax show hardware forwarding-table mode Parameters None Defaults None Command Mode EXEC Usage Information Use this command to view the current hardware forwarding table mode and the mode after the next boot.
The authentication methods in the method list are executed in the order in which they are configured. You can re-enter the methods to change the order. The local authentication method must always be in the list. If a console user logs in with RADIUS authentication, the privilege-level applies from the RADIUS server if you configured the privilege-level for that user in RADIUS.
Create password rules OS10(config)# password-attributes min-length 7 character-restriction upper 4 numeric 2 Display password rules OS10(config)# do show running-configuration password-attributes password-attributes min-length 7 character-restriction upper 4 numeric 2 Role-based access control RBAC provides control for access and authorization. Users are granted permissions based on defined roles — not on their individual system user ID.
----- ----- ------- -------- ----------- ----- ---------------------- ---1 ttyS0 admin sysadmin login/clish . 2016-04-14 02:06:00 RADIUS server host When configuring a RADIUS server host, you can set different communication parameters, such as a user datagram protocol (UDP) port, key password, number of retries, and timeout. • Enter the host name or IP address of the RADIUS server host in CONFIGURATION mode.
radius-server key supersecret radius-server retransmit 10 radius-server timeout 10 ... SSH Server The secure shell (SSH) server allows an SSH client to access an OS10 switch through a secure, encrypted connection. Configure SSH server • The SSH server is enabled by default. You can disable the SSH server using no ip ssh server enable. • Challenge response authentication is disabled by default. To enable, use the ip ssh server challenge-responseauthentication command.
OS10(config-ipv4-acl)# exit OS10(config)# line vty OS10(config-line-vty)# ip access-class permit10 OS10(config-line-vty)# View access list configuration OS10(config-line-vty)# show configuration ! line vty ip access-class permit10 ipv6 access-class deny10 OS10(config-line-vty)# Enable login statistics To monitor system security, allow users to view their own login statistics when they sign in to the system. A large number of login failures or an unusual login location may indicate a system hacker.
Command Mode CONFIGURATION Usage Information There is no no version of this command. To reset the authentication method to local, enter the aaa authentication local command. Example OS10(config)# aaa authentication radius Supported Releases 10.2.0E or later aaa re-authenticate enable Requires user re-authentication after a change in the authentication method or server.
Parameters access-list-name—Enter the access list name. Default Not configured Command Mode LINE VTY CONFIGURATION Usage Information The no version of this command removes the filter. Example OS10(config)# line vty OS10(config-line-vty)# ipv6 access-class permit10 Supported Releases 10.4.0E(R1) or later ip ssh server challenge-response-authentication Enable challenge response authentication in an SSH server.
• aes256-ctr • aes128-gcm@openssh.com • aes256-gcm@openssh.com • chacha20-poly1305@opens Command Mode CONFIGURATION Usage Information The no version of this command removes the configuration. Example OS10(config)# ip ssh server cipher 3des-cbc aes128-cbc Supported Releases 10.3.0E or later ip ssh server enable Enable the SSH server.
Default • curve25519-sha256 • diffie-hellman-group1-sha1 • diffie-hellman-group14-sha1 • diffie-hellman-group-exchange-sha1 • diffie-hellman-group-exchange-sha256 • ecdh-sha2-nistp256 • ecdh-sha2-nistp384 • ecdh-sha2-nistp521 • curve25519-sha256 • diffie-hellman-group14-sha1 • diffie-hellman-group-exchange-sha256 • ecdh-sha2-nistp256 • ecdh-sha2-nistp384 • ecdh-sha2-nistp521 Command Mode CONFIGURATION Usage Information The no version of this command removes the configuration.
Default • umac-128-etm@openssh.com • hmac-sha1 • hmac-sha2-256 • hmac-sha2-512 • umac-64@openssh.com • umac-128@openssh.com • hmac-sha1-etm@openssh.com • hmac-sha2-256-etm@openssh.com • hmac-sha2-512-etm@openssh.com • umac-64-etm@openssh.com • umac-128-etm@openssh.com Command Mode CONFIGURATION Usage Information The no version of this command removes the configuration. Example OS10(config)# ip ssh server mac hmac-md5 hmac-md5-96 hmac-ripemd160 Supported Releases 10.3.
ip ssh server pubkey-authentication Enable public key authentication in an SSH server. Syntax ip ssh server pubkey-authentication Parameters None Default Enabled Command Mode CONFIGURATION Usage Information The no version of this command disables the public key authentication. Example OS10(config)# ip ssh server pubkey-authentication Supported Releases 10.3.0E or later ip ssh server vrf Configures the SSH server for the management VRF instance.
login-statistics enable Enables the display of login statistics to users. Syntax login-statistics enable Parameters None Default Disabled Command Mode CONFIGURATION Usage Information Only the sysadmin and secadmin roles have access to this command. When enabled, user login information, including the number of successful and failed logins, role changes, and the last time a user logged in, is displayed after a successful login.
Example OS10(config)# password-attributes min-length 6 character-restriction upper 2 lower 2 numeric 2 Supported Releases 10.4.0E(R1) or later radius-server host Configures the RADIUS server hostname. Syntax Parameters radius-server host [hostname | ip-address] [auth-port port-number | key authentication-key] • hostname — Enter the name of the RADIUS server host. • ip-address — Enter the IPv4 (A.B.C.D) or IPv6 (x:x:x:x::x) address of the RADIUS server host.
radius-server retransmit Configures the number of attempts to retry the RADIUS server. Syntax radius-server retransmit retries Parameters retries — Enter the number of retry attempts (0 to 100). Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command resets the value to the default. Example OS10(config)# radius-server retransmit 50 Supported Releases 10.2.0E or later radius-server timeout Configures the timeout for RADIUS server retransmission.
show ip ssh Displays the SSH server information. Syntax show ip ssh Parameters None Default Not configured Command Mode EXEC Usage Information Use this command to view information about the established SSH sessions. Example OS10# show ip ssh SSH Server: Enabled -------------------------------------------------SSH Server Ciphers: chacha20-poly1305@openssh.com,aes128-ctr, aes192-ctr,aes256-ctr, aes128-gcm@openssh.com,aes256-gcm@openssh.com SSH Server MACs: umac-64-etm@openssh.
Role User Change -------- ----admin False netadmin False mltest False #Fail since last Login ----0 0 0 During Timeframe #Fail #Success -------------1 13 0 5 0 1 Last Login Date/Time -----------------2017-11-02T16:02:44Z 2017-11-02T15:59:04Z 2017-11-01T15:42:07Z Location ---------in (00:00) 1001:10:16:210::4001 OS10# show login-statistics user mltest User : mltest Role changed since last login : False Failures since last login : 0 Time-frame in days : 25 Failures in time period : 0 Successes in time per
Default Command Mode Usage Information • netadmin — Full access to configuration commands that manage traffic flowing through the switch, such as routes, interfaces, and ACLs. A network administrator cannot access configuration commands for security features or view security information. • netoperator — Access to EXEC mode to view the current configuration. A network operator cannot modify any configuration setting on a switch. • User name and password entries are in clear text.
Example OS10(config)# snmp-server community public ro Supported Releases 10.2.0E or later snmp-server contact Configures contact information for troubleshooting this SNMP node. Syntax snmp-server contact text Parameters text — Enter an alphanumeric text string (up to 55 characters). Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes the SNMP server contact information.
OS10 image upgrade The image download command simply downloads the software image — it does not install the software on your device. The image install command installs the downloaded image to the standby partition. 1 (Optional) Backup the current running configuration to the startup configuration in EXEC mode. copy running-configuration startup-configuration 2 Backup the startup configuration in EXEC mode. copy config://startup.
• active — Resets the running partition as the subsequent boot partition. • standby — Sets the standby partition as the subsequent boot partition. View boot detail OS10# show boot detail Current system image information detail: ========================================== Type: Node-id 1 Boot Type: Flash Boot Active Partition: B Active SW Version: 10.2.EE.1965 Active Kernel Version: Linux 3.16.7-ckt20 Active Build Date/Time: 2016-04-28T02:50:10Z Standby Partition: A Standby SW Version: 10.2.EE.
image cancel Cancels an active image download. Syntax image cancel Parameters None Default Not configured Command Mode EXEC Usage Information This command attempts to cancel an active file download in progress. Example OS10# image cancel Supported Releases 10.2.0E or later image copy Copies the entire image in the active partition to the standby partition (mirror image).
Command Mode EXEC Usage Information Use the show image status command to view the progress. Example OS10# image download ftp://admin@10.206.28.174:/PKGS_OS10-Enterprise-10.4.0E. 55-installer-x86_64.bin Supported Releases 10.2.0E or later image install Installs a new image, either from a previously downloaded file or from a remote location.
--------------------------------------------------------Node-id 1 Flash Boot [B] 10.2.0E [A] 10.2.0E [B] active Example (Detail) OS10# show boot detail Current system image information detail: ========================================== Type: Node-id 1 Boot Type: Flash Boot Active Partition: B Active SW Version: 10.2.0E Active Kernel Version: Linux 3.16.7-ckt25 Active Build Date/Time: 2016-10-03T23:11:14Z Standby Partition: A Standby SW Version: 10.2.
Default Not configured Command Mode EXEC Usage Information None Example OS10# show version Dell EMC Networking OS10 Enterprise Copyright (c) 1999-2017 by Dell Inc. All Rights Reserved. OS Version: 10.4.0E(R1) Build Version: 10.4.0E(R1.55) Build Time: 2017-12-14T23:39:27-0800 System Type: S4148U-ON Architecture: x86_64 Up Time: 3 days 19:09:54 Supported Releases 10.2.
7 Access Control Lists OS10 uses two types of access policies — hardware-based ACLs and software-based route-maps. Use an ACL to filter traffic and drop or forward matching packets. To redistribute routes that match configured criteria, use a route-map. ACLs ACLs are a filter containing criterion to match; for example, examine IP, TCP, or UDP packets, and an action to take such as forwarding or dropping packets at the NPU. ACLs permit or deny traffic based on MAC and/or IP addresses.
Ingress and egress hot-lock ACLs allow you to append or delete new rules into an existing ACL without disrupting traffic flow. Existing entries in the CAM shuffle to accommodate the new entries. Hot-lock ACLs are enabled by default and support ACLs on all platforms. NOTE: Hot-lock ACLs support ingress ACLs only. MAC ACLs MAC ACLs filter traffic on the Layer 2 (L2) header of a packet.
Permit all packets on interface OS10(config)# ip access-list ABC OS10(conf-ipv4-acl)# permit ip any 10.1.1.1/32 OS10(conf-ipv4-acl)# deny ip any 10.1.1.1/32 fragments L3 ACL rules Use ACL commands for L3 packet filtering. TCP packets from host 10.1.1.1 with the TCP destination port equal to 24 are permitted, and all others are denied. TCP packets that are first fragments or non-fragmented from host 10.1.1.
Assign sequence number to filter IP ACLs filter on source and destination IP addresses, IP host addresses, TCP addresses, TCP host addresses, UDP addresses, and UDP host addresses. Traffic passes through the filter by filter sequence. Configure the IP ACL by first entering IP ACCESS-LIST mode and then assigning a sequence number to the filter. User-provided sequence number • Enter IP ACCESS LIST mode by creating an IP ACL in CONFIGURATION mode.
• Egress L2 ACL Table 5. L2 and L3 targeted traffic L2 ACL / L3 ACL Targeted traffic Deny / Deny L3 ACL denies Deny / Permit L3 ACL permits Permit / Deny L3 ACL denies Permit / Permit L3 ACL permits Assign and apply ACL filters To filter an Ethernet interface, a port-channel interface, or a VLAN, assign an IP ACL filter to a physical interface. The IP ACL applies to all traffic entering a physical or port-channel interface.
• Apply the ACL as an inbound or outbound ACL on an interface in CONFIGURATION mode, and view the number of packets matching the ACL. show ip access-list {in | out} Ingress ACL filters To create an ingress ACL filter, use the ip access-group command in EXEC mode. To configure ingress, use the in keyword. Apply rules to the ACL with the ip access-list acl-name command. To view the access-list, use the show access-lists command.
ethernet1/1/29 seq 10 deny ip any any fragment count (100 packets) Clear access-list counters Clear IPv4, IPv6, or MAC access-list counters for a specific access-list or all lists. The counter counts the number of packets that match each permit or deny statement in an access-list. To get a more recent count of packets matching an access-list, clear the counters to start at zero. If you do not configure an access-list name, all IP access-list counters clear.
Route-maps Route-maps a series of commands that contain a matching criterion and action. They change the packets meeting the matching criterion. ACLs and prefix-lists can only drop or forward the packet or traffic while route-maps process routes for route redistribution. For example, use a route-map to filter only specific routes and to add a metric. • Route-maps also have an implicit deny.
View route-map configuration OS10(conf-router-bgp-neighbor-af)# do show route-map route-map test1, deny, sequence 10 Match clauses: ip address prefix-list p1 Set clauses: route-map test2, permit, sequence 10 Match clauses: ip address prefix-list p1 Set clauses: route-map test3, deny, sequence 10 Match clauses: ip address prefix-list p2 Set clauses: route-map test4, permit, sequence 10 Match clauses: ip address prefix-list p2 Set clauses: Match routes Configure match criterion for a route-map.
• Enter an ORIGIN attribute in ROUTE-MAP mode. set origin {egp | igp | incomplete} • Enter a tag value for the redistributed routes in ROUTE-MAP mode, from 0 to 4294967295. set tag tag-value • Enter a value as the route’s weight in ROUTE-MAP mode, from 0 to 65535. set weight value Check set conditions OS10(config)# route-map ip permit 1 OS10(conf-route-map)# match metric 2567 continue Clause Only BGP route-maps support the continue clause.
If you configure the flow-based enable command and do not apply an ACL on the source port or the monitored port, both flow-based monitoring and port mirroring do not function. Flow-based monitoring is supported only for ingress traffic. The show monitor session session-id command displays output which indicates if a particular session is enabled for flowmonitoring. View flow-based monitoring OS10# show monitor session 1 S.
View monitor sessions OS10(conf-if-eth1/1/1)# show monitor session all S.Id Source Destination Dir SrcIP DstIP DSCP TTL State Reason ---------------------------------------------------------------------------1 ethernet1/1/1 ethernet1/1/4 both N/A N/A N/A N/A true Is UP ACL commands clear ip access-list counters Clears ACL counters for a specific access-list.
clear mac access-list counters Clears counters for a specific or all MAC access lists. Syntax clear mac access-list counters [access-list-name] Parameters access-list-name — (Optional) Enter the name of the MAC access list to clear counters. A maximum of 140 characters. Default Not configured Command Mode EXEC Usage Information If you do not enter an access-list name, all MAC access-list counters clear.
Example OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# deny udp any any capture session 1 count Supported Releases 10.2.0E or later deny (IPv6) Configures a filter to drop packets with a specific IPv6 address.
• any — (Optional) Set routes which are subject to the filter. • protocol-number — (Optional) MAC protocol number identified in the header, from 600 to ffff. • capture — (Optional) Capture packets the filter processes. • cos — (Optional) CoS value, from 0 to 7. • count — (Optional) Count packets the filter processes. • vlan — (Optional) VLAN number, from 1 to 4094.
deny icmp (IPv6) Configures a filter to drop all or specific ICMP messages. Syntax deny icmp [A::B | A::B/x | any | host ipv6-address] [A::B | A::B/x | any | host ipv6-address] [capture | count [byte] | dscp value | fragment] Parameters • A::B — Enter the IPv6 address in hexadecimal format separated by colons. • A::B/x — Enter the number of bits to match to the IPv6 address.
Usage Information OS10 cannot count both packets and bytes; when you use the count byte options, only bytes increment. The no version of this command removes the filter. Example OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# deny ip any any capture session 1 count Supported Releases 10.2.0E or later deny ipv6 Configures a filter to drop all or specific packets from an IPv6 address.
• • • byte — (Optional) Count bytes the filter processes. • dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63. • fragment — (Optional) Use ACLs to control packet fragments. • ack — (Optional) Set the bit as acknowledgement. • fin — (Optional) Set the bit as finish—no more data from sender. • psh — (Optional) Set the bit as push. • rst — (Optional) Set the bit as reset. • syn — (Optional) Set the bit as synchronize. • urg — (Optional) Set the bit set as urgent.
• • lt — Lesser than • neq — Not equal to • range — Range of ports, including the specified port numbers. host ipv6-address — (Optional) Enter the IPv6 address to use a host address only. Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you use the count byte options, only bytes increment. The no version of this command removes the filter.
Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes; when you use the count byte options, only bytes increment. The no version of this command removes the filter. Example OS10(config)# ip access-list testflow OS10(conf-ipv4-acl)# deny udp any any capture session 1 count Supported Releases 10.2.0E or later deny udp (IPv6) Configures a filter to drop UDP IPv6 packets that match filter criteria.
Supported Releases 10.2.0E or later description Configures an ACL description. Syntax description text Parameters text — Enter the description text string. A maximum of 80 characters. Default Disabled Command Modes IPV4-ACL, IPV6-ACL, MAC-ACL Usage Information The no version of this command deletes the ACL description. Example OS10(conf-ipv4-acl)# description ipacltest Supported Releases 10.2.0E or later ip access-group Assigns an IP access group to an interface.
Supported Releases 10.2.0E or later ip as-path deny Defines a BGP access list. Syntax ip as-path access-list name deny ASNumber Parameters • name — Enter the access list name, from 1 to 140. • ASNumber — Enter the AS number. Defaults Not configured Command Mode CONFIGURATION Usage Information You can specify an access list filter on both inbound and outbound BGP routes. Each filter is an access list based on regular expressions.
ip community-list standard deny Creates a standard community list for BGP to deny access. Syntax Parameters ip community-list standard name deny {aa:nn | no-advertise | local-AS | noexport | internet} • name — Enter the name of the standard community list used to identify one more deny groups of communities. • aa:nn — Enter the community number in the format aa:nn, where aa is the number that identifies the autonomous system and nn is a number the identifies the community within the autonomous system.
ip extcommunity-list standard deny Creates an extended community list for BGP to deny access. Syntax ip extcommunity-list standard name deny {4byteas-generic | rt | soo} Parameters • name — Enter the name of the community list used to identify one or more deny groups of extended communities. • 4byteas-generic—Enter the generic extended community then the keyword transitive or nontransitive. • rt — Enter the route target. • soo — Enter the route origin or site-of-origin.
Parameters • name — Enter the name of the prefix list. • description — Enter the description for the named prefix list. Defaults Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the specified prefix list. Example OS10(config)# ip prefix-list TEST description TEST_LIST Supported Release 10.3.0E or later ip prefix-list deny Creates a prefix list to deny route filtering from a specified network address.
Example OS10(config)# ip prefix-list allowprefix permit 10.10.10.1/16 ge 10 Supported Release 10.3.0E or later ip prefix-list seq deny Configures a filter to deny route filtering from a specified prefix list. Syntax ip prefix-list name seq num deny {A.B.C.D/x [ge | le] prefix-len} Parameters • name — Enter the name of the prefix list. • num — Enter the sequence list number. • A.B.C.D/x — Enter the source network address and mask in /prefix format (/x).
ipv6 access-group Assigns an IPv6 access list to an interface. Syntax Parameters ipv6 access-group access-list-name {in | out} • access-list-name — Enter the name of an IPv6 ACL. A maximum of 140 characters. • in — Apply the ACL to incoming traffic. • out — Apply the ACL to outgoing traffic. Default Not configured Command Mode INTERFACE Usage Information The no version of this command deletes an IPv6 ACL configuration.
Command Mode CONFIGURATION Usage Information The no version of this command removes the specified prefix list. Example OS10(config)# ipv6 prefix-list TEST deny AB10::1/128 ge 10 le 30 Supported Release 10.3.0E or later ipv6 prefix-list description Configures a description of an IPv6 prefix-list. Syntax ipv6 prefix-list name description Parameters • name — Enter the name of the IPv6 prefix-list. • description — Enter the description for the named prefix-list.
ipv6 prefix-list seq deny Configures a filter to deny route filtering from a specified prefix-list. Syntax Parameters ipv6 prefix-list [name] seq num deny {A::B/x [ge | le] prefix-len} • name — (Optional) Enter the name of the IPv6 prefix-list. • num — Enter the sequence number of the specified IPv6 prefix-list. • A::B/x — Enter the IPv6 address and mask in /prefix format (/x). • ge — Enter to indicate the network address is greater than or equal to the range specified.
mac access-group Assigns a MAC access list to an interface. Syntax mac access-group access-list-name {in | out} Parameters • access-list-name — Enter the name of a MAC access list. A maximum of 140 characters. • in — Apply the ACL to incoming traffic. • out — Apply the ACL to outgoing traffic. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command resets the value to the default.
• A.B.C.D — Enter the IP address in dotted decimal format. • A.B.C.D/x — Enter the number of bits that must match the dotted decimal address. • any — (Optional) Set all routes which are subject to the filter: • • capture — (Optional) Capture packets the filter processes. • count — (Optional) Count packets the filter processes. • byte — (Optional) Count bytes the filter processes. • dscp value — (Optional) Permit a packet based on the DSCP values, from 0 to 63.
Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter. Example OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# permit udp any any capture session 1 count Supported Releases 10.2.0E or later permit (MAC) Configures a filter to allow packets with a specific MAC address.
• • count — (Optional) Count packets the filter processes. • byte — (Optional) Count bytes the filter processes. • dscp value — (Optional) Permit a packet based on the DSCP values, from 0 to 63. • fragment — (Optional) Use ACLs to control packet fragments. host ip-address — (Optional) Enter the IP address to use a host address only.
permit ip Configures a filter to permit all or specific packets from an IP address. Syntax permit ip [A.B.C.D | A.B.C.D/x | any | host ip-address] [[A.B.C.D | A.B.C.D/x | any | host ip-address] [capture |count bytes | dscp | fragments] Parameters • A.B.C.D — Enter the IP address in dotted decimal format. • A.B.C.D/x — Enter the number of bits to match to the dotted decimal address.
Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter. Example OS10(conf-ipv6-acl)# permit ipv6 any any count capture session 1 count Supported Releases 10.2.0E or later permit tcp Configures a filter to permit TCP packets meeting the filter criteria. Syntax Parameters permit tcp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.
permit tcp (IPv6) Configures a filter to permit TCP packets meeting the filter criteria. Syntax permit tcp [A::B | A::B/x | any | host ipv6-address [eq | lt | gt | neq | range]] [A::B | A:B/x | any | host ipv6-address [eq | lt | gt | neq | range]] [ack | fin | psh | rst | syn | urg] [capture | count [byte] | dscp value | fragment] Parameters • A::B — Enter the IPv6 address in hexadecimal format separated by colons. • A::B/x — Enter the number of bits that must match the IPv6 address.
• • lt — (Optional) Permit packets which are less than. • gt — (Optional) Permit packets which are greater than. • neq — (Optional) Permit packets which are not equal to. • range — (Optional) Permit packets with a specific source and destination address. • ack — (Optional) Set the bit as acknowledgement. • fin — (Optional) Set the bit as finish—no more data from sender. • psh — (Optional) Set the bit as push. • rst — (Optional) Set the bit as reset.
• • gt — Greater than • lt — Lesser than • neq — Not equal to • range — Range of ports, including the specified port numbers. host ipv6-address — (Optional) Enter the keyword and the IPv6 address to use a host address only. Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter.
• udp — (Optional) Enter the UDP address to deny. • A.B.C.D — Enter the IP address in dotted decimal format. • A.B.C.D/x — Enter the number of bits that must match the dotted decimal address. • any — (Optional) Set all routes which are subject to the filter: • • capture — (Optional) Capture packets the filter processes. • count — (Optional) Count packets the filter processes. • byte — (Optional) Count bytes the filter processes.
Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment. The no version of this command removes the filter, or use the no seq sequence-number command if you know the filter’s sequence number. Example OS10(config)# ipv6 access-list ipv6test OS10(conf-ipv6-acl)# seq 5 deny ipv6 any any capture session 1 count Supported Releases 10.2.
seq deny icmp Assigns a filter to deny internet control message protocol (ICMP) messages while creating the filter. Syntax Parameters seq sequence-number deny icmp [A.B.C.D | A.B.C.D/x | any | host ip-address] [A.B.C.D | A.B.C.D/x | any | host ip-address] [capture | count [byte] | dscp value| fragment] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A.B.C.D — Enter the IP address in dotted decimal format. • A.B.C.
• • dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63. • fragment — (Optional) Use ACLs to control packet fragments. host ipv6-address — (Optional) Enter the IPv6 address to use a host address only. Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment.
seq deny ipv6 Assigns a filter to deny IPv6 addresses while creating the filter. Syntax Parameters seq sequence-number deny ip [A::B | A::B/x | any | host ipv6-address] [A::B | A:B/x | any | host ipv6-address] [capture | count [byte] | dscp value | fragment] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A::B — Enter the IPv6 address in hexadecimal format separated by colons.
• • • dscp value — (Optional) Deny a packet based on the DSCP values, from 0 to 63. • fragment — (Optional) Use ACLs to control packet fragments. • ack — (Optional) Set the bit as acknowledgement. • fin — (Optional) Set the bit as finish—no more data from sender. • psh — (Optional) Set the bit as push. • rst — (Optional) Set the bit as reset. • syn — (Optional) Set the bit as synchronize. • urg — (Optional) Set the bit set as urgent.
• • • psh — (Optional) Set the bit as push. • rst — (Optional) Set the bit as reset. • syn — (Optional) Set the bit as synchronize. • urg — (Optional) Set the bit set as urgent. operator — (Optional) Enter a logical operator to match the packets on the specified port number. The following options are available: • eq — Equal to • gt — Greater than • lt — Lesser than • neq — Not equal to • range — Range of ports, including the specified port numbers.
• • • urg — (Optional) Set the bit set as urgent. operator — (Optional) Enter a logical operator to match the packets on the specified port number. The following options are available: • eq — Equal to • gt — Greater than • lt — Lesser than • neq — Not equal to • range — Range of ports, including the specified port numbers. host ip-address — (Optional) Enter the IP address to use a host address only.
• • gt — Greater than • lt — Lesser than • neq — Not equal to • range — Range of ports, including the specified port numbers. host ipv6-address — (Optional) Enter the IPv6 address to use a host address only. Default Not configured Command Mode IPV6-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment.
seq permit (IPv6) Assigns a sequence number to permit IPv6 packets, while creating a filter. Syntax seq sequence-number permit protocol-number [A::B | A::B/x | any | host ipv6address] [A::B | A:B/x | any | host ipv6-address] [capture | count [byte] | dscp value | fragment] Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • protocol-number — (Optional) Enter the protocol number, from 0 to 255.
• capture — (Optional) Enter the capture packets the filter processes. • cos — (Optional) Enter the CoS value, from 0 to 7. • count — (Optional) Enter the count packets the filter processes. • byte — (Optional) Enter the count bytes the filter processes. • vlan — (Optional) Enter the VLAN number, from 1 to 4094. Default Not configured Command Mode MAC-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment.
seq permit icmp (IPv6) Assigns a sequence number to allow ICMP messages while creating the filter. Syntax seq sequence-number permit icmp [A::B | A::B/x | any | host ipv6-address] [A::B | A:B/x | any | host ipv6-address] [capture | count [byte] | dscp value | fragment] Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A::B — Enter the IPv6 address in hexadecimal format separated by colons.
• • dscp value — (Optional) Permit a packet based on the DSCP values, from 0 to 63. • fragment — (Optional) Use ACLs to control packet fragments. host ip-address — (Optional) Enter the IP address to use a host address only. Default Not configured Command Mode IPV4-ACL Usage Information OS10 cannot count both packets and bytes; when you enter the count byte options, only bytes increment.
seq permit tcp Assigns a sequence number to allow TCP packets while creating the filter. Syntax seq sequence-number permit tcp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [operator] ] [ack | fin | psh | rst | syn | urg] [capture |count [byte] | dscp value | fragment] Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A.B.C.
seq permit tcp (IPv6) Assigns a sequence number to allow TCP IPv6 packets while creating the filter. Syntax Parameters seq sequence-number permit tcp [A::B | A::B/x | any | host ipv6-address [operator]] [A::B | A:B/x | any | host ipv6-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | count [byte] | dscp value| fragment] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214.
seq permit udp Assigns a sequence number to allow UDP packets while creating the filter. Syntax seq sequence-number permit udp [A.B.C.D | A.B.C.D/x | any | host ip-address [operator]] [[A.B.C.D | A.B.C.D/x | any | host ip-address [operator] ] [ack | fin | psh | rst | syn | urg] [capture |count [byte] | dscp value | fragment] Parameters • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214. • A.B.C.
seq permit udp (IPv6) Assigns a sequence number to allow UDP IPv6 packets while creating a filter. Syntax Parameters seq sequence-number permit udp [A::B | A::B/x | any | host ipv6-address [operator]] [A::B | A:B/x | any | host ipv6-address [operator]] [ack | fin | psh | rst | syn | urg] [capture | count [byte] | dscp value | fragment] • sequence-number — Enter the sequence number to identify the route-map for editing and sequencing number, from 1 to 16777214.
show access-group Displays IP, MAC, or IPv6 access-group information. Syntax show {ip | mac | ipv6} access-group name Parameters • ip — View IP access list information. • mac — View MAC access group information. • ipv6 — View IPv6 access group information. • access-group name — Enter the name of the access group.
Active on interfaces : ethernet 3/0 ethernet 3/1 seq 10 permit any any seq 20 permit 11:11:11:11:11:11 22:22:22:22:22:22 any monitor count bytes (0 bytes) Example (MAC Out) OS10# show mac access-lists out Egress MAC access list aaa Active on interfaces : ethernet 3/0 ethernet 3/1 seq 10 permit any any seq 20 permit 11:11:11:11:11:11 22:22:22:22:22:22 any monitor count bytes (0 bytes) Example (IP In) OS10# show ip access-lists in Ingress IP access list aaaa Active on interfaces : ethernet 3/0 ethernet 3/1 s
show ip as-path-access-list Displays the configured AS path access lists. Syntax show ip as-path-access-list [name] Parameters name — (Optional) Specify the name of the AS path access list. Defaults None Command Mode EXEC Usage Information None Example OS10# show ip as-path-access-list ip as-path access-list hello permit 123 deny 35 Supported Releases 10.3.0E or later show ip community-list Displays the configured IP community lists in alphabetic order.
permit RT:1:1 deny SOO:1:4 Supported Releases 10.3.0E or later show ip prefix-list Displays configured IPv4 or IPv6 prefix list information. Syntax Parameters show {ip | ipv6} prefix-list [prefix-name] • ip | ipv6—(Optional) Displays information related to IPv4 or IPv6. • prefix-name — Enter a text string for the prefix list name. A maximum of 140 characters. Defaults None Command Mode EXEC Usage Information None Example OS10# show ip prefix-list ip prefix-list hello: seq 10 deny 1.2.3.
match as-path Configures a filter to match routes that have a certain AS path in their BGP paths. Syntax match as-path as-path-name Parameters as-path-name — Enter the name of an established AS-PATH ACL. A maximum of 140 characters. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes a match AS path filter. Example OS10(config)# route-map bgp OS10(conf-route-map)# match as-path pathtest1 Supported Releases 10.3.
Example OS10(config)# route-map bgp OS10(conf-route-map)# match extcommunity extcommlist1 exact-match Supported Releases 10.3.0E or later match interface Configures a filter to match routes whose next-hop is the configured interface. Syntax match interface interface Parameters interface — Interface type: • ethernet node/slot/port[:subport] — Enter the Ethernet interface information as the next-hop interface.
match ip next-hop Configures a filter to match based on the next-hop IP addresses specified in IP prefix lists. Syntax match ip next-hop prefix-list prefix-list Parameters prefix-list — Enter the name of the configured prefix list. A maximum of 140 characters. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes the match. Example OS10(config)# route-map bgp OS10(conf-route-map)# match ip next-hop Supported Releases prefix-list test100 10.3.
Supported Releases 10.3.0E or later match metric Configures a filter to match on a specific value. Syntax match metric metric-value Parameters metric-value — Enter a value to match the route metric against, from 0 to 4294967295. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes the match. Example OS10(conf-route-map)# match metric 429132 Supported Releases 10.2.
• local — Match only on routes generated locally. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes the match. Example OS10(config)# route-map bgp OS10(conf-route-map)# match route-type external type-1 Supported Releases 10.3.0E or later match tag Configures a filter to redistribute only routes that match a specific tag value.
set comm-list add Add communities in the specified list to the COMMUNITY attribute in a matching inbound or outbound BGP route. Syntax set comm-list {community-list-name} add Parameters community-list-name — Enter the name of an established community list (up to 140 characters).
• community-number — Enter the community number in aa:nn format, where aa is the AS number (2 bytes) and nn is a value specific to that AS. Default Not configured Command Mode ROUTE-MAP Usage Information The no version of this command deletes a BGP COMMUNITY attribute assignment. Example OS10(config)# route-map bgp OS10(conf-route-map)# set community none Supported Releases 10.3.
set extcommunity Sets the extended community attributes in a route map for BGP updates. Syntax Parameters set extcommunity rt {asn2:nn | asn4:nnnn | ip-addr:nn} • asn2:nn — Enter an AS number in 2-byte format; for example, 1–65535:1–4294967295. • asn4:nnnn — Enter an AS number in 4-byte format; for example, 1–4294967295:1–65535 or 1–65535.1– 65535:1–65535. • ip-addr:nn — Enter an AS number in dotted format, from 1 to 65535.
Default Not configured Command Mode ROUTE-MAP Usage Information To establish an absolute metric, do not enter a plus or minus sign before the metric value. To establish a relative metric, enter a plus or minus sign immediately preceding the metric value. The value is added to or subtracted from the metric of any routes matching the route map. You cannot use both an absolute metric and a relative metric within the same route map sequence. Setting either metric overrides any previously configured value.
set next-hop Sets an IPv4 or IPv6 address as the next-hop. Syntax set {ip | ipv6} next-hop ip-address Parameters ip-address — Enter the IPv4 or IPv6 address for the next-hop. Default Not configured Command Mode ROUTE-MAP Usage Information If you apply a route-map with the set next-hop command in ROUTER-BGP mode, it takes precedence over the next-hop-self command entered in ROUTER-NEIGHBOR mode.
Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command deletes the set clause from a route map. Example OS10(conf-route-map)# set tag 23 Supported Releases 10.2.0E or later set weight Set the BGP weight for the routing table. Syntax set weight weight Parameters weight — Enter a number as the weight the route uses to meet the route map specification, from 0 to 65535. Default Default router-originated is 32768 — all other routes are 0.
8 Quality of service Quality of service (QoS) reserves network resources for highly critical application traffic in the expense of less critical application traffic. QoS enables to prioritize different types of traffic and ensures the required level of quality of service. You can control the following parameters of selecred traffic flows: Delay, Bandwidth, Jitter, and Drop. The different QoS features control the above parameters, as the traffic travels from the ingress interface to the egress interface.
Configuring QoS is a three-step process: 1 Create class-maps to classify the traffic flows. The following are the different types of class-maps: 2 • qos type(default)—Classifies the ingress data traffic. • queuing type—Classifies the egress queues. • control-plane—Classifies the control-plane traffic. • network-qos—Classifies the set of traffic-class IDs for ingress buffer configurations. Create policy-maps to define the policies for the classified traffic flows.
View class-map OS10(config)# do show class-map Class-map (qos): solar (match-any) Policy-map configuration Configure policy-maps to create a named object that represents a set of policies that apply to a set of traffic classes. You can configure three types of policy-maps—control-plane, qos (default), and queuing. 1 2 Create a policy-map, and configure a name for the policy-map in CONFIGURATION mode, up to 32 characters.
View policy-map OS10(conf-if-eth1/1/1)# do show policy-map Service-policy (qos) input: p1 Class-map (qos): c1 set qos-group 1 Service-policy (queuing) output: p2 Class-map (qos): c2 set qos-group 2 OS10(conf-if-eth1/1/1)# do show policy-map Service-policy(qos) input: pmap1 Class-map(qos): class-trust trust dot1p View QoS interface configuration OS10(conf-if-eth1/1/1)# do show qos interface ethernet 1/1/1 Interface ethernet 1/1/1 unknown-unicast-storm-control : Disabled multicast-storm-control : Disabled bro
• Enter SYSTEM-QOS mode from CONFIGURATION mode. system qos • Configure an input service-policy, and create a name for the policy-map in SYSTEM-QOS mode.
DSCP/CP hex range (XXX)xxx DSCP definition / traditional IP precedence Internal queue ID / DSCP/CP decimal — 8-queue 100XXX AF4, assured forwarding / flash override 4 / 32-39 011XXX AF3 / flash 3 / 24-31 010XXX AF2 / immediate 2 / 16-23 001XXX AF1 / priority 1 / 8-15 000XXX BE, best effort / best effort 0 / 0-7 1 Create a policy-map, and configure a name for the policy-map in CONFIGURATION mode.
3 Set the scheduler as the strict priority in POLICY-MAP-CLASS-MAP mode. priority Apply policy-map 1 You can now apply the policy-map to the interface (INTERFACE mode) or all interfaces—SYSTEM-QOS mode. system qos OR interface ethernet node/slot/port[:subport] 2 Enter the output service-policy in SYSTEM-QOS mode or INTERFACE mode.
5 Associate the policy-map with a class-map in POLICY-MAP mode. class class-map-name 6 Enter a queue number for matched flow as qos-group ID in POLICY-MAP-CLASS-MAP mode - 0 to 7.
Class-map (qos): bluedscp set qos-group 7 MAC address classification Classify the QoS traffic based on the MAC access-list. For a match-all class-map, configure only one access-list as a match filter. You cannot apply any other match criteria. For a match-any class-map, configure up to five access-list and/or other match criteria. 1 Define a class-map type as qos in CLASS-MAP mode. class—map type qos class—map-name 2 Apply the match criteria for the MAC access-group in CLASS-MAP mode.
6 Enter a queue number for the matched flow as qos-group ID in POLICY-MAP-CLASS-MAP mode (0 to 7).
Class-map (qos): bluevlan set qos-group 6 Service-policy(qos) input: redacl Class-map (qos): blueacl set cos 6 set qos-group 6 Service-policy(qos) input: ag2 Class-map (qos): accgrp set qos-group 6 IP precedence classification Classify the QoS traffic based on an IP header precedence field. If DSCP-based classification—DSCP as match criterion—is used in a class-map, IP precedence cannot be used as another match criterion. 1 Create a class-map and type qos in CONFIGURATION mode.
CoS (or dot1P values) Use the set cos dot1p-values command to mark the CoS field - 0 to 7. DSCP Use the set dscp dscp-values command to mark the DSCP field - 0 to 63. QoS group Use the set qos-group queue-number command to mark the QoS Group field - 0 to 11. Class of service marking To tag an incoming packet with 802.1p priorities, or modify incoming packets you can mark class of service (CoS). The set cos command is only supported under the ingress QoS policy type qos.
View policy-map OS10(conf-pmap-c-qos)# do show policy-map Service-policy(qos) input: platinum Class-map (qos): diamond set dscp 50 set qos-group 7 Group marking To tag an incoming packet with qos-group type, you can configure marking for the QoS group. The set qos-group command is only supported under ingress qos type or control-plane. If the class-map type is control-plane, the qos-group corresponds to CPU queues 0 to 11. If the class-map type is qos, the qos-group corresponds to data queues 0 to 7.
The queue management mechanism used for congestion avoidance raises the priority by dropping traffic from lower-priority flows before traffic from higher-priority flows. Policing and shaping provides priority to a flow by limiting the throughput of other flows. You can configure a guaranteed bandwidth percentage by examining for the egress out flows on the queue.
Class-map (queuing): lunar bandwidth percent 80 Service-policy rate-shaping Rate-shaping buffers traffic exceeding the specified rate until the buffer is exhausted. Traffic transmit rates that exceed the configured rate-shape value causes the system to buffer the exceeding traffic. This will use all of the buffers assigned to that interface or queue combination. 1 Enter the policy-map type as queuing and configure a policy-map name in CONFIGURATION mode.
2 Enter a class name to apply the shape rate in POLICY-MAP mode. class class-map-name 3 Configure traffic policing on incoming traffic in POLICY-MAP-CLASS-MAP mode. police {cir committed-rate [bc committed-burst-size]} {pir peak-rate [be peak-burst-size]} 4 • cir committed-rate—Enter a committed rate value in kilobits per second (kbps) (0 to 40000000). • bc committed-burst-size—(Optional) Enter a committed burst size in packets for control plane and kbps (16 to 200000, default 200).
Configure control-plane policing Rate-limiting the protocol CPU queues requires configuring control-plane type QoS policies. • Create QoS policies (class maps and policy maps) for the desired CPU-bound queue. • Associate the QoS policy with a particular rate-limit. • Assign the QoS service policy to control plane queues. By default, the pir and cir values are in pps for control plane.
Assign control-plane service-policy OS10(config)# control-plane OS10(conf-control-plane)# service-policy input copp1 View control-plane service-policy OS10(conf-control-plane)# do show qos control-plane Service-policy (input): copp1 View configuration Use the show commands to display the protocol traffic assigned to each control-plane queue and the current rate-limit applied to each queue. You can also use the show command output to verify the CoPP configuration.
Congestion avoidance The weighted random early detection (WRED) congestion avoidance mechanism drops packets to prevent buffering resources from being consumed. Network traffic is a mixture of packets of different traffic types or flows, and the rate of some types of traffic is greater than others. The packet buffer resources (ingress and egress buffers) are consumed by only one or a few types of traffic, leaving no space for other types.
the maximum threshold. After a queue depth exceeds the maximum threshold, all other packets that attempt to enter the queue are discarded. 1 Enter the policy-map name and type in CONFIGURATION mode. policy-map policy-map-name [type {qos | queuing | control-plane}] 2 Enter WRED parameters for a queue and enter a minimum and maximum threshold drop rate in POLICY-MAP mode (1 to 12480 kbps).
Dropped Green Drop 0 123 0 NA Configure WRED profile Configure a WRED profile, configure WRED threshold parameters, and assign the profile to an interface, a queue, or global service pools. • Configure WRED profile in the CONFIGURATION mode. wred wred-profile-name • Configure WRED profile in the CONFIGURATION mode. wred wred-profile-name • Configure WRED threshold parameters for different colors in the WRED CONFIGURATION mode.
--------------------------------|-------------------------------|------------------------------|--------|----- Verify configuration You can view the QoS configuration information related to active class-maps, policy-maps, and match criteria.
Class (qos): c1 set qos-group 1 Class (qos): c2 set qos-group 4 Class (qos): c3 set qos-group 7 Egress queue statistics Display egress-queue statistics of both transmitted and dropped packets and bytes. • View the number of packets and bytes on the egress-queue profile on a specific interface in EXEC mode. show qos interface ethernet node/slot/port[:subport] queue • View the number of packets and bytes on the egress-queue profile on a specific queue in EXEC mode.
class Creates a QoS class for a type of policy-map. Syntax class class—name Parameters class-name — Enter a name for the class-map (up to 32 characters). Default Not configured Command Mode POLICY-MAP-QUEUEING Usage Information If you define a class-map under a policy-map, the type (qos, queuing, or control-plane) is the same as the policy-map. You must create this map in advance. The only exception to this rule is when the policy-map type is trust, where the class type must be qos.
clear interface priority-flow-control Clears the priority flow control statistics per-port or for all ports. Syntax Parameters clear interface [interface node/slot/port[:subport]] priority-flow-control • interface — (Optional) Enter the interface type. • node/slot/port[:subport] — (Optional) Enter the port information. Default Not configured Command Mode EXEC Usage Information None Example OS10# clear interface ethernet 1/1/1 priority-flow-control Supported Releases 10.3.
Command Mode EXEC Usage Information None Example OS10# clear qos statistics type qos interface ethernet 1/1/5 Example (controlplane) OS10# clear qos statistics type control-plane interface ethernet 1/1/7 Example (queuing) OS10# clear qos statistics type queuing interface ethernet 1/1/2 Supported Releases 10.2.0E or later control-plane Enters Control-Plane mode.
Example OS10(conf-if-eth1/1/2)# flowcontrol transmit on Supported Releases 10.3.0E or later match Configures match criteria for the QoS policy. Syntax Parameters match {cos cos-number | ip [access-group name name | dscp dscp-value | precedence value] | mac access-group acl-name | not [ip | cos] vlan vlan-id} [set dscp dscp-value] • cos cos—number — Enter a queue number for the CoS match criteria (0 to 7). • ip — Enter the IPv4 match criteria.
Example OS10(conf-cmap-qos)# match cos 3 Supported Releases 10.2.0E or later match dscp Configures a DSCP value as a match criteria for a class-map. Syntax match [not] {ip | ipv6 | ip-any } dscp [dscp-list | dscp-list] Parameters • not — (Optional) Enter to cancel a previously applied match criteria. • ip — Enter to use IPv4 protocol as the match protocol. • ipv6 — Enter to use IPv6 protocol as the match protocol. • ip-any — Enter to use both IPv4 and IPv6 as the match protocol.
match qos-group Configures a match criteria for a QoS group. Syntax match queue qos—group-id Parameters qos-group-id — Enter a QoS group ID number (0 to 11). Default Not configured Command Mode CLASS-MAP Usage Information You can only configure this command when the class-map type is queuing. You cannot enter two match statements with the same filter-type. If you enter two match statements with the same filter-type, the second statement overwrites the first statement.
Supported Releases 10.3.0E or later pause Enables a pause based on buffer limits for the port to start or stop communication to the peer. Syntax pause [buffer-size size pause-threshold xoff-size resume-threshold xon-size] Parameters • buffer-size size — (Optional) Enter the ingress buffer size which is used as a guaranteed buffer in KB (defaults 10G 45, 40G 93).
Command Mode POLICY-MAP-CLASS-MAP Usage Information To configure link-level flow-control, do not configure pfc-cos for the matched class for this policy. Add the policy-map with the pfc-cos configuration to system-qos to service an input to enable priority flow-control behavior on all ports, based on a per-port priority flow-control enable mode.
pfc-shared-headroom-buffer-size Configures the shared headroom size for absorbing the packets after pause frames are generated. This command is available only on Z9100-ON and HE-IOM Syntax pfc-shared-headroom-buffer-size headroom-buffer-size Parameters headroom-buffer-size — Enter the size of the priority flow-control headroom buffer in Kb (1 to 3399). Default 1024 Kb Command Mode SYSTEM-QOS Usage Information This command is used to configure the shared headroom size.
policy-map Enters QoS POLICY-MAP mode and creates or modifies a QoS policy-map. Syntax Parameters policy-map policy-map-name [type {qos | queuing | control-plane}] • policy-map-name — Enter a class name for the policy-map (up to 32 characters). • type — Enter the policy-map type. • qos — Create a qos policy-map type. • queuing — Create a queueing policy-map type. • control-plane — Create a control-plane policy-map type.
Command Mode INTERFACE Usage Information Before enabling priority flow-control on a interface, verify a matching network-qos type policy is configured with the pfc-cos value for an interface. Use this command to disable priority flow-control if you are not using a network-qos type policy for an interface. The no version of this command returns the value to the default. Example OS10(conf-if-eth1/1/2)# priority-flow-control mode on Supported Releases 10.3.
queue-limit Configures static or dynamic shared buffer thresholds. Syntax Parameters queue-limit {queue-len value | thresh-mode [dynamic threshold-alpha-value | static threshold-value]} • queue-len value — Enter the guaranteed size for this queue (0 to 8911).
queue bandwidth Configures a bandwidth for a given queue on interface. Syntax queue queue-number bandwidth bandwidth-percentage Parameters • queue-number — Enter the queue number. • bandwidth-percentage — Enter the percentage of bandwidth. Default Not configured Command Mode POLICY-MAP-CLASS-MAP Usage Information The no version of this command removes the bandwidth from the queue. Example Supported Releases 10.4.0E(R1) or later queue qos-group Configures a dot1p traffic class to a queue.
Example OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# random-detect test_wred Supported Releases 10.4.0E(R1) or later random-detect (queue) Assigns a WRED profile to the specified queue. Syntax random-detect wred-profile-name Parameters wred-profile-name — Enter the name of an existing WRED profile. Default Not configured Command Mode PMAP-C-QUE Usage Information The no version of this command removes the WRED profile from the queue.
random-detect ecn Enables Explicit Congestion Notification (ECN) for the WRED profile. Syntax random-detect ecn Parameters None Default Not configured Command Mode WRED CONFIGURATION Usage Information The no version of this command disables ECN. Example OS10(config)# wred test_wred OS10(config-wred)# random-detect ecn Supported Releases 10.4.0E(R1) or later random-detect pool Assigns a WRED profile to the specified global buffer pool.
Supported Releases 10.4.0E(R1) or later service-policy Configures the input and output service policies. Syntax Parameters service-policy {input | output} [type {qos | queuing}] policy-map-name • input — Enter to assign a QoS policy to the interface input. • output — Enter to assign a QoS policy to the interface output. • qos — Enter to assign a qos type policy-map. • queuing — Enter to assign the queuing type policy-map. • policy-map-name — Enter the policy-map name (up to 32 characters).
Parameters • dscp-value — Enter a DSCP value (0 to 63). • color — (Optional) — Enter to apply a color map profile. • red — (Optional) Enter to mark the packets to drop. • yellow — (Optional) Enter to mark the packets to deliver to the egress queue. Default Not configured Command Mode POLICY-MAP-CLASS-MAP Usage Information The QoS ingress QoS policy type only supports this command.
• max-burst-size — Enter the burst size in kilobytes per packets (0 to 10000 or 1 to 1073000). Default 50 kb or 200 packets Command Mode POLICY-MAP-CLASS-MAP Usage Information Only the ingress QoS policy type supports this command. You must enter both the minimum and maximum values. If you enter the rate value in pps, the burst provided is in packets. If you enter the rate in kbps or mbps, the burst is provided in kb. If you enter the minimum rate in pps, you must also enter the maximum rate in pps.
2 3 4 5 6 TELNET 7 8 9 10 11 Supported Releases 300 1300 2000 400 400 TACACS NTP FTP 400 600 600 600 300 VLT NDS ARP_REQ IPV6_ICMP_REQ ARP_RESP IPV6_ICMP IPV6_ICMP_RESP IPV4_ICMP SSH RSTP PVST MSTP LACP DOT1X LLDP IPV6_OSPF IPV4_BGP IPV4_OSPF IPV6_DHCP IPV4_DHCP SERVICEABILITY OPEN_FLOW 10.2.0E or later show control-plane statistics Displays counters of all the CPU queue statistics.
Admin Mode: On OperStatus: On PFC Priorites: 0,4,7 Total Rx PFC Frames: 300 Total Tx PFC Frames: 200 Cos Rx Tx ----------------------0 0 0 1 0 0 2 0 0 3 300 200 4 0 0 5 0 0 6 0 0 7 0 0 Supported Releases 10.3.0E or later show qos interface Displays the QoS configuration applied to a specific interface. Syntax show qos interface ethernet node/slot/port[:subport] Parameters node/slot/port[:subport] — Enter the Ethernet interface information.
Usage Information None Example OS10# show policy-map Service-policy(qos) input: p1 Class-map (qos): c1 set qos-group 1 Service-policy(qos) input: p2 Class-map (qos): c2 set qos-group 2 Supported Releases 10.2.0E or later show qos control-plane Displays the QoS configuration applied to the control-plane. Syntax show qos control-plane Parameters None Default Not configured Command Mode EXEC Usage Information Monitors statistics for the control-plane and troubleshoots CoPP.
6 7 Supported Releases lossy lossy 1664 1664 dynamic dynamic 8 8 10.3.0E or later show egress buffer-stats interface Displays the buffers statistics for the egress interface. Syntax Parameters show egress buffer-stats interface [interface node/slot/port[:subport]] • interface — (Optional) Enter the interface type. • node/slot/port[:subport] — (Optional) Enter the port information.
----------------------------------------------------------------------------0 46384 dynamic 9 9360 9360 1 2 3 4 5 6 7 9360 static 12479488 OS10# Supported Releases 10.3.0E or later show ingress buffer-stats interface Displays the buffers statistics for the ingress interface. Syntax show ingress buffer-stats interface [interface node/slot/port[:subport]] Parameters • interface — (Optional) Enter the interface type. • node/slot/port[:subport] — (Optional) Enter the port information.
show queuing statistics Displays QoS queuing statistics information. Syntax Parameters show queuing statistics interface ethernet node/slot/port[:subport] [queue number] • node/slot/port[:subport] — Enter the Ethernet interface information. • queue number — Enter the QoS queue number (0 to 7). Default Not configured Command Mode EXEC Usage Information Use this command to view all queuing counters. WRED counters are available only at the port level.
show qos system buffers Displays the system buffer configurations and utilization.
3 7 OS10# show qos maps type trust-map-dot1p dot1p-trustmap1 DOT1P Priority to Traffic-Class Map : dot1p-trustmap1 Traffic-Class DOT1P Priority ------------------------------0 2 1 3 2 4 3 5 4 6 5 7 6 1 OS10# show qos maps type trust-map-dscp dscp-trustmap1 DSCP Priority to Traffic-Class Map : dscp-trustmap1 Traffic-Class DSCP Priority ------------------------------0 8-15 2 16-23 1 0-7 OS10# show qos maps Traffic-Class to Queue Map: queue-map1 Queue Traffic-Class -------------------------1 5 2 6 3 7 DOT1P Pr
------------------------------0 0 1 1 2 2 3 3 4 4 5 5 6 6 7 7 OS10# Example (dscp) OS10# show qos trust-map dscp new-dscp-map new-dscp-map qos-group Dscp Id ------------------0 0-7 1 8-15 2 16-23 3 24-31 4 32-39 5 40-47 6 48-55 7 56-63 Supported Releases 10.3.0E or later show qos wred-profile Displays the details of WRED profile configuration. Syntax show qos wred—profile [wred-profile-name] Parameters wred-profile-name — (Optional) Enter the Ethernet interface information.
Usage Information None Example OS10(config)# system qos OS10(config-sys-qos)# Supported Releases 10.2.0E or later trust Sets the dynamic classification to trust. Syntax Parameters trust {dot1p | diffserv} [fallback] • diffserv — Set the dynamic classification to trust DSCP. • dot1p — Set the dynamic classification to trust Dot1p. • fallback — (Optional) Honor trusting dot1p or DSCP only if other match criteria in this policy map does not qualifies for a packet.
Parameters map-name — Enter the name of the dscp trust map (up to 32 characters). Default Not configured Command Mode CONFIGURATION Usage Information default-dscp-trust is a reserved trust-map name. If trust is enabled, traffic obeys this trust map. The no version of this command returns the value to the default. Example OS10(config)# trust dscp-map dscp-trust1 Supported Releases 10.3.0E or later qos-map traffic-class Creates user-defined trust map for queue mapping.
Example OS10(config)# interface ethernet 1/1/1 OS10(conf-if-eth1/1/1)# trust-map dscp dscp-trustmap1 Supported Releases 10.3.0E or later wred Configures a weighted random early detection (WRED) profile. Syntax wred wred-profile-name Parameters wred-profile-name — Enter a name for the WRED profile. Default Not configured Command Mode CONFIGURATION Usage Information The no version of this command removes the WRED profile.
9 Virtual link trunking Virtual link trunking (VLT) is a Layer 2 (L2) aggregate protocol between end devices (servers) connected to different network devices. VLT reduces the role of spanning tree protocols (STPs) by allowing link aggregation group (LAG) terminations on two separate distribution or core switches and supporting a loop-free topology.
VLT physical ports 802.1p, 802.1q, LLDP, flow control, port monitoring, and jumbo frames are supported on VLT physical ports. System management protocols All system management protocols are supported on VLT ports — SNMP, RMON, AAA, ACL, DNS, FTP, SSH, syslog, NTP, RADIUS, SCP, and LLDP. L3 VLAN connectivity Enable L3 VLAN connectivity (VLANs assigned with an IP address) on VLT peers by configuring a VLAN interface for the same VLAN on both devices.
• In a VLT domain, the peer network devices must run the same OS10 software version. • Configure the same VLT domain ID on peer devices. If a VLT domain ID mismatch occurs on VLT peers, the VLTi does not activate. • In a VLT domain, VLT peers support connections to network devices that connect to only one peer. VLT interconnect A VLTi is the link that synchronizes states between VLT peers. OS10 automatically adds VLTi ports to VLANs spanned across VLT peers.
RSTP configuration Only RSTP mode is supported on VLT ports. Before you configure VLT on peer switches, configure RSTP in the network. RSTP prevents loops during the VLT startup phase. • Enable RSTP on each peer node in CONFIGURATION mode.
RPVST+ configuration RPVST+ mode is supported on VLT ports. Before you configure VLT on peer switches, configure RPVST+ in the network. You can use RPVST+ for initial loop prevention during the VLT startup phase. Configure RPVST+ on both the VLT peers. This creates an RPVST+ instance for every VLAN configured in the system. The RPVST+ instances in the primary VLT peer control the VLT LAGs on both the primary and secondary peers. • Enable RPVST+ on each peer node in CONFIGURATION mode.
1 Configure a VLT domain and enter VLT-DOMAIN mode. Configure the same VLT domain ID on each peer, from 1 to 255. vlt-domain domain-id 2 Repeat the steps on the VLT peer to create the VLT domain. Peer 1 OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# Peer 2 OS10(config)# vlt-domain 1 OS10(conf-vlt-1)# VLTi configuration Before you configure VLTi on peer interfaces, remove each interface from L2 mode with the no switchport command, see VLT interconnect.
Configure VLT LAG — peer 1 OS10(config)# interface port-channel 10 OS10(conf-if-po-10)# vlt-port-channel 1 Configure VLT LAG — peer 2 OS10(config)# interface port-channel 20 OS10(conf-if-po-20)# vlt-port-channel 1 VLT unicast routing VLT unicast routing enables optimized routing where packets destined for the L3 endpoint of the VLT peer are locally routed. VLT unicast routing is supported for IPv4 and IPv6. To enable VLT unicast routing, both VLT peers must be in L3 mode.
Configure VRRP active-active mode — peer 1 OS10(conf-if-vl-10)# vrrp mode active-active Configure VRRP active-active mode — peer 2 OS10(conf-if-vl-10)# vrrp mode active-active View VRRP configuration OS10# show running-configuration interface vlan 10 ! interface vlan10 no shutdown no vrrp mode active-active OS10# View VLT information To monitor the operation or verify the configuration of a VLT domain, use a VLT show command on primary and secondary peers.
View VLT mismatch — no mismatch OS10# show vlt 1 mismatch Peer-routing mismatch: No mismatch VLAN mismatch: No mismatch VLT VLAN mismatch: No mismatch View VLT mismatch — mismatch in VLT configuration OS10# show vlt 1 mismatch peer-routing Peer-routing mismatch: VLT Unit ID Peer-routing ----------------------------* 1 Enabled 2 Disabled OS10# show vlt 1 mismatch Peer-routing mismatch: VLT Unit ID Peer-routing ----------------------------* 1 Enabled 2 Disabled VLAN mismatch: VLT Unit ID Mismatch VLAN List --
View VLT running configuration OS10# show running-configuration vlt ! vlt domain 1 peer-routing discovery-interface ethernet1/1/17 ! interface port-channel1 vlt-port-channel 10 ! interface port-channel10 vlt-port-channel 20 ! interface port-channel20 vlt-port-channel 20 VLT commands backup destination Configures the VLT backup link for heartbeat timers. Syntax Parameters backup destination {ip-address | ipv6 ipv6–address} [vrf management] • ip-address — Enter the IPv4 address of the backup link.
Usage Information Use this command to delay the system from bringing up the VLT port for a brief period to allow L3 routing protocols to converge. If the peer VLT device was up at the time the VLTi link failed, use this command after a VLT device is reloaded. The no version of this command resets the delay time to the default value. Example OS10(conf-vlt-1)# delay-restore 100 Supported Releases 10.3.
Parameters value — Enter the timeout value in seconds, from 0 to 65535. Default 0 Command Mode VLT-DOMAIN Usage Information Use this command to configure a timer to disable the peer-routing when the peer is not available. When the timer expires, the software checks to see if the VLT peer is available. If the VLT peer is not available, peer-routing is disabled on the peer. If you do not configure the timer, peer-routing is not disabled even when the peer is unavailable.
Designated root priority: 4097, address: 90:b1:1c:f4:a6:02 Designated bridge priority: 4097, address: 90:b1:1c:f4:a6:02 Designated port ID: 0.1, designated path cost: 0 Number of transitions to forwarding state: 1 Edge port: No (default) Link Type: Point-to-Point BPDU Sent: 202, Received: 42 Port 1 (VFP(VirtualFabricPort)) of vlan100 is designated Forwarding Port path cost 1, Port priority 0, Port Identifier 0.
Command Mode EXEC Usage Information None Example OS10# show vlt 1 backup-link VLT Backup link ------------------------------------------Destination : 10.16.128.25 Peer Heartbeat Status : Up Supported Releases 10.3.1E or later show vlt mac-inconsistency Displays inconsistencies in dynamic MAC addresses learnt between VLT peers.
• peer-routing — Display mismatches in peer-routing configuration. • vlan — Display mismatches in VLAN configuration in the VLT domain. • vlt-vlan vlt-port-id — Display mismatches in VLT port configuration, from 1 to 4095. Default Not configured Command Mode EXEC Usage Information The * in the mismatch output indicates a local node entry.
-----------------------------------* 1 1 2 2 Supported Releases 10.2.0E or later show vlt role Displays the VLT role of the local peer. Syntax show vlt id role Parameters id — Enter the VLT domain ID, from 1 to 255. Default Not configured Command Mode EXEC Usage Information The * in the mismatch output indicates a local node entry. Example OS10# show vlt 1 role VLT Unit ID Role -----------------------* 1 primary 2 secondary Supported Releases 10.2.
vlt-domain Creates a VLT domain. Syntax vlt-domain domain-id Parameter domain-id — Enter a VLT domain ID on each peer, from 1 to 255. Default None Command Mode CONFIGURATION Usage Information Configure the same VLT domain ID on each peer. If a VLT domain ID mismatch occurs on VLT peers, the VLTi link between peers does not activate. The no version of this command disables VLT. Example OS10(config)# vlt-domain 1 Supported Releases 10.2.
Example OS10(conf-vlt-1)# vlt-mac 00:00:00:00:00:02 Supported Releases 10.2.0E or later vrrp mode active-active Enables the VRRP peers to locally forward L3 traffic in a VLAN interface. Syntax vrrp mode active-active Parameters None Default Enabled Command Mode VLAN INTERFACE Usage Information The no version of this command disables the configuration. This command is applicable only for VLAN interfaces. Example OS10(conf-if-vl-10)# vrrp mode active-active Supported Releases 10.2.
10 Converged data center services OS10 supports converged data center services, including IEEE 802.1 data center bridging (DCB) extensions to classic Ethernet. DCB provides I/O consolidation in a data center network. Each network device carries multiple traffic classes while ensuring lossless delivery of storage traffic with best-effort for LAN traffic and latency-sensitive scheduling of service traffic. • 802.1Qbb — Priority flow control • 802.1Qaz — Enhanced transmission selection • 802.
PFC configuration notes • PFC is supported for 802.1p priority traffic (dot1p 0 to 7). FCoE traffic traditionally uses dot1p priority 3 — iSCSI storage traffic uses dot1p priority 4. • Configure PFC for ingress traffic by using network-qos class and policy maps (see Quality of Service). The queues used for PFCenabled traffic are treated as lossless queues. Configure the same network-qos policy map on all PFC-enabled ports.
trust dot1p exit 2 Apply the qos trust policy to ingress traffic in SYSTEM-QOS or INTERFACE mode. service-policy input type qos trust-policy—map-name Configure a non-default dot1p-priority-to-traffic class mapping 1 Configure a trust map of dot1p traffic classes in CONFIGURATION mode. A trust map does not modify ingress dot1p values in output flows. Assign a qos-group to trusted dot1p values in TRUST mode using 1-to-1 mappings. Dot1p priorities are 0-7.
1 Create a network-qos class map to classify PFC traffic classes in CONFIGURATION mode (0 to 7). Specify the traffic classes using the match qos-group command. Qos-groups map 1:1 to traffic classes 0 to 7 (qos-group 1 corresponds to traffic class 1). Enter a single value, a hyphen-separated range, or multiple qos-group values separated by commas in CLASS-MAP mode.
OS10(config)# system qos OS10(config-sys-qos)# service-policy input type qos pclass1 OS10(config-sys-qos)# exit OS10(config)# class-map type network-qos cc1 OS10(config-cmap-nqos)# match qos-group 3 OS10(config-cmap-nqos)# exit OS10(config)# class-map type network-qos cc2 OS10(config-cmap-nqos)# match qos-group 4 OS10(config-cmap-nqos)# exit OS10(config)# policy-map type network-qos pp1 OS10(config-pmap-network-qos)# class cc1 OS10(config-pmap-c-nqos)# pause buffer-size 30 pause-threshold 20 resume-threshol
View PFC system buffer configuration OS10(config)# show qos system ingress buffer All values are in kb Total buffers - 12187 Total PFC buffers - 877 Total shared PFC buffers - 832 Total used shared PFC buffers - 665 Total lossy buffers - 11309 Total shared lossy buffers - 10816 Total used shared lossy buffers - 1534 OS10(config)# show qos system egress buffer All values are in kb Total buffers - 12187 Total PFC buffers - 877 Total shared PFC buffers - 877 Total used shared PFC buffers - 0 Total lossy buffer
Table 7. 10G and 25G port defaults Port Speed 10G Port 25G Port PFC reserved ingress buffer 45 KB 54 KB PFC pause threshold 9 KB 9 KB PFC resume threshold 9 KB 9 KB Port Speed 40G Port 50G Port PFC reserved ingress buffer 93 KB 111 KB PFC pause threshold 18 KB 18 KB PFC resume threshold 9 KB 9 KB Table 8. 40G and 50G port defaults Table 9.
Configure PFC Example). A qos-group number is used only internally to classify ingress traffic classes. See PFC configuration notes for the default dot1p-priority-to-traffic-class mapping and how to configure a non-default mapping. A PFC traffic class requires a 1-to-1 mapping — only one dot1p value is mapped to a qos-group number.
Supported Releases 10.3.0E or later queue-limit Sets the static and dynamic thresholds used to limit the shared-buffer size of PFC traffic-class queues. Syntax queue-limit {thresh-mode [static kilobytes | dynamic weight]} Parameters • thresh-mode — Buffer threshold mode. • static kilobytes — Enter the fixed shared-buffer limit available for PFC traffic-class queues in kilobytes (0 to 7787; maximum amount tuned by the pfc-shared-buffer-size command).
Total Rx PFC Frames: 0 Total Tx PFC frames: 587236 Cos Rx Tx ----------------------0 0 0 1 0 0 2 0 0 3 0 587236 4 0 0 5 0 0 6 0 0 7 0 0 Supported Releases 10.3.0E or later Enhanced transmission selection Enhanced transmission selection (ETS) provides customized bandwidth allocation to 802.1p classes of traffic. Assign different amounts of bandwidth to traffic classes (Ethernet, FCoE, or iSCSI) that require different bandwidth, latency, and best-effort treatment during network congestion.
• Egress queuing policy — Configure ETS for egress traffic by assigning bandwidth to matching lossless queues in queuing class and policy maps. • Apply both PFC network-qos (input) and ETS queuing (output) policies on an interface to ensure lossless transmission. • An ETS-enabled interface operates with dynamic weighted round robin (DWRR) or strict priority scheduling. • OS10 control traffic is sent to control queues, which have a strict priority that is higher than data traffic queues.
(Optional) To configure a queue as strict priority, use the priority command. Packets scheduled to a strict priority queue are transmitted before packets in non-priority queues. policy—map type queuing policy—map-name class class—map-name priority 6 Apply the trust maps for dot1p and DSCP values, and the traffic class-queue mapping globally on the switch in SYSTEM-QOS mode or on an interface or interface range in INTERFACE mode.
OS10(config)# system qos OS10(config-sys-qos)# trust-map dot1p dot1p_map1 OS10(config-sys-qos)# trust-map dscp dscp_map1 OS10(config-sys-qos)# qos-map traffic-class tc-q-map1 OS10(config-sys-qos)# ets mode on OS10(config-sys-qos)# service-policy input type qos pclass1 OS10(config-sys-qos)# service-policy output type queuing p1 View ETS configuration OS10# show qos interface ethernet 1/1/1 Interface unknown-unicast-storm-control : Disabled multicast-storm-control : Disabled broadcast-storm-control : Disabled
DCBX uses LLDP to mediate the automatic negotiation and exchange of device settings, such as PFC and ETS. DCBX uses LLDP TLVs to perform DCB parameter exchange: • PFC configuration and application priority configuration • ETS configuration and ETS recommendation This sample DCBX topology shows two 40GbE ports on a switch that are configured as DCBX auto-upstream ports and used as uplinks to top-of-rack (ToR) switches. The top-of-rack (ToR) switches are part of a fibre channel storage network.
Configure DCBX DCBX allows data center devices to advertise and exchange configuration settings with directly connected peers using LLDP. LLDP is enabled by default. To ensure the consistent and efficient operation of a converged data center network, DCBX detects peer misconfiguration. DCBX is disabled at a global level and enabled at an interface level by default. For DCBX to be operational, DCBX must be enabled at both the global and interface levels.
Peer DCBX Status ----------------DCBX Operational Version is 0 DCBX Max Version Supported is 255 Sequence Number: 5 Acknowledgment Number: 14 220 Input PFC TLV pkts, 350 Output PFC TLV pkts, 0 Error PFC pkts 220 Input PG TLV Pkts, 396 Output PG TLV Pkts, 0 Error PG TLV Pkts 71 Input Appln Priority TLV pkts, 80 Output Appln Priority TLV pkts, 0 Error Appln Priority TLV Pkts Total Total Total Total DCBX DCBX DCBX DCBX Frames transmitted 538 Frames received 220 Frame errors 0 Frames unrecognized 0 View DCBX
PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3 70% ETS 1 4,5,6,7 30% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP 15 0% SP Remote Willing Status is disabled Local Parameters : ------------------Local is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3 70% ETS 1 4,5,6,7 30% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP 15 0% SP Oper status is init ETS DCBX Oper status is Up State Machine Type is Feature Conf
Supported Releases 10.3.0E or later dcbx tlv-select Configures the DCB TLVs advertised by a DCBX-enabled port. Syntax Parameters dcbx tlv-select {[ets-conf] [ets-reco] [pfc]} • ets-conf — Advertise ETS configuration TLVs. • ets-reco — Advertise ETS recommendation TLVs. • pfc — Advertise PFC TLVs. Default DCBX advertises PFC, ETS Recommendation, and ETS Configuration TLVs. Command Mode INTERFACE Usage Information A DCBX-enabled port advertises all TLVs to DCBX peers by default.
Command Mode INTERFACE Usage Information DCBX must be enabled at both the global and interface levels. Enable DCBX globally with the dcbx enable command to activate the exchange of DCBX TLV messages with PFC, ETS, and iSCSI configurations. Use DCBX interface-level commands to configure the TLVs advertised by a DCBX-enabled port, change the DCBX version, or disable DCBX on an interface. The no version of this command disables DCBX on an interface.
Max Supported PG is 8 Number of Traffic Classes is 8 Admin mode is on Admin Parameters : -----------------Admin is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3 70% ETS 1 4,5,6,7 30% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP Remote Parameters : ------------------Remote is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3 70% ETS 1 4,5,6,7 30% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP Remote Wi
PFC TLV Tx Status is enabled Application Priority TLV Parameters : -------------------------------------ISCSI TLV Tx Status is enabled Local ISCSI PriorityMap is 0x10 Remote ISCSI PriorityMap is 0x10 5 Input TLV pkts, 2 Output TLV pkts, 0 Error pkts 5 Input Appln Priority TLV pkts, 2 Output Appln Priority TLV pkts, 0 Error Appln Priority TLV Pkts Supported Releases 10.3.
In an iSCSI session, a switch connects CNA servers (iSCSI initiators) to a storage array (iSCSI targets) in a storage area network (SAN) or TCP/IP network. iSCSI optimization running on the switch uses dot1p priority-queue assignments to ensure that iSCSI traffic receives priority treatment. iSCSI configuration notes • • • • When you enable iSCSI optimization, the switch auto-detects and auto-configures for Dell EqualLogic storage arrays directly connected to an interface.
1 Configure an interface or interface range to detect a connected storage device. interface ethernet node/slot/port:[subport] 2 Enable the interface to support a storage device that is directly connected to the port and not automatically detected by iSCSI. Use this command for storage devices that do not support LLDP. In this release, the only valid storage-device-name value is Compellant.
OS10(config-sys-qos)# exit OS10(config)# OS10(config)# OS10(config)# OS10(config)# iscsi iscsi iscsi iscsi session-monitoring enable aging time 15 priority-bits 0x20 enable View iSCSI optimization OS10# show iscsi iSCSI Auto configuration is Enabled iSCSI session monitoring is Enabled iSCSI COS qos-group 4 remark dot1p 4 Session aging time 15 Maximum number of connections is 256 Port IP Address -----------------------3260 860 3261 10.1.1.
• Any additional updates to connections, including aging updates, that are learnt on VLT LAG members are synchronized with the VLT peer. • If the iSCSI login request is received on a non-VLT interface, followed by a response from a VLT interface, then the connection is associated with the VLT LAG interface and the information about the session is synchronized with the VLT peer. • When VLT interconnect comes up, information about iSCSI sessions learnt on VLT LAG is exchanged between the VLT-peers.
Command Mode CONFIGURATION Usage Information iSCSI traffic uses dot1p priority 4 in frame headers by default. Use this command to reconfigure the dot1p-priority bits advertised in iSCSI application TLVs. Enter only one dot1p-bitmap value — setting more than one bitmap value with this command is not supported. The default dot1p 4 value is advertised only if you enabled PFC pause frames for dot1p 4 traffic (pfc-cos dot1p-priority command). The no version of this command resets to the default value.
iscsi target port Configures the TCP ports used to monitor iSCSI sessions with target storage devices. Syntax iscsi target port tcp-port1 [tcp-port2, ..., tcp-port16] [ip-address ipaddress] Parameters • tcp-port — Enter one or more TCP port numbers (0 to 65535). Separate TCP port numbers with a comma. • ip-address ip-address — (Optional) Enter the IP address in A.B.C.D format of a storage array whose iSCSI traffic is monitored on the TCP port.
Usage Information This command output displays global iSCSI configuration settings. Use the show iscsi session command to view target and initiator information. Example OS10# show iscsi iSCSI Auto configuration is Enabled iSCSI session monitoring is Enabled iSCSI COS qos-group 4 remark dot1p 4 Session aging time 15 Maximum number of connections is 256 Port IP Address -----------------------3260 860 3261 10.1.1.1 Supported Releases 10.3.
show iscsi storage-devices Displays information about the storage arrays directly attached to OS10 ports. Syntax show iscsi storage-devices Parameters None Command Mode EXEC Usage Information The command output displays the storage device connected to each switch port and whether iSCSI automatically detects it.
PFC is enabled on traffic classes with dot1p 4, 5, 6, and 7 traffic. The traffic classes all use the default PFC pause settings for shared buffer size and pause frames in ingress queue processing in the network-qos policy map. The pclass policy map honors (trusts) all dot1p ingress traffic. The reserved class-trust class map is configured by default. Trust does not modify ingress values in output flows.
OS10(config-qos-map)# queue 0 qos-group 0 OS10(config-qos-map)# queue 1 qos-group 1 OS10(config-qos-map)# exit OS10(config)# class-map type queuing cmap1 OS10(config-cmap-queuing)# match queue 0 OS10(config-cmap-queuing)# exit OS10(config)# class-map type queuing cmap2 OS10(config-cmap-queuing)# match queue 1 OS10(config-cmap-queuing)# exit OS10(config)# policy-map type queuing pmap1 OS10(config-pmap-queuing)# class cmap1 OS10(config-pmap-c-que)# bandwidth percent 30 OS10(config-pmap-c-que)# exit OS10(confi
Interface ethernet1/1/53 Port Role is Manual DCBX Operational Status is Enabled Is Configuration Source? FALSE Local DCBX Compatibility mode is IEEEv2.5 Local DCBX Configured mode is AUTO Peer Operating version is IEEEv2.
-----------------------------------------------0 0,1,2,3, 30% ETS 1 4,5,6,7 70% ETS 2 0% SP 3 0% SP 4 0% SP 5 0% SP 6 0% SP 7 0% SP Remote Willing Status is disabled Local Parameters : ------------------Local is enabled PG-grp Priority# Bandwidth TSA -----------------------------------------------0 0,1,2,3, 30% ETS 1 4,5,6,7 70% ETS 2 0% ETS 3 0% ETS 4 0% ETS 5 0% ETS 6 0% ETS 7 0% ETS Oper status is init ETS DCBX Oper status is Up State Machine Type is Asymmetric Conf TLV Tx Status is enabled Reco TLV Tx S
After you enable iSCSI optimization, the iSCSI application priority TLV parameters are added in the show command output to verify a PFC configuration.
Peer DCBX Status ----------------DCBX Operational Version is 0 DCBX Max Version Supported is 0 Sequence Number: 1 Acknowledgment Number: 2 3 Input PFC TLV pkts, 3 Output PFC TLV pkts, 0 Error PFC pkts 3 Input PG TLV Pkts, 3 Output PG TLV Pkts, 0 Error PG TLV Pkts 3 Input Appln Priority TLV pkts, 3 Output Appln Priority TLV pkts, 0 Error Appln Priority TLV Pkts Total Total Total Total 0 DCBX DCBX DCBX DCBX Frames transmitted 3 Frames received 3 Frame errors 0 Frames unrecognized OS10(conf-if-eth1/1/53)# d
11 sFlow sFlow is a standard-based sampling technology embedded within switches and routers that monitors network traffic. It provides traffic monitoring for high-speed networks with many switches and routers.
Enable or disable sFlow on a specific interface • Enable sFlow in CONFIGURATION mode. sflow enable • Disable sFlow in CONFIGURATION mode.
sflow enable ! Collector configuration Configure the IPv4 or IPv6 address for the sFlow collector. You can configure a maximum of two sFlow collectors. If you specify two collectors, the samples are sent to both. The agent IP address must be the same for both the collectors. • Enter an IPv4 or IPv6 address for the sFlow collector, IPv4 or IPv6 address for the agent, UDP collector port number (default 6343), maximum datagram size (up to 1400), and the VRF instance number in CONFIGURATION mode.
interface ethernet1/1/1 sflow enable ! Sample-rate configuration Sampling rate is the number of packets skipped before the sample is taken. If the sampling rate is 4096, one sample generates for every 4096 packets observed. • Set the sampling rate in CONFIGURATION mode, from 4096 to 65535. The default is 32768. sflow sample-rate sampling-size • Disable packet sampling in CONFIGURATION mode. no sflow sample-rate • View the sampling rate in EXEC mode.
0 UDP packets dropped 34026 sFlow samples collected • View sFlow configuration details on a specific interface in EXEC mode. OS10# show sflow interface port-channel 1 port-channel1 sFlow is enabled on port-channel1 Samples rcvd from h/w: 0 • View the sFlow running configuration in EXEC mode. OS10# show running-configuration sflow sflow enable sflow max-header-size 80 sflow polling-interval 30 sflow sample-rate 4096 sflow collector 10.16.150.1 agent-addr 10.16.132.
sflow enable Enables sFlow on a specific interface or globally on all interfaces. Syntax sflow enable [all-interfaces] Parameters all-interfaces — (Optional) Enter to enable sFlow globally. Default Disabled Command Mode CONFIGURATION Usage Information The no version of this command to disables sFlow.
Defaults 30 Command Mode CONFIGURATION Usage Information The polling interval for an interface is the number of seconds between successive samples of counters sent to the collector. You can configure the duration for polled interface statistics. The no version of the command resets the interval time to the default value. Example OS10(conf)# sflow polling-interval 200 Supported Releases 10.3.0E or later sflow sample-rate Configures the sampling rate.
0 UDP packets dropped 34026 sFlow samples collected Example (portchannel) OS10# show sflow interface port-channel 1 port-channel1 sFlow is enabled on port-channel1 Samples rcvd from h/w: 0 Supported Releases 10.3.
12 Troubleshoot OS10 Critical workloads and applications require constant availability. Dell EMC Networking offers tools to help you monitor and troubleshoot problems before they happen.
* 1 1 1 1 1 1 S4048T-ON S4048T-ON-PWR-1-UNKNOW S4048T-ON-FANTRAY-1 S4048T-ON-FANTRAY-2 S4048T-ON-FANTRAY-3 S4048T-ON-FANTRAY-4 0YVCK0 X01 061DJT 061DJT 061DJT 061DJT X01 X01 X01 X01 TW-0YVCK0-28298-615-0023 ---TW-061DJT-28298-615-0089 TW-061DJT-28298-615-0090 TW-061DJT-28298-615-0091 TW-061DJT-28298-615-0092 Boot partition and image Display system boot partition–related and image-related information. • View all boot information in EXEC mode. show boot • View boot details in EXEC mode.
1 root 2 root 3 root 5 root 7 root 8 root 10 root 11 root 12 root 13 root 14 root 15 root 16 root 17 root 19 root 20 root 21 root 22 root 23 root 24 root 25 root --more-- 20 20 20 0 20 20 20 20 20 rt rt rt rt 20 0 0 20 0 20 0 25 0 0 0 -20 0 0 0 0 0 0 0 0 0 0 -20 -20 0 -20 0 -20 5 112100 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 5840 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3032 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 S S S S R S S S S S S S S S S S S S S S S 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.0 0.
Capture packets from Ethernet interface $ tcpdump -i e101-003-0 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on e101-003-0, link-type EN10MB (Ethernet), capture size 262144 bytes 01:39:22.457185 IP 3.3.3.1 > 3.3.3.4: ICMP echo request, id 5320, seq 26, length 64 01:39:22.457281 IP 3.3.3.1 > 3.3.3.
When you execute traceroute, the output shows the path a packet takes from your device to the destination IP address. It also lists all intermediate hops (routers) that the packet traverses to reach its destination, including the total number of hops traversed. Check IPv4 connectivity OS10# ping 172.31.1.255 Type Ctrl-C to abort. Sending 5, 100-byte ICMP Echos to 172.31.1.255, timeout is 2 seconds: Reply to request 1 from 172.31.1.208 0 ms Reply to request 1 from 172.31.1.
1 3ffe:501:ffff:100:201:e8ff:fe00:4c8b 000.000 ms 000.000 ms 000.000 ms View diagnostics View system diagnostic information using show commands. The show hash-algorithm command is used to view the current hash algorithms configured for LAG and ECMP.
View system information OS10# show system System Information -------------------------------------------Node Id: 1 MAC: ec:f4:bb:fc:66:a3 Number of MACs: 129 Vendor: DELL Product: S6000-ON -- Stack -Unit Status Up time Down Reason -------------------------------------------1 up -- Power Supplies -PSU-ID Status PowerType AirFlow Fan Speed(rpm) Status ----------------------------------------------------1 up AC NORMAL 1 19872 fail 2 up AC NORMAL 1 19552 up -- Fan Status -FanTray Status AirFlow Fan Speed(rpm) S
location-led system Changes the location LED of the system. Syntax location-led system {node-id | node-id/unit-id} {on | off} Parameters • node-id | node-id/unit-id — Enter the system ID. • on | off — Set the system LED to be on or off. Default Not configured Command Mode EXEC Usage Information Use the location-led system command to change the location LED for the specified system ID. Example OS10# location-led system 1 on OS10# location-led system 1 off Supported Releases 10.3.
• -l preload — (Optional) Enter the number of packets that ping sends before waiting for a reply. Only a super-user may preload more than 3. • -L — (Optional) Suppress the loopback of multicast packets for a multicast target address. • -m mark — (Optional) Tags the packets sent to ping a remote device (use with policy routing). • -M pmtudisc_option — (Optional) Enter the path MTU (PMTU) discovery strategy: • do prevents fragmentation, including local.
ping6 Tests network connectivity to an IPv6 device. Syntax ping6 [vrf management] [-aAbBdDfhLnOqrRUvV] [-c count] [-i interval] [-I interface] [-l preload] [-m mark] [-M pmtudisc_option] [-N nodeinfo_option] [-p pattern] [-Q tclass] [-s packetsize] [-S sndbuf] [-t ttl] [-T timestamp_option] [-w deadline] [-W timeout] destination Parameters 668 • vrf management — (Optional) Pings an IPv6 address in the management VRF instance. • -a — (Optional) Audible ping. • -A — (Optional) Adaptive ping.
• -T timestamp option — (Optional) Set special IP timestamp options. Valid values for timestamp option — tsonly (only timestamps), tsandaddr (timestamps and addresses) or tsprespec host1 [host2 [host3 [host4]]] (timestamp pre-specified hops). • -v — (Optional) Verbose output. • -V — (Optional) Display version and exit. • -w deadline — (Optional) Enter the time-out value, in seconds, before the ping exits regardless of how many packets are sent or received.
Active Partition: Active SW Version: Active Kernel Version: Active Build Date/Time: Standby Partition: Standby SW Version: Standby Build Date/Time: Next-Boot: Supported Releases B 10.2.0E Linux 3.16.7-ckt25 2016-10-03T23:11:14Z A 10.2.0E 2016-10-03T23:11:14Z active[B] 10.2.0E or later show diag Displays diagnostic information for port adapters and modules. Syntax show diag Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show diag 00:00.
Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show environment Unit State Temperature ------------------------------------1 up 43 Thermal sensors Unit Sensor-Id Sensor-name Temperature ---------------------------------------------------------1 1 T2 temp sensor 31 1 2 system-NIC temp sensor 21 1 3 Ambient temp sensor 24 1 4 NPU temp sensor 43 Supported Releases 10.2.0E or later show hash-algorithm Displays hash algorithm information.
---------------------------------------------------------------------------------------* 1 S6000-ON 07VJDK A02 CN-07VJDK-28298-52R-0032 5XYK0Z1 129 373 368 1 S6000-ON-PWR-1-AC 0T9FNW A00 CN-0T9FNW-28298-52R-0263 AEIOU## 226 457 410 1 S6000-ON-FANTRAY-1 0MGDH8 A00 CN-0MGDH8-28298-52R-0394 AEIOU## 226 457 410 1 S6000-ON-FANTRAY-2 0MGDH8 A00 CN-0MGDH8-28298-52R-0394 AEIOU## 226 457 410 1 S6000-ON-FANTRAY-3 0MGDH8 A00 CN-0MGDH8-28298-52R-0392 AEIOU## 226 457 410 Supported Releases 10.2.
1019 root OS10# Supported Releases 20 0 1829416 256080 73508 S 6.6 6.4 1212:36 base_nas 10.3.0E or later show system Displays system information. Syntax Parameters show system [brief | node-id] • brief — View abbreviated list of system information. • node-id — Node ID number.
Interface Breakout capable Breakout state ----------------------------------------------------Eth 1/1/1 Yes BREAKOUT_1x1 Eth 1/1/2 Yes BREAKOUT_1x1 Eth 1/1/3 Yes BREAKOUT_1x1 Eth 1/1/4 Yes BREAKOUT_1x1 Eth 1/1/5 Yes BREAKOUT_1x1 Eth 1/1/6 Yes BREAKOUT_1x1 Eth 1/1/7 Yes BREAKOUT_1x1 Eth 1/1/8 Yes BREAKOUT_1x1 Eth 1/1/9 Yes BREAKOUT_1x1 Eth 1/1/10 Yes BREAKOUT_1x1 Eth 1/1/11 Yes BREAKOUT_1x1 Eth 1/1/12 Yes BREAKOUT_1x1 Eth 1/1/13 No BREAKOUT_1x1 Eth 1/1/14 No BREAKOUT_1x1 Eth 1/1/15 No BREAKOUT_1x1 Eth 1/1/16
traceroute Displays the routes that packets take to travel to an IP address. Syntax Parameters traceroute [vrf management] host [-46dFITnreAUDV] [-f first_ttl] [-g gate,...] [-i device] [-m max_ttl] [-N squeries] [-p port] [-t tos] [-l flow_label] [-w waittime] [-q nqueries] [-s src_addr] [-z sendwait] [--fwmark=num] host [packetlen] • vrf management— (Optional) Traces the route to an IP address in the management VRF instance. • host — Enter the host to trace packets from.
4 Host65.hbms.com (63.80.56.65) 3.583 ms 3.776 ms 3.757 ms 5 host33.30.198.65 (65.198.30.33) 3.758 ms 4.286 ms 4.221 ms 6 3.GigabitEthernet3-3.GW3.SCL2.ALTER.NET (152.179.99.173) 4.428 ms 2.593 ms 3.243 ms 7 0.xe-7-0-1.XL3.SJC7.ALTER.NET (152.63.48.254) 3.915 ms 3.603 ms 3.790 ms 8 TenGigE0-4-0-5.GW6.SJC7.ALTER.NET (152.63.49.254) 11.781 ms 10.600 ms 9.402 ms 9 23.73.112.54 (23.73.112.54) 3.606 ms 3.542 ms 3.
CAUTION: Restoring factory defaults erases any installed operating system and requires a long time to erase storage. ONIE Rescue bypasses the installed operating system and boots the system into ONIE until you reboot the system. After ONIE Rescue completes, the system resets and boots to the ONIE console. 1 Use the up and down arrows to select the ONIE: Rescue, then press Enter. The highlight entry (*) runs automatically in the operating system.
2 (Optional) Configure the SupportAssist server URL or IP address in SUPPORT-ASSIST mode. server url server-url 3 (Optional) Configure the interface used to connect to the SupportAssist server in SUPPORT-ASSIST mode. source-interface interface 4 (Optional) Configure the contact information for your company in SUPPORT-ASSIST mode. contact-company name {company-name} 5 (Optional) Configure a proxy to reach the SupportAssist server in SUPPORT-ASSIST mode.
1 (Optional) Configure contact information in SUPPORT-ASSIST mode. contact-company name name 2 (Optional) Configure address information in SUPPORT-ASSIST mode. Use the no address command to remove the configuration. address city name state name country name zipcode number 3 (Optional) Configure street address information in SUPPORT-ASSIST mode. Use double quotes to add spaces within an address. Use the no street-address command to remove the configuration.
• yearly month number day number hour number min number — Enter the time to schedule a yearly task (1 to 12, 1 to 31, 0 to 23, and 0 to 59).
View EULA license OS10# show support-assist eula I accept the terms of the license agreement. You can reject the license agreement by configuring this command 'eula-consent support-assist reject.' By installing SupportAssist, you allow Dell to save your contact information (e.g. name, phone number and/or email address) which would be used to provide technical support for your Dell products and services. Dell may use the information for providing recommendations to improve your IT infrastructure.
contact-company Configures the company contact information. Syntax contact-company name Parameters name — Enter the contact company name (up to 140 characters). Default Not configured Command Mode SUPPORT-ASSIST Usage Information You can enter only one contact-company, and use double quotes to enclose additional contact information. The no version of this command removes the configuration.
Supported Releases 10.2.0E or later eula-consent Accepts or rejects the SupportAssist end-user license agreement (EULA). Syntax Parameters eula—consent {support-assist} {accept | reject} • support-assist — Enter to accept or reject the EULA for the service. • accept — Enter to accept the EULA-consent. • reject — Enter to reject EULA-consent. Default Not configured Command Mode CONFIGURATION Usage Information If you reject the end-user license agreement, you cannot access Configuration mode.
Parameters • ipv4-address— Enter the IPv4 address of the proxy server in a dotted decimal format (A.B.C.D). • number — Enter the port number (0 to 65535). Default Not configured Command Mode SUPPORT-ASSIST Usage Information You cannot use an IPv6 address with this command. Example OS10(conf-support-assist)# proxy-server ip 10.1.1.5 port 701 Supported Releases 10.2.0E or later server url Configures the domain or IP address of the remote SupportAssist server.
information, host/server configuration & performance information and related data ("Collected Data") and transmits this information to Dell, Inc. By downloading SupportAssist and agreeing to be bound by these terms and the Dell, Inc. end user license agreement, available at: www.dell.com/aeula, you agree to allow Dell, Inc. to provide remote monitoring services of your IT environment and you give Dell, Inc. the right to collect the Collected Data in accordance with Dell, Inc.
Scheduled Activity List : Activity Schedule Schedule created on ------------------------------------------------------------full-transfer weekly: on sun at 00:00 Sep 12,2016 18:57:40 Activity Status : Activity Status last start last success ------------------------------------------------------------------------coredump-transfer success Sep 12,2016 20:48:41 Sep 12,2016 20:48:42 event-notification success Sep 12,2016 20:51:51 Sep 12,2016 20:51:51 full-transfer success Sep 12,2016 20:30:28 Sep 12,2016 20:30:5
support-assist-activity Schedules a time to transfer the activity log. Syntax Parameters support-assist-activity full-transfer [start-now] [schedule {hourly minute | daily hour number min number | weekly day-of-week number hour number | monthly day number hour number min number | yearly month number day number}] • start-now — Schedules the transfer to start immediately. • hourly minute — Schedule an hourly task (0 to 59).
Support bundle The Support Bundle is based on the sosreport tool. Use the Support Bundle to generate an sosreport tar file that collects Linux system configuration and diagnostics information, as well as show command output to send to Dell Technical Support. To send Dell Technical Support troubleshooting details about the Linux system configuration and OS10 diagnostics, generate an sosreport tar file. 1 Generate the tar file in EXEC mode. generate support-bundle 2 Verify the generated file in EXEC mode.
Parameters enable-all-plugin-options — (Optional) Generate a full support bundle with all plugin options enabled. Defaults None Command Mode EXEC Usage Information To send the tar file to Dell Technical Support, use the dir supportbundle and copy supportbundle:// sosreport-OS10-file-number.tar.gz tftp://server-address/path commands. Example OS10# generate support-bundle Example (Enable Options) OS10# generate support-bundle enable-all-plugin-options Supported Releases 10.2.
• Enter the minimum severity level for logging to the system log file in CONFIGURATION mode. logging log-file severity • Enter the minimum severity level for logging to terminal lines in CONFIGURATION mode. logging monitor severity • Enter which server to use for syslog messages with the hostname or IP address in CONFIGURATION mode. logging server {hostname/ip-address severity} Disable system logging You can use the no version of any logging command to disable system logging.
airflow directions#003 Jun 1 05:02:10 %Node.1-Unit.1:PRI:OS10 %log-notice:NDM_SERVICE_UP: NDM Service Ready! Jun 1 05:02:10 %Node.1-Unit.1:PRI:OS10 %log-notice:SU_SERVICE_UP: Software upgr ade service is up:software upgrade service up Jun 1 05:02:10 %Node.1-Unit.1:PRI:OS10 %log-notice:EQM_UNIT_CHECKIN: Check-in n otification from unit:Unit 1 (type S6000)#003 Jun 1 05:02:10 %Node.1-Unit.1:PRI:OS10 %log-notice:EQM_UNIT_UP: Unit is up:Unit 1#003 Jun 1 05:02:10 %Node.1-Unit.
Link-bundle monitoring Monitoring link aggregation group (LAG) bundles allows the traffic distribution amounts in a link to look for unfair distribution at any given time. A threshold of 60% is an acceptable amount of traffic on a member link. Links are monitored in 15-second intervals for three consecutive instances. Any deviation within that time sends syslog and an alarm event generates. When the deviation clears, another syslog sends and a clear alarm event generates.
Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show alarms Index ----0 1 Supported Releases Severity -------major major Name ------------------------EQM_MORE_PSU_FAULT EQM_FAN_AIRFLOW_MISMATCH Raise-time -------------Sep 7 18:36:11 Sep 7 18:36:11 Source -------------Node.1-Unit.1 Node.1-Unit.1 10.2.0E or later show alarms details Displays details about active alarms.
show alarms history Displays the history of cleared alarms. Syntax show alarms history [summary] Parameters summary — Enter to view a summary of the alarm history.
New: State: Supported Releases true raised 10.2.0E or later show alarms severity Displays all active alarms using the severity level. Syntax show alarms severity severity Parameters severity — Set the alarm severity: • critical — Critical alarm severity. • major — Major alarm severity. • minor — Minor alarm severity. • warning — Warning alarm severity.
show alarms summary Displays the summary of alarm information. Syntax show alarms summary Parameters None Default Not configured Command Mode EXEC Usage Information None Example OS10# show alarms summary Active-alarm Summary ----------------------Total-count: 6 Critical-count: 0 Major-count: 2 Minor-count: 2 Warning-count: 2 ----------------------- Supported Releases 10.2.0E or later Logging commands clear logging Clears messages in the logging buffer.
To set the severity to the default level, use the no logging console severity command. The default severity level is log-notice. Parameters severity — Set the minimum logging severity level: • log-emerg — Set to unusable. • log-alert — Set to immediate action is needed. • log-crit — Set to critical conditions. • log-err — Set to error conditions. • log-warning — Set to warning conditions. • log-notice — Set to normal but significant conditions (default).
To reset the log-file severity to the default level, use the no logging log-file severity command. The default severity level is log-notice. Parameters severity — Set the minimum logging severity level: • log-emerg — Set the system as unusable. • log-alert — Set to immediate action is needed. • log-crit — Set to critical conditions. • log-err — Set to error conditions. • log-warning — Set to warning conditions. • log-notice — Set to normal but significant conditions (default).
Example OS10(config)# logging monitor severity log-info Supported Releases 10.2.0E or later logging server Configures the remote syslog server. Syntax Parameters logging server {hostname | ipv4–address | ipv6–address} [severity severitylevel | vrf management [severity severity-level] • hostname | ipv4–address | ipv6–address — (Optional) Enter either the hostname or IPv4/IPv6 address of the logging server. • vrf management — (Optional) Configure the logging server for the management VRF instance.
Example (Log-File) OS10# show logging log-file process-name dn_qos Example (ProcessNames) OS10# show logging process-names dn_pas_svc dn_system_mgmt_ dn_env_tmpctl dn_pm dn_eth_drv dn_etl dn_eqa dn_alm dn_eqm dn_issu dn_swupgrade dn_ifm dn_ppm dn_l2_services dn_dot1x dn_l3_core_serv dn_policy dn_qos dn_switch_res_m dn_ospfv3 dn_lacp dn_i3 dn_supportassis --More-- Supported Releases 10.2.0E or later show trace Displays trace messages.
May 23 17:10:04 OS10 base_nas: [NDI:NDI-SAI], conv erted to SAI types (func:2359312) May 23 17:10:04 OS10 base_nas: [NDI:NDI-SAI], (23 59344) May 23 17:10:04 OS10 base_nas: [NDI:NDI-SAI], (23 59345) May 23 17:10:04 OS10 base_nas: [NDI:NDI-SAI], (23 59346) May 23 17:10:04 OS10 base_nas: [NDI:NDI-SAI], (23 59319) May 23 17:10:08 OS10 base_nas: [NETLINK:NHEVENT]:ds_api_linux_neigh.
To log in to OS10 and access the command-line interface, enter su — admin at the Linux shell prompt, then admin as the password. linuxadmin@OS10:~$ su - admin Password: admin OS10# Frequently asked questions This section contains answers to frequently asked questions for ONIE-enabled devices. • • • • • • • • • Installation contains information about how to enter ONIE: Install mode after a reboot, find information about your specific switch, how to log into the OS10 shell, and so on.
Use the show processes node-id node-id-number [pid process-id] command to view the process CPU utilization information. Configuration How do I enter CONFIGURATION mode? Use the configure terminal command to change from EXEC mode to CONFIGURATION mode. I made changes to the running configuration file but the updates are not showing. How do I view my changes? Use the show running-configuration command to view changes that you have made to the running-configuration file.
How do I view configuration of OSPF neighbors connected to the local router? Use the show ip ospf neighbor command. System management How can I view the current interface configuration? Use the show running-configuration command to view all currently configured interfaces. How can I view a list of all system devices? Use the show inventory command to view a complete list. How can I view the software version? Use the show version command to view the currently running software version.
PFC shared-buffer size error message: % Error: Hardware update failed. Pause error message: % Error: Buffer-size should be greater than Pause threshold and Pause threshold should be greater than equal to Resume threshold.
13 Support resources The Dell EMC Support site provides a range of documents and tools to assist you with effectively using Dell EMC devices. Through the support site you can obtain technical information regarding Dell EMC products, access software upgrades and patches, download available management software, and manage your open cases. The Dell EMC support site provides integrated, secure access to these services. To access the Dell EMC Support site, go to www.dell.com/support/.
